EKSCluster - EKS Cluster Schema
This document explains the full schema for the kind: EKSCluster for the furyctl.yaml file used by furyctl. This configuration file will be used to deploy a Kubernetes Fury Cluster deployed through AWS's Elastic Kubernetes Service.
An example configuration file can be created by running the following command:
furyctl create config --kind EKSCluster --version v1.29.4 --name example-cluster
Replace the version with your desired version of KFD.
Properties
| Property | Type | Required |
|---|---|---|
| apiVersion | string | Required |
| kind | string | Required |
| metadata | object | Required |
| spec | object | Required |
Description
A KFD Cluster deployed on top of AWS's Elastic Kubernetes Service (EKS).
.apiVersion
Constraints
pattern: the string must match the following regular expression:
^kfd\.sighup\.io/v\d+((alpha|beta)\d+)?$
.kind
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"EKSCluster" |
.metadata
Properties
| Property | Type | Required |
|---|---|---|
| name | string | Required |
.metadata.name
Description
The name of the cluster. It will also be used as a prefix for all the other resources created.
Constraints
maximum length: the maximum number of characters for this string is: 56
minimum length: the minimum number of characters for this string is: 1
.spec
Properties
| Property | Type | Required |
|---|---|---|
| distribution | object | Required |
| distributionVersion | string | Required |
| infrastructure | object | Optional |
| kubernetes | object | Required |
| plugins | object | Optional |
| region | string | Required |
| tags | object | Optional |
| toolsConfiguration | object | Required |
.spec.distribution
Properties
| Property | Type | Required |
|---|---|---|
| common | object | Optional |
| customPatches | object | Optional |
| modules | object | Required |
.spec.distribution.common
Properties
| Property | Type | Required |
|---|---|---|
| nodeSelector | object | Optional |
| provider | object | Optional |
| registry | string | Optional |
| relativeVendorPath | string | Optional |
| tolerations | array | Optional |
Description
Common configuration for all the distribution modules.
.spec.distribution.common.nodeSelector
Description
The node selector to use to place the pods for all the KFD modules. Follows Kubernetes selector format. Example: node.kubernetes.io/role: infra.
.spec.distribution.common.provider
Properties
| Property | Type | Required |
|---|---|---|
| type | string | Required |
.spec.distribution.common.provider.type
Description
The provider type. Don't set. FOR INTERNAL USE ONLY.
.spec.distribution.common.registry
Description
URL of the registry where to pull images from for the Distribution phase. (Default is registry.sighup.io/fury).
NOTE: If plugins are pulling from the default registry, the registry will be replaced for the plugin too.
.spec.distribution.common.relativeVendorPath
Description
The relative path to the vendor directory, does not need to be changed.
.spec.distribution.common.tolerations
Properties
| Property | Type | Required |
|---|---|---|
| effect | string | Required |
| key | string | Required |
| operator | string | Optional |
| value | string | Optional |
Description
An array with the tolerations that will be added to the pods for all the KFD modules. Follows Kubernetes tolerations format. Example:
- effect: NoSchedule
key: node.kubernetes.io/role
value: infra
.spec.distribution.common.tolerations.effect
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"NoSchedule" |
"PreferNoSchedule" |
"NoExecute" |
.spec.distribution.common.tolerations.key
Description
The key of the toleration
.spec.distribution.common.tolerations.operator
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"Exists" |
"Equal" |
.spec.distribution.common.tolerations.value
Description
The value of the toleration
.spec.distribution.customPatches
Properties
| Property | Type | Required |
|---|---|---|
| configMapGenerator | array | Optional |
| images | array | Optional |
| patches | array | Optional |
| patchesStrategicMerge | array | Optional |
| secretGenerator | array | Optional |
.spec.distribution.customPatches.configMapGenerator
Properties
| Property | Type | Required |
|---|---|---|
| behavior | string | Optional |
| envs | array | Optional |
| files | array | Optional |
| literals | array | Optional |
| name | string | Required |
| namespace | string | Optional |
| options | object | Optional |
.spec.distribution.customPatches.configMapGenerator.behavior
Description
The behavior of the configmap
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"create" |
"replace" |
"merge" |
.spec.distribution.customPatches.configMapGenerator.envs
Description
The envs of the configmap
.spec.distribution.customPatches.configMapGenerator.files
Description
The files of the configmap
.spec.distribution.customPatches.configMapGenerator.literals
Description
The literals of the configmap
.spec.distribution.customPatches.configMapGenerator.name
Description
The name of the configmap
.spec.distribution.customPatches.configMapGenerator.namespace
Description
The namespace of the configmap
.spec.distribution.customPatches.configMapGenerator.options
Properties
| Property | Type | Required |
|---|---|---|
| annotations | object | Optional |
| disableNameSuffixHash | boolean | Optional |
| immutable | boolean | Optional |
| labels | object | Optional |
.spec.distribution.customPatches.configMapGenerator.options.annotations
Description
The annotations of the configmap
.spec.distribution.customPatches.configMapGenerator.options.disableNameSuffixHash
Description
If true, the name suffix hash will be disabled
.spec.distribution.customPatches.configMapGenerator.options.immutable
Description
If true, the configmap will be immutable
.spec.distribution.customPatches.configMapGenerator.options.labels
Description
The labels of the configmap
.spec.distribution.customPatches.images
Description
Each entry should follow the format of Kustomize's images patch
.spec.distribution.customPatches.patches
Properties
| Property | Type | Required |
|---|---|---|
| options | object | Optional |
| patch | string | Optional |
| path | string | Optional |
| target | object | Optional |
.spec.distribution.customPatches.patches.options
Properties
| Property | Type | Required |
|---|---|---|
| allowKindChange | boolean | Optional |
| allowNameChange | boolean | Optional |
.spec.distribution.customPatches.patches.options.allowKindChange
Description
If true, the kind change will be allowed
.spec.distribution.customPatches.patches.options.allowNameChange
Description
If true, the name change will be allowed
.spec.distribution.customPatches.patches.patch
Description
The patch content
.spec.distribution.customPatches.patches.path
Description
The path of the patch
.spec.distribution.customPatches.patches.target
Properties
| Property | Type | Required |
|---|---|---|
| annotationSelector | string | Optional |
| group | string | Optional |
| kind | string | Optional |
| labelSelector | string | Optional |
| name | string | Optional |
| namespace | string | Optional |
| version | string | Optional |
.spec.distribution.customPatches.patches.target.annotationSelector
Description
The annotation selector of the target
.spec.distribution.customPatches.patches.target.group
Description
The group of the target
.spec.distribution.customPatches.patches.target.kind
Description
The kind of the target
.spec.distribution.customPatches.patches.target.labelSelector
Description
The label selector of the target
.spec.distribution.customPatches.patches.target.name
Description
The name of the target
.spec.distribution.customPatches.patches.target.namespace
Description
The namespace of the target
.spec.distribution.customPatches.patches.target.version
Description
The version of the target
.spec.distribution.customPatches.patchesStrategicMerge
Description
Each entry should be either a relative file path or an inline content resolving to a partial or complete resource definition
.spec.distribution.customPatches.secretGenerator
Properties
| Property | Type | Required |
|---|---|---|
| behavior | string | Optional |
| envs | array | Optional |
| files | array | Optional |
| literals | array | Optional |
| name | string | Required |
| namespace | string | Optional |
| options | object | Optional |
| type | string | Optional |
.spec.distribution.customPatches.secretGenerator.behavior
Description
The behavior of the secret
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"create" |
"replace" |
"merge" |
.spec.distribution.customPatches.secretGenerator.envs
Description
The envs of the secret
.spec.distribution.customPatches.secretGenerator.files
Description
The files of the secret
.spec.distribution.customPatches.secretGenerator.literals
Description
The literals of the secret
.spec.distribution.customPatches.secretGenerator.name
Description
The name of the secret
.spec.distribution.customPatches.secretGenerator.namespace
Description
The namespace of the secret
.spec.distribution.customPatches.secretGenerator.options
Properties
| Property | Type | Required |
|---|---|---|
| annotations | object | Optional |
| disableNameSuffixHash | boolean | Optional |
| immutable | boolean | Optional |
| labels | object | Optional |
.spec.distribution.customPatches.secretGenerator.options.annotations
Description
The annotations of the secret
.spec.distribution.customPatches.secretGenerator.options.disableNameSuffixHash
Description
If true, the name suffix hash will be disabled
.spec.distribution.customPatches.secretGenerator.options.immutable
Description
If true, the secret will be immutable
.spec.distribution.customPatches.secretGenerator.options.labels
Description
The labels of the secret
.spec.distribution.customPatches.secretGenerator.type
Description
The type of the secret
.spec.distribution.modules
Properties
| Property | Type | Required |
|---|---|---|
| auth | object | Optional |
| aws | object | Optional |
| dr | object | Required |
| ingress | object | Required |
| logging | object | Required |
| monitoring | object | Optional |
| networking | object | Optional |
| policy | object | Required |
| tracing | object | Optional |
.spec.distribution.modules.auth
Properties
| Property | Type | Required |
|---|---|---|
| baseDomain | string | Optional |
| dex | object | Optional |
| overrides | object | Optional |
| pomerium | object | Optional |
| provider | object | Required |
Description
Configuration for the Auth module.
.spec.distribution.modules.auth.baseDomain
Description
The base domain for the ingresses created by the Auth module (Gangplank, Pomerium, Dex). Notice that when the ingress module type is dual, these will use the external ingress class.
.spec.distribution.modules.auth.dex
Properties
| Property | Type | Required |
|---|---|---|
| additionalStaticClients | array | Optional |
| connectors | array | Required |
| expiry | object | Optional |
| overrides | object | Optional |
Description
Configuration for the Dex package.
.spec.distribution.modules.auth.dex.additionalStaticClients
Description
Additional static clients defitions that will be added to the default clients included with the distribution in Dex's configuration. Example:
additionalStaticClients:
- id: my-custom-client
name: "A custom additional static client"
redirectURIs:
- "https://myapp.tld/redirect"
- "https://alias.tld/oidc-callback"
secret: supersecretpassword
Reference: https://dexidp.io/docs/connectors/local/
.spec.distribution.modules.auth.dex.connectors
Description
A list with each item defining a Dex connector. Follows Dex connectors configuration format: https://dexidp.io/docs/connectors/
.spec.distribution.modules.auth.dex.expiry
Properties
| Property | Type | Required |
|---|---|---|
| idTokens | string | Optional |
| signingKeys | string | Optional |
.spec.distribution.modules.auth.dex.expiry.idTokens
Description
Dex ID tokens expiration time duration (default 24h).
.spec.distribution.modules.auth.dex.expiry.signingKeys
Description
Dex signing key expiration time duration (default 6h).
.spec.distribution.modules.auth.dex.overrides
Properties
| Property | Type | Required |
|---|---|---|
| nodeSelector | object | Optional |
| tolerations | array | Optional |
.spec.distribution.modules.auth.dex.overrides.nodeSelector
Description
Set to override the node selector used to place the pods of the package.
.spec.distribution.modules.auth.dex.overrides.tolerations
Properties
| Property | Type | Required |
|---|---|---|
| effect | string | Required |
| key | string | Required |
| operator | string | Optional |
| value | string | Optional |
Description
Set to override the tolerations that will be added to the pods of the package.
.spec.distribution.modules.auth.dex.overrides.tolerations.effect
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"NoSchedule" |
"PreferNoSchedule" |
"NoExecute" |
.spec.distribution.modules.auth.dex.overrides.tolerations.key
Description
The key of the toleration
.spec.distribution.modules.auth.dex.overrides.tolerations.operator
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"Exists" |
"Equal" |
.spec.distribution.modules.auth.dex.overrides.tolerations.value
Description
The value of the toleration
.spec.distribution.modules.auth.overrides
Properties
| Property | Type | Required |
|---|---|---|
| ingresses | object | Optional |
| nodeSelector | object | Optional |
| tolerations | array | Optional |
Description
Override the common configuration with a particular configuration for the Auth module.
.spec.distribution.modules.auth.overrides.ingresses
Description
Override the definition of the Auth module ingresses.
.spec.distribution.modules.auth.overrides.nodeSelector
Description
Set to override the node selector used to place the pods of the Auth module.
.spec.distribution.modules.auth.overrides.tolerations
Properties
| Property | Type | Required |
|---|---|---|
| effect | string | Required |
| key | string | Required |
| operator | string | Optional |
| value | string | Optional |
Description
Set to override the tolerations that will be added to the pods of the Auth module.
.spec.distribution.modules.auth.overrides.tolerations.effect
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"NoSchedule" |
"PreferNoSchedule" |
"NoExecute" |
.spec.distribution.modules.auth.overrides.tolerations.key
Description
The key of the toleration
.spec.distribution.modules.auth.overrides.tolerations.operator
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"Exists" |
"Equal" |
.spec.distribution.modules.auth.overrides.tolerations.value
Description
The value of the toleration
.spec.distribution.modules.auth.pomerium
Properties
| Property | Type | Required |
|---|---|---|
| defaultRoutesPolicy | object | Optional |
| overrides | object | Optional |
| policy | string | Optional |
| routes | array | Optional |
| secrets | object | Required |
Description
Configuration for Pomerium, an identity-aware reverse proxy used for SSO.
