Seed Clusters

Overview

The Seed CustomResourceDefinition replaces the legacy datacenters with a more flexible, dynamic way of managing seed clusters. Seeds can be added and removed at runtime by simply managing Seed resources inside the master cluster.

Example Seed

The following is an example Seed, showing all the possible options.

apiVersion: kubermatic.k8c.io/v1
kind: Seed
metadata:
  name: <<exampleseed>>
  namespace: kubermatic
# Spec describes the configuration of the Seed cluster.
spec:
  # Optional: AuditLogging empowers admins to centrally configure Kubernetes API audit logging for all user clusters in the seed (https://kubernetes.io/docs/tasks/debug-application-cluster/audit/ ).
  auditLogging: null
  # Optional: Country of the seed as ISO-3166 two-letter code, e.g. DE or UK.
  # For informational purposes in the Kubermatic dashboard only.
  country: ""
  # Datacenters contains a map of the possible datacenters (DCs) in this seed.
  # Each DC must have a globally unique identifier (i.e. names must be unique
  # across all seeds).
  datacenters:
    <<exampledc>>:
      # Optional: Country of the seed as ISO-3166 two-letter code, e.g. DE or UK.
      # For informational purposes in the Kubermatic dashboard only.
      country: ""
      # Optional: Detailed location of the cluster, like "Hamburg" or "Datacenter 7".
      # For informational purposes in the Kubermatic dashboard only.
      location: ""
      # Node holds node-specific settings, like e.g. HTTP proxy, Docker
      # registries and the like. Proxy settings are inherited from the seed if
      # not specified here.
      node:
        # Optional: ContainerdRegistryMirrors configure registry mirrors endpoints. Can be used multiple times to specify multiple mirrors.
        containerdRegistryMirrors:
          # A map of registries to use to render configs and mirrors for containerd registries
          registries:
            docker.io:
              # List of registry mirrors to use
              mirrors:
                - mirror.gcr.io
        # Optional: EnableNonRootDeviceOwnership enables the non-root device ownership feature in the container runtime.
        enableNonRootDeviceOwnership: false
        # Optional: If set, this proxy will be configured for both HTTP and HTTPS.
        httpProxy: ""
        # Optional: These image registries will be configured as insecure
        # on the container runtime.
        insecureRegistries: []
        # Optional: If set this will be set as NO_PROXY environment variable on the node;
        # The value must be a comma-separated list of domains for which no proxy
        # should be used, e.g. "*.example.com,internal.dev".
        # Note that the in-cluster apiserver URL will be automatically prepended
        # to this value.
        noProxy: ""
        # Optional: Translates to --pod-infra-container-image on the kubelet.
        # If not set, the kubelet will default it.
        pauseImage: ""
        # Optional: These image registries will be configured as registry mirrors
        # on the container runtime.
        registryMirrors: []
      # Spec describes the cloud provider settings used to manage resources
      # in this datacenter. Exactly one cloud provider must be defined.
      spec:
        # Alibaba configures an Alibaba Cloud datacenter.
        alibaba:
          # Region to use, for a full list of regions see
          # https://www.alibabacloud.com/help/doc-detail/40654.htm
          region: ""
        # Anexia configures an Anexia datacenter.
        anexia:
          # LocationID the location of the region
          locationID: ""
        # APIServerServiceType is the service type used for API Server service `apiserver-external` for the user clusters.
        # By default, the type of service that will be used is determined by the `ExposeStrategy` used for the cluster.
        apiServerServiceType: null
        # AWS configures an Amazon Web Services (AWS) datacenter.
        aws:
          # List of AMIs to use for a given operating system.
          # This gets defaulted by querying for the latest AMI for the given distribution
          # when machines are created, so under normal circumstances it is not necessary
          # to define the AMIs statically.
          images:
            amzn2: ""
            flatcar: ""
            rhel: ""
            rockylinux: ""
            ubuntu: ""
          # The AWS region to use, e.g. "us-east-1". For a list of available regions, see
          # https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html
          region: ""
        # Azure configures an Azure datacenter.
        azure:
          # Images to use for each supported operating system
          images: null
          # Region to use, for example "westeurope". A list of available regions can be
          # found at https://azure.microsoft.com/en-us/global-infrastructure/locations/
          location: ""
