diff --git a/operators/couchbase-enterprise-certified-rhmp/2.6.4-4/manifests/couchbase-v2.6.4.clusterserviceversion.yaml b/operators/couchbase-enterprise-certified-rhmp/2.6.4-4/manifests/couchbase-v2.6.4.clusterserviceversion.yaml new file mode 100644 index 000000000..587bd9b47 --- /dev/null +++ b/operators/couchbase-enterprise-certified-rhmp/2.6.4-4/manifests/couchbase-v2.6.4.clusterserviceversion.yaml @@ -0,0 +1,1410 @@ +--- +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + marketplace.openshift.io/remote-workflow: https://marketplace.redhat.com/en-us/operators/couchbase-enterprise-certified-rhmp/pricing?utm_source=openshift_console + marketplace.openshift.io/support-workflow: https://marketplace.redhat.com/en-us/operators/couchbase-enterprise-certified-rhmp/support?utm_source=openshift_console + alm-examples: |- + [ + { + "apiVersion": "couchbase.com/v2", + "kind": "CouchbaseCluster", + "metadata": { + "name": "cb-example" + }, + "spec": { + "image": "registry.connect.redhat.com/couchbase/server@sha256:033c0b2b8eb12ac63a158754dce20d9787a470c77252c60bd4d9e11f5b2dbc7a", + "cluster": { + "clusterName": "cb-example", + "dataServiceMemoryQuota": "256Mi", + "indexServiceMemoryQuota": "256Mi", + "searchServiceMemoryQuota": "256Mi", + "eventingServiceMemoryQuota": "256Mi", + "analyticsServiceMemoryQuota": "1Gi", + "indexStorageSetting": "memory_optimized", + "autoFailoverTimeout": "120s", + "autoFailoverMaxCount": 3, + "autoFailoverOnDataDiskIssues": true, + "autoFailoverOnDataDiskIssuesTimePeriod": "120s", + "autoFailoverServerGroup": false + }, + "upgradeStrategy": "RollingUpgrade", + "hibernate": false, + "hibernationStrategy": "Immediate", + "recoveryPolicy": "PrioritizeDataIntegrity", + "onlineVolumeExpansionTimeoutInMins": "20", + "security": { + "adminSecret": "cb-example-auth", + "rbac": { + "managed": true, + "selector": { + "matchLabels": { + "cluster": "cb-example" + } + } + } + }, + "xdcr": { + "managed": false, + "selector": { + "matchLabels": { + "cluster": "cb-example" + } + } + }, + "backup": { + "image": "registry.connect.redhat.com/couchbase/operator-backup@sha256:382511f532b0206d2bb0cecc8f91b055809b5ccf89136b6d37d55a40e266812f", + "managed": false, + "serviceAccountName": "couchbase-backup", + "selector": { + "matchLabels": { + "cluster": "cb-example" + } + } + }, + "monitoring": { + "prometheus": { + "enabled": false, + "image": "registry.connect.redhat.com/couchbase/exporter@sha256:de3bacf8233553452db1d9cec7c98b28d12c41aa025d830d6b7c5de0da9723b1" + } + }, + "networking": { + "exposeAdminConsole": true, + "adminConsoleServices": [ + "data" + ], + "exposedFeatures": [ + "xdcr" + ], + "exposedFeatureServiceType": "NodePort", + "adminConsoleServiceType": "NodePort", + "cloudNativeGateway": { + "image": "registry.connect.redhat.com/couchbase/cloud-native-gateway@sha256:50bbc00cce14ec968c9b8e9ef06a6c5bd2860d38d973cf7af7271d4ff66fe9cc" + } + }, + "buckets": { + "managed": true, + "selector": { + "matchLabels": { + "cluster": "cb-example" + } + } + }, + "logRetentionTime": "604800s", + "logRetentionCount": 20, + "enablePreviewScaling": false, + "servers": [ + { + "size": 3, + "name": "all_services", + "services": [ + "data", + "index", + "query", + "search", + "eventing", + "analytics" + ] + } + ] + }, + "status": { + "size": 0 + } + }, + { + "apiVersion": "couchbase.com/v2", + "kind": "CouchbaseBucket", + "metadata": { + "name": "default", + "labels": { + "cluster": "cb-example" + } + }, + "spec": { + "memoryQuota": "100Mi", + "replicas": 2, + "ioPriority": "low", + "evictionPolicy": "valueOnly", + "conflictResolution": "lww", + "enableFlush": false, + "enableIndexReplica": true, + "compressionMode": "passive" + }, + "status": {} + }, + { + "apiVersion": "couchbase.com/v2", + "kind": "CouchbaseEphemeralBucket", + "metadata": { + "name": "ephemeral-bucket", + "labels": { + "cluster": "cb-example" + } + }, + "spec": { + "memoryQuota": "100Mi", + "replicas": 2, + "ioPriority": "low", + "evictionPolicy": "noEviction", + "conflictResolution": "lww", + "enableFlush": false, + "compressionMode": "passive" + }, + "status": {} + }, + { + "apiVersion": "couchbase.com/v2", + "kind": "CouchbaseMemcachedBucket", + "metadata": { + "name": "memcached-bucket", + "labels": { + "cluster": "cb-example" + } + }, + "spec": { + "memoryQuota": "100Mi", + "enableFlush": false + }, + "status": {} + }, + { + "apiVersion": "couchbase.com/v2", + "kind": "CouchbaseUser", + "metadata": { + "name": "my-user", + "labels": { + "cluster": "cb-example" + } + }, + "spec": { + "fullName": "My User", + "authDomain": "local", + "authSecret": "cb-example-auth" + }, + "status": {} + }, + { + "apiVersion": "couchbase.com/v2", + "kind": "CouchbaseGroup", + "metadata": { + "name": "my-group", + "labels": { + "cluster": "cb-example" + } + }, + "spec": { + "roles": [ + { + "name": "bucket_admin", + "bucket": "default" + } + ] + }, + "status": {} + }, + { + "apiVersion": "couchbase.com/v2", + "kind": "CouchbaseRoleBinding", + "metadata": { + "name": "my-role-binding" + }, + "spec": { + "subjects": [ + { + "kind": "CouchbaseUser", + "name": "my-user" + } + ], + "roleRef": { + "kind": "CouchbaseGroup", + "name": "my-group" + } + }, + "status": {} + }, + { + "apiVersion": "couchbase.com/v2", + "kind": "CouchbaseReplication", + "metadata": { + "name": "my-replication", + "labels": { + "cluster": "cb-example" + } + }, + "spec": { + "bucket": "default", + "remoteBucket": "default", + "compressionType": "Snappy", + "filterExpression": "", + "paused": false + }, + "status": {} + }, + { + "apiVersion": "couchbase.com/v2", + "kind": "CouchbaseBackup", + "metadata": { + "name": "cb-backup", + "labels": { + "cluster": "cb-example" + } + }, + "spec": { + "strategy": "full_incremental", + "full": { + "schedule": "0 3 * * 6" + }, + "incremental": { + "schedule": "0 3 * * 1-6" + }, + "successfulJobsHistoryLimit": 1, + "failedJobsHistoryLimit": 3, + "backOffLimit": 2, + "backupRetention": "24h", + "logRetention": "24h", + "size": "5Gi" + }, + "status": {} + }, + { + "apiVersion": "couchbase.com/v2", + "kind": "CouchbaseBackupRestore", + "metadata": { + "name": "cb-restore", + "labels": { + "cluster": "cb-example" + } + }, + "spec": { + "backup": "cb-backup", + "repo": "cb-example-2020-10-29T19_00_03", + "start": { + "int": 1 + }, + "end": { + "int": 1 + }, + "backOffLimit": 2, + "logRetention": "24h" + }, + "status": {} + }, + { + "apiVersion": "couchbase.com/v2", + "kind": "CouchbaseCollectionGroup", + "metadata": { + "name": "my-collection-group" + }, + "spec": { + "maxTTL": "", + "names": ["my-collection"] + }, + "status": {} + }, + { + "apiVersion": "couchbase.com/v2", + "kind": "CouchbaseCollection", + "metadata": { + "name": "my-collection" + }, + "spec": { + "maxTTL": "", + "name": "my-collection" + }, + "status": {} + }, + { + "apiVersion": "couchbase.com/v2", + "kind": "CouchbaseScopeGroup", + "metadata": { + "name": "my-scope-group" + }, + "spec": { + "collections": {}, + "names": ["my-scope"] + }, + "status": {} + }, + { + "apiVersion": "couchbase.com/v2", + "kind": "CouchbaseScope", + "metadata": { + "name": "my-scope" + }, + "spec": { + "collections": {}, + "name": "my-scope" + }, + "status": {} + }, + { + "apiVersion": "couchbase.com/v2", + "kind": "CouchbaseMigrationReplication", + "metadata": { + "name": "default-migration" + }, + "migrationMapping": { + "mappings": [] + }, + "spec": { + "bucket": "default", + "remoteBucket": "default" + } + }, + { + "apiVersion": "couchbase.com/v2", + "kind": "CouchbaseAutoscaler", + "metadata": { + "name": "do.not.create.internal.only" + }, + "spec": { + "servers": "internal", + "size": 2 + }, + "status": { + "labelSelector": "", + "size": 2 + } + } + ] + operators.openshift.io/infrastructure-features: '["Disconnected"]' + features.operators.openshift.io/disconnected: "true" + features.operators.openshift.io/fips-compliant: "false" + features.operators.openshift.io/proxy-aware: "false" + features.operators.openshift.io/tls-profiles: "false" + features.operators.openshift.io/token-auth-aws: "false" + features.operators.openshift.io/token-auth-azure: "false" + features.operators.openshift.io/token-auth-gcp: "false" + features.operators.openshift.io/cnf: "false" + features.operators.openshift.io/cni: "false" + features.operators.openshift.io/csi: "false" + capabilities: "Auto Pilot" + categories: "Database" + certified: "true" + createdAt: 2023/04/28 + description: The Couchbase Autonomous Operator allows users to easily deploy, manage, and maintain Couchbase deployments + support: Couchbase, Inc + name: couchbase-operator.v2.6.4-4 +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: Manages Clusters + displayName: Couchbase Cluster + kind: CouchbaseCluster + name: couchbaseclusters.couchbase.com + resources: + - kind: CouchbaseCluster + version: v2 + - kind: ConfigMap + version: v1 + - kind: Service + version: v1 + - kind: Pod + version: v1 + specDescriptors: + - description: Cluster name override + displayName: Cluster name + path: cluster.clusterName + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: This object allows configuration of global Couchbase security settings and RBAC. + displayName: Security + path: security + - description: The name of the secret object that stores the admin credentials. + displayName: Admin Secret + path: security.adminSecret + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + - description: Specifies whether the Operator should manage Couchbase RBAC. + displayName: RBAC managed + path: security.rbac.managed + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Specifies the labels of RBAC resources to be selected and managed. + displayName: RBAC selector + path: security.rbac.selector + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:selector:core:v1:ConfigMap + - description: This field specifies the image that should be used. + displayName: Image + path: image + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: Specifies whether to manage buckets and how to select which bucket resources to use. + displayName: Buckets + path: buckets + - description: Specifies whether the Operator should manage Couchbase buckets. + displayName: Buckets managed + path: buckets.managed + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Specifies the labels of buckets to be selected and managed. + displayName: Buckets selector + path: buckets.selector + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:selector:core:v1:ConfigMap + - description: Specifies whether the Operator should manage Couchbase XDCR replications. + displayName: XDCR managed + path: xdcr.managed + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Specifies the labels of Replication resources to be selected and managed. + displayName: XDCR selector + path: xdcr.selector + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:selector:core:v1:ConfigMap + - description: Defines whether the Automated Backup feature is enabled for the cluster. + displayName: Backup enabled + path: backup.managed + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Specifies the labels of Backup resources to be selected and managed. + displayName: Backup selector + path: backup.selector + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:selector:core:v1:ConfigMap + - description: Defines whether the Prometheus metric collection is enabled for the cluster. + displayName: Monitoring enabled + path: monitoring.prometheus.enabled + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Specifies the labels of Backup resources to be selected and managed. + displayName: Backup selector + path: monitoring.prometheus.selector + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:selector:core:v1:ConfigMap + - description: This object allows the configuration of the Couchbase cluster topology. + displayName: Servers + path: servers + - description: This object allows configuration of network related options. + displayName: Networking + path: networking + - description: The name of the secret object that stores the server's TLS + certificate. + displayName: Server TLS Secret + path: networking.tls.static.serverSecret + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + - description: The name of the secret object that stores the Operator's TLS + certificate. + displayName: Operator TLS Secret + path: networking.tls.static.operatorSecret + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + - description: Specifies if the Operator will manage this cluster. + displayName: Paused + path: paused + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Specifies if the Couchbase Server Web Console will be exposed + externally. + displayName: Expose Console + path: networking.exposeAdminConsole + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Specifies whether or not two pods in this cluster can be deployed + on the same Kubernetes node. + displayName: Anti Affinity + path: antiAffinity + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Specifies if update notifications will be displayed in the + Couchbase UI. + displayName: Show Update Notifications + path: softwareUpdateNotifications + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Specifies if the Operator will create or delete buckets. + displayName: Disable Bucket Management + path: disableBucketManagement + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: The desired number of member Pods for the Couchbase cluster. + displayName: Size + path: servers[0].size + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podCount + - description: The services that should be run on nodes (data, index, query, search, eventing and analytics) + displayName: Services + path: servers[0].services + - description: The set of server groups to schedule pods in (overrides top-level serverGroups) + displayName: ServerGroups + path: servers[0].serverGroups + - description: The maximum number of failover events tolerated before manual + intervention is required. + displayName: Auto Failover Max Count + path: cluster.autoFailoverMaxCount + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:slider + - urn:alm:descriptor:com.tectonic.ui:sliderStart:1 + - description: LDAP settings for external user authentication + displayName: LDAP Settings + path: security.ldap + - description: List of LDAP hosts Operator should connect to for authentication + displayName: Hosts + path: security.ldap.hosts + - description: The port Operator should use connect when connecting to hosts + displayName: Port + path: security.ldap.port + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: The type of encryption to use for connection with the LDAP server (None, TLS, StartTLSExtension) + displayName: Encryption + path: security.ldap.encryption + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: The set of server groups to schedule pods in. + displayName: ServerGroups + path: serverGroups + statusDescriptors: + - description: The desired number of member Pods for the deployment. + displayName: Size + path: size + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podCount + - description: Explanation for the current status of the application. + displayName: Status Details + path: reason + x-descriptors: + - urn:alm:descriptor:io.kubernetes.phase:reason + - description: The status of each of the member Pods for the Couchbase cluster. + displayName: Member Status + path: members + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podStatuses + - description: The current version of the Couchbase cluster. + displayName: Current Version + path: currentVersion + - description: The cluster identifier as provided by the Couchbase cluster. + displayName: Cluster ID + path: clusterID + - description: Specifies if the Operator is currently managing this cluster. + displayName: Control Paused + path: controlPaused + - description: The port that the web console can be accessed on from any node + in the Kubernetes cluster. + displayName: Admin Console Port + path: adminConsolePort + - description: The SSL port that the web console can be accessed on from any + node in the Kubernetes cluster. + displayName: SSL Admin Console Port + path: adminConsolePortSSL + - description: Conditions for the cluster + displayName: Conditions + path: conditions + x-descriptors: + - urn:alm:descriptor:io.kubernetes.conditions + version: v2 + - kind: CouchbaseBucket + name: couchbasebuckets.couchbase.com + description: Manages Buckets + displayName: Couchbase Bucket + version: v2 + resources: + - kind: CouchbaseBucket + version: v2 + - kind: CouchbaseCluster + version: v2 + - kind: ConfigMap + version: v1 + - kind: Service + version: v1 + - kind: Pod + version: v1 + specDescriptors: + - description: The name of a couchbase bucket. + displayName: Bucket Name + path: memoryQuota + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:resourceRequirements + - description: The number of replicas that should be created for this bucket. + displayName: Bucket Replicas + path: replicas + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: The IO priority of background threads for this bucket (low | high) + displayName: IO priority + path: ioPriority + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: The in-memory cache eviction policy for this bucket (valueOnly | fullEviction) + displayName: Eviction Policy + path: evictionPolicy + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: The bucket's conflict resolution mechanism (seqno | lww) + displayName: Conflict Resolution + path: conflictResolution + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: The choice to enable bucket flushing + displayName: Enable Flush + path: enableFlush + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: The compression mode for this bucket (off | passive | active) + displayName: Compression Mode + path: compressionMode + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: This field specifies whether or not to enable view index replicas for this bucket. + displayName: Enable Index Replica + path: enableIndexReplica + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - kind: CouchbaseEphemeralBucket + name: couchbaseephemeralbuckets.couchbase.com + description: Manages Ephemeral Buckets + displayName: Couchbase Ephemeral Bucket + version: v2 + resources: + - kind: CouchbaseEphemeralBucket + version: v2 + - kind: CouchbaseCluster + version: v2 + - kind: ConfigMap + version: v1 + - kind: Service + version: v1 + - kind: Pod + version: v1 + specDescriptors: + - description: The name of a couchbase ephemeral bucket. + displayName: Bucket Name + path: memoryQuota + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:resourceRequirements + - description: The number of replicas that should be created for this bucket. + displayName: Bucket Replicas + path: replicas + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: The IO priority of background threads for this bucket (low | high) + displayName: IO priority + path: ioPriority + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: The in-memory cache eviction policy for this bucket (valueOnly | fullEviction) + displayName: Eviction Policy + path: evictionPolicy + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: The bucket's conflict resolution mechanism (seqno | lww) + displayName: Conflict Resolution + path: conflictResolution + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: The choice to enable bucket flushing + displayName: Enable Flush + path: enableFlush + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: The compression mode for this bucket (off | passive | active) + displayName: Compression Mode + path: compressionMode + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - kind: CouchbaseMemcachedBucket + name: couchbasememcachedbuckets.couchbase.com + description: Manages Memcached Buckets + displayName: Couchbase Memcached Bucket + version: v2 + resources: + - kind: CouchbaseMemcachedBucket + version: v2 + - kind: CouchbaseCluster + version: v2 + - kind: ConfigMap + version: v1 + - kind: Service + version: v1 + - kind: Pod + version: v1 + specDescriptors: + - description: The name of a couchbase memcached bucket. + displayName: Bucket Name + path: memoryQuota + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:resourceRequirements + - description: The choice to enable bucket flushing + displayName: Enable Flush + path: enableFlush + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - kind: CouchbaseUser + name: couchbaseusers.couchbase.com + description: Manages RBAC Users + displayName: Couchbase User + version: v2 + resources: + - kind: CouchbaseUser + version: v2 + - kind: CouchbaseCluster + version: v2 + - kind: ConfigMap + version: v1 + - kind: Service + version: v1 + - kind: Pod + version: v1 + specDescriptors: + - description: The user full name. + displayName: Full Name + path: fullName + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: The domain used to authenticate user (local | ldap) + displayName: Auth Domain + path: authDomain + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: The Secret containing user password + displayName: Auth Secret + path: authSecret + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + - kind: CouchbaseGroup + name: couchbasegroups.couchbase.com + description: Manages RBAC Groups + displayName: Couchbase Groups + version: v2 + resources: + - kind: CouchbaseGroup + version: v2 + - kind: CouchbaseCluster + version: v2 + - kind: ConfigMap + version: v1 + - kind: Service + version: v1 + - kind: Pod + version: v1 + specDescriptors: + - description: This field is a list of roles to be associated with a user or group of users. + displayName: Roles + path: roles + - kind: CouchbaseRoleBinding + name: couchbaserolebindings.couchbase.com + description: Manages RBAC Binding + displayName: Couchbase Role Binding + version: v2 + resources: + - kind: CouchbaseRoleBinding + version: v2 + - kind: CouchbaseCluster + version: v2 + - kind: ConfigMap + version: v1 + - kind: Service + version: v1 + - kind: Pod + version: v1 + specDescriptors: + - description: This field defines the resource to extract the roles from. + displayName: Role Reference + path: roleRef + - description: This field is a list of subjects to a apply role to. + displayName: Subjects + path: subjects + - kind: CouchbaseReplication + name: couchbasereplications.couchbase.com + description: Manages Couchbase Replications + displayName: Couchbase Replications + version: v2 + resources: + - kind: CouchbaseReplication + version: v2 + - kind: CouchbaseCluster + version: v2 + specDescriptors: + - description: The local bucket to replicate from. Must be a CouchbaseBucket or CouchbaseEphemeralBucket + displayName: Bucket Name + path: bucket + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: The remote bucket to replicate to. Must be a CouchbaseBucket or CouchbaseEphemeralBucket + displayName: Remote Bucket Name + path: remoteBucket + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: The compression type to use when replicating data. (None | Auto | Snappy) + displayName: Compression Type + path: compressionType + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: This field controls what documents are replicated to the remote cluster + displayName: Filter Expression + path: filterExpression + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: This field controls whether a replication is paused or not + displayName: Replication Paused + path: paused + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - kind: CouchbaseBackup + name: couchbasebackups.couchbase.com + description: Manages Backups + displayName: Couchbase Backup + resources: + - kind: CronJob + name: "" + version: batch/v1 + - kind: CouchbaseRoleBinding + version: v2 + - kind: CouchbaseCluster + version: v2 + - kind: ConfigMap + version: v1 + - kind: Service + version: v1 + - kind: Pod + version: v1 + version: v2 + specDescriptors: + - description: The backup strategy to use (full_only | full_incremental) + displayName: Backup Strategy + path: strategy + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: The schedule a user wants the Operator to perform a full backup of the cluster. + displayName: Full Backup Schedule + path: full.schedule + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: The schedule a user wants the Operator to perform an incremental backup of the cluster. + displayName: Incremental Backup Schedule + path: incremental.schedule + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: The amount of successful jobs to keep + displayName: Job History Limit + path: successfulJobsHistoryLimit + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: The field defines the size of the Persistent Volume to store backups. + displayName: Size + path: size + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:resourceRequirements + - description: The field defines the schedule to use for full backup. + displayName: Full + path: full + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: This field defines the schedule a user wants the Operator to perform an incremental backup of the cluster. + displayName: Incremental + path: incremental + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: This field defines the amount of times one backup job will try to perform a backup. + displayName: Back Off Limit + path: backOffLimit + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: This field defines the time period in which to retain existing backups. + displayName: Backup Retention + path: backupRetention + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: This field defines the time period in which to retain backup logs. + displayName: Log Retention Time + path: logRetention + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: This field defines the amount of failed jobs to keep before Kubernetes starts deleting older ones. + displayName: Failed Jobs History Limit + path: failedJobsHistoryLimit + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - kind: CouchbaseBackupRestore + name: couchbasebackuprestores.couchbase.com + description: Manages Backup Restores + displayName: Couchbase Backup Restore + resources: + - kind: CouchbaseBackupRestore + version: v2 + version: v2 + specDescriptors: + - description: The backup name to restore from + displayName: Backup Name + path: backup + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: The repo name where the backup we which to restore is located + displayName: Repository + path: repo + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: The index of the first backup to restore with 1 being the oldest (default) + displayName: Start Range + path: start.int + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: The index of the last backup to restore with 1 being the oldest (default) + displayName: End Range + path: end.int + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: The amount of times the restore job will try to perform a restore + displayName: Back Off Limit + path: backOffLimit + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: The time period in which to retain backup logs + displayName: Log Retention Time + path: logRetentionTime + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - kind: CouchbaseCollectionGroup + name: couchbasecollectiongroups.couchbase.com + description: Manages RBAC Collection Groups + displayName: Couchbase Collection Groups + version: v2 + resources: + - kind: CouchbaseCollectionGroup + version: v2 + specDescriptors: + - description: MaxTTL defines how long a document is permitted to exist. + displayName: MaxTTL + path: maxTTL + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: Names specifies the names of the collections. + displayName: Names + path: names + - kind: CouchbaseCollection + name: couchbasecollections.couchbase.com + description: Manages RBAC Collections + displayName: Couchbase Collection + version: v2 + resources: + - kind: CouchbaseCollection + version: v2 + specDescriptors: + - description: MaxTTL defines how long a document is permitted to exist. + displayName: MaxTTL + path: maxTTL + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: Name specifies the name of the collection. + displayName: Name + path: name + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - kind: CouchbaseScopeGroup + name: couchbasescopegroups.couchbase.com + description: Manages RBAC Scope Groups + displayName: Couchbase Scope Group + version: v2 + resources: + - kind: CouchbaseScopeGroup + version: v2 + specDescriptors: + - description: Collections defines how to collate collections included in this scope or scope group. + displayName: Collections + path: collections + - description: Managed indicates whether collections within this scope are managed. + displayName: Managed + path: collections.managed + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: PreserveDefaultCollection indicates whether the Operator should manage the default collection within the default scope. + displayName: Preserve Default Collection + path: collections.preserveDefaultCollection + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Resources is an explicit list of named resources that will be considered for inclusion in this scope or scopes. + displayName: Collection Resources + path: collections.resources + - description: Kind indicates the kind of resource that is being referenced. A scope can only reference CouchbaseCollection and CouchbaseCollectionGroup resource kinds. + displayName: Resource Kind + path: collections.resources[0].kind + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: Name of the Kubernetes resource name that is being referenced. + displayName: Resource Name + path: collections.resources[0].name + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: Name of the Kubernetes resource name that is being referenced. + displayName: Selector + path: collections.resources[0].selector + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:selector:core:v1:ConfigMap + - description: DefaultScope indicates whether this resource represents the default scope for a bucket. + displayName: Default Scope + path: defaultScope + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Names specifies the names of the scopes belonging to this group. + displayName: Names + path: names + - kind: CouchbaseScope + name: couchbasescopes.couchbase.com + description: Manages RBAC Scopes + displayName: Couchbase Scope + version: v2 + resources: + - kind: CouchbaseScope + version: v2 + specDescriptors: + - description: Collections defines how to collate collections included in this scope or scope group. + displayName: Collections + path: collections + - description: Managed indicates whether collections within this scope are managed. + displayName: Managed + path: collections.managed + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: PreserveDefaultCollection indicates whether the Operator should manage the default collection within the default scope. + displayName: Preserve Default Collection + path: collections.preserveDefaultCollection + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Resources is an explicit list of named resources that will be considered for inclusion in this scope or scopes. + displayName: Collection Resources + path: collections.resources + - description: Kind indicates the kind of resource that is being referenced. A scope can only reference CouchbaseCollection and CouchbaseCollectionGroup resource kinds. + displayName: Resource Kind + path: collections.resources[0].kind + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: Name of the Kubernetes resource name that is being referenced. + displayName: Resource Name + path: collections.resources[0].name + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: Name of the Kubernetes resource name that is being referenced. + displayName: Selector + path: collections.resources[0].selector + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:selector:core:v1:ConfigMap + - description: DefaultScope indicates whether this resource represents the default scope for a bucket. + displayName: Default Scope + path: defaultScope + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Name specifies the name of the scope. + displayName: Name + path: name + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - kind: CouchbaseMigrationReplication + name: couchbasemigrationreplications.couchbase.com + description: Special migration mapping within XDCR to take a filtered list from the default scope and collection of the source to target bucket. + displayName: Couchbase Migration Replication + resources: + - kind: CouchbaseMigrationReplication + version: v2 + version: v2 + specDescriptors: + - description: The migration mappings to use. + displayName: Migration Mapping + path: migrationMapping + - description: List of mapping filters. + displayName: Mappings + path: migrationMapping.mappings + - description: Bucket is the source bucket to replicate from. + displayName: Bucket + path: bucket + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: RemoteBucket is the remote bucket name to synchronize to. + displayName: RemoteBucket + path: remoteBucket + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - kind: CouchbaseAutoscaler + name: couchbaseautoscalers.couchbase.com + description: Internal Autoscaling Management Resource + displayName: Couchbase Autoscaler + resources: + - kind: CouchbaseAutoscaler + version: v2 + version: v2 + specDescriptors: + - description: The size of the related server config + displayName: Size + path: size + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:int + description: | + The Couchbase Autonomous Operator allows users to easily deploy, manage, and maintain Couchbase deployments on OpenShift. By installing this integration you will be able to deply Couchbase Server clusters with a single command. + + ## Supported Features + + * **Automated cluster provisioning** - Deploying a Couchbase Cluster has never been easier. Fill out a Couchbase specific configuration and let the Couchbase Operator take care of provisioning nodes and setting up cluster to your exact specification. + + * **On-demand scalability** - Automatically scale your cluster up or down by changing a simple configuration parameter and let the Couchbase Operator handle provisioning of new nodes and joining them into the cluster. + + * **Auto-recovery** - Detect Couchbase node failures, rebalance out bad nodes, and bring the cluster back up to the desired capacity. Auto-recovery is completely automated so you can sleep easy through the night knowing that the Couchbase Operator will handle any failures. + + * **Geo-distribution** - Replicate your data between datacenters to move data closer to the users who consume it and protect against disaster scenarios where an entire datacenter becomes unavailable. + + * **Persistent storage** - Define persistent network-attached storage for each node in your cluster to allow pods to be recovered even if the node they were running on is no longer available. + + * **Rack/zone awareness** - Tell the Couchbase Operator about availability zones in your datacenter and let the operator take care of ensuring that nodes in your cluster are deployed equally across each zone. + + * **Supportability** - When things go wrong, use the cbopinfo tool provided with the Couchbase Operator to collect relevant data about your Couchbase deployment so that you can quickly address issues. + + * **Centralized configuration management** - Manage your configuration centrally with OpenShift. Updates to the configuration are watched by the Couchbase Operator and actions are taken to make the target cluster match the desired configuration. + ## Required Parameters + * `authSecret` - provide the name of a secret that contains two keys for the `username` and `password` of the super user ([documentation](https://docs.couchbase.com/operator/1.2/couchbase-cluster-config.html)) + + ## About Couchbase Server + + Built on the most powerful NoSQL technology, Couchbase Server delivers unparalleled performance at scale, in any cloud. With features like memory-first architecture, geo-distributed deployments, and workload isolation, Couchbase Server excels at supporting mission-critical applications at scale while maintaining submillisecond latencies and 99.999% availability. Plus, with the most comprehensive SQL-compatible query language (N1QL), migrating from RDBMS to