Verrazzano Custom Resource Definition

The Verrazzano custom resource contains the configuration information for an installation. Here is a sample Verrazzano custom resource file that uses Oracle Cloud Infrastructure DNS. See other examples here.

apiVersion: install.verrazzano.io/v1alpha1
kind: Verrazzano
metadata:
  name: example-verrazzano
spec:
  environmentName: env
  profile: prod
  components:
    certManager:
      certificate:
        acme:
          provider: letsEncrypt
          emailAddress: emailAddress@example.com
    dns:
      oci:
        ociConfigSecret: oci
        dnsZoneCompartmentOCID: dnsZoneCompartmentOcid
        dnsZoneOCID: dnsZoneOcid
        dnsZoneName: my.dns.zone.name
    ingress:
      type: LoadBalancer

VerrazzanoSpec

Field	Type	Description	Required
`environmentName`	string	Name of the installation. This name is part of the endpoint access URLs that are generated. The default value is `default`.	No
`profile`	string	The installation profile to select. Valid values are `prod` (production) and `dev` (development). The default is `prod`.	No
`version`	string	The version to install. Valid versions can be found here. Defaults to the current version supported by the Verrazzano platform operator.	No
`components`	Components	The Verrazzano components.	No
`defaultVolumeSource`	VolumeSource	Defines the type of volume to be used for persistence for all components unless overridden, and can be one of either EmptyDirVolumeSource or PersistentVolumeClaimVolumeSource. If PersistentVolumeClaimVolumeSource is declared, then the `claimName` must reference the name of an existing `VolumeClaimSpecTemplate` declared in the `volumeClaimSpecTemplates` section.	No
`volumeClaimSpecTemplates`	VolumeClaimSpecTemplate	Defines a named set of PVC configurations that can be referenced from components to configure persistent volumes.	No

VolumeClaimSpecTemplate

Field	Type	Description	Required
`metadata`	ObjectMeta	Metadata about the PersistentVolumeClaimSpec template.	No
`spec`	PersistentVolumeClaimSpec	A `PersistentVolumeClaimSpec` template that can be referenced by a Component to override its default storage settings for a profile. At present, only a subset of the `resources.requests` object are honored depending on the component.	No

Components

Field	Type	Description	Required
`authProxy`	AuthProxyComponent	The AuthProxy component configuration.	No
`certManager`	CertManagerComponent	The cert-manager component configuration.	No
`dns`	DNSComponent	The DNS component configuration.	No
`ingress`	IngressComponent	The ingress component configuration.	No
`istio`	IstioComponent	The Istio component configuration.	No
`fluentd`	FluentdComponent	The Fluentd component configuration.	No
`keycloak`	KeycloakComponent	The Keycloak component configuration.	No
`elasticsearch`	OpenSearchComponent	The OpenSearch component configuration.	No
`prometheus`	PrometheusComponent	The Prometheus component configuration.	No
`kibana`	OpenSearchDashboardsComponent	The OpenSearch Dashboards component configuration.	No
`grafana`	GrafanaComponent	The Grafana component configuration.	No
`kiali`	KialiComponent	The Kiali component configuration.	No

AuthProxy Component

Field	Type	Description	Required
`enabled`	Boolean	If true, then AuthProxy will be installed.	No
`kubernetes`	AuthProxyKubernetes	The Kubernetes resources than can be configured for AuthProxy.	No

AuthProxy Kubernetes Configuration

Field	Type	Description	Required
`replicas`	uint32	The number of pods to replicate.	No
`affinity`	Affinity	A Kubernetes affinity definition.	No

CertManager Component

Field	Type	Description	Required
`certificate`	Certificate	The certificate configuration.	No

Certificate

Field	Type	Description	Required
`acme`	Acme	The ACME configuration. Either `acme` or `ca` must be specified.	No
`ca`	CertificateAuthority	The certificate authority configuration. Either `acme` or `ca` must be specified.	No

Acme

Field	Type	Description	Required
`provider`	string	Name of the Acme provider.	Yes
`emailAddress`	string	Email address of the user.	Yes

CertificateAuthority

Field	Type	Description	Required
`secretName`	string	The secret name.	Yes
`clusterResourceNamespace`	string	The secrete namespace.	Yes

DNS Component

Field	Type	Description	Required
`wildcard`	DNS-Wilcard	Wildcard DNS configuration. This is the default with a domain of `nip.io`.	No
`oci`	DNS-OCI	Oracle Cloud Infrastructure DNS configuration.	No
`external`	DNS-External	External DNS configuration.	No