.spec.distribution.modules.auth.pomerium.defaultRoutesPolicy
Properties
| Property | Type | Required |
|---|---|---|
| gatekeeperPolicyManager | array | Optional |
| hubbleUi | array | Optional |
| ingressNgnixForecastle | array | Optional |
| loggingMinioConsole | array | Optional |
| loggingOpensearchDashboards | array | Optional |
| monitoringAlertmanager | array | Optional |
| monitoringGrafana | array | Optional |
| monitoringMinioConsole | array | Optional |
| monitoringPrometheus | array | Optional |
| tracingMinioConsole | array | Optional |
Description
override default routes for KFD components
.spec.distribution.modules.auth.pomerium.defaultRoutesPolicy.gatekeeperPolicyManager
.spec.distribution.modules.auth.pomerium.defaultRoutesPolicy.hubbleUi
.spec.distribution.modules.auth.pomerium.defaultRoutesPolicy.ingressNgnixForecastle
.spec.distribution.modules.auth.pomerium.defaultRoutesPolicy.loggingMinioConsole
.spec.distribution.modules.auth.pomerium.defaultRoutesPolicy.loggingOpensearchDashboards
.spec.distribution.modules.auth.pomerium.defaultRoutesPolicy.monitoringAlertmanager
.spec.distribution.modules.auth.pomerium.defaultRoutesPolicy.monitoringGrafana
.spec.distribution.modules.auth.pomerium.defaultRoutesPolicy.monitoringMinioConsole
.spec.distribution.modules.auth.pomerium.defaultRoutesPolicy.monitoringPrometheus
.spec.distribution.modules.auth.pomerium.defaultRoutesPolicy.tracingMinioConsole
.spec.distribution.modules.auth.pomerium.overrides
Properties
| Property | Type | Required |
|---|---|---|
| nodeSelector | object | Optional |
| tolerations | array | Optional |
.spec.distribution.modules.auth.pomerium.overrides.nodeSelector
.spec.distribution.modules.auth.pomerium.overrides.tolerations
Properties
| Property | Type | Required |
|---|---|---|
| effect | string | Required |
| key | string | Required |
| operator | string | Optional |
| value | string | Required |
.spec.distribution.modules.auth.pomerium.overrides.tolerations.effect
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"NoSchedule" |
"PreferNoSchedule" |
"NoExecute" |
.spec.distribution.modules.auth.pomerium.overrides.tolerations.key
.spec.distribution.modules.auth.pomerium.overrides.tolerations.operator
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"Exists" |
"Equal" |
.spec.distribution.modules.auth.pomerium.overrides.tolerations.value
.spec.distribution.modules.auth.pomerium.policy
Description
DEPRECATED: Use defaultRoutesPolicy and/or routes
.spec.distribution.modules.auth.pomerium.routes
Description
Additional routes configuration for Pomerium. Follows Pomerium's route format: https://www.pomerium.com/docs/reference/routes
.spec.distribution.modules.auth.pomerium.secrets
Properties
| Property | Type | Required |
|---|---|---|
| COOKIE_SECRET | string | Required |
| IDP_CLIENT_SECRET | string | Required |
| SHARED_SECRET | string | Required |
| SIGNING_KEY | string | Required |
Description
Pomerium needs some user-provided secrets to be fully configured. These secrets should be unique between clusters.
.spec.distribution.modules.auth.pomerium.secrets.COOKIE_SECRET
Description
Cookie Secret is the secret used to encrypt and sign session cookies.
To generate a random key, run the following command: head -c32 /dev/urandom | base64
.spec.distribution.modules.auth.pomerium.secrets.IDP_CLIENT_SECRET
Description
Identity Provider Client Secret is the OAuth 2.0 Secret Identifier. When auth type is SSO, this value will be the secret used to authenticate Pomerium with Dex, use a strong random value.
.spec.distribution.modules.auth.pomerium.secrets.SHARED_SECRET
Description
Shared Secret is the base64-encoded, 256-bit key used to mutually authenticate requests between Pomerium services. It's critical that secret keys are random, and stored safely.
To generate a key, run the following command: head -c32 /dev/urandom | base64
.spec.distribution.modules.auth.pomerium.secrets.SIGNING_KEY
Description
Signing Key is the base64 representation of one or more PEM-encoded private keys used to sign a user's attestation JWT, which can be consumed by upstream applications to pass along identifying user information like username, id, and groups.
To generates an P-256 (ES256) signing key:
openssl ecparam -genkey -name prime256v1 -noout -out ec_private.pem
# careful! this will output your private key in terminal
cat ec_private.pem | base64
.spec.distribution.modules.auth.provider
Properties
| Property | Type | Required |
|---|---|---|
| basicAuth | object | Optional |
| type | string | Required |
.spec.distribution.modules.auth.provider.basicAuth
Properties
| Property | Type | Required |
|---|---|---|
| password | string | Required |
| username | string | Required |
Description
Configuration for the HTTP Basic Auth provider.
.spec.distribution.modules.auth.provider.basicAuth.password
Description
The password for logging in with the HTTP basic authentication.
.spec.distribution.modules.auth.provider.basicAuth.username
Description
The username for logging in with the HTTP basic authentication.
.spec.distribution.modules.auth.provider.type
Description
The type of the Auth provider, options are:
none: will disable authentication in the infrastructural ingresses.sso: will protect the infrastructural ingresses with Pomerium and Dex (SSO) and require authentication before accessing them.basicAuth: will protect the infrastructural ingresses with HTTP basic auth (username and password) authentication.
Default is none.
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"none" |
"basicAuth" |
"sso" |
.spec.distribution.modules.aws
Properties
| Property | Type | Required |
|---|---|---|
| clusterAutoscaler | object | Optional |
| ebsCsiDriver | object | Optional |
| ebsSnapshotController | object | Optional |
| loadBalancerController | object | Optional |
| overrides | object | Optional |
.spec.distribution.modules.aws.clusterAutoscaler
Properties
| Property | Type | Required |
|---|---|---|
| overrides | object | Optional |
.spec.distribution.modules.aws.clusterAutoscaler.overrides
Properties
| Property | Type | Required |
|---|---|---|
| iamRoleName | string | Optional |
| nodeSelector | object | Optional |
| tolerations | array | Optional |
.spec.distribution.modules.aws.clusterAutoscaler.overrides.iamRoleName
Constraints
pattern: the string must match the following regular expression:
^[a-zA-Z0-9+=,.@_-]{1,63}$
.spec.distribution.modules.aws.clusterAutoscaler.overrides.nodeSelector
Description
The node selector to use to place the pods for the load balancer controller module.
.spec.distribution.modules.aws.clusterAutoscaler.overrides.tolerations
Properties
| Property | Type | Required |
|---|---|---|
| effect | string | Required |
| key | string | Required |
| operator | string | Optional |
| value | string | Optional |
Description
The tolerations that will be added to the pods for the cluster autoscaler module.
.spec.distribution.modules.aws.clusterAutoscaler.overrides.tolerations.effect
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"NoSchedule" |
"PreferNoSchedule" |
"NoExecute" |
.spec.distribution.modules.aws.clusterAutoscaler.overrides.tolerations.key
Description
The key of the toleration
.spec.distribution.modules.aws.clusterAutoscaler.overrides.tolerations.operator
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"Exists" |
"Equal" |
.spec.distribution.modules.aws.clusterAutoscaler.overrides.tolerations.value
Description
The value of the toleration
.spec.distribution.modules.aws.ebsCsiDriver
Properties
| Property | Type | Required |
|---|---|---|
| overrides | object | Optional |
.spec.distribution.modules.aws.ebsCsiDriver.overrides
Properties
| Property | Type | Required |
|---|---|---|
| iamRoleName | string | Optional |
| nodeSelector | object | Optional |
| tolerations | array | Optional |
.spec.distribution.modules.aws.ebsCsiDriver.overrides.iamRoleName
Constraints
pattern: the string must match the following regular expression:
^[a-zA-Z0-9+=,.@_-]{1,63}$
.spec.distribution.modules.aws.ebsCsiDriver.overrides.nodeSelector
Description
The node selector to use to place the pods for the load balancer controller module.
.spec.distribution.modules.aws.ebsCsiDriver.overrides.tolerations
Properties
| Property | Type | Required |
|---|---|---|
| effect | string | Required |
| key | string | Required |
| operator | string | Optional |
| value | string | Optional |
Description
The tolerations that will be added to the pods for the cluster autoscaler module.
.spec.distribution.modules.aws.ebsCsiDriver.overrides.tolerations.effect
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"NoSchedule" |
"PreferNoSchedule" |
"NoExecute" |
.spec.distribution.modules.aws.ebsCsiDriver.overrides.tolerations.key
Description
The key of the toleration
.spec.distribution.modules.aws.ebsCsiDriver.overrides.tolerations.operator
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"Exists" |
"Equal" |
.spec.distribution.modules.aws.ebsCsiDriver.overrides.tolerations.value
Description
The value of the toleration
.spec.distribution.modules.aws.ebsSnapshotController
Properties
| Property | Type | Required |
|---|---|---|
| overrides | object | Optional |
.spec.distribution.modules.aws.ebsSnapshotController.overrides
Properties
| Property | Type | Required |
|---|---|---|
| nodeSelector | object | Optional |
| tolerations | array | Optional |
.spec.distribution.modules.aws.ebsSnapshotController.overrides.nodeSelector
Description
Set to override the node selector used to place the pods of the package.
.spec.distribution.modules.aws.ebsSnapshotController.overrides.tolerations
Properties
| Property | Type | Required |
|---|---|---|
| effect | string | Required |
| key | string | Required |
| operator | string | Optional |
| value | string | Optional |
Description
Set to override the tolerations that will be added to the pods of the package.
.spec.distribution.modules.aws.ebsSnapshotController.overrides.tolerations.effect
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"NoSchedule" |
"PreferNoSchedule" |
"NoExecute" |
.spec.distribution.modules.aws.ebsSnapshotController.overrides.tolerations.key
Description
The key of the toleration
.spec.distribution.modules.aws.ebsSnapshotController.overrides.tolerations.operator
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"Exists" |
"Equal" |
.spec.distribution.modules.aws.ebsSnapshotController.overrides.tolerations.value
Description
The value of the toleration
.spec.distribution.modules.aws.loadBalancerController
Properties
| Property | Type | Required |
|---|---|---|
| overrides | object | Optional |
.spec.distribution.modules.aws.loadBalancerController.overrides
Properties
| Property | Type | Required |
|---|---|---|
| iamRoleName | string | Optional |
| nodeSelector | object | Optional |
| tolerations | array | Optional |
.spec.distribution.modules.aws.loadBalancerController.overrides.iamRoleName
Constraints
pattern: the string must match the following regular expression:
^[a-zA-Z0-9+=,.@_-]{1,63}$
.spec.distribution.modules.aws.loadBalancerController.overrides.nodeSelector
Description
The node selector to use to place the pods for the load balancer controller module.
.spec.distribution.modules.aws.loadBalancerController.overrides.tolerations
Properties
| Property | Type | Required |
|---|---|---|
| effect | string | Required |
| key | string | Required |
| operator | string | Optional |
| value | string | Optional |
Description
The tolerations that will be added to the pods for the cluster autoscaler module.
.spec.distribution.modules.aws.loadBalancerController.overrides.tolerations.effect
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"NoSchedule" |
"PreferNoSchedule" |
"NoExecute" |
.spec.distribution.modules.aws.loadBalancerController.overrides.tolerations.key
Description
The key of the toleration
.spec.distribution.modules.aws.loadBalancerController.overrides.tolerations.operator
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"Exists" |
"Equal" |
.spec.distribution.modules.aws.loadBalancerController.overrides.tolerations.value
Description
The value of the toleration
.spec.distribution.modules.aws.overrides
Properties
| Property | Type | Required |
|---|---|---|
| ingresses | object | Optional |
| nodeSelector | object | Optional |
| tolerations | array | Optional |
Description
Override the common configuration with a particular configuration for the module.
.spec.distribution.modules.aws.overrides.ingresses
.spec.distribution.modules.aws.overrides.nodeSelector
Description
Set to override the node selector used to place the pods of the module.
.spec.distribution.modules.aws.overrides.tolerations
Properties
| Property | Type | Required |
|---|---|---|
| effect | string | Required |
| key | string | Required |
| operator | string | Optional |
| value | string | Optional |
Description
Set to override the tolerations that will be added to the pods of the module.
.spec.distribution.modules.aws.overrides.tolerations.effect
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"NoSchedule" |
"PreferNoSchedule" |
"NoExecute" |
.spec.distribution.modules.aws.overrides.tolerations.key
Description
The key of the toleration
.spec.distribution.modules.aws.overrides.tolerations.operator
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"Exists" |
"Equal" |
.spec.distribution.modules.aws.overrides.tolerations.value
Description
The value of the toleration
.spec.distribution.modules.dr
Properties
| Property | Type | Required |
|---|---|---|
| overrides | object | Optional |
| type | string | Required |
| velero | object | Optional |
Description
Configuration for the Disaster Recovery module.
.spec.distribution.modules.dr.overrides
Properties
| Property | Type | Required |
|---|---|---|
| ingresses | object | Optional |
| nodeSelector | object | Optional |
| tolerations | array | Optional |
Description
Override the common configuration with a particular configuration for the module.
.spec.distribution.modules.dr.overrides.ingresses
.spec.distribution.modules.dr.overrides.nodeSelector
Description
Set to override the node selector used to place the pods of the module.
.spec.distribution.modules.dr.overrides.tolerations
Properties
| Property | Type | Required |
|---|---|---|
| effect | string | Required |
| key | string | Required |
| operator | string | Optional |
| value | string | Optional |
Description
Set to override the tolerations that will be added to the pods of the module.
.spec.distribution.modules.dr.overrides.tolerations.effect
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"NoSchedule" |
"PreferNoSchedule" |
"NoExecute" |
.spec.distribution.modules.dr.overrides.tolerations.key
Description
The key of the toleration
.spec.distribution.modules.dr.overrides.tolerations.operator
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"Exists" |
"Equal" |
.spec.distribution.modules.dr.overrides.tolerations.value
Description
The value of the toleration
.spec.distribution.modules.dr.type
Description
The type of the Disaster Recovery, must be none or eks. none disables the module and eks will install Velero and use an S3 bucket to store the backups.
Default is none.
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"none" |
"eks" |
.spec.distribution.modules.dr.velero
Properties
| Property | Type | Required |
|---|---|---|
| eks | object | Required |
| overrides | object | Optional |
| schedules | object | Optional |
.spec.distribution.modules.dr.velero.eks
Properties
| Property | Type | Required |
|---|---|---|
| bucketName | string | Required |
| region | string | Required |
.spec.distribution.modules.dr.velero.eks.bucketName
Description
The name of the bucket for Velero.
.spec.distribution.modules.dr.velero.eks.region
Description
The region where the bucket for Velero will be located.
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"af-south-1" |
"ap-east-1" |
"ap-northeast-1" |
"ap-northeast-2" |
"ap-northeast-3" |
"ap-south-1" |
"ap-south-2" |
"ap-southeast-1" |
"ap-southeast-2" |
"ap-southeast-3" |
"ap-southeast-4" |
"ca-central-1" |
"eu-central-1" |
"eu-central-2" |
"eu-north-1" |
"eu-south-1" |
"eu-south-2" |
"eu-west-1" |
"eu-west-2" |
"eu-west-3" |
"me-central-1" |
"me-south-1" |
"sa-east-1" |
"us-east-1" |
"us-east-2" |
"us-gov-east-1" |
"us-gov-west-1" |
"us-west-1" |
"us-west-2" |
.spec.distribution.modules.dr.velero.overrides
Properties
| Property | Type | Required |
|---|---|---|
| nodeSelector | object | Optional |
| tolerations | array | Optional |
.spec.distribution.modules.dr.velero.overrides.nodeSelector
Description
Set to override the node selector used to place the pods of the package.
.spec.distribution.modules.dr.velero.overrides.tolerations
Properties
| Property | Type | Required |
|---|---|---|
| effect | string | Required |
| key | string | Required |
| operator | string | Optional |
| value | string | Optional |
Description
Set to override the tolerations that will be added to the pods of the package.
