From 197c47319686e5ed8f63141b058c5ea5fa021ae4 Mon Sep 17 00:00:00 2001 From: Yusuf Ramzan Date: Thu, 25 Apr 2024 07:43:57 +0100 Subject: [PATCH 1/2] K8S-3415 Updated helm chart to 2.7.0 --- charts/couchbase-operator/Chart.yaml | 4 +- charts/couchbase-operator/README.md | 91 +- charts/couchbase-operator/README.md.adoc | 103 +- .../crds/couchbase.crds.yaml | 8115 +++++++++-------- charts/couchbase-operator/values-all.yaml | 382 +- charts/couchbase-operator/values.yaml | 179 +- charts/couchbase-operator/values.yamltmpl | 4 +- 7 files changed, 4927 insertions(+), 3951 deletions(-) diff --git a/charts/couchbase-operator/Chart.yaml b/charts/couchbase-operator/Chart.yaml index dce4e2f..8f948d8 100644 --- a/charts/couchbase-operator/Chart.yaml +++ b/charts/couchbase-operator/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 name: couchbase-operator description: A Helm chart to deploy the Couchbase Autonomous Operator for easily deploying, managing, and maintaining Couchbase Clusters. Couchbase Server is a NoSQL document database with a distributed architecture for performance, scalability, and availability. It enables developers to build applications easier and faster by leveraging the power of SQL with the flexibility of JSON. -version: 2.50.4 -appVersion: 2.5.0 +version: 2.70.0 +appVersion: 2.7.0 type: application keywords: - couchbase diff --git a/charts/couchbase-operator/README.md b/charts/couchbase-operator/README.md index 8510ef0..cb6c2cb 100644 --- a/charts/couchbase-operator/README.md +++ b/charts/couchbase-operator/README.md @@ -3,7 +3,7 @@ A Helm chart to deploy the Couchbase Autonomous Operator for easily deploying, managing, and maintaining Couchbase Clusters. Couchbase Server is a NoSQL document database with a distributed architecture for performance, scalability, and availability. It enables developers to build applications easier and faster by leveraging the power of SQL with the flexibility of JSON. -![Version: 2.50.3](https://img.shields.io/badge/Version-2.50.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.5.0](https://img.shields.io/badge/AppVersion-2.5.0-informational?style=flat-square) +![Version: 2.70.0](https://img.shields.io/badge/Version-2.70.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.7.0](https://img.shields.io/badge/AppVersion-2.7.0-informational?style=flat-square) Deploying the Operator and Couchbase Server =========================================== @@ -40,7 +40,7 @@ for more information about customizing and managing your charts. | admissionCA.key | string | `nil` | A base64 encoded PEM format private key | | admissionController.commandArgs | object | `{"default-file-system-group":true,"validate-secrets":true,"validate-storage-classes":true}` | Set of command-line flags to pass on to the Admission Controller to modify its behavior. Do not change. | | admissionController.disableValidatingWebhook | bool | `false` | Disable the creation of Validation webhook. Setting to 'false' may be helpful when installing into a restricted environments (ie Strict mTLS), since disabling avoids performing resource fetching and validation from the Kubernetes API server. | -| admissionController.image | object | `{"repository":"couchbase/admission-controller","tag":"2.5.0"}` | Image specifies repository and tag of the Couchbase Admission container. | +| admissionController.image | object | `{"repository":"couchbase/admission-controller","tag":"2.7.0"}` | Image specifies repository and tag of the Couchbase Admission container. | | admissionController.imagePullPolicy | string | `"IfNotPresent"` | The policy for pulling images from the repository onto hosts. The imagePullPolicy value defaults to IfNotPresent, which means that images are only pulled if they’re not present on the Kubernetes node. Values allowed are Always, IfNotPresent, and Never. | | admissionController.imagePullSecrets | list | `[]` | ImagePullSecrets is an optional list of references to secrets to use for pulling images | | admissionController.name | string | `"couchbase-admission-controller"` | | @@ -69,14 +69,15 @@ for more information about customizing and managing your charts. | buckets.default.memoryQuota | string | `"100Mi"` | MemoryQuota is a memory limit to the size of a bucket. When this limit is exceeded, documents will be evicted from memory to disk as defined by the eviction policy. The memory quota is defined per Couchbase pod running the data service. This field defaults to, and must be greater than or equal to 100Mi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources- containers/#resource-units-in-kubernetes | | buckets.default.minimumDurability | string | `nil` | MiniumumDurability defines how durable a document write is by default, and can be made more durable by the client. This feature enables ACID transactions. When none, Couchbase server will respond when the document is in memory, it will become eventually consistent across the cluster. When majority, Couchbase server will respond when the document is replicated to at least half of the pods running the data service in the cluster. When majorityAndPersistActive, Couchbase server will respond when the document is replicated to at least half of the pods running the data service in the cluster and the document has been persisted to disk on the document master pod. When persistToMajority, Couchbase server will respond when the document is replicated and persisted to disk on at least half of the pods running the data service in the cluster. This field must be either "none", "majority", "majorityAndPersistActive" or "persistToMajority", defaulting to "none". | | buckets.default.name | string | `nil` | Name is the name of the bucket within Couchbase server. By default the Operator will use the `metadata.name` field to define the bucket name. The `metadata.name` field only supports a subset of the supported character set. When specified, this field overrides `metadata.name`. Legal bucket names have a maximum length of 100 characters and may be composed of any character from "a-z", "A-Z", "0-9" and "-_%\.". | +| buckets.default.rank | int | `0` | Rank determines the bucket’s place in the order in which the rebalance process handles the buckets on the cluster. The higher a bucket’s assigned integer (in relation to the integers assigned other buckets), the sooner in the rebalance process the bucket is handled. This assignment of rank allows a cluster’s most mission-critical data to be rebalanced with top priority. This option is only supported for Couchbase Server 7.6.0+. | | buckets.default.replicas | int | `1` | Replicas defines how many copies of documents Couchbase server maintains. This directly affects how fault tolerant a Couchbase cluster is. With a single replica, the cluster can tolerate one data pod going down and still service requests without data loss. The number of replicas also affect memory use. With a single replica, the effective memory quota for documents is halved, with two replicas it is one third. The number of replicas must be between 0 and 3, defaulting to 1. | | buckets.default.scopes | object | `{"managed":false,"resources":[],"selector":{"matchExpressions":{"key":null,"operator":null,"values":null},"matchLabels":null}}` | Scopes defines whether the Operator manages scopes for the bucket or not, and the set of scopes defined for the bucket. | | buckets.default.scopes.managed | bool | `false` | Managed defines whether scopes are managed for this bucket. This field is `false` by default, and the Operator will take no actions that will affect scopes and collections in this bucket. The default scope and collection will be present. When set to `true`, the Operator will manage user defined scopes, and optionally, their collections as defined by the `CouchbaseScope`, `CouchbaseScopeGroup`, `CouchbaseCollection` and `CouchbaseCollectionGroup` resource documentation. If this field is set to `false` while the already managed, then the Operator will leave whatever configuration is already present. | | buckets.default.scopes.resources | list | `[]` | Resources is an explicit list of named resources that will be considered for inclusion in this bucket. If a resource reference doesn't match a resource, then no error conditions are raised due to undefined resource creation ordering and eventual consistency. | -| buckets.default.scopes.selector | object | `{"matchExpressions":{"key":null,"operator":null,"values":null},"matchLabels":null}` | Selector allows resources to be implicitly considered for inclusion in this bucket. More info: https://kubernetes.io/docs/reference/generated/kubernetes- api/v1.21/#labelselector-v1-meta | +| buckets.default.scopes.selector | object | `{"matchExpressions":{"key":null,"operator":null,"values":null},"matchLabels":null}` | Selector allows resources to be implicitly considered for inclusion in this bucket. More info: https://kubernetes.io/docs/reference/generated/kubernetes- api/v1.28/#labelselector-v1-meta | | buckets.default.scopes.selector.matchExpressions | object | `{"key":null,"operator":null,"values":null}` | matchExpressions is a list of label selector requirements. The requirements are ANDed. | | buckets.default.scopes.selector.matchLabels | string | `nil` | matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. | -| buckets.default.storageBackend | string | `"couchstore"` | StorageBackend to be assigned to and used by the bucket. Only valid for Couchbase Server 7.0.0 onward. Two different backend storage mechanisms can be used - "couchstore" or "magma", defaulting to "couchstore". This cannot be edited after bucket creation. Note: "magma" is only valid for Couchbase Server 7.1.0 onward. | +| buckets.default.storageBackend | string | `"couchstore"` | StorageBackend to be assigned to and used by the bucket. Only valid for Couchbase Server 7.0.0 onward. Two different backend storage mechanisms can be used - "couchstore" or "magma", defaulting to "couchstore". Note: "magma" is only valid for Couchbase Server 7.1.0 onward. | | cluster.antiAffinity | bool | `false` | AntiAffinity forces the Operator to schedule different Couchbase server pods on different Kubernetes nodes. Anti-affinity reduces the likelihood of unrecoverable failure in the event of a node issue. Use of anti-affinity is highly recommended for production clusters. | | cluster.autoResourceAllocation | object | `{"cpuLimits":"4","cpuRequests":"2","enabled":false,"overheadPercent":25}` | AutoResourceAllocation populates pod resource requests based on the services running on that pod. When enabled, this feature will calculate the memory request as the total of service allocations defined in `spec.cluster`, plus an overhead defined by `spec.autoResourceAllocation.overheadPercent`.Changing individual allocations for a service will cause a cluster upgrade as allocations are modified in the underlying pods. This field also allows default pod CPU requests and limits to be applied. All resource allocations can be overridden by explicitly configuring them in the `spec.servers.resources` field. | | cluster.autoResourceAllocation.cpuLimits | string | `"4"` | CPULimits automatically populates the CPU limits across all Couchbase server pods. This field defaults to "4" CPUs. Explicitly specifying the CPU limit for a particular server class will override this value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources- containers/#resource-units-in-kubernetes | @@ -95,9 +96,10 @@ for more information about customizing and managing your charts. | cluster.backup.objectEndpoint.secret | string | `nil` | The name of the secret, in this namespace, that contains the CA certificate for verification of a TLS endpoint The secret must have the key with the name "tls.crt" | | cluster.backup.objectEndpoint.url | string | `nil` | The host/address of the custom object endpoint. | | cluster.backup.objectEndpoint.useVirtualPath | bool | `false` | UseVirtualPath will force the AWS SDK to use the new virtual style paths which are often required by S3 compatible object stores. | -| cluster.backup.resources | object | `{"limits":null,"requests":null}` | Resources is the resource requirements for the backup and restore containers. Will be populated by defaults if not specified. | +| cluster.backup.resources | object | `{"claims":{"name":null},"limits":null,"requests":null}` | Resources is the resource requirements for the backup and restore containers. Will be populated by defaults if not specified. | +| cluster.backup.resources.claims | object | `{"name":null}` | Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. | | cluster.backup.resources.limits | string | `nil` | Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage- resources-containers/ | -| cluster.backup.resources.requests | string | `nil` | Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage- resources-containers/ | +| cluster.backup.resources.requests | string | `nil` | Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources- containers/ | | cluster.backup.s3Secret | string | `nil` | Deprecated: by CouchbaseBackup.spec.objectStore.secret S3Secret contains the key region and optionally access-key-id and secret-access-key for operating backups in S3. This field must be popluated when the `spec.s3bucket` field is specified for a backup or restore resource. | | cluster.backup.selector | object | `{"matchExpressions":{"key":null,"operator":null,"values":null},"matchLabels":null}` | Selector allows CouchbaseBackup and CouchbaseBackupRestore resources to be filtered based on labels. | | cluster.backup.selector.matchExpressions | object | `{"key":null,"operator":null,"values":null}` | matchExpressions is a list of label selector requirements. The requirements are ANDed. | @@ -115,7 +117,7 @@ for more information about customizing and managing your charts. | cluster.buckets.selector | object | `{"matchExpressions":{"key":null,"operator":null,"values":null},"matchLabels":null}` | Selector is a label selector used to list buckets in the namespace that are managed by the Operator. | | cluster.buckets.selector.matchExpressions | object | `{"key":null,"operator":null,"values":null}` | matchExpressions is a list of label selector requirements. The requirements are ANDed. | | cluster.buckets.selector.matchLabels | string | `nil` | matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. | -| cluster.buckets.synchronize | bool | `false` | Synchronize allows unmanaged buckets, scopes, and collections to be synchronized as Kubernetes resources by the Operator. This feature is intended for development only and should not be used for production workloads. The synchronization workflow starts with `spec.buckets.managed` being set to false, the user can manually create buckets, scopes, and collections using the Couchbase UI, or other tooling. When you wish to commit to Kubernetes resources, you must specify a unique label selector in the `spec.buckets.selector` field, and this field is set to true. The Operator will create Kubernetes resources for you, and upon completion set the cluster's `Synchronized` status condition. You may then safely set `spec.buckets.managed` to true and the Operator will manage these resources as per usual. To update an already managed data topology, you must first set it to unmanaged, make any changes, and delete any old resources, then follow the standard synchronization workflow. The Operator can not, and will not, ever delete, or make modifications to resource specifications that are intended to be user managed, or managed by a life cycle management tool. These actions must be instigated by an end user. For a more complete experience, refer to the documentation for the `cao save` and `cao restore` CLI commands. | +| cluster.buckets.synchronize | bool | `false` | Synchronize allows unmanaged buckets, scopes, and collections to be synchronized as Kubernetes resources by the Operator. This feature is intended for development only and should not be used for production workloads. The synchronization workflow starts with `spec.buckets.managed` being set to false, the user can manually create buckets, scopes, and collections using the Couchbase UI, or other tooling. When you wish to commit to Kubernetes resources, you must specify a unique label selector in the `spec.buckets.selector` field, and this field is set to true. The Operator will create Kubernetes resources for you, and upon completion set the cluster's `Synchronized` status condition. Synchronizing will not create a Kubernetes resource for the Couchbase Server maintained _system scope. You may then safely set `spec.buckets.managed` to true and the Operator will manage these resources as per usual. To update an already managed data topology, you must first set it to unmanaged, make any changes, and delete any old resources, then follow the standard synchronization workflow. The Operator can not, and will not, ever delete, or make modifications to resource specifications that are intended to be user managed, or managed by a life cycle management tool. These actions must be instigated by an end user. For a more complete experience, refer to the documentation for the `cao save` and `cao restore` CLI commands. | | cluster.cluster.analyticsServiceMemoryQuota | string | `"1Gi"` | AnalyticsServiceMemQuota is the amount of memory that should be allocated to the analytics service. This value is per-pod, and only applicable to pods belonging to server classes running the analytics service. This field must be a quantity greater than or equal to 1Gi. This field defaults to 1Gi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources- containers/#resource-units-in-kubernetes | | cluster.cluster.autoCompaction | object | `{"databaseFragmentationThreshold":{"percent":30,"size":null},"parallelCompaction":false,"timeWindow":{"abortCompactionOutsideWindow":false,"end":null,"start":null},"tombstonePurgeInterval":"72h","viewFragmentationThreshold":{"percent":30,"size":null}}` | AutoCompaction allows the configuration of auto-compaction, including on what conditions disk space is reclaimed and when it is allowed to run. | | cluster.cluster.autoCompaction.databaseFragmentationThreshold | object | `{"percent":30,"size":null}` | DatabaseFragmentationThreshold defines triggers for when database compaction should start. | @@ -129,16 +131,18 @@ for more information about customizing and managing your charts. | cluster.cluster.autoFailoverServerGroup | bool | `false` | AutoFailoverServerGroup whether to enable failing over a server group. This field is ignored in server versions 7.1+ as it has been removed from the Couchbase API | | cluster.cluster.autoFailoverTimeout | string | `"120s"` | AutoFailoverTimeout defines how long Couchbase server will wait between a pod being witnessed as down, until when it will failover the pod. Couchbase server will only failover pods if it deems it safe to do so, and not result in data loss. This field must be in the range 5-3600s, defaulting to 120s. More info: https://golang.org/pkg/time/#ParseDuration | | cluster.cluster.clusterName | string | `nil` | ClusterName defines the name of the cluster, as displayed in the Couchbase UI. By default, the cluster name is that specified in the CouchbaseCluster resource's metadata. | -| cluster.cluster.data | object | `{"auxIOThreads":null,"nonIOThreads":null,"readerThreads":null,"writerThreads":null}` | Data allows the data service to be configured. | -| cluster.cluster.data.auxIOThreads | string | `nil` | AuxIOThreads allows the number of threads used by the data service, per pod, to be altered. This indicates the number of threads that are to be used in the AuxIO thread pool to run auxiliary I/O tasks. This value must be between 4 and 64 threads, and should only be increased where there are sufficient CPU resources allocated for their use. If not specified, this defaults to the default value set by Couchbase Server. | -| cluster.cluster.data.nonIOThreads | string | `nil` | NonIOThreads allows the number of threads used by the data service, per pod, to be altered. This indicates the number of threads that are to be used in the NonIO thread pool to run in memory tasks. This value must be between 4 and 64 threads, and should only be increased where there are sufficient CPU resources allocated for their use. If not specified, this defaults to the default value set by Couchbase Server. | -| cluster.cluster.data.readerThreads | string | `nil` | ReaderThreads allows the number of threads used by the data service, per pod, to be altered. This value must be between 4 and 64 threads, and should only be increased where there are sufficient CPU resources allocated for their use. If not specified, this defaults to the default value set by Couchbase Server. | -| cluster.cluster.data.writerThreads | string | `nil` | WriterThreads allows the number of threads used by the data service, per pod, to be altered. This setting is especially relevant when using "durable writes", increasing this field will have a large impact on performance. This value must be between 4 and 64 threads, and should only be increased where there are sufficient CPU resources allocated for their use. If not specified, this defaults to the default value set by Couchbase Server. | +| cluster.cluster.data | object | `{"auxIOThreads":null,"minReplicasCount":0,"nonIOThreads":null,"readerThreads":null,"writerThreads":null}` | Data allows the data service to be configured. | +| cluster.cluster.data.auxIOThreads | string | `nil` | AuxIOThreads allows the number of threads used by the data service, per pod, to be altered. This indicates the number of threads that are to be used in the AuxIO thread pool to run auxiliary I/O tasks. This value must be between 1 and 64 threads and is only supported on CB versions 7.1.0+. and should only be increased where there are sufficient CPU resources allocated for their use. If not specified, this defaults to the default value set by Couchbase Server. | +| cluster.cluster.data.minReplicasCount | int | `0` | MinReplicasCount allows the minimum number of replicas required for buckets to be set. New buckets cannot be created with less than this minimum. Defaults to 0. | +| cluster.cluster.data.nonIOThreads | string | `nil` | NonIOThreads allows the number of threads used by the data service, per pod, to be altered. This indicates the number of threads that are to be used in the NonIO thread pool to run in memory tasks. This value must be between 1 and 64 threads and is only supported on CB versions 7.1.0+. and should only be increased where there are sufficient CPU resources allocated for their use. If not specified, this defaults to the default value set by Couchbase Server. | +| cluster.cluster.data.readerThreads | string | `nil` | ReaderThreads allows the number of threads used by the data service, per pod, to be altered. This value must be between 4 and 64 threads for CB versions below 7.1.0 and, or 1 and 64 for CB versions 7.1.0+. and should only be increased where there are sufficient CPU resources allocated for their use. If not specified, this defaults to the default value set by Couchbase Server. | +| cluster.cluster.data.writerThreads | string | `nil` | WriterThreads allows the number of threads used by the data service, per pod, to be altered. This setting is especially relevant when using "durable writes", increasing this field will have a large impact on performance. This value must be between 4 and 64 threads for CB versions below 7.1.0 and, // or 1 and 64 for CB versions 7.1.0+. and should only be increased where there are sufficient CPU resources allocated for their use. If not specified, this defaults to the default value set by Couchbase Server. | | cluster.cluster.dataServiceMemoryQuota | string | `"256Mi"` | DataServiceMemQuota is the amount of memory that should be allocated to the data service. This value is per-pod, and only applicable to pods belonging to server classes running the data service. This field must be a quantity greater than or equal to 256Mi. This field defaults to 256Mi. More info: https://kubernetes.io/docs/concepts/configuration/manage- resources-containers/#resource-units-in-kubernetes | | cluster.cluster.eventingServiceMemoryQuota | string | `"256Mi"` | EventingServiceMemQuota is the amount of memory that should be allocated to the eventing service. This value is per-pod, and only applicable to pods belonging to server classes running the eventing service. This field must be a quantity greater than or equal to 256Mi. This field defaults to 256Mi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources- containers/#resource-units-in-kubernetes | | cluster.cluster.indexServiceMemoryQuota | string | `"256Mi"` | IndexServiceMemQuota is the amount of memory that should be allocated to the index service. This value is per-pod, and only applicable to pods belonging to server classes running the index service. This field must be a quantity greater than or equal to 256Mi. This field defaults to 256Mi. More info: https://kubernetes.io/docs/concepts/configuration/manage- resources-containers/#resource-units-in-kubernetes | | cluster.cluster.indexStorageSetting | string | `"memory_optimized"` | DEPRECATED - by indexer. The index storage mode to use for secondary indexing. This field must be one of "memory_optimized" or "plasma", defaulting to "memory_optimized". This field is immutable and cannot be changed unless there are no server classes running the index service in the cluster. | -| cluster.cluster.indexer | object | `{"logLevel":"info","maxRollbackPoints":2,"memorySnapshotInterval":"200ms","numReplica":0,"redistributeIndexes":false,"stableSnapshotInterval":"5s","storageMode":"memory_optimized","threads":null}` | Indexer allows the indexer to be configured. | +| cluster.cluster.indexer | object | `{"enableShardAffinity":false,"logLevel":"info","maxRollbackPoints":2,"memorySnapshotInterval":"200ms","numReplica":0,"redistributeIndexes":false,"stableSnapshotInterval":"5s","storageMode":"memory_optimized","threads":null}` | Indexer allows the indexer to be configured. | +| cluster.cluster.indexer.enableShardAffinity | bool | `false` | EnableShardAffinity when false Index Servers rebuild any index that are newly assigned to them during a rebalance. When set to true, Couchbase Server moves a reassigned index’s files between Index Servers. This field is only supported on CB versions 7.6.0+. | | cluster.cluster.indexer.logLevel | string | `"info"` | LogLevel controls the verbosity of indexer logs. This field must be one of "silent", "fatal", "error", "warn", "info", "verbose", "timing", "debug" or "trace", defaulting to "info". | | cluster.cluster.indexer.maxRollbackPoints | int | `2` | MaxRollbackPoints controls the number of checkpoints that can be rolled back to. The default is 2, with a minimum of 1. | | cluster.cluster.indexer.memorySnapshotInterval | string | `"200ms"` | MemorySnapshotInterval controls when memory indexes should be snapshotted. This defaults to 200ms, and must be greater than or equal to 1ms. | @@ -147,10 +151,33 @@ for more information about customizing and managing your charts. | cluster.cluster.indexer.stableSnapshotInterval | string | `"5s"` | StableSnapshotInterval controls when disk indexes should be snapshotted. This defaults to 5s, and must be greater than or equal to 1ms. | | cluster.cluster.indexer.storageMode | string | `"memory_optimized"` | StorageMode controls the underlying storage engine for indexes. Once set it can only be modified if there are no nodes in the cluster running the index service. The field must be one of "memory_optimized" or "plasma", defaulting to "memory_optimized". | | cluster.cluster.indexer.threads | string | `nil` | Threads controls the number of processor threads to use for indexing. A value of 0 means 1 per CPU. This attribute must be greater than or equal to 0, defaulting to 0. | -| cluster.cluster.query | object | `{"backfillEnabled":true,"temporarySpace":"5Gi","temporarySpaceUnlimited":false}` | Query allows the query service to be configured. | +| cluster.cluster.query | object | `{"backfillEnabled":true,"cboEnabled":true,"cleanupClientAttemptsEnabled":true,"cleanupLostAttemptsEnabled":true,"cleanupWindow":"60s","completedLimit":4000,"completedMaxPlanSize":"262144","completedTrackingAllRequests":false,"completedTrackingEnabled":true,"completedTrackingThreshold":"7s","logLevel":"info","maxParallelism":1,"memoryQuota":"0","nodeQuota":null,"nodeQuotaValPercent":67,"numActiveTransactionRecords":1024,"numCpus":0,"pipelineBatch":16,"pipelineCap":512,"preparedLimit":16384,"scanCap":512,"temporarySpace":"5Gi","temporarySpaceUnlimited":false,"timeout":null,"txTimeout":"0ms","useReplica":false}` | Query allows the query service to be configured. | | cluster.cluster.query.backfillEnabled | bool | `true` | BackfillEnabled allows the query service to backfill. | +| cluster.cluster.query.cboEnabled | bool | `true` | CBOEnabled specifies whether the cost-based optimizer is enabled. Defaults to true. | +| cluster.cluster.query.cleanupClientAttemptsEnabled | bool | `true` | CleanupClientAttemptsEnabled specifies whether the Query service preferentially aims to clean up just transactions that it has created, leaving transactions for the distributed cleanup process only when it is forced to. Defaults to true. | +| cluster.cluster.query.cleanupLostAttemptsEnabled | bool | `true` | CleanupLostAttemptsEnabled specifies the Query service takes part in the distributed cleanup process, and cleans up expired transactions created by any client. Defaults to true. | +| cluster.cluster.query.cleanupWindow | string | `"60s"` | CleanupWindow specifies how frequently the Query service checks its subset of active transaction records for cleanup. Defaults to 60s | +| cluster.cluster.query.completedLimit | int | `4000` | CompletedLimit sets the number of requests to be logged in the completed requests catalog. As new completed requests are added, old ones are removed. | +| cluster.cluster.query.completedMaxPlanSize | string | `"262144"` | CompletedMaxPlanSize limits the size of query execution plans that can be logged in the completed requests catalog. Queries with plans larger than this are not logged. This field is only supported on CB versions 7.6.0+. Defaults to 262144, maximum value is 20840448, and minimum value is 0. | +| cluster.cluster.query.completedTrackingAllRequests | bool | `false` | CompletedTrackingAllRequests allows all requests to be tracked regardless of their time. This field requires `completedTrackingEnabled` to be true. | +| cluster.cluster.query.completedTrackingEnabled | bool | `true` | CompletedTrackingEnabled allows completed requests to be tracked in the requests catalog. | +| cluster.cluster.query.completedTrackingThreshold | string | `"7s"` | CompletedThreshold is a trigger for queries to be logged in the completed requests catalog. All completed queries lasting longer than this threshold are logged in the completed requests catalog. This field requires `completedTrackingEnabled` to be set to true and `completedTrackingAllRequests` to be false to have any effect. | +| cluster.cluster.query.logLevel | string | `"info"` | LogLevel controls the verbosity of query logs. This field must be one of "debug", "trace", "info", "warn", "error", "severe", or "none", defaulting to "info". | +| cluster.cluster.query.maxParallelism | int | `1` | MaxParallelism specifies the maximum parallelism for queries on all Query nodes in the cluster. If the value is zero, negative, or larger than the number of allowed cored the maximum parallelism is restricted to the number of allowed cores. Defaults to 1. | +| cluster.cluster.query.memoryQuota | string | `"0"` | MemoryQuota specifies the maximum amount of memory a request may use on any Query node in the cluster. This parameter enforces a ceiling on the memory used for the tracked documents required for processing a request. It does not take into account any other memory that might be used to process a request, such as the stack, the operators, or some intermediate values. Defaults to 0. | +| cluster.cluster.query.nodeQuota | string | `nil` | NodeQuota sets a soft memory limit for every Query node in the cluster. The garbage collector tries to keep below this target. It is not a hard, absolute limit, and memory usage may exceed this value. This field is only supported on CB versions 7.6.0+. | +| cluster.cluster.query.nodeQuotaValPercent | int | `67` | NodeQuotaValPercent sets the percentage of the `useReplica` that is dedicated to tracked value content memory across all active requests for every Query node in the cluster. This field is only supported on CB versions 7.6.0+. Defaults to 67. | +| cluster.cluster.query.numActiveTransactionRecords | int | `1024` | NumActiveTransactionRecords specifies the total number of active transaction records for all Query nodes in the cluster. Default to 1024 and has a minimum of 1. | +| cluster.cluster.query.numCpus | int | `0` | NumCpus is the number of CPUs the Query service can use on any Query node in the cluster. When set to 0 (the default), the Query service can use all available CPUs, up to the limits described below. The number of CPUs can never be greater than the number of logical CPUs. In Community Edition, the number of allowed CPUs cannot be greater than 4. In Enterprise Edition, there is no limit to the number of allowed CPUs. This field is only supported on CB versions 7.6.0+. NOTE: This change requires a restart of the Query service to take effect which can be done by rescheduling nodes that are running the query service. Defaults to 0 | +| cluster.cluster.query.pipelineBatch | int | `16` | PipelineBatch controls the number of items execution operators can batch for Fetch from the KV. Defaults to 16. | +| cluster.cluster.query.pipelineCap | int | `512` | PipelineCap controls the maximum number of items each execution operator can buffer between various operators. Defaults to 512. | +| cluster.cluster.query.preparedLimit | int | `16384` | PreparedLimit is the maximum number of prepared statements in the cache. When this cache reaches the limit, the least recently used prepared statements will be discarded as new prepared statements are created. | +| cluster.cluster.query.scanCap | int | `512` | ScapCan sets the maximum buffered channel size between the indexer client and the query service for index scans. Defaults to 512. | | cluster.cluster.query.temporarySpace | string | `"5Gi"` | TemporarySpace allows the temporary storage used by the query service backfill, per-pod, to be modified. This field requires `backfillEnabled` to be set to true in order to have any effect. More info: https://kubernetes.io/docs/concepts/configuration/manage- resources-containers/#resource-units-in-kubernetes | | cluster.cluster.query.temporarySpaceUnlimited | bool | `false` | TemporarySpaceUnlimited allows the temporary storage used by the query service backfill, per-pod, to be unconstrained. This field requires `backfillEnabled` to be set to true in order to have any effect. This field overrides `temporarySpace`. | +| cluster.cluster.query.timeout | string | `nil` | Timeout is the maximum time to spend on the request before timing out. If this field is not set then there will be no timeout. | +| cluster.cluster.query.txTimeout | string | `"0ms"` | TxTimeout is the maximum time to spend on a transaction before timing out. This setting only applies to requests containing the BEGIN TRANSACTION statement, or to requests where the tximplicit parameter is set. For all other requests, it is ignored. Defaults to 0ms (no timeout). | +| cluster.cluster.query.useReplica | bool | `false` | UseReplica specifies whether a query can fetch data from a replica vBucket if active vBuckets are inaccessible. If set to true then read from replica is enabled for all queries, but can be disabled at request level. If set to false read from replica is disabled for all queries and cannot be overridden at request level. If this field is unset then it is enabled/disabled at the request level. This field is only supported on CB versions 7.6.0+. | | cluster.cluster.queryServiceMemoryQuota | string | `nil` | QueryServiceMemQuota is a dummy field. By default, Couchbase server provides no memory resource constraints for the query service, so this has no effect on Couchbase server. It is, however, used when the spec.autoResourceAllocation feature is enabled, and is used to define the amount of memory reserved by the query service for use with Kubernetes resource scheduling. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources- containers/#resource-units-in-kubernetes | | cluster.cluster.searchServiceMemoryQuota | string | `"256Mi"` | SearchServiceMemQuota is the amount of memory that should be allocated to the search service. This value is per-pod, and only applicable to pods belonging to server classes running the search service. This field must be a quantity greater than or equal to 256Mi. This field defaults to 256Mi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources- containers/#resource-units-in-kubernetes | | cluster.enableOnlineVolumeExpansion | bool | `false` | EnableOnlineVolumeExpansion enables online expansion of Persistent Volumes. You can only expand a PVC if its storage class's "allowVolumeExpansion" field is set to true. Additionally, Kubernetes feature "ExpandInUsePersistentVolumes" must be enabled in order to expand the volumes which are actively bound to Pods. Volumes can only be expanded and not reduced to a smaller size. See: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#resizing-an- in-use-persistentvolumeclaim If "EnableOnlineVolumeExpansion" is enabled for use within an environment that does not actually support online volume and file system expansion then the cluster will fallback to rolling upgrade procedure to create a new set of Pods for use with resized Volumes. More info: https://kubernetes.io/docs/concepts/storage/persistent- volumes/#expanding-persistent-volumes-claims | @@ -158,34 +185,36 @@ for more information about customizing and managing your charts. | cluster.envImagePrecedence | bool | `false` | EnvImagePrecedence gives precedence over the default container image name in `spec.Image` to an image name provided through Operator environment variables. For more info on using Operator environment variables: https://docs.couchbase.com/operator/current/reference-operator- configuration.html | | cluster.hibernate | bool | `false` | Hibernate is whether to hibernate the cluster. | | cluster.hibernationStrategy | string | `nil` | HibernationStrategy defines how to hibernate the cluster. When Immediate the Operator will immediately delete all pods and take no further action until the hibernate field is set to false. | -| cluster.image | string | `"couchbase/server:7.2.0"` | Image is the container image name that will be used to launch Couchbase server instances. Updating this field will cause an automatic upgrade of the cluster. | +| cluster.image | string | `"couchbase/server:7.2.0"` | Image is the container image name that will be used to launch Couchbase server instances. Updating this field will cause an automatic upgrade of the cluster. Explicitly specifying the image for a server class will override this value for the server class. | | cluster.logging.audit.disabledEvents | string | `nil` | The list of event ids to disable for auditing purposes. This is passed to the REST API with no verification by the operator. Refer to the documentation for details: https://docs.couchbase.com/server/current/audit-event-reference/audit- event-reference.html | | cluster.logging.audit.disabledUsers | string | `nil` | The list of users to ignore for auditing purposes. This is passed to the REST API with minimal validation it meets an acceptable regex pattern. Refer to the documentation for full details on how to configure this: https://docs.couchbase.com/server/current/manage/manage- security/manage-auditing.html#ignoring-events-by-user | | cluster.logging.audit.enabled | bool | `false` | Enabled is a boolean that enables the audit capabilities. | -| cluster.logging.audit.garbageCollection | object | `{"sidecar":{"age":"1h","enabled":false,"image":"busybox:1.33.1","interval":"20m","resources":{"limits":null,"requests":null}}}` | Handle all optional garbage collection (GC) configuration for the audit functionality. This is not part of the audit REST API, it is intended to handle GC automatically for the audit logs. By default the Couchbase Server rotates the audit logs but does not clean up the rotated logs. This is left as an operation for the cluster administrator to manage, the operator allows for us to automate this: https://docs.couchbase.com/server/current/manage/manage-security/manage- auditing.html | -| cluster.logging.audit.rotation | object | `{"interval":"15m","size":"20Mi"}` | The interval to optionally rotate the audit log. This is passed to the REST API, see here for details: https://docs.couchbase.com/server/current/manage/manage-security/manage- auditing.html | +| cluster.logging.audit.garbageCollection | object | `{"sidecar":{"age":"1h","enabled":false,"image":"busybox:1.33.1","interval":"20m","resources":{"claims":{"name":null},"limits":null,"requests":null}}}` | Handle all optional garbage collection (GC) configuration for the audit functionality. This is not part of the audit REST API, it is intended to handle GC automatically for the audit logs. By default the Couchbase Server rotates the audit logs but does not clean up the rotated logs. This is left as an operation for the cluster administrator to manage, the operator allows for us to automate this: https://docs.couchbase.com/server/current/manage/manage-security/manage- auditing.html | +| cluster.logging.audit.rotation | object | `{"interval":"15m","pruneAge":"0","size":"20Mi"}` | The interval to optionally rotate the audit log. This is passed to the REST API, see here for details: https://docs.couchbase.com/server/current/manage/manage-security/manage- auditing.html | | cluster.logging.logRetentionCount | string | `nil` | LogRetentionCount gives the number of persistent log PVCs to keep. | | cluster.logging.logRetentionTime | string | `nil` | LogRetentionTime gives the time to keep persistent log PVCs alive for. | | cluster.logging.server.configurationName | string | `"fluent-bit-config"` | ConfigurationName is the name of the Secret to use holding the logging configuration in the namespace. A Secret is used to ensure we can safely store credentials but this can be populated from plaintext if acceptable too. If it does not exist then one will be created with defaults in the namespace so it can be easily updated whilst running. Note that if running multiple clusters in the same kubernetes namespace then you should use a separate Secret for each, otherwise the first cluster will take ownership (if created) and the Secret will be cleaned up when that cluster is removed. If running clusters in separate namespaces then they will be separate Secrets anyway. | | cluster.logging.server.enabled | bool | `false` | Enabled is a boolean that enables the logging sidecar container. | | cluster.logging.server.manageConfiguration | bool | `true` | A boolean which indicates whether the operator should manage the configuration or not. If omitted then this defaults to true which means the operator will attempt to reconcile it to default values. To use a custom configuration make sure to set this to false. Note that the ownership of any Secret is not changed so if a Secret is created externally it can be updated by the operator but it's ownership stays the same so it will be cleaned up when it's owner is. | -| cluster.logging.server.sidecar | object | `{"configurationMountPath":"/fluent-bit/config/","image":"couchbase/fluent-bit:1.2.1","resources":{"limits":null,"requests":null}}` | Any specific logging sidecar container configuration. | -| cluster.monitoring | object | `{}` | Monitoring defines any Operator managed integration into 3rd party monitoring infrastructure. | +| cluster.logging.server.sidecar | object | `{"configurationMountPath":"/fluent-bit/config/","image":"couchbase/fluent-bit:1.2.1","resources":{"claims":{"name":null},"limits":null,"requests":null}}` | Any specific logging sidecar container configuration. | +| cluster.monitoring | object | `{}` | DEPRECATED - By Couchbase Server metrics endpoint on version 7.0+ Monitoring defines any Operator managed integration into 3rd party monitoring infrastructure. | | cluster.name | string | `nil` | Name of the cluster, defaults to name of chart release | | cluster.networking.addressFamily | string | `nil` | AddressFamily allows the manual selection of the address family to use. When this field is not set, Couchbase server will default to using IPv4 for internal communication and also support IPv6 on dual stack systems. Setting this field to either IPv4 or IPv6 will force Couchbase to use the selected protocol for internal communication, and also disable all other protocols to provide added security and simplicty when defining firewall rules. Disabling of address families is only supported in Couchbase Server 7.0.2+. | -| cluster.networking.adminConsoleServiceTemplate | object | `{"metadata":{"annotations":null,"labels":null},"spec":{"clusterIP":null,"clusterIPs":null,"externalIPs":null,"externalName":null,"externalTrafficPolicy":null,"healthCheckNodePort":null,"internalTrafficPolicy":null,"ipFamilies":null,"ipFamilyPolicy":null,"loadBalancerClass":null,"loadBalancerIP":null,"loadBalancerSourceRanges":null,"sessionAffinity":null,"sessionAffinityConfig":{"clientIP":{"timeoutSeconds":null}},"type":"NodePort"}}` | AdminConsoleServiceTemplate provides a template used by the Operator to create and manage the admin console service. This allows services to be annotated, the service type defined and any other options that Kubernetes provides. When using a LoadBalancer service type, TLS and dynamic DNS must also be enabled. The Operator reserves the right to modify or replace any field. More info: https://kubernetes.io/docs/reference/generated/kubernetes- api/v1.21/#service-v1-core | +| cluster.networking.adminConsoleServiceTemplate | object | `{"metadata":{"annotations":null,"labels":null},"spec":{"clusterIP":null,"clusterIPs":null,"externalIPs":null,"externalName":null,"externalTrafficPolicy":null,"healthCheckNodePort":null,"internalTrafficPolicy":null,"ipFamilies":null,"ipFamilyPolicy":null,"loadBalancerClass":null,"loadBalancerIP":null,"loadBalancerSourceRanges":null,"sessionAffinity":null,"sessionAffinityConfig":{"clientIP":{"timeoutSeconds":null}},"type":"NodePort"}}` | AdminConsoleServiceTemplate provides a template used by the Operator to create and manage the admin console service. This allows services to be annotated, the service type defined and any other options that Kubernetes provides. When using a LoadBalancer service type, TLS and dynamic DNS must also be enabled. The Operator reserves the right to modify or replace any field. More info: https://kubernetes.io/docs/reference/generated/kubernetes- api/v1.28/#service-v1-core | | cluster.networking.adminConsoleServiceTemplate.metadata | object | `{"annotations":null,"labels":null}` | Standard objects metadata. This is a curated version for use with Couchbase resource templates. | | cluster.networking.adminConsoleServiceTemplate.spec | object | `{"clusterIP":null,"clusterIPs":null,"externalIPs":null,"externalName":null,"externalTrafficPolicy":null,"healthCheckNodePort":null,"internalTrafficPolicy":null,"ipFamilies":null,"ipFamilyPolicy":null,"loadBalancerClass":null,"loadBalancerIP":null,"loadBalancerSourceRanges":null,"sessionAffinity":null,"sessionAffinityConfig":{"clientIP":{"timeoutSeconds":null}},"type":"NodePort"}` | ServiceSpec describes the attributes that a user creates on a service. | | cluster.networking.adminConsoleServices | list | `["data"]` | DEPRECATED - not required by Couchbase Server. AdminConsoleServices is a selector to choose specific services to expose via the admin console. This field may contain any of "data", "index", "query", "search", "eventing" and "analytics". Each service may only be included once. | -| cluster.networking.cloudNativeGateway | object | `{"image":null,"tls":{"serverSecretName":null}}` | DEVELOPER PREVIEW - This feature is in developer preview. CloudNativeGateway is used to provision a gRPC gateway proxying a Couchbase cluster. | -| cluster.networking.cloudNativeGateway.image | string | `nil` | DEVELOPER PREVIEW - This feature is in developer preview. Image is the Cloud Native Gateway image to be used to run the sidecar container. No validation is carried out as this can be any arbitrary repo and tag. TODO: provide a default kubebuilder default image tag as field is mandatory. | -| cluster.networking.cloudNativeGateway.tls | object | `{"serverSecretName":null}` | DEVELOPER PREVIEW - This feature is in developer preview. TLS defines the TLS configuration for the Cloud Native Gateway server including server and client certificate configuration, and TLS security policies. | +| cluster.networking.cloudNativeGateway | object | `{"image":null,"logLevel":"info","terminationGracePeriodSeconds":75,"tls":{"serverSecretName":null}}` | CloudNativeGateway is used to provision a gRPC gateway proxying a Couchbase cluster. | +| cluster.networking.cloudNativeGateway.image | string | `nil` | Image is the Cloud Native Gateway image to be used to run the sidecar container. No validation is carried out as this can be any arbitrary repo and tag. TODO: provide a default kubebuilder default image tag as field is mandatory. | +| cluster.networking.cloudNativeGateway.logLevel | string | `"info"` | DEVELOPER PREVIEW - This feature is in developer preview. LogLevel controls the verbosity of cloud native logs. This field must be one of "fatal", "panic", "dpanic", "error", "warn", "info", "debug" defaulting to "info". | +| cluster.networking.cloudNativeGateway.terminationGracePeriodSeconds | int | `75` | TerminationGracePeriodSeconds specifies the grace period for the container to terminate. Defaults to 75 seconds. | +| cluster.networking.cloudNativeGateway.tls | object | `{"serverSecretName":null}` | TLS defines the TLS configuration for the Cloud Native Gateway server including server and client certificate configuration, and TLS security policies. If no TLS config are explicitly provided, the operator generates/manages self-signed certs/keys and creates a k8s secret named `couchbase-cloud-native-gateway-self-signed-secret-` unique to a Couchbase cluster, which is volume mounted to the cb k8s pod. This action could be overidden at the outset or later, by using the below TLS config or generating the secret of same name as `couchbase- cloud-native-gateway-self-signed-secret-` with certificates conforming to the keys of well-known type "kubernetes.io/tls" with "tls.crt" and "tls.key". N.B. The secret is on per cluster basis so it's advised to use the unique cluster name else would be ignored. | | cluster.networking.disableUIOverHTTP | bool | `false` | DisableUIOverHTTP is used to explicitly enable and disable UI access over the HTTP protocol. If not specified, this field defaults to false. | | cluster.networking.disableUIOverHTTPS | bool | `false` | DisableUIOverHTTPS is used to explicitly enable and disable UI access over the HTTPS protocol. If not specified, this field defaults to false. | | cluster.networking.dns | object | `{"domain":null}` | DNS defines information required for Dynamic DNS support. | | cluster.networking.dns.domain | string | `nil` | Domain is the domain to create pods in. When populated the Operator will annotate the admin console and per-pod services with the key "external-dns.alpha.kubernetes.io/hostname". These annotations can be used directly by a Kubernetes External-DNS controller to replicate load balancer service IP addresses into a public DNS server. | | cluster.networking.exposeAdminConsole | bool | `true` | ExposeAdminConsole creates a service referencing the admin console. The service is configured by the adminConsoleServiceTemplate field. | -| cluster.networking.exposedFeatureServiceTemplate | object | `{"metadata":{"annotations":null,"labels":null},"spec":{"clusterIP":null,"clusterIPs":null,"externalIPs":null,"externalName":null,"externalTrafficPolicy":null,"healthCheckNodePort":null,"internalTrafficPolicy":null,"ipFamilies":null,"ipFamilyPolicy":null,"loadBalancerClass":null,"loadBalancerIP":null,"loadBalancerSourceRanges":null,"sessionAffinity":null,"sessionAffinityConfig":{"clientIP":{"timeoutSeconds":null}},"type":"NodePort"}}` | ExposedFeatureServiceTemplate provides a template used by the Operator to create and manage per-pod services. This allows services to be annotated, the service type defined and any other options that Kubernetes provides. When using a LoadBalancer service type, TLS and dynamic DNS must also be enabled. The Operator reserves the right to modify or replace any field. More info: https://kubernetes.io/docs/reference/generated/kubernetes- api/v1.21/#service-v1-core | +| cluster.networking.exposedFeatureServiceTemplate | object | `{"metadata":{"annotations":null,"labels":null},"spec":{"clusterIP":null,"clusterIPs":null,"externalIPs":null,"externalName":null,"externalTrafficPolicy":null,"healthCheckNodePort":null,"internalTrafficPolicy":null,"ipFamilies":null,"ipFamilyPolicy":null,"loadBalancerClass":null,"loadBalancerIP":null,"loadBalancerSourceRanges":null,"sessionAffinity":null,"sessionAffinityConfig":{"clientIP":{"timeoutSeconds":null}},"type":"NodePort"}}` | ExposedFeatureServiceTemplate provides a template used by the Operator to create and manage per-pod services. This allows services to be annotated, the service type defined and any other options that Kubernetes provides. When using a LoadBalancer service type, TLS and dynamic DNS must also be enabled. The Operator reserves the right to modify or replace any field. More info: https://kubernetes.io/docs/reference/generated/kubernetes- api/v1.28/#service-v1-core | | cluster.networking.exposedFeatureServiceTemplate.metadata | object | `{"annotations":null,"labels":null}` | Standard objects metadata. This is a curated version for use with Couchbase resource templates. | | cluster.networking.exposedFeatureServiceTemplate.spec | object | `{"clusterIP":null,"clusterIPs":null,"externalIPs":null,"externalName":null,"externalTrafficPolicy":null,"healthCheckNodePort":null,"internalTrafficPolicy":null,"ipFamilies":null,"ipFamilyPolicy":null,"loadBalancerClass":null,"loadBalancerIP":null,"loadBalancerSourceRanges":null,"sessionAffinity":null,"sessionAffinityConfig":{"clientIP":{"timeoutSeconds":null}},"type":"NodePort"}` | ServiceSpec describes the attributes that a user creates on a service. | | cluster.networking.exposedFeatureTrafficPolicy | string | `nil` | DEPRECATED - by exposedFeatureServiceTemplate. ExposedFeatureTrafficPolicy defines how packets should be routed from a load balancer service to a Couchbase pod. When local, traffic is routed directly to the pod. When cluster, traffic is routed to any node, then forwarded on. While cluster routing may be slower, there are some situations where it is required for connectivity. This field must be either "Cluster" or "Local", defaulting to "Local", | @@ -195,6 +224,7 @@ for more information about customizing and managing your charts. | cluster.networking.serviceAnnotations | string | `nil` | DEPRECATED - by adminConsoleServiceTemplate and exposedFeatureServiceTemplate. ServiceAnnotations allows services to be annotated with custom labels. Operator annotations are merged on top of these so have precedence as they are required for correct operation. | | cluster.networking.waitForAddressReachable | string | `"10m"` | WaitForAddressReachable is used to set the timeout between when polling of external addresses is started, and when it is deemed a failure. Polling of DNS name availability inherently dangerous due to negative caching, so prefer the use of an initial `waitForAddressReachableDelay` to allow propagation. | | cluster.networking.waitForAddressReachableDelay | string | `"2m"` | WaitForAddressReachableDelay is used to defer operator checks that ensure external addresses are reachable before new nodes are balanced in to the cluster. This prevents negative DNS caching while waiting for external-DDNS controllers to propagate addresses. | +| cluster.onlineVolumeExpansionTimeoutInMins | string | `nil` | OnlineVolumeExpansionTimeoutInMins must be provided as a retry mechanism with a timeout in minutes for expanding volumes. This must only be provided, if EnableOnlineVolumeExpansion is set to true. Value must be between 0 and 30. If no value is provided, then it defaults to 10 minutes. | | cluster.paused | bool | `false` | Paused is to pause the control of the operator for the Couchbase cluster. This does not pause the cluster itself, instead stopping the operator from taking any action. | | cluster.platform | string | `nil` | Platform gives a hint as to what platform we are running on and how to configure services. This field must be one of "aws", "gke" or "azure". | | cluster.recoveryPolicy | string | `nil` | RecoveryPolicy controls how aggressive the Operator is when recovering cluster topology. When PrioritizeDataIntegrity, the Operator will delegate failover exclusively to Couchbase server, relying on it to only allow recovery when safe to do so. When PrioritizeUptime, the Operator will wait for a period after the expected auto-failover of the cluster, before forcefully failing-over the pods. This may cause data loss, and is only expected to be used on clusters with ephemeral data, where the loss of the pod means that the data is known to be unrecoverable. This field must be either "PrioritizeDataIntegrity" or "PrioritizeUptime", defaulting to "PrioritizeDataIntegrity". | @@ -211,7 +241,7 @@ for more information about customizing and managing your charts. | cluster.security.podSecurityContext.runAsUser | int | `1000` | The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. | | cluster.security.podSecurityContext.seLinuxOptions | object | `{"level":null,"role":null,"type":null,"user":null}` | The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. | | cluster.security.podSecurityContext.seccompProfile | object | `{"localhostProfile":null,"type":null}` | The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. | -| cluster.security.podSecurityContext.supplementalGroups | string | `nil` | A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container. Note that this field cannot be set when spec.os.name is windows. | +| cluster.security.podSecurityContext.supplementalGroups | string | `nil` | A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows. | | cluster.security.podSecurityContext.sysctls | object | `{"name":null,"value":null}` | Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows. | | cluster.security.podSecurityContext.windowsOptions | object | `{"gmsaCredentialSpec":null,"gmsaCredentialSpecName":null,"hostProcess":false,"runAsUserName":null}` | The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. | | cluster.security.rbac | object | `{"managed":true,"selector":{"matchExpressions":{"key":null,"operator":null,"values":null},"matchLabels":null}}` | RBAC is the options provided for enabling and selecting RBAC User resources to manage. | @@ -226,16 +256,17 @@ for more information about customizing and managing your charts. | cluster.servers.default.services | list | `["data","index","query","search","analytics","eventing"]` | Services is the set of Couchbase services to run on this server class. At least one class must contain the data service. The field may contain any of "data", "index", "query", "search", "eventing" or "analytics". Each service may only be specified once. | | cluster.servers.default.size | int | `3` | Size is the expected requested of the server class. This field must be greater than or equal to 1. | | cluster.softwareUpdateNotifications | bool | `false` | SoftwareUpdateNotifications enables software update notifications in the UI. When enabled, the UI will alert when a Couchbase server upgrade is available. | +| cluster.upgradeProcess | string | `nil` | UpgradeProcess defines the process that will be used when performing a couchbase cluster upgrade. When SwapRebalance is requested (default), pods will be upgraded using either a RollingUpgrade or ImmediateUpgrade (determined by UpgradeStrategy). When DeltaRecovery is requested, the operator will perform an in-place upgrade on a best effort basis. DeltaRecovery cannot be used if the UpgradeStrategy is set to ImmediateUpgrade. | | cluster.upgradeStrategy | string | `nil` | UpgradeStrategy controls how aggressive the Operator is when performing