Skip to main content

Overview

Cluster Advanced Settings allow you to fine-tune infrastructure-level parameters for your Qovery-managed Kubernetes clusters. These settings provide granular control over networking, logging, security, resource allocation, and cloud provider-specific features.

Cloud Provider Availability

Settings are tagged with their supported cloud providers:
https://mintcdn.com/qovery/bC94RbU5OE288_w9/images/logos/cloud-providers/aws-icon.svg?fit=max&auto=format&n=bC94RbU5OE288_w9&q=85&s=39fdefda6b2a184faa10bc1d85b46f7d

AWS

Amazon Web Services
https://mintcdn.com/qovery/bC94RbU5OE288_w9/images/logos/cloud-providers/gcp-icon.svg?fit=max&auto=format&n=bC94RbU5OE288_w9&q=85&s=193518027f66a4ac6a82d008c61b3c5d

GCP

Google Cloud Platform
https://mintcdn.com/qovery/bC94RbU5OE288_w9/images/logos/cloud-providers/azure-icon.svg?fit=max&auto=format&n=bC94RbU5OE288_w9&q=85&s=e01d2f798fbdc429f1f4d013772a8be2

Azure

Microsoft Azure
https://mintcdn.com/qovery/bC94RbU5OE288_w9/images/logos/cloud-providers/scaleway-icon.svg?fit=max&auto=format&n=bC94RbU5OE288_w9&q=85&s=9e27c1725260aba1a6fbfcaa78b63370

Scaleway

Scaleway

Configuring Cluster Advanced Settings

The easiest way to configure cluster advanced settings is directly from the Qovery Console:
1

Navigate to Cluster Settings

Go to your cluster page and click on Settings
2

Open Advanced Settings

In the settings menu, select Advanced Settings
3

Configure Settings

Browse and configure the advanced settings you need. Settings are organized by category for easy navigation.
4

Save and Redeploy

Click Save and redeploy your cluster for changes to take effect
Cluster Advanced Settings in Console
Use the “Show only overridden settings” toggle to filter and view only the settings you’ve customized from their default values.
After updating cluster advanced settings, you must redeploy the cluster for changes to take effect.

Via Qovery API

You can also configure advanced settings using the Qovery API: 
curl -X PATCH "https://api.qovery.com/cluster/{cluster_id}/advancedSettings" \
  -H "Authorization: Token YOUR_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "loki.log_retention_in_week": 24,
    "nginx.hpa.min_number_instances": 3,
    "database.postgresql.deny_any_access": false,
    "database.postgresql.allowed_cidrs": ["10.0.0.0/16"]
  }'

Via Terraform

Use the Qovery Terraform Provider to manage cluster advanced settings as code: 
resource "qovery_cluster" "my_cluster" {
  name                = "production-cluster"
  organization_id     = var.organization_id
  cloud_provider      = "AWS"
  region              = "us-east-1"

  advanced_settings_json = jsonencode({
    "loki.log_retention_in_week" = 24
    "nginx.hpa.min_number_instances" = 3
    "nginx.controller.enable_client_ip" = true
    "database.postgresql.deny_any_access" = false
    "database.postgresql.allowed_cidrs" = ["10.0.0.0/16"]
  })
}

Logs

aws.cloudwatch.eks_logs_retention_days

Cloud Provider: AWS Type: integer Description: Maximum retention days in CloudWatch for EKS logs. Valid values: 0, 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 2192, 2557, 2922, 3288, 3653 Default Value: 90

aws.vpc.enable_s3_flow_logs

Cloud Provider: AWS Type: boolean Description: Enable flow logs on the cluster VPC and store them in an S3 bucket. Default Value: false

aws.vpc.flow_logs_retention_days

Cloud Provider: AWS Type: integer Description: Set the number of retention days for flow logs. Set to 0 for unlimited retention. Default Value: 365

loki.log_retention_in_week

Cloud Provider: AWS Scaleway GCP Azure Type: integer Description: Maximum Kubernetes pods (containers/applications/jobs/cronjobs) retention logs in weeks. Default Value: 12 (84 days)

gcp.vpc.enable_flow_logs

Cloud Provider: GCP Type: boolean Description: Enable VPC flow logs on the cluster VPC (on each VPC subnetwork). See GCP VPC logs flow documentation. Default Value: false

gcp.vpc.flow_logs_sampling

Cloud Provider: GCP Type: float Description: Set VPC logs flow sampling percentage. Value should be within 0.0 (no sampling) to 1.0 (all logs) range. Default Value: 0.0

object_storage.enable_logging

Cloud Provider: AWS GCP Azure Type: boolean Description: Activate cluster buckets logging into a <bucket>-log bucket. See documentation for AWS and GCP. Default Value: false

