Documentation

Unity Cloud

Get Started

Asset Manager SDKs and services

Open Unity Dashboard

Unity Cloud

Manifest reference

Reference for manifest.yaml, including the schema, initialization and validation commands, and an annotated example.
Read time 2 minutesLast updated 19 hours ago
manifest.yaml
is the single input that drives every vpctl operation. It enforces the schema at load time by using an embedded CUE schema. Commit it to version control.: the manifest acts as a controlled input for release upgrades: bumping 
releaseVersion
and any other field, and rerunning 
vpctl release generate
produces a reviewable diff your team can approve before deployment, and Argo CD or your CD picks it up from there. The manifest contains no secrets: secrets are generated separately by 
vpctl secret generate
from 
secrets.import.yaml
, which lives in your CI secret store or a vault, never in Git.

Initialize a manifest

If you don't already have one, generate one interactively: 
vpctl manifest init
This walks you through platform, release version, registry, namespace, autoscaling, monitoring, and ingress settings. The output defaults to 
./manifest.yaml
, you can override with 
--output
.

Validate a manifest

vpctl manifest validatevpctl manifest validate --file path/to/manifest.yaml
Validates against the embedded CUE schema. The validation catches missing required fields, disallowed values, and cross-field rules. For example, 
maxReplicas >= minReplicas
, a TLS certificate is required when TLS is enabled.

Annotated example

A minimal on-premises manifest looks like this: 
# manifest.yamlplatform: onprem                       # required: only "onprem" is documented for customer usereleaseVersion: 0.13.0                 # required: matches the release tag in the Unity registryartifactSync:  sourceRepository: uccmpprivatecloud.azurecr.io  concurrency: 5                       # parallel image/ORAS sync workers (default: 5)deployment:  # helmChartMode: "remote"            # default "local": charts come from the release package  argocd:                              # defaults for `release generate --format argocd`    repoURL: "git@github.com:your-org/your-argocd-charts.git"    pathPrefix: ""                     # subdirectory in the repo (e.g. "cluster1/")    destinationServer: "https://kubernetes.default.svc"    targetRevision: "main"configuration:  networking:    appDomain: uam.example.com         # the FQDN your customers reach the app at    allowedIngressCIDRs:               # IPs allowed to reach the LoadBalancer      - "203.0.113.0/24"    ingress:      traefik:        type: LoadBalancer        tls:          enabled: true          certificate: traefik-tls-cert  # name of the K8s Secret holding the cert    # trustedCaSecretName: my-ca-bundle  # K8s Secret (key ca-bundle.crt) mounted into Argo workflow pods; set when ingress TLS is signed by a private CA    serviceMesh:      istio:        enabled: false  kubernetes:    namespace: asset-solutions          # namespace where workloads are deployed    docker:      repository: registry.example.com  # your registry (used after `artifact sync`)      namespace: asset-solutions        # subpath/namespace within the registry    imagePullSecret: regcred            # K8s Secret holding registry pull credentials    autoscaling:      minReplicas: 1      maxReplicas: 10    storage:      defaultStorageClass: gp3      readWriteManyStorageClass: efs  transformations:    parallelism: 30                     # max concurrent transformation workflows  monitoring:    database:      enabled: true    prometheus:      enabled: true                     # auto-detected if Prometheus is already installed    logCollection:      enabled: true                     # Loki + Alloy  authentication:    x509:      enabled: false      # caSecretName: x509-ca-cert      # required when enabled  infrastructure:    sizing: medium                      # small | medium (default) | large    # components: { ... }               # per-component CPU/memory/storage overrides

Full schema reference

The annotated example above covers the most common fields. For the complete field list which include every type, default value, constraint, and cross-field rule, print the schema your installed vpctl is using: 
vpctl manifest schema
To export the CUE schema for standalone validation (useful in CI, without installing vpctl): 
vpctl manifest schema --export manifest.cuecue vet manifest.cue manifest.yaml -d '#Manifest'

Auto-discovery

vpctl searches upward from the current working directory for 
manifest.yaml
. Pass 
--manifest <path>
to override.