API Reference v1.2.0
We're in the process of migrating the documentation from the previous EDB Postgres Distributed for Kubernetes name to the new EDB Postgres® AI for CloudNativePG™ Global Cluster name. You may see references to both names in this documentation.
Packages
- pgd.k8s.enterprisedb.io/v1beta1
Package v1beta1 contains API Schema definitions for the pgd v1beta1 API group
Resource Types
Backup
Backup configures the backup of cnp-pgd nodes
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
configuration BackupConfiguration | The CNP configuration to be used for backup. ServerName value is reserved by the operator. | |||
cron ScheduledBackupSpec | The scheduled backup for the data. Deprecated: This field is deprecated and will be removed in future versions. | |||
schedulers ScheduledBackupSpec array | Define schedulers for the backup. Each scheduler has a different backup method. Only one of either backup.cron or backup.schedulers can be defined. |
BackupStatus
BackupStatus contains the current status of the pgd backup
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
clusterName string | ClusterName the elected cluster to take the backup, the backup could be scheduled with different methods, but only one cluster will take the backup | |||
scheduledBackupName string | ScheduledBackupName is the name of the scheduled backup. Deprecated: This field is deprecated and will be removed in future versions. Please use ScheduledBackupStatus instead | |||
scheduledBackupHash string | ScheduledBackupHash is the hash of the scheduled backup configuration. Deprecated: This field is deprecated and will be removed in future versions. Please use ScheduledBackupStatus instead | |||
scheduledBackups ScheduledBackupStatus array | ScheduledBackupStatus contains the status of all scheduled backups |
BarmanCloudPluginStatus
BarmanCloudPluginStatus contains the status of the barman-cloud plugin
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
pluginEnabled boolean | PluginEnabled is true when the barman cloud plugin is enabled | |||
objectStore ObjectStoreStatus array | ObjectStore contains the name and hashcode of the managed objectStore |
CNPStatus
CNPStatus contains any relevant status for the operator about CNP
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
dataInstances integer | 0 | |||
witnessInstances integer | 0 | |||
clusterStatus ClusterStatus array | ClusterStatus contains the list of the status of the CNP clusters | |||
firstRecoverabilityPointsByMethod object (keys:string, values:RecoverabilityPointsByMethod) | The recoverability points by method, keyed per CNP clusterName nolint: lll Deprecated: the field is not set for backup plugins. | |||
firstRecoverabilityPoints object (keys:string, values:string) | The recoverability points, keyed per CNP clusterName, as a date in RFC3339 format Deprecated: the field is not set for backup plugins. | |||
superUserSecretIsPresent boolean | True | |||
applicationUserSecretIsPresent boolean | True | |||
podDisruptionBudgetIsPresent boolean | True |
CatalogImage
CatalogImage defines the image and major version
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
image string | The image reference | True | ||
major integer | The PostgreSQL major version of the image. Must be unique within the catalog. | True | Minimum: 10 |
CertManagerTemplate
CertManagerTemplate contains the data to generate a certificate request
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
spec CertificateSpec | The Certificate object specification | |||
metadata Metadata | Refer to Kubernetes API documentation for fields of metadata. |
ClientCertConfiguration
ClientCertConfiguration contains the information to generate the certificate for the streaming_replica user
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
caCertSecret string | CACertSecret is the secret of the CA to be injected into the CloudNativePG ClientCASecret configuration | True | ||
certManager CertManagerTemplate | The cert-manager template used to generate the certificates | |||
preProvisioned ClientPreProvisionedCertificates | PreProvisioned contains how to fetch the pre-generated client certificates |
ClientPreProvisionedCertificates
ClientPreProvisionedCertificates instruct how to fetch the pre-generated client certificates
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
streamingReplica PreProvisionedCertificate | StreamingReplica the pre-generated certificate for 'streaming_replica' user |
ClusterImageCatalog
ClusterImageCatalog is the Schema for the clusterimagecatalogs API
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
apiVersion string | pgd.k8s.enterprisedb.io/v1beta1 | True | ||
kind string | ClusterImageCatalog | True | ||
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata. | True | ||
spec ImageCatalogSpec | Specification of the desired behavior of the ClusterImageCatalog. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | True |
ClusterStatus
ClusterStatus contains the current status of the CNP cluster
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
name string | Name is the name of the CNP cluster | |||
phase string | Phase is the current phase of the CNP cluster |
CnpBaseConfiguration
CnpBaseConfiguration contains the configuration parameters that can be applied to both CNP Witness and Data nodes
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
startDelay integer | The time in seconds that is allowed for a PostgreSQL instance to successfully start up (default 3600) | 3600 | ||
stopDelay integer | The time in seconds that is allowed for a PostgreSQL instance node to gracefully shutdown (default 180) | 180 | ||
smartShutdownTimeout integer | The time in seconds that controls the window of time reserved for the smart shutdown of Postgres to complete. Make sure you reserve enough time for the operator to request a fast shutdown of Postgres (that is: stopDelay - smartShutdownTimeout). | 15 | ||
storage StorageConfiguration | Configuration of the storage of the instances | True | ||
walStorage StorageConfiguration | Configuration of the WAL storage for the instances | |||
clusterMaxStartDelay integer | The time in seconds that is allowed for a PostgreSQL instance to successfully start up (default 300) | 300 | ||
affinity AffinityConfiguration | Affinity/Anti-affinity rules for Pods | |||
resources ResourceRequirements | Resources requirements of every generated Pod. Please refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ for more information. | |||
postgresql PostgresConfiguration | Configuration of the PostgreSQL server | |||
monitoring MonitoringConfiguration | The configuration of the monitoring infrastructure of this cluster | |||
logLevel string | The instances' log level, one of the following values: error, warning, info (default), debug, trace | info | Enum: [error warning info debug trace] | |
serviceAccountTemplate ServiceAccountTemplate | The service account template to be passed to CNP | |||
otel OTELConfiguration | OpenTelemetry Configuration Deprecated: This field is deprecated and will be removed in future versions. | |||
postInitSQL string array | List of SQL queries to be executed as a superuser immediately after a node has been created - to be used with extreme care (by default empty) | |||
postInitTemplateSQL string array | List of SQL queries to be executed as a superuser in the template1after a node has been created - to be used with extreme care (by default empty) | |||
postInitApplicationSQL string array | List of SQL queries to be executed as a superuser in the application database right after the cluster has been created - to be used with extreme care as any data created in application database before logical join will cause the join to fail (by default empty) | |||
postInitApplicationSQLRefs SQLRefs | List of references to ConfigMaps or Secrets containing SQL files to be executed as a superuser in the application database right after the cluster has been created. The references are processed in a specific order: first, all Secrets are processed, followed by all ConfigMaps. Within each group, the processing order follows the sequence specified in their respective arrays. - to be used with extreme care (by default empty) | |||
postInitTemplateSQLRefs SQLRefs | List of references to ConfigMaps or Secrets containing SQL files to be executed as a superuser in the template1 database right afterthe cluster has been created. The references are processed in a specific order: first, all Secrets are processed, followed by all ConfigMaps. Within each group, the processing order follows the sequence specified in their respective arrays. - to be used with extreme care (by default empty) | |||
postInitSQLRefs SQLRefs | List of references to ConfigMaps or Secrets containing SQL files to be executed as a superuser in the postgres database right afterthe cluster has been created. The references are processed in a specific order: first, all Secrets are processed, followed by all ConfigMaps. Within each group, the processing order follows the sequence specified in their respective arrays. - to be used with extreme care (by default empty) | |||
