ClusterConfiguration

Version: deckhouse.io/v1

General parameters of a cluster.

Defines, for example, network and CRI parameters, control plane version, etc. Some parameters can be changed after the cluster is bootstrapped, during its operation.

To change the ClusterConfiguration resource in a running cluster, run the following command:

d8 platform edit cluster-configuration

Example:

apiVersion: deckhouse.io/v1
kind: ClusterConfiguration
podSubnetNodeCIDRPrefix: '24'
podSubnetCIDR: 10.244.0.0/16
serviceSubnetCIDR: 192.168.0.0/16
kubernetesVersion: '1.29'
clusterDomain: k8s.internal
clusterType: Cloud
cloud:
  prefix: k8s-dev
  provider: Yandex
proxy:
  httpProxy: https://user:password@proxy.company.my:8443
  httpsProxy: https://user:password@proxy.company.my:8443
  noProxy:
  - company.my
  • apiVersion
    string

    Required value

    Version of the Deckhouse API.

    Allowed values: deckhouse.io/v1, deckhouse.io/v1alpha1

  • cloud
    object

    Cloud provider-related settings (if the Cloud clusterType is used).

    • cloud.prefix
      string

      A prefix of the objects to be created in the cloud.

      Is used, for example, to distinguish objects created for different clusters, to configure routing, etc.

      Pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$

    • cloud.provider
      string

      Required value

      Cloud provider.

      Allowed values: OpenStack, AWS, GCP, Yandex, vSphere, Azure, VCD, Zvirt, Dynamix, Huaweicloud, DVP

  • clusterDomain
    string

    Required value

    Cluster domain (used for local routing).

    Please note: the domain must not match the domain used in the DNS name template in the publicDomainTemplate parameter. For example, you cannot set cluster Domain: cluster.local and publicDomainTemplate: %s.cluster.local at the same time.

    If you need to change a parameter in a running cluster, it is recommended to use instructions

    Default: cluster.local

  • clusterType
    string

    Required value

    Type of the cluster infrastructure:

    • Static — a cluster on bare metal (physical servers) or virtual machines. In the case of virtual machines, it is assumed that Deckhouse doesn’t have access to the API for managing virtual machines (they are managed by the administrator using the usual cloud infrastructure tools);
    • Cloud — a cluster deployed on the resources of a cloud infrastructure. This type implies that Deckhouse has access to the cloud infrastructure API for managing virtual machines.

    Allowed values: Cloud, Static

  • defaultCRI
    string

    The container runtime type that used on cluster nodes (NodeGroups) by default.

    If the value NotManaged is used, then Deckhouse does not manage the container runtime (and doesn’t install it). In this case, it is necessary to use images for NodeGroups on which the container runtime is already installed.

    If ContainerdV2 is set, CgroupsV2 will be used (providing improved security and resource management). To use ContainerdV2 as the container runtime, cluster nodes must meet the following requirements:

    • Support for CgroupsV2.
    • Linux kernel version 5.8 or newer.
    • Systemd version 244 or newer.
    • Support for erofs kernel module.

    Default: Containerd

    Allowed values: Containerd, ContainerdV2, NotManaged

  • encryptionAlgorithm
    string

    In Kubernetes version 1.30 and earlier, only the RSA-2048 algorithm is supported.

    Starting from version 1.31, kubeadm use the specified asymmetric encryption algorithm when generating keys and certificates for the following control-plane components:

    • apiserver
    • apiserver-kubelet-client
    • apiserver-etcd-client
    • front-proxy-client
    • etcd-server
    • etcd-peer
    • etcd-healthcheck-client

    Certificates for the components listed above will be reissued using the selected algorithm and key length.

    Warning. When reissuing certificates, the root certificate (CA) is not rotated. The root certificate is created with the selected algorithm only during the initial cluster bootstrap.

    Default: RSA-2048

    Allowed values: RSA-2048, RSA-3072, RSA-4096, ECDSA-P256

  • kind
    string

    Required value

    Allowed values: ClusterConfiguration

  • kubernetesVersion
    string

    Required value

    Kubernetes version (control plane components of the cluster).

    Changing a parameter in a running cluster will automatically update the cluster’s control plane version.

