Verrazzano v1alpha1

The Verrazzano custom resource contains the configuration information for an installation. Here is a sample Verrazzano custom resource file that uses Oracle Cloud Infrastructure DNS. See other examples here.

apiVersion: install.verrazzano.io/v1alpha1
kind: Verrazzano
metadata:
  name: example-verrazzano
spec:
  environmentName: env
  profile: prod
  components:
    certManager:
      certificate:
        acme:
          provider: letsEncrypt
          emailAddress: emailAddress@example.com
    dns:
      oci:
        ociConfigSecret: oci
        dnsZoneCompartmentOCID: dnsZoneCompartmentOcid
        dnsZoneOCID: dnsZoneOcid
        dnsZoneName: my.dns.zone.name
    ingress:
      type: LoadBalancer

VerrazzanoSpec

Field	Type	Description	Required
`environmentName`	string	Name of the installation. This name is part of the endpoint access URLs that are generated. The default value is `default`.	No
`profile`	string	The installation profile to select. Valid values are `prod` (production), `dev` (development), and `managed-cluster`. The default is `prod`.	No
`version`	string	The version to install. Valid versions can be found here. Defaults to the current version supported by the Verrazzano platform operator.	No
`components`	Components	The Verrazzano components.	No
`defaultVolumeSource`	VolumeSource	Defines the type of volume to be used for persistence for all components unless overridden, and can be one of either EmptyDirVolumeSource or PersistentVolumeClaimVolumeSource. If PersistentVolumeClaimVolumeSource is declared, then the `claimName` must reference the name of an existing `VolumeClaimSpecTemplate` declared in the `volumeClaimSpecTemplates` section.	No
`volumeClaimSpecTemplates`	VolumeClaimSpecTemplate	Defines a named set of PVC configurations that can be referenced from components to configure persistent volumes.	No

VolumeClaimSpecTemplate

Field	Type	Description	Required
`metadata`	ObjectMeta	Metadata about the PersistentVolumeClaimSpec template.	No
`spec`	PersistentVolumeClaimSpec	A `PersistentVolumeClaimSpec` template that can be referenced by a Component to override its default storage settings for a profile. At present, only a subset of the `resources.requests` object are honored depending on the component.	No

Components

Field	Type	Description	Required
`authProxy`	AuthProxyComponent	The AuthProxy component configuration.	No
`certManager`	CertManagerComponent	The cert-manager component configuration.	No
`dns`	DNSComponent	The DNS component configuration.	No
`ingress`	IngressComponent	The ingress component configuration.	No
`istio`	IstioComponent	The Istio component configuration.	No
`fluentd`	FluentdComponent	The Fluentd component configuration.	No
`jaegerOperator`	JaegerOperatorComponent	The Jaeger Operator component configuration.	No
`keycloak`	KeycloakComponent	The Keycloak component configuration.	No
`elasticsearch`	OpenSearchComponent	The OpenSearch component configuration.	No
`prometheus`	PrometheusComponent	The Prometheus component configuration.	No
`kibana`	OpenSearchDashboardsComponent	The OpenSearch Dashboards component configuration.	No
`grafana`	GrafanaComponent	The Grafana component configuration.	No
`kiali`	KialiComponent	The Kiali component configuration.	No
`prometheusOperator`	PrometheusOperatorComponent	The Prometheus Operator component configuration.	No
`prometheusAdapter`	PrometheusAdapterComponent	The Prometheus Adapter component configuration.	No
`kubeStateMetrics`	KubeStateMetricsComponent	The kube-state-metrics component configuration.	No
`velero`	VeleroComponent	The Velero component configuration.	No
`rancherBackup`	RancherBackupComponent	The rancherBackup component configuration.	No

