- cluster
- docker
- docker_registry
- additional_files
- add_ons
- features (deprecated)
- etcd
- master
- worker
- ingress
- storage
- nfs
Kubernetes cluster configuration
Name of the cluster to be used when generating assets that require a cluster name, such as kubeconfig files and certificates.
Kind | string |
Required | Yes |
Default | |
The Kubernetes version to install. If left blank will be set to the latest tested version. Only a single Minor version is supported with.
Kind | string |
Required | No |
Default | v1.10.5 |
The password for the admin user. If provided, ABAC will be enabled in the cluster. This field will be removed completely in a future release.
Kind | string |
Required | No |
Default | |
Whether KET should install the packages on the cluster nodes. When true, KET will not install the required packages. Instead, it will verify that the packages have been installed by the operator.
Kind | bool |
Required | No |
Default | false |
Whether KET should install the packages on the cluster nodes. Use DisablePackageInstallation instead.
Kind | bool |
Required | No |
Default | false |
Whether the cluster nodes are disconnected from the internet. When set to true
, internal package repositories and a container image registry are required for installation.
Kind | bool |
Required | No |
Default | false |
The Networking configuration for the cluster.
The datapath technique that should be configured in Calico.
Kind | string |
Required | No |
Default | overlay |
Options | overlay , routed |
The pod network's CIDR block. For example: 172.16.0.0/16
Kind | string |
Required | Yes |
Default | |
The Kubernetes service network's CIDR block. For example: 172.20.0.0/16
Kind | string |
Required | Yes |
Default | |
Whether the /etc/hosts file should be updated on the cluster nodes. When set to true, KET will update the hosts file on all nodes to include entries for all other nodes in the cluster.
Kind | bool |
Required | No |
Default | false |
The URL of the proxy that should be used for HTTP connections.
Kind | string |
Required | No |
Default | |
The URL of the proxy that should be used for HTTPS connections.
Kind | string |
Required | No |
Default | |
Comma-separated list of host names and/or IPs for which connections should not go through a proxy. All nodes' 'host' and 'IPs' are always set.
Kind | string |
Required | No |
Default | |
The Certificates configuration for the cluster.
The length of time that the generated certificates should be valid for. For example: "17520h" for 2 years.
Kind | string |
Required | Yes |
Default | |
The length of time that the generated Certificate Authority should be valid for. For example: "17520h" for 2 years.
Kind | string |
Required | Yes |
Default | |
Comma-separated list of Subject Alternative Names (SANs) to use for the API Server serving certificate. Can be both IP addresses and DNS names.
Kind | string |
Required | No |
Default | |
The SSH configuration for the cluster nodes.
The user for accessing the cluster nodes via SSH. This user requires sudo elevation privileges on the cluster nodes.
Kind | string |
Required | Yes |
Default | |
The absolute path of the SSH key that should be used for accessing the cluster nodes via SSH.
Kind | string |
Required | Yes |
Default | |
The port number on which cluster nodes are listening for SSH connections.
Kind | int |
Required | Yes |
Default | |
Kubernetes API Server configuration.
Listing of option overrides that are to be applied to the Kubernetes API server configuration. This is an advanced feature that can prevent the API server from starting up if invalid configuration is provided.
Kind | map[string]string |
Required | No |
Default | |
Kubernetes Controller Manager configuration.
Listing of option overrides that are to be applied to the Kubernetes Controller Manager configuration. This is an advanced feature that can prevent the Controller Manager from starting up if invalid configuration is provided.
Kind | map[string]string |
Required | No |
Default | |
Kubernetes Scheduler configuration.
Listing of option overrides that are to be applied to the Kubernetes Scheduler configuration. This is an advanced feature that can prevent the Scheduler from starting up if invalid configuration is provided.
Kind | map[string]string |
Required | No |
Default | |
Kubernetes Proxy configuration.
Listing of option overrides that are to be applied to the Kubernetes Proxy configuration. This is an advanced feature that can prevent the Proxy from starting up if invalid configuration is provided.
Kind | map[string]string |
Required | No |
Default | |
Kubelet configuration applied to all nodes.
Listing of option overrides that are to be applied to the Kubelet configurations. This is an advanced feature that can prevent the Kubelet from starting up if invalid configuration is provided.
Kind | map[string]string |
Required | No |
Default | |
The CloudProvider configuration for the cluster.