    If Automatic is specified, then the control plane version is used, which is considered stable at the moment. If the stable version of control plane is less than the maximum version that has ever been installed in the cluster, more than 1 minor version, then the version of the cluster will not be changed. The version may change when the minor version of the Deckhouse release is changed (see a corresponding release message).

    Allowed values: 1.29, 1.30, 1.31, 1.32, 1.33, Automatic

  • podSubnetCIDR
    string

    Required value

    Address space of the cluster’s Pods.

    Caution! Normally, you won’t be able to change the parameter in a running cluster. To avoid this limitation use specific flag.

  • podSubnetNodeCIDRPrefix
    string

    The prefix of Pod network on a node.

    Caution! Normally, you won’t be able to change the parameter in a running cluster. To avoid this limitation use specific flag.

    Default: 24

  • proxy
    object

    Available in editions: BE, SE, SE+, EE

    Global proxy setup (mainly for working in air-gapped environments).

    The parameters described in this section will be translated into the environment variables HTTP_PROXY, HTTPS_PROXY, and NO_PROXY for all cluster nodes and Deckhouse components. This will result in HTTP(S) requests (curl, git, registry, etc.) to all resources not listed in the noProxy parameter being made through a proxy. Note that the podSubnetCIDR and serviceSubnetCIDR subnets, as well as the clusterDomain domain are added to noProxy automatically.

    Caution! To avoid using proxies in requests between pods and services located in the cluster node network, make sure you list all the host subnets in the noProxy parameter.

    • proxy.httpProxy
      string

      Available in editions: BE, SE, SE+, EE

      Proxy URL for HTTP requests.

      If necessary, specify the proxy server’s username, password, and port.

      Pattern: ^https?://([!*'();&=+$,/?%#\[\]0-9a-zA-Z\.\-\_]+(\:[!*'();:@&=+$,/?%#\[\]0-9a-zA-Z\.\-\_]+)?@)?[0-9a-zA-Z\.\-]+(\:[0-9]{1,5})?$

      Examples:

      httpProxy: http://proxy.company.my

      httpProxy: https://user:password@proxy.company.my:8443

      httpProxy: https://DOMAIN%5Cuser:password@proxy.company.my:8443

      httpProxy: https://user%40domain.local:password@proxy.company.my:8443
    • proxy.httpsProxy
      string

      Available in editions: BE, SE, SE+, EE

      Proxy URL for HTTPS requests.

      If necessary, specify the proxy server’s username, password, and port.

      Pattern: ^https?://([!*'();&=+$,/?%#\[\]0-9a-zA-Z\.\-\_]+(\:[!*'();:@&=+$,/?%#\[\]0-9a-zA-Z\.\-\_]+)?@)?[0-9a-zA-Z\.\-]+(\:[0-9]{1,5})?$

      Examples:

      httpsProxy: http://proxy.company.my

      httpsProxy: https://user:password@proxy.company.my:8443

      httpsProxy: https://DOMAIN%5Cuser:password@proxy.company.my:8443

      httpsProxy: https://user%40domain.local:password@proxy.company.my:8443
    • proxy.noProxy
      array of strings

      Available in editions: BE, SE, SE+, EE

      List of no proxy IP and domain entries.

      For wildcard domains, use a domain name with a dot prefix, e.g., “.example.com”.

      Caution. If the cluster is supposed to have pods interacting with services located in the cluster node network, then specify the list of subnets that are used on the nodes.

      • Element of the array
        string

        Pattern: ^[a-z0-9\-\./]+$

  • serviceSubnetCIDR
    string

    Required value

    Address space of the cluster’s services.

    Caution! Normally, you won’t be able to change the parameter in a running cluster. To avoid this limitation use specific flag.

DeckhouseRelease

Scope: Cluster
Version: v1alpha1

Defines the configuration for Deckhouse release.

  • approved
    boolean

    Allows or disables manual updates.

    Ignored if the module’s update mode is set to Auto (update.mode: Auto).

    Default: false

  • spec
    object

    Required value

    • spec.applyAfter
      string

      Marks release as a part of canary release. This release will be delayed until this time.

    • spec.changelog
      object

      Release’s changelog for enabled modules.

