Overview
The Seed CustomResourceDefinition replaces the legacy datacenters with
a more flexible, dynamic way of managing seed clusters. Seeds can be added and removed at runtime by simply
managing Seed resources inside the master cluster.
Example Seed
The following is an example Seed, showing all possible options.
apiVersion: kubermatic.k8s.io/v1
kind: Seed
metadata:
name: <<exampleseed>>
namespace: kubermatic
spec:
# BackupRestore when set, enables backup and restore controllers with given configuration.
backupRestore: null
# Optional: Country of the seed as ISO-3166 two-letter code, e.g. DE or UK.
# For informational purposes in the Kubermatic dashboard only.
country: ""
# Datacenters contains a map of the possible datacenters (DCs) in this seed.
# Each DC must have a globally unique identifier (i.e. names must be unique
# across all seeds).
datacenters:
<<exampledc>>:
# Optional: Country of the seed as ISO-3166 two-letter code, e.g. DE or UK.
# For informational purposes in the Kubermatic dashboard only.
country: ""
# Optional: Detailed location of the cluster, like "Hamburg" or "Datacenter 7".
# For informational purposes in the Kubermatic dashboard only.
location: ""
# Node holds node-specific settings, like e.g. HTTP proxy, Docker
# registries and the like. Proxy settings are inherited from the seed if
# not specified here.
node:
# Optional: If set, this proxy will be configured for both HTTP and HTTPS.
http_proxy: ""
# Optional: The hyperkube image to use. Currently only Flatcar
# makes use of this option.
hyperkube_image: ""
# Optional: These image registries will be configured as insecure
# on the container runtime.
insecure_registries: []
# Optional: If set this will be set as NO_PROXY environment variable on the node;
# The value must be a comma-separated list of domains for which no proxy
# should be used, e.g. "*.example.com,internal.dev".
# Note that the in-cluster apiserver URL will be automatically prepended
# to this value.
no_proxy: ""
# Optional: Translates to --pod-infra-container-image on the kubelet.
# If not set, the kubelet will default it.
pause_image: ""
# Optional: These image registries will be configured as registry mirrors
# on the container runtime.
registry_mirrors: []
# Spec describes the cloud provider settings used to manage resources
# in this datacenter. Exactly one cloud provider must be defined.
spec:
alibaba:
# Region to use, for a full list of regions see
# https://www.alibabacloud.com/help/doc-detail/40654.htm
region: ""
anexia: null
aws:
# List of AMIs to use for a given operating system.
# This gets defaulted by querying for the latest AMI for the given distribution
# when machines are created, so under normal circumstances it is not necessary
# to define the AMIs statically.
images:
centos: ""
flatcar: ""
rhel: ""
sles: ""
ubuntu: ""
# The AWS region to use, e.g. "us-east-1". For a list of available regions, see
# https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html
region: ""
azure:
# Region to use, for example "westeurope". A list of available regions can be
# found at https://azure.microsoft.com/en-us/global-infrastructure/locations/
location: ""
# BringYourOwn contains settings for clusters using manually created
# nodes via kubeadm.
bringyourown: {}
digitalocean:
# Datacenter location, e.g. "ams3". A list of existing datacenters can be found
# at https://www.digitalocean.com/docs/platform/availability-matrix/
region: ""
# EnforceAuditLogging enforces audit logging on every cluster within the DC,
# ignoring cluster-specific settings.
enforceAuditLogging: false
# EnforcePodSecurityPolicy enforces pod security policy plugin on every clusters within the DC,
# ignoring cluster-specific settings
enforcePodSecurityPolicy: false
gcp:
# Region to use, for example "europe-west3", for a full list of regions see
# https://cloud.google.com/compute/docs/regions-zones/
region: ""
# Optional: Regional clusters spread their resources across multiple availability zones.
# Refer to the official documentation for more details on this:
# https://cloud.google.com/kubernetes-engine/docs/concepts/regional-clusters
regional: false
# List of enabled zones, for example [a, c]. See the link above for the available
# zones in your chosen region.
zone_suffixes: []
hetzner:
# Datacenter location, e.g. "nbg1-dc3". A list of existing datacenters can be found
# at https://wiki.hetzner.de/index.php/Rechenzentren_und_Anbindung/en
datacenter: ""
# Optional: Detailed location of the datacenter, like "Hamburg" or "Datacenter 7".
# For informational purposes only.
location: ""
# Network is the pre-existing Hetzner network in which the machines are running.
# While machines can be in multiple networks, a single one must be chosen for the
# HCloud CCM to work.
network: ""
kubevirt:
# DNSConfig represents the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS
# configuration based on DNSPolicy.
dns_config:
# A list of DNS name server IP addresses.
# This will be appended to the base nameservers generated from DNSPolicy.
# Duplicated nameservers will be removed.
nameservers: null
# A list of DNS resolver options.
# This will be merged with the base options generated from DNSPolicy.
# Duplicated entries will be removed. Resolution options given in Options
# will override those that appear in the base DNSPolicy.
options: null
# A list of DNS search domains for host-name lookup.
# This will be appended to the base search paths generated from DNSPolicy.
# Duplicated search paths will be removed.
searches: null
# DNSPolicy represents the dns policy for the pod. Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst',
# 'Default' or 'None'. Defaults to "ClusterFirst". DNS parameters given in DNSConfig will be merged with the
# policy selected with DNSPolicy.
dns_policy: ""
openstack:
auth_url: ""
availability_zone: ""
# Used for automatic network creation
dns_servers: []
# Optional: List of enabled flavors for the given datacenter
enabled_flavors: []
# Optional
enforce_floating_ip: false
# Optional
ignore_volume_az: false
# Images to use for each supported operating system.
images:
centos: ""
flatcar: ""
rhel: ""
sles: ""
ubuntu: ""
# Optional: Gets mapped to the "manage-security-groups" setting in the cloud config.
# See https://kubernetes.io/docs/concepts/cluster-administration/cloud-providers/#load-balancer
# This setting defaults to true.
manage_security_groups: true
node_size_requirements:
# MinimumMemory is the minimum required amount of memory, measured in MB
minimum_memory: 0
# VCPUs is the minimum required amount of (virtual) CPUs
minimum_vcpus: 0
region: ""
# Optional: Gets mapped to the "trust-device-path" setting in the cloud config.
# See https://kubernetes.io/docs/concepts/cluster-administration/cloud-providers/#block-storage
# This setting defaults to false.
trust_device_path: false
# Optional: Gets mapped to the "use-octavia" setting in the cloud config.
# use-octavia is enabled by default in CCM since v1.17.0, and disabled by
# default with the in-tree cloud provider.
use_octavia: true
packet:
# The list of enabled facilities, for example "ams1", for a full list of available
# facilities see https://support.packet.com/kb/articles/data-centers
facilities: []
# Optional: When defined, only users with an e-mail address on the
# given domains can make use of this datacenter. You can define multiple
# domains, e.g. "example.com", one of which must match the email domain
# exactly (i.e. "example.com" will not match "user@test.example.com").
# RequiredEmailDomain is deprecated. Automatically migrated to the RequiredEmailDomains field.
requiredEmailDomain: ""
requiredEmailDomains: null
vsphere:
# If set to true, disables the TLS certificate check against the endpoint.
allow_insecure: false
# Optional: The name of the vSphere cluster to use.
# Cluster is deprecated and may be removed in future releases as it is
# currently ignored.
# The cluster hosting the VMs will be the same VM used as a template is
# located.
cluster: ""
# The name of the datacenter to use.
datacenter: ""
# The default Datastore to be used for provisioning volumes using storage
# classes/dynamic provisioning and for storing virtual machine files in
# case no `Datastore` or `DatastoreCluster` is provided at Cluster level.
datastore: ""
# Endpoint URL to use, including protocol, for example "https://vcenter.example.com".
endpoint: ""
# Optional: Infra management user is the user that will be used for everything
# except the cloud provider functionality, which will still use the credentials
# passed in via the Kubermatic dashboard/API.
infra_management_user:
password: ""
username: ""
# Optional: The root path for cluster specific VM folders. Each cluster gets its own
# folder below the root folder. Must be the FQDN (for example
# "/datacenter-1/vm/all-kubermatic-vms-in-here") and defaults to the root VM
# folder: "/datacenter-1/vm"
root_path: ""
# The name of the storage policy to use for the storage class created in the user cluster.
storage_policy: ""
# A list of VM templates to use for a given operating system. You must
# define at least one template.
# See: https://github.com/kubermatic/machine-controller/blob/master/docs/vsphere.md#template-vms-preparation
templates:
centos: ""
flatcar: ""
rhel: ""
sles: ""
ubuntu: ""
# DefaultComponentSettings are default values to set for newly created clusters.
defaultComponentSettings:
apiserver:
endpointReconcilingDisabled: null
nodePortRange: ""
replicas: null
resources: null
tolerations: null
controllerManager:
leaderElection:
# LeaseDurationSeconds is the duration in seconds that non-leader candidates
# will wait to force acquire leadership. This is measured against time of
# last observed ack.
leaseDurationSeconds: null
# RenewDeadlineSeconds is the duration in seconds that the acting controlplane
# will retry refreshing leadership before giving up.
renewDeadlineSeconds: null
# RetryPeriodSeconds is the duration in seconds the LeaderElector clients
# should wait between tries of actions.
retryPeriodSeconds: null
replicas: null
resources: null
tolerations: null
etcd:
clusterSize: null
diskSize: null
resources: null
storageClass: ""
tolerations: null
prometheus:
resources: null
scheduler:
leaderElection:
# LeaseDurationSeconds is the duration in seconds that non-leader candidates
# will wait to force acquire leadership. This is measured against time of
# last observed ack.
leaseDurationSeconds: null
# RenewDeadlineSeconds is the duration in seconds that the acting controlplane
# will retry refreshing leadership before giving up.
renewDeadlineSeconds: null
# RetryPeriodSeconds is the duration in seconds the LeaderElector clients
# should wait between tries of actions.
retryPeriodSeconds: null
replicas: null
resources: null
tolerations: null
# Optional: ExposeStrategy explicitly sets the expose strategy for this seed cluster, if not set, the default provided by the master is used.