The cloud provider that should be set in the Kubernetes components
Kind | string |
Required | No |
Default | |
Options | aws , azure , cloudstack , fake , gce , mesos , openstack , ovirt , photon , rackspace , vsphere |
Path to the cloud provider config file. This will be copied to all the machines in the cluster
Kind | string |
Required | No |
Default | |
Configuration for the docker engine installed by KET
Set to true to disable the installation of docker container runtime on the nodes. The installer will validate that docker is installed and running prior to proceeding. Use this option if a different version of docker from the included one is required.
Kind | bool |
Required | No |
Default | false |
Log configuration for the docker engine.
Docker logging driver, more details https://docs.docker.com/engine/admin/logging/overview/.
Kind | string |
Required | No |
Default | json-file |
Driver specific options.
Kind | map[string]string |
Required | No |
Default | |
Storage configuration for the docker engine.
Docker storage driver, more details https://docs.docker.com/engine/userguide/storagedriver/. Leave empty to have docker automatically select the driver.
Kind | string |
Required | No |
Default | 'empty' |
Driver specific options
Kind | map[string]string |
Required | No |
Default | |
DirectLVMBlockDevice is the configuration required for setting up Device Mapper storage driver in direct-lvm mode. Refer to https://docs.docker.com/v17.03/engine/userguide/storagedriver/device-mapper-driver/#manage-devicemapper docs.
The path to the block device.
Kind | string |
Required | No |
Default | |
The percentage of space to use for storage from the passed in block device.
Kind | string |
Required | No |
Default | 95 |
The percentage of space to for metadata storage from the passed in block device.
Kind | string |
Required | No |
Default | 1 |
The threshold for when lvm should automatically extend the thin pool as a percentage of the total storage space.
Kind | string |
Required | No |
Default | 80 |
The percentage to increase the thin pool by when an autoextend is triggered.
Kind | string |
Required | No |
Default | 20 |
DirectLVM is the configuration required for setting up device mapper in direct-lvm mode.
Whether the direct_lvm mode of the devicemapper storage driver should be enabled. When set to true, a dedicated block storage device must be available on each cluster node.
Kind | bool |
Required | No |
Default | false |
The path to the block storage device that will be used by the devicemapper storage driver.
Kind | string |
Required | No |
Default | |
Whether deferred deletion should be enabled when using devicemapper in direct_lvm mode.
Kind | bool |
Required | No |
Default | false |
Docker registry configuration
The hostname or IP address and port of a private container image registry. Do not include http or https. When performing a disconnected installation, this registry will be used to fetch all the required container images.
Kind | string |
Required | No |
Default | |
The hostname or IP address of a private container image registry. When performing a disconnected installation, this registry will be used to fetch all the required container images.
Kind | string |
Required | No |
Default | |
The port on which the private container image registry is listening on.
Kind | int |
Required | No |
Default | |
The absolute path of the Certificate Authority that should be installed on all cluster nodes that have a docker daemon. This is required to establish trust between the daemons and the private registry when the registry is using a self-signed certificate.
Kind | string |
Required | No |
Default | |
The username that should be used when connecting to a registry that has authentication enabled. Otherwise leave blank for unauthenticated access.
Kind | string |
Required | No |
Default | |
The password that should be used when connecting to a registry that has authentication enabled. Otherwise leave blank for unauthenticated access.
Kind | string |
Required | No |
Default | |
A set of files or directories to copy from the local machine to any of the nodes in the cluster.
Hostname or role where additional files or directories will be copied.
Path to the file or directory on local machine. Must be an absolute path.
Kind | string |
Required | Yes |
Default | |
Path to the file or directory on remote machine, where file will be copied. Must be an absolute path.
Kind | string |
Required | Yes |
Default | |
Set to true if validation will be run before the file exists on the local machine. Useful for files generated at install time, ie. assets in generated/ directory.
Kind | bool |
Required | No |
Default | false |
Add on configuration
The Container Networking Interface (CNI) add-on configuration.
Whether the CNI add-on is disabled. When set to true, CNI will not be installed on the cluster. Furthermore, the smoke test and any validation that depends on a functional pod network will be skipped.
Kind | bool |
Required | No |
Default | false |
The CNI provider that should be installed on the cluster.
Kind | string |
Required | No |
Default | calico |
Options | calico , weave , contiv , custom |
The CNI options that can be configured for each CNI provider.
The options that can be configured for the Portmap CNI provider.
Disable the portmap CNI plugin
Kind | bool |
Required | No |
Default | false |
The options that can be configured for the Calico CNI provider.
The datapath technique that should be configured in Calico.
