Common Custom Resources Options =============================== A custom resource is an extension of the Kubernetes API that is not necessarily available in a default Kubernetes installation. It represents a customization of a particular Kubernetes installation. Once a custom resource is installed, users can create and access its objects using kubectl, just as they do for built-in resources like `Pods`. By our Custom Resources(CRs) you can define these options: * Database Specifications * Message Queue Specifications * Secret Injection * Issuer User can find out how these individual options are defined in `deploy/cuelang/*-crd.cue` files. In these files, you can also define your own CRs options. Examples of deployments with CRs can be found in `docs/examples`. Database Specifications ----------------------- With this option, user can define the specifications of the database. There are two required fields, which are `proxy` and `backup`. In field `proxy`, you can set the number of replicas. In the `backup` field you can specify the exact time when the database should be backed up. This `schedule` field is required. Except the exact time, you can also define the `targets`, where is your database backed up. Here user must define all required fields, which are `endpoint` as a string, name of the `bucket`, and reference to credentials `credentialRef`. For now, you can use only `s3` as your target(see the example of a database specs option). The last parameter you can set in your `backup` field is `mysqldump`, which acquires a boolean value. By default, it is set to false. Also, user can set the size and class name of the storage by defining these two fields `storageSize` and `storageClassName`. The last one what user can define is `mysqlConfig`, where CRD expects only the 4 keys: `mysqld`, `galera`, `client-server` or `sst`. The following is an example of a database specs option: .. code-block:: yaml database: replicas: 1 storageClassName: premium-perf4-stackit storageSize: 8Gi proxy: replicas: 1 backup: schedule: "*/5 * * * *" targets: s3: endpoint: https://cool.s3.endpoint bucket: mybucket addressingStyle: path credentialRef: name: backup-s3-password mysqlConfig: mysqld: max_connections: 1337 max_heap_table_size: 64M Message Queue Specifications ---------------------------- User can define options like the number of `replicas` and class name and size of the storage by customizing these two fields: `storageClassName`, `storageSize`. The following is an example of a Message Queue specs option: .. code-block:: yaml messageQueue: replicas: 1 storageSize: 2Gi storageClassName: bar-class Secret Injection ---------------- To include confidential values in the configuration you can use the field `*Secret`, where this field has the prefix `glance` or `keystone` based on the OpenStack component. This allows use to reference an external secret that is included at a specific path in the configuration. In this option are required fields `secretName` and `items`. In field `items` user must define `key`, which is part of the external secret, and specific `path`, where the external secret is included in the configuration. The following is an example of a secret injection option for glance: .. code-block:: yaml apiVersion: v1 kind: Secret metadata: name: mysecret data: mykey: "SomeValueAsBase64" --- apiVersion: yaook.cloud/v1 kind: GlanceDeployment metadata: name: glance spec: glanceSecrets: - secretName: mysecret items: - key: mykey path: /DEFAULT/transport_url Issuer ------ Issuer is Kubernetes resource that represents certificate authorities (CAs) that are able to generate signed certificates by honoring certificate signing requests. All cert-manager certificates require a referenced issuer that is in a ready condition to attempt to honor the request. By this option, users can easily by our CRs define `issuerRef` for all certificate templates. The following is an example of a issuer option: .. code-block:: yaml issuerRef: name: "ca-issuer" Ingress Specifications ---------------------- Many Yaook custom resources configure a Kubernetes `Ingress `_ to accept incoming HTTP(S) requests. The options for these ingresses are generally available under a resource-specifically located `ingress` key, which supports the following items: - `fqdn`: The FQDN on which the ingress should listen. - `port`: The external port number of the ingress. This is an information which is not declarative for the Ingress, but only used to form a URL for use with other services. - `ingressClassName`: Maps to the `ingressClassName` field on the Ingress. Please see the `Ingress Class section in the Ingress documentation `_ for more details. Container Resource Management ----------------------------- Whenever Yaook custom resources create workloads, the `containers' resources `_ can be managed via a `resources` attribute. These attributes have the following structure: .. code-block:: yaml resources: container-name-1: limits: {} requests: {} container-name-2: limits: {} requests: {} Please note: - Both `limits` and `requests` are optional. Remember that only specifying `limits` will set `requests` to the same values. - Container names are specific to each custom resource definition. Please refer to the definition or the installed resources for details. - In general, `resources` is a sibling key to `replicas`; in most places where you can set `replicas` (for instance, within `.spec.api` in a KeystoneDeployment), you can also set `resources`. Job Resource Management ----------------------- The resources for containers in jobs and cronjobs can also be specified via a top-level `jobResources` attribute. Here the job name is used as the key. .. code-block:: yaml jobResources: job-name-1-job: limits: {} requests: {} job-name-2-job: limits: {} requests: {} Again, please refer to the custom resource definition to find out the names of the jobs that can be managed.