a cluster upgrade. When a rolling upgrade is requested, pods are upgraded one at a time. This strategy is slower, however less disruptive. When an immediate upgrade strategy is requested, all pods are upgraded at the same time. This strategy is faster, but more disruptive. This field must be either "RollingUpgrade" or "ImmediateUpgrade", defaulting to "RollingUpgrade". | -| cluster.volumeClaimTemplates | object | `{"metadata":{"annotations":null,"labels":null,"name":null},"spec":{"accessModes":null,"dataSourceRef":{"apiGroup":null,"kind":null,"name":null},"resources":{"limits":null,"requests":null},"selector":{"matchExpressions":{"key":null,"operator":null,"values":null},"matchLabels":null},"storageClassName":null,"volumeMode":null,"volumeName":null}}` | VolumeClaimTemplates define the desired characteristics of a volume that can be requested/claimed by a pod, for example the storage class to use and the volume size. Volume claim templates are referred to by name by server class volume mount configuration. | +| cluster.volumeClaimTemplates | object | `{"metadata":{"annotations":null,"labels":null,"name":null},"spec":{"accessModes":null,"dataSourceRef":{"apiGroup":null,"kind":null,"name":null,"namespace":null},"resources":{"claims":{"name":null},"limits":null,"requests":null},"selector":{"matchExpressions":{"key":null,"operator":null,"values":null},"matchLabels":null},"storageClassName":null,"volumeMode":null,"volumeName":null}}` | VolumeClaimTemplates define the desired characteristics of a volume that can be requested/claimed by a pod, for example the storage class to use and the volume size. Volume claim templates are referred to by name by server class volume mount configuration. | | cluster.volumeClaimTemplates.metadata | object | `{"annotations":null,"labels":null,"name":null}` | Standard objects metadata. This is a curated version for use with Couchbase resource templates. | | cluster.volumeClaimTemplates.metadata.annotations | string | `nil` | Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations | | cluster.volumeClaimTemplates.metadata.labels | string | `nil` | Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels | | cluster.volumeClaimTemplates.metadata.name | string | `nil` | Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user- guide/identifiers#names | -| cluster.volumeClaimTemplates.spec | object | `{"accessModes":null,"dataSourceRef":{"apiGroup":null,"kind":null,"name":null},"resources":{"limits":null,"requests":null},"selector":{"matchExpressions":{"key":null,"operator":null,"values":null},"matchLabels":null},"storageClassName":null,"volumeMode":null,"volumeName":null}` | PersistentVolumeClaimSpec describes the common attributes of storage devices and allows a Source for provider-specific attributes | +| cluster.volumeClaimTemplates.spec | object | `{"accessModes":null,"dataSourceRef":{"apiGroup":null,"kind":null,"name":null,"namespace":null},"resources":{"claims":{"name":null},"limits":null,"requests":null},"selector":{"matchExpressions":{"key":null,"operator":null,"values":null},"matchLabels":null},"storageClassName":null,"volumeMode":null,"volumeName":null}` | PersistentVolumeClaimSpec describes the common attributes of storage devices and allows a Source for provider-specific attributes | | cluster.volumeClaimTemplates.spec.accessModes | string | `nil` | accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent- volumes#access-modes-1 | -| cluster.volumeClaimTemplates.spec.dataSourceRef | object | `{"apiGroup":null,"kind":null,"name":null}` | dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. | -| cluster.volumeClaimTemplates.spec.resources | object | `{"limits":null,"requests":null}` | resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources | +| cluster.volumeClaimTemplates.spec.dataSourceRef | object | `{"apiGroup":null,"kind":null,"name":null,"namespace":null}` | dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. | +| cluster.volumeClaimTemplates.spec.resources | object | `{"claims":{"name":null},"limits":null,"requests":null}` | resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources | | cluster.volumeClaimTemplates.spec.selector | object | `{"matchExpressions":{"key":null,"operator":null,"values":null},"matchLabels":null}` | selector is a label query over volumes to consider for binding. | | cluster.volumeClaimTemplates.spec.storageClassName | string | `nil` | storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 | | cluster.volumeClaimTemplates.spec.volumeMode | string | `nil` | volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. | @@ -256,7 +287,7 @@ for more information about customizing and managing your charts. | coredns.service | string | `nil` | Name of Kubernetes service which exposes DNS endpoints | | couchbaseOperator.commandArgs | object | `{"pod-create-timeout":"10m"}` | Set of command-line flags to pass on to the Operator to modify its behavior. see: https://docs.couchbase.com/operator/2.0/reference-operator-configuration.html#command-line-arguments | | couchbaseOperator.commandArgs.pod-create-timeout | string | `"10m"` | Pod creation timeout. The Operator allows the timeout of pod creation to be manually configured. It is primarily intended for use on cloud platforms where the deployment of multiple volumes and pulling of a Couchbase Server container image may take a longer time than the default timeout period. | -| couchbaseOperator.image | object | `{"repository":"couchbase/operator","tag":"2.5.0"}` | Image specifies repository and tag of the Couchbase Operator container. | +| couchbaseOperator.image | object | `{"repository":"couchbase/operator","tag":"2.7.0"}` | Image specifies repository and tag of the Couchbase Operator container. | | couchbaseOperator.imagePullPolicy | string | `"IfNotPresent"` | The policy for pulling images from the repository onto hosts. The imagePullPolicy value defaults to IfNotPresent, which means that images are only pulled if they’re not present on the Kubernetes node. Values allowed are Always, IfNotPresent, and Never. | | couchbaseOperator.imagePullSecrets | list | `[]` | ImagePullSecrets is an optional list of references to secrets to use for pulling images. | | couchbaseOperator.name | string | `"couchbase-operator"` | Name of the couchbase operator Deployment | diff --git a/charts/couchbase-operator/README.md.adoc b/charts/couchbase-operator/README.md.adoc index b2027e0..41f2ae6 100644 --- a/charts/couchbase-operator/README.md.adoc +++ b/charts/couchbase-operator/README.md.adoc @@ -5,7 +5,7 @@ | admissionCA.key | string | `nil` | A base64 encoded PEM format private key | admissionController.commandArgs | object | `{"default-file-system-group":true,"validate-secrets":true,"validate-storage-classes":true}` | Set of command-line flags to pass on to the Admission Controller to modify its behavior. Do not change. | admissionController.disableValidatingWebhook | bool | `false` | Disable the creation of Validation webhook. Setting to 'false' may be helpful when installing into a restricted environments (ie Strict mTLS), since disabling avoids performing resource fetching and validation from the Kubernetes API server. -| admissionController.image | object | `{"repository":"couchbase/admission-controller","tag":"2.5.0"}` | Image specifies repository and tag of the Couchbase Admission container. +| admissionController.image | object | `{"repository":"couchbase/admission-controller","tag":"2.7.0"}` | Image specifies repository and tag of the Couchbase Admission container. | admissionController.imagePullPolicy | string | `"IfNotPresent"` | The policy for pulling images from the repository onto hosts. The imagePullPolicy value defaults to IfNotPresent, which means that images are only pulled if they’re not present on the Kubernetes node. Values allowed are Always, IfNotPresent, and Never. | admissionController.imagePullSecrets | list | `[]` | ImagePullSecrets is an optional list of references to secrets to use for pulling images | admissionController.name | string | `"couchbase-admission-controller"` | @@ -34,14 +34,15 @@ | buckets.default.memoryQuota | string | `"100Mi"` | MemoryQuota is a memory limit to the size of a bucket. When this limit is exceeded, documents will be evicted from memory to disk as defined by the eviction policy. The memory quota is defined per Couchbase pod running the data service. This field defaults to, and must be greater than or equal to 100Mi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes | buckets.default.minimumDurability | string | `nil` | MiniumumDurability defines how durable a document write is by default, and can be made more durable by the client. This feature enables ACID transactions. When none, Couchbase server will respond when the document is in memory, it will become eventually consistent across the cluster. When majority, Couchbase server will respond when the document is replicated to at least half of the pods running the data service in the cluster. When majorityAndPersistActive, Couchbase server will respond when the document is replicated to at least half of the pods running the data service in the cluster and the document has been persisted to disk on the document master pod. When persistToMajority, Couchbase server will respond when the document is replicated and persisted to disk on at least half of the pods running the data service in the cluster. This field must be either "none", "majority", "majorityAndPersistActive" or "persistToMajority", defaulting to "none". | buckets.default.name | string | `nil` | Name is the name of the bucket within Couchbase server. By default the Operator will use the `metadata.name` field to define the bucket name. The `metadata.name` field only supports a subset of the supported character set. When specified, this field overrides `metadata.name`. Legal bucket names have a maximum length of 100 characters and may be composed of any character from "a-z", "A-Z", "0-9" and "-_%\.". +| buckets.default.rank | int | `0` | Rank determines the bucket’s place in the order in which the rebalance process handles the buckets on the cluster. The higher a bucket’s assigned integer (in relation to the integers assigned other buckets), the sooner in the rebalance process the bucket is handled. This assignment of rank allows a cluster’s most mission-critical data to be rebalanced with top priority. This option is only supported for Couchbase Server 7.6.0+. | buckets.default.replicas | int | `1` | Replicas defines how many copies of documents Couchbase server maintains. This directly affects how fault tolerant a Couchbase cluster is. With a single replica, the cluster can tolerate one data pod going down and still service requests without data loss. The number of replicas also affect memory use. With a single replica, the effective memory quota for documents is halved, with two replicas it is one third. The number of replicas must be between 0 and 3, defaulting to 1. | buckets.default.scopes | object | `{"managed":false,"resources":[],"selector":{"matchExpressions":{"key":null,"operator":null,"values":null},"matchLabels":null}}` | Scopes defines whether the Operator manages scopes for the bucket or not, and the set of scopes defined for the bucket. | buckets.default.scopes.managed | bool | `false` | Managed defines whether scopes are managed for this bucket. This field is `false` by default, and the Operator will take no actions that will affect scopes and collections in this bucket. The default scope and collection will be present. When set to `true`, the Operator will manage user defined scopes, and optionally, their collections as defined by the `CouchbaseScope`, `CouchbaseScopeGroup`, `CouchbaseCollection` and `CouchbaseCollectionGroup` resource documentation. If this field is set to `false` while the already managed, then the Operator will leave whatever configuration is already present. | buckets.default.scopes.resources | list | `[]` | Resources is an explicit list of named resources that will be considered for inclusion in this bucket. If a resource reference doesn't match a resource, then no error conditions are raised due to undefined resource creation ordering and eventual consistency. -| buckets.default.scopes.selector | object | `{"matchExpressions":{"key":null,"operator":null,"values":null},"matchLabels":null}` | Selector allows resources to be implicitly considered for inclusion in this bucket. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#labelselector-v1-meta +| buckets.default.scopes.selector | object | `{"matchExpressions":{"key":null,"operator":null,"values":null},"matchLabels":null}` | Selector allows resources to be implicitly considered for inclusion in this bucket. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#labelselector-v1-meta | buckets.default.scopes.selector.matchExpressions | object | `{"key":null,"operator":null,"values":null}` | matchExpressions is a list of label selector requirements. The requirements are ANDed. | buckets.default.scopes.selector.matchLabels | string | `nil` | matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. -| buckets.default.storageBackend | string | `"couchstore"` | StorageBackend to be assigned to and used by the bucket. Only valid for Couchbase Server 7.0.0 onward. Two different backend storage mechanisms can be used - "couchstore" or "magma", defaulting to "couchstore". This cannot be edited after bucket creation. Note: "magma" is only valid for Couchbase Server 7.1.0 onward. +| buckets.default.storageBackend | string | `"couchstore"` | StorageBackend to be assigned to and used by the bucket. Only valid for Couchbase Server 7.0.0 onward. Two different backend storage mechanisms can be used - "couchstore" or "magma", defaulting to "couchstore". Note: "magma" is only valid for Couchbase Server 7.1.0 onward. | cluster.antiAffinity | bool | `false` | AntiAffinity forces the Operator to schedule different Couchbase server pods on different Kubernetes nodes. Anti-affinity reduces the likelihood of unrecoverable failure in the event of a node issue. Use of anti-affinity is highly recommended for production clusters. | cluster.autoResourceAllocation | object | `{"cpuLimits":"4","cpuRequests":"2","enabled":false,"overheadPercent":25}` | AutoResourceAllocation populates pod resource requests based on the services running on that pod. When enabled, this feature will calculate the memory request as the total of service allocations defined in `spec.cluster`, plus an overhead defined by `spec.autoResourceAllocation.overheadPercent`.Changing individual allocations for a service will cause a cluster upgrade as allocations are modified in the underlying pods. This field also allows default pod CPU requests and limits to be applied. All resource allocations can be overridden by explicitly configuring them in the `spec.servers.resources` field. | cluster.autoResourceAllocation.cpuLimits | string | `"4"` | CPULimits automatically populates the CPU limits across all Couchbase server pods. This field defaults to "4" CPUs. Explicitly specifying the CPU limit for a particular server class will override this value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes @@ -49,7 +50,7 @@ | cluster.autoResourceAllocation.enabled | bool | `false` | Enabled defines whether auto-resource allocation is enabled. | cluster.autoResourceAllocation.overheadPercent | int | `25` | OverheadPercent defines the amount of memory above that required for individual services on a pod. For Couchbase Server this should be approximately 25%. | cluster.autoscaleStabilizationPeriod | string | `nil` | AutoscaleStabilizationPeriod defines how long after a rebalance the corresponding HorizontalPodAutoscaler should remain in maintenance mode. During maintenance mode all autoscaling is disabled since every HorizontalPodAutoscaler associated with the cluster becomes inactive. Since certain metrics can be unpredictable when Couchbase is rebalancing or upgrading, setting a stabilization period helps to prevent scaling recommendations from the HorizontalPodAutoscaler for a provided period of time. Values must be a valid Kubernetes duration of 0s or higher: https://golang.org/pkg/time/#ParseDuration A value of 0, puts the cluster in maintenance mode during rebalance but immediately exits this mode once the rebalance has completed. When undefined, the HPA is never put into maintenance mode during rebalance. -| cluster.backup | object | `{"annotations":null,"image":"couchbase/operator-backup:1.3.5","imagePullSecrets":{"name":null},"labels":null,"managed":true,"nodeSelector":null,"objectEndpoint":{"secret":null,"url":null,"useVirtualPath":false},"resources":{"limits":null,"requests":null},"s3Secret":null,"selector":{"matchExpressions":{"key":null,"operator":null,"values":null},"matchLabels":null},"serviceAccountName":"couchbase-backup","tolerations":{"effect":null,"key":null,"operator":null,"tolerationSeconds":null,"value":null},"useIAMRole":false}` | Backup defines whether the Operator should manage automated backups, and how to lookup backup resources. Refer to the documentation for supported values https://docs.couchbase.com/operator/current/howto-backup.html#enable-automated-backup +| cluster.backup | object | `{"annotations":null,"image":"couchbase/operator-backup:1.3.5","imagePullSecrets":{"name":null},"labels":null,"managed":true,"nodeSelector":null,"objectEndpoint":{"secret":null,"url":null,"useVirtualPath":false},"resources":{"claims":{"name":null},"limits":null,"requests":null},"s3Secret":null,"selector":{"matchExpressions":{"key":null,"operator":null,"values":null},"matchLabels":null},"serviceAccountName":"couchbase-backup","tolerations":{"effect":null,"key":null,"operator":null,"tolerationSeconds":null,"value":null},"useIAMRole":false}` | Backup defines whether the Operator should manage automated backups, and how to lookup backup resources. Refer to the documentation for supported values https://docs.couchbase.com/operator/current/howto-backup.html#enable-automated-backup | cluster.backup.annotations | string | `nil` | Annotations defines additional annotations to appear on the backup/restore pods. | cluster.backup.image | string | `"couchbase/operator-backup:1.3.5"` | The Backup Image to run on backup pods. | cluster.backup.imagePullSecrets | object | `{"name":null}` | ImagePullSecrets allow you to use an image from private repositories and non-dockerhub ones. @@ -61,9 +62,10 @@ | cluster.backup.objectEndpoint.secret | string | `nil` | The name of the secret, in this namespace, that contains the CA certificate for verification of a TLS endpoint The secret must have the key with the name "tls.crt" | cluster.backup.objectEndpoint.url | string | `nil` | The host/address of the custom object endpoint. | cluster.backup.objectEndpoint.useVirtualPath | bool | `false` | UseVirtualPath will force the AWS SDK to use the new virtual style paths which are often required by S3 compatible object stores. -| cluster.backup.resources | object | `{"limits":null,"requests":null}` | Resources is the resource requirements for the backup and restore containers. Will be populated by defaults if not specified. +| cluster.backup.resources | object | `{"claims":{"name":null},"limits":null,"requests":null}` | Resources is the resource requirements for the backup and restore containers. Will be populated by defaults if not specified. +| cluster.backup.resources.claims | object | `{"name":null}` | Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. | cluster.backup.resources.limits | string | `nil` | Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ -| cluster.backup.resources.requests | string | `nil` | Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +| cluster.backup.resources.requests | string | `nil` | Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | cluster.backup.s3Secret | string | `nil` | Deprecated: by CouchbaseBackup.spec.objectStore.secret S3Secret contains the key region and optionally access-key-id and secret-access-key for operating backups in S3. This field must be popluated when the `spec.s3bucket` field is specified for a backup or restore resource. | cluster.backup.selector | object | `{"matchExpressions":{"key":null,"operator":null,"values":null},"matchLabels":null}` | Selector allows CouchbaseBackup and CouchbaseBackupRestore resources to be filtered based on labels. | cluster.backup.selector.matchExpressions | object | `{"key":null,"operator":null,"values":null}` | matchExpressions is a list of label selector requirements. The requirements are ANDed. @@ -81,8 +83,8 @@ | cluster.buckets.selector | object | `{"matchExpressions":{"key":null,"operator":null,"values":null},"matchLabels":null}` | Selector is a label selector used to list buckets in the namespace that are managed by the Operator. | cluster.buckets.selector.matchExpressions | object | `{"key":null,"operator":null,"values":null}` | matchExpressions is a list of label selector requirements. The requirements are ANDed. | cluster.buckets.selector.matchLabels | string | `nil` | matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. -| cluster.buckets.synchronize | bool | `false` | Synchronize allows unmanaged buckets, scopes, and collections to be synchronized as Kubernetes resources by the Operator. This feature is intended for development only and should not be used for production workloads. The synchronization workflow starts with `spec.buckets.managed` being set to false, the user can manually create buckets, scopes, and collections using the Couchbase UI, or other tooling. When you wish to commit to Kubernetes resources, you must specify a unique label selector in the `spec.buckets.selector` field, and this field is set to true. The Operator will create Kubernetes resources for you, and upon completion set the cluster's `Synchronized` status condition. You may then safely set `spec.buckets.managed` to true and the Operator will manage these resources as per usual. To update an already managed data topology, you must first set it to unmanaged, make any changes, and delete any old resources, then follow the standard synchronization workflow. The Operator can not, and will not, ever delete, or make modifications to resource specifications that are intended to be user managed, or managed by a life cycle management tool. These actions must be instigated by an end user. For a more complete experience, refer to the documentation for the `cao save` and `cao restore` CLI commands. -| cluster.cluster | object | `{"analyticsServiceMemoryQuota":"1Gi","autoCompaction":{"databaseFragmentationThreshold":{"percent":30,"size":null},"parallelCompaction":false,"timeWindow":{"abortCompactionOutsideWindow":false,"end":null,"start":null},"tombstonePurgeInterval":"72h","viewFragmentationThreshold":{"percent":30,"size":null}},"autoFailoverMaxCount":1,"autoFailoverOnDataDiskIssues":false,"autoFailoverOnDataDiskIssuesTimePeriod":"120s","autoFailoverServerGroup":false,"autoFailoverTimeout":"120s","clusterName":null,"data":{"auxIOThreads":null,"nonIOThreads":null,"readerThreads":null,"writerThreads":null},"dataServiceMemoryQuota":"256Mi","eventingServiceMemoryQuota":"256Mi","indexServiceMemoryQuota":"256Mi","indexStorageSetting":"memory_optimized","indexer":{"logLevel":"info","maxRollbackPoints":2,"memorySnapshotInterval":"200ms","numReplica":0,"redistributeIndexes":false,"stableSnapshotInterval":"5s","storageMode":"memory_optimized","threads":null},"query":{"backfillEnabled":true,"temporarySpace":"5Gi","temporarySpaceUnlimited":false},"queryServiceMemoryQuota":null,"searchServiceMemoryQuota":"256Mi"}` | ClusterSettings define Couchbase cluster-wide settings such as memory allocation, failover characteristics and index settings. +| cluster.buckets.synchronize | bool | `false` | Synchronize allows unmanaged buckets, scopes, and collections to be synchronized as Kubernetes resources by the Operator. This feature is intended for development only and should not be used for production workloads. The synchronization workflow starts with `spec.buckets.managed` being set to false, the user can manually create buckets, scopes, and collections using the Couchbase UI, or other tooling. When you wish to commit to Kubernetes resources, you must specify a unique label selector in the `spec.buckets.selector` field, and this field is set to true. The Operator will create Kubernetes resources for you, and upon completion set the cluster's `Synchronized` status condition. Synchronizing will not create a Kubernetes resource for the Couchbase Server maintained _system scope. You may then safely set `spec.buckets.managed` to true and the Operator will manage these resources as per usual. To update an already managed data topology, you must first set it to unmanaged, make any changes, and delete any old resources, then follow the standard synchronization workflow. The Operator can not, and will not, ever delete, or make modifications to resource specifications that are intended to be user managed, or managed by a life cycle management tool. These actions must be instigated by an end user. For a more complete experience, refer to the documentation for the `cao save` and `cao restore` CLI commands. +| cluster.cluster | object | `{"analyticsServiceMemoryQuota":"1Gi","autoCompaction":{"databaseFragmentationThreshold":{"percent":30,"size":null},"parallelCompaction":false,"timeWindow":{"abortCompactionOutsideWindow":false,"end":null,"start":null},"tombstonePurgeInterval":"72h","viewFragmentationThreshold":{"percent":30,"size":null}},"autoFailoverMaxCount":1,"autoFailoverOnDataDiskIssues":false,"autoFailoverOnDataDiskIssuesTimePeriod":"120s","autoFailoverServerGroup":false,"autoFailoverTimeout":"120s","clusterName":null,"data":{"auxIOThreads":null,"minReplicasCount":0,"nonIOThreads":null,"readerThreads":null,"writerThreads":null},"dataServiceMemoryQuota":"256Mi","eventingServiceMemoryQuota":"256Mi","indexServiceMemoryQuota":"256Mi","indexStorageSetting":"memory_optimized","indexer":{"enableShardAffinity":false,"logLevel":"info","maxRollbackPoints":2,"memorySnapshotInterval":"200ms","numReplica":0,"redistributeIndexes":false,"stableSnapshotInterval":"5s","storageMode":"memory_optimized","threads":null},"query":{"backfillEnabled":true,"cboEnabled":true,"cleanupClientAttemptsEnabled":true,"cleanupLostAttemptsEnabled":true,"cleanupWindow":"60s","completedLimit":4000,"completedMaxPlanSize":"262144","completedTrackingAllRequests":false,"completedTrackingEnabled":true,"completedTrackingThreshold":"7s","logLevel":"info","maxParallelism":1,"memoryQuota":"0","nodeQuota":null,"nodeQuotaValPercent":67,"numActiveTransactionRecords":1024,"numCpus":0,"pipelineBatch":16,"pipelineCap":512,"preparedLimit":16384,"scanCap":512,"temporarySpace":"5Gi","temporarySpaceUnlimited":false,"timeout":null,"txTimeout":"0ms","useReplica":false},"queryServiceMemoryQuota":null,"searchServiceMemoryQuota":"256Mi"}` | ClusterSettings define Couchbase cluster-wide settings such as memory allocation, failover characteristics and index settings. | cluster.cluster.analyticsServiceMemoryQuota | string | `"1Gi"` | AnalyticsServiceMemQuota is the amount of memory that should be allocated to the analytics service. This value is per-pod, and only applicable to pods belonging to server classes running the analytics service. This field must be a quantity greater than or equal to 1Gi. This field defaults to 1Gi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes | cluster.cluster.autoCompaction | object | `{"databaseFragmentationThreshold":{"percent":30,"size":null},"parallelCompaction":false,"timeWindow":{"abortCompactionOutsideWindow":false,"end":null,"start":null},"tombstonePurgeInterval":"72h","viewFragmentationThreshold":{"percent":30,"size":null}}` | AutoCompaction allows the configuration of auto-compaction, including on what conditions disk space is reclaimed and when it is allowed to run. | cluster.cluster.autoCompaction.databaseFragmentationThreshold | object | `{"percent":30,"size":null}` | DatabaseFragmentationThreshold defines triggers for when database compaction should start. @@ -96,16 +98,18 @@ | cluster.cluster.autoFailoverServerGroup | bool | `false` | AutoFailoverServerGroup whether to enable failing over a server group. This field is ignored in server versions 7.1+ as it has been removed from the Couchbase API | cluster.cluster.autoFailoverTimeout | string | `"120s"` | AutoFailoverTimeout defines how long Couchbase server will wait between a pod being witnessed as down, until when it will failover the pod. Couchbase server will only failover pods if it deems it safe to do so, and not result in data loss. This field must be in the range 5-3600s, defaulting to 120s. More info: https://golang.org/pkg/time/#ParseDuration | cluster.cluster.clusterName | string | `nil` | ClusterName defines the name of the cluster, as displayed in the Couchbase UI. By default, the cluster name is that specified in the CouchbaseCluster resource's metadata. -| cluster.cluster.data | object | `{"auxIOThreads":null,"nonIOThreads":null,"readerThreads":null,"writerThreads":null}` | Data allows the data service to be configured. -| cluster.cluster.data.auxIOThreads | string | `nil` | AuxIOThreads allows the number of threads used by the data service, per pod, to be altered. This indicates the number of threads that are to be used in the AuxIO thread pool to run auxiliary I/O tasks. This value must be between 4 and 64 threads, and should only be increased where there are sufficient CPU resources allocated for their use. If not specified, this defaults to the default value set by Couchbase Server. -| cluster.cluster.data.nonIOThreads | string | `nil` | NonIOThreads allows the number of threads used by the data service, per pod, to be altered. This indicates the number of threads that are to be used in the NonIO thread pool to run in memory tasks. This value must be between 4 and 64 threads, and should only be increased where there are sufficient CPU resources allocated for their use. If not specified, this defaults to the default value set by Couchbase Server. -| cluster.cluster.data.readerThreads | string | `nil` | ReaderThreads allows the number of threads used by the data service, per pod, to be altered. This value must be between 4 and 64 threads, and should only be increased where there are sufficient CPU resources allocated for their use. If not specified, this defaults to the default