Cluster Advanced Settings

To further fine-tune your Qovery infrastructure, you can set advanced settings through the Qovery API endpoint.

All clusters have access to advanced settings, you can find where they are available in the documentation below with those badges mentioning for which Cloud provider they are available:

You will also find badges mentioning for which components it will be applied:

Below is the list of advanced settings currently available for clusters.

Logs

aws.cloudwatch.eks_logs_retention_days

TypeDescriptionDefault Value
integerMaximum retention days in Cloudwatch for EKS logs.
(possible values: 0, 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 2192, 2557, 2922, 3288, 3653)		90

aws.vpc.enable_s3_flow_logs

TypeDescriptionDefault Value
booleanEnable flow logs on the cluster VPC and store them in an s3 bucket.false

aws.vpc.flow_logs_retention_days

TypeDescriptionDefault Value
integerSet the number of retention days for flow logs. Unlimited retention with value 0365

loki.log_retention_in_week

TypeDescriptionDefault Value
integerMaximum Kubernetes pods (containers/application/jobs/cronjob) retention logs in weeks.12 (84 days)

gcp.vpc.enable_flow_logs

TypeDescriptionDefault Value
booleanEnable VPC flow logs on the cluster VPC (on each VPC subnetworks). See GCP VPC logs flow documentation.false

gcp.vpc.flow_logs_sampling

TypeDescriptionDefault Value
floatSet VPC logs flow sampling percentage. Value should be within [0.0 (no sampling), 1.0 (all logs)] range.0.0

DNS

dns.coredns.extra_config

TypeDescriptionDefault Value
stringAdditional configuration to add to CoreDNS. This can be used to customize DNS resolution rules on the cluster.null

Example:

example.com:53 {
    errors
    cache 30
    forward . 8.8.8.8 8.8.4.4
}

Image registry

registry.image_retention_time

TypeDescriptionDefault Value
integerAllows you to specify an amount in seconds after which images in the default registry are deleted.31536000 (1 year)

registry.mirroring_mode

TypeDescriptionDefault Value
stringAllows you to specify the image mirroring mode to be used for each image deployed on this cluster. (possible values: Service or Cluster)Service

cloud_provider.container_registry.tags

TypeDescriptionDefault Value
Map<String, String>Add additional tags on the cluster dedicated registry

Network

Load balancer

aws.eks.enable_alb_controller

TypeDescriptionDefault Value
booleanEnable the AWS ALB controller to manage the load balancer for the cluster.true

Requirements for customers using custom VPCs (Qovery Managed VPC does not require these steps):

  • On public subnets: add a label kubernetes.io/role/elb with the value 1 to the subnet where the ALB will be created.
  • On private subnets: add a label kubernetes.io/role/internal-elb with the value 1 to the subnet where the ALB will be created.
  • On all subnets: add a label kubernetes.io/cluster/<cluster-name> with the value shared to the subnet where the ALB will be created.

aws.eks.alb_controller.vpa.vcpu.min_in_milli_cpu

TypeDescriptionDefault Value
integerSets AWS ALB controller VPA (vertical pod autoscaling) vCPU minimum value in milli CPU.250

aws.eks.alb_controller.vpa.vcpu.max_in_milli_cpu

TypeDescriptionDefault Value
integerSets AWS ALB controller VPA (vertical pod autoscaling) vCPU maximum value in milli CPU.250

aws.eks.alb_controller.vpa.memory.min_in_mib

TypeDescriptionDefault Value
integerSets AWS ALB controller VPA (vertical pod autoscaling) memory minimum value in mebibyte.128

aws.eks.alb_controller.vpa.memory.max_in_mib

TypeDescriptionDefault Value
integerSets AWS ALB controller VPA (vertical pod autoscaling) memory maximum value in mebibyte.128

load_balancer.size

TypeDescriptionDefault Value
stringAllows you to specify the load balancer size in front of your cluster. Possible values are:
- lb-s: 200 Mbps
- lb-gp-m: 500 Mbps
- lb-gp-l: 1 Gbps
- lb-gp-xl: 4 Gbps		lb-s

Nginx

nginx.vcpu.request_in_milli_cpu

TypeDescriptionDefault Value
integerVcpu request value in millicores assigned to Nginx pods200

nginx.vcpu.limit_in_milli_cpu

TypeDescriptionDefault Value
integerVcpu limit value in millicores assigned to Nginx pods700

nginx.memory.request_in_mib

TypeDescriptionDefault Value
integerMemory limit value in MiB assigned to Nginx pods768

nginx.memory.limit_in_mib

TypeDescriptionDefault Value
integerMemory limit value in MiB assigned to Nginx pods768

nginx.hpa.cpu_utilization_percentage_threshold

TypeDescriptionDefault Value
integerHpa (horizontal pod autoscaler) cpu threshold in percentage assigned to Nginx deployment50

nginx.hpa.min_number_instances

TypeDescriptionDefault Value
integerMinimum number of Nginx instances running2

nginx.hpa.max_number_instances

TypeDescriptionDefault Value
integerMaximum number of Nginx instances running25

nginx.controller.enable_client_ip

TypeDescriptionDefault Value
boolEnables ngx_http_realip_module module.false

nginx.controller.enable_compression

TypeDescriptionDefault Value
boolEnables compression (Brotli) for HTTP responses.
When disabled, content will not be compressed, which may increase bandwidth usage but reduce CPU load.		true

nginx.controller.use_forwarded_headers

TypeDescriptionDefault Value
boolPasses incoming X-Forwarded-For header upstream, see documentation.false

nginx.controller.compute_full_forwarded_for

TypeDescriptionDefault Value
boolAppend the remote address to the X-Forwarded-For header instead of replacing it, see documentation.false

nginx.controller.log_format_upstream

TypeDescriptionDefault Value
stringAllows to customize nginx log-format.null

nginx.controller.log_format_escaping

TypeDescriptionDefault Value
stringAllows to customize nginx log-format-escaping setting, possible values are: Default, JSON, None.Default

nginx.controller.http_snippet

TypeDescriptionDefault Value
stringAllows to customize nginx http-snippet configuration.null

nginx.controller.server_snippet

TypeDescriptionDefault Value
stringAllows to customize nginx server-snippet configuration.null

nginx.controller.limit_request_status_code

TypeDescriptionDefault Value
integerAllows to customize nginx limit-req-status-code. If not set (null) nginx defaults to 503.null

nginx.controller.custom_http_errors

TypeDescriptionDefault Value
stringAllows to customize nginx custom-http-errors. example: "404,503".null

nginx.default_backend.enabled

TypeDescriptionDefault Value
booleanAllows enabling the default_backend.
⚠️ Note: If you don’t specify any nginx.default_backend.image_repository and nginx.default_backend.image_tag, ensure that your cluster includes nodes with an amd64 architecture.
false

nginx.default_backend.image_repository

TypeDescriptionDefault Value
stringSpecifies the Docker image repository used for the default_backend. The image registry must be publicly accessible without requiring authentication. example: registry/image.null

nginx.default_backend.image_tag

TypeDescriptionDefault Value
stringDefines the image tag used by default_backend. example: 1.4.null

Database access

database.postgresql.deny_any_access

TypeDescriptionDefault Value
booleanDeny any access to all PostgreSQL databases. When false, configure the CIDR range you want to allow within the associated allowed_cidrs parameter (default is "any IP").
⚠️ Any access to managed databases will instantly be removed
⚠️ Any access to container databases will be removed only after a database redeployment		false

database.postgresql.allowed_cidrs

TypeDescriptionDefault Value
stringList of allowed CIDRS. Valid only when database.postgresql.deny_any_access is set to false["0.0.0.0/0"]

database.mysql.deny_any_access

TypeDescriptionDefault Value
booleanDeny any access to all MySQL databases. When false, configure the CIDR range you want to allow within the associated allowed_cidrs parameter (default is "any IP").
⚠️ Any access to managed databases will instantly be removed
⚠️ Any access to container databases will be removed only after a database redeployment		false

database.mysql.allowed_cidrs

TypeDescriptionDefault Value
stringList of allowed CIDRS. Valid only when database.mysql.deny_any_access is set to false["0.0.0.0/0"]