seccompProfile SeccompProfile | The SeccompProfile applied to every Pod and Container. Defaults to: RuntimeDefault | |||
metadata InheritedMetadata | Refer to Kubernetes API documentation for fields of metadata. | |||
managed ManagedConfiguration | The configuration that is used by the portions of PostgreSQL that are managed by the CNP instance manager | |||
projectedVolumeTemplate ProjectedVolumeSource | Template to be used to define projected volumes, projected volumes will be mounted under /projected base folder | |||
tablespaces TablespaceConfiguration array | The tablespaces configuration | |||
topologySpreadConstraints TopologySpreadConstraint array | TopologySpreadConstraints specifies how to spread matching pods among the given topology. More info: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ | |||
plugins PluginConfiguration array | The plugins configuration, containing any plugin to be loaded with the corresponding configuration | |||
initDBOptions InitDBOptions | InitDBOptions specifies the options to be passed to the initdb commandwhen the node is created from scratch | |||
env EnvVar array | Env follows the Env format to pass environment variables to the pods created in the PG4K cluster | |||
envFrom EnvFromSource array | EnvFrom follows the EnvFrom format to pass environment variables sources to the pods to be used by Env |
CnpConfiguration
CnpConfiguration contains the configurations of the data nodes that will be injected into the resulting clusters composing the PGD group
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
startDelay integer | The time in seconds that is allowed for a PostgreSQL instance to successfully start up (default 3600) | 3600 | ||
stopDelay integer | The time in seconds that is allowed for a PostgreSQL instance node to gracefully shutdown (default 180) | 180 | ||
smartShutdownTimeout integer | The time in seconds that controls the window of time reserved for the smart shutdown of Postgres to complete. Make sure you reserve enough time for the operator to request a fast shutdown of Postgres (that is: stopDelay - smartShutdownTimeout). | 15 | ||
storage StorageConfiguration | Configuration of the storage of the instances | True | ||
walStorage StorageConfiguration | Configuration of the WAL storage for the instances | |||
clusterMaxStartDelay integer | The time in seconds that is allowed for a PostgreSQL instance to successfully start up (default 300) | 300 | ||
affinity AffinityConfiguration | Affinity/Anti-affinity rules for Pods | |||
resources ResourceRequirements | Resources requirements of every generated Pod. Please refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ for more information. | |||
postgresql PostgresConfiguration | Configuration of the PostgreSQL server | |||
monitoring MonitoringConfiguration | The configuration of the monitoring infrastructure of this cluster | |||
logLevel string | The instances' log level, one of the following values: error, warning, info (default), debug, trace | info | Enum: [error warning info debug trace] | |
serviceAccountTemplate ServiceAccountTemplate | The service account template to be passed to CNP | |||
otel OTELConfiguration | OpenTelemetry Configuration Deprecated: This field is deprecated and will be removed in future versions. | |||
postInitSQL string array | List of SQL queries to be executed as a superuser immediately after a node has been created - to be used with extreme care (by default empty) | |||
postInitTemplateSQL string array | List of SQL queries to be executed as a superuser in the template1after a node has been created - to be used with extreme care (by default empty) | |||
postInitApplicationSQL string array | List of SQL queries to be executed as a superuser in the application database right after the cluster has been created - to be used with extreme care as any data created in application database before logical join will cause the join to fail (by default empty) | |||
postInitApplicationSQLRefs SQLRefs | List of references to ConfigMaps or Secrets containing SQL files to be executed as a superuser in the application database right after the cluster has been created. The references are processed in a specific order: first, all Secrets are processed, followed by all ConfigMaps. Within each group, the processing order follows the sequence specified in their respective arrays. - to be used with extreme care (by default empty) | |||
postInitTemplateSQLRefs SQLRefs | List of references to ConfigMaps or Secrets containing SQL files to be executed as a superuser in the template1 database right afterthe cluster has been created. The references are processed in a specific order: first, all Secrets are processed, followed by all ConfigMaps. Within each group, the processing order follows the sequence specified in their respective arrays. - to be used with extreme care (by default empty) | |||
postInitSQLRefs SQLRefs | List of references to ConfigMaps or Secrets containing SQL files to be executed as a superuser in the postgres database right afterthe cluster has been created. The references are processed in a specific order: first, all Secrets are processed, followed by all ConfigMaps. Within each group, the processing order follows the sequence specified in their respective arrays. - to be used with extreme care (by default empty) | |||
seccompProfile SeccompProfile | The SeccompProfile applied to every Pod and Container. Defaults to: RuntimeDefault | |||
metadata InheritedMetadata | Refer to Kubernetes API documentation for fields of metadata. | |||
managed ManagedConfiguration | The configuration that is used by the portions of PostgreSQL that are managed by the CNP instance manager | |||
projectedVolumeTemplate ProjectedVolumeSource | Template to be used to define projected volumes, projected volumes will be mounted under /projected base folder | |||
tablespaces TablespaceConfiguration array | The tablespaces configuration | |||
topologySpreadConstraints TopologySpreadConstraint array | TopologySpreadConstraints specifies how to spread matching pods among the given topology. More info: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ | |||
plugins PluginConfiguration array | The plugins configuration, containing any plugin to be loaded with the corresponding configuration | |||
initDBOptions InitDBOptions | InitDBOptions specifies the options to be passed to the initdb commandwhen the node is created from scratch | |||
env EnvVar array | Env follows the Env format to pass environment variables to the pods created in the PG4K cluster | |||
envFrom EnvFromSource array | EnvFrom follows the EnvFrom format to pass environment variables sources to the pods to be used by Env | |||
joinMethod JoinMethod | JoinMethod specifies the method data nodes will use to join the local group. PGD supports two ways of joining a local group: logical and physical. In logical join, the node will join the group by using bdr.join_node_group, synchronizing data from scratch.In physical join the node will join the group by using bdr_init_physical, synchronizing data from a physical backup. | True | logical | Enum: [logical physical] |
enableSuperuserAccess boolean | When this option is enabled, the CNP operator will create or use the secret defined in the SuperuserSecret to allow superuser (postgres) access to the database. When this option is disabled on a running Group, the operator will ignore the content of the secret and set the password of the postgres user to NULL.Enabled by default. | true | ||
superuserSecret LocalObjectReference | The secret containing the superuser password. A new secret will be created with a randomly generated password if not defined. This field is only allowed in the CNP Instances configuration. A Witness Node will always use the same SuperuserSecret as the other instances. |
ConnectionString
Underlying type: object
ConnectionString represent the parameters to connect to a PostgreSQL cluster
Appears in:
ConnectivityConfiguration
ConnectivityConfiguration describes how to generate the services and certificates for the PGDGroup
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
dns RootDNSConfiguration | Describes how the FQDN for the resources should be generated | |||
tls TLSConfiguration | The configuration of the TLS infrastructure | True | ||
nodeServiceTemplate ServiceTemplate | Instructs how to generate the service for each node | |||
groupServiceTemplate ServiceTemplate | Instructs how to generate the service for the PGDGroup | |||
proxyServiceTemplate ServiceTemplate | Instructs how to generate the service pointing to the PGD Proxy for write leader node routing | |||
proxyReadServiceTemplate ServiceTemplate | Instructs how to generate the service pointing to the PGD Proxy for read nodes routing |