AuthProxy Component

Field	Type	Description	Required
`enabled`	Boolean	If true, then AuthProxy will be installed.	No
`kubernetes`	AuthProxyKubernetes	The Kubernetes resources than can be configured for AuthProxy.	No
`monitorChanges`	Boolean	If false, then Verrazzano updates will ignore any configuration changes to this component. Defaults to `true`.	No
`overrides`	Overrides list	List of Overrides for the default `values.yaml` file for the component Helm chart. Lower Overrides have precedence over the ones above them. You can find all possible values here and invalid values will be ignored.	No

AuthProxy Kubernetes Configuration

Field	Type	Description	Required
`replicas`	uint32	The number of pods to replicate.	No
`affinity`	Affinity	A Kubernetes affinity definition.	No

CertManager Component

Field	Type	Description	Required
`certificate`	Certificate	The certificate configuration.	No
`monitorChanges`	Boolean	If false, then Verrazzano updates will ignore any configuration changes to this component. Defaults to `true`.	No
`overrides`	Overrides list	List of Overrides for the default `values.yaml` file for the component Helm chart. Lower Overrides have precedence over the ones above them. You can find all possible values here and invalid values will be ignored.	No

Certificate

Field	Type	Description	Required
`acme`	Acme	The ACME configuration. Either `acme` or `ca` must be specified.	No
`ca`	CertificateAuthority	The certificate authority configuration. Either `acme` or `ca` must be specified.	No

Acme

Field	Type	Description	Required
`provider`	string	Name of the Acme provider.	Yes
`emailAddress`	string	Email address of the user.	Yes

CertificateAuthority

Field	Type	Description	Required
`secretName`	string	The secret name.	Yes
`clusterResourceNamespace`	string	The secrete namespace.	Yes

DNS Component

Field	Type	Description	Required
`wildcard`	DNS-Wilcard	Wildcard DNS configuration. This is the default with a domain of `nip.io`.	No
`oci`	DNS-OCI	Oracle Cloud Infrastructure DNS configuration.	No
`external`	DNS-External	External DNS configuration.	No
`monitorChanges`	Boolean	If false, then Verrazzano updates will ignore any configuration changes to this component. Defaults to `true`.	No
`overrides`	Overrides list	List of Overrides for the default `values.yaml` file for the component Helm chart. Lower Overrides have precedence over the ones above them. You can find all possible values here and invalid values will be ignored.	No

DNS Wildcard

Field	Type	Description	Required
`domain`	string	The type of wildcard DNS domain. For example, `nip.io`, `sslip.io`, and such.	Yes

DNS Oracle Cloud Infrastructure

Field	Type	Description	Required
`ociConfigSecret`	string	Name of the Oracle Cloud Infrastructure configuration secret. Generate a secret based on the Oracle Cloud Infrastructure configuration profile you want to use. You can specify a profile other than DEFAULT and specify the secret name. See instructions by running `./install/create_oci_config_secret.sh`.	Yes
`dnsZoneCompartmentOCID`	string	The Oracle Cloud Infrastructure DNS compartment OCID.	Yes
`dnsZoneOCID`	string	The Oracle Cloud Infrastructure DNS zone OCID.	Yes
`dnsZoneName`	string	Name of Oracle Cloud Infrastructure DNS zone.	Yes
`dnsScope`	string	Scope of the Oracle Cloud Infrastructure DNS zone (`PRIVATE`, `GLOBAL`). If not specified, then defaults to `GLOBAL`.	No

DNS External

Field	Type	Description	Required
`suffix`	string	The suffix for DNS names.	Yes

Ingress Component

Field	Type	Description	Required
`type`	string	The ingress type. Valid values are `LoadBalancer` and `NodePort`. The default value is `LoadBalancer`. If the ingress type is `NodePort`, a valid and accessible IP address must be specified using the `controller.service.externalIPs` key in NGINXInstallArgs. For sample usage, see External Load Balancers.	No
`nginxInstallArgs`	NGINXInstallArgs list	A list of values to use during NGINX installation.	No
`ports`	PortConfig list	The list port configurations used by the ingress.	No
`monitorChanges`	Boolean	If false, then Verrazzano updates will ignore any configuration changes to this component. Defaults to `true`.	No
`overrides`	Overrides list	List of Overrides for the default `values.yaml` file for the component Helm chart. Lower Overrides have precedence over the ones above them. You can find all possible values here and invalid values will be ignored.	No