DNS

dns.coredns.extra_config

Cloud Provider: AWS Scaleway Azure Type: string Description: Additional configuration to add to CoreDNS. This can be used to customize DNS resolution rules on the cluster. Default Value: null Example: 
example.com:53 {
    errors
    cache 30
    forward . 8.8.8.8 8.8.4.4
}

Image Registry

registry.image_retention_time

Cloud Provider: AWS Type: integer Description: Allows you to specify an amount in seconds after which images in the default registry are deleted.
Changing this setting will only affect new ECR repositories created after the change. Existing repositories will not be affected.
Default Value: 31536000 (1 year)

registry.mirroring_mode

Cloud Provider: AWS Type: string Description: Allows you to specify the image mirroring mode to be used for each image deployed on this cluster. Valid values: Service, Cluster Default Value: Service

cloud_provider.container_registry.tags

Cloud Provider: AWS Scaleway GCP Azure Type: Map<String, String> Description: Add additional tags on the cluster dedicated registry. Default Value: {} Example: 
{
  "cloud_provider.container_registry.tags": {
    "Environment": "Production",
    "Team": "Platform"
  }
}

Network - Load Balancer

aws.eks.enable_alb_controller

Cloud Provider: AWS Type: boolean Description: Enable the AWS ALB controller to manage the load balancer for the cluster.
Enabling this feature will create a 10 min max downtime on your application’s public access (time to delete, replace and propagate DNS of the new load balancer).
Use Case: For custom VPCs (Qovery Managed VPC does not require these), you need to add labels to subnets: kubernetes.io/role/elb=1 on public subnets, kubernetes.io/role/internal-elb=1 on private subnets, and kubernetes.io/cluster/<cluster-name>=shared on all subnets. Default Value: true

aws.eks.alb_controller.replicas

Cloud Provider: AWS Type: integer Description: Sets AWS ALB controller number of replicas. For production clusters, it’s recommended to have at least 2 replicas for high availability. Default Value: 2

aws.eks.alb_controller.vpa.vcpu.min_in_milli_cpu

Cloud Provider: AWS Type: integer Description: Sets AWS ALB controller VPA (vertical pod autoscaling) vCPU minimum value in milli CPU. Default Value: 250

aws.eks.alb_controller.vpa.vcpu.max_in_milli_cpu

Cloud Provider: AWS Type: integer Description: Sets AWS ALB controller VPA (vertical pod autoscaling) vCPU maximum value in milli CPU. Default Value: 250

aws.eks.alb_controller.vpa.memory.min_in_mib

Cloud Provider: AWS Type: integer Description: Sets AWS ALB controller VPA (vertical pod autoscaling) memory minimum value in mebibyte. Default Value: 128

aws.eks.alb_controller.vpa.memory.max_in_mib

Cloud Provider: AWS Type: integer Description: Sets AWS ALB controller VPA (vertical pod autoscaling) memory maximum value in mebibyte. Default Value: 128

load_balancer.size

Cloud Provider: Scaleway Type: string Description: Allows you to specify the load balancer size in front of your cluster. Valid values: lb-s (200 Mbps), lb-gp-m (500 Mbps), lb-gp-l (1 Gbps), lb-gp-xl (4 Gbps) Default Value: lb-s

Network - NGINX Ingress

nginx.vcpu.request_in_milli_cpu

Cloud Provider: AWS Scaleway GCP Azure Type: integer Description: vCPU request value in millicores assigned to NGINX pods. Default Value: 200

nginx.vcpu.limit_in_milli_cpu

Cloud Provider: AWS Scaleway GCP Azure Type: integer Description: vCPU limit value in millicores assigned to NGINX pods. Default Value: 700

nginx.memory.request_in_mib

Cloud Provider: AWS Scaleway GCP Azure Type: integer Description: Memory request value in MiB assigned to NGINX pods. Default Value: 768

nginx.memory.limit_in_mib

Cloud Provider: AWS Scaleway GCP Azure Type: integer Description: Memory limit value in MiB assigned to NGINX pods. Default Value: 768

nginx.hpa.cpu_utilization_percentage_threshold

Cloud Provider: AWS Scaleway GCP Azure Type: integer Description: HPA CPU threshold in percentage assigned to NGINX deployment. Default Value: 50

nginx.hpa.min_number_instances

Cloud Provider: AWS Scaleway GCP Azure Type: integer Description: Minimum number of NGINX replicas for horizontal pod autoscaling. Default Value: 2