        # Baremetal contains settings for baremetal clusters in datacenters.
        baremetal:
          tinkerbell:
            # Images represents standard VM Image sources.
            images:
              # HTTP represents a http source.
              http:
                # OperatingSystems represents list of supported operating-systems with their URLs.
                operatingSystems:
                  flatcar:
                    vX.Y: http://example.com/images/os.iso
                  rhel:
                    vX.Y: http://example.com/images/os.iso
                  rockylinux:
                    vX.Y: http://example.com/images/os.iso
                  ubuntu:
                    vX.Y: http://example.com/images/os.iso
        # BringYourOwn contains settings for clusters using manually created
        # nodes via kubeadm.
        bringyourown: {}
        # Digitalocean configures a Digitalocean datacenter.
        digitalocean:
          # Datacenter location, e.g. "ams3". A list of existing datacenters can be found
          # at https://www.digitalocean.com/docs/platform/availability-matrix/
          region: ""
        # Optional: DisableCSIDriver disables the installation of CSI driver on every clusters within the DC
        # If true it can't be over-written in the cluster configuration
        disableCsiDriver: false
        # Edge contains settings for clusters using manually created
        # nodes in edge envs.
        edge: {}
        # Optional: EnforceAuditLogging enforces audit logging on every cluster within the DC,
        # ignoring cluster-specific settings.
        enforceAuditLogging: false
        # Optional: EnforcePodSecurityPolicy enforces pod security policy plugin on every clusters within the DC,
        # ignoring cluster-specific settings.
        enforcePodSecurityPolicy: false
        # Optional: EnforcedAuditWebhookSettings allows admins to control webhook backend for audit logs of all the clusters within the DC,
        # ignoring cluster-specific settings.
        enforcedAuditWebhookSettings: null
        # GCP configures a Google Cloud Platform (GCP) datacenter.
        gcp:
          # Region to use, for example "europe-west3", for a full list of regions see
          # https://cloud.google.com/compute/docs/regions-zones/
          region: ""
          # Optional: Regional clusters spread their resources across multiple availability zones.
          # Refer to the official documentation for more details on this:
          # https://cloud.google.com/kubernetes-engine/docs/concepts/regional-clusters
          regional: false
          # List of enabled zones, for example [a, c]. See the link above for the available
          # zones in your chosen region.
          zoneSuffixes: []
        # Hetzner configures a Hetzner datacenter.
        hetzner:
          # Datacenter location, e.g. "nbg1-dc3". A list of existing datacenters can be found
          # at https://docs.hetzner.com/general/others/data-centers-and-connection/
          datacenter: ""
          # Optional: Detailed location of the datacenter, like "Hamburg" or "Datacenter 7".
          # For informational purposes only.
          location: ""
          # Network is the pre-existing Hetzner network in which the machines are running.
          # While machines can be in multiple networks, a single one must be chosen for the
          # HCloud CCM to work.
          network: ""
        # Kubevirt configures a KubeVirt datacenter.
        kubevirt:
          # Optional: indicates if the ccm should create and manage the clusters load balancers.
          ccmLoadBalancerEnabled: null
          # Optional: indicates if region and zone labels from the cloud provider should be fetched.
          ccmZoneAndRegionEnabled: null
          # CSIDriverOperator configures the kubevirt csi driver operator in the user cluster such as the csi driver images overwriting.
          csiDriverOperator: null
          # Optional: CustomNetworkPolicies allows to add some extra custom NetworkPolicies, that are deployed
          # in the dedicated infra KubeVirt cluster. They are added to the defaults.
          customNetworkPolicies:
            - # Name is the name of the Custom Network Policy.
              name: deny-ingress
              # Spec is the Spec of the NetworkPolicy, using the standard type.
              spec:
                podSelector: {}
                policyTypes:
                  - Ingress
          # DisableDefaultInstanceTypes prevents KKP from automatically creating default instance types.
          # (standard-2, standard-4, standard-8) in KubeVirt environments.
          disableDefaultInstanceTypes: false
          # DisableKubermaticPreferences prevents KKP from setting default KubeVirt preferences.
          disableDefaultPreferences: false
          # DNSConfig represents the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS
          # configuration based on DNSPolicy.
          dnsConfig:
            # A list of DNS name server IP addresses.
            # This will be appended to the base nameservers generated from DNSPolicy.
            # Duplicated nameservers will be removed.
            nameservers: null
            # A list of DNS resolver options.
            # This will be merged with the base options generated from DNSPolicy.
            # Duplicated entries will be removed. Resolution options given in Options
            # will override those that appear in the base DNSPolicy.
            options: null
            # A list of DNS search domains for host-name lookup.
            # This will be appended to the base search paths generated from DNSPolicy.
            # Duplicated search paths will be removed.
            searches: null
          # DNSPolicy represents the dns policy for the pod. Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst',
          # 'Default' or 'None'. Defaults to "ClusterFirst". DNS parameters given in DNSConfig will be merged with the
          # policy selected with DNSPolicy.
          dnsPolicy: ""
          # Optional: EnableDedicatedCPUs enables the assignment of dedicated cpus instead of resource requests and limits for a virtual machine.
          # Defaults to false.
          # Deprecated: Use .kubevirt.usePodResourcesCPU instead.
          enableDedicatedCpus: false
          # Optional: EnableDefaultNetworkPolicies enables deployment of default network policies like cluster isolation.
          # Defaults to true.
          enableDefaultNetworkPolicies: true
          # Images represents standard VM Image sources.
          images:
            # HTTP represents a http source.
            http:
              # OperatingSystems represents list of supported operating-systems with their URLs.
              operatingSystems:
                flatcar:
                  vX.Y: http://example.com/images/os.iso
                rhel:
                  vX.Y: http://example.com/images/os.iso
                rockylinux:
                  vX.Y: http://example.com/images/os.iso
                ubuntu:
                  vX.Y: http://example.com/images/os.iso
          # Optional: InfraStorageClasses contains a list of KubeVirt infra cluster StorageClasses names
          # that will be used to initialise StorageClasses in the tenant cluster.
          # In the tenant cluster, the created StorageClass name will have as name:
          # kubevirt-<infra-storageClass-name>
          infraStorageClasses:
            - # Optional: IsDefaultClass. If true, the created StorageClass in the tenant cluster will be annotated with:
              # storageclass.kubernetes.io/is-default-class : true
              # If missing or false, annotation will be:
              # storageclass.kubernetes.io/is-default-class : false
              isDefaultClass: true
              # Labels is a map of string keys and values that can be used to organize and categorize
              # (scope and select) objects. May match selectors of replication controllers
              # and services.
              labels: null
              name: rook-ceph-block
              # Regions represents a larger domain, made up of one or more zones. It is uncommon for Kubernetes clusters
              # to span multiple regions
              regions: null
              # VolumeBindingMode indicates how PersistentVolumeClaims should be provisioned and bound. When unset,
              # VolumeBindingImmediate is used.
              volumeBindingMode: null
              # VolumeProvisioner The **Provider** field specifies whether a storage class will be utilized by the Containerized
              # Data Importer (CDI) to create VM disk images and/or by the KubeVirt CSI Driver to provision volumes in the
              # infrastructure cluster. If no storage class in the seed object has this value set, the storage class will be used
              # for both purposes: CDI will create VM disk images, and the CSI driver will provision and attach volumes in the user
              # cluster. However, if the value is set to `kubevirt-csi-driver`, the storage class cannot be used by CDI for VM disk
              # image creation.
              volumeProvisioner: ""
              # Zones represent a logical failure domain. It is common for Kubernetes clusters to span multiple zones
              # for increased availability
              zones: null
          # Optional: MatchSubnetAndStorageLocation if set to true, the region and zone of the subnet and storage class must match. For
          # example, if the storage class has the region `eu` and zone was `central`, the subnet must be in the same region and zone.
