Configuration options¶
auth table¶
Parameter |
Required |
Description |
---|---|---|
|
no |
The name of the authorization back end to use, Default: |
|
no |
The role assigned to new users for their private resource sets. Valid values: Default: |
auth.sessions¶
Parameter |
Required |
Description |
---|---|---|
|
no |
The initial session lifetime, in minutes. Default: |
|
no |
The length of time, in minutes, before the expiration of a session
where, if used, a session will be extended by the current configured
lifetime from then. A value of Default: |
|
no |
The maximum number of sessions that a user can have simultaneously active. If creating a new session will put a user over this limit, the least recently used session is deleted. A value of Default: |
|
no |
If set, the user token is stored in |
registries array (optional)¶
An array of tables that specifies the MSR instances that are managed by the current MKE instance.
Parameter |
Required |
Description |
---|---|---|
|
yes |
Sets the address for connecting to the MSR instance tied to the MKE cluster. |
|
yes |
Sets the MSR instance’s OpenID Connect Client ID, as registered with the Docker authentication provider. |
|
no |
Specifies the root CA bundle for the MSR instance if you are using a
custom certificate authority (CA). The value is a string with the
contents of a |
audit_log_configuration table (optional)¶
Configures audit logging options for MKE components.
Parameter |
Required |
Description |
---|---|---|
|
no |
Specifies the audit logging level. Valid values: empty (to disable audit logs), Default: empty |
|
no |
Sets support dumps to include audit logs in the logs of
the Valid values: Default: |
scheduling_configuration table (optional)¶
Specifies scheduling options and the default orchestrator for new nodes.
Note
If you run a kubectl command, such as kubectl describe
nodes, to view scheduling rules on Kubernetes nodes, the results that
present do not reflect the MKE admin settings conifguration. MKE uses taints
to control container scheduling on nodes and is thus unrelated to the
kubectl Unschedulable
boolean flag.
Parameter |
Required |
Description |
---|---|---|
|
no |
Determines whether administrators can schedule containers on manager nodes. Valid values: Default: You can also set the parameter using the MKE web UI:
|
|
no |
Sets the type of orchestrator to use for new nodes that join the cluster. Valid values: Default: |
tracking_configuration table (optional)¶
Specifies the analytics data that MKE collects.
Parameter |
Required |
Description |
---|---|---|
|
no |
Set to disable analytics of usage information. Valid values: Default: |
|
no |
Set to disable analytics of API call information. Valid values: Default: |
|
no |
Set a label to be included with analytics. |
trust_configuration table (optional)¶
Specifies whether MSR images require signing.
Parameter |
Required |
Description |
---|---|---|
|
no |
Set to require the signing of images by content trust. Valid values: Default: You can also set the parameter using the MKE web UI:
|
|
no |
A string array that specifies which users or teams must sign images. |
|
no |
A string array that specifies repos that are to bypass content trust
check, for example, |
log_configuration table (optional)¶
Configures the logging options for MKE components.
Parameter |
Required |
Description |
---|---|---|
|
no |
The protocol to use for remote logging. Valid values: Default: |
|
no |
Specifies a remote syslog server to receive sent MKE controller logs. If
omitted, controller logs are sent through the default Docker daemon
logging driver from the |
|
no |
The logging level for MKE components. Valid values (syslog priority levels): |
license_configuration table (optional)¶
Enables automatic renewal of the MKE license.
Parameter |
Required |
Description |
---|---|---|
|
no |
Set to enable attempted automatic license renewal when the license nears expiration. If disabled, you must manually upload renewed license after expiration. Valid values: Default: |
custom headers (optional)¶
Included when you need to set custom API headers. You can repeat this
section multiple times to specify multiple separate headers. If you
include custom headers, you must specify both name
and value
.
[[custom_api_server_headers]]
Item |
Description |
---|---|
name |
Set to specify the name of the custom header with |
value |
Set to specify the value of the custom header with |
user_workload_defaults (optional)¶
A map describing default values to set on Swarm services at creation time if those fields are not explicitly set in the service spec.
[user_workload_defaults]
[user_workload_defaults.swarm_defaults]
Parameter |
Required |
Description |
---|---|---|
|
no |
Delay between restart attempts. The value is input in the <number><value type> formation. Valid value types include:
Default: |
|
no |
Maximum number of restarts before giving up. Default: |
cluster_config table (required)¶
Configures the cluster that the current MKE instance manages.
The dns
, dns_opt
, and dns_search
settings configure the DNS
settings for MKE components. These values, when assigned, override the
settings in a container /etc/resolv.conf
file.
