04 edge custom resource definition - SoftwareAG/edge-k8s-operator-docs GitHub Wiki

The Edge Custom Resource (CR) YAML file has Edge deployment settings. You can edit this file to make changes to your Edge deployment.

The Custom Resource Definition (CRD) specifies the CR the Operator uses to manage Edge.

Configuration

The initial part of the CR defines the CRD details, and the Edge deployment's name, referred to in this document as EDGE-CR-NAME.

apiVersion: edge.cumulocity.com/v1
kind: Edge
metadata:
  name: <EDGE-CR-NAME>

Spec

The spec section defines the Edge deployment's configurations.

Field Required Type Default Description
version Yes String Cumulocity IoT Edge version to deploy.
licenseSecretName Yes String Name of the Kubernetes Secret containing the Edge license key. See License Secret for details.

Note: The Operator fetches this secret from the namespace with the name of the Edge CR. Create this secret before deploying or updating the Edge.

company Yes String Name of the edge tenant, e.g. the company's name.
domain Yes String A fully qualified domain name.

For example, “myown.iot.com”. Here, you must have the Edge license for the domain name iot.com or myown.iot.com.

tlsSecretName No String The Operator generates and assigns self-signed certificates. Name of the Kubernetes Secret containing the TLS key and certificates for the name specified in the spec.domain field. See TLS Secret for details.

Note: The Operator fetches this secret from the namespace with the name of the Edge CR. Create this secret before deploying or updating the Edge.

adminCredentialsSecretName Yes String Name of the Kubernetes Secret containing the management/edge tenant's admin credentials. See Admin Credentials Secret for details.

Note: The Operator fetches this secret from the namespace with the name of the Edge CR. Create this secret before deploying or updating the Edge.

core Yes Structure Cumulocity IoT platform configurations. See Cumulocity IoT Core configurations for details.
microservices. No Array of Structure The Operator deploys all the default Cumulocity microservices, which include the Apama, Smart Rules, SSL Management Server, Device Simulator and OPCUA Management Server microservices. Specify resources to allocate to a Cumulocity microservice and skip deploying the Device Simulator and/or OPCUA Management Server. See Microservices for details.
applications No Array of Structure The Operator deploys all default applications, which include the Administration, Cockpit, Device Management and Apama Streaming Analytics applications. Specify the applications to skip deploying. For example, Apama Streaming Analytics application. See Applications for details.
mongoDb No Structure The Operator deploys a MongoDB server. See MongoDB for details.
microservicesRegistry No Structure The Operator deploys a Docker registry (used to store Cumulocity microservice images). See Microservices Registry for details.

License Secret

Specifies the name of the Kubernetes Secret containing the Edge license key. The Operator fetches this secret from the namespace with the name of the Edge CR. Create this secret before deploying or updating the Edge.

See sample License secret manifest file.

This secret should contain the fields described in the table below.

Field Required Type Default Description
licence Yes String Edge license key you received.

TLS Secret

Specifies the name of the Kubernetes Secret containing the TLS Key/Certificates for the domain. The Operator fetches this secret from the namespace with the name of the Edge CR. Create this secret before deploying or updating the Edge.

See sample TLS secret manifest file.

This secret should contain the fields described in the table below.

Field Required Type Default Description
tls.key Yes String Private key for the domain.
tls.crt Yes String Certificate chain of the private key for the domain.

Admin Credentials Secret

Specifies the name of the Kubernetes Secret containing the management/edge tenant's admin credentials. The Operator fetches this secret from the namespace with the name of the Edge CR. Create this secret before deploying or updating the Edge.

See sample Admin credentials secret manifest file.

This secret should contain the fields described in the table below.

Field Required Type Default Description
username Yes String admin username of the management and edge tenants.
password Yes String admin user's password.
email Yes String admin user's email id.

Cumulocity IoT Core configurations

The core spec specifies the fields for configuring the Cumulocity IoT Core node and its resource limits.

Field Required Type Default Description
coreValues No Structure Cumulocity IoT Core node configurations. See Cumulocity IoT Core values for details
resources No Structure Defaults to CPU Limit: 4000m, Memory Limit: 6G, CPU Requests: 1000m, Memory Requests: 1G Specify resource limits for the Cumulocity IoT Core node container. See Resource Limits Spec for details.

Cumulocity IoT Core values

Core values spec specifies the fields to configure Cumulocity IoT Core node.

Field Required Type Default Description
managementTenantAllowedIPBlocks No Array of String Defaults to allow all Specify the IP address blocks to allow access to the Management tenant from only a specific range of IP addresses. Allowed to add multiple blocks. For example, 10.0.0.0/8
edgeTenantAllowedIPBlocks No Array of String Defaults to allow all Specify the IP address blocks to allow access to the Edge tenant from only a specific range of IP addresses. Allowed to add multiple blocks.

Microservices

Microservices spec allows specifying resources to allocate to a Cumulocity microservice and skip deploying the Device Simulator and/or OPCUA Management Server. If not specified, the Operator deploys all the default Cumulocity microservices, which include the Apama, Smart Rules, SSL Management Server, Device Simulator and OPCUA Management Server microservices.

Field Required Type Default Description
name Yes String Name of the Cumulocity microservice. Allowed values are apama-ctrl, smartrule, ssl-management-server, device-simulator and opcua-mgmt-service
disable No boolean false Specify 'true' to not deploy or undeploy the microservice.

Note: You can configure to not deploy or undeploy (if already deployed) the device-simulator and opcua-mgmt-service services only, as the rest of the services are essential for the functioning of the Cumulocity IoT Platform.

resources No Structure Specify resource limits for the microservice container. See Resource Limits Spec for details.