Couchbase Server is easy with ANSI joins. + displayName: Couchbase Operator + icon: + - base64data: iVBORw0KGgoAAAANSUhEUgAAAK4AAACvCAYAAABkUOVLAAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAOxAAADsQBlSsOGwAAABl0RVh0U29mdHdhcmUAd3d3Lmlua3NjYXBlLm9yZ5vuPBoAABLSSURBVHic7d17cFz1dQfw77l39ZZlgbHNpH7IxliPlVaStX7gMEVOmeCQQBoIpjNtKYmhbtJ0KFACbdOZlDZMYSAuk0AYDKVDMgVMgU5CsGlpbFLHD7wrrx4rycaWReIkY2wj62FJ1t77O/1DMjEeW3ufe3dX5zPjGY907+93bH/90+7de88PEEIIIYQQQggROAq6gHywr6ZmjlZQMJtSKCOgEABMhMp1GCMAwMAEF+CMSqUGV/f2ngq22vwgwU1jR2trqOLk0NWsVD2Il4JRxUAVgReD6Aow5gDQbAypQDgF5pMM+oCAfmY6SoSj0M3Ovs6a9zfgVdOvP0++kOCehwGKNzRUs6mtJcJagJrAHAZQnMEyxkGUBDhBjF+wrvZEOzt7Mzh/TpjxwX2vvn6hzqH1SvF6Ir4OoDlB13QRJwl4l5m3GwXYvqaj41jQBQVtRgY3VtPQAF3bAOCLYDQEXY9tTB0g/i8FbF3V3Z4MupwgzJjgxsIti4hTX2HgdoBqg67HQ0kQXlFk/vuqrq5fBV1MpuR1cHe0toYqjg/cBKK7GXwD7L2Jyi0EE8xvg7Utw/Mr31y3c6cRdEl+ysvg7qqunlWsFX0VhPsAWhR0PQH4LYOeLdLNJyOdnQNBF+OHvAru3vr6+SGlfxPAXQAqgq4ncIRBBj9bqOPxxo6OD4Mux0t5Edx9NTVzNK34rwh8H4BZQdeThc4AeN7QzEfWdHUdD7oYL+R0cHcvuKakYNbYfUT8ICSwVgwB/C/Do0Ob1/X3jwddjBs5G9x4OHITg54EY0nQteSgXzHzt6I9HT8kgIMuxomcC248vGIZs/ksgHVB15LrCPyO0nnTys7OvqBrsStngrujtTU06/hHfwmi7wAoC7qevEEYY6bHqET/TjQeTwVdjlU5EdxYQ0MNG/RDIooGXUu+ImC/ofAnq3vbDwVdixVZf0F+f23kDphaTELrLwZW6joSsdrIPUHXYkXWrrgHmpoqzQl+AcAfBl3LTMOM181U8VfWHN43FHQtl5KVwY01NNTApNfz7J6CXPM+M9+ysqejK+hCLibrXirEaxtvh6nFJLSBu5qI9sTqmm4LupCLyargxmoj9zDhPyBXDbJFOcCv7K9r+nbQhVwoK14q7GhtDVV8OPB9BjYFXYu4OAZeoJLQpmy5ZBZ4cGMtLaUYM14HcEPQtYh0+K2JobIvrz22ZyzoSgINbnskUpYy6McAPhNkHcI6Bv3cnCi6KegrDoEFt6Oh4bIJU9sGYHVQNQjH9uqF9LnmROJ0UAUE8uasPRIpmzC1H0NCm6vWmBO8fVd1dWB35GU8uLsXXFOSStGbAK7N9NzCU6uL9eJt7ZFIIFeAMhrcWEtLQWHF6BsgtGZyXuGbT6cMbN3R2hrK9MQZDS6NGd+DXD3IM3TjrBMDz2R61owFNxZu/Ae5TpunGBtj4caHMjllRq4qxGsbb2fCS5maTwSCmfi2lcmO1zIxme9BitU0NEDT9kA+xp0JRhSwJhPddXx9qbCrunoWNG0rJLQzRbkGvB5b2jLb74l8DW6xXvwigBo/5xBZZzmKzef8nsS34MbqGv8CchP4DMVf3l8b2ejnDL68xp16EvcAgHI/xhc54Qyb3LLyYMdBPwb3fMXd0doaUsp4CRLama6MdHpxK27T/Rjc8+DOOjFwvzzYKKasWho+5MvDl56+VNhXHVmi69QJuYogfmcUmhmJdnUd8XJQT1dcXafnIaEVn1QKU3/a60E9C268rnEDpC2SuBjCZ+O1jV/ydkgP7KiqKp5VOrsHQJUX44m81Dc8Ohj2qkukJytueUnl/ZDQiuktnVU227M3aq5X3H01NXN0ragP0gFcpEMYnICxdG0y+ZHboVyvuJpe+CAktMIKxuwi6Pd5MZSrFbdtWfNcVaj6IB82COtGCkJ8lds9KVytuKpQPQgJrbCnPJUi16uu4xV377LVFaGi8V+C4fstbCLvDGE8tCjaFx90OoDjFbeg4OwmCa1wqIJLjK+6GcDRihtraSnAmHEEwEI3k4sZ7YPheZctc7oDpqMVl84aN0FCK9xZXH7ioxudnuwouErhbqcTCnEOKXKcI9svFWLhlkVg4yiyrLfulBEAKYCHATIAFAJYEHBNmWYAOAZAAagAoQyMkoBrujiCaehctaaj45jdUx10IDHuRCZDSxgD4+fE6IZGR5jxITMN6DpOK6QGTMM4rZeVDV2qb2t7JDLPMOl+ZjyA/H48/iyAByaGSp+7sA0oA9TZ0FA5SlRGE1Sq6TSXFOaC+EoCz1dMczXClYp5MRE1AijISMUMvcDAHQAesXuq/RW3LtKdoTb3bQQ8yiWhN6Px+KjbwWLhpi1gvsuLwrIS4aFosv1Rt8PEWlpKeTR1MxHdC2CVB5VNj9AZTbZH7J9mw1SPhA67k9h0hhlfi/a0/8jL7Trb6pujSqn9Xo2XbUIGFjQdav+1V+MxQPG6xk0AngBQ6tW4F0OaXtfS1dZj5xx7P/J1bYOt4+07Tpq5dmVPu+d7zA6ODGTl7jEeGW881P4bLwckgKPd7c+AcAMIjj8osEQZtnNlL7js6+PmZ5VGt7R0dfmyok/dBzrhx9hZ4KRfm0lHk+27oOiP4eNm1QyyfZO55eC+V1+/EEC93QmsIuLHV3Uldvs1/pSc3CncAl//XNGexE8Z2OLjFJG26uZP2TnBcnB1Dq23X49FhEGtQHvct/GFa2aI/wmTVy78QKaubOXLcnCVYt+CS8C2IPcTEOlNXmvl//VrfAK8Dy4DRITfd1aSpQn+27exhZfe9nHs69jGVS5LwW2rX1ED4ArHJaVhKq3Pr7GFh1jztDfCBeYlapuWWT3YUnCVMq9xXk96IR0n/BxfeENpcPXUgoXxP231WEvBJcJa5+Wkpyjl14t+4aEQka9XL1gpyzmz9uaM0ey4GiEsIqImq8emDe7UVkB1rioSwgIm1Fvt7pg2uLNPDC4HUOy6KiHSYZQsrjl0lZVD0wZXMYfdVySENaGQtU9n07/GJbb0P0AIL7DipVaOSxtcYukJJjKHmaqsHJc2uCzN7EQGEfESK8dZuBzGi9wWI4R1tNjKUVau485zWYkQdsy1ctC0wWVAA1GlN/UIYcnlVm62mTa4e8LhSjB82e5HiEsIJZqa0rb2mja4RSi63Lt6hLDGMM20uZu2r4LJZlE2dv1wikA/A1RmegZkELOWV3fX6SqU9pPaaYOrMReB8qeHRkt3wnGvKpE5Brgw3THTLqg02cJIiIzSWBWlPWa6b7JGDlo0CeESUdqXc9OvuIod9S4Vwg220P8i3XXcfG2gIbIYgyS4IvfopKV9lGva4GpayJPtK4Www8oziNMG9yzOut4BUAi76EzhqXTHTBvca5LJ0yCY3pUkRFqplr74ULqD0l3HVWAMeFeTEGl9ZKXzpJX7cfPq40SR9U5aOchCcOmXbisRwjr+wMpRVu6hOeqyEiEsYyZLebPwlC/63RYjhFVE1hZKCw9Lsp8d+oT4BGJY6tyZ/vF0jfN50w+RbTS909Jh6Q7o66x5H4SxdMe5oZuhfLpfXTg3uiLZ5s2KuwGvmgB1u6/p0kyoWX6OL7xhgst9nqKLJrdyTcvqSnfARTFpkUaWHkkWwdIU+9qqgIGE5VosDci8x3k5FsYHLPdFFcFRxL52pgfzL6weam3FNa0P6IjCZ3wdX7jGgEZMX/BzjhA0ywukpeBGD3YcgsWP4hwhXL+vOmKpZ5QIRiwcuR2A5c1FHDje3JN43+rB1vaAAJiAd53XlL4OXcf3fRxfuBBb3nIFMbnemT0NW/myfBmKmbfbr8UOunF/OPKYnb2uhP9iLS2lHDJeBrDQz3kIsJUvy8E1CrAdPu8ZS0wPxMONr03tGywCFgu3LOLx1DsE/IHPUzFzyFZwba1usXBjBxgN9mpyZBSElxj0QjSZ2GP12p7wRmJ54+8ZBdgIxjcBlGViymh3u62dnez1TWC8AWQkuKVgbCTwxnhd4+kYYxcIbcx8hDTq0wytb8XBA7/JQB15a0dVVXFlSeVCU+MFrHghaVQFxhIQNRjgpow2OyS8Yf8UG96rawxrQLbcuzAOoA+Eo1B8EkQnQTjBjBMgPsmknaSUOqVo4uSq3t6BmbJqb8VtelW4e65manM1jeYp0uYDfCUYiwEsYuYFRLQQwPyga/2YrmqjnZ29dk6x/UYoVtfYBSAXd+IZBTAC0DAIp6F4GMAIaRhRjCEQj5Kis9BwBsAEgUYApBTUMLFmMOMMLnjen3Ue1Q3T1q6YrGsVrDQdAIj4MmCq1RVN/kjmyY9VCwAQFCrPfV9NfZ/A5QAVMEPXiCsYVIHJH+flACoAVCKX3uAydUR7Eo12T7PfYonwChgP2z4veKWTv3geGB//0/K5yxhMk7+ZevvJU7+hqS9O9v775HtTUgBrNu8PYoBIXfili7/tpd99ny74IhHAOZTPSyL1spPTbN+VZej8gjz5KzxihAx60cmJtoO7pqPjGJjfdjKZEOcj0FtNh9p/7eRcZ/fBsrbF0XlCnI/Uc05PdRTc4fmVbwIsT/8KN/qH5l6+zenJjoK7budOA0RPOp1UCIA3r9u503EbW8ePzIwb41tAGHR6vpjRBkrI/Dc3AzgO7rUHDw4z+Fk3k4uZiUE/CCeTI27GcPWQIqUKHgMw7GYMMeOM6BP0r24HcRXc6KH4SQBPuS1CzCCMzSsOH3Ddj871Y+F6IT0K4LTbccQMQBgsDKnNXgzlOrjNicRpgB/zohiR55j/OdLZ6UnbWk8acZSQ+QQAy88LiZmIjsyeGP2eV6N5EtxwMjlBGh7yYiyRn4jUvVcfPmzrTrppx/NqIACI10X+h0HXezmmyH0E2ub1drSe9uzSlHY3gDNejily3qjSzW94PainwW3uTfQT0z96OabIbcT09ys7Oy01srPD8y6JQ/MrNxOw3+txRU7ae6Tnas/ekJ3Pl1voY/X1V0HpBwBIF8aZ64ypsGJ1b/shPwb3pS9ttKvrCBHd78fYIjcQ0Tf8Ci3g80N1+2sbXyPCLX7OIbIPE15ZmWz/Iz/n8LUT+Fk1ficAX5tCiyxDOGieLf5z/6fx2f7qSDXp9B4mH50W+W1EI231iuQB3xcr3/deWHmw4yBAd8HnvmMicIoYd2QitEAGggsA0e7EqwT+VibmEsEgpodaetptt1JyPF+mJgKAWLjpaTB/LZNzigwgei6aTNydySkzu01TsX4PwG9ldE7hKwZ+Mjy3MuOLUcZ7+OxecE1JYcXoTwGsy/TcwnM/Gx4d/Py6/v7xTE+c8Y3x1h7bM4aS0BcA/F+m5xae2ltCxheDCC0QQHABIBqPj+qFdDOAvUHML9whxm6Mh9a7fVLXjcC2Im1OJE4XhPh6Ar8TVA3CPiJ+d0yNr4/2xQPtqRHoHrqNHR1nzg6V3Sxv2HIDAz8ZOjO0/tqDBwNvSRD45s9rj+0Z6+uuvhnETwddi5gG4XkqCd0a1GvaC2VVZ+BYbeQeEH0XWfAfSnyMGfTwyu7Et4Mu5HxZFVwA2B+O3EpML0Du5c0GQ8S4M5OfiFmVdcEFgH01jct1Da8jN/eayA+Eg4px66ru9mTQpVxMVv5IXt3bfsiYKF4L0H8GXctMxIRXxo3xldkaWiBLV9zz7a+N3EFET2FyVxnhr2Ei+puWZCLru3BmfXAB4EBt09Um8Y8ArAq6ljy2l0j/05Zk2+GgC7EiJ4ILAAxobeGmu5j5Ccjq66VREB7uSy5/fANezZndlHImuOfsq44s0TV6BoTPBl1LriPQNk3h6829if6ga7Er54J7TjwcuYlZ2wzwVUHXkoMOA/R30e7Eq0EX4lTOBhcA3l+2rGiwqOyvAfwtGLODricHnCamR4q11JPhZHIi/eHZK6eDe86u6upZxaHir0MCfCkjYDxVGFKPetWfNmh5Edxz2pY1z1UF6n4QNmFyM+aZboBBP1Bq/Lure3tPBV2Ml/IquOckw+HyMaVvBNG9ABYHXU8A+kF4BmOhZ4K+/dAveRncc3a0tobKPzz9eWK+Cxo+B4YedE2+IZjMeEsj3nIkWf1WLl3aciKvg3u+vZHIAj2l/RlpfDsYDUHX4xmmDpB6OWTQi043dM5FMya454vXr6iFMjYw6EsAIsitvwcG0A7CG9DU1mhnZ2/QBQUhl/7BfNFW3fwpU1frCVgP4DoA84Ku6SKOA3iXgO3Moe3Rnvhvgy4oaDM+uBfaV9O4PKTTWlZqLQPNRFQHoDSDJYwSkFTAASLarSvsbu5JyI5GF5DgprEVt+mLaw5dpencQIwlICwBowqgKgBzpn6FbAxpADg1+Yv7mekoEfeTRn2aSZ1NPYkjBCiv/xz5RoLrgQNNTZWGaV6ucUERjFQpAJgIleswJh/fDhWMKkqdDen6R5MbGgohhBBCCCGEEEIIIYQQQgghhBAz1v8D+o/bXqYjxQQAAAAASUVORK5CYII= + mediatype: image/png + install: + spec: + deployments: + - name: couchbase-operator + spec: + replicas: 1 + selector: + matchLabels: + app: couchbase-operator + strategy: {} + template: + metadata: + labels: + app: couchbase-operator + spec: + containers: + - args: + - --pod-create-timeout=10m0s + command: + - couchbase-operator + env: + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.annotations['olm.targetNamespaces'] + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: RELATED_IMAGE_COUCHBASE_SERVER + value: registry.connect.redhat.com/couchbase/server@sha256:033c0b2b8eb12ac63a158754dce20d9787a470c77252c60bd4d9e11f5b2dbc7a + - name: RELATED_IMAGE_COUCHBASE_BACKUP + value: registry.connect.redhat.com/couchbase/operator-backup@sha256:382511f532b0206d2bb0cecc8f91b055809b5ccf89136b6d37d55a40e266812f + - name: RELATED_IMAGE_COUCHBASE_METRICS + value: registry.connect.redhat.com/couchbase/exporter@sha256:de3bacf8233553452db1d9cec7c98b28d12c41aa025d830d6b7c5de0da9723b1 + - name: RELATED_IMAGE_COUCHBASE_CLOUD_NATIVE_GATEWAY + value: registry.connect.redhat.com/couchbase/cloud-native-gateway@sha256:50bbc00cce14ec968c9b8e9ef06a6c5bd2860d38d973cf7af7271d4ff66fe9cc + - name: RELATED_IMAGE_COUCHBASE_SERVER_7_2_6_2 + value: registry.connect.redhat.com/couchbase/server@sha256:4e0d41b559c5d536aa06709457d6c788fd039b0c915c14f2d429213bdfeff824 + - name: RELATED_IMAGE_COUCHBASE_SERVER_7_6_2_3 + value: registry.connect.redhat.com/couchbase/server@sha256:643272bd58b0b584863400d281f1dcb147099c7f2120a947347be4b1f97391a7 + - name: RELATED_IMAGE_COUCHBASE_SERVER_7_6_3_4 + value: registry.connect.redhat.com/couchbase/server@sha256:437cd5aa05ff057b17f47d2500dec7cefca21682eb0f4badff4538dc164bc1a7 + image: registry.connect.redhat.com/couchbase/operator@sha256:1f0a6865c360a14ba98706fd6fe8dff3bdbdede32e3622f93f19c82e377ca33f + name: couchbase-operator + ports: + - containerPort: 8080 + name: http + - containerPort: 8383 + name: prometheus + resources: {} + serviceAccountName: couchbase-operator + permissions: + - rules: + - apiGroups: + - batch + resources: + - jobs + - cronjobs + verbs: + - list + - watch + - create + - update + - delete + - apiGroups: + - couchbase.com + resources: + - couchbaseclusters + - couchbaseclusters/finalizers + verbs: + - get + - list + - watch + - update + - apiGroups: + - couchbase.com + resources: + - couchbasereplications + - couchbasemigrationreplications + - couchbaseusers + - couchbasegroups + - couchbaserolebindings + - couchbasebackups + verbs: + - list + - watch + - apiGroups: + - couchbase.com + resources: + - couchbasebuckets + - couchbaseephemeralbuckets + - couchbasememcachedbuckets + - couchbasescopes + - couchbasescopegroups + - couchbasecollections + - couchbasecollectiongroups + verbs: + - list + - watch + - create + - apiGroups: + - couchbase.com + resources: + - couchbasebackuprestores + verbs: + - list + - watch + - delete + - apiGroups: + - couchbase.com + resources: + - couchbaseautoscalers + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - couchbase.com + resources: + - couchbaseautoscalers/status + verbs: + - update + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - "" + resources: + - pods + - pods/status + - services + - persistentvolumeclaims + verbs: + - get + - list + - watch + - create + - update + - delete + - patch + - apiGroups: + - "" + resources: + - events + verbs: + - list + - create + - update + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - create + - update + - list + - watch + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - get + - create + - delete + - list + - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - create + - update + serviceAccountName: couchbase-operator + strategy: deployment + relatedImages: + - name: couchbase-operator + image: registry.connect.redhat.com/couchbase/operator@sha256:1f0a6865c360a14ba98706fd6fe8dff3bdbdede32e3622f93f19c82e377ca33f + - name: couchbase-server + image: registry.connect.redhat.com/couchbase/server@sha256:033c0b2b8eb12ac63a158754dce20d9787a470c77252c60bd4d9e11f5b2dbc7a + - name: couchbase-backup + image: registry.connect.redhat.com/couchbase/operator-backup@sha256:382511f532b0206d2bb0cecc8f91b055809b5ccf89136b6d37d55a40e266812f + - name: couchbase-metrics + image: registry.connect.redhat.com/couchbase/exporter@sha256:de3bacf8233553452db1d9cec7c98b28d12c41aa025d830d6b7c5de0da9723b1 + - name: couchbase-cloud-native-gateway + image: registry.connect.redhat.com/couchbase/cloud-native-gateway@sha256:50bbc00cce14ec968c9b8e9ef06a6c5bd2860d38d973cf7af7271d4ff66fe9cc + - name: couchbase-server-7_2_6_2 + image: registry.connect.redhat.com/couchbase/server@sha256:4e0d41b559c5d536aa06709457d6c788fd039b0c915c14f2d429213bdfeff824 + - name: couchbase-server-7_6_2_3 + image: registry.connect.redhat.com/couchbase/server@sha256:643272bd58b0b584863400d281f1dcb147099c7f2120a947347be4b1f97391a7 + - name: couchbase-server-7_6_3_4 + image: registry.connect.redhat.com/couchbase/server@sha256:437cd5aa05ff057b17f47d2500dec7cefca21682eb0f4badff4538dc164bc1a7 + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: true + type: AllNamespaces + keywords: + - couchbase + - database + - key value + - nosql + - open source + labels: + alm-owner-couchbase: couchbaseoperator + operated-by: couchbaseoperator + links: + - name: Couchbase + url: https://www.couchbase.com + - name: Documentation + url: https://docs.couchbase.com/operator/current/overview.html + - name: Downloads + url: https://www.couchbase.com/downloads + maintainers: + - email: support@couchbase.com + name: Couchbase + maturity: stable + minKubeVersion: 1.23.0 + provider: + name: Couchbase + selector: + matchLabels: + alm-owner-couchbase: couchbaseoperator + operated-by: couchbaseoperator + version: 2.6.4-4 + skips: + - couchbase-operator.v2.6.4-3 diff --git a/operators/couchbase-enterprise-certified-rhmp/2.6.4-4/manifests/couchbaseautoscalers.couchbase.com.yaml b/operators/couchbase-enterprise-certified-rhmp/2.6.4-4/manifests/couchbaseautoscalers.couchbase.com.yaml new file mode 100644 index 000000000..0052a8860 --- /dev/null +++ b/operators/couchbase-enterprise-certified-rhmp/2.6.4-4/manifests/couchbaseautoscalers.couchbase.com.yaml @@ -0,0 +1,89 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + config.couchbase.com/version: 2.6.4 + controller-gen.kubebuilder.io/version: v0.8.0 + name: couchbaseautoscalers.couchbase.com +spec: + group: couchbase.com + names: + kind: CouchbaseAutoscaler + listKind: CouchbaseAutoscalerList + plural: couchbaseautoscalers + shortNames: + - cba + singular: couchbaseautoscaler + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.size + name: size + type: string + - jsonPath: .spec.servers + name: servers + type: string + name: v2 + schema: + openAPIV3Schema: + description: CouchbaseAutoscaler provides an interface for the Kubernetes + Horizontal Pod Autoscaler to interact with the Couchbase cluster and provide + autoscaling. This resource is not defined by the end user, and is managed + by the Operator. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CouchbaseAutoscalerSpec allows control over an autoscaling + group. + properties: + servers: + description: Servers specifies the server group that this autoscaler + belongs to. + minLength: 1 + type: string + size: + description: Size allows the server group to be dynamically scaled. + minimum: 0 + type: integer + required: + - servers + - size + type: object + status: + description: CouchbaseAutoscalerStatus provides information to the HPA + to assist with scaling server groups. + properties: + labelSelector: + description: LabelSelector allows the HPA to select resources to monitor + for resource utilization in order to trigger scaling. + type: string + size: + description: Size is the current size of the server group. + minimum: 1 + type: integer + required: + - labelSelector + - size + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.labelSelector + specReplicasPath: .spec.size + statusReplicasPath: .status.size + status: {} diff --git a/operators/couchbase-enterprise-certified-rhmp/2.6.4-4/manifests/couchbasebackuprestores.couchbase.com.yaml b/operators/couchbase-enterprise-certified-rhmp/2.6.4-4/manifests/couchbasebackuprestores.couchbase.com.yaml new file mode 100644 index 000000000..00f47247c --- /dev/null +++ b/operators/couchbase-enterprise-certified-rhmp/2.6.4-4/manifests/couchbasebackuprestores.couchbase.com.yaml @@ -0,0 +1,431 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + config.couchbase.com/version: 2.6.4 + controller-gen.kubebuilder.io/version: v0.8.0 + name: couchbasebackuprestores.couchbase.com +spec: + group: couchbase.com + names: + kind: CouchbaseBackupRestore + listKind: CouchbaseBackupRestoreList + plural: couchbasebackuprestores + shortNames: + - cbrestore + singular: couchbasebackuprestore + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.capacityUsed + name: capacity used + type: string + - jsonPath: .status.lastRun + name: last run + type: string + - jsonPath: .status.lastSuccess + name: last success + type: string + - jsonPath: .status.duration + name: duration + type: string + - jsonPath: .status.running + name: running + type: boolean + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v2 + schema: + openAPIV3Schema: + description: CouchbaseBackupRestore allows the restoration of all Couchbase + cluster data from a CouchbaseBackup resource. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CouchbaseBackupRestoreSpec allows the specification of data + restoration to be configured. This includes the backup and repository + to restore data from, and the time range of data to be restored. + properties: + backoffLimit: + default: 2 + description: Number of times the restore job should try to execute. + format: int32 + type: integer + backup: + description: The backup resource name associated with this restore, + or the backup PVC name to restore from. + type: string + buckets: + description: DEPRECATED - by spec.data. Specific buckets can be explicitly + included or excluded in the restore, as well as bucket mappings. This + field is now ignored. + type: object + x-kubernetes-preserve-unknown-fields: true + data: + description: Data allows control over what key-value/document data + is included in the restore. By default, all data is included. + properties: + exclude: + description: Exclude defines the buckets, scopes or collections + that are excluded from the backup. When this field is set, it + implies that by default everything will be backed up, and data + items can be explicitly excluded. You may define an exclusion + as a bucket -- `my-bucket`, a scope -- `my-bucket.my-scope`, + or a collection -- `my-bucket.my-scope.my-collection`. Buckets + may contain periods, and therefore must be escaped -- `my\.bucket.my-scope`, + as period is the separator used to delimit scopes and collections. Excluded + data cannot overlap e.g. specifying `my-bucket` and `my-bucket.my-scope` + is illegal. This field cannot be used at the same time as included + items. + items: + description: BucketScopeOrCollectionNameWithDefaults is the + name of a fully qualifed bucket, scope or collection. The + _default scope and collection are valid for this type. As + these names are period separated, and buckets can contain + periods, the latter need to be escaped. This specification + is based on cbbackupmgr. + pattern: ^(?:[a-zA-Z0-9\-_%]|\\.){1,100}(\._default(\._default)?|\.[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,29}(\.[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,29})?)?$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + filterKeys: + description: FilterKeys only restores documents whose names match + the provided regular expression. + type: string + filterValues: + description: FilterValues only restores documents whose values + match the provided regular expression. + type: string + include: + description: Include defines the buckets, scopes or collections + that are included in the restore. When this field is set, it + implies that by default nothing will be restored, and data items + must be explicitly included. You may define an inclusion as + a bucket -- `my-bucket`, a scope -- `my-bucket.my-scope`, or + a collection -- `my-bucket.my-scope.my-collection`. Buckets + may contain periods, and therefore must be escaped -- `my\.bucket.my-scope`, + as period is the separator used to delimit scopes and collections. Included + data cannot overlap e.g. specifying `my-bucket` and `my-bucket.my-scope` + is illegal. This field cannot be used at the same time as excluded + items. + items: + description: BucketScopeOrCollectionNameWithDefaults is the + name of a fully qualifed bucket, scope or collection. The + _default scope and collection are valid for this type. As + these names are period separated, and buckets can contain + periods, the latter need to be escaped. This specification + is based on cbbackupmgr. + pattern: ^(?:[a-zA-Z0-9\-_%]|\\.){1,100}(\._default(\._default)?|\.[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,29}(\.[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,29})?)?$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + map: + description: Map allows data items in the restore to be remapped + to a different named container. Buckets can be remapped to other + buckets e.g. "source=target", scopes and collections can be + remapped to other scopes and collections within the same bucket + only e.g. "bucket.scope=bucket.other" or "bucket.scope.collection=bucket.scope.other". Map + sources may only be specified once, and may not overlap. + items: + description: RestoreMapping allows data to be migrated on restore. + properties: + source: + description: Source defines the data source of the mapping, + this may be either a bucket, scope or collection. + pattern: ^(?:[a-zA-Z0-9\-_%]|\\.){1,100}(\._default(\._default)?|\.[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,29}(\.[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,29})?)?$ + type: string + target: + description: Target defines the data target of the mapping, + this may be either a bucket, scope or collection, and + must refer to the same type as the restore source. + pattern: ^(?:[a-zA-Z0-9\-_%]|\\.){1,100}(\._default(\._default)?|\.[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,29}(\.[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,29})?)?$ + type: string + required: + - source + - target + type: object + type: array + x-kubernetes-list-map-keys: + - source + x-kubernetes-list-type: map + type: object + end: + description: End denotes the last backup to restore from. Omitting + this field will only restore the backup referenced by start. This + may be specified as an integer index (starting from 1), a string + specifying a short date DD-MM-YYYY, the backup name, or one of either + `start` or `oldest` keywords. + properties: + int: + description: Int references a relative backup by index. + minimum: 1 + type: integer + str: + description: Str references an absolute backup by name. + type: string + type: object + forceUpdates: + description: Forces data in the Couchbase cluster to be overwritten + even if the data in the cluster is newer than the restore + type: boolean + logRetention: + default: 168h + description: 'Number of hours to hold restore script logs for, everything + older will be deleted. More info: https://golang.org/pkg/time/#ParseDuration' + type: string + objectStore: + description: The remote destination for backup. + properties: + endpoint: + description: Endpoint contains the configuration for connecting + to a custom Azure/S3/GCP compliant object store. If set will + override `CouchbaseCluster.spec.backup.objectEndpoint` See https://docs.couchbase.com/server/current/backup-restore/cbbackupmgr-cloud.html#compatible-object-stores + properties: + secret: + description: The name of the secret, in this namespace, that + contains the CA certificate for verification of a TLS endpoint + The secret must have the key with the name "tls.crt" + type: string + url: + description: The host/address of the custom object endpoint. + type: string + useVirtualPath: + description: UseVirtualPath will force the AWS SDK to use + the new virtual style paths which are often required by + S3 compatible object stores. + type: boolean + type: object + secret: + description: ObjStoreSecret must contain two fields, access-key-id, + secret-access-key and optionally either region or refresh-token. + These correspond to the fields used by cbbackupmgr https://docs.couchbase.com/server/current/backup-restore/cbbackupmgr-backup.html#optional-2 + type: string + uri: + description: URI is a reference to a remote object store. This + is the prefix of the object store and the bucket name. i.e s3://bucket, + az://bucket or gs://bucket. + pattern: ^(az|s3|gs)://.{3,}$ + type: string + useIAM: + description: Whether to allow the backup SDK to attempt to authenticate + using the instance metadata api. If set, will override `CouchbaseCluster.spec.backup.useIAM`. + type: boolean + type: object + repo: + description: Repo is the backup folder to restore from. If no repository + is specified, the backup container will choose the latest. + type: string + s3bucket: + description: DEPRECATED - by spec.objectStore.uri Name of S3 bucket + to restore from. If non-empty this overrides local backup. + pattern: ^s3://[a-z0-9-\.\/]{3,63}$ + type: string + services: + default: {} + description: This list accepts a certain set of parameters that will + disable that data and prevent it being restored. + properties: + analytics: + default: true + description: Analytics restores analytics datasets from the backup. This + field defaults to true. + type: boolean + bucketConfig: + description: BucketConfig restores all bucket configuration settings. + If you are restoring to cluster with managed buckets, then this + option may conflict with existing bucket settings, and the results + are undefined, so avoid use. This option is intended for use + with unmanaged buckets. Note that bucket durability settings + are not restored in versions less than and equal to 1.1.0, and + will need to be manually applied. This field defaults to false. + type: boolean + bucketQuery: + default: true + description: BucketQuery enables the backup of query metadata + for all buckets. This field defaults to `true`. + type: boolean + clusterAnalytics: + default: true + description: ClusterAnalytics enables the backup of cluster-wide + analytics data, for example synonyms. This field defaults to + `true`. + type: boolean + clusterQuery: + default: true + description: ClusterQuery enables the backup of cluster level + query metadata. This field defaults to `true`. + type: boolean + data: + default: true + description: Data restores document data from the backup. This + field defaults to true. + type: boolean + eventing: + default: true + description: Eventing restores eventing functions from the backup. This + field defaults to true. + type: boolean + ftAlias: + default: true + description: FTAlias restores full-text search aliases from the + backup. This field defaults to true. + type: boolean + ftIndex: + default: true + description: FTIndex restores full-text search indexes from the + backup. This field defaults to true. + type: boolean + gsiIndex: + default: true + description: GSIIndex restores document indexes from the backup. This + field defaults to true. + type: boolean + views: + default: true + description: Views restores views from the backup. This field + defaults to true. + type: boolean + type: object + stagingVolume: + default: + size: 20Gi + description: StagingVolume contains configuration related to the ephemeral + volume used as staging when restoring from a cloud backup. + properties: + size: + anyOf: + - type: integer + - type: string + default: 20Gi + description: 'Size allows the specification of a staging volume. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes + The ephemeral volume will only be used when restoring from a + cloud provider, if the backup job was created using ephemeral + storage. Otherwise the restore job will share a staging volume + with the backup job.' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + type: string + x-kubernetes-int-or-string: true + storageClassName: + description: Name of StorageClass to use. + type: string + type: object + start: + description: Start denotes the first backup to restore from. This + may be specified as an integer index (starting from 1), a string + specifying a short date DD-MM-YYYY, the backup name, or one of either + `start` or `oldest` keywords. + properties: + int: + description: Int references a relative backup by index. + minimum: 1 + type: integer + str: + description: Str references an absolute backup by name. + type: string + type: object + threads: + default: 1 + description: How many threads to use during the restore. + minimum: 1 + type: integer + ttlSecondsAfterFinished: + description: Number of seconds to elapse before a completed job is + deleted. + format: int32 + minimum: 0 + type: integer + type: object + status: + description: CouchbaseBackupRestoreStatus provides status indications + of a restore from backup. This includes whether or not the restore + is running, whether the restore succeed or not, and the duration the + restore took. + properties: + archive: + description: Location of Backup Archive. + type: string + backups: + description: Backups gives us a full list of all backups and their + respective repository locations. + items: + properties: + full: + description: Full backup inside the repository. + type: string + incrementals: + description: Incremental backups inside the repository. + items: + type: string + type: array + name: + description: Name of the repository. + type: string + required: + - name + type: object + type: array + duration: + description: 'Duration tells us how long the last restore took. More + info: https://golang.org/pkg/time/#ParseDuration' + type: string + failed: + description: Failed indicates whether the most recent restore has + failed. + type: boolean + job: + description: DEPRECATED - field may no longer be populated. Job tells + us which job is running/ran last. + type: string + lastFailure: + description: LastFailure tells us the time the last failed restore + failed. + format: date-time + type: string + lastRun: + description: LastRun tells us the time the last restore job started. + format: date-time + type: string + lastSuccess: + description: LastSuccess gives us the time the last successful restore + finished. + format: date-time + type: string + output: + description: DEPRECATED - field may no longer be populated. Output + reports useful information from the backup process. + type: string + pod: + description: DEPRECATED - field may no longer be populated. Pod tells + us which pod is running/ran last. + type: string + repo: + description: Repo is where we are currently performing operations. + type: string + running: + description: Running indicates whether a restore is currently being + performed. + type: boolean + required: + - failed + - running + type: object + required: + - spec + type: object + served: true + storage: true diff --git a/operators/couchbase-enterprise-certified-rhmp/2.6.4-4/manifests/couchbasebackups.couchbase.com.yaml b/operators/couchbase-enterprise-certified-rhmp/2.6.4-4/manifests/couchbasebackups.couchbase.com.yaml new file mode 100644 index 000000000..a7b72b54c --- /dev/null +++ b/operators/couchbase-enterprise-certified-rhmp/2.6.4-4/manifests/couchbasebackups.couchbase.com.yaml @@ -0,0 +1,457 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + config.couchbase.com/version: 2.6.4 + controller-gen.kubebuilder.io/version: v0.8.0 + name: couchbasebackups.couchbase.com +spec: + group: couchbase.com + names: + kind: CouchbaseBackup + listKind: CouchbaseBackupList + plural: couchbasebackups + shortNames: + - cbbackup + singular: couchbasebackup + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.strategy + name: strategy + type: string + - jsonPath: .spec.size + name: volume size + type: string + - jsonPath: .status.capacityUsed + name: capacity used + type: string + - jsonPath: .status.lastRun + name: last run + type: string + - jsonPath: .status.lastSuccess + name: last success + type: string + - jsonPath: .status.running + name: running + type: boolean + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v2 + schema: + openAPIV3Schema: + description: CouchbaseBackup allows automatic backup of all data from a Couchbase + cluster into persistent storage. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CouchbaseBackupSpec is allows the specification of how a + Couchbase backup is configured, including when backups are performed, + how long they are retained for, and where they are backed up to. + properties: + autoScaling: + description: AutoScaling allows the volume size to be dynamically + increased. When specified, the backup volume will start with an + initial size as defined by `spec.size`, and increase as required. + properties: + incrementPercent: + default: 20 + description: IncrementPercent controls how much the volume is + increased each time the threshold is exceeded, upto a maximum + as defined by the limit. This field defaults to 20 if not specified. + minimum: 0 + type: integer + limit: + anyOf: + - type: integer + - type: string + description: 'Limit imposes a hard limit on the size we can autoscale + to. When not specified no bounds are imposed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + type: string + x-kubernetes-int-or-string: true + thresholdPercent: + default: 20 + description: ThresholdPercent determines the point at which a + volume is autoscaled. This represents the percentage of free + space remaining on the volume, when less than this threshold, + it will trigger a volume expansion. For example, if the volume + is 100Gi, and the threshold 20%, then a resize will be triggered + when the used capacity exceeds 80Gi, and free space is less + than 20Gi. This field defaults to 20 if not specified. + maximum: 99 + minimum: 0 + type: integer + type: object + backoffLimit: + default: 2 + description: Number of times a backup job should try to execute. Once + it hits the BackoffLimit it will not run until the next scheduled + job. + format: int32 + type: integer + backupRetention: + default: 720h + description: 'Number of hours to hold backups for, everything older + will be deleted. More info: https://golang.org/pkg/time/#ParseDuration' + type: string + data: + description: Data allows control over what key-value/document data + is included in the backup. By default, all data is included. Modifications + to this field will only take effect on the next full backup. + properties: + exclude: + description: Exclude defines the buckets, scopes or collections + that are excluded from the backup. When this field is set, it + implies that by default everything will be backed up, and data + items can be explicitly excluded. You may define an exclusion + as a bucket -- `my-bucket`, a scope -- `my-bucket.my-scope`, + or a collection -- `my-bucket.my-scope.my-collection`. Buckets + may contain periods, and therefore must be escaped -- `my\.bucket.my-scope`, + as period is the separator used to delimit scopes and collections. Excluded + data cannot overlap e.g. specifying `my-bucket` and `my-bucket.my-scope` + is illegal. This field cannot be used at the same time as included + items. + items: + description: BucketScopeOrCollectionNameWithDefaults is the + name of a fully qualifed bucket, scope or collection. The + _default scope and collection are valid for this type. As + these names are period separated, and buckets can contain + periods, the latter need to be escaped. This specification + is based on cbbackupmgr. + pattern: ^(?:[a-zA-Z0-9\-_%]|\\.){1,100}(\._default(\._default)?|\.[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,29}(\.[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,29})?)?$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + include: + description: Include defines the buckets, scopes or collections + that are included in the backup. When this field is set, it + implies that by default nothing will be backed up, and data + items must be explicitly included. You may define an inclusion + as a bucket -- `my-bucket`, a scope -- `my-bucket.my-scope`, + or a collection -- `my-bucket.my-scope.my-collection`. Buckets + may contain periods, and therefore must be escaped -- `my\.bucket.my-scope`, + as period is the separator used to delimit scopes and collections. Included + data cannot overlap e.g. specifying `my-bucket` and `my-bucket.my-scope` + is illegal. This field cannot be used at the same time as excluded + items. + items: + description: BucketScopeOrCollectionNameWithDefaults is the + name of a fully qualifed bucket, scope or collection. The + _default scope and collection are valid for this type. As + these names are period separated, and buckets can contain + periods, the latter need to be escaped. This specification + is based on cbbackupmgr. + pattern: ^(?:[a-zA-Z0-9\-_%]|\\.){1,100}(\._default(\._default)?|\.[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,29}(\.[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,29})?)?