nginx.hpa.max_number_instances

Cloud Provider: AWS Scaleway GCP Azure Type: integer Description: Maximum number of NGINX replicas for horizontal pod autoscaling. Default Value: 25

nginx.controller.enable_client_ip

Cloud Provider: AWS Scaleway GCP Azure Type: boolean Description: Enables ngx_http_realip_module module to get the real client IP address. Default Value: false

nginx.controller.enable_compression

Cloud Provider: AWS Scaleway GCP Azure Type: boolean Description: Enables compression (Brotli) for HTTP responses. When disabled, content will not be compressed, which may increase bandwidth usage but reduce CPU load. Default Value: true

nginx.controller.use_forwarded_headers

Cloud Provider: AWS Scaleway GCP Azure Type: boolean Description: Passes incoming X-Forwarded-For header upstream. See documentation. Default Value: false

nginx.controller.compute_full_forwarded_for

Cloud Provider: AWS Scaleway GCP Azure Type: boolean Description: Append the remote address to the X-Forwarded-For header instead of replacing it. See documentation. Default Value: false

nginx.controller.log_format_upstream

Cloud Provider: AWS Scaleway GCP Azure Type: string Description: Allows to customize NGINX log-format. Default Value: null

nginx.controller.log_format_escaping

Cloud Provider: AWS Scaleway GCP Azure Type: string Description: Allows to customize NGINX log-format-escaping setting. Valid values: Default, JSON, None Default Value: Default

nginx.controller.http_snippet

Cloud Provider: AWS Scaleway GCP Azure Type: string Description: Allows to customize NGINX http-snippet configuration. Used for cluster-level NGINX configuration that applies to all services. Use Case: See Rate Limiting Guide for practical examples. Default Value: null

nginx.controller.server_snippet

Cloud Provider: AWS Scaleway GCP Azure Type: string Description: Allows to customize NGINX server-snippet configuration. Used for server-level NGINX configuration. Use Case: See Rate Limiting Guide for practical examples. Default Value: null

nginx.controller.limit_request_status_code

Cloud Provider: AWS Scaleway GCP Azure Type: integer Description: Allows to customize NGINX limit-req-status-code. Commonly set to 429 (Too Many Requests) for rate limiting. Default Value: null (defaults to 503)

nginx.controller.custom_http_errors

Cloud Provider: AWS Scaleway GCP Azure Type: string Description: Allows to customize NGINX custom-http-errors. Default Value: null Example: "404,503"

nginx.default_backend.enabled

Cloud Provider: AWS Scaleway GCP Azure Type: boolean Description: Allows enabling the default_backend for NGINX.
If you don’t specify custom image repository and tag, ensure your cluster includes nodes with amd64 architecture.
Default Value: false

nginx.default_backend.image_repository

Cloud Provider: AWS Scaleway GCP Azure Type: string Description: Specifies the Docker image repository used for the default_backend. Default Value: null

nginx.default_backend.image_tag

Cloud Provider: AWS Scaleway GCP Azure Type: string Description: Defines the image tag used by default_backend. Default Value: null

Network - Database Access Control

database.postgresql.deny_any_access

Cloud Provider: AWS Type: boolean Description: Deny any access to all PostgreSQL databases.
  • Managed databases: Access is removed instantly
  • Container databases: Access is removed only after redeployment
Default Value: false

database.postgresql.allowed_cidrs

Cloud Provider: AWS Type: string Description: List of allowed CIDR ranges for PostgreSQL database access. Default Value: ["0.0.0.0/0"]

database.mysql.deny_any_access

Cloud Provider: AWS Type: boolean Description: Deny any access to all MySQL databases.
  • Managed databases: Access is removed instantly
  • Container databases: Access is removed only after redeployment
Default Value: false

database.mysql.allowed_cidrs

Cloud Provider: AWS Type: string Description: List of allowed CIDR ranges for MySQL database access. Default Value: ["0.0.0.0/0"]

database.mongodb.deny_any_access

Cloud Provider: AWS Type: boolean Description: Deny any access to all MongoDB databases.
  • Managed databases: Access is removed instantly
  • Container databases: Access is removed only after redeployment
Default Value: false

database.mongodb.allowed_cidrs

Cloud Provider: AWS Type: string Description: List of allowed CIDR ranges for MongoDB database access. Default Value: ["0.0.0.0/0"]

database.redis.deny_any_access

Cloud Provider: AWS Type: boolean Description: Deny any access to all Redis databases.
  • Managed databases: Access is removed instantly
  • Container databases: Access is removed only after redeployment
Default Value: false

database.redis.allowed_cidrs

Cloud Provider: AWS Type: string Description: List of allowed CIDR ranges for Redis database access. Default Value: ["0.0.0.0/0"]