    • spec.changelogLink
      string

      Link to site with full changelog for this release.

    • spec.disruptions
      Deprecated
      array of strings

      Disruptive changes in the release.

    • spec.requirements
      object

      Deckhouse release requirements.

    • spec.version
      string

      Required value

      Deckhouse version.

      Example:

      version: v1.24.20

InitConfiguration

Version: deckhouse.io/v1

Deckhouse configuration to start after installation.

Example:

apiVersion: deckhouse.io/v1
kind: InitConfiguration
deckhouse:
  imagesRepo: nexus.company.my/deckhouse/ee
  registryDockerCfg: eyJhdXRocyI6IHsgIm5leHVzLmNvbXBhbnkubXkiOiB7InVzZXJuYW1lIjoibmV4dXMtdXNlciIsInBhc3N3b3JkIjoibmV4dXMtcEBzc3cwcmQiLCJhdXRoIjoiYm1WNGRYTXRkWE5sY2pwdVpYaDFjeTF3UUhOemR6QnlaQW89In19fQo=
  registryScheme: HTTPS
  registryCA: |
    -----BEGIN CERTIFICATE-----
    ...
    -----END CERTIFICATE-----
  • apiVersion
    string

    Required value

    Version of the Deckhouse API.

    Allowed values: deckhouse.io/v1, deckhouse.io/v1alpha1

  • deckhouse
    object

    Required value

    Initial parameters required to install Deckhouse.

    • deckhouse.devBranch
      Deprecated
      string

      The parameter is used for development needs. Will be replaced with the CLI-tools.

    • deckhouse.imagesRepo
      string

      Address of a container registry with Deckhouse images.

      Specify it if Deckhouse Enterprise Edition edition or third-party registry (e.g. proxy server in a closed environment) is used.

      The address matches the edition of Deckhouse used. The public container registry address for Deckhouse Enterprise Edition is registry.deckhouse.io/deckhouse/ee.

      Default: registry.deckhouse.io/deckhouse/ce

      Pattern: ^[0-9a-zA-Z\.\-]+(\:[0-9]{1,5})?(\/[0-9a-zA-Z\.\-\_\/]+)?$

    • deckhouse.registryCA
      string

      Root CA certificate to validate the container registry’s HTTPS certificate (if self-signed certificates are used).

    • deckhouse.registryDockerCfg
      string

      A Base64-encoded string from the Docker client configuration file (in Linux it is usually $HOME/.docker/config.json), for accessing a third-party container registry.

      For example, to access the container registry registry.company.my under the user user with the password P@ssw0rd it will be eyJhdXRocyI6eyJyZWdpc3RyeS5jb21wYW55Lm15Ijp7ImF1dGgiOiJkWE5sY2pwUVFITnpkekJ5WkFvPSJ9fX0K (string {"auths":{"registry.company.my":{"auth":"dXNlcjpQQHNzdzByZAo="}}} in Base64).

      Default: eyJhdXRocyI6IHsgInJlZ2lzdHJ5LmRlY2tob3VzZS5pbyI6IHt9fX0=

    • deckhouse.registryScheme
      string

      Registry access scheme (HTTP or HTTPS).

      Default: HTTPS

      Allowed values: HTTP, HTTPS

  • kind
    string

    Required value

    Allowed values: InitConfiguration

Module

Scope: Cluster
Version: v1alpha1

Describes the module’s status in the cluster. The Module object is created automatically after configuring the ModuleSource and successfully completing synchronization.

  • properties
    object
    • properties.accessibility
      object

      Module accessibility settings.

      • properties.accessibility.editions
        object

        Module operation settings in Deckhouse editions.

    • properties.availableSources
      array of strings

      Available sources for downloading the module.

    • properties.critical
      boolean

      Indicates whether the module critical or not.

    • properties.disableOptions
      object

      Parameters of module disable protection.

      • properties.disableOptions.confirmation
        boolean
      • properties.disableOptions.message
        string
    • properties.exclusiveGroup
      string

      Indicates the group where only one module can be active at a time.

    • properties.namespace
      string

      Module namespace.

    • properties.releaseChannel
      string

      Module release channel.

    • properties.requirements
      object

      Module dependencies, a set of requirements that must be met for Deckhouse Kubernetes Platform (DKP) to run the module.

