To further fine-tune your Qovery infrastructure, you can set advanced settings through the Qovery API endpoint.
Cluster advanced settings are not available in the Qovery console yet.
All clusters have access to advanced settings, you can find where they are available in the documentation below with those badges mentioning for which Cloud provider they are available:
You will also find badges mentioning for which components it will be applied:
Below is the list of advanced settings currently available for clusters.
#Logs
#aws.cloudwatch.eks_logs_retention_days
| Type | Description | Default Value |
|---|
| integer | Maximum retention days in Cloudwatch for EKS logs.
(possible values: 0, 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 2192, 2557, 2922, 3288, 3653) | 90 |
#aws.vpc.enable_s3_flow_logs
| Type | Description | Default Value |
|---|
| boolean | Enable flow logs on the cluster VPC and store them in an s3 bucket. | false |
#aws.vpc.flow_logs_retention_days
| Type | Description | Default Value |
|---|
| integer | Set the number of retention days for flow logs. Unlimited retention with value 0 | 365 |
#loki.log_retention_in_week
| Type | Description | Default Value |
|---|
| integer | Maximum Kubernetes pods (containers/application/jobs/cronjob) retention logs in weeks. | 12 (84 days) |
#gcp.vpc.enable_flow_logs
#gcp.vpc.flow_logs_sampling
| Type | Description | Default Value |
|---|
| float | Set VPC logs flow sampling percentage. Value should be within [0.0 (no sampling), 1.0 (all logs)] range. | 0.0 |
#Image registry
#registry.image_retention_time
| Type | Description | Default Value |
|---|
| integer | Allows you to specify an amount in seconds after which images in the default registry are deleted. | 31536000 (1 year) |
#registry.mirroring_mode
| Type | Description | Default Value |
|---|
| string | Allows you to specify the image mirroring mode to be used for each image deployed on this cluster. (possible values: Service or Cluster) | Service |
#cloud_provider.container_registry.tags
| Type | Description | Default Value |
|---|
| Map<String, String> | Add additional tags on the cluster dedicated registry | |
#Network
#Load balancer
#aws.eks.enable_alb_controller
Enabling this feature will create a 10 min max downtime on your application's public access (time to delete, replace and propagate DNS of the new load balancer).
| Type | Description | Default Value |
|---|
| boolean | Enable the AWS ALB controller to manage the load balancer for the cluster. | true |
Requirements for customers using custom VPCs (Qovery Managed VPC does not require these steps):
- On public subnets: add a label
kubernetes.io/role/elb with the value 1 to the subnet where the ALB will be created. - On private subnets: add a label
kubernetes.io/role/internal-elb with the value 1 to the subnet where the ALB will be created. - On all subnets: add a label
kubernetes.io/cluster/<cluster-name> with the value shared to the subnet where the ALB will be created.
#aws.eks.alb_controller.vpa.vcpu.min_in_milli_cpu
| Type | Description | Default Value |
|---|
| integer | Sets AWS ALB controller VPA (vertical pod autoscaling) vCPU minimum value in milli CPU. | 250 |
#aws.eks.alb_controller.vpa.vcpu.max_in_milli_cpu
| Type | Description | Default Value |
|---|
| integer | Sets AWS ALB controller VPA (vertical pod autoscaling) vCPU maximum value in milli CPU. | 250 |
#aws.eks.alb_controller.vpa.memory.min_in_mib
| Type | Description | Default Value |
|---|
| integer | Sets AWS ALB controller VPA (vertical pod autoscaling) memory minimum value in mebibyte. | 128 |
#aws.eks.alb_controller.vpa.memory.max_in_mib
| Type | Description | Default Value |
|---|
| integer | Sets AWS ALB controller VPA (vertical pod autoscaling) memory maximum value in mebibyte. | 128 |
#load_balancer.size
| Type | Description | Default Value |
|---|
| string | Allows you to specify the load balancer size in front of your cluster. Possible values are:
- lb-s: 200 Mbps
- lb-gp-m: 500 Mbps
- lb-gp-l: 1 Gbps
- lb-gp-xl: 4 Gbps | lb-s |
#Nginx
#nginx.vcpu.request_in_milli_cpu
| Type | Description | Default Value |
|---|
| integer | Vcpu request value in millicores assigned to Nginx pods | 200 |
#nginx.vcpu.limit_in_milli_cpu
| Type | Description | Default Value |
|---|
| integer | Vcpu limit value in millicores assigned to Nginx pods | 700 |
#nginx.memory.request_in_mib
| Type | Description | Default Value |
|---|
| integer | Memory limit value in MiB assigned to Nginx pods | 768 |
#nginx.memory.limit_in_mib
| Type | Description | Default Value |
|---|
| integer | Memory limit value in MiB assigned to Nginx pods | 768 |
#nginx.hpa.cpu_utilization_percentage_threshold
| Type | Description | Default Value |
|---|
| integer | Hpa (horizontal pod autoscaler) cpu threshold in percentage assigned to Nginx deployment | 50 |
#nginx.hpa.min_number_instances
| Type | Description | Default Value |
|---|
| integer | Minimum number of Nginx instances running | 2 |
#nginx.hpa.max_number_instances
| Type | Description | Default Value |
|---|
| integer | Maximum number of Nginx instances running | 25 |
#nginx.controller.enable_client_ip
#nginx.controller.use_forwarded_headers
| Type | Description | Default Value |
|---|
| bool | Passes incoming X-Forwarded-For header upstream, see documentation. | false |
#nginx.controller.compute_full_forwarded_for
| Type | Description | Default Value |
|---|
| bool | Append the remote address to the X-Forwarded-For header instead of replacing it, see documentation. | false |
#nginx.controller.log_format_upstream
| Type | Description | Default Value |
|---|
| string | Allows to customize nginx log-format. | null |
#nginx.controller.log_format_escaping
| Type | Description | Default Value |
|---|
| string | Allows to customize nginx log-format-escaping setting, possible values are: Default, JSON, None. | Default |
#Database access
#database.postgresql.deny_any_access 
| Type | Description | Default Value |
|---|
| boolean | Deny any access to all PostgreSQL databases. When false, configure the CIDR range you want to allow within the associated allowed_cidrs parameter (default is "any IP").