NGINX Install Args

Name	Type	ValueType	Description	Required
`controller.service.externalIPs`	NameValue	string list	The external IP address used by the NGINX Ingress Controller.	No
`controller.service.externalTrafficPolicy`	NameValue	string	Preserves the client source IP address. See Bare-metal considerations.	No
`controller.service.annotations.*`	NameValue	string	Annotations used for NGINX Ingress Controller. For sample usage, see Customize Ingress.	No
`controller.autoscaling.enabled`	NameValue	Boolean	If true, then enable horizonal pod autoscaler. Default `false`.	No
`controller.autoscaling.minReplicas`	NameValue	string	Minimum replicas used for autoscaling. Default `1`.	No

Port Config

Field	Type	Description	Required
`name`	string	The port name.	No
`port`	string	The port value.	Yes
`targetPort`	string	The target port value. The default is same as the port value.	Yes
`protocol`	string	The protocol used by the port. `TCP` is the default.	No
`nodePort`	string	The `nodePort` value.	No

Name Value

Field	Type	Description	Required
`name`	string	The name of a Helm override for a Verrazzano component chart, specified with a `set` flag on the Helm command line, for example, `helm install --set name=value`. For more information about chart overrides, see Customize Ingress.	Yes
`value`	string	The value of a Helm override for a Verrazzano component chart, specified with a `set` flag on the Helm command line, for example, `helm install --set name=value`. Either `value` or `valueList` must be specified. For more information about chart overrides, see Customize Ingress.	No
`valueList`	string list	The list of Helm override values for a Verrazzano component, each specified with a `set` flag on the Helm command line, for example, `helm install --set name[0]=<first element of valueList> —set name[1]=<second element of valueList>`. Either `value` or `valueList` must be specified. For more information about chart overrides, see Customize Ingress.	No
`setString`	Boolean	Specifies if the argument requires the Helm `--set-string` command-line flag to override a chart value, for example, `helm install --set-string name=value`.	No

Istio Component

Field	Type	Description	Required
`enabled`	Boolean	If true, then Istio will be installed.	No
`istioIngress`	IstioIngress	The Istio ingress gateway configuration.	No
`istioEgress`	IstioEgress	The Istio egress gateway configuration.	No
`istioInstallArgs`	IstioInstallArgs list	A list of values to use during Istio installation. Each argument is specified as either a `name/value` or `name/valueList` pair.	No
`monitorChanges`	Boolean	If false, then Verrazzano updates will ignore any configuration changes to this component. Defaults to `true`.	No
`overrides`	Overrides list	List of Overrides for default IstioOperator. Lower Overrides have precedence over the ones above them. You can find all possible values here. Passing through an invalid IstioOperator resource will result in an error.	No

Istio Ingress Configuration

Field	Type	Description	Required
`type`	string	The Istio ingress type. Valid values are `LoadBalancer` and `NodePort`. The default value is `LoadBalancer`. If the Istio ingress type is `NodePort`, a valid and accessible IP address must be specified using the `gateways.istio-ingressgateway.externalIPs` key in IstioInstallArgs. For sample usage, see External Load Balancers.	No
`ports`	PortConfig list	The list port configurations used by the Istio ingress.	No
`kubernetes`	IstioKubernetes	The Kubernetes resources than can be configured for an Istio ingress gateway.	No

Istio Egress Configuration

Field	Type	Description	Required
`kubernetes`	IstioKubernetes	The Kubernetes resources than can be configured for an Istio egress gateway.	No