.spec.distribution.modules.dr.velero.overrides.tolerations.effect
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"NoSchedule" |
"PreferNoSchedule" |
"NoExecute" |
.spec.distribution.modules.dr.velero.overrides.tolerations.key
Description
The key of the toleration
.spec.distribution.modules.dr.velero.overrides.tolerations.operator
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"Exists" |
"Equal" |
.spec.distribution.modules.dr.velero.overrides.tolerations.value
Description
The value of the toleration
.spec.distribution.modules.dr.velero.schedules
Properties
| Property | Type | Required |
|---|---|---|
| definitions | object | Optional |
| install | boolean | Optional |
Description
Configuration for Velero's backup schedules.
.spec.distribution.modules.dr.velero.schedules.definitions
Properties
| Property | Type | Required |
|---|---|---|
| full | object | Optional |
| manifests | object | Optional |
Description
Configuration for Velero schedules.
.spec.distribution.modules.dr.velero.schedules.definitions.full
Properties
| Property | Type | Required |
|---|---|---|
| schedule | string | Optional |
| snapshotMoveData | boolean | Optional |
| ttl | string | Optional |
Description
Configuration for Velero's manifests backup schedule.
.spec.distribution.modules.dr.velero.schedules.definitions.full.schedule
Description
The cron expression for the full backup schedule (default 0 1 * * *).
.spec.distribution.modules.dr.velero.schedules.definitions.full.snapshotMoveData
Description
EXPERIMENTAL (if you do more than one backups, the following backups after the first are not automatically restorable, see https://github.com/vmware-tanzu/velero/issues/7057#issuecomment-2466815898 for the manual restore solution): SnapshotMoveData specifies whether snapshot data should be moved. Velero will create a new volume from the snapshot and upload the content to the storageLocation.
.spec.distribution.modules.dr.velero.schedules.definitions.full.ttl
Description
The Time To Live (TTL) of the backups created by the backup schedules (default 720h0m0s, 30 days). Notice that changing this value will affect only newly created backups, prior backups will keep the old TTL.
.spec.distribution.modules.dr.velero.schedules.definitions.manifests
Properties
| Property | Type | Required |
|---|---|---|
| schedule | string | Optional |
| ttl | string | Optional |
Description
Configuration for Velero's manifests backup schedule.
.spec.distribution.modules.dr.velero.schedules.definitions.manifests.schedule
Description
The cron expression for the manifests backup schedule (default */15 * * * *).
.spec.distribution.modules.dr.velero.schedules.definitions.manifests.ttl
Description
The Time To Live (TTL) of the backups created by the backup schedules (default 720h0m0s, 30 days). Notice that changing this value will affect only newly created backups, prior backups will keep the old TTL.
.spec.distribution.modules.dr.velero.schedules.install
Description
Whether to install or not the default manifests and full backups schedules. Default is true.
.spec.distribution.modules.ingress
Properties
| Property | Type | Required |
|---|---|---|
| baseDomain | string | Required |
| certManager | object | Optional |
| dns | object | Optional |
| forecastle | object | Optional |
| nginx | object | Required |
| overrides | object | Optional |
.spec.distribution.modules.ingress.baseDomain
Description
The base domain used for all the KFD infrastructural ingresses. If in the nginx dual configuration type, this value should be the same as the .spec.distribution.modules.ingress.dns.private.name zone.
.spec.distribution.modules.ingress.certManager
Properties
| Property | Type | Required |
|---|---|---|
| clusterIssuer | object | Required |
| overrides | object | Optional |
Description
Configuration for the cert-manager package. Required even if ingress.nginx.type is none, cert-manager is used for managing other certificates in the cluster besides the TLS termination certificates for the ingresses.
.spec.distribution.modules.ingress.certManager.clusterIssuer
Properties
| Property | Type | Required |
|---|---|---|
string | Required | |
| name | string | Required |
| solvers | array | Optional |
| type | string | Optional |
Description
Configuration for the cert-manager's ACME clusterIssuer used to request certificates from Let's Encrypt.
.spec.distribution.modules.ingress.certManager.clusterIssuer.email
Description
The email address to use during the certificate issuing process.
.spec.distribution.modules.ingress.certManager.clusterIssuer.name
Description
The name of the clusterIssuer.
.spec.distribution.modules.ingress.certManager.clusterIssuer.solvers
Description
The list of challenge solvers to use instead of the default one for the http01 challenge. Check cert manager's documentation for examples for this field.
.spec.distribution.modules.ingress.certManager.clusterIssuer.type
Description
The type of the clusterIssuer, must be dns01 for using DNS challenge or http01 for using HTTP challenge.
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"dns01" |
"http01" |
.spec.distribution.modules.ingress.certManager.overrides
Properties
| Property | Type | Required |
|---|---|---|
| nodeSelector | object | Optional |
| tolerations | array | Optional |
.spec.distribution.modules.ingress.certManager.overrides.nodeSelector
Description
Set to override the node selector used to place the pods of the package.
.spec.distribution.modules.ingress.certManager.overrides.tolerations
Properties
| Property | Type | Required |
|---|---|---|
| effect | string | Required |
| key | string | Required |
| operator | string | Optional |
| value | string | Optional |
Description
Set to override the tolerations that will be added to the pods of the package.
.spec.distribution.modules.ingress.certManager.overrides.tolerations.effect
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"NoSchedule" |
"PreferNoSchedule" |
"NoExecute" |
.spec.distribution.modules.ingress.certManager.overrides.tolerations.key
Description
The key of the toleration
.spec.distribution.modules.ingress.certManager.overrides.tolerations.operator
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"Exists" |
"Equal" |
.spec.distribution.modules.ingress.certManager.overrides.tolerations.value
Description
The value of the toleration
.spec.distribution.modules.ingress.dns
Properties
| Property | Type | Required |
|---|---|---|
| overrides | object | Optional |
| private | object | Optional |
| public | object | Optional |
Description
DNS definition, used in conjunction with externalDNS package to automate DNS management and certificates emission.
.spec.distribution.modules.ingress.dns.overrides
Properties
| Property | Type | Required |
|---|---|---|
| nodeSelector | object | Optional |
| tolerations | array | Optional |
.spec.distribution.modules.ingress.dns.overrides.nodeSelector
Description
Set to override the node selector used to place the pods of the package.
.spec.distribution.modules.ingress.dns.overrides.tolerations
Properties
| Property | Type | Required |
|---|---|---|
| effect | string | Required |
| key | string | Required |
| operator | string | Optional |
| value | string | Optional |
Description
Set to override the tolerations that will be added to the pods of the package.
.spec.distribution.modules.ingress.dns.overrides.tolerations.effect
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"NoSchedule" |
"PreferNoSchedule" |
"NoExecute" |
.spec.distribution.modules.ingress.dns.overrides.tolerations.key
Description
The key of the toleration
.spec.distribution.modules.ingress.dns.overrides.tolerations.operator
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"Exists" |
"Equal" |
.spec.distribution.modules.ingress.dns.overrides.tolerations.value
Description
The value of the toleration
.spec.distribution.modules.ingress.dns.private
Properties
| Property | Type | Required |
|---|---|---|
| create | boolean | Required |
| name | string | Required |
Description
The private DNS zone is used only when ingress.nginx.type is dual, for exposing infrastructural services only in the private DNS zone.
.spec.distribution.modules.ingress.dns.private.create
Description
By default, a Terraform data source will be used to get the private DNS zone. Set to true to create the private zone instead.
.spec.distribution.modules.ingress.dns.private.name
Description
The name of the private hosted zone. Example: internal.fury-demo.sighup.io.
.spec.distribution.modules.ingress.dns.public
Properties
| Property | Type | Required |
|---|---|---|
| create | boolean | Required |
| name | string | Required |
.spec.distribution.modules.ingress.dns.public.create
Description
By default, a Terraform data source will be used to get the public DNS zone. Set to true to create the public zone instead.
.spec.distribution.modules.ingress.dns.public.name
Description
The name of the public hosted zone.
.spec.distribution.modules.ingress.forecastle
Properties
| Property | Type | Required |
|---|---|---|
| overrides | object | Optional |
.spec.distribution.modules.ingress.forecastle.overrides
Properties
| Property | Type | Required |
|---|---|---|
| nodeSelector | object | Optional |
| tolerations | array | Optional |
.spec.distribution.modules.ingress.forecastle.overrides.nodeSelector
Description
Set to override the node selector used to place the pods of the package.
.spec.distribution.modules.ingress.forecastle.overrides.tolerations
Properties
| Property | Type | Required |
|---|---|---|
| effect | string | Required |
| key | string | Required |
| operator | string | Optional |
| value | string | Optional |
Description
Set to override the tolerations that will be added to the pods of the package.
.spec.distribution.modules.ingress.forecastle.overrides.tolerations.effect
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"NoSchedule" |
"PreferNoSchedule" |
"NoExecute" |
.spec.distribution.modules.ingress.forecastle.overrides.tolerations.key
Description
The key of the toleration
.spec.distribution.modules.ingress.forecastle.overrides.tolerations.operator
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"Exists" |
"Equal" |
.spec.distribution.modules.ingress.forecastle.overrides.tolerations.value
Description
The value of the toleration
.spec.distribution.modules.ingress.nginx
Properties
| Property | Type | Required |
|---|---|---|
| overrides | object | Optional |
| tls | object | Optional |
| type | string | Required |
Description
Configurations for the Ingress nginx controller package.
.spec.distribution.modules.ingress.nginx.overrides
Properties
| Property | Type | Required |
|---|---|---|
| nodeSelector | object | Optional |
| tolerations | array | Optional |
.spec.distribution.modules.ingress.nginx.overrides.nodeSelector
Description
Set to override the node selector used to place the pods of the package.
.spec.distribution.modules.ingress.nginx.overrides.tolerations
Properties
| Property | Type | Required |
|---|---|---|
| effect | string | Required |
| key | string | Required |
| operator | string | Optional |
| value | string | Optional |
Description
Set to override the tolerations that will be added to the pods of the package.
.spec.distribution.modules.ingress.nginx.overrides.tolerations.effect
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"NoSchedule" |
"PreferNoSchedule" |
"NoExecute" |
.spec.distribution.modules.ingress.nginx.overrides.tolerations.key
Description
The key of the toleration
.spec.distribution.modules.ingress.nginx.overrides.tolerations.operator
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"Exists" |
"Equal" |
.spec.distribution.modules.ingress.nginx.overrides.tolerations.value
Description
The value of the toleration
.spec.distribution.modules.ingress.nginx.tls
Properties
| Property | Type | Required |
|---|---|---|
| provider | string | Required |
| secret | object | Optional |
.spec.distribution.modules.ingress.nginx.tls.provider
Description
The provider of the TLS certificates for the ingresses, one of: none, certManager, or secret.
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"certManager" |
"secret" |
"none" |
.spec.distribution.modules.ingress.nginx.tls.secret
Properties
| Property | Type | Required |
|---|---|---|
| ca | string | Required |
| cert | string | Required |
| key | string | Required |
Description
Kubernetes TLS secret for the ingresses TLS certificate.
.spec.distribution.modules.ingress.nginx.tls.secret.ca
Description
The Certificate Authority certificate file's content. You can use the "{file://<path>}" notation to get the content from a file.
.spec.distribution.modules.ingress.nginx.tls.secret.cert
Description
The certificate file's content. You can use the "{file://<path>}" notation to get the content from a file.
.spec.distribution.modules.ingress.nginx.tls.secret.key
Description
The signing key file's content. You can use the "{file://<path>}" notation to get the content from a file.
.spec.distribution.modules.ingress.nginx.type
Description
The type of the Ingress nginx controller, options are:
none: no ingress controller will be installed and no infrastructural ingresses will be created.single: a single ingress controller with ingress classnginxwill be installed to manage all the ingress resources, infrastructural ingresses will be created.dual: two independent ingress controllers will be installed, one for theinternalingress class intended for private ingresses and one for theexternalingress class intended for public ingresses. KFD infrastructural ingresses wil use theinternalingress class when using the dual type.
Default is single.
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"none" |
"single" |
"dual" |
.spec.distribution.modules.ingress.overrides
Properties
| Property | Type | Required |
|---|---|---|
| ingresses | object | Optional |
| nodeSelector | object | Optional |
| tolerations | array | Optional |
Description
Override the common configuration with a particular configuration for the Ingress module.
.spec.distribution.modules.ingress.overrides.ingresses
Properties
| Property | Type | Required |
|---|---|---|
| forecastle | object | Optional |
.spec.distribution.modules.ingress.overrides.ingresses.forecastle
Properties
| Property | Type | Required |
|---|---|---|
| disableAuth | boolean | Optional |
| host | string | Optional |
| ingressClass | string | Optional |
.spec.distribution.modules.ingress.overrides.ingresses.forecastle.disableAuth
Description
If true, the ingress will not have authentication even if .spec.modules.auth.provider.type is SSO or Basic Auth.
.spec.distribution.modules.ingress.overrides.ingresses.forecastle.host
Description
Use this host for the ingress instead of the default one.
.spec.distribution.modules.ingress.overrides.ingresses.forecastle.ingressClass
Description
Use this ingress class for the ingress instead of the default one.
.spec.distribution.modules.ingress.overrides.nodeSelector
Description
Set to override the node selector used to place the pods of the Ingress module.
.spec.distribution.modules.ingress.overrides.tolerations
Properties
| Property | Type | Required |
|---|---|---|
| effect | string | Required |
| key | string | Required |
| operator | string | Optional |
| value | string | Optional |
Description
Set to override the tolerations that will be added to the pods of the Ingress module.
.spec.distribution.modules.ingress.overrides.tolerations.effect
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"NoSchedule" |
"PreferNoSchedule" |
"NoExecute" |
.spec.distribution.modules.ingress.overrides.tolerations.key
Description
The key of the toleration
.spec.distribution.modules.ingress.overrides.tolerations.operator
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"Exists" |
"Equal" |
.spec.distribution.modules.ingress.overrides.tolerations.value
Description
The value of the toleration
.spec.distribution.modules.logging
Properties
| Property | Type | Required |
|---|---|---|
| cerebro | object | Optional |
| customOutputs | object | Optional |
| loki | object | Optional |
| minio | object | Optional |
| opensearch | object | Optional |
| operator | object | Optional |
| overrides | object | Optional |
| type | string | Required |
Description
Configuration for the Logging module.
.spec.distribution.modules.logging.cerebro
Properties
| Property | Type | Required |
|---|---|---|
| overrides | object | Optional |
Description
DEPRECATED since KFD v1.26.6, 1.27.5, v1.28.0.
