This document provides a list of flags that can be set to control some specific aspects of Lifecycle Manager. The flags are set as arguments to the Lifecycle Manager Deployment. You can find the flags in the respective tables:
| Flag | Type | Default Value | Description |
|---|---|---|---|
max-concurrent-kyma-reconciles |
int | 1 | Maximum number of concurrent Kyma CR reconciles which can be run |
max-concurrent-manifest-reconciles |
int | 1 | Maximum number of concurrent Manifest CR reconciles which can be run |
max-concurrent-watcher-reconciles |
int | 1 | Maximum number of concurrent Watcher CR reconciles which can be run |
max-concurrent-mandatory-modules-reconciles |
int | 1 | Maximum number of concurrent Mandatory Modules installation reconciles which can be run |
max-concurrent-mandatory-modules-deletion-reconciles |
int | 1 | Maximum number of concurrent Mandatory Modules deletion reconciles which can be run |
| Flag | Type | Default Value | Description |
|---|---|---|---|
kyma-requeue-success-interval |
duration | 30s | Duration after which a Kyma CR in the Ready state is enqueued for reconciliation |
kyma-requeue-error-interval |
duration | 2s | Duration after which a Kyma CR in the Error state is enqueued for reconciliation |
kyma-requeue-warning-interval |
duration | 30s | Duration after which a Kyma CR in the Warning state is enqueued for reconciliation |
kyma-requeue-busy-interval |
duration | 5s | Duration after which a Kyma CR in the Processing state is enqueued for reconciliation |
mandatory-module-requeue-success-interval |
duration | 30s | Duration after which a Kyma CR in the Ready state is enqueued for mandatory module installation reconciliation |
manifest-requeue-success-interval |
duration | 30s | Duration after which a Manifest CR in the Ready state is enqueued for reconciliation |
manifest-requeue-error-interval |
duration | 2s | Duration after which a Manifest CR in the Error state is enqueued for reconciliation |
manifest-requeue-warning-interval |
duration | 30s | Duration after which a Manifest CR in the Warning state is enqueued for reconciliation |
manifest-requeue-busy-interval |
duration | 5s | Duration after which a Manifest CR in the Processing state is enqueued for reconciliation |
manifest-requeue-jitter-probability |
float | 0.02 | Percentage probability that jitter is applied to the requeue interval |
manifest-requeue-jitter-percentage |
float | 0.02 | Percentage range for the jitter applied to the requeue interval e.g. 0.1 means +/- 10% of the interval |
mandatory-module-deletion-requeue-success-interval |
duration | 30s | Duration after which a Kyma CR in the Ready state is enqueued for mandatory module deletion reconciliation |
watcher-requeue-success-interval |
duration | 30s | Duration after which a Watcher CR in the Ready state is enqueued for reconciliation |
module-upgrade-rollout-max-delay |
duration | 5m | Maximum random delay added when requeueing Kyma CRs after a new module version is assigned to a channel in a ModuleReleaseMeta. Spreads reconciliations over time to avoid rate-limiting bursts. Set to 0 to disable spreading. |
istio-gateway-secret-requeue-success-interval |
duration | 5m | Duration after which the Istio Gateway Secret is enqueued after successful reconciliation |
istio-gateway-secret-requeue-error-interval |
duration | 2s | Duration after which the Istio Gateway Secret is enqueued after unsuccessful reconciliation |
| Flag | Type | Default Value | Description |
|---|---|---|---|
rate-limiter-burst |
int | 200 | Maximum number of requests that can be processed immediately by all controllers before being rate-limited. Controls how many reconciliations can happen in quick succession during burst periods |
rate-limiter-frequency |
int | 30 | Number of requests per second added to the rate limiter bucket for all controllers. Controls how many reconciliations are allowed to happen in steady state |
failure-base-delay |
duration | 100ms | Duration of the failure base delay for rate limiting in all controllers |
failure-max-delay |
duration | 5s | Duration of the failure max delay for rate limiting in all controllers |
cache-sync-timeout |
duration | 2m | Duration of the cache sync timeout in all controllers |
| Flag | Type | Default Value | Description |
|---|---|---|---|
k8s-client-qps |
int | 1000 | Maximum queries per second (QPS) limit for the Kubernetes client. Controls how many requests can be made to the Kubernetes API server per second in the steady state |
k8s-client-burst |
int | 2000 | Maximum burst size for throttling Kubernetes API requests. Allows temporarily exceeding the QPS limit when there are sudden spikes in request volume |
k8s-skr-client-qps |
int | 50 | Maximum queries per second (QPS) limit for the SKR Kubernetes client. Controls how many requests can be made to the Kubernetes API server per second in the steady state |
k8s-skr-client-burst |
int | 100 | Maximum burst size for throttling SKR Kubernetes API requests. Allows temporarily exceeding the QPS limit when there are sudden spikes in request volume |
| Flag | Type | Default Value | Description |
|---|---|---|---|
cert-management |
string | cert-manager.io/v1 | Certificate management system to use. Accepted values: cert-manager.io/v1, cert.gardener.cloud/v1alpha1 |
self-signed-cert-duration |
duration | 90*24h | Duration of self-signed certificate. Minimum: 1h |
self-signed-cert-renew-before |
duration | 60*24h | Duration before the currently issued self-signed certificate's expiry when cert-manager should renew the certificate |
self-signed-cert-renew-buffer |
duration | 24h | Duration to wait before confirming self-signed certificate are not renewed |
self-signed-cert-key-size |
int | 4096 | Key size for the self-signed certificate |
self-signed-cert-issuer-name |
