Cluster Advanced Settings

To further fine-tune your Qovery infrastructure, you can set advanced settings through the Qovery API endpoint.

All clusters have access to advanced settings, you can find where they are available in the documentation below with those badges mentioning for which Cloud provider they are available:

You will also find badges mentioning for which components it will be applied:

Below is the list of advanced settings currently available for clusters.

Logs

aws.cloudwatch.eks_logs_retention_days

TypeDescriptionDefault Value
integerMaximum retention days in Cloudwatch for EKS logs.
(possible values: 0, 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 2192, 2557, 2922, 3288, 3653)
90

aws.vpc.enable_s3_flow_logs

TypeDescriptionDefault Value
booleanEnable flow logs on the cluster VPC and store them in an s3 bucket.false

aws.vpc.flow_logs_retention_days

TypeDescriptionDefault Value
integerSet the number of retention days for flow logs. Unlimited retention with value 0365

loki.log_retention_in_week

TypeDescriptionDefault Value
integerMaximum Kubernetes pods (containers/application/jobs/cronjob) retention logs in weeks.12 (84 days)

Image registry

registry.image_retention_time

TypeDescriptionDefault Value
integerAllows you to specify an amount in seconds after which images in the default registry are deleted.31536000 (1 year)

registry.mirroring_mode

TypeDescriptionDefault Value
stringAllows you to specify the image mirroring mode to be used for each image deployed on this cluster. (possible values: Service or Cluster)Service

cloud_provider.container_registry.tags

TypeDescriptionDefault Value
Map<String, String>Add additional tags on the cluster dedicated registry

Network

Load balancer

load_balancer.size

TypeDescriptionDefault Value
stringAllows you to specify the load balancer size in front of your cluster. Possible values are:
- lb-s: 200 Mbps
- lb-gp-m: 500 Mbps
- lb-gp-l: 1 Gbps
- lb-gp-xl: 4 Gbps
lb-s

Nginx

nginx.vcpu.request_in_milli_cpu

TypeDescriptionDefault Value
integerVcpu request value in millicores assigned to Nginx pods200

nginx.vcpu.limit_in_milli_cpu

TypeDescriptionDefault Value
integerVcpu limit value in millicores assigned to Nginx pods700

nginx.memory.request_in_mib

TypeDescriptionDefault Value
integerMemory limit value in MiB assigned to Nginx pods768

nginx.memory.limit_in_mib

TypeDescriptionDefault Value
integerMemory limit value in MiB assigned to Nginx pods768

nginx.hpa.cpu_utilization_percentage_threshold

TypeDescriptionDefault Value
integerHpa (horizontal pod autoscaler) cpu threshold in percentage assigned to Nginx deployment50

nginx.hpa.min_number_instances

TypeDescriptionDefault Value
integerMinimum number of Nginx instances running2

nginx.hpa.max_number_instances

TypeDescriptionDefault Value
integerMaximum number of Nginx instances running25

nginx.controller.enable_client_ip

TypeDescriptionDefault Value
boolEnables ngx_http_realip_module module.false

Database access

database.postgresql.deny_public_access

TypeDescriptionDefault Value
booleanDeny public access to all PostgreSQL databases. When true, configure the CIDR range you want to allow within the associated allowed_cidrs parameter (default is "any IP").
⚠️ Public access to managed databases will instantly be removed
⚠️ Public access to container databases will be removed only after a database redeployment
false

database.postgresql.allowed_cidrs

TypeDescriptionDefault Value
booleanList of allowed CIDRS. Valid only when database.postgresql.deny_public_access is set to true["0.0.0.0/0"]

database.mysql.deny_public_access

TypeDescriptionDefault Value
booleanDeny public access to all MySQL databases. When true, configure the CIDR range you want to allow within the associated allowed_cidrs parameter (default is "any IP").
⚠️ Public access to managed databases will instantly be removed
⚠️ Public access to container databases will be removed only after a database redeployment
false

database.mysql.allowed_cidrs

TypeDescriptionDefault Value
booleanList of allowed CIDRS. Valid only when database.mysql.deny_public_access is set to true["0.0.0.0/0"]

database.mongodb.deny_public_access

TypeDescriptionDefault Value
booleanDeny public access to all MongoDB databases. When true, configure the CIDR range you want to allow within the associated allowed_cidrs parameter (default is "any IP").
⚠️ Public access to managed databases will instantly be removed
⚠️ Public access to container databases will be removed only after a database redeployment
false

database.mongodb.allowed_cidrs

TypeDescriptionDefault Value
booleanList of allowed CIDRS. Valid only when database.mongodb.deny_public_access is set to true["0.0.0.0/0"]

database.redis.deny_public_access

TypeDescriptionDefault Value
booleanDeny public access to all Redis databases. When true, configure the CIDR range you want to allow within the associated allowed_cidrs parameter (default is "anyone").
⚠️ Public access to managed databases will instantly be removed
⚠️ Public access to container databases will be removed only after a database redeployment
false

database.redis.allowed_cidrs

TypeDescriptionDefault Value
booleanList of allowed CIDRS. Valid only when database.redis.deny_public_access is set to true["0.0.0.0/0"]

IAM

aws.iam.enable_admin_group_sync

TypeDescriptionDefault Value
booleanEnable IAM admin group sync IAM permissions setup.
⚠️ aws.iam.admin_group should be set.
true

aws.iam.admin_group

TypeDescriptionDefault Value
stringAllows you to specify the IAM group name associated with the Qovery user in the AWS console during the IAM permissions setup to be able to connect to the Kubernetes clusterAdmins

aws.iam.enable_sso

TypeDescriptionDefault Value
booleanEnable SSO sync allowing IAM users to connect to cluster using SSO. Setup SSO support for your cluster.
⚠️ aws.iam.sso_role_arn should be set.
false

aws.iam.sso_role_arn

TypeDescriptionDefault Value
stringAllows you to specify the SSO role ARN to be used to connect to your cluster. Setup SSO support for your cluster""

Miscellaneous

aws.eks.ec2.metadata_imds

TypeDescriptionDefault Value
stringSpecify the IMDS version you want to use. Possible values are required (IMDS v2 only) and optional (IMDS v1 and V2)optional

aws.eks.encrypt_secrets_kms_key_arn

TypeDescriptionDefault Value
stringAllows you to activate KMS encryption of your Kubernetes secrets. Specify the key ARN of your AWS KMS key.