Configuration reference¶

All persistent configuration lives in dekube.yaml. This file is created on first run and preserved across re-runs. User edits are never overwritten.

This is your territory. The engine converts; the config file is where you tell it what to ignore, what to override, and what to pretend was never there. Think of it as the leash on a machine that has no business existing — short enough to control, long enough to be useful.

Full example¶

name: my-platform
volume_root: ./data
extensions:
  caddy:
    email: admin@example.com

distribution_version: v3.1.0
depends:
  - keycloak
  - cert-manager==0.3.0
  - trust-manager

volumes:
  data-postgresql:
    driver: local
  myapp-data:
    host_path: app
  other:
    host_path: ./custom

exclude:
  - prometheus-operator
  - meet-celery-*

replacements:
  - old: 'path_style_buckets = false'
    new: 'path_style_buckets = true'

overrides:
  redis-master:
    image: redis:7-alpine
    command: ["redis-server", "--requirepass", "$secret:redis:redis-password"]
    volumes: ["$volume_root/redis:/data"]
    environment: null

services:
  minio-init:
    image: quay.io/minio/mc:latest
    restart: on-failure
    entrypoint: ["/bin/sh", "-c"]
    command:
      - mc alias set local http://minio:9000 $secret:minio:rootUser $secret:minio:rootPassword
        && mc mb --ignore-existing local/my-bucket

Engine keys¶

These are the controls that let you steer the heresy — what to exclude, what to override, what to pretend doesn't exist. All documented in the engine reference; they work identically in helmfile2compose:

name — compose project name (auto-detected on first run)
volume_root — base path for PVC bind mounts (default: ./data)
volumes — PVC-to-volume mappings (auto-populated on first run)
exclude — workload names to skip (fnmatch wildcards)
replacements — global find/replace in env vars, ConfigMap files, and proxy upstreams
overrides — deep merge into generated services (null deletes keys)
services — custom compose services added verbatim
extensions — per-extension config (Caddy email/TLS, enable/disable)
ingress_types — custom ingressClassName → rewriter mapping
disable_ingress — skip reverse proxy generation
network — external compose network override

See the full engine configuration reference for detailed descriptions, examples, placeholders ($secret:, $volume_root), and legacy key migration.

Distribution-specific keys¶

These keys are for the package manager, not the engine. The engine doesn't care what version it is; the manager cares so you don't wake up to a breaking change on a Tuesday morning.

`distribution_version`¶

Pin the distribution version for dekube-manager.

distribution_version: v3.1.0

core_version is accepted as a backwards-compatible alias.

`distribution`¶

Select which distribution dekube-manager installs. Default: helmfile2compose. Use core for the bare engine (dekube.py).

distribution: helmfile2compose

`depends`¶

List of dekube extensions required by this project. dekube-manager reads this list and installs them automatically.

depends:
  - keycloak
  - cert-manager==0.3.0
  - trust-manager

Bare names pull the latest release. Pin with ==version for reproducibility (recommended — see Your project).

See dekube-manager — declarative dependencies for override behavior and details.