The Seed CustomResourceDefinition replaces the legacy datacenters.yaml with
a more flexible, dynamic way of managing seed clusters. Seeds can be added and removed at runtime by simply
managing Seed resources inside the master cluster.
Note: This feature is experimental and not enabled by default.
The following is an example Seed, showing all possible options.
apiVersion: kubermatic.k8s.io/v1
kind: Seed
metadata:
name: <<exampleseed>>
namespace: kubermatic
spec:
# Optional: Country of the seed as ISO-3166 two-letter code, e.g. DE or UK.
# For informational purposes in the Kubermatic Kubernetes Platform (KKP) dashboard only.
country: ""
# Datacenters contains a map of the possible datacenters (DCs) in this seed.
# Each DC must have a globally unique identifier (i.e. names must be unique
# across all seeds).
datacenters:
<<exampledc>>:
# Optional: Country of the seed as ISO-3166 two-letter code, e.g. DE or UK.
# For informational purposes in the KKP dashboard only.
country: ""
# Optional: Detailed location of the cluster, like "Hamburg" or "Datacenter 7".
# For informational purposes in the KKP dashboard only.
location: ""
# Node holds node-specific settings, like e.g. HTTP proxy, Docker
# registries and the like. Proxy settings are inherited from the seed if
# not specified here.
node:
# Optional: If set, this proxy will be configured for both HTTP and HTTPS.
http_proxy: ""
# Optional: The hyperkube image to use. Currently only Container Linux
# makes use of this option.
hyperkube_image: ""
# Optional: These image registries will be configured as insecure
# on the container runtime.
insecure_registries: []
# Optional: If set this will be set as NO_PROXY environment variable on the node;
# The value must be a comma-separated list of domains for which no proxy
# should be used, e.g. "*.example.com,internal.dev".
# Note that the in-cluster apiserver URL will be automatically prepended
# to this value.
no_proxy: ""
# Optional: Translates to --pod-infra-container-image on the kubelet.
# If not set, the kubelet will default it.
pause_image: ""
# Spec describes the cloud provider settings used to manage resources
# in this datacenter. Exactly one cloud provider must be defined.
spec:
alibaba:
# Region to use, for a full list of regions see
# https://www.alibabacloud.com/help/doc-detail/40654.htm
region: ""
aws:
# List of AMIs to use for a given operating system.
# This gets defaulted by querying for the latest AMI for the given distribution
# when machines are created, so under normal circumstances it is not necessary
# to define the AMIs statically.
images:
centos: ""
coreos: ""
rhel: ""
sles: ""
ubuntu: ""
# The AWS region to use, e.g. "us-east-1". For a list of available regions, see
# https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html
region: ""
azure:
# Region to use, for example "westeurope". A list of available regions can be
# found at https://azure.microsoft.com/en-us/global-infrastructure/locations/
location: ""
# BringYourOwn contains settings for clusters using manually created
# nodes via kubeadm.
bringyourown: {}
digitalocean:
# Datacenter location, e.g. "ams3". A list of existing datacenters can be found
# at https://www.digitalocean.com/docs/platform/availability-matrix/
region: ""
# EnforceAuditLogging enforces audit logging on every cluster within the DC,
# ignoring cluster-specific settings.
enforceAuditLogging: false
gcp:
# Region to use, for example "europe-west3", for a full list of regions see
# https://cloud.google.com/compute/docs/regions-zones/
region: ""
# Optional: Regional clusters spread their resources across multiple availability zones.
# Refer to the official documentation for more details on this:
# https://cloud.google.com/kubernetes-engine/docs/concepts/regional-clusters
regional: false
# List of enabled zones, for example [a, c]. See the link above for the available
# zones in your chosen region.
zone_suffixes: []
hetzner:
# Datacenter location, e.g. "nbg1-dc3". A list of existing datacenters can be found
# at https://wiki.hetzner.de/index.php/Rechenzentren_und_Anbindung/en
datacenter: ""
# Optional: Detailed location of the datacenter, like "Hamburg" or "Datacenter 7".
# For informational purposes only.
location: ""
kubevirt: {}
openstack:
auth_url: ""
availability_zone: ""
# Used for automatic network creation
dns_servers: []
# Optional
enforce_floating_ip: false
# Optional
ignore_volume_az: false
# Images to use for each supported operating system.
images:
centos: ""
coreos: ""
rhel: ""
sles: ""
ubuntu: ""
# Optional: Gets mapped to the "manage-security-groups" setting in the cloud config.
# See https://kubernetes.io/docs/concepts/cluster-administration/cloud-providers/#load-balancer
# This setting defaults to true.
manage_security_groups: true
node_size_requirements:
# MinimumMemory is the minimum required amount of memory, measured in MB
minimum_memory: 0
# VCPUs is the minimum required amount of (virtual) CPUs
minimum_vcpus: 0
region: ""
# Optional: Gets mapped to the "trust-device-path" setting in the cloud config.
# See https://kubernetes.io/docs/concepts/cluster-administration/cloud-providers/#block-storage
# This setting defaults to false.
trust_device_path: false
packet:
# The list of enabled facilities, for example "ams1", for a full list of available
# facilities see https://support.packet.com/kb/articles/data-centers
facilities: []