.spec.distribution.modules.logging.cerebro.overrides
Properties
| Property | Type | Required |
|---|---|---|
| nodeSelector | object | Optional |
| tolerations | array | Optional |
.spec.distribution.modules.logging.cerebro.overrides.nodeSelector
Description
Set to override the node selector used to place the pods of the package.
.spec.distribution.modules.logging.cerebro.overrides.tolerations
Properties
| Property | Type | Required |
|---|---|---|
| effect | string | Required |
| key | string | Required |
| operator | string | Optional |
| value | string | Optional |
Description
Set to override the tolerations that will be added to the pods of the package.
.spec.distribution.modules.logging.cerebro.overrides.tolerations.effect
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"NoSchedule" |
"PreferNoSchedule" |
"NoExecute" |
.spec.distribution.modules.logging.cerebro.overrides.tolerations.key
Description
The key of the toleration
.spec.distribution.modules.logging.cerebro.overrides.tolerations.operator
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"Exists" |
"Equal" |
.spec.distribution.modules.logging.cerebro.overrides.tolerations.value
Description
The value of the toleration
.spec.distribution.modules.logging.customOutputs
Properties
| Property | Type | Required |
|---|---|---|
| audit | string | Required |
| errors | string | Required |
| events | string | Required |
| infra | string | Required |
| ingressNginx | string | Required |
| kubernetes | string | Required |
| systemdCommon | string | Required |
| systemdEtcd | string | Required |
Description
When using the customOutputs logging type, you need to manually specify the spec of the several Output and ClusterOutputs that the Logging Operator expects to forward the logs collected by the pre-defined flows.
.spec.distribution.modules.logging.customOutputs.audit
Description
This value defines where the output from the audit Flow will be sent. This will be the spec section of the Output object. It must be a string (and not a YAML object) following the OutputSpec definition. Use the nullout output to discard the flow: nullout: {}
.spec.distribution.modules.logging.customOutputs.errors
Description
This value defines where the output from the errors Flow will be sent. This will be the spec section of the Output object. It must be a string (and not a YAML object) following the OutputSpec definition. Use the nullout output to discard the flow: nullout: {}
.spec.distribution.modules.logging.customOutputs.events
Description
This value defines where the output from the events Flow will be sent. This will be the spec section of the Output object. It must be a string (and not a YAML object) following the OutputSpec definition. Use the nullout output to discard the flow: nullout: {}
.spec.distribution.modules.logging.customOutputs.infra
Description
This value defines where the output from the infra Flow will be sent. This will be the spec section of the Output object. It must be a string (and not a YAML object) following the OutputSpec definition. Use the nullout output to discard the flow: nullout: {}
.spec.distribution.modules.logging.customOutputs.ingressNginx
Description
This value defines where the output from the ingressNginx Flow will be sent. This will be the spec section of the Output object. It must be a string (and not a YAML object) following the OutputSpec definition. Use the nullout output to discard the flow: nullout: {}
.spec.distribution.modules.logging.customOutputs.kubernetes
Description
This value defines where the output from the kubernetes Flow will be sent. This will be the spec section of the Output object. It must be a string (and not a YAML object) following the OutputSpec definition. Use the nullout output to discard the flow: nullout: {}
.spec.distribution.modules.logging.customOutputs.systemdCommon
Description
This value defines where the output from the systemdCommon Flow will be sent. This will be the spec section of the Output object. It must be a string (and not a YAML object) following the OutputSpec definition. Use the nullout output to discard the flow: nullout: {}
.spec.distribution.modules.logging.customOutputs.systemdEtcd
Description
This value defines where the output from the systemdEtcd Flow will be sent. This will be the spec section of the Output object. It must be a string (and not a YAML object) following the OutputSpec definition. Use the nullout output to discard the flow: nullout: {}
.spec.distribution.modules.logging.loki
Properties
| Property | Type | Required |
|---|---|---|
| backend | string | Optional |
| externalEndpoint | object | Optional |
| resources | object | Optional |
| tsdbStartDate | string | Required |
Description
Configuration for the Loki package.
.spec.distribution.modules.logging.loki.backend
Description
The storage backend type for Loki. minio will use an in-cluster MinIO deployment for object storage, externalEndpoint can be used to point to an external object storage instead of deploying an in-cluster MinIO.
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"minio" |
"externalEndpoint" |
.spec.distribution.modules.logging.loki.externalEndpoint
Properties
| Property | Type | Required |
|---|---|---|
| accessKeyId | string | Optional |
| bucketName | string | Optional |
| endpoint | string | Optional |
| insecure | boolean | Optional |
| secretAccessKey | string | Optional |
Description
Configuration for Loki's external storage backend.
.spec.distribution.modules.logging.loki.externalEndpoint.accessKeyId
Description
The access key ID (username) for the external S3-compatible bucket.
.spec.distribution.modules.logging.loki.externalEndpoint.bucketName
Description
The bucket name of the external S3-compatible object storage.
.spec.distribution.modules.logging.loki.externalEndpoint.endpoint
Description
External S3-compatible endpoint for Loki's storage.
.spec.distribution.modules.logging.loki.externalEndpoint.insecure
Description
If true, will use HTTP as protocol instead of HTTPS.
.spec.distribution.modules.logging.loki.externalEndpoint.secretAccessKey
Description
The secret access key (password) for the external S3-compatible bucket.
.spec.distribution.modules.logging.loki.resources
Properties
| Property | Type | Required |
|---|---|---|
| limits | object | Optional |
| requests | object | Optional |
.spec.distribution.modules.logging.loki.resources.limits
Properties
| Property | Type | Required |
|---|---|---|
| cpu | string | Optional |
| memory | string | Optional |
.spec.distribution.modules.logging.loki.resources.limits.cpu
Description
The CPU limit for the Pod. Example: 1000m.
.spec.distribution.modules.logging.loki.resources.limits.memory
Description
The memory limit for the Pod. Example: 1G.
.spec.distribution.modules.logging.loki.resources.requests
Properties
| Property | Type | Required |
|---|---|---|
| cpu | string | Optional |
| memory | string | Optional |
.spec.distribution.modules.logging.loki.resources.requests.cpu
Description
The CPU request for the Pod, in cores. Example: 500m.
.spec.distribution.modules.logging.loki.resources.requests.memory
Description
The memory request for the Pod. Example: 500M.
.spec.distribution.modules.logging.loki.tsdbStartDate
Description
Starting from versions 1.28.4, 1.29.5 and 1.30.0 of KFD, Loki will change the time series database from BoltDB to TSDB and the schema from v11 to v13 that it uses to store the logs.
The value of this field will determine the date when Loki will start writing using the new TSDB and the schema v13, always at midnight UTC. The old BoltDB and schema will be kept until they expire for reading purposes.
Value must be a string in ISO 8601 date format (yyyy-mm-dd). Example: 2024-11-18.
.spec.distribution.modules.logging.minio
Properties
| Property | Type | Required |
|---|---|---|
| overrides | object | Optional |
| rootUser | object | Optional |
| storageSize | string | Optional |
Description
Configuration for Logging's MinIO deployment.
.spec.distribution.modules.logging.minio.overrides
Properties
| Property | Type | Required |
|---|---|---|
| nodeSelector | object | Optional |
| tolerations | array | Optional |
.spec.distribution.modules.logging.minio.overrides.nodeSelector
Description
Set to override the node selector used to place the pods of the package.
.spec.distribution.modules.logging.minio.overrides.tolerations
Properties
| Property | Type | Required |
|---|---|---|
| effect | string | Required |
| key | string | Required |
| operator | string | Optional |
| value | string | Optional |
Description
Set to override the tolerations that will be added to the pods of the package.
.spec.distribution.modules.logging.minio.overrides.tolerations.effect
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"NoSchedule" |
"PreferNoSchedule" |
"NoExecute" |
.spec.distribution.modules.logging.minio.overrides.tolerations.key
Description
The key of the toleration
.spec.distribution.modules.logging.minio.overrides.tolerations.operator
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"Exists" |
"Equal" |
.spec.distribution.modules.logging.minio.overrides.tolerations.value
Description
The value of the toleration
.spec.distribution.modules.logging.minio.rootUser
Properties
| Property | Type | Required |
|---|---|---|
| password | string | Optional |
| username | string | Optional |
.spec.distribution.modules.logging.minio.rootUser.password
Description
The password for the default MinIO root user.
.spec.distribution.modules.logging.minio.rootUser.username
Description
The username for the default MinIO root user.
.spec.distribution.modules.logging.minio.storageSize
Description
The PVC size for each MinIO disk, 6 disks total.
.spec.distribution.modules.logging.opensearch
Properties
| Property | Type | Required |
|---|---|---|
| overrides | object | Optional |
| resources | object | Optional |
| storageSize | string | Optional |
| type | string | Required |
.spec.distribution.modules.logging.opensearch.overrides
Properties
| Property | Type | Required |
|---|---|---|
| nodeSelector | object | Optional |
| tolerations | array | Optional |
.spec.distribution.modules.logging.opensearch.overrides.nodeSelector
Description
Set to override the node selector used to place the pods of the package.
.spec.distribution.modules.logging.opensearch.overrides.tolerations
Properties
| Property | Type | Required |
|---|---|---|
| effect | string | Required |
| key | string | Required |
| operator | string | Optional |
| value | string | Optional |
Description
Set to override the tolerations that will be added to the pods of the package.
.spec.distribution.modules.logging.opensearch.overrides.tolerations.effect
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"NoSchedule" |
"PreferNoSchedule" |
"NoExecute" |
.spec.distribution.modules.logging.opensearch.overrides.tolerations.key
Description
The key of the toleration
.spec.distribution.modules.logging.opensearch.overrides.tolerations.operator
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"Exists" |
"Equal" |
.spec.distribution.modules.logging.opensearch.overrides.tolerations.value
Description
The value of the toleration
.spec.distribution.modules.logging.opensearch.resources
Properties
| Property | Type | Required |
|---|---|---|
| limits | object | Optional |
| requests | object | Optional |
.spec.distribution.modules.logging.opensearch.resources.limits
Properties
| Property | Type | Required |
|---|---|---|
| cpu | string | Optional |
| memory | string | Optional |
.spec.distribution.modules.logging.opensearch.resources.limits.cpu
Description
The CPU limit for the Pod. Example: 1000m.
.spec.distribution.modules.logging.opensearch.resources.limits.memory
Description
The memory limit for the Pod. Example: 1G.
.spec.distribution.modules.logging.opensearch.resources.requests
Properties
| Property | Type | Required |
|---|---|---|
| cpu | string | Optional |
| memory | string | Optional |
.spec.distribution.modules.logging.opensearch.resources.requests.cpu
Description
The CPU request for the Pod, in cores. Example: 500m.
.spec.distribution.modules.logging.opensearch.resources.requests.memory
Description
The memory request for the Pod. Example: 500M.
.spec.distribution.modules.logging.opensearch.storageSize
Description
The storage size for the OpenSearch volumes. Follows Kubernetes resources storage requests. Default is 150Gi.
.spec.distribution.modules.logging.opensearch.type
Description
The type of OpenSearch deployment. One of: single for a single replica or triple for an HA 3-replicas deployment.
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"single" |
"triple" |
.spec.distribution.modules.logging.operator��
Properties
| Property | Type | Required |
|---|---|---|
| overrides | object | Optional |
Description
Configuration for the Logging Operator.
.spec.distribution.modules.logging.operator.overrides
Properties
| Property | Type | Required |
|---|---|---|
| nodeSelector | object | Optional |
| tolerations | array | Optional |
.spec.distribution.modules.logging.operator.overrides.nodeSelector
Description
Set to override the node selector used to place the pods of the package.
.spec.distribution.modules.logging.operator.overrides.tolerations
Properties
| Property | Type | Required |
|---|---|---|
| effect | string | Required |
| key | string | Required |
| operator | string | Optional |
| value | string | Optional |
Description
Set to override the tolerations that will be added to the pods of the package.
.spec.distribution.modules.logging.operator.overrides.tolerations.effect
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"NoSchedule" |
"PreferNoSchedule" |
"NoExecute" |
.spec.distribution.modules.logging.operator.overrides.tolerations.key
Description
The key of the toleration
.spec.distribution.modules.logging.operator.overrides.tolerations.operator
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"Exists" |
"Equal" |
.spec.distribution.modules.logging.operator.overrides.tolerations.value
Description
The value of the toleration
.spec.distribution.modules.logging.overrides
Properties
| Property | Type | Required |
|---|---|---|
| ingresses | object | Optional |
| nodeSelector | object | Optional |
| tolerations | array | Optional |
Description
Override the common configuration with a particular configuration for the module.
.spec.distribution.modules.logging.overrides.ingresses
.spec.distribution.modules.logging.overrides.nodeSelector
Description
Set to override the node selector used to place the pods of the module.
.spec.distribution.modules.logging.overrides.tolerations
Properties
| Property | Type | Required |
|---|---|---|
| effect | string | Required |
| key | string | Required |
| operator | string | Optional |
| value | string | Optional |
Description
Set to override the tolerations that will be added to the pods of the module.
.spec.distribution.modules.logging.overrides.tolerations.effect
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"NoSchedule" |
"PreferNoSchedule" |
"NoExecute" |
.spec.distribution.modules.logging.overrides.tolerations.key
Description
The key of the toleration
.spec.distribution.modules.logging.overrides.tolerations.operator
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"Exists" |
"Equal" |
.spec.distribution.modules.logging.overrides.tolerations.value
Description
The value of the toleration
.spec.distribution.modules.logging.type
Description
Selects the logging stack. Options are:
none: will disable the centralized logging.opensearch: will deploy and configure the Logging Operator and an OpenSearch cluster (can be single or triple for HA) where the logs will be stored.loki: will use a distributed Grafana Loki instead of OpenSearch for storage.customOuputs: the Logging Operator will be deployed and installed but without in-cluster storage, you will have to create the needed Outputs and ClusterOutputs to ship the logs to your desired storage.
Default is opensearch.
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"none" |
"opensearch" |
"loki" |
"customOutputs" |
.spec.distribution.modules.monitoring
Properties
| Property | Type | Required |
|---|---|---|
| alertmanager | object | Optional |
| blackboxExporter | object | Optional |
| grafana | object | Optional |
| kubeStateMetrics | object | Optional |
| mimir | object | Optional |
| minio | object | Optional |
| overrides | object | Optional |
| prometheus | object | Optional |
| prometheusAgent | object | Optional |
| type | string | Required |
| x509Exporter | object | Optional |
Description
Configuration for the Monitoring module.
.spec.distribution.modules.monitoring.alertmanager
Properties
| Property | Type | Required |
|---|---|---|
| deadManSwitchWebhookUrl | string | Optional |
| installDefaultRules | boolean | Optional |
| slackWebhookUrl | string | Optional |
.spec.distribution.modules.monitoring.alertmanager.deadManSwitchWebhookUrl
Description
The webhook URL to send dead man's switch monitoring, for example to use with healthchecks.io.
