From 81a8c22d3fdda6bf2c9c11e59c57794f170d2d46 Mon Sep 17 00:00:00 2001 From: usamahjassat <146732713+usamahjassat@users.noreply.github.com> Date: Thu, 14 Nov 2024 18:43:11 +0000 Subject: [PATCH] operator couchbase-enterprise-certified-rhmp (2.7.0-2) (#902) --- ...ouchbase-v2.7.0.clusterserviceversion.yaml | 1410 ++++ .../couchbaseautoscalers.couchbase.com.yaml | 96 + ...couchbasebackuprestores.couchbase.com.yaml | 482 ++ .../couchbasebackups.couchbase.com.yaml | 501 ++ .../couchbasebuckets.couchbase.com.yaml | 316 + .../couchbaseclusters.couchbase.com.yaml | 5709 +++++++++++++++++ ...uchbasecollectiongroups.couchbase.com.yaml | 92 + .../couchbasecollections.couchbase.com.yaml | 77 + ...uchbaseephemeralbuckets.couchbase.com.yaml | 296 + .../couchbasegroups.couchbase.com.yaml | 370 ++ ...uchbasememcachedbuckets.couchbase.com.yaml | 87 + ...semigrationreplications.couchbase.com.yaml | 155 + .../couchbasereplications.couchbase.com.yaml | 214 + .../couchbaserolebindings.couchbase.com.yaml | 85 + .../couchbasescopegroups.couchbase.com.yaml | 185 + .../couchbasescopes.couchbase.com.yaml | 180 + .../couchbaseusers.couchbase.com.yaml | 63 + .../2.7.0-2/metadata/annotations.yaml | 14 + 18 files changed, 10332 insertions(+) create mode 100644 operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbase-v2.7.0.clusterserviceversion.yaml create mode 100644 operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbaseautoscalers.couchbase.com.yaml create mode 100644 operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbasebackuprestores.couchbase.com.yaml create mode 100644 operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbasebackups.couchbase.com.yaml create mode 100644 operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbasebuckets.couchbase.com.yaml create mode 100644 operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbaseclusters.couchbase.com.yaml create mode 100644 operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbasecollectiongroups.couchbase.com.yaml create mode 100644 operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbasecollections.couchbase.com.yaml create mode 100644 operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbaseephemeralbuckets.couchbase.com.yaml create mode 100644 operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbasegroups.couchbase.com.yaml create mode 100644 operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbasememcachedbuckets.couchbase.com.yaml create mode 100644 operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbasemigrationreplications.couchbase.com.yaml create mode 100644 operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbasereplications.couchbase.com.yaml create mode 100644 operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbaserolebindings.couchbase.com.yaml create mode 100644 operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbasescopegroups.couchbase.com.yaml create mode 100644 operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbasescopes.couchbase.com.yaml create mode 100644 operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbaseusers.couchbase.com.yaml create mode 100644 operators/couchbase-enterprise-certified-rhmp/2.7.0-2/metadata/annotations.yaml diff --git a/operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbase-v2.7.0.clusterserviceversion.yaml b/operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbase-v2.7.0.clusterserviceversion.yaml new file mode 100644 index 000000000..9963b2c0d --- /dev/null +++ b/operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbase-v2.7.0.clusterserviceversion.yaml @@ -0,0 +1,1410 @@ +--- +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + marketplace.openshift.io/remote-workflow: https://marketplace.redhat.com/en-us/operators/couchbase-enterprise-certified-rhmp/pricing?utm_source=openshift_console + marketplace.openshift.io/support-workflow: https://marketplace.redhat.com/en-us/operators/couchbase-enterprise-certified-rhmp/support?utm_source=openshift_console + alm-examples: |- + [ + { + "apiVersion": "couchbase.com/v2", + "kind": "CouchbaseCluster", + "metadata": { + "name": "cb-example" + }, + "spec": { + "image": "registry.connect.redhat.com/couchbase/server@sha256:033c0b2b8eb12ac63a158754dce20d9787a470c77252c60bd4d9e11f5b2dbc7a", + "cluster": { + "clusterName": "cb-example", + "dataServiceMemoryQuota": "256Mi", + "indexServiceMemoryQuota": "256Mi", + "searchServiceMemoryQuota": "256Mi", + "eventingServiceMemoryQuota": "256Mi", + "analyticsServiceMemoryQuota": "1Gi", + "indexStorageSetting": "memory_optimized", + "autoFailoverTimeout": "120s", + "autoFailoverMaxCount": 3, + "autoFailoverOnDataDiskIssues": true, + "autoFailoverOnDataDiskIssuesTimePeriod": "120s", + "autoFailoverServerGroup": false + }, + "upgradeStrategy": "RollingUpgrade", + "hibernate": false, + "hibernationStrategy": "Immediate", + "recoveryPolicy": "PrioritizeDataIntegrity", + "onlineVolumeExpansionTimeoutInMins": 20, + "security": { + "adminSecret": "cb-example-auth", + "rbac": { + "managed": true, + "selector": { + "matchLabels": { + "cluster": "cb-example" + } + } + } + }, + "xdcr": { + "managed": false, + "selector": { + "matchLabels": { + "cluster": "cb-example" + } + } + }, + "backup": { + "image": "registry.connect.redhat.com/couchbase/operator-backup@sha256:382511f532b0206d2bb0cecc8f91b055809b5ccf89136b6d37d55a40e266812f", + "managed": false, + "serviceAccountName": "couchbase-backup", + "selector": { + "matchLabels": { + "cluster": "cb-example" + } + } + }, + "monitoring": { + "prometheus": { + "enabled": false, + "image": "registry.connect.redhat.com/couchbase/exporter@sha256:de3bacf8233553452db1d9cec7c98b28d12c41aa025d830d6b7c5de0da9723b1" + } + }, + "networking": { + "exposeAdminConsole": true, + "adminConsoleServices": [ + "data" + ], + "exposedFeatures": [ + "xdcr" + ], + "exposedFeatureServiceType": "NodePort", + "adminConsoleServiceType": "NodePort", + "cloudNativeGateway": { + "image": "registry.connect.redhat.com/couchbase/cloud-native-gateway@sha256:50bbc00cce14ec968c9b8e9ef06a6c5bd2860d38d973cf7af7271d4ff66fe9cc" + } + }, + "buckets": { + "managed": true, + "selector": { + "matchLabels": { + "cluster": "cb-example" + } + } + }, + "logRetentionTime": "604800s", + "logRetentionCount": 20, + "enablePreviewScaling": false, + "servers": [ + { + "size": 3, + "name": "all_services", + "services": [ + "data", + "index", + "query", + "search", + "eventing", + "analytics" + ] + } + ] + }, + "status": { + "size": 0 + } + }, + { + "apiVersion": "couchbase.com/v2", + "kind": "CouchbaseBucket", + "metadata": { + "name": "default", + "labels": { + "cluster": "cb-example" + } + }, + "spec": { + "memoryQuota": "100Mi", + "replicas": 2, + "ioPriority": "low", + "evictionPolicy": "valueOnly", + "conflictResolution": "lww", + "enableFlush": false, + "enableIndexReplica": true, + "compressionMode": "passive" + }, + "status": {} + }, + { + "apiVersion": "couchbase.com/v2", + "kind": "CouchbaseEphemeralBucket", + "metadata": { + "name": "ephemeral-bucket", + "labels": { + "cluster": "cb-example" + } + }, + "spec": { + "memoryQuota": "100Mi", + "replicas": 2, + "ioPriority": "low", + "evictionPolicy": "noEviction", + "conflictResolution": "lww", + "enableFlush": false, + "compressionMode": "passive" + }, + "status": {} + }, + { + "apiVersion": "couchbase.com/v2", + "kind": "CouchbaseMemcachedBucket", + "metadata": { + "name": "memcached-bucket", + "labels": { + "cluster": "cb-example" + } + }, + "spec": { + "memoryQuota": "100Mi", + "enableFlush": false + }, + "status": {} + }, + { + "apiVersion": "couchbase.com/v2", + "kind": "CouchbaseUser", + "metadata": { + "name": "my-user", + "labels": { + "cluster": "cb-example" + } + }, + "spec": { + "fullName": "My User", + "authDomain": "local", + "authSecret": "cb-example-auth" + }, + "status": {} + }, + { + "apiVersion": "couchbase.com/v2", + "kind": "CouchbaseGroup", + "metadata": { + "name": "my-group", + "labels": { + "cluster": "cb-example" + } + }, + "spec": { + "roles": [ + { + "name": "bucket_admin", + "bucket": "default" + } + ] + }, + "status": {} + }, + { + "apiVersion": "couchbase.com/v2", + "kind": "CouchbaseRoleBinding", + "metadata": { + "name": "my-role-binding" + }, + "spec": { + "subjects": [ + { + "kind": "CouchbaseUser", + "name": "my-user" + } + ], + "roleRef": { + "kind": "CouchbaseGroup", + "name": "my-group" + } + }, + "status": {} + }, + { + "apiVersion": "couchbase.com/v2", + "kind": "CouchbaseReplication", + "metadata": { + "name": "my-replication", + "labels": { + "cluster": "cb-example" + } + }, + "spec": { + "bucket": "default", + "remoteBucket": "default", + "compressionType": "Snappy", + "filterExpression": "", + "paused": false + }, + "status": {} + }, + { + "apiVersion": "couchbase.com/v2", + "kind": "CouchbaseBackup", + "metadata": { + "name": "cb-backup", + "labels": { + "cluster": "cb-example" + } + }, + "spec": { + "strategy": "full_incremental", + "full": { + "schedule": "0 3 * * 6" + }, + "incremental": { + "schedule": "0 3 * * 1-6" + }, + "successfulJobsHistoryLimit": 1, + "failedJobsHistoryLimit": 3, + "backOffLimit": 2, + "backupRetention": "24h", + "logRetention": "24h", + "size": "5Gi" + }, + "status": {} + }, + { + "apiVersion": "couchbase.com/v2", + "kind": "CouchbaseBackupRestore", + "metadata": { + "name": "cb-restore", + "labels": { + "cluster": "cb-example" + } + }, + "spec": { + "backup": "cb-backup", + "repo": "cb-example-2020-10-29T19_00_03", + "start": { + "int": 1 + }, + "end": { + "int": 1 + }, + "backOffLimit": 2, + "logRetention": "24h" + }, + "status": {} + }, + { + "apiVersion": "couchbase.com/v2", + "kind": "CouchbaseCollectionGroup", + "metadata": { + "name": "my-collection-group" + }, + "spec": { + "maxTTL": "", + "names": ["my-collection"] + }, + "status": {} + }, + { + "apiVersion": "couchbase.com/v2", + "kind": "CouchbaseCollection", + "metadata": { + "name": "my-collection" + }, + "spec": { + "maxTTL": "", + "name": "my-collection" + }, + "status": {} + }, + { + "apiVersion": "couchbase.com/v2", + "kind": "CouchbaseScopeGroup", + "metadata": { + "name": "my-scope-group" + }, + "spec": { + "collections": {}, + "names": ["my-scope"] + }, + "status": {} + }, + { + "apiVersion": "couchbase.com/v2", + "kind": "CouchbaseScope", + "metadata": { + "name": "my-scope" + }, + "spec": { + "collections": {}, + "name": "my-scope" + }, + "status": {} + }, + { + "apiVersion": "couchbase.com/v2", + "kind": "CouchbaseMigrationReplication", + "metadata": { + "name": "default-migration" + }, + "migrationMapping": { + "mappings": [] + }, + "spec": { + "bucket": "default", + "remoteBucket": "default" + } + }, + { + "apiVersion": "couchbase.com/v2", + "kind": "CouchbaseAutoscaler", + "metadata": { + "name": "do.not.create.internal.only" + }, + "spec": { + "servers": "internal", + "size": 2 + }, + "status": { + "labelSelector": "", + "size": 2 + } + } + ] + operators.openshift.io/infrastructure-features: '["Disconnected"]' + features.operators.openshift.io/disconnected: "true" + features.operators.openshift.io/fips-compliant: "false" + features.operators.openshift.io/proxy-aware: "false" + features.operators.openshift.io/tls-profiles: "false" + features.operators.openshift.io/token-auth-aws: "false" + features.operators.openshift.io/token-auth-azure: "false" + features.operators.openshift.io/token-auth-gcp: "false" + features.operators.openshift.io/cnf: "false" + features.operators.openshift.io/cni: "false" + features.operators.openshift.io/csi: "false" + capabilities: "Auto Pilot" + categories: "Database" + certified: "true" + createdAt: 2023/04/28 + description: The Couchbase Autonomous Operator allows users to easily deploy, manage, and maintain Couchbase deployments + support: Couchbase, Inc + name: couchbase-operator.v2.7.0-2 +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: Manages Clusters + displayName: Couchbase Cluster + kind: CouchbaseCluster + name: couchbaseclusters.couchbase.com + resources: + - kind: CouchbaseCluster + version: v2 + - kind: ConfigMap + version: v1 + - kind: Service + version: v1 + - kind: Pod + version: v1 + specDescriptors: + - description: Cluster name override + displayName: Cluster name + path: cluster.clusterName + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: This object allows configuration of global Couchbase security settings and RBAC. + displayName: Security + path: security + - description: The name of the secret object that stores the admin credentials. + displayName: Admin Secret + path: security.adminSecret + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + - description: Specifies whether the Operator should manage Couchbase RBAC. + displayName: RBAC managed + path: security.rbac.managed + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Specifies the labels of RBAC resources to be selected and managed. + displayName: RBAC selector + path: security.rbac.selector + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:selector:core:v1:ConfigMap + - description: This field specifies the image that should be used. + displayName: Image + path: image + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: Specifies whether to manage buckets and how to select which bucket resources to use. + displayName: Buckets + path: buckets + - description: Specifies whether the Operator should manage Couchbase buckets. + displayName: Buckets managed + path: buckets.managed + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Specifies the labels of buckets to be selected and managed. + displayName: Buckets selector + path: buckets.selector + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:selector:core:v1:ConfigMap + - description: Specifies whether the Operator should manage Couchbase XDCR replications. + displayName: XDCR managed + path: xdcr.managed + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Specifies the labels of Replication resources to be selected and managed. + displayName: XDCR selector + path: xdcr.selector + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:selector:core:v1:ConfigMap + - description: Defines whether the Automated Backup feature is enabled for the cluster. + displayName: Backup enabled + path: backup.managed + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Specifies the labels of Backup resources to be selected and managed. + displayName: Backup selector + path: backup.selector + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:selector:core:v1:ConfigMap + - description: Defines whether the Prometheus metric collection is enabled for the cluster. + displayName: Monitoring enabled + path: monitoring.prometheus.enabled + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Specifies the labels of Backup resources to be selected and managed. + displayName: Backup selector + path: monitoring.prometheus.selector + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:selector:core:v1:ConfigMap + - description: This object allows the configuration of the Couchbase cluster topology. + displayName: Servers + path: servers + - description: This object allows configuration of network related options. + displayName: Networking + path: networking + - description: The name of the secret object that stores the server's TLS + certificate. + displayName: Server TLS Secret + path: networking.tls.static.serverSecret + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + - description: The name of the secret object that stores the Operator's TLS + certificate. + displayName: Operator TLS Secret + path: networking.tls.static.operatorSecret + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + - description: Specifies if the Operator will manage this cluster. + displayName: Paused + path: paused + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Specifies if the Couchbase Server Web Console will be exposed + externally. + displayName: Expose Console + path: networking.exposeAdminConsole + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Specifies whether or not two pods in this cluster can be deployed + on the same Kubernetes node. + displayName: Anti Affinity + path: antiAffinity + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Specifies if update notifications will be displayed in the + Couchbase UI. + displayName: Show Update Notifications + path: softwareUpdateNotifications + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Specifies if the Operator will create or delete buckets. + displayName: Disable Bucket Management + path: disableBucketManagement + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: The desired number of member Pods for the Couchbase cluster. + displayName: Size + path: servers[0].size + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podCount + - description: The services that should be run on nodes (data, index, query, search, eventing and analytics) + displayName: Services + path: servers[0].services + - description: The set of server groups to schedule pods in (overrides top-level serverGroups) + displayName: ServerGroups + path: servers[0].serverGroups + - description: The maximum number of failover events tolerated before manual + intervention is required. + displayName: Auto Failover Max Count + path: cluster.autoFailoverMaxCount + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:slider + - urn:alm:descriptor:com.tectonic.ui:sliderStart:1 + - description: LDAP settings for external user authentication + displayName: LDAP Settings + path: security.ldap + - description: List of LDAP hosts Operator should connect to for authentication + displayName: Hosts + path: security.ldap.hosts + - description: The port Operator should use connect when connecting to hosts + displayName: Port + path: security.ldap.port + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: The type of encryption to use for connection with the LDAP server (None, TLS, StartTLSExtension) + displayName: Encryption + path: security.ldap.encryption + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: The set of server groups to schedule pods in. + displayName: ServerGroups + path: serverGroups + statusDescriptors: + - description: The desired number of member Pods for the deployment. + displayName: Size + path: size + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podCount + - description: Explanation for the current status of the application. + displayName: Status Details + path: reason + x-descriptors: + - urn:alm:descriptor:io.kubernetes.phase:reason + - description: The status of each of the member Pods for the Couchbase cluster. + displayName: Member Status + path: members + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podStatuses + - description: The current version of the Couchbase cluster. + displayName: Current Version + path: currentVersion + - description: The cluster identifier as provided by the Couchbase cluster. + displayName: Cluster ID + path: clusterID + - description: Specifies if the Operator is currently managing this cluster. + displayName: Control Paused + path: controlPaused + - description: The port that the web console can be accessed on from any node + in the Kubernetes cluster. + displayName: Admin Console Port + path: adminConsolePort + - description: The SSL port that the web console can be accessed on from any + node in the Kubernetes cluster. + displayName: SSL Admin Console Port + path: adminConsolePortSSL + - description: Conditions for the cluster + displayName: Conditions + path: conditions + x-descriptors: + - urn:alm:descriptor:io.kubernetes.conditions + version: v2 + - kind: CouchbaseBucket + name: couchbasebuckets.couchbase.com + description: Manages Buckets + displayName: Couchbase Bucket + version: v2 + resources: + - kind: CouchbaseBucket + version: v2 + - kind: CouchbaseCluster + version: v2 + - kind: ConfigMap + version: v1 + - kind: Service + version: v1 + - kind: Pod + version: v1 + specDescriptors: + - description: The name of a couchbase bucket. + displayName: Bucket Name + path: memoryQuota + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:resourceRequirements + - description: The number of replicas that should be created for this bucket. + displayName: Bucket Replicas + path: replicas + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: The IO priority of background threads for this bucket (low | high) + displayName: IO priority + path: ioPriority + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: The in-memory cache eviction policy for this bucket (valueOnly | fullEviction) + displayName: Eviction Policy + path: evictionPolicy + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: The bucket's conflict resolution mechanism (seqno | lww) + displayName: Conflict Resolution + path: conflictResolution + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: The choice to enable bucket flushing + displayName: Enable Flush + path: enableFlush + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: The compression mode for this bucket (off | passive | active) + displayName: Compression Mode + path: compressionMode + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: This field specifies whether or not to enable view index replicas for this bucket. + displayName: Enable Index Replica + path: enableIndexReplica + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - kind: CouchbaseEphemeralBucket + name: couchbaseephemeralbuckets.couchbase.com + description: Manages Ephemeral Buckets + displayName: Couchbase Ephemeral Bucket + version: v2 + resources: + - kind: CouchbaseEphemeralBucket + version: v2 + - kind: CouchbaseCluster + version: v2 + - kind: ConfigMap + version: v1 + - kind: Service + version: v1 + - kind: Pod + version: v1 + specDescriptors: + - description: The name of a couchbase ephemeral bucket. + displayName: Bucket Name + path: memoryQuota + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:resourceRequirements + - description: The number of replicas that should be created for this bucket. + displayName: Bucket Replicas + path: replicas + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: The IO priority of background threads for this bucket (low | high) + displayName: IO priority + path: ioPriority + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: The in-memory cache eviction policy for this bucket (valueOnly | fullEviction) + displayName: Eviction Policy + path: evictionPolicy + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: The bucket's conflict resolution mechanism (seqno | lww) + displayName: Conflict Resolution + path: conflictResolution + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: The choice to enable bucket flushing + displayName: Enable Flush + path: enableFlush + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: The compression mode for this bucket (off | passive | active) + displayName: Compression Mode + path: compressionMode + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - kind: CouchbaseMemcachedBucket + name: couchbasememcachedbuckets.couchbase.com + description: Manages Memcached Buckets + displayName: Couchbase Memcached Bucket + version: v2 + resources: + - kind: CouchbaseMemcachedBucket + version: v2 + - kind: CouchbaseCluster + version: v2 + - kind: ConfigMap + version: v1 + - kind: Service + version: v1 + - kind: Pod + version: v1 + specDescriptors: + - description: The name of a couchbase memcached bucket. + displayName: Bucket Name + path: memoryQuota + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:resourceRequirements + - description: The choice to enable bucket flushing + displayName: Enable Flush + path: enableFlush + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - kind: CouchbaseUser + name: couchbaseusers.couchbase.com + description: Manages RBAC Users + displayName: Couchbase User + version: v2 + resources: + - kind: CouchbaseUser + version: v2 + - kind: CouchbaseCluster + version: v2 + - kind: ConfigMap + version: v1 + - kind: Service + version: v1 + - kind: Pod + version: v1 + specDescriptors: + - description: The user full name. + displayName: Full Name + path: fullName + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: The domain used to authenticate user (local | ldap) + displayName: Auth Domain + path: authDomain + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: The Secret containing user password + displayName: Auth Secret + path: authSecret + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + - kind: CouchbaseGroup + name: couchbasegroups.couchbase.com + description: Manages RBAC Groups + displayName: Couchbase Groups + version: v2 + resources: + - kind: CouchbaseGroup + version: v2 + - kind: CouchbaseCluster + version: v2 + - kind: ConfigMap + version: v1 + - kind: Service + version: v1 + - kind: Pod + version: v1 + specDescriptors: + - description: This field is a list of roles to be associated with a user or group of users. + displayName: Roles + path: roles + - kind: CouchbaseRoleBinding + name: couchbaserolebindings.couchbase.com + description: Manages RBAC Binding + displayName: Couchbase Role Binding + version: v2 + resources: + - kind: CouchbaseRoleBinding + version: v2 + - kind: CouchbaseCluster + version: v2 + - kind: ConfigMap + version: v1 + - kind: Service + version: v1 + - kind: Pod + version: v1 + specDescriptors: + - description: This field defines the resource to extract the roles from. + displayName: Role Reference + path: roleRef + - description: This field is a list of subjects to a apply role to. + displayName: Subjects + path: subjects + - kind: CouchbaseReplication + name: couchbasereplications.couchbase.com + description: Manages Couchbase Replications + displayName: Couchbase Replications + version: v2 + resources: + - kind: CouchbaseReplication + version: v2 + - kind: CouchbaseCluster + version: v2 + specDescriptors: + - description: The local bucket to replicate from. Must be a CouchbaseBucket or CouchbaseEphemeralBucket + displayName: Bucket Name + path: bucket + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: The remote bucket to replicate to. Must be a CouchbaseBucket or CouchbaseEphemeralBucket + displayName: Remote Bucket Name + path: remoteBucket + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: The compression type to use when replicating data. (None | Auto | Snappy) + displayName: Compression Type + path: compressionType + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: This field controls what documents are replicated to the remote cluster + displayName: Filter Expression + path: filterExpression + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: This field controls whether a replication is paused or not + displayName: Replication Paused + path: paused + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - kind: CouchbaseBackup + name: couchbasebackups.couchbase.com + description: Manages Backups + displayName: Couchbase Backup + resources: + - kind: CronJob + name: "" + version: batch/v1 + - kind: CouchbaseRoleBinding + version: v2 + - kind: CouchbaseCluster + version: v2 + - kind: ConfigMap + version: v1 + - kind: Service + version: v1 + - kind: Pod + version: v1 + version: v2 + specDescriptors: + - description: The backup strategy to use (full_only | full_incremental) + displayName: Backup Strategy + path: strategy + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: The schedule a user wants the Operator to perform a full backup of the cluster. + displayName: Full Backup Schedule + path: full.schedule + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: The schedule a user wants the Operator to perform an incremental backup of the cluster. + displayName: Incremental Backup Schedule + path: incremental.schedule + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: The amount of successful jobs to keep + displayName: Job History Limit + path: successfulJobsHistoryLimit + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: The field defines the size of the Persistent Volume to store backups. + displayName: Size + path: size + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:resourceRequirements + - description: The field defines the schedule to use for full backup. + displayName: Full + path: full + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: This field defines the schedule a user wants the Operator to perform an incremental backup of the cluster. + displayName: Incremental + path: incremental + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: This field defines the amount of times one backup job will try to perform a backup. + displayName: Back Off Limit + path: backOffLimit + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: This field defines the time period in which to retain existing backups. + displayName: Backup Retention + path: backupRetention + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: This field defines the time period in which to retain backup logs. + displayName: Log Retention Time + path: logRetention + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: This field defines the amount of failed jobs to keep before Kubernetes starts deleting older ones. + displayName: Failed Jobs History Limit + path: failedJobsHistoryLimit + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - kind: CouchbaseBackupRestore + name: couchbasebackuprestores.couchbase.com + description: Manages Backup Restores + displayName: Couchbase Backup Restore + resources: + - kind: CouchbaseBackupRestore + version: v2 + version: v2 + specDescriptors: + - description: The backup name to restore from + displayName: Backup Name + path: backup + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: The repo name where the backup we which to restore is located + displayName: Repository + path: repo + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: The index of the first backup to restore with 1 being the oldest (default) + displayName: Start Range + path: start.int + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: The index of the last backup to restore with 1 being the oldest (default) + displayName: End Range + path: end.int + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: The amount of times the restore job will try to perform a restore + displayName: Back Off Limit + path: backOffLimit + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:number + - description: The time period in which to retain backup logs + displayName: Log Retention Time + path: logRetentionTime + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - kind: CouchbaseCollectionGroup + name: couchbasecollectiongroups.couchbase.com + description: Manages RBAC Collection Groups + displayName: Couchbase Collection Groups + version: v2 + resources: + - kind: CouchbaseCollectionGroup + version: v2 + specDescriptors: + - description: MaxTTL defines how long a document is permitted to exist. + displayName: MaxTTL + path: maxTTL + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: Names specifies the names of the collections. + displayName: Names + path: names + - kind: CouchbaseCollection + name: couchbasecollections.couchbase.com + description: Manages RBAC Collections + displayName: Couchbase Collection + version: v2 + resources: + - kind: CouchbaseCollection + version: v2 + specDescriptors: + - description: MaxTTL defines how long a document is permitted to exist. + displayName: MaxTTL + path: maxTTL + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: Name specifies the name of the collection. + displayName: Name + path: name + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - kind: CouchbaseScopeGroup + name: couchbasescopegroups.couchbase.com + description: Manages RBAC Scope Groups + displayName: Couchbase Scope Group + version: v2 + resources: + - kind: CouchbaseScopeGroup + version: v2 + specDescriptors: + - description: Collections defines how to collate collections included in this scope or scope group. + displayName: Collections + path: collections + - description: Managed indicates whether collections within this scope are managed. + displayName: Managed + path: collections.managed + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: PreserveDefaultCollection indicates whether the Operator should manage the default collection within the default scope. + displayName: Preserve Default Collection + path: collections.preserveDefaultCollection + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Resources is an explicit list of named resources that will be considered for inclusion in this scope or scopes. + displayName: Collection Resources + path: collections.resources + - description: Kind indicates the kind of resource that is being referenced. A scope can only reference CouchbaseCollection and CouchbaseCollectionGroup resource kinds. + displayName: Resource Kind + path: collections.resources[0].kind + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: Name of the Kubernetes resource name that is being referenced. + displayName: Resource Name + path: collections.resources[0].name + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: Name of the Kubernetes resource name that is being referenced. + displayName: Selector + path: collections.resources[0].selector + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:selector:core:v1:ConfigMap + - description: DefaultScope indicates whether this resource represents the default scope for a bucket. + displayName: Default Scope + path: defaultScope + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Names specifies the names of the scopes belonging to this group. + displayName: Names + path: names + - kind: CouchbaseScope + name: couchbasescopes.couchbase.com + description: Manages RBAC Scopes + displayName: Couchbase Scope + version: v2 + resources: + - kind: CouchbaseScope + version: v2 + specDescriptors: + - description: Collections defines how to collate collections included in this scope or scope group. + displayName: Collections + path: collections + - description: Managed indicates whether collections within this scope are managed. + displayName: Managed + path: collections.managed + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: PreserveDefaultCollection indicates whether the Operator should manage the default collection within the default scope. + displayName: Preserve Default Collection + path: collections.preserveDefaultCollection + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Resources is an explicit list of named resources that will be considered for inclusion in this scope or scopes. + displayName: Collection Resources + path: collections.resources + - description: Kind indicates the kind of resource that is being referenced. A scope can only reference CouchbaseCollection and CouchbaseCollectionGroup resource kinds. + displayName: Resource Kind + path: collections.resources[0].kind + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: Name of the Kubernetes resource name that is being referenced. + displayName: Resource Name + path: collections.resources[0].name + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: Name of the Kubernetes resource name that is being referenced. + displayName: Selector + path: collections.resources[0].selector + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:selector:core:v1:ConfigMap + - description: DefaultScope indicates whether this resource represents the default scope for a bucket. + displayName: Default Scope + path: defaultScope + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Name specifies the name of the scope. + displayName: Name + path: name + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - kind: CouchbaseMigrationReplication + name: couchbasemigrationreplications.couchbase.com + description: Special migration mapping within XDCR to take a filtered list from the default scope and collection of the source to target bucket. + displayName: Couchbase Migration Replication + resources: + - kind: CouchbaseMigrationReplication + version: v2 + version: v2 + specDescriptors: + - description: The migration mappings to use. + displayName: Migration Mapping + path: migrationMapping + - description: List of mapping filters. + displayName: Mappings + path: migrationMapping.mappings + - description: Bucket is the source bucket to replicate from. + displayName: Bucket + path: bucket + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - description: RemoteBucket is the remote bucket name to synchronize to. + displayName: RemoteBucket + path: remoteBucket + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:string + - kind: CouchbaseAutoscaler + name: couchbaseautoscalers.couchbase.com + description: Internal Autoscaling Management Resource + displayName: Couchbase Autoscaler + resources: + - kind: CouchbaseAutoscaler + version: v2 + version: v2 + specDescriptors: + - description: The size of the related server config + displayName: Size + path: size + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:int + description: | + The Couchbase Autonomous Operator allows users to easily deploy, manage, and maintain Couchbase deployments on OpenShift. By installing this integration you will be able to deply Couchbase Server clusters with a single command. + + ## Supported Features + + * **Automated cluster provisioning** - Deploying a Couchbase Cluster has never been easier. Fill out a Couchbase specific configuration and let the Couchbase Operator take care of provisioning nodes and setting up cluster to your exact specification. + + * **On-demand scalability** - Automatically scale your cluster up or down by changing a simple configuration parameter and let the Couchbase Operator handle provisioning of new nodes and joining them into the cluster. + + * **Auto-recovery** - Detect Couchbase node failures, rebalance out bad nodes, and bring the cluster back up to the desired capacity. Auto-recovery is completely automated so you can sleep easy through the night knowing that the Couchbase Operator will handle any failures. + + * **Geo-distribution** - Replicate your data between datacenters to move data closer to the users who consume it and protect against disaster scenarios where an entire datacenter becomes unavailable. + + * **Persistent storage** - Define persistent network-attached storage for each node in your cluster to allow pods to be recovered even if the node they were running on is no longer available. + + * **Rack/zone awareness** - Tell the Couchbase Operator about availability zones in your datacenter and let the operator take care of ensuring that nodes in your cluster are deployed equally across each zone. + + * **Supportability** - When things go wrong, use the cbopinfo tool provided with the Couchbase Operator to collect relevant data about your Couchbase deployment so that you can quickly address issues. + + * **Centralized configuration management** - Manage your configuration centrally with OpenShift. Updates to the configuration are watched by the Couchbase Operator and actions are taken to make the target cluster match the desired configuration. + ## Required Parameters + * `authSecret` - provide the name of a secret that contains two keys for the `username` and `password` of the super user ([documentation](https://docs.couchbase.com/operator/1.2/couchbase-cluster-config.html)) + + ## About Couchbase Server + + Built on the most powerful NoSQL technology, Couchbase Server delivers unparalleled performance at scale, in any cloud. With features like memory-first architecture, geo-distributed deployments, and workload isolation, Couchbase Server excels at supporting mission-critical applications at scale while maintaining submillisecond latencies and 99.999% availability. Plus, with the most comprehensive SQL-compatible query language (N1QL), migrating from RDBMS to Couchbase Server is easy with ANSI joins. + displayName: Couchbase Operator + icon: + - base64data: iVBORw0KGgoAAAANSUhEUgAAAK4AAACvCAYAAABkUOVLAAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAOxAAADsQBlSsOGwAAABl0RVh0U29mdHdhcmUAd3d3Lmlua3NjYXBlLm9yZ5vuPBoAABLSSURBVHic7d17cFz1dQfw77l39ZZlgbHNpH7IxliPlVaStX7gMEVOmeCQQBoIpjNtKYmhbtJ0KFACbdOZlDZMYSAuk0AYDKVDMgVMgU5CsGlpbFLHD7wrrx4rycaWReIkY2wj62FJ1t77O/1DMjEeW3ufe3dX5zPjGY907+93bH/90+7de88PEEIIIYQQQggROAq6gHywr6ZmjlZQMJtSKCOgEABMhMp1GCMAwMAEF+CMSqUGV/f2ngq22vwgwU1jR2trqOLk0NWsVD2Il4JRxUAVgReD6Aow5gDQbAypQDgF5pMM+oCAfmY6SoSj0M3Ovs6a9zfgVdOvP0++kOCehwGKNzRUs6mtJcJagJrAHAZQnMEyxkGUBDhBjF+wrvZEOzt7Mzh/TpjxwX2vvn6hzqH1SvF6Ir4OoDlB13QRJwl4l5m3GwXYvqaj41jQBQVtRgY3VtPQAF3bAOCLYDQEXY9tTB0g/i8FbF3V3Z4MupwgzJjgxsIti4hTX2HgdoBqg67HQ0kQXlFk/vuqrq5fBV1MpuR1cHe0toYqjg/cBKK7GXwD7L2Jyi0EE8xvg7Utw/Mr31y3c6cRdEl+ysvg7qqunlWsFX0VhPsAWhR0PQH4LYOeLdLNJyOdnQNBF+OHvAru3vr6+SGlfxPAXQAqgq4ncIRBBj9bqOPxxo6OD4Mux0t5Edx9NTVzNK34rwh8H4BZQdeThc4AeN7QzEfWdHUdD7oYL+R0cHcvuKakYNbYfUT8ICSwVgwB/C/Do0Ob1/X3jwddjBs5G9x4OHITg54EY0nQteSgXzHzt6I9HT8kgIMuxomcC248vGIZs/ksgHVB15LrCPyO0nnTys7OvqBrsStngrujtTU06/hHfwmi7wAoC7qevEEYY6bHqET/TjQeTwVdjlU5EdxYQ0MNG/RDIooGXUu+ImC/ofAnq3vbDwVdixVZf0F+f23kDphaTELrLwZW6joSsdrIPUHXYkXWrrgHmpoqzQl+AcAfBl3LTMOM181U8VfWHN43FHQtl5KVwY01NNTApNfz7J6CXPM+M9+ysqejK+hCLibrXirEaxtvh6nFJLSBu5qI9sTqmm4LupCLyargxmoj9zDhPyBXDbJFOcCv7K9r+nbQhVwoK14q7GhtDVV8OPB9BjYFXYu4OAZeoJLQpmy5ZBZ4cGMtLaUYM14HcEPQtYh0+K2JobIvrz22ZyzoSgINbnskUpYy6McAPhNkHcI6Bv3cnCi6KegrDoEFt6Oh4bIJU9sGYHVQNQjH9uqF9LnmROJ0UAUE8uasPRIpmzC1H0NCm6vWmBO8fVd1dWB35GU8uLsXXFOSStGbAK7N9NzCU6uL9eJt7ZFIIFeAMhrcWEtLQWHF6BsgtGZyXuGbT6cMbN3R2hrK9MQZDS6NGd+DXD3IM3TjrBMDz2R61owFNxZu/Ae5TpunGBtj4caHMjllRq4qxGsbb2fCS5maTwSCmfi2lcmO1zIxme9BitU0NEDT9kA+xp0JRhSwJhPddXx9qbCrunoWNG0rJLQzRbkGvB5b2jLb74l8DW6xXvwigBo/5xBZZzmKzef8nsS34MbqGv8CchP4DMVf3l8b2ejnDL68xp16EvcAgHI/xhc54Qyb3LLyYMdBPwb3fMXd0doaUsp4CRLama6MdHpxK27T/Rjc8+DOOjFwvzzYKKasWho+5MvDl56+VNhXHVmi69QJuYogfmcUmhmJdnUd8XJQT1dcXafnIaEVn1QKU3/a60E9C268rnEDpC2SuBjCZ+O1jV/ydkgP7KiqKp5VOrsHQJUX44m81Dc8Ohj2qkukJytueUnl/ZDQiuktnVU227M3aq5X3H01NXN0ragP0gFcpEMYnICxdG0y+ZHboVyvuJpe+CAktMIKxuwi6Pd5MZSrFbdtWfNcVaj6IB82COtGCkJ8lds9KVytuKpQPQgJrbCnPJUi16uu4xV377LVFaGi8V+C4fstbCLvDGE8tCjaFx90OoDjFbeg4OwmCa1wqIJLjK+6GcDRihtraSnAmHEEwEI3k4sZ7YPheZctc7oDpqMVl84aN0FCK9xZXH7ioxudnuwouErhbqcTCnEOKXKcI9svFWLhlkVg4yiyrLfulBEAKYCHATIAFAJYEHBNmWYAOAZAAagAoQyMkoBrujiCaehctaaj45jdUx10IDHuRCZDSxgD4+fE6IZGR5jxITMN6DpOK6QGTMM4rZeVDV2qb2t7JDLPMOl+ZjyA/H48/iyAByaGSp+7sA0oA9TZ0FA5SlRGE1Sq6TSXFOaC+EoCz1dMczXClYp5MRE1AijISMUMvcDAHQAesXuq/RW3LtKdoTb3bQQ8yiWhN6Px+KjbwWLhpi1gvsuLwrIS4aFosv1Rt8PEWlpKeTR1MxHdC2CVB5VNj9AZTbZH7J9mw1SPhA67k9h0hhlfi/a0/8jL7Trb6pujSqn9Xo2XbUIGFjQdav+1V+MxQPG6xk0AngBQ6tW4F0OaXtfS1dZj5xx7P/J1bYOt4+07Tpq5dmVPu+d7zA6ODGTl7jEeGW881P4bLwckgKPd7c+AcAMIjj8osEQZtnNlL7js6+PmZ5VGt7R0dfmyok/dBzrhx9hZ4KRfm0lHk+27oOiP4eNm1QyyfZO55eC+V1+/EEC93QmsIuLHV3Uldvs1/pSc3CncAl//XNGexE8Z2OLjFJG26uZP2TnBcnB1Dq23X49FhEGtQHvct/GFa2aI/wmTVy78QKaubOXLcnCVYt+CS8C2IPcTEOlNXmvl//VrfAK8Dy4DRITfd1aSpQn+27exhZfe9nHs69jGVS5LwW2rX1ED4ArHJaVhKq3Pr7GFh1jztDfCBeYlapuWWT3YUnCVMq9xXk96IR0n/BxfeENpcPXUgoXxP231WEvBJcJa5+Wkpyjl14t+4aEQka9XL1gpyzmz9uaM0ey4GiEsIqImq8emDe7UVkB1rioSwgIm1Fvt7pg2uLNPDC4HUOy6KiHSYZQsrjl0lZVD0wZXMYfdVySENaGQtU9n07/GJbb0P0AIL7DipVaOSxtcYukJJjKHmaqsHJc2uCzN7EQGEfESK8dZuBzGi9wWI4R1tNjKUVau485zWYkQdsy1ctC0wWVAA1GlN/UIYcnlVm62mTa4e8LhSjB82e5HiEsIJZqa0rb2mja4RSi63Lt6hLDGMM20uZu2r4LJZlE2dv1wikA/A1RmegZkELOWV3fX6SqU9pPaaYOrMReB8qeHRkt3wnGvKpE5Brgw3THTLqg02cJIiIzSWBWlPWa6b7JGDlo0CeESUdqXc9OvuIod9S4Vwg220P8i3XXcfG2gIbIYgyS4IvfopKV9lGva4GpayJPtK4Www8oziNMG9yzOut4BUAi76EzhqXTHTBvca5LJ0yCY3pUkRFqplr74ULqD0l3HVWAMeFeTEGl9ZKXzpJX7cfPq40SR9U5aOchCcOmXbisRwjr+wMpRVu6hOeqyEiEsYyZLebPwlC/63RYjhFVE1hZKCw9Lsp8d+oT4BGJY6tyZ/vF0jfN50w+RbTS909Jh6Q7o66x5H4SxdMe5oZuhfLpfXTg3uiLZ5s2KuwGvmgB1u6/p0kyoWX6OL7xhgst9nqKLJrdyTcvqSnfARTFpkUaWHkkWwdIU+9qqgIGE5VosDci8x3k5FsYHLPdFFcFRxL52pgfzL6weam3FNa0P6IjCZ3wdX7jGgEZMX/BzjhA0ywukpeBGD3YcgsWP4hwhXL+vOmKpZ5QIRiwcuR2A5c1FHDje3JN43+rB1vaAAJiAd53XlL4OXcf3fRxfuBBb3nIFMbnemT0NW/myfBmKmbfbr8UOunF/OPKYnb2uhP9iLS2lHDJeBrDQz3kIsJUvy8E1CrAdPu8ZS0wPxMONr03tGywCFgu3LOLx1DsE/IHPUzFzyFZwba1usXBjBxgN9mpyZBSElxj0QjSZ2GP12p7wRmJ54+8ZBdgIxjcBlGViymh3u62dnez1TWC8AWQkuKVgbCTwxnhd4+kYYxcIbcx8hDTq0wytb8XBA7/JQB15a0dVVXFlSeVCU+MFrHghaVQFxhIQNRjgpow2OyS8Yf8UG96rawxrQLbcuzAOoA+Eo1B8EkQnQTjBjBMgPsmknaSUOqVo4uSq3t6BmbJqb8VtelW4e65manM1jeYp0uYDfCUYiwEsYuYFRLQQwPyga/2YrmqjnZ29dk6x/UYoVtfYBSAXd+IZBTAC0DAIp6F4GMAIaRhRjCEQj5Kis9BwBsAEgUYApBTUMLFmMOMMLnjen3Ue1Q3T1q6YrGsVrDQdAIj4MmCq1RVN/kjmyY9VCwAQFCrPfV9NfZ/A5QAVMEPXiCsYVIHJH+flACoAVCKX3uAydUR7Eo12T7PfYonwChgP2z4veKWTv3geGB//0/K5yxhMk7+ZevvJU7+hqS9O9v775HtTUgBrNu8PYoBIXfili7/tpd99ny74IhHAOZTPSyL1spPTbN+VZej8gjz5KzxihAx60cmJtoO7pqPjGJjfdjKZEOcj0FtNh9p/7eRcZ/fBsrbF0XlCnI/Uc05PdRTc4fmVbwIsT/8KN/qH5l6+zenJjoK7budOA0RPOp1UCIA3r9u503EbW8ePzIwb41tAGHR6vpjRBkrI/Dc3AzgO7rUHDw4z+Fk3k4uZiUE/CCeTI27GcPWQIqUKHgMw7GYMMeOM6BP0r24HcRXc6KH4SQBPuS1CzCCMzSsOH3Ddj871Y+F6IT0K4LTbccQMQBgsDKnNXgzlOrjNicRpgB/zohiR55j/OdLZ6UnbWk8acZSQ+QQAy88LiZmIjsyeGP2eV6N5EtxwMjlBGh7yYiyRn4jUvVcfPmzrTrppx/NqIACI10X+h0HXezmmyH0E2ub1drSe9uzSlHY3gDNejily3qjSzW94PainwW3uTfQT0z96OabIbcT09ys7Oy01srPD8y6JQ/MrNxOw3+txRU7ae6Tnas/ekJ3Pl1voY/X1V0HpBwBIF8aZ64ypsGJ1b/shPwb3pS9ttKvrCBHd78fYIjcQ0Tf8Ci3g80N1+2sbXyPCLX7OIbIPE15ZmWz/Iz/n8LUT+Fk1ficAX5tCiyxDOGieLf5z/6fx2f7qSDXp9B4mH50W+W1EI231iuQB3xcr3/deWHmw4yBAd8HnvmMicIoYd2QitEAGggsA0e7EqwT+VibmEsEgpodaetptt1JyPF+mJgKAWLjpaTB/LZNzigwgei6aTNydySkzu01TsX4PwG9ldE7hKwZ+Mjy3MuOLUcZ7+OxecE1JYcXoTwGsy/TcwnM/Gx4d/Py6/v7xTE+c8Y3x1h7bM4aS0BcA/F+m5xae2ltCxheDCC0QQHABIBqPj+qFdDOAvUHML9whxm6Mh9a7fVLXjcC2Im1OJE4XhPh6Ar8TVA3CPiJ+d0yNr4/2xQPtqRHoHrqNHR1nzg6V3Sxv2HIDAz8ZOjO0/tqDBwNvSRD45s9rj+0Z6+uuvhnETwddi5gG4XkqCd0a1GvaC2VVZ+BYbeQeEH0XWfAfSnyMGfTwyu7Et4Mu5HxZFVwA2B+O3EpML0Du5c0GQ8S4M5OfiFmVdcEFgH01jct1Da8jN/eayA+Eg4px66ru9mTQpVxMVv5IXt3bfsiYKF4L0H8GXctMxIRXxo3xldkaWiBLV9zz7a+N3EFET2FyVxnhr2Ei+puWZCLru3BmfXAB4EBt09Um8Y8ArAq6ljy2l0j/05Zk2+GgC7EiJ4ILAAxobeGmu5j5Ccjq66VREB7uSy5/fANezZndlHImuOfsq44s0TV6BoTPBl1LriPQNk3h6829if6ga7Er54J7TjwcuYlZ2wzwVUHXkoMOA/R30e7Eq0EX4lTOBhcA3l+2rGiwqOyvAfwtGLODricHnCamR4q11JPhZHIi/eHZK6eDe86u6upZxaHir0MCfCkjYDxVGFKPetWfNmh5Edxz2pY1z1UF6n4QNmFyM+aZboBBP1Bq/Lure3tPBV2Ml/IquOckw+HyMaVvBNG9ABYHXU8A+kF4BmOhZ4K+/dAveRncc3a0tobKPzz9eWK+Cxo+B4YedE2+IZjMeEsj3nIkWf1WLl3aciKvg3u+vZHIAj2l/RlpfDsYDUHX4xmmDpB6OWTQi043dM5FMya454vXr6iFMjYw6EsAIsitvwcG0A7CG9DU1mhnZ2/QBQUhl/7BfNFW3fwpU1frCVgP4DoA84Ku6SKOA3iXgO3Moe3Rnvhvgy4oaDM+uBfaV9O4PKTTWlZqLQPNRFQHoDSDJYwSkFTAASLarSvsbu5JyI5GF5DgprEVt+mLaw5dpencQIwlICwBowqgKgBzpn6FbAxpADg1+Yv7mekoEfeTRn2aSZ1NPYkjBCiv/xz5RoLrgQNNTZWGaV6ucUERjFQpAJgIleswJh/fDhWMKkqdDen6R5MbGgohhBBCCCGEEEIIIYQQQgghhBAz1v8D+o/bXqYjxQQAAAAASUVORK5CYII= + mediatype: image/png + install: + spec: + deployments: + - name: couchbase-operator + spec: + replicas: 1 + selector: + matchLabels: + app: couchbase-operator + strategy: {} + template: + metadata: + labels: + app: couchbase-operator + spec: + containers: + - args: + - --pod-create-timeout=10m0s + command: + - couchbase-operator + env: + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.annotations['olm.targetNamespaces'] + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: RELATED_IMAGE_COUCHBASE_SERVER + value: registry.connect.redhat.com/couchbase/server@sha256:033c0b2b8eb12ac63a158754dce20d9787a470c77252c60bd4d9e11f5b2dbc7a + - name: RELATED_IMAGE_COUCHBASE_BACKUP + value: registry.connect.redhat.com/couchbase/operator-backup@sha256:382511f532b0206d2bb0cecc8f91b055809b5ccf89136b6d37d55a40e266812f + - name: RELATED_IMAGE_COUCHBASE_METRICS + value: registry.connect.redhat.com/couchbase/exporter@sha256:de3bacf8233553452db1d9cec7c98b28d12c41aa025d830d6b7c5de0da9723b1 + - name: RELATED_IMAGE_COUCHBASE_CLOUD_NATIVE_GATEWAY + value: registry.connect.redhat.com/couchbase/cloud-native-gateway@sha256:50bbc00cce14ec968c9b8e9ef06a6c5bd2860d38d973cf7af7271d4ff66fe9cc + - name: RELATED_IMAGE_COUCHBASE_SERVER_7_2_6_2 + value: registry.connect.redhat.com/couchbase/server@sha256:4e0d41b559c5d536aa06709457d6c788fd039b0c915c14f2d429213bdfeff824 + - name: RELATED_IMAGE_COUCHBASE_SERVER_7_6_2_3 + value: registry.connect.redhat.com/couchbase/server@sha256:643272bd58b0b584863400d281f1dcb147099c7f2120a947347be4b1f97391a7 + - name: RELATED_IMAGE_COUCHBASE_SERVER_7_6_3_4 + value: registry.connect.redhat.com/couchbase/server@sha256:437cd5aa05ff057b17f47d2500dec7cefca21682eb0f4badff4538dc164bc1a7 + image: registry.connect.redhat.com/couchbase/operator@sha256:707571a7881bc12d5f1b0b1a94eb3c675d5c0ea0114c994a47ceb5aa79df4013 + name: couchbase-operator + ports: + - containerPort: 8080 + name: http + - containerPort: 8383 + name: prometheus + resources: {} + serviceAccountName: couchbase-operator + permissions: + - rules: + - apiGroups: + - batch + resources: + - jobs + - cronjobs + verbs: + - list + - watch + - create + - update + - delete + - apiGroups: + - couchbase.com + resources: + - couchbaseclusters + - couchbaseclusters/finalizers + verbs: + - get + - list + - watch + - update + - apiGroups: + - couchbase.com + resources: + - couchbasereplications + - couchbasemigrationreplications + - couchbaseusers + - couchbasegroups + - couchbaserolebindings + - couchbasebackups + verbs: + - list + - watch + - apiGroups: + - couchbase.com + resources: + - couchbasebuckets + - couchbaseephemeralbuckets + - couchbasememcachedbuckets + - couchbasescopes + - couchbasescopegroups + - couchbasecollections + - couchbasecollectiongroups + verbs: + - list + - watch + - create + - apiGroups: + - couchbase.com + resources: + - couchbasebackuprestores + verbs: + - list + - watch + - delete + - apiGroups: + - couchbase.com + resources: + - couchbaseautoscalers + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - couchbase.com + resources: + - couchbaseautoscalers/status + verbs: + - update + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - "" + resources: + - pods + - pods/status + - services + - persistentvolumeclaims + verbs: + - get + - list + - watch + - create + - update + - delete + - patch + - apiGroups: + - "" + resources: + - events + verbs: + - list + - create + - update + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - create + - update + - list + - watch + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - get + - create + - delete + - list + - watch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - create + - update + serviceAccountName: couchbase-operator + strategy: deployment + relatedImages: + - name: couchbase-operator + image: registry.connect.redhat.com/couchbase/operator@sha256:707571a7881bc12d5f1b0b1a94eb3c675d5c0ea0114c994a47ceb5aa79df4013 + - name: couchbase-server + image: registry.connect.redhat.com/couchbase/server@sha256:033c0b2b8eb12ac63a158754dce20d9787a470c77252c60bd4d9e11f5b2dbc7a + - name: couchbase-backup + image: registry.connect.redhat.com/couchbase/operator-backup@sha256:382511f532b0206d2bb0cecc8f91b055809b5ccf89136b6d37d55a40e266812f + - name: couchbase-metrics + image: registry.connect.redhat.com/couchbase/exporter@sha256:de3bacf8233553452db1d9cec7c98b28d12c41aa025d830d6b7c5de0da9723b1 + - name: couchbase-cloud-native-gateway + image: registry.connect.redhat.com/couchbase/cloud-native-gateway@sha256:50bbc00cce14ec968c9b8e9ef06a6c5bd2860d38d973cf7af7271d4ff66fe9cc + - name: couchbase-server-7_2_6_2 + image: registry.connect.redhat.com/couchbase/server@sha256:4e0d41b559c5d536aa06709457d6c788fd039b0c915c14f2d429213bdfeff824 + - name: couchbase-server-7_6_2_3 + image: registry.connect.redhat.com/couchbase/server@sha256:643272bd58b0b584863400d281f1dcb147099c7f2120a947347be4b1f97391a7 + - name: couchbase-server-7_6_3_4 + image: registry.connect.redhat.com/couchbase/server@sha256:437cd5aa05ff057b17f47d2500dec7cefca21682eb0f4badff4538dc164bc1a7 + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: true + type: AllNamespaces + keywords: + - couchbase + - database + - key value + - nosql + - open source + labels: + alm-owner-couchbase: couchbaseoperator + operated-by: couchbaseoperator + links: + - name: Couchbase + url: https://www.couchbase.com + - name: Documentation + url: https://docs.couchbase.com/operator/current/overview.html + - name: Downloads + url: https://www.couchbase.com/downloads + maintainers: + - email: support@couchbase.com + name: Couchbase + maturity: stable + minKubeVersion: 1.23.0 + provider: + name: Couchbase + selector: + matchLabels: + alm-owner-couchbase: couchbaseoperator + operated-by: couchbaseoperator + version: 2.7.0-2 + skips: + - couchbase-operator.v2.7.0-1 diff --git a/operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbaseautoscalers.couchbase.com.yaml b/operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbaseautoscalers.couchbase.com.yaml new file mode 100644 index 000000000..4afba83d7 --- /dev/null +++ b/operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbaseautoscalers.couchbase.com.yaml @@ -0,0 +1,96 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + config.couchbase.com/version: 2.7.0 + controller-gen.kubebuilder.io/version: v0.14.0 + name: couchbaseautoscalers.couchbase.com +spec: + group: couchbase.com + names: + kind: CouchbaseAutoscaler + listKind: CouchbaseAutoscalerList + plural: couchbaseautoscalers + shortNames: + - cba + singular: couchbaseautoscaler + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.size + name: size + type: string + - jsonPath: .spec.servers + name: servers + type: string + name: v2 + schema: + openAPIV3Schema: + description: |- + CouchbaseAutoscaler provides an interface for the Kubernetes Horizontal Pod Autoscaler + to interact with the Couchbase cluster and provide autoscaling. This resource is + not defined by the end user, and is managed by the Operator. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: CouchbaseAutoscalerSpec allows control over an autoscaling + group. + properties: + servers: + description: Servers specifies the server group that this autoscaler + belongs to. + minLength: 1 + type: string + size: + description: Size allows the server group to be dynamically scaled. + minimum: 0 + type: integer + required: + - servers + - size + type: object + status: + description: |- + CouchbaseAutoscalerStatus provides information to the HPA to assist with scaling + server groups. + properties: + labelSelector: + description: |- + LabelSelector allows the HPA to select resources to monitor for resource + utilization in order to trigger scaling. + type: string + size: + description: Size is the current size of the server group. + minimum: 1 + type: integer + required: + - labelSelector + - size + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.labelSelector + specReplicasPath: .spec.size + statusReplicasPath: .status.size + status: {} diff --git a/operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbasebackuprestores.couchbase.com.yaml b/operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbasebackuprestores.couchbase.com.yaml new file mode 100644 index 000000000..9478c4404 --- /dev/null +++ b/operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbasebackuprestores.couchbase.com.yaml @@ -0,0 +1,482 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + config.couchbase.com/version: 2.7.0 + controller-gen.kubebuilder.io/version: v0.14.0 + name: couchbasebackuprestores.couchbase.com +spec: + group: couchbase.com + names: + kind: CouchbaseBackupRestore + listKind: CouchbaseBackupRestoreList + plural: couchbasebackuprestores + shortNames: + - cbrestore + singular: couchbasebackuprestore + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.capacityUsed + name: capacity used + type: string + - jsonPath: .status.lastRun + name: last run + type: string + - jsonPath: .status.lastSuccess + name: last success + type: string + - jsonPath: .status.duration + name: duration + type: string + - jsonPath: .status.running + name: running + type: boolean + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v2 + schema: + openAPIV3Schema: + description: |- + CouchbaseBackupRestore allows the restoration of all Couchbase cluster data from + a CouchbaseBackup resource. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + CouchbaseBackupRestoreSpec allows the specification of data restoration to be + configured. This includes the backup and repository to restore data from, and + the time range of data to be restored. + properties: + backoffLimit: + default: 2 + description: Number of times the restore job should try to execute. + format: int32 + type: integer + backup: + description: |- + The backup resource name associated with this restore, or the backup PVC + name to restore from. + type: string + buckets: + description: |- + DEPRECATED - by spec.data. + Specific buckets can be explicitly included or excluded in the restore, + as well as bucket mappings. This field is now ignored. + type: object + x-kubernetes-preserve-unknown-fields: true + data: + description: |- + Data allows control over what key-value/document data is included in the + restore. By default, all data is included. + properties: + exclude: + description: |- + Exclude defines the buckets, scopes or collections that are excluded from the backup. + When this field is set, it implies that by default everything will be backed up, + and data items can be explicitly excluded. You may define an exclusion as a bucket + -- `my-bucket`, a scope -- `my-bucket.my-scope`, or a collection -- `my-bucket.my-scope.my-collection`. + Buckets may contain periods, and therefore must be escaped -- `my\.bucket.my-scope`, as + period is the separator used to delimit scopes and collections. Excluded data cannot overlap + e.g. specifying `my-bucket` and `my-bucket.my-scope` is illegal. This field cannot + be used at the same time as included items. + items: + description: |- + BucketScopeOrCollectionNameWithDefaults is the name of a fully qualifed bucket, scope or collection. + The _default scope and collection are valid for this type. + As these names are period separated, and buckets can contain periods, the latter need + to be escaped. This specification is based on cbbackupmgr. + pattern: ^(?:[a-zA-Z0-9\-_%]|\\.){1,100}(\._default(\._default)?|\.[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,29}(\.[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,29})?)?$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + filterKeys: + description: FilterKeys only restores documents whose names match + the provided regular expression. + type: string + filterValues: + description: FilterValues only restores documents whose values + match the provided regular expression. + type: string + include: + description: |- + Include defines the buckets, scopes or collections that are included in the restore. + When this field is set, it implies that by default nothing will be restored, + and data items must be explicitly included. You may define an inclusion as a bucket + -- `my-bucket`, a scope -- `my-bucket.my-scope`, or a collection -- `my-bucket.my-scope.my-collection`. + Buckets may contain periods, and therefore must be escaped -- `my\.bucket.my-scope`, as + period is the separator used to delimit scopes and collections. Included data cannot overlap + e.g. specifying `my-bucket` and `my-bucket.my-scope` is illegal. This field cannot + be used at the same time as excluded items. + items: + description: |- + BucketScopeOrCollectionNameWithDefaults is the name of a fully qualifed bucket, scope or collection. + The _default scope and collection are valid for this type. + As these names are period separated, and buckets can contain periods, the latter need + to be escaped. This specification is based on cbbackupmgr. + pattern: ^(?:[a-zA-Z0-9\-_%]|\\.){1,100}(\._default(\._default)?|\.[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,29}(\.[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,29})?)?$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + map: + description: |- + Map allows data items in the restore to be remapped to a different named container. + Buckets can be remapped to other buckets e.g. "source=target", scopes and collections + can be remapped to other scopes and collections within the same bucket only e.g. + "bucket.scope=bucket.other" or "bucket.scope.collection=bucket.scope.other". Map + sources may only be specified once, and may not overlap. + items: + description: RestoreMapping allows data to be migrated on restore. + properties: + source: + description: |- + Source defines the data source of the mapping, this may be either + a bucket, scope or collection. + pattern: ^(?:[a-zA-Z0-9\-_%]|\\.){1,100}(\._default(\._default)?|\.[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,29}(\.[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,29})?)?$ + type: string + target: + description: |- + Target defines the data target of the mapping, this may be either + a bucket, scope or collection, and must refer to the same type + as the restore source. + pattern: ^(?:[a-zA-Z0-9\-_%]|\\.){1,100}(\._default(\._default)?|\.[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,29}(\.[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,29})?)?$ + type: string + required: + - source + - target + type: object + type: array + x-kubernetes-list-map-keys: + - source + x-kubernetes-list-type: map + type: object + end: + description: |- + End denotes the last backup to restore from. Omitting this field will only + restore the backup referenced by start. This may be specified as + an integer index (starting from 1), a string specifying a short date + DD-MM-YYYY, the backup name, or one of either `start` or `oldest` keywords. + properties: + int: + description: Int references a relative backup by index. + minimum: 1 + type: integer + str: + description: Str references an absolute backup by name. + type: string + type: object + forceUpdates: + description: |- + Forces data in the Couchbase cluster to be overwritten even if the data in the cluster is newer. + By default, the system does not force updates, + and all updates use Couchbase's conflict resolution mechanism to ensure + that if newer data exists on the cluster, + older restored data does not overwrite it. + However, if `couchbasebackuprestores.spec.forceUpdates` is true, + then the backup record will _always_ overwrite the cluster record, + regardless of Couchbase's conflict resolution. + type: boolean + logRetention: + default: 168h + description: |- + Number of hours to hold restore script logs for, everything older will be deleted. + More info: + https://golang.org/pkg/time/#ParseDuration + type: string + objectStore: + description: The remote destination for backup. + properties: + endpoint: + description: |- + Endpoint contains the configuration for connecting to a custom Azure/S3/GCP compliant object store. + If set will override `CouchbaseCluster.spec.backup.objectEndpoint` + See https://docs.couchbase.com/server/current/backup-restore/cbbackupmgr-cloud.html#compatible-object-stores + properties: + secret: + description: |- + The name of the secret, in this namespace, that contains the CA certificate for verification of a TLS endpoint + The secret must have the key with the name "tls.crt" + type: string + url: + description: The host/address of the custom object endpoint. + type: string + useVirtualPath: + description: |- + UseVirtualPath will force the AWS SDK to use the new virtual style paths + which are often required by S3 compatible object stores. + type: boolean + type: object + secret: + description: |- + ObjStoreSecret must contain two fields, access-key-id, secret-access-key and optionally either region or refresh-token. + These correspond to the fields used by cbbackupmgr + https://docs.couchbase.com/server/current/backup-restore/cbbackupmgr-backup.html#optional-2 + type: string + uri: + description: |- + URI is a reference to a remote object store. + This is the prefix of the object store and the bucket name. + i.e s3://bucket, az://bucket or gs://bucket. + pattern: ^(az|s3|gs)://.{3,}$ + type: string + useIAM: + description: |- + Whether to allow the backup SDK to attempt to authenticate + using the instance metadata api. + If set, will override `CouchbaseCluster.spec.backup.useIAM`. + type: boolean + type: object + overwriteUsers: + default: false + description: |- + Overwrites the already existing users in the cluster when user restoration is enabled (spec.services.users). + The default behavior of backup/restore of users is to skip already existing users. + This is only available for Couchbase Server 7.6 and later. + This field defaults to `false`. + type: boolean + repo: + description: |- + Repo is the backup folder to restore from. If no repository is specified, + the backup container will choose the latest. + type: string + s3bucket: + description: |- + DEPRECATED - by spec.objectStore.uri + Name of S3 bucket to restore from. If non-empty this overrides local backup. + pattern: ^s3://[a-z0-9-\.\/]{3,63}$ + type: string + services: + default: {} + description: This list accepts a certain set of parameters that will + disable that data and prevent it being restored. + properties: + analytics: + default: true + description: |- + Analytics restores analytics datasets from the backup. This field + defaults to true. + type: boolean + bucketConfig: + description: |- + BucketConfig restores all bucket configuration settings. + If you are restoring to cluster with managed buckets, then this + option may conflict with existing bucket settings, and the results + are undefined, so avoid use. This option is intended for use + with unmanaged buckets. Note that bucket durability settings are + not restored in versions less than and equal to 1.1.0, and will + need to be manually applied. This field defaults to false. + type: boolean + bucketQuery: + default: true + description: |- + BucketQuery enables the backup of query metadata for all buckets. + This field defaults to `true`. + type: boolean + clusterAnalytics: + default: true + description: |- + ClusterAnalytics enables the backup of cluster-wide analytics data, for example synonyms. + This field defaults to `true`. + type: boolean + clusterQuery: + default: true + description: |- + ClusterQuery enables the backup of cluster level query metadata. + This field defaults to `true`. + type: boolean + data: + default: true + description: |- + Data restores document data from the backup. This field defaults + to true. + type: boolean + eventing: + default: true + description: |- + Eventing restores eventing functions from the backup. This field + defaults to true. + type: boolean + ftAlias: + default: true + description: |- + FTAlias restores full-text search aliases from the backup. This + field defaults to true. + type: boolean + ftIndex: + default: true + description: |- + FTIndex restores full-text search indexes from the backup. This + field defaults to true. + type: boolean + gsiIndex: + default: true + description: |- + GSIIndex restores document indexes from the backup. This field + defaults to true. + type: boolean + users: + default: false + description: |- + Users restores cluster level users, including their roles and permissions. This is + only available for Couchbase Server 7.6 and later. This field defaults to `false`. + type: boolean + views: + default: true + description: Views restores views from the backup. This field + defaults to true. + type: boolean + type: object + stagingVolume: + default: + size: 20Gi + description: |- + StagingVolume contains configuration related to the + ephemeral volume used as staging when restoring from a cloud backup. + properties: + size: + anyOf: + - type: integer + - type: string + default: 20Gi + description: |- + Size allows the specification of a staging volume. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes + The ephemeral volume will only be used when restoring from a cloud provider, + if the backup job was created using ephemeral storage. + Otherwise the restore job will share a staging volume with the backup job. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + type: string + x-kubernetes-int-or-string: true + storageClassName: + description: Name of StorageClass to use. + type: string + type: object + start: + description: |- + Start denotes the first backup to restore from. This may be specified as + an integer index (starting from 1), a string specifying a short date + DD-MM-YYYY, the backup name, or one of either `start` or `oldest` keywords. + properties: + int: + description: Int references a relative backup by index. + minimum: 1 + type: integer + str: + description: Str references an absolute backup by name. + type: string + type: object + threads: + default: 1 + description: How many threads to use during the restore. + minimum: 1 + type: integer + ttlSecondsAfterFinished: + description: Number of seconds to elapse before a completed job is + deleted. + format: int32 + minimum: 0 + type: integer + type: object + status: + description: |- + CouchbaseBackupRestoreStatus provides status indications of a restore from + backup. This includes whether or not the restore is running, whether the + restore succeed or not, and the duration the restore took. + properties: + archive: + description: Location of Backup Archive. + type: string + backups: + description: |- + Backups gives us a full list of all backups + and their respective repository locations. + items: + properties: + full: + description: Full backup inside the repository. + type: string + incrementals: + description: Incremental backups inside the repository. + items: + type: string + type: array + name: + description: Name of the repository. + type: string + required: + - name + type: object + type: array + duration: + description: |- + Duration tells us how long the last restore took. More info: + https://golang.org/pkg/time/#ParseDuration + type: string + failed: + description: Failed indicates whether the most recent restore has + failed. + type: boolean + job: + description: |- + DEPRECATED - field may no longer be populated. + Job tells us which job is running/ran last. + type: string + lastFailure: + description: LastFailure tells us the time the last failed restore + failed. + format: date-time + type: string + lastRun: + description: LastRun tells us the time the last restore job started. + format: date-time + type: string + lastSuccess: + description: LastSuccess gives us the time the last successful restore + finished. + format: date-time + type: string + output: + description: |- + DEPRECATED - field may no longer be populated. + Output reports useful information from the backup process. + type: string + pod: + description: |- + DEPRECATED - field may no longer be populated. + Pod tells us which pod is running/ran last. + type: string + repo: + description: Repo is where we are currently performing operations. + type: string + running: + description: Running indicates whether a restore is currently being + performed. + type: boolean + required: + - failed + - running + type: object + required: + - spec + type: object + served: true + storage: true diff --git a/operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbasebackups.couchbase.com.yaml b/operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbasebackups.couchbase.com.yaml new file mode 100644 index 000000000..3766acc31 --- /dev/null +++ b/operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbasebackups.couchbase.com.yaml @@ -0,0 +1,501 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + config.couchbase.com/version: 2.7.0 + controller-gen.kubebuilder.io/version: v0.14.0 + name: couchbasebackups.couchbase.com +spec: + group: couchbase.com + names: + kind: CouchbaseBackup + listKind: CouchbaseBackupList + plural: couchbasebackups + shortNames: + - cbbackup + singular: couchbasebackup + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.strategy + name: strategy + type: string + - jsonPath: .spec.size + name: volume size + type: string + - jsonPath: .status.capacityUsed + name: capacity used + type: string + - jsonPath: .status.lastRun + name: last run + type: string + - jsonPath: .status.lastSuccess + name: last success + type: string + - jsonPath: .status.running + name: running + type: boolean + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v2 + schema: + openAPIV3Schema: + description: |- + CouchbaseBackup allows automatic backup of all data from a Couchbase cluster + into persistent storage. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + CouchbaseBackupSpec is allows the specification of how a Couchbase backup is + configured, including when backups are performed, how long they are retained + for, and where they are backed up to. + properties: + autoScaling: + description: |- + AutoScaling allows the volume size to be dynamically increased. + When specified, the backup volume will start with an initial size + as defined by `spec.size`, and increase as required. + properties: + incrementPercent: + default: 20 + description: |- + IncrementPercent controls how much the volume is increased each time the + threshold is exceeded, upto a maximum as defined by the limit. + This field defaults to 20 if not specified. + minimum: 0 + type: integer + limit: + anyOf: + - type: integer + - type: string + description: |- + Limit imposes a hard limit on the size we can autoscale to. When not + specified no bounds are imposed. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + type: string + x-kubernetes-int-or-string: true + thresholdPercent: + default: 20 + description: |- + ThresholdPercent determines the point at which a volume is autoscaled. + This represents the percentage of free space remaining on the volume, + when less than this threshold, it will trigger a volume expansion. + For example, if the volume is 100Gi, and the threshold 20%, then a resize + will be triggered when the used capacity exceeds 80Gi, and free space is + less than 20Gi. This field defaults to 20 if not specified. + maximum: 99 + minimum: 0 + type: integer + type: object + backoffLimit: + default: 2 + description: |- + Number of times a backup job should try to execute. + Once it hits the BackoffLimit it will not run until the next scheduled job. + format: int32 + type: integer + backupRetention: + default: 720h + description: |- + Number of hours to hold backups for, everything older will be deleted. More info: + https://golang.org/pkg/time/#ParseDuration + type: string + data: + description: |- + Data allows control over what key-value/document data is included in the + backup. By default, all data is included. Modifications + to this field will only take effect on the next full backup. + properties: + exclude: + description: |- + Exclude defines the buckets, scopes or collections that are excluded from the backup. + When this field is set, it implies that by default everything will be backed up, + and data items can be explicitly excluded. You may define an exclusion as a bucket + -- `my-bucket`, a scope -- `my-bucket.my-scope`, or a collection -- `my-bucket.my-scope.my-collection`. + Buckets may contain periods, and therefore must be escaped -- `my\.bucket.my-scope`, as + period is the separator used to delimit scopes and collections. Excluded data cannot overlap + e.g. specifying `my-bucket` and `my-bucket.my-scope` is illegal. This field cannot + be used at the same time as included items. + items: + description: |- + BucketScopeOrCollectionNameWithDefaults is the name of a fully qualifed bucket, scope or collection. + The _default scope and collection are valid for this type. + As these names are period separated, and buckets can contain periods, the latter need + to be escaped. This specification is based on cbbackupmgr. + pattern: ^(?:[a-zA-Z0-9\-_%]|\\.){1,100}(\._default(\._default)?|\.[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,29}(\.[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,29})?)?$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + include: + description: |- + Include defines the buckets, scopes or collections that are included in the backup. + When this field is set, it implies that by default nothing will be backed up, + and data items must be explicitly included. You may define an inclusion as a bucket + -- `my-bucket`, a scope -- `my-bucket.my-scope`, or a collection -- `my-bucket.my-scope.my-collection`. + Buckets may contain periods, and therefore must be escaped -- `my\.bucket.my-scope`, as + period is the separator used to delimit scopes and collections. Included data cannot overlap + e.g. specifying `my-bucket` and `my-bucket.my-scope` is illegal. This field cannot + be used at the same time as excluded items. + items: + description: |- + BucketScopeOrCollectionNameWithDefaults is the name of a fully qualifed bucket, scope or collection. + The _default scope and collection are valid for this type. + As these names are period separated, and buckets can contain periods, the latter need + to be escaped. This specification is based on cbbackupmgr. + pattern: ^(?:[a-zA-Z0-9\-_%]|\\.){1,100}(\._default(\._default)?|\.[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,29}(\.[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,29})?)?$ + type: string + minItems: 1 + type: array + x-kubernetes-list-type: set + type: object + defaultRecoveryMethod: + default: none + description: |- + DefaultRecoveryMethod specifies how cbbackupmgr should + recover from broken backup/restore attempts. + enum: + - none + - resume + - purge + type: string + ephemeralVolume: + default: false + description: |- + EphemeralVolume sets backup to use an ephemeral volume instead + of a persistent volume. This is used when backing up to a remote + cloud provider, where a persistent volume is not needed. + type: boolean + failedJobsHistoryLimit: + default: 3 + description: Amount of failed jobs to keep. + format: int32 + minimum: 0 + type: integer + full: + description: |- + Full is the schedule on when to take full backups. + Used in Full/Incremental and FullOnly backup strategies. + properties: + schedule: + description: Schedule takes a cron schedule in string format. + type: string + required: + - schedule + type: object + incremental: + description: |- + Incremental is the schedule on when to take incremental backups. + Used in Full/Incremental backup strategies. + properties: + schedule: + description: Schedule takes a cron schedule in string format. + type: string + required: + - schedule + type: object + logRetention: + default: 168h + description: |- + Number of hours to hold script logs for, everything older will be deleted. More info: + https://golang.org/pkg/time/#ParseDuration + type: string + objectStore: + description: ObjectStore allows for backing up to a remote cloud storage. + properties: + endpoint: + description: |- + Endpoint contains the configuration for connecting to a custom Azure/S3/GCP compliant object store. + If set will override `CouchbaseCluster.spec.backup.objectEndpoint` + See https://docs.couchbase.com/server/current/backup-restore/cbbackupmgr-cloud.html#compatible-object-stores + properties: + secret: + description: |- + The name of the secret, in this namespace, that contains the CA certificate for verification of a TLS endpoint + The secret must have the key with the name "tls.crt" + type: string + url: + description: The host/address of the custom object endpoint. + type: string + useVirtualPath: + description: |- + UseVirtualPath will force the AWS SDK to use the new virtual style paths + which are often required by S3 compatible object stores. + type: boolean + type: object + secret: + description: |- + ObjStoreSecret must contain two fields, access-key-id, secret-access-key and optionally either region or refresh-token. + These correspond to the fields used by cbbackupmgr + https://docs.couchbase.com/server/current/backup-restore/cbbackupmgr-backup.html#optional-2 + type: string + uri: + description: |- + URI is a reference to a remote object store. + This is the prefix of the object store and the bucket name. + i.e s3://bucket, az://bucket or gs://bucket. + pattern: ^(az|s3|gs)://.{3,}$ + type: string + useIAM: + description: |- + Whether to allow the backup SDK to attempt to authenticate + using the instance metadata api. + If set, will override `CouchbaseCluster.spec.backup.useIAM`. + type: boolean + type: object + s3bucket: + description: |- + DEPRECATED - by spec.objectStore.uri + Name of S3 bucket to backup to. If non-empty this overrides local backup. + pattern: ^s3://[a-z0-9-\.\/]{3,63}$ + type: string + services: + default: {} + description: |- + Services allows control over what services are included in the backup. + By default, all service data and metadata are included apart from users. + Modifications to this field will only take effect on the next full backup. + properties: + analytics: + default: true + description: |- + Analytics enables the backup of analytics data. + This field defaults to `true`. + type: boolean + bucketConfig: + default: true + description: |- + BucketConfig enables the backup of bucket configuration. + This field defaults to `true`. + type: boolean + bucketQuery: + default: true + description: |- + BucketQuery enables the backup of query metadata for all buckets. + This field defaults to `true`. + type: boolean + clusterAnalytics: + default: true + description: |- + ClusterAnalytics enables the backup of cluster-wide analytics data, for example synonyms. + This field defaults to `true`. + type: boolean + clusterQuery: + default: true + description: |- + ClusterQuery enables the backup of cluster level query metadata. + This field defaults to `true`. + type: boolean + data: + default: true + description: |- + Data enables the backup of key-value data/documents for all buckets. + This can be further refined with the couchbasebackups.spec.data configuration. + This field defaults to `true`. + type: boolean + eventing: + default: true + description: |- + Eventing enables the backup of eventing service metadata. + This field defaults to `true`. + type: boolean + ftsAliases: + default: true + description: |- + FTSAliases enables the backup of full-text search alias definitions. + This field defaults to `true`. + type: boolean + ftsIndexes: + default: true + description: |- + FTSIndexes enables the backup of full-text search index definitions for all buckets. + This field defaults to `true`. + type: boolean + gsIndexes: + default: true + description: |- + GSIndexes enables the backup of global secondary index definitions for all buckets. + This field defaults to `true`. + type: boolean + users: + default: false + description: |- + Users enables the backup of users including their roles and permissions. This is + only available for Couchbase Server 7.6 and later. This field defaults to `false`. + type: boolean + views: + default: true + description: |- + Views enables the backup of view definitions for all buckets. + This field defaults to `true`. + type: boolean + type: object + size: + anyOf: + - type: integer + - type: string + default: 20Gi + description: |- + Size allows the specification of a backup persistent volume, when using + volume based backup. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + type: string + x-kubernetes-int-or-string: true + storageClassName: + description: Name of StorageClass to use. + type: string + strategy: + default: full_incremental + description: |- + Strategy defines how to perform backups. `full_only` will only perform full + backups, and you must define a schedule in the `spec.full` field. `full_incremental` + will perform periodic full backups, and incremental backups in between. You must + define full and incremental schedules in the `spec.full` and `spec.incremental` fields + respectively. Care should be taken to ensure full and incremental schedules do not + overlap, taking into account the backup time, as this will cause failures as the jobs + attempt to mount the same backup volume. To cause a backup to occur immediately use `immediate_incremental` + or `immediate_full` for incremental or full backups respectively. + This field default to `full_incremental`. + Info: https://docs.couchbase.com/server/current/backup-restore/cbbackupmgr-strategies.html + enum: + - full_incremental + - full_only + - immediate_incremental + - immediate_full + type: string + successfulJobsHistoryLimit: + default: 3 + description: Amount of successful jobs to keep. + format: int32 + minimum: 0 + type: integer + threads: + default: 1 + description: How many threads to use during the backup. This field + defaults to 1. + minimum: 0 + type: integer + ttlSecondsAfterFinished: + description: Amount of time to elapse before a completed job is deleted. + format: int32 + minimum: 0 + type: integer + type: object + status: + description: |- + CouchbaseBackupStatus provides status notifications about the Couchbase backup + including when the last backup occurred, whether is succeeded or not, the run + time of the backup and the size of the backup. + properties: + archive: + description: Location of Backup Archive. + type: string + backups: + description: |- + Backups gives us a full list of all backups + and their respective repository locations. + items: + properties: + full: + description: Full backup inside the repository. + type: string + incrementals: + description: Incremental backups inside the repository. + items: + type: string + type: array + name: + description: Name of the repository. + type: string + required: + - name + type: object + type: array + capacityUsed: + anyOf: + - type: integer + - type: string + description: |- + CapacityUsed tells us how much of the PVC we are using. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + type: string + x-kubernetes-int-or-string: true + cronjob: + description: |- + DEPRECATED - field may no longer be populated. + Cronjob tells us which Cronjob the job belongs to. + type: string + duration: + description: |- + Duration tells us how long the last backup took. More info: + https://golang.org/pkg/time/#ParseDuration + type: string + failed: + description: Failed indicates whether the most recent backup has failed. + type: boolean + job: + description: |- + DEPRECATED - field may no longer be populated. + Job tells us which job is running/ran last. + type: string + lastFailure: + description: LastFailure tells us the time the last failed backup + failed. + format: date-time + type: string + lastRun: + description: LastRun tells us the time the last backup job started. + format: date-time + type: string + lastSuccess: + description: LastSuccess gives us the time the last successful backup + finished. + format: date-time + type: string + output: + description: |- + DEPRECATED - field may no longer be populated. + Output reports useful information from the backup_script. + type: string + pod: + description: |- + DEPRECATED - field may no longer be populated. + Pod tells us which pod is running/ran last. + type: string + repo: + description: Repo is where we are currently performing operations. + type: string + running: + description: Running indicates whether a backup is currently being + performed. + type: boolean + required: + - failed + - running + type: object + required: + - spec + type: object + served: true + storage: true diff --git a/operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbasebuckets.couchbase.com.yaml b/operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbasebuckets.couchbase.com.yaml new file mode 100644 index 000000000..4a4458263 --- /dev/null +++ b/operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbasebuckets.couchbase.com.yaml @@ -0,0 +1,316 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + config.couchbase.com/version: 2.7.0 + controller-gen.kubebuilder.io/version: v0.14.0 + name: couchbasebuckets.couchbase.com +spec: + group: couchbase.com + names: + kind: CouchbaseBucket + listKind: CouchbaseBucketList + plural: couchbasebuckets + singular: couchbasebucket + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.memoryQuota + name: memory quota + type: string + - jsonPath: .spec.replicas + name: replicas + type: integer + - jsonPath: .spec.ioPriority + name: io priority + type: string + - jsonPath: .spec.evictionPolicy + name: eviction policy + type: string + - jsonPath: .spec.conflictResolution + name: conflict resolution + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v2 + schema: + openAPIV3Schema: + description: |- + The CouchbaseBucket resource defines a set of documents in Couchbase server. + A Couchbase client connects to and operates on a bucket, which provides independent + management of a set documents and a security boundary for role based access control. + A CouchbaseBucket provides replication and persistence for documents contained by it. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + default: {} + description: |- + CouchbaseBucketSpec is the specification for a Couchbase bucket resource, and + allows the bucket to be customized. + properties: + compressionMode: + default: passive + description: |- + CompressionMode defines how Couchbase server handles document compression. When + off, documents are stored in memory, and transferred to the client uncompressed. + When passive, documents are stored compressed in memory, and transferred to the + client compressed when requested. When active, documents are stored compresses + in memory and when transferred to the client. This field must be "off", "passive" + or "active", defaulting to "passive". Be aware "off" in YAML 1.2 is a boolean, so + must be quoted as a string in configuration files. + enum: + - "off" + - passive + - active + type: string + conflictResolution: + default: seqno + description: |- + ConflictResolution defines how XDCR handles concurrent write conflicts. Sequence number + based resolution selects the document with the highest sequence number as the most recent. + Timestamp based resolution selects the document that was written to most recently as the + most recent. This field must be "seqno" (sequence based), or "lww" (timestamp based), + defaulting to "seqno". + enum: + - seqno + - lww + type: string + enableFlush: + description: |- + EnableFlush defines whether a client can delete all documents in a bucket. + This field defaults to false. + type: boolean + enableIndexReplica: + description: |- + EnableIndexReplica defines whether indexes for this bucket are replicated. + This field defaults to false. + type: boolean + evictionPolicy: + default: valueOnly + description: |- + EvictionPolicy controls how Couchbase handles memory exhaustion. Value only eviction + flushes documents to disk but maintains document metadata in memory in order to improve + query performance. Full eviction removes all data from memory after the document is + flushed to disk. This field must be "valueOnly" or "fullEviction", defaulting to + "valueOnly". + enum: + - valueOnly + - fullEviction + type: string + ioPriority: + default: low + description: |- + IOPriority controls how many threads a bucket has, per pod, to process reads and writes. + This field must be "low" or "high", defaulting to "low". Modification of this field will + cause a temporary service disruption as threads are restarted. + enum: + - low + - high + type: string + maxTTL: + description: |- + MaxTTL defines how long a document is permitted to exist for, without + modification, until it is automatically deleted. This is a default and maximum + time-to-live and may be set to a lower value by the client. If the client specifies + a higher value, then it is truncated to the maximum durability. Documents are + removed by Couchbase, after they have expired, when either accessed, the expiry + pager is run, or the bucket is compacted. When set to 0, then documents are not + expired by default. This field must be a duration in the range 0-2147483648s, + defaulting to 0. More info: + https://golang.org/pkg/time/#ParseDuration + type: string + memoryQuota: + anyOf: + - type: integer + - type: string + default: 100Mi + description: |- + MemoryQuota is a memory limit to the size of a bucket. When this limit is exceeded, + documents will be evicted from memory to disk as defined by the eviction policy. The + memory quota is defined per Couchbase pod running the data service. This field defaults + to, and must be greater than or equal to 100Mi. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + type: string + x-kubernetes-int-or-string: true + minimumDurability: + description: |- + MiniumumDurability defines how durable a document write is by default, and can + be made more durable by the client. This feature enables ACID transactions. + When none, Couchbase server will respond when the document is in memory, it will + become eventually consistent across the cluster. When majority, Couchbase server will + respond when the document is replicated to at least half of the pods running the + data service in the cluster. When majorityAndPersistActive, Couchbase server will + respond when the document is replicated to at least half of the pods running the + data service in the cluster and the document has been persisted to disk on the + document master pod. When persistToMajority, Couchbase server will respond when + the document is replicated and persisted to disk on at least half of the pods running + the data service in the cluster. This field must be either "none", "majority", + "majorityAndPersistActive" or "persistToMajority", defaulting to "none". + enum: + - none + - majority + - majorityAndPersistActive + - persistToMajority + type: string + name: + description: |- + Name is the name of the bucket within Couchbase server. By default the Operator + will use the `metadata.name` field to define the bucket name. The `metadata.name` + field only supports a subset of the supported character set. When specified, this + field overrides `metadata.name`. Legal bucket names have a maximum length of 100 + characters and may be composed of any character from "a-z", "A-Z", "0-9" and "-_%\.". + maxLength: 100 + pattern: ^[a-zA-Z0-9-_%\.]{1,100}$ + type: string + rank: + default: 0 + description: |- + Rank determines the bucket’s place in the order in which the rebalance process + handles the buckets on the cluster. The higher a bucket’s assigned integer + (in relation to the integers assigned other buckets), the sooner in the + rebalance process the bucket is handled. This assignment of rank allows a + cluster’s most mission-critical data to be rebalanced with top priority. + This option is only supported for Couchbase Server 7.6.0+. + maximum: 1000 + minimum: 0 + type: integer + replicas: + default: 1 + description: |- + Replicas defines how many copies of documents Couchbase server maintains. This directly + affects how fault tolerant a Couchbase cluster is. With a single replica, the cluster + can tolerate one data pod going down and still service requests without data loss. The + number of replicas also affect memory use. With a single replica, the effective memory + quota for documents is halved, with two replicas it is one third. The number of replicas + must be between 0 and 3, defaulting to 1. + maximum: 3 + minimum: 0 + type: integer + scopes: + description: |- + Scopes defines whether the Operator manages scopes for the bucket or not, and + the set of scopes defined for the bucket. + properties: + managed: + description: |- + Managed defines whether scopes are managed for this bucket. + This field is `false` by default, and the Operator will take no actions that + will affect scopes and collections in this bucket. The default scope and + collection will be present. When set to `true`, the Operator will manage + user defined scopes, and optionally, their collections as defined by the + `CouchbaseScope`, `CouchbaseScopeGroup`, `CouchbaseCollection` and + `CouchbaseCollectionGroup` resource documentation. If this field is set to + `false` while the already managed, then the Operator will leave whatever + configuration is already present. + type: boolean + resources: + description: |- + Resources is an explicit list of named resources that will be considered + for inclusion in this bucket. If a resource reference doesn't + match a resource, then no error conditions are raised due to undefined + resource creation ordering and eventual consistency. + items: + properties: + kind: + default: CouchbaseScope + description: |- + Kind indicates the kind of resource that is being referenced. A scope + can only reference `CouchbaseScope` and `CouchbaseScopeGroup` + resource kinds. This field defaults to `CouchbaseScope` if not + specified. + enum: + - CouchbaseScope + - CouchbaseScopeGroup + type: string + name: + description: |- + Name is the name of the Kubernetes resource name that is being referenced. + Legal scope names have a maximum length of 251 + characters and may be composed of any character from "a-z", "A-Z", "0-9" and "_-%". + maxLength: 251 + minLength: 1 + pattern: ^[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,250}$ + type: string + required: + - name + type: object + type: array + selector: + description: |- + Selector allows resources to be implicitly considered for inclusion in this + bucket. More info: + https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#labelselector-v1-meta + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + storageBackend: + description: |- + StorageBackend to be assigned to and used by the bucket. Only valid for Couchbase Server 7.0.0 onward. + Two different backend storage mechanisms can be used - "couchstore" or "magma", defaulting to "couchstore". + Note: "magma" is only valid for Couchbase Server 7.1.0 onward. + enum: + - couchstore + - magma + type: string + type: object + type: object + served: true + storage: true diff --git a/operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbaseclusters.couchbase.com.yaml b/operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbaseclusters.couchbase.com.yaml new file mode 100644 index 000000000..f87a2f8fa --- /dev/null +++ b/operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbaseclusters.couchbase.com.yaml @@ -0,0 +1,5709 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + config.couchbase.com/version: 2.7.0 + controller-gen.kubebuilder.io/version: v0.14.0 + name: couchbaseclusters.couchbase.com +spec: + group: couchbase.com + names: + kind: CouchbaseCluster + listKind: CouchbaseClusterList + plural: couchbaseclusters + shortNames: + - cbc + singular: couchbasecluster + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.currentVersion + name: version + type: string + - jsonPath: .status.size + name: size + type: string + - jsonPath: .status.conditions[?(@.type=="Available")].reason + name: status + type: string + - jsonPath: .status.clusterId + name: uuid + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v2 + schema: + openAPIV3Schema: + description: |- + The CouchbaseCluster resource represents a Couchbase cluster. It allows configuration + of cluster topology, networking, storage and security options. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + ClusterSpec is the specification for a CouchbaseCluster resources, and allows + the cluster to be customized. + properties: + antiAffinity: + description: |- + AntiAffinity forces the Operator to schedule different Couchbase server pods on + different Kubernetes nodes. Anti-affinity reduces the likelihood of unrecoverable + failure in the event of a node issue. Use of anti-affinity is highly recommended for + production clusters. + type: boolean + autoResourceAllocation: + description: |- + AutoResourceAllocation populates pod resource requests based on the services running + on that pod. When enabled, this feature will calculate the memory request as the + total of service allocations defined in `spec.cluster`, plus an overhead defined + by `spec.autoResourceAllocation.overheadPercent`.Changing individual allocations for + a service will cause a cluster upgrade as allocations are modified in the underlying + pods. This field also allows default pod CPU requests and limits to be applied. + All resource allocations can be overridden by explicitly configuring them in the + `spec.servers.resources` field. + properties: + cpuLimits: + anyOf: + - type: integer + - type: string + default: "4" + description: |- + CPULimits automatically populates the CPU limits across all Couchbase + server pods. This field defaults to "4" CPUs. Explicitly specifying the CPU + limit for a particular server class will override this value. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + type: string + x-kubernetes-int-or-string: true + cpuRequests: + anyOf: + - type: integer + - type: string + default: "2" + description: |- + CPURequests automatically populates the CPU requests across all Couchbase + server pods. The default value of "2", is the minimum recommended number of + CPUs required to run Couchbase Server. Explicitly specifying the CPU request + for a particular server class will override this value. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + type: string + x-kubernetes-int-or-string: true + enabled: + description: Enabled defines whether auto-resource allocation + is enabled. + type: boolean + overheadPercent: + default: 25 + description: |- + OverheadPercent defines the amount of memory above that required for individual + services on a pod. For Couchbase Server this should be approximately 25%. + minimum: 0 + type: integer + type: object + autoscaleStabilizationPeriod: + description: |- + AutoscaleStabilizationPeriod defines how long after a rebalance the + corresponding HorizontalPodAutoscaler should remain in maintenance mode. + During maintenance mode all autoscaling is disabled since every HorizontalPodAutoscaler + associated with the cluster becomes inactive. + Since certain metrics can be unpredictable when Couchbase is rebalancing or upgrading, + setting a stabilization period helps to prevent scaling recommendations from the + HorizontalPodAutoscaler for a provided period of time. + + + Values must be a valid Kubernetes duration of 0s or higher: + https://golang.org/pkg/time/#ParseDuration + A value of 0, puts the cluster in maintenance mode during rebalance but + immediately exits this mode once the rebalance has completed. + When undefined, the HPA is never put into maintenance mode during rebalance. + type: string + backup: + description: |- + Backup defines whether the Operator should manage automated backups, and how + to lookup backup resources. + properties: + annotations: + additionalProperties: + type: string + description: Annotations defines additional annotations to appear + on the backup/restore pods. + type: object + image: + default: couchbase/operator-backup:1.3.1 + description: The Backup Image to run on backup pods. + type: string + imagePullSecrets: + description: |- + ImagePullSecrets allow you to use an image from private + repositories and non-dockerhub ones. + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + labels: + additionalProperties: + type: string + description: Labels defines additional labels to appear on the + backup/restore pods. + type: object + managed: + description: Managed defines whether backups are managed by us + or the clients. + type: boolean + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector defines which nodes to constrain the pods that + run any backup and restore operations to. + type: object + objectEndpoint: + description: |- + Deprecated: by CouchbaseBackup.spec.objectStore.Endpoint + ObjectEndpoint contains the configuration for connecting to a custom S3 compliant object store. + properties: + secret: + description: |- + The name of the secret, in this namespace, that contains the CA certificate for verification of a TLS endpoint + The secret must have the key with the name "tls.crt" + type: string + url: + description: The host/address of the custom object endpoint. + type: string + useVirtualPath: + description: |- + UseVirtualPath will force the AWS SDK to use the new virtual style paths + which are often required by S3 compatible object stores. + type: boolean + type: object + resources: + description: |- + Resources is the resource requirements for the backup and restore + containers. Will be populated by defaults if not specified. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + s3Secret: + description: |- + Deprecated: by CouchbaseBackup.spec.objectStore.secret + S3Secret contains the key region and optionally access-key-id and secret-access-key for operating backups in S3. + This field must be popluated when the `spec.s3bucket` field is specified + for a backup or restore resource. + type: string + selector: + description: |- + Selector allows CouchbaseBackup and CouchbaseBackupRestore + resources to be filtered based on labels. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + serviceAccountName: + default: couchbase-backup + description: |- + The Service Account to run backup (and restore) pods under. + Without this backup pods will not be able to update status. + type: string + tolerations: + description: Tolerations specifies all backup and restore pod + tolerations. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + useIAMRole: + description: |- + Deprecated: by CouchbaseBackup.spec.objectStore.useIAM + UseIAMRole enables backup to fetch EC2 instance metadata. + This allows the AWS SDK to use the EC2's IAM Role for S3 access. + UseIAMRole will ignore credentials in s3Secret. + type: boolean + required: + - image + type: object + buckets: + description: |- + Buckets defines whether the Operator should manage buckets, and how to lookup + bucket resources. + properties: + managed: + description: |- + Managed defines whether buckets are managed by the Operator (true), or user managed (false). + When Operator managed, all buckets must be defined with either CouchbaseBucket, + CouchbaseEphemeralBucket or CouchbaseMemcachedBucket resources. Manual addition + of buckets will be reverted by the Operator. When user managed, the Operator + will not interrogate buckets at all. This field defaults to false. + type: boolean + selector: + description: |- + Selector is a label selector used to list buckets in the namespace + that are managed by the Operator. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + synchronize: + description: |- + Synchronize allows unmanaged buckets, scopes, and collections to be synchronized as + Kubernetes resources by the Operator. This feature is intended for development only + and should not be used for production workloads. The synchronization workflow starts + with `spec.buckets.managed` being set to false, the user can manually create buckets, + scopes, and collections using the Couchbase UI, or other tooling. When you wish to + commit to Kubernetes resources, you must specify a unique label selector in the + `spec.buckets.selector` field, and this field is set to true. The Operator will + create Kubernetes resources for you, and upon completion set the cluster's `Synchronized` + status condition. Synchronizing will not create a Kubernetes resource for the Couchbase + Server maintained _system scope. You may then safely set `spec.buckets.managed` to + true and the Operator will manage these resources as per usual. To update an already + managed data topology, you must first set it to unmanaged, make any changes, and delete + any old resources, then follow the standard synchronization workflow. The Operator + can not, and will not, ever delete, or make modifications to resource specifications + that are intended to be user managed, or managed by a life cycle management tool. These + actions must be instigated by an end user. For a more complete experience, refer to + the documentation for the `cao save` and `cao restore` CLI commands. + type: boolean + type: object + cluster: + default: {} + description: |- + ClusterSettings define Couchbase cluster-wide settings such as memory allocation, + failover characteristics and index settings. + properties: + analyticsServiceMemoryQuota: + anyOf: + - type: integer + - type: string + default: 1Gi + description: |- + AnalyticsServiceMemQuota is the amount of memory that should be allocated to the analytics service. + This value is per-pod, and only applicable to pods belonging to server classes running + the analytics service. This field must be a quantity greater than or equal to 1Gi. This + field defaults to 1Gi. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + type: string + x-kubernetes-int-or-string: true + autoCompaction: + default: {} + description: |- + AutoCompaction allows the configuration of auto-compaction, including on what + conditions disk space is reclaimed and when it is allowed to run. + properties: + databaseFragmentationThreshold: + default: {} + description: DatabaseFragmentationThreshold defines triggers + for when database compaction should start. + properties: + percent: + default: 30 + description: |- + Percent is the percentage of disk fragmentation after which to decompaction will be + triggered. This field must be in the range 2-100, defaulting to 30. + maximum: 100 + minimum: 2 + type: integer + size: + anyOf: + - type: integer + - type: string + description: |- + Size is the amount of disk framentation, that once exceeded, will trigger decompaction. + More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + type: string + x-kubernetes-int-or-string: true + type: object + parallelCompaction: + description: |- + ParallelCompaction controls whether database and view compactions can happen + in parallel. + type: boolean + timeWindow: + description: TimeWindow allows restriction of when compaction + can occur. + properties: + abortCompactionOutsideWindow: + default: false + description: |- + AbortCompactionOutsideWindow stops compaction processes when the + process moves outside the window. + type: boolean + end: + description: End is a wallclock time, in the form HH:MM, + when a compaction should stop. + pattern: ^(2[0-3]|[01]?[0-9]):([0-5]?[0-9])$ + type: string + start: + description: Start is a wallclock time, in the form HH:MM, + when a compaction is permitted to start. + pattern: ^(2[0-3]|[01]?[0-9]):([0-5]?[0-9])$ + type: string + type: object + tombstonePurgeInterval: + default: 72h + description: |- + TombstonePurgeInterval controls how long to wait before purging tombstones. + This field must be in the range 1h-1440h, defaulting to 72h. + More info: https://golang.org/pkg/time/#ParseDuration + type: string + viewFragmentationThreshold: + default: {} + description: ViewFragmentationThreshold defines triggers for + when view compaction should start. + properties: + percent: + default: 30 + description: |- + Percent is the percentage of disk fragmentation after which to decompaction will be + triggered. This field must be in the range 2-100, defaulting to 30. + maximum: 100 + minimum: 2 + type: integer + size: + anyOf: + - type: integer + - type: string + description: |- + Size is the amount of disk framentation, that once exceeded, will trigger decompaction. + More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + type: string + x-kubernetes-int-or-string: true + type: object + type: object + autoFailoverMaxCount: + default: 1 + description: |- + AutoFailoverMaxCount is the maximum number of automatic failovers Couchbase server + will allow before not allowing any more. This field must be between 1-3 for server versions prior to 7.1.0 + default is 1. + format: int64 + minimum: 1 + type: integer + autoFailoverOnDataDiskIssues: + description: |- + AutoFailoverOnDataDiskIssues defines whether Couchbase server should failover a pod + if a disk issue was detected. + type: boolean + autoFailoverOnDataDiskIssuesTimePeriod: + default: 120s + description: |- + AutoFailoverOnDataDiskIssuesTimePeriod defines how long to wait for transient errors + before failing over a faulty disk. This field must be in the range 5-3600s, defaulting + to 120s. More info: https://golang.org/pkg/time/#ParseDuration + type: string + autoFailoverServerGroup: + description: |- + AutoFailoverServerGroup whether to enable failing over a server group. + This field is ignored in server versions 7.1+ as it has been removed from the Couchbase API + type: boolean + autoFailoverTimeout: + default: 120s + description: |- + AutoFailoverTimeout defines how long Couchbase server will wait between a pod + being witnessed as down, until when it will failover the pod. Couchbase server + will only failover pods if it deems it safe to do so, and not result in data + loss. This field must be in the range 5-3600s, defaulting to 120s. + More info: https://golang.org/pkg/time/#ParseDuration + type: string + clusterName: + description: |- + ClusterName defines the name of the cluster, as displayed in the Couchbase UI. + By default, the cluster name is that specified in the CouchbaseCluster resource's + metadata. + type: string + data: + description: Data allows the data service to be configured. + properties: + auxIOThreads: + description: |- + AuxIOThreads allows the number of threads used by the data service, + per pod, to be altered. This indicates the number of threads that are + to be used in the AuxIO thread pool to run auxiliary I/O tasks. + This value must be between 1 and 64 threads and is only supported on CB versions 7.1.0+. + and should only be increased where there are sufficient CPU resources + allocated for their use. If not specified, this defaults to the + default value set by Couchbase Server. + maximum: 64 + minimum: 1 + type: integer + minReplicasCount: + default: 0 + description: |- + MinReplicasCount allows the minimum number of replicas required for + buckets to be set. New buckets cannot be created with less than this minimum. + Defaults to 0. + type: integer + nonIOThreads: + description: |- + NonIOThreads allows the number of threads used by the data service, + per pod, to be altered. This indicates the number of threads that are + to be used in the NonIO thread pool to run in memory tasks. + This value must be between 1 and 64 threads and is only supported on CB versions 7.1.0+. + and should only be increased where there are sufficient CPU resources + allocated for their use. If not specified, this defaults to the + default value set by Couchbase Server. + maximum: 64 + minimum: 1 + type: integer + readerThreads: + description: |- + ReaderThreads allows the number of threads used by the data service, + per pod, to be altered. This value must be between 4 and 64 threads for CB versions below 7.1.0 and, + or 1 and 64 for CB versions 7.1.0+. + and should only be increased where there are sufficient CPU resources + allocated for their use. If not specified, this defaults to the + default value set by Couchbase Server. + maximum: 64 + minimum: 1 + type: integer + writerThreads: + description: "WriterThreads allows the number of threads used + by the data service,\nper pod, to be altered. This setting + is especially relevant when\nusing \"durable writes\", increasing + this field will have a large\nimpact on performance. This + value must be between 4 and 64 threads for CB versions below + 7.1.0 and,\n\t// or 1 and 64 for CB versions 7.1.0+.\nand + should only be increased where there are sufficient CPU + resources\nallocated for their use. If not specified, this + defaults to the\ndefault value set by Couchbase Server." + maximum: 64 + minimum: 1 + type: integer + type: object + dataServiceMemoryQuota: + anyOf: + - type: integer + - type: string + default: 256Mi + description: |- + DataServiceMemQuota is the amount of memory that should be allocated to the data service. + This value is per-pod, and only applicable to pods belonging to server classes running + the data service. This field must be a quantity greater than or equal to 256Mi. This + field defaults to 256Mi. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + type: string + x-kubernetes-int-or-string: true + eventingServiceMemoryQuota: + anyOf: + - type: integer + - type: string + default: 256Mi + description: |- + EventingServiceMemQuota is the amount of memory that should be allocated to the eventing service. + This value is per-pod, and only applicable to pods belonging to server classes running + the eventing service. This field must be a quantity greater than or equal to 256Mi. This + field defaults to 256Mi. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + type: string + x-kubernetes-int-or-string: true + indexServiceMemoryQuota: + anyOf: + - type: integer + - type: string + default: 256Mi + description: |- + IndexServiceMemQuota is the amount of memory that should be allocated to the index service. + This value is per-pod, and only applicable to pods belonging to server classes running + the index service. This field must be a quantity greater than or equal to 256Mi. This + field defaults to 256Mi. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + type: string + x-kubernetes-int-or-string: true + indexStorageSetting: + default: memory_optimized + description: |- + DEPRECATED - by indexer. + The index storage mode to use for secondary indexing. This field must be one of + "memory_optimized" or "plasma", defaulting to "memory_optimized". This field is + immutable and cannot be changed unless there are no server classes running the + index service in the cluster. + enum: + - memory_optimized + - plasma + type: string + indexer: + description: Indexer allows the indexer to be configured. + properties: + enableShardAffinity: + default: false + description: |- + EnableShardAffinity when false Index Servers rebuild any index that + are newly assigned to them during a rebalance. When set to true, + Couchbase Server moves a reassigned index’s files between Index Servers. + This field is only supported on CB versions 7.6.0+. + type: boolean + logLevel: + default: info + description: |- + LogLevel controls the verbosity of indexer logs. This field must be one of + "silent", "fatal", "error", "warn", "info", "verbose", "timing", "debug" or + "trace", defaulting to "info". + enum: + - silent + - fatal + - error + - warn + - info + - verbose + - timing + - debug + - trace + type: string + maxRollbackPoints: + default: 2 + description: |- + MaxRollbackPoints controls the number of checkpoints that can be rolled + back to. The default is 2, with a minimum of 1. + minimum: 1 + type: integer + memorySnapshotInterval: + default: 200ms + description: |- + MemorySnapshotInterval controls when memory indexes should be snapshotted. + This defaults to 200ms, and must be greater than or equal to 1ms. + type: string + numReplica: + default: 0 + description: |- + NumberOfReplica specifies number of secondary index replicas to be created + by the Index Service whenever CREATE INDEX is invoked, which ensures + high availability and high performance. + Note, if nodes and num_replica are both specified in the WITH clause, + the specified number of nodes must be one greater than num_replica + This defaults to 0, which means no index replicas to be created by default. + Minimum must be 0. + minimum: 0 + type: integer + redistributeIndexes: + default: false + description: |- + RedistributeIndexes when true, Couchbase Server redistributes indexes + when rebalance occurs, in order to optimize performance. + If false (the default), such redistribution does not occur. + type: boolean + stableSnapshotInterval: + default: 5s + description: |- + StableSnapshotInterval controls when disk indexes should be snapshotted. + This defaults to 5s, and must be greater than or equal to 1ms. + type: string + storageMode: + default: memory_optimized + description: |- + StorageMode controls the underlying storage engine for indexes. Once set + it can only be modified if there are no nodes in the cluster running the + index service. The field must be one of "memory_optimized" or "plasma", + defaulting to "memory_optimized". + enum: + - memory_optimized + - plasma + type: string + threads: + description: |- + Threads controls the number of processor threads to use for indexing. + A value of 0 means 1 per CPU. This attribute must be greater + than or equal to 0, defaulting to 0. + minimum: 0 + type: integer + type: object + query: + description: Query allows the query service to be configured. + properties: + backfillEnabled: + default: true + description: BackfillEnabled allows the query service to backfill. + type: boolean + cboEnabled: + default: true + description: |- + CBOEnabled specifies whether the cost-based optimizer is enabled. + Defaults to true. + type: boolean + cleanupClientAttemptsEnabled: + default: true + description: |- + CleanupClientAttemptsEnabled specifies whether the Query service preferentially aims to clean up just + transactions that it has created, leaving transactions for the distributed cleanup process only + when it is forced to. + Defaults to true. + type: boolean + cleanupLostAttemptsEnabled: + default: true + description: |- + CleanupLostAttemptsEnabled specifies the Query service takes part in the distributed cleanup + process, and cleans up expired transactions created by any client. + Defaults to true. + type: boolean + cleanupWindow: + default: 60s + description: |- + CleanupWindow specifies how frequently the Query service checks its subset of active + transaction records for cleanup. + Defaults to 60s + type: string + completedLimit: + default: 4000 + description: |- + CompletedLimit sets the number of requests to be logged in the completed + requests catalog. As new completed requests are added, old ones are removed. + format: int32 + type: integer + completedMaxPlanSize: + anyOf: + - type: integer + - type: string + default: "262144" + description: |- + CompletedMaxPlanSize limits the size of query execution plans that can be logged in the + completed requests catalog. Queries with plans larger than this are not logged. + This field is only supported on CB versions 7.6.0+. + Defaults to 262144, maximum value is 20840448, and minimum value is 0. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + type: string + x-kubernetes-int-or-string: true + completedTrackingAllRequests: + default: false + description: |- + CompletedTrackingAllRequests allows all requests to be tracked regardless of their + time. This field requires `completedTrackingEnabled` to be true. + type: boolean + completedTrackingEnabled: + default: true + description: |- + CompletedTrackingEnabled allows completed requests to be tracked in the requests + catalog. + type: boolean + completedTrackingThreshold: + default: 7s + description: |- + CompletedThreshold is a trigger for queries to be logged in the completed + requests catalog. All completed queries lasting longer than this threshold + are logged in the completed requests catalog. This field requires `completedTrackingEnabled` + to be set to true and `completedTrackingAllRequests` to be false to have any effect. + type: string + logLevel: + default: info + description: |- + LogLevel controls the verbosity of query logs. This field must be one of + "debug", "trace", "info", "warn", "error", "severe", or "none", defaulting to "info". + enum: + - debug + - trace + - info + - warn + - error + - severe + - none + type: string + maxParallelism: + default: 1 + description: |- + MaxParallelism specifies the maximum parallelism for queries on all Query nodes in the cluster. + If the value is zero, negative, or larger than the number of allowed cored the maximum parallelism + is restricted to the number of allowed cores. + Defaults to 1. + format: int32 + type: integer + memoryQuota: + anyOf: + - type: integer + - type: string + default: "0" + description: |- + MemoryQuota specifies the maximum amount of memory a request may use on any Query node in the cluster. + This parameter enforces a ceiling on the memory used for the tracked documents required for processing + a request. It does not take into account any other memory that might be used to process a request, + such as the stack, the operators, or some intermediate values. + Defaults to 0. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + type: string + x-kubernetes-int-or-string: true + nodeQuotaValPercent: + default: 67 + description: |- + NodeQuotaValPercent sets the percentage of the `useReplica` that is dedicated to tracked + value content memory across all active requests for every Query node in the cluster. + This field is only supported on CB versions 7.6.0+. + Defaults to 67. + format: int32 + maximum: 100 + minimum: 0 + type: integer + numActiveTransactionRecords: + default: 1024 + description: |- + NumActiveTransactionRecords specifies the total number of active transaction records for + all Query nodes in the cluster. + Default to 1024 and has a minimum of 1. + format: int32 + minimum: 1 + type: integer + numCpus: + default: 0 + description: |- + NumCpus is the number of CPUs the Query service can use on any Query node in the cluster. + When set to 0 (the default), the Query service can use all available CPUs, up to the limits described below. + The number of CPUs can never be greater than the number of logical CPUs. + In Community Edition, the number of allowed CPUs cannot be greater than 4. + In Enterprise Edition, there is no limit to the number of allowed CPUs. + This field is only supported on CB versions 7.6.0+. + NOTE: This change requires a restart of the Query service to take effect which can be done by rescheduling + nodes that are running the query service. + Defaults to 0 + format: int32 + minimum: 0 + type: integer + pipelineBatch: + default: 16 + description: |- + PipelineBatch controls the number of items execution operators can batch for + Fetch from the KV. Defaults to 16. + format: int32 + type: integer + pipelineCap: + default: 512 + description: |- + PipelineCap controls the maximum number of items each execution + operator can buffer between various operators. Defaults to 512. + format: int32 + type: integer + preparedLimit: + default: 16384 + description: |- + PreparedLimit is the maximum number of prepared statements in the cache. + When this cache reaches the limit, the least recently used prepared + statements will be discarded as new prepared statements are created. + format: int32 + type: integer + scanCap: + default: 512 + description: |- + ScapCan sets the maximum buffered channel size between the indexer client + and the query service for index scans. + Defaults to 512. + format: int32 + type: integer + temporarySpace: + anyOf: + - type: integer + - type: string + default: 5Gi + description: |- + TemporarySpace allows the temporary storage used by the query + service backfill, per-pod, to be modified. This field requires + `backfillEnabled` to be set to true in order to have any effect. + More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + type: string + x-kubernetes-int-or-string: true + temporarySpaceUnlimited: + description: |- + TemporarySpaceUnlimited allows the temporary storage used by + the query service backfill, per-pod, to be unconstrained. This field + requires `backfillEnabled` to be set to true in order to have any effect. + This field overrides `temporarySpace`. + type: boolean + timeout: + description: |- + Timeout is the maximum time to spend on the request before timing out. + If this field is not set then there will be no timeout. + type: string + txTimeout: + default: 0ms + description: |- + TxTimeout is the maximum time to spend on a transaction before timing out. This setting + only applies to requests containing the BEGIN TRANSACTION statement, or to requests where + the tximplicit parameter is set. For all other requests, it is ignored. + Defaults to 0ms (no timeout). + type: string + useReplica: + description: |- + UseReplica specifies whether a query can fetch data from a replica vBucket if active vBuckets + are inaccessible. If set to true then read from replica is enabled for all queries, but can + be disabled at request level. If set to false read from replica is disabled for all queries + and cannot be overridden at request level. If this field is unset then it is enabled/disabled + at the request level. + This field is only supported on CB versions 7.6.0+. + type: boolean + required: + - cboEnabled + - cleanupClientAttemptsEnabled + - cleanupLostAttemptsEnabled + - cleanupWindow + - completedLimit + - completedMaxPlanSize + - completedTrackingAllRequests + - completedTrackingEnabled + - maxParallelism + - nodeQuotaValPercent + - numActiveTransactionRecords + - numCpus + - pipelineBatch + - pipelineCap + - preparedLimit + - scanCap + type: object + queryServiceMemoryQuota: + anyOf: + - type: integer + - type: string + description: |- + QueryServiceMemQuota is used when the spec.autoResourceAllocation feature is enabled, + and is used to define the amount of memory reserved by the query service for use with + Kubernetes resource scheduling. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes + In CB Server 7.6.0+ QueryServiceMemQuota also sets a soft memory limit for every Query node in the cluster. + The garbage collector tries to keep below this target. It is not a hard, absolute limit, and memory + usage may exceed this value. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + type: string + x-kubernetes-int-or-string: true + searchServiceMemoryQuota: + anyOf: + - type: integer + - type: string + default: 256Mi + description: |- + SearchServiceMemQuota is the amount of memory that should be allocated to the search service. + This value is per-pod, and only applicable to pods belonging to server classes running + the search service. This field must be a quantity greater than or equal to 256Mi. This + field defaults to 256Mi. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + type: string + x-kubernetes-int-or-string: true + type: object + enableOnlineVolumeExpansion: + description: |- + EnableOnlineVolumeExpansion enables online expansion of Persistent Volumes. + You can only expand a PVC if its storage class's "allowVolumeExpansion" field is set to true. + Additionally, Kubernetes feature "ExpandInUsePersistentVolumes" must be enabled in order to + expand the volumes which are actively bound to Pods. + Volumes can only be expanded and not reduced to a smaller size. + See: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#resizing-an-in-use-persistentvolumeclaim + + + If "EnableOnlineVolumeExpansion" is enabled for use within an environment that does + not actually support online volume and file system expansion then the cluster will fallback to + rolling upgrade procedure to create a new set of Pods for use with resized Volumes. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#expanding-persistent-volumes-claims + type: boolean + enablePreviewScaling: + description: |- + DEPRECATED - This option only exists for backwards compatibility and no longer + restricts autoscaling to ephemeral services. + EnablePreviewScaling enables autoscaling for stateful services and buckets. + type: boolean + envImagePrecedence: + description: |- + EnvImagePrecedence gives precedence over the default container image name in + `spec.Image` to an image name provided through Operator environment variables. + For more info on using Operator environment variables: + https://docs.couchbase.com/operator/current/reference-operator-configuration.html + type: boolean + hibernate: + description: Hibernate is whether to hibernate the cluster. + type: boolean + hibernationStrategy: + description: |- + HibernationStrategy defines how to hibernate the cluster. When Immediate + the Operator will immediately delete all pods and take no further action until + the hibernate field is set to false. + enum: + - Immediate + type: string + image: + description: |- + Image is the container image name that will be used to launch Couchbase + server instances. Updating this field will cause an automatic upgrade of + the cluster. Explicitly specifying the image for a server class will override + this value for the server class. + pattern: ^(.*?(:\d+)?/)?.*?/.*?(:.*?\d+\.\d+\.\d+.*|@sha256:[0-9a-f]{64})$ + type: string + logging: + description: Logging defines Operator logging options. + properties: + audit: + description: Used to manage the audit configuration directly + properties: + disabledEvents: + description: |- + The list of event ids to disable for auditing purposes. + This is passed to the REST API with no verification by the operator. + Refer to the documentation for details: + https://docs.couchbase.com/server/current/audit-event-reference/audit-event-reference.html + items: + type: integer + type: array + disabledUsers: + description: |- + The list of users to ignore for auditing purposes. + This is passed to the REST API with minimal validation it meets an acceptable regex pattern. + Refer to the documentation for full details on how to configure this: + https://docs.couchbase.com/server/current/manage/manage-security/manage-auditing.html#ignoring-events-by-user + items: + description: |- + The AuditDisabledUser is actually a compound string intended to feed a two-element struct. + Its value may be: + 1. A local user, specified in the form localusername/local. + 2. An external user, specified in the form externalusername/external. + 3. An internal user, specified in the form @internalusername/local. + We add a quick validation check to make sure these match and prevent being rejected by the API later. + This is just a sanity check, the REST API may still reject the user for other reasons. + pattern: ^.+/(local|external)$ + type: string + type: array + enabled: + description: Enabled is a boolean that enables the audit capabilities. + type: boolean + garbageCollection: + description: |- + Handle all optional garbage collection (GC) configuration for the audit functionality. + This is not part of the audit REST API, it is intended to handle GC automatically for the audit logs. + By default the Couchbase Server rotates the audit logs but does not clean up the rotated logs. + This is left as an operation for the cluster administrator to manage, the operator allows for us to automate this: + https://docs.couchbase.com/server/current/manage/manage-security/manage-auditing.html + properties: + sidecar: + description: |- + DEPRECATED - by spec.logging.audit.nativePruning for Couchbase Server 7.2.4+ + Provide the sidecar configuration required (if so desired) to automatically clean up audit logs. + properties: + age: + default: 1h + description: The minimum age of rotated log files + to remove, defaults to one hour. + type: string + enabled: + description: Enable this sidecar by setting to true, + defaults to being disabled. + type: boolean + image: + default: busybox:1.33.1 + description: |- + Image is the image to be used to run the audit sidecar helper. + No validation is carried out as this can be any arbitrary repo and tag. + type: string + interval: + default: 20m + description: The interval at which to check for rotated + log files to remove, defaults to 20 minutes. + type: string + resources: + description: |- + Resources is the resource requirements for the cleanup container. + Will be populated by Kubernetes defaults if not specified. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + type: object + type: object + rotation: + description: |- + The interval to optionally rotate the audit log. + This is passed to the REST API, see here for details: + https://docs.couchbase.com/server/current/manage/manage-security/manage-auditing.html + properties: + interval: + default: 15m + description: The interval at which to rotate log files, + defaults to 15 minutes. + type: string + pruneAge: + default: "0" + description: |- + How long Couchbase Server keeps rotated audit logs. + If set to 0 (the default) then audit logs won't be pruned. + Has a maximum of 35791394 seconds. + type: string + size: + anyOf: + - type: integer + - type: string + default: 20Mi + description: |- + Size allows the specification of a rotation size for the log, defaults to 20Mi. + More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + type: string + x-kubernetes-int-or-string: true + type: object + type: object + logRetentionCount: + description: LogRetentionCount gives the number of persistent + log PVCs to keep. + minimum: 0 + type: integer + logRetentionTime: + description: LogRetentionTime gives the time to keep persistent + log PVCs alive for. + pattern: ^\d+(ns|us|ms|s|m|h)$ + type: string + server: + description: Specification of all logging configuration required + to manage the sidecar containers in each pod. + properties: + configurationName: + default: fluent-bit-config + description: |- + ConfigurationName is the name of the Secret to use holding the logging configuration in the namespace. + A Secret is used to ensure we can safely store credentials but this can be populated from plaintext if acceptable too. + If it does not exist then one will be created with defaults in the namespace so it can be easily updated whilst running. + Note that if running multiple clusters in the same kubernetes namespace then you should use a separate Secret for each, + otherwise the first cluster will take ownership (if created) and the Secret will be cleaned up when that cluster is + removed. If running clusters in separate namespaces then they will be separate Secrets anyway. + type: string + enabled: + description: Enabled is a boolean that enables the logging + sidecar container. + type: boolean + manageConfiguration: + default: true + description: |- + A boolean which indicates whether the operator should manage the configuration or not. + If omitted then this defaults to true which means the operator will attempt to reconcile it to default values. + To use a custom configuration make sure to set this to false. + Note that the ownership of any Secret is not changed so if a Secret is created externally it can be updated by + the operator but it's ownership stays the same so it will be cleaned up when it's owner is. + type: boolean + sidecar: + default: {} + description: Any specific logging sidecar container configuration. + properties: + configurationMountPath: + default: /fluent-bit/config/ + description: |- + ConfigurationMountPath is the location to mount the ConfigurationName Secret into the image. + If another log shipping image is used that needs a different mount then modify this. + Note that the configuration file must be called 'fluent-bit.conf' at the root of this path, + there is no provision for overriding the name of the config file passed as the + COUCHBASE_LOGS_CONFIG_FILE environment variable. + type: string + image: + default: couchbase/fluent-bit:1.2.1 + description: |- + Image is the image to be used to deal with logging as a sidecar. + No validation is carried out as this can be any arbitrary repo and tag. + It will default to the latest supported version of Fluent Bit. + type: string + resources: + description: |- + Resources is the resource requirements for the sidecar container. + Will be populated by Kubernetes defaults if not specified. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + type: object + type: object + type: object + monitoring: + description: |- + DEPRECATED - By Couchbase Server metrics endpoint on version 7.0+ + Monitoring defines any Operator managed integration into 3rd party monitoring + infrastructure. + properties: + prometheus: + description: |- + DEPRECATED - By Couchbase Server metrics endpoint on version 7.0+ + Prometheus provides integration with Prometheus monitoring. + properties: + authorizationSecret: + description: |- + AuthorizationSecret is the name of a Kubernetes secret that contains a + bearer token to authorize GET requests to the metrics endpoint + type: string + enabled: + description: |- + Enabled is a boolean that enables/disables the metrics sidecar container. + This must be set to true, when image is provided. + type: boolean + image: + description: |- + Image is the metrics image to be used to collect metrics. + No validation is carried out as this can be any arbitrary repo and tag. + enabled must be set to true, when image is provided. + type: string + refreshRate: + default: 60 + description: |- + RefreshRate is the frequency in which cached statistics are updated in seconds. + Shorter intervals will add additional resource overhead to clusters running Couchbase Server 7.0+ + Default is 60 seconds, Maximum value is 600 seconds, and minimum value is 1 second. + format: int64 + maximum: 600 + minimum: 1 + type: integer + resources: + description: |- + Resources is the resource requirements for the metrics container. + Will be populated by Kubernetes defaults if not specified. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + required: + - image + type: object + type: object + networking: + description: |- + Networking defines Couchbase cluster networking options such as network + topology, TLS and DDNS settings. + properties: + addressFamily: + description: |- + AddressFamily allows the manual selection of the address family to use. + When this field is not set, Couchbase server will default to using IPv4 + for internal communication and also support IPv6 on dual stack systems. + Setting this field to either IPv4 or IPv6 will force Couchbase to use the + selected protocol for internal communication, and also disable all other + protocols to provide added security and simplicty when defining firewall + rules. Disabling of address families is only supported in Couchbase + Server 7.0.2+. + enum: + - IPv4 + - IPv6 + type: string + adminConsoleServiceTemplate: + description: |- + AdminConsoleServiceTemplate provides a template used by the Operator to create + and manage the admin console service. This allows services to be annotated, the + service type defined and any other options that Kubernetes provides. When using + a LoadBalancer service type, TLS and dynamic DNS must also be enabled. The Operator + reserves the right to modify or replace any field. More info: + https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#service-v1-core + properties: + metadata: + description: |- + Standard objects metadata. This is a curated version for use with Couchbase + resource templates. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that + may be set by external tools to store and retrieve arbitrary metadata. They + are not queryable and should be preserved when modifying objects. More + info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + spec: + description: ServiceSpec describes the attributes that a user + creates on a service. + properties: + allocateLoadBalancerNodePorts: + description: |- + allocateLoadBalancerNodePorts defines if NodePorts will be automatically + allocated for services with type LoadBalancer. Default is "true". It + may be set to "false" if the cluster load-balancer does not rely on + NodePorts. If the caller requests specific NodePorts (by specifying a + value), those requests will be respected, regardless of this field. + This field may only be set for services with type LoadBalancer and will + be cleared if the type is changed to any other type. + type: boolean + clusterIP: + description: |- + clusterIP is the IP address of the service and is usually assigned + randomly. If an address is specified manually, is in-range (as per + system configuration), and is not in use, it will be allocated to the + service; otherwise creation of the service will fail. This field may not + be changed through updates unless the type field is also being changed + to ExternalName (which requires this field to be blank) or the type + field is being changed from ExternalName (in which case this field may + optionally be specified, as describe above). Valid values are "None", + empty string (""), or a valid IP address. Setting this to "None" makes a + "headless service" (no virtual IP), which is useful when direct endpoint + connections are preferred and proxying is not required. Only applies to + types ClusterIP, NodePort, and LoadBalancer. If this field is specified + when creating a Service of type ExternalName, creation will fail. This + field will be wiped when updating a Service to type ExternalName. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + type: string + clusterIPs: + description: |- + ClusterIPs is a list of IP addresses assigned to this service, and are + usually assigned randomly. If an address is specified manually, is + in-range (as per system configuration), and is not in use, it will be + allocated to the service; otherwise creation of the service will fail. + This field may not be changed through updates unless the type field is + also being changed to ExternalName (which requires this field to be + empty) or the type field is being changed from ExternalName (in which + case this field may optionally be specified, as describe above). Valid + values are "None", empty string (""), or a valid IP address. Setting + this to "None" makes a "headless service" (no virtual IP), which is + useful when direct endpoint connections are preferred and proxying is + not required. Only applies to types ClusterIP, NodePort, and + LoadBalancer. If this field is specified when creating a Service of type + ExternalName, creation will fail. This field will be wiped when updating + a Service to type ExternalName. If this field is not specified, it will + be initialized from the clusterIP field. If this field is specified, + clients must ensure that clusterIPs[0] and clusterIP have the same + value. + + + This field may hold a maximum of two entries (dual-stack IPs, in either order). + These IPs must correspond to the values of the ipFamilies field. Both + clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + items: + type: string + type: array + x-kubernetes-list-type: atomic + externalIPs: + description: |- + externalIPs is a list of IP addresses for which nodes in the cluster + will also accept traffic for this service. These IPs are not managed by + Kubernetes. The user is responsible for ensuring that traffic arrives + at a node with this IP. A common example is external load-balancers + that are not part of the Kubernetes system. + items: + type: string + type: array + externalName: + description: |- + externalName is the external reference that discovery mechanisms will + return as an alias for this service (e.g. a DNS CNAME record). No + proxying will be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". + type: string + externalTrafficPolicy: + description: |- + externalTrafficPolicy describes how nodes distribute service traffic they + receive on one of the Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure + the service in a way that assumes that external load balancers will take care + of balancing the service traffic between nodes, and so each node will deliver + traffic only to the node-local endpoints of the service, without masquerading + the client source IP. (Traffic mistakenly sent to a node with no endpoints will + be dropped.) The default value, "Cluster", uses the standard behavior of + routing to all endpoints evenly (possibly modified by topology and other + features). Note that traffic sent to an External IP or LoadBalancer IP from + within the cluster will always get "Cluster" semantics, but clients sending to + a NodePort from within the cluster may need to take traffic policy into account + when picking a node. + type: string + healthCheckNodePort: + description: |- + healthCheckNodePort specifies the healthcheck nodePort for the service. + This only applies when type is set to LoadBalancer and + externalTrafficPolicy is set to Local. If a value is specified, is + in-range, and is not in use, it will be used. If not specified, a value + will be automatically allocated. External systems (e.g. load-balancers) + can use this port to determine if a given node holds endpoints for this + service or not. If this field is specified when creating a Service + which does not need it, creation will fail. This field will be wiped + when updating a Service to no longer need it (e.g. changing type). + This field cannot be updated once set. + format: int32 + type: integer + internalTrafficPolicy: + description: |- + InternalTrafficPolicy describes how nodes distribute service traffic they + receive on the ClusterIP. If set to "Local", the proxy will assume that pods + only want to talk to endpoints of the service on the same node as the pod, + dropping the traffic if there are no local endpoints. The default value, + "Cluster", uses the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). + type: string + ipFamilies: + description: |- + IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this + service. This field is usually assigned automatically based on cluster + configuration and the ipFamilyPolicy field. If this field is specified + manually, the requested family is available in the cluster, + and ipFamilyPolicy allows it, it will be used; otherwise creation of + the service will fail. This field is conditionally mutable: it allows + for adding or removing a secondary IP family, but it does not allow + changing the primary IP family of the Service. Valid values are "IPv4" + and "IPv6". This field only applies to Services of types ClusterIP, + NodePort, and LoadBalancer, and does apply to "headless" services. + This field will be wiped when updating a Service to type ExternalName. + + + This field may hold a maximum of two entries (dual-stack families, in + either order). These families must correspond to the values of the + clusterIPs field, if specified. Both clusterIPs and ipFamilies are + governed by the ipFamilyPolicy field. + items: + description: |- + IPFamily represents the IP Family (IPv4 or IPv6). This type is used + to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies). + type: string + type: array + x-kubernetes-list-type: atomic + ipFamilyPolicy: + description: |- + IPFamilyPolicy represents the dual-stack-ness requested or required by + this Service. If there is no value provided, then this field will be set + to SingleStack. Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured clusters or + a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise fail). The + ipFamilies and clusterIPs fields depend on the value of this field. This + field will be wiped when updating a service to type ExternalName. + type: string + loadBalancerClass: + description: |- + loadBalancerClass is the class of the load balancer implementation this Service belongs to. + If specified, the value of this field must be a label-style identifier, with an optional prefix, + e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. + This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load + balancer implementation is used, today this is typically done through the cloud provider integration, + but should apply for any default implementation. If set, it is assumed that a load balancer + implementation is watching for Services with a matching class. Any default load balancer + implementation (e.g. cloud providers) should ignore Services that set this field. + This field can only be set when creating or updating a Service to type 'LoadBalancer'. + Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. + type: string + loadBalancerIP: + description: |- + Only applies to Service Type: LoadBalancer. + This feature depends on whether the underlying cloud-provider supports specifying + the loadBalancerIP when a load balancer is created. + This field will be ignored if the cloud-provider does not support the feature. + Deprecated: This field was under-specified and its meaning varies across implementations. + Using it is non-portable and it may not support dual-stack. + Users are encouraged to use implementation-specific annotations when available. + type: string + loadBalancerSourceRanges: + description: |- + If specified and supported by the platform, this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client IPs. This field will be ignored if the + cloud-provider does not support the feature." + More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ + items: + type: string + type: array + sessionAffinity: + description: |- + Supports "ClientIP" and "None". Used to maintain session affinity. + Enable client IP based session affinity. + Must be ClientIP or None. + Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations + of session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: |- + timeoutSeconds specifies the seconds of ClientIP type session sticky time. + The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + type: + description: |- + type determines how the Service is exposed. Defaults to ClusterIP. Valid + options are ExternalName, ClusterIP, NodePort, and LoadBalancer. + "ClusterIP" allocates a cluster-internal IP address for load-balancing + to endpoints. Endpoints are determined by the selector or if that is not + specified, by manual construction of an Endpoints object or + EndpointSlice objects. If clusterIP is "None", no virtual IP is + allocated and the endpoints are published as a set of endpoints rather + than a virtual IP. + "NodePort" builds on ClusterIP and allocates a port on every node which + routes to the same endpoints as the clusterIP. + "LoadBalancer" builds on NodePort and creates an external load-balancer + (if supported in the current cloud) which routes to the same endpoints + as the clusterIP. + "ExternalName" aliases this service to the specified externalName. + Several other fields do not apply to ExternalName services. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + type: string + type: object + type: object + adminConsoleServiceType: + default: NodePort + description: |- + DEPRECATED - by adminConsoleServiceTemplate. + AdminConsoleServiceType defines whether to create a node port or load balancer service. + When using a LoadBalancer service type, TLS and dynamic DNS must also be enabled. + This field must be one of "NodePort" or "LoadBalancer", defaulting to "NodePort". + enum: + - NodePort + - LoadBalancer + type: string + adminConsoleServices: + description: |- + DEPRECATED - not required by Couchbase Server. + AdminConsoleServices is a selector to choose specific services to expose via the admin + console. This field may contain any of "data", "index", "query", "search", "eventing" + and "analytics". Each service may only be included once. + items: + description: Supported services + enum: + - admin + - data + - index + - query + - search + - eventing + - analytics + type: string + type: array + x-kubernetes-list-type: set + cloudNativeGateway: + description: |- + CloudNativeGateway is used to provision a gRPC gateway proxying a Couchbase + cluster. + properties: + image: + description: |- + Image is the Cloud Native Gateway image to be used to run the sidecar container. + No validation is carried out as this can be any arbitrary repo and tag. + TODO: provide a default kubebuilder default image tag as field is mandatory. + type: string + logLevel: + default: info + description: |- + DEVELOPER PREVIEW - This feature is in developer preview. + LogLevel controls the verbosity of cloud native logs. This field must be one of + "fatal", "panic", "dpanic", "error", "warn", "info", "debug" defaulting to "info". + enum: + - fatal + - panic + - dpanic + - error + - warn + - info + - debug + type: string + terminationGracePeriodSeconds: + default: 75 + description: |- + TerminationGracePeriodSeconds specifies the grace period for the container to + terminate. Defaults to 75 seconds. + format: int64 + type: integer + tls: + description: |- + TLS defines the TLS configuration for the Cloud Native Gateway server including + server and client certificate configuration, and TLS security policies. + If no TLS config are explicitly provided, the operator generates/manages self-signed certs/keys + and creates a k8s secret named `couchbase-cloud-native-gateway-self-signed-secret-` + unique to a Couchbase cluster, which is volume mounted to the cb k8s pod. + This action could be overidden at the outset or later, by using the below + TLS config or generating the secret of same name as + `couchbase-cloud-native-gateway-self-signed-secret-` with certificates + conforming to the keys of well-known type "kubernetes.io/tls" with "tls.crt" and "tls.key". + N.B. The secret is on per cluster basis so it's advised to use the unique cluster name else + would be ignored. + properties: + serverSecretName: + description: |- + ServerSecretName specifies the secret name, in the same namespace as the cluster, + that contains Cloud Native Gateway gRPC server TLS data. + The secret is expected to contain "tls.crt" and + "tls.key" as per the kubernetes.io/tls secret type. + type: string + type: object + required: + - image + - logLevel + type: object + disableUIOverHTTP: + description: |- + DisableUIOverHTTP is used to explicitly enable and disable UI access over + the HTTP protocol. If not specified, this field defaults to false. + type: boolean + disableUIOverHTTPS: + description: |- + DisableUIOverHTTPS is used to explicitly enable and disable UI access over + the HTTPS protocol. If not specified, this field defaults to false. + type: boolean + dns: + description: DNS defines information required for Dynamic DNS + support. + properties: + domain: + description: |- + Domain is the domain to create pods in. When populated the Operator + will annotate the admin console and per-pod services with the key + "external-dns.alpha.kubernetes.io/hostname". These annotations can + be used directly by a Kubernetes External-DNS controller to replicate + load balancer service IP addresses into a public DNS server. + type: string + type: object + exposeAdminConsole: + description: |- + ExposeAdminConsole creates a service referencing the admin console. + The service is configured by the adminConsoleServiceTemplate field. + type: boolean + exposedFeatureServiceTemplate: + description: |- + ExposedFeatureServiceTemplate provides a template used by the Operator to create + and manage per-pod services. This allows services to be annotated, the + service type defined and any other options that Kubernetes provides. When using + a LoadBalancer service type, TLS and dynamic DNS must also be enabled. The Operator + reserves the right to modify or replace any field. More info: + https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#service-v1-core + properties: + metadata: + description: |- + Standard objects metadata. This is a curated version for use with Couchbase + resource templates. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that + may be set by external tools to store and retrieve arbitrary metadata. They + are not queryable and should be preserved when modifying objects. More + info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + spec: + description: ServiceSpec describes the attributes that a user + creates on a service. + properties: + allocateLoadBalancerNodePorts: + description: |- + allocateLoadBalancerNodePorts defines if NodePorts will be automatically + allocated for services with type LoadBalancer. Default is "true". It + may be set to "false" if the cluster load-balancer does not rely on + NodePorts. If the caller requests specific NodePorts (by specifying a + value), those requests will be respected, regardless of this field. + This field may only be set for services with type LoadBalancer and will + be cleared if the type is changed to any other type. + type: boolean + clusterIP: + description: |- + clusterIP is the IP address of the service and is usually assigned + randomly. If an address is specified manually, is in-range (as per + system configuration), and is not in use, it will be allocated to the + service; otherwise creation of the service will fail. This field may not + be changed through updates unless the type field is also being changed + to ExternalName (which requires this field to be blank) or the type + field is being changed from ExternalName (in which case this field may + optionally be specified, as describe above). Valid values are "None", + empty string (""), or a valid IP address. Setting this to "None" makes a + "headless service" (no virtual IP), which is useful when direct endpoint + connections are preferred and proxying is not required. Only applies to + types ClusterIP, NodePort, and LoadBalancer. If this field is specified + when creating a Service of type ExternalName, creation will fail. This + field will be wiped when updating a Service to type ExternalName. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + type: string + clusterIPs: + description: |- + ClusterIPs is a list of IP addresses assigned to this service, and are + usually assigned randomly. If an address is specified manually, is + in-range (as per system configuration), and is not in use, it will be + allocated to the service; otherwise creation of the service will fail. + This field may not be changed through updates unless the type field is + also being changed to ExternalName (which requires this field to be + empty) or the type field is being changed from ExternalName (in which + case this field may optionally be specified, as describe above). Valid + values are "None", empty string (""), or a valid IP address. Setting + this to "None" makes a "headless service" (no virtual IP), which is + useful when direct endpoint connections are preferred and proxying is + not required. Only applies to types ClusterIP, NodePort, and + LoadBalancer. If this field is specified when creating a Service of type + ExternalName, creation will fail. This field will be wiped when updating + a Service to type ExternalName. If this field is not specified, it will + be initialized from the clusterIP field. If this field is specified, + clients must ensure that clusterIPs[0] and clusterIP have the same + value. + + + This field may hold a maximum of two entries (dual-stack IPs, in either order). + These IPs must correspond to the values of the ipFamilies field. Both + clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + items: + type: string + type: array + x-kubernetes-list-type: atomic + externalIPs: + description: |- + externalIPs is a list of IP addresses for which nodes in the cluster + will also accept traffic for this service. These IPs are not managed by + Kubernetes. The user is responsible for ensuring that traffic arrives + at a node with this IP. A common example is external load-balancers + that are not part of the Kubernetes system. + items: + type: string + type: array + externalName: + description: |- + externalName is the external reference that discovery mechanisms will + return as an alias for this service (e.g. a DNS CNAME record). No + proxying will be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". + type: string + externalTrafficPolicy: + description: |- + externalTrafficPolicy describes how nodes distribute service traffic they + receive on one of the Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure + the service in a way that assumes that external load balancers will take care + of balancing the service traffic between nodes, and so each node will deliver + traffic only to the node-local endpoints of the service, without masquerading + the client source IP. (Traffic mistakenly sent to a node with no endpoints will + be dropped.) The default value, "Cluster", uses the standard behavior of + routing to all endpoints evenly (possibly modified by topology and other + features). Note that traffic sent to an External IP or LoadBalancer IP from + within the cluster will always get "Cluster" semantics, but clients sending to + a NodePort from within the cluster may need to take traffic policy into account + when picking a node. + type: string + healthCheckNodePort: + description: |- + healthCheckNodePort specifies the healthcheck nodePort for the service. + This only applies when type is set to LoadBalancer and + externalTrafficPolicy is set to Local. If a value is specified, is + in-range, and is not in use, it will be used. If not specified, a value + will be automatically allocated. External systems (e.g. load-balancers) + can use this port to determine if a given node holds endpoints for this + service or not. If this field is specified when creating a Service + which does not need it, creation will fail. This field will be wiped + when updating a Service to no longer need it (e.g. changing type). + This field cannot be updated once set. + format: int32 + type: integer + internalTrafficPolicy: + description: |- + InternalTrafficPolicy describes how nodes distribute service traffic they + receive on the ClusterIP. If set to "Local", the proxy will assume that pods + only want to talk to endpoints of the service on the same node as the pod, + dropping the traffic if there are no local endpoints. The default value, + "Cluster", uses the standard behavior of routing to all endpoints evenly + (possibly modified by topology and other features). + type: string + ipFamilies: + description: |- + IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this + service. This field is usually assigned automatically based on cluster + configuration and the ipFamilyPolicy field. If this field is specified + manually, the requested family is available in the cluster, + and ipFamilyPolicy allows it, it will be used; otherwise creation of + the service will fail. This field is conditionally mutable: it allows + for adding or removing a secondary IP family, but it does not allow + changing the primary IP family of the Service. Valid values are "IPv4" + and "IPv6". This field only applies to Services of types ClusterIP, + NodePort, and LoadBalancer, and does apply to "headless" services. + This field will be wiped when updating a Service to type ExternalName. + + + This field may hold a maximum of two entries (dual-stack families, in + either order). These families must correspond to the values of the + clusterIPs field, if specified. Both clusterIPs and ipFamilies are + governed by the ipFamilyPolicy field. + items: + description: |- + IPFamily represents the IP Family (IPv4 or IPv6). This type is used + to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies). + type: string + type: array + x-kubernetes-list-type: atomic + ipFamilyPolicy: + description: |- + IPFamilyPolicy represents the dual-stack-ness requested or required by + this Service. If there is no value provided, then this field will be set + to SingleStack. Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured clusters or + a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise fail). The + ipFamilies and clusterIPs fields depend on the value of this field. This + field will be wiped when updating a service to type ExternalName. + type: string + loadBalancerClass: + description: |- + loadBalancerClass is the class of the load balancer implementation this Service belongs to. + If specified, the value of this field must be a label-style identifier, with an optional prefix, + e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. + This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load + balancer implementation is used, today this is typically done through the cloud provider integration, + but should apply for any default implementation. If set, it is assumed that a load balancer + implementation is watching for Services with a matching class. Any default load balancer + implementation (e.g. cloud providers) should ignore Services that set this field. + This field can only be set when creating or updating a Service to type 'LoadBalancer'. + Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. + type: string + loadBalancerIP: + description: |- + Only applies to Service Type: LoadBalancer. + This feature depends on whether the underlying cloud-provider supports specifying + the loadBalancerIP when a load balancer is created. + This field will be ignored if the cloud-provider does not support the feature. + Deprecated: This field was under-specified and its meaning varies across implementations. + Using it is non-portable and it may not support dual-stack. + Users are encouraged to use implementation-specific annotations when available. + type: string + loadBalancerSourceRanges: + description: |- + If specified and supported by the platform, this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client IPs. This field will be ignored if the + cloud-provider does not support the feature." + More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ + items: + type: string + type: array + sessionAffinity: + description: |- + Supports "ClientIP" and "None". Used to maintain session affinity. + Enable client IP based session affinity. + Must be ClientIP or None. + Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + type: string + sessionAffinityConfig: + description: sessionAffinityConfig contains the configurations + of session affinity. + properties: + clientIP: + description: clientIP contains the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: |- + timeoutSeconds specifies the seconds of ClientIP type session sticky time. + The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + type: + description: |- + type determines how the Service is exposed. Defaults to ClusterIP. Valid + options are ExternalName, ClusterIP, NodePort, and LoadBalancer. + "ClusterIP" allocates a cluster-internal IP address for load-balancing + to endpoints. Endpoints are determined by the selector or if that is not + specified, by manual construction of an Endpoints object or + EndpointSlice objects. If clusterIP is "None", no virtual IP is + allocated and the endpoints are published as a set of endpoints rather + than a virtual IP. + "NodePort" builds on ClusterIP and allocates a port on every node which + routes to the same endpoints as the clusterIP. + "LoadBalancer" builds on NodePort and creates an external load-balancer + (if supported in the current cloud) which routes to the same endpoints + as the clusterIP. + "ExternalName" aliases this service to the specified externalName. + Several other fields do not apply to ExternalName services. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + type: string + type: object + type: object + exposedFeatureServiceType: + default: NodePort + description: |- + DEPRECATED - by exposedFeatureServiceTemplate. + ExposedFeatureServiceType defines whether to create a node port or load balancer service. + When using a LoadBalancer service type, TLS and dynamic DNS must also be enabled. + This field must be one of "NodePort" or "LoadBalancer", defaulting to "NodePort". + enum: + - NodePort + - LoadBalancer + type: string + exposedFeatureTrafficPolicy: + description: |- + DEPRECATED - by exposedFeatureServiceTemplate. + ExposedFeatureTrafficPolicy defines how packets should be routed from a load balancer + service to a Couchbase pod. When local, traffic is routed directly to the pod. When + cluster, traffic is routed to any node, then forwarded on. While cluster routing may be + slower, there are some situations where it is required for connectivity. This field + must be either "Cluster" or "Local", defaulting to "Local", + enum: + - Cluster + - Local + type: string + exposedFeatures: + description: |- + ExposedFeatures is a list of Couchbase features to expose when using a networking + model that exposes the Couchbase cluster externally to Kubernetes. This field also + triggers the creation of per-pod services used by clients to connect to the Couchbase + cluster. When admin, only the administrator port is exposed, allowing remote + administration. When xdcr, only the services required for remote replication are exposed. + The xdcr feature is only required when the cluster is the destination of an XDCR + replication. When client, all services are exposed as required for client SDK operation. + This field may contain any of "admin", "xdcr" and "client". Each feature may only be + included once. + items: + enum: + - admin + - xdcr + - client + - backup + type: string + type: array + x-kubernetes-list-type: set + loadBalancerSourceRanges: + description: |- + DEPRECATED - by adminConsoleServiceTemplate and exposedFeatureServiceTemplate. + LoadBalancerSourceRanges applies only when an exposed service is of type + LoadBalancer and limits the source IP ranges that are allowed to use the + service. Items must use IPv4 class-less interdomain routing (CIDR) notation + e.g. 10.0.0.0/16. + items: + pattern: ^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/\d{1,2}$ + type: string + type: array + networkPlatform: + description: |- + NetworkPlatform is used to enable support for various networking + technologies. This field must be one of "Istio". + enum: + - Istio + type: string + serviceAnnotations: + additionalProperties: + type: string + description: |- + DEPRECATED - by adminConsoleServiceTemplate and exposedFeatureServiceTemplate. + ServiceAnnotations allows services to be annotated with custom labels. + Operator annotations are merged on top of these so have precedence as + they are required for correct operation. + type: object + tls: + description: |- + TLS defines the TLS configuration for the cluster including + server and client certificate configuration, and TLS security policies. + properties: + allowPlainTextCertReload: + default: false + description: |- + AllowPlainTextCertReload allows the reload of TLS certificates in plain text. + This option should only be enabled as a means to recover connectivity with + server in the event that any of the server certificates expire. When enabled + the Operator only attempts plain text cert reloading when expired certificates + are detected. + type: boolean + cipherSuites: + description: |- + CipherSuites specifies a list of cipher suites for Couchbase server to select + from when negotiating TLS handshakes with a client. Suites are not validated + by the Operator. Run "openssl ciphers -v" in a Couchbase server pod to + interrogate supported values. + items: + type: string + type: array + x-kubernetes-list-type: set + clientCertificatePaths: + description: |- + ClientCertificatePaths defines where to look in client certificates in order + to extract the user name. + items: + description: ClientCertificatePath defines how to extract + a username from a client ceritficate. + properties: + delimiter: + description: |- + Delimiter if specified allows a suffix to be stripped from the username, once + extracted from the certificate path. + type: string + path: + description: |- + Path defines where in the X.509 specification to extract the username from. + This field must be either "subject.cn", "san.uri", "san.dnsname" or "san.email". + pattern: ^subject\.cn|san\.uri|san\.dnsname|san\.email$ + type: string + prefix: + description: |- + Prefix allows a prefix to be stripped from the username, once extracted from the + certificate path. + type: string + required: + - path + type: object + type: array + clientCertificatePolicy: + description: |- + ClientCertificatePolicy defines the client authentication policy to use. + If set, the Operator expects TLS configuration to contain a valid certificate/key pair + for the Administrator account. + enum: + - enable + - mandatory + type: string + nodeToNodeEncryption: + description: |- + NodeToNodeEncryption specifies whether to encrypt data between Couchbase nodes + within the same cluster. This may come at the expense of performance. When + control plane only encryption is used, only cluster management traffic is encrypted + between nodes. When all, all traffic is encrypted, including database documents. + When strict mode is used, it is the same as all, but also disables all plaintext + ports. Strict mode is only available on Couchbase Server versions 7.1 and greater. + Node to node encryption can only be used when TLS certificates are managed by the + Operator. This field must be either "ControlPlaneOnly", "All", or "Strict". + enum: + - ControlPlaneOnly + - All + - Strict + type: string + passphrase: + description: |- + PassphraseConfig configures the passphrase key to use with encrypted certificates. + The passphrase may be registered with Couchbase Server using a local script or a + rest endpoint. Private key encryption is only available on Couchbase Server + versions 7.1 and greater. + properties: + rest: + description: |- + PassphraseRestConfig is the configuration to register a private key passphrase with a rest endpoint. + When the private key is accessed, Couchbase Server attempts to extract the password by means of the + specified endpoint. The response status must be 200 and the response text must be the exact passphrase + excluding newlines and extraneous spaces. + properties: + addressFamily: + default: inet + description: AddressFamily is the address family to + use. By default inet (meaning IPV4) is used. + enum: + - inet + - inet6 + type: string + headers: + additionalProperties: + type: string + description: Headers is a map of one or more key-value + pairs to pass alongside the Get request. + type: object + timeout: + default: 5000 + description: Timeout is the number of milliseconds + that must elapse before the call is timed out. + format: int64 + type: integer + url: + description: |- + URL is the endpoint to be called to retrieve the passphrase. + URL will be called using the GET method and may use http/https protocol. + type: string + verifyPeer: + default: true + description: VerifyPeer ensures peer verification + is performed when Https is used. + type: boolean + required: + - url + type: object + script: + description: |- + PassphraseScriptConfig is the configuration to register a private key passphrase with a script. + The Operator auto-provisions