ConnectivityStatus
ConnectivityStatus contains any relevant status for the operator about Connectivity
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
replicationTLSCertificate ReplicationCertificateStatus | ReplicationTLSCertificate is the name of the replication TLS certificate, if we have it | |||
nodeTLSCertificates NodeCertificateStatus array | NodeTLSCertificates are the names of the certificates that have been created for the PGD nodes | |||
unusedCertificates string array | UnusedCertificates are the names of the certificates that we don't use anymore for the PGD nodes | |||
nodesWithoutCertificates string array | NodesWithoutCertificates are the names of the nodes which have not a server certificate | |||
nodesNeedingServiceReconciliation string array | NodesNeedingServiceReconciliation are the names of the nodes which have not a server certificate | |||
configurationHash string | ConfigurationHash is the hash code of the connectivity configuration, used to check if we had a change in the configuration or not |
DNSConfiguration
DNSConfiguration describes how the FQDN for the resources should be generated
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
domain string | Contains the domain name of by all services in the PGDGroup. It is responsibility of the user to ensure that the value specified here matches with the rendered nodeServiceTemplate and groupServiceTemplate | |||
hostSuffix string | Contains an optional suffix to add to all the service names in the PGDGroup. The meaning of this setting it to allow the user to easily mark all the services created in a location for routing purpose (i.e., add a generic rule to CoreDNS to rewrite some service suffixes as local) |
DiscoveryJobConfig
DiscoveryJobConfig contains a series of fields that configure the discovery job
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
delay integer | Delay amount of time to sleep between retries, measured in seconds | 10 | ||
retries integer | Retries how many times the operation should be retried | 30 | ||
timeout integer | Timeout amount of time given to the operation to succeed, measured in seconds | 300 |
ImageCatalog
ImageCatalog is the Schema for the imagecatalogs API
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
apiVersion string | pgd.k8s.enterprisedb.io/v1beta1 | True | ||
kind string | ImageCatalog | True | ||
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata. | True | ||
spec ImageCatalogSpec | Specification of the desired behavior of the ImageCatalog. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | True |
ImageCatalogRef
ImageCatalogRef defines the referenced ImageCatalog and the referenced major Postgres version
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
apiGroup string | APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. | |||
kind string | Kind is the type of resource being referenced | True | ||
name string | Name is the name of resource being referenced | True | ||
major integer | The major version of PostgreSQL we want to use from the ImageCatalog | True |
ImageCatalogSpec
ImageCatalogSpec defines the desired ImageCatalog
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
pgdImages CatalogImage array | List of CatalogImages available in the catalog | True | MaxItems: 8 MinItems: 1 | |
proxyImage string | The proxy image available in the catalog |
ImageStatus
ImageStatus defines the current used images
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
pgd string | PGD is the current used pgd image | |||
proxy string | PGDProxy is the current used pgd proxy image |
InheritedMetadata
InheritedMetadata contains metadata to be inherited by all resources related to a Cluster
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
labels object (keys:string, values:string) | ||||
annotations object (keys:string, values:string) |
InitDBOptions
InitDBOptions contain options for nodes start with initDB
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
dataChecksums boolean | Whether the -k option should be passed to initdb,enabling checksums on data pages (default: false) | |||
encoding string | The value to be passed as option --encoding for initdb (default:UTF8) | |||
localeCollate string | The value to be passed as option --lc-collate for initdb (default:C) | |||
localeCType string | The value to be passed as option --lc-ctype for initdb (default:C) | |||
locale string | Sets the default collation order and character classification in the new database. | |||
localeProvider string | This option sets the locale provider for databases created in the new cluster. Available from PostgreSQL 16. | |||
icuLocale string | Specifies the ICU locale when the ICU provider is used. This option requires localeProvider to be set to icu.Available from PostgreSQL 15. | |||
icuRules string | Specifies additional collation rules to customize the behavior of the default collation. This option requires localeProvider to be set to icu.Available from PostgreSQL 16. | |||
builtinLocale string | Specifies the locale name when the builtin provider is used. This option requires localeProvider to be set to builtin.Available from PostgreSQL 17. | |||
walSegmentSize integer | The value in megabytes (1 to 1024) to be passed to the --wal-segsizeoption for initdb (default: empty, resulting in PostgreSQL default: 16MB) | Maximum: 1024 Minimum: 1 |
JoinMethod
Underlying type: string
JoinMethod represents one of the supported methods of joining a node
Appears in:
| Field | Description |
|---|---|
physical | JoinMethodPhysical represents the use of physical join |
logical | JoinMethodLogical represents the use of logical join |
Metadata
Metadata is a structure similar to the metav1.ObjectMeta, but still parseable by controller-gen to create a suitable CRD for the user.
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
labels object (keys:string, values:string) | Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels | |||
annotations object (keys:string, values:string) | Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations |
NodeCertificateStatus
NodeCertificateStatus encapsulate the status of the server certificate of a CNP node
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
name string | Name is the name of the certificate | |||
hash string | Hash is the hash of the configuration for which it has been generated | |||
isReady boolean | Ready is true when the certificate is ready | |||
preProvisioned boolean | PreProvisioned is true if the certificate is preProvisioned | |||
nodeName string | NodeName is the name of the CNP cluster using this certificate | True |
NodeExtensionStatus
NodeExtensionStatus show the status of the node
Appears in:
- NodesExtensionsStatus
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
Name string | Name of the node | True | ||
NeedBdrInstallation boolean | NeedBdrInstallation true if the node does not have the BDR extension installed | True | ||
NeedJoin boolean | NeedJoin true if the node need join the group | True | ||
Parted boolean | Parted true if the node is already parted | True | ||
Error string | Error is populated if any error is encountered during the PGD discovery execution | True |
NodeKindName
Underlying type: string
NodeKindName is a type containing the potential values of node_kind_name from bdr.node_summary
Appears in:
| Field | Description |
|---|---|
witness | |
data |
NodeSummary
NodeSummary shows relevant info from bdr.node_summary
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
node_name string | Name of the node | |||
node_group_name string | NodeGroupName is the name of the joined group | |||
peer_state_name string | Consistent state of the node in human-readable form | True | ||
peer_target_state_name string | State which the node is trying to reach (during join or promotion) | |||
node_kind_name NodeKindName | The kind of node: witness or data |
OTELConfiguration
OTELConfiguration is the configuration for external openTelemetry
Deprecated: This field is deprecated and will be removed in future versions.
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
metricsURL string | The OpenTelemetry HTTP endpoint URL to accept metrics data Deprecated: This field is deprecated and will be removed in future versions. | |||
traceURL string | The OpenTelemetry HTTP endpoint URL to accept trace data Deprecated: This field is deprecated and will be removed in future versions. | |||
traceEnable boolean | Whether to push trace data to OpenTelemetry traceUrl Deprecated: This field is deprecated and will be removed in future versions. | |||
tls OTELTLSConfiguration | TLSConfiguration provides the TLS certificate configuration when MetricsURL and TraceURL are using HTTPS Deprecated: This field is deprecated and will be removed in future versions. |
OTELTLSConfiguration
OTELTLSConfiguration contains the certificate configuration for TLS connections to openTelemetry
Deprecated: This field is deprecated and will be removed in future versions.
