Validator Custom Resource Definition
This page provides an overview of the Validator Custom Resource Definition (CRD) used by Catalyst Blockchain Manager to deploy and manage Canton validators using Kubernetes. It describes the structure of the CRD and explains how each validator component is defined and configured.
|
A Custom Resource Definition (CRD) in Kubernetes is a way to extend the Kubernetes API by defining new, custom object types, allowing you to manage application-specific data. |
Structure of the specification
The CRD specification defines each validator component separately. The following sections describe where each component is configured within the CRD.
ANS/CNS UI
The Amulet/ Canton Name Service (ANS/CNS) UI configuration is located at:
spec.applicationCantonNameServer.specModifying components specification
Environment Variables
For all components, the environment variables are defined under spec.envVars
They follow the same structure and format used in Kubernetes Pods and Deployments.
Resources
Each component has a resource specification like this:
resources:
cpuLimit: '2'
cpuRequested: '1'
imagePullSecret: intellecteu-gitlab-access
memoryLimit: 2Gi
memoryRequested: 1Gi
replicas: 1-
cpuLimit: Maximum CPU allocation.
-
cpuRequested: Minimum CPU allocation.
-
memoryLimit: Maximum memory allocation.
-
memoryRequested: Minimum memory allocation.
-
replicas: Number of instances (can be set to 0 or 1).
To scale down a validator, set the 'replicas' field to 0 for all components.
Example
apiVersion: catalyst.manager.canton/v1
kind: Validator
metadata:
name: validator1st
namespace: canton-dev
spec:
application:
spec:
domain: participant-validator1st
resources:
cpuLimit: '2'
cpuRequested: '1'
imagePullSecret: intellecteu-gitlab-access
memoryLimit: 2Gi
memoryRequested: 1Gi
replicas: 1
type: backend
validatorParent: validator1st
status:
phase: Pending
applicationCantonNameServer:
spec:
domain: cns-validator1st
envVars:
- name: SPLICE_APP_CNS_UI_AUTH_URL
valueFrom:
# <removed for brevity>
image: >-
digitalasset-canton-network-docker.jfrog.io/digitalasset/ans-web-ui:0.3.15
resources:
cpuLimit: '1'
cpuRequested: '0.1'
imagePullSecret: intellecteu-gitlab-access
memoryLimit: 1536Mi
memoryRequested: 240Mi
replicas: 1
type: ui
status:
phase: Pending
applicationWallet:
spec:
domain: wallet-validator1st
envVars:
- name: SPLICE_APP_WALLET_UI_AUTH_URL
valueFrom:
# <removed for brevity>
image: >-
digitalasset-canton-network-docker.jfrog.io/digitalasset/wallet-web-ui:0.3.15
resources:
cpuLimit: '1'
cpuRequested: '0.1'
imagePullSecret: intellecteu-gitlab-access
memoryLimit: 1536Mi
memoryRequested: 240Mi
replicas: 1
type: ui
status:
phase: Pending
customAuth: false
disableAutoInit: false
envVars:
- name: ADDITIONAL_CONFIG_NO_ONBOARDING
value: canton.validator-apps.validator_backend.onboarding = null
# <removed for brevity>
image: digitalasset-canton-network-docker.jfrog.io/digitalasset/validator-app:0.3.15
imageRepo: digitalasset-canton-network-docker.jfrog.io/digitalasset
imageTag: 0.3.15
migrationAttachPVC: 'false'
migrationId: '0'
migrationMigrating: false
onboardingSecretName: cn-app-validator1st-onboarding-validator
participant:
spec:
adminPort: '5002'
auth: true
authProvider: keycloak
authorization:
jwksUrl: >-
https://keycloak.testing.catalyst.intellecteu.io/auth/realms/canton-dev/protocol/openid-connect/certs
daemon: false
enterprise: true
envVars:
- name: JAVA_TOOL_OPTIONS
value: '-Xms1152M -Xmx1152M -Dscala.concurrent.context.minThreads=4'
# <removed for brevity>
ha: false
image: >-
digitalasset-canton-network-docker.jfrog.io/digitalasset/canton-participant:0.3.15
jsonapi: false
jsonapiQueryStore: false
ledgerPort: '5001'
logLevel: INFO
navigator: false
resources:
cpuLimit: '2'
cpuRequested: '1'
imagePullSecret: intellecteu-gitlab-access
memoryLimit: 2Gi
memoryRequested: 1Gi
replicas: 1
storage: {}
storageType: Shared Postgres
status:
phase: Pending
resources:
cpuLimit: '2'
cpuRequested: '1'
imagePullSecret: intellecteu-gitlab-access
memoryLimit: 2Gi
memoryRequested: 1Gi
replicas: 1
storageSize: 20Gi
walletEnabled: true