value set by Couchbase Server. -| cluster.cluster.data.writerThreads | string | `nil` | WriterThreads allows the number of threads used by the data service, per pod, to be altered. This setting is especially relevant when using "durable writes", increasing this field will have a large impact on performance. This value must be between 4 and 64 threads, and should only be increased where there are sufficient CPU resources allocated for their use. If not specified, this defaults to the default value set by Couchbase Server. +| cluster.cluster.data | object | `{"auxIOThreads":null,"minReplicasCount":0,"nonIOThreads":null,"readerThreads":null,"writerThreads":null}` | Data allows the data service to be configured. +| cluster.cluster.data.auxIOThreads | string | `nil` | AuxIOThreads allows the number of threads used by the data service, per pod, to be altered. This indicates the number of threads that are to be used in the AuxIO thread pool to run auxiliary I/O tasks. This value must be between 1 and 64 threads and is only supported on CB versions 7.1.0+. and should only be increased where there are sufficient CPU resources allocated for their use. If not specified, this defaults to the default value set by Couchbase Server. +| cluster.cluster.data.minReplicasCount | int | `0` | MinReplicasCount allows the minimum number of replicas required for buckets to be set. New buckets cannot be created with less than this minimum. Defaults to 0. +| cluster.cluster.data.nonIOThreads | string | `nil` | NonIOThreads allows the number of threads used by the data service, per pod, to be altered. This indicates the number of threads that are to be used in the NonIO thread pool to run in memory tasks. This value must be between 1 and 64 threads and is only supported on CB versions 7.1.0+. and should only be increased where there are sufficient CPU resources allocated for their use. If not specified, this defaults to the default value set by Couchbase Server. +| cluster.cluster.data.readerThreads | string | `nil` | ReaderThreads allows the number of threads used by the data service, per pod, to be altered. This value must be between 4 and 64 threads for CB versions below 7.1.0 and, or 1 and 64 for CB versions 7.1.0+. and should only be increased where there are sufficient CPU resources allocated for their use. If not specified, this defaults to the default value set by Couchbase Server. +| cluster.cluster.data.writerThreads | string | `nil` | WriterThreads allows the number of threads used by the data service, per pod, to be altered. This setting is especially relevant when using "durable writes", increasing this field will have a large impact on performance. This value must be between 4 and 64 threads for CB versions below 7.1.0 and, // or 1 and 64 for CB versions 7.1.0+. and should only be increased where there are sufficient CPU resources allocated for their use. If not specified, this defaults to the default value set by Couchbase Server. | cluster.cluster.dataServiceMemoryQuota | string | `"256Mi"` | DataServiceMemQuota is the amount of memory that should be allocated to the data service. This value is per-pod, and only applicable to pods belonging to server classes running the data service. This field must be a quantity greater than or equal to 256Mi. This field defaults to 256Mi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes | cluster.cluster.eventingServiceMemoryQuota | string | `"256Mi"` | EventingServiceMemQuota is the amount of memory that should be allocated to the eventing service. This value is per-pod, and only applicable to pods belonging to server classes running the eventing service. This field must be a quantity greater than or equal to 256Mi. This field defaults to 256Mi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes | cluster.cluster.indexServiceMemoryQuota | string | `"256Mi"` | IndexServiceMemQuota is the amount of memory that should be allocated to the index service. This value is per-pod, and only applicable to pods belonging to server classes running the index service. This field must be a quantity greater than or equal to 256Mi. This field defaults to 256Mi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes | cluster.cluster.indexStorageSetting | string | `"memory_optimized"` | DEPRECATED - by indexer. The index storage mode to use for secondary indexing. This field must be one of "memory_optimized" or "plasma", defaulting to "memory_optimized". This field is immutable and cannot be changed unless there are no server classes running the index service in the cluster. -| cluster.cluster.indexer | object | `{"logLevel":"info","maxRollbackPoints":2,"memorySnapshotInterval":"200ms","numReplica":0,"redistributeIndexes":false,"stableSnapshotInterval":"5s","storageMode":"memory_optimized","threads":null}` | Indexer allows the indexer to be configured. +| cluster.cluster.indexer | object | `{"enableShardAffinity":false,"logLevel":"info","maxRollbackPoints":2,"memorySnapshotInterval":"200ms","numReplica":0,"redistributeIndexes":false,"stableSnapshotInterval":"5s","storageMode":"memory_optimized","threads":null}` | Indexer allows the indexer to be configured. +| cluster.cluster.indexer.enableShardAffinity | bool | `false` | EnableShardAffinity when false Index Servers rebuild any index that are newly assigned to them during a rebalance. When set to true, Couchbase Server moves a reassigned index’s files between Index Servers. This field is only supported on CB versions 7.6.0+. | cluster.cluster.indexer.logLevel | string | `"info"` | LogLevel controls the verbosity of indexer logs. This field must be one of "silent", "fatal", "error", "warn", "info", "verbose", "timing", "debug" or "trace", defaulting to "info". | cluster.cluster.indexer.maxRollbackPoints | int | `2` | MaxRollbackPoints controls the number of checkpoints that can be rolled back to. The default is 2, with a minimum of 1. | cluster.cluster.indexer.memorySnapshotInterval | string | `"200ms"` | MemorySnapshotInterval controls when memory indexes should be snapshotted. This defaults to 200ms, and must be greater than or equal to 1ms. @@ -114,10 +118,33 @@ | cluster.cluster.indexer.stableSnapshotInterval | string | `"5s"` | StableSnapshotInterval controls when disk indexes should be snapshotted. This defaults to 5s, and must be greater than or equal to 1ms. | cluster.cluster.indexer.storageMode | string | `"memory_optimized"` | StorageMode controls the underlying storage engine for indexes. Once set it can only be modified if there are no nodes in the cluster running the index service. The field must be one of "memory_optimized" or "plasma", defaulting to "memory_optimized". | cluster.cluster.indexer.threads | string | `nil` | Threads controls the number of processor threads to use for indexing. A value of 0 means 1 per CPU. This attribute must be greater than or equal to 0, defaulting to 0. -| cluster.cluster.query | object | `{"backfillEnabled":true,"temporarySpace":"5Gi","temporarySpaceUnlimited":false}` | Query allows the query service to be configured. +| cluster.cluster.query | object | `{"backfillEnabled":true,"cboEnabled":true,"cleanupClientAttemptsEnabled":true,"cleanupLostAttemptsEnabled":true,"cleanupWindow":"60s","completedLimit":4000,"completedMaxPlanSize":"262144","completedTrackingAllRequests":false,"completedTrackingEnabled":true,"completedTrackingThreshold":"7s","logLevel":"info","maxParallelism":1,"memoryQuota":"0","nodeQuota":null,"nodeQuotaValPercent":67,"numActiveTransactionRecords":1024,"numCpus":0,"pipelineBatch":16,"pipelineCap":512,"preparedLimit":16384,"scanCap":512,"temporarySpace":"5Gi","temporarySpaceUnlimited":false,"timeout":null,"txTimeout":"0ms","useReplica":false}` | Query allows the query service to be configured. | cluster.cluster.query.backfillEnabled | bool | `true` | BackfillEnabled allows the query service to backfill. +| cluster.cluster.query.cboEnabled | bool | `true` | CBOEnabled specifies whether the cost-based optimizer is enabled. Defaults to true. +| cluster.cluster.query.cleanupClientAttemptsEnabled | bool | `true` | CleanupClientAttemptsEnabled specifies whether the Query service preferentially aims to clean up just transactions that it has created, leaving transactions for the distributed cleanup process only when it is forced to. Defaults to true. +| cluster.cluster.query.cleanupLostAttemptsEnabled | bool | `true` | CleanupLostAttemptsEnabled specifies the Query service takes part in the distributed cleanup process, and cleans up expired transactions created by any client. Defaults to true. +| cluster.cluster.query.cleanupWindow | string | `"60s"` | CleanupWindow specifies how frequently the Query service checks its subset of active transaction records for cleanup. Defaults to 60s +| cluster.cluster.query.completedLimit | int | `4000` | CompletedLimit sets the number of requests to be logged in the completed requests catalog. As new completed requests are added, old ones are removed. +| cluster.cluster.query.completedMaxPlanSize | string | `"262144"` | CompletedMaxPlanSize limits the size of query execution plans that can be logged in the completed requests catalog. Queries with plans larger than this are not logged. This field is only supported on CB versions 7.6.0+. Defaults to 262144, maximum value is 20840448, and minimum value is 0. +| cluster.cluster.query.completedTrackingAllRequests | bool | `false` | CompletedTrackingAllRequests allows all requests to be tracked regardless of their time. This field requires `completedTrackingEnabled` to be true. +| cluster.cluster.query.completedTrackingEnabled | bool | `true` | CompletedTrackingEnabled allows completed requests to be tracked in the requests catalog. +| cluster.cluster.query.completedTrackingThreshold | string | `"7s"` | CompletedThreshold is a trigger for queries to be logged in the completed requests catalog. All completed queries lasting longer than this threshold are logged in the completed requests catalog. This field requires `completedTrackingEnabled` to be set to true and `completedTrackingAllRequests` to be false to have any effect. +| cluster.cluster.query.logLevel | string | `"info"` | LogLevel controls the verbosity of query logs. This field must be one of "debug", "trace", "info", "warn", "error", "severe", or "none", defaulting to "info". +| cluster.cluster.query.maxParallelism | int | `1` | MaxParallelism specifies the maximum parallelism for queries on all Query nodes in the cluster. If the value is zero, negative, or larger than the number of allowed cored the maximum parallelism is restricted to the number of allowed cores. Defaults to 1. +| cluster.cluster.query.memoryQuota | string | `"0"` | MemoryQuota specifies the maximum amount of memory a request may use on any Query node in the cluster. This parameter enforces a ceiling on the memory used for the tracked documents required for processing a request. It does not take into account any other memory that might be used to process a request, such as the stack, the operators, or some intermediate values. Defaults to 0. +| cluster.cluster.query.nodeQuota | string | `nil` | NodeQuota sets a soft memory limit for every Query node in the cluster. The garbage collector tries to keep below this target. It is not a hard, absolute limit, and memory usage may exceed this value. This field is only supported on CB versions 7.6.0+. +| cluster.cluster.query.nodeQuotaValPercent | int | `67` | NodeQuotaValPercent sets the percentage of the `useReplica` that is dedicated to tracked value content memory across all active requests for every Query node in the cluster. This field is only supported on CB versions 7.6.0+. Defaults to 67. +| cluster.cluster.query.numActiveTransactionRecords | int | `1024` | NumActiveTransactionRecords specifies the total number of active transaction records for all Query nodes in the cluster. Default to 1024 and has a minimum of 1. +| cluster.cluster.query.numCpus | int | `0` | NumCpus is the number of CPUs the Query service can use on any Query node in the cluster. When set to 0 (the default), the Query service can use all available CPUs, up to the limits described below. The number of CPUs can never be greater than the number of logical CPUs. In Community Edition, the number of allowed CPUs cannot be greater than 4. In Enterprise Edition, there is no limit to the number of allowed CPUs. This field is only supported on CB versions 7.6.0+. NOTE: This change requires a restart of the Query service to take effect which can be done by rescheduling nodes that are running the query service. Defaults to 0 +| cluster.cluster.query.pipelineBatch | int | `16` | PipelineBatch controls the number of items execution operators can batch for Fetch from the KV. Defaults to 16. +| cluster.cluster.query.pipelineCap | int | `512` | PipelineCap controls the maximum number of items each execution operator can buffer between various operators. Defaults to 512. +| cluster.cluster.query.preparedLimit | int | `16384` | PreparedLimit is the maximum number of prepared statements in the cache. When this cache reaches the limit, the least recently used prepared statements will be discarded as new prepared statements are created. +| cluster.cluster.query.scanCap | int | `512` | ScapCan sets the maximum buffered channel size between the indexer client and the query service for index scans. Defaults to 512. | cluster.cluster.query.temporarySpace | string | `"5Gi"` | TemporarySpace allows the temporary storage used by the query service backfill, per-pod, to be modified. This field requires `backfillEnabled` to be set to true in order to have any effect. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes | cluster.cluster.query.temporarySpaceUnlimited | bool | `false` | TemporarySpaceUnlimited allows the temporary storage used by the query service backfill, per-pod, to be unconstrained. This field requires `backfillEnabled` to be set to true in order to have any effect. This field overrides `temporarySpace`. +| cluster.cluster.query.timeout | string | `nil` | Timeout is the maximum time to spend on the request before timing out. If this field is not set then there will be no timeout. +| cluster.cluster.query.txTimeout | string | `"0ms"` | TxTimeout is the maximum time to spend on a transaction before timing out. This setting only applies to requests containing the BEGIN TRANSACTION statement, or to requests where the tximplicit parameter is set. For all other requests, it is ignored. Defaults to 0ms (no timeout). +| cluster.cluster.query.useReplica | bool | `false` | UseReplica specifies whether a query can fetch data from a replica vBucket if active vBuckets are inaccessible. If set to true then read from replica is enabled for all queries, but can be disabled at request level. If set to false read from replica is disabled for all queries and cannot be overridden at request level. If this field is unset then it is enabled/disabled at the request level. This field is only supported on CB versions 7.6.0+. | cluster.cluster.queryServiceMemoryQuota | string | `nil` | QueryServiceMemQuota is a dummy field. By default, Couchbase server provides no memory resource constraints for the query service, so this has no effect on Couchbase server. It is, however, used when the spec.autoResourceAllocation feature is enabled, and is used to define the amount of memory reserved by the query service for use with Kubernetes resource scheduling. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes | cluster.cluster.searchServiceMemoryQuota | string | `"256Mi"` | SearchServiceMemQuota is the amount of memory that should be allocated to the search service. This value is per-pod, and only applicable to pods belonging to server classes running the search service. This field must be a quantity greater than or equal to 256Mi. This field defaults to 256Mi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes | cluster.enableOnlineVolumeExpansion | bool | `false` | EnableOnlineVolumeExpansion enables online expansion of Persistent Volumes. You can only expand a PVC if its storage class's "allowVolumeExpansion" field is set to true. Additionally, Kubernetes feature "ExpandInUsePersistentVolumes" must be enabled in order to expand the volumes which are actively bound to Pods. Volumes can only be expanded and not reduced to a smaller size. See: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#resizing-an- in-use-persistentvolumeclaim If "EnableOnlineVolumeExpansion" is enabled for use within an environment that does not actually support online volume and file system expansion then the cluster will fallback to rolling upgrade procedure to create a new set of Pods for use with resized Volumes. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#expanding-persistent-volumes-claims @@ -125,38 +152,40 @@ | cluster.envImagePrecedence | bool | `false` | EnvImagePrecedence gives precedence over the default container image name in `spec.Image` to an image name provided through Operator environment variables. For more info on using Operator environment variables: https://docs.couchbase.com/operator/current/reference-operator-configuration.html | cluster.hibernate | bool | `false` | Hibernate is whether to hibernate the cluster. | cluster.hibernationStrategy | string | `nil` | HibernationStrategy defines how to hibernate the cluster. When Immediate the Operator will immediately delete all pods and take no further action until the hibernate field is set to false. -| cluster.image | string | `"couchbase/server:7.2.0"` | Image is the container image name that will be used to launch Couchbase server instances. Updating this field will cause an automatic upgrade of the cluster. -| cluster.logging | object | `{"audit":{"disabledEvents":null,"disabledUsers":null,"enabled":false,"garbageCollection":{"sidecar":{"age":"1h","enabled":false,"image":"busybox:1.33.1","interval":"20m","resources":{"limits":null,"requests":null}}},"rotation":{"interval":"15m","size":"20Mi"}},"logRetentionCount":null,"logRetentionTime":null,"server":{"configurationName":"fluent-bit-config","enabled":false,"manageConfiguration":true,"sidecar":{"configurationMountPath":"/fluent-bit/config/","image":"couchbase/fluent-bit:1.2.1","resources":{"limits":null,"requests":null}}}}` | Logging defines Operator logging options. -| cluster.logging.audit | object | `{"disabledEvents":null,"disabledUsers":null,"enabled":false,"garbageCollection":{"sidecar":{"age":"1h","enabled":false,"image":"busybox:1.33.1","interval":"20m","resources":{"limits":null,"requests":null}}},"rotation":{"interval":"15m","size":"20Mi"}}` | Used to manage the audit configuration directly +| cluster.image | string | `"couchbase/server:7.2.0"` | Image is the container image name that will be used to launch Couchbase server instances. Updating this field will cause an automatic upgrade of the cluster. Explicitly specifying the image for a server class will override this value for the server class. +| cluster.logging | object | `{"audit":{"disabledEvents":null,"disabledUsers":null,"enabled":false,"garbageCollection":{"sidecar":{"age":"1h","enabled":false,"image":"busybox:1.33.1","interval":"20m","resources":{"claims":{"name":null},"limits":null,"requests":null}}},"rotation":{"interval":"15m","pruneAge":"0","size":"20Mi"}},"logRetentionCount":null,"logRetentionTime":null,"server":{"configurationName":"fluent-bit-config","enabled":false,"manageConfiguration":true,"sidecar":{"configurationMountPath":"/fluent-bit/config/","image":"couchbase/fluent-bit:1.2.1","resources":{"claims":{"name":null},"limits":null,"requests":null}}}}` | Logging defines Operator logging options. +| cluster.logging.audit | object | `{"disabledEvents":null,"disabledUsers":null,"enabled":false,"garbageCollection":{"sidecar":{"age":"1h","enabled":false,"image":"busybox:1.33.1","interval":"20m","resources":{"claims":{"name":null},"limits":null,"requests":null}}},"rotation":{"interval":"15m","pruneAge":"0","size":"20Mi"}}` | Used to manage the audit configuration directly | cluster.logging.audit.disabledEvents | string | `nil` | The list of event ids to disable for auditing purposes. This is passed to the REST API with no verification by the operator. Refer to the documentation for details: https://docs.couchbase.com/server/current/audit-event-reference/audit-event-reference.html | cluster.logging.audit.disabledUsers | string | `nil` | The list of users to ignore for auditing purposes. This is passed to the REST API with minimal validation it meets an acceptable regex pattern. Refer to the documentation for full details on how to configure this: https://docs.couchbase.com/server/current/manage/manage-security/manage-auditing.html#ignoring-events-by-user | cluster.logging.audit.enabled | bool | `false` | Enabled is a boolean that enables the audit capabilities. -| cluster.logging.audit.garbageCollection | object | `{"sidecar":{"age":"1h","enabled":false,"image":"busybox:1.33.1","interval":"20m","resources":{"limits":null,"requests":null}}}` | Handle all optional garbage collection (GC) configuration for the audit functionality. This is not part of the audit REST API, it is intended to handle GC automatically for the audit logs. By default the Couchbase Server rotates the audit logs but does not clean up the rotated logs. This is left as an operation for the cluster administrator to manage, the operator allows for us to automate this: https://docs.couchbase.com/server/current/manage/manage-security/manage-auditing.html -| cluster.logging.audit.rotation | object | `{"interval":"15m","size":"20Mi"}` | The interval to optionally rotate the audit log. This is passed to the REST API, see here for details: https://docs.couchbase.com/server/current/manage/manage-security/manage-auditing.html +| cluster.logging.audit.garbageCollection | object | `{"sidecar":{"age":"1h","enabled":false,"image":"busybox:1.33.1","interval":"20m","resources":{"claims":{"name":null},"limits":null,"requests":null}}}` | Handle all optional garbage collection (GC) configuration for the audit functionality. This is not part of the audit REST API, it is intended to handle GC automatically for the audit logs. By default the Couchbase Server rotates the audit logs but does not clean up the rotated logs. This is left as an operation for the cluster administrator to manage, the operator allows for us to automate this: https://docs.couchbase.com/server/current/manage/manage-security/manage-auditing.html +| cluster.logging.audit.rotation | object | `{"interval":"15m","pruneAge":"0","size":"20Mi"}` | The interval to optionally rotate the audit log. This is passed to the REST API, see here for details: https://docs.couchbase.com/server/current/manage/manage-security/manage-auditing.html | cluster.logging.logRetentionCount | string | `nil` | LogRetentionCount gives the number of persistent log PVCs to keep. | cluster.logging.logRetentionTime | string | `nil` | LogRetentionTime gives the time to keep persistent log PVCs alive for. -| cluster.logging.server | object | `{"configurationName":"fluent-bit-config","enabled":false,"manageConfiguration":true,"sidecar":{"configurationMountPath":"/fluent-bit/config/","image":"couchbase/fluent-bit:1.2.1","resources":{"limits":null,"requests":null}}}` | Specification of all logging configuration required to manage the sidecar containers in each pod. +| cluster.logging.server | object | `{"configurationName":"fluent-bit-config","enabled":false,"manageConfiguration":true,"sidecar":{"configurationMountPath":"/fluent-bit/config/","image":"couchbase/fluent-bit:1.2.1","resources":{"claims":{"name":null},"limits":null,"requests":null}}}` | Specification of all logging configuration required to manage the sidecar containers in each pod. | cluster.logging.server.configurationName | string | `"fluent-bit-config"` | ConfigurationName is the name of the Secret to use holding the logging configuration in the namespace. A Secret is used to ensure we can safely store credentials but this can be populated from plaintext if acceptable too. If it does not exist then one will be created with defaults in the namespace so it can be easily updated whilst running. Note that if running multiple clusters in the same kubernetes namespace then you should use a separate Secret for each, otherwise the first cluster will take ownership (if created) and the Secret will be cleaned up when that cluster is removed. If running clusters in separate namespaces then they will be separate Secrets anyway. | cluster.logging.server.enabled | bool | `false` | Enabled is a boolean that enables the logging sidecar container. | cluster.logging.server.manageConfiguration | bool | `true` | A boolean which indicates whether the operator should manage the configuration or not. If omitted then this defaults to true which means the operator will attempt to reconcile it to default values. To use a custom configuration make sure to set this to false. Note that the ownership of any Secret is not changed so if a Secret is created externally it can be updated by the operator but it's ownership stays the same so it will be cleaned up when it's owner is. -| cluster.logging.server.sidecar | object | `{"configurationMountPath":"/fluent-bit/config/","image":"couchbase/fluent-bit:1.2.1","resources":{"limits":null,"requests":null}}` | Any specific logging sidecar container configuration. -| cluster.monitoring | object | `{}` | Monitoring defines any Operator managed integration into 3rd party monitoring infrastructure. +| cluster.logging.server.sidecar | object | `{"configurationMountPath":"/fluent-bit/config/","image":"couchbase/fluent-bit:1.2.1","resources":{"claims":{"name":null},"limits":null,"requests":null}}` | Any specific logging sidecar container configuration. +| cluster.monitoring | object | `{}` | DEPRECATED - By Couchbase Server metrics endpoint on version 7.0+ Monitoring defines any Operator managed integration into 3rd party monitoring infrastructure. | cluster.name | string | `nil` | Name of the cluster, defaults to name of chart release -| cluster.networking | object | `{"addressFamily":null,"adminConsoleServiceTemplate":{"metadata":{"annotations":null,"labels":null},"spec":{"clusterIP":null,"clusterIPs":null,"externalIPs":null,"externalName":null,"externalTrafficPolicy":null,"healthCheckNodePort":null,"internalTrafficPolicy":null,"ipFamilies":null,"ipFamilyPolicy":null,"loadBalancerClass":null,"loadBalancerIP":null,"loadBalancerSourceRanges":null,"sessionAffinity":null,"sessionAffinityConfig":{"clientIP":{"timeoutSeconds":null}},"type":"NodePort"}},"adminConsoleServices":["data"],"cloudNativeGateway":{"image":null,"tls":{"serverSecretName":null}},"disableUIOverHTTP":false,"disableUIOverHTTPS":false,"dns":{"domain":null},"exposeAdminConsole":true,"exposedFeatureServiceTemplate":{"metadata":{"annotations":null,"labels":null},"spec":{"clusterIP":null,"clusterIPs":null,"externalIPs":null,"externalName":null,"externalTrafficPolicy":null,"healthCheckNodePort":null,"internalTrafficPolicy":null,"ipFamilies":null,"ipFamilyPolicy":null,"loadBalancerClass":null,"loadBalancerIP":null,"loadBalancerSourceRanges":null,"sessionAffinity":null,"sessionAffinityConfig":{"clientIP":{"timeoutSeconds":null}},"type":"NodePort"}},"exposedFeatureTrafficPolicy":null,"exposedFeatures":["client","xdcr"],"loadBalancerSourceRanges":null,"networkPlatform":null,"serviceAnnotations":null,"waitForAddressReachable":"10m","waitForAddressReachableDelay":"2m"}` | Networking defines Couchbase cluster networking options such as network topology, TLS and DDNS settings. +| cluster.networking | object | `{"addressFamily":null,"adminConsoleServiceTemplate":{"metadata":{"annotations":null,"labels":null},"spec":{"clusterIP":null,"clusterIPs":null,"externalIPs":null,"externalName":null,"externalTrafficPolicy":null,"healthCheckNodePort":null,"internalTrafficPolicy":null,"ipFamilies":null,"ipFamilyPolicy":null,"loadBalancerClass":null,"loadBalancerIP":null,"loadBalancerSourceRanges":null,"sessionAffinity":null,"sessionAffinityConfig":{"clientIP":{"timeoutSeconds":null}},"type":"NodePort"}},"adminConsoleServices":["data"],"cloudNativeGateway":{"image":null,"logLevel":"info","terminationGracePeriodSeconds":75,"tls":{"serverSecretName":null}},"disableUIOverHTTP":false,"disableUIOverHTTPS":false,"dns":{"domain":null},"exposeAdminConsole":true,"exposedFeatureServiceTemplate":{"metadata":{"annotations":null,"labels":null},"spec":{"clusterIP":null,"clusterIPs":null,"externalIPs":null,"externalName":null,"externalTrafficPolicy":null,"healthCheckNodePort":null,"internalTrafficPolicy":null,"ipFamilies":null,"ipFamilyPolicy":null,"loadBalancerClass":null,"loadBalancerIP":null,"loadBalancerSourceRanges":null,"sessionAffinity":null,"sessionAffinityConfig":{"clientIP":{"timeoutSeconds":null}},"type":"NodePort"}},"exposedFeatureTrafficPolicy":null,"exposedFeatures":["client","xdcr"],"loadBalancerSourceRanges":null,"networkPlatform":null,"serviceAnnotations":null,"waitForAddressReachable":"10m","waitForAddressReachableDelay":"2m"}` | Networking defines Couchbase cluster networking options such as network topology, TLS and DDNS settings. | cluster.networking.addressFamily | string | `nil` | AddressFamily allows the manual selection of the address family to use. When this field is not set, Couchbase server will default to using IPv4 for internal communication and also support IPv6 on dual stack systems. Setting this field to either IPv4 or IPv6 will force Couchbase to use the selected protocol for internal communication, and also disable all other protocols to provide added security and simplicty when defining firewall rules. Disabling of address families is only supported in Couchbase Server 7.0.2+. -| cluster.networking.adminConsoleServiceTemplate | object | `{"metadata":{"annotations":null,"labels":null},"spec":{"clusterIP":null,"clusterIPs":null,"externalIPs":null,"externalName":null,"externalTrafficPolicy":null,"healthCheckNodePort":null,"internalTrafficPolicy":null,"ipFamilies":null,"ipFamilyPolicy":null,"loadBalancerClass":null,"loadBalancerIP":null,"loadBalancerSourceRanges":null,"sessionAffinity":null,"sessionAffinityConfig":{"clientIP":{"timeoutSeconds":null}},"type":"NodePort"}}` | AdminConsoleServiceTemplate provides a template used by the Operator to create and manage the admin console service. This allows services to be annotated, the service type defined and any other options that Kubernetes provides. When using a LoadBalancer service type, TLS and dynamic DNS must also be enabled. The Operator reserves the right to modify or replace any field. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#service-v1-core +| cluster.networking.adminConsoleServiceTemplate | object | `{"metadata":{"annotations":null,"labels":null},"spec":{"clusterIP":null,"clusterIPs":null,"externalIPs":null,"externalName":null,"externalTrafficPolicy":null,"healthCheckNodePort":null,"internalTrafficPolicy":null,"ipFamilies":null,"ipFamilyPolicy":null,"loadBalancerClass":null,"loadBalancerIP":null,"loadBalancerSourceRanges":null,"sessionAffinity":null,"sessionAffinityConfig":{"clientIP":{"timeoutSeconds":null}},"type":"NodePort"}}` | AdminConsoleServiceTemplate provides a template used by the Operator to create and manage the admin console service. This allows services to be annotated, the service type defined and any other options that Kubernetes provides. When using a LoadBalancer service type, TLS and dynamic DNS must also be enabled. The Operator reserves the right to modify or replace any field. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#service-v1-core | cluster.networking.adminConsoleServiceTemplate.metadata | object | `{"annotations":null,"labels":null}` | Standard objects metadata. This is a curated version for use with Couchbase resource templates. | cluster.networking.adminConsoleServiceTemplate.spec | object | `{"clusterIP":null,"clusterIPs":null,"externalIPs":null,"externalName":null,"externalTrafficPolicy":null,"healthCheckNodePort":null,"internalTrafficPolicy":null,"ipFamilies":null,"ipFamilyPolicy":null,"loadBalancerClass":null,"loadBalancerIP":null,"loadBalancerSourceRanges":null,"sessionAffinity":null,"sessionAffinityConfig":{"clientIP":{"timeoutSeconds":null}},"type":"NodePort"}` | ServiceSpec describes the attributes that a user creates on a service. | cluster.networking.adminConsoleServices | list | `["data"]` | DEPRECATED - not required by Couchbase Server. AdminConsoleServices is a selector to choose specific services to expose via the admin console. This field may contain any of "data", "index", "query", "search", "eventing" and "analytics". Each service may only be included once. -| cluster.networking.cloudNativeGateway | object | `{"image":null,"tls":{"serverSecretName":null}}` | DEVELOPER PREVIEW - This feature is in developer preview. CloudNativeGateway is used to provision a gRPC gateway proxying a Couchbase cluster. -| cluster.networking.cloudNativeGateway.image | string | `nil` | DEVELOPER PREVIEW - This feature is in developer preview. Image is the Cloud Native Gateway image to be used to run the sidecar container. No validation is carried out as this can be any arbitrary repo and tag. TODO: provide a default kubebuilder default image tag as field is mandatory. -| cluster.networking.cloudNativeGateway.tls | object | `{"serverSecretName":null}` | DEVELOPER PREVIEW - This feature is in developer preview. TLS defines the TLS configuration for the Cloud Native Gateway server including server and client certificate configuration, and TLS security policies. +| cluster.networking.cloudNativeGateway | object | `{"image":null,"logLevel":"info","terminationGracePeriodSeconds":75,"tls":{"serverSecretName":null}}` | CloudNativeGateway is used to provision a gRPC gateway proxying a Couchbase cluster. +| cluster.networking.cloudNativeGateway.image | string | `nil` | Image is the Cloud Native Gateway image to be used to run the sidecar container. No validation is carried out as this can be any arbitrary repo and tag. TODO: provide a default kubebuilder default image tag as field is mandatory. +| cluster.networking.cloudNativeGateway.logLevel | string | `"info"` | DEVELOPER PREVIEW - This feature is in developer preview. LogLevel controls the verbosity of cloud native logs. This field must be one of "fatal", "panic", "dpanic", "error", "warn", "info", "debug" defaulting to "info". +| cluster.networking.cloudNativeGateway.terminationGracePeriodSeconds | int | `75` | TerminationGracePeriodSeconds specifies the grace period for the container to terminate. Defaults to 75 seconds. +| cluster.networking.cloudNativeGateway.tls | object | `{"serverSecretName":null}` | TLS defines the TLS configuration for the Cloud Native Gateway server including server and client certificate configuration, and TLS security policies. If no TLS config are explicitly provided, the operator generates/manages self-signed certs/keys and creates a k8s secret named `couchbase-cloud-native-gateway-self-signed-secret-` unique to a Couchbase cluster, which is volume mounted to the cb k8s pod. This action could be overidden at the outset or later, by using the below TLS config or generating the secret of same name as `couchbase- cloud-native-gateway-self-signed-secret-` with certificates conforming to the keys of well-known type "kubernetes.io/tls" with "tls.crt" and "tls.key". N.B. The secret is on per cluster basis so it's advised to use the unique cluster name else would be ignored. | cluster.networking.disableUIOverHTTP | bool | `false` | DisableUIOverHTTP is used to explicitly enable and disable UI access over the HTTP protocol. If not specified, this field defaults to false. | cluster.networking.disableUIOverHTTPS | bool | `false` | DisableUIOverHTTPS is used to explicitly enable and disable UI access over the HTTPS protocol. If not specified, this field defaults to false. | cluster.networking.dns | object | `{"domain":null}` | DNS defines information required for Dynamic DNS support. | cluster.networking.dns.domain | string | `nil` | Domain is the domain to create pods in. When populated the Operator will annotate the admin console and per-pod services with the key "external-dns.alpha.kubernetes.io/hostname". These annotations can be used directly by a Kubernetes External-DNS controller to replicate load balancer service IP addresses into a public DNS server. | cluster.networking.exposeAdminConsole | bool | `true` | ExposeAdminConsole creates a service referencing the admin console. The service is configured by the adminConsoleServiceTemplate field. -| cluster.networking.exposedFeatureServiceTemplate | object | `{"metadata":{"annotations":null,"labels":null},"spec":{"clusterIP":null,"clusterIPs":null,"externalIPs":null,"externalName":null,"externalTrafficPolicy":null,"healthCheckNodePort":null,"internalTrafficPolicy":null,"ipFamilies":null,"ipFamilyPolicy":null,"loadBalancerClass":null,"loadBalancerIP":null,"loadBalancerSourceRanges":null,"sessionAffinity":null,"sessionAffinityConfig":{"clientIP":{"timeoutSeconds":null}},"type":"NodePort"}}` | ExposedFeatureServiceTemplate provides a template used by the Operator to create and manage per-pod services. This allows services to be annotated, the service type defined and any other options that Kubernetes provides. When using a LoadBalancer service type, TLS and dynamic DNS must also be enabled. The Operator reserves the right to modify or replace any field. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#service-v1-core +| cluster.networking.exposedFeatureServiceTemplate | object | `{"metadata":{"annotations":null,"labels":null},"spec":{"clusterIP":null,"clusterIPs":null,"externalIPs":null,"externalName":null,"externalTrafficPolicy":null,"healthCheckNodePort":null,"internalTrafficPolicy":null,"ipFamilies":null,"ipFamilyPolicy":null,"loadBalancerClass":null,"loadBalancerIP":null,"loadBalancerSourceRanges":null,"sessionAffinity":null,"sessionAffinityConfig":{"clientIP":{"timeoutSeconds":null}},"type":"NodePort"}}` | ExposedFeatureServiceTemplate provides a template used by the Operator to create and manage per-pod services. This allows services to be annotated, the service type defined and any other options that Kubernetes provides. When using a LoadBalancer service type, TLS and dynamic DNS must also be enabled. The Operator reserves the right to modify or replace any field. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#service-v1-core | cluster.networking.exposedFeatureServiceTemplate.metadata | object | `{"annotations":null,"labels":null}` | Standard objects metadata. This is a curated version for use with Couchbase resource templates. | cluster.networking.exposedFeatureServiceTemplate.spec | object | `{"clusterIP":null,"clusterIPs":null,"externalIPs":null,"externalName":null,"externalTrafficPolicy":null,"healthCheckNodePort":null,"internalTrafficPolicy":null,"ipFamilies":null,"ipFamilyPolicy":null,"loadBalancerClass":null,"loadBalancerIP":null,"loadBalancerSourceRanges":null,"sessionAffinity":null,"sessionAffinityConfig":{"clientIP":{"timeoutSeconds":null}},"type":"NodePort"}` | ServiceSpec describes the attributes that a user creates on a service. | cluster.networking.exposedFeatureTrafficPolicy | string | `nil` | DEPRECATED - by exposedFeatureServiceTemplate. ExposedFeatureTrafficPolicy defines how packets should be routed from a load balancer service to a Couchbase pod. When local, traffic is routed directly to the pod. When cluster, traffic is routed to any node, then forwarded on. While cluster routing may be slower, there are some situations where it is required for connectivity. This field must be either "Cluster" or "Local", defaulting to "Local", @@ -166,6 +195,7 @@ | cluster.networking.serviceAnnotations | string | `nil` | DEPRECATED - by adminConsoleServiceTemplate and exposedFeatureServiceTemplate. ServiceAnnotations allows services to be annotated with custom labels. Operator annotations are merged on top of these so have precedence as they are required for correct operation. | cluster.networking.waitForAddressReachable | string | `"10m"` | WaitForAddressReachable is used to set the timeout between when polling of external addresses is started, and when it is deemed a failure. Polling of DNS name availability inherently dangerous due to negative caching, so prefer the use of an initial `waitForAddressReachableDelay` to allow propagation. | cluster.networking.waitForAddressReachableDelay | string | `"2m"` | WaitForAddressReachableDelay is used to defer operator checks that ensure external addresses are reachable before new nodes are balanced in to the cluster. This prevents negative DNS caching while waiting for external-DDNS controllers to propagate addresses. +| cluster.onlineVolumeExpansionTimeoutInMins | string | `nil` | OnlineVolumeExpansionTimeoutInMins must be provided as a retry mechanism with a timeout in minutes for expanding volumes. This must only be provided, if EnableOnlineVolumeExpansion is set to true. Value must be between 0 and 30. If no value is provided, then it defaults to 10 minutes. | cluster.paused | bool | `false` | Paused is to pause the control of the operator for the Couchbase cluster. This does not pause the cluster itself, instead stopping the operator from taking any action. | cluster.platform | string | `nil` | Platform gives a hint as to what platform we are running on and how to configure services. This field must be one of "aws", "gke" or "azure". | cluster.recoveryPolicy | string | `nil` | RecoveryPolicy controls how aggressive the Operator is when recovering cluster topology. When PrioritizeDataIntegrity, the Operator will delegate failover exclusively to Couchbase server, relying on it to only allow recovery when safe to do so. When PrioritizeUptime, the Operator will wait for a period after the expected auto-failover of the cluster, before forcefully failing-over the pods. This may cause data loss, and is only expected to be used on clusters with ephemeral data, where the loss of the pod means that the data is known to be unrecoverable. This field must be either "PrioritizeDataIntegrity" or "PrioritizeUptime", defaulting to "PrioritizeDataIntegrity". @@ -183,7 +213,7 @@ | cluster.security.podSecurityContext.runAsUser | int | `1000` | The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. | cluster.security.podSecurityContext.seLinuxOptions | object | `{"level":null,"role":null,"type":null,"user":null}` | The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. | cluster.security.podSecurityContext.seccompProfile | object | `{"localhostProfile":null,"type":null}` | The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. -| cluster.security.podSecurityContext.supplementalGroups | string | `nil` | A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container. Note that this field cannot be set when spec.os.name is windows. +| cluster.security.podSecurityContext.supplementalGroups | string | `nil` | A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows. | cluster.security.podSecurityContext.sysctls | object | `{"name":null,"value":null}` | Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows. | cluster.security.podSecurityContext.windowsOptions | object | `{"gmsaCredentialSpec":null,"gmsaCredentialSpecName":null,"hostProcess":false,"runAsUserName":null}` | The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. | cluster.security.rbac | object | `{"managed":true,"selector":{"matchExpressions":{"key":null,"operator":null,"values":null},"matchLabels":null}}` | RBAC is the options provided for enabling and selecting RBAC User resources to manage. @@ -199,20 +229,21 @@ | cluster.servers.default.autoscaleEnabled | bool | `false` | AutoscaledEnabled defines whether the autoscaling feature is enabled for this class. When true, the Operator will create a CouchbaseAutoscaler resource for this server class. The CouchbaseAutoscaler implements the Kubernetes scale API and can be controlled by the Kubernetes horizontal pod autoscaler (HPA). | cluster.servers.default.env | list | `[]` | Env allows the setting of environment variables in the Couchbase server container. | cluster.servers.default.envFrom | list | `[]` | EnvFrom allows the setting of environment variables in the Couchbase server container. -| cluster.servers.default.pod | object | `{"spec":{}}` | Pod defines a template used to create pod for each Couchbase server instance. Modifying pod metadata such as labels and annotations will update the pod in-place. Any other modification will result in a cluster upgrade in order to fulfill the request. The Operator reserves the right to modify or replace any field. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#pod-v1-core +| cluster.servers.default.pod | object | `{"spec":{}}` | Pod defines a template used to create pod for each Couchbase server instance. Modifying pod metadata such as labels and annotations will update the pod in-place. Any other modification will result in a cluster upgrade in order to fulfill the request. The Operator reserves the right to modify or replace any field. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#pod-v1-core | cluster.servers.default.services | list | `["data","index","query","search","analytics","eventing"]` | Services is the set of Couchbase services to run on this server class. At least one class must contain the data service. The field may contain any of "data", "index", "query", "search", "eventing" or "analytics". Each service may only be specified once. | cluster.servers.default.size | int | `3` | Size is the expected requested of the server class. This field must be greater than or equal to 1. | cluster.softwareUpdateNotifications | bool | `false` | SoftwareUpdateNotifications enables software update notifications in the UI. When enabled, the UI will alert when a Couchbase server upgrade is available. +| cluster.upgradeProcess | string | `nil` | UpgradeProcess defines the process that will be used when performing a couchbase cluster upgrade. When SwapRebalance is requested (default), pods will be upgraded using either a RollingUpgrade or ImmediateUpgrade (determined by UpgradeStrategy). When DeltaRecovery is requested, the operator will perform an in-place upgrade on a best effort basis. DeltaRecovery cannot be used if the UpgradeStrategy is set to ImmediateUpgrade. | cluster.upgradeStrategy | string | `nil` | UpgradeStrategy controls how aggressive the Operator is when performing a cluster upgrade. When a rolling upgrade is requested, pods are upgraded one at a time. This strategy is slower, however less disruptive. When an immediate upgrade strategy is requested, all pods are upgraded at the same time. This strategy is faster, but more disruptive. This field must be either "RollingUpgrade" or "ImmediateUpgrade", defaulting to "RollingUpgrade". -| cluster.volumeClaimTemplates | object | `{"metadata":{"annotations":null,"labels":null,"name":null},"spec":{"accessModes":null,"dataSourceRef":{"apiGroup":null,"kind":null,"name":null},"resources":{"limits":null,"requests":null},"selector":{"matchExpressions":{"key":null,"operator":null,"values":null},"matchLabels":null},"storageClassName":null,"volumeMode":null,"volumeName":null}}` | VolumeClaimTemplates define the desired characteristics of a volume that can be requested/claimed by a pod, for example the storage class to use and the volume size. Volume claim templates are referred to by name by server class volume mount configuration. +| cluster.volumeClaimTemplates | object | `{"metadata":{"annotations":null,"labels":null,"name":null},"spec":{"accessModes":null,"dataSourceRef":{"apiGroup":null,"kind":null,"name":null,"namespace":null},"resources":{"claims":{"name":null},"limits":null,"requests":null},"selector":{"matchExpressions":{"key":null,"operator":null,"values":null},"matchLabels":null},"storageClassName":null,"volumeMode":null,"volumeName":null}}` | VolumeClaimTemplates define the desired characteristics of a volume that can be requested/claimed by a pod, for example the storage class to use and the volume size. Volume claim templates are referred to by name by server class volume mount configuration. | cluster.volumeClaimTemplates.metadata | object | `{"annotations":null,"labels":null,"name":null}` | Standard objects metadata. This is a curated version for use with Couchbase resource templates. | cluster.volumeClaimTemplates.metadata.annotations | string | `nil` | Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations | cluster.volumeClaimTemplates.metadata.labels | string | `nil` | Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels | cluster.volumeClaimTemplates.metadata.name | string | `nil` | Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names -| cluster.volumeClaimTemplates.spec | object | `{"accessModes":null,"dataSourceRef":{"apiGroup":null,"kind":null,"name":null},"resources":{"limits":null,"requests":null},"selector":{"matchExpressions":{"key":null,"operator":null,"values":null},"matchLabels":null},"storageClassName":null,"volumeMode":null,"volumeName":null}` | PersistentVolumeClaimSpec describes the common attributes of storage devices and allows a Source for provider-specific attributes +| cluster.volumeClaimTemplates.spec | object | `{"accessModes":null,"dataSourceRef":{"apiGroup":null,"kind":null,"name":null,"namespace":null},"resources":{"claims":{"name":null},"limits":null,"requests":null},"selector":{"matchExpressions":{"key":null,"operator":null,"values":null},"matchLabels":null},"storageClassName":null,"volumeMode":null,"volumeName":null}` | PersistentVolumeClaimSpec describes the common attributes of storage devices and allows a Source for provider-specific attributes | cluster.volumeClaimTemplates.spec.accessModes | string | `nil` | accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 -| cluster.volumeClaimTemplates.spec.dataSourceRef | object | `{"apiGroup":null,"kind":null,"name":null}` | dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. -| cluster.volumeClaimTemplates.spec.resources | object | `{"limits":null,"requests":null}` | resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources +| cluster.volumeClaimTemplates.spec.dataSourceRef | object | `{"apiGroup":null,"kind":null,"name":null,"namespace":null}` | dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. +| cluster.volumeClaimTemplates.spec.resources | object | `{"claims":{"name":null},"limits":null,"requests":null}` | resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources | cluster.volumeClaimTemplates.spec.selector | object | `{"matchExpressions":{"key":null,"operator":null,"values":null},"matchLabels":null}` | selector is a label query over volumes to consider for binding. | cluster.volumeClaimTemplates.spec.storageClassName | string | `nil` | storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 | cluster.volumeClaimTemplates.spec.volumeMode | string | `nil` | volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. @@ -233,7 +264,7 @@ | coredns.service | string | `nil` | Name of Kubernetes service which exposes DNS endpoints | couchbaseOperator.commandArgs | object | `{"pod-create-timeout":"10m"}` | Set of command-line flags to pass on to the Operator to modify its behavior. see: https://docs.couchbase.com/operator/2.0/reference-operator-configuration.html#command-line-arguments | couchbaseOperator.commandArgs.pod-create-timeout | string | `"10m"` | Pod creation timeout. The Operator allows the timeout of pod creation to be manually configured. It is primarily intended for use on cloud platforms where the deployment of multiple volumes and pulling of a Couchbase Server container image may take a longer time than the default timeout period. -| couchbaseOperator.image | object | `{"repository":"couchbase/operator","tag":"2.5.0"}` | Image specifies repository and tag of the Couchbase Operator container. +| couchbaseOperator.image | object | `{"repository":"couchbase/operator","tag":"2.7.0"}` | Image specifies repository and tag of the Couchbase Operator container. | couchbaseOperator.imagePullPolicy | string | `"IfNotPresent"` | The policy for pulling images from the repository onto hosts. The imagePullPolicy value defaults to IfNotPresent, which means that images are only pulled if they’re not present on the Kubernetes node. Values allowed are Always, IfNotPresent, and Never. | couchbaseOperator.imagePullSecrets | list | `[]` | ImagePullSecrets is an optional list of references to secrets to use for pulling images. | couchbaseOperator.name | string | `"couchbase-operator"` | Name of the couchbase operator Deployment diff --git a/charts/couchbase-operator/crds/couchbase.crds.yaml b/charts/couchbase-operator/crds/couchbase.crds.yaml index 063587c..596c829 100644 --- a/charts/couchbase-operator/crds/couchbase.crds.yaml +++ b/charts/couchbase-operator/crds/couchbase.crds.yaml @@ -2,8 +2,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - config.couchbase.com/version: 2.5.0 - controller-gen.kubebuilder.io/version: v0.8.0 + config.couchbase.com/version: 2.7.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: couchbaseautoscalers.couchbase.com spec: group: couchbase.com @@ -26,20 +26,25 @@ spec: name: v2 schema: openAPIV3Schema: - description: CouchbaseAutoscaler provides an interface for the Kubernetes - Horizontal Pod Autoscaler to interactive with the Couchbase cluster and - provide autoscaling. This resource is not defined by the end user, and - is managed by the Operator. + description: |- + CouchbaseAutoscaler provides an interface for the Kubernetes Horizontal Pod Autoscaler + to interact with the Couchbase cluster and provide autoscaling. This resource is + not defined by the end user, and is managed by the Operator. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -61,12 +66,14 @@ spec: - size type: object status: - description: CouchbaseAutoscalerStatus provides information to the HPA - to assist with scaling server groups. + description: |- + CouchbaseAutoscalerStatus provides information to the HPA to assist with scaling + server groups. properties: labelSelector: - description: LabelSelector allows the HPA to select resources to monitor - for resource utilization in order to trigger scaling. + description: |- + LabelSelector allows the HPA to select resources to monitor for resource + utilization in order to trigger scaling. type: string size: description: Size is the current size of the server group. @@ -92,8 +99,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - config.couchbase.com/version: 2.5.0 - controller-gen.kubebuilder.io/version: v0.8.0 + config.couchbase.com/version: 2.7.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: couchbasebackuprestores.couchbase.com spec: group: couchbase.com @@ -128,25 +135,32 @@ spec: name: v2 schema: openAPIV3Schema: - description: CouchbaseBackupRestore allows the restoration of all Couchbase - cluster data from a CouchbaseBackup resource. + description: |- + CouchbaseBackupRestore allows the restoration of all Couchbase cluster data from + a CouchbaseBackup resource. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: CouchbaseBackupRestoreSpec allows the specification of data - restoration to be configured. This includes the backup and repository - to restore data from, and the time range of data to be restored. + description: |- + CouchbaseBackupRestoreSpec allows the specification of data restoration to be + configured. This includes the backup and repository to restore data from, and + the time range of data to be restored. properties: backoffLimit: default: 2 @@ -154,38 +168,38 @@ spec: format: int32 type: integer backup: - description: The backup resource name associated with this restore, - or the backup PVC name to restore from. + description: |- + The backup resource name associated with this restore, or the backup PVC + name to restore from. type: string buckets: - description: DEPRECATED - by spec.data. Specific buckets can be explicitly - included or excluded in the restore, as well as bucket mappings. This - field is now ignored. + description: |- + DEPRECATED - by spec.data. + Specific buckets can be explicitly included or excluded in the restore, + as well as bucket mappings. This field is now ignored. type: object x-kubernetes-preserve-unknown-fields: true data: - description: Data allows control over what key-value/document data - is included in the restore. By default, all data is included. + description: |- + Data allows control over what key-value/document data is included in the + restore. By default, all data is included. properties: exclude: - description: Exclude defines the buckets, scopes or collections - that are excluded from the backup. When this field is set, it - implies that by default everything will be backed up, and data - items can be explicitly excluded. You may define an exclusion - as a bucket -- `my-bucket`, a scope -- `my-bucket.my-scope`, - or a collection -- `my-bucket.my-scope.my-collection`. Buckets - may contain periods, and therefore must be escaped -- `my\.bucket.my-scope`, - as period is the separator used to delimit scopes and collections. Excluded - data cannot overlap e.g. specifying `my-bucket` and `my-bucket.my-scope` - is illegal. This field cannot be used at the same time as included - items. + description: |- + Exclude defines the buckets, scopes or collections that are excluded from the backup. + When this field is set, it implies that by default everything will be backed up, + and data items can be explicitly excluded. You may define an exclusion as a bucket + -- `my-bucket`, a scope -- `my-bucket.my-scope`, or a collection -- `my-bucket.my-scope.my-collection`. + Buckets may contain periods, and therefore must be escaped -- `my\.bucket.my-scope`, as + period is the separator used to delimit scopes and collections. Excluded data cannot overlap + e.g. specifying `my-bucket` and `my-bucket.my-scope` is illegal. This field cannot + be used at the same time as included items. items: - description: BucketScopeOrCollectionNameWithDefaults is the - name of a fully qualifed bucket, scope or collection. The - _default scope and collection are valid for this type. As - these names are period separated, and buckets can contain - periods, the latter need to be escaped. This specification - is based on cbbackupmgr. + description: |- + BucketScopeOrCollectionNameWithDefaults is the name of a fully qualifed bucket, scope or collection. + The _default scope and collection are valid for this type. + As these names are period separated, and buckets can contain periods, the latter need + to be escaped. This specification is based on cbbackupmgr. pattern: ^(?:[a-zA-Z0-9\-_%]|\\.){1,100}(\._default(\._default)?|\.[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,29}(\.[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,29})?)?$ type: string minItems: 1 @@ -200,48 +214,47 @@ spec: match the provided regular expression. type: string include: - description: Include defines the buckets, scopes or collections - that are included in the restore. When this field is set, it - implies that by default nothing will be restored, and data items - must be explicitly included. You may define an inclusion as - a bucket -- `my-bucket`, a scope -- `my-bucket.my-scope`, or - a collection -- `my-bucket.my-scope.my-collection`. Buckets - may contain periods, and therefore must be escaped -- `my\.bucket.my-scope`, - as period is the separator used to delimit scopes and collections. Included - data cannot overlap e.g. specifying `my-bucket` and `my-bucket.my-scope` - is illegal. This field cannot be used at the same time as excluded - items. + description: |- + Include defines the buckets, scopes or collections that are included in the restore. + When this field is set, it implies that by default nothing will be restored, + and data items must be explicitly included. You may define an inclusion as a bucket + -- `my-bucket`, a scope -- `my-bucket.my-scope`, or a collection -- `my-bucket.my-scope.my-collection`. + Buckets may contain periods, and therefore must be escaped -- `my\.bucket.my-scope`, as + period is the separator used to delimit scopes and collections. Included data cannot overlap + e.g. specifying `my-bucket` and `my-bucket.my-scope` is illegal. This field cannot + be used at the same time as excluded items. items: - description: BucketScopeOrCollectionNameWithDefaults is the - name of a fully qualifed bucket, scope or collection. The - _default scope and collection are valid for this type. As - these names are period separated, and buckets can contain - periods, the latter need to be escaped. This specification - is based on cbbackupmgr. + description: |- + BucketScopeOrCollectionNameWithDefaults is the name of a fully qualifed bucket, scope or collection. + The _default scope and collection are valid for this type. + As these names are period separated, and buckets can contain periods, the latter need + to be escaped. This specification is based on cbbackupmgr. pattern: ^(?:[a-zA-Z0-9\-_%]|\\.){1,100}(\._default(\._default)?