From 0a08aa62f5ba15d68d2ff6c0400a723cf64aa5f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Romaric=20Philog=C3=A8ne?= Date: Thu, 30 Nov 2023 18:42:56 -0800 Subject: [PATCH] add: kubernetes page --- .../configuration/provider/kubernetes.md | 238 +++++++++++++++++- .../configuration/provider/kubernetes.md.erb | 236 ++++++++++++++++- 2 files changed, 471 insertions(+), 3 deletions(-) diff --git a/website/docs/using-qovery/configuration/provider/kubernetes.md b/website/docs/using-qovery/configuration/provider/kubernetes.md index b0d997955d..ca02aa67ce 100644 --- a/website/docs/using-qovery/configuration/provider/kubernetes.md +++ b/website/docs/using-qovery/configuration/provider/kubernetes.md @@ -1,5 +1,5 @@ --- -last_modified_on: "2023-11-29" +last_modified_on: "2023-11-30" title: "Kubernetes" description: "Learn how to install and configure Qovery on your own Kubernetes cluster (BYOK) / Self-managed Kubernetes cluster" --- @@ -20,7 +20,9 @@ This section is for Kubernetes users. If you are not familiar with Kubernetes, w -Qovery BYOK (Bring Your Own Kubernetes) is a self-hosted version of Qovery. It allows you to install Qovery on your own Kubernetes cluster. Read [this article](https://www.qovery.com/blog/kubernetes-managed-by-qovery-vs-self-managed-byok) to better understand the difference with the Managed Kubernetes by Qovery. In a nutshell, Qovery BYOK is for Kubernetes experts who want to manage their own Kubernetes cluster. Qovery does not manage the Kubernetes cluster for you. +Qovery BYOK (Bring Your Own Kubernetes) is a self-hosted version of Qovery. It allows you to install Qovery on your own Kubernetes cluster. +Read [this article](https://www.qovery.com/blog/kubernetes-managed-by-qovery-vs-self-managed-byok) to better understand the difference with the Managed Kubernetes by Qovery. In a nutshell, Qovery BYOK is for Kubernetes experts who want to manage their own Kubernetes cluster. +Qovery does not manage the Kubernetes cluster for you.

How Qovery works with Self Managed Kubernetes cluster @@ -293,9 +295,241 @@ helm install qovery +## Configuration + +### Qovery + +This is the configuration of Qovery itself. It is used by all Qovery components. + +| Key | Required | Description | Default | +|--------------------------|----------|------------------------------------------------------------|---------------------------| +| `qovery.clusterId` | Yes | The cluster ID. It is used to identify your cluster. | `set-by-customer` | +| `qovery.shortClusterId` | Yes | The short cluster ID. It is used to identify your cluster. | `set-by-customer` | +| `qovery.apkKey` | Yes | The APK key. It is used to authenticate your cluster. | `set-by-customer` | +| `qovery.jwtToken` | Yes | The JWT token. It is used to authenticate your cluster. | `set-by-customer` | +| `qovery.domain` | Yes | The domain name used by Qovery. | `set-by-customer` | +| `qovery.qoveryDnsUrl` | Yes | The Qovery DNS URL. | `https://ddns.qovery.com` | +| `qovery.qoveryDnsApiKey` | Yes | The Qovery DNS API key. | `set-by-customer` | + +### Qovery Cluster Agent + + + +Optional. If you don't want to use the cluster agent, you can disable it. You will not be able to see your logs and metrics in the Qovery dashboard. + + + +The cluster agent is responsible for securely forwarding logs and metrics from your Kubernetes cluster to Qovery control plane. + +| Key | Required | Description | Default | +|------------------------------------------------------------------------|----------|--------------------------------------|-------------------| +| `services.qovery-cluster-agent.enabled` | Yes | Enable or disable the cluster agent. | `false` | +| `services.qovery-cluster-agent.image.tag` | Yes | The cluster agent image tag. | `set-by-customer` | +| `services.qovery-cluster-agent.environmentVariables.GRPC_SERVER` | Yes | The gRPC server URL. | `set-by-customer` | +| `services.qovery-cluster-agent.environmentVariables.CLUSTER_JWT_TOKEN` | Yes | The JWT token. | `set-by-customer` | +| `services.qovery-cluster-agent.environmentVariables.CLUSTER_ID` | Yes | The cluster ID. | `set-by-customer` | +| `services.qovery-cluster-agent.environmentVariables.ORGANIZATION_ID` | Yes | The organization ID. | `set-by-customer` | + +### Qovery Shell Agent + + + +Optional. If you don't want to use the shell agent, you can disable it. You will not be able to open a secure remote shell to your application. + + + +The shell agent