.spec.distribution.modules.monitoring.alertmanager.installDefaultRules
Description
Set to false to avoid installing the Prometheus rules (alerts) included with the distribution.
.spec.distribution.modules.monitoring.alertmanager.slackWebhookUrl
Description
The Slack webhook URL where to send the infrastructural and workload alerts to.
.spec.distribution.modules.monitoring.blackboxExporter
Properties
| Property | Type | Required |
|---|---|---|
| overrides | object | Optional |
.spec.distribution.modules.monitoring.blackboxExporter.overrides
Properties
| Property | Type | Required |
|---|---|---|
| nodeSelector | object | Optional |
| tolerations | array | Optional |
.spec.distribution.modules.monitoring.blackboxExporter.overrides.nodeSelector
Description
Set to override the node selector used to place the pods of the package.
.spec.distribution.modules.monitoring.blackboxExporter.overrides.tolerations
Properties
| Property | Type | Required |
|---|---|---|
| effect | string | Required |
| key | string | Required |
| operator | string | Optional |
| value | string | Optional |
Description
Set to override the tolerations that will be added to the pods of the package.
.spec.distribution.modules.monitoring.blackboxExporter.overrides.tolerations.effect
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"NoSchedule" |
"PreferNoSchedule" |
"NoExecute" |
.spec.distribution.modules.monitoring.blackboxExporter.overrides.tolerations.key
Description
The key of the toleration
.spec.distribution.modules.monitoring.blackboxExporter.overrides.tolerations.operator
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"Exists" |
"Equal" |
.spec.distribution.modules.monitoring.blackboxExporter.overrides.tolerations.value
Description
The value of the toleration
.spec.distribution.modules.monitoring.grafana
Properties
| Property | Type | Required |
|---|---|---|
| basicAuthIngress | boolean | Optional |
| overrides | object | Optional |
| usersRoleAttributePath | string | Optional |
.spec.distribution.modules.monitoring.grafana.basicAuthIngress
Description
Setting this to true will deploy an additional grafana-basic-auth ingress protected with Grafana's basic auth instead of SSO. It's intended use is as a temporary ingress for when there are problems with the SSO login flow.
Notice that by default anonymous access is enabled.
.spec.distribution.modules.monitoring.grafana.overrides
Properties
| Property | Type | Required |
|---|---|---|
| nodeSelector | object | Optional |
| tolerations | array | Optional |
.spec.distribution.modules.monitoring.grafana.overrides.nodeSelector
Description
Set to override the node selector used to place the pods of the package.
.spec.distribution.modules.monitoring.grafana.overrides.tolerations
Properties
| Property | Type | Required |
|---|---|---|
| effect | string | Required |
| key | string | Required |
| operator | string | Optional |
| value | string | Optional |
Description
Set to override the tolerations that will be added to the pods of the package.
.spec.distribution.modules.monitoring.grafana.overrides.tolerations.effect
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"NoSchedule" |
"PreferNoSchedule" |
"NoExecute" |
.spec.distribution.modules.monitoring.grafana.overrides.tolerations.key
Description
The key of the toleration
.spec.distribution.modules.monitoring.grafana.overrides.tolerations.operator
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"Exists" |
"Equal" |
.spec.distribution.modules.monitoring.grafana.overrides.tolerations.value
Description
The value of the toleration
.spec.distribution.modules.monitoring.grafana.usersRoleAttributePath
Description
JMESPath expression to retrieve the user's role. Example:
usersRoleAttributePath: "contains(groups[*], 'beta') && 'Admin' || contains(groups[*], 'gamma') && 'Editor' || contains(groups[*], 'delta') && 'Viewer'
More details in Grafana's documentation.
.spec.distribution.modules.monitoring.kubeStateMetrics
Properties
| Property | Type | Required |
|---|---|---|
| overrides | object | Optional |
.spec.distribution.modules.monitoring.kubeStateMetrics.overrides
Properties
| Property | Type | Required |
|---|---|---|
| nodeSelector | object | Optional |
| tolerations | array | Optional |
.spec.distribution.modules.monitoring.kubeStateMetrics.overrides.nodeSelector
Description
Set to override the node selector used to place the pods of the package.
.spec.distribution.modules.monitoring.kubeStateMetrics.overrides.tolerations
Properties
| Property | Type | Required |
|---|---|---|
| effect | string | Required |
| key | string | Required |
| operator | string | Optional |
| value | string | Optional |
Description
Set to override the tolerations that will be added to the pods of the package.
.spec.distribution.modules.monitoring.kubeStateMetrics.overrides.tolerations.effect
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"NoSchedule" |
"PreferNoSchedule" |
"NoExecute" |
.spec.distribution.modules.monitoring.kubeStateMetrics.overrides.tolerations.key
Description
The key of the toleration
.spec.distribution.modules.monitoring.kubeStateMetrics.overrides.tolerations.operator
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"Exists" |
"Equal" |
.spec.distribution.modules.monitoring.kubeStateMetrics.overrides.tolerations.value
Description
The value of the toleration
.spec.distribution.modules.monitoring.mimir
Properties
| Property | Type | Required |
|---|---|---|
| backend | string | Optional |
| externalEndpoint | object | Optional |
| overrides | object | Optional |
| retentionTime | string | Optional |
Description
Configuration for the Mimir package.
.spec.distribution.modules.monitoring.mimir.backend
Description
The storage backend type for Mimir. minio will use an in-cluster MinIO deployment for object storage, externalEndpoint can be used to point to an external S3-compatible object storage instead of deploying an in-cluster MinIO.
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"minio" |
"externalEndpoint" |
.spec.distribution.modules.monitoring.mimir.externalEndpoint
Properties
| Property | Type | Required |
|---|---|---|
| accessKeyId | string | Optional |
| bucketName | string | Optional |
| endpoint | string | Optional |
| insecure | boolean | Optional |
| secretAccessKey | string | Optional |
Description
Configuration for Mimir's external storage backend.
.spec.distribution.modules.monitoring.mimir.externalEndpoint.accessKeyId
Description
The access key ID (username) for the external S3-compatible bucket.
.spec.distribution.modules.monitoring.mimir.externalEndpoint.bucketName
Description
The bucket name of the external S3-compatible object storage.
.spec.distribution.modules.monitoring.mimir.externalEndpoint.endpoint
Description
The external S3-compatible endpoint for Mimir's storage.
.spec.distribution.modules.monitoring.mimir.externalEndpoint.insecure
Description
If true, will use HTTP as protocol instead of HTTPS.
.spec.distribution.modules.monitoring.mimir.externalEndpoint.secretAccessKey
Description
The secret access key (password) for the external S3-compatible bucket.
.spec.distribution.modules.monitoring.mimir.overrides
Properties
| Property | Type | Required |
|---|---|---|
| nodeSelector | object | Optional |
| tolerations | array | Optional |
.spec.distribution.modules.monitoring.mimir.overrides.nodeSelector
Description
Set to override the node selector used to place the pods of the package.
.spec.distribution.modules.monitoring.mimir.overrides.tolerations
Properties
| Property | Type | Required |
|---|---|---|
| effect | string | Required |
| key | string | Required |
| operator | string | Optional |
| value | string | Optional |
Description
Set to override the tolerations that will be added to the pods of the package.
.spec.distribution.modules.monitoring.mimir.overrides.tolerations.effect
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"NoSchedule" |
"PreferNoSchedule" |
"NoExecute" |
.spec.distribution.modules.monitoring.mimir.overrides.tolerations.key
Description
The key of the toleration
.spec.distribution.modules.monitoring.mimir.overrides.tolerations.operator
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"Exists" |
"Equal" |
.spec.distribution.modules.monitoring.mimir.overrides.tolerations.value
Description
The value of the toleration
.spec.distribution.modules.monitoring.mimir.retentionTime
Description
The retention time for the logs stored in Mimir. Default is 30d. Value must match the regular expression [0-9]+(ns|us|µs|ms|s|m|h|d|w|y) where y = 365 days.
.spec.distribution.modules.monitoring.minio
Properties
| Property | Type | Required |
|---|---|---|
| overrides | object | Optional |
| rootUser | object | Optional |
| storageSize | string | Optional |
Description
Configuration for Monitoring's MinIO deployment.
.spec.distribution.modules.monitoring.minio.overrides
Properties
| Property | Type | Required |
|---|---|---|
| nodeSelector | object | Optional |
| tolerations | array | Optional |
.spec.distribution.modules.monitoring.minio.overrides.nodeSelector
Description
Set to override the node selector used to place the pods of the package.
.spec.distribution.modules.monitoring.minio.overrides.tolerations
Properties
| Property | Type | Required |
|---|---|---|
| effect | string | Required |
| key | string | Required |
| operator | string | Optional |
| value | string | Optional |
Description
Set to override the tolerations that will be added to the pods of the package.
.spec.distribution.modules.monitoring.minio.overrides.tolerations.effect
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"NoSchedule" |
"PreferNoSchedule" |
"NoExecute" |
.spec.distribution.modules.monitoring.minio.overrides.tolerations.key
Description
The key of the toleration
.spec.distribution.modules.monitoring.minio.overrides.tolerations.operator
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"Exists" |
"Equal" |
.spec.distribution.modules.monitoring.minio.overrides.tolerations.value
Description
The value of the toleration
.spec.distribution.modules.monitoring.minio.rootUser
Properties
| Property | Type | Required |
|---|---|---|
| password | string | Optional |
| username | string | Optional |
.spec.distribution.modules.monitoring.minio.rootUser.password
Description
The password for the default MinIO root user.
.spec.distribution.modules.monitoring.minio.rootUser.username
Description
The username for the default MinIO root user.
.spec.distribution.modules.monitoring.minio.storageSize
Description
The PVC size for each MinIO disk, 6 disks total.
.spec.distribution.modules.monitoring.overrides
Properties
| Property | Type | Required |
|---|---|---|
| ingresses | object | Optional |
| nodeSelector | object | Optional |
| tolerations | array | Optional |
Description
Override the common configuration with a particular configuration for the module.
.spec.distribution.modules.monitoring.overrides.ingresses
.spec.distribution.modules.monitoring.overrides.nodeSelector
Description
Set to override the node selector used to place the pods of the module.
.spec.distribution.modules.monitoring.overrides.tolerations
Properties
| Property | Type | Required |
|---|---|---|
| effect | string | Required |
| key | string | Required |
| operator | string | Optional |
| value | string | Optional |
Description
Set to override the tolerations that will be added to the pods of the module.
.spec.distribution.modules.monitoring.overrides.tolerations.effect
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"NoSchedule" |
"PreferNoSchedule" |
"NoExecute" |
.spec.distribution.modules.monitoring.overrides.tolerations.key
Description
The key of the toleration
.spec.distribution.modules.monitoring.overrides.tolerations.operator
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"Exists" |
"Equal" |
.spec.distribution.modules.monitoring.overrides.tolerations.value
Description
The value of the toleration
.spec.distribution.modules.monitoring.prometheus
Properties
| Property | Type | Required |
|---|---|---|
| remoteWrite | array | Optional |
| resources | object | Optional |
| retentionSize | string | Optional |
| retentionTime | string | Optional |
| storageSize | string | Optional |
.spec.distribution.modules.monitoring.prometheus.remoteWrite
Description
Set this option to ship the collected metrics to a remote Prometheus receiver.
remoteWrite is an array of objects that allows configuring the remoteWrite options for Prometheus. The objects in the array follow the same schema as in the prometheus operator.
.spec.distribution.modules.monitoring.prometheus.resources
Properties
| Property | Type | Required |
|---|---|---|
| limits | object | Optional |
| requests | object | Optional |
.spec.distribution.modules.monitoring.prometheus.resources.limits
Properties
| Property | Type | Required |
|---|---|---|
| cpu | string | Optional |
| memory | string | Optional |
.spec.distribution.modules.monitoring.prometheus.resources.limits.cpu
Description
The CPU limit for the Pod. Example: 1000m.
.spec.distribution.modules.monitoring.prometheus.resources.limits.memory
Description
The memory limit for the Pod. Example: 1G.
.spec.distribution.modules.monitoring.prometheus.resources.requests
Properties
| Property | Type | Required |
|---|---|---|
| cpu | string | Optional |
| memory | string | Optional |
.spec.distribution.modules.monitoring.prometheus.resources.requests.cpu
Description
The CPU request for the Pod, in cores. Example: 500m.
.spec.distribution.modules.monitoring.prometheus.resources.requests.memory
Description
The memory request for the Pod. Example: 500M.
.spec.distribution.modules.monitoring.prometheus.retentionSize
Description
The retention size for the k8s Prometheus instance.
.spec.distribution.modules.monitoring.prometheus.retentionTime
Description
The retention time for the k8s Prometheus instance.
.spec.distribution.modules.monitoring.prometheus.storageSize
Description
The storage size for the k8s Prometheus instance.
.spec.distribution.modules.monitoring.prometheusAgent
Properties
| Property | Type | Required |
|---|---|---|
| remoteWrite | array | Optional |
| resources | object | Optional |
.spec.distribution.modules.monitoring.prometheusAgent.remoteWrite
Description
Set this option to ship the collected metrics to a remote Prometheus receiver.
remoteWrite is an array of objects that allows configuring the remoteWrite options for Prometheus. The objects in the array follow the same schema as in the prometheus operator.
.spec.distribution.modules.monitoring.prometheusAgent.resources
Properties
| Property | Type | Required |
|---|---|---|
| limits | object | Optional |
| requests | object | Optional |
.spec.distribution.modules.monitoring.prometheusAgent.resources.limits
Properties
| Property | Type | Required |
|---|---|---|
| cpu | string | Optional |
| memory | string | Optional |
.spec.distribution.modules.monitoring.prometheusAgent.resources.limits.cpu
Description
The CPU limit for the Pod. Example: 1000m.
.spec.distribution.modules.monitoring.prometheusAgent.resources.limits.memory
Description
The memory limit for the Pod. Example: 1G.
.spec.distribution.modules.monitoring.prometheusAgent.resources.requests
Properties
| Property | Type | Required |
|---|---|---|
| cpu | string | Optional |
| memory | string | Optional |
.spec.distribution.modules.monitoring.prometheusAgent.resources.requests.cpu
Description
The CPU request for the Pod, in cores. Example: 500m.
.spec.distribution.modules.monitoring.prometheusAgent.resources.requests.memory
Description
The memory request for the Pod. Example: 500M.
.spec.distribution.modules.monitoring.type
Description
The type of the monitoring, must be none, prometheus, prometheusAgent or mimir.
none: will disable the whole monitoring stack.prometheus: will install Prometheus Operator and a preconfigured Prometheus instance, Alertmanager, a set of alert rules, exporters needed to monitor all the components of the cluster, Grafana and a series of dashboards to view the collected metrics, and more.prometheusAgent: will install Prometheus operator, an instance of Prometheus in Agent mode (no alerting, no queries, no storage), and all the exporters needed to get metrics for the status of the cluster and the workloads. Useful when having a centralized (remote) Prometheus where to ship the metrics and not storing them locally in the cluster.mimir: will install the same as theprometheusoption, plus Grafana Mimir that allows for longer retention of metrics and the usage of Object Storage.
Default is prometheus.
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"none" |
"prometheus" |
"prometheusAgent" |
"mimir" |
.spec.distribution.modules.monitoring.x509Exporter
Properties
| Property | Type | Required |
|---|---|---|
| overrides | object | Optional |
.spec.distribution.modules.monitoring.x509Exporter.overrides
Properties
| Property | Type | Required |
|---|---|---|
| nodeSelector | object | Optional |
| tolerations | array | Optional |
.spec.distribution.modules.monitoring.x509Exporter.overrides.nodeSelector
Description
Set to override the node selector used to place the pods of the package.
.spec.distribution.modules.monitoring.x509Exporter.overrides.tolerations
Properties
| Property | Type | Required |
|---|---|---|
| effect | string | Required |
| key | string | Required |
| operator | string | Optional |
| value | string | Optional |
Description
Set to override the tolerations that will be added to the pods of the package.
.spec.distribution.modules.monitoring.x509Exporter.overrides.tolerations.effect
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"NoSchedule" |
"PreferNoSchedule" |
"NoExecute" |
.spec.distribution.modules.monitoring.x509Exporter.overrides.tolerations.key
Description
The key of the toleration
.spec.distribution.modules.monitoring.x509Exporter.overrides.tolerations.operator
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"Exists" |
"Equal" |
.spec.distribution.modules.monitoring.x509Exporter.overrides.tolerations.value
Description
The value of the toleration
.spec.distribution.modules.networking
Properties
| Property | Type | Required |
|---|---|---|
| overrides | object | Optional |
| tigeraOperator | object | Optional |
Description
Configuration for the Networking module.
.spec.distribution.modules.networking.overrides
Properties
| Property | Type | Required |
|---|---|---|
| ingresses | object | Optional |
| nodeSelector | object | Optional |
| tolerations | array | Optional |
Description
Override the common configuration with a particular configuration for the module.
.spec.distribution.modules.networking.overrides.ingresses
.spec.distribution.modules.networking.overrides.nodeSelector
Description
Set to override the node selector used to place the pods of the module.
.spec.distribution.modules.networking.overrides.tolerations
Properties
| Property | Type | Required |
|---|---|---|
| effect | string | Required |
| key | string | Required |
| operator | string | Optional |
| value | string | Optional |
Description
Set to override the tolerations that will be added to the pods of the module.
.spec.distribution.modules.networking.overrides.tolerations.effect
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"NoSchedule" |
"PreferNoSchedule" |
"NoExecute" |
.spec.distribution.modules.networking.overrides.tolerations.key
Description
The key of the toleration
.spec.distribution.modules.networking.overrides.tolerations.operator
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"Exists" |
"Equal" |
.spec.distribution.modules.networking.overrides.tolerations.value
Description
The value of the toleration
.spec.distribution.modules.networking.tigeraOperator
Properties
| Property | Type | Required |
|---|---|---|
| overrides | object | Optional |
.spec.distribution.modules.networking.tigeraOperator.overrides
Properties
| Property | Type | Required |
|---|---|---|
| nodeSelector | object | Optional |
| tolerations | array | Optional |
.spec.distribution.modules.networking.tigeraOperator.overrides.nodeSelector
Description
Set to override the node selector used to place the pods of the package.
.spec.distribution.modules.networking.tigeraOperator.overrides.tolerations
Properties
| Property | Type | Required |
|---|---|---|
| effect | string | Required |
| key | string | Required |
| operator | string | Optional |
| value | string | Optional |
Description
Set to override the tolerations that will be added to the pods of the package.
.spec.distribution.modules.networking.tigeraOperator.overrides.tolerations.effect
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"NoSchedule" |
"PreferNoSchedule" |
"NoExecute" |
.spec.distribution.modules.networking.tigeraOperator.overrides.tolerations.key
Description
The key of the toleration
.spec.distribution.modules.networking.tigeraOperator.overrides.tolerations.operator
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"Exists" |
"Equal" |
.spec.distribution.modules.networking.tigeraOperator.overrides.tolerations.value
Description
The value of the toleration
.spec.distribution.modules.policy
Properties
| Property | Type | Required |
|---|---|---|
| gatekeeper | object | Optional |
| kyverno | object | Optional |
| overrides | object | Optional |
| type | string | Required |
Description
Configuration for the Policy module.
.spec.distribution.modules.policy.gatekeeper
Properties
| Property | Type | Required |
|---|---|---|
| additionalExcludedNamespaces | array | Optional |
| enforcementAction | string | Required |
| installDefaultPolicies | boolean | Required |
| overrides | object | Optional |
Description
Configuration for the Gatekeeper package.
.spec.distribution.modules.policy.gatekeeper.additionalExcludedNamespaces
Description
This parameter adds namespaces to Gatekeeper's exemption list, so it will not enforce the constraints on them.
.spec.distribution.modules.policy.gatekeeper.enforcementAction
Description
The default enforcement action to use for the included constraints. deny will block the admission when violations to the policies are found, warn will show a message to the user but will admit the violating requests and dryrun won't give any feedback to the user but it will log the violations.
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"deny" |
"dryrun" |
"warn" |
.spec.distribution.modules.policy.gatekeeper.installDefaultPolicies
Description
Set to false to avoid installing the default Gatekeeper policies (constraints templates and constraints) included with the distribution.
.spec.distribution.modules.policy.gatekeeper.overrides
Properties
| Property | Type | Required |
|---|---|---|
| nodeSelector | object | Optional |
| tolerations | array | Optional |
.spec.distribution.modules.policy.gatekeeper.overrides.nodeSelector
Description
Set to override the node selector used to place the pods of the package.
.spec.distribution.modules.policy.gatekeeper.overrides.tolerations
Properties
| Property | Type | Required |
|---|---|---|
| effect | string | Required |
| key | string | Required |
| operator | string | Optional |
| value | string | Optional |
Description
Set to override the tolerations that will be added to the pods of the package.
.spec.distribution.modules.policy.gatekeeper.overrides.tolerations.effect
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"NoSchedule" |
"PreferNoSchedule" |
"NoExecute" |
.spec.distribution.modules.policy.gatekeeper.overrides.tolerations.key
Description
The key of the toleration
.spec.distribution.modules.policy.gatekeeper.overrides.tolerations.operator
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"Exists" |
"Equal" |
.spec.distribution.modules.policy.gatekeeper.overrides.tolerations.value
Description
The value of the toleration
.spec.distribution.modules.policy.kyverno
Properties
| Property | Type | Required |
|---|---|---|
| additionalExcludedNamespaces | array | Optional |
| installDefaultPolicies | boolean | Required |
| overrides | object | Optional |
| validationFailureAction | string | Required |
Description
Configuration for the Kyverno package.
.spec.distribution.modules.policy.kyverno.additionalExcludedNamespaces
Description
This parameter adds namespaces to Kyverno's exemption list, so it will not enforce the policies on them.
.spec.distribution.modules.policy.kyverno.installDefaultPolicies
Description
Set to false to avoid installing the default Kyverno policies included with distribution.
.spec.distribution.modules.policy.kyverno.overrides
Properties
| Property | Type | Required |
|---|---|---|
| nodeSelector | object | Optional |
| tolerations | array | Optional |
.spec.distribution.modules.policy.kyverno.overrides.nodeSelector
Description
Set to override the node selector used to place the pods of the package.
.spec.distribution.modules.policy.kyverno.overrides.tolerations
Properties
| Property | Type | Required |
|---|---|---|
| effect | string | Required |
| key | string | Required |
| operator | string | Optional |
| value | string | Optional |
Description
Set to override the tolerations that will be added to the pods of the package.
.spec.distribution.modules.policy.kyverno.overrides.tolerations.effect
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"NoSchedule" |
"PreferNoSchedule" |
"NoExecute" |
.spec.distribution.modules.policy.kyverno.overrides.tolerations.key
Description
The key of the toleration
.spec.distribution.modules.policy.kyverno.overrides.tolerations.operator
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"Exists" |
"Equal" |
.spec.distribution.modules.policy.kyverno.overrides.tolerations.value
Description
The value of the toleration
.spec.distribution.modules.policy.kyverno.validationFailureAction
Description
The validation failure action to use for the included policies, Enforce will block when a request does not comply with the policies and Audit will not block but log when a request does not comply with the policies.
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"Audit" |
"Enforce" |
.spec.distribution.modules.policy.overrides
Properties
| Property | Type | Required |
|---|---|---|
| ingresses | object | Optional |
| nodeSelector | object | Optional |
| tolerations | array | Optional |
Description
Override the common configuration with a particular configuration for the module.
.spec.distribution.modules.policy.overrides.ingresses
.spec.distribution.modules.policy.overrides.nodeSelector
Description
Set to override the node selector used to place the pods of the module.
.spec.distribution.modules.policy.overrides.tolerations
Properties
| Property | Type | Required |
|---|---|---|
| effect | string | Required |
| key | string | Required |
| operator | string | Optional |
| value | string | Optional |
Description
Set to override the tolerations that will be added to the pods of the module.
.spec.distribution.modules.policy.overrides.tolerations.effect
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"NoSchedule" |
"PreferNoSchedule" |
"NoExecute" |
.spec.distribution.modules.policy.overrides.tolerations.key
Description
The key of the toleration
.spec.distribution.modules.policy.overrides.tolerations.operator
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"Exists" |
"Equal" |
.spec.distribution.modules.policy.overrides.tolerations.value
Description
The value of the toleration
.spec.distribution.modules.policy.type
Description
The type of policy enforcement to use, either none, gatekeeper or kyverno.
Default is none.
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"none" |
"gatekeeper" |
"kyverno" |
.spec.distribution.modules.tracing
Properties
| Property | Type | Required |
|---|---|---|
| minio | object | Optional |
| overrides | object | Optional |
| tempo | object | Optional |
| type | string | Required |
Description
Configuration for the Tracing module.
.spec.distribution.modules.tracing.minio
Properties
| Property | Type | Required |
|---|---|---|
| overrides | object | Optional |
| rootUser | object | Optional |
| storageSize | string | Optional |
Description
Configuration for Tracing's MinIO deployment.
.spec.distribution.modules.tracing.minio.overrides
Properties
| Property | Type | Required |
|---|---|---|
| nodeSelector | object | Optional |
| tolerations | array | Optional |
.spec.distribution.modules.tracing.minio.overrides.nodeSelector
Description
Set to override the node selector used to place the pods of the package.
.spec.distribution.modules.tracing.minio.overrides.tolerations
Properties
| Property | Type | Required |
|---|---|---|
| effect | string | Required |
| key | string | Required |
| operator | string | Optional |
| value | string | Optional |
Description
Set to override the tolerations that will be added to the pods of the package.
.spec.distribution.modules.tracing.minio.overrides.tolerations.effect
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"NoSchedule" |
"PreferNoSchedule" |
"NoExecute" |
.spec.distribution.modules.tracing.minio.overrides.tolerations.key
Description
The key of the toleration
.spec.distribution.modules.tracing.minio.overrides.tolerations.operator
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"Exists" |
"Equal" |
.spec.distribution.modules.tracing.minio.overrides.tolerations.value
Description
The value of the toleration
.spec.distribution.modules.tracing.minio.rootUser
Properties
| Property | Type | Required |
|---|---|---|
| password | string | Optional |
| username | string | Optional |
.spec.distribution.modules.tracing.minio.rootUser.password
Description
The password for the default MinIO root user.
.spec.distribution.modules.tracing.minio.rootUser.username
Description
The username for the default MinIO root user.
.spec.distribution.modules.tracing.minio.storageSize
Description
The PVC size for each MinIO disk, 6 disks total.
.spec.distribution.modules.tracing.overrides
Properties
| Property | Type | Required |
|---|---|---|
| ingresses | object | Optional |
| nodeSelector | object | Optional |
| tolerations | array | Optional |
Description
Override the common configuration with a particular configuration for the module.
.spec.distribution.modules.tracing.overrides.ingresses
.spec.distribution.modules.tracing.overrides.nodeSelector
Description
Set to override the node selector used to place the pods of the module.
.spec.distribution.modules.tracing.overrides.tolerations
Properties
| Property | Type | Required |
|---|---|---|
| effect | string | Required |
| key | string | Required |
| operator | string | Optional |
| value | string | Optional |
Description
Set to override the tolerations that will be added to the pods of the module.
.spec.distribution.modules.tracing.overrides.tolerations.effect
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"NoSchedule" |
"PreferNoSchedule" |
"NoExecute" |
.spec.distribution.modules.tracing.overrides.tolerations.key
Description
The key of the toleration
.spec.distribution.modules.tracing.overrides.tolerations.operator
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"Exists" |
"Equal" |
.spec.distribution.modules.tracing.overrides.tolerations.value
Description
The value of the toleration
.spec.distribution.modules.tracing.tempo
Properties
| Property | Type | Required |
|---|---|---|
| backend | string | Optional |
| externalEndpoint | object | Optional |
| overrides | object | Optional |
| retentionTime | string | Optional |
Description
Configuration for the Tempo package.
.spec.distribution.modules.tracing.tempo.backend
Description
The storage backend type for Tempo. minio will use an in-cluster MinIO deployment for object storage, externalEndpoint can be used to point to an external S3-compatible object storage instead of deploying an in-cluster MinIO.
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"minio" |
"externalEndpoint" |
.spec.distribution.modules.tracing.tempo.externalEndpoint
Properties
| Property | Type | Required |
|---|---|---|
| accessKeyId | string | Optional |
| bucketName | string | Optional |
| endpoint | string | Optional |
| insecure | boolean | Optional |
| secretAccessKey | string | Optional |
Description
Configuration for Tempo's external storage backend.
.spec.distribution.modules.tracing.tempo.externalEndpoint.accessKeyId
Description
The access key ID (username) for the external S3-compatible bucket.
.spec.distribution.modules.tracing.tempo.externalEndpoint.bucketName
Description
The bucket name of the external S3-compatible object storage.
.spec.distribution.modules.tracing.tempo.externalEndpoint.endpoint
Description
The external S3-compatible endpoint for Tempo's storage.
.spec.distribution.modules.tracing.tempo.externalEndpoint.insecure
Description
If true, will use HTTP as protocol instead of HTTPS.