Kind | string |
Required | No |
Default | overlay |
Options | overlay , routed |
The logging level for the CNI plugin
Kind | string |
Required | No |
Default | info |
Options | warning , info , debug |
MTU for the workload interface, configures the CNI config.
Kind | int |
Required | No |
Default | 1500 |
MTU for the tunnel device used if IPIP is enabled.
Kind | int |
Required | No |
Default | 1440 |
IPAutodetectionMethod is used to detect the IPv4 address of the host. The value gets set in IP_AUTODETECTION_METHOD variable in the pod.
Kind | string |
Required | No |
Default | first-found |
The options that can be configured for the Weave CNI provider.
The password to use for network traffic encryption.
Kind | string |
Required | No |
Default | |
The DNS add-on configuration.
Whether the DNS add-on should be disabled. When set to true, no DNS solution will be deployed on the cluster.
Kind | bool |
Required | No |
Default | false |
This property indicates the in-cluster DNS provider.
Kind | string |
Required | Yes |
Default | kubedns |
Options | kubedns , coredns |
The options that can be configured for the cluster DNS add-on
Number of cluster DNS replicas that should be scheduled on the cluster.
Kind | int |
Required | No |
Default | 2 |
The Heapster Monitoring add-on configuration.
Whether the Heapster add-on should be disabled. When set to true, Heapster and InfluxDB will not be deployed on the cluster.
Kind | bool |
Required | No |
Default | false |
The options that can be configured for the Heapster add-on
The Heapster configuration options.
Number of Heapster replicas that should be scheduled on the cluster.
Kind | int |
Required | No |
Default | 2 |
Kubernetes service type of the Heapster service.
Kind | string |
Required | No |
Default | ClusterIP |
Options | ClusterIP , NodePort , LoadBalancer , ExternalName |
URL of the backend store that will be used as the Heapster sink.
Kind | string |
Required | No |
Default | influxdb:http://heapster-influxdb.kube-system.svc:8086 |
The InfluxDB configuration options.
Name of the Persistent Volume Claim that will be used by InfluxDB. This PVC must be created after the installation. If not set, InfluxDB will be configured with ephemeral storage.
Kind | string |
Required | No |
Default | |
Number of Heapster replicas that should be scheduled on the cluster.
Kind | int |
Required | No |
Default | |
Name of the Persistent Volume Claim that will be used by InfluxDB. When set, this PVC must be created after the installation. If not set, InfluxDB will be configured with ephemeral storage.
Kind | string |
Required | No |
Default | |
Metrics Server add-on configuration. A cluster-wide aggregator of resource usage data. Required for Horizontal Pod Autoscaler to function properly.
Whether the metrics-server add-on should be disabled. When set to true, metrics-server will not be deployed on the cluster.
Kind | bool |
Required | No |
Default | false |
The Dashboard add-on configuration.
Whether the dashboard add-on should be disabled. When set to true, the Kubernetes Dashboard will not be installed on the cluster.
Kind | bool |
Required | No |
Default | false |
The options that can be configured for the Dashboard add-on
Kubernetes service type of the Dashboard service.
Kind | string |
Required | No |
Default | ClusterIP |
Options | ClusterIP , NodePort , LoadBalancer , ExternalName |
When using NodePort set the port to use. When left empty Kubernetes will allocate a random port.
Kind | string |
Required | No |
Default | '' |
The PackageManager add-on configuration.
Whether the package manager add-on should be disabled. When set to true, the package manager will not be installed on the cluster.
Kind | bool |
Required | No |
Default | false |
This property indicates the package manager provider.
Kind | string |
Required | Yes |
Default | |
Options | helm |
The PackageManager options.
Helm PackageManager options
Namespace to deploy tiller
Kind | string |
Required | No |
Default | kube-system |
The Rescheduler add-on configuration. Because the Rescheduler does not have leader election and therefore can only run as a single instance in a cluster, it will be deployed as a static pod on the first master. More information about the Rescheduler can be found here: https://kubernetes.io/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/
Whether the pod rescheduler add-on should be disabled. When set to true, the rescheduler will not be installed on the cluster.
Kind | bool |
Required | No |
Default | false |
Feature configuration
The PackageManager feature configuration.
Whether the package manager add-on should be enabled.
Kind | bool |
Required | No |
Default | false |
Etcd nodes of the cluster
Number of nodes.
Kind | int |
Required | Yes |
Default | |
List of nodes.
The hostname of the node. The hostname is verified in the validation phase of the installation.