$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + type: object + defaultRecoveryMethod: + default: none + description: DefaultRecoveryMethod specifies how cbbackupmgr should + recover from broken backup/restore attempts. + enum: + - none + - resume + - purge + type: string + ephemeralVolume: + default: false + description: EphemeralVolume sets backup to use an ephemeral volume + instead of a persistent volume. This is used when backing up to + a remote cloud provider, where a persistent volume is not needed. + type: boolean + failedJobsHistoryLimit: + default: 3 + description: Amount of failed jobs to keep. + format: int32 + minimum: 0 + type: integer + full: + description: Full is the schedule on when to take full backups. Used + in Full/Incremental and FullOnly backup strategies. + properties: + schedule: + description: Schedule takes a cron schedule in string format. + type: string + required: + - schedule + type: object + incremental: + description: Incremental is the schedule on when to take incremental + backups. Used in Full/Incremental backup strategies. + properties: + schedule: + description: Schedule takes a cron schedule in string format. + type: string + required: + - schedule + type: object + logRetention: + default: 168h + description: 'Number of hours to hold script logs for, everything + older will be deleted. More info: https://golang.org/pkg/time/#ParseDuration' + type: string + objectStore: + description: ObjectStore allows for backing up to a remote cloud storage. + properties: + endpoint: + description: Endpoint contains the configuration for connecting + to a custom Azure/S3/GCP compliant object store. If set will + override `CouchbaseCluster.spec.backup.objectEndpoint` See https://docs.couchbase.com/server/current/backup-restore/cbbackupmgr-cloud.html#compatible-object-stores + properties: + secret: + description: The name of the secret, in this namespace, that + contains the CA certificate for verification of a TLS endpoint + The secret must have the key with the name "tls.crt" + type: string + url: + description: The host/address of the custom object endpoint. + type: string + useVirtualPath: + description: UseVirtualPath will force the AWS SDK to use + the new virtual style paths which are often required by + S3 compatible object stores. + type: boolean + type: object + secret: + description: ObjStoreSecret must contain two fields, access-key-id, + secret-access-key and optionally either region or refresh-token. + These correspond to the fields used by cbbackupmgr https://docs.couchbase.com/server/current/backup-restore/cbbackupmgr-backup.html#optional-2 + type: string + uri: + description: URI is a reference to a remote object store. This + is the prefix of the object store and the bucket name. i.e s3://bucket, + az://bucket or gs://bucket. + pattern: ^(az|s3|gs)://.{3,}$ + type: string + useIAM: + description: Whether to allow the backup SDK to attempt to authenticate + using the instance metadata api. If set, will override `CouchbaseCluster.spec.backup.useIAM`. + type: boolean + type: object + s3bucket: + description: DEPRECATED - by spec.objectStore.uri Name of S3 bucket + to backup to. If non-empty this overrides local backup. + pattern: ^s3://[a-z0-9-\.\/]{3,63}$ + type: string + services: + default: {} + description: Services allows control over what services are included + in the backup. By default, all service data and metadata are included. Modifications + to this field will only take effect on the next full backup. + properties: + analytics: + default: true + description: Analytics enables the backup of analytics data. This + field defaults to `true`. + type: boolean + bucketConfig: + default: true + description: BucketConfig enables the backup of bucket configuration. + This field defaults to `true`. + type: boolean + bucketQuery: + default: true + description: BucketQuery enables the backup of query metadata + for all buckets. This field defaults to `true`. + type: boolean + clusterAnalytics: + default: true + description: ClusterAnalytics enables the backup of cluster-wide + analytics data, for example synonyms. This field defaults to + `true`. + type: boolean + clusterQuery: + default: true + description: ClusterQuery enables the backup of cluster level + query metadata. This field defaults to `true`. + type: boolean + data: + default: true + description: Data enables the backup of key-value data/documents + for all buckets. This can be further refined with the couchbasebackups.spec.data + configuration. This field defaults to `true`. + type: boolean + eventing: + default: true + description: Eventing enables the backup of eventing service metadata. + This field defaults to `true`. + type: boolean + ftsAliases: + default: true + description: FTSAliases enables the backup of full-text search + alias definitions. This field defaults to `true`. + type: boolean + ftsIndexes: + default: true + description: FTSIndexes enables the backup of full-text search + index definitions for all buckets. This field defaults to `true`. + type: boolean + gsIndexes: + default: true + description: GSIndexes enables the backup of global secondary + index definitions for all buckets. This field defaults to `true`. + type: boolean + views: + default: true + description: Views enables the backup of view definitions for + all buckets. This field defaults to `true`. + type: boolean + type: object + size: + anyOf: + - type: integer + - type: string + default: 20Gi + description: 'Size allows the specification of a backup persistent + volume, when using volume based backup. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + type: string + x-kubernetes-int-or-string: true + storageClassName: + description: Name of StorageClass to use. + type: string + strategy: + default: full_incremental + description: 'Strategy defines how to perform backups. `full_only` + will only perform full backups, and you must define a schedule in + the `spec.full` field. `full_incremental` will perform periodic + full backups, and incremental backups in between. You must define + full and incremental schedules in the `spec.full` and `spec.incremental` + fields respectively. Care should be taken to ensure full and incremental + schedules do not overlap, taking into account the backup time, as + this will cause failures as the jobs attempt to mount the same backup + volume. To cause a backup to occur immediately use `immediate_incremental` + or `immediate_full` for incremental or full backups respectively. + This field default to `full_incremental`. Info: https://docs.couchbase.com/server/current/backup-restore/cbbackupmgr-strategies.html' + enum: + - full_incremental + - full_only + - immediate_incremental + - immediate_full + type: string + successfulJobsHistoryLimit: + default: 3 + description: Amount of successful jobs to keep. + format: int32 + minimum: 0 + type: integer + threads: + default: 1 + description: How many threads to use during the backup. This field + defaults to 1. + minimum: 0 + type: integer + ttlSecondsAfterFinished: + description: Amount of time to elapse before a completed job is deleted. + format: int32 + minimum: 0 + type: integer + type: object + status: + description: CouchbaseBackupStatus provides status notifications about + the Couchbase backup including when the last backup occurred, whether + is succeeded or not, the run time of the backup and the size of the + backup. + properties: + archive: + description: Location of Backup Archive. + type: string + backups: + description: Backups gives us a full list of all backups and their + respective repository locations. + items: + properties: + full: + description: Full backup inside the repository. + type: string + incrementals: + description: Incremental backups inside the repository. + items: + type: string + type: array + name: + description: Name of the repository. + type: string + required: + - name + type: object + type: array + capacityUsed: + anyOf: + - type: integer + - type: string + description: 'CapacityUsed tells us how much of the PVC we are using. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + type: string + x-kubernetes-int-or-string: true + cronjob: + description: DEPRECATED - field may no longer be populated. Cronjob + tells us which Cronjob the job belongs to. + type: string + duration: + description: 'Duration tells us how long the last backup took. More + info: https://golang.org/pkg/time/#ParseDuration' + type: string + failed: + description: Failed indicates whether the most recent backup has failed. + type: boolean + job: + description: DEPRECATED - field may no longer be populated. Job tells + us which job is running/ran last. + type: string + lastFailure: + description: LastFailure tells us the time the last failed backup + failed. + format: date-time + type: string + lastRun: + description: LastRun tells us the time the last backup job started. + format: date-time + type: string + lastSuccess: + description: LastSuccess gives us the time the last successful backup + finished. + format: date-time + type: string + output: + description: DEPRECATED - field may no longer be populated. Output + reports useful information from the backup_script. + type: string + pod: + description: DEPRECATED - field may no longer be populated. Pod tells + us which pod is running/ran last. + type: string + repo: + description: Repo is where we are currently performing operations. + type: string + running: + description: Running indicates whether a backup is currently being + performed. + type: boolean + required: + - failed + - running + type: object + required: + - spec + type: object + served: true + storage: true diff --git a/operators/couchbase-enterprise-certified-rhmp/2.6.4-4/manifests/couchbasebuckets.couchbase.com.yaml b/operators/couchbase-enterprise-certified-rhmp/2.6.4-4/manifests/couchbasebuckets.couchbase.com.yaml new file mode 100644 index 000000000..251970247 --- /dev/null +++ b/operators/couchbase-enterprise-certified-rhmp/2.6.4-4/manifests/couchbasebuckets.couchbase.com.yaml @@ -0,0 +1,297 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + config.couchbase.com/version: 2.6.4 + controller-gen.kubebuilder.io/version: v0.8.0 + name: couchbasebuckets.couchbase.com +spec: + group: couchbase.com + names: + kind: CouchbaseBucket + listKind: CouchbaseBucketList + plural: couchbasebuckets + singular: couchbasebucket + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.memoryQuota + name: memory quota + type: string + - jsonPath: .spec.replicas + name: replicas + type: integer + - jsonPath: .spec.ioPriority + name: io priority + type: string + - jsonPath: .spec.evictionPolicy + name: eviction policy + type: string + - jsonPath: .spec.conflictResolution + name: conflict resolution + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v2 + schema: + openAPIV3Schema: + description: The CouchbaseBucket resource defines a set of documents in Couchbase + server. A Couchbase client connects to and operates on a bucket, which provides + independent management of a set documents and a security boundary for role + based access control. A CouchbaseBucket provides replication and persistence + for documents contained by it. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + default: {} + description: CouchbaseBucketSpec is the specification for a Couchbase + bucket resource, and allows the bucket to be customized. + properties: + compressionMode: + default: passive + description: CompressionMode defines how Couchbase server handles + document compression. When off, documents are stored in memory, + and transferred to the client uncompressed. When passive, documents + are stored compressed in memory, and transferred to the client compressed + when requested. When active, documents are stored compresses in + memory and when transferred to the client. This field must be "off", + "passive" or "active", defaulting to "passive". Be aware "off" + in YAML 1.2 is a boolean, so must be quoted as a string in configuration + files. + enum: + - "off" + - passive + - active + type: string + conflictResolution: + default: seqno + description: ConflictResolution defines how XDCR handles concurrent + write conflicts. Sequence number based resolution selects the document + with the highest sequence number as the most recent. Timestamp based + resolution selects the document that was written to most recently + as the most recent. This field must be "seqno" (sequence based), + or "lww" (timestamp based), defaulting to "seqno". + enum: + - seqno + - lww + type: string + enableFlush: + description: EnableFlush defines whether a client can delete all documents + in a bucket. This field defaults to false. + type: boolean + enableIndexReplica: + description: EnableIndexReplica defines whether indexes for this bucket + are replicated. This field defaults to false. + type: boolean + evictionPolicy: + default: valueOnly + description: EvictionPolicy controls how Couchbase handles memory + exhaustion. Value only eviction flushes documents to disk but maintains + document metadata in memory in order to improve query performance. Full + eviction removes all data from memory after the document is flushed + to disk. This field must be "valueOnly" or "fullEviction", defaulting + to "valueOnly". + enum: + - valueOnly + - fullEviction + type: string + ioPriority: + default: low + description: IOPriority controls how many threads a bucket has, per + pod, to process reads and writes. This field must be "low" or "high", + defaulting to "low". Modification of this field will cause a temporary + service disruption as threads are restarted. + enum: + - low + - high + type: string + maxTTL: + description: 'MaxTTL defines how long a document is permitted to exist + for, without modification, until it is automatically deleted. This + is a default and maximum time-to-live and may be set to a lower + value by the client. If the client specifies a higher value, then + it is truncated to the maximum durability. Documents are removed + by Couchbase, after they have expired, when either accessed, the + expiry pager is run, or the bucket is compacted. When set to 0, + then documents are not expired by default. This field must be a + duration in the range 0-2147483648s, defaulting to 0. More info: + https://golang.org/pkg/time/#ParseDuration' + type: string + memoryQuota: + anyOf: + - type: integer + - type: string + default: 100Mi + description: 'MemoryQuota is a memory limit to the size of a bucket. When + this limit is exceeded, documents will be evicted from memory to + disk as defined by the eviction policy. The memory quota is defined + per Couchbase pod running the data service. This field defaults + to, and must be greater than or equal to 100Mi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + type: string + x-kubernetes-int-or-string: true + minimumDurability: + description: MiniumumDurability defines how durable a document write + is by default, and can be made more durable by the client. This + feature enables ACID transactions. When none, Couchbase server will + respond when the document is in memory, it will become eventually + consistent across the cluster. When majority, Couchbase server + will respond when the document is replicated to at least half of + the pods running the data service in the cluster. When majorityAndPersistActive, + Couchbase server will respond when the document is replicated to + at least half of the pods running the data service in the cluster + and the document has been persisted to disk on the document master + pod. When persistToMajority, Couchbase server will respond when + the document is replicated and persisted to disk on at least half + of the pods running the data service in the cluster. This field + must be either "none", "majority", "majorityAndPersistActive" or + "persistToMajority", defaulting to "none". + enum: + - none + - majority + - majorityAndPersistActive + - persistToMajority + type: string + name: + description: Name is the name of the bucket within Couchbase server. By + default the Operator will use the `metadata.name` field to define + the bucket name. The `metadata.name` field only supports a subset + of the supported character set. When specified, this field overrides + `metadata.name`. Legal bucket names have a maximum length of 100 + characters and may be composed of any character from "a-z", "A-Z", + "0-9" and "-_%\.". + maxLength: 100 + pattern: ^[a-zA-Z0-9-_%\.]{1,100}$ + type: string + replicas: + default: 1 + description: Replicas defines how many copies of documents Couchbase + server maintains. This directly affects how fault tolerant a Couchbase + cluster is. With a single replica, the cluster can tolerate one + data pod going down and still service requests without data loss. The + number of replicas also affect memory use. With a single replica, + the effective memory quota for documents is halved, with two replicas + it is one third. The number of replicas must be between 0 and 3, + defaulting to 1. + maximum: 3 + minimum: 0 + type: integer + scopes: + description: Scopes defines whether the Operator manages scopes for + the bucket or not, and the set of scopes defined for the bucket. + properties: + managed: + description: Managed defines whether scopes are managed for this + bucket. This field is `false` by default, and the Operator will + take no actions that will affect scopes and collections in this + bucket. The default scope and collection will be present. When + set to `true`, the Operator will manage user defined scopes, + and optionally, their collections as defined by the `CouchbaseScope`, + `CouchbaseScopeGroup`, `CouchbaseCollection` and `CouchbaseCollectionGroup` + resource documentation. If this field is set to `false` while + the already managed, then the Operator will leave whatever + configuration is already present. + type: boolean + resources: + description: Resources is an explicit list of named resources + that will be considered for inclusion in this bucket. If a + resource reference doesn't match a resource, then no error conditions + are raised due to undefined resource creation ordering and eventual + consistency. + items: + properties: + kind: + default: CouchbaseScope + description: Kind indicates the kind of resource that is + being referenced. A scope can only reference `CouchbaseScope` + and `CouchbaseScopeGroup` resource kinds. This field + defaults to `CouchbaseScope` if not specified. + enum: + - CouchbaseScope + - CouchbaseScopeGroup + type: string + name: + description: Name is the name of the Kubernetes resource + name that is being referenced. Legal scope names have + a maximum length of 251 characters and may be composed + of any character from "a-z", "A-Z", "0-9" and "_-%". + maxLength: 251 + minLength: 1 + pattern: ^[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,250}$ + type: string + required: + - name + type: object + type: array + selector: + description: 'Selector allows resources to be implicitly considered + for inclusion in this bucket. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#labelselector-v1-meta' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + type: object + storageBackend: + description: 'StorageBackend to be assigned to and used by the bucket. + Only valid for Couchbase Server 7.0.0 onward. Two different backend + storage mechanisms can be used - "couchstore" or "magma", defaulting + to "couchstore". This cannot be edited after bucket creation. Note: + "magma" is only valid for Couchbase Server 7.1.0 onward.' + enum: + - couchstore + - magma + type: string + type: object + type: object + served: true + storage: true diff --git a/operators/couchbase-enterprise-certified-rhmp/2.6.4-4/manifests/couchbaseclusters.couchbase.com.yaml b/operators/couchbase-enterprise-certified-rhmp/2.6.4-4/manifests/couchbaseclusters.couchbase.com.yaml new file mode 100644 index 000000000..c462dc760 --- /dev/null +++ b/operators/couchbase-enterprise-certified-rhmp/2.6.4-4/manifests/couchbaseclusters.couchbase.com.yaml @@ -0,0 +1,5609 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + config.couchbase.com/version: 2.6.4 + controller-gen.kubebuilder.io/version: v0.8.0 + name: couchbaseclusters.couchbase.com +spec: + group: couchbase.com + names: + kind: CouchbaseCluster + listKind: CouchbaseClusterList + plural: couchbaseclusters + shortNames: + - cbc + singular: couchbasecluster + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.currentVersion + name: version + type: string + - jsonPath: .status.size + name: size + type: string + - jsonPath: .status.conditions[?(@.type=="Available")].reason + name: status + type: string + - jsonPath: .status.clusterId + name: uuid + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v2 + schema: + openAPIV3Schema: + description: The CouchbaseCluster resource represents a Couchbase cluster. It + allows configuration of cluster topology, networking, storage and security + options. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterSpec is the specification for a CouchbaseCluster resources, + and allows the cluster to be customized. + properties: + antiAffinity: + description: AntiAffinity forces the Operator to schedule different + Couchbase server pods on different Kubernetes nodes. Anti-affinity + reduces the likelihood of unrecoverable failure in the event of + a node issue. Use of anti-affinity is highly recommended for production + clusters. + type: boolean + autoResourceAllocation: + description: AutoResourceAllocation populates pod resource requests + based on the services running on that pod. When enabled, this feature + will calculate the memory request as the total of service allocations + defined in `spec.cluster`, plus an overhead defined by `spec.autoResourceAllocation.overheadPercent`.Changing + individual allocations for a service will cause a cluster upgrade + as allocations are modified in the underlying pods. This field + also allows default pod CPU requests and limits to be applied. All + resource allocations can be overridden by explicitly configuring + them in the `spec.servers.resources` field. + properties: + cpuLimits: + anyOf: + - type: integer + - type: string + default: "4" + description: 'CPULimits automatically populates the CPU limits + across all Couchbase server pods. This field defaults to "4" + CPUs. Explicitly specifying the CPU limit for a particular + server class will override this value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + type: string + x-kubernetes-int-or-string: true + cpuRequests: + anyOf: + - type: integer + - type: string + default: "2" + description: 'CPURequests automatically populates the CPU requests + across all Couchbase server pods. The default value of "2", + is the minimum recommended number of CPUs required to run Couchbase + Server. Explicitly specifying the CPU request for a particular + server class will override this value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + type: string + x-kubernetes-int-or-string: true + enabled: + description: Enabled defines whether auto-resource allocation + is enabled. + type: boolean + overheadPercent: + default: 25 + description: OverheadPercent defines the amount of memory above + that required for individual services on a pod. For Couchbase + Server this should be approximately 25%. + minimum: 0 + type: integer + type: object + autoscaleStabilizationPeriod: + description: "AutoscaleStabilizationPeriod defines how long after + a rebalance the corresponding HorizontalPodAutoscaler should remain + in maintenance mode. During maintenance mode all autoscaling is + disabled since every HorizontalPodAutoscaler associated with the + cluster becomes inactive. Since certain metrics can be unpredictable + when Couchbase is rebalancing or upgrading, setting a stabilization + period helps to prevent scaling recommendations from the HorizontalPodAutoscaler + for a provided period of time. \n Values must be a valid Kubernetes + duration of 0s or higher: https://golang.org/pkg/time/#ParseDuration + A value of 0, puts the cluster in maintenance mode during rebalance + but immediately exits this mode once the rebalance has completed. + When undefined, the HPA is never put into maintenance mode during + rebalance." + type: string + backup: + description: Backup defines whether the Operator should manage automated + backups, and how to lookup backup resources. + properties: + annotations: + additionalProperties: + type: string + description: Annotations defines additional annotations to appear + on the backup/restore pods. + type: object + image: + default: couchbase/operator-backup:1.3.1 + description: The Backup Image to run on backup pods. + type: string + imagePullSecrets: + description: ImagePullSecrets allow you to use an image from private + repositories and non-dockerhub ones. + items: + description: LocalObjectReference contains enough information + to let you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: array + labels: + additionalProperties: + type: string + description: Labels defines additional labels to appear on the + backup/restore pods. + type: object + managed: + description: Managed defines whether backups are managed by us + or the clients. + type: boolean + nodeSelector: + additionalProperties: + type: string + description: NodeSelector defines which nodes to constrain the + pods that run any backup and restore operations to. + type: object + objectEndpoint: + description: 'Deprecated: by CouchbaseBackup.spec.objectStore.Endpoint + ObjectEndpoint contains the configuration for connecting to + a custom S3 compliant object store.' + properties: + secret: + description: The name of the secret, in this namespace, that + contains the CA certificate for verification of a TLS endpoint + The secret must have the key with the name "tls.crt" + type: string + url: + description: The host/address of the custom object endpoint. + type: string + useVirtualPath: + description: UseVirtualPath will force the AWS SDK to use + the new virtual style paths which are often required by + S3 compatible object stores. + type: boolean + type: object + resources: + description: Resources is the resource requirements for the backup + and restore containers. Will be populated by defaults if not + specified. + properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only be + set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in + pod.spec.resourceClaims of the Pod where this field + is used. It makes that resource available inside a + container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + s3Secret: + description: 'Deprecated: by CouchbaseBackup.spec.objectStore.secret + S3Secret contains the key region and optionally access-key-id + and secret-access-key for operating backups in S3. This field + must be popluated when the `spec.s3bucket` field is specified + for a backup or restore resource.' + type: string + selector: + description: Selector allows CouchbaseBackup and CouchbaseBackupRestore + resources to be filtered based on labels. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + serviceAccountName: + default: couchbase-backup + description: The Service Account to run backup (and restore) pods + under. Without this backup pods will not be able to update status. + type: string + tolerations: + description: Tolerations specifies all backup and restore pod + tolerations. + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + useIAMRole: + description: 'Deprecated: by CouchbaseBackup.spec.objectStore.useIAM + UseIAMRole enables backup to fetch EC2 instance metadata. This + allows the AWS SDK to use the EC2''s IAM Role for S3 access. + UseIAMRole will ignore credentials in s3Secret.' + type: boolean + required: + - image + type: object + buckets: + description: Buckets defines whether the Operator should manage buckets, + and how to lookup bucket resources. + properties: + managed: + description: Managed defines whether buckets are managed by the + Operator (true), or user managed (false). When Operator managed, + all buckets must be defined with either CouchbaseBucket, CouchbaseEphemeralBucket + or CouchbaseMemcachedBucket resources. Manual addition of buckets + will be reverted by the Operator. When user managed, the Operator + will not interrogate buckets at all. This field defaults to + false. + type: boolean + selector: + description: Selector is a label selector used to list buckets + in the namespace that are managed by the Operator. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + synchronize: + description: Synchronize allows unmanaged buckets, scopes, and + collections to be synchronized as Kubernetes resources by the + Operator. This feature is intended for development only and + should not be used for production workloads. The synchronization + workflow starts with `spec.buckets.managed` being set to false, + the user can manually create buckets, scopes, and collections + using the Couchbase UI, or other tooling. When you wish to + commit to Kubernetes resources, you must specify a unique label + selector in the `spec.buckets.selector` field, and this field + is set to true. The Operator will create Kubernetes resources + for you, and upon completion set the cluster's `Synchronized` + status condition. Synchronizing will not create a Kubernetes + resource for the Couchbase Server maintained _system scope. + You may then safely set `spec.buckets.managed` to true and the + Operator will manage these resources as per usual. To update + an already managed data topology, you must first set it to unmanaged, + make any changes, and delete any old resources, then follow + the standard synchronization workflow. The Operator can not, + and will not, ever delete, or make modifications to resource + specifications that are intended to be user managed, or managed + by a life cycle management tool. These actions must be instigated + by an end user. For a more complete experience, refer to the + documentation for the `cao save` and `cao restore` CLI commands. + type: boolean + type: object + cluster: + default: {} + description: ClusterSettings define Couchbase cluster-wide settings + such as memory allocation, failover characteristics and index settings. + properties: + analyticsServiceMemoryQuota: + anyOf: + - type: integer + - type: string + default: 1Gi + description: 'AnalyticsServiceMemQuota is the amount of memory + that should be allocated to the analytics service. This value + is per-pod, and only applicable to pods belonging to server + classes running the analytics service. This field must be a + quantity greater than or equal to 1Gi. This field defaults + to 1Gi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + type: string + x-kubernetes-int-or-string: true + autoCompaction: + default: {} + description: AutoCompaction allows the configuration of auto-compaction, + including on what conditions disk space is reclaimed and when + it is allowed to run. + properties: + databaseFragmentationThreshold: + default: {} + description: DatabaseFragmentationThreshold defines triggers + for when database compaction should start. + properties: + percent: + default: 30 + description: Percent is the percentage of disk fragmentation + after which to decompaction will be triggered. This + field must be in the range 2-100, defaulting to 30. + maximum: 100 + minimum: 2 + type: integer + size: + anyOf: + - type: integer + - type: string + description: 'Size is the amount of disk framentation, + that once exceeded, will trigger decompaction. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + type: string + x-kubernetes-int-or-string: true + type: object + parallelCompaction: + description: ParallelCompaction controls whether database + and view compactions can happen in parallel. + type: boolean + timeWindow: + description: TimeWindow allows restriction of when compaction + can occur. + properties: + abortCompactionOutsideWindow: + default: false + description: AbortCompactionOutsideWindow stops compaction + processes when the process moves outside the window. + type: boolean + end: + description: End is a wallclock time, in the form HH:MM, + when a compaction should stop. + pattern: ^(2[0-3]|[01]?[0-9]):([0-5]?[0-9])$ + type: string + start: + description: Start is a wallclock time, in the form HH:MM, + when a compaction is permitted to start. + pattern: ^(2[0-3]|[01]?[0-9]):([0-5]?[0-9])$ + type: string + type: object + tombstonePurgeInterval: + default: 72h + description: 'TombstonePurgeInterval controls how long to + wait before purging tombstones. This field must be in the + range 1h-1440h, defaulting to 72h. More info: https://golang.org/pkg/time/#ParseDuration' + type: string + viewFragmentationThreshold: + default: {} + description: ViewFragmentationThreshold defines triggers for + when view compaction should start. + properties: + percent: + default: 30 + description: Percent is the percentage of disk fragmentation + after which to decompaction will be triggered. This + field must be in the range 2-100, defaulting to 30. + maximum: 100 + minimum: 2 + type: integer + size: + anyOf: + - type: integer + - type: string + description: 'Size is the amount of disk framentation, + that once exceeded, will trigger decompaction. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + type: string + x-kubernetes-int-or-string: true + type: object + type: object + autoFailoverMaxCount: + default: 1 + description: AutoFailoverMaxCount is the maximum number of automatic + failovers Couchbase server will allow before not allowing any + more. This field must be between 1-3 for server versions prior + to 7.1.0 default is 1. + format: int64 + minimum: 1 + type: integer + autoFailoverOnDataDiskIssues: + description: AutoFailoverOnDataDiskIssues defines whether Couchbase + server should failover a pod if a disk issue was detected. + type: boolean + autoFailoverOnDataDiskIssuesTimePeriod: + default: 120s + description: 'AutoFailoverOnDataDiskIssuesTimePeriod defines how + long to wait for transient errors before failing over a faulty + disk. This field must be in the range 5-3600s, defaulting to + 120s. More info: https://golang.org/pkg/time/#ParseDuration' + type: string + autoFailoverServerGroup: + description: AutoFailoverServerGroup whether to enable failing + over a server group. This field is ignored in server versions + 7.1+ as it has been removed from the Couchbase API + type: boolean + autoFailoverTimeout: + default: 120s + description: 'AutoFailoverTimeout defines how long Couchbase server + will wait between a pod being witnessed as down, until when + it will failover the pod. Couchbase server will only failover + pods if it deems it safe to do so, and not result in data loss. This + field must be in the range 5-3600s, defaulting to 120s. More + info: https://golang.org/pkg/time/#ParseDuration' + type: string + clusterName: + description: ClusterName defines the name of the cluster, as displayed + in the Couchbase UI. By default, the cluster name is that specified + in the CouchbaseCluster resource's metadata. + type: string + data: + description: Data allows the data service to be configured. + properties: + auxIOThreads: + description: AuxIOThreads allows the number of threads used + by the data service, per pod, to be altered. This indicates + the number of threads that are to be used in the AuxIO thread + pool to run auxiliary I/O tasks. This value must be between + 1 and 64 threads and is only supported on CB versions 7.1.0+. + and should only be increased where there are sufficient + CPU resources allocated for their use. If not specified, + this defaults to the default value set by Couchbase Server. + maximum: 64 + minimum: 1 + type: integer + nonIOThreads: + description: NonIOThreads allows the number of threads used + by the data service, per pod, to be altered. This indicates + the number of threads that are to be used in the NonIO thread + pool to run in memory tasks. This value must be between + 1 and 64 threads and is only supported on CB versions 7.1.0+. + and should only be increased where there are sufficient + CPU resources allocated for their use. If not specified, + this defaults to the default value set by Couchbase Server. + maximum: 64 + minimum: 1 + type: integer + readerThreads: + description: ReaderThreads allows the number of threads used + by the data service, per pod, to be altered. This value + must be between 4 and 64 threads for CB versions below 7.1.0 + and, or 1 and 64 for CB versions 7.1.0+. and should only + be increased where there are sufficient CPU resources allocated + for their use. If not specified, this defaults to the default + value set by Couchbase Server. + maximum: 64 + minimum: 1 + type: integer + writerThreads: + description: WriterThreads allows the number of threads used + by the data service, per pod, to be altered. This setting + is especially relevant when using "durable writes", increasing + this field will have a large impact on performance. This + value must be between 4 and 64 threads for CB versions below + 7.1.0 and, // or 1 and 64 for CB versions 7.1.0+. and should + only be increased where there are sufficient CPU resources + allocated for their use. If not specified, this defaults + to the default value set by Couchbase Server. + maximum: 64 + minimum: 1 + type: integer + type: object + dataServiceMemoryQuota: + anyOf: + - type: integer + - type: string + default: 256Mi + description: 'DataServiceMemQuota is the amount of memory that + should be allocated to the data service. This value is per-pod, + and only applicable to pods belonging to server classes running + the data service. This field must be a quantity greater than + or equal to 256Mi. This field defaults to 256Mi. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + type: string + x-kubernetes-int-or-string: true + eventingServiceMemoryQuota: + anyOf: + - type: integer + - type: string + default: 256Mi + description: 'EventingServiceMemQuota is the amount of memory + that should be allocated to the eventing service. This value + is per-pod, and only applicable to pods belonging to server + classes running the eventing service. This field must be a + quantity greater than or equal to 256Mi. This field defaults + to 256Mi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + type: string + x-kubernetes-int-or-string: true + indexServiceMemoryQuota: + anyOf: + - type: integer + - type: string + default: 256Mi + description: 'IndexServiceMemQuota is the amount of memory that + should be allocated to the index service. This value is per-pod, + and only applicable to pods belonging to server classes running + the index service. This field must be a quantity greater than + or equal to 256Mi. This field defaults to 256Mi. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + type: string + x-kubernetes-int-or-string: true + indexStorageSetting: + default: memory_optimized + description: DEPRECATED - by indexer. The index storage mode to + use for secondary indexing. This field must be one of "memory_optimized" + or "plasma", defaulting to "memory_optimized". This field is + immutable and cannot be changed unless there are no server classes + running the index service in the cluster. + enum: + - memory_optimized + - plasma + type: string + indexer: + description: Indexer allows the indexer to be configured. + properties: + logLevel: + default: info + description: LogLevel controls the verbosity of indexer logs. This + field must be one of "silent", "fatal", "error", "warn", + "info", "verbose", "timing", "debug" or "trace", defaulting + to "info". + enum: + - silent + - fatal + - error + - warn + - info + - verbose + - timing + - debug + - trace + type: string + maxRollbackPoints: + default: 2 + description: MaxRollbackPoints controls the number of checkpoints + that can be rolled back to. The default is 2, with a minimum + of 1. + minimum: 1 + type: integer + memorySnapshotInterval: + default: 200ms + description: MemorySnapshotInterval controls when memory indexes + should be snapshotted. This defaults to 200ms, and must + be greater than or equal to 1ms. + type: string + numReplica: + default: 0 + description: NumberOfReplica specifies number of secondary + index replicas to be created by the Index Service whenever + CREATE INDEX is invoked, which ensures high availability + and high performance. Note, if nodes and num_replica are + both specified in the WITH clause, the specified number + of nodes must be one greater than num_replica This defaults + to 0, which means no index replicas to be created by default. + Minimum must be 0. + minimum: 0 + type: integer + redistributeIndexes: + default: false + description: RedistributeIndexes when true, Couchbase Server + redistributes indexes when rebalance occurs, in order to + optimize performance. If false (the default), such redistribution + does not occur. + type: boolean + stableSnapshotInterval: + default: 5s + description: StableSnapshotInterval controls when disk indexes + should be snapshotted. This defaults to 5s, and must be + greater than or equal to 1ms. + type: string + storageMode: + default: memory_optimized + description: StorageMode controls the underlying storage engine + for indexes. Once set it can only be modified if there + are no nodes in the cluster running the index service. The + field must be one of "memory_optimized" or "plasma", defaulting + to "memory_optimized". + enum: + - memory_optimized + - plasma + type: string + threads: + description: Threads controls the number of processor threads + to use for indexing. A value of 0 means 1 per CPU. This + attribute must be greater than or equal to 0, defaulting + to 0. + minimum: 0 + type: integer + type: object + query: + description: Query allows the query service to be configured. + properties: + backfillEnabled: + default: true + description: BackfillEnabled allows the query service to backfill. + type: boolean + temporarySpace: + anyOf: + - type: integer + - type: string + default: 5Gi + description: 'TemporarySpace allows the temporary storage + used by the query service backfill, per-pod, to be modified. This + field requires `backfillEnabled` to be set to true in order + to have any effect. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + type: string + x-kubernetes-int-or-string: true + temporarySpaceUnlimited: + description: TemporarySpaceUnlimited allows the temporary + storage used by the query service backfill, per-pod, to + be unconstrained. This field requires `backfillEnabled` + to be set to true in order to have any effect. This field + overrides `temporarySpace`. + type: boolean + type: object + queryServiceMemoryQuota: + anyOf: + - type: integer + - type: string + description: 'QueryServiceMemQuota is a dummy field. By default, + Couchbase server provides no memory resource constraints for + the query service, so this has no effect on Couchbase server. It + is, however, used when the spec.autoResourceAllocation feature + is enabled, and is used to define the amount of memory reserved + by the query service for use with Kubernetes resource scheduling. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + type: string + x-kubernetes-int-or-string: true + searchServiceMemoryQuota: + anyOf: + - type: integer + - type: string + default: 256Mi + description: 'SearchServiceMemQuota is the amount of memory that + should be allocated to the search service. This value is per-pod, + and only applicable to pods belonging to server classes running + the search service. This field must be a quantity greater than + or equal to 256Mi. This field defaults to 256Mi. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + type: string + x-kubernetes-int-or-string: true + type: object + enableOnlineVolumeExpansion: + description: "EnableOnlineVolumeExpansion enables online expansion + of Persistent Volumes. You can only expand a PVC if its storage + class's \"allowVolumeExpansion\" field is set to true. Additionally, + Kubernetes feature \"ExpandInUsePersistentVolumes\" must be enabled + in order to expand the volumes which are actively bound to Pods. + Volumes can only be expanded and not reduced to a smaller size. + See: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#resizing-an-in-use-persistentvolumeclaim + \n If \"EnableOnlineVolumeExpansion\" is enabled for use within + an environment that does not actually support online volume and + file system expansion then the cluster will fallback to rolling + upgrade procedure to create a new set of Pods for use with resized + Volumes. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#expanding-persistent-volumes-claims" + type: boolean + enablePreviewScaling: + description: DEPRECATED - This option only exists for backwards compatibility + and no longer restricts autoscaling to ephemeral services. EnablePreviewScaling + enables autoscaling for stateful services and buckets. + type: boolean + envImagePrecedence: + description: 'EnvImagePrecedence gives precedence over the default + container image name in `spec.Image` to an image name provided through + Operator environment variables. For more info on using Operator + environment variables: https://docs.couchbase.com/operator/current/reference-operator-configuration.html' + type: boolean + hibernate: + description: Hibernate is whether to hibernate the cluster. + type: boolean + hibernationStrategy: + description: HibernationStrategy defines how to hibernate the cluster. When + Immediate the Operator will immediately delete all pods and take + no further action until the hibernate field is set to false. + enum: + - Immediate + type: string + image: + description: Image is the container image name that will be used to + launch Couchbase server instances. Updating this field will cause + an automatic upgrade of the cluster. + pattern: ^(.*?(:\d+)?/)?.*?/.*?(:.*?\d+\.\d+\.\d+.*|@sha256:[0-9a-f]{64})$ + type: string + logging: + description: Logging defines Operator logging options. + properties: + audit: + description: Used to manage the audit configuration directly + properties: + disabledEvents: + description: 'The list of event ids to disable for auditing + purposes. This is passed to the REST API with no verification + by the operator. Refer to the documentation for details: + https://docs.couchbase.com/server/current/audit-event-reference/audit-event-reference.html' + items: + type: integer + type: array + disabledUsers: + description: 'The list of users to ignore for auditing purposes. + This is passed to the REST API with minimal validation it + meets an acceptable regex pattern. Refer to the documentation + for full details on how to configure this: https://docs.couchbase.com/server/current/manage/manage-security/manage-auditing.html#ignoring-events-by-user' + items: + description: 'The AuditDisabledUser is actually a compound + string intended to feed a two-element struct. Its value + may be: 1. A local user, specified in the form localusername/local. + 2. An external user, specified in the form externalusername/external. + 3. An internal user, specified in the form @internalusername/local. + We add a quick validation check to make sure these match + and prevent being rejected by the API later. This is just + a sanity check, the REST API may still reject the user + for other reasons.' + pattern: ^.+/(local|external)$ + type: string + type: array + enabled: + description: Enabled is a boolean that enables the audit capabilities. + type: boolean + garbageCollection: + description: 'Handle all optional garbage collection (GC) + configuration for the audit functionality. This is not part + of the audit REST API, it is intended to handle GC automatically + for the audit logs. By default the Couchbase Server rotates + the audit logs but does not clean up the rotated logs. This + is left as an operation for the cluster administrator to + manage, the operator allows for us to automate this: https://docs.couchbase.com/server/current/manage/manage-security/manage-auditing.html' + properties: + sidecar: + description: Provide the sidecar configuration required + (if so desired) to automatically clean up audit logs. + properties: + age: + default: 1h + description: The minimum age of rotated log files + to remove, defaults to one hour. + type: string + enabled: + description: Enable this sidecar by setting to true, + defaults to being disabled. + type: boolean + image: + default: busybox:1.33.1 + description: Image is the image to be used to run + the audit sidecar helper. No validation is carried + out as this can be any arbitrary repo and tag. + type: string + interval: + default: 20m + description: The interval at which to check for rotated + log files to remove, defaults to 20 minutes. + type: string + resources: + description: Resources is the resource requirements + for the cleanup container. Will be populated by + Kubernetes defaults if not specified. + properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used + by this container. \n This is an alpha field + and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It + can only be set for containers." + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of + one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes + that resource available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is + omitted for a container, it defaults to Limits + if that is explicitly specified, otherwise to + an implementation-defined value. Requests cannot + exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + type: object + type: object + rotation: + description: 'The interval to optionally rotate the audit + log. This is passed to the REST API, see here for details: + https://docs.couchbase.com/server/current/manage/manage-security/manage-auditing.html' + properties: + interval: + default: 15m + description: The interval at which to rotate log files, + defaults to 15 minutes. + type: string + size: + anyOf: + - type: integer + - type: string + default: 20Mi + description: 'Size allows the specification of a rotation + size for the log, defaults to 20Mi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + type: string + x-kubernetes-int-or-string: true + type: object + type: object + logRetentionCount: + description: LogRetentionCount gives the number of persistent + log PVCs to keep. + minimum: 0 + type: integer + logRetentionTime: + description: LogRetentionTime gives the time to keep persistent + log PVCs alive for. + pattern: ^\d+(ns|us|ms|s|m|h)$ + type: string + server: + description: Specification of all logging configuration required + to manage the sidecar containers in each pod. + properties: + configurationName: + default: fluent-bit-config + description: ConfigurationName is the name of the Secret to + use holding the logging configuration in the namespace. + A Secret is used to ensure we can safely store credentials + but this can be populated from plaintext if acceptable too. + If it does not exist then one will be created with defaults + in the namespace so it can be easily updated whilst running. + Note that if running multiple clusters in the same kubernetes + namespace then you should use a separate Secret for each, + otherwise the first cluster will take ownership (if created) + and the Secret will be cleaned up when that cluster is removed. + If running clusters in separate namespaces then they will + be separate Secrets anyway. + type: string + enabled: + description: Enabled is a boolean that enables the logging + sidecar container. + type: boolean + manageConfiguration: + default: true + description: A boolean which indicates whether the operator + should manage the configuration or not. If omitted then + this defaults to true which means the operator will attempt + to reconcile it to default values. To use a custom configuration + make sure to set this to false. Note that the ownership + of any Secret is not changed so if a Secret is created externally + it can be updated by the operator but it's ownership stays + the same so it will be cleaned up when it's owner is. + type: boolean + sidecar: + default: {} + description: Any specific logging sidecar container configuration. + properties: + configurationMountPath: + default: /fluent-bit/config/ + description: ConfigurationMountPath is the location to + mount the ConfigurationName Secret into the image. If + another log shipping image is used that needs a different + mount then modify this. Note that the configuration + file must be called 'fluent-bit.conf' at the root of + this path, there is no provision for overriding the + name of the config file passed as the COUCHBASE_LOGS_CONFIG_FILE + environment variable. + type: string + image: + default: couchbase/fluent-bit:1.2.1 + description: Image is the image to be used to deal with + logging as a sidecar. No validation is carried out as + this can be any arbitrary repo and tag. It will default + to the latest supported version of Fluent Bit. + type: string + resources: + description: Resources is the resource requirements for + the sidecar container. Will be populated by Kubernetes + defaults if not specified. + properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used by + this container. \n This is an alpha field and requires + enabling the DynamicResourceAllocation feature gate. + \n This field is immutable. It can only be set for + containers." + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one + entry in pod.spec.resourceClaims of the Pod + where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. Requests cannot exceed Limits. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + type: object + type: object + type: object + monitoring: + description: Monitoring defines any Operator managed integration into + 3rd party monitoring infrastructure. + properties: + prometheus: + description: Prometheus provides integration with Prometheus monitoring. + properties: + authorizationSecret: + description: AuthorizationSecret is the name of a Kubernetes + secret that contains a bearer token to authorize GET requests + to the metrics endpoint + type: string + enabled: + description: Enabled is a boolean that enables/disables the + metrics sidecar container. This must be set to true, when + image is provided. + type: boolean + image: + description: Image is the metrics image to be used to collect + metrics. No validation is carried out as this can be any + arbitrary repo and tag. enabled must be set to true, when + image is provided. + type: string + refreshRate: + default: 60 + description: RefreshRate is the frequency in which cached + statistics are updated in seconds. Shorter intervals will + add additional resource overhead to clusters running Couchbase + Server 7.0+ Default is 60 seconds, Maximum value is 600 + seconds, and minimum value is 1 second. + format: int64 + maximum: 600 + minimum: 1 + type: integer + resources: + description: Resources is the resource requirements for the + metrics container. Will be populated by Kubernetes defaults + if not specified. + properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. \n This field + is immutable. It can only be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + required: + - image + type: object + type: object + networking: + description: Networking defines Couchbase cluster networking options + such as network topology, TLS and DDNS settings. + properties: + addressFamily: + description: AddressFamily allows the manual selection of the + address family to use. When this field is not set, Couchbase + server will default to using IPv4 for internal communication + and also support IPv6 on dual stack systems. Setting this field + to either IPv4 or IPv6 will force Couchbase to use the selected + protocol for internal communication, and also disable all other + protocols to provide added security and simplicty when defining + firewall rules. Disabling of address families is only supported + in Couchbase Server 7.0.2+. + enum: + - IPv4 + - IPv6 + type: string + adminConsoleServiceTemplate: + description: 'AdminConsoleServiceTemplate provides a template + used by the Operator to create and manage the admin console + service. This allows services to be annotated, the service + type defined and any other options that Kubernetes provides. When + using a LoadBalancer service type, TLS and dynamic DNS must + also be enabled. The Operator reserves the right to modify or + replace any field. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#service-v1-core' + properties: + metadata: + description: Standard objects metadata. This is a curated + version for use with Couchbase resource templates. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value + map stored with a resource that may be set by external + tools to store and retrieve arbitrary metadata. They + are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be + used to organize and categorize (scope and select) objects. + May match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: ServiceSpec describes the attributes that a user + creates on a service. + properties: + allocateLoadBalancerNodePorts: + description: allocateLoadBalancerNodePorts defines if + NodePorts will be automatically allocated for services + with type LoadBalancer. Default is "true". It may be + set to "false" if the cluster load-balancer does not + rely on NodePorts. If the caller requests specific + NodePorts (by specifying a value), those requests will + be respected, regardless of this field. This field may + only be set for services with type LoadBalancer and + will be cleared if the type is changed to any other + type. + type: boolean + clusterIP: + description: 'clusterIP is the IP address of the service + and is usually assigned randomly. If an address is specified + manually, is in-range (as per system configuration), + and is not in use, it will be allocated to the service; + otherwise creation of the service will fail. This field + may not be changed through updates unless the type field + is also being changed to ExternalName (which requires + this field to be blank) or the type field is being changed + from ExternalName (in which case this field may optionally + be specified, as describe above). Valid values are + "None", empty string (""), or a valid IP address. Setting + this to "None" makes a "headless service" (no virtual + IP), which is useful when direct endpoint connections + are preferred and proxying is not required. Only applies + to types ClusterIP, NodePort, and LoadBalancer. If this + field is specified when creating a Service of type ExternalName, + creation will fail. This field will be wiped when updating + a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + clusterIPs: + description: "ClusterIPs is a list of IP addresses assigned + to this service, and are usually assigned randomly. + \ If an address is specified manually, is in-range (as + per system configuration), and is not in use, it will + be allocated to the service; otherwise creation of the + service will fail. This field may not be changed through + updates unless the type field is also being changed + to ExternalName (which requires this field to be empty) + or the type field is being changed from ExternalName + (in which case this field may optionally be specified, + as describe above). Valid values are \"None\", empty + string (\"\"), or a valid IP address. Setting this + to \"None\" makes a \"headless service\" (no virtual + IP), which is useful when direct endpoint connections + are preferred and proxying is not required. Only applies + to types ClusterIP, NodePort, and LoadBalancer. If this + field is specified when creating a Service of type ExternalName, + creation will fail. This field will be wiped when updating + a Service to type ExternalName. If this field is not + specified, it will be initialized from the clusterIP + field. If this field is specified, clients must ensure + that clusterIPs[0] and clusterIP have the same value. + \n This field may hold a maximum of two entries (dual-stack + IPs, in either order). These IPs must correspond to + the values of the ipFamilies field. Both clusterIPs + and ipFamilies are governed by the ipFamilyPolicy field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + items: + type: string + type: array + x-kubernetes-list-type: atomic + externalIPs: + description: externalIPs is a list of IP addresses for + which nodes in the cluster will also accept traffic + for this service. These IPs are not managed by Kubernetes. The + user is responsible for ensuring that traffic arrives + at a node with this IP. A common example is external + load-balancers that are not part of the Kubernetes system. + items: + type: string + type: array + externalName: + description: externalName is the external reference that + discovery mechanisms will return as an alias for this + service (e.g. a DNS CNAME record). No proxying will + be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` + to be "ExternalName". + type: string + externalTrafficPolicy: + description: externalTrafficPolicy describes how nodes + distribute service traffic they receive on one of the + Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", + the proxy will configure the service in a way that assumes + that external load balancers will take care of balancing + the service traffic between nodes, and so each node + will deliver traffic only to the node-local endpoints + of the service, without masquerading the client source + IP. (Traffic mistakenly sent to a node with no endpoints + will be dropped.) The default value, "Cluster", uses + the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). + Note that traffic sent to an External IP or LoadBalancer + IP from within the cluster will always get "Cluster" + semantics, but clients sending to a NodePort from within + the cluster may need to take traffic policy into account + when picking a node. + type: string + healthCheckNodePort: + description: healthCheckNodePort specifies the healthcheck + nodePort for the service. This only applies when type + is set to LoadBalancer and externalTrafficPolicy is + set to Local. If a value is specified, is in-range, + and is not in use, it will be used. If not specified, + a value will be automatically allocated. External systems + (e.g. load-balancers) can use this port to determine + if a given node holds endpoints for this service or + not. If this field is specified when creating a Service + which does not need it, creation will fail. This field + will be wiped when updating a Service to no longer need + it (e.g. changing type). This field cannot be updated + once set. + format: int32 + type: integer + internalTrafficPolicy: + description: InternalTrafficPolicy describes how nodes + distribute service traffic they receive on the ClusterIP. + If set to "Local", the proxy will assume that pods only + want to talk to endpoints of the service on the same + node as the pod, dropping the traffic if there are no + local endpoints. The default value, "Cluster", uses + the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). + type: string + ipFamilies: + description: "IPFamilies is a list of IP families (e.g. + IPv4, IPv6) assigned to this service. This field is + usually assigned automatically based on cluster configuration + and the ipFamilyPolicy field. If this field is specified + manually, the requested family is available in the cluster, + and ipFamilyPolicy allows it, it will be used; otherwise + creation of the service will fail. This field is conditionally + mutable: it allows for adding or removing a secondary + IP family, but it does not allow changing the primary + IP family of the Service. Valid values are \"IPv4\" + and \"IPv6\". This field only applies to Services of + types ClusterIP, NodePort, and LoadBalancer, and does + apply to \"headless\" services. This field will be wiped + when updating a Service to type ExternalName. \n This + field may hold a maximum of two entries (dual-stack + families, in either order). These families must correspond + to the values of the clusterIPs field, if specified. + Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy + field." + items: + description: IPFamily represents the IP Family (IPv4 + or IPv6). This type is used to express the family + of an IP expressed by a type (e.g. service.spec.ipFamilies). + type: string + type: array + x-kubernetes-list-type: atomic + ipFamilyPolicy: + description: IPFamilyPolicy represents the dual-stack-ness + requested or required by this Service. If there is no + value provided, then this field will be set to SingleStack. + Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured + clusters or a single IP family on single-stack clusters), + or "RequireDualStack" (two IP families on dual-stack + configured clusters, otherwise fail). The ipFamilies + and clusterIPs fields depend on the value of this field. + This field will be wiped when updating a service to + type ExternalName. + type: string + loadBalancerClass: + description: loadBalancerClass is the class of the load + balancer implementation this Service belongs to. If + specified, the value of this field must be a label-style + identifier, with an optional prefix, e.g. "internal-vip" + or "example.com/internal-vip". Unprefixed names are + reserved for end-users. This field can only be set when + the Service type is 'LoadBalancer'. If not set, the + default load balancer implementation is used, today + this is typically done through the cloud provider integration, + but should apply for any default implementation. If + set, it is assumed that a load balancer implementation + is watching for Services with a matching class. Any + default load balancer implementation (e.g. cloud providers) + should ignore Services that set this field. This field + can only be set when creating or updating a Service + to type 'LoadBalancer'. Once set, it can not be changed. + This field will be wiped when a service is updated to + a non 'LoadBalancer' type. + type: string + loadBalancerIP: + description: 'Only applies to Service Type: LoadBalancer. + This feature depends on whether the underlying cloud-provider + supports specifying the loadBalancerIP when a load balancer + is created. This field will be ignored if the cloud-provider + does not support the feature. Deprecated: This field + was under-specified and its meaning varies across implementations. + Using it is non-portable and it may not support dual-stack. + Users are encouraged to use implementation-specific + annotations when available.' + type: string + loadBalancerSourceRanges: + description: 'If specified and supported by the platform, + this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client + IPs. This field will be ignored if the cloud-provider + does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' + items: + type: string + type: array + sessionAffinity: + description: 'Supports "ClientIP" and "None". Used to + maintain session affinity. Enable client IP based session + affinity. Must be ClientIP or None. Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations + of session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 + hours). + format: int32 + type: integer + type: object + type: object + type: + description: 'type determines how the Service is exposed. + Defaults to ClusterIP. Valid options are ExternalName, + ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates + a cluster-internal IP address for load-balancing to + endpoints. Endpoints are determined by the selector + or if that is not specified, by manual construction + of an Endpoints object or EndpointSlice objects. If + clusterIP is "None", no virtual IP is allocated and + the endpoints are published as a set of endpoints rather + than a virtual IP. "NodePort" builds on ClusterIP and + allocates a port on every node which routes to the same + endpoints as the clusterIP. "LoadBalancer" builds on + NodePort and creates an external load-balancer (if supported + in the current cloud) which routes to the same endpoints + as the clusterIP. "ExternalName" aliases this service + to the specified externalName. Several other fields + do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' + type: string + type: object + type: object + adminConsoleServiceType: + default: NodePort + description: DEPRECATED - by adminConsoleServiceTemplate. AdminConsoleServiceType + defines whether to create a node port or load balancer service. + When using a LoadBalancer service type, TLS and dynamic DNS + must also be enabled. This field must be one of "NodePort" or + "LoadBalancer", defaulting to "NodePort". + enum: + - NodePort + - LoadBalancer + type: string + adminConsoleServices: + description: DEPRECATED - not required by Couchbase Server. AdminConsoleServices + is a selector to choose specific services to expose via the + admin console. This field may contain any of "data", "index", + "query", "search", "eventing" and "analytics". Each service + may only be included once. + items: + description: Supported services + enum: + - admin + - data + - index + - query + - search + - eventing + - analytics + type: string + type: array + x-kubernetes-list-type: set + cloudNativeGateway: + description: CloudNativeGateway is used to provision a gRPC gateway + proxying a Couchbase cluster. + properties: + image: + description: 'Image is the Cloud Native Gateway image to be + used to run the sidecar container. No validation is carried + out as this can be any arbitrary repo and tag. TODO: provide + a default kubebuilder default image tag as field is mandatory.' + type: string + tls: + description: TLS defines the TLS configuration for the Cloud + Native Gateway server including server and client certificate + configuration, and TLS security policies. If no TLS config + are explicitly provided, the operator generates/manages + self-signed certs/keys and creates a k8s secret named `couchbase-cloud-native-gateway-self-signed-secret-` + unique to a Couchbase cluster, which is volume mounted to + the cb k8s pod. This action could be overidden at the outset + or later, by using the below TLS config or generating the + secret of same name as `couchbase-cloud-native-gateway-self-signed-secret-` + with certificates conforming to the keys of well-known type + "kubernetes.io/tls" with "tls.crt" and "tls.key". N.B. The + secret is on per cluster basis so it's advised to use the + unique cluster name else would be ignored. + properties: + serverSecretName: + description: ServerSecretName specifies the secret name, + in the same namespace as the cluster, that contains + Cloud Native Gateway gRPC server TLS data. The secret + is expected to contain "tls.crt" and "tls.key" as per + the kubernetes.io/tls secret type. + type: string + type: object + required: + - image + type: object + disableUIOverHTTP: + description: DisableUIOverHTTP is used to explicitly enable and + disable UI access over the HTTP protocol. If not specified, + this field defaults to false. + type: boolean + disableUIOverHTTPS: + description: DisableUIOverHTTPS is used to explicitly enable and + disable UI access over the HTTPS protocol. If not specified, + this field defaults to false. + type: boolean + dns: + description: DNS defines information required for Dynamic DNS + support. + properties: + domain: + description: Domain is the domain to create pods in. When + populated the Operator will annotate the admin console and + per-pod services with the key "external-dns.alpha.kubernetes.io/hostname". These + annotations can be used directly by a Kubernetes External-DNS + controller to replicate load balancer service IP addresses + into a public DNS server. + type: string + type: object + exposeAdminConsole: + description: ExposeAdminConsole creates a service referencing + the admin console. The service is configured by the adminConsoleServiceTemplate + field. + type: boolean + exposedFeatureServiceTemplate: + description: 'ExposedFeatureServiceTemplate provides a template + used by the Operator to create and manage per-pod services. This + allows services to be annotated, the service type defined and + any other options that Kubernetes provides. When using a LoadBalancer + service type, TLS and dynamic DNS must also be enabled. The + Operator reserves the right to modify or replace any field. More + info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#service-v1-core' + properties: + metadata: + description: Standard objects metadata. This is a curated + version for use with Couchbase resource templates. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value + map stored with a resource that may be set by external + tools to store and retrieve arbitrary metadata. They + are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be + used to organize and categorize (scope and select) objects. + May match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: ServiceSpec describes the attributes that a user + creates on a service. + properties: + allocateLoadBalancerNodePorts: + description: allocateLoadBalancerNodePorts defines if + NodePorts will be automatically allocated for services + with type LoadBalancer. Default is "true". It may be + set to "false" if the cluster load-balancer does not + rely on NodePorts. If the caller requests specific + NodePorts (by specifying a value), those requests will + be respected, regardless of this field. This field may + only be set for services with type LoadBalancer and + will be cleared if the type is changed to any other + type. + type: boolean + clusterIP: + description: 'clusterIP is the IP address of the service + and is usually assigned randomly. If an address is specified + manually, is in-range (as per system configuration), + and is not in use, it will be allocated to the service; + otherwise creation of the service will fail. This field + may not be changed through updates unless the type field + is also being changed to ExternalName (which requires + this field to be blank) or the type field is being changed + from ExternalName (in which case this field may optionally + be specified, as describe above). Valid values are + "None", empty string (""), or a valid IP address. Setting + this to "None" makes a "headless service" (no virtual + IP), which is useful when direct endpoint connections + are preferred and proxying is not required. Only applies + to types ClusterIP, NodePort, and LoadBalancer. If this + field is specified when creating a Service of type ExternalName, + creation will fail. This field will be wiped when updating + a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + clusterIPs: + description: "ClusterIPs is a list of IP addresses assigned + to this service, and are usually assigned randomly. + \ If an address is specified manually, is in-range (as + per system configuration), and is not in use, it will + be allocated to the service; otherwise creation of the + service will fail. This field may not be changed through + updates unless the type field is also being changed + to ExternalName (which requires this field to be empty) + or the type field is being changed from ExternalName + (in which case this field may optionally be specified, + as describe above). Valid values are \"None\", empty + string (\"\"), or a valid IP address. Setting this + to \"None\" makes a \"headless service\" (no virtual + IP), which is useful when direct endpoint connections + are preferred and proxying is not required. Only applies + to types ClusterIP, NodePort, and LoadBalancer. If this + field is specified when creating a Service of type ExternalName, + creation will fail. This field will be wiped when updating + a Service to type ExternalName. If this field is not + specified, it will be initialized from the clusterIP + field. If this field is specified, clients must ensure + that clusterIPs[0] and clusterIP have the same value. + \n This field may hold a maximum of two entries (dual-stack + IPs, in either order). These IPs must correspond to + the values of the ipFamilies field. Both clusterIPs + and ipFamilies are governed by the ipFamilyPolicy field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + items: + type: string + type: array + x-kubernetes-list-type: atomic + externalIPs: + description: externalIPs is a list of IP addresses for + which nodes in the cluster will also accept traffic + for this service. These IPs are not managed by Kubernetes. The + user is responsible for ensuring that traffic arrives + at a node with this IP. A common example is external + load-balancers that are not part of the Kubernetes system. + items: + type: string + type: array + externalName: + description: externalName is the external reference that + discovery mechanisms will return as an alias for this + service (e.g. a DNS CNAME record). No proxying will + be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` + to be "ExternalName". + type: string + externalTrafficPolicy: + description: externalTrafficPolicy describes how nodes + distribute service traffic they receive on one of the + Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", + the proxy will configure the service in a way that assumes + that external load balancers will take care of balancing + the service traffic between nodes, and so each node + will deliver traffic only to the node-local endpoints + of the service, without masquerading the client source + IP. (Traffic mistakenly sent to a node with no endpoints + will be dropped.) The default value, "Cluster", uses + the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). + Note that traffic sent to an External IP or LoadBalancer + IP from within the cluster will always get "Cluster" + semantics, but clients sending to a NodePort from within + the cluster may need to take traffic policy into account + when picking a node. + type: string + healthCheckNodePort: + description: healthCheckNodePort specifies the healthcheck + nodePort for the service. This only applies when type + is set to LoadBalancer and externalTrafficPolicy is + set to Local. If a value is specified, is in-range, + and is not in use, it will be used. If not specified, + a value will be automatically allocated. External systems + (e.g. load-balancers) can use this port to determine + if a given node holds endpoints for this service or + not. If this field is specified when creating a Service + which does not need it, creation will fail. This field + will be wiped when updating a Service to no longer need + it (e.g. changing type). This field cannot be updated + once set. + format: int32 + type: integer + internalTrafficPolicy: + description: InternalTrafficPolicy describes how nodes + distribute service traffic they receive on the ClusterIP. + If set to "Local", the proxy will assume that pods only + want to talk to endpoints of the service on the same + node as the pod, dropping the traffic if there are no + local endpoints. The default value, "Cluster", uses + the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). + type: string + ipFamilies: + description: "IPFamilies is a list of IP families (e.g. + IPv4, IPv6) assigned to this service. This field is + usually assigned automatically based on cluster configuration + and the ipFamilyPolicy field. If this field is specified + manually, the requested family is available in the cluster, + and ipFamilyPolicy allows it, it will be used; otherwise + creation of the service will fail. This field is conditionally + mutable: it allows for adding or removing a secondary + IP family, but it does not allow changing the primary + IP family of the Service. Valid values are \"IPv4\" + and \"IPv6\". This field only applies to Services of + types ClusterIP, NodePort, and LoadBalancer, and does + apply to \"headless\" services. This field will be wiped + when updating a Service to type ExternalName. \n This + field may hold a maximum of two entries (dual-stack + families, in either order). These families must correspond + to the values of the clusterIPs field, if specified. + Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy + field." + items: + description: IPFamily represents the IP Family (IPv4 + or IPv6). This type is used to express the family + of an IP expressed by a type (e.g. service.spec.ipFamilies). + type: string + type: array + x-kubernetes-list-type: atomic + ipFamilyPolicy: + description: IPFamilyPolicy represents the dual-stack-ness + requested or required by this Service. If there is no + value provided, then this field will be set to SingleStack. + Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured + clusters or a single IP family on single-stack clusters), + or "RequireDualStack" (two IP families on dual-stack + configured clusters, otherwise fail). The ipFamilies + and clusterIPs fields depend on the value of this field. + This field will be wiped when updating a service to + type ExternalName. + type: string + loadBalancerClass: + description: loadBalancerClass is the class of the load + balancer implementation this Service belongs to. If + specified, the value of this field must be a label-style + identifier, with an optional prefix, e.g. "internal-vip" + or "example.com/internal-vip". Unprefixed names are + reserved for end-users. This field can only be set when + the Service type is 'LoadBalancer'. If not set, the + default load balancer implementation is used, today + this is typically done through the cloud provider integration, + but should apply for any default implementation. If + set, it is assumed that a load balancer implementation + is watching for Services with a matching class. Any + default load balancer implementation (e.g. cloud providers) + should ignore Services that set this field. This field + can only be set when creating or updating a Service + to type 'LoadBalancer'. Once set, it can not be changed. + This field will be wiped when a service is updated to + a non 'LoadBalancer' type. + type: string + loadBalancerIP: + description: 'Only applies to Service Type: LoadBalancer. + This feature depends on whether the underlying cloud-provider + supports specifying the loadBalancerIP when a load balancer + is created. This field will be ignored if the cloud-provider + does not support the feature. Deprecated: This field + was under-specified and its meaning varies across implementations. + Using it is non-portable and it may not support dual-stack. + Users are encouraged to use implementation-specific + annotations when available.' + type: string + loadBalancerSourceRanges: + description: 'If specified and supported by the platform, + this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client + IPs. This field will be ignored if the cloud-provider + does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' + items: + type: string + type: array + sessionAffinity: + description: 'Supports "ClientIP" and "None". Used to + maintain session affinity. Enable client IP based session + affinity. Must be ClientIP or None. Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations + of session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 + hours). + format: int32 + type: integer + type: object + type: object + type: + description: 'type determines how the Service is exposed. + Defaults to ClusterIP. Valid options are ExternalName, + ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates + a cluster-internal IP address for load-balancing to + endpoints. Endpoints are determined by the selector + or if that is not specified, by manual construction + of an Endpoints object or EndpointSlice objects. If + clusterIP is "None", no virtual IP is allocated and + the endpoints are published as a set of endpoints rather + than a virtual IP. "NodePort" builds on ClusterIP and + allocates a port on every node which routes to the same + endpoints as the clusterIP. "LoadBalancer" builds on + NodePort and creates an external load-balancer (if supported + in the current cloud) which routes to the same endpoints + as the clusterIP. "ExternalName" aliases this service + to the specified externalName. Several other fields + do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' + type: string + type: object + type: object + exposedFeatureServiceType: + default: NodePort + description: DEPRECATED - by exposedFeatureServiceTemplate. ExposedFeatureServiceType + defines whether to create a node port or load balancer service. + When using a LoadBalancer service type, TLS and dynamic DNS + must also be enabled. This field must be one of "NodePort" or + "LoadBalancer", defaulting to "NodePort". + enum: + - NodePort + - LoadBalancer + type: string + exposedFeatureTrafficPolicy: + description: DEPRECATED - by exposedFeatureServiceTemplate. ExposedFeatureTrafficPolicy + defines how packets should be routed from a load balancer service + to a Couchbase pod. When local, traffic is routed directly + to the pod. When cluster, traffic is routed to any node, then + forwarded on. While cluster routing may be slower, there are + some situations where it is required for connectivity. This + field must be either "Cluster" or "Local", defaulting to "Local", + enum: + - Cluster + - Local + type: string + exposedFeatures: + description: ExposedFeatures is a list of Couchbase features to + expose when using a networking model that exposes the Couchbase + cluster externally to Kubernetes. This field also triggers + the creation of per-pod services used by clients to connect + to the Couchbase cluster. When admin, only the administrator + port is exposed, allowing remote administration. When xdcr, + only the services required for remote replication are exposed. + The xdcr feature is only required when the cluster is the destination + of an XDCR replication. When client, all services are exposed + as required for client SDK operation. This field may contain + any of "admin", "xdcr" and "client". Each feature may only + be included once. + items: + enum: + - admin + - xdcr + - client + type: string + type: array + x-kubernetes-list-type: set + loadBalancerSourceRanges: + description: DEPRECATED - by adminConsoleServiceTemplate and exposedFeatureServiceTemplate. + LoadBalancerSourceRanges applies only when an exposed service + is of type LoadBalancer and limits the source IP ranges that + are allowed to use the service. Items must use IPv4 class-less + interdomain routing (CIDR) notation e.g. 10.0.0.0/16. + items: + pattern: ^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/\d{1,2}$ + type: string + type: array + networkPlatform: + description: NetworkPlatform is used to enable support for various + networking technologies. This field must be one of "Istio". + enum: + - Istio + type: string + serviceAnnotations: + additionalProperties: + type: string + description: DEPRECATED - by adminConsoleServiceTemplate and exposedFeatureServiceTemplate. + ServiceAnnotations allows services to be annotated with custom + labels. Operator annotations are merged on top of these so have + precedence as they are required for correct operation. + type: object + tls: + description: TLS defines the TLS configuration for the cluster + including server and client certificate configuration, and TLS + security policies. + properties: + allowPlainTextCertReload: + default: false + description: AllowPlainTextCertReload allows the reload of + TLS certificates in plain text. This option should only + be enabled as a means to recover connectivity with server + in the event that any of the server certificates expire. + When enabled the Operator only attempts plain text cert + reloading when expired certificates are detected. + type: boolean + cipherSuites: + description: CipherSuites specifies a list of cipher suites + for Couchbase server to select from when negotiating TLS + handshakes with a client. Suites are not validated by the + Operator. Run "openssl ciphers -v" in a Couchbase server + pod to interrogate supported values. + items: + type: string + type: array + x-kubernetes-list-type: set + clientCertificatePaths: + description: ClientCertificatePaths defines where to look + in client certificates in order to extract the user name. + items: + description: ClientCertificatePath defines how to extract + a username from a client ceritficate. + properties: + delimiter: + description: Delimiter if specified allows a suffix + to be stripped from the username, once extracted from + the certificate path. + type: string + path: + description: Path defines where in the X.509 specification + to extract the username from. This field must be either + "subject.cn", "san.uri", "san.dnsname" or "san.email". + pattern: ^subject\.cn|san\.uri|san\.dnsname|san\.email$ + type: string + prefix: + description: Prefix allows a prefix to be stripped from + the username, once extracted from the certificate + path. + type: string + required: + - path + type: object + type: array + clientCertificatePolicy: + description: ClientCertificatePolicy defines the client authentication + policy to use. If set, the Operator expects TLS configuration + to contain a valid certificate/key pair for the Administrator + account. + enum: + - enable + - mandatory + type: string + nodeToNodeEncryption: + description: NodeToNodeEncryption specifies whether to encrypt + data between Couchbase nodes within the same cluster. This + may come at the expense of performance. When control plane + only encryption is used, only cluster management traffic + is encrypted between nodes. When all, all traffic is encrypted, + including database documents. When strict mode is used, + it is the same as all, but also disables all plaintext ports. Strict + mode is only available on Couchbase Server versions 7.1 + and greater. Node to node encryption can only be used when + TLS certificates are managed by the Operator. This field + must be either "ControlPlaneOnly", "All", or "Strict". + enum: + - ControlPlaneOnly + - All + - Strict + type: string + passphrase: + description: PassphraseConfig configures the passphrase key + to use with encrypted certificates. The passphrase may be + registered with Couchbase Server using a local script or + a rest endpoint. Private key encryption is only available + on Couchbase Server versions 7.1 and greater. + properties: + rest: + description: PassphraseRestConfig is the configuration + to register a private key passphrase with a rest endpoint. + When the private key is accessed, Couchbase Server attempts + to extract the password by means of the specified endpoint. + The response status must be 200 and the response text + must be the exact passphrase excluding newlines and + extraneous spaces. + properties: + addressFamily: + default: inet + description: AddressFamily is the address family to + use. By default inet (meaning IPV4) is used. + enum: + - inet + - inet6 + type: string + headers: + additionalProperties: + type: string + description: Headers is a map of one or more key-value + pairs to pass alongside the Get request. + type: object + timeout: + default: 5000 + description: Timeout is the number of milliseconds + that must elapse before the call is timed out. + format: int64 + type: integer + url: + description: URL is the endpoint to be called to retrieve + the passphrase. URL will be called using the GET + method and may use http/https protocol. + type: string + verifyPeer: + default: true + description: VerifyPeer ensures peer verification + is performed when Https is used. + type: boolean + required: + - url + type: object + script: + description: PassphraseScriptConfig is the configuration + to register a private key passphrase with a script. + The Operator auto-provisions the underlying script so + this config simply provides a mechanism to perform the + decryption of the Couchbase Private Key using a local + script. + properties: + secret: + description: Secret is the secret containing the passphrase + string. The secret is expected to contain "passphrase" + key with the passphrase string as a value. + type: string + required: + - secret + type: object + type: object + rootCAs: + description: RootCAs defines a set of secrets that reside + in this namespace that contain additional CA certificates + that should be installed in Couchbase. The CA certificates + that are defined here are in addition to those defined for + the cluster, optionally by couchbaseclusters.spec.networking.tls.secretSource, + and thus should not be duplicated. Each Secret referred + to must be of well-known type "kubernetes.io/tls" and must + contain one or more CA certificates under the key "tls.crt". + Multiple root CA certificates are only supported on Couchbase + Server 7.1 and greater, and not with legacy couchbaseclusters.spec.networking.tls.static + configuration. + items: + type: string + type: array + secretSource: + description: SecretSource enables the user to specify a secret + conforming to the Kubernetes TLS secret specification that + is used for the Couchbase server certificate, and optionally + the Operator's client certificate, providing cert-manager + compatibility without having to specify a separate root + CA. A server CA certificate must be supplied by one of + the provided methods. Certificates referred to must conform + to the keys of well-known type "kubernetes.io/tls" with + "tls.crt" and "tls.key". If the "tls.key" is an encrypted + private key then the secret type can be the generic Opaque + type since "kubernetes.io/tls" type secrets cannot verify + encrypted keys. + properties: + clientSecretName: + description: ClientSecretName specifies the secret name, + in the same namespace as the cluster, the contains client + TLS data. The secret is expected to contain "tls.crt" + and "tls.key" as per the Kubernetes.io/tls secret type. + type: string + serverSecretName: + description: ServerSecretName specifies the secret name, + in the same namespace as the cluster, that contains + server TLS data. The secret is expected to contain + "tls.crt" and "tls.key" as per the kubernetes.io/tls + secret type. It may also contain "ca.crt". Only a single + PEM formated x509 certificate can be provided to "ca.crt". + The single certificate may also bundle together multiple + root CA certificates. Multiple root CA certificates + are only supported on Couchbase Server 7.1 and greater. + type: string + required: + - serverSecretName + type: object + static: + description: DEPRECATED - by couchbaseclusters.spec.networking.tls.secretSource. + Static enables user to generate static x509 certificates + and keys, put them into Kubernetes secrets, and specify + them here. Static secrets are Couchbase specific, and follow + no well-known standards. + properties: + operatorSecret: + description: OperatorSecret is a secret name containing + TLS certs used by operator to talk securely to this + cluster. The secret must contain a CA certificate (data + key ca.crt). If client authentication is enabled, then + the secret must also contain a client certificate chain + (data key "couchbase-operator.crt") and private key + (data key "couchbase-operator.key"). + type: string + serverSecret: + description: ServerSecret is a secret name containing + TLS certs used by each Couchbase member pod for the + communication between Couchbase server and its clients. The + secret must contain a certificate chain (data key "chain.pem") + and a private key (data key "pkey.key"). The private + key must be in the PKCS#1 RSA format. The certificate + chain must have a required set of X.509v3 subject alternative + names for all cluster addressing modes. See the Operator + TLS documentation for more information. + type: string + type: object + tlsMinimumVersion: + default: TLS1.2 + description: TLSMinimumVersion specifies the minimum TLS version + the Couchbase server can negotiate with a client. Must + be one of TLS1.0, TLS1.1 TLS1.2 or TLS1.3, defaulting to + TLS1.2. TLS1.3 is only valid for Couchbase Server 7.1.0 + onward. + enum: + - TLS1.0 + - TLS1.1 + - TLS1.2 + - TLS1.3 + type: string + type: object + waitForAddressReachable: + default: 10m + description: WaitForAddressReachable is used to set the timeout + between when polling of external addresses is started, and when + it is deemed a failure. Polling of DNS name availability inherently + dangerous due to negative caching, so prefer the use of an initial + `waitForAddressReachableDelay` to allow propagation. + type: string + waitForAddressReachableDelay: + default: 2m + description: WaitForAddressReachableDelay is used to defer operator + checks that ensure external addresses are reachable before new + nodes are balanced in to the cluster. This prevents negative + DNS caching while waiting for external-DDNS controllers to propagate + addresses. + type: string + type: object + onlineVolumeExpansionTimeoutInMins: + description: OnlineVolumeExpansionTimeoutInMins must be provided as + a retry mechanism with a timeout in minutes for expanding volumes. + This must only be provided, if EnableOnlineVolumeExpansion is set + to true. Value must be between 0 and 30. If no value is provided, + then it defaults to 10 minutes. + maximum: 30 + minimum: 0 + type: integer + paused: + description: Paused is to pause the control of the operator for the + Couchbase cluster. This does not pause the cluster itself, instead + stopping the operator from taking any action. + type: boolean + platform: + description: Platform gives a hint as to what platform we are running + on and how to configure services. This field must be one of "aws", + "gke" or "azure". + enum: + - aws + - gce + - azure + type: string + recoveryPolicy: + description: RecoveryPolicy controls how aggressive the Operator is + when recovering cluster topology. When PrioritizeDataIntegrity, + the Operator will delegate failover exclusively to Couchbase server, + relying on it to only allow recovery when safe to do so. When PrioritizeUptime, + the Operator will wait for a period after the expected auto-failover + of the cluster, before forcefully failing-over the pods. This may + cause data loss, and is only expected to be used on clusters with + ephemeral data, where the loss of the pod means that the data is + known to be unrecoverable. This field must be either "PrioritizeDataIntegrity" + or "PrioritizeUptime", defaulting to "PrioritizeDataIntegrity". + enum: + - PrioritizeDataIntegrity + - PrioritizeUptime + type: string + rollingUpgrade: + description: When `spec.upgradeStrategy` is set to `RollingUpgrade` + it will, by default, upgrade one pod at a time. If this field is + specified then that number can be increased. + properties: + maxUpgradable: + description: MaxUpgradable allows the number of pods affected + by an upgrade at any one time to be increased. By default a + rolling upgrade will upgrade one pod at a time. This field + allows that limit to be removed. This field must be greater + than zero. The smallest of `maxUpgradable` and `maxUpgradablePercent` + takes precedence if both are defined. + minimum: 1 + type: integer + maxUpgradablePercent: + description: MaxUpgradablePercent allows the number of pods affected + by an upgrade at any one time to be increased. By default a + rolling upgrade will upgrade one pod at a time. This field + allows that limit to be removed. This field must be an integer + percentage, e.g. "10%", in the range 1% to 100%. Percentages + are relative to the total cluster size, and rounded down to + the nearest whole number, with a minimum of 1. For example, + a 10 pod cluster, and 25% allowed to upgrade, would yield 2.5 + pods per iteration, rounded down to 2. The smallest of `maxUpgradable` + and `maxUpgradablePercent` takes precedence if both are defined. + pattern: ^(100|[1-9][0-9]|[1-9])%$ + type: string + type: object + security: + description: Security defines Couchbase cluster security options such + as the administrator account username and password, and user RBAC + settings. + properties: + adminSecret: + description: AdminSecret is the name of a Kubernetes secret to + use for administrator authentication. The admin secret must + contain the keys "username" and "password". The password data + must be at least 6 characters in length, and not contain the + any of the characters `()<>,;:\"/[]?={}`. + type: string + ldap: + description: LDAP provides settings to authenticate and authorize + LDAP users with Couchbase Server. When specified, the Operator + keeps these settings in sync with Cocuhbase Server's LDAP configuration. + Leave empty to manually manage LDAP configuration. + properties: + authenticationEnabled: + default: true + description: AuthenticationEnabled allows users who attempt + to access Couchbase Server without having been added as + local users to be authenticated against the specified LDAP + Host(s). + type: boolean + authorizationEnabled: + description: AuthorizationEnabled allows authenticated LDAP + users to be authorized with RBAC roles granted to any Couchbase + Server group associated with the user. + type: boolean + bindDN: + description: 'DN to use for searching users and groups synchronization. + More info: https://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html' + type: string + bindSecret: + description: BindSecret is the name of a Kubernetes secret + to use containing password for LDAP user binding. The bindSecret + must have a key with the name "password" and a value which + corresponds to the password of the binding LDAP user. + type: string + cacert: + description: DEPRECATED - Field is ignored, use tlsSecret. + CA Certificate in PEM format to be used in LDAP server certificate + validation. This cert is the string form of the secret provided + to `spec.tls.tlsSecret`. + type: string + cacheValueLifetime: + default: 30000 + description: 'Lifetime of values in cache in milliseconds. + Default 300000 ms. More info: https://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html' + format: int64 + type: integer + encryption: + description: Encryption determines how the connection with + the LDAP server should be encrypted. Encryption may set + as either StartTLSExtension, TLS, or false. When set to + "false" then no verification of the LDAP hostname is performed. + When Encryption is StartTLSExtension, or TLS is set then + the default behavior is to use the certificate already loaded + into the Couchbase Cluster for certificate validation, otherwise + `ldap.tlsSecret` may be set to override The Couchbase certificate. + enum: + - None + - StartTLSExtension + - TLS + type: string + groupsQuery: + description: 'LDAP query, to get the users'' groups by username + in RFC4516 format. More info: https://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html' + type: string + hosts: + description: List of LDAP hosts to provide authentication-support + for Couchbase Server. Host name must be a valid IP address + or DNS Name e.g openldap.default.svc, 10.0.92.147. + items: + type: string + minItems: 1 + type: array + nestedGroupsEnabled: + description: 'If enabled Couchbase server will try to recursively + search for groups for every discovered ldap group. groups_query + will be user for the search. More info: https://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html' + type: boolean + nestedGroupsMaxDepth: + default: 10 + description: 'Maximum number of recursive groups requests + the server is allowed to perform. Requires NestedGroupsEnabled. Values + between 1 and 100: the default is 10. More info: https://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html' + format: int64 + maximum: 100 + minimum: 1 + type: integer + port: + default: 389 + description: LDAP port. This is typically 389 for LDAP, and + 636 for LDAPS. + type: integer + serverCertValidation: + description: Whether server certificate validation be enabled. + type: boolean + tlsSecret: + description: TLSSecret is the name of a Kubernetes secret + to use explcitly for LDAP ca cert. If TLSSecret is not provided, + certificates found in `couchbaseclusters.spec.networking.tls.rootCAs` + will be used instead. If provided, the secret must contain + the ca to be used under the name "ca.crt". + type: string + userDNMapping: + description: 'User to distinguished name (DN) mapping. If + none is specified, the username is used as the user’s distinguished + name. More info: https://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html' + properties: + query: + description: Query is the LDAP query to run to map from + Couchbase user to LDAP distinguished name. + type: string + template: + description: This field specifies list of templates to + use for providing username to DN mapping. The template + may contain a placeholder specified as `%u` to represent + the Couchbase user who is attempting to gain access. + type: string + type: object + required: + - bindSecret + - hosts + - port + type: object + podSecurityContext: + description: 'PodSecurityContext allows the configuration of the + security context for all Couchbase server pods. When using + persistent volumes you may need to set the fsGroup field in + order to write to the volume. For non-root clusters you must + also set runAsUser to 1000, corresponding to the Couchbase user + in official container images. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + fsGroup: + description: "A special supplemental group that applies to + all containers in a pod. Some volume types allow the Kubelet + to change the ownership of that volume to be owned by the + pod: \n 1. The owning GID will be the FSGroup 2. The setgid + bit is set (new files created in the volume will be owned + by FSGroup) 3. The permission bits are OR'd with rw-rw---- + \n If unset, the Kubelet will not modify the ownership and + permissions of any volume. Note that this field cannot be + set when spec.os.name is windows." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified, "Always" is used. Note that + this field cannot be set when spec.os.name is windows.' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. Note that this field + cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + Note that this field cannot be set when spec.os.name is + windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence + for that container. Note that this field cannot be set when + spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by the containers + in this pod. Note that this field cannot be set when spec.os.name + is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile must + be preconfigured on the node to work. Must be a descending + path, relative to the kubelet's configured seccomp profile + location. Must be set if type is "Localhost". Must NOT + be set for any other type. + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - a + profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile + should be used. Unconfined - no profile should be applied." + type: string + required: + - type + type: object + supplementalGroups: + description: A list of groups applied to the first process + run in each container, in addition to the container's primary + GID, the fsGroup (if specified), and group memberships defined + in the container image for the uid of the container process. + If unspecified, no additional groups are added to any container. + Note that group memberships defined in the container image + for the uid of the container process are still effective, + even if they are not included in this list. Note that this + field cannot be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. Note that this field cannot + be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options within a container's + SecurityContext will be used. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. All of a Pod's + containers must have the same effective HostProcess + value (it is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must also be + set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + rbac: + description: RBAC is the options provided for enabling and selecting + RBAC User resources to manage. + properties: + managed: + description: Managed defines whether RBAC is managed by us + or the clients. + type: boolean + selector: + description: Selector is a label selector used to list RBAC + resources in the namespace that are managed by the Operator. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + type: object + securityContext: + description: 'SecurityContext defines the security options the + container should be run with. If set, the fields of SecurityContext + override the equivalent fields of PodSecurityContext. Use securityContext.allowPrivilegeEscalation + field to grant more privileges than its parent process. More + info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a + process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN Note that this field cannot be set + when spec.os.name is windows.' + type: boolean + capabilities: + description: The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the + container runtime. Note that this field cannot be set when + spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in + privileged containers are essentially equivalent to root + on the host. Defaults to false. Note that this field cannot + be set when spec.os.name is windows. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use + for the containers. The default is DefaultProcMount which + uses the container runtime defaults for readonly paths and + masked paths. This requires the ProcMountType feature flag + to be enabled. Note that this field cannot be set when spec.os.name + is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. + Default is false. Note that this field cannot be set when + spec.os.name is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail + to start the container if it does. If unset or false, no + such validation will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if + unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this container. + If seccomp options are provided at both the pod & container + level, the container options override the pod options. Note + that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile must + be preconfigured on the node to work. Must be a descending + path, relative to the kubelet's configured seccomp profile + location. Must be set if type is "Localhost". Must NOT + be set for any other type. + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - a + profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile + should be used. Unconfined - no profile should be applied." + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options from the PodSecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is + linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. All of a Pod's + containers must have the same effective HostProcess + value (it is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must also be + set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + uiSessionTimeout: + default: 0 + description: UISessionTimeout sets how long, in minutes, before + a user is declared inactive and signed out from the Couchbase + Server UI. 0 represents no time out. + maximum: 16666 + minimum: 0 + type: integer + required: + - adminSecret + type: object + securityContext: + description: 'DEPRECATED - by spec.security.securityContext SecurityContext + allows the configuration of the security context for all Couchbase + server pods. When using persistent volumes you may need to set + the fsGroup field in order to write to the volume. For non-root + clusters you must also set runAsUser to 1000, corresponding to the + Couchbase user in official container images. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + properties: + fsGroup: + description: "A special supplemental group that applies to all + containers in a pod. Some volume types allow the Kubelet to + change the ownership of that volume to be owned by the pod: + \n 1. The owning GID will be the FSGroup 2. The setgid bit is + set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership and permissions of + any volume. Note that this field cannot be set when spec.os.name + is windows." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will have + no effect on ephemeral volume types such as: secret, configmaps + and emptydir. Valid values are "OnRootMismatch" and "Always". + If not specified, "Always" is used. Note that this field cannot + be set when spec.os.name is windows.' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container process. + Uses runtime default if unset. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to start + the container if it does. If unset or false, no such validation + will be performed. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. Note that this field cannot + be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by the containers in this + pod. Note that this field cannot be set when spec.os.name is + windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile must be + preconfigured on the node to work. Must be a descending + path, relative to the kubelet's configured seccomp profile + location. Must be set if type is "Localhost". Must NOT be + set for any other type. + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - a profile + defined in a file on the node should be used. RuntimeDefault + - the container runtime default profile should be used. + Unconfined - no profile should be applied." + type: string + required: + - type + type: object + supplementalGroups: + description: A list of groups applied to the first process run + in each container, in addition to the container's primary GID, + the fsGroup (if specified), and group memberships defined in + the container image for the uid of the container process. If + unspecified, no additional groups are added to any container. + Note that group memberships defined in the container image for + the uid of the container process are still effective, even if + they are not included in this list. Note that this field cannot + be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used for + the pod. Pods with unsupported sysctls (by the container runtime) + might fail to launch. Note that this field cannot be set when + spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named by + the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. All of a Pod's containers + must have the same effective HostProcess value (it is not + allowed to have a mix of HostProcess containers and non-HostProcess + containers). In addition, if HostProcess is true then HostNetwork + must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: string + type: object + type: object + serverGroups: + description: ServerGroups define the set of availability zones you + want to distribute pods over, and construct Couchbase server groups + for. By default, most cloud providers will label nodes with the + key "topology.kubernetes.io/zone", the values associated with that + key are used here to provide explicit scheduling by the Operator. You + may manually label nodes using the "topology.kubernetes.io/zone" + key, to provide failure-domain aware scheduling when none is provided + for you. Global server groups are applied to all server classes, + and may be overridden on a per-server class basis to give more control + over scheduling and server groups. + items: + type: string + type: array + x-kubernetes-list-type: set + servers: + description: Servers defines server classes for the Operator to provision + and manage. A server class defines what services are running and + how many members make up that class. Specifying multiple server + classes allows the Operator to provision clusters with Multi-Dimensional + Scaling (MDS). At least one server class must be defined, and at + least one server class must be running the data service. + items: + properties: + autoscaleEnabled: + description: AutoscaledEnabled defines whether the autoscaling + feature is enabled for this class. When true, the Operator + will create a CouchbaseAutoscaler resource for this server + class. The CouchbaseAutoscaler implements the Kubernetes + scale API and can be controlled by the Kubernetes horizontal + pod autoscaler (HPA). + type: boolean + env: + description: Env allows the setting of environment variables + in the Couchbase server container. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be + a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. + If a variable cannot be resolved, the reference in the + input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) + syntax: i.e. "$$(VAR_NAME)" will produce the string + literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists + or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: EnvFrom allows the setting of environment variables + in the Couchbase server container. + items: + description: EnvFromSource represents the source of a set + of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap must be + defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each + key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + name: + description: Name is a textual name for the server configuration + and must be unique. The name is used by the operator to uniquely + identify a server class, and map pods back to an intended + configuration. + type: string + pod: + description: 'Pod defines a template used to create pod for + each Couchbase server instance. Modifying pod metadata such + as labels and annotations will update the pod in-place. Any + other modification will result in a cluster upgrade in order + to fulfill the request. The Operator reserves the right to + modify or replace any field. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#pod-v1-core' + properties: + metadata: + description: Standard objects metadata. This is a curated + version for use with Couchbase resource templates. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value + map stored with a resource that may be set by external + tools to store and retrieve arbitrary metadata. They + are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can + be used to organize and categorize (scope and select) + objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: PodSpec is a description of a pod. + properties: + activeDeadlineSeconds: + description: Optional duration in seconds the pod may + be active on the node relative to StartTime before + the system will actively try to mark it failed and + kill associated containers. Value must be a positive + integer. + format: int64 + type: integer + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the affinity expressions + specified by this field, but it may choose + a node that violates one or more of the expressions. + The node that is most preferred is the one + with the greatest sum of weights, i.e. for + each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum + by iterating through the elements of this + field and adding "weight" to the sum if the + node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most + preferred. + items: + description: An empty preferred scheduling + term matches all objects with implicit weight + 0 (i.e. it's a no-op). A null preferred + scheduling term matches no objects (i.e. + is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: Represents a key's + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array of string + values. If the operator is + In or NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, + the values array must have + a single element, which will + be interpreted as an integer. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: Represents a key's + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array of string + values. If the operator is + In or NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, + the values array must have + a single element, which will + be interpreted as an integer. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified + by this field are not met at scheduling time, + the pod will not be scheduled onto the node. + If the affinity requirements specified by + this field cease to be met at some point during + pod execution (e.g. due to an update), the + system may or may not try to eventually evict + the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: A null or empty node selector + term matches no objects. The requirements + of them are ANDed. The TopologySelectorTerm + type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: Represents a key's + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array of string + values. If the operator is + In or NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, + the values array must have + a single element, which will + be interpreted as an integer. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: Represents a key's + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, + and Lt. + type: string + values: + description: An array of string + values. If the operator is + In or NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, + the values array must have + a single element, which will + be interpreted as an integer. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules + (e.g. co-locate this pod in the same node, zone, + etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the affinity expressions + specified by this field, but it may choose + a node that violates one or more of the expressions. + The node that is most preferred is the one + with the greatest sum of weights, i.e. for + each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum + by iterating through the elements of this + field and adding "weight" to the sum if the + node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest + sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over a + set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the + set of namespaces that the term + applies to. The term is applied + to the union of the namespaces selected + by this field and the ones listed + in the namespaces field. null selector + and null or empty namespaces list + means "this pod's namespace". An + empty selector ({}) matches all + namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The term + is applied to the union of the namespaces + listed in this field and the ones + selected by namespaceSelector. null + or empty namespaces list and null + namespaceSelector means "this pod's + namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching + the corresponding podAffinityTerm, in + the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified + by this field are not met at scheduling time, + the pod will not be scheduled onto the node. + If the affinity requirements specified by + this field cease to be met at some point during + pod execution (e.g. due to a pod label update), + the system may or may not try to eventually + evict the pod from its node. When there are + multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. + all terms must be satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this pod + should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is + defined as running on a node whose value + of the label with key matches + that of any node on which a pod of the set + of pods is running + properties: + labelSelector: + description: A label query over a set + of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set + of namespaces that the term applies + to. The term is applied to the union + of the namespaces selected by this field + and the ones listed in the namespaces + field. null selector and null or empty + namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's + namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose + value of the label with key topologyKey + matches that of any node on which any + of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the same + node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the anti-affinity + expressions specified by this field, but it + may choose a node that violates one or more + of the expressions. The node that is most + preferred is the one with the greatest sum + of weights, i.e. for each node that meets + all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating + through the elements of this field and adding + "weight" to the sum if the node has pods which + matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most + preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over a + set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the + set of namespaces that the term + applies to. The term is applied + to the union of the namespaces selected + by this field and the ones listed + in the namespaces field. null selector + and null or empty namespaces list + means "this pod's namespace". An + empty selector ({}) matches all + namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The term + is applied to the union of the namespaces + listed in this field and the ones + selected by namespaceSelector. null + or empty namespaces list and null + namespaceSelector means "this pod's + namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching + the corresponding podAffinityTerm, in + the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements + specified by this field are not met at scheduling + time, the pod will not be scheduled onto the + node. If the anti-affinity requirements specified + by this field cease to be met at some point + during pod execution (e.g. due to a pod label + update), the system may or may not try to + eventually evict the pod from its node. When + there are multiple elements, the lists of + nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this pod + should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is + defined as running on a node whose value + of the label with key matches + that of any node on which a pod of the set + of pods is running + properties: + labelSelector: + description: A label query over a set + of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set + of namespaces that the term applies + to. The term is applied to the union + of the namespaces selected by this field + and the ones listed in the namespaces + field. null selector and null or empty + namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's + namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose + value of the label with key topologyKey + matches that of any node on which any + of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates + whether a service account token should be automatically + mounted. + type: boolean + dnsConfig: + description: Specifies the DNS parameters of a pod. + Parameters specified here will be merged to the generated + DNS configuration based on DNSPolicy. + properties: + nameservers: + description: A list of DNS name server IP addresses. + This will be appended to the base nameservers + generated from DNSPolicy. Duplicated nameservers + will be removed. + items: + type: string + type: array + options: + description: A list of DNS resolver options. This + will be merged with the base options generated + from DNSPolicy. Duplicated entries will be removed. + Resolution options given in Options will override + those that appear in the base DNSPolicy. + items: + description: PodDNSConfigOption defines DNS resolver + options of a pod. + properties: + name: + description: Required. + type: string + value: + type: string + type: object + type: array + searches: + description: A list of DNS search domains for host-name + lookup. This will be appended to the base search + paths generated from DNSPolicy. Duplicated search + paths will be removed. + items: + type: string + type: array + type: object + dnsPolicy: + description: Set DNS policy for the pod. Defaults to + "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', + 'ClusterFirst', 'Default' or 'None'. DNS parameters + given in DNSConfig will be merged with the policy + selected with DNSPolicy. To have DNS options set along + with hostNetwork, you have to specify DNS policy explicitly + to 'ClusterFirstWithHostNet'. + type: string + enableServiceLinks: + description: 'EnableServiceLinks indicates whether information + about services should be injected into pod''s environment + variables, matching the syntax of Docker links. Optional: + Defaults to true.' + type: boolean + hostIPC: + description: 'Use the host''s ipc namespace. Optional: + Default to false.' + type: boolean + hostNetwork: + description: Host networking requested for this pod. + Use the host's network namespace. If this option is + set, the ports that will be used must be specified. + Default to false. + type: boolean + hostPID: + description: 'Use the host''s pid namespace. Optional: + Default to false.' + type: boolean + hostUsers: + description: 'Use the host''s user namespace. Optional: + Default to true. If set to true or not present, the + pod will be run in the host user namespace, useful + for when the pod needs a feature only available to + the host user namespace, such as loading a kernel + module with CAP_SYS_MODULE. When set to false, a new + userns is created for the pod. Setting false is useful + for mitigating container breakout vulnerabilities + even allowing users to run their containers as root + without actually having root privileges on the host. + This field is alpha-level and is only honored by servers + that enable the UserNamespacesSupport feature.' + type: boolean + imagePullSecrets: + description: 'ImagePullSecrets is an optional list of + references to secrets in the same namespace to use + for pulling any of the images used by this PodSpec. + If specified, these secrets will be passed to individual + puller implementations for them to use. More info: + https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' + items: + description: LocalObjectReference contains enough + information to let you locate the referenced object + inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + type: object + type: array + nodeName: + description: NodeName is a request to schedule this + pod onto a specific node. If it is non-empty, the + scheduler simply schedules this pod onto that node, + assuming that it fits resource requirements. + type: string + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector is a selector which must + be true for the pod to fit on a node. Selector which + must match a node''s labels for the pod to be scheduled + on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + type: object + x-kubernetes-map-type: atomic + os: + description: "Specifies the OS of the containers in + the pod. Some pod and container fields are restricted + if this is set. \n If the OS field is set to linux, + the following fields must be unset: -securityContext.windowsOptions + \n If the OS field is set to windows, following fields + must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers + - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile + - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy + - spec.securityContext.sysctls - spec.shareProcessNamespace + - spec.securityContext.runAsUser - spec.securityContext.runAsGroup + - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.seLinuxOptions + - spec.containers[*].securityContext.seccompProfile + - spec.containers[*].securityContext.capabilities + - spec.containers[*].securityContext.readOnlyRootFilesystem + - spec.containers[*].securityContext.privileged - + spec.containers[*].securityContext.allowPrivilegeEscalation + - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser + - spec.containers[*].securityContext.runAsGroup" + properties: + name: + description: 'Name is the name of the operating + system. The currently supported values are linux + and windows. Additional value may be defined in + future and can be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration + Clients should expect to handle additional values + and treat unrecognized values in this field as + os: null' + type: string + required: + - name + type: object + overhead: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Overhead represents the resource overhead + associated with running a pod for a given RuntimeClass. + This field will be autopopulated at admission time + by the RuntimeClass admission controller. If the RuntimeClass + admission controller is enabled, overhead must not + be set in Pod create requests. The RuntimeClass admission + controller will reject Pod create requests which have + the overhead already set. If RuntimeClass is configured + and selected in the PodSpec, Overhead will be set + to the value defined in the corresponding RuntimeClass, + otherwise it will remain unset and treated as zero. + More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md' + type: object + preemptionPolicy: + description: PreemptionPolicy is the Policy for preempting + pods with lower priority. One of Never, PreemptLowerPriority. + Defaults to PreemptLowerPriority if unset. + type: string + priority: + description: The priority value. Various system components + use this field to find the priority of the pod. When + Priority Admission Controller is enabled, it prevents + users from setting this field. The admission controller + populates this field from PriorityClassName. The higher + the value, the higher the priority. + format: int32 + type: integer + priorityClassName: + description: If specified, indicates the pod's priority. + "system-node-critical" and "system-cluster-critical" + are two special keywords which indicate the highest + priorities with the former being the highest priority. + Any other name must be defined by creating a PriorityClass + object with that name. If not specified, the pod priority + will be default or zero if there is no default. + type: string + resourceClaims: + description: "ResourceClaims defines which ResourceClaims + must be allocated and reserved before the Pod is allowed + to start. The resources will be made available to + those containers which consume them by name. \n This + is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable." + items: + description: PodResourceClaim references exactly one + ResourceClaim through a ClaimSource. It adds a name + to it that uniquely identifies the ResourceClaim + inside the Pod. Containers that need access to the + ResourceClaim reference it with this name. + properties: + name: + description: Name uniquely identifies this resource + claim inside the pod. This must be a DNS_LABEL. + type: string + source: + description: Source describes where to find the + ResourceClaim. + properties: + resourceClaimName: + description: ResourceClaimName is the name + of a ResourceClaim object in the same namespace + as this pod. + type: string + resourceClaimTemplateName: + description: "ResourceClaimTemplateName is + the name of a ResourceClaimTemplate object + in the same namespace as this pod. \n The + template will be used to create a new ResourceClaim, + which will be bound to this pod. When this + pod is deleted, the ResourceClaim will also + be deleted. The pod name and resource name, + along with a generated component, will be + used to form a unique name for the ResourceClaim, + which will be recorded in pod.status.resourceClaimStatuses. + \n This field is immutable and no changes + will be made to the corresponding ResourceClaim + by the control plane after creating the + ResourceClaim." + type: string + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + runtimeClassName: + description: 'RuntimeClassName refers to a RuntimeClass + object in the node.k8s.io group, which should be used + to run this pod. If no RuntimeClass resource matches + the named class, the pod will not be run. If unset + or empty, the "legacy" RuntimeClass will be used, + which is an implicit class with an empty definition + that uses the default runtime handler. More info: + https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class' + type: string + schedulerName: + description: If specified, the pod will be dispatched + by specified scheduler. If not specified, the pod + will be dispatched by default scheduler. + type: string + schedulingGates: + description: "SchedulingGates is an opaque list of values + that if specified will block scheduling the pod. If + schedulingGates is not empty, the pod will stay in + the SchedulingGated state and the scheduler will not + attempt to schedule the pod. \n SchedulingGates can + only be set at pod creation time, and be removed only + afterwards. \n This is a beta feature enabled by the + PodSchedulingReadiness feature gate." + items: + description: PodSchedulingGate is associated to a + Pod to guard its scheduling. + properties: + name: + description: Name of the scheduling gate. Each + scheduling gate must have a unique name field. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + serviceAccount: + description: 'DeprecatedServiceAccount is a depreciated + alias for ServiceAccountName. Deprecated: Use serviceAccountName + instead.' + type: string + serviceAccountName: + description: 'ServiceAccountName is the name of the + ServiceAccount to use to run this pod. More info: + https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + setHostnameAsFQDN: + description: If true the pod's hostname will be configured + as the pod's FQDN, rather than the leaf name (the + default). In Linux containers, this means setting + the FQDN in the hostname field of the kernel (the + nodename field of struct utsname). In Windows containers, + this means setting the registry value of hostname + for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters + to FQDN. If a pod does not have FQDN, this has no + effect. Default to false. + type: boolean + shareProcessNamespace: + description: 'Share a single process namespace between + all of the containers in a pod. When this is set containers + will be able to view and signal processes from other + containers in the same pod, and the first process + in each container will not be assigned PID 1. HostPID + and ShareProcessNamespace cannot both be set. Optional: + Default to false.' + type: boolean + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully. May be decreased in delete + request. Value must be non-negative integer. The value + zero indicates stop immediately via the kill signal + (no opportunity to shut down). If this value is nil, + the default grace period will be used instead. The + grace period is the duration in seconds after the + processes running in the pod are sent a termination + signal and the time when the processes are forcibly + halted with a kill signal. Set this value longer than + the expected cleanup time for your process. Defaults + to 30 seconds. + format: int64 + type: integer + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to + tolerates any taint that matches the triple + using the matching operator . + properties: + effect: + description: Effect indicates the taint effect + to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, + PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; + this combination means to match all values and + all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and + Equal. Defaults to Equal. Exists is equivalent + to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the + period of time the toleration (which must be + of effect NoExecute, otherwise this field is + ignored) tolerates the taint. By default, it + is not set, which means tolerate the taint forever + (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration + matches to. If the operator is Exists, the value + should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraints describes how + a group of pods ought to spread across topology domains. + Scheduler will schedule pods in a way which abides + by the constraints. All topologySpreadConstraints + are ANDed. + items: + description: TopologySpreadConstraint specifies how + to spread matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching + pods. Pods that match this label selector are + counted to determine the number of pods in their + corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + matchLabelKeys: + description: "MatchLabelKeys is a set of pod label + keys to select the pods over which spreading + will be calculated. The keys are used to lookup + values from the incoming pod labels, those key-value + labels are ANDed with labelSelector to select + the group of existing pods over which spreading + will be calculated for the incoming pod. The + same key is forbidden to exist in both MatchLabelKeys + and LabelSelector. MatchLabelKeys cannot be + set when LabelSelector isn't set. Keys that + don't exist in the incoming pod labels will + be ignored. A null or empty list means only + match against labelSelector. \n This is a beta + field and requires the MatchLabelKeysInPodTopologySpread + feature gate to be enabled (enabled by default)." + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: 'MaxSkew describes the degree to + which pods may be unevenly distributed. When + `whenUnsatisfiable=DoNotSchedule`, it is the + maximum permitted difference between the number + of matching pods in the target topology and + the global minimum. The global minimum is the + minimum number of matching pods in an eligible + domain or zero if the number of eligible domains + is less than MinDomains. For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with + the same labelSelector spread as 2/2/1: In this + case, the global minimum is 1. | zone1 | zone2 + | zone3 | | P P | P P | P | - if MaxSkew + is 1, incoming pod can only be scheduled to + zone3 to become 2/2/2; scheduling it onto zone1(zone2) + would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). - if MaxSkew is 2, incoming + pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, + it is used to give higher precedence to topologies + that satisfy it. It''s a required field. Default + value is 1 and 0 is not allowed.' + format: int32 + type: integer + minDomains: + description: "MinDomains indicates a minimum number + of eligible domains. When the number of eligible + domains with matching topology keys is less + than minDomains, Pod Topology Spread treats + \"global minimum\" as 0, and then the calculation + of Skew is performed. And when the number of + eligible domains with matching topology keys + equals or greater than minDomains, this value + has no effect on scheduling. As a result, when + the number of eligible domains is less than + minDomains, scheduler won't schedule more than + maxSkew Pods to those domains. If value is nil, + the constraint behaves as if MinDomains is equal + to 1. Valid values are integers greater than + 0. When value is not nil, WhenUnsatisfiable + must be DoNotSchedule. \n For example, in a + 3-zone cluster, MaxSkew is set to 2, MinDomains + is set to 5 and pods with the same labelSelector + spread as 2/2/2: | zone1 | zone2 | zone3 | | + \ P P | P P | P P | The number of domains + is less than 5(MinDomains), so \"global minimum\" + is treated as 0. In this situation, new pod + with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new + Pod is scheduled to any of the three zones, + it will violate MaxSkew. \n This is a beta field + and requires the MinDomainsInPodTopologySpread + feature gate to be enabled (enabled by default)." + format: int32 + type: integer + nodeAffinityPolicy: + description: "NodeAffinityPolicy indicates how + we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options + are: - Honor: only nodes matching nodeAffinity/nodeSelector + are included in the calculations. - Ignore: + nodeAffinity/nodeSelector are ignored. All nodes + are included in the calculations. \n If this + value is nil, the behavior is equivalent to + the Honor policy. This is a beta-level feature + default enabled by the NodeInclusionPolicyInPodTopologySpread + feature flag." + type: string + nodeTaintsPolicy: + description: "NodeTaintsPolicy indicates how we + will treat node taints when calculating pod + topology spread skew. Options are: - Honor: + nodes without taints, along with tainted nodes + for which the incoming pod has a toleration, + are included. - Ignore: node taints are ignored. + All nodes are included. \n If this value is + nil, the behavior is equivalent to the Ignore + policy. This is a beta-level feature default + enabled by the NodeInclusionPolicyInPodTopologySpread + feature flag." + type: string + topologyKey: + description: TopologyKey is the key of node labels. + Nodes that have a label with this key and identical + values are considered to be in the same topology. + We consider each as a "bucket", + and try to put balanced number of pods into + each bucket. We define a domain as a particular + instance of a topology. Also, we define an eligible + domain as a domain whose nodes meet the requirements + of nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", + each Node is a domain of that topology. And, + if TopologyKey is "topology.kubernetes.io/zone", + each zone is a domain of that topology. It's + a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how + to deal with a pod if it doesn''t satisfy the + spread constraint. - DoNotSchedule (default) + tells the scheduler not to schedule it. - ScheduleAnyway + tells the scheduler to schedule the pod in any + location, but giving higher precedence to topologies + that would help reduce the skew. A constraint + is considered "Unsatisfiable" for an incoming + pod if and only if every possible node assignment + for that pod would violate "MaxSkew" on some + topology. For example, in a 3-zone cluster, + MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: | zone1 | zone2 + | zone3 | | P P P | P | P | If WhenUnsatisfiable + is set to DoNotSchedule, incoming pod can only + be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can + still be imbalanced, but scheduler won''t make + it *more* imbalanced. It''s a required field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + type: object + type: object + resources: + description: Resources are the resource requirements for the + Couchbase server container. This