|\.[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,29}(\.[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,29})?)?$ type: string minItems: 1 type: array x-kubernetes-list-type: set map: - description: Map allows data items in the restore to be remapped - to a different named container. Buckets can be remapped to other - buckets e.g. "source=target", scopes and collections can be - remapped to other scopes and collections within the same bucket - only e.g. "bucket.scope=bucket.other" or "bucket.scope.collection=bucket.scope.other". Map + description: |- + Map allows data items in the restore to be remapped to a different named container. + Buckets can be remapped to other buckets e.g. "source=target", scopes and collections + can be remapped to other scopes and collections within the same bucket only e.g. + "bucket.scope=bucket.other" or "bucket.scope.collection=bucket.scope.other". Map sources may only be specified once, and may not overlap. items: description: RestoreMapping allows data to be migrated on restore. properties: source: - description: Source defines the data source of the mapping, - this may be either a bucket, scope or collection. + description: |- + Source defines the data source of the mapping, this may be either + a bucket, scope or collection. pattern: ^(?:[a-zA-Z0-9\-_%]|\\.){1,100}(\._default(\._default)?|\.[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,29}(\.[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,29})?)?$ type: string target: - description: Target defines the data target of the mapping, - this may be either a bucket, scope or collection, and - must refer to the same type as the restore source. + description: |- + Target defines the data target of the mapping, this may be either + a bucket, scope or collection, and must refer to the same type + as the restore source. pattern: ^(?:[a-zA-Z0-9\-_%]|\\.){1,100}(\._default(\._default)?|\.[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,29}(\.[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,29})?)?$ type: string required: @@ -254,11 +267,11 @@ spec: x-kubernetes-list-type: map type: object end: - description: End denotes the last backup to restore from. Omitting - this field will only restore the backup referenced by start. This - may be specified as an integer index (starting from 1), a string - specifying a short date DD-MM-YYYY, the backup name, or one of either - `start` or `oldest` keywords. + description: |- + End denotes the last backup to restore from. Omitting this field will only + restore the backup referenced by start. This may be specified as + an integer index (starting from 1), a string specifying a short date + DD-MM-YYYY, the backup name, or one of either `start` or `oldest` keywords. properties: int: description: Int references a relative backup by index. @@ -269,59 +282,69 @@ spec: type: string type: object forceUpdates: - description: Forces data in the Couchbase cluster to be overwritten + description: |- + Forces data in the Couchbase cluster to be overwritten even if the data in the cluster is newer than the restore type: boolean logRetention: default: 168h - description: 'Number of hours to hold restore script logs for, everything - older will be deleted. More info: https://golang.org/pkg/time/#ParseDuration' + description: |- + Number of hours to hold restore script logs for, everything older will be deleted. + More info: + https://golang.org/pkg/time/#ParseDuration type: string objectStore: description: The remote destination for backup. properties: endpoint: - description: Endpoint contains the configuration for connecting - to a custom Azure/S3/GCP compliant object store. If set will - override `CouchbaseCluster.spec.backup.objectEndpoint` See https://docs.couchbase.com/server/current/backup-restore/cbbackupmgr-cloud.html#compatible-object-stores + description: |- + Endpoint contains the configuration for connecting to a custom Azure/S3/GCP compliant object store. + If set will override `CouchbaseCluster.spec.backup.objectEndpoint` + See https://docs.couchbase.com/server/current/backup-restore/cbbackupmgr-cloud.html#compatible-object-stores properties: secret: - description: The name of the secret, in this namespace, that - contains the CA certificate for verification of a TLS endpoint + description: |- + The name of the secret, in this namespace, that contains the CA certificate for verification of a TLS endpoint The secret must have the key with the name "tls.crt" type: string url: description: The host/address of the custom object endpoint. type: string useVirtualPath: - description: UseVirtualPath will force the AWS SDK to use - the new virtual style paths which are often required by - S3 compatible object stores. + description: |- + UseVirtualPath will force the AWS SDK to use the new virtual style paths + which are often required by S3 compatible object stores. type: boolean type: object secret: - description: ObjStoreSecret must contain two fields, access-key-id, - secret-access-key and optionally either region or refresh-token. - These correspond to the fields used by cbbackupmgr https://docs.couchbase.com/server/current/backup-restore/cbbackupmgr-backup.html#optional-2 + description: |- + ObjStoreSecret must contain two fields, access-key-id, secret-access-key and optionally either region or refresh-token. + These correspond to the fields used by cbbackupmgr + https://docs.couchbase.com/server/current/backup-restore/cbbackupmgr-backup.html#optional-2 type: string uri: - description: URI is a reference to a remote object store. This - is the prefix of the object store and the bucket name. i.e s3://bucket, - az://bucket or gs://bucket. + description: |- + URI is a reference to a remote object store. + This is the prefix of the object store and the bucket name. + i.e s3://bucket, az://bucket or gs://bucket. pattern: ^(az|s3|gs)://.{3,}$ type: string useIAM: - description: Whether to allow the backup SDK to attempt to authenticate - using the instance metadata api. If set, will override `CouchbaseCluster.spec.backup.useIAM`. + description: |- + Whether to allow the backup SDK to attempt to authenticate + using the instance metadata api. + If set, will override `CouchbaseCluster.spec.backup.useIAM`. type: boolean type: object repo: - description: Repo is the backup folder to restore from. If no repository - is specified, the backup container will choose the latest. + description: |- + Repo is the backup folder to restore from. If no repository is specified, + the backup container will choose the latest. type: string s3bucket: - description: DEPRECATED - by spec.objectStore.uri Name of S3 bucket - to restore from. If non-empty this overrides local backup. + description: |- + DEPRECATED - by spec.objectStore.uri + Name of S3 bucket to restore from. If non-empty this overrides local backup. pattern: ^s3://[a-z0-9-\.\/]{3,63}$ type: string services: @@ -331,58 +354,67 @@ spec: properties: analytics: default: true - description: Analytics restores analytics datasets from the backup. This - field defaults to true. + description: |- + Analytics restores analytics datasets from the backup. This field + defaults to true. type: boolean bucketConfig: - description: BucketConfig restores all bucket configuration settings. + description: |- + BucketConfig restores all bucket configuration settings. If you are restoring to cluster with managed buckets, then this option may conflict with existing bucket settings, and the results are undefined, so avoid use. This option is intended for use - with unmanaged buckets. Note that bucket durability settings - are not restored in versions less than and equal to 1.1.0, and - will need to be manually applied. This field defaults to false. + with unmanaged buckets. Note that bucket durability settings are + not restored in versions less than and equal to 1.1.0, and will + need to be manually applied. This field defaults to false. type: boolean bucketQuery: default: true - description: BucketQuery enables the backup of query metadata - for all buckets. This field defaults to `true`. + description: |- + BucketQuery enables the backup of query metadata for all buckets. + This field defaults to `true`. type: boolean clusterAnalytics: default: true - description: ClusterAnalytics enables the backup of cluster-wide - analytics data, for example synonyms. This field defaults to - `true`. + description: |- + ClusterAnalytics enables the backup of cluster-wide analytics data, for example synonyms. + This field defaults to `true`. type: boolean clusterQuery: default: true - description: ClusterQuery enables the backup of cluster level - query metadata. This field defaults to `true`. + description: |- + ClusterQuery enables the backup of cluster level query metadata. + This field defaults to `true`. type: boolean data: default: true - description: Data restores document data from the backup. This - field defaults to true. + description: |- + Data restores document data from the backup. This field defaults + to true. type: boolean eventing: default: true - description: Eventing restores eventing functions from the backup. This - field defaults to true. + description: |- + Eventing restores eventing functions from the backup. This field + defaults to true. type: boolean ftAlias: default: true - description: FTAlias restores full-text search aliases from the - backup. This field defaults to true. + description: |- + FTAlias restores full-text search aliases from the backup. This + field defaults to true. type: boolean ftIndex: default: true - description: FTIndex restores full-text search indexes from the - backup. This field defaults to true. + description: |- + FTIndex restores full-text search indexes from the backup. This + field defaults to true. type: boolean gsiIndex: default: true - description: GSIIndex restores document indexes from the backup. This - field defaults to true. + description: |- + GSIIndex restores document indexes from the backup. This field + defaults to true. type: boolean views: default: true @@ -393,20 +425,21 @@ spec: stagingVolume: default: size: 20Gi - description: StagingVolume contains configuration related to the ephemeral - volume used as staging when restoring from a cloud backup. + description: |- + StagingVolume contains configuration related to the + ephemeral volume used as staging when restoring from a cloud backup. properties: size: anyOf: - type: integer - type: string default: 20Gi - description: 'Size allows the specification of a staging volume. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes - The ephemeral volume will only be used when restoring from a - cloud provider, if the backup job was created using ephemeral - storage. Otherwise the restore job will share a staging volume - with the backup job.' + description: |- + Size allows the specification of a staging volume. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes + The ephemeral volume will only be used when restoring from a cloud provider, + if the backup job was created using ephemeral storage. + Otherwise the restore job will share a staging volume with the backup job. pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ type: string x-kubernetes-int-or-string: true @@ -415,10 +448,10 @@ spec: type: string type: object start: - description: Start denotes the first backup to restore from. This - may be specified as an integer index (starting from 1), a string - specifying a short date DD-MM-YYYY, the backup name, or one of either - `start` or `oldest` keywords. + description: |- + Start denotes the first backup to restore from. This may be specified as + an integer index (starting from 1), a string specifying a short date + DD-MM-YYYY, the backup name, or one of either `start` or `oldest` keywords. properties: int: description: Int references a relative backup by index. @@ -439,21 +472,20 @@ spec: format: int32 minimum: 0 type: integer - required: - - backup type: object status: - description: CouchbaseBackupRestoreStatus provides status indications - of a restore from backup. This includes whether or not the restore - is running, whether the restore succeed or not, and the duration the - restore took. + description: |- + CouchbaseBackupRestoreStatus provides status indications of a restore from + backup. This includes whether or not the restore is running, whether the + restore succeed or not, and the duration the restore took. properties: archive: description: Location of Backup Archive. type: string backups: - description: Backups gives us a full list of all backups and their - respective repository locations. + description: |- + Backups gives us a full list of all backups + and their respective repository locations. items: properties: full: @@ -472,16 +504,18 @@ spec: type: object type: array duration: - description: 'Duration tells us how long the last restore took. More - info: https://golang.org/pkg/time/#ParseDuration' + description: |- + Duration tells us how long the last restore took. More info: + https://golang.org/pkg/time/#ParseDuration type: string failed: description: Failed indicates whether the most recent restore has failed. type: boolean job: - description: DEPRECATED - field may no longer be populated. Job tells - us which job is running/ran last. + description: |- + DEPRECATED - field may no longer be populated. + Job tells us which job is running/ran last. type: string lastFailure: description: LastFailure tells us the time the last failed restore @@ -498,12 +532,14 @@ spec: format: date-time type: string output: - description: DEPRECATED - field may no longer be populated. Output - reports useful information from the backup process. + description: |- + DEPRECATED - field may no longer be populated. + Output reports useful information from the backup process. type: string pod: - description: DEPRECATED - field may no longer be populated. Pod tells - us which pod is running/ran last. + description: |- + DEPRECATED - field may no longer be populated. + Pod tells us which pod is running/ran last. type: string repo: description: Repo is where we are currently performing operations. @@ -526,8 +562,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - config.couchbase.com/version: 2.5.0 - controller-gen.kubebuilder.io/version: v0.8.0 + config.couchbase.com/version: 2.7.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: couchbasebackups.couchbase.com spec: group: couchbase.com @@ -565,120 +601,127 @@ spec: name: v2 schema: openAPIV3Schema: - description: CouchbaseBackup allows automatic backup of all data from a Couchbase - cluster into persistent storage. + description: |- + CouchbaseBackup allows automatic backup of all data from a Couchbase cluster + into persistent storage. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: CouchbaseBackupSpec is allows the specification of how a - Couchbase backup is configured, including when backups are performed, - how long they are retained for, and where they are backed up to. + description: |- + CouchbaseBackupSpec is allows the specification of how a Couchbase backup is + configured, including when backups are performed, how long they are retained + for, and where they are backed up to. properties: autoScaling: - description: AutoScaling allows the volume size to be dynamically - increased. When specified, the backup volume will start with an - initial size as defined by `spec.size`, and increase as required. + description: |- + AutoScaling allows the volume size to be dynamically increased. + When specified, the backup volume will start with an initial size + as defined by `spec.size`, and increase as required. properties: incrementPercent: default: 20 - description: IncrementPercent controls how much the volume is - increased each time the threshold is exceeded, upto a maximum - as defined by the limit. This field defaults to 20 if not specified. + description: |- + IncrementPercent controls how much the volume is increased each time the + threshold is exceeded, upto a maximum as defined by the limit. + This field defaults to 20 if not specified. minimum: 0 type: integer limit: anyOf: - type: integer - type: string - description: 'Limit imposes a hard limit on the size we can autoscale - to. When not specified no bounds are imposed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes' + description: |- + Limit imposes a hard limit on the size we can autoscale to. When not + specified no bounds are imposed. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ type: string x-kubernetes-int-or-string: true thresholdPercent: default: 20 - description: ThresholdPercent determines the point at which a - volume is autoscaled. This represents the percentage of free - space remaining on the volume, when less than this threshold, - it will trigger a volume expansion. For example, if the volume - is 100Gi, and the threshold 20%, then a resize will be triggered - when the used capacity exceeds 80Gi, and free space is less - than 20Gi. This field defaults to 20 if not specified. + description: |- + ThresholdPercent determines the point at which a volume is autoscaled. + This represents the percentage of free space remaining on the volume, + when less than this threshold, it will trigger a volume expansion. + For example, if the volume is 100Gi, and the threshold 20%, then a resize + will be triggered when the used capacity exceeds 80Gi, and free space is + less than 20Gi. This field defaults to 20 if not specified. maximum: 99 minimum: 0 type: integer type: object backoffLimit: default: 2 - description: Number of times a backup job should try to execute. Once - it hits the BackoffLimit it will not run until the next scheduled - job. + description: |- + Number of times a backup job should try to execute. + Once it hits the BackoffLimit it will not run until the next scheduled job. format: int32 type: integer backupRetention: default: 720h - description: 'Number of hours to hold backups for, everything older - will be deleted. More info: https://golang.org/pkg/time/#ParseDuration' + description: |- + Number of hours to hold backups for, everything older will be deleted. More info: + https://golang.org/pkg/time/#ParseDuration type: string data: - description: Data allows control over what key-value/document data - is included in the backup. By default, all data is included. Modifications + description: |- + Data allows control over what key-value/document data is included in the + backup. By default, all data is included. Modifications to this field will only take effect on the next full backup. properties: exclude: - description: Exclude defines the buckets, scopes or collections - that are excluded from the backup. When this field is set, it - implies that by default everything will be backed up, and data - items can be explicitly excluded. You may define an exclusion - as a bucket -- `my-bucket`, a scope -- `my-bucket.my-scope`, - or a collection -- `my-bucket.my-scope.my-collection`. Buckets - may contain periods, and therefore must be escaped -- `my\.bucket.my-scope`, - as period is the separator used to delimit scopes and collections. Excluded - data cannot overlap e.g. specifying `my-bucket` and `my-bucket.my-scope` - is illegal. This field cannot be used at the same time as included - items. + description: |- + Exclude defines the buckets, scopes or collections that are excluded from the backup. + When this field is set, it implies that by default everything will be backed up, + and data items can be explicitly excluded. You may define an exclusion as a bucket + -- `my-bucket`, a scope -- `my-bucket.my-scope`, or a collection -- `my-bucket.my-scope.my-collection`. + Buckets may contain periods, and therefore must be escaped -- `my\.bucket.my-scope`, as + period is the separator used to delimit scopes and collections. Excluded data cannot overlap + e.g. specifying `my-bucket` and `my-bucket.my-scope` is illegal. This field cannot + be used at the same time as included items. items: - description: BucketScopeOrCollectionNameWithDefaults is the - name of a fully qualifed bucket, scope or collection. The - _default scope and collection are valid for this type. As - these names are period separated, and buckets can contain - periods, the latter need to be escaped. This specification - is based on cbbackupmgr. + description: |- + BucketScopeOrCollectionNameWithDefaults is the name of a fully qualifed bucket, scope or collection. + The _default scope and collection are valid for this type. + As these names are period separated, and buckets can contain periods, the latter need + to be escaped. This specification is based on cbbackupmgr. pattern: ^(?:[a-zA-Z0-9\-_%]|\\.){1,100}(\._default(\._default)?|\.[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,29}(\.[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,29})?)?$ type: string minItems: 1 type: array x-kubernetes-list-type: set include: - description: Include defines the buckets, scopes or collections - that are included in the backup. When this field is set, it - implies that by default nothing will be backed up, and data - items must be explicitly included. You may define an inclusion - as a bucket -- `my-bucket`, a scope -- `my-bucket.my-scope`, - or a collection -- `my-bucket.my-scope.my-collection`. Buckets - may contain periods, and therefore must be escaped -- `my\.bucket.my-scope`, - as period is the separator used to delimit scopes and collections. Included - data cannot overlap e.g. specifying `my-bucket` and `my-bucket.my-scope` - is illegal. This field cannot be used at the same time as excluded - items. + description: |- + Include defines the buckets, scopes or collections that are included in the backup. + When this field is set, it implies that by default nothing will be backed up, + and data items must be explicitly included. You may define an inclusion as a bucket + -- `my-bucket`, a scope -- `my-bucket.my-scope`, or a collection -- `my-bucket.my-scope.my-collection`. + Buckets may contain periods, and therefore must be escaped -- `my\.bucket.my-scope`, as + period is the separator used to delimit scopes and collections. Included data cannot overlap + e.g. specifying `my-bucket` and `my-bucket.my-scope` is illegal. This field cannot + be used at the same time as excluded items. items: - description: BucketScopeOrCollectionNameWithDefaults is the - name of a fully qualifed bucket, scope or collection. The - _default scope and collection are valid for this type. As - these names are period separated, and buckets can contain - periods, the latter need to be escaped. This specification - is based on cbbackupmgr. + description: |- + BucketScopeOrCollectionNameWithDefaults is the name of a fully qualifed bucket, scope or collection. + The _default scope and collection are valid for this type. + As these names are period separated, and buckets can contain periods, the latter need + to be escaped. This specification is based on cbbackupmgr. pattern: ^(?:[a-zA-Z0-9\-_%]|\\.){1,100}(\._default(\._default)?|\.[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,29}(\.[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,29})?)?$ type: string minItems: 1 @@ -687,7 +730,8 @@ spec: type: object defaultRecoveryMethod: default: none - description: DefaultRecoveryMethod specifies how cbbackupmgr should + description: |- + DefaultRecoveryMethod specifies how cbbackupmgr should recover from broken backup/restore attempts. enum: - none @@ -696,9 +740,10 @@ spec: type: string ephemeralVolume: default: false - description: EphemeralVolume sets backup to use an ephemeral volume - instead of a persistent volume. This is used when backing up to - a remote cloud provider, where a persistent volume is not needed. + description: |- + EphemeralVolume sets backup to use an ephemeral volume instead + of a persistent volume. This is used when backing up to a remote + cloud provider, where a persistent volume is not needed. type: boolean failedJobsHistoryLimit: default: 3 @@ -707,8 +752,9 @@ spec: minimum: 0 type: integer full: - description: Full is the schedule on when to take full backups. Used - in Full/Incremental and FullOnly backup strategies. + description: |- + Full is the schedule on when to take full backups. + Used in Full/Incremental and FullOnly backup strategies. properties: schedule: description: Schedule takes a cron schedule in string format. @@ -717,8 +763,9 @@ spec: - schedule type: object incremental: - description: Incremental is the schedule on when to take incremental - backups. Used in Full/Incremental backup strategies. + description: |- + Incremental is the schedule on when to take incremental backups. + Used in Full/Incremental backup strategies. properties: schedule: description: Schedule takes a cron schedule in string format. @@ -728,114 +775,132 @@ spec: type: object logRetention: default: 168h - description: 'Number of hours to hold script logs for, everything - older will be deleted. More info: https://golang.org/pkg/time/#ParseDuration' + description: |- + Number of hours to hold script logs for, everything older will be deleted. More info: + https://golang.org/pkg/time/#ParseDuration type: string objectStore: description: ObjectStore allows for backing up to a remote cloud storage. properties: endpoint: - description: Endpoint contains the configuration for connecting - to a custom Azure/S3/GCP compliant object store. If set will - override `CouchbaseCluster.spec.backup.objectEndpoint` See https://docs.couchbase.com/server/current/backup-restore/cbbackupmgr-cloud.html#compatible-object-stores + description: |- + Endpoint contains the configuration for connecting to a custom Azure/S3/GCP compliant object store. + If set will override `CouchbaseCluster.spec.backup.objectEndpoint` + See https://docs.couchbase.com/server/current/backup-restore/cbbackupmgr-cloud.html#compatible-object-stores properties: secret: - description: The name of the secret, in this namespace, that - contains the CA certificate for verification of a TLS endpoint + description: |- + The name of the secret, in this namespace, that contains the CA certificate for verification of a TLS endpoint The secret must have the key with the name "tls.crt" type: string url: description: The host/address of the custom object endpoint. type: string useVirtualPath: - description: UseVirtualPath will force the AWS SDK to use - the new virtual style paths which are often required by - S3 compatible object stores. + description: |- + UseVirtualPath will force the AWS SDK to use the new virtual style paths + which are often required by S3 compatible object stores. type: boolean type: object secret: - description: ObjStoreSecret must contain two fields, access-key-id, - secret-access-key and optionally either region or refresh-token. - These correspond to the fields used by cbbackupmgr https://docs.couchbase.com/server/current/backup-restore/cbbackupmgr-backup.html#optional-2 + description: |- + ObjStoreSecret must contain two fields, access-key-id, secret-access-key and optionally either region or refresh-token. + These correspond to the fields used by cbbackupmgr + https://docs.couchbase.com/server/current/backup-restore/cbbackupmgr-backup.html#optional-2 type: string uri: - description: URI is a reference to a remote object store. This - is the prefix of the object store and the bucket name. i.e s3://bucket, - az://bucket or gs://bucket. + description: |- + URI is a reference to a remote object store. + This is the prefix of the object store and the bucket name. + i.e s3://bucket, az://bucket or gs://bucket. pattern: ^(az|s3|gs)://.{3,}$ type: string useIAM: - description: Whether to allow the backup SDK to attempt to authenticate - using the instance metadata api. If set, will override `CouchbaseCluster.spec.backup.useIAM`. + description: |- + Whether to allow the backup SDK to attempt to authenticate + using the instance metadata api. + If set, will override `CouchbaseCluster.spec.backup.useIAM`. type: boolean type: object s3bucket: - description: DEPRECATED - by spec.objectStore.uri Name of S3 bucket - to backup to. If non-empty this overrides local backup. + description: |- + DEPRECATED - by spec.objectStore.uri + Name of S3 bucket to backup to. If non-empty this overrides local backup. pattern: ^s3://[a-z0-9-\.\/]{3,63}$ type: string services: default: {} - description: Services allows control over what services are included - in the backup. By default, all service data and metadata are included. Modifications + description: |- + Services allows control over what services are included in the backup. + By default, all service data and metadata are included. Modifications to this field will only take effect on the next full backup. properties: analytics: default: true - description: Analytics enables the backup of analytics data. This - field defaults to `true`. + description: |- + Analytics enables the backup of analytics data. + This field defaults to `true`. type: boolean bucketConfig: default: true - description: BucketConfig enables the backup of bucket configuration. + description: |- + BucketConfig enables the backup of bucket configuration. This field defaults to `true`. type: boolean bucketQuery: default: true - description: BucketQuery enables the backup of query metadata - for all buckets. This field defaults to `true`. + description: |- + BucketQuery enables the backup of query metadata for all buckets. + This field defaults to `true`. type: boolean clusterAnalytics: default: true - description: ClusterAnalytics enables the backup of cluster-wide - analytics data, for example synonyms. This field defaults to - `true`. + description: |- + ClusterAnalytics enables the backup of cluster-wide analytics data, for example synonyms. + This field defaults to `true`. type: boolean clusterQuery: default: true - description: ClusterQuery enables the backup of cluster level - query metadata. This field defaults to `true`. + description: |- + ClusterQuery enables the backup of cluster level query metadata. + This field defaults to `true`. type: boolean data: default: true - description: Data enables the backup of key-value data/documents - for all buckets. This can be further refined with the couchbasebackups.spec.data - configuration. This field defaults to `true`. + description: |- + Data enables the backup of key-value data/documents for all buckets. + This can be further refined with the couchbasebackups.spec.data configuration. + This field defaults to `true`. type: boolean eventing: default: true - description: Eventing enables the backup of eventing service metadata. + description: |- + Eventing enables the backup of eventing service metadata. This field defaults to `true`. type: boolean ftsAliases: default: true - description: FTSAliases enables the backup of full-text search - alias definitions. This field defaults to `true`. + description: |- + FTSAliases enables the backup of full-text search alias definitions. + This field defaults to `true`. type: boolean ftsIndexes: default: true - description: FTSIndexes enables the backup of full-text search - index definitions for all buckets. This field defaults to `true`. + description: |- + FTSIndexes enables the backup of full-text search index definitions for all buckets. + This field defaults to `true`. type: boolean gsIndexes: default: true - description: GSIndexes enables the backup of global secondary - index definitions for all buckets. This field defaults to `true`. + description: |- + GSIndexes enables the backup of global secondary index definitions for all buckets. + This field defaults to `true`. type: boolean views: default: true - description: Views enables the backup of view definitions for - all buckets. This field defaults to `true`. + description: |- + Views enables the backup of view definitions for all buckets. + This field defaults to `true`. type: boolean type: object size: @@ -843,8 +908,10 @@ spec: - type: integer - type: string default: 20Gi - description: 'Size allows the specification of a backup persistent - volume, when using volume based backup. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes' + description: |- + Size allows the specification of a backup persistent volume, when using + volume based backup. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ type: string x-kubernetes-int-or-string: true @@ -853,18 +920,22 @@ spec: type: string strategy: default: full_incremental - description: 'Strategy defines how to perform backups. `full_only` - will only perform full backups, and you must define a schedule in - the `spec.full` field. `full_incremental` will perform periodic - full backups, and incremental backups in between. You must define - full and incremental schedules in the `spec.full` and `spec.incremental` - fields respectively. Care should be taken to ensure full and incremental - schedules do not overlap, taking into account the backup time, as - this will cause failures as the jobs attempt to mount the same backup - volume. This field default to `full_incremental`. Info: https://docs.couchbase.com/server/current/backup-restore/cbbackupmgr-strategies.html' + description: |- + Strategy defines how to perform backups. `full_only` will only perform full + backups, and you must define a schedule in the `spec.full` field. `full_incremental` + will perform periodic full backups, and incremental backups in between. You must + define full and incremental schedules in the `spec.full` and `spec.incremental` fields + respectively. Care should be taken to ensure full and incremental schedules do not + overlap, taking into account the backup time, as this will cause failures as the jobs + attempt to mount the same backup volume. To cause a backup to occur immediately use `immediate_incremental` + or `immediate_full` for incremental or full backups respectively. + This field default to `full_incremental`. + Info: https://docs.couchbase.com/server/current/backup-restore/cbbackupmgr-strategies.html enum: - full_incremental - full_only + - immediate_incremental + - immediate_full type: string successfulJobsHistoryLimit: default: 3 @@ -885,17 +956,18 @@ spec: type: integer type: object status: - description: CouchbaseBackupStatus provides status notifications about - the Couchbase backup including when the last backup occurred, whether - is succeeded or not, the run time of the backup and the size of the - backup. + description: |- + CouchbaseBackupStatus provides status notifications about the Couchbase backup + including when the last backup occurred, whether is succeeded or not, the run + time of the backup and the size of the backup. properties: archive: description: Location of Backup Archive. type: string backups: - description: Backups gives us a full list of all backups and their - respective repository locations. + description: |- + Backups gives us a full list of all backups + and their respective repository locations. items: properties: full: @@ -917,25 +989,29 @@ spec: anyOf: - type: integer - type: string - description: 'CapacityUsed tells us how much of the PVC we are using. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes' + description: |- + CapacityUsed tells us how much of the PVC we are using. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ type: string x-kubernetes-int-or-string: true cronjob: - description: DEPRECATED - field may no longer be populated. Cronjob - tells us which Cronjob the job belongs to. + description: |- + DEPRECATED - field may no longer be populated. + Cronjob tells us which Cronjob the job belongs to. type: string duration: - description: 'Duration tells us how long the last backup took. More - info: https://golang.org/pkg/time/#ParseDuration' + description: |- + Duration tells us how long the last backup took. More info: + https://golang.org/pkg/time/#ParseDuration type: string failed: description: Failed indicates whether the most recent backup has failed. type: boolean job: - description: DEPRECATED - field may no longer be populated. Job tells - us which job is running/ran last. + description: |- + DEPRECATED - field may no longer be populated. + Job tells us which job is running/ran last. type: string lastFailure: description: LastFailure tells us the time the last failed backup @@ -952,12 +1028,14 @@ spec: format: date-time type: string output: - description: DEPRECATED - field may no longer be populated. Output - reports useful information from the backup_script. + description: |- + DEPRECATED - field may no longer be populated. + Output reports useful information from the backup_script. type: string pod: - description: DEPRECATED - field may no longer be populated. Pod tells - us which pod is running/ran last. + description: |- + DEPRECATED - field may no longer be populated. + Pod tells us which pod is running/ran last. type: string repo: description: Repo is where we are currently performing operations. @@ -980,8 +1058,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - config.couchbase.com/version: 2.5.0 - controller-gen.kubebuilder.io/version: v0.8.0 + config.couchbase.com/version: 2.7.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: couchbasebuckets.couchbase.com spec: group: couchbase.com @@ -1014,40 +1092,45 @@ spec: name: v2 schema: openAPIV3Schema: - description: The CouchbaseBucket resource defines a set of documents in Couchbase - server. A Couchbase client connects to and operates on a bucket, which provides - independent management of a set documents and a security boundary for role - based access control. A CouchbaseBucket provides replication and persistence - for documents contained by it. + description: |- + The CouchbaseBucket resource defines a set of documents in Couchbase server. + A Couchbase client connects to and operates on a bucket, which provides independent + management of a set documents and a security boundary for role based access control. + A CouchbaseBucket provides replication and persistence for documents contained by it. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: default: {} - description: CouchbaseBucketSpec is the specification for a Couchbase - bucket resource, and allows the bucket to be customized. + description: |- + CouchbaseBucketSpec is the specification for a Couchbase bucket resource, and + allows the bucket to be customized. properties: compressionMode: default: passive - description: CompressionMode defines how Couchbase server handles - document compression. When off, documents are stored in memory, - and transferred to the client uncompressed. When passive, documents - are stored compressed in memory, and transferred to the client compressed - when requested. When active, documents are stored compresses in - memory and when transferred to the client. This field must be "off", - "passive" or "active", defaulting to "passive". Be aware "off" - in YAML 1.2 is a boolean, so must be quoted as a string in configuration - files. + description: |- + CompressionMode defines how Couchbase server handles document compression. When + off, documents are stored in memory, and transferred to the client uncompressed. + When passive, documents are stored compressed in memory, and transferred to the + client compressed when requested. When active, documents are stored compresses + in memory and when transferred to the client. This field must be "off", "passive" + or "active", defaulting to "passive". Be aware "off" in YAML 1.2 is a boolean, so + must be quoted as a string in configuration files. enum: - "off" - passive @@ -1055,87 +1138,88 @@ spec: type: string conflictResolution: default: seqno - description: ConflictResolution defines how XDCR handles concurrent - write conflicts. Sequence number based resolution selects the document - with the highest sequence number as the most recent. Timestamp based - resolution selects the document that was written to most recently - as the most recent. This field must be "seqno" (sequence based), - or "lww" (timestamp based), defaulting to "seqno". + description: |- + ConflictResolution defines how XDCR handles concurrent write conflicts. Sequence number + based resolution selects the document with the highest sequence number as the most recent. + Timestamp based resolution selects the document that was written to most recently as the + most recent. This field must be "seqno" (sequence based), or "lww" (timestamp based), + defaulting to "seqno". enum: - seqno - lww type: string enableFlush: - description: EnableFlush defines whether a client can delete all documents - in a bucket. This field defaults to false. + description: |- + EnableFlush defines whether a client can delete all documents in a bucket. + This field defaults to false. type: boolean enableIndexReplica: - description: EnableIndexReplica defines whether indexes for this bucket - are replicated. This field defaults to false. + description: |- + EnableIndexReplica defines whether indexes for this bucket are replicated. + This field defaults to false. type: boolean evictionPolicy: default: valueOnly - description: EvictionPolicy controls how Couchbase handles memory - exhaustion. Value only eviction flushes documents to disk but maintains - document metadata in memory in order to improve query performance. Full - eviction removes all data from memory after the document is flushed - to disk. This field must be "valueOnly" or "fullEviction", defaulting - to "valueOnly". + description: |- + EvictionPolicy controls how Couchbase handles memory exhaustion. Value only eviction + flushes documents to disk but maintains document metadata in memory in order to improve + query performance. Full eviction removes all data from memory after the document is + flushed to disk. This field must be "valueOnly" or "fullEviction", defaulting to + "valueOnly". enum: - valueOnly - fullEviction type: string ioPriority: default: low - description: IOPriority controls how many threads a bucket has, per - pod, to process reads and writes. This field must be "low" or "high", - defaulting to "low". Modification of this field will cause a temporary - service disruption as threads are restarted. + description: |- + IOPriority controls how many threads a bucket has, per pod, to process reads and writes. + This field must be "low" or "high", defaulting to "low". Modification of this field will + cause a temporary service disruption as threads are restarted. enum: - low - high type: string maxTTL: - description: 'MaxTTL defines how long a document is permitted to exist - for, without modification, until it is automatically deleted. This - is a default and maximum time-to-live and may be set to a lower - value by the client. If the client specifies a higher value, then - it is truncated to the maximum durability. Documents are removed - by Couchbase, after they have expired, when either accessed, the - expiry pager is run, or the bucket is compacted. When set to 0, - then documents are not expired by default. This field must be a - duration in the range 0-2147483648s, defaulting to 0. More info: - https://golang.org/pkg/time/#ParseDuration' + description: |- + MaxTTL defines how long a document is permitted to exist for, without + modification, until it is automatically deleted. This is a default and maximum + time-to-live and may be set to a lower value by the client. If the client specifies + a higher value, then it is truncated to the maximum durability. Documents are + removed by Couchbase, after they have expired, when either accessed, the expiry + pager is run, or the bucket is compacted. When set to 0, then documents are not + expired by default. This field must be a duration in the range 0-2147483648s, + defaulting to 0. More info: + https://golang.org/pkg/time/#ParseDuration type: string memoryQuota: anyOf: - type: integer - type: string default: 100Mi - description: 'MemoryQuota is a memory limit to the size of a bucket. When - this limit is exceeded, documents will be evicted from memory to - disk as defined by the eviction policy. The memory quota is defined - per Couchbase pod running the data service. This field defaults - to, and must be greater than or equal to 100Mi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes' + description: |- + MemoryQuota is a memory limit to the size of a bucket. When this limit is exceeded, + documents will be evicted from memory to disk as defined by the eviction policy. The + memory quota is defined per Couchbase pod running the data service. This field defaults + to, and must be greater than or equal to 100Mi. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ type: string x-kubernetes-int-or-string: true minimumDurability: - description: MiniumumDurability defines how durable a document write - is by default, and can be made more durable by the client. This - feature enables ACID transactions. When none, Couchbase server will - respond when the document is in memory, it will become eventually - consistent across the cluster. When majority, Couchbase server - will respond when the document is replicated to at least half of - the pods running the data service in the cluster. When majorityAndPersistActive, - Couchbase server will respond when the document is replicated to - at least half of the pods running the data service in the cluster - and the document has been persisted to disk on the document master - pod. When persistToMajority, Couchbase server will respond when - the document is replicated and persisted to disk on at least half - of the pods running the data service in the cluster. This field - must be either "none", "majority", "majorityAndPersistActive" or - "persistToMajority", defaulting to "none". + description: |- + MiniumumDurability defines how durable a document write is by default, and can + be made more durable by the client. This feature enables ACID transactions. + When none, Couchbase server will respond when the document is in memory, it will + become eventually consistent across the cluster. When majority, Couchbase server will + respond when the document is replicated to at least half of the pods running the + data service in the cluster. When majorityAndPersistActive, Couchbase server will + respond when the document is replicated to at least half of the pods running the + data service in the cluster and the document has been persisted to disk on the + document master pod. When persistToMajority, Couchbase server will respond when + the document is replicated and persisted to disk on at least half of the pods running + the data service in the cluster. This field must be either "none", "majority", + "majorityAndPersistActive" or "persistToMajority", defaulting to "none". enum: - none - majority @@ -1143,68 +1227,80 @@ spec: - persistToMajority type: string name: - description: Name is the name of the bucket within Couchbase server. By - default the Operator will use the `metadata.name` field to define - the bucket name. The `metadata.name` field only supports a subset - of the supported character set. When specified, this field overrides - `metadata.name`. Legal bucket names have a maximum length of 100 - characters and may be composed of any character from "a-z", "A-Z", - "0-9" and "-_%\.". + description: |- + Name is the name of the bucket within Couchbase server. By default the Operator + will use the `metadata.name` field to define the bucket name. The `metadata.name` + field only supports a subset of the supported character set. When specified, this + field overrides `metadata.name`. Legal bucket names have a maximum length of 100 + characters and may be composed of any character from "a-z", "A-Z", "0-9" and "-_%\.". maxLength: 100 pattern: ^[a-zA-Z0-9-_%\.]{1,100}$ type: string + rank: + default: 0 + description: |- + Rank determines the bucket’s place in the order in which the rebalance process + handles the buckets on the cluster. The higher a bucket’s assigned integer + (in relation to the integers assigned other buckets), the sooner in the + rebalance process the bucket is handled. This assignment of rank allows a + cluster’s most mission-critical data to be rebalanced with top priority. + This option is only supported for Couchbase Server 7.6.0+. + maximum: 1000 + minimum: 0 + type: integer replicas: default: 1 - description: Replicas defines how many copies of documents Couchbase - server maintains. This directly affects how fault tolerant a Couchbase - cluster is. With a single replica, the cluster can tolerate one - data pod going down and still service requests without data loss. The - number of replicas also affect memory use. With a single replica, - the effective memory quota for documents is halved, with two replicas - it is one third. The number of replicas must be between 0 and 3, - defaulting to 1. + description: |- + Replicas defines how many copies of documents Couchbase server maintains. This directly + affects how fault tolerant a Couchbase cluster is. With a single replica, the cluster + can tolerate one data pod going down and still service requests without data loss. The + number of replicas also affect memory use. With a single replica, the effective memory + quota for documents is halved, with two replicas it is one third. The number of replicas + must be between 0 and 3, defaulting to 1. maximum: 3 minimum: 0 type: integer scopes: - description: Scopes defines whether the Operator manages scopes for - the bucket or not, and the set of scopes defined for the bucket. + description: |- + Scopes defines whether the Operator manages scopes for the bucket or not, and + the set of scopes defined for the bucket. properties: managed: - description: Managed defines whether scopes are managed for this - bucket. This field is `false` by default, and the Operator will - take no actions that will affect scopes and collections in this - bucket. The default scope and collection will be present. When - set to `true`, the Operator will manage user defined scopes, - and optionally, their collections as defined by the `CouchbaseScope`, - `CouchbaseScopeGroup`, `CouchbaseCollection` and `CouchbaseCollectionGroup` - resource documentation. If this field is set to `false` while - the already managed, then the Operator will leave whatever + description: |- + Managed defines whether scopes are managed for this bucket. + This field is `false` by default, and the Operator will take no actions that + will affect scopes and collections in this bucket. The default scope and + collection will be present. When set to `true`, the Operator will manage + user defined scopes, and optionally, their collections as defined by the + `CouchbaseScope`, `CouchbaseScopeGroup`, `CouchbaseCollection` and + `CouchbaseCollectionGroup` resource documentation. If this field is set to + `false` while the already managed, then the Operator will leave whatever configuration is already present. type: boolean resources: - description: Resources is an explicit list of named resources - that will be considered for inclusion in this bucket. If a - resource reference doesn't match a resource, then no error conditions - are raised due to undefined resource creation ordering and eventual - consistency. + description: |- + Resources is an explicit list of named resources that will be considered + for inclusion in this bucket. If a resource reference doesn't + match a resource, then no error conditions are raised due to undefined + resource creation ordering and eventual consistency. items: properties: kind: default: CouchbaseScope - description: Kind indicates the kind of resource that is - being referenced. A scope can only reference `CouchbaseScope` - and `CouchbaseScopeGroup` resource kinds. This field - defaults to `CouchbaseScope` if not specified. + description: |- + Kind indicates the kind of resource that is being referenced. A scope + can only reference `CouchbaseScope` and `CouchbaseScopeGroup` + resource kinds. This field defaults to `CouchbaseScope` if not + specified. enum: - CouchbaseScope - CouchbaseScopeGroup type: string name: - description: Name is the name of the Kubernetes resource - name that is being referenced. Legal scope names have - a maximum length of 251 characters and may be composed - of any character from "a-z", "A-Z", "0-9" and "_-%". + description: |- + Name is the name of the Kubernetes resource name that is being referenced. + Legal scope names have a maximum length of 251 + characters and may be composed of any character from "a-z", "A-Z", "0-9" and "_-%". maxLength: 251 minLength: 1 pattern: ^[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,250}$ @@ -1214,32 +1310,34 @@ spec: type: object type: array selector: - description: 'Selector allows resources to be implicitly considered - for inclusion in this bucket. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#labelselector-v1-meta' + description: |- + Selector allows resources to be implicitly considered for inclusion in this + bucket. More info: + https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#labelselector-v1-meta properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -1251,20 +1349,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic type: object storageBackend: - description: 'StorageBackend to be assigned to and used by the bucket. - Only valid for Couchbase Server 7.0.0 onward. Two different backend - storage mechanisms can be used - "couchstore" or "magma", defaulting - to "couchstore". This cannot be edited after bucket creation. Note: - "magma" is only valid for Couchbase Server 7.1.0 onward.' + description: |- + StorageBackend to be assigned to and used by the bucket. Only valid for Couchbase Server 7.0.0 onward. + Two different backend storage mechanisms can be used - "couchstore" or "magma", defaulting to "couchstore". + Note: "magma" is only valid for Couchbase Server 7.1.0 onward. enum: - couchstore - magma @@ -1278,8 +1375,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - config.couchbase.com/version: 2.5.0 - controller-gen.kubebuilder.io/version: v0.8.0 + config.couchbase.com/version: 2.7.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: couchbaseclusters.couchbase.com spec: group: couchbase.com @@ -1311,53 +1408,60 @@ spec: name: v2 schema: openAPIV3Schema: - description: The CouchbaseCluster resource represents a Couchbase cluster. It - allows configuration of cluster topology, networking, storage and security - options. + description: |- + The CouchbaseCluster resource represents a Couchbase cluster. It allows configuration + of cluster topology, networking, storage and security options. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: ClusterSpec is the specification for a CouchbaseCluster resources, - and allows the cluster to be customized. + description: |- + ClusterSpec is the specification for a CouchbaseCluster resources, and allows + the cluster to be customized. properties: antiAffinity: - description: AntiAffinity forces the Operator to schedule different - Couchbase server pods on different Kubernetes nodes. Anti-affinity - reduces the likelihood of unrecoverable failure in the event of - a node issue. Use of anti-affinity is highly recommended for production - clusters. + description: |- + AntiAffinity forces the Operator to schedule different Couchbase server pods on + different Kubernetes nodes. Anti-affinity reduces the likelihood of unrecoverable + failure in the event of a node issue. Use of anti-affinity is highly recommended for + production clusters. type: boolean autoResourceAllocation: - description: AutoResourceAllocation populates pod resource requests - based on the services running on that pod. When enabled, this feature - will calculate the memory request as the total of service allocations - defined in `spec.cluster`, plus an overhead defined by `spec.autoResourceAllocation.overheadPercent`.Changing - individual allocations for a service will cause a cluster upgrade - as allocations are modified in the underlying pods. This field - also allows default pod CPU requests and limits to be applied. All - resource allocations can be overridden by explicitly configuring - them in the `spec.servers.resources` field. + description: |- + AutoResourceAllocation populates pod resource requests based on the services running + on that pod. When enabled, this feature will calculate the memory request as the + total of service allocations defined in `spec.cluster`, plus an overhead defined + by `spec.autoResourceAllocation.overheadPercent`.Changing individual allocations for + a service will cause a cluster upgrade as allocations are modified in the underlying + pods. This field also allows default pod CPU requests and limits to be applied. + All resource allocations can be overridden by explicitly configuring them in the + `spec.servers.resources` field. properties: cpuLimits: anyOf: - type: integer - type: string default: "4" - description: 'CPULimits automatically populates the CPU limits - across all Couchbase server pods. This field defaults to "4" - CPUs. Explicitly specifying the CPU limit for a particular - server class will override this value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes' + description: |- + CPULimits automatically populates the CPU limits across all Couchbase + server pods. This field defaults to "4" CPUs. Explicitly specifying the CPU + limit for a particular server class will override this value. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ type: string x-kubernetes-int-or-string: true @@ -1366,11 +1470,12 @@ spec: - type: integer - type: string default: "2" - description: 'CPURequests automatically populates the CPU requests - across all Couchbase server pods. The default value of "2", - is the minimum recommended number of CPUs required to run Couchbase - Server. Explicitly specifying the CPU request for a particular - server class will override this value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes' + description: |- + CPURequests automatically populates the CPU requests across all Couchbase + server pods. The default value of "2", is the minimum recommended number of + CPUs required to run Couchbase Server. Explicitly specifying the CPU request + for a particular server class will override this value. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ type: string x-kubernetes-int-or-string: true @@ -1380,30 +1485,33 @@ spec: type: boolean overheadPercent: default: 25 - description: OverheadPercent defines the amount of memory above - that required for individual services on a pod. For Couchbase - Server this should be approximately 25%. + description: |- + OverheadPercent defines the amount of memory above that required for individual + services on a pod. For Couchbase Server this should be approximately 25%. minimum: 0 type: integer type: object autoscaleStabilizationPeriod: - description: "AutoscaleStabilizationPeriod defines how long after - a rebalance the corresponding HorizontalPodAutoscaler should remain - in maintenance mode. During maintenance mode all autoscaling is - disabled since every HorizontalPodAutoscaler associated with the - cluster becomes inactive. Since certain metrics can be unpredictable - when Couchbase is rebalancing or upgrading, setting a stabilization - period helps to prevent scaling recommendations from the HorizontalPodAutoscaler - for a provided period of time. \n Values must be a valid Kubernetes - duration of 0s or higher: https://golang.org/pkg/time/#ParseDuration - A value of 0, puts the cluster in maintenance mode during rebalance - but immediately exits this mode once the rebalance has completed. - When undefined, the HPA is never put into maintenance mode during - rebalance." + description: |- + AutoscaleStabilizationPeriod defines how long after a rebalance the + corresponding HorizontalPodAutoscaler should remain in maintenance mode. + During maintenance mode all autoscaling is disabled since every HorizontalPodAutoscaler + associated with the cluster becomes inactive. + Since certain metrics can be unpredictable when Couchbase is rebalancing or upgrading, + setting a stabilization period helps to prevent scaling recommendations from the + HorizontalPodAutoscaler for a provided period of time. + + + Values must be a valid Kubernetes duration of 0s or higher: + https://golang.org/pkg/time/#ParseDuration + A value of 0, puts the cluster in maintenance mode during rebalance but + immediately exits this mode once the rebalance has completed. + When undefined, the HPA is never put into maintenance mode during rebalance. type: string backup: - description: Backup defines whether the Operator should manage automated - backups, and how to lookup backup resources. + description: |- + Backup defines whether the Operator should manage automated backups, and how + to lookup backup resources. properties: annotations: additionalProperties: @@ -1416,17 +1524,22 @@ spec: description: The Backup Image to run on backup pods. type: string imagePullSecrets: - description: ImagePullSecrets allow you to use an image from private + description: |- + ImagePullSecrets allow you to use an image from private repositories and non-dockerhub ones. items: - description: LocalObjectReference contains enough information - to let you locate the referenced object inside the same namespace. + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object + x-kubernetes-map-type: atomic type: array labels: additionalProperties: @@ -1441,33 +1554,61 @@ spec: nodeSelector: additionalProperties: type: string - description: NodeSelector defines which nodes to constrain the - pods that run any backup and restore operations to. + description: |- + NodeSelector defines which nodes to constrain the pods that + run any backup and restore operations to. type: object objectEndpoint: - description: 'Deprecated: by CouchbaseBackup.spec.objectStore.Endpoint - ObjectEndpoint contains the configuration for connecting to - a custom S3 compliant object store.' + description: |- + Deprecated: by CouchbaseBackup.spec.objectStore.Endpoint + ObjectEndpoint contains the configuration for connecting to a custom S3 compliant object store. properties: secret: - description: The name of the secret, in this namespace, that - contains the CA certificate for verification of a TLS endpoint + description: |- + The name of the secret, in this namespace, that contains the CA certificate for verification of a TLS endpoint The secret must have the key with the name "tls.crt" type: string url: description: The host/address of the custom object endpoint. type: string useVirtualPath: - description: UseVirtualPath will force the AWS SDK to use - the new virtual style paths which are often required by - S3 compatible object stores. + description: |- + UseVirtualPath will force the AWS SDK to use the new virtual style paths + which are often required by S3 compatible object stores. type: boolean type: object resources: - description: Resources is the resource requirements for the backup - and restore containers. Will be populated by defaults if not - specified. + description: |- + Resources is the resource requirements for the backup and restore + containers. Will be populated by defaults if not specified. properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -1475,8 +1616,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: @@ -1485,46 +1627,48 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object s3Secret: - description: 'Deprecated: by CouchbaseBackup.spec.objectStore.secret - S3Secret contains the key region and optionally access-key-id - and secret-access-key for operating backups in S3. This field - must be popluated when the `spec.s3bucket` field is specified - for a backup or restore resource.' + description: |- + Deprecated: by CouchbaseBackup.spec.objectStore.secret + S3Secret contains the key region and optionally access-key-id and secret-access-key for operating backups in S3. + This field must be popluated when the `spec.s3bucket` field is specified + for a backup or restore resource. type: string selector: - description: Selector allows CouchbaseBackup and CouchbaseBackupRestore + description: |- + Selector allows CouchbaseBackup and CouchbaseBackupRestore resources to be filtered based on labels. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -1536,109 +1680,110 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic serviceAccountName: default: couchbase-backup - description: The Service Account to run backup (and restore) pods - under. Without this backup pods will not be able to update status. + description: |- + The Service Account to run backup (and restore) pods under. + Without this backup pods will not be able to update status. type: string tolerations: description: Tolerations specifies all backup and restore pod tolerations. items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using - the matching operator . + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . properties: effect: - description: Effect indicates the taint effect to match. - Empty means match all taint effects. When specified, allowed - values are NoSchedule, PreferNoSchedule and NoExecute. + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. type: string key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match - all values and all keys. + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. type: string operator: - description: Operator represents a key's relationship to - the value. Valid operators are Exists and Equal. Defaults - to Equal. Exists is equivalent to wildcard for value, - so that a pod can tolerate all taints of a particular - category. + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. type: string tolerationSeconds: - description: TolerationSeconds represents the period of - time the toleration (which must be of effect NoExecute, - otherwise this field is ignored) tolerates the taint. - By default, it is not set, which means tolerate the taint - forever (do not evict). Zero and negative values will - be treated as 0 (evict immediately) by the system. + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. format: int64 type: integer value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. type: string type: object type: array useIAMRole: - description: 'Deprecated: by CouchbaseBackup.spec.objectStore.useIAM - UseIAMRole enables backup to fetch EC2 instance metadata. This - allows the AWS SDK to use the EC2''s IAM Role for S3 access. - UseIAMRole will ignore credentials in s3Secret.' + description: |- + Deprecated: by CouchbaseBackup.spec.objectStore.useIAM + UseIAMRole enables backup to fetch EC2 instance metadata. + This allows the AWS SDK to use the EC2's IAM Role for S3 access. + UseIAMRole will ignore credentials in s3Secret. type: boolean required: - image type: object buckets: - description: Buckets defines whether the Operator should manage buckets, - and how to lookup bucket resources. + description: |- + Buckets defines whether the Operator should manage buckets, and how to lookup + bucket resources. properties: managed: - description: Managed defines whether buckets are managed by the - Operator (true), or user managed (false). When Operator managed, - all buckets must be defined with either CouchbaseBucket, CouchbaseEphemeralBucket - or CouchbaseMemcachedBucket resources. Manual addition of buckets - will be reverted by the Operator. When user managed, the Operator - will not interrogate buckets at all. This field defaults to - false. + description: |- + Managed defines whether buckets are managed by the Operator (true), or user managed (false). + When Operator managed, all buckets must be defined with either CouchbaseBucket, + CouchbaseEphemeralBucket or CouchbaseMemcachedBucket resources. Manual addition + of buckets will be reverted by the Operator. When user managed, the Operator + will not interrogate buckets at all. This field defaults to false. type: boolean selector: - description: Selector is a label selector used to list buckets - in the namespace that are managed by the Operator. + description: |- + Selector is a label selector used to list buckets in the namespace + that are managed by the Operator. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -1650,62 +1795,59 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic synchronize: - description: Synchronize allows unmanaged buckets, scopes, and - collections to be synchronized as Kubernetes resources by the - Operator. This feature is intended for development only and - should not be used for production workloads. The synchronization - workflow starts with `spec.buckets.managed` being set to false, - the user can manually create buckets, scopes, and collections - using the Couchbase UI, or other tooling. When you wish to - commit to Kubernetes resources, you must specify a unique label - selector in the `spec.buckets.selector` field, and this field - is set to true. The Operator will create Kubernetes resources - for you, and upon completion set the cluster's `Synchronized` - status condition. You may then safely set `spec.buckets.managed` - to true and the Operator will manage these resources as per - usual. To update an already managed data topology, you must - first set it to unmanaged, make any changes, and delete any - old resources, then follow the standard synchronization workflow. The - Operator can not, and will not, ever delete, or make modifications - to resource specifications that are intended to be user managed, - or managed by a life cycle management tool. These actions must - be instigated by an end user. For a more complete experience, - refer to the documentation for the `cao save` and `cao restore` - CLI commands. + description: |- + Synchronize allows unmanaged buckets, scopes, and collections to be synchronized as + Kubernetes resources by the Operator. This feature is intended for development only + and should not be used for production workloads. The synchronization workflow starts + with `spec.buckets.managed` being set to false, the user can manually create buckets, + scopes, and collections using the Couchbase UI, or other tooling. When you wish to + commit to Kubernetes resources, you must specify a unique label selector in the + `spec.buckets.selector` field, and this field is set to true. The Operator will + create Kubernetes resources for you, and upon completion set the cluster's `Synchronized` + status condition. Synchronizing will not create a Kubernetes resource for the Couchbase + Server maintained _system scope. You may then safely set `spec.buckets.managed` to + true and the Operator will manage these resources as per usual. To update an already + managed data topology, you must first set it to unmanaged, make any changes, and delete + any old resources, then follow the standard synchronization workflow. The Operator + can not, and will not, ever delete, or make modifications to resource specifications + that are intended to be user managed, or managed by a life cycle management tool. These + actions must be instigated by an end user. For a more complete experience, refer to + the documentation for the `cao save` and `cao restore` CLI commands. type: boolean type: object cluster: default: {} - description: ClusterSettings define Couchbase cluster-wide settings - such as memory allocation, failover characteristics and index settings. + description: |- + ClusterSettings define Couchbase cluster-wide settings such as memory allocation, + failover characteristics and index settings. properties: analyticsServiceMemoryQuota: anyOf: - type: integer - type: string default: 1Gi - description: 'AnalyticsServiceMemQuota is the amount of memory - that should be allocated to the analytics service. This value - is per-pod, and only applicable to pods belonging to server - classes running the analytics service. This field must be a - quantity greater than or equal to 1Gi. This field defaults - to 1Gi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes' + description: |- + AnalyticsServiceMemQuota is the amount of memory that should be allocated to the analytics service. + This value is per-pod, and only applicable to pods belonging to server classes running + the analytics service. This field must be a quantity greater than or equal to 1Gi. This + field defaults to 1Gi. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ type: string x-kubernetes-int-or-string: true autoCompaction: default: {} - description: AutoCompaction allows the configuration of auto-compaction, - including on what conditions disk space is reclaimed and when - it is allowed to run. + description: |- + AutoCompaction allows the configuration of auto-compaction, including on what + conditions disk space is reclaimed and when it is allowed to run. properties: databaseFragmentationThreshold: default: {} @@ -1714,9 +1856,9 @@ spec: properties: percent: default: 30 - description: Percent is the percentage of disk fragmentation - after which to decompaction will be triggered. This - field must be in the range 2-100, defaulting to 30. + description: |- + Percent is the percentage of disk fragmentation after which to decompaction will be + triggered. This field must be in the range 2-100, defaulting to 30. maximum: 100 minimum: 2 type: integer @@ -1724,16 +1866,18 @@ spec: anyOf: - type: integer - type: string - description: 'Size is the amount of disk framentation, - that once exceeded, will trigger decompaction. More - info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes' + description: |- + Size is the amount of disk framentation, that once exceeded, will trigger decompaction. + More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ type: string x-kubernetes-int-or-string: true type: object parallelCompaction: - description: ParallelCompaction controls whether database - and view compactions can happen in parallel. + description: |- + ParallelCompaction controls whether database and view compactions can happen + in parallel. type: boolean timeWindow: description: TimeWindow allows restriction of when compaction @@ -1741,8 +1885,9 @@ spec: properties: abortCompactionOutsideWindow: default: false - description: AbortCompactionOutsideWindow stops compaction - processes when the process moves outside the window. + description: |- + AbortCompactionOutsideWindow stops compaction processes when the + process moves outside the window. type: boolean end: description: End is a wallclock time, in the form HH:MM, @@ -1757,9 +1902,10 @@ spec: type: object tombstonePurgeInterval: default: 72h - description: 'TombstonePurgeInterval controls how long to - wait before purging tombstones. This field must be in the - range 1h-1440h, defaulting to 72h. More info: https://golang.org/pkg/time/#ParseDuration' + description: |- + TombstonePurgeInterval controls how long to wait before purging tombstones. + This field must be in the range 1h-1440h, defaulting to 72h. + More info: https://golang.org/pkg/time/#ParseDuration type: string viewFragmentationThreshold: default: {} @@ -1768,9 +1914,9 @@ spec: properties: percent: default: 30 - description: Percent is the percentage of disk fragmentation - after which to decompaction will be triggered. This - field must be in the range 2-100, defaulting to 30. + description: |- + Percent is the percentage of disk fragmentation after which to decompaction will be + triggered. This field must be in the range 2-100, defaulting to 30. maximum: 100 minimum: 2 type: integer @@ -1778,9 +1924,10 @@ spec: anyOf: - type: integer - type: string - description: 'Size is the amount of disk framentation, - that once exceeded, will trigger decompaction. More - info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes' + description: |- + Size is the amount of disk framentation, that once exceeded, will trigger decompaction. + More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ type: string x-kubernetes-int-or-string: true @@ -1788,89 +1935,100 @@ spec: type: object autoFailoverMaxCount: default: 1 - description: AutoFailoverMaxCount is the maximum number of automatic - failovers Couchbase server will allow before not allowing any - more. This field must be between 1-3 for server versions prior - to 7.1.0 default is 1. + description: |- + AutoFailoverMaxCount is the maximum number of automatic failovers Couchbase server + will allow before not allowing any more. This field must be between 1-3 for server versions prior to 7.1.0 + default is 1. format: int64 minimum: 1 type: integer autoFailoverOnDataDiskIssues: - description: AutoFailoverOnDataDiskIssues defines whether Couchbase - server should failover a pod if a disk issue was detected. + description: |- + AutoFailoverOnDataDiskIssues defines whether Couchbase server should failover a pod + if a disk issue was detected. type: boolean autoFailoverOnDataDiskIssuesTimePeriod: default: 120s - description: 'AutoFailoverOnDataDiskIssuesTimePeriod defines how - long to wait for transient errors before failing over a faulty - disk. This field must be in the range 5-3600s, defaulting to - 120s. More info: https://golang.org/pkg/time/#ParseDuration' + description: |- + AutoFailoverOnDataDiskIssuesTimePeriod defines how long to wait for transient errors + before failing over a faulty disk. This field must be in the range 5-3600s, defaulting + to 120s. More info: https://golang.org/pkg/time/#ParseDuration type: string autoFailoverServerGroup: - description: AutoFailoverServerGroup whether to enable failing - over a server group. This field is ignored in server versions - 7.1+ as it has been removed from the Couchbase API + description: |- + AutoFailoverServerGroup whether to enable failing over a server group. + This field is ignored in server versions 7.1+ as it has been removed from the Couchbase API type: boolean autoFailoverTimeout: default: 120s - description: 'AutoFailoverTimeout defines how long Couchbase server - will wait between a pod being witnessed as down, until when - it will failover the pod. Couchbase server will only failover - pods if it deems it safe to do so, and not result in data loss. This - field must be in the range 5-3600s, defaulting to 120s. More - info: https://golang.org/pkg/time/#ParseDuration' + description: |- + AutoFailoverTimeout defines how long Couchbase server will wait between a pod + being witnessed as down, until when it will failover the pod. Couchbase server + will only failover pods if it deems it safe to do so, and not result in data + loss. This field must be in the range 5-3600s, defaulting to 120s. + More info: https://golang.org/pkg/time/#ParseDuration type: string clusterName: - description: ClusterName defines the name of the cluster, as displayed - in the Couchbase UI. By default, the cluster name is that specified - in the CouchbaseCluster resource's metadata. + description: |- + ClusterName defines the name of the cluster, as displayed in the Couchbase UI. + By default, the cluster name is that specified in the CouchbaseCluster resource's + metadata. type: string data: description: Data allows the data service to be configured. properties: auxIOThreads: - description: AuxIOThreads allows the number of threads used - by the data service, per pod, to be altered. This indicates - the number of threads that are to be used in the AuxIO thread - pool to run auxiliary I/O tasks. This value must be between - 4 and 64 threads, and should only be increased where there - are sufficient CPU resources allocated for their use. If - not specified, this defaults to the default value set by - Couchbase Server. + description: |- + AuxIOThreads allows the number of threads used by the data service, + per pod, to be altered. This indicates the number of threads that are + to be used in the AuxIO thread pool to run auxiliary I/O tasks. + This value must be between 1 and 64 threads and is only supported on CB versions 7.1.0+. + and should only be increased where there are sufficient CPU resources + allocated for their use. If not specified, this defaults to the + default value set by Couchbase Server. maximum: 64 minimum: 1 type: integer + minReplicasCount: + default: 0 + description: |- + MinReplicasCount allows the minimum number of replicas required for + buckets to be set. New buckets cannot be created with less than this minimum. + Defaults to 0. + type: integer nonIOThreads: - description: NonIOThreads allows the number of threads used - by the data service, per pod, to be altered. This indicates - the number of threads that are to be used in the NonIO thread - pool to run in memory tasks. This value must be between - 4 and 64 threads, and should only be increased where there - are sufficient CPU resources allocated for their use. If - not specified, this defaults to the default value set by - Couchbase Server. + description: |- + NonIOThreads allows the number of threads used by the data service, + per pod, to be altered. This indicates the number of threads that are + to be used in the NonIO thread pool to run in memory tasks. + This value must be between 1 and 64 threads and is only supported on CB versions 7.1.0+. + and should only be increased where there are sufficient CPU resources + allocated for their use. If not specified, this defaults to the + default value set by Couchbase Server. maximum: 64 minimum: 1 type: integer readerThreads: - description: ReaderThreads allows the number of threads used - by the data service, per pod, to be altered. This value - must be between 4 and 64 threads, and should only be increased - where there are sufficient CPU resources allocated for their - use. If not specified, this defaults to the default value - set by Couchbase Server. + description: |- + ReaderThreads allows the number of threads used by the data service, + per pod, to be altered. This value must be between 4 and 64 threads for CB versions below 7.1.0 and, + or 1 and 64 for CB versions 7.1.0+. + and should only be increased where there are sufficient CPU resources + allocated for their use. If not specified, this defaults to the + default value set by Couchbase Server. maximum: 64 minimum: 1 type: integer writerThreads: - description: WriterThreads allows the number of threads used - by the data service, per pod, to be altered. This setting - is especially relevant when using "durable writes", increasing - this field will have a large impact on performance. This - value must be between 4 and 64 threads, and should only - be increased where there are sufficient CPU resources allocated - for their use. If not specified, this defaults to the default - value set by Couchbase Server. + description: "WriterThreads allows the number of threads used + by the data service,\nper pod, to be altered. This setting + is especially relevant when\nusing \"durable writes\", increasing + this field will have a large\nimpact on performance. This + value must be between 4 and 64 threads for CB versions below + 7.1.0 and,\n\t// or 1 and 64 for CB versions 7.1.0+.\nand + should only be increased where there are sufficient CPU + resources\nallocated for their use. If not specified, this + defaults to the\ndefault value set by Couchbase Server." maximum: 64 minimum: 1 type: integer @@ -1880,12 +2038,12 @@ spec: - type: integer - type: string default: 256Mi - description: 'DataServiceMemQuota is the amount of memory that - should be allocated to the data service. This value is per-pod, - and only applicable to pods belonging to server classes running - the data service. This field must be a quantity greater than - or equal to 256Mi. This field defaults to 256Mi. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes' + description: |- + DataServiceMemQuota is the amount of memory that should be allocated to the data service. + This value is per-pod, and only applicable to pods belonging to server classes running + the data service. This field must be a quantity greater than or equal to 256Mi. This + field defaults to 256Mi. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ type: string x-kubernetes-int-or-string: true @@ -1894,12 +2052,12 @@ spec: - type: integer - type: string default: 256Mi - description: 'EventingServiceMemQuota is the amount of memory - that should be allocated to the eventing service. This value - is per-pod, and only applicable to pods belonging to server - classes running the eventing service. This field must be a - quantity greater than or equal to 256Mi. This field defaults - to 256Mi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes' + description: |- + EventingServiceMemQuota is the amount of memory that should be allocated to the eventing service. + This value is per-pod, and only applicable to pods belonging to server classes running + the eventing service. This field must be a quantity greater than or equal to 256Mi. This + field defaults to 256Mi. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ type: string x-kubernetes-int-or-string: true @@ -1908,22 +2066,23 @@ spec: - type: integer - type: string default: 256Mi - description: 'IndexServiceMemQuota is the amount of memory that - should be allocated to the index service. This value is per-pod, - and only applicable to pods belonging to server classes running - the index service. This field must be a quantity greater than - or equal to 256Mi. This field defaults to 256Mi. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes' + description: |- + IndexServiceMemQuota is the amount of memory that should be allocated to the index service. + This value is per-pod, and only applicable to pods belonging to server classes running + the index service. This field must be a quantity greater than or equal to 256Mi. This + field defaults to 256Mi. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ type: string x-kubernetes-int-or-string: true indexStorageSetting: default: memory_optimized - description: DEPRECATED - by indexer. The index storage mode to - use for secondary indexing. This field must be one of "memory_optimized" - or "plasma", defaulting to "memory_optimized". This field is - immutable and cannot be changed unless there are no server classes - running the index service in the cluster. + description: |- + DEPRECATED - by indexer. + The index storage mode to use for secondary indexing. This field must be one of + "memory_optimized" or "plasma", defaulting to "memory_optimized". This field is + immutable and cannot be changed unless there are no server classes running the + index service in the cluster. enum: - memory_optimized - plasma @@ -1931,12 +2090,20 @@ spec: indexer: description: Indexer allows the indexer to be configured. properties: + enableShardAffinity: + default: false + description: |- + EnableShardAffinity when false Index Servers rebuild any index that + are newly assigned to them during a rebalance. When set to true, + Couchbase Server moves a reassigned index’s files between Index Servers. + This field is only supported on CB versions 7.6.0+. + type: boolean logLevel: default: info - description: LogLevel controls the verbosity of indexer logs. This - field must be one of "silent", "fatal", "error", "warn", - "info", "verbose", "timing", "debug" or "trace", defaulting - to "info". + description: |- + LogLevel controls the verbosity of indexer logs. This field must be one of + "silent", "fatal", "error", "warn", "info", "verbose", "timing", "debug" or + "trace", defaulting to "info". enum: - silent - fatal @@ -1950,58 +2117,58 @@ spec: type: string maxRollbackPoints: default: 2 - description: MaxRollbackPoints controls the number of checkpoints - that can be rolled back to. The default is 2, with a minimum - of 1. + description: |- + MaxRollbackPoints controls the number of checkpoints that can be rolled + back to. The default is 2, with a minimum of 1. minimum: 1 type: integer memorySnapshotInterval: default: 200ms - description: MemorySnapshotInterval controls when memory indexes - should be snapshotted. This defaults to 200ms, and must - be greater than or equal to 1ms. + description: |- + MemorySnapshotInterval controls when memory indexes should be snapshotted. + This defaults to 200ms, and must be greater than or equal to 1ms. type: string numReplica: default: 0 - description: NumberOfReplica specifies number of secondary - index replicas to be created by the Index Service whenever - CREATE INDEX is invoked, which ensures high availability - and high performance. Note, if nodes and num_replica are - both specified in the WITH clause, the specified number - of nodes must be one greater than num_replica This defaults - to 0, which means no index replicas to be created by default. + description: |- + NumberOfReplica specifies number of secondary index replicas to be created + by the Index Service whenever CREATE INDEX is invoked, which ensures + high availability and high performance. + Note, if nodes and num_replica are both specified in the WITH clause, + the specified number of nodes must be one greater than num_replica + This defaults to 0, which means no index replicas to be created by default. Minimum must be 0. minimum: 0 type: integer redistributeIndexes: default: false - description: RedistributeIndexes when true, Couchbase Server - redistributes indexes when rebalance occurs, in order to - optimize performance. If false (the default), such redistribution - does not occur. + description: |- + RedistributeIndexes when true, Couchbase Server redistributes indexes + when rebalance occurs, in order to optimize performance. + If false (the default), such redistribution does not occur. type: boolean stableSnapshotInterval: default: 5s - description: StableSnapshotInterval controls when disk indexes - should be snapshotted. This defaults to 5s, and must be - greater than or equal to 1ms. + description: |- + StableSnapshotInterval controls when disk indexes should be snapshotted. + This defaults to 5s, and must be greater than or equal to 1ms. type: string storageMode: default: memory_optimized - description: StorageMode controls the underlying storage engine - for indexes. Once set it can only be modified if there - are no nodes in the cluster running the index service. The - field must be one of "memory_optimized" or "plasma", defaulting - to "memory_optimized". + description: |- + StorageMode controls the underlying storage engine for indexes. Once set + it can only be modified if there are no nodes in the cluster running the + index service. The field must be one of "memory_optimized" or "plasma", + defaulting to "memory_optimized". enum: - memory_optimized - plasma type: string threads: - description: Threads controls the number of processor threads - to use for indexing. A value of 0 means 1 per CPU. This - attribute must be greater than or equal to 0, defaulting - to 0. + description: |- + Threads controls the number of processor threads to use for indexing. + A value of 0 means 1 per CPU. This attribute must be greater + than or equal to 0, defaulting to 0. minimum: 0 type: integer type: object @@ -2012,37 +2179,260 @@ spec: default: true description: BackfillEnabled allows the query service to backfill. type: boolean + cboEnabled: + default: true + description: