Cluster Advanced Settings
To further fine-tune your Qovery infrastructure, you can set advanced settings through the Qovery API endpoint.
All clusters have access to advanced settings, you can find where they are available in the documentation below with those badges mentioning for which Cloud provider they are available:
You will also find badges mentioning for which components it will be applied:
Below is the list of advanced settings currently available for clusters.
Logs
aws.cloudwatch.eks_logs_retention_days
Type | Description | Default Value |
---|---|---|
integer | Maximum retention days in Cloudwatch for EKS logs. (possible values: 0, 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 2192, 2557, 2922, 3288, 3653) | 90 |
aws.vpc.enable_s3_flow_logs
Type | Description | Default Value |
---|---|---|
boolean | Enable flow logs on the cluster VPC and store them in an s3 bucket. | false |
aws.vpc.flow_logs_retention_days
Type | Description | Default Value |
---|---|---|
integer | Set the number of retention days for flow logs. Unlimited retention with value 0 | 365 |
loki.log_retention_in_week
Type | Description | Default Value |
---|---|---|
integer | Maximum Kubernetes pods (containers/application/jobs/cronjob) retention logs in weeks. | 12 (84 days) |
Image registry
registry.image_retention_time
Type | Description | Default Value |
---|---|---|
integer | Allows you to specify an amount in seconds after which images in the default registry are deleted. | 31536000 (1 year) |
registry.mirroring_mode
Type | Description | Default Value |
---|---|---|
string | Allows you to specify the image mirroring mode to be used for each image deployed on this cluster. (possible values: Service or Cluster ) | Service |
cloud_provider.container_registry.tags
Type | Description | Default Value |
---|---|---|
Map<String, String> | Add additional tags on the cluster dedicated registry |
Network
Load balancer
load_balancer.size
Type | Description | Default Value |
---|---|---|
string | Allows you to specify the load balancer size in front of your cluster. Possible values are: - lb-s : 200 Mbps- lb-gp-m : 500 Mbps- lb-gp-l : 1 Gbps- lb-gp-xl : 4 Gbps | lb-s |
Nginx
nginx.vcpu.request_in_milli_cpu
Type | Description | Default Value |
---|---|---|
integer | Vcpu request value in millicores assigned to Nginx pods | 200 |
nginx.vcpu.limit_in_milli_cpu
Type | Description | Default Value |
---|---|---|
integer | Vcpu limit value in millicores assigned to Nginx pods | 700 |
nginx.memory.request_in_mib
Type | Description | Default Value |
---|---|---|
integer | Memory limit value in MiB assigned to Nginx pods | 768 |
nginx.memory.limit_in_mib
Type | Description | Default Value |
---|---|---|
integer | Memory limit value in MiB assigned to Nginx pods | 768 |
nginx.hpa.cpu_utilization_percentage_threshold
Type | Description | Default Value |
---|---|---|
integer | Hpa (horizontal pod autoscaler) cpu threshold in percentage assigned to Nginx deployment | 50 |
nginx.hpa.min_number_instances
Type | Description | Default Value |
---|---|---|
integer | Minimum number of Nginx instances running | 2 |
nginx.hpa.max_number_instances
Type | Description | Default Value |
---|---|---|
integer | Maximum number of Nginx instances running | 25 |
nginx.controller.enable_client_ip
Type | Description | Default Value |
---|---|---|
bool | Enables ngx_http_realip_module module. | false |
Database access
database.postgresql.deny_public_access
Type | Description | Default Value |
---|---|---|
boolean | Deny public access to all PostgreSQL databases. When true, configure the CIDR range you want to allow within the associated allowed_cidrs parameter (default is "any IP").⚠️ Public access to managed databases will instantly be removed ⚠️ Public access to container databases will be removed only after a database redeployment | false |
database.postgresql.allowed_cidrs
Type | Description | Default Value |
---|---|---|
boolean | List of allowed CIDRS. Valid only when database.postgresql.deny_public_access is set to true | ["0.0.0.0/0"] |
database.mysql.deny_public_access
Type | Description | Default Value |
---|---|---|
boolean | Deny public access to all MySQL databases. When true, configure the CIDR range you want to allow within the associated allowed_cidrs parameter (default is "any IP"). ⚠️ Public access to managed databases will instantly be removed ⚠️ Public access to container databases will be removed only after a database redeployment | false |
database.mysql.allowed_cidrs
Type | Description | Default Value |
---|---|---|
boolean | List of allowed CIDRS. Valid only when database.mysql.deny_public_access is set to true | ["0.0.0.0/0"] |
database.mongodb.deny_public_access
Type | Description | Default Value |
---|---|---|
boolean | Deny public access to all MongoDB databases. When true, configure the CIDR range you want to allow within the associated allowed_cidrs parameter (default is "any IP"). ⚠️ Public access to managed databases will instantly be removed ⚠️ Public access to container databases will be removed only after a database redeployment | false |
database.mongodb.allowed_cidrs
Type | Description | Default Value |
---|---|---|
boolean | List of allowed CIDRS. Valid only when database.mongodb.deny_public_access is set to true | ["0.0.0.0/0"] |
database.redis.deny_public_access
Type | Description | Default Value |
---|---|---|
boolean | Deny public access to all Redis databases. When true, configure the CIDR range you want to allow within the associated allowed_cidrs parameter (default is "anyone").⚠️ Public access to managed databases will instantly be removed ⚠️ Public access to container databases will be removed only after a database redeployment | false |
database.redis.allowed_cidrs
Type | Description | Default Value |
---|---|---|
boolean | List of allowed CIDRS. Valid only when database.redis.deny_public_access is set to true | ["0.0.0.0/0"] |
IAM
aws.iam.enable_admin_group_sync
Type | Description | Default Value |
---|---|---|
boolean | Enable IAM admin group sync IAM permissions setup. ⚠️ aws.iam.admin_group should be set. | true |
aws.iam.admin_group
Type | Description | Default Value |
---|---|---|
string | Allows you to specify the IAM group name associated with the Qovery user in the AWS console during the IAM permissions setup to be able to connect to the Kubernetes cluster | Admins |
aws.iam.enable_sso
Type | Description | Default Value |
---|---|---|
boolean | Enable SSO sync allowing IAM users to connect to cluster using SSO. Setup SSO support for your cluster. ⚠️ aws.iam.sso_role_arn should be set. | false |
aws.iam.sso_role_arn
Type | Description | Default Value |
---|---|---|
string | Allows you to specify the SSO role ARN to be used to connect to your cluster. Setup SSO support for your cluster | "" |
Miscellaneous
aws.eks.ec2.metadata_imds
Type | Description | Default Value |
---|---|---|
string | Specify the IMDS version you want to use. Possible values are required (IMDS v2 only) and optional (IMDS v1 and V2) | optional |
aws.eks.encrypt_secrets_kms_key_arn
Type | Description | Default Value |
---|---|---|
string | Allows you to activate KMS encryption of your Kubernetes secrets. Specify the key ARN of your AWS KMS key. |