field overrides any automatic + allocation as defined by `spec.autoResourceAllocation`. + properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only + be set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests + cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + serverGroups: + description: ServerGroups define the set of availability zones + you want to distribute pods over, and construct Couchbase + server groups for. By default, most cloud providers will + label nodes with the key "topology.kubernetes.io/zone", the + values associated with that key are used here to provide explicit + scheduling by the Operator. You may manually label nodes + using the "topology.kubernetes.io/zone" key, to provide failure-domain + aware scheduling when none is provided for you. Global server + groups are applied to all server classes, and may be overridden + on a per-server class basis to give more control over scheduling + and server groups. + items: + type: string + type: array + x-kubernetes-list-type: set + services: + description: Services is the set of Couchbase services to run + on this server class. At least one class must contain the + data service. The field may contain any of "data", "index", + "query", "search", "eventing" or "analytics". Each service + may only be specified once. + items: + description: Supported services + enum: + - admin + - data + - index + - query + - search + - eventing + - analytics + type: string + type: array + x-kubernetes-list-type: set + size: + description: Size is the expected requested of the server class. This + field must be greater than or equal to 1. + minimum: 1 + type: integer + volumeMounts: + description: VolumeMounts define persistent volume claims to + attach to pod. + properties: + analytics: + description: AnalyticsClaims are persistent volumes that + encompass analytics storage associated with the analytics + service. Analytics claims can only be used on server + classes running the analytics service, and must be used + in conjunction with the default claim. This field allows + the analytics service to use different storage media (e.g. + SSD), and scale horizontally, to improve performance of + this service. This field references a volume claim template + name as defined in "spec.volumeClaimTemplates". + items: + type: string + type: array + data: + description: DataClaim is a persistent volume that encompasses + key/value storage associated with the data service. The + data claim can only be used on server classes running + the data service, and must be used in conjunction with + the default claim. This field allows the data service + to use different storage media (e.g. SSD) to improve performance + of this service. This field references a volume claim + template name as defined in "spec.volumeClaimTemplates". + type: string + default: + description: DefaultClaim is a persistent volume that encompasses + all Couchbase persistent data, including document storage, + indexes and logs. The default volume can be used with + any server class. Use of the default claim allows the + Operator to recover failed pods from the persistent volume + far quicker than if the pod were using ephemeral storage. The + default claim cannot be used at the same time as the logs + claim within the same server class. This field references + a volume claim template name as defined in "spec.volumeClaimTemplates". + type: string + index: + description: IndexClaim s a persistent volume that encompasses + index storage associated with the index and search services. The + index claim can only be used on server classes running + the index or search services, and must be used in conjunction + with the default claim. This field allows the index and/or + search service to use different storage media (e.g. SSD) + to improve performance of this service. This field references + a volume claim template name as defined in "spec.volumeClaimTemplates". + Whilst this references index primarily, note that the + full text search (FTS) service also uses this same mount. + type: string + logs: + description: 'LogsClaim is a persistent volume that encompasses + only Couchbase server logs to aid with supporting the + product. The logs claim can only be used on server classes + running the following services: query, search & eventing. The + logs claim cannot be used at the same time as the default + claim within the same server class. This field references + a volume claim template name as defined in "spec.volumeClaimTemplates". + Whilst the logs claim can be used with the search service, + the recommendation is to use the default claim for these. + The reason for this is that a failure of these nodes will + require indexes to be rebuilt and subsequent performance + impact.' + type: string + type: object + required: + - name + - services + - size + type: object + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + softwareUpdateNotifications: + description: SoftwareUpdateNotifications enables software update notifications + in the UI. When enabled, the UI will alert when a Couchbase server + upgrade is available. + type: boolean + upgradeProcess: + description: UpgradeProcess defines the process that will be used + when performing a couchbase cluster upgrade. When SwapRebalance + is requested (default), pods will be upgraded using either a RollingUpgrade + or ImmediateUpgrade (determined by UpgradeStrategy). When DeltaRecovery + is requested, the operator will perform an in-place upgrade on a + best effort basis. DeltaRecovery cannot be used if the UpgradeStrategy + is set to ImmediateUpgrade. + enum: + - SwapRebalance + - DeltaRecovery + type: string + upgradeStrategy: + description: UpgradeStrategy controls how aggressive the Operator + is when performing a cluster upgrade. When a rolling upgrade is + requested, pods are upgraded one at a time. This strategy is slower, + however less disruptive. When an immediate upgrade strategy is + requested, all pods are upgraded at the same time. This strategy + is faster, but more disruptive. This field must be either "RollingUpgrade" + or "ImmediateUpgrade", defaulting to "RollingUpgrade". + enum: + - RollingUpgrade + - ImmediateUpgrade + type: string + volumeClaimTemplates: + description: VolumeClaimTemplates define the desired characteristics + of a volume that can be requested/claimed by a pod, for example + the storage class to use and the volume size. Volume claim templates + are referred to by name by server class volume mount configuration. + items: + properties: + metadata: + description: Standard objects metadata. This is a curated version + for use with Couchbase resource templates. + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be + used to organize and categorize (scope and select) objects. + May match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: 'Name must be unique within a namespace. Is + required when creating resources, although some resources + may allow a client to request the generation of an appropriate + name automatically. Name is primarily intended for creation + idempotence and configuration definition. Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + required: + - name + type: object + spec: + description: PersistentVolumeClaimSpec describes the common + attributes of storage devices and allows a Source for provider-specific + attributes + properties: + accessModes: + description: 'accessModes contains the desired access modes + the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSourceRef: + description: 'dataSourceRef specifies the object from which + to populate the volume with data, if a non-empty volume + is desired. This may be any object from a non-empty API + group (non core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only + succeed if the type of the specified object matches some + installed volume populator or dynamic provisioner. This + field will replace the functionality of the dataSource + field and as such if both fields are non-empty, they must + have the same value. For backwards compatibility, when + namespace isn''t specified in dataSourceRef, both fields + (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other + is non-empty. When namespace is specified in dataSourceRef, + dataSource isn''t set to the same value and must be empty. + There are three important differences between dataSource + and dataSourceRef: * While dataSource only allows two + specific types of objects, dataSourceRef allows any non-core + object, as well as PersistentVolumeClaim objects. * While + dataSource ignores disallowed values (dropping them), + dataSourceRef preserves all values, and generates an error + if a disallowed value is specified. * While dataSource + only allows local objects, dataSourceRef allows objects + in any namespaces. (Beta) Using this field requires the + AnyVolumeDataSource feature gate to be enabled. (Alpha) + Using the namespace field of dataSourceRef requires the + CrossNamespaceVolumeDataSource feature gate to be enabled.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, the + specified Kind must be in the core API group. For + any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + namespace: + description: Namespace is the namespace of resource + being referenced Note that when a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant object + is required in the referent namespace to allow that + namespace's owner to accept the reference. See the + ReferenceGrant documentation for details. (Alpha) + This field requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: 'resources represents the minimum resources + the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to specify resource + requirements that are lower than previous value but must + still be higher than capacity recorded in the status field + of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. \n This field + is immutable. It can only be set for containers." + items: + description: ResourceClaim references one entry in + PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where + this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: selector is a label query over volumes to consider + for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + storageClassName: + description: 'storageClassName is the name of the StorageClass + required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume is required + by the claim. Value of Filesystem is implied when not + included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + required: + - metadata + - spec + type: object + type: array + xdcr: + description: XDCR defines whether the Operator should manage XDCR, + remote clusters and how to lookup replication resources. + properties: + managed: + description: Managed defines whether XDCR is managed by the operator + or not. + type: boolean + remoteClusters: + description: RemoteClusters is a set of named remote clusters + to establish replications to. + items: + description: RemoteCluster is a reference to a remote cluster + for XDCR. + properties: + authenticationSecret: + description: AuthenticationSecret is a secret used to authenticate + when establishing a remote connection. It is only required + when not using mTLS. The secret must contain a username + (secret key "username") and password (secret key "password"). + type: string + hostname: + description: Hostname is the connection string to use to + connect the remote cluster. To use IPv6, place brackets + (`[`, `]`) around the IPv6 value. + pattern: ^((couchbase|http)(s)?(://))?((\b((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\.|$)){4}\b)|((([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9]))|\[(\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?\s*\]))(:[0-9]{0,5})?(\\{0,1}\?network=[^&]+)?$ + type: string + name: + description: Name of the remote cluster. Note that, -operator-managed + is added as suffix by operator automatically to the name + in order to diffrentiate from non operator managed remote + clusters. + type: string + replications: + description: Replications are replication streams from this + cluster to the remote one. This field defines how to look + up CouchbaseReplication resources. By default any CouchbaseReplication + resources in the namespace will be considered. + properties: + selector: + description: Selector allows CouchbaseReplication resources + to be filtered based on labels. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + type: object + tls: + description: TLS if specified references a resource containing + the necessary certificate data for an encrypted connection. + properties: + secret: + description: Secret references a secret containing the + CA certificate (data key "ca"), and optionally a client + certificate (data key "certificate") and key (data + key "key"). + type: string + required: + - secret + type: object + uuid: + description: UUID of the remote cluster. The UUID of a + CouchbaseCluster resource is advertised in the status.clusterId + field of the resource. + pattern: ^[0-9a-f]{32}$ + type: string + required: + - hostname + - name + - uuid + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + required: + - image + - security + - servers + type: object + status: + description: ClusterStatus defines any read-only status fields for the + Couchbase server cluster. + properties: + allocations: + description: Allocations shows memory allocations within server classes. + items: + description: ServerClassStatus summarizes memory allocations to + make configuration easier. + properties: + allocatedMemory: + anyOf: + - type: integer + - type: string + description: 'AllocatedMemory defines the total memory allocated + for constrained Couchbase services. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + type: string + x-kubernetes-int-or-string: true + allocatedMemoryPercent: + description: AllocatedMemoryPercent is set when memory resources + are requested and define how much of the requested memory + is allocated to constrained Couchbase services. + type: integer + analyticsServiceAllocation: + anyOf: + - type: integer + - type: string + description: 'AnalyticsServiceAllocation is set when the analytics + service is enabled for this class and defines how much memory + this service consumes per pod. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + type: string + x-kubernetes-int-or-string: true + dataServiceAllocation: + anyOf: + - type: integer + - type: string + description: 'DataServiceAllocation is set when the data service + is enabled for this class and defines how much memory this + service consumes per pod. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + type: string + x-kubernetes-int-or-string: true + eventingServiceAllocation: + anyOf: + - type: integer + - type: string + description: 'EventingServiceAllocation is set when the eventing + service is enabled for this class and defines how much memory + this service consumes per pod. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + type: string + x-kubernetes-int-or-string: true + indexServiceAllocation: + anyOf: + - type: integer + - type: string + description: 'IndexServiceAllocation is set when the index service + is enabled for this class and defines how much memory this + service consumes per pod. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + type: string + x-kubernetes-int-or-string: true + name: + description: Name is the name of the server class defined in + spec.servers + type: string + requestedMemory: + anyOf: + - type: integer + - type: string + description: 'RequestedMemory, if set, defines the Kubernetes + resource request for the server class. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + type: string + x-kubernetes-int-or-string: true + searchServiceAllocation: + anyOf: + - type: integer + - type: string + description: 'SearchServiceAllocation is set when the search + service is enabled for this class and defines how much memory + this service consumes per pod. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + type: string + x-kubernetes-int-or-string: true + unusedMemory: + anyOf: + - type: integer + - type: string + description: 'UnusedMemory is set when memory resources are + requested and is the difference between the requestedMemory + and allocatedMemory. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + type: string + x-kubernetes-int-or-string: true + unusedMemoryPercent: + description: UnusedMemoryPercent is set when memory resources + are requested and defines how much requested memory is not + allocated. Couchbase server expects at least a 20% overhead. + type: integer + required: + - name + type: object + type: array + autoscalers: + description: Autscalers describes all the autoscalers managed by the + cluster. + items: + type: string + type: array + buckets: + description: Buckets describes all the buckets managed by the cluster. + items: + properties: + compressionMode: + description: CompressionMode defines how documents are compressed. + type: string + conflictResolution: + description: ConflictResolution is relevant for `couchbase` + and `ephemeral` bucket types and indicates how to resolve + conflicts when using multi-master XDCR. + type: string + enableFlush: + description: EnableFlush is whether a client can delete all + documents in a bucket. + type: boolean + enableIndexReplica: + description: EnableIndexReplica is whether indexes against bucket + documents are replicated. + type: boolean + evictionPolicy: + description: EvictionPolicy is relevant for `couchbase` and + `ephemeral` bucket types and indicates how documents are evicted + from memory when it is exhausted. + type: string + ioPriority: + description: IoPriority is `low` or `high` depending on the + number of threads spawned for data processing. + type: string + memoryQuota: + description: BucketMemoryQuota is the bucket memory quota in + megabytes. + format: int64 + type: integer + name: + description: BucketName is the full name of the bucket. + type: string + password: + description: BucketPassword will never be populated. + type: string + replicas: + description: BucketReplicas is the number of data replicas. + type: integer + storageBackend: + description: BucketStorageBackend is the storage backend of + the bucket. + type: string + type: + description: BucketType is the type of the bucket. + type: string + required: + - compressionMode + - conflictResolution + - enableFlush + - enableIndexReplica + - evictionPolicy + - ioPriority + - memoryQuota + - name + - password + - replicas + - type + type: object + type: array + clusterId: + description: ClusterID is the unique cluster UUID. This is generated + every time a new cluster is created, so may vary over the lifetime + of a cluster if it is recreated by disaster recovery mechanisms. + type: string + conditions: + description: Current service state of the Couchbase cluster. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + lastUpdateTime: + description: Last time the condition status message updated. + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be one + of True, False, Unknown. + type: string + type: + description: Type is the type of condition. + enum: + - Available + - Balanced + - ManageConfig + - Scaling + - ScalingUp + - ScalingDown + - Upgrading + - Hibernating + - Error + - AutoscaleReady + - Synchronized + type: string + required: + - status + - type + type: object + type: array + controlPaused: + description: ControlPaused indicates if the Operator has acknowledged + and paused the control of the cluster. + type: boolean + currentVersion: + description: CurrentVersion is the current Couchbase version. This + reflects the version of the whole cluster, therefore during upgrade, + it is only updated when the upgrade has completed. + type: string + groups: + description: Groups describes all the groups managed by the cluster. + items: + type: string + type: array + members: + description: Members are the Couchbase members in the cluster. + properties: + ready: + description: Ready are the Couchbase members that are clustered + and ready to serve client requests. The member names are the + same as the Couchbase pod names. + items: + type: string + type: array + unready: + description: Unready are the Couchbase members not clustered or + unready to serve client requests. The member names are the + same as the Couchbase pod names. + items: + type: string + type: array + type: object + size: + description: Size is the current size of the cluster in terms of pods. Individual + pod status conditions are listed in the members status. + type: integer + users: + description: Users describes all the users managed by the cluster. + items: + type: string + type: array + required: + - size + type: object + required: + - spec + type: object + served: true + storage: true diff --git a/operators/couchbase-enterprise-certified-rhmp/2.6.4-4/manifests/couchbasecollectiongroups.couchbase.com.yaml b/operators/couchbase-enterprise-certified-rhmp/2.6.4-4/manifests/couchbasecollectiongroups.couchbase.com.yaml new file mode 100644 index 000000000..44e3e3c94 --- /dev/null +++ b/operators/couchbase-enterprise-certified-rhmp/2.6.4-4/manifests/couchbasecollectiongroups.couchbase.com.yaml @@ -0,0 +1,85 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + config.couchbase.com/version: 2.6.4 + controller-gen.kubebuilder.io/version: v0.8.0 + name: couchbasecollectiongroups.couchbase.com +spec: + group: couchbase.com + names: + kind: CouchbaseCollectionGroup + listKind: CouchbaseCollectionGroupList + plural: couchbasecollectiongroups + singular: couchbasecollectiongroup + scope: Namespaced + versions: + - name: v2 + schema: + openAPIV3Schema: + description: CouchbaseCollectionGroup represent the finest grained size of + data storage in Couchbase. Collections contain all documents and indexes + in the system. Collections also form the finest grain basis for role-based + access control (RBAC) and cross-datacenter replication (XDCR). In order + to be considered by the Operator, every collection group must be referenced + by a `CouchbaseScope` or `CouchbaseScopeGroup` resource. Unlike the CouchbaseCollection + resource, a collection group represents multiple collections, with common + configuration parameters, to be expressed as a single resource, minimizing + required configuration and Kubernetes API traffic. It also forms the basis + of Couchbase RBAC security boundaries. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of the resource. + properties: + maxTTL: + description: 'MaxTTL defines how long a document is permitted to exist + for, without modification, until it is automatically deleted. This + field takes precedence over any TTL defined at the bucket level. This + is a default, and maximum time-to-live and may be set to a lower + value by the client. If the client specifies a higher value, then + it is truncated to the maximum durability. Documents are removed + by Couchbase, after they have expired, when either accessed, the + expiry pager is run, or the bucket is compacted. When set to 0, + then documents are not expired by default. This field must be a + duration in the range 0-2147483648s, defaulting to 0. More info: + https://golang.org/pkg/time/#ParseDuration' + type: string + names: + description: Names specifies the names of the collections. Unlike + CouchbaseCollection, which specifies a single collection, a collection + group specifies multiple, and the collection group must specify + at least one collection name. Any collection names specified must + be unique. Collection names must be 1-251 characters in length, + contain only [a-zA-Z0-9_-%] and not start with either _ or %. + items: + description: ScopeOrCollectionName is a generic type to capture + a valid scope or collection name. These must consist of 1-251 + characters, include only A-Z, a-z, 0-9, -, _ or %, and must not + start with _ (which is an internal marker) or % (which is probably + an escape character in language X). + maxLength: 251 + minLength: 1 + pattern: ^[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,250}$ + type: string + type: array + x-kubernetes-list-type: set + required: + - names + type: object + required: + - spec + type: object + served: true + storage: true diff --git a/operators/couchbase-enterprise-certified-rhmp/2.6.4-4/manifests/couchbasecollections.couchbase.com.yaml b/operators/couchbase-enterprise-certified-rhmp/2.6.4-4/manifests/couchbasecollections.couchbase.com.yaml new file mode 100644 index 000000000..58e32e6ee --- /dev/null +++ b/operators/couchbase-enterprise-certified-rhmp/2.6.4-4/manifests/couchbasecollections.couchbase.com.yaml @@ -0,0 +1,72 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + config.couchbase.com/version: 2.6.4 + controller-gen.kubebuilder.io/version: v0.8.0 + name: couchbasecollections.couchbase.com +spec: + group: couchbase.com + names: + kind: CouchbaseCollection + listKind: CouchbaseCollectionList + plural: couchbasecollections + singular: couchbasecollection + scope: Namespaced + versions: + - name: v2 + schema: + openAPIV3Schema: + description: CouchbaseCollection represent the finest grained size of data + storage in Couchbase. Collections contain all documents and indexes in the + system. Collections also form the finest grain basis for role-based access + control (RBAC) and cross-datacenter replication (XDCR). In order to be + considered by the Operator, every collection must be referenced by a `CouchbaseScope` + or `CouchbaseScopeGroup` resource. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + default: {} + description: Spec defines the desired state of the resource. + properties: + maxTTL: + description: 'MaxTTL defines how long a document is permitted to exist + for, without modification, until it is automatically deleted. This + field takes precedence over any TTL defined at the bucket level. This + is a default, and maximum time-to-live and may be set to a lower + value by the client. If the client specifies a higher value, then + it is truncated to the maximum durability. Documents are removed + by Couchbase, after they have expired, when either accessed, the + expiry pager is run, or the bucket is compacted. When set to 0, + then documents are not expired by default. This field must be a + duration in the range 0-2147483648s, defaulting to 0. More info: + https://golang.org/pkg/time/#ParseDuration' + type: string + name: + description: Name specifies the name of the collection. By default, + the metadata.name is used to define the collection name, however, + due to the limited character set, this field can be used to override + the default and provide the full functionality. Additionally the + `metadata.name` field is a DNS label, and thus limited to 63 characters, + this field must be used if the name is longer than this limit. Collection + names must be 1-251 characters in length, contain only [a-zA-Z0-9_-%] + and not start with either _ or %. + maxLength: 251 + minLength: 1 + pattern: ^[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,250}$ + type: string + type: object + type: object + served: true + storage: true diff --git a/operators/couchbase-enterprise-certified-rhmp/2.6.4-4/manifests/couchbaseephemeralbuckets.couchbase.com.yaml b/operators/couchbase-enterprise-certified-rhmp/2.6.4-4/manifests/couchbaseephemeralbuckets.couchbase.com.yaml new file mode 100644 index 000000000..400315c09 --- /dev/null +++ b/operators/couchbase-enterprise-certified-rhmp/2.6.4-4/manifests/couchbaseephemeralbuckets.couchbase.com.yaml @@ -0,0 +1,274 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + config.couchbase.com/version: 2.6.4 + controller-gen.kubebuilder.io/version: v0.8.0 + name: couchbaseephemeralbuckets.couchbase.com +spec: + group: couchbase.com + names: + kind: CouchbaseEphemeralBucket + listKind: CouchbaseEphemeralBucketList + plural: couchbaseephemeralbuckets + singular: couchbaseephemeralbucket + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.memoryQuota + name: memory quota + type: string + - jsonPath: .spec.replicas + name: replicas + type: integer + - jsonPath: .spec.ioPriority + name: io priority + type: string + - jsonPath: .spec.evictionPolicy + name: eviction policy + type: string + - jsonPath: .spec.conflictResolution + name: conflict resolution + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v2 + schema: + openAPIV3Schema: + description: The CouchbaseEphemeralBucket resource defines a set of documents + in Couchbase server. A Couchbase client connects to and operates on a bucket, + which provides independent management of a set documents and a security + boundary for role based access control. A CouchbaseEphemeralBucket provides + in-memory only storage and replication for documents contained by it. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + default: {} + description: CouchbaseEphemeralBucketSpec is the specification for an + ephemeral Couchbase bucket resource, and allows the bucket to be customized. + properties: + compressionMode: + default: passive + description: CompressionMode defines how Couchbase server handles + document compression. When off, documents are stored in memory, + and transferred to the client uncompressed. When passive, documents + are stored compressed in memory, and transferred to the client compressed + when requested. When active, documents are stored compresses in + memory and when transferred to the client. This field must be "off", + "passive" or "active", defaulting to "passive". Be aware "off" + in YAML 1.2 is a boolean, so must be quoted as a string in configuration + files. + enum: + - "off" + - passive + - active + type: string + conflictResolution: + default: seqno + description: ConflictResolution defines how XDCR handles concurrent + write conflicts. Sequence number based resolution selects the document + with the highest sequence number as the most recent. Timestamp based + resolution selects the document that was written to most recently + as the most recent. This field must be "seqno" (sequence based), + or "lww" (timestamp based), defaulting to "seqno". + enum: + - seqno + - lww + type: string + enableFlush: + description: EnableFlush defines whether a client can delete all documents + in a bucket. This field defaults to false. + type: boolean + evictionPolicy: + default: noEviction + description: EvictionPolicy controls how Couchbase handles memory + exhaustion. No eviction means that Couchbase server will make this + bucket read-only when memory is exhausted in order to avoid data + loss. NRU eviction will delete documents that haven't been used + recently in order to free up memory. This field must be "noEviction" + or "nruEviction", defaulting to "noEviction". + enum: + - noEviction + - nruEviction + type: string + ioPriority: + default: low + description: IOPriority controls how many threads a bucket has, per + pod, to process reads and writes. This field must be "low" or "high", + defaulting to "low". Modification of this field will cause a temporary + service disruption as threads are restarted. + enum: + - low + - high + type: string + maxTTL: + description: 'MaxTTL defines how long a document is permitted to exist + for, without modification, until it is automatically deleted. This + is a default and maximum time-to-live and may be set to a lower + value by the client. If the client specifies a higher value, then + it is truncated to the maximum durability. Documents are removed + by Couchbase, after they have expired, when either accessed, the + expiry pager is run, or the bucket is compacted. When set to 0, + then documents are not expired by default. This field must be a + duration in the range 0-2147483648s, defaulting to 0. More info: + https://golang.org/pkg/time/#ParseDuration' + type: string + memoryQuota: + anyOf: + - type: integer + - type: string + default: 100Mi + description: 'MemoryQuota is a memory limit to the size of a bucket. When + this limit is exceeded, documents will be evicted from memory defined + by the eviction policy. The memory quota is defined per Couchbase + pod running the data service. This field defaults to, and must + be greater than or equal to 100Mi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + type: string + x-kubernetes-int-or-string: true + minimumDurability: + description: MiniumumDurability defines how durable a document write + is by default, and can be made more durable by the client. This + feature enables ACID transactions. When none, Couchbase server will + respond when the document is in memory, it will become eventually + consistent across the cluster. When majority, Couchbase server + will respond when the document is replicated to at least half of + the pods running the data service in the cluster. This field must + be either "none" or "majority", defaulting to "none". + enum: + - none + - majority + type: string + name: + description: Name is the name of the bucket within Couchbase server. By + default the Operator will use the `metadata.name` field to define + the bucket name. The `metadata.name` field only supports a subset + of the supported character set. When specified, this field overrides + `metadata.name`. Legal bucket names have a maximum length of 100 + characters and may be composed of any character from "a-z", "A-Z", + "0-9" and "-_%\.". + maxLength: 100 + pattern: ^[a-zA-Z0-9-_%\.]{1,100}$ + type: string + replicas: + default: 1 + description: Replicas defines how many copies of documents Couchbase + server maintains. This directly affects how fault tolerant a Couchbase + cluster is. With a single replica, the cluster can tolerate one + data pod going down and still service requests without data loss. The + number of replicas also affect memory use. With a single replica, + the effective memory quota for documents is halved, with two replicas + it is one third. The number of replicas must be between 0 and 3, + defaulting to 1. + maximum: 3 + minimum: 0 + type: integer + scopes: + description: Scopes defines whether the Operator manages scopes for + the bucket or not, and the set of scopes defined for the bucket. + properties: + managed: + description: Managed defines whether scopes are managed for this + bucket. This field is `false` by default, and the Operator will + take no actions that will affect scopes and collections in this + bucket. The default scope and collection will be present. When + set to `true`, the Operator will manage user defined scopes, + and optionally, their collections as defined by the `CouchbaseScope`, + `CouchbaseScopeGroup`, `CouchbaseCollection` and `CouchbaseCollectionGroup` + resource documentation. If this field is set to `false` while + the already managed, then the Operator will leave whatever + configuration is already present. + type: boolean + resources: + description: Resources is an explicit list of named resources + that will be considered for inclusion in this bucket. If a + resource reference doesn't match a resource, then no error conditions + are raised due to undefined resource creation ordering and eventual + consistency. + items: + properties: + kind: + default: CouchbaseScope + description: Kind indicates the kind of resource that is + being referenced. A scope can only reference `CouchbaseScope` + and `CouchbaseScopeGroup` resource kinds. This field + defaults to `CouchbaseScope` if not specified. + enum: + - CouchbaseScope + - CouchbaseScopeGroup + type: string + name: + description: Name is the name of the Kubernetes resource + name that is being referenced. Legal scope names have + a maximum length of 251 characters and may be composed + of any character from "a-z", "A-Z", "0-9" and "_-%". + maxLength: 251 + minLength: 1 + pattern: ^[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,250}$ + type: string + required: + - name + type: object + type: array + selector: + description: 'Selector allows resources to be implicitly considered + for inclusion in this bucket. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#labelselector-v1-meta' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + type: object + type: object + type: object + served: true + storage: true diff --git a/operators/couchbase-enterprise-certified-rhmp/2.6.4-4/manifests/couchbasegroups.couchbase.com.yaml b/operators/couchbase-enterprise-certified-rhmp/2.6.4-4/manifests/couchbasegroups.couchbase.com.yaml new file mode 100644 index 000000000..d2aa64d84 --- /dev/null +++ b/operators/couchbase-enterprise-certified-rhmp/2.6.4-4/manifests/couchbasegroups.couchbase.com.yaml @@ -0,0 +1,366 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + config.couchbase.com/version: 2.6.4 + controller-gen.kubebuilder.io/version: v0.8.0 + name: couchbasegroups.couchbase.com +spec: + group: couchbase.com + names: + kind: CouchbaseGroup + listKind: CouchbaseGroupList + plural: couchbasegroups + singular: couchbasegroup + scope: Namespaced + versions: + - name: v2 + schema: + openAPIV3Schema: + description: CouchbaseGroup allows the automation of Couchbase group management. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CouchbaseGroupSpec allows the specification of Couchbase + group configuration. + properties: + ldapGroupRef: + description: LDAPGroupRef is a reference to an LDAP group. + type: string + roles: + description: Roles is a list of roles that this group is granted. + items: + properties: + bucket: + description: 'Bucket name for bucket admin roles. When not + specified for a role that can be scoped to a specific bucket, + the role will apply to all buckets in the cluster. Deprecated: Couchbase + Autonomous Operator 2.3' + pattern: ^\*$|^[a-zA-Z0-9-_%\.]+$ + type: string + buckets: + description: Bucket level access to apply to specified role. + The bucket must exist. When not specified, the bucket field + will be checked. If both are empty and the role can be scoped + to a specific bucket, the role will apply to all buckets in + the cluster + properties: + resources: + description: Resources is an explicit list of named bucket + resources that will be considered for inclusion in this + role. If a resource reference doesn't match a resource, + then no error conditions are raised due to undefined resource + creation ordering and eventual consistency. + items: + properties: + kind: + default: CouchbaseBucket + description: Kind indicates the kind of resource that + is being referenced. A Role can only reference + `CouchbaseBucket` kind. This field defaults to + `CouchbaseBucket` if not specified. + enum: + - CouchbaseBucket + type: string + name: + description: Name is the name of the Kubernetes resource + name that is being referenced. + type: string + required: + - name + type: object + type: array + selector: + description: 'Selector allows resources to be implicitly + considered for inclusion in this role. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#labelselector-v1-meta' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + type: object + collections: + description: Collection level access to apply to the specified + role. The collection must exist. When not specified, the + role is subject to scope or bucket level access. + properties: + resources: + description: Resources is an explicit list of named resources + that will be considered for inclusion in this collection + or collections. If a resource reference doesn't match + a resource, then no error conditions are raised due to + undefined resource creation ordering and eventual consistency. + items: + properties: + kind: + default: CouchbaseCollection + description: Kind indicates the kind of resource that + is being referenced. A scope can only reference + `CouchbaseCollection` and `CouchbaseCollectionGroup` + resource kinds. This field defaults to `CouchbaseCollection` + if not specified. + enum: + - CouchbaseCollection + - CouchbaseCollectionGroup + type: string + name: + description: Name is the name of the Kubernetes resource + name that is being referenced. Legal collection + names have a maximum length of 251 characters and + may be composed of any character from "a-z", "A-Z", + "0-9" and "_-%". + maxLength: 251 + minLength: 1 + pattern: ^[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,250}$ + type: string + required: + - name + type: object + type: array + selector: + description: 'Selector allows resources to be implicitly + considered for inclusion in this collection or collections. More + info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#labelselector-v1-meta' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + type: object + name: + description: Name of role. + enum: + - admin + - analytics_admin + - analytics_manager + - analytics_reader + - analytics_select + - backup_admin + - bucket_admin + - bucket_full_access + - cluster_admin + - data_backup + - data_dcp_reader + - data_monitoring + - data_reader + - data_writer + - eventing_admin + - external_stats_reader + - fts_admin + - fts_searcher + - mobile_sync_gateway + - mobile_sync_gateway_application + - mobile_sync_gateway_application_read_only + - mobile_sync_gateway_architect + - mobile_sync_gateway_dev_ops + - mobile_sync_gateway_replicator + - query_delete + - query_execute_external_functions + - query_execute_functions + - query_execute_global_external_functions + - query_execute_global_functions + - query_external_access + - query_insert + - query_manage_external_functions + - query_manage_functions + - query_manage_global_external_functions + - query_manage_global_functions + - query_manage_index + - query_select + - query_system_catalog + - query_update + - replication_admin + - replication_target + - ro_admin + - scope_admin + - security_admin + - security_admin_external + - security_admin_local + - views_admin + - views_reader + type: string + scopes: + description: Scope level access to apply to specified role. The + scope must exist. When not specified, the role will apply + to selected bucket or all buckets in the cluster. + properties: + resources: + description: Resources is an explicit list of named resources + that will be considered for inclusion in this scope or + scopes. If a resource reference doesn't match a resource, + then no error conditions are raised due to undefined resource + creation ordering and eventual consistency. + items: + properties: + kind: + default: CouchbaseScope + description: Kind indicates the kind of resource that + is being referenced. A scope can only reference + `CouchbaseScope` and `CouchbaseScopeGroup` resource + kinds. This field defaults to `CouchbaseScope` + if not specified. + enum: + - CouchbaseScope + - CouchbaseScopeGroup + type: string + name: + description: Name is the name of the Kubernetes resource + name that is being referenced. Legal scope names + have a maximum length of 251 characters and may + be composed of any character from "a-z", "A-Z", + "0-9" and "_-%". + maxLength: 251 + minLength: 1 + pattern: ^[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,250}$ + type: string + required: + - name + type: object + type: array + selector: + description: 'Selector allows resources to be implicitly + considered for inclusion in this scope or scopes. More + info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#labelselector-v1-meta' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + type: object + required: + - name + type: object + type: array + required: + - roles + type: object + required: + - spec + type: object + served: true + storage: true diff --git a/operators/couchbase-enterprise-certified-rhmp/2.6.4-4/manifests/couchbasememcachedbuckets.couchbase.com.yaml b/operators/couchbase-enterprise-certified-rhmp/2.6.4-4/manifests/couchbasememcachedbuckets.couchbase.com.yaml new file mode 100644 index 000000000..140acb349 --- /dev/null +++ b/operators/couchbase-enterprise-certified-rhmp/2.6.4-4/manifests/couchbasememcachedbuckets.couchbase.com.yaml @@ -0,0 +1,80 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + config.couchbase.com/version: 2.6.4 + controller-gen.kubebuilder.io/version: v0.8.0 + name: couchbasememcachedbuckets.couchbase.com +spec: + group: couchbase.com + names: + kind: CouchbaseMemcachedBucket + listKind: CouchbaseMemcachedBucketList + plural: couchbasememcachedbuckets + singular: couchbasememcachedbucket + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.memoryQuota + name: memory quota + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v2 + schema: + openAPIV3Schema: + description: The CouchbaseMemcachedBucket resource defines a set of documents + in Couchbase server. A Couchbase client connects to and operates on a bucket, + which provides independent management of a set documents and a security + boundary for role based access control. A CouchbaseEphemeralBucket provides + in-memory only storage for documents contained by it. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + default: {} + description: CouchbaseMemcachedBucketSpec is the specification for a Memcached + bucket resource, and allows the bucket to be customized. + properties: + enableFlush: + description: EnableFlush defines whether a client can delete all documents + in a bucket. This field defaults to false. + type: boolean + memoryQuota: + anyOf: + - type: integer + - type: string + default: 100Mi + description: 'MemoryQuota is a memory limit to the size of a bucket. + The memory quota is defined per Couchbase pod running the data service. This + field defaults to, and must be greater than or equal to 100Mi. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + type: string + x-kubernetes-int-or-string: true + name: + description: Name is the name of the bucket within Couchbase server. By + default the Operator will use the `metadata.name` field to define + the bucket name. The `metadata.name` field only supports a subset + of the supported character set. When specified, this field overrides + `metadata.name`. Legal bucket names have a maximum length of 100 + characters and may be composed of any character from "a-z", "A-Z", + "0-9" and "-_%\.". + maxLength: 100 + pattern: ^[a-zA-Z0-9-_%\.]{1,100}$ + type: string + type: object + type: object + served: true + storage: true diff --git a/operators/couchbase-enterprise-certified-rhmp/2.6.4-4/manifests/couchbasemigrationreplications.couchbase.com.yaml b/operators/couchbase-enterprise-certified-rhmp/2.6.4-4/manifests/couchbasemigrationreplications.couchbase.com.yaml new file mode 100644 index 000000000..e341520cd --- /dev/null +++ b/operators/couchbase-enterprise-certified-rhmp/2.6.4-4/manifests/couchbasemigrationreplications.couchbase.com.yaml @@ -0,0 +1,147 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + config.couchbase.com/version: 2.6.4 + controller-gen.kubebuilder.io/version: v0.8.0 + name: couchbasemigrationreplications.couchbase.com +spec: + group: couchbase.com + names: + kind: CouchbaseMigrationReplication + listKind: CouchbaseMigrationReplicationList + plural: couchbasemigrationreplications + singular: couchbasemigrationreplication + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.bucket + name: bucket + type: string + - jsonPath: .spec.remoteBucket + name: remote bucket + type: string + - jsonPath: .spec.paused + name: paused + type: boolean + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v2 + schema: + openAPIV3Schema: + description: The CouchbaseScopeMigration resource represents the use of the + special migration mapping within XDCR to take a filtered list from the default + scope and collection of the source bucket, replicate it to named scopes + and collections within the target bucket. The bucket-to-bucket replication + cannot duplicate any used by the CouchbaseReplication resource, as these + two types of replication are mutually exclusive between buckets. https://docs.couchbase.com/server/current/learn/clusters-and-availability/xdcr-with-scopes-and-collections.html#migration + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + migrationMapping: + description: The migration mappings to use, should never be empty as that + is just an implicit bucket-to-bucket replication then. + properties: + mappings: + description: The migration mappings to use, should never be empty + as that is just an implicit bucket-to-bucket replication then. + items: + description: Indicates whether this is using migration mapping or + not. This is only valid when using the default scope/collection. + properties: + filter: + default: _default._default + description: A filter to select from the source default scope + and collection. Defaults to select everything in the default + scope and collection. + type: string + targetKeyspace: + description: The destination of our migration, must be a scope + and collection. + properties: + collection: + description: The optional collection within the scope. May + be empty to just work at scope level. + maxLength: 251 + minLength: 1 + pattern: ^(_default|[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,250})$ + type: string + scope: + description: The scope to use. + maxLength: 251 + minLength: 1 + pattern: ^(_default|[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,250})$ + type: string + required: + - scope + type: object + required: + - targetKeyspace + type: object + type: array + required: + - mappings + type: object + spec: + description: CouchbaseReplicationSpec allows configuration of an XDCR + replication. + properties: + bucket: + description: Bucket is the source bucket to replicate from. This + refers to the Couchbase bucket name, not the resource name of the + bucket. A bucket with this name must be defined on this cluster. Legal + bucket names have a maximum length of 100 characters and may be + composed of any character from "a-z", "A-Z", "0-9" and "-_%\.". + maxLength: 100 + pattern: ^[a-zA-Z0-9-_%\.]{1,100}$ + type: string + compressionType: + default: Auto + description: CompressionType is the type of compression to apply to + the replication. When None, no compression will be applied to documents + as they are transferred between clusters. When Auto, Couchbase + server will automatically compress documents as they are transferred + to reduce bandwidth requirements. This field must be one of "None" + or "Auto", defaulting to "Auto". + enum: + - None + - Auto + type: string + filterExpression: + description: FilterExpression allows certain documents to be filtered + out of the replication. + type: string + paused: + description: Paused allows a replication to be stopped and restarted + without having to restart the replication from the beginning. + type: boolean + remoteBucket: + description: RemoteBucket is the remote bucket name to synchronize + to. This refers to the Couchbase bucket name, not the resource + name of the bucket. Legal bucket names have a maximum length of + 100 characters and may be composed of any character from "a-z", + "A-Z", "0-9" and "-_%\.". + maxLength: 100 + pattern: ^[a-zA-Z0-9-_%\.]{1,100}$ + type: string + required: + - bucket + - remoteBucket + type: object + required: + - migrationMapping + - spec + type: object + served: true + storage: true diff --git a/operators/couchbase-enterprise-certified-rhmp/2.6.4-4/manifests/couchbasereplications.couchbase.com.yaml b/operators/couchbase-enterprise-certified-rhmp/2.6.4-4/manifests/couchbasereplications.couchbase.com.yaml new file mode 100644 index 000000000..7fc9b18e3 --- /dev/null +++ b/operators/couchbase-enterprise-certified-rhmp/2.6.4-4/manifests/couchbasereplications.couchbase.com.yaml @@ -0,0 +1,204 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + config.couchbase.com/version: 2.6.4 + controller-gen.kubebuilder.io/version: v0.8.0 + name: couchbasereplications.couchbase.com +spec: + group: couchbase.com + names: + kind: CouchbaseReplication + listKind: CouchbaseReplicationList + plural: couchbasereplications + singular: couchbasereplication + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.bucket + name: bucket + type: string + - jsonPath: .spec.remoteBucket + name: remote bucket + type: string + - jsonPath: .spec.paused + name: paused + type: boolean + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v2 + schema: + openAPIV3Schema: + description: The CouchbaseReplication resource represents a Couchbase-to-Couchbase, + XDCR replication stream from a source bucket to a destination bucket. This + provides off-site backup, migration, and disaster recovery. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + explicitMapping: + description: The explicit mappings to use for replication which are optional. + For Scopes and Collection replication support we can specify a set of + implicit and explicit mappings to use. If none is specified then it + is assumed to be existing bucket level replication. https://docs.couchbase.com/server/current/learn/clusters-and-availability/xdcr-with-scopes-and-collections.html#explicit-mapping + properties: + allowRules: + description: 'The list of explicit replications to carry out including + any nested implicit replications: specifying a scope implicitly + replicates all collections within it. There should be no duplicates, + including more-specific duplicates, e.g. if you specify replication + of a scope then you can only deny replication of collections within + it.' + items: + description: CouchbaseAllowReplicationMapping is to cover Scope + and Collection explicit replication. If a scope is defined then + it implicitly allows all collections unless a more specific CouchbaseDenyReplicationMapping + rule is present to block it. Once a rule is defined at scope level + it should not be redefined at collection level. https://docs.couchbase.com/server/current/learn/clusters-and-availability/xdcr-with-scopes-and-collections.html + properties: + sourceKeyspace: + description: 'The source keyspace: where to replicate from. + Source and target must match whether they have a collection + or not, i.e. you cannot replicate from a scope to a collection.' + properties: + collection: + description: The optional collection within the scope. May + be empty to just work at scope level. + maxLength: 251 + minLength: 1 + pattern: ^(_default|[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,250})$ + type: string + scope: + description: The scope to use. + maxLength: 251 + minLength: 1 + pattern: ^(_default|[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,250})$ + type: string + required: + - scope + type: object + targetKeyspace: + description: 'The target keyspace: where to replicate to. Source + and target must match whether they have a collection or not, + i.e. you cannot replicate from a scope to a collection.' + properties: + collection: + description: The optional collection within the scope. May + be empty to just work at scope level. + maxLength: 251 + minLength: 1 + pattern: ^(_default|[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,250})$ + type: string + scope: + description: The scope to use. + maxLength: 251 + minLength: 1 + pattern: ^(_default|[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,250})$ + type: string + required: + - scope + type: object + required: + - sourceKeyspace + - targetKeyspace + type: object + type: array + denyRules: + description: 'The list of explicit replications to prevent including + any nested implicit denials: specifying a scope implicitly denies + all collections within it. There should be no duplicates, including + more-specific duplicates, e.g. if you specify denial of replication + of a scope then you can only specify replication of collections + within it.' + items: + description: Provide rules to block implicit replication at scope + or collection level. You may want to implicitly map all scopes + or collections except a specific one (or set) so this is a better + way to express that by creating rules just for those to deny. + properties: + sourceKeyspace: + description: 'The source keyspace: where to block replication + from.' + properties: + collection: + description: The optional collection within the scope. May + be empty to just work at scope level. + maxLength: 251 + minLength: 1 + pattern: ^(_default|[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,250})$ + type: string + scope: + description: The scope to use. + maxLength: 251 + minLength: 1 + pattern: ^(_default|[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,250})$ + type: string + required: + - scope + type: object + required: + - sourceKeyspace + type: object + type: array + type: object + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CouchbaseReplicationSpec allows configuration of an XDCR + replication. + properties: + bucket: + description: Bucket is the source bucket to replicate from. This + refers to the Couchbase bucket name, not the resource name of the + bucket. A bucket with this name must be defined on this cluster. Legal + bucket names have a maximum length of 100 characters and may be + composed of any character from "a-z", "A-Z", "0-9" and "-_%\.". + maxLength: 100 + pattern: ^[a-zA-Z0-9-_%\.]{1,100}$ + type: string + compressionType: + default: Auto + description: CompressionType is the type of compression to apply to + the replication. When None, no compression will be applied to documents + as they are transferred between clusters. When Auto, Couchbase + server will automatically compress documents as they are transferred + to reduce bandwidth requirements. This field must be one of "None" + or "Auto", defaulting to "Auto". + enum: + - None + - Auto + type: string + filterExpression: + description: FilterExpression allows certain documents to be filtered + out of the replication. + type: string + paused: + description: Paused allows a replication to be stopped and restarted + without having to restart the replication from the beginning. + type: boolean + remoteBucket: + description: RemoteBucket is the remote bucket name to synchronize + to. This refers to the Couchbase bucket name, not the resource + name of the bucket. Legal bucket names have a maximum length of + 100 characters and may be composed of any character from "a-z", + "A-Z", "0-9" and "-_%\.". + maxLength: 100 + pattern: ^[a-zA-Z0-9-_%\.]{1,100}$ + type: string + required: + - bucket + - remoteBucket + type: object + required: + - spec + type: object + served: true + storage: true diff --git a/operators/couchbase-enterprise-certified-rhmp/2.6.4-4/manifests/couchbaserolebindings.couchbase.com.yaml b/operators/couchbase-enterprise-certified-rhmp/2.6.4-4/manifests/couchbaserolebindings.couchbase.com.yaml new file mode 100644 index 000000000..191ed03a4 --- /dev/null +++ b/operators/couchbase-enterprise-certified-rhmp/2.6.4-4/manifests/couchbaserolebindings.couchbase.com.yaml @@ -0,0 +1,79 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + config.couchbase.com/version: 2.6.4 + controller-gen.kubebuilder.io/version: v0.8.0 + name: couchbaserolebindings.couchbase.com +spec: + group: couchbase.com + names: + kind: CouchbaseRoleBinding + listKind: CouchbaseRoleBindingList + plural: couchbaserolebindings + singular: couchbaserolebinding + scope: Namespaced + versions: + - name: v2 + schema: + openAPIV3Schema: + description: CouchbaseRoleBinding allows association of Couchbase users with + groups. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CouchbaseRoleBindingSpec defines the group of subjects i.e. + users, and the role i.e. group they are a member of. + properties: + roleRef: + description: CouchbaseGroup being bound to subjects. + properties: + kind: + description: Kind of role to use for binding. + enum: + - CouchbaseGroup + type: string + name: + description: Name of role resource to use for binding. + type: string + required: + - kind + - name + type: object + subjects: + description: List of users to bind a role to. + items: + properties: + kind: + description: Couchbase user/group kind. + enum: + - CouchbaseUser + type: string + name: + description: Name of Couchbase user resource. + type: string + required: + - kind + - name + type: object + type: array + required: + - roleRef + - subjects + type: object + required: + - spec + type: object + served: true + storage: true diff --git a/operators/couchbase-enterprise-certified-rhmp/2.6.4-4/manifests/couchbasescopegroups.couchbase.com.yaml b/operators/couchbase-enterprise-certified-rhmp/2.6.4-4/manifests/couchbasescopegroups.couchbase.com.yaml new file mode 100644 index 000000000..9468543c6 --- /dev/null +++ b/operators/couchbase-enterprise-certified-rhmp/2.6.4-4/manifests/couchbasescopegroups.couchbase.com.yaml @@ -0,0 +1,174 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + config.couchbase.com/version: 2.6.4 + controller-gen.kubebuilder.io/version: v0.8.0 + name: couchbasescopegroups.couchbase.com +spec: + group: couchbase.com + names: + kind: CouchbaseScopeGroup + listKind: CouchbaseScopeGroupList + plural: couchbasescopegroups + singular: couchbasescopegroup + scope: Namespaced + versions: + - name: v2 + schema: + openAPIV3Schema: + description: CouchbaseScopeGroup represents a logical unit of data storage + that sits between buckets and collections e.g. a bucket may contain multiple + scopes, and a scope may contain multiple collections. At present, scopes + are not nested, so provide only a single level of abstraction. Scopes provide + a coarser grained basis for role-based access control (RBAC) and cross-datacenter + replication (XDCR) than collections, but finer that buckets. In order to + be considered by the Operator, a scope must be referenced by either a `CouchbaseBucket` + or `CouchbaseEphemeralBucket` resource. Unlike `CouchbaseScope` resources, + scope groups represents multiple scopes, with the same common set of collections, + to be expressed as a single resource, minimizing required configuration + and Kubernetes API traffic. It also forms the basis of Couchbase RBAC security + boundaries. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of the resource. + properties: + collections: + description: Collections defines how to collate collections included + in this scope or scope group. Any of the provided methods may be + used to collate a set of collections to manage. Collated collections + must have unique names, otherwise it is considered ambiguous, and + an error condition. + properties: + managed: + description: Managed indicates whether collections within this + scope are managed. If not then you can dynamically create and + delete collections with the Couchbase UI or SDKs. + type: boolean + preserveDefaultCollection: + description: PreserveDefaultCollection indicates whether the Operator + should manage the default collection within the default scope. The + default collection can be deleted, but can not be recreated + by Couchbase Server. By setting this field to `true`, the Operator + will implicitly manage the default collection within the default + scope. The default collection cannot be modified and will have + no document time-to-live (TTL). When set to `false`, the operator + will not manage the default collection, which will be deleted + and cannot be used or recreated. + type: boolean + resources: + description: Resources is an explicit list of named resources + that will be considered for inclusion in this scope or scopes. If + a resource reference doesn't match a resource, then no error + conditions are raised due to undefined resource creation ordering + and eventual consistency. + items: + properties: + kind: + default: CouchbaseCollection + description: Kind indicates the kind of resource that is + being referenced. A scope can only reference `CouchbaseCollection` + and `CouchbaseCollectionGroup` resource kinds. This field + defaults to `CouchbaseCollection` if not specified. + enum: + - CouchbaseCollection + - CouchbaseCollectionGroup + type: string + name: + description: Name is the name of the Kubernetes resource + name that is being referenced. Legal collection names + have a maximum length of 251 characters and may be composed + of any character from "a-z", "A-Z", "0-9" and "_-%". + maxLength: 251 + minLength: 1 + pattern: ^[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,250}$ + type: string + required: + - name + type: object + type: array + selector: + description: 'Selector allows resources to be implicitly considered + for inclusion in this scope or scopes. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#labelselector-v1-meta' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + type: object + names: + description: Names specifies the names of the scopes. Unlike CouchbaseScope, + which specifies a single scope, a scope group specifies multiple, + and the scope group must specify at least one scope name. Any scope + names specified must be unique. Scope names must be 1-251 characters + in length, contain only [a-zA-Z0-9_-%] and not start with either + _ or %. + items: + description: ScopeOrCollectionName is a generic type to capture + a valid scope or collection name. These must consist of 1-251 + characters, include only A-Z, a-z, 0-9, -, _ or %, and must not + start with _ (which is an internal marker) or % (which is probably + an escape character in language X). + maxLength: 251 + minLength: 1 + pattern: ^[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,250}$ + type: string + type: array + x-kubernetes-list-type: set + required: + - names + type: object + required: + - spec + type: object + served: true + storage: true diff --git a/operators/couchbase-enterprise-certified-rhmp/2.6.4-4/manifests/couchbasescopes.couchbase.com.yaml b/operators/couchbase-enterprise-certified-rhmp/2.6.4-4/manifests/couchbasescopes.couchbase.com.yaml new file mode 100644 index 000000000..6f378ad5a --- /dev/null +++ b/operators/couchbase-enterprise-certified-rhmp/2.6.4-4/manifests/couchbasescopes.couchbase.com.yaml @@ -0,0 +1,171 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + config.couchbase.com/version: 2.6.4 + controller-gen.kubebuilder.io/version: v0.8.0 + name: couchbasescopes.couchbase.com +spec: + group: couchbase.com + names: + kind: CouchbaseScope + listKind: CouchbaseScopeList + plural: couchbasescopes + singular: couchbasescope + scope: Namespaced + versions: + - name: v2 + schema: + openAPIV3Schema: + description: CouchbaseScope represents a logical unit of data storage that + sits between buckets and collections e.g. a bucket may contain multiple + scopes, and a scope may contain multiple collections. At present, scopes + are not nested, so provide only a single level of abstraction. Scopes provide + a coarser grained basis for role-based access control (RBAC) and cross-datacenter + replication (XDCR) than collections, but finer that buckets. In order to + be considered by the Operator, a scope must be referenced by either a `CouchbaseBucket` + or `CouchbaseEphemeralBucket` resource. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + default: {} + description: Spec defines the desired state of the resource. + properties: + collections: + description: Collections defines how to collate collections included + in this scope or scope group. Any of the provided methods may be + used to collate a set of collections to manage. Collated collections + must have unique names, otherwise it is considered ambiguous, and + an error condition. + properties: + managed: + description: Managed indicates whether collections within this + scope are managed. If not then you can dynamically create and + delete collections with the Couchbase UI or SDKs. + type: boolean + preserveDefaultCollection: + description: PreserveDefaultCollection indicates whether the Operator + should manage the default collection within the default scope. The + default collection can be deleted, but can not be recreated + by Couchbase Server. By setting this field to `true`, the Operator + will implicitly manage the default collection within the default + scope. The default collection cannot be modified and will have + no document time-to-live (TTL). When set to `false`, the operator + will not manage the default collection, which will be deleted + and cannot be used or recreated. + type: boolean + resources: + description: Resources is an explicit list of named resources + that will be considered for inclusion in this scope or scopes. If + a resource reference doesn't match a resource, then no error + conditions are raised due to undefined resource creation ordering + and eventual consistency. + items: + properties: + kind: + default: CouchbaseCollection + description: Kind indicates the kind of resource that is + being referenced. A scope can only reference `CouchbaseCollection` + and `CouchbaseCollectionGroup` resource kinds. This field + defaults to `CouchbaseCollection` if not specified. + enum: + - CouchbaseCollection + - CouchbaseCollectionGroup + type: string + name: + description: Name is the name of the Kubernetes resource + name that is being referenced. Legal collection names + have a maximum length of 251 characters and may be composed + of any character from "a-z", "A-Z", "0-9" and "_-%". + maxLength: 251 + minLength: 1 + pattern: ^[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,250}$ + type: string + required: + - name + type: object + type: array + selector: + description: 'Selector allows resources to be implicitly considered + for inclusion in this scope or scopes. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#labelselector-v1-meta' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + type: object + defaultScope: + description: DefaultScope indicates whether this resource represents + the default scope for a bucket. When set to `true`, this allows + the user to refer to and manage collections within the default scope. When + not defined, the Operator will implicitly manage the default scope + as the default scope can not be deleted from Couchbase Server. The + Operator defined default scope will also have the `persistDefaultCollection` + flag set to `true`. Only one default scope is permitted to be contained + in a bucket. + type: boolean + name: + description: Name specifies the name of the scope. By default, the + metadata.name is used to define the scope name, however, due to + the limited character set, this field can be used to override the + default and provide the full functionality. Additionally the `metadata.name` + field is a DNS label, and thus limited to 63 characters, this field + must be used if the name is longer than this limit. Scope names + must be 1-251 characters in length, contain only [a-zA-Z0-9_-%] + and not start with either _ or %. + maxLength: 251 + minLength: 1 + pattern: ^[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,250}$ + type: string + type: object + type: object + served: true + storage: true diff --git a/operators/couchbase-enterprise-certified-rhmp/2.6.4-4/manifests/couchbaseusers.couchbase.com.yaml b/operators/couchbase-enterprise-certified-rhmp/2.6.4-4/manifests/couchbaseusers.couchbase.com.yaml new file mode 100644 index 000000000..ec1b2ac58 --- /dev/null +++ b/operators/couchbase-enterprise-certified-rhmp/2.6.4-4/manifests/couchbaseusers.couchbase.com.yaml @@ -0,0 +1,58 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + config.couchbase.com/version: 2.6.4 + controller-gen.kubebuilder.io/version: v0.8.0 + name: couchbaseusers.couchbase.com +spec: + group: couchbase.com + names: + kind: CouchbaseUser + listKind: CouchbaseUserList + plural: couchbaseusers + singular: couchbaseuser + scope: Namespaced + versions: + - name: v2 + schema: + openAPIV3Schema: + description: CouchbaseUser allows the automation of Couchbase user management. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CouchbaseUserSpec allows the specification of Couchbase user + configuration. + properties: + authDomain: + description: The domain which provides user authentication. + enum: + - local + - external + type: string + authSecret: + description: Name of Kubernetes secret with password for Couchbase + domain. + type: string + fullName: + description: Full Name of Couchbase user. + type: string + required: + - authDomain + type: object + required: + - spec + type: object + served: true + storage: true diff --git a/operators/couchbase-enterprise-certified-rhmp/2.6.4-4/metadata/annotations.yaml b/operators/couchbase-enterprise-certified-rhmp/2.6.4-4/metadata/annotations.yaml new file mode 100644 index 000000000..f0f23d2ce --- /dev/null +++ b/operators/couchbase-enterprise-certified-rhmp/2.6.4-4/metadata/annotations.yaml @@ -0,0 +1,14 @@ +--- +annotations: + operators.operatorframework.io.bundle.channel.default.v1: 2.6.4 + operators.operatorframework.io.bundle.channels.v1: 2.6.4 + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: couchbase-enterprise-certified-rhmp + + # Annotations for testing. + operators.operatorframework.io.test.mediatype.v1: scorecard+v1 + operators.operatorframework.io.test.config.v1: tests/scorecard/ + + com.redhat.openshift.versions: "v4.11-v4.15"