          # otherwise KKP will reject the creation of the machine deployment and eventually the cluster.
          matchSubnetAndStorageLocation: null
          # NamespacedMode represents the configuration for enabling the single namespace mode for all user-clusters in the KubeVirt datacenter.
          namespacedMode: null
          # Optional: ProviderNetwork describes the infra cluster network fabric that is being used
          providerNetwork: null
          # Optional: UsePodResourcesCPU enables CPU assignment via Kubernetes Pod resource requests/limits.
          # When false (default), CPUs are assigned via KubeVirt's spec.domain.cpu.
          usePodResourcesCPU: false
          # VMEvictionStrategy describes the strategy to follow when a node drain occurs. If not set the default
          # value is External and the VM will be protected by a PDB.
          vmEvictionStrategy: ""
        # Optional: MachineFlavorFilter is used to filter out allowed machine flavors based on the specified resource limits like CPU, Memory, and GPU etc.
        machineFlavorFilter:
          # Include VMs with GPU
          enableGPU: false
          # Maximum number of vCPU
          maxCPU: 0
          # Maximum RAM size in GB
          maxRAM: 0
          # Minimum number of vCPU
          minCPU: 0
          # Minimum RAM size in GB
          minRAM: 0
        # Nutanix configures a Nutanix HCI datacenter.
        nutanix:
          # Optional: AllowInsecure allows to disable the TLS certificate check against the endpoint (defaults to false)
          allowInsecure: false
          # Endpoint to use for accessing Nutanix Prism Central. No protocol or port should be passed,
          # for example "nutanix.example.com" or "10.0.0.1"
          endpoint: ""
          # Images to use for each supported operating system
          images:
            amzn2: ""
            flatcar: ""
            rhel: ""
            rockylinux: ""
            ubuntu: ""
          # Optional: Port to use when connecting to the Nutanix Prism Central endpoint (defaults to 9440)
          port: 9440
        # Openstack configures an Openstack datacenter.
        openstack:
          # Authentication URL
          authURL: ""
          # Used to configure availability zone.
          availabilityZone: ""
          # Optional: configures enablement of topology support for the Cinder CSI Plugin.
          # This requires Nova and Cinder to have matching availability zones configured.
          csiCinderTopologyEnabled: false
          # Used for automatic network creation
          dnsServers: []
          # Optional: enable a configuration drive that will be attached to the instance when it boots.
          # The instance can mount this drive and read files from it to get information
          enableConfigDrive: null
          # Optional: List of enabled flavors for the given datacenter
          enabledFlavors: []
          # Optional
          enforceFloatingIP: false
          # Optional
          ignoreVolumeAZ: false
          # Images to use for each supported operating system.
          images:
            amzn2: ""
            flatcar: ""
            rhel: ""
            rockylinux: ""
            ubuntu: ""
          # Optional: defines if the IPv6 is enabled for the datacenter
          ipv6Enabled: false
          # Optional: List of LoadBalancerClass configurations to be used for the OpenStack cloud provider.
          loadBalancerClasses: null
          # Optional: Gets mapped to the "lb-method" setting in the cloud config.
          # defaults to "ROUND_ROBIN".
          loadBalancerMethod: null
          # Optional: Gets mapped to the "lb-provider" setting in the cloud config.
          # defaults to ""
          loadBalancerProvider: null
          # Optional: Gets mapped to the "manage-security-groups" setting in the cloud config.
          # This setting defaults to true.
          manageSecurityGroups: true
          # A CIDR ranges that will be used to allow access to the node port range in the security group. By default it will be open to 0.0.0.0/0.
          # Only applies if the security group is generated by KKP and not preexisting and will be applied only if no ranges are set at the cluster level.
          nodePortsAllowedIPRange: null
          # Optional: Restrict the allowed VM configurations that can be chosen in
          # the KKP dashboard. This setting does not affect the validation webhook for
          # MachineDeployments.
          nodeSizeRequirements:
            # MinimumMemory is the minimum required amount of memory, measured in MB
            minimumMemory: 0
            # VCPUs is the minimum required amount of (virtual) CPUs
            minimumVCPUs: 0
          # Authentication region name
          region: ""
          # Optional: Gets mapped to the "trust-device-path" setting in the cloud config.
          # This setting defaults to false.
          trustDevicePath: false
          # Optional: Gets mapped to the "use-octavia" setting in the cloud config.
          # use-octavia is enabled by default in CCM since v1.17.0, and disabled by
          # default with the in-tree cloud provider.
          useOctavia: true
        # Optional: DefaultOperatingSystemProfiles specifies the OperatingSystemProfiles to use for each supported operating system.