Istio Kubernetes Configuration

Field	Type	Description	Required
`replicas`	uint32	The number of pods to replicate.	No
`affinity`	Affinity	A Kubernetes affinity definition.	No

Istio Install Args

Name	Type	ValueType	Description	Required
`gateways.istio-ingressgateway.externalIPs`	NameValue	string list	The external IP address used by the Istio ingress gateway.	No
`gateways.istio-ingressgateway.serviceAnnotations.*`	NameValue	string	Annotations used for the Istio ingress gateway. For sample usage, see Customize Ingress.	No
`meshConfig.enableTracing`	NameValue	string	If `"true"`, Istio will export tracing when Jaeger is installed. Defaults to `"false"`.	No
`meshConfig.defaultConfig.tracing.sampling`	NameValue	string	Sampling rate for Istio tracing. Defaults to `"1"`, meaning a 1% sampling rate.	No

Fluentd Component

Field	Type	Description	Required
`enabled`	Boolean	If true, then Fluentd will be installed.	No
`extraVolumeMounts`	ExtraVolumeMount list	A list of host path volume mounts in addition to `/var/log` into the Fluentd DaemonSet. The Fluentd component collects log files in the `/var/log/containers` directory of Kubernetes worker nodes. The `/var/log/containers` directory may contain symbolic links to files located outside the `/var/log` directory. If the host path directory containing the log files is located outside of `/var/log`, the Fluentd DaemonSet must have the volume mount of that directory to collect the logs.	No
`elasticsearchURL`	string	The target OpenSearch URLs. Specify this option in this format. The default `http://vmi-system-es-ingest-oidc:8775` is the VMI OpenSearch URL.	No
`elasticsearchSecret`	string	The secret containing the credentials for connecting to OpenSearch. This secret needs to be created in the `verrazzano-install` namespace prior to creating the Verrazzano custom resource. Specify the OpenSearch login credentials in the `username` and `password` fields in this secret. Specify the CA for verifying the OpenSearch certificate in the `ca-bundle` field, if applicable. The default `verrazzano` is the secret for connecting to the VMI OpenSearch.	No
`oci`	OCILoggingConfiguration	The Oracle Cloud Infrastructure Logging configuration.	No
`monitorChanges`	Boolean	If false, then Verrazzano updates will ignore any configuration changes to this component. Defaults to `true`.	No
`overrides`	Overrides list	List of Overrides for the default `values.yaml` file for the component Helm chart. Lower Overrides have precedence over the ones above them. You can find all possible values here and invalid values will be ignored.	No

Jaeger Operator Component

Field	Type	Description	Required
`enabled`	Boolean	If true, then Jaeger Operator will be installed.	No
`monitorChanges`	Boolean	If false, then Verrazzano updates will ignore any configuration changes to this component. Defaults to `true`.	No
`overrides`	Overrides list	List of Overrides for the default `values.yaml` file for the component Helm chart. Lower Overrides have precedence over the ones above them. You can find all possible values here and invalid values will be ignored.	No

Extra Volume Mount

Field	Type	Description	Required
`source`	string	The source host path.	Yes
`destination`	string	The destination path on the Fluentd Container, defaults to the `source` host path.	No
`readOnly`	Boolean	Specifies if the volume mount is read-only, defaults to `true`.	No

Oracle Cloud Infrastructure Logging Configuration

Field	Type	Description	Required
`systemLogId`	string	The OCID of the Oracle Cloud Infrastructure Log that will collect system logs.	Yes
`defaultAppLogId`	string	The OCID of the Oracle Cloud Infrastructure Log that will collect application logs.	Yes
`apiSecret`	string	The name of the secret containing the Oracle Cloud Infrastructure API configuration and private key.	No

Keycloak Component

Field	Type	Description	Required
`enabled`	Boolean	If true, then Keycloak will be installed.	No
`mysql`	MySQLComponent	Contains the MySQL component configuration needed for Keycloak.	No
`monitorChanges`	Boolean	If false, then Verrazzano updates will ignore any configuration changes to this component. Defaults to `true`.	No
`overrides`	Overrides list	List of Overrides for the default `values.yaml` file for the component Helm chart. Lower Overrides have precedence over the ones above them. You can find all possible values here and invalid values will be ignored.	No

