Skip to content

Settings

This page contains a list of advanced settings which can be used in Harvester. You can modify the custom resource settings.harvesterhci.io from the Dashboard UI or with the kubectl command.

additional-ca

This setting allows you to configure additional trusted CA certificates for Harvester to access external services.

Default: none

Example

-----BEGIN CERTIFICATE-----
SOME-CA-CERTIFICATES
-----END CERTIFICATE-----

backup-target

This setting allows you to set a custom backup target to store VM backups. It supports NFS and S3. For further information, please refer to the Longhorn documentation.

Default: none

Example

{
  "type": "s3",
  "endpoint": "https://s3.endpoint.svc",
  "accessKeyId": "test-access-key-id",
  "secretAccessKey": "test-access-key",
  "bucketName": "test-bup",
  "bucketRegion": "us‑east‑2",
  "cert": "",
  "virtualHostedStyle": false
}

cluster-registration-url

This setting allows you to import the Harvester cluster to Rancher for multi-cluster management.

Default: none

Example

https://172.16.0.1/v3/import/w6tp7dgwjj549l88pr7xmxb4x6m54v5kcplvhbp9vv2wzqrrjhrc7c_c-m-zxbbbck9.yaml

http-proxy

This setting allows you to configure an HTTP proxy to access external services, including the download of images and backup to s3 services.

Default: {}

The following options and values can be set:

  • Proxy URL for HTTP requests: "httpProxy": "http://<username>:<pswd>@<ip>:<port>"
  • Proxy URL for HTTPS requests: "httpsProxy": "https://<username>:<pswd>@<ip>:<port>"
  • Comma-separated list of hostnames and/or CIDRs: "noProxy": "<hostname | CIDR>"

Example

{
  "httpProxy": "http://my.proxy",
  "httpsProxy": "https://my.proxy",
  "noProxy": "some.internal.svc,172.16.0.0/16"
}

Note

Harvester appends necessary addresses to user configured no-proxy to ensure the internal traffic works. i.e., localhost,127.0.0.1,0.0.0.0,10.0.0.0/8,cattle-system.svc,.svc,.cluster.local

log-level

This setting allows you to configure the log level for the Harvester server.

Default: info

The following values can be set. The list goes from the least to most verbose log level:

  • panic
  • fatal
  • error
  • warn, warning
  • info
  • debug
  • trace

Example

debug

overcommit-config

This setting allows you to configure the percentage for resources overcommit on CPU, memory, and storage. By setting resources overcommit, this will permit to schedule additional virtual machines even if the the physical resources are already fully utilized.

Default: { "cpu":1600, "memory":150, "storage":200 }

The default CPU overcommit with 1600% means, for example, if the CPU resources limit of a virtual machine is 1600m core, Harvester would only request 100m CPU for it from Kubernetes scheduler.

Example

{
  "cpu": 1000,
  "memory": 200,
  "storage": 300
}

server-version

This setting displays the version of Harvester server.

Example

v1.0.0-abcdef-head

ssl-certificates

This setting allows you to configure serving certificates for Harvester UI/API.

Default: {}

Example

{
  "ca": "-----BEGIN CERTIFICATE-----\nSOME-CERTIFICATE-ENCODED-IN-PEM-FORMAT\n-----END CERTIFICATE-----",
  "publicCertificate": "-----BEGIN CERTIFICATE-----\nSOME-CERTIFICATE-ENCODED-IN-PEM-FORMAT\n-----END CERTIFICATE-----",
  "privateKey": "-----BEGIN RSA PRIVATE KEY-----\nSOME-PRIVATE-KEY-ENCODED-IN-PEM-FORMAT\n-----END RSA PRIVATE KEY-----"
}

ssl-parameters

This setting allows you to configure SSL parameters. Protocols are separated by spaces and ciphers are separated by colons.

Default: {}

Example

{
  "protocols": "TLSv1.2 TLSv1.3",
  "ciphers": "ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384"
}

ui-index

This setting allows you to configure HTML index location for the UI.

Default: https://releases.rancher.com/harvester-ui/dashboard/latest/index.html

Example

https://your.static.dashboard-ui/index.html

ui-source

This setting allows you to configure how to load the UI source.

The following values can be set:

  • auto: The default. Auto-detect whether to use bundled UI or not.
  • external: Use external UI source.
  • bundled: Use the bundled UI source.

Example

external

upgrade-checker-enabled

This setting allows you to automatically check if there's an upgrade available for Harvester.

Default: true

Example

false

upgrade-checker-url

This setting allows you to configure the URL for the upgrade check of Harvester. Can only be used if the upgrade-checker-enabled setting is set to true.

Default: https://harvester-upgrade-responder.rancher.io/v1/checkupgrade

Example

https://your.upgrade.checker-url/v99/checkupgrade

vlan

This setting allows you to configure the default physical NIC name of the VLAN network.

Default: none

Example

ens3

auto-disk-provision-paths [Experimental]

This setting allows Harvester to automatically add disks that match the given glob pattern as VM storage. It's possible to provide multiple patterns by separating them with a comma.

Warning

  • This setting is applied to every Node in the cluster.
  • All the data in these storage devices will be destroyed. Use at your own risk.

Default: none

Example

The following example will add disks matching the glob pattern /dev/sd* or /dev/hd*:

/dev/sd*,/dev/hd*

ssl-parameters

This setting allows you to change the enabled SSL/TLS protocols and ciphers of Harvester GUI and API.

The following options and values can be set:

  • protocols: Enabled protocols. See NGINX Ingress Controller's configs ssl-protocols for supported input.

  • ciphers: Enabled ciphers. See NGINX Ingress Controller's configs ssl-ciphers for supported input.

If no value is provided, protocols is set to TLSv1.2 only and the ciphers list is ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305.

Default: none

Note

See Troubleshooting if you have misconfigured this setting and no longer have access to Harvester GUI and API.

Example

The following example sets the enabled SSL/TLS protocols to TLSv1.2 and TLSv1.3 and the ciphers list to ECDHE-ECDSA-AES128-GCM-SHA256 and ECDHE-ECDSA-CHACHA20-POLY1305.

{
  "protocols": "TLSv1.2 TLSv1.3",
  "ciphers": "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305"
}

vm-force-reset-policy

This setting allows you to force reschedule VMs when a node is unavailable. When a node turns to be Not Ready, it will force delete the VM on that node and reschedule it to another available node after a period of seconds.

Default: {"enable":true, "period":300}

Example

{
  "enable": "true",
  "period": 300
}