the underlying script so this config simply provides a mechanism + to perform the decryption of the Couchbase Private Key using a local script. + properties: + secret: + description: |- + Secret is the secret containing the passphrase string. The secret is expected + to contain "passphrase" key with the passphrase string as a value. + type: string + required: + - secret + type: object + type: object + rootCAs: + description: |- + RootCAs defines a set of secrets that reside in this namespace that contain + additional CA certificates that should be installed in Couchbase. The CA + certificates that are defined here are in addition to those defined for the + cluster, optionally by couchbaseclusters.spec.networking.tls.secretSource, and + thus should not be duplicated. Each Secret referred to must be of well-known type + "kubernetes.io/tls" and must contain one or more CA certificates under the key "tls.crt". + Multiple root CA certificates are only supported on Couchbase Server 7.1 and greater, + and not with legacy couchbaseclusters.spec.networking.tls.static configuration. + items: + type: string + type: array + secretSource: + description: |- + SecretSource enables the user to specify a secret conforming to the Kubernetes TLS + secret specification that is used for the Couchbase server certificate, and optionally + the Operator's client certificate, providing cert-manager compatibility without having + to specify a separate root CA. A server CA certificate must be supplied by one of the + provided methods. Certificates referred to must conform to the keys of well-known type + "kubernetes.io/tls" with "tls.crt" and "tls.key". If the "tls.key" is an encrypted + private key then the secret type can be the generic Opaque type since "kubernetes.io/tls" + type secrets cannot verify encrypted keys. + properties: + clientSecretName: + description: |- + ClientSecretName specifies the secret name, in the same namespace as the cluster, + the contains client TLS data. The secret is expected to contain "tls.crt" and + "tls.key" as per the Kubernetes.io/tls secret type. + type: string + serverSecretName: + description: |- + ServerSecretName specifies the secret name, in the same namespace as the cluster, + that contains server TLS data. The secret is expected to contain "tls.crt" and + "tls.key" as per the kubernetes.io/tls secret type. It may also contain "ca.crt". + Only a single PEM formated x509 certificate can be provided to "ca.crt". + The single certificate may also bundle together multiple root CA certificates. + Multiple root CA certificates are only supported on Couchbase Server 7.1 and greater. + type: string + required: + - serverSecretName + type: object + static: + description: |- + DEPRECATED - by couchbaseclusters.spec.networking.tls.secretSource. + Static enables user to generate static x509 certificates and keys, + put them into Kubernetes secrets, and specify them here. Static secrets + are Couchbase specific, and follow no well-known standards. + properties: + operatorSecret: + description: |- + OperatorSecret is a secret name containing TLS certs used by operator to + talk securely to this cluster. The secret must contain a CA certificate (data key + ca.crt). If client authentication is enabled, then the secret must also contain + a client certificate chain (data key "couchbase-operator.crt") and private key + (data key "couchbase-operator.key"). + type: string + serverSecret: + description: |- + ServerSecret is a secret name containing TLS certs used by each Couchbase member pod + for the communication between Couchbase server and its clients. The secret must + contain a certificate chain (data key "chain.pem") and a private + key (data key "pkey.key"). The private key must be in the PKCS#1 RSA + format. The certificate chain must have a required set of X.509v3 subject alternative + names for all cluster addressing modes. See the Operator TLS documentation for more + information. + type: string + type: object + tlsMinimumVersion: + default: TLS1.2 + description: |- + TLSMinimumVersion specifies the minimum TLS version the Couchbase server can + negotiate with a client. Must be one of TLS1.0, TLS1.1 TLS1.2 or TLS1.3, + defaulting to TLS1.2. TLS1.3 is only valid for Couchbase Server 7.1.0 onward. + TLS1.0 and TLS1.1 are not valid for Couchbase Server 7.6.0 onward. + enum: + - TLS1.0 + - TLS1.1 + - TLS1.2 + - TLS1.3 + type: string + type: object + waitForAddressReachable: + default: 10m + description: |- + WaitForAddressReachable is used to set the timeout between when polling of + external addresses is started, and when it is deemed a failure. Polling of + DNS name availability inherently dangerous due to negative caching, so prefer + the use of an initial `waitForAddressReachableDelay` to allow propagation. + type: string + waitForAddressReachableDelay: + default: 2m + description: |- + WaitForAddressReachableDelay is used to defer operator checks that + ensure external addresses are reachable before new nodes are balanced + in to the cluster. This prevents negative DNS caching while waiting + for external-DDNS controllers to propagate addresses. + type: string + type: object + onlineVolumeExpansionTimeoutInMins: + description: |- + OnlineVolumeExpansionTimeoutInMins must be provided as a retry mechanism with a timeout in minutes + for expanding volumes. This must only be provided, if EnableOnlineVolumeExpansion is set to true. + Value must be between 0 and 30. + If no value is provided, then it defaults to 10 minutes. + maximum: 30 + minimum: 0 + type: integer + paused: + description: |- + Paused is to pause the control of the operator for the Couchbase cluster. + This does not pause the cluster itself, instead stopping the operator from + taking any action. + type: boolean + platform: + description: |- + Platform gives a hint as to what platform we are running on and how + to configure services. This field must be one of "aws", "gke" or "azure". + enum: + - aws + - gce + - azure + type: string + recoveryPolicy: + description: |- + RecoveryPolicy controls how aggressive the Operator is when recovering cluster + topology. When PrioritizeDataIntegrity, the Operator will delegate failover + exclusively to Couchbase server, relying on it to only allow recovery when safe to + do so. When PrioritizeUptime, the Operator will wait for a period after the + expected auto-failover of the cluster, before forcefully failing-over the pods. + This may cause data loss, and is only expected to be used on clusters with ephemeral + data, where the loss of the pod means that the data is known to be unrecoverable. + This field must be either "PrioritizeDataIntegrity" or "PrioritizeUptime", defaulting + to "PrioritizeDataIntegrity". + enum: + - PrioritizeDataIntegrity + - PrioritizeUptime + type: string + rollingUpgrade: + description: |- + When `spec.upgradeStrategy` is set to `RollingUpgrade` it will, by default, upgrade one pod + at a time. If this field is specified then that number can be increased. + properties: + maxUpgradable: + description: |- + MaxUpgradable allows the number of pods affected by an upgrade at any + one time to be increased. By default a rolling upgrade will + upgrade one pod at a time. This field allows that limit to be removed. + This field must be greater than zero. + The smallest of `maxUpgradable` and `maxUpgradablePercent` takes precedence if + both are defined. + minimum: 1 + type: integer + maxUpgradablePercent: + description: |- + MaxUpgradablePercent allows the number of pods affected by an upgrade at any + one time to be increased. By default a rolling upgrade will + upgrade one pod at a time. This field allows that limit to be removed. + This field must be an integer percentage, e.g. "10%", in the range 1% to 100%. + Percentages are relative to the total cluster size, and rounded down to + the nearest whole number, with a minimum of 1. For example, a 10 pod + cluster, and 25% allowed to upgrade, would yield 2.5 pods per iteration, + rounded down to 2. + The smallest of `maxUpgradable` and `maxUpgradablePercent` takes precedence if + both are defined. + pattern: ^(100|[1-9][0-9]|[1-9])%$ + type: string + type: object + security: + description: |- + Security defines Couchbase cluster security options such as the administrator + account username and password, and user RBAC settings. + properties: + adminSecret: + description: |- + AdminSecret is the name of a Kubernetes secret to use for administrator authentication. + The admin secret must contain the keys "username" and "password". The password data + must be at least 6 characters in length, and not contain the any of the characters + `()<>,;:\"/[]?={}`. + type: string + ldap: + description: |- + LDAP provides settings to authenticate and authorize LDAP users with Couchbase Server. + When specified, the Operator keeps these settings in sync with Cocuhbase Server's + LDAP configuration. Leave empty to manually manage LDAP configuration. + properties: + authenticationEnabled: + default: true + description: |- + AuthenticationEnabled allows users who attempt to access Couchbase Server without having been + added as local users to be authenticated against the specified LDAP Host(s). + type: boolean + authorizationEnabled: + description: |- + AuthorizationEnabled allows authenticated LDAP users to be authorized with RBAC roles granted to + any Couchbase Server group associated with the user. + type: boolean + bindDN: + description: |- + DN to use for searching users and groups synchronization. More info: + https://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html + type: string + bindSecret: + description: |- + BindSecret is the name of a Kubernetes secret to use containing password for LDAP user binding. + The bindSecret must have a key with the name "password" and a value which corresponds to the + password of the binding LDAP user. + type: string + cacert: + description: |- + DEPRECATED - Field is ignored, use tlsSecret. + CA Certificate in PEM format to be used in LDAP server certificate validation. + This cert is the string form of the secret provided to `spec.tls.tlsSecret`. + type: string + cacheValueLifetime: + default: 30000 + description: |- + Lifetime of values in cache in milliseconds. Default 300000 ms. More info: + https://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html + format: int64 + type: integer + encryption: + description: |- + Encryption determines how the connection with the LDAP server should be encrypted. + Encryption may set as either StartTLSExtension, TLS, or false. + When set to "false" then no verification of the LDAP hostname is performed. + When Encryption is StartTLSExtension, or TLS is set then the default behavior is to + use the certificate already loaded into the Couchbase Cluster for certificate validation, + otherwise `ldap.tlsSecret` may be set to override The Couchbase certificate. + enum: + - None + - StartTLSExtension + - TLS + type: string + groupsQuery: + description: |- + LDAP query, to get the users' groups by username in RFC4516 format. More info: + https://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html + type: string + hosts: + description: |- + List of LDAP hosts to provide authentication-support for Couchbase Server. + Host name must be a valid IP address or DNS Name e.g openldap.default.svc, 10.0.92.147. + items: + type: string + minItems: 1 + type: array + middleboxCompMode: + default: true + description: |- + Sets middlebox compatibility mode for LDAP. This option is only available on + Couchbase Server 7.6.0+. + type: boolean + nestedGroupsEnabled: + description: |- + If enabled Couchbase server will try to recursively search for groups + for every discovered ldap group. groups_query will be user for the search. + More info: + https://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html + type: boolean + nestedGroupsMaxDepth: + default: 10 + description: |- + Maximum number of recursive groups requests the server is allowed to perform. + Requires NestedGroupsEnabled. Values between 1 and 100: the default is 10. + More info: + https://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html + format: int64 + maximum: 100 + minimum: 1 + type: integer + port: + default: 389 + description: |- + LDAP port. + This is typically 389 for LDAP, and 636 for LDAPS. + type: integer + serverCertValidation: + description: Whether server certificate validation be enabled. + type: boolean + tlsSecret: + description: |- + TLSSecret is the name of a Kubernetes secret to use explcitly for LDAP ca cert. + If TLSSecret is not provided, certificates found in `couchbaseclusters.spec.networking.tls.rootCAs` + will be used instead. + If provided, the secret must contain the ca to be used under the name "ca.crt". + type: string + userDNMapping: + description: |- + User to distinguished name (DN) mapping. If none is specified, + the username is used as the user’s distinguished name. More info: + https://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html + properties: + query: + description: Query is the LDAP query to run to map from + Couchbase user to LDAP distinguished name. + type: string + template: + description: |- + This field specifies list of templates to use for providing username to DN mapping. + The template may contain a placeholder specified as `%u` to represent the Couchbase + user who is attempting to gain access. + type: string + type: object + required: + - bindSecret + - hosts + - port + type: object + podSecurityContext: + description: |- + PodSecurityContext allows the configuration of the security context for all + Couchbase server pods. When using persistent volumes you may need to set + the fsGroup field in order to write to the volume. For non-root clusters + you must also set runAsUser to 1000, corresponding to the Couchbase user + in official container images. More info: + https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + properties: + fsGroup: + description: |- + A special supplemental group that applies to all containers in a pod. + Some volume types allow the Kubelet to change the ownership of that volume + to be owned by the pod: + + + 1. The owning GID will be the FSGroup + 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- + + + If unset, the Kubelet will not modify the ownership and permissions of any volume. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + fsGroupChangePolicy: + description: |- + fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + before being exposed inside Pod. This field will only apply to + volume types which support fsGroup based ownership(and permissions). + It will have no effect on ephemeral volume types such as: secret, configmaps + and emptydir. + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + Note that this field cannot be set when spec.os.name is windows. + type: string + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in SecurityContext. If set in + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + supplementalGroups: + description: |- + A list of groups applied to the first process run in each container, in addition + to the container's primary GID, the fsGroup (if specified), and group memberships + defined in the container image for the uid of the container process. If unspecified, + no additional groups are added to any container. Note that group memberships + defined in the container image for the uid of the container process are still effective, + even if they are not included in this list. + Note that this field cannot be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + sysctls: + description: |- + Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + rbac: + description: RBAC is the options provided for enabling and selecting + RBAC User resources to manage. + properties: + managed: + description: Managed defines whether RBAC is managed by us + or the clients. + type: boolean + selector: + description: |- + Selector is a label selector used to list RBAC resources in the namespace + that are managed by the Operator. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + securityContext: + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + Use securityContext.allowPrivilegeEscalation field to grant more privileges than its parent process. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default is DefaultProcMount which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + uiSessionTimeout: + default: 0 + description: |- + UISessionTimeout sets how long, in minutes, before a user is declared inactive + and signed out from the Couchbase Server UI. + 0 represents no time out. + maximum: 16666 + minimum: 0 + type: integer + required: + - adminSecret + type: object + securityContext: + description: |- + DEPRECATED - by spec.security.securityContext + SecurityContext allows the configuration of the security context for all + Couchbase server pods. When using persistent volumes you may need to set + the fsGroup field in order to write to the volume. For non-root clusters + you must also set runAsUser to 1000, corresponding to the Couchbase user + in official container images. More info: + https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + properties: + fsGroup: + description: |- + A special supplemental group that applies to all containers in a pod. + Some volume types allow the Kubelet to change the ownership of that volume + to be owned by the pod: + + + 1. The owning GID will be the FSGroup + 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- + + + If unset, the Kubelet will not modify the ownership and permissions of any volume. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + fsGroupChangePolicy: + description: |- + fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + before being exposed inside Pod. This field will only apply to + volume types which support fsGroup based ownership(and permissions). + It will have no effect on ephemeral volume types such as: secret, configmaps + and emptydir. + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + Note that this field cannot be set when spec.os.name is windows. + type: string + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in SecurityContext. If set in + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + supplementalGroups: + description: |- + A list of groups applied to the first process run in each container, in addition + to the container's primary GID, the fsGroup (if specified), and group memberships + defined in the container image for the uid of the container process. If unspecified, + no additional groups are added to any container. Note that group memberships + defined in the container image for the uid of the container process are still effective, + even if they are not included in this list. + Note that this field cannot be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + sysctls: + description: |- + Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + serverGroups: + description: |- + ServerGroups define the set of availability zones you want to distribute + pods over, and construct Couchbase server groups for. By default, most + cloud providers will label nodes with the key "topology.kubernetes.io/zone", + the values associated with that key are used here to provide explicit + scheduling by the Operator. You may manually label nodes using the + "topology.kubernetes.io/zone" key, to provide failure-domain + aware scheduling when none is provided for you. Global server groups are + applied to all server classes, and may be overridden on a per-server class + basis to give more control over scheduling and server groups. + items: + type: string + type: array + x-kubernetes-list-type: set + servers: + description: |- + Servers defines server classes for the Operator to provision and manage. + A server class defines what services are running and how many members make + up that class. Specifying multiple server classes allows the Operator to + provision clusters with Multi-Dimensional Scaling (MDS). At least one server + class must be defined, and at least one server class must be running the data + service. + items: + properties: + autoscaleEnabled: + description: |- + AutoscaledEnabled defines whether the autoscaling feature is enabled for this class. + When true, the Operator will create a CouchbaseAutoscaler resource for this + server class. The CouchbaseAutoscaler implements the Kubernetes scale API and + can be controlled by the Kubernetes horizontal pod autoscaler (HPA). + type: boolean + env: + description: Env allows the setting of environment variables + in the Couchbase server container. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be + a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + envFrom: + description: EnvFrom allows the setting of environment variables + in the Couchbase server container. + items: + description: EnvFromSource represents the source of a set + of ConfigMaps + properties: + configMapRef: + description: The ConfigMap to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap must be + defined + type: boolean + type: object + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each + key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + type: object + type: array + image: + description: |- + Image is the container image name that will be used to launch Couchbase + server instances in this server class. You cannot downgrade the Couchbase + version. Across spec.image and all server classes there can only be two + different Couchbase images. Updating this field to a value different than + spec.image will cause an automatic upgrade of the server class. If it isn't + specified then the cluster image will be used. + pattern: ^(.*?(:\d+)?/)?.*?/.*?(:.*?\d+\.\d+\.\d+.*|@sha256:[0-9a-f]{64})$ + type: string + name: + description: |- + Name is a textual name for the server configuration and must be unique. + The name is used by the operator to uniquely identify a server class, + and map pods back to an intended configuration. + type: string + pod: + description: |- + Pod defines a template used to create pod for each Couchbase server + instance. Modifying pod metadata such as labels and annotations will + update the pod in-place. Any other modification will result in a cluster + upgrade in order to fulfill the request. The Operator reserves the right + to modify or replace any field. More info: + https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#pod-v1-core + properties: + metadata: + description: |- + Standard objects metadata. This is a curated version for use with Couchbase + resource templates. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that + may be set by external tools to store and retrieve arbitrary metadata. They + are not queryable and should be preserved when modifying objects. More + info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + spec: + description: PodSpec is a description of a pod. + properties: + activeDeadlineSeconds: + description: |- + Optional duration in seconds the pod may be active on the node relative to + StartTime before the system will actively try to mark it failed and kill associated containers. + Value must be a positive integer. + format: int64 + type: integer + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules + (e.g. co-locate this pod in the same node, zone, + etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over a + set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set + of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the same + node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over a + set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set + of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates + whether a service account token should be automatically + mounted. + type: boolean + dnsConfig: + description: |- + Specifies the DNS parameters of a pod. + Parameters specified here will be merged to the generated DNS + configuration based on DNSPolicy. + properties: + nameservers: + description: |- + A list of DNS name server IP addresses. + This will be appended to the base nameservers generated from DNSPolicy. + Duplicated nameservers will be removed. + items: + type: string + type: array + options: + description: |- + A list of DNS resolver options. + This will be merged with the base options generated from DNSPolicy. + Duplicated entries will be removed. Resolution options given in Options + will override those that appear in the base DNSPolicy. + items: + description: PodDNSConfigOption defines DNS resolver + options of a pod. + properties: + name: + description: Required. + type: string + value: + type: string + type: object + type: array + searches: + description: |- + A list of DNS search domains for host-name lookup. + This will be appended to the base search paths generated from DNSPolicy. + Duplicated search paths will be removed. + items: + type: string + type: array + type: object + dnsPolicy: + description: |- + Set DNS policy for the pod. + Defaults to "ClusterFirst". + Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. + DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. + To have DNS options set along with hostNetwork, you have to specify DNS policy + explicitly to 'ClusterFirstWithHostNet'. + type: string + enableServiceLinks: + description: |- + EnableServiceLinks indicates whether information about services should be injected into pod's + environment variables, matching the syntax of Docker links. + Optional: Defaults to true. + type: boolean + hostIPC: + description: |- + Use the host's ipc namespace. + Optional: Default to false. + type: boolean + hostNetwork: + description: |- + Host networking requested for this pod. Use the host's network namespace. + If this option is set, the ports that will be used must be specified. + Default to false. + type: boolean + hostPID: + description: |- + Use the host's pid namespace. + Optional: Default to false. + type: boolean + hostUsers: + description: |- + Use the host's user namespace. + Optional: Default to true. + If set to true or not present, the pod will be run in the host user namespace, useful + for when the pod needs a feature only available to the host user namespace, such as + loading a kernel module with CAP_SYS_MODULE. + When set to false, a new userns is created for the pod. Setting false is useful for + mitigating container breakout vulnerabilities even allowing users to run their + containers as root without actually having root privileges on the host. + This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature. + type: boolean + imagePullSecrets: + description: |- + ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. + If specified, these secrets will be passed to individual puller implementations for them to use. + More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + type: array + nodeName: + description: |- + NodeName is a request to schedule this pod onto a specific node. If it is non-empty, + the scheduler simply schedules this pod onto that node, assuming that it fits resource + requirements. + type: string + nodeSelector: + additionalProperties: + type: string + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + x-kubernetes-map-type: atomic + os: + description: |- + Specifies the OS of the containers in the pod. + Some pod and container fields are restricted if this is set. + + + If the OS field is set to linux, the following fields must be unset: + -securityContext.windowsOptions + + + If the OS field is set to windows, following fields must be unset: + - spec.hostPID + - spec.hostIPC + - spec.hostUsers + - spec.securityContext.seLinuxOptions + - spec.securityContext.seccompProfile + - spec.securityContext.fsGroup + - spec.securityContext.fsGroupChangePolicy + - spec.securityContext.sysctls + - spec.shareProcessNamespace + - spec.securityContext.runAsUser + - spec.securityContext.runAsGroup + - spec.securityContext.supplementalGroups + - spec.containers[*].securityContext.seLinuxOptions + - spec.containers[*].securityContext.seccompProfile + - spec.containers[*].securityContext.capabilities + - spec.containers[*].securityContext.readOnlyRootFilesystem + - spec.containers[*].securityContext.privileged + - spec.containers[*].securityContext.allowPrivilegeEscalation + - spec.containers[*].securityContext.procMount + - spec.containers[*].securityContext.runAsUser + - spec.containers[*].securityContext.runAsGroup + properties: + name: + description: |- + Name is the name of the operating system. The currently supported values are linux and windows. + Additional value may be defined in future and can be one of: + https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration + Clients should expect to handle additional values and treat unrecognized values in this field as os: null + type: string + required: + - name + type: object + overhead: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. + This field will be autopopulated at admission time by the RuntimeClass admission controller. If + the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. + The RuntimeClass admission controller will reject Pod create requests which have the overhead already + set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value + defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. + More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md + type: object + preemptionPolicy: + description: |- + PreemptionPolicy is the Policy for preempting pods with lower priority. + One of Never, PreemptLowerPriority. + Defaults to PreemptLowerPriority if unset. + type: string + priority: + description: |- + The priority value. Various system components use this field to find the + priority of the pod. When Priority Admission Controller is enabled, it + prevents users from setting this field. The admission controller populates + this field from PriorityClassName. + The higher the value, the higher the priority. + format: int32 + type: integer + priorityClassName: + description: |- + If specified, indicates the pod's priority. "system-node-critical" and + "system-cluster-critical" are two special keywords which indicate the + highest priorities with the former being the highest priority. Any other + name must be defined by creating a PriorityClass object with that name. + If not specified, the pod priority will be default or zero if there is no + default. + type: string + resourceClaims: + description: |- + ResourceClaims defines which ResourceClaims must be allocated + and reserved before the Pod is allowed to start. The resources + will be made available to those containers which consume them + by name. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. + items: + description: |- + PodResourceClaim references exactly one ResourceClaim through a ClaimSource. + It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. + Containers that need access to the ResourceClaim reference it with this name. + properties: + name: + description: |- + Name uniquely identifies this resource claim inside the pod. + This must be a DNS_LABEL. + type: string + source: + description: Source describes where to find the + ResourceClaim. + properties: + resourceClaimName: + description: |- + ResourceClaimName is the name of a ResourceClaim object in the same + namespace as this pod. + type: string + resourceClaimTemplateName: + description: |- + ResourceClaimTemplateName is the name of a ResourceClaimTemplate + object in the same namespace as this pod. + + + The template will be used to create a new ResourceClaim, which will + be bound to this pod. When this pod is deleted, the ResourceClaim + will also be deleted. The pod name and resource name, along with a + generated component, will be used to form a unique name for the + ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses. + + + This field is immutable and no changes will be made to the + corresponding ResourceClaim by the control plane after creating the + ResourceClaim. + type: string + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + runtimeClassName: + description: |- + RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used + to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. + If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an + empty definition that uses the default runtime handler. + More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class + type: string + schedulerName: + description: |- + If specified, the pod will be dispatched by specified scheduler. + If not specified, the pod will be dispatched by default scheduler. + type: string + schedulingGates: + description: |- + SchedulingGates is an opaque list of values that if specified will block scheduling the pod. + If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the + scheduler will not attempt to schedule the pod. + + + SchedulingGates can only be set at pod creation time, and be removed only afterwards. + + + This is a beta feature enabled by the PodSchedulingReadiness feature gate. + items: + description: PodSchedulingGate is associated to a + Pod to guard its scheduling. + properties: + name: + description: |- + Name of the scheduling gate. + Each scheduling gate must have a unique name field. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + serviceAccount: + description: |- + DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. + Deprecated: Use serviceAccountName instead. + type: string + serviceAccountName: + description: |- + ServiceAccountName is the name of the ServiceAccount to use to run this pod. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + type: string + setHostnameAsFQDN: + description: |- + If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). + In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). + In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters to FQDN. + If a pod does not have FQDN, this has no effect. + Default to false. + type: boolean + shareProcessNamespace: + description: |- + Share a single process namespace between all of the containers in a pod. + When this is set containers will be able to view and signal processes from other containers + in the same pod, and the first process in each container will not be assigned PID 1. + HostPID and ShareProcessNamespace cannot both be set. + Optional: Default to false. + type: boolean + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + If this value is nil, the default grace period will be used instead. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + Defaults to 30 seconds. + format: int64 + type: integer + tolerations: + description: If specified, the pod's tolerations. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: |- + TopologySpreadConstraints describes how a group of pods ought to spread across topology + domains. Scheduler will schedule pods in a way which abides by the constraints. + All topologySpreadConstraints are ANDed. + items: + description: TopologySpreadConstraint specifies how + to spread matching pods among the given topology. + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + items: + type: string + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + format: int32 + type: integer + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + + + This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). + format: int32 + type: integer + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + + If this value is nil, the behavior is equivalent to the Honor policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + + If this value is nil, the behavior is equivalent to the Ignore policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + type: object + type: object + resources: + description: |- + Resources are the resource requirements for the Couchbase server container. + This field overrides any automatic allocation as defined by + `spec.autoResourceAllocation`. + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + serverGroups: + description: |- + ServerGroups define the set of availability zones you want to distribute + pods over, and construct Couchbase server groups for. By default, most + cloud providers will label nodes with the key "topology.kubernetes.io/zone", + the values associated with that key are used here to provide explicit + scheduling by the Operator. You may manually label nodes using the + "topology.kubernetes.io/zone" key, to provide failure-domain + aware scheduling when none is provided for you. Global server groups are + applied to all server classes, and may be overridden on a per-server class + basis to give more control over scheduling and server groups. + items: + type: string + type: array + x-kubernetes-list-type: set + services: + description: |- + Services is the set of Couchbase services to run on this server class. + At least one class must contain the data service. The field may contain + any of "data", "index", "query", "search", "eventing" or "analytics". + Each service may only be specified once. + items: + description: Supported services + enum: + - admin + - data + - index + - query + - search + - eventing + - analytics + type: string + type: array + x-kubernetes-list-type: set + size: + description: |- + Size is the expected requested of the server class. This field + must be greater than or equal to 1. + minimum: 1 + type: integer + volumeMounts: + description: VolumeMounts define persistent volume claims to + attach to pod. + properties: + analytics: + description: |- + AnalyticsClaims are persistent volumes that encompass analytics storage associated + with the analytics service. Analytics claims can only be used on server classes + running the analytics service, and must be used in conjunction with the default claim. + This field allows the analytics service to use different storage media (e.g. SSD), and + scale horizontally, to improve performance of this service. This field references a volume + claim template name as defined in "spec.volumeClaimTemplates". + items: + type: string + type: array + data: + description: |- + DataClaim is a persistent volume that encompasses key/value storage associated + with the data service. The data claim can only be used on server classes running + the data service, and must be used in conjunction with the default claim. This + field allows the data service to use different storage media (e.g. SSD) to + improve performance of this service. This field references a volume + claim template name as defined in "spec.volumeClaimTemplates". + type: string + default: + description: |- + DefaultClaim is a persistent volume that encompasses all Couchbase persistent + data, including document storage, indexes and logs. The default volume can be + used with any server class. Use of the default claim allows the Operator to + recover failed pods from the persistent volume far quicker than if the pod were + using ephemeral storage. The default claim cannot be used at the same time + as the logs claim within the same server class. This field references a volume + claim template name as defined in "spec.volumeClaimTemplates". + type: string + index: + description: |- + IndexClaim s a persistent volume that encompasses index storage associated + with the index and search services. The index claim can only be used on server classes running + the index or search services, and must be used in conjunction with the default claim. This + field allows the index and/or search service to use different storage media (e.g. SSD) to + improve performance of this service. This field references a volume + claim template name as defined in "spec.volumeClaimTemplates". + Whilst this references index primarily, note that the full text search (FTS) service + also uses this same mount. + type: string + logs: + description: |- + LogsClaim is a persistent volume that encompasses only Couchbase server logs to aid + with supporting the product. The logs claim can only be used on server classes running + the following services: query, search & eventing. The logs claim cannot be used at the same + time as the default claim within the same server class. This field references a volume + claim template name as defined in "spec.volumeClaimTemplates". + Whilst the logs claim can be used with the search service, the recommendation is to use the + default claim for these. The reason for this is that a failure of these nodes will require + indexes to be rebuilt and subsequent performance impact. + type: string + type: object + required: + - name + - services + - size + type: object + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + softwareUpdateNotifications: + description: |- + SoftwareUpdateNotifications enables software update notifications in the UI. + When enabled, the UI will alert when a Couchbase server upgrade is available. + type: boolean + upgradeProcess: + description: |- + UpgradeProcess defines the process that will be used when performing a couchbase cluster upgrade. + When SwapRebalance is requested (default), pods will be upgraded using either a RollingUpgrade or + ImmediateUpgrade (determined by UpgradeStrategy). When InPlaceUpgrade is requested, the operator will + perform an in-place upgrade on a best effort basis. InPlaceUpgrade cannot be used if the UpgradeStrategy + is set to ImmediateUpgrade. + enum: + - SwapRebalance + - DeltaRecovery + - InPlaceUpgrade + type: string + upgradeStrategy: + description: |- + UpgradeStrategy controls how aggressive the Operator is when performing a cluster + upgrade. When a rolling upgrade is requested, pods are upgraded one at a time. This + strategy is slower, however less disruptive. When an immediate upgrade strategy is + requested, all pods are upgraded at the same time. This strategy is faster, but more + disruptive. This field must be either "RollingUpgrade" or "ImmediateUpgrade", defaulting + to "RollingUpgrade". + enum: + - RollingUpgrade + - ImmediateUpgrade + type: string + volumeClaimTemplates: + description: |- + VolumeClaimTemplates define the desired characteristics of a volume + that can be requested/claimed by a pod, for example the storage class to + use and the volume size. Volume claim templates are referred to by name + by server class volume mount configuration. + items: + properties: + metadata: + description: |- + Standard objects metadata. This is a curated version for use with Couchbase + resource templates. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that + may be set by external tools to store and retrieve arbitrary metadata. They + are not queryable and should be preserved when modifying objects. More + info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels + type: object + name: + description: |- + Name must be unique within a namespace. Is required when creating + resources, although some resources may allow a client to request the + generation of an appropriate name automatically. Name is primarily intended + for creation idempotence and configuration definition. Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/identifiers#names + type: string + required: + - name + type: object + spec: + description: |- + PersistentVolumeClaimSpec describes the common attributes of storage devices + and allows a Source for provider-specific attributes + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in + PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over volumes to consider + for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + required: + - metadata + - spec + type: object + type: array + xdcr: + description: |- + XDCR defines whether the Operator should manage XDCR, remote clusters and how + to lookup replication resources. + properties: + managed: + description: Managed defines whether XDCR is managed by the operator + or not. + type: boolean + remoteClusters: + description: RemoteClusters is a set of named remote clusters + to establish replications to. + items: + description: RemoteCluster is a reference to a remote cluster + for XDCR. + properties: + authenticationSecret: + description: |- + AuthenticationSecret is a secret used to authenticate when establishing a + remote connection. It is only required when not using mTLS. The secret + must contain a username (secret key "username") and password (secret key + "password"). + type: string + hostname: + description: Hostname is the connection string to use to + connect the remote cluster. To use IPv6, place brackets + (`[`, `]`) around the IPv6 value. + pattern: ^((couchbase|http)(s)?(://))?((\b((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\.|$)){4}\b)|((([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9]))|\[(\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?\s*\]))(:[0-9]{0,5})?(\\{0,1}\?network=[^&]+)?$ + type: string + name: + description: |- + Name of the remote cluster. + Note that, -operator-managed is added as suffix by operator automatically + to the name in order to diffrentiate from non operator managed remote clusters. + type: string + replications: + description: |- + Replications are replication streams from this cluster to the remote one. + This field defines how to look up CouchbaseReplication resources. By default + any CouchbaseReplication resources in the namespace will be considered. + properties: + selector: + description: |- + Selector allows CouchbaseReplication resources to be filtered + based on labels. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + tls: + description: |- + TLS if specified references a resource containing the necessary certificate + data for an encrypted connection. + properties: + secret: + description: |- + Secret references a secret containing the CA certificate (data key "ca"), + and optionally a client certificate (data key "certificate") and key + (data key "key"). + type: string + required: + - secret + type: object + uuid: + description: |- + UUID of the remote cluster. The UUID of a CouchbaseCluster resource + is advertised in the status.clusterId field of the resource. + pattern: ^[0-9a-f]{32}$ + type: string + required: + - hostname + - name + - uuid + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + required: + - image + - security + - servers + type: object + status: + description: ClusterStatus defines any read-only status fields for the + Couchbase server cluster. + properties: + allocations: + description: Allocations shows memory allocations within server classes. + items: + description: ServerClassStatus summarizes memory allocations to + make configuration easier. + properties: + allocatedMemory: + anyOf: + - type: integer + - type: string + description: |- + AllocatedMemory defines the total memory allocated for constrained Couchbase services. + More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + type: string + x-kubernetes-int-or-string: true + allocatedMemoryPercent: + description: |- + AllocatedMemoryPercent is set when memory resources are requested and define how much of + the requested memory is allocated to constrained Couchbase services. + type: integer + analyticsServiceAllocation: + anyOf: + - type: integer + - type: string + description: |- + AnalyticsServiceAllocation is set when the analytics service is enabled for this class and + defines how much memory this service consumes per pod. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + type: string + x-kubernetes-int-or-string: true + dataServiceAllocation: + anyOf: + - type: integer + - type: string + description: |- + DataServiceAllocation is set when the data service is enabled for this class and + defines how much memory this service consumes per pod. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + type: string + x-kubernetes-int-or-string: true + eventingServiceAllocation: + anyOf: + - type: integer + - type: string + description: |- + EventingServiceAllocation is set when the eventing service is enabled for this class and + defines how much memory this service consumes per pod. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + type: string + x-kubernetes-int-or-string: true + indexServiceAllocation: + anyOf: + - type: integer + - type: string + description: |- + IndexServiceAllocation is set when the index service is enabled for this class and + defines how much memory this service consumes per pod. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + type: string + x-kubernetes-int-or-string: true + name: + description: Name is the name of the server class defined in + spec.servers + type: string + requestedMemory: + anyOf: + - type: integer + - type: string + description: |- + RequestedMemory, if set, defines the Kubernetes resource request for the server class. + More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + type: string + x-kubernetes-int-or-string: true + searchServiceAllocation: + anyOf: + - type: integer + - type: string + description: |- + SearchServiceAllocation is set when the search service is enabled for this class and + defines how much memory this service consumes per pod. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + type: string + x-kubernetes-int-or-string: true + unusedMemory: + anyOf: + - type: integer + - type: string + description: |- + UnusedMemory is set when memory resources are requested and is the difference between + the requestedMemory and allocatedMemory. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + type: string + x-kubernetes-int-or-string: true + unusedMemoryPercent: + description: |- + UnusedMemoryPercent is set when memory resources are requested and defines how much + requested memory is not allocated. Couchbase server expects at least a 20% overhead. + type: integer + required: + - name + type: object + type: array + autoscalers: + description: Autscalers describes all the autoscalers managed by the + cluster. + items: + type: string + type: array + buckets: + description: Buckets describes all the buckets managed by the cluster. + items: + properties: + compressionMode: + description: CompressionMode defines how documents are compressed. + type: string + conflictResolution: + description: |- + ConflictResolution is relevant for `couchbase` and `ephemeral` bucket types + and indicates how to resolve conflicts when using multi-master XDCR. + type: string + enableFlush: + description: EnableFlush is whether a client can delete all + documents in a bucket. + type: boolean + enableIndexReplica: + description: EnableIndexReplica is whether indexes against bucket + documents are replicated. + type: boolean + evictionPolicy: + description: |- + EvictionPolicy is relevant for `couchbase` and `ephemeral` bucket types + and indicates how documents are evicted from memory when it is exhausted. + type: string + ioPriority: + description: |- + IoPriority is `low` or `high` depending on the number of threads + spawned for data processing. + type: string + memoryQuota: + description: BucketMemoryQuota is the bucket memory quota in + megabytes. + format: int64 + type: integer + name: + description: BucketName is the full name of the bucket. + type: string + password: + description: BucketPassword will never be populated. + type: string + replicas: + description: BucketReplicas is the number of data replicas. + type: integer + storageBackend: + description: BucketStorageBackend is the storage backend of + the bucket. + type: string + type: + description: BucketType is the type of the bucket. + type: string + required: + - compressionMode + - conflictResolution + - enableFlush + - enableIndexReplica + - evictionPolicy + - ioPriority + - memoryQuota + - name + - password + - replicas + - type + type: object + type: array + clusterId: + description: |- + ClusterID is the unique cluster UUID. This is generated every time + a new cluster is created, so may vary over the lifetime of a cluster + if it is recreated by disaster recovery mechanisms. + type: string + conditions: + description: Current service state of the Couchbase cluster. + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + type: string + lastUpdateTime: + description: Last time the condition status message updated. + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's + last transition. + type: string + status: + description: Status is the status of the condition. Can be one + of True, False, Unknown. + type: string + type: + description: Type is the type of condition. + enum: + - Available + - Balanced + - ManageConfig + - Scaling + - ScalingUp + - ScalingDown + - Upgrading + - Hibernating + - Error + - AutoscaleReady + - Synchronized + type: string + required: + - status + - type + type: object + type: array + controlPaused: + description: |- + ControlPaused indicates if the Operator has acknowledged and paused the + control of the cluster. + type: boolean + currentVersion: + description: |- + CurrentVersion is the current Couchbase version. This reflects the + version of the whole cluster, therefore during upgrade, it is only + updated when the upgrade has completed. + type: string + groups: + description: Groups describes all the groups managed by the cluster. + items: + type: string + type: array + members: + description: Members are the Couchbase members in the cluster. + properties: + ready: + description: |- + Ready are the Couchbase members that are clustered and ready to serve + client requests. The member names are the same as the Couchbase pod names. + items: + type: string + type: array + unready: + description: |- + Unready are the Couchbase members not clustered or unready to serve + client requests. The member names are the same as the Couchbase pod names. + items: + type: string + type: array + type: object + size: + description: |- + Size is the current size of the cluster in terms of pods. Individual + pod status conditions are listed in the members status. + type: integer + users: + description: Users describes all the users managed by the cluster. + items: + type: string + type: array + required: + - size + type: object + required: + - spec + type: object + served: true + storage: true diff --git a/operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbasecollectiongroups.couchbase.com.yaml b/operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbasecollectiongroups.couchbase.com.yaml new file mode 100644 index 000000000..311cf3814 --- /dev/null +++ b/operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbasecollectiongroups.couchbase.com.yaml @@ -0,0 +1,92 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + config.couchbase.com/version: 2.7.0 + controller-gen.kubebuilder.io/version: v0.14.0 + name: couchbasecollectiongroups.couchbase.com +spec: + group: couchbase.com + names: + kind: CouchbaseCollectionGroup + listKind: CouchbaseCollectionGroupList + plural: couchbasecollectiongroups + singular: couchbasecollectiongroup + scope: Namespaced + versions: + - name: v2 + schema: + openAPIV3Schema: + description: |- + CouchbaseCollectionGroup represent the finest grained size of data storage in Couchbase. + Collections contain all documents and indexes in the system. Collections also form + the finest grain basis for role-based access control (RBAC) and cross-datacenter + replication (XDCR). In order to be considered by the Operator, every collection group + must be referenced by a `CouchbaseScope` or `CouchbaseScopeGroup` resource. Unlike the + CouchbaseCollection resource, a collection group represents multiple collections, with + common configuration parameters, to be expressed as a single resource, minimizing required + configuration and Kubernetes API traffic. It also forms the basis of Couchbase RBAC + security boundaries. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of the resource. + properties: + maxTTL: + description: |- + MaxTTL defines how long a document is permitted to exist for, without + modification, until it is automatically deleted. This field takes precedence over + any TTL defined at the bucket level. This is a default, and maximum + time-to-live and may be set to a lower value by the client. If the client specifies + a higher value, then it is truncated to the maximum durability. Documents are + removed by Couchbase, after they have expired, when either accessed, the expiry + pager is run, or the bucket is compacted. When set to 0, then documents are not + expired by default. This field must be a duration in the range 0-2147483648s, + defaulting to 0. More info: + https://golang.org/pkg/time/#ParseDuration + type: string + names: + description: |- + Names specifies the names of the collections. Unlike CouchbaseCollection, which + specifies a single collection, a collection group specifies multiple, and the + collection group must specify at least one collection name. + Any collection names specified must be unique. + Collection names must be 1-251 characters in length, contain only [a-zA-Z0-9_-%] + and not start with either _ or %. + items: + description: |- + ScopeOrCollectionName is a generic type to capture a valid + scope or collection name. These must consist of 1-251 characters, + include only A-Z, a-z, 0-9, -, _ or %, and must not start with + _ (which is an internal marker) or % (which is probably an escape + character in language X). + maxLength: 251 + minLength: 1 + pattern: ^[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,250}$ + type: string + type: array + x-kubernetes-list-type: set + required: + - names + type: object + required: + - spec + type: object + served: true + storage: true diff --git a/operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbasecollections.couchbase.com.yaml b/operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbasecollections.couchbase.com.yaml new file mode 100644 index 000000000..630ec02a4 --- /dev/null +++ b/operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbasecollections.couchbase.com.yaml @@ -0,0 +1,77 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + config.couchbase.com/version: 2.7.0 + controller-gen.kubebuilder.io/version: v0.14.0 + name: couchbasecollections.couchbase.com +spec: + group: couchbase.com + names: + kind: CouchbaseCollection + listKind: CouchbaseCollectionList + plural: couchbasecollections + singular: couchbasecollection + scope: Namespaced + versions: + - name: v2 + schema: + openAPIV3Schema: + description: |- + CouchbaseCollection represent the finest grained size of data storage in Couchbase. + Collections contain all documents and indexes in the system. Collections also form + the finest grain basis for role-based access control (RBAC) and cross-datacenter + replication (XDCR). In order to be considered by the Operator, every collection + must be referenced by a `CouchbaseScope` or `CouchbaseScopeGroup` resource. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + default: {} + description: Spec defines the desired state of the resource. + properties: + maxTTL: + description: |- + MaxTTL defines how long a document is permitted to exist for, without + modification, until it is automatically deleted. This field takes precedence over + any TTL defined at the bucket level. This is a default, and maximum + time-to-live and may be set to a lower value by the client. If the client specifies + a higher value, then it is truncated to the maximum durability. Documents are + removed by Couchbase, after they have expired, when either accessed, the expiry + pager is run, or the bucket is compacted. When set to 0, then documents are not + expired by default. This field must be a duration in the range 0-2147483648s, + defaulting to 0. More info: + https://golang.org/pkg/time/#ParseDuration + type: string + name: + description: |- + Name specifies the name of the collection. By default, the metadata.name is + used to define the collection name, however, due to the limited character set, + this field can be used to override the default and provide the full functionality. + Additionally the `metadata.name` field is a DNS label, and thus limited to 63 + characters, this field must be used if the name is longer than this limit. + Collection names must be 1-251 characters in length, contain only [a-zA-Z0-9_-%] + and not start with either _ or %. + maxLength: 251 + minLength: 1 + pattern: ^[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,250}$ + type: string + type: object + type: object + served: true + storage: true diff --git a/operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbaseephemeralbuckets.couchbase.com.yaml b/operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbaseephemeralbuckets.couchbase.com.yaml new file mode 100644 index 000000000..e810c3b23 --- /dev/null +++ b/operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbaseephemeralbuckets.couchbase.com.yaml @@ -0,0 +1,296 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + config.couchbase.com/version: 2.7.0 + controller-gen.kubebuilder.io/version: v0.14.0 + name: couchbaseephemeralbuckets.couchbase.com +spec: + group: couchbase.com + names: + kind: CouchbaseEphemeralBucket + listKind: CouchbaseEphemeralBucketList + plural: couchbaseephemeralbuckets + singular: couchbaseephemeralbucket + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.memoryQuota + name: memory quota + type: string + - jsonPath: .spec.replicas + name: replicas + type: integer + - jsonPath: .spec.ioPriority + name: io priority + type: string + - jsonPath: .spec.evictionPolicy + name: eviction policy + type: string + - jsonPath: .spec.conflictResolution + name: conflict resolution + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v2 + schema: + openAPIV3Schema: + description: |- + The CouchbaseEphemeralBucket resource defines a set of documents in Couchbase server. + A Couchbase client connects to and operates on a bucket, which provides independent + management of a set documents and a security boundary for role based access control. + A CouchbaseEphemeralBucket provides in-memory only storage and replication for documents + contained by it. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + default: {} + description: |- + CouchbaseEphemeralBucketSpec is the specification for an ephemeral Couchbase bucket + resource, and allows the bucket to be customized. + properties: + compressionMode: + default: passive + description: |- + CompressionMode defines how Couchbase server handles document compression. When + off, documents are stored in memory, and transferred to the client uncompressed. + When passive, documents are stored compressed in memory, and transferred to the + client compressed when requested. When active, documents are stored compresses + in memory and when transferred to the client. This field must be "off", "passive" + or "active", defaulting to "passive". Be aware "off" in YAML 1.2 is a boolean, so + must be quoted as a string in configuration files. + enum: + - "off" + - passive + - active + type: string + conflictResolution: + default: seqno + description: |- + ConflictResolution defines how XDCR handles concurrent write conflicts. Sequence number + based resolution selects the document with the highest sequence number as the most recent. + Timestamp based resolution selects the document that was written to most recently as the + most recent. This field must be "seqno" (sequence based), or "lww" (timestamp based), + defaulting to "seqno". + enum: + - seqno + - lww + type: string + enableFlush: + description: |- + EnableFlush defines whether a client can delete all documents in a bucket. + This field defaults to false. + type: boolean + evictionPolicy: + default: noEviction + description: |- + EvictionPolicy controls how Couchbase handles memory exhaustion. No eviction means + that Couchbase server will make this bucket read-only when memory is exhausted in + order to avoid data loss. NRU eviction will delete documents that haven't been used + recently in order to free up memory. This field must be "noEviction" or "nruEviction", + defaulting to "noEviction". + enum: + - noEviction + - nruEviction + type: string + ioPriority: + default: low + description: |- + IOPriority controls how many threads a bucket has, per pod, to process reads and writes. + This field must be "low" or "high", defaulting to "low". Modification of this field will + cause a temporary service disruption as threads are restarted. + enum: + - low + - high + type: string + maxTTL: + description: |- + MaxTTL defines how long a document is permitted to exist for, without + modification, until it is automatically deleted. This is a default and maximum + time-to-live and may be set to a lower value by the client. If the client specifies + a higher value, then it is truncated to the maximum durability. Documents are + removed by Couchbase, after they have expired, when either accessed, the expiry + pager is run, or the bucket is compacted. When set to 0, then documents are not + expired by default. This field must be a duration in the range 0-2147483648s, + defaulting to 0. More info: + https://golang.org/pkg/time/#ParseDuration + type: string + memoryQuota: + anyOf: + - type: integer + - type: string + default: 100Mi + description: |- + MemoryQuota is a memory limit to the size of a bucket. When this limit is exceeded, + documents will be evicted from memory defined by the eviction policy. The memory quota + is defined per Couchbase pod running the data service. This field defaults to, and must + be greater than or equal to 100Mi. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + type: string + x-kubernetes-int-or-string: true + minimumDurability: + description: |- + MiniumumDurability defines how durable a document write is by default, and can + be made more durable by the client. This feature enables ACID transactions. + When none, Couchbase server will respond when the document is in memory, it will + become eventually consistent across the cluster. When majority, Couchbase server will + respond when the document is replicated to at least half of the pods running the + data service in the cluster. This field must be either "none" or "majority", + defaulting to "none". + enum: + - none + - majority + type: string + name: + description: |- + Name is the name of the bucket within Couchbase server. By default the Operator + will use the `metadata.name` field to define the bucket name. The `metadata.name` + field only supports a subset of the supported character set. When specified, this + field overrides `metadata.name`. Legal bucket names have a maximum length of 100 + characters and may be composed of any character from "a-z", "A-Z", "0-9" and "-_%\.". + maxLength: 100 + pattern: ^[a-zA-Z0-9-_%\.]{1,100}$ + type: string + rank: + default: 0 + description: |- + Rank determines the bucket’s place in the order in which the rebalance process + handles the buckets on the cluster. The higher a bucket’s assigned integer + (in relation to the integers assigned other buckets), the sooner in the + rebalance process the bucket is handled. This assignment of rank allows a + cluster’s most mission-critical data to be rebalanced with top priority. + This option is only supported for Couchbase Server 7.6.0+. + maximum: 1000 + minimum: 0 + type: integer + replicas: + default: 1 + description: |- + Replicas defines how many copies of documents Couchbase server maintains. This directly + affects how fault tolerant a Couchbase cluster is. With a single replica, the cluster + can tolerate one data pod going down and still service requests without data loss. The + number of replicas also affect memory use. With a single replica, the effective memory + quota for documents is halved, with two replicas it is one third. The number of replicas + must be between 0 and 3, defaulting to 1. + maximum: 3 + minimum: 0 + type: integer + scopes: + description: |- + Scopes defines whether the Operator manages scopes for the bucket or not, and + the set of scopes defined for the bucket. + properties: + managed: + description: |- + Managed defines whether scopes are managed for this bucket. + This field is `false` by default, and the Operator will take no actions that + will affect scopes and collections in this bucket. The default scope and + collection will be present. When set to `true`, the Operator will manage + user defined scopes, and optionally, their collections as defined by the + `CouchbaseScope`, `CouchbaseScopeGroup`, `CouchbaseCollection` and + `CouchbaseCollectionGroup` resource documentation. If this field is set to + `false` while the already managed, then the Operator will leave whatever + configuration is already present. + type: boolean + resources: + description: |- + Resources is an explicit list of named resources that will be considered + for inclusion in this bucket. If a resource reference doesn't + match a resource, then no error conditions are raised due to undefined + resource creation ordering and eventual consistency. + items: + properties: + kind: + default: CouchbaseScope + description: |- + Kind indicates the kind of resource that is being referenced. A scope + can only reference `CouchbaseScope` and `CouchbaseScopeGroup` + resource kinds. This field defaults to `CouchbaseScope` if not + specified. + enum: + - CouchbaseScope + - CouchbaseScopeGroup + type: string + name: + description: |- + Name is the name of the Kubernetes resource name that is being referenced. + Legal scope names have a maximum length of 251 + characters and may be composed of any character from "a-z", "A-Z", "0-9" and "_-%". + maxLength: 251 + minLength: 1 + pattern: ^[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,250}$ + type: string + required: + - name + type: object + type: array + selector: + description: |- + Selector allows resources to be implicitly considered for inclusion in this + bucket. More info: + https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#labelselector-v1-meta + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + type: object + type: object + served: true + storage: true diff --git a/operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbasegroups.couchbase.com.yaml b/operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbasegroups.couchbase.com.yaml new file mode 100644 index 000000000..3326688a2 --- /dev/null +++ b/operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbasegroups.couchbase.com.yaml @@ -0,0 +1,370 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + config.couchbase.com/version: 2.7.0 + controller-gen.kubebuilder.io/version: v0.14.0 + name: couchbasegroups.couchbase.com +spec: + group: couchbase.com + names: + kind: CouchbaseGroup + listKind: CouchbaseGroupList + plural: couchbasegroups + singular: couchbasegroup + scope: Namespaced + versions: + - name: v2 + schema: + openAPIV3Schema: + description: CouchbaseGroup allows the automation of Couchbase group management. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: CouchbaseGroupSpec allows the specification of Couchbase + group configuration. + properties: + ldapGroupRef: + description: LDAPGroupRef is a reference to an LDAP group. + type: string + roles: + description: Roles is a list of roles that this group is granted. + items: + properties: + bucket: + description: |- + Bucket name for bucket admin roles. When not specified for a role that can be scoped + to a specific bucket, the role will apply to all buckets in the cluster. + Deprecated: Couchbase Autonomous Operator 2.3 + pattern: ^\*$|^[a-zA-Z0-9-_%\.]+$ + type: string + buckets: + description: |- + Bucket level access to apply to specified role. The bucket must exist. When not specified, + the bucket field will be checked. If both are empty and the role can be scoped to a specific bucket, the role + will apply to all buckets in the cluster + properties: + resources: + description: |- + Resources is an explicit list of named bucket resources that will be considered + for inclusion in this role. If a resource reference doesn't + match a resource, then no error conditions are raised due to undefined + resource creation ordering and eventual consistency. + items: + properties: + kind: + default: CouchbaseBucket + description: |- + Kind indicates the kind of resource that is being referenced. A Role + can only reference `CouchbaseBucket` kind. This field defaults + to `CouchbaseBucket` if not specified. + enum: + - CouchbaseBucket + type: string + name: + description: Name is the name of the Kubernetes resource + name that is being referenced. + type: string + required: + - name + type: object + type: array + selector: + description: |- + Selector allows resources to be implicitly considered for inclusion in this + role. More info: + https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#labelselector-v1-meta + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + collections: + description: |- + Collection level access to apply to the specified role. The collection must exist. + When not specified, the role is subject to scope or bucket level access. + properties: + resources: + description: |- + Resources is an explicit list of named resources that will be considered + for inclusion in this collection or collections. If a resource reference doesn't + match a resource, then no error conditions are raised due to undefined + resource creation ordering and eventual consistency. + items: + properties: + kind: + default: CouchbaseCollection + description: |- + Kind indicates the kind of resource that is being referenced. A scope + can only reference `CouchbaseCollection` and `CouchbaseCollectionGroup` + resource kinds. This field defaults to `CouchbaseCollection` if not + specified. + enum: + - CouchbaseCollection + - CouchbaseCollectionGroup + type: string + name: + description: |- + Name is the name of the Kubernetes resource name that is being referenced. + Legal collection names have a maximum length of 251 + characters and may be composed of any character from "a-z", "A-Z", "0-9" and "_-%". + maxLength: 251 + minLength: 1 + pattern: ^[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,250}$ + type: string + required: + - name + type: object + type: array + selector: + description: |- + Selector allows resources to be implicitly considered for inclusion in this + collection or collections. More info: + https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#labelselector-v1-meta + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + name: + description: Name of role. + enum: + - admin + - analytics_admin + - analytics_manager + - analytics_reader + - analytics_select + - backup_admin + - bucket_admin + - bucket_full_access + - cluster_admin + - data_backup + - data_dcp_reader + - data_monitoring + - data_reader + - data_writer + - eventing_admin + - external_stats_reader + - fts_admin + - fts_searcher + - mobile_sync_gateway + - mobile_sync_gateway_application + - mobile_sync_gateway_application_read_only + - mobile_sync_gateway_architect + - mobile_sync_gateway_dev_ops + - mobile_sync_gateway_replicator + - query_delete + - query_execute_external_functions + - query_execute_functions + - query_execute_global_external_functions + - query_execute_global_functions + - query_external_access + - query_insert + - query_manage_external_functions + - query_manage_functions + - query_manage_global_external_functions + - query_manage_global_functions + - query_manage_index + - query_select + - query_system_catalog + - query_update + - replication_admin + - replication_target + - ro_admin + - scope_admin + - security_admin + - security_admin_external + - security_admin_local + - views_admin + - views_reader + - eventing_manage_functions + type: string + scopes: + description: |- + Scope level access to apply to specified role. The scope must exist. When not specified, + the role will apply to selected bucket or all buckets in the cluster. + properties: + resources: + description: |- + Resources is an explicit list of named resources that will be considered + for inclusion in this scope or scopes. If a resource reference doesn't + match a resource, then no error conditions are raised due to undefined + resource creation ordering and eventual consistency. + items: + properties: + kind: + default: CouchbaseScope + description: |- + Kind indicates the kind of resource that is being referenced. A scope + can only reference `CouchbaseScope` and `CouchbaseScopeGroup` + resource kinds. This field defaults to `CouchbaseScope` if not + specified. + enum: + - CouchbaseScope + - CouchbaseScopeGroup + type: string + name: + description: |- + Name is the name of the Kubernetes resource name that is being referenced. + Legal scope names have a maximum length of 251 + characters and may be composed of any character from "a-z", "A-Z", "0-9" and "_-%". + maxLength: 251 + minLength: 1 + pattern: ^[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,250}$ + type: string + required: + - name + type: object + type: array + selector: + description: |- + Selector allows resources to be implicitly considered for inclusion in this + scope or scopes. More info: + https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#labelselector-v1-meta + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + required: + - roles + type: object + required: + - spec + type: object + served: true + storage: true diff --git a/operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbasememcachedbuckets.couchbase.com.yaml b/operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbasememcachedbuckets.couchbase.com.yaml new file mode 100644 index 000000000..868fe04da --- /dev/null +++ b/operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbasememcachedbuckets.couchbase.com.yaml @@ -0,0 +1,87 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + config.couchbase.com/version: 2.7.0 + controller-gen.kubebuilder.io/version: v0.14.0 + name: couchbasememcachedbuckets.couchbase.com +spec: + group: couchbase.com + names: + kind: CouchbaseMemcachedBucket + listKind: CouchbaseMemcachedBucketList + plural: couchbasememcachedbuckets + singular: couchbasememcachedbucket + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.memoryQuota + name: memory quota + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v2 + schema: + openAPIV3Schema: + description: |- + The CouchbaseMemcachedBucket resource defines a set of documents in Couchbase server. + A Couchbase client connects to and operates on a bucket, which provides independent + management of a set documents and a security boundary for role based access control. + A CouchbaseEphemeralBucket provides in-memory only storage for documents contained by it. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + default: {} + description: |- + CouchbaseMemcachedBucketSpec is the specification for a Memcached bucket + resource, and allows the bucket to be customized. + properties: + enableFlush: + description: |- + EnableFlush defines whether a client can delete all documents in a bucket. + This field defaults to false. + type: boolean + memoryQuota: + anyOf: + - type: integer + - type: string + default: 100Mi + description: |- + MemoryQuota is a memory limit to the size of a bucket. The memory quota + is defined per Couchbase pod running the data service. This field defaults to, and must + be greater than or equal to 100Mi. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + type: string + x-kubernetes-int-or-string: true + name: + description: |- + Name is the name of the bucket within Couchbase server. By default the Operator + will use the `metadata.name` field to define the bucket name. The `metadata.name` + field only supports a subset of the supported character set. When specified, this + field overrides `metadata.name`. Legal bucket names have a maximum length of 100 + characters and may be composed of any character from "a-z", "A-Z", "0-9" and "-_%\.". + maxLength: 100 + pattern: ^[a-zA-Z0-9-_%\.]{1,100}$ + type: string + type: object + type: object + served: true + storage: true diff --git a/operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbasemigrationreplications.couchbase.com.yaml b/operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbasemigrationreplications.couchbase.com.yaml new file mode 100644 index 000000000..e6af1705f --- /dev/null +++ b/operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbasemigrationreplications.couchbase.com.yaml @@ -0,0 +1,155 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + config.couchbase.com/version: 2.7.0 + controller-gen.kubebuilder.io/version: v0.14.0 + name: couchbasemigrationreplications.couchbase.com +spec: + group: couchbase.com + names: + kind: CouchbaseMigrationReplication + listKind: CouchbaseMigrationReplicationList + plural: couchbasemigrationreplications + singular: couchbasemigrationreplication + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.bucket + name: bucket + type: string + - jsonPath: .spec.remoteBucket + name: remote bucket + type: string + - jsonPath: .spec.paused + name: paused + type: boolean + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v2 + schema: + openAPIV3Schema: + description: |- + The CouchbaseScopeMigration resource represents the use of the special migration mapping + within XDCR to take a filtered list from the default scope and collection of the source bucket, + replicate it to named scopes and collections within the target bucket. + The bucket-to-bucket replication cannot duplicate any used by the CouchbaseReplication resource, + as these two types of replication are mutually exclusive between buckets. + https://docs.couchbase.com/server/current/learn/clusters-and-availability/xdcr-with-scopes-and-collections.html#migration + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + migrationMapping: + description: The migration mappings to use, should never be empty as that + is just an implicit bucket-to-bucket replication then. + properties: + mappings: + description: The migration mappings to use, should never be empty + as that is just an implicit bucket-to-bucket replication then. + items: + description: |- + Indicates whether this is using migration mapping or not. + This is only valid when using the default scope/collection. + properties: + filter: + default: _default._default + description: |- + A filter to select from the source default scope and collection. + Defaults to select everything in the default scope and collection. + type: string + targetKeyspace: + description: The destination of our migration, must be a scope + and collection. + properties: + collection: + description: The optional collection within the scope. May + be empty to just work at scope level. + maxLength: 251 + minLength: 1 + pattern: ^(_default|[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,250})$ + type: string + scope: + description: The scope to use. + maxLength: 251 + minLength: 1 + pattern: ^(_default|[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,250})$ + type: string + required: + - scope + type: object + required: + - targetKeyspace + type: object + type: array + required: + - mappings + type: object + spec: + description: CouchbaseReplicationSpec allows configuration of an XDCR + replication. + properties: + bucket: + description: |- + Bucket is the source bucket to replicate from. This refers to the Couchbase + bucket name, not the resource name of the bucket. A bucket with this name must + be defined on this cluster. Legal bucket names have a maximum length of 100 + characters and may be composed of any character from "a-z", "A-Z", "0-9" and "-_%\.". + maxLength: 100 + pattern: ^[a-zA-Z0-9-_%\.]{1,100}$ + type: string + compressionType: + default: Auto + description: |- + CompressionType is the type of compression to apply to the replication. + When None, no compression will be applied to documents as they are + transferred between clusters. When Auto, Couchbase server will automatically + compress documents as they are transferred to reduce bandwidth requirements. + This field must be one of "None" or "Auto", defaulting to "Auto". + enum: + - None + - Auto + type: string + filterExpression: + description: FilterExpression allows certain documents to be filtered + out of the replication. + type: string + paused: + description: |- + Paused allows a replication to be stopped and restarted without having to + restart the replication from the beginning. + type: boolean + remoteBucket: + description: |- + RemoteBucket is the remote bucket name to synchronize to. This refers to the + Couchbase bucket name, not the resource name of the bucket. Legal bucket names + have a maximum length of 100 characters and may be composed of any character from + "a-z", "A-Z", "0-9" and "-_%\.". + maxLength: 100 + pattern: ^[a-zA-Z0-9-_%\.]{1,100}$ + type: string + required: + - bucket + - remoteBucket + type: object + required: + - migrationMapping + - spec + type: object + served: true + storage: true diff --git a/operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbasereplications.couchbase.com.yaml b/operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbasereplications.couchbase.com.yaml new file mode 100644 index 000000000..50ae8cf04 --- /dev/null +++ b/operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbasereplications.couchbase.com.yaml @@ -0,0 +1,214 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + config.couchbase.com/version: 2.7.0 + controller-gen.kubebuilder.io/version: v0.14.0 + name: couchbasereplications.couchbase.com +spec: + group: couchbase.com + names: + kind: CouchbaseReplication + listKind: CouchbaseReplicationList + plural: couchbasereplications + singular: couchbasereplication + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.bucket + name: bucket + type: string + - jsonPath: .spec.remoteBucket + name: remote bucket + type: string + - jsonPath: .spec.paused + name: paused + type: boolean + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v2 + schema: + openAPIV3Schema: + description: |- + The CouchbaseReplication resource represents a Couchbase-to-Couchbase, XDCR replication + stream from a source bucket to a destination bucket. This provides off-site backup, + migration, and disaster recovery. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + explicitMapping: + description: |- + The explicit mappings to use for replication which are optional. + For Scopes and Collection replication support we can specify a set of implicit and + explicit mappings to use. If none is specified then it is assumed to be existing + bucket level replication. + https://docs.couchbase.com/server/current/learn/clusters-and-availability/xdcr-with-scopes-and-collections.html#explicit-mapping + properties: + allowRules: + description: |- + The list of explicit replications to carry out including any nested implicit replications: + specifying a scope implicitly replicates all collections within it. + There should be no duplicates, including more-specific duplicates, e.g. if you specify replication + of a scope then you can only deny replication of collections within it. + items: + description: |- + CouchbaseAllowReplicationMapping is to cover Scope and Collection explicit replication. + If a scope is defined then it implicitly allows all collections unless a more specific + CouchbaseDenyReplicationMapping rule is present to block it. + Once a rule is defined at scope level it should not be redefined at collection level. + https://docs.couchbase.com/server/current/learn/clusters-and-availability/xdcr-with-scopes-and-collections.html + properties: + sourceKeyspace: + description: |- + The source keyspace: where to replicate from. + Source and target must match whether they have a collection or not, i.e. you cannot + replicate from a scope to a collection. + properties: + collection: + description: The optional collection within the scope. May + be empty to just work at scope level. + maxLength: 251 + minLength: 1 + pattern: ^(_default|[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,250})$ + type: string + scope: + description: The scope to use. + maxLength: 251 + minLength: 1 + pattern: ^(_default|[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,250})$ + type: string + required: + - scope + type: object + targetKeyspace: + description: |- + The target keyspace: where to replicate to. + Source and target must match whether they have a collection or not, i.e. you cannot + replicate from a scope to a collection. + properties: + collection: + description: The optional collection within the scope. May + be empty to just work at scope level. + maxLength: 251 + minLength: 1 + pattern: ^(_default|[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,250})$ + type: string + scope: + description: The scope to use. + maxLength: 251 + minLength: 1 + pattern: ^(_default|[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,250})$ + type: string + required: + - scope + type: object + required: + - sourceKeyspace + - targetKeyspace + type: object + type: array + denyRules: + description: |- + The list of explicit replications to prevent including any nested implicit denials: + specifying a scope implicitly denies all collections within it. + There should be no duplicates, including more-specific duplicates, e.g. if you specify denial of + replication of a scope then you can only specify replication of collections within it. + items: + description: |- + Provide rules to block implicit replication at scope or collection level. + You may want to implicitly map all scopes or collections except a specific one (or set) so this + is a better way to express that by creating rules just for those to deny. + properties: + sourceKeyspace: + description: 'The source keyspace: where to block replication + from.' + properties: + collection: + description: The optional collection within the scope. May + be empty to just work at scope level. + maxLength: 251 + minLength: 1 + pattern: ^(_default|[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,250})$ + type: string + scope: + description: The scope to use. + maxLength: 251 + minLength: 1 + pattern: ^(_default|[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,250})$ + type: string + required: + - scope + type: object + required: + - sourceKeyspace + type: object + type: array + type: object + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: CouchbaseReplicationSpec allows configuration of an XDCR + replication. + properties: + bucket: + description: |- + Bucket is the source bucket to replicate from. This refers to the Couchbase + bucket name, not the resource name of the bucket. A bucket with this name must + be defined on this cluster. Legal bucket names have a maximum length of 100 + characters and may be composed of any character from "a-z", "A-Z", "0-9" and "-_%\.". + maxLength: 100 + pattern: ^[a-zA-Z0-9-_%\.]{1,100}$ + type: string + compressionType: + default: Auto + description: |- + CompressionType is the type of compression to apply to the replication. + When None, no compression will be applied to documents as they are + transferred between clusters. When Auto, Couchbase server will automatically + compress documents as they are transferred to reduce bandwidth requirements. + This field must be one of "None" or "Auto", defaulting to "Auto". + enum: + - None + - Auto + type: string + filterExpression: + description: FilterExpression allows certain documents to be filtered + out of the replication. + type: string + paused: + description: |- + Paused allows a replication to be stopped and restarted without having to + restart the replication from the beginning. + type: boolean + remoteBucket: + description: |- + RemoteBucket is the remote bucket name to synchronize to. This refers to the + Couchbase bucket name, not the resource name of the bucket. Legal bucket names + have a maximum length of 100 characters and may be composed of any character from + "a-z", "A-Z", "0-9" and "-_%\.". + maxLength: 100 + pattern: ^[a-zA-Z0-9-_%\.]{1,100}$ + type: string + required: + - bucket + - remoteBucket + type: object + required: + - spec + type: object + served: true + storage: true diff --git a/operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbaserolebindings.couchbase.com.yaml b/operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbaserolebindings.couchbase.com.yaml new file mode 100644 index 000000000..4847a42fa --- /dev/null +++ b/operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbaserolebindings.couchbase.com.yaml @@ -0,0 +1,85 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + config.couchbase.com/version: 2.7.0 + controller-gen.kubebuilder.io/version: v0.14.0 + name: couchbaserolebindings.couchbase.com +spec: + group: couchbase.com + names: + kind: CouchbaseRoleBinding + listKind: CouchbaseRoleBindingList + plural: couchbaserolebindings + singular: couchbaserolebinding + scope: Namespaced + versions: + - name: v2 + schema: + openAPIV3Schema: + description: CouchbaseRoleBinding allows association of Couchbase users with + groups. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + CouchbaseRoleBindingSpec defines the group of subjects i.e. users, and the + role i.e. group they are a member of. + properties: + roleRef: + description: CouchbaseGroup being bound to subjects. + properties: + kind: + description: Kind of role to use for binding. + enum: + - CouchbaseGroup + type: string + name: + description: Name of role resource to use for binding. + type: string + required: + - kind + - name + type: object + subjects: + description: List of users to bind a role to. + items: + properties: + kind: + description: Couchbase user/group kind. + enum: + - CouchbaseUser + type: string + name: + description: Name of Couchbase user resource. + type: string + required: + - kind + - name + type: object + type: array + required: + - roleRef + - subjects + type: object + required: + - spec + type: object + served: true + storage: true diff --git a/operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbasescopegroups.couchbase.com.yaml b/operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbasescopegroups.couchbase.com.yaml new file mode 100644 index 000000000..b2bf849ab --- /dev/null +++ b/operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbasescopegroups.couchbase.com.yaml @@ -0,0 +1,185 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + config.couchbase.com/version: 2.7.0 + controller-gen.kubebuilder.io/version: v0.14.0 + name: couchbasescopegroups.couchbase.com +spec: + group: couchbase.com + names: + kind: CouchbaseScopeGroup + listKind: CouchbaseScopeGroupList + plural: couchbasescopegroups + singular: couchbasescopegroup + scope: Namespaced + versions: + - name: v2 + schema: + openAPIV3Schema: + description: |- + CouchbaseScopeGroup represents a logical unit of data storage that sits between buckets and + collections e.g. a bucket may contain multiple scopes, and a scope may contain multiple + collections. At present, scopes are not nested, so provide only a single level of + abstraction. Scopes provide a coarser grained basis for role-based access control (RBAC) + and cross-datacenter replication (XDCR) than collections, but finer that buckets. + In order to be considered by the Operator, a scope must be referenced by either a + `CouchbaseBucket` or `CouchbaseEphemeralBucket` resource. + Unlike `CouchbaseScope` resources, scope groups represents multiple scopes, with the same + common set of collections, to be expressed as a single resource, minimizing required + configuration and Kubernetes API traffic. It also forms the basis of Couchbase RBAC + security boundaries. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of the resource. + properties: + collections: + description: |- + Collections defines how to collate collections included in this scope or scope group. + Any of the provided methods may be used to collate a set of collections to + manage. Collated collections must have unique names, otherwise it is + considered ambiguous, and an error condition. + properties: + managed: + description: |- + Managed indicates whether collections within this scope are managed. + If not then you can dynamically create and delete collections with + the Couchbase UI or SDKs. + type: boolean + preserveDefaultCollection: + description: |- + PreserveDefaultCollection indicates whether the Operator should manage the + default collection within the default scope. The default collection can + be deleted, but can not be recreated by Couchbase Server. By setting this + field to `true`, the Operator will implicitly manage the default collection + within the default scope. The default collection cannot be modified and + will have no document time-to-live (TTL). When set to `false`, the operator + will not manage the default collection, which will be deleted and cannot be + used or recreated. + type: boolean + resources: + description: |- + Resources is an explicit list of named resources that will be considered + for inclusion in this scope or scopes. If a resource reference doesn't + match a resource, then no error conditions are raised due to undefined + resource creation ordering and eventual consistency. + items: + properties: + kind: + default: CouchbaseCollection + description: |- + Kind indicates the kind of resource that is being referenced. A scope + can only reference `CouchbaseCollection` and `CouchbaseCollectionGroup` + resource kinds. This field defaults to `CouchbaseCollection` if not + specified. + enum: + - CouchbaseCollection + - CouchbaseCollectionGroup + type: string + name: + description: |- + Name is the name of the Kubernetes resource name that is being referenced. + Legal collection names have a maximum length of 251 + characters and may be composed of any character from "a-z", "A-Z", "0-9" and "_-%". + maxLength: 251 + minLength: 1 + pattern: ^[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,250}$ + type: string + required: + - name + type: object + type: array + selector: + description: |- + Selector allows resources to be implicitly considered for inclusion in this + scope or scopes. More info: + https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#labelselector-v1-meta + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + names: + description: |- + Names specifies the names of the scopes. Unlike CouchbaseScope, which + specifies a single scope, a scope group specifies multiple, and the + scope group must specify at least one scope name. + Any scope names specified must be unique. + Scope names must be 1-251 characters in length, contain only [a-zA-Z0-9_-%] + and not start with either _ or %. + items: + description: |- + ScopeOrCollectionName is a generic type to capture a valid + scope or collection name. These must consist of 1-251 characters, + include only A-Z, a-z, 0-9, -, _ or %, and must not start with + _ (which is an internal marker) or % (which is probably an escape + character in language X). + maxLength: 251 + minLength: 1 + pattern: ^[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,250}$ + type: string + type: array + x-kubernetes-list-type: set + required: + - names + type: object + required: + - spec + type: object + served: true + storage: true diff --git a/operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbasescopes.couchbase.com.yaml b/operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbasescopes.couchbase.com.yaml new file mode 100644 index 000000000..9475ab62c --- /dev/null +++ b/operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbasescopes.couchbase.com.yaml @@ -0,0 +1,180 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + config.couchbase.com/version: 2.7.0 + controller-gen.kubebuilder.io/version: v0.14.0 + name: couchbasescopes.couchbase.com +spec: + group: couchbase.com + names: + kind: CouchbaseScope + listKind: CouchbaseScopeList + plural: couchbasescopes + singular: couchbasescope + scope: Namespaced + versions: + - name: v2 + schema: + openAPIV3Schema: + description: |- + CouchbaseScope represents a logical unit of data storage that sits between buckets and + collections e.g. a bucket may contain multiple scopes, and a scope may contain multiple + collections. At present, scopes are not nested, so provide only a single level of + abstraction. Scopes provide a coarser grained basis for role-based access control (RBAC) + and cross-datacenter replication (XDCR) than collections, but finer that buckets. + In order to be considered by the Operator, a scope must be referenced by either a + `CouchbaseBucket` or `CouchbaseEphemeralBucket` resource. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + default: {} + description: Spec defines the desired state of the resource. + properties: + collections: + description: |- + Collections defines how to collate collections included in this scope or scope group. + Any of the provided methods may be used to collate a set of collections to + manage. Collated collections must have unique names, otherwise it is + considered ambiguous, and an error condition. + properties: + managed: + description: |- + Managed indicates whether collections within this scope are managed. + If not then you can dynamically create and delete collections with + the Couchbase UI or SDKs. + type: boolean + preserveDefaultCollection: + description: |- + PreserveDefaultCollection indicates whether the Operator should manage the + default collection within the default scope. The default collection can + be deleted, but can not be recreated by Couchbase Server. By setting this + field to `true`, the Operator will implicitly manage the default collection + within the default scope. The default collection cannot be modified and + will have no document time-to-live (TTL). When set to `false`, the operator + will not manage the default collection, which will be deleted and cannot be + used or recreated. + type: boolean + resources: + description: |- + Resources is an explicit list of named resources that will be considered + for inclusion in this scope or scopes. If a resource reference doesn't + match a resource, then no error conditions are raised due to undefined + resource creation ordering and eventual consistency. + items: + properties: + kind: + default: CouchbaseCollection + description: |- + Kind indicates the kind of resource that is being referenced. A scope + can only reference `CouchbaseCollection` and `CouchbaseCollectionGroup` + resource kinds. This field defaults to `CouchbaseCollection` if not + specified. + enum: + - CouchbaseCollection + - CouchbaseCollectionGroup + type: string + name: + description: |- + Name is the name of the Kubernetes resource name that is being referenced. + Legal collection names have a maximum length of 251 + characters and may be composed of any character from "a-z", "A-Z", "0-9" and "_-%". + maxLength: 251 + minLength: 1 + pattern: ^[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,250}$ + type: string + required: + - name + type: object + type: array + selector: + description: |- + Selector allows resources to be implicitly considered for inclusion in this + scope or scopes. More info: + https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#labelselector-v1-meta + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + defaultScope: + description: |- + DefaultScope indicates whether this resource represents the default scope + for a bucket. When set to `true`, this allows the user to refer to and + manage collections within the default scope. When not defined, the Operator + will implicitly manage the default scope as the default scope can not be + deleted from Couchbase Server. The Operator defined default scope will + also have the `persistDefaultCollection` flag set to `true`. Only one + default scope is permitted to be contained in a bucket. + type: boolean + name: + description: |- + Name specifies the name of the scope. By default, the metadata.name is + used to define the scope name, however, due to the limited character set, + this field can be used to override the default and provide the full functionality. + Additionally the `metadata.name` field is a DNS label, and thus limited to 63 + characters, this field must be used if the name is longer than this limit. + Scope names must be 1-251 characters in length, contain only [a-zA-Z0-9_-%] + and not start with either _ or %. + maxLength: 251 + minLength: 1 + pattern: ^[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,250}$ + type: string + type: object + type: object + served: true + storage: true diff --git a/operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbaseusers.couchbase.com.yaml b/operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbaseusers.couchbase.com.yaml new file mode 100644 index 000000000..c744b60b7 --- /dev/null +++ b/operators/couchbase-enterprise-certified-rhmp/2.7.0-2/manifests/couchbaseusers.couchbase.com.yaml @@ -0,0 +1,63 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + config.couchbase.com/version: 2.7.0 + controller-gen.kubebuilder.io/version: v0.14.0 + name: couchbaseusers.couchbase.com +spec: + group: couchbase.com + names: + kind: CouchbaseUser + listKind: CouchbaseUserList + plural: couchbaseusers + singular: couchbaseuser + scope: Namespaced + versions: + - name: v2 + schema: + openAPIV3Schema: + description: CouchbaseUser allows the automation of Couchbase user management. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: CouchbaseUserSpec allows the specification of Couchbase user + configuration. + properties: + authDomain: + description: The domain which provides user authentication. + enum: + - local + - external + type: string + authSecret: + description: Name of Kubernetes secret with password for Couchbase + domain. + type: string + fullName: + description: Full Name of Couchbase user. + type: string + required: + - authDomain + type: object + required: + - spec + type: object + served: true + storage: true diff --git a/operators/couchbase-enterprise-certified-rhmp/2.7.0-2/metadata/annotations.yaml b/operators/couchbase-enterprise-certified-rhmp/2.7.0-2/metadata/annotations.yaml new file mode 100644 index 000000000..9aae2e6d1 --- /dev/null +++ b/operators/couchbase-enterprise-certified-rhmp/2.7.0-2/metadata/annotations.yaml @@ -0,0 +1,14 @@ +--- +annotations: + operators.operatorframework.io.bundle.channel.default.v1: stable + operators.operatorframework.io.bundle.channels.v1: 2.7.0,stable + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: couchbase-enterprise-certified-rhmp + + # Annotations for testing. + operators.operatorframework.io.test.mediatype.v1: scorecard+v1 + operators.operatorframework.io.test.config.v1: tests/scorecard/ + + com.redhat.openshift.versions: "v4.11-v4.15"