04 edge custom resource definition - SoftwareAG/edge-k8s-operator-docs GitHub Wiki
The Edge Custom Resource (CR) YAML file has Edge deployment settings. You can edit this file to make changes to your Edge deployment.
The Custom Resource Definition (CRD) specifies the CR the Operator uses to manage Edge.
The initial part of the CR defines the CRD details, and the Edge deployment's name, referred to in this document as EDGE-CR-NAME
.
apiVersion: edge.cumulocity.com/v1
kind: Edge
metadata:
name: <EDGE-CR-NAME>
The spec section defines the Edge deployment's configurations.
Field | Required | Type | Default | Description |
---|---|---|---|---|
version | Yes | String | Cumulocity IoT Edge version to deploy. | |
licenseSecretName | Yes | String | Name of the Kubernetes Secret containing the Edge license key. See License Secret for details. Note: The Operator fetches this secret from the namespace with the name of the Edge CR. Create this secret before deploying or updating the Edge. |
|
company | Yes | String | Name of the edge tenant, e.g. the company's name. | |
domain | Yes | String | A fully qualified domain name. For example, “myown.iot.com”. Here, you must have the Edge license for the domain name iot.com or myown.iot.com. |
|
tlsSecretName | No | String | The Operator generates and assigns self-signed certificates. | Name of the Kubernetes Secret containing the TLS key and certificates for the name specified in the spec.domain field. See TLS Secret for details. Note: The Operator fetches this secret from the namespace with the name of the Edge CR. Create this secret before deploying or updating the Edge. |
adminCredentialsSecretName | Yes | String | Name of the Kubernetes Secret containing the management/edge tenant's admin credentials. See Admin Credentials Secret for details. Note: The Operator fetches this secret from the namespace with the name of the Edge CR. Create this secret before deploying or updating the Edge. |
|
core | Yes | Structure | Cumulocity IoT platform configurations. See Cumulocity IoT Core configurations for details. | |
microservices. | No | Array of Structure | The Operator deploys all the default Cumulocity microservices, which include the Apama, Smart Rules, SSL Management Server, Device Simulator and OPCUA Management Server microservices. | Specify resources to allocate to a Cumulocity microservice and skip deploying the Device Simulator and/or OPCUA Management Server. See Microservices for details. |
applications | No | Array of Structure | The Operator deploys all default applications, which include the Administration, Cockpit, Device Management and Apama Streaming Analytics applications. | Specify the applications to skip deploying. For example, Apama Streaming Analytics application. See Applications for details. |
mongoDb | No | Structure | The Operator deploys a MongoDB server. | See MongoDB for details. |
microservicesRegistry | No | Structure | The Operator deploys a Docker registry (used to store Cumulocity microservice images). | See Microservices Registry for details. |
Specifies the name of the Kubernetes Secret containing the Edge license key. The Operator fetches this secret from the namespace with the name of the Edge CR. Create this secret before deploying or updating the Edge.
See sample License secret manifest file.
This secret should contain the fields described in the table below.
Field | Required | Type | Default | Description |
---|---|---|---|---|
licence | Yes | String | Edge license key you received. |
Specifies the name of the Kubernetes Secret containing the TLS Key/Certificates for the domain. The Operator fetches this secret from the namespace with the name of the Edge CR. Create this secret before deploying or updating the Edge.
See sample TLS secret manifest file.
This secret should contain the fields described in the table below.
Field | Required | Type | Default | Description |
---|---|---|---|---|
tls.key | Yes | String | Private key for the domain. | |
tls.crt | Yes | String | Certificate chain of the private key for the domain. |
Specifies the name of the Kubernetes Secret containing the management/edge tenant's admin credentials. The Operator fetches this secret from the namespace with the name of the Edge CR. Create this secret before deploying or updating the Edge.
See sample Admin credentials secret manifest file.
This secret should contain the fields described in the table below.
Field | Required | Type | Default | Description |
---|---|---|---|---|
username | Yes | String | admin username of the management and edge tenants. | |
password | Yes | String | admin user's password. | |
Yes | String | admin user's email id. |
The core spec specifies the fields for configuring the Cumulocity IoT Core node and its resource limits.