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
caBundleSecretRef SecretKeySelector | CABundleSecretRef is a reference to a secret field containing the CA bundle to verify the openTelemetry server certificate Deprecated: This field is deprecated and will be removed in future versions. | |||
clientCertSecret LocalObjectReference | ClientCertSecret is the name of the secret containing the client certificate used to connect to openTelemetry. It must contain both the standard "tls.crt" and "tls.key" files, encoded in PEM format. Deprecated: This field is deprecated and will be removed in future versions. |
ObjectStoreStatus
ObjectStoreStatus contains the name and hash of the objectStore
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
name string | Name is the name of the objectStore | |||
hash string | Hash stored the objectStore hashcode | True |
OperatorPhase
Underlying type: string
OperatorPhase it represents a phase of the PGDGroup controller
Appears in:
| Field | Description |
|---|---|
PGDGroup - Healthy | PhaseHealthy triggers when no other phase condition is met |
PGDGroup - Paused | PhasePaused triggers when the PGDGroup is paused and all instances and proxies pod are deleted |
PGDGroup - Waiting for nodes to be ready | PhaseWaitingForNodesToBeReady triggers when a PGDGroup node is not in status ready |
PGDGroup - Waiting for nodes major version in-place upgrade | PhaseWaitingForNodesInPlaceUpgrade is the phase where a in-place major version upgrade (postgres, bdr, etc) is happening |
PGDGroup - Unable to detect a phase for the PGD group | PhaseUnableToDetectPhase triggers when a PGDGroup phase cannot be calculated. This is a programmatic error |
OperatorPhaseCleanup
Underlying type: string
OperatorPhaseCleanup it represents a phase of the PGDGroupCleanup controller
Appears in:
| Field | Description |
|---|---|
PGDGroupCleanup - No reliable node found in the executor PGDGroup | |
PGDGroupCleanup - Completed | |
PGDGroupCleanup - Parting the nodes | |
PGDGroupCleanup - Removing the PGDGroup | |
PGDGroupCleanup - Waiting for nodes in target PGDGroup to be parted |
PGDGroup
PGDGroup is the Schema for the pgdgroups API
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
apiVersion string | pgd.k8s.enterprisedb.io/v1beta1 | True | ||
kind string | PGDGroup | True | ||
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata. | True | ||
spec PGDGroupSpec | True | |||
status PGDGroupStatus |
PGDGroupCleanup
PGDGroupCleanup is the Schema for the pgdgroupcleanups API
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
apiVersion string | pgd.k8s.enterprisedb.io/v1beta1 | True | ||
kind string | PGDGroupCleanup | True | ||
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata. | True | ||
spec PGDGroupCleanupSpec | True | |||
status PGDGroupCleanupStatus | True |
PGDGroupCleanupSpec
PGDGroupCleanupSpec defines the desired state of PGDGroupCleanup
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
executor string | True | |||
target string | True | |||
force boolean | Force will force the removal of the PGDGroup even if the target PGDGroup nodes are not parted | false |
PGDGroupCleanupStatus
PGDGroupCleanupStatus defines the observed state of PGDGroupCleanup
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
phase OperatorPhaseCleanup | Phase the phase of current cleanup cr | |||
nodesToPart string array | NodesToPart shows nodes that are not parted in the target group | |||
isNodeGroupExists boolean | IsNodeGroupExists indicates if the target group is still not dropped yet |
PGDGroupSpec
PGDGroupSpec defines the desired state of PGDGroup
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
imageName string | Name of the container image, supporting both tags (<image>:<tag>)and digests for deterministic and repeatable deployments ( <image>:<tag>@sha256:<digestValue>) | |||
imageCatalogRef ImageCatalogRef | Defines the referenced ImageCatalog and the referenced major Postgres version | |||
imagePullPolicy PullPolicy | Image pull policy. One of Always, Never or IfNotPresent.If not defined, it defaults to IfNotPresent.Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images | IfNotPresent | ||
imagePullSecrets LocalObjectReference array | The list of pull secrets to be used to pull operator and or the operand images | |||
inheritedMetadata InheritedMetadata | Metadata that will be inherited by all objects related to the pgdGroup | True | ||
instances integer | Number of instances required in the cluster | True | Minimum: 0 | |
proxyInstances integer | Number of proxy instances required in the cluster | Minimum: 0 | ||
witnessInstances integer | Number of witness instances required in the cluster | Minimum: 0 | ||
backup Backup | The configuration to be used for backups in the CNP instances. | |||
restore Restore | The configuration to restore this PGD group from an Object Store service | |||
cnp CnpConfiguration | DataInstances configuration that will be injected into the CNP clusters that compose the PGD Group | True | ||
witness CnpBaseConfiguration | WitnessInstances configuration that will be injected into the WitnessInstances CNP clusters If not defined, it will default to the DataInstances configuration | |||
pgd PgdConfiguration | Pgd contains instructions to bootstrap this cluster | True | ||
pgdProxy PGDProxyConfiguration | PGDProxy contains instructions to configure PGD Proxy | |||
connectivity ConnectivityConfiguration | Configures the connectivity of the PGDGroup, like services and certificates that will be used. | True | ||
failingFinalizerTimeLimitSeconds integer | The amount of seconds that the operator will wait in case of a failing finalizer. A finalizer is considered failing when the operator cannot reach any nodes of the PGDGroup | 300 |
PGDGroupStatus
PGDGroupStatus defines the observed state of PGDGroup
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
latestGeneratedNode integer | ID of the latest generated node (used to avoid node name clashing) | |||
phase OperatorPhase | The initialization phase of this cluster | |||
phaseDetails string | The details of the current phase | |||
phaseTroubleshootHints string | PhaseTroubleshootHints general troubleshooting indications for the given phase | |||
phaseType PhaseType | PhaseType describes the phase category. | Enum: [action wait fail] | ||
conditions Condition array | Conditions for PGDGroup object | |||
nodes NodeSummary array | The list of summaries for the nodes in the group | |||
backup BackupStatus | The node that is taking backups of this PGDGroup | |||
restore RestoreStatus | The status of the restore process | |||
PGD PGDStatus | Last known status of PGD | |||
CNP CNPStatus | Last known status of CNP | |||
PGDProxy PGDProxyStatus | Last known status of PGDProxy | |||
connectivity ConnectivityStatus | Last known status of Connectivity | |||
pause PauseStatus | Last known status of Pause | |||
image ImageStatus | Last known status of used image | |||
plugins PluginStatus | Plugin Last known status of the plugins |
PGDNodeGroupEntry
PGDNodeGroupEntry shows information about the node groups available in the PGD configuration
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
name string | Name is the name of the node group | True | ||
enableProxyRouting boolean | EnableProxyRouting is true is the node group allows running PGD Proxies | |||
enableRaft boolean | EnableRaft is true if the node group has a subgroup raft instance | |||
routeWriterMaxLag integer | RouteWriterMaxLag Maximum lag in bytes of the new write candidate to be selected as write leader, if no candidate passes this, there will be no writer selected automatically | |||
routeReaderMaxLag integer | RouteReaderMaxLag Maximum lag in bytes for node to be considered viable read-only node | |||
routeWriterWaitFlush boolean | RouteWriterWaitFlush Whether to wait for replication queue flush before switching to new leader when using bdr.routing_leadership_transfer() |
PGDNodeGroupSettings
PGDNodeGroupSettings contains the settings of the PGD Group
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
routeWriterMaxLag integer | RouteWriterMaxLag Maximum lag in bytes of the new write candidate to be selected as write leader, if no candidate passes this, there will be no writer selected automatically Defaults to -1 | -1 | ||