.spec.distribution.modules.tracing.tempo.externalEndpoint.secretAccessKey
Description
The secret access key (password) for the external S3-compatible bucket.
.spec.distribution.modules.tracing.tempo.overrides
Properties
| Property | Type | Required |
|---|---|---|
| nodeSelector | object | Optional |
| tolerations | array | Optional |
.spec.distribution.modules.tracing.tempo.overrides.nodeSelector
Description
Set to override the node selector used to place the pods of the package.
.spec.distribution.modules.tracing.tempo.overrides.tolerations
Properties
| Property | Type | Required |
|---|---|---|
| effect | string | Required |
| key | string | Required |
| operator | string | Optional |
| value | string | Optional |
Description
Set to override the tolerations that will be added to the pods of the package.
.spec.distribution.modules.tracing.tempo.overrides.tolerations.effect
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"NoSchedule" |
"PreferNoSchedule" |
"NoExecute" |
.spec.distribution.modules.tracing.tempo.overrides.tolerations.key
Description
The key of the toleration
.spec.distribution.modules.tracing.tempo.overrides.tolerations.operator
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"Exists" |
"Equal" |
.spec.distribution.modules.tracing.tempo.overrides.tolerations.value
Description
The value of the toleration
.spec.distribution.modules.tracing.tempo.retentionTime
Description
The retention time for the traces stored in Tempo.
.spec.distribution.modules.tracing.type
Description
The type of tracing to use, either none or tempo. none will disable the Tracing module and tempo will install a Grafana Tempo deployment.
Default is tempo.
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"none" |
"tempo" |
.spec.distributionVersion
Description
Defines which KFD version will be installed and, in consequence, the Kubernetes version used to create the cluster. It supports git tags and branches. Example: v1.30.1.
Constraints
minimum length: the minimum number of characters for this string is: 1
.spec.infrastructure
Properties
| Property | Type | Required |
|---|---|---|
| vpc | object | Optional |
| vpn | object | Optional |
.spec.infrastructure.vpc
Properties
| Property | Type | Required |
|---|---|---|
| network | object | Required |
Description
Configuration for the VPC that will be created to host the EKS cluster and its related resources. If you already have a VPC that you want to use, leave this section empty and use .spec.kubernetes.vpcId instead.
.spec.infrastructure.vpc.network
Properties
| Property | Type | Required |
|---|---|---|
| cidr | string | Required |
| subnetsCidrs | object | Required |
.spec.infrastructure.vpc.network.cidr
Description
The network CIDR for the VPC that will be created
Constraints
pattern: the string must match the following regular expression:
^((25[0-5]|(2[0-4]|1\d|[1-9]|)\d)\.?\b){4}\/(3[0-2]|[1-2][0-9]|[0-9])$
.spec.infrastructure.vpc.network.subnetsCidrs
Properties
| Property | Type | Required |
|---|---|---|
| private | array | Required |
| public | array | Required |
Description
Network CIDRS configuration for private and public subnets.
.spec.infrastructure.vpc.network.subnetsCidrs.private
Description
The network CIDRs for the private subnets, where the nodes, the pods, and the private load balancers will be created
Constraints
pattern: the string must match the following regular expression:
^((25[0-5]|(2[0-4]|1\d|[1-9]|)\d)\.?\b){4}\/(3[0-2]|[1-2][0-9]|[0-9])$
.spec.infrastructure.vpc.network.subnetsCidrs.public
Description
The network CIDRs for the public subnets, where the public load balancers and the VPN servers will be created
Constraints
pattern: the string must match the following regular expression:
^((25[0-5]|(2[0-4]|1\d|[1-9]|)\d)\.?\b){4}\/(3[0-2]|[1-2][0-9]|[0-9])$
.spec.infrastructure.vpn
Properties
| Property | Type | Required |
|---|---|---|
| bucketNamePrefix | string | Optional |
| dhParamsBits | integer | Optional |
| diskSize | integer | Optional |
| iamUserNameOverride | string | Optional |
| instanceType | string | Optional |
| instances | integer | Optional |
| operatorName | string | Optional |
| port | integer | Optional |
| ssh | object | Required |
| vpcId | string | Optional |
| vpnClientsSubnetCidr | string | Required |
Description
Configuration for the VPN server instances.
.spec.infrastructure.vpn.bucketNamePrefix
Description
This value defines the prefix for the bucket name where the VPN servers will store their state (VPN certificates, users).
.spec.infrastructure.vpn.dhParamsBits
Description
The dhParamsBits size used for the creation of the .pem file that will be used in the dh openvpn server.conf file.
.spec.infrastructure.vpn.diskSize
Description
The size of the disk in GB for each VPN server. Example: entering 50 will create disks of 50 GB.
.spec.infrastructure.vpn.iamUserNameOverride
Description
Overrides IAM user name for the VPN. Default is to use the cluster name.
Constraints
pattern: the string must match the following regular expression:
^[a-zA-Z0-9+=,.@_-]{1,63}$
.spec.infrastructure.vpn.instanceType
Description
The type of the AWS EC2 instance for each VPN server. Follows AWS EC2 nomenclature. Example: t3-micro.
.spec.infrastructure.vpn.instances
Description
The number of VPN server instances to create, 0 to skip the creation.
.spec.infrastructure.vpn.operatorName
Description
The username of the account to create in the bastion's operating system.
.spec.infrastructure.vpn.port
Description
The port where each OpenVPN server will listen for connections.
.spec.infrastructure.vpn.ssh
Properties
| Property | Type | Required |
|---|---|---|
| allowedFromCidrs | array | Required |
| githubUsersName | array | Required |
| publicKeys | array | Optional |
.spec.infrastructure.vpn.ssh.allowedFromCidrs
Description
The network CIDR enabled in the security group to access the VPN servers (bastions) via SSH. Setting this to 0.0.0.0/0 will allow any source.
Constraints
pattern: the string must match the following regular expression:
^((25[0-5]|(2[0-4]|1\d|[1-9]|)\d)\.?\b){4}\/(3[0-2]|[1-2][0-9]|[0-9])$
.spec.infrastructure.vpn.ssh.githubUsersName
Description
List of GitHub usernames from whom get their SSH public key and add as authorized keys of the operatorName user.
Constraints
minimum number of items: the minimum number of items for this array is: 1
.spec.infrastructure.vpn.ssh.publicKeys
Description
NOT IN USE, use githubUsersName instead. This value defines the public keys that will be added to the bastion's operating system.
.spec.infrastructure.vpn.vpcId
Description
The ID of the VPC where the VPN server instances will be created, required only if .spec.infrastructure.vpc is omitted.
Constraints
pattern: the string must match the following regular expression:
^vpc\-([0-9a-f]{8}|[0-9a-f]{17})$
.spec.infrastructure.vpn.vpnClientsSubnetCidr
Description
The network CIDR that will be used to assign IP addresses to the VPN clients when connected.
Constraints
pattern: the string must match the following regular expression:
^((25[0-5]|(2[0-4]|1\d|[1-9]|)\d)\.?\b){4}\/(3[0-2]|[1-2][0-9]|[0-9])$
.spec.kubernetes
Properties
| Property | Type | Required |
|---|---|---|
| apiServer | object | Required |
| awsAuth | object | Optional |
| clusterIAMRoleNamePrefixOverride | string | Optional |
| logRetentionDays | integer | Optional |
| logsTypes | array | Optional |
| nodeAllowedSshPublicKey | object | Required |
| nodePoolGlobalAmiType | string | Required |
| nodePools | array | Required |
| nodePoolsLaunchKind | string | Required |
| serviceIpV4Cidr | string | Optional |
| subnetIds | array | Optional |
| vpcId | string | Optional |
| workersIAMRoleNamePrefixOverride | string | Optional |
Description
Defines the Kubernetes components configuration and the values needed for the kubernetes phase of furyctl.
.spec.kubernetes.apiServer
Properties
| Property | Type | Required |
|---|---|---|
| privateAccess | boolean | Required |
| privateAccessCidrs | array | Optional |
| publicAccess | boolean | Required |
| publicAccessCidrs | array | Optional |
.spec.kubernetes.apiServer.privateAccess
Description
This value defines if the Kubernetes API server will be accessible from the private subnets. Default it true.
.spec.kubernetes.apiServer.privateAccessCidrs
Description
The network CIDRs from the private subnets that will be allowed access the Kubernetes API server.
Constraints
pattern: the string must match the following regular expression:
^((25[0-5]|(2[0-4]|1\d|[1-9]|)\d)\.?\b){4}\/(3[0-2]|[1-2][0-9]|[0-9])$
.spec.kubernetes.apiServer.publicAccess
Description
This value defines if the Kubernetes API server will be accessible from the public subnets. Default is false.
.spec.kubernetes.apiServer.publicAccessCidrs
Description
The network CIDRs from the public subnets that will be allowed access the Kubernetes API server.
Constraints
pattern: the string must match the following regular expression:
^((25[0-5]|(2[0-4]|1\d|[1-9]|)\d)\.?\b){4}\/(3[0-2]|[1-2][0-9]|[0-9])$
.spec.kubernetes.awsAuth
Properties
| Property | Type | Required |
|---|---|---|
| additionalAccounts | array | Optional |
| roles | array | Optional |
| users | array | Optional |
Description
Optional additional security configuration for EKS IAM via the aws-auth configmap.
Ref: https://docs.aws.amazon.com/eks/latest/userguide/auth-configmap.html
.spec.kubernetes.awsAuth.additionalAccounts
Description
This optional array defines additional AWS accounts that will be added to the aws-auth configmap.
.spec.kubernetes.awsAuth.roles
Properties
| Property | Type | Required |
|---|---|---|
| groups | array | Required |
| rolearn | string | Required |
| username | string | Required |
Description
This optional array defines additional IAM roles that will be added to the aws-auth configmap.
.spec.kubernetes.awsAuth.roles.groups
.spec.kubernetes.awsAuth.roles.rolearn
Constraints
pattern: the string must match the following regular expression:
^arn:(?P<Partition>[^:\n]*):(?P<Service>[^:\n]*):(?P<Region>[^:\n]*):(?P<AccountID>[^:\n]*):(?P<Ignore>(?P<ResourceType>[^:\/\n]*)[:\/])?(?P<Resource>.*)$
.spec.kubernetes.awsAuth.roles.username
.spec.kubernetes.awsAuth.users
Properties
| Property | Type | Required |
|---|---|---|
| groups | array | Required |
| userarn | string | Required |
| username | string | Required |
Description
This optional array defines additional IAM users that will be added to the aws-auth configmap.
.spec.kubernetes.awsAuth.users.groups
.spec.kubernetes.awsAuth.users.userarn
Constraints
pattern: the string must match the following regular expression:
^arn:(?P<Partition>[^:\n]*):(?P<Service>[^:\n]*):(?P<Region>[^:\n]*):(?P<AccountID>[^:\n]*):(?P<Ignore>(?P<ResourceType>[^:\/\n]*)[:\/])?(?P<Resource>.*)$
.spec.kubernetes.awsAuth.users.username
.spec.kubernetes.clusterIAMRoleNamePrefixOverride
Description
Overrides the default prefix for the IAM role name of the EKS cluster. If not set, a name will be generated from the cluster name.
Constraints
pattern: the string must match the following regular expression:
^[a-zA-Z0-9+=,.@_-]{1,38}$
.spec.kubernetes.logRetentionDays
Description
Optional Kubernetes Cluster log retention in CloudWatch, expressed in days. Setting the value to zero (0) makes retention last forever. Default is 90 days.
Constraints
enum: the value of this property must be equal to one of the following integer values:
| Value |
|---|
| 0 |
| 1 |
| 3 |
| 5 |
| 7 |
| 14 |
| 30 |
| 60 |
| 90 |
| 120 |
| 150 |
| 180 |
| 365 |
| 400 |
| 545 |
| 731 |
| 1096 |
| 1827 |
| 2192 |
| 2557 |
| 2922 |
| 3288 |
| 3653 |
.spec.kubernetes.logsTypes
Description
Optional list of Kubernetes Cluster log types to enable. Defaults to all types.
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"api" |
"audit" |
"authenticator" |
"controllerManager" |
"scheduler" |
.spec.kubernetes.nodeAllowedSshPublicKey
Description
The SSH public key that can connect to the nodes via SSH using the ec2-user user. Example: the contents of your ~/.ssh/id_ras.pub file.
.spec.kubernetes.nodePoolGlobalAmiType
Description
Global default AMI type used for EKS worker nodes. This will apply to all node pools unless overridden by a specific node pool.
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"alinux2" |
"alinux2023" |
.spec.kubernetes.nodePools
Properties
| Property | Type | Required |
|---|---|---|
| additionalFirewallRules | object | Optional |
| ami | object | Optional |
| attachedTargetGroups | array | Optional |
| containerRuntime | string | Optional |
| instance | object | Required |
| labels | object | Optional |
| name | string | Required |
| size | object | Required |
| subnetIds | array | Optional |
| tags | object | Optional |
| taints | array | Optional |
| type | string | Required |
Description
Array with all the node pool definitions that will join the cluster. Each item is an object.
.spec.kubernetes.nodePools.additionalFirewallRules
Properties
| Property | Type | Required |
|---|---|---|
| cidrBlocks | array | Optional |
| self | array | Optional |
| sourceSecurityGroupId | array | Optional |
Description
Optional additional firewall rules that will be attached to the nodes.
.spec.kubernetes.nodePools.additionalFirewallRules.cidrBlocks
Properties
| Property | Type | Required |
|---|---|---|
| cidrBlocks | array | Required |
| name | string | Required |
| ports | object | Required |
| protocol | string | Required |
| tags | object | Optional |
| type | string | Required |
Description
The CIDR blocks objects definition for the Firewall rule.
Constraints
minimum number of items: the minimum number of items for this array is: 1
.spec.kubernetes.nodePools.additionalFirewallRules.cidrBlocks.cidrBlocks
Constraints
minimum number of items: the minimum number of items for this array is: 1
pattern: the string must match the following regular expression:
^((25[0-5]|(2[0-4]|1\d|[1-9]|)\d)\.?\b){4}\/(3[0-2]|[1-2][0-9]|[0-9])$
.spec.kubernetes.nodePools.additionalFirewallRules.cidrBlocks.name
.spec.kubernetes.nodePools.additionalFirewallRules.cidrBlocks.ports
Properties
| Property | Type | Required |
|---|---|---|
| from | integer | Required |
| to | integer | Required |
Description
Port range for the Firewall Rule.
