The functionality of the module might change, but the main features will remain. Compatibility with future versions is guaranteed, but might require additional migration steps.
Virtualization module configuration example:
apiVersion: deckhouse.io/v1alpha1
kind: ModuleConfig
metadata:
name: virtualization
spec:
# Enable the module.
enabled: true
version: 1
settings:
# List of subnets for virtual machines.
virtualMachineCIDRs:
- 10.10.10.0/24
- 10.20.10.0/24
- 10.30.10.0/24
- 11.11.22.33/32
# Virtual machine image storage settings.
dvcr:
storage:
persistentVolumeClaim:
size: 50G
type: PersistentVolumeClaim
Schema version: 1
-
dvcrOptions for settings up Deckhouse virtualization container registry. Internal service for storing all vms images.
-
dvcr.storage
Required value
Options for setting up storage.-
dvcr.storage.objectStorageParameters for objectStorage.
-
dvcr.storage.objectStorage.s3Parameters for S3.
-
dvcr.storage.objectStorage.s3.accessKey
Required value
accessKey must be base64 encoded. accessKey is a unique identifier that identifies you as a user with access to S3.Pattern:
^[A-Za-z0-9+/]*={0,2}$
Example:
accessKey: YWNjZXNzS2V5Cg==
-
dvcr.storage.objectStorage.s3.bucket
Required value
Bucket in which you can store your files and data objects.Example:
bucket: dvcr
-
dvcr.storage.objectStorage.s3.region
Required value
Geographical area.Examples:
region: us-east-2
region: us-west-1
-
dvcr.storage.objectStorage.s3.regionEndpoint
Required value
Endpoint for connect to service S3.Pattern:
^https?://[0-9a-zA-Z\.\-:@_]+$
Example:
regionEndpoint: s3.example.com
-
dvcr.storage.objectStorage.s3.secretKey
Required value
secretKey must be base64 encoded. secretKey is a confidential secret key associated with your Access Key ID. Secret Access Key is used to sign HTTP requests to Amazon S3 to verify the authenticity of the request and ensure the security of your data.Pattern:
^[A-Za-z0-9+/]*={0,2}$
Example:
secretKey: c2VjcmV0S2V5Cg==
-
-
dvcr.storage.objectStorage.typeWhat ObjectStorage to use as store for dvcr.
Allowed values:
S3
-
-
dvcr.storage.persistentVolumeClaimParameters for PersistentVolumeClaim.
-
dvcr.storage.persistentVolumeClaim.size
Required value
Persistentvolumeclaim sizeExample:
size: 10Gi
-
dvcr.storage.persistentVolumeClaim.storageClassNameWhat StorageClass to use for creating persistentvolumeclaim. If not specified, the default StorageClass specified in the cluster will be used.
Examples:
storageClassName: linstor
storageClassName: nfs
-
-
dvcr.storage.type
The storage usage type:
persistentVolumeClaim
— Use PersistentVolumeClaim as store for dvcr.objectStorage
— Use objectStorage as store for dvcr.
Allowed values:
PersistentVolumeClaim
,ObjectStorage
-
-
-
highAvailability
Manually enable the high availability mode.
By default, Deckhouse automatically decides whether to enable the HA mode. Click here to learn more about the HA mode for modules.
Examples:
highAvailability: true
highAvailability: false
-
https
What certificate type to use.
This parameter completely overrides the
global.modules.https
settings.Examples:
mode: Disabled
mode: OnlyInURI
customCertificate: secretName: foobar mode: CustomCertificate
certManager: clusterIssuerName: letsencrypt mode: CertManager
-
https.certManagerParameters for certmanager.
-
https.certManager.clusterIssuerNameWhat ClusterIssuer to use for getting an SSL certificate (currently,
letsencrypt
,letsencrypt-staging
,selfsigned
are available; also, you can define your own).Default:
letsencrypt
Examples:
clusterIssuerName: letsencrypt
clusterIssuerName: letsencrypt-staging
clusterIssuerName: selfsigned
-
-
https.customCertificateParameters for custom certificate usage.
Default:
{}
-
https.customCertificate.secretName
The name of the secret in the
d8-system
namespace to use with CDI upload proxy.This secret must have the kubernetes.io/tls format.
-
-
https.mode
The HTTPS usage mode:
CertManager
— the web UI is accessed over HTTPS using a certificate obtained from a clusterIssuer specified in thecertManager.clusterIssuerName
parameter;CustomCertificate
— the web UI is accessed over HTTPS using a certificate from thed8-system
namespace;Disabled
— in this mode, the documentation web UI can only be accessed over HTTP;OnlyInURI
— the documentation web UI will work over HTTP (thinking that there is an external HTTPS load balancer in front of it that terminates HTTPS traffic). All the links in theuser-authn
will be generated using the HTTPS scheme.
Default:
CertManager
Allowed values:
Disabled
,CertManager
,CustomCertificate
,OnlyInURI
-
-
ingressClassThe Ingress class that will be used to upload images. By default, the
modules.ingressClass
global value is used.Pattern:
^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
-
logFormat
Sets a logging format.
Working for this components:
virtualization-controller
Allowed values:
text
,json
-
logLevel
Sets a logging level.
Working for this components:
virtualization-api
virtualization-controller
kube-api-proxy
vm-route-forge
Allowed values:
debug
,info
,warn
,error
-
virtualImagesConfiguring storage class for virtual images. If the this setting is not specified, the default storage class will be used.
-
virtualImages.storageClassName
Required value
Specifies the name of the storage class to be used for virtual images.
-
-
virtualMachineCIDRs
List of CIDRs used to allocate static IP addresses for Virtual Machines.
It is important to note that the subnet for virtual machines should not be the same as the subnet used for pods and the subnet used for services. Address conflicts can lead to unpredictable behavior and networking problems.
Example:
virtualMachineCIDRs: - 10.10.10.0/24 - 10.10.20.0/24