routeReaderMaxLag integer | RouteReaderMaxLag Maximum lag in bytes for node to be considered viable read-only node Defaults to -1 | -1 | ||
routeWriterWaitFlush boolean | RouteWriterWaitFlush Whether to wait for replication queue flush before switching to new leader when using bdr.routing_leadership_transfer()Defaults to false | false |
PGDProxyConfiguration
PGDProxyConfiguration defines the configuration of PGD Proxy
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
imageName string | Name of the PGDProxy container image | |||
logLevel string | The PGD Proxy log level, one of the following values: error, warning, info (default), debug, trace | info | Enum: [error warning info debug trace] | |
logEncoder string | The format of the log output | json | Enum: [text json] | |
proxyAffinity Affinity | ProxyAffinity/Anti-affinity rules for pods | |||
proxyNodeSelector object (keys:string, values:string) | ProxyNodeSelector rules for pods | |||
proxyTolerations Toleration array | ProxyTolerations rules for pods | |||
proxyResources ResourceRequirements | Defines the resources assigned to the proxy. If not defined uses defaults requests and limits values. |
PGDProxyEntry
PGDProxyEntry shows information about the proxies available in the PGD configuration
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
name string | Name is the name of the proxy | True | ||
fallbackGroupNames string array | FallbackGroupNames are the names of the fallback groups configured for this proxy | |||
parentGroupName string | ParentGroupName is the parent PGD group of this proxy | |||
maxClientConn integer | MaxClientConn maximum number of connections the proxy will accept | |||
maxServerConn integer | MaxServerConn maximum number of connections the proxy will make to the Postgres node | |||
serverConnTimeout integer | ServerConnTimeout connection timeout for server connections in seconds | |||
serverConnKeepalive integer | ServerConnKeepalive keepalive interval for server connections in seconds | |||
fallbackGroupTimeout integer | FallbackGroupTimeout the interval after which the routing falls back to one of the fallback_groups | |||
consensusGracePeriod integer | ConsensusGracePeriod the duration in seconds for which proxy continues to route even upon loss of a Raft leader. | |||
readListenPort integer | ReadListenPort is the port where the proxy will listen and route queries to read nodes |
PGDProxySettings
PGDProxySettings contains the settings of the proxy
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
fallbackGroups string array | FallbackGroups is the list of groups the proxy should forward connection to when all the data nodes of this PGD group are not available | |||
maxClientConn integer | MaxClientConn maximum number of connections the proxy will accept. Defaults to 32767 | 32767 | ||
maxServerConn integer | MaxServerConn maximum number of connections the proxy will make to the Postgres node. Defaults to 32767 | 32767 | ||
serverConnTimeout integer | ServerConnTimeout connection timeout for server connections in seconds. Defaults to 2 | 2 | ||
serverConnKeepalive integer | ServerConnKeepalive keepalive interval for server connections in seconds. Defaults to 10 | 10 | ||
fallbackGroupTimeout integer | FallbackGroupTimeout the interval after which the routing falls back to one of the fallback_groups. Defaults to 60 | 60 | ||
consensusGracePeriod integer | ConsensusGracePeriod the duration in seconds for which proxy continues to route even upon loss of a Raft leader. If set to 0s, proxy stops routing immediately. Defaults to 6 | 6 | ||
enableReadNodeRouting boolean | EnableReadNodeRouting is the switch to control whether the proxy will route queries to read nodes through read_listen_port or not. By default it is false | false |
PGDProxyStatus
PGDProxyStatus any relevant status for the operator about PGDProxy
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
proxyInstances integer | ||||
writeLead string | WriteLead is a reserved field for the operator, is not intended for external usage. Will be removed in future versions | |||
proxyHash string | ProxyHash contains the hash we use to detect if we need to reconcile the proxies |
PGDRaftStatus
Underlying type: string
PGDRaftStatus indicates a known status of the PGDRaft
Appears in:
| Field | Description |
|---|---|
OK | PGDRaftConsensusStatusOk indicates that the raft consensus is working correctly |
CRITICAL | PGDRaftConsensusStatusCritical indicates that the raft consensus is not ready |
UNKNOWN | PGDRaftConsensusStatusUnknown indicates that the raft consensus status is unknown |
WARNING | PGDRaftConsensusStatusWarning is a warning that an election may be in progress |
PGDStatus
PGDStatus any relevant status for the operator about PGD
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
raftConsensusLastChangedStatus PGDRaftStatus | RaftConsensusLastChangedStatus indicates the latest reported status from bdr.monitor_group_raft | |||
raftConsensusLastChangedMessage string | RaftConsensusLastChangedMessage indicates the latest reported message from bdr.monitor_group_raft | True | ||
raftConsensusLastChangedTimestamp string | RaftConsensusLastChangedTimestamp indicates when the status and message were first reported | |||
registeredProxies PGDProxyEntry array | RegisteredProxies is the status of the registered proxies | |||
nodeGroup PGDNodeGroupEntry | NodeGroup is the status of the node group associated with the PGDGroup |
ParentGroupConfiguration
ParentGroupConfiguration contains the topology configuration of PGD
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
name string | Name of the parent group | True | MinLength: 1 | |
create boolean | Create is true when the operator should create the parent group if it doesn't exist | false |
PauseStatus
PauseStatus contains the information of group hibernating
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
active boolean | Active indicates the PGDGroup is either: - in process of pausing - already paused - in process of resuming | |||
instances integer | Instances is the number of paused PGD instances | |||
lastStartedTime Time | LastStartedTime is the last time the PGDGroup started pausing | |||
lastCompletedTime Time | LastCompletedTime is last time the PGDGroup completed pausing | |||
lastResumeStartedTime Time | LastResumeStartedTime is the last time the PGDGroup started resuming | |||
lastResumeCompletedTime Time | LastCompletedTime is last time the PGDGroup completed resuming |
PgdConfiguration
PgdConfiguration is the configuration of the PGD group structure
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
parentGroup ParentGroupConfiguration | ParentGroup configures the topology of the PGD group | True | ||
groupJoinMethod JoinMethod | GroupJoinMethod defines the method in case of cross region join | logical | Enum: [logical physical] | |
discovery ConnectionString array | The parameters we will use to connect to a node belonging to the parent PGD group. Even if provided, the following parameters will be overridden with default values: application_name, sslmode, dbname and user.The following parameters should not be provided nor used, as they are not even overridden with defaults: sslkey, sslcert, sslrootcert | |||
discoveryJob DiscoveryJobConfig | DiscoveryJob the configuration of the PGD Discovery job | { delay:10 retries:30 timeout:300 } | ||
databaseName string | Name of the database used by the application. Default: app. | |||
ownerName string | Name of the owner of the database in the instance to be used by applications. Defaults to the value of the database key. | |||
ownerCredentialsSecret LocalObjectReference | Name of the secret containing the initial credentials for the owner of the user database. If empty a new secret will be created from scratch | |||
proxySettings PGDProxySettings | Configuration for the proxy | { enableReadNodeRouting:false fallbackGroupTimeout:60 maxClientConn:32767 maxServerConn:32767 serverConnKeepalive:10 serverConnTimeout:2 } | ||
nodeGroupSettings PGDNodeGroupSettings | Configuration for the PGD Group | |||
globalRouting boolean | GlobalRouting is true when global routing is enabled, and in this case the proxies will be created in the parent group | false | ||
mutations SQLMutations | List of SQL mutations to apply to the node group |
PhaseType
Underlying type: string
