Verrazzano Custom Resource Definition

The Verrazzano custom resource contains the configuration information for an installation. Here is a sample Verrazzano custom resource file that uses Oracle Cloud Infrastructure DNS. See other examples here.

apiVersion: install.verrazzano.io/v1alpha1
kind: Verrazzano
metadata:
  name: example-verrazzano
spec:
  environmentName: env
  profile: prod
  components:
    certManager:
      certificate:
        acme:
          provider: letsEncrypt
          emailAddress: emailAddress@example.com
    dns:
      oci:
        ociConfigSecret: oci
        dnsZoneCompartmentOCID: dnsZoneCompartmentOcid
        dnsZoneOCID: dnsZoneOcid
        dnsZoneName: my.dns.zone.name
    ingress:
      type: LoadBalancer

VerrazzanoSpec

Field Type Description Required
environmentName string Name of the installation. This name is part of the endpoint access URLs that are generated. The default value is default. No
profile string The installation profile to select. Valid values are prod (production) and dev (development). The default is prod. No
version string The version to install. Valid versions can be found here. Defaults to the current version supported by the Verrazzano platform operator. No
components Components The Verrazzano components. No
defaultVolumeSource VolumeSource Defines the type of volume to be used for persistence for all components unless overridden, and can be one of either EmptyDirVolumeSource or PersistentVolumeClaimVolumeSource. If PersistentVolumeClaimVolumeSource is declared, then the claimName must reference the name of an existing VolumeClaimSpecTemplate declared in the volumeClaimSpecTemplates section. No
volumeClaimSpecTemplates VolumeClaimSpecTemplate Defines a named set of PVC configurations that can be referenced from components to configure persistent volumes. No

VolumeClaimSpecTemplate

Field Type Description Required
metadata ObjectMeta Metadata about the PersistentVolumeClaimSpec template. No
spec PersistentVolumeClaimSpec A PersistentVolumeClaimSpec template that can be referenced by a Component to override its default storage settings for a profile. At present, only a subset of the resources.requests object are honored depending on the component. No

Components

Field Type Description Required
authProxy AuthProxyComponent The AuthProxy component configuration. No
certManager CertManagerComponent The cert-manager component configuration. No
dns DNSComponent The DNS component configuration. No
ingress IngressComponent The ingress component configuration. No
istio IstioComponent The Istio component configuration. No
fluentd FluentdComponent The Fluentd component configuration. No
jaegerOperator JaegerOperatorComponent The Jaeger Operator component configuration. No
keycloak KeycloakComponent The Keycloak component configuration. No
elasticsearch OpenSearchComponent The OpenSearch component configuration. No
prometheus PrometheusComponent The Prometheus component configuration. No
kibana OpenSearchDashboardsComponent The OpenSearch Dashboards component configuration. No
grafana GrafanaComponent The Grafana component configuration. No
kiali KialiComponent The Kiali component configuration. No
prometheusOperator PrometheusOperatorComponent The Prometheus Operator component configuration. No
prometheusAdapter PrometheusAdapterComponent The Prometheus Adapter component configuration. No
kubeStateMetrics KubeStateMetricsComponent The Prometheus Adapter component configuration. No

AuthProxy Component

Field Type Description Required
enabled Boolean If true, then AuthProxy will be installed. No
kubernetes AuthProxyKubernetes The Kubernetes resources than can be configured for AuthProxy. No

AuthProxy Kubernetes Configuration

Field Type Description Required
replicas uint32 The number of pods to replicate. No
affinity Affinity A Kubernetes affinity definition. No

CertManager Component

Field Type Description Required
certificate Certificate The certificate configuration. No

Certificate

Field Type Description Required
acme Acme The ACME configuration. Either acme or ca must be specified. No
ca CertificateAuthority The certificate authority configuration. Either acme or ca must be specified. No

Acme

Field Type Description Required
provider string Name of the Acme provider. Yes
emailAddress string Email address of the user. Yes

CertificateAuthority

Field Type Description Required
secretName string The secret name. Yes
clusterResourceNamespace string The secrete namespace. Yes

DNS Component

Field Type Description Required
wildcard DNS-Wilcard Wildcard DNS configuration. This is the default with a domain of nip.io. No
oci DNS-OCI Oracle Cloud Infrastructure DNS configuration. No
external DNS-External External DNS configuration. No

DNS Wildcard

Field Type Description Required
domain string The type of wildcard DNS domain. For example, nip.io, sslip.io, and such. Yes

DNS Oracle Cloud Infrastructure

Field Type Description Required
ociConfigSecret string Name of the Oracle Cloud Infrastructure configuration secret. Generate a secret based on the Oracle Cloud Infrastructure configuration profile you want to use. You can specify a profile other than DEFAULT and specify the secret name. See instructions by running ./install/create_oci_config_secret.sh. Yes
dnsZoneCompartmentOCID string The Oracle Cloud Infrastructure DNS compartment OCID. Yes
dnsZoneOCID string The Oracle Cloud Infrastructure DNS zone OCID. Yes
dnsZoneName string Name of Oracle Cloud Infrastructure DNS zone. Yes
dnsScope string Scope of the Oracle Cloud Infrastructure DNS zone (PRIVATE, GLOBAL). If not specified, then defaults to GLOBAL. No