is responsible for giving you a secure remote shell access to your Kubernetes pods if you need it. E.g. when using `qovery shell` command. + +| Key | Required | Description | Default | +|-----------------------------------------------------------------------|----------|-------------------------------------|-------------------| +| `services.qovery-shell-agent.enabled` | Yes | Enable or disable the shell agent. | `false` | +| `services.qovery-shell-agent.image.tag` | Yes | The shell agent image tag. | `set-by-customer` | +| `services.qovery-shell-agent.environmentVariables.GRPC_SERVER` | Yes | The gRPC server URL. | `set-by-customer` | +| `services.qovery-shell-agent.environmentVariables.CLUSTER_JWT_TOKEN` | Yes | The JWT token. | `set-by-customer` | +| `services.qovery-shell-agent.environmentVariables.CLUSTER_ID` | Yes | The cluster ID. | `set-by-customer` | +| `services.qovery-shell-agent.environmentVariables.ORGANIZATION_ID` | Yes | The organization ID. | `set-by-customer` | + +### Ingress + + + +Optional. If you don't want to use NGINX Ingress Controller, you can disable it. You will not be able to expose publicly your applications. + + + +Qovery uses [NGINX Ingress Controller](https://docs.nginx.com/nginx-ingress-controller/) by default to route traffic to your applications. + +#### Nginx Ingress Controller + +| Key | Required | Description | Default | +|-------------------------------------------------------------------------------|----------|-------------------------------------------------|---------------------------------------------| +| `services.ingress.ingress-nginx.enabled` | Yes | Enable or disable the NGINX Ingress Controller. | `true` | +| `services.ingress.ingress-nginx.controller.useComponentLabel` | Yes | Use component label. | `true` | +| `services.ingress.ingress-nginx.controller.admissionWebhooks.enabled` | Yes | Enable or disable the admission webhooks. | `false` | +| `services.ingress.ingress-nginx.controller.ingressClass` | Yes | The ingress class. | `nginx-qovery` | +| `services.ingress.ingress-nginx.controller.extraArgs.default-ssl-certificate` | Yes | The default SSL certificate. | `cert-manager/letsencrypt-acme-qovery-cert` | +| `services.ingress.ingress-nginx.controller.publishService.enabled` | Yes | Enable or disable the publish service. | `true` | + +#### Other Ingress Controllers + +Qovery supports other Ingress Controllers. Please contact us if you want to use another one. We will be happy to help you. + +### DNS + + + +Optional. If you don't want to use External DNS, you can disable it. You will not be able to use custom domains. + + + +Qovery uses [External DNS](https://github.com/kubernetes-sigs/external-dns) to automatically configure DNS records for your applications. + +#### External DNS + +| Key | Required | Description | Default | +|-------------------------------------------|----------|---------------------------------|--------------------------------------------| +| `services.dns.external-dns.enabled` | Yes | Enable or disable External DNS. | `true` | +| `services.dns.external-dns.provider` | Yes | The DNS provider. | `pdns` | +| `services.dns.external-dns.domainFilters` | Yes | The domain filters. | `{{ tpl .Values.qovery.domain }}` | +| `services.dns.external-dns.txtOwnerId` | Yes | The TXT owner ID. | `{{ tpl .Values.qovery.shortClusterId }}` | +| `services.dns.external-dns.txtPrefix` | Yes | The TXT prefix. | `{{ tpl .Values.qovery.shortClusterId }}` | +| `services.dns.external-dns.pdns.apiUrl` | Yes | The PowerDNS API URL. | `{{ tpl .Values.qovery.qoveryDnsUrl }}` | +| `services.dns.external-dns.pdns.apiKey` | Yes | The PowerDNS API key. | `{{ tpl .Values.qovery.qoveryDnsApiKey }}` | +| `services.dns.external-dns.pdns.apiPort` | Yes | The PowerDNS API port. | `443` | + +### Logging + + + +Optional. If you don't want to use Loki and Promtail, you can disable them. You will not be able to see your logs in the Qovery dashboard. + + + +Qovery uses [Loki](https://grafana.com/oss/loki/) to store your logs and [Promtail](https://grafana.com/docs/loki/latest/clients/promtail/) to collect your logs. + +#### Loki + +| Key | Required | Description | Default | +|---------------------------------------------------------------------|----------|---------------------------------|-------------------------| +| `services.logging.loki.enabled` | Yes | Enable or disable Loki. | `true` | +| `services.logging.loki.auth_enabled` | Yes | Enable or disable Loki auth. | `false` | +| `services.logging.loki.ingester.lifecycler.ring.kvstore.store` | Yes | The Loki KV store. | `inmemory` | +| `services.logging.loki.ingester.lifecycler.ring.replication_factor` | Yes | The Loki replication factor. | `1` | +| `services.logging.loki.schema_config.configs.from` | Yes | The Loki schema config. | `2020-05-15` | +| `services.logging.loki.schema_config.configs.store` | Yes | The Loki store. | `boltdb-shipper` | +| `services.logging.loki.schema_config.configs.object_store` | Yes | The Loki object store. | `filesystem` | +| `services.logging.loki.schema_config.configs.schema` | Yes | The Loki schema. | `v11` | +| `services.logging.loki.schema_config.configs.index.prefix` | Yes | The Loki index prefix. | `index_` | +| `services.logging.loki.schema_config.configs.index.period` | Yes | The Loki index period. | `24h` | +| `services.logging.loki.monitoring.dashboards.enabled` | Yes | Enable or disable dashboards. | `false` | +| `services.logging.loki.monitoring.rules.enabled` | Yes | Enable or disable rules. | `false` | +| `services.logging.loki.monitoring.serviceMonitor.enabled` | Yes | Enable or disable service. | `false` | +| `services.logging.loki.monitoring.serviceMonitor.metricsInstance` | Yes | Enable or disable metrics. | `false` | +| `services.logging.loki.monitoring.selfMonitoring.enabled` | Yes | Enable or disable self-monitor. | `false` | +| `services.logging.loki.monitoring.selfMonitoring.grafanaAgent` | Yes | Enable or disable Grafana. | `false` | +| `services.logging.loki.monitoring.lokiCanary.enabled` | Yes | Enable or disable Loki Canary. | `false` | +| `services.logging.loki.gateway.enabled` | Yes | Enable or disable gateway. | `false` | +| `services.logging.loki.singleBinary.replicas` | Yes | The Loki replicas. | `1` | +| `services.logging.loki.singleBinary.persistence.enabled` | Yes | Enable or disable persistence. | `false` | +| `services.logging.loki.singleBinary.extraVolumes` | Yes | The Loki extra volumes. | `data` and `storage` | +| `services.logging.loki.singleBinary.extraVolumeMounts` | Yes | The Loki extra volume mounts. | `data` and `storage` | +| `services.logging.loki.singleBinary.extraVolumeMounts.mountPath` | Yes | The Loki extra volume mount. | `/data` and `/var/loki` | +| `services.logging.loki.singleBinary.extraVolumeMounts.name` | Yes | The Loki extra volume name. | `data` and `storage` | +| `services.logging.loki.singleBinary.extraVolumes.emptyDir` | Yes | The Loki extra volume emptyDir. | `{}` | +| `services.logging.loki.singleBinary.extraVolumeMounts.emptyDir` | Yes | The Loki extra volume emptyDir. | `{}` | +| `services.logging.loki.test.enabled` | Yes | Enable or disable test. | `false` | + +#### Promtail + +| Key | Required | Description | Default | +|-----------------------------------------------------------------|----------|------------------------------|-----------------------------------------------------------------------------------------------------------| +| `services.logging.promtail.enabled` | Yes | Enable or disable Promtail. | `true` | +| `services.logging.promtail.namespace` | Yes | The Promtail namespace. | `kube-system` | +| `services.logging.promtail.priorityClassName` | Yes | The Promtail priority class. | `system-node-critical` | +| `services.logging.promtail.config.clients.url` | Yes | The Promtail URL. | `http://loki.qovery.svc:3100/loki/api/v1/push` | +| `services.logging.promtail.config.snippets.extraRelabelConfigs` | Yes | The Promtail extra relabel. | `__meta_kubernetes_pod_label_(qovery_com_service_id\|qovery_com_service_type\|qovery_com_environment_id)` | + +### Certificates + + + +Optional. If you don't want to use Cert Manager, you can disable it. You will not be able to get TLS certificates automatically. + + + +Qovery uses [Cert Manager](https://cert-manager.io/) to automatically get TLS certificates for your applications. + +#### Cert Manager + +| Key | Required | Description | Default | +|---------------------------------------------------------------------------------|----------|---------------------------------|-------------------------------------------| +| `services.certificates.cert-manager.enabled` | Yes | Enable or disable Cert Manager. | `true` | +| `services.certificates.cert-manager.namespace` | Yes | The Cert Manager namespace. | `cert-manager` | +| `services.certificates.cert-manager.fullnameOverride` | Yes | The Cert Manager name. | `cert-manager` | +| `services.certificates.cert-manager.installCRDs` | Yes | Enable or disable CRDs. | `true` | +| `services.certificates.cert-manager.replicaCount` | Yes | The Cert Manager replicas. | `1` | +| `services.certificates.cert-manager.startupapicheck.jobAnnotations` | Yes | The Cert Manager annotations. | `helm.sh/hook: post-install,post-upgrade` | +| `services.certificates.cert-manager.startupapicheck.rbac.annotations` | Yes | The Cert Manager annotations. | `helm.sh/hook: post-install,post-upgrade` | +| `services.certificates.cert-manager.startupapicheck.serviceAccount.annotations` | Yes | The Cert Manager annotations. | `helm.sh/hook: post-install,post-upgrade` | + +#### Qovery Cert Manager Webhook + +| Key | Required | Description | Default | +|------------------------------------------------------------------------------------|----------|--------------------------------|--------------------------------------------| +| `services.certificates.qovery-cert-manager-webhook.fullnameOverride` | Yes | The Qovery Cert Manager name. | `qovery-cert-manager-webhook` | +| `services.certificates.qovery-cert-manager-webhook.certManager.namespace` | Yes | The Cert Manager namespace. | `cert-manager` | +| `services.certificates.qovery-cert-manager-webhook.certManager.serviceAccountName` | Yes | The Cert Manager service name. | `cert-manager` | +| `services.certificates.qovery-cert-manager-webhook.secret.apiUrl` | Yes | The Qovery DNS URL. | `{{ tpl .Values.qovery.qoveryDnsUrl }}` | +| `services.certificates.qovery-cert-manager-webhook.secret.apiKey` | Yes | The Qovery DNS API key. | `{{ tpl .Values.qovery.qoveryDnsApiKey }}` | +| `services.certificates.qovery-cert-manager-webhook.certManager.serviceAccountName` | Yes | The Cert Manager service name. | `cert-manager` | + +#### Cert Manager Configs + +| Key | Required | Description | Default | +|---------------------------------------------------------------------------|----------|---------------------------------|-----------------------------------| +| `services.certificates.cert-manager-configs.fullnameOverride` | Yes | The Cert Manager Configs name. | `cert-manager-configs` | +| `services.certificates.cert-manager-configs.externalDnsProvider` | Yes | The external DNS provider. | `set-by-customer` | +| `services.certificates.cert-manager-configs.managedDns` | Yes | The managed DNS. | `{{ tpl .Values.qovery.domain }}` | +| `services.certificates.cert-manager-configs.acme.letsEncrypt.emailReport` | Yes | The Let's Encrypt email report. | `set-by-customer` | +| `services.certificates.cert-manager-configs.acme.letsEncrypt.acmeUrl` | Yes | The Let's Encrypt URL. | `set-by-customer` | +| `services.certificates.cert-manager-configs.provider.cloudflare.apiToken` | Yes | The Cloudflare API token. | `set-by-customer` | +| `services.certificates.cert-manager-configs.provider.cloudflare.email` | Yes | The Cloudflare email. | `set-by-customer` | +| `services.certificates.cert-manager-configs.provider.pdns.apiPort` | Yes | The PowerDNS API port. | `set-by-customer` | +| `services.certificates.cert-manager-configs.provider.pdns.apiUrl` | Yes | The PowerDNS API URL. | `set-by-customer` | +| `services.certificates.cert-manager-configs.provider.pdns.apiKey` | Yes | The PowerDNS API key. | `set-by-customer` | + +### Autoscaling + + + +Optional. If you don't want to use Metrics Server, you can disable it. You will not be able to scale your application automatically based on custom metrics. + + + +Qovery uses [Metrics Server](https://github.com/kubernetes-sigs/metrics-server) to collect metrics from your Kubernetes cluster and scale your applications automatically based on custom metrics. + +#### Metrics Server + +| Key | Required | Description | Default | +|-----------------------------------------------------------|----------|--------------------------------|------------------| +| `services.observability.metrics-server.enabled` | Yes | Enable or disable Metrics. | `true` | +| `services.observability.metrics-server.fullnameOverride` | Yes | The Metrics name. | `metrics-server` | +| `services.observability.metrics-server.apiService.create` | Yes | Enable or disable API service. | `false` | + +## FAQ + +### How to get the Qovery cluster ID, short cluster ID, APK key, and JWT token? + +TODO + +### I have a non-covered use case. What should I do? + +Please [contact us][urls.qovery_contact_us]. We will be happy to help you. + [docs.using-qovery.configuration.cloud-service-provider.amazon-web-services]: /docs/using-qovery/configuration/cloud-service-provider/amazon-web-services/ [docs.using-qovery.configuration.cloud-service-provider.google-cloud-platform]: /docs/using-qovery/configuration/cloud-service-provider/google-cloud-platform/ [docs.using-qovery.configuration.cloud-service-provider.microsoft-azure]: /docs/using-qovery/configuration/cloud-service-provider/microsoft-azure/ [guides.provider.guide-kubernetes]: /guides/provider/guide-kubernetes/ [urls.helm]: https://helm.sh +[urls.qovery_contact_us]: https://www.qovery.com/contact diff --git a/website/docs/using-qovery/configuration/provider/kubernetes.md.erb b/website/docs/using-qovery/configuration/provider/kubernetes.md.erb index 984c12fcc0..2b4a9adb0b 100644 --- a/website/docs/using-qovery/configuration/provider/kubernetes.md.erb +++ b/website/docs/using-qovery/configuration/provider/kubernetes.md.erb @@ -20,7 +20,9 @@ This section is for Kubernetes users. If you are not familiar with Kubernetes, w -Qovery BYOK (Bring Your Own Kubernetes) is a self-hosted version of Qovery. It allows you to install Qovery on your own Kubernetes cluster. Read [this article](https://www.qovery.com/blog/kubernetes-managed-by-qovery-vs-self-managed-byok) to better understand the difference with the Managed Kubernetes by Qovery. In a nutshell, Qovery BYOK is for Kubernetes experts who want to manage their own Kubernetes cluster. Qovery does not manage the Kubernetes cluster for you. +Qovery BYOK (Bring Your Own Kubernetes) is a self-hosted version of Qovery. It allows you to install Qovery on your own Kubernetes cluster. +Read [this article](https://www.qovery.com/blog/kubernetes-managed-by-qovery-vs-self-managed-byok) to better understand the difference with the Managed Kubernetes by Qovery. In a nutshell, Qovery BYOK is for Kubernetes experts who want to manage their own Kubernetes cluster. +Qovery does not manage the Kubernetes cluster for you.

How Qovery works with Self Managed Kubernetes cluster @@ -285,3 +287,235 @@ helm install qovery +## Configuration + +### Qovery + +This is the configuration of Qovery itself. It is used by all Qovery components. + +| Key | Required | Description | Default | +|--------------------------|----------|------------------------------------------------------------|---------------------------| +| `qovery.clusterId` | Yes | The cluster ID. It is used to identify your cluster. | `set-by-customer` | +| `qovery.shortClusterId` | Yes | The short cluster ID. It is used to identify your cluster. | `set-by-customer` | +| `qovery.apkKey` | Yes | The APK key. It is used to authenticate your cluster. | `set-by-customer` | +| `qovery.jwtToken` | Yes | The JWT token. It is used to authenticate your cluster. | `set-by-customer` | +| `qovery.domain` | Yes | The domain name used by Qovery. | `set-by-customer` | +| `qovery.qoveryDnsUrl` | Yes | The Qovery DNS URL. | `https://ddns.qovery.com` | +| `qovery.qoveryDnsApiKey` | Yes | The Qovery DNS API key. | `set-by-customer` | + +### Qovery Cluster Agent + + + +Optional. If you don't want to use the cluster agent, you can disable it. You will not be able to see your logs and metrics in the Qovery dashboard. + + + +The cluster agent is responsible for securely forwarding logs and metrics from your Kubernetes cluster to Qovery control plane. + +| Key | Required | Description | Default | +|------------------------------------------------------------------------|----------|--------------------------------------|-------------------| +| `services.qovery-cluster-agent.enabled` | Yes | Enable or disable the cluster agent. | `false` | +| `services.qovery-cluster-agent.image.tag` | Yes | The cluster agent image tag. | `set-by-customer` | +| `services.qovery-cluster-agent.environmentVariables.GRPC_SERVER` | Yes | The gRPC server URL. | `set-by-customer` | +| `services.qovery-cluster-agent.environmentVariables.CLUSTER_JWT_TOKEN` | Yes | The JWT token. | `set-by-customer` | +| `services.qovery-cluster-agent.environmentVariables.CLUSTER_ID` | Yes | The cluster ID. | `set-by-customer` | +| `services.qovery-cluster-agent.environmentVariables.ORGANIZATION_ID` | Yes | The organization ID. | `set-by-customer` | + +### Qovery Shell Agent + + + +Optional. If you don't want to use the shell agent, you can disable it. You will not be able to open a secure remote shell to your application. + + + +The shell agent is responsible for giving you a secure remote shell access to your Kubernetes pods if you need it. E.g. when using `qovery shell` command. + +| Key | Required | Description | Default | +|-----------------------------------------------------------------------|----------|-------------------------------------|-------------------| +| `services.qovery-shell-agent.enabled` | Yes | Enable or disable the shell agent. | `false` | +| `services.qovery-shell-agent.image.tag` | Yes | The shell agent image tag. | `set-by-customer` | +| `services.qovery-shell-agent.environmentVariables.GRPC_SERVER` | Yes | The gRPC server URL. | `set-by-customer` | +| `services.qovery-shell-agent.environmentVariables.CLUSTER_JWT_TOKEN` | Yes | The JWT token. | `set-by-customer` | +| `services.qovery-shell-agent.environmentVariables.CLUSTER_ID` | Yes | The cluster ID. | `set-by-customer` | +| `services.qovery-shell-agent.environmentVariables.ORGANIZATION_ID` | Yes | The organization ID. | `set-by-customer` | + +### Ingress + + + +Optional. If you don't want to use NGINX Ingress Controller, you can disable it. You will not be able to expose publicly your applications. + + + +Qovery uses [NGINX Ingress Controller](https://docs.nginx.com/nginx-ingress-controller/) by default to route traffic to your applications. + +#### Nginx Ingress Controller + +| Key | Required | Description | Default | +|-------------------------------------------------------------------------------|----------|-------------------------------------------------|---------------------------------------------| +| `services.ingress.ingress-nginx.enabled` | Yes | Enable or disable the NGINX Ingress Controller. | `true` | +| `services.ingress.ingress-nginx.controller.useComponentLabel` | Yes | Use component label. | `true` | +| `services.ingress.ingress-nginx.controller.admissionWebhooks.enabled` | Yes | Enable or disable the admission webhooks. | `false` | +| `services.ingress.ingress-nginx.controller.ingressClass` | Yes | The ingress class. | `nginx-qovery` | +| `services.ingress.ingress-nginx.controller.extraArgs.default-ssl-certificate` | Yes | The default SSL certificate. | `cert-manager/letsencrypt-acme-qovery-cert` | +| `services.ingress.ingress-nginx.controller.publishService.enabled` | Yes | Enable or disable the publish service. | `true` | + +#### Other Ingress Controllers + +Qovery supports other Ingress Controllers. Please contact us if you want to use another one. We will be happy to help you. + +### DNS + + + +Optional. If you don't want to use External DNS, you can disable it. You will not be able to use custom domains. + + + +Qovery uses [External DNS](https://github.com/kubernetes-sigs/external-dns) to automatically configure DNS records for your applications. + +#### External DNS + +| Key | Required | Description | Default | +|-------------------------------------------|----------|---------------------------------|--------------------------------------------| +| `services.dns.external-dns.enabled` | Yes | Enable or disable External DNS. | `true` | +| `services.dns.external-dns.provider` | Yes | The DNS provider. | `pdns` | +| `services.dns.external-dns.domainFilters` | Yes | The domain filters. | `{{ tpl .Values.qovery.domain }}` | +| `services.dns.external-dns.txtOwnerId` | Yes | The TXT owner ID. | `{{ tpl .Values.qovery.shortClusterId }}` | +| `services.dns.external-dns.txtPrefix` | Yes | The TXT prefix. | `{{ tpl .Values.qovery.shortClusterId }}` | +| `services.dns.external-dns.pdns.apiUrl` | Yes | The PowerDNS API URL. | `{{ tpl .Values.qovery.qoveryDnsUrl }}` | +| `services.dns.external-dns.pdns.apiKey` | Yes | The PowerDNS API key. | `{{ tpl .Values.qovery.qoveryDnsApiKey }}` | +| `services.dns.external-dns.pdns.apiPort` | Yes | The PowerDNS API port. | `443` | + +### Logging + + + +Optional. If you don't want to use Loki and Promtail, you can disable them. You will not be able to see your logs in the Qovery dashboard. + + + +Qovery uses [Loki](https://grafana.com/oss/loki/) to store your logs and [Promtail](https://grafana.com/docs/loki/latest/clients/promtail/) to collect your logs. + +#### Loki + +| Key | Required | Description | Default | +|---------------------------------------------------------------------|----------|---------------------------------|-------------------------| +| `services.logging.loki.enabled` | Yes | Enable or disable Loki. | `true` | +| `services.logging.loki.auth_enabled` | Yes | Enable or disable Loki auth. | `false` | +| `services.logging.loki.ingester.lifecycler.ring.kvstore.store` | Yes | The Loki KV store. | `inmemory` | +| `services.logging.loki.ingester.lifecycler.ring.replication_factor` | Yes | The Loki replication factor. | `1` | +| `services.logging.loki.schema_config.configs.from` | Yes | The Loki schema config. | `2020-05-15` | +| `services.logging.loki.schema_config.configs.store` | Yes | The Loki store. | `boltdb-shipper` | +| `services.logging.loki.schema_config.configs.object_store` | Yes | The Loki object store. | `filesystem` | +| `services.logging.loki.schema_config.configs.schema` | Yes | The Loki schema. | `v11` | +| `services.logging.loki.schema_config.configs.index.prefix` | Yes | The Loki index prefix. | `index_` | +| `services.logging.loki.schema_config.configs.index.period` | Yes | The Loki index period. | `24h` | +| `services.logging.loki.monitoring.dashboards.enabled` | Yes | Enable or disable dashboards. | `false` | +| `services.logging.loki.monitoring.rules.enabled` | Yes | Enable or disable rules. | `false` | +| `services.logging.loki.monitoring.serviceMonitor.enabled` | Yes | Enable or disable service. | `false` | +| `services.logging.loki.monitoring.serviceMonitor.metricsInstance` | Yes | Enable or disable metrics. | `false` | +| `services.logging.loki.monitoring.selfMonitoring.enabled` | Yes | Enable or disable self-monitor. | `false` | +| `services.logging.loki.monitoring.selfMonitoring.grafanaAgent` | Yes | Enable or disable Grafana. | `false` | +| `services.logging.loki.monitoring.lokiCanary.enabled` | Yes | Enable or disable Loki Canary. | `false` | +| `services.logging.loki.gateway.enabled` | Yes | Enable or disable gateway. | `false` | +| `services.logging.loki.singleBinary.replicas` | Yes | The Loki replicas. | `1` | +| `services.logging.loki.singleBinary.persistence.enabled` | Yes | Enable or disable persistence. | `false` | +| `services.logging.loki.singleBinary.extraVolumes` | Yes | The Loki extra volumes. | `data` and `storage` | +| `services.logging.loki.singleBinary.extraVolumeMounts` | Yes | The Loki extra volume mounts. | `data` and `storage` | +| `services.logging.loki.singleBinary.extraVolumeMounts.mountPath` | Yes | The Loki extra volume mount. | `/data` and `/var/loki` | +| `services.logging.loki.singleBinary.extraVolumeMounts.name` | Yes | The Loki extra volume name. | `data` and `storage` | +| `services.logging.loki.singleBinary.extraVolumes.emptyDir` | Yes | The Loki extra volume emptyDir. | `{}` | +| `services.logging.loki.singleBinary.extraVolumeMounts.emptyDir` | Yes | The Loki extra volume emptyDir. | `{}` | +| `services.logging.loki.test.enabled` | Yes | Enable or disable test. | `false` | + +#### Promtail + +| Key | Required | Description | Default | +|-----------------------------------------------------------------|----------|------------------------------|-----------------------------------------------------------------------------------------------------------| +| `services.logging.promtail.enabled` | Yes | Enable or disable Promtail. | `true` | +| `services.logging.promtail.namespace` | Yes | The Promtail namespace. | `kube-system` | +| `services.logging.promtail.priorityClassName` | Yes | The Promtail priority class. | `system-node-critical` | +| `services.logging.promtail.config.clients.url` | Yes | The Promtail URL. | `http://loki.qovery.svc:3100/loki/api/v1/push` | +| `services.logging.promtail.config.snippets.extraRelabelConfigs` | Yes | The Promtail extra relabel. | `__meta_kubernetes_pod_label_(qovery_com_service_id\|qovery_com_service_type\|qovery_com_environment_id)` | + +### Certificates + + + +Optional. If you don't want to use Cert Manager, you can disable it. You will not be able to get TLS certificates automatically. + + + +Qovery uses [Cert Manager](https://cert-manager.io/) to automatically get TLS certificates for your applications. + +#### Cert Manager + +| Key | Required | Description | Default | +|---------------------------------------------------------------------------------|----------|---------------------------------|-------------------------------------------| +| `services.certificates.cert-manager.enabled` | Yes | Enable or disable Cert Manager. | `true` | +| `services.certificates.cert-manager.namespace` | Yes | The Cert Manager namespace. | `cert-manager` | +| `services.certificates.cert-manager.fullnameOverride` | Yes | The Cert Manager