PhaseType describes the type of the OperatorPhase
Appears in:
| Field | Description |
|---|---|
action | PhaseTypeAction triggers a reconciliation for a pkg |
wait | PhaseTypeWait the phase is waiting for an external resource to complete an action |
fail | PhaseTypeFail the operator is failing, most likely requires a manual intervention |
PluginStatus
PluginStatus contains the status of the plugins and managed plugins
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
barmanCloud BarmanCloudPluginStatus | BarmanCloud stored the barman cloud plugin status |
PreProvisionedCertificate
PreProvisionedCertificate contains the data needed to supply a pre-generated certificate
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
secretRef string | SecretRef a name pointing to a secret that contains a tls.crt and tls.key |
RecoverabilityPointsByMethod
Underlying type: Time
RecoverabilityPointsByMethod contains the first recoverability points for a given backup method
Appears in:
ReplicationCertificateStatus
ReplicationCertificateStatus encapsulate the certificate status
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
name string | Name is the name of the certificate | |||
hash string | Hash is the hash of the configuration for which it has been generated | |||
isReady boolean | Ready is true when the certificate is ready | |||
preProvisioned boolean | PreProvisioned is true if the certificate is preProvisioned |
Restore
Restore configures the restore of a PGD group from an object store
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
volumeSnapshots VolumeSnapshotsConfiguration | The configuration for volumeSnapshot restore | |||
barmanObjectStore BarmanObjectStoreConfiguration | The configuration for the barman-cloud tool suite | |||
recoveryTarget RecoveryTarget | By default, the recovery process applies all the available WAL files in the archive (full recovery). However, you can also end the recovery as soon as a consistent state is reached or recover to a point-in-time (PITR) by specifying a RecoveryTarget object,as expected by PostgreSQL (i.e., timestamp, transaction Id, LSN, ...). More info: https://www.postgresql.org/docs/current/runtime-config-wal.html#RUNTIME-CONFIG-WAL-RECOVERY-TARGET | |||
serverNames string array | The list of server names to be used as a recovery origin. One of these servers will be elected as the seeding one when evaluating the recovery target, this option is only used when restore from barmanObjectStore. |
RestoreStatus
RestoreStatus contains the current status of the restore process
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
serverName string | The name of the server to be restored | True | ||
VolumeSnapshots VolumeSnapshotRestoreStatus array | selected volumeSnapshots to restore |
RootDNSConfiguration
RootDNSConfiguration describes how the FQDN for the resources should be generated
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
domain string | Contains the domain name of by all services in the PGDGroup. It is responsibility of the user to ensure that the value specified here matches with the rendered nodeServiceTemplate and groupServiceTemplate | |||
hostSuffix string | Contains an optional suffix to add to all the service names in the PGDGroup. The meaning of this setting it to allow the user to easily mark all the services created in a location for routing purpose (i.e., add a generic rule to CoreDNS to rewrite some service suffixes as local) | |||
additional DNSConfiguration array | AdditionalDNSConfigurations adds more possible FQDNs for the resources |
SQLMutation
SQLMutation is a series of SQL statements to apply atomically
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
isApplied string array | List of boolean-returning SQL queries. If any of them returns false the mutation will be applied | True | MinItems: 1 | |
exec string array | List of SQL queries to be executed to apply this mutation | True | MinItems: 1 | |
type SQLMutationType | Type determines when the SQLMutation occurs. 'always': reconcile the mutation at each reconciliation cycle 'beforeSubgroupRaft': are executed only before the subgroupRaft is enabled If not specified, the Type defaults to 'always'. | always | Enum: [always beforeSubgroupRaft writeLeader] |
SQLMutationType
Underlying type: string
SQLMutationType a supported type of SQL Mutation
Appears in:
| Field | Description |
|---|---|
always | SQLMutationTypeAlways tries to reconcile the mutation at each reconciliation cycle |
beforeSubgroupRaft | SQLMutationTypeBeforeSubgroupRaft are executed only before the subgroupRaft is enabled |
writeLeader | SQLMutationTypeWriteLeader are executed only after raft Consensus and execute on write leader |
SQLMutations
Underlying type: SQLMutation
SQLMutations A list of SQLMutation
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
isApplied string array | List of boolean-returning SQL queries. If any of them returns false the mutation will be applied | True | MinItems: 1 | |
exec string array | List of SQL queries to be executed to apply this mutation | True | MinItems: 1 | |
type SQLMutationType | Type determines when the SQLMutation occurs. 'always': reconcile the mutation at each reconciliation cycle 'beforeSubgroupRaft': are executed only before the subgroupRaft is enabled If not specified, the Type defaults to 'always'. | always | Enum: [always beforeSubgroupRaft writeLeader] |
ScheduledBackupSpec
ScheduledBackupSpec defines the desired state of ScheduledBackup
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
suspend boolean | If this backup is suspended or not | |||
immediate boolean | If the first backup has to be immediately start after creation or not | |||
schedule string | The schedule does not follow the same format used in Kubernetes CronJobs as it includes an additional second specifier, see https://pkg.go.dev/github.com/robfig/cron#hdr-CRON_Expression_Format | True | ||
backupOwnerReference string | Indicates which ownerReference should be put inside the created backup resources. - none: no owner reference for created backup objects (same behavior as before the field was introduced) - self: sets the Scheduled backup object as owner of the backup - cluster: set the cluster as owner of the backup | none | Enum: [none self cluster] | |
target BackupTarget | The policy to decide which instance should perform this backup. If empty, it defaults to cluster.spec.backup.target.Available options are empty string, primary and prefer-standby.primary to have backups run always on primary instances,prefer-standby to have backups run preferably on the most updatedstandby, if available. | Enum: [primary prefer-standby] | ||
method BackupMethod | The backup method to be used, possible options are barmanObjectStore,volumeSnapshot and plugin. Defaults to: barmanObjectStore. | barmanObjectStore | Enum: [barmanObjectStore volumeSnapshot plugin] | |
pluginConfiguration BackupPluginConfiguration | Configuration parameters passed to the plugin managing this backup | |||
online boolean | Whether the default type of backup with volume snapshots is online/hot ( true, default) or offline/cold (false)Overrides the default setting specified in the cluster field '.spec.backup.volumeSnapshot.online' | |||
onlineConfiguration OnlineConfiguration | Configuration parameters to control the online/hot backup with volume snapshots Overrides the default settings specified in the cluster '.backup.volumeSnapshot.onlineConfiguration' stanza |
ScheduledBackupStatus
ScheduledBackupStatus contains the status of the scheduled backup
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
method BackupMethod | Method is the backup method used to take the backup | |||
name string | Name is the name of the scheduled backup | |||
hash string | Hash is the hash of the scheduled backup configuration |
ServerCertConfiguration
ServerCertConfiguration contains the information to generate the certificates for the nodes
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
caCertSecret string | CACertSecret is the secret of the CA to be injected into the CloudNativePG ServerCASecret configuration | True | ||
certManager CertManagerTemplate | The cert-manager template used to generate the certificates | True |
ServiceTemplate
ServiceTemplate is a structure that allows the user to set a template for the Service generation.