        operatingSystemProfiles:
          amzn2: ""
          flatcar: ""
          rhel: ""
          rockylinux: ""
          ubuntu: ""
        # Optional: ProviderReconciliationInterval is the time that must have passed since a
        # Cluster's status.lastProviderReconciliation to make the cluster controller
        # perform an in-depth provider reconciliation, where for example missing security
        # groups will be reconciled.
        # Setting this too low can cause rate limits by the cloud provider, setting this
        # too high means that *if* a resource at a cloud provider is removed/changed outside
        # of KKP, it will take this long to fix it.
        providerReconciliationInterval: 6h0m0s
        # Optional: When defined, only users with an e-mail address on the
        # given domains can make use of this datacenter. You can define multiple
        # domains, e.g. "example.com", one of which must match the email domain
        # exactly (i.e. "example.com" will not match "user@test.example.com").
        requiredEmails: []
        # VMwareCloudDirector configures a VMware Cloud Director datacenter.
        vmwareclouddirector:
          # If set to true, disables the TLS certificate check against the endpoint.
          allowInsecure: false
          # The default catalog which contains the VM templates.
          catalog: ""
          # The name of the storage profile to use for disks attached to the VMs.
          storageProfile: ""
          # A list of VM templates to use for a given operating system. You must
          # define at least one template.
          templates:
            amzn2: ""
            flatcar: ""
            rhel: ""
            rockylinux: ""
            ubuntu: ""
          # Endpoint URL to use, including protocol, for example "https://vclouddirector.example.com".
          url: ""
        # VSphere configures a VMware vSphere datacenter.
        vsphere:
          # If set to true, disables the TLS certificate check against the endpoint.
          allowInsecure: false
          # The name of the vSphere cluster to use. Used for out-of-tree CSI Driver.
          cluster: ""
          # The name of the datacenter to use.
          datacenter: ""
          # The default Datastore to be used for provisioning volumes using storage
          # classes/dynamic provisioning and for storing virtual machine files in
          # case no `Datastore` or `DatastoreCluster` is provided at Cluster level.
          datastore: ""
          # DefaultTagCategoryID is the tag category id that will be used as default, if users don't specify it on a cluster level,
          # and they don't wish KKP to create default generated tag category, upon cluster creation.
          defaultTagCategoryID: ""
          # Endpoint URL to use, including protocol, for example "https://vcenter.example.com".
          endpoint: ""
          # Optional: Infra management user is the user that will be used for everything
          # except the cloud provider functionality, which will still use the credentials
          # passed in via the Kubermatic dashboard/API.
          infraManagementUser:
            password: ""
            username: ""
          # Optional: defines if the IPv6 is enabled for the datacenter
          ipv6Enabled: false
          # Optional: The root path for cluster specific VM folders. Each cluster gets its own
          # folder below the root folder. Must be the FQDN (for example
          # "/datacenter-1/vm/all-kubermatic-vms-in-here") and defaults to the root VM
          # folder: "/datacenter-1/vm"
          rootPath: ""
          # The name of the storage policy to use for the storage class created in the user cluster.
          storagePolicy: ""
          # A list of VM templates to use for a given operating system. You must
          # define at least one template.
          # See: https://github.com/kubermatic/machine-controller/blob/main/docs/vsphere.md#template-vms-preparation
          templates:
            amzn2: ""
            flatcar: ""
            rhel: ""
            rockylinux: ""
            ubuntu: ""
  # DefaultAPIServerAllowedIPRanges defines a set of CIDR ranges that are **always appended**
  # to the API server's allowed IP ranges for all user clusters in this Seed. These ranges
  # provide a security baseline that cannot be overridden by cluster-specific configurations.
  defaultAPIServerAllowedIPRanges: null
  # DefaultClusterTemplate is the name of a cluster template of scope "seed" that is used
  # to default all new created clusters
  defaultClusterTemplate: ""
  # DefaultComponentSettings are default values to set for newly created clusters.
  defaultComponentSettings:
    # Apiserver configures kube-apiserver settings.
    apiserver:
      endpointReconcilingDisabled: null
      nodePortRange: 30000-32767
      replicas: 2
      resources: null
      tolerations: null
    # ControllerManager configures kube-controller-manager settings.
    controllerManager:
      leaderElection:
        # LeaseDurationSeconds is the duration in seconds that non-leader candidates
        # will wait to force acquire leadership. This is measured against time of
        # last observed ack.
        leaseDurationSeconds: null
        # RenewDeadlineSeconds is the duration in seconds that the acting controlplane
        # will retry refreshing leadership before giving up.
        renewDeadlineSeconds: null
        # RetryPeriodSeconds is the duration in seconds the LeaderElector clients
        # should wait between tries of actions.
        retryPeriodSeconds: null
      replicas: 1
      resources: null
      tolerations: null
    # CoreDNS configures CoreDNS deployed as part of the cluster control plane.
    coreDNS: null
    # Etcd configures the etcd ring used to store Kubernetes data.
    etcd:
      # ClusterSize is the number of replicas created for etcd. This should be an
      # odd number to guarantee consensus, e.g. 3, 5 or 7.
      clusterSize: 3
      # DiskSize is the volume size used when creating persistent storage from
      # the configured StorageClass. This is inherited from KubermaticConfiguration
      # if not set. Defaults to 5Gi.
      diskSize: 5Gi
      # HostAntiAffinity allows to enforce a certain type of host anti-affinity on etcd
      # pods. Options are "preferred" (default) and "required". Please note that
      # enforcing anti-affinity via "required" can mean that pods are never scheduled.
      hostAntiAffinity: ""
      # NodeSelector is a selector which restricts the set of nodes where etcd Pods can run.
      nodeSelector: null
      # QuotaBackendGB is the maximum backend size of etcd in GB (0 means use etcd default).

      # For more details, please see https://etcd.io/docs/v3.5/op-guide/maintenance/
      quotaBackendGb: null
      # Resources allows to override the resource requirements for etcd Pods.
      resources: null
      # StorageClass is the Kubernetes StorageClass used for persistent storage
      # which stores the etcd WAL and other data persisted across restarts. Defaults to
      # `kubermatic-fast` (the global default).
      storageClass: ""
      # Tolerations allows to override the scheduling tolerations for etcd Pods.
      tolerations: null
      # ZoneAntiAffinity allows to enforce a certain type of availability zone anti-affinity on etcd
      # pods. Options are "preferred" (default) and "required". Please note that
      # enforcing anti-affinity via "required" can mean that pods are never scheduled.
      zoneAntiAffinity: ""
    # KonnectivityProxy configures konnectivity-server and konnectivity-agent components.
    konnectivityProxy:
      # Args configures arguments (flags) for the Konnectivity deployments.
      args: null
      # KeepaliveTime represents a duration of time to check if the transport is still alive.
      # The option is propagated to agents and server.
      # Defaults to 1m.
      keepaliveTime: ""
      # Resources configure limits/requests for Konnectivity components.
      resources: null
    # KubeStateMetrics configures kube-state-metrics settings deployed by the monitoring controller.
    kubeStateMetrics: null
    # NodePortProxyEnvoy configures the per-cluster nodeport-proxy-envoy that is deployed if
    # the `LoadBalancer` expose strategy is used. This is not effective if a different expose
    # strategy is configured.
    nodePortProxyEnvoy:
      # DockerRepository is the repository containing the component's image.
      dockerRepository: ""
      # Resources describes the requested and maximum allowed CPU/memory usage.
      resources:
        # Claims lists the names of resources, defined in spec.resourceClaims,
        # that are used by this container.

        # This is an alpha field and requires enabling the
        # DynamicResourceAllocation feature gate.

        # This field is immutable. It can only be set for containers.
        claims: null
        # Limits describes the maximum amount of compute resources allowed.
        # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
        limits: null
        # Requests describes the minimum amount of compute resources required.
        # If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
        # otherwise to an implementation-defined value. Requests cannot exceed Limits.
        # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
        requests: null
    # OperatingSystemManager configures operating-system-manager (the component generating node bootstrap scripts for machine-controller).
    operatingSystemManager: null
    # Prometheus configures the Prometheus instance deployed into the cluster control plane.
    prometheus:
      replicas: null
      resources: null
      tolerations: null
    # Scheduler configures kube-scheduler settings.
    scheduler:
      leaderElection:
        # LeaseDurationSeconds is the duration in seconds that non-leader candidates
        # will wait to force acquire leadership. This is measured against time of
        # last observed ack.
        leaseDurationSeconds: null
        # RenewDeadlineSeconds is the duration in seconds that the acting controlplane
        # will retry refreshing leadership before giving up.
        renewDeadlineSeconds: null
        # RetryPeriodSeconds is the duration in seconds the LeaderElector clients
        # should wait between tries of actions.
        retryPeriodSeconds: null
      replicas: 1
      resources: null
      tolerations: null
    # UserClusterController configures the KKP usercluster-controller deployed as part of the cluster control plane.
    userClusterController: null
  # DisabledCollectors contains a list of metrics collectors that should be disabled.
  # Acceptable values are "Addon", "Cluster", "ClusterBackup", "Project", and "None".
  disabledCollectors: null
  # EtcdBackupRestore holds the configuration of the automatic etcd backup restores for the Seed;
  # if this is set, the new backup/restore controllers are enabled for this Seed.
  etcdBackupRestore: null
  # Optional: ExposeStrategy explicitly sets the expose strategy for this seed cluster, if not set, the default provided by the master is used.
  exposeStrategy: NodePort
  # A reference to the Kubeconfig of this cluster. The Kubeconfig must
  # have cluster-admin privileges. This field is mandatory for every
  # seed, even if there are no datacenters defined yet.
  kubeconfig:
    # API version of the referent.
    apiVersion: ""
    # If referring to a piece of an object instead of an entire object, this string
    # should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
    # For example, if the object reference is to a container within a pod, this would take on a value like:
    # "spec.containers{name}" (where "name" refers to the name of the container that triggered
    # the event) or if no container name is specified "spec.containers[2]" (container with
    # index 2 in this pod). This syntax is chosen only to have some well-defined way of
    # referencing a part of an object.
    fieldPath: ""
    # Kind of the referent.
    # More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
    kind: ""
    # Name of the referent.
    # More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
    name: ""
    # Namespace of the referent.
    # More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
    namespace: ""
    # Specific resourceVersion to which this reference is made, if any.
    # More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
    resourceVersion: ""
    # UID of the referent.
    # More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
    uid: ""
  # Optional: Detailed location of the cluster, like "Hamburg" or "Datacenter 7".
  # For informational purposes in the Kubermatic dashboard only.
  location: ""
  # ManagementProxySettings can be used if the KubeAPI of the user clusters
  # will not be directly available from kkp and a proxy in between should be used
  managementProxySettings: null
  # Metering configures the metering tool on user clusters across the seed.
  metering:
    enabled: false
    # ReportConfigurations is a map of report configuration definitions.
    reports:
      weekly:
        # Format is the file format of the generated report, one of "csv" or "json" (defaults to "csv").
        format: ""
        # Interval defines the number of days consulted in the metering report.
        # Ignored when `Monthly` is set to true
        interval: 7
        # Monthly creates a report for the previous month.
        monthly: false
        # Retention defines a number of days after which reports are queued for removal. If not set, reports are kept forever.
        # Please note that this functionality works only for object storage that supports an object lifecycle management mechanism.
        retention: null
        # Schedule in Cron format, see https://en.wikipedia.org/wiki/Cron. Please take a note that Schedule is responsible
        # only for setting the time when a report generation mechanism kicks off. The Interval MUST be set independently.
        schedule: 0 1 * * 6
        # Types of reports to generate. Available report types are cluster and namespace. By default, all types of reports are generated.
        type: null
    # RetentionDays is the number of days for which data should be kept in Prometheus. Default value is 90.
    retentionDays: 90
    # StorageClassName is the name of the storage class that the metering Prometheus instance uses to store metric data for reporting.
    storageClassName: kubermatic-fast
    # StorageSize is the size of the storage class. Default value is 100Gi. Changing this value requires
    # manual deletion of the existing Prometheus PVC (and thereby removing all metering data).
    storageSize: 100Gi
  # Optional: MLA allows configuring seed level MLA (Monitoring, Logging & Alerting) stack settings.
  mla:
    # Optional: UserClusterMLAEnabled controls whether the user cluster MLA (Monitoring, Logging & Alerting) stack is enabled in the seed.
    userClusterMLAEnabled: false
  # NodeportProxy can be used to configure the NodePort proxy service that is
  # responsible for making user-cluster control planes accessible from the outside.
  nodeportProxy:
    # Annotations are used to further tweak the LoadBalancer integration with the
    # cloud provider where the seed cluster is running.
    # Deprecated: Use .envoy.loadBalancerService.annotations instead.
    annotations: {}
    # Disable will prevent the Kubermatic Operator from creating a nodeport-proxy
    # setup on the seed cluster. This should only be used if a suitable replacement
    # is installed (like the nodeport-proxy Helm chart).
    disable: false
    # Envoy configures the Envoy application itself.
    envoy:
      # DockerRepository is the repository containing the component's image.
      dockerRepository: docker.io/envoyproxy/envoy-distroless
      loadBalancerService:
        # Annotations are used to further tweak the LoadBalancer integration with the
        # cloud provider.
        annotations:
          service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "3600"
          service.beta.kubernetes.io/aws-load-balancer-type: nlb
        # SourceRanges will restrict loadbalancer service to IP ranges specified using CIDR notation like 172.25.0.0/16.
        # This field will be ignored if the cloud-provider does not support the feature.
        # More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/
        sourceRanges: []
      # Resources describes the requested and maximum allowed CPU/memory usage.
      resources:
        # Claims lists the names of resources, defined in spec.resourceClaims,
        # that are used by this container.

        # This is an alpha field and requires enabling the
        # DynamicResourceAllocation feature gate.

        # This field is immutable. It can only be set for containers.
        claims: null
        # Limits describes the maximum amount of compute resources allowed.
        # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
        limits:
          cpu: "1"
          memory: 128Mi
        # Requests describes the minimum amount of compute resources required.
        # If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
        # otherwise to an implementation-defined value. Requests cannot exceed Limits.
        # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
        requests:
          cpu: 50m
          memory: 32Mi
    # EnvoyManager configures the Kubermatic-internal Envoy manager.
    envoyManager:
      # DockerRepository is the repository containing the component's image.
      dockerRepository: quay.io/kubermatic/nodeport-proxy
      # Resources describes the requested and maximum allowed CPU/memory usage.
      resources:
        # Claims lists the names of resources, defined in spec.resourceClaims,
        # that are used by this container.

        # This is an alpha field and requires enabling the
        # DynamicResourceAllocation feature gate.

        # This field is immutable. It can only be set for containers.
        claims: null
        # Limits describes the maximum amount of compute resources allowed.
        # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
        limits:
          cpu: 150m
          memory: 48Mi
        # Requests describes the minimum amount of compute resources required.
        # If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
        # otherwise to an implementation-defined value. Requests cannot exceed Limits.
        # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
        requests:
          cpu: 50m
          memory: 32Mi
    # IPFamilies configures the IP families to use for the LoadBalancer service.
    ipFamilies: null
    # IPFamilyPolicy configures the IP family policy for the LoadBalancer service.
    ipFamilyPolicy: null
    # Updater configures the component responsible for updating the LoadBalancer
    # service.
    updater:
      # DockerRepository is the repository containing the component's image.
      dockerRepository: quay.io/kubermatic/nodeport-proxy
      # Resources describes the requested and maximum allowed CPU/memory usage.
      resources:
        # Claims lists the names of resources, defined in spec.resourceClaims,
        # that are used by this container.

        # This is an alpha field and requires enabling the
        # DynamicResourceAllocation feature gate.

        # This field is immutable. It can only be set for containers.
        claims: null
        # Limits describes the maximum amount of compute resources allowed.
        # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
        limits:
          cpu: 150m
          memory: 32Mi
        # Requests describes the minimum amount of compute resources required.
        # If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
        # otherwise to an implementation-defined value. Requests cannot exceed Limits.
        # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
        requests:
          cpu: 50m
          memory: 32Mi
  # OIDCProviderConfiguration allows to configure OIDC provider at the Seed level.
  oidcProviderConfiguration: null
  # Optional: ProxySettings can be used to configure HTTP proxy settings on the
  # worker nodes in user clusters. However, proxy settings on nodes take precedence.
  proxySettings:
    # Optional: If set, this proxy will be configured for both HTTP and HTTPS.
    httpProxy: ""
    # Optional: If set this will be set as NO_PROXY environment variable on the node;
    # The value must be a comma-separated list of domains for which no proxy
    # should be used, e.g. "*.example.com,internal.dev".
    # Note that the in-cluster apiserver URL will be automatically prepended
    # to this value.
    noProxy: ""
  # Optional: This can be used to override the DNS name used for this seed.
  # By default the seed name is used.
  seedDNSOverwrite: ""