      • properties.requirements.bootstrapped
        string

        Required cluster installation status (for built-in DKP modules only).

      • properties.requirements.deckhouse
        string

        Required Deckhouse version.

      • properties.requirements.kubernetes
        string

        Required Kubernetes version.

      • properties.requirements.modules
        object

        A list of other enabled modules required for the module.

    • properties.source
      string

      Source the module was downloaded from (otherwise will be blank).

    • properties.stage
      string

      Current stage of the module lifecycle.

    • properties.subsystems
      array of strings

      Module subsystems.

    • properties.updatePolicy
      string

      Module update policy.

    • properties.version
      string

      Module version.

    • properties.weight
      integer

      Module weight (priority).

ModuleConfig

Scope: Cluster
Version: v1alpha1

Defines the configuration of the Deckhouse module. The name of the ModuleConfig resource must match the name of the module (for example, control-plane-manager for the control-plane-manager module).

Example:

apiVersion: deckhouse.io/v1alpha1
kind: ModuleConfig
metadata:
  name: module-1
spec:
  enabled: true
  settings: {}
  version: 1
  • spec
    object

    Required value

    • spec.enabled
      boolean

      Enables or disables the module.

      Example:

      enabled: 'false'
    • spec.maintenance
      string

      Defines the module maintenance mode.

      • NoResourceReconciliation: A mode for developing or tweaking the module.

        In this mode:

        • Configuration or hook changes are not reconciled, which prevents resources from being updated automatically.
        • Resource monitoring is disabled, which prevents deleted resources from being restored.
        • All the module’s resources are labeled with maintenance: NoResourceReconciliation.
        • The ModuleIsInMaintenanceMode alert is triggered.

        If Deckhouse restarts, the module reapplies its last known state once and then continues in unmanaged mode.

      Allowed values: NoResourceReconciliation

      Example:

      maintenance: NoResourceReconciliation
    • spec.settings
      object

      Module settings.

    • spec.source
      string

      The source of the module it provided by one (otherwise empty).

    • spec.updatePolicy
      string

      Module update policy.

      Example:

      updatePolicy: test-alpha
    • spec.version
      number

      Version of settings schema.

      Example:

      version: '1'

ModuleDocumentation

Scope: Cluster
Version: v1alpha1

Defines the rendering configuration of the Deckhouse module documentation.

Deckhouse creates ModuleDocumentation resources by itself.

  • spec
    object

    Required value

    • spec.checksum
      string

      Module version checksum.

    • spec.path
      string

      Path to the module version.

    • spec.version
      string

      Required value

      Module version.

      Example:

      version: v1.0.0

ModulePullOverride

Scope: Cluster

v1alpha2v1alpha1

Defines the resource configuration for downloading specific versions of Deckhouse modules.

Caution. This resource is intended for development and debugging environments only. Using it in production clusters is not recommended. Support for the resource might be removed in future Deckhouse Kubernetes Platform versions.

  • spec
    object

    Required value

    • spec.imageTag
      string

      Required value

      Module container image tag, which will be pulled.

    • spec.rollback
      boolean

      Indicates whether the module release should be rollback after deleting mpo.

      Default: false

    • spec.scanInterval
      string

      Scan interval for checking the image digest. If the digest changes, the module is updated.

      Default: 15s

Deprecated resource. Support for the resource might be removed in a later release.

Defines the configuration.

  • spec
    object

    Required value

    • spec.imageTag
      string

      Required value

      Module container image tag, which will be pulled.

    • spec.rollback
      boolean

      Indicates whether the module release should be rollback after deleting ModulePullOverride.

      Default: false

    • spec.scanInterval
      string

      Scan interval for checking the image digest. If the digest changes, the module is updated.

      Default: 15s

    • spec.source
      string

      Required value

      Reference to the ModuleSource with the module.

ModuleRelease

Scope: Cluster
Version: v1alpha1

Defines the configuration for a Deckhouse release.

ModuleRelease resources are created by Deckhouse.

  • spec
    object

    Required value

    • spec.applyAfter
      string

      Time until which the release will be delayed.

    • spec.changelog
      object

      Release’s changelog for the module.