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
metadata Metadata | Refer to Kubernetes API documentation for fields of metadata. | |||
spec ServiceSpec | Specification of the desired behavior of the service. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | |||
updateStrategy ServiceUpdateStrategy | UpdateStrategy indicates how to update the services generated by this template. | patch | Enum: [patch replace] |
ServiceUpdateStrategy
Underlying type: string
ServiceUpdateStrategy defines the type for updating LoadBalancers. Allowed values are "patch" and "replace".
Appears in:
| Field | Description |
|---|---|
patch | ServiceUpdateStrategyPatch indicates to update existing services with a PATCH request |
replace | ServiceUpdateStrategyReplace indicates to update existing LoadBalancer services by recreating the service ServiceUpdateStrategyReplace should be used for LoadBalancer services created in AWS. |
TLSConfiguration
TLSConfiguration is the configuration of the TLS infrastructure used by PGD to connect to the nodes
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
mode TLSMode | True | verify-ca | Enum: [verify-ca verify-full require] | |
serverCert ServerCertConfiguration | The configuration for the server certificates | True | ||
clientCert ClientCertConfiguration | The configuration for the client certificates | True |
TLSMode
Underlying type: string
TLSMode describes which mode should be used for the node to node communications
Appears in:
| Field | Description |
|---|---|
verify-full | VerifyFull verifies that the certificate is signed by the passed CA and the server host name matches the certificate |
verify-ca | VerifyCA verifies that the certificate is signed by the passed CA |
require | Require requires TLS but do not perform any certificate validation |
VolumeSnapshotRestoreStatus
VolumeSnapshotRestoreStatus the volumeSnapshot to restore
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
snapshotName string | SnapshotName is the snapshot name to restore | |||
pvcRole PVCRole | PVCRole is the pvcRole snapshot to restore | |||
tablespaceName string | TablespaceName is the tablespace name the snapshot belongs to, if the pvcRole is PG_TABLESPACE |
VolumeSnapshotsConfiguration
VolumeSnapshotsConfiguration contains the configuration for the volumeSnapshots restore
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
selector LabelSelector | Label selector used to select the volumeSnapshot to restore | True |
CertificateKeystores
CertificateKeystores configures additional keystore output formats to be created in the Certificate's output Secret.
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
jks JKSKeystore | JKS configures options for storing a JKS keystore in thespec.secretName Secret resource. | |||
pkcs12 PKCS12Keystore | PKCS12 configures options for storing a PKCS12 keystore in thespec.secretName Secret resource. |
CertificateList
CertificateList is a list of Certificates
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
apiVersion string | cert-manager.io/v1 | True | ||
kind string | CertificateList | True | ||
metadata ListMeta | Refer to Kubernetes API documentation for fields of metadata. | True |
CertificatePrivateKey
CertificatePrivateKey contains configuration options for private keys used by the Certificate controller. This allows control of how private keys are rotated.
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
rotationPolicy PrivateKeyRotationPolicy | RotationPolicy controls how private keys should be regenerated when a re-issuance is being processed. If set to Never, a private key will only be generated if one does not already exist in the target spec.secretName. If one does exists but itdoes not have the correct algorithm or size, a warning will be raised to await user intervention. If set to Always, a private key matching the specified requirements will be generated whenever a re-issuance occurs. Default is 'Never' for backward compatibility. | |||
encoding PrivateKeyEncoding | The private key cryptography standards (PKCS) encoding for this certificate's private key to be encoded in. If provided, allowed values are PKCS1 and PKCS8 standing for PKCS#1and PKCS#8, respectively. Defaults to PKCS1 if not specified. | Enum: [PKCS1 PKCS8] | ||
algorithm PrivateKeyAlgorithm | Algorithm is the private key algorithm of the corresponding private key for this certificate. If provided, allowed values are either RSA,Ed25519 or ECDSAIf algorithm is specified and size is not provided,key size of 256 will be used for ECDSA key algorithm andkey size of 2048 will be used for RSA key algorithm.key size is ignored when using the Ed25519 key algorithm. | Enum: [RSA ECDSA Ed25519] | ||
size integer | Size is the key bit size of the corresponding private key for this certificate. If algorithm is set to RSA, valid values are 2048, 4096 or 8192,and will default to 2048 if not specified.If algorithm is set to ECDSA, valid values are 256, 384 or 521,and will default to 256 if not specified.If algorithm is set to Ed25519, Size is ignored.No other values are allowed. |
CertificateSpec
CertificateSpec defines the desired state of Certificate. A valid Certificate requires at least one of a CommonName, DNSName, or URISAN to be valid.
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
subject X509Subject | Full X509 name specification (https://golang.org/pkg/crypto/x509/pkix/#Name). | |||
commonName string | CommonName is a common name to be used on the Certificate. The CommonName should have a length of 64 characters or fewer to avoid generating invalid CSRs. This value is ignored by TLS clients when any subject alt name is set. This is x509 behaviour: https://tools.ietf.org/html/rfc6125#section-6.4.4 | |||
duration Duration | The requested 'duration' (i.e. lifetime) of the Certificate. This option may be ignored/overridden by some issuer types. If unset this defaults to 90 days. Certificate will be renewed either 2/3 through its duration or renewBefore period before its expiry, whichever is later. Minimumaccepted duration is 1 hour. Value must be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration | |||
renewBefore Duration | How long before the currently issued certificate's expiry cert-manager should renew the certificate. The default is 2/3 of the issued certificate's duration. Minimum accepted value is 5 minutes. Value must be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration | |||
dnsNames string array | DNSNames is a list of DNS subjectAltNames to be set on the Certificate. | |||
ipAddresses string array | IPAddresses is a list of IP address subjectAltNames to be set on the Certificate. | |||
uris string array | URIs is a list of URI subjectAltNames to be set on the Certificate. | |||
emailAddresses string array | EmailAddresses is a list of email subjectAltNames to be set on the Certificate. | |||
secretName string | SecretName is the name of the secret resource that will be automatically created and managed by this Certificate resource. It will be populated with a private key and certificate, signed by the denoted issuer. IMPORTANT: this field was required in the original cert-manager API declaration | True | ||
keystores CertificateKeystores | Keystores configures additional keystore output formats stored in thesecretName Secret resource. | |||
issuerRef ObjectReference | IssuerRef is a reference to the issuer for this certificate. If the kind field is not set, or set to Issuer, an Issuer resourcewith the given name in the same namespace as the Certificate will be used. If the kind field is set to ClusterIssuer, a ClusterIssuer with theprovided name will be used. The name field in this stanza is required at all times. | True | ||
isCA boolean | IsCA will mark this Certificate as valid for certificate signing. This will automatically add the cert sign usage to the list of usages. | |||
usages KeyUsage array | Usages is the set of x509 usages that are requested for the certificate. Defaults to digital signature and key encipherment if not specified. | Enum: [signing digital signature content commitment key encipherment key agreement data encipherment cert sign crl sign encipher only decipher only any server auth client auth code signing email protection s/mime ipsec end system ipsec tunnel ipsec user timestamping ocsp signing microsoft sgc netscape sgc] | ||
privateKey CertificatePrivateKey | Options to control private keys used for the Certificate. | |||
encodeUsagesInRequest boolean | EncodeUsagesInRequest controls whether key usages should be present in the CertificateRequest | |||
revisionHistoryLimit integer | revisionHistoryLimit is the maximum number of CertificateRequest revisions that are maintained in the Certificate's history. Each revision represents a single CertificateRequest created by this Certificate, either when itwas created, renewed, or Spec was changed. Revisions will be removed by oldest first if the number of revisions exceeds this number. If set, revisionHistoryLimit must be a value of 1 or greater. If unset (nil),revisions will not be garbage collected. Default value is nil. | ExclusiveMaximum: false |
JKSKeystore
JKSKeystore configures options for storing a JKS keystore in the spec.secretName
Secret resource.