Field | Required | Type | Default | Description |
---|---|---|---|---|
coreValues | No | Structure | Cumulocity IoT Core node configurations. See Cumulocity IoT Core values for details | |
resources | No | Structure | Defaults to CPU Limit: 4000m, Memory Limit: 6G, CPU Requests: 1000m, Memory Requests: 1G | Specify resource limits for the Cumulocity IoT Core node container. See Resource Limits Spec for details. |
Core values spec specifies the fields to configure Cumulocity IoT Core node.
Field | Required | Type | Default | Description |
---|---|---|---|---|
managementTenantAllowedIPBlocks | No | Array of String | Defaults to allow all | Specify the IP address blocks to allow access to the Management tenant from only a specific range of IP addresses. Allowed to add multiple blocks. For example, 10.0.0.0/8 |
edgeTenantAllowedIPBlocks | No | Array of String | Defaults to allow all | Specify the IP address blocks to allow access to the Edge tenant from only a specific range of IP addresses. Allowed to add multiple blocks. |
Microservices spec allows specifying resources to allocate to a Cumulocity microservice and skip deploying the Device Simulator and/or OPCUA Management Server. If not specified, the Operator deploys all the default Cumulocity microservices, which include the Apama, Smart Rules, SSL Management Server, Device Simulator and OPCUA Management Server microservices.
Field | Required | Type | Default | Description |
---|---|---|---|---|
name | Yes | String | Name of the Cumulocity microservice. Allowed values are apama-ctrl, smartrule, ssl-management-server, device-simulator and opcua-mgmt-service | |
disable | No | boolean | false | Specify 'true' to not deploy or undeploy the microservice. Note: You can configure to not deploy or undeploy (if already deployed) the device-simulator and opcua-mgmt-service services only, as the rest of the services are essential for the functioning of the Cumulocity IoT Platform. |
resources | No | Structure | Specify resource limits for the microservice container. See Resource Limits Spec for details. |
Applications spec allows specifying the applications to skip deploying. For example, Apama Streaming Analytics application. If not specified, the Operator deploys all default applications, which include the Administration, Cockpit, Device Management and Apama Streaming Analytics applications.
Field | Required | Type | Default | Description |
---|---|---|---|---|
name | Yes | String | Name of the Cumulocity application. Allowed value is streaming-analytics | |
disable | No | boolean | false | Specify 'true' to not deploy or undeploy the application. Note: You can configure to not deploy or undeploy (if already deployed) the streaming-analytics application only, as the rest of the applications are essential for the functioning of the Cumulocity IoT Platform. |
This field is necessary when this Edge deployment needs to be configured to use an externally hosted MongoDB server or to specify resource limits for the MongoDB server containers deployed by the Operator.
Field | Required | Type | Default | Description |
---|---|---|---|---|
mongosHost | No | String | The Operator deploys a MongoDB server. | Hostname to reach an externally hosted Mongos server. |
connectionString | No | String | Connection string of externally hosted MongoDB shards. | |
credentialsSecretName | No | String | Name of the Kubernetes Secret containing the credentials and sharded key to connect to an externally hosted MongoDB server. See MongoDB Credentials Secret for details. Note: The Operator fetches this secret from the namespace with the name of the Edge CR. Create this secret before deploying or updating the Edge. |
|
mongosResources | No | Structure | Defaults to CPU Limit: 500m, Memory Limit: 1G, CPU Requests: 100m, Memory Requests: 100M | Specify resource limits for the mongos container. See Resource Limits Spec for details. |
configSvrResources | No | Structure | Defaults to CPU Limit: 2, Memory Limit: 1G, CPU Requests: 100m, Memory Requests: 100M | Specify resource limits for the config server container. See Resource Limits Spec for details. |
shardSvrResources | No | Structure | Defaults to CPU Limit: 2, Memory Limit: 1G, CPU Requests: 100m, Memory Requests: 100M | Specify resource limits for the shard server container. See Resource Limits Spec for details. |
arbiterResources | No | Structure | Defaults to CPU Limit: 250m, Memory Limit: 250M, CPU Requests: 100m, Memory Requests: 100M | Limits the Specify resource limits for the arbiter container. See Resource Limits Spec for details. |
Specifies the name of the Kubernetes Secret containing the credentials to connect to an externally hosted MongoDB server. The Operator fetches this secret from the namespace with the name of the Edge CR. Create this secret before deploying or updating the Edge.