.spec.kubernetes.nodePools.additionalFirewallRules.cidrBlocks.ports.from
.spec.kubernetes.nodePools.additionalFirewallRules.cidrBlocks.ports.to
.spec.kubernetes.nodePools.additionalFirewallRules.cidrBlocks.protocol
Constraints
pattern: the string must match the following regular expression:
^(?i)(tcp|udp|icmp|icmpv6|-1)$
.spec.kubernetes.nodePools.additionalFirewallRules.cidrBlocks.tags
Description
Additional AWS tags for the Firewall rule.
.spec.kubernetes.nodePools.additionalFirewallRules.cidrBlocks.type
Description
The type of the Firewall rule, can be ingress for incoming traffic or egress for outgoing traffic.
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"ingress" |
"egress" |
.spec.kubernetes.nodePools.additionalFirewallRules.self
Properties
| Property | Type | Required |
|---|---|---|
| name | string | Required |
| ports | object | Required |
| protocol | string | Required |
| self | boolean | Required |
| tags | object | Optional |
| type | string | Required |
Description
The self objects definition for the Firewall rule.
Constraints
minimum number of items: the minimum number of items for this array is: 1
.spec.kubernetes.nodePools.additionalFirewallRules.self.name
Description
The name of the Firewall rule.
.spec.kubernetes.nodePools.additionalFirewallRules.self.ports
Properties
| Property | Type | Required |
|---|---|---|
| from | integer | Required |
| to | integer | Required |
Description
Port range for the Firewall Rule.
.spec.kubernetes.nodePools.additionalFirewallRules.self.ports.from
.spec.kubernetes.nodePools.additionalFirewallRules.self.ports.to
.spec.kubernetes.nodePools.additionalFirewallRules.self.protocol
Description
The protocol of the Firewall rule.
Constraints
pattern: the string must match the following regular expression:
^(?i)(tcp|udp|icmp|icmpv6|-1)$
.spec.kubernetes.nodePools.additionalFirewallRules.self.self
Description
If true, the source will be the security group itself.
.spec.kubernetes.nodePools.additionalFirewallRules.self.tags
Description
Additional AWS tags for the Firewall rule.
.spec.kubernetes.nodePools.additionalFirewallRules.self.type
Description
The type of the Firewall rule, can be ingress for incoming traffic or egress for outgoing traffic.
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"ingress" |
"egress" |
.spec.kubernetes.nodePools.additionalFirewallRules.sourceSecurityGroupId
Properties
| Property | Type | Required |
|---|---|---|
| name | string | Required |
| ports | object | Required |
| protocol | string | Required |
| sourceSecurityGroupId | string | Required |
| tags | object | Optional |
| type | string | Required |
Description
The Source Security Group ID objects definition for the Firewall rule.
Constraints
minimum number of items: the minimum number of items for this array is: 1
.spec.kubernetes.nodePools.additionalFirewallRules.sourceSecurityGroupId.name
Description
The name for the additional Firewall rule Security Group.
.spec.kubernetes.nodePools.additionalFirewallRules.sourceSecurityGroupId.ports
Properties
| Property | Type | Required |
|---|---|---|
| from | integer | Required |
| to | integer | Required |
Description
Port range for the Firewall Rule.
.spec.kubernetes.nodePools.additionalFirewallRules.sourceSecurityGroupId.ports.from
.spec.kubernetes.nodePools.additionalFirewallRules.sourceSecurityGroupId.ports.to
.spec.kubernetes.nodePools.additionalFirewallRules.sourceSecurityGroupId.protocol
Description
The protocol of the Firewall rule.
Constraints
pattern: the string must match the following regular expression:
^(?i)(tcp|udp|icmp|icmpv6|-1)$
.spec.kubernetes.nodePools.additionalFirewallRules.sourceSecurityGroupId.sourceSecurityGroupId
Description
The source security group ID.
.spec.kubernetes.nodePools.additionalFirewallRules.sourceSecurityGroupId.tags
Description
Additional AWS tags for the Firewall rule.
.spec.kubernetes.nodePools.additionalFirewallRules.sourceSecurityGroupId.type
Description
The type of the Firewall rule, can be ingress for incoming traffic or egress for outgoing traffic.
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"ingress" |
"egress" |
.spec.kubernetes.nodePools.ami
Properties
| Property | Type | Required |
|---|---|---|
| id | string | Optional |
| owner | string | Optional |
| type | string | Optional |
Description
Configuration for customize the Amazon Machine Image (AMI) for the machines of the Node Pool.
The AMI can be chosen either by specifing the ami.id and ami.owner fields for using a custom AMI (just with self-managed node pool type) or by setting the ami.type field to one of the official AMIs based on Amazon Linux.
.spec.kubernetes.nodePools.ami.id
Description
The ID of the AMI to use for the nodes, must be set toghether with the owner field. ami.id and ami.owner can be only set when Node Pool type is self-managed and they can't be set at the same time than ami.type.
.spec.kubernetes.nodePools.ami.owner
Description
The owner of the AMI to use for the nodes, must be set toghether with the id field. ami.id and ami.owner can be only set when Node Pool type is self-managed and they can't be set at the same time than ami.type.
.spec.kubernetes.nodePools.ami.type
Description
The AMI type defines the AMI to use for eks-managed and self-managed type of Node Pools. Only Amazon Linux based AMIs are supported. It can't be set at the same time than ami.id and ami.owner.
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"alinux2" |
"alinux2023" |
.spec.kubernetes.nodePools.attachedTargetGroups
Description
This optional array defines additional target groups to attach to the instances in the node pool.
Constraints
pattern: the string must match the following regular expression:
^arn:(?P<Partition>[^:\n]*):(?P<Service>[^:\n]*):(?P<Region>[^:\n]*):(?P<AccountID>[^:\n]*):(?P<Ignore>(?P<ResourceType>[^:\/\n]*)[:\/])?(?P<Resource>.*)$
.spec.kubernetes.nodePools.containerRuntime
Description
The container runtime to use in the nodes of the node pool. Default is containerd.
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"docker" |
"containerd" |
.spec.kubernetes.nodePools.instance
Properties
| Property | Type | Required |
|---|---|---|
| maxPods | integer | Optional |
| spot | boolean | Optional |
| type | string | Required |
| volumeSize | integer | Optional |
| volumeType | string | Optional |
Description
Configuration for the instances that will be used in the node pool.
.spec.kubernetes.nodePools.instance.maxPods
Description
Set the maximum pods per node to a custom value. If not set will use EKS default value that depends on the instance type.
Ref: https://github.com/awslabs/amazon-eks-ami/blob/main/templates/shared/runtime/eni-max-pods.txt
.spec.kubernetes.nodePools.instance.spot
Description
If true, the nodes will be created as spot instances. Default is false.
.spec.kubernetes.nodePools.instance.type
Description
The instance type to use for the nodes.
.spec.kubernetes.nodePools.instance.volumeSize
Description
The size of the disk in GB.
.spec.kubernetes.nodePools.instance.volumeType
Description
Volume type for the instance disk. Default is gp2.
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"gp2" |
"gp3" |
"io1" |
"standard" |
.spec.kubernetes.nodePools.labels
Description
Kubernetes labels that will be added to the nodes.
.spec.kubernetes.nodePools.name
Description
The name of the node pool.
.spec.kubernetes.nodePools.size
Properties
| Property | Type | Required |
|---|---|---|
| max | integer | Required |
| min | integer | Required |
.spec.kubernetes.nodePools.size.max
Description
The maximum number of nodes in the node pool.
.spec.kubernetes.nodePools.size.min
Description
The minimum number of nodes in the node pool.
.spec.kubernetes.nodePools.subnetIds
Description
Optional list of subnet IDs where to create the nodes.
Constraints
pattern: the string must match the following regular expression:
^subnet\-[0-9a-f]{17}$
.spec.kubernetes.nodePools.tags
Description
AWS tags that will be added to the ASG and EC2 instances.
.spec.kubernetes.nodePools.taints
Constraints
pattern: the string must match the following regular expression:
^([a-zA-Z0-9\-\.\/]+)=([^-][\w-]+):(NoSchedule|PreferNoSchedule|NoExecute)$
.spec.kubernetes.nodePools.type
Description
The type of Node Pool, can be self-managed for using customization like custom AMI, set max pods per node or eks-managed for using prebuilt AMIs from Amazon via the ami.type field. It is recommended to use self-managed.
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"eks-managed" |
"self-managed" |
.spec.kubernetes.nodePoolsLaunchKind
Description
Accepted values are launch_configurations, launch_templates or both. For new clusters use launch_templates, for adopting an existing cluster you'll need to migrate from launch_configurations to launch_templates using both as interim.
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"launch_configurations" |
"launch_templates" |
"both" |
.spec.kubernetes.serviceIpV4Cidr
Description
This value defines the network CIDR that will be used to assign IP addresses to Kubernetes services.
Constraints
pattern: the string must match the following regular expression:
^((25[0-5]|(2[0-4]|1\d|[1-9]|)\d)\.?\b){4}\/(3[0-2]|[1-2][0-9]|[0-9])$
.spec.kubernetes.subnetIds
Description
Required only if .spec.infrastructure.vpc is omitted. This value defines the ID of the subnet where the EKS cluster will be created.
Constraints
pattern: the string must match the following regular expression:
^subnet\-[0-9a-f]{17}$
.spec.kubernetes.vpcId
Description
Required only if .spec.infrastructure.vpc is omitted. This value defines the ID of the VPC where the EKS cluster and its related resources will be created.
Constraints
pattern: the string must match the following regular expression:
^vpc\-([0-9a-f]{8}|[0-9a-f]{17})$
.spec.kubernetes.workersIAMRoleNamePrefixOverride
Description
Overrides the default prefix for the IAM role name of the EKS workers. If not set, a name will be generated from the cluster name.
Constraints
pattern: the string must match the following regular expression:
^[a-zA-Z0-9+=,.@_-]{1,38}$
.spec.plugins
Properties
| Property | Type | Required |
|---|---|---|
| helm | object | Optional |
| kustomize | array | Optional |
.spec.plugins.helm
Properties
| Property | Type | Required |
|---|---|---|
| releases | array | Optional |
| repositories | array | Optional |
.spec.plugins.helm.releases
Properties
| Property | Type | Required |
|---|---|---|
| chart | string | Required |
| disableValidationOnInstall | boolean | Optional |
| name | string | Required |
| namespace | string | Required |
| set | array | Optional |
| values | array | Optional |
| version | string | Optional |
.spec.plugins.helm.releases.chart
Description
The chart of the release
.spec.plugins.helm.releases.disableValidationOnInstall
Description
Disable running helm diff validation when installing the plugin, it will still be done when upgrading.
.spec.plugins.helm.releases.name
Description
The name of the release
.spec.plugins.helm.releases.namespace
Description
The namespace of the release
.spec.plugins.helm.releases.set
Properties
| Property | Type | Required |
|---|---|---|
| name | string | Required |
| value | string | Required |
.spec.plugins.helm.releases.set.name
Description
The name of the set
.spec.plugins.helm.releases.set.value
Description
The value of the set
.spec.plugins.helm.releases.values
Description
The values of the release
.spec.plugins.helm.releases.version
Description
The version of the release
.spec.plugins.helm.repositories
Properties
| Property | Type | Required |
|---|---|---|
| name | string | Required |
| url | string | Required |
.spec.plugins.helm.repositories.name
Description
The name of the repository
.spec.plugins.helm.repositories.url
Description
The url of the repository
.spec.plugins.kustomize
Properties
| Property | Type | Required |
|---|---|---|
| folder | string | Required |
| name | string | Required |
.spec.plugins.kustomize.folder
Description
The folder of the kustomize plugin
.spec.plugins.kustomize.name
Description
The name of the kustomize plugin
.spec.region
Description
Defines in which AWS region the cluster and all the related resources will be created.
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"af-south-1" |
"ap-east-1" |
"ap-northeast-1" |
"ap-northeast-2" |
"ap-northeast-3" |
"ap-south-1" |
"ap-south-2" |
"ap-southeast-1" |
"ap-southeast-2" |
"ap-southeast-3" |
"ap-southeast-4" |
"ca-central-1" |
"eu-central-1" |
"eu-central-2" |
"eu-north-1" |
"eu-south-1" |
"eu-south-2" |
"eu-west-1" |
"eu-west-2" |
"eu-west-3" |
"me-central-1" |
"me-south-1" |
"sa-east-1" |
"us-east-1" |
"us-east-2" |
"us-gov-east-1" |
"us-gov-west-1" |
"us-west-1" |
"us-west-2" |
.spec.tags
Description
This map defines which will be the common tags that will be added to all the resources created on AWS.
.spec.toolsConfiguration
Properties
| Property | Type | Required |
|---|---|---|
| terraform | object | Required |
Description
Configuration for tools used by furyctl, like Terraform.
.spec.toolsConfiguration.terraform
Properties
| Property | Type | Required |
|---|---|---|
| state | object | Required |
.spec.toolsConfiguration.terraform.state
Properties
| Property | Type | Required |
|---|---|---|
| s3 | object | Required |
Description
Configuration for storing the Terraform state of the cluster.
.spec.toolsConfiguration.terraform.state.s3
Properties
| Property | Type | Required |
|---|---|---|
| bucketName | string | Required |
| keyPrefix | string | Required |
| region | string | Required |
| skipRegionValidation | boolean | Optional |
Description
Configuration for the S3 bucket used to store the Terraform state.
.spec.toolsConfiguration.terraform.state.s3.bucketName
Description
This value defines which bucket will be used to store all the states.
.spec.toolsConfiguration.terraform.state.s3.keyPrefix
Description
This value defines which folder will be used to store all the states inside the bucket.
Constraints
maximum length: the maximum number of characters for this string is: 960
pattern: the string must match the following regular expression:
^[A-z0-9][A-z0-9!-_.*'()]+$
.spec.toolsConfiguration.terraform.state.s3.region
Description
This value defines in which region the bucket is located.
Constraints
enum: the value of this property must be equal to one of the following string values:
| Value |
|---|
"af-south-1" |
"ap-east-1" |
"ap-northeast-1" |
"ap-northeast-2" |
"ap-northeast-3" |
"ap-south-1" |
"ap-south-2" |
"ap-southeast-1" |
"ap-southeast-2" |
"ap-southeast-3" |
"ap-southeast-4" |
"ca-central-1" |
"eu-central-1" |
"eu-central-2" |
"eu-north-1" |
"eu-south-1" |
"eu-south-2" |
"eu-west-1" |
"eu-west-2" |
"eu-west-3" |
"me-central-1" |
"me-south-1" |
"sa-east-1" |
"us-east-1" |
"us-east-2" |
"us-gov-east-1" |
"us-gov-west-1" |
"us-west-1" |
"us-west-2" |
.spec.toolsConfiguration.terraform.state.s3.skipRegionValidation
Description
This value defines if the region of the bucket should be validated or not by Terraform, useful when using a bucket in a recently added region.