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
create boolean | Create enables JKS keystore creation for the Certificate. If true, a file named keystore.jks will be created in the targetSecret resource, encrypted using the password stored in passwordSecretRef.The keystore file will only be updated upon re-issuance. A file named truststore.jks will also be created in the targetSecret resource, encrypted using the password stored in passwordSecretRef containing the issuing Certificate Authority | True | ||
passwordSecretRef SecretKeySelector | PasswordSecretRef is a reference to a key in a Secret resource containing the password used to encrypt the JKS keystore. | True |
KeyUsage
Underlying type: string
KeyUsage specifies valid usage contexts for keys. See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3
https://tools.ietf.org/html/rfc5280#section-4.2.1.12
Valid KeyUsage values are as follows: "signing", "digital signature", "content commitment", "key encipherment", "key agreement", "data encipherment", "cert sign", "crl sign", "encipher only", "decipher only", "any", "server auth", "client auth", "code signing", "email protection", "s/mime", "ipsec end system", "ipsec tunnel", "ipsec user", "timestamping", "ocsp signing", "microsoft sgc", "netscape sgc"
Validation:
- Enum: [signing digital signature content commitment key encipherment key agreement data encipherment cert sign crl sign encipher only decipher only any server auth client auth code signing email protection s/mime ipsec end system ipsec tunnel ipsec user timestamping ocsp signing microsoft sgc netscape sgc]
Appears in:
| Field | Description |
|---|---|
signing | UsageSigning is a key usage flag |
digital signature | UsageDigitalSignature is a key usage flag |
content commitment | UsageContentCommitment is a key usage flag |
key encipherment | UsageKeyEncipherment is a key usage flag |
key agreement | UsageKeyAgreement is a key usage flag |
data encipherment | UsageDataEncipherment is a key usage flag |
cert sign | UsageCertSign is a key usage flag |
crl sign | UsageCRLSign is a key usage flag |
encipher only | UsageEncipherOnly is a key usage flag |
decipher only | UsageDecipherOnly is a key usage flag |
any | UsageAny is a key usage flag |
server auth | UsageServerAuth is a key usage flag |
client auth | UsageClientAuth is a key usage flag |
code signing | UsageCodeSigning is a key usage flag |
email protection | UsageEmailProtection is a key usage flag |
s/mime | UsageSMIME is a key usage flag |
ipsec end system | UsageIPsecEndSystem is a key usage flag |
ipsec tunnel | UsageIPsecTunnel is a key usage flag |
ipsec user | UsageIPsecUser is a key usage flag |
timestamping | UsageTimestamping is a key usage flag |
ocsp signing | UsageOCSPSigning is a key usage flag |
microsoft sgc | UsageMicrosoftSGC is a key usage flag |
netscape sgc | UsageNetscapeSGC is a key usage flag |
LocalObjectReference
LocalObjectReference is a reference to an object in the same namespace as the referent. If the referent is a cluster-scoped resource (e.g. a ClusterIssuer), the reference instead refers to the resource with the given name in the configured 'cluster resource namespace', which is set as a flag on the controller component (and defaults to the namespace that cert-manager runs in).
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
name string | Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | True |
ObjectReference
ObjectReference is a reference to an object with a given name, kind and group.
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
name string | Name of the resource being referred to. | True | ||
kind string | Kind of the resource being referred to. | |||
group string | Group of the resource being referred to. |
PKCS12Keystore
PKCS12Keystore configures options for storing a PKCS12 keystore in the
spec.secretName Secret resource.
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
create boolean | Create enables PKCS12 keystore creation for the Certificate. If true, a file named keystore.p12 will be created in the targetSecret resource, encrypted using the password stored in passwordSecretRef.The keystore file will only be updated upon re-issuance. A file named truststore.p12 will also be created in the targetSecret resource, encrypted using the password stored in passwordSecretRef containing the issuing Certificate Authority | True | ||
passwordSecretRef SecretKeySelector | PasswordSecretRef is a reference to a key in a Secret resource containing the password used to encrypt the PKCS12 keystore. | True |
PrivateKeyAlgorithm
Underlying type: string
PrivateKeyAlgorithm represent a private key algorithm
Validation:
- Enum: [RSA ECDSA Ed25519]
Appears in:
| Field | Description |
|---|---|
RSA | RSAKeyAlgorithm denotes the RSA private key type. |
ECDSA | ECDSAKeyAlgorithm denotes the ECDSA private key type. |
Ed25519 | Ed25519KeyAlgorithm denotes the Ed25519 private key type. |
PrivateKeyEncoding
Underlying type: string
PrivateKeyEncoding represent a private key encoding
Validation:
- Enum: [PKCS1 PKCS8]
Appears in:
| Field | Description |
|---|---|
PKCS1 | PKCS1 key encoding will produce PEM files that include the type of private key as part of the PEM header, e.g. BEGIN RSA PRIVATE KEY.If the keyAlgorithm is set to 'ECDSA', this will produce private keys that use the BEGIN EC PRIVATE KEY header. |
PKCS8 | PKCS8 key encoding will produce PEM files with the BEGIN PRIVATE KEYheader. It encodes the keyAlgorithm of the private key as part of the DER encoded PEM block. |
PrivateKeyRotationPolicy
Underlying type: string
PrivateKeyRotationPolicy denotes how private keys should be generated or sourced when a Certificate is being issued.
Appears in:
SecretKeySelector
SecretKeySelector is a reference to a specific 'key' within a Secret resource.
In some instances, key is a required field.
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
name string | Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | True | ||
key string | The key of the entry in the Secret resource's data field to be used.Some instances of this field may be defaulted, in others it may be required. |
X509Subject
X509Subject Full X509 name specification
Appears in:
| Field | Description | Required | Default | Validation |
|---|---|---|---|---|
organizations string array | Organizations to be used on the Certificate. | |||
countries string array | Countries to be used on the Certificate. | |||
organizationalUnits string array | Organizational Units to be used on the Certificate. | |||
localities string array | Cities to be used on the Certificate. | |||
provinces string array | State/Provinces to be used on the Certificate. | |||
streetAddresses string array | Street addresses to be used on the Certificate. | |||
postalCodes string array | Postal codes to be used on the Certificate. | |||
serialNumber string | Serial number to be used on the Certificate. |
- On this page
- Packages