database.mongodb.deny_any_access

TypeDescriptionDefault Value
booleanDeny any access to all MongoDB databases. When false, configure the CIDR range you want to allow within the associated allowed_cidrs parameter (default is "any IP").
⚠️ Any access to managed databases will instantly be removed
⚠️ Any access to container databases will be removed only after a database redeployment		false

database.mongodb.allowed_cidrs

TypeDescriptionDefault Value
stringList of allowed CIDRS. Valid only when database.mongodb.deny_any_access is set to false["0.0.0.0/0"]

database.redis.deny_any_access

TypeDescriptionDefault Value
booleanDeny any access to all Redis databases. When false, configure the CIDR range you want to allow within the associated allowed_cidrs parameter (default is "anyone").
⚠️ Any access to managed databases will instantly be removed
⚠️ Any access to container databases will be removed only after a database redeployment		false

database.redis.allowed_cidrs

TypeDescriptionDefault Value
stringList of allowed CIDRS. Valid only when database.redis.deny_any_access is set to false["0.0.0.0/0"]

Service

allow_service_cpu_overcommit

TypeDescriptionDefault Value
booleanAuthorize CPU overcommit (limit > request) for the services deployed within this clusterfalse

Once enabled, you can update the advanced setting resources.override.limit.cpu_in_mib of your service.

allow_service_ram_overcommit

TypeDescriptionDefault Value
booleanAuthorize memory overcommit (limit > request) for the services deployed within this clusterfalse

Once enabled, you can update the advanced setting resources.override.limit.ram_in_mib of your service.

IAM

aws.iam.enable_admin_group_sync

TypeDescriptionDefault Value
booleanEnable IAM admin group sync IAM permissions setup.
⚠️ aws.iam.admin_group should be set.		true

aws.iam.admin_group

TypeDescriptionDefault Value
stringAllows you to specify the IAM group name associated with the Qovery user in the AWS console during the IAM permissions setup to be able to connect to the Kubernetes cluster. Its value can be changed after the cluster installation via a re-deploy without any downtime.Admins

aws.iam.enable_sso

TypeDescriptionDefault Value
booleanEnable SSO sync allowing IAM users to connect to cluster using SSO. Setup SSO support for your cluster.
⚠️ aws.iam.sso_role_arn should be set.		false

aws.iam.sso_role_arn

TypeDescriptionDefault Value
stringAllows you to specify the SSO role ARN to be used to connect to your cluster. Setup SSO support for your cluster""

Object storage

object_storage.enable_logging

TypeDescriptionDefault Value
stringActivate cluster buckets logging into a <bucket>-log bucket. CF documentation for AWS and GCP.false

Miscellaneous

aws.eks.ec2.metadata_imds

TypeDescriptionDefault Value
stringSpecify the IMDS version you want to use. Possible values are required (IMDS v2 only) and optional (IMDS v1 and V2)required

aws.eks.encrypt_secrets_kms_key_arn

TypeDescriptionDefault Value
stringAllows you to activate KMS encryption of your Kubernetes secrets. Specify the key ARN of your AWS KMS key.

qovery.static_ip_mode

TypeDescriptionDefault Value
booleanEnable the static ip mode for the qovery control plane and automatically 1) activate the private endpoint on the Kubernetes API 2) add the Qovery IP to the CIDR whitelist.false

Before setting this advanced settings to true, go through the Organization settings > Container registry and make sure that your Dockerhub registry has some credentials set.

Why? Dockerhub has a rate limit system by IP when pulling from their registry. Since the Qovery control plane will be seen as a single IP, we will quickly reach the limit. This limit can be increased if you are a logged-in user and thus, if you put your credentials in the Dockerhub registry configuration of your organization, you should not encounter any rate limit issue during the deployment.

k8s.api.allowed_public_access_cidrs

TypeDescriptionDefault Value
stringIt contains any additional CIDR that should be whitelisted to access the Kubernetes API (Example:["100.100.100.0/32","200.200.200.0/24"] )[]

storageclass.fast_ssd

TypeDescriptionDefault Value
stringSpecify the kubernetes storageClass to be used for the storage attached to your container databases and applicationsdifferent by cloud provider
Contents
Resources