⚠️ Any access to managed databases will instantly be removed
⚠️ Any access to container databases will be removed only after a database redeployment | false |
#database.postgresql.allowed_cidrs
#database.mysql.deny_any_access
| Type | Description | Default Value |
|---|
| boolean | Deny any access to all MySQL databases. When false, configure the CIDR range you want to allow within the associated allowed_cidrs parameter (default is "any IP").
⚠️ Any access to managed databases will instantly be removed
⚠️ Any access to container databases will be removed only after a database redeployment | false |
#database.mysql.allowed_cidrs
#database.mongodb.deny_any_access
| Type | Description | Default Value |
|---|
| boolean | Deny any access to all MongoDB databases. When false, configure the CIDR range you want to allow within the associated allowed_cidrs parameter (default is "any IP").
⚠️ Any access to managed databases will instantly be removed
⚠️ Any access to container databases will be removed only after a database redeployment | false |
#database.mongodb.allowed_cidrs
#database.redis.deny_any_access
| Type | Description | Default Value |
|---|
| boolean | Deny any access to all Redis databases. When false, configure the CIDR range you want to allow within the associated allowed_cidrs parameter (default is "anyone").
⚠️ Any access to managed databases will instantly be removed
⚠️ Any access to container databases will be removed only after a database redeployment | false |
#database.redis.allowed_cidrs
#Service
#allow_service_cpu_overcommit
Using overcommit on pod resources can lead to instability on your cluster and we strongly discourage it. Be careful when using this feature.
| Type | Description | Default Value |
|---|
| boolean | Authorize CPU overcommit (limit > request) for the services deployed within this cluster | false |
Once enabled, you can update the advanced setting resources.override.limit.cpu_in_mib of your service.
#allow_service_ram_overcommit
Using overcommit on pod resources can lead to instability on your cluster and we strongly discourage it. Be careful when using this feature.
| Type | Description | Default Value |
|---|
| boolean | Authorize memory overcommit (limit > request) for the services deployed within this cluster | false |
Once enabled, you can update the advanced setting resources.override.limit.ram_in_mib of your service.
#IAM
#aws.iam.enable_admin_group_sync
#aws.iam.admin_group
| Type | Description | Default Value |
|---|
| string | Allows you to specify the IAM group name associated with the Qovery user in the AWS console during the IAM permissions setup to be able to connect to the Kubernetes cluster. Its value can be changed after the cluster installation via a re-deploy without any downtime. | Admins |
#aws.iam.enable_sso
#aws.iam.sso_role_arn
#Miscellaneous
#aws.eks.ec2.metadata_imds
| Type | Description | Default Value |
|---|
| string | Specify the IMDS version you want to use. Possible values are required (IMDS v2 only) and optional (IMDS v1 and V2) | optional |
#aws.eks.encrypt_secrets_kms_key_arn
It won't be possible to go back once this feature is activated.
| Type | Description | Default Value |
|---|
| string | Allows you to activate KMS encryption of your Kubernetes secrets. Specify the key ARN of your AWS KMS key. | |
#qovery.static_ip_mode
| Type | Description | Default Value |
|---|
| boolean | Enable the static ip mode for the qovery control plane and automatically 1) activate the private endpoint on the Kubernetes API 2) add the Qovery IP to the CIDR whitelist. | false |
If you need to connect to the Kubernetes cluster from your network, make sure to add your CIDR to the advanced setting k8s.api.allowed_public_access_cidrs.
Dockerhub credentials are necessary to activate this feature.
Before setting this advanced settings to true, go through the Organization settings > Container registry and make sure that your Dockerhub registry has some credentials set.
Why? Dockerhub has a rate limit system by IP when pulling from their registry. Since the Qovery control plane will be seen as a single IP, we will quickly reach the limit. This limit can be increased if you are a logged-in user and thus, if you put your credentials in the Dockerhub registry configuration of your organization, you should not encounter any rate limit issue during the deployment.
#k8s.api.allowed_public_access_cidrs
qovery.static_ip_mode should be set to true to make this advanced settings effective
| Type | Description | Default Value |
|---|
| string | It contains any additional CIDR that should be whitelisted to access the Kubernetes API (Example:["100.100.100.0/32","200.200.200.0/24"] ) | [] |
#storageclass.fast_ssd
| Type | Description | Default Value |
|---|
| string | Specify the kubernetes storageClass to be used for the storage attached to your container databases and applications | different by cloud provider |