    • spec.moduleName
      string

      Required value

      Module name.

    • spec.requirements
      object

      Release dependencies, a set of requirements that must be met for Deckhouse Kubernetes Platform to run the module release.

      • spec.requirements.deckhouse
        string

        Required Deckhouse version.

      • spec.requirements.kubernetes
        string

        Required Kubernetes version.

      • spec.requirements.modules
        object

        A list of other modules required for the module release. Ensure the modules are enabled.

    • spec.update
      object

      Optional transition rules.

      • spec.update.versions
        array of objects

        List of fromto transition rules that allow skipping step-by-step updates. If the current installed module version (status Deployed) is not lower than from, and the cluster has a release whose version matches to, the controller will skip intermediate releases and update the module to the version from to. The to value can specify a minor line (X.Y — the latest available X.Y.Z will be selected). The rule is specified in the constrained release — the one whose version matches to.

        • spec.update.versions.from
          string

          Required value

          The minimum version from which the transition is allowed (format X.Y).

        • spec.update.versions.to
          string

          Required value

          The end version of the range — a minor line (X.Y).

    • spec.version
      string

      Required value

      Module version.

      Example:

      version: v1.0.0
    • spec.weight
      integer

      Module weight (priority).

ModuleSettingsDefinition

Scope: Cluster
Version: v1alpha1

It displays module settings. Defines a list of module settings versions.

  • spec
    object

    Required value

    Specification of the module settings.

    • spec.versions
      array of objects

      List of module settings versions. Each version includes a name and a schema.

      • spec.versions.conversions
        array of objects

        List of conversion rules for this version.

        A single conversion rule with expressions and descriptions.

        • spec.versions.conversions.descriptions
          object

          Localized descriptions of the conversion.

          • spec.versions.conversions.descriptions.en
            string

            English description of the conversion.

          • spec.versions.conversions.descriptions.ru
            string

            Russian description of the conversion.

        • spec.versions.conversions.expr
          array of strings

          Array of jq expressions to transform settings.

      • spec.versions.name
        string

        Required value

        Module settings version.

      • spec.versions.schema
        object

        Settings schema for the given module version.

ModuleSource

Scope: Cluster
Version: v1alpha1

Defines the configuration of a source of Deckhouse modules.

Example:

apiVersion: deckhouse.io/v1alpha1
kind: ModuleSource
metadata:
  name: example
spec:
  registry:
    repo: registry.example.io/modules-source
    dockerCfg: "<base64 encoded credentials>"
  • spec
    object

    Required value

    • spec.registry
      object

      Required value

      • spec.registry.ca
        string

        Root CA certificate (PEM format) to validate the registry’s HTTPS certificate (if self-signed certificates are used).

        Creating a ModuleSource resource with the CA certificate spec will cause the container to restart on all nodes.

      • spec.registry.dockerCfg
        string

        Container registry access token in Base64. If using anonymous access to the container registry, do not fill in this field.

      • spec.registry.repo
        string

        Required value

        URL of the container registry.

        Example:

        repo: registry.example.io/deckhouse/modules
      • spec.registry.scheme
        string

        Protocol to access the registry.

        Default: HTTPS

        Allowed values: HTTP, HTTPS

    • spec.releaseChannel
      Deprecated
      string

      Desirable default release channel for modules in the current source.

ModuleUpdatePolicy

Scope: Cluster

v1alpha2v1alpha1

Defines the update settings for a module’s release.

Example:

apiVersion: deckhouse.io/v1alpha2
kind: ModuleUpdatePolicy
metadata:
  name: example-update-policy
spec:
  releaseChannel: Alpha
  update:
    mode: Auto
    windows:
    - days:
      - Mon
      - Wed
      from: '13:30'
      to: '14:00'
  • spec
    object

    Required value

    • spec.releaseChannel
      string

      Desirable module release channel.

      The order in which the stability of the release channel increases (from less stable to more stable): Alpha, Beta, EarlyAccess, Stable, RockSolid.

      Default: Stable

      Allowed values: Alpha, Beta, EarlyAccess, Stable, RockSolid

    • spec.update
      object

      Required value

      Update settings for target modules.

      • spec.update.mode
        string

        Modules version update mode (release change).