expose_strategy: ""
# A reference to the Kubeconfig of this cluster. The Kubeconfig must
# have cluster-admin privileges. This field is mandatory for every
# seed, even if there are no datacenters defined yet.
kubeconfig:
# API version of the referent.
apiVersion: ""
# If referring to a piece of an object instead of an entire object, this string
# should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
# For example, if the object reference is to a container within a pod, this would take on a value like:
# "spec.containers{name}" (where "name" refers to the name of the container that triggered
# the event) or if no container name is specified "spec.containers[2]" (container with
# index 2 in this pod). This syntax is chosen only to have some well-defined way of
# referencing a part of an object.
fieldPath: ""
# Kind of the referent.
# More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
kind: ""
# Name of the referent.
# More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
name: ""
# Namespace of the referent.
# More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
namespace: ""
# Specific resourceVersion to which this reference is made, if any.
# More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
resourceVersion: ""
# UID of the referent.
# More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
uid: ""
# Optional: Detailed location of the cluster, like "Hamburg" or "Datacenter 7".
# For informational purposes in the Kubermatic dashboard only.
location: ""
# Metering configures the metering tool on user clusters across the seed.
metering:
enabled: false
# StorageClassName is the name of the storage class that the metering tool uses to save processed files before
# exporting it to s3 bucket. Default value is kubermatic-fast.
storageClassName: kubermatic-fast
# StorageSize is the size of the storage class. Default value is 100Gi.
storageSize: 100Gi
# Optional: MLA allows configuring seed level MLA (Monitoring, Logging & Alerting) stack settings.
mla: null
# NodeportProxy can be used to configure the NodePort proxy service that is
# responsible for making user-cluster control planes accessible from the outside.
nodeport_proxy:
# Annotations are used to further tweak the LoadBalancer integration with the
# cloud provider where the seed cluster is running.
annotations:
service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "3600"
service.beta.kubernetes.io/aws-load-balancer-type: nlb
# Disable will prevent the Kubermatic Operator from creating a nodeport-proxy
# setup on the seed cluster. This should only be used if a suitable replacement
# is installed (like the nodeport-proxy Helm chart).
disable: false
# Envoy configures the Envoy application itself.
envoy:
# DockerRepository is the repository containing the component's image.
docker_repository: docker.io/envoyproxy/envoy-alpine
# Resources describes the requested and maximum allowed CPU/memory usage.
resources:
# Limits describes the maximum amount of compute resources allowed.
# More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
limits:
cpu: 200m
memory: 64Mi
# Requests describes the minimum amount of compute resources required.
# If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
# otherwise to an implementation-defined value.
# More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
requests:
cpu: 50m
memory: 32Mi
# EnvoyManager configures the Kubermatic-internal Envoy manager.
envoy_manager:
# DockerRepository is the repository containing the component's image.
docker_repository: quay.io/kubermatic/nodeport-proxy
# Resources describes the requested and maximum allowed CPU/memory usage.
resources:
# Limits describes the maximum amount of compute resources allowed.
# More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
limits:
cpu: 150m
memory: 48Mi
# Requests describes the minimum amount of compute resources required.
# If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
# otherwise to an implementation-defined value.
# More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
requests:
cpu: 50m
memory: 32Mi
# Updater configures the component responsible for updating the LoadBalancer
# service.
updater:
# DockerRepository is the repository containing the component's image.
docker_repository: quay.io/kubermatic/nodeport-proxy
# Resources describes the requested and maximum allowed CPU/memory usage.
resources:
# Limits describes the maximum amount of compute resources allowed.
# More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
limits:
cpu: 150m
memory: 32Mi
# Requests describes the minimum amount of compute resources required.
# If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
# otherwise to an implementation-defined value.
# More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
requests:
cpu: 50m
memory: 32Mi
# Optional: ProxySettings can be used to configure HTTP proxy settings on the
# worker nodes in user clusters. However, proxy settings on nodes take precedence.
proxy_settings:
# Optional: If set, this proxy will be configured for both HTTP and HTTPS.
http_proxy: ""
# Optional: If set this will be set as NO_PROXY environment variable on the node;
# The value must be a comma-separated list of domains for which no proxy
# should be used, e.g. "*.example.com,internal.dev".
# Note that the in-cluster apiserver URL will be automatically prepended
# to this value.
no_proxy: ""
# Optional: This can be used to override the DNS name used for this seed.
# By default the seed name is used.
seed_dns_overwrite: ""