# Optional: When defined, only users with an e-mail address on the
# given domains can make use of this datacenter. You can define multiple
# domains, e.g. "example.com", one of which must match the email domain
# exactly (i.e. "example.com" will not match "user@test.example.com").
# RequiredEmailDomain is deprecated. Automatically migrated to the RequiredEmailDomains field.
requiredEmailDomain: ""
requiredEmailDomains: null
vsphere:
# If set to true, disables the TLS certificate check against the endpoint.
allow_insecure: false
# The name of the Kubernetes cluster to use.
cluster: ""
# The name of the datacenter to use.
datacenter: ""
# The name of the datastore to use.
datastore: ""
# Endpoint URL to use, including protocol, for example "https://vcenter.example.com".
endpoint: ""
# Optional: Infra management user is the user that will be used for everything
# except the cloud provider functionality, which will still use the credentials
# passed in via the KKP dashboard/API.
infra_management_user:
password: ""
username: ""
# Optional: The root path for cluster specific VM folders. Each cluster gets its own
# folder below the root folder. Must be the FQDN (for example
# "/datacenter-1/vm/all-kubermatic-vms-in-here") and defaults to the root VM
# folder: "/datacenter-1/vm"
root_path: ""
# A list of templates to use for a given operating system. You must define at
# least one template.
templates:
centos: ""
coreos: ""
rhel: ""
sles: ""
ubuntu: ""
# Optional: ExposeStrategy explicitly sets the expose strategy for this seed cluster, if not set, the default provided by the master is used.
expose_strategy: ""
# A reference to the Kubeconfig of this cluster. The Kubeconfig must
# have cluster-admin privileges. This field is mandatory for every
# seed, even if there are no datacenters defined yet.
kubeconfig:
# API version of the referent.
apiVersion: ""
# If referring to a piece of an object instead of an entire object, this string
# should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
# For example, if the object reference is to a container within a pod, this would take on a value like:
# "spec.containers{name}" (where "name" refers to the name of the container that triggered
# the event) or if no container name is specified "spec.containers[2]" (container with
# index 2 in this pod). This syntax is chosen only to have some well-defined way of
# referencing a part of an object.
fieldPath: ""
# Kind of the referent.
# More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: ""
# Name of the referent.
# More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
name: ""
# Namespace of the referent.
# More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
namespace: ""
# Specific resourceVersion to which this reference is made, if any.
# More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
resourceVersion: ""
# UID of the referent.
# More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
uid: ""
# Optional: Detailed location of the cluster, like "Hamburg" or "Datacenter 7".
# For informational purposes in the KKP dashboard only.
location: ""
# NodeportProxy can be used to configure the NodePort proxy service that is
# responsible for making user-cluster control planes accessible from the outside.
nodeport_proxy:
# Annotations are used to further tweak the LoadBalancer integration with the
# cloud provider where the seed cluster is running.
annotations:
service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "3600"
service.beta.kubernetes.io/aws-load-balancer-type: nlb
# Disable will prevent the KKP Operator from creating a nodeport-proxy
# setup on the seed cluster. This should only be used if a suitable replacement
# is installed (like the nodeport-proxy Helm chart).
disable: false
# Envoy configures the Envoy application itself.
envoy:
# DockerRepository is the repository containing the component's image.
docker_repository: docker.io/envoyproxy/envoy-alpine
# Resources describes the requested and maximum allowed CPU/memory usage.
resources:
# Limits describes the maximum amount of compute resources allowed.
# More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
limits:
cpu: 200m
memory: 64Mi
# Requests describes the minimum amount of compute resources required.
# If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
# otherwise to an implementation-defined value.
# More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
requests:
cpu: 50m
memory: 32Mi
# EnvoyManager configures the KKP-internal Envoy manager.
envoy_manager:
# DockerRepository is the repository containing the component's image.
docker_repository: quay.io/kubermatic/nodeport-proxy
# Resources describes the requested and maximum allowed CPU/memory usage.
resources:
# Limits describes the maximum amount of compute resources allowed.
# More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
limits:
cpu: 150m
memory: 48Mi
# Requests describes the minimum amount of compute resources required.
# If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
# otherwise to an implementation-defined value.
# More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
requests:
cpu: 50m
memory: 32Mi
# Updater configures the component responsible for updating the LoadBalancer
# service.
updater:
# DockerRepository is the repository containing the component's image.
docker_repository: quay.io/kubermatic/nodeport-proxy
# Resources describes the requested and maximum allowed CPU/memory usage.
resources:
# Limits describes the maximum amount of compute resources allowed.
# More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
limits:
cpu: 150m
memory: 32Mi
# Requests describes the minimum amount of compute resources required.
# If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
# otherwise to an implementation-defined value.
# More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
requests:
cpu: 50m
memory: 32Mi
# Optional: ProxySettings can be used to configure HTTP proxy settings on the
# worker nodes in user clusters. However, proxy settings on nodes take precedence.
proxy_settings:
# Optional: If set, this proxy will be configured for both HTTP and HTTPS.
http_proxy: ""
# Optional: If set this will be set as NO_PROXY environment variable on the node;
# The value must be a comma-separated list of domains for which no proxy
# should be used, e.g. "*.example.com,internal.dev".
# Note that the in-cluster apiserver URL will be automatically prepended
# to this value.
no_proxy: ""
# Optional: This can be used to override the DNS name used for this seed.
# By default the seed name is used.
seed_dns_overwrite: ""