Parameters :: Commodore Hub

`namespace`

type	string
default	`syn-${_instance}`

The namespace in which to deploy this component.

Deploying multiple vclusters in the same namespace isn’t supported.

`namespaceMetadata`

type	dictionary
default	`{}`
example	`namespace: annotations: prometheus: infra`

Additional metadata for the namespace.

`images`

type	dictionary

Dictionary containing the container images used by this component.

The kubectl image is used to create OCP routes. The kubectl and jq binaries are required in this image.

`k8s.additional_apiserver_args`

type	list
default	`[]`
example	`k8s: additional_apiserver_args: - --oidc-issuer-url=https://id.local/auth/realms/local - --oidc-client-id=local - --oidc-username-claim=email - --oidc-groups-claim=groups`

Additional arguments for the k8s apiserver.

`k8s.additional_controllermanager_args`

type	list
default	`[]`
example	`k8s: additional_controllermanager_args: - --arg1=foobar`

Additional arguments for the k8s controllerManager.

`k8s.additional_scheduler_args`

type	list
default	`[]`
example	`k8s: additional_scheduler_args: - --arg1=foobar`

Additional arguments for the k8s scheduler.

`backing_store`

type	dictionary

Configuration for the backing store. If nothing configured it uses embedded database (sqlite). For configuration options see the offical documentation

`resources`

type	string
default	`resources: k8s: requests: cpu: 40m memory: 64Mi limits: cpu: 100m memory: 256Mi syncer: requests: cpu: 200m memory: 256Mi limits: memory: 2Gi`

The resource requests and limits for the k8s and syncer containers.

`ingress.host`

type	string
default	`null`

If set, an ingress with the defined host is created. The ingress is created with TLS spec for the same host.

It’s assumed that cert-manager is running on the cluster to provision Let’s Encrypt certificates.

`ingress.annotations`

type

dict

default

{cert-manager.io/cluster-issuer: letsencrypt-production}

example

ingress:
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/backend-protocol: HTTPS
    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
    nginx.ingress.kubernetes.io/ssl-redirect: "true"

Additional annotations for the ingress object.

`ocp_route.host`

type	string
default	`null`

If set, a route.openshift.io/v1.Route with the defined host is created.

The route is set with TLS termination set to re-encrypt.

The re-encyption breaks the mTLS user authentication. A secondary authentication method, like OIDC, should be configured.

`syn.registration_url`

type	string
default	`null`
example	`api.syn.example.com/install/steward.json?token=cHJvamVjdCBzeW4gaXMgbG92ZQo=`

If set, the vcluster is registered with a Project SYN instance.

`storage.persistence`

type	bool or string
default	`auto`

Persistence controls whether vcluster resources are persisted between deployments. Defaults to auto, where vcluster will automatically determine based on the chosen distro and backing_store.

`storage.size`

type	string
default	`5Gi`

The size of the persistent volume claim.

`storage.class_name`

type	string
default	`null`

The StorageClass used for the persistent volume claim.

`additional_manifests`

type

string

default

""

example

additional_manifests: |-
  cluster-admin:
    kind: ClusterRoleBinding
    apiVersion: rbac.authorization.k8s.io/v1
    metadata:
      name: oidc-cluster-admin
    roleRef:
      apiGroup: rbac.authorization.k8s.io
      kind: ClusterRole
      name: cluster-admin
    subjects:
    - kind: Group
      name: admin

Manifests that should be applied to the vcluster after startup.

`helm_values`

type

dict

You can override the default helm values here. The default configuration comes with k8s as well as ingress enabled. See defaults.yaml for the exact configuration.

Example

ingress:
  host: testcluster.local
k8s:
  additional_apiserver_args:
    - --oidc-issuer-url=https://id.local/auth/realms/local
    - --oidc-client-id=local
    - --oidc-username-claim=email
    - --oidc-groups-claim=groups
backing_store:
  etcd:
    deploy:
      enabled: true