Applications

Applications spec allows specifying the applications to skip deploying. For example, Apama Streaming Analytics application. If not specified, the Operator deploys all default applications, which include the Administration, Cockpit, Device Management and Apama Streaming Analytics applications.

Field Required Type Default Description
name Yes String Name of the Cumulocity application. Allowed value is streaming-analytics
disable No boolean false Specify 'true' to not deploy or undeploy the application.

Note: You can configure to not deploy or undeploy (if already deployed) the streaming-analytics application only, as the rest of the applications are essential for the functioning of the Cumulocity IoT Platform.

MongoDB

This field is necessary when this Edge deployment needs to be configured to use an externally hosted MongoDB server or to specify resource limits for the MongoDB server containers deployed by the Operator.

Field Required Type Default Description
mongosHost No String The Operator deploys a MongoDB server. Hostname to reach an externally hosted Mongos server.
connectionString No String Connection string of externally hosted MongoDB shards.
credentialsSecretName No String Name of the Kubernetes Secret containing the credentials and sharded key to connect to an externally hosted MongoDB server. See MongoDB Credentials Secret for details.

Note: The Operator fetches this secret from the namespace with the name of the Edge CR. Create this secret before deploying or updating the Edge.

mongosResources No Structure Defaults to CPU Limit: 500m, Memory Limit: 1G, CPU Requests: 100m, Memory Requests: 100M Specify resource limits for the mongos container. See Resource Limits Spec for details.
configSvrResources No Structure Defaults to CPU Limit: 2, Memory Limit: 1G, CPU Requests: 100m, Memory Requests: 100M Specify resource limits for the config server container. See Resource Limits Spec for details.
shardSvrResources No Structure Defaults to CPU Limit: 2, Memory Limit: 1G, CPU Requests: 100m, Memory Requests: 100M Specify resource limits for the shard server container. See Resource Limits Spec for details.
arbiterResources No Structure Defaults to CPU Limit: 250m, Memory Limit: 250M, CPU Requests: 100m, Memory Requests: 100M Limits the Specify resource limits for the arbiter container. See Resource Limits Spec for details.

MongoDB Credentials Secret

Specifies the name of the Kubernetes Secret containing the credentials to connect to an externally hosted MongoDB server. The Operator fetches this secret from the namespace with the name of the Edge CR. Create this secret before deploying or updating the Edge.

See sample MongoDB credentials secret manifest file.

This secret should contain the fields described in the table below.

Field Required Type Default Description
username Yes String Username to connect to an externally hosted MongoDB server.
password Yes String Password to connect to an externally hosted MongoDB server.
shardedKey Yes String Sharded key to connect to an externally hosted MongoDB server.

Microservices Registry

This field is necessary when this Edge deployment needs to be configured to use an externally hosted Docker registry or to specify resource limits for the Docker registry containers deployed by the Operator.

Field Required Type Default Description
url No String The Operator deploys a Docker registry. URL to connect to an externally hosted Docker registry.
credentialsSecretName No String Name of the Kubernetes Secret containing the credentials to connect to an externally hosted Docker registry. See Microservices registry credentials secret for details.

Note: The Operator fetches this secret from the namespace with the name of the Edge CR. Create this secret before deploying or updating the Edge.

tlsSecretName No String Name of the Kubernetes Secret containing the server certificate of an externally hosted Docker registry. See Microservices Registry TLS secret for details.

Note: The Operator fetches this secret from the namespace with the name of the Edge CR. Create this secret before deploying or updating the Edge.

resources No Structure Defaults to CPU Limit: 500m, Memory Limit: 1Gi, CPU Requests: 250m, Memory Requests: 500Mi Specify resource limits for the Docker Registry container. See Resource Limits Spec for details.

Microservices Registry Credentials Secret

Specifies the name of the Kubernetes Secret containing the credentials to connect to an externally hosted Docker registry (used to store Cumulocity microservice images). The Operator fetches this secret from the namespace with the name of the Edge CR. Create this secret before deploying or updating the Edge.

See sample Microservices registry credentials secret manifest file.

This secret should contain the fields described in the table below.

Field Required Type Default Description
username Yes String Username to connect to an externally hosted Docker registry.
password Yes String Password to connect to an externally hosted Docker registry.

Microservices Registry TLS Secret

Specifies the name of the Kubernetes Secret containing the server certificate of an externally hosted Docker registry. The Operator fetches this secret from the namespace with the name of the Edge CR. Create this secret before deploying or updating the Edge.

See sample Microservices registry TLS secret manifest file.

This secret should contain the fields described in the table below.

Field Required Type Default Description
certificate Yes String Externally hosted Docker Registry's server certificate.

Resource Limits Spec

Structure for specifying the resource limits for the Operator deployed containers.

Field Required Type Default Description
limitCpu No String Specific CPU limit in cpu units. For example, 1000m or 1
limitMemory No String Specific memory limit in memory units. For example, 1000M or 1G
requestsCpu No String Specific CPU requests in cpu units. For example, 1000m or 1
requestsMemory No String Specific memory requests in memory units. For example, 1000M or 1G

Software AG Registry Credentials Secret

This secret named sag-registry-credentials is required to supply the Software AG Registry (registry.c8y.io) credentials to the Operator. The Operator explicitly searches for the secret named sag-registry-credentials, so you can't change its name. Create this secret before deploying or updating the Edge.

See sample Software AG Registry Credentials Secret manifest file.

This secret should contain the fields described in the table below.

Field Required Type Default Description
username Yes String Edge Repo username you received.
password Yes String Edge Repo password you received.
⚠️ **GitHub.com Fallback** ⚠️