Service Resources

allow_service_cpu_overcommit

Cloud Provider: AWS Scaleway GCP Azure Type: boolean Description: Authorize CPU overcommit (limit > request) for services deployed within this cluster.
Using overcommit on pod resources can lead to instability on your cluster and we strongly discourage it. Be careful when using this feature.
Use Case: Once enabled, you can update the service advanced setting resources.override.limit.cpu_in_mib. Default Value: false

allow_service_ram_overcommit

Cloud Provider: AWS Scaleway GCP Azure Type: boolean Description: Authorize memory overcommit (limit > request) for services deployed within this cluster.
Using overcommit on pod resources can lead to instability on your cluster and we strongly discourage it. Be careful when using this feature.
Use Case: Once enabled, you can update the service advanced setting resources.override.limit.ram_in_mib. Default Value: false

IAM & Security

aws.iam.enable_admin_group_sync

Cloud Provider: AWS Type: boolean Description: Enable IAM admin group sync. See IAM permissions setup.
aws.iam.admin_group must be set when enable_admin_group_sync is true.
Default Value: true

aws.iam.admin_group

Cloud Provider: AWS Type: string Description: Allows you to specify the IAM group name associated with the Qovery user. Configure IAM group permissions for cluster access. Default Value: Admins

aws.iam.enable_sso

Cloud Provider: AWS Type: boolean Description: Enable SSO sync allowing IAM users to connect to cluster using SSO.
aws.iam.sso_role_arn must be set when enable_sso is true.
Default Value: false

aws.iam.sso_role_arn

Cloud Provider: AWS Type: string Description: Allows you to specify the SSO role ARN to be used to connect to your cluster. Default Value: ""

aws.eks.encrypt_secrets_kms_key_arn

Cloud Provider: AWS Type: string Description: Allows you to activate KMS encryption of your Kubernetes secrets. Specify the key ARN of your AWS KMS key.
It won’t be possible to go back once this feature is activated.
Default Value: null

k8s.api.allowed_public_access_cidrs

Cloud Provider: AWS GCP Azure Type: string Description: Contains additional CIDRs that should be whitelisted to access the Kubernetes API.
qovery.static_ip_mode should be set to true to make this setting effective.
Default Value: []

Miscellaneous

aws.eks.ec2.metadata_imds

Cloud Provider: AWS Type: string Description: Specify the IMDS version you want to use. Valid values: required (IMDS v2 only), optional (IMDS v1 and v2) Default Value: required

aws.eks.ec2.ami

Cloud Provider: AWS Type: string Description: Specify the AMI you want to use for EKS nodes. Valid values: AmazonLinux2 (Deprecated, not working after Kubernetes 1.32), AmazonLinux2023 (Default Amazon AMI, recommended), Bottlerocket (Focuses on security and maintainability) Default Value: AmazonLinux2023

aws.metrics_server.replicas

Cloud Provider: AWS Type: integer Description: Specify the number of replicas for the metrics-server pod. Set to 2 or more in production for high availability. Default Value: 1

qovery.static_ip_mode

Cloud Provider: AWS GCP Type: boolean Description: Enable the static IP mode for the Qovery control plane and automatically activate the private endpoint on the Kubernetes API and add the Qovery IP to the CIDR whitelist.
If you need to connect to the Kubernetes cluster from your network, make sure to add your CIDR to k8s.api.allowed_public_access_cidrs.
DockerHub credentials are required to activate this feature. Configure them in Organization settings > Container registry. Why? DockerHub has a rate limit by IP. Since the Qovery control plane will be seen as a single IP, you need authenticated access to increase the limit.
Default Value: false

storageclass.fast_ssd

Type: string Description: Specify the Kubernetes storageClass to be used for storage attached to your container databases and applications. Default Value: Cloud provider specific

Next Steps

Service Advanced Settings

Configure service-level advanced settings

Rate Limiting Guide

Implement rate limiting with NGINX

IP Authorization Guide

Configure IP and header-based authorization

Cluster Management

Learn about cluster operations

Qovery API Reference

Explore the full Qovery API
https://mintcdn.com/qovery/bC94RbU5OE288_w9/images/logos/terraform-icon.svg?fit=max&auto=format&n=bC94RbU5OE288_w9&q=85&s=e435f4dfa945bf74f2ed7deff23e009d

Terraform Provider

Manage infrastructure as code