DNS Wildcard

Field	Type	Description	Required
`domain`	string	The type of wildcard DNS domain. For example, `nip.io`, `sslip.io`, and such.	Yes

DNS Oracle Cloud Infrastructure

Field	Type	Description	Required
`ociConfigSecret`	string	Name of the Oracle Cloud Infrastructure configuration secret. Generate a secret based on the Oracle Cloud Infrastructure configuration profile you want to use. You can specify a profile other than DEFAULT and specify the secret name. See instructions by running `./install/create_oci_config_secret.sh`.	Yes
`dnsZoneCompartmentOCID`	string	The Oracle Cloud Infrastructure DNS compartment OCID.	Yes
`dnsZoneOCID`	string	The Oracle Cloud Infrastructure DNS zone OCID.	Yes
`dnsZoneName`	string	Name of Oracle Cloud Infrastructure DNS zone.	Yes
`dnsScope`	string	Scope of the Oracle Cloud Infrastructure DNS zone (PRIVATE, GLOBAL). If not specified, then defaults to GLOBAL.	No

DNS External

Field	Type	Description	Required
`suffix`	string	The suffix for DNS names.	Yes

Ingress Component

Field	Type	Description	Required
`type`	string	The ingress type. Valid values are `LoadBalancer` and `NodePort`. The default value is `LoadBalancer`.	Yes
`nginxInstallArgs`	NGINXInstallArgs list	A list of values to use during NGINX installation.	No
`ports`	PortConfig list	The list port configurations used by the ingress.	No

NGINX Install Args

Name	Type	ValueType	Description	Required
`controller.service.externalIPs`	NameValue	string list	The external IP address used by the NGINX Ingress Controller.	No
`controller.service.externalTrafficPolicy`	NameValue	string	Preserves the client source IP address. See Bare-metal considerations.	No
`controller.service.annotations.*`	NameValue	string	Annotations used for NGINX Ingress Controller. For sample usage, see Customize Ingress.	No
`controller.autoscaling.enabled`	NameValue	Boolean	If true, then enable horizonal pod autoscaler. Default false.	No
`controller.autoscaling.minReplicas`	NameValue	string	Minimum replicas used for autoscaling. Default 1.	No

Port Config

Field	Type	Description	Required
`name`	string	The port name.	No
`port`	string	The port value.	Yes
`targetPort`	string	The target port value. The default is same as the port value.	Yes
`protocol`	string	The protocol used by the port. TCP is the default.	No
`nodePort`	string	The `nodePort` value.	No

Name Value

Field	Type	Description	Required
`name`	string	The name of a Helm override for a Verrazzano component chart, specified with a `—set` flag on the Helm command line, for example, `helm install --set name=value`. For more information about chart overrides, see Customize Ingress.	Yes
`value`	string	The value of a Helm override for a Verrazzano component chart, specified with a `—set` flag on the Helm command line, for example, `helm install --set name=value`. Either `value` or `valueList` must be specified. For more information about chart overrides, see Customize Ingress.	No
`valueList`	string list	The list of Helm override values for a Verrazzano component, each specified with a `—set` flag on the Helm command line, for example, `helm install --set name[0]=<first element of valueList> —set name[1]=<second element of valueList>`. Either `value` or `valueList` must be specified. For more information about chart overrides, see Customize Ingress.	No
`setString`	Boolean	Specifies if the argument requires the Helm `--set-string` command-line flag to override a chart value, for example, `helm install --set-string name=value`.	No

Istio Component

Field	Type	Description	Required
`enabled`	Boolean	If true, then Istio will be installed.	No
`istioIngress`	IstioIngress	The Istio ingress gateway configuration.	No
`istioEgress`	IstioEgress	The Istio egress gateway configuration.	No
`istioInstallArgs`	IstioInstallArgs list	A list of values to use during Istio installation. Each argument is specified as either a `name/value` or `name/valueList` pair.	No

Istio Ingress Configuration

Field	Type	Description	Required
`kubernetes`	IstioKubernetes	The Kubernetes resources than can be configured for an Istio ingress gateway.	No

Istio Egress Configuration

Field	Type	Description	Required
`kubernetes`	IstioKubernetes	The Kubernetes resources than can be configured for an Istio egress gateway.	No

Istio Kubernetes Configuration

Field	Type	Description	Required
`replicas`	uint32	The number of pods to replicate.	No
`affinity`	Affinity	A Kubernetes affinity definition.	No