Parameter |
Required |
Description |
---|---|---|
|
yes |
Sets the port that the Default: |
|
yes |
Sets the port the Kubernetes API server monitors. |
|
yes |
Sets the port that the Default: |
|
no |
Sets placement strategy for container scheduling. Be aware that this does not affect swarm-mode services. Valid values: |
|
yes |
Array of IP addresses that serve as nameservers. |
|
yes |
Array of options in use by DNS resolvers. |
|
yes |
Array of domain names to search whenever a bare unqualified host name is used inside of a container. |
|
no |
Determines whether specialized debugging endpoints are enabled for profiling MKE performance. Valid values: Default: |
|
no |
Sets the timeout in seconds for the RBAC information cache of MKE non-Kubernetes resource listing APIs. Setting changes take immediate effect and do not require a restart of the MKE controller. Default: Once you enable the cache, the result of non-Kubernetes resource listing APIs only reflects the latest RBAC changes for the user when the cached RBAC info times out. |
|
no |
Sets the key-value store timeout setting, in milliseconds. Default: |
|
Required |
Sets the key-value store snapshot count. Default: |
|
no |
Specifies an optional external load balancer for default links to services with exposed ports in the MKE web interface. |
|
no |
Specifies the URL of a Kubernetes YAML file to use to install a CNI plugin. Only applicable during initial installation. If left empty, the default CNI plugin is put to use. |
|
no |
Sets the metrics retention time. |
|
no |
Sets the interval for how frequently managers gather metrics from nodes in the cluster. |
|
no |
Sets the interval for the gathering of storage metrics, an operation that can become expensive when large volumes are present. |
|
no |
Enables the |
|
no |
Sets the size of the cache for MKE RethinkDB servers. Default: 1GB Leaving the field empty or specifying |
|
no |
Determines whether the Valid values: Default: |
|
no |
Sets the cloud provider for the Kubernetes cluster. |
|
yes |
Sets the subnet pool from which the IP for the Pod should be allocated from the CNI IPAM plugin. Default: |
|
no |
Sets the maximum transmission unit (MTU) size for the Calico plugin. |
|
no |
Sets the IPIP MTU size for the Calico IPIP tunnel interface. |
|
yes |
Sets the IP count for Azure allocator to allocate IPs per Azure virtual machine. |
|
yes |
Sets the subnet pool from which the IP for Services should be allocated. Default: |
|
yes |
Sets the port range for Kubernetes services within which the type
Default: |
|
no |
Sets the configuration options for the Kubernetes API server. Be aware that this parameter function is only for development and testing. Arbitrary Kubernetes configuration parameters are not tested and supported under the MKE Software Support Agreement. |
|
no |
Sets the configuration options for the Kubernetes controller manager. Be aware that this parameter function is only for development and testing. Arbitrary Kubernetes configuration parameters are not tested and supported under the MKE Software Support Agreement. |
|
no |
Sets the configuration options for Be aware that this parameter function is only for development and testing. Arbitrary Kubernetes configuration parameters are not tested and supported under the MKE Software Support Agreement. |
|
no |
Sets the configuration options for the Kubernetes scheduler. Be aware that this arameter function is only for development and testing. Arbitrary Kubernetes configuration parameters are not tested and supported under the MKE Software Support Agreement. |
|
no |
Set to store data about collections for volumes in the MKE local KV store instead of on the volume labels. The parameter is used to enforce access control on volumes. |
|
no |
Reserves resources for MKE and Kubernetes components that are running on manager nodes. |
|
no |
Reserves resources for MKE and Kubernetes components that are running on worker nodes. |
|
yes |
Sets the number of Pods that can run on a node. Maximum: Default: |
|
no |
Sets the maximum number of Pods per core.
Recommended: Default: |
|
no |
Enables IPSec network encryption in Kubernetes. Valid values: Default: |
|
no |
Enables image scan result aggregation. The feature displays image vulnerabilities in shared resource/containers and shared resources/images pages. Valid values: Default: |
|
no |
Determines whether auto-refresh is turned off (which defaults to 15
seconds). If set to Valid values: Default: |
|
no |
Sets the OIDC client ID, using the eNZi service ID that is in the ODIC authorization flow. |
|
no |
Determines whether the UI is hidden for all Swarm-only object types (has no effect on Admin Settings). Valid values: Default: You can also set the parameter using the MKE web UI:
|
|
yes |
Sets Calico as the CNI provider, managed by MKE. Note that Calico is the default CNI provider. |
|
yes |
Sets the operational mode for Valid values: Default: |
|
no |
Sets the value for the |
|
no |
Sets the value for the |
|
no |
Sets the value for the |
cluster_config.service_mesh (optional)¶
Set the configuration for the Istio ingress to manage ingress traffic from outside the cluster.
Parameter |
Required |
Description |
---|---|---|
|
No |
Disable HTTP ingress for Kubernetes. Default: |
|
No |
Set the number of Istio Ingress Gateway (proxy) deployment replicas.
Default: |
|
No |
Set the list of external IPs for Ingress Gateway service. Default: [] (empty) |
|
No |
Enable external load balancer. Default: |
|
No |
Enable preserving inbound traffic source IP. Default: |
|
No |
Set ports to expose. For each port, supply arrays containing the following port information (defaults shown):
|
|
No |
Set node affinity.
|
|
No |
Set node toleration. For each node, supply an array containing the following information (defaults shown):
|
iSCSI (optional)¶
Configures iSCSI options for MKE.
Parameter |
Required |
Description |
---|---|---|
|
no |
Enables iSCSI-based Persistent Volumes in Kubernetes. Valid values: Default: |
|
no |
Specifies the path of the Default: |
|
no |
Specifies the path of the Default: |
pre_logon_message¶
Configures a pre-logon message.
Parameter |
Required |
Description |
---|---|---|
|
no |
Sets a pre-logon message to alert users prior to log in. |
See also