string | klm-watcher-selfsigned | Issuer name for the self-signed certificate |
self-signed-cert-naming-template |
string | %s-webhook-tls | Naming template for the self-signed certificate. Should contain one %s placeholder for the Kyma name |
self-signed-cert-issuer-namespace |
string | istio-system | Namespace of the Issuer for self-signed certificates |
| Flag | Type | Default Value | Description |
|---|---|---|---|
istio-gateway-cert-switch-before-expiration-time |
duration | - | Deprecated: Duration before the expiration of the current CA certificate when the Gateway certificate should be switched |
istio-gateway-server-cert-switch-grace-period |
duration | 4d | Duration after the rotation of the CA certificate when the Gateway certificate will be switched |
istio-namespace |
string | istio-system | Namespace for Istio resources in a cluster |
istio-gateway-name |
string | klm-watcher | Name of the Istio Gateway resource in a cluster |
istio-gateway-namespace |
string | kcp-system | Namespace for the Istio Gateway resource in a cluster |
| Flag | Type | Default Value | Description |
|---|---|---|---|
metrics-bind-address |
string | :8080 | Address and port for binding of metrics endpoint |
metrics-cleanup-interval |
int | 15 | Interval (in minutes) at which the cleanup of non-existing Kyma CRs metrics runs |
health-probe-bind-address |
string | :8081 | Address and port for binding of health probe endpoint |
pprof-bind-address |
string | :8084 | Address and port for binding of pprof profiling endpoint |
pprof |
bool | false | Enable a pprof server |
pprof-server-timeout |
duration | 90s | Duration of timeout of read/write for the pprof server |
| Flag | Type | Default Value | Description |
|---|---|---|---|
skr-watcher-image-name |
string | runtime-watcher | Image name to be used for the SKR Watcher image |
skr-watcher-image-tag |
string | "" | Image tag to be used for the SKR Watcher image |
skr-watcher-image-registry |
string | europe-docker.pkg.dev/kyma-project/prod | Image registry to be used for the SKR Watcher image |
skr-webhook-memory-limits |
string | 200Mi | Resource limit for memory allocation to the SKR webhook |
skr-webhook-cpu-limits |
string | 0.1 | Resource limit for CPU allocation to the SKR webhook |
kyma-skr-listener-bind-address |
string | :8082 | Address and port for binding the SKR event listener for Kyma resources |
manifest-skr-listener-bind-address |
string | :8083 | Address and port for binding the SKR event listener for Manifest resources |
additional-dns-names |
string | "" | Additional DNS Names which are added to SKR certificates as SANs. Input should be given as comma-separated list, for example "--additional-dns-names=localhost,127.0.0.1,host.k3d.internal" |
listener-port-overwrite |
string | "" | Port that is mapped to HTTP port of the local k3d cluster using --port 9443:443@loadbalancer when creating the KCP cluster |
| Flag | Type | Default Value | Description |
|---|---|---|---|
leader-elect |
bool | false | Enable leader election for controller manager. Enabling it ensures there is only one active controller manager |
leader-election-lease-duration |
duration | 180s | Duration configured for the 'LeaseDuration' option of the controller-runtime library used to run the controller manager process |
leader-election-renew-deadline |
duration | 120s | Duration configured for the 'RenewDeadline' option of the controller-runtime library used to run the controller manager process |
leader-election-retry-period |
duration | 3s | Duration configured for the 'RetryPeriod' option of the controller-runtime library used to run the controller manager process |
| Flag | Type | Default Value | Description |
|---|---|---|---|
purge-finalizer-timeout |
duration | 5m | Duration after a Kyma's deletion timestamp when the remaining resources should be purged in the SKR |
skip-finalizer-purging-for |
string | "" | CRDs to be excluded from finalizer removal. Example: 'ingressroutetcps.traefik.containo.us,*.helm.cattle.io' |
| Flag | Type | Default Value | Description |
|---|---|---|---|
min-maintenance-window-size |
duration | 20m | Minimum duration of maintenance window required for reconciling modules with downtime |
drop-crd-stored-version-map |
string | Manifest:v1beta1,Watcher:v1beta1,ModuleTemplate:v1beta1,Kyma:v1beta1 | API versions to be dropped from the storage version. The input format must be a comma-separated list of API versions, where each API version is in the kind:version format |
sync-namespace |
string | kyma-system | Namespace for syncing remote Kyma and module catalog |
enable-webhooks |
bool | false | Enable Validation/Conversion Webhooks |
log-level |
int | 0 (Warn level) | Log level. Enter negative or positive values to increase verbosity. 0 has the lowest verbosity. |
oci-registry-cred-secret |
string | "" | Allows to configure the name of the Secret containing the credentials of the OCI registry storing the OCM component versions of modules. Must not be set together with --oci-registry-host. The Secret must be of type kubernetes.io/dockerconfigjson. The 'Auths' map of the .dockerconfigjson must contain one entry only. |
oci-registry-host |
string | "" | Allows to configure the hostname of the OCI registry storing the OCM component versions of modules. Must not be set together with --oci-registry-cred-secret. If the OCI registry requires authentication, the --oci-registry-cred-secret flag must be used instead. |
modules-repository-subpath |
string | "" | Allows to configure an additional repository subpath that is appended to the OCI registry host (provided via --oci-registry-host or resolved from the --oci-registry-cred-secret Secret). Use this when the configured registry is a general-purpose registry, and the OCM component versions of modules are stored under a specific subpath. |