        • AutoPatch — automatic update mode for patch releases.

          To change a minor version (for example, from v1.15.* to v1.16.*), confirmation is required.

          A patch version update (for example, from v1.16.1 to v1.16.2) is applied according to the update windows, if they are set.

        • Auto — all updates are applied automatically.

          Modules minor version updates (for example, from v1.15.* to v1.16.*) and patch version updates (for example, from v1.16.1 to v1.16.2) are applied according to the update windows or (if no update windows are set) as they appear on the corresponding release channel;

        • Manual — confirmation is required for updating both minor and patch versions.

        To confirm the update, add the modules.deckhouse.io/approved="true" annotation to the corresponding ModuleRelease resource.

        Default: Auto

        Allowed values: Auto, Manual, AutoPatch

      • spec.update.windows
        array of objects

        Modules update timetable.

        • spec.update.windows.days
          array of strings

          The days of the week on which the update window is applied.

          Examples:

          days: Mon

          days: Wed
          • Element of the array
            string

            Day of the week.

            Allowed values: Mon, Tue, Wed, Thu, Fri, Sat, Sun

            Example:

            Mon
        • spec.update.windows.from
          string

          Required value

          Start time of the update window (UTC timezone).

          Should be less than the end time of the update window.

          Pattern: ^(?:\d|[01]\d|2[0-3]):[0-5]\d$

          Example:

          from: '13:00'
        • spec.update.windows.to
          string

          Required value

          End time of the update window (UTC timezone).

          Should be more than the start time of the update window.

          Pattern: ^(?:\d|[01]\d|2[0-3]):[0-5]\d$

          Example:

          to: '18:30'

Deprecated resource. Support for the resource might be removed in a later release.

Defines the update settings for a module’s release.

Example:

apiVersion: deckhouse.io/v1alpha1
kind: ModuleUpdatePolicy
metadata:
  name: example-update-policy
spec:
  moduleReleaseSelector:
    labelSelector:
      matchLabels:
        source: example
        module: module-1
  releaseChannel: Alpha
  update:
    mode: Auto
    windows:
    - days:
      - Mon
      - Wed
      from: '13:30'
      to: '14:00'
  • spec
    object

    Required value

    • spec.moduleReleaseSelector
      object

      Required value

      Selects target modules to apply update settings to.

      • spec.moduleReleaseSelector.labelSelector
        object

        Required value

        Label-selector-based filter to match target modules.

        If both matchExpressions and matchLabels parameters are set, their requirements are ANDed together — they must all be satisfied in order to match. If multiple matchExpression conditions are provided, they all must be satisfied in order to match.

        • spec.moduleReleaseSelector.labelSelector.matchExpressions
          array of objects

          An array of set-based expressions.

          • spec.moduleReleaseSelector.labelSelector.matchExpressions.key
            string

            Required value

            A label name.

          • spec.moduleReleaseSelector.labelSelector.matchExpressions.operator
            string

            Required value

            A comparison operator.

            Allowed values: In, NotIn, Exists, DoesNotExist

          • spec.moduleReleaseSelector.labelSelector.matchExpressions.values
            array of strings

            A label value.

        • spec.moduleReleaseSelector.labelSelector.matchLabels
          object

          A number of equality-based label filters.

          Example:

          matchLabels:
  source: deckhouse
  module: deckhouse-admin
    • spec.releaseChannel
      string

      Desirable module release channel.

      The order in which the stability of the release channel increases (from less stable to more stable): Alpha, Beta, EarlyAccess, Stable, RockSolid.

      Default: Stable

      Allowed values: Alpha, Beta, EarlyAccess, Stable, RockSolid

    • spec.update
      object

      Required value

      Update settings for target modules.

      • spec.update.mode
        string

        Modules version update mode (release change).

        • AutoPatch — automatic update mode for patch releases.

          To change a minor version (for example, from v1.15.* to v1.16.*), confirmation is required.

          A patch version update (for example, from v1.16.1 to v1.16.2) is applied according to the update windows, if they are set.

        • Auto — all updates are applied automatically.