MySQL Component

Field	Type	Description	Required
`volumeSource`	VolumeSource	Defines the type of volume to be used for persistence for Keycloak/MySQL, and can be one of either EmptyDirVolumeSource or PersistentVolumeClaimVolumeSource. If PersistentVolumeClaimVolumeSource is declared, then the `claimName` must reference the name of a `VolumeClaimSpecTemplate` declared in the `volumeClaimSpecTemplates` section.	No
`monitorChanges`	Boolean	If false, then Verrazzano updates will ignore any configuration changes to this component. Defaults to `true`.	No
`overrides`	Overrides list	List of Overrides for the default `values.yaml` file for the component Helm chart. Lower Overrides have precedence over the ones above them. You can find all possible values here and invalid values will be ignored.	No

OpenSearch Component

Field	Type	Description	Required
`enabled`	Boolean	If true, then OpenSearch will be installed.	No
`installArgs`	OpenSearchInstallArgs list	A list of values to use during OpenSearch installation. Each argument is specified as either a `name/value` or `name/valueList` pair. For sample usage, see Customize OpenSearch.	No
`policies`	Policy list	A list of Index State Management policies to enable on OpenSearch.	No
`plugins`	OpenSearchPlugins	OpenSearch plug-ins to be installed in OpenSearch.	No
`nodes`	Node list	A list of OpenSearch node groups.	No

OpenSearch Node Groups

Field	Type	Description	Required
`name`	string	Name of the node group.	Yes
`replicas`	integer	Node group replica count.	No
`roles`	list	Role(s) that nodes in the group will assume. May be `master`, `data`, and/or `ingest`.	Yes
`storage`	Storage	Storage settings for the node group.	No
`resources`	Resources	Kubernetes container resources for nodes in the node group.	No

OpenSearch Node Group Storage

Field	Type	Description	Required
`size`	string	Node group storage size expressed as a Quantity.	Yes

OpenSearch Index Management Policies

Field	Type	Description	Required
`policyName`	string	Name of the Index State Management policy.	Yes
`indexPattern`	string	An Index Pattern is an index name or pattern like `my-index-*`. If an index matches the pattern, the associated policy will attach to the index.	Yes
`minIndexAge`	Time	Amount of time until a managed index is deleted. Default is seven days (`7d`).	No
`rollover`	Rollover	Index rollover settings.	No

OpenSearch Plugins

Field	Type	Description	Required
`enabled`	bool	To enable or disable the OpenSearch plug-ins.	Yes
`installList`	string list	List of OpenSearch plug-ins to be installed in OpenSearch.	No

OpenSearch Dashboards Plugins

Field	Type	Description	Required
`enabled`	bool	To enable or disable the OpenSearch Dashboards plug-ins.	Yes
`installList`	string list	List of OpenSearch Dashboards plug-ins to be installed in the OpenSearch Dashboards.	No

OpenSearch Install Args

To configure OpenSearch, instead of using install args, Oracle recommends that you use OpenSearch Node Groups.

Name	Type	ValueType	Description	Required
`nodes.master.replicas`	NameValue	string	The number of master node replicas.	No
`nodes.master.requests.memory`	NameValue	string	The master node memory request amount expressed as a Quantity.	No
`nodes.master.requests.storage`	NameValue	string	The master storage request amount expressed as a Quantity.	No
`nodes.ingest.replicas`	NameValue	string	The number of ingest node replicas.	No
`nodes.ingest.requests.memory`	NameValue	string	The ingest node memory request amount expressed as a Quantity.	No
`nodes.data.replicas`	NameValue	string	The number of data node replicas.	No
`nodes.data.requests.memory`	NameValue	string	The data node memory request amount expressed as a Quantity.	No
`nodes.data.requests.storage`	NameValue	string	The data storage request amount expressed as a Quantity.	No

OpenSearch Index Management Rollover

Field	Type	Description	Required
`minIndexAge`	Time	Amount of time until a managed index is rolled over. Default is 1 day (`1d`).	No
`minSize`	Bytes	The size at which a managed index is rolled over.	No
`minDocCount`	uint32	Amount of documents in a managed index that triggers a rollover.	No

OpenSearch Dashboards Component

Field	Type	Description	Required
`enabled`	Boolean	If true, then OpenSearch Dashboards will be installed.	No
`plugins`	OpenSearchDashboardsPlugins	OpenSearch Dashboards plug-ins to be installed in the OpenSearch Dashboards.	No

Prometheus Component

Field	Type	Description	Required
`enabled`	Boolean	If true, then Prometheus will be installed. Defaults to `true`. This is a legacy setting; the preferred way to configure Prometheus is using the prometheusOperator component.	No

Grafana Component

Field	Type	Description	Required
`enabled`	Boolean	If true, then Grafana will be installed.	No
`replicas`	integer	The number of pods to replicate. The default is `1`.	No
`database`	DatabaseInfo	The information to configure a connection to an external Grafana database.	No

Grafana Database Info

Field	Type	Description	Required
`host`	string	The host of the database.	No
`name`	string	The name of the database.	No

Kiali Component

Field	Type	Description	Required
`enabled`	Boolean	If true, then Kiali will be installed.	No
`monitorChanges`	Boolean	If false, then Verrazzano updates will ignore any configuration changes to this component. Defaults to `true`.	No
`overrides`	Overrides list	List of Overrides for the default `values.yaml` file for the component Helm chart. Lower Overrides have precedence over the ones above them. You can find all possible values here and invalid values will be ignored.	No

Prometheus Operator Component

Field	Type	Description	Required
`enabled`	Boolean	If true, then the Prometheus Operator will be installed.	No
`monitorChanges`	Boolean	If false, then Verrazzano updates will ignore any configuration changes to this component. Defaults to `true`.	No
`overrides`	Overrides list	List of Overrides for the default `values.yaml` file for the component Helm chart. Lower Overrides have precedence over the ones above them. You can find all possible values here and invalid values will be ignored.	No

Prometheus Adapter Component

Field	Type	Description	Required
`enabled`	Boolean	If true, then the Prometheus Adapter will be installed.	No
`monitorChanges`	Boolean	If false, then Verrazzano updates will ignore any configuration changes to this component. Defaults to `true`.	No
`overrides`	Overrides list	List of Overrides for the default `values.yaml` file for the component Helm chart. Lower Overrides have precedence over the ones above them. You can find all possible values here and invalid values will be ignored.	No

Kube State Metrics Component

Field	Type	Description	Required
`enabled`	Boolean	If true, then kube-state-metrics will be installed.	No
`monitorChanges`	Boolean	If false, then Verrazzano updates will ignore any configuration changes to this component. Defaults to `true`.	No
`overrides`	Overrides list	List of Overrides for the default `values.yaml` file for the component Helm chart. Lower Overrides have precedence over the ones above them. You can find all possible values here and invalid values will be ignored.	No

Overrides

Field	Type	Description	Required
`configMapRef`	ConfigMapKeySelector	Selector for ConfigMap containing override data.	No
`secretRef`	SecretKeySelector	Selector for Secret containing override data.	No
`values`	JSON	Configure overrides using inline YAML.	No

Velero Component

Field	Type	Description	Required
`enabled`	Boolean	If true, then Velero will be installed.	No

Rancher Backup Component

Field	Type	Description	Required
`enabled`	Boolean	If true, then rancherBackup will be installed. rancherBackup is dependant on Rancher being installed.	No

Feedback

Was this page helpful?

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.