DNS External

Field Type Description Required
suffix string The suffix for DNS names. Yes

Ingress Component

Field Type Description Required
type string The ingress type. Valid values are LoadBalancer and NodePort. The default value is LoadBalancer. If the ingress type is NodePort, a valid and accessible IP address must be specified using the controller.service.externalIPs key in NGINXInstallArgs. For sample usage, see External Load Balancers. No
nginxInstallArgs NGINXInstallArgs list A list of values to use during NGINX installation. No
ports PortConfig list The list port configurations used by the ingress. No

NGINX Install Args

Name Type ValueType Description Required
controller.service.externalIPs NameValue string list The external IP address used by the NGINX Ingress Controller. No
controller.service.externalTrafficPolicy NameValue string Preserves the client source IP address. See Bare-metal considerations. No
controller.service.annotations.* NameValue string Annotations used for NGINX Ingress Controller. For sample usage, see Customize Ingress. No
controller.autoscaling.enabled NameValue Boolean If true, then enable horizonal pod autoscaler. Default false. No
controller.autoscaling.minReplicas NameValue string Minimum replicas used for autoscaling. Default 1. No

Port Config

Field Type Description Required
name string The port name. No
port string The port value. Yes
targetPort string The target port value. The default is same as the port value. Yes
protocol string The protocol used by the port. TCP is the default. No
nodePort string The nodePort value. No

Name Value

Field Type Description Required
name string The name of a Helm override for a Verrazzano component chart, specified with a —set flag on the Helm command line, for example, helm install --set name=value. For more information about chart overrides, see Customize Ingress. Yes
value string The value of a Helm override for a Verrazzano component chart, specified with a —set flag on the Helm command line, for example, helm install --set name=value. Either value or valueList must be specified. For more information about chart overrides, see Customize Ingress. No
valueList string list The list of Helm override values for a Verrazzano component, each specified with a —set flag on the Helm command line, for example, helm install --set name[0]=<first element of valueList> —set name[1]=<second element of valueList>. Either value or valueList must be specified. For more information about chart overrides, see Customize Ingress. No
setString Boolean Specifies if the argument requires the Helm --set-string command-line flag to override a chart value, for example, helm install --set-string name=value. No

Istio Component

Field Type Description Required
enabled Boolean If true, then Istio will be installed. No
istioIngress IstioIngress The Istio ingress gateway configuration. No
istioEgress IstioEgress The Istio egress gateway configuration. No
istioInstallArgs IstioInstallArgs list A list of values to use during Istio installation. Each argument is specified as either a name/value or name/valueList pair. No

Istio Ingress Configuration

Field Type Description Required
type string The Istio ingress type. Valid values are LoadBalancer and NodePort. The default value is LoadBalancer. If the Istio ingress type is NodePort, a valid and accessible IP address must be specified using the gateways.istio-ingressgateway.externalIPs key in IstioInstallArgs. For sample usage, see External Load Balancers. No
ports PortConfig list The list port configurations used by the Istio ingress. No
kubernetes IstioKubernetes The Kubernetes resources than can be configured for an Istio ingress gateway. No

Istio Egress Configuration

Field Type Description Required
kubernetes IstioKubernetes The Kubernetes resources than can be configured for an Istio egress gateway. No

Istio Kubernetes Configuration

Field Type Description Required
replicas uint32 The number of pods to replicate. No
affinity Affinity A Kubernetes affinity definition. No

Istio Install Args

Name Type ValueType Description Required
gateways.istio-ingressgateway.externalIPs NameValue string list The external IP address used by the Istio ingress gateway. No
gateways.istio-ingressgateway.serviceAnnotations.* NameValue string Annotations used for the Istio ingress gateway. For sample usage, see Customize Ingress. No
meshConfig.enableTracing NameValue string If "true", Istio will export tracing when Jaeger is installed. Defaults to "false". No
meshConfig.defaultConfig.tracing.sampling NameValue string Sampling rate for Istio tracing. Defaults to "1", meaning a 1% sampling rate. No

Fluentd Component

Field Type Description Required
enabled Boolean If true, then Fluentd will be installed. No
extraVolumeMounts ExtraVolumeMount list A list of host path volume mounts in addition to /var/log into the Fluentd DaemonSet. The Fluentd component collects log files in the /var/log/containers directory of Kubernetes worker nodes. The /var/log/containers directory may contain symbolic links to files located outside the /var/log directory. If the host path directory containing the log files is located outside of /var/log, the Fluentd DaemonSet must have the volume mount of that directory to collect the logs. No
elasticsearchURL string The target OpenSearch URLs. Specify this option in this format. The default http://vmi-system-es-ingest-oidc:8775 is the VMI OpenSearch URL. No
elasticsearchSecret string The secret containing the credentials for connecting to OpenSearch. This secret needs to be created in the verrazzano-install namespace prior to creating the Verrazzano custom resource. Specify the OpenSearch login credentials in the username and password fields in this secret. Specify the CA for verifying the OpenSearch certificate in the ca-bundle field, if applicable. The default verrazzano is the secret for connecting to the VMI OpenSearch. No
oci OCILoggingConfiguration The Oracle Cloud Infrastructure Logging configuration. No