name. | `cert-manager` | +| `services.certificates.cert-manager.installCRDs` | Yes | Enable or disable CRDs. | `true` | +| `services.certificates.cert-manager.replicaCount` | Yes | The Cert Manager replicas. | `1` | +| `services.certificates.cert-manager.startupapicheck.jobAnnotations` | Yes | The Cert Manager annotations. | `helm.sh/hook: post-install,post-upgrade` | +| `services.certificates.cert-manager.startupapicheck.rbac.annotations` | Yes | The Cert Manager annotations. | `helm.sh/hook: post-install,post-upgrade` | +| `services.certificates.cert-manager.startupapicheck.serviceAccount.annotations` | Yes | The Cert Manager annotations. | `helm.sh/hook: post-install,post-upgrade` | + +#### Qovery Cert Manager Webhook + +| Key | Required | Description | Default | +|------------------------------------------------------------------------------------|----------|--------------------------------|--------------------------------------------| +| `services.certificates.qovery-cert-manager-webhook.fullnameOverride` | Yes | The Qovery Cert Manager name. | `qovery-cert-manager-webhook` | +| `services.certificates.qovery-cert-manager-webhook.certManager.namespace` | Yes | The Cert Manager namespace. | `cert-manager` | +| `services.certificates.qovery-cert-manager-webhook.certManager.serviceAccountName` | Yes | The Cert Manager service name. | `cert-manager` | +| `services.certificates.qovery-cert-manager-webhook.secret.apiUrl` | Yes | The Qovery DNS URL. | `{{ tpl .Values.qovery.qoveryDnsUrl }}` | +| `services.certificates.qovery-cert-manager-webhook.secret.apiKey` | Yes | The Qovery DNS API key. | `{{ tpl .Values.qovery.qoveryDnsApiKey }}` | +| `services.certificates.qovery-cert-manager-webhook.certManager.serviceAccountName` | Yes | The Cert Manager service name. | `cert-manager` | + +#### Cert Manager Configs + +| Key | Required | Description | Default | +|---------------------------------------------------------------------------|----------|---------------------------------|-----------------------------------| +| `services.certificates.cert-manager-configs.fullnameOverride` | Yes | The Cert Manager Configs name. | `cert-manager-configs` | +| `services.certificates.cert-manager-configs.externalDnsProvider` | Yes | The external DNS provider. | `set-by-customer` | +| `services.certificates.cert-manager-configs.managedDns` | Yes | The managed DNS. | `{{ tpl .Values.qovery.domain }}` | +| `services.certificates.cert-manager-configs.acme.letsEncrypt.emailReport` | Yes | The Let's Encrypt email report. | `set-by-customer` | +| `services.certificates.cert-manager-configs.acme.letsEncrypt.acmeUrl` | Yes | The Let's Encrypt URL. | `set-by-customer` | +| `services.certificates.cert-manager-configs.provider.cloudflare.apiToken` | Yes | The Cloudflare API token. | `set-by-customer` | +| `services.certificates.cert-manager-configs.provider.cloudflare.email` | Yes | The Cloudflare email. | `set-by-customer` | +| `services.certificates.cert-manager-configs.provider.pdns.apiPort` | Yes | The PowerDNS API port. | `set-by-customer` | +| `services.certificates.cert-manager-configs.provider.pdns.apiUrl` | Yes | The PowerDNS API URL. | `set-by-customer` | +| `services.certificates.cert-manager-configs.provider.pdns.apiKey` | Yes | The PowerDNS API key. | `set-by-customer` | + +### Autoscaling + + + +Optional. If you don't want to use Metrics Server, you can disable it. You will not be able to scale your application automatically based on custom metrics. + + + +Qovery uses [Metrics Server](https://github.com/kubernetes-sigs/metrics-server) to collect metrics from your Kubernetes cluster and scale your applications automatically based on custom metrics. + +#### Metrics Server + +| Key | Required | Description | Default | +|-----------------------------------------------------------|----------|--------------------------------|------------------| +| `services.observability.metrics-server.enabled` | Yes | Enable or disable Metrics. | `true` | +| `services.observability.metrics-server.fullnameOverride` | Yes | The Metrics name. | `metrics-server` | +| `services.observability.metrics-server.apiService.create` | Yes | Enable or disable API service. | `false` | + +## FAQ + +### How to get the Qovery cluster ID, short cluster ID, APK key, and JWT token? + +TODO + +### I have a non-covered use case. What should I do? + +Please [contact us][urls.qovery_contact_us]. We will be happy to help you. + +