See sample MongoDB credentials secret manifest file.
This secret should contain the fields described in the table below.
Field | Required | Type | Default | Description |
---|---|---|---|---|
username | Yes | String | Username to connect to an externally hosted MongoDB server. | |
password | Yes | String | Password to connect to an externally hosted MongoDB server. | |
shardedKey | Yes | String | Sharded key to connect to an externally hosted MongoDB server. |
This field is necessary when this Edge deployment needs to be configured to use an externally hosted Docker registry or to specify resource limits for the Docker registry containers deployed by the Operator.
Field | Required | Type | Default | Description |
---|---|---|---|---|
url | No | String | The Operator deploys a Docker registry. | URL to connect to an externally hosted Docker registry. |
credentialsSecretName | No | String | Name of the Kubernetes Secret containing the credentials to connect to an externally hosted Docker registry. See Microservices registry credentials secret for details. Note: The Operator fetches this secret from the namespace with the name of the Edge CR. Create this secret before deploying or updating the Edge. |
|
tlsSecretName | No | String | Name of the Kubernetes Secret containing the server certificate of an externally hosted Docker registry. See Microservices Registry TLS secret for details. Note: The Operator fetches this secret from the namespace with the name of the Edge CR. Create this secret before deploying or updating the Edge. |
|
resources | No | Structure | Defaults to CPU Limit: 500m, Memory Limit: 1Gi, CPU Requests: 250m, Memory Requests: 500Mi | Specify resource limits for the Docker Registry container. See Resource Limits Spec for details. |
Specifies the name of the Kubernetes Secret containing the credentials to connect to an externally hosted Docker registry (used to store Cumulocity microservice images). The Operator fetches this secret from the namespace with the name of the Edge CR. Create this secret before deploying or updating the Edge.
See sample Microservices registry credentials secret manifest file.
This secret should contain the fields described in the table below.
Field | Required | Type | Default | Description |
---|---|---|---|---|
username | Yes | String | Username to connect to an externally hosted Docker registry. | |
password | Yes | String | Password to connect to an externally hosted Docker registry. |
Specifies the name of the Kubernetes Secret containing the server certificate of an externally hosted Docker registry. The Operator fetches this secret from the namespace with the name of the Edge CR. Create this secret before deploying or updating the Edge.
See sample Microservices registry TLS secret manifest file.
This secret should contain the fields described in the table below.
Field | Required | Type | Default | Description |
---|---|---|---|---|
certificate | Yes | String | Externally hosted Docker Registry's server certificate. |
Structure for specifying the resource limits for the Operator deployed containers.
Field | Required | Type | Default | Description |
---|---|---|---|---|
limitCpu | No | String | Specific CPU limit in cpu units. For example, 1000m or 1 | |
limitMemory | No | String | Specific memory limit in memory units. For example, 1000M or 1G | |
requestsCpu | No | String | Specific CPU requests in cpu units. For example, 1000m or 1 | |
requestsMemory | No | String | Specific memory requests in memory units. For example, 1000M or 1G |
This secret named sag-registry-credentials
is required to supply the Software AG Registry (registry.c8y.io) credentials to the Operator. The Operator explicitly searches for the secret named sag-registry-credentials
, so you can't change its name. Create this secret before deploying or updating the Edge.
See sample Software AG Registry Credentials Secret manifest file.
This secret should contain the fields described in the table below.
Field | Required | Type | Default | Description |
---|---|---|---|---|
username | Yes | String | Edge Repo username you received. | |
password | Yes | String | Edge Repo password you received. |