Jaeger Operator Component

Field Type Description Required
enabled Boolean If true, then Jaeger Operator will be installed. No

Extra Volume Mount

Field Type Description Required
source string The source host path. Yes
destination string The destination path on the Fluentd Container, defaults to the source host path. No
readOnly Boolean Specifies if the volume mount is read-only, defaults to true. No

Oracle Cloud Infrastructure Logging Configuration

Field Type Description Required
systemLogId string The OCID of the Oracle Cloud Infrastructure Log that will collect system logs. Yes
defaultAppLogId string The OCID of the Oracle Cloud Infrastructure Log that will collect application logs. Yes
apiSecret string The name of the secret containing the Oracle Cloud Infrastructure API configuration and private key. No

Keycloak Component

Field Type Description Required
enabled Boolean If true, then Keycloak will be installed. No
mysql MySQLComponent Contains the MySQL component configuration needed for Keycloak. No

MySQL Component

Field Type Description Required
volumeSource VolumeSource Defines the type of volume to be used for persistence for Keycloak/MySQL, and can be one of either EmptyDirVolumeSource or PersistentVolumeClaimVolumeSource. If PersistentVolumeClaimVolumeSource is declared, then the claimName must reference the name of a VolumeClaimSpecTemplate declared in the volumeClaimSpecTemplates section. No

OpenSearch Component

Field Type Description Required
enabled Boolean If true, then OpenSearch will be installed. No
installArgs OpenSearchInstallArgs list A list of values to use during OpenSearch installation. Each argument is specified as either a name/value or name/valueList pair. For sample usage, see Customize OpenSearch. No
policies Policy list A list of Index State Management policies to enable on OpenSearch. No
nodes Node list A list of OpenSearch node groups. No

OpenSearch Node Groups

Field Type Description Required
name string Name of the node group. Yes
replicas integer Node group replica count. No
roles list Role(s) that nodes in the group will assume. May be master, data, and/or ingest. Yes
storage Storage Storage settings for the node group. No
resources Resources Kubernetes container resources for nodes in the node group. No

OpenSearch Node Group Storage

Field Type Description Required
size string Node group storage size expressed as a Quantity. Yes

OpenSearch Index Management Policies

Field Type Description Required
policyName string Name of the Index State Management policy. Yes
indexPattern string An Index Pattern is an index name or pattern like my-index-*. If an index matches the pattern, the associated policy will attach to the index. Yes
minIndexAge Time Amount of time until a managed index is deleted. Default is seven days (7d). No
rollover Rollover Index rollover settings. No

OpenSearch Install Args

To configure OpenSearch, instead of using install args, Oracle recommnds that you use OpenSearch Node Groups.

Name Type ValueType Description Required
nodes.master.replicas NameValue string The number of master node replicas. No
nodes.master.requests.memory NameValue string The master node memory request amount expressed as a Quantity. No
nodes.master.requests.storage NameValue string The master storage request amount expressed as a Quantity. No
nodes.ingest.replicas NameValue string The number of ingest node replicas. No
nodes.ingest.requests.memory NameValue string The ingest node memory request amount expressed as a Quantity. No
nodes.data.replicas NameValue string The number of data node replicas. No
nodes.data.requests.memory NameValue string The data node memory request amount expressed as a Quantity. No
nodes.data.requests.storage NameValue string The data storage request amount expressed as a Quantity. No

OpenSearch Index Management Rollover

Field Type Description Required
minIndexAge Time Amount of time until a managed index is rolled over. Default is 1 day (1d). No
minSize Bytes The size at which a managed index is rolled over. No
minDocCount uint32 Amount of documents in a managed index that triggers a rollover. No

OpenSearch Dashboards Component

Field Type Description Required
enabled Boolean If true, then OpenSearch Dashboards will be installed. No

Prometheus Component

Field Type Description Required
enabled Boolean If true, then Prometheus will be installed. No

Grafana Component

Field Type Description Required
enabled Boolean If true, then Grafana will be installed. No

Kiali Component

Field Type Description Required
enabled Boolean If true, then Kiali will be installed. No

Prometheus Operator Component

Field Type Description Required
enabled Boolean If true, then the Prometheus Operator will be installed. No

Prometheus Adapter Component

Field Type Description Required
enabled Boolean If true, then the Prometheus Adapter will be installed. No

Kube State Metrics Component

Field Type Description Required
enabled Boolean If true, then kube-state-metrics will be installed. No