Kind | string |
Required | Yes |
Default | |
The IP address of the node. This is the IP address that will be used to connect to the node over SSH.
Kind | string |
Required | Yes |
Default | |
The internal (or private) IP address of the node. If set, this IP will be used when configuring cluster components.
Kind | string |
Required | No |
Default | |
Labels to add when installing the node in the cluster. If a node is defined under multiple roles, the labels for that node will be merged. If a label is repeated for the same node, only one will be used in this order: etcd,master,worker,ingress,storage roles where 'storage' has the highest precedence. It is recommended to use reverse-DNS notation to avoid collision with other labels.
Kind | map[string]string |
Required | No |
Default | |
Taints to add when installing the node in the cluster. If a node is defined under multiple roles, the taints for that node will be merged. If a taint is repeated for the same node, only one will be used in this order: etcd,master,worker,ingress,storage roles where 'storage' has the highest precedence.
Key for the taint
Kind | string |
Required | No |
Default | |
Value for the taint
Kind | string |
Required | No |
Default | |
Effect for the taint
Kind | string |
Required | No |
Default | |
Options | NoSchedule , PreferNoSchedule , NoExecute |
Kubelet configuration applied to this node. If a node is repeated for multiple roles, the overrides cannot be different.
Listing of option overrides that are to be applied to the Kubelet configurations. This is an advanced feature that can prevent the Kubelet from starting up if invalid configuration is provided.
Kind | map[string]string |
Required | No |
Default | |
Master nodes of the cluster
The IP or DNS and Port of the load balancer that is fronting multiple master nodes. In the case where there no load balancer this can be set to the IP address of the master node with port '6443'.
Kind | string |
Required | Yes |
Default | |
Number of master nodes that are part of the cluster.
Kind | int |
Required | Yes |
Default | |
The FQDN of the load balancer that is fronting multiple master nodes. In the case where there is only one master node, this can be set to the IP address of the master node.
Kind | string |
Required | No |
Default | |
The short name of the load balancer that is fronting multiple master nodes. In the case where there is only one master node, this can be set to the IP address of the master nodes.
Kind | string |
Required | No |
Default | |
List of master nodes that are part of the cluster.
The hostname of the node. The hostname is verified in the validation phase of the installation.
Kind | string |
Required | Yes |
Default | |
The IP address of the node. This is the IP address that will be used to connect to the node over SSH.
Kind | string |
Required | Yes |
Default | |
The internal (or private) IP address of the node. If set, this IP will be used when configuring cluster components.
Kind | string |
Required | No |
Default | |
Labels to add when installing the node in the cluster. If a node is defined under multiple roles, the labels for that node will be merged. If a label is repeated for the same node, only one will be used in this order: etcd,master,worker,ingress,storage roles where 'storage' has the highest precedence. It is recommended to use reverse-DNS notation to avoid collision with other labels.
Kind | map[string]string |
Required | No |
Default | |
Taints to add when installing the node in the cluster. If a node is defined under multiple roles, the taints for that node will be merged. If a taint is repeated for the same node, only one will be used in this order: etcd,master,worker,ingress,storage roles where 'storage' has the highest precedence.
Key for the taint
Kind | string |
Required | No |
Default | |
Value for the taint
Kind | string |
Required | No |
Default | |
Effect for the taint
Kind | string |
Required | No |
Default | |
Options | NoSchedule , PreferNoSchedule , NoExecute |
Kubelet configuration applied to this node. If a node is repeated for multiple roles, the overrides cannot be different.
Listing of option overrides that are to be applied to the Kubelet configurations. This is an advanced feature that can prevent the Kubelet from starting up if invalid configuration is provided.
Kind | map[string]string |
Required | No |
Default | |
Worker nodes of the cluster
Number of nodes.
Kind | int |
Required | Yes |
Default | |
List of nodes.
The hostname of the node. The hostname is verified in the validation phase of the installation.
Kind | string |
Required | Yes |
Default | |
The IP address of the node. This is the IP address that will be used to connect to the node over SSH.
Kind | string |
Required | Yes |
Default | |
The internal (or private) IP address of the node. If set, this IP will be used when configuring cluster components.
Kind | string |
Required | No |
Default | |
Labels to add when installing the node in the cluster. If a node is defined under multiple roles, the labels for that node will be merged. If a label is repeated for the same node, only one will be used in this order: etcd,master,worker,ingress,storage roles where 'storage' has the highest precedence. It is recommended to use reverse-DNS notation to avoid collision with other labels.