          Modules minor version updates (for example, from v1.15.* to v1.16.*) and patch version updates (for example, from v1.16.1 to v1.16.2) are applied according to the update windows or (if no update windows are set) as they appear on the corresponding release channel;

        • Manual — confirmation is required for updating both minor and patch versions.

        To confirm the update, add the modules.deckhouse.io/approved="true" annotation to the corresponding ModuleRelease resource.

        • Ignore — updates are ignored.

        Default: AutoPatch

        Allowed values: Auto, Manual, Ignore, AutoPatch

      • spec.update.windows
        array of objects

        Modules update timetable.

        • spec.update.windows.days
          array of strings

          The days of the week on which the update window is applied.

          Examples:

          days: Mon

          days: Wed
          • Element of the array
            string

            Day of the week.

            Allowed values: Mon, Tue, Wed, Thu, Fri, Sat, Sun

            Example:

            Mon
        • spec.update.windows.from
          string

          Required value

          Start time of the update window (UTC timezone).

          Should be less than the end time of the update window.

          Pattern: ^(?:\d|[01]\d|2[0-3]):[0-5]\d$

          Example:

          from: '13:00'
        • spec.update.windows.to
          string

          Required value

          End time of the update window (UTC timezone).

          Should be more than the start time of the update window.

          Pattern: ^(?:\d|[01]\d|2[0-3]):[0-5]\d$

          Example:

          to: '18:30'

StaticClusterConfiguration

Version: deckhouse.io/v1

Parameters of a static (bare metal) cluster.

To change the StaticClusterConfiguration resource in a running cluster, run the following command:

d8 p edit static-cluster-configuration

Example:

apiVersion: deckhouse.io/v1
kind: StaticClusterConfiguration
internalNetworkCIDRs:
- 10.244.0.0/16
- 10.50.0.0/16
  • apiVersion
    string

    Required value

    Version of the Deckhouse API.

    Allowed values: deckhouse.io/v1, deckhouse.io/v1alpha1

  • internalNetworkCIDRs
    array of strings

    List of internal cluster networks.

    Internal cluster networks connect Kubernetes components (kube-apiserver, kubelet, etc.).

    The parameter is mandatory in the following cases:

    • Cluster nodes have more than one network interface
    • The cluster is deployed inside a Deckhouse Virtualization Platform

    When changing the value, subnets in the new list must include IP addresses of currently joined nodes.

    Example:

    internalNetworkCIDRs:
- 192.168.42.0/24
- 172.16.16.0/24
    • Element of the array
      string

      Pattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$

  • kind
    string

    Required value

    Allowed values: StaticClusterConfiguration

SSHConfig

Version: dhctl.deckhouse.io/v1

General dhctl SSH config.

Example:

apiVersion: dhctl.deckhouse.io/v1
kind: SSHConfig
sshUser: user
sshPort: 22
sshExtraArgs: "-vvv"
sshAgentPrivateKeys:
- key: "<ssh-private-key>"
  • apiVersion
    string

    Version of the Deckhouse API.

    Allowed values: dhctl.deckhouse.io/v1

  • kind
    string

    Allowed values: SSHConfig

  • legacyMode
    boolean

    Switch to legacy SSH mode

  • sshAgentPrivateKeys
    array of objects
    • sshAgentPrivateKeys.key
      string

      Required value

      Private SSH key.

    • sshAgentPrivateKeys.passphrase
      string

      Password for SSH key.

  • sshBastionHost
    string

    SSH bastion host.

  • sshBastionPassword
    string

    A password for the bastion user.

  • sshBastionPort
    integer

    Port of SSH bastion.

  • sshBastionUser
    string

    Username for bastion.

  • sshExtraArgs
    string

    Additional arguments for SSH connection.

  • sshPort
    integer

    SSH port.

  • sshUser
    string

    SSH username.

  • sudoPassword
    string

    A sudo password for the user.

SSHHost

Version: dhctl.deckhouse.io/v1

General dhctl SSH host config.

Example:

apiVersion: dhctl.deckhouse.io/v1
kind: SSHHost
host: 172.16.0.0
  • apiVersion
    string

    Required value

    Version of the Deckhouse API.

    Allowed values: dhctl.deckhouse.io/v1

  • host
    string

    Required value

    Host.

  • kind
    string

    Required value

    Allowed values: SSHHost