Istio Install Args

Name	Type	ValueType	Description	Required
`gateways.istio-ingressgateway.externalIPs`	NameValue	string list	The external IP address used by the Istio ingress gateway.	No
`gateways.istio-ingressgateway.serviceAnnotations.*`	NameValue	string	Annotations used for the Istio ingress gateway. For sample usage, see Customize Ingress.	No

Fluentd Component

Field	Type	Description	Required
`enabled`	Boolean	If true, then Fluentd will be installed.	No
`extraVolumeMounts`	ExtraVolumeMount list	A list of host path volume mounts in addition to `/var/log` into the Fluentd DaemonSet. The Fluentd component collects log files in the `/var/log/containers` directory of Kubernetes worker nodes. The `/var/log/containers` directory may contain symbolic links to files located outside the `/var/log` directory. If the host path directory containing the log files is located outside of `/var/log`, the Fluentd DaemonSet must have the volume mount of that directory to collect the logs.	No
`elasticsearchURL`	string	The target OpenSearch URLs. Specify this option in this format. The default `http://vmi-system-es-ingest-oidc:8775` is the VMI OpenSearch URL.	No
`elasticsearchSecret`	string	The secret containing the credentials for connecting to OpenSearch. This secret needs to be created in the `verrazzano-install` namespace prior to creating the Verrazzano custom resource. Specify the OpenSearch login credentials in the `username` and `password` fields in this secret. Specify the CA for verifying the OpenSearch certificate in the `ca-bundle` field, if applicable. The default `verrazzano` is the secret for connecting to the VMI OpenSearch.	No
`oci`	OCILoggingConfiguration	The Oracle Cloud Infrastructure Logging configuration.	No

Extra Volume Mount

Field	Type	Description	Required
`source`	string	The source host path.	Yes
`destination`	string	The destination path on the Fluentd Container, defaults to the `source` host path.	No
`readOnly`	Boolean	Specifies if the volume mount is read-only, defaults to `true`.	No

Oracle Cloud Infrastructure Logging Configuration

Field	Type	Description	Required
`systemLogId`	string	The OCID of the Oracle Cloud Infrastructure Log that will collect system logs.	Yes
`defaultAppLogId`	string	The OCID of the Oracle Cloud Infrastructure Log that will collect application logs.	Yes
`apiSecret`	string	The name of the secret containing the Oracle Cloud Infrastructure API configuration and private key.	No

Keycloak Component

Field	Type	Description	Required
`enabled`	Boolean	If true, then Keycloak will be installed.	No
`mysql`	MySQLComponent	Contains the MySQL component configuration needed for Keycloak.	No

MySQL Component

Field	Type	Description	Required
`volumeSource`	VolumeSource	Defines the type of volume to be used for persistence for Keycloak/MySQL, and can be one of either EmptyDirVolumeSource or PersistentVolumeClaimVolumeSource. If PersistentVolumeClaimVolumeSource is declared, then the `claimName` must reference the name of a `VolumeClaimSpecTemplate` declared in the `volumeClaimSpecTemplates` section.	No

OpenSearch Component

Field	Type	Description	Required
`enabled`	Boolean	If true, then OpenSearch will be installed.	No
`installArgs`	OpenSearchInstallArgs list	A list of values to use during OpenSearch installation. Each argument is specified as either a `name/value` or `name/valueList` pair. For sample usage, see Customize OpenSearch.	No

OpenSearch Install Args

Name	Type	ValueType	Description	Required
`nodes.master.replicas`	NameValue	string	The number of master node replicas.	No
`nodes.master.requests.memory`	NameValue	string	The master node memory request amount expressed as a Quantity.	No
`nodes.ingest.replicas`	NameValue	string	The number of ingest node replicas.	No
`nodes.ingest.requests.memory`	NameValue	string	The ingest node memory request amount expressed as a Quantity.	No
`nodes.data.replicas`	NameValue	string	The number of data node replicas.	No
`nodes.data.requests.memory`	NameValue	string	The data node memory request amount expressed as a Quantity.	No
`nodes.data.requests.storage`	NameValue	string	The data storage request amount expressed as a Quantity.	No

OpenSearch Dashboards Component

Field	Type	Description	Required
`enabled`	Boolean	If true, then OpenSearch Dashboards will be installed.	No

Prometheus Component

Field	Type	Description	Required
`enabled`	Boolean	If true, then Prometheus will be installed.	No

Grafana Component

Field	Type	Description	Required
`enabled`	Boolean	If true, then Grafana will be installed.	No

Kiali Component

Field	Type	Description	Required
`enabled`	Boolean	If true, then Kiali will be installed.	No

Feedback

Was this page helpful?

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.