Kind | map[string]string |
Required | No |
Default | |
Taints to add when installing the node in the cluster. If a node is defined under multiple roles, the taints for that node will be merged. If a taint is repeated for the same node, only one will be used in this order: etcd,master,worker,ingress,storage roles where 'storage' has the highest precedence.
Key for the taint
Kind | string |
Required | No |
Default | |
Value for the taint
Kind | string |
Required | No |
Default | |
Effect for the taint
Kind | string |
Required | No |
Default | |
Options | NoSchedule , PreferNoSchedule , NoExecute |
Kubelet configuration applied to this node. If a node is repeated for multiple roles, the overrides cannot be different.
Listing of option overrides that are to be applied to the Kubelet configurations. This is an advanced feature that can prevent the Kubelet from starting up if invalid configuration is provided.
Kind | map[string]string |
Required | No |
Default | |
Ingress nodes of the cluster
Number of nodes.
Kind | int |
Required | Yes |
Default | |
List of nodes.
The hostname of the node. The hostname is verified in the validation phase of the installation.
Kind | string |
Required | Yes |
Default | |
The IP address of the node. This is the IP address that will be used to connect to the node over SSH.
Kind | string |
Required | Yes |
Default | |
The internal (or private) IP address of the node. If set, this IP will be used when configuring cluster components.
Kind | string |
Required | No |
Default | |
Labels to add when installing the node in the cluster. If a node is defined under multiple roles, the labels for that node will be merged. If a label is repeated for the same node, only one will be used in this order: etcd,master,worker,ingress,storage roles where 'storage' has the highest precedence. It is recommended to use reverse-DNS notation to avoid collision with other labels.
Kind | map[string]string |
Required | No |
Default | |
Taints to add when installing the node in the cluster. If a node is defined under multiple roles, the taints for that node will be merged. If a taint is repeated for the same node, only one will be used in this order: etcd,master,worker,ingress,storage roles where 'storage' has the highest precedence.
Key for the taint
Kind | string |
Required | No |
Default | |
Value for the taint
Kind | string |
Required | No |
Default | |
Effect for the taint
Kind | string |
Required | No |
Default | |
Options | NoSchedule , PreferNoSchedule , NoExecute |
Kubelet configuration applied to this node. If a node is repeated for multiple roles, the overrides cannot be different.
Listing of option overrides that are to be applied to the Kubelet configurations. This is an advanced feature that can prevent the Kubelet from starting up if invalid configuration is provided.
Kind | map[string]string |
Required | No |
Default | |
Storage nodes of the cluster.
Number of nodes.
Kind | int |
Required | Yes |
Default | |
List of nodes.
The hostname of the node. The hostname is verified in the validation phase of the installation.
Kind | string |
Required | Yes |
Default | |
The IP address of the node. This is the IP address that will be used to connect to the node over SSH.
Kind | string |
Required | Yes |
Default | |
The internal (or private) IP address of the node. If set, this IP will be used when configuring cluster components.
Kind | string |
Required | No |
Default | |
Labels to add when installing the node in the cluster. If a node is defined under multiple roles, the labels for that node will be merged. If a label is repeated for the same node, only one will be used in this order: etcd,master,worker,ingress,storage roles where 'storage' has the highest precedence. It is recommended to use reverse-DNS notation to avoid collision with other labels.
Kind | map[string]string |
Required | No |
Default | |
Taints to add when installing the node in the cluster. If a node is defined under multiple roles, the taints for that node will be merged. If a taint is repeated for the same node, only one will be used in this order: etcd,master,worker,ingress,storage roles where 'storage' has the highest precedence.
Key for the taint
Kind | string |
Required | No |
Default | |
Value for the taint
Kind | string |
Required | No |
Default | |
Effect for the taint
Kind | string |
Required | No |
Default | |
Options | NoSchedule , PreferNoSchedule , NoExecute |
Kubelet configuration applied to this node. If a node is repeated for multiple roles, the overrides cannot be different.
Listing of option overrides that are to be applied to the Kubelet configurations. This is an advanced feature that can prevent the Kubelet from starting up if invalid configuration is provided.
Kind | map[string]string |
Required | No |
Default | |
NFS volumes of the cluster.
List of NFS volumes that should be attached to the cluster during the installation.
The hostname or IP of the NFS volume.
Kind | string |
Required | Yes |
Default | |
The path where the NFS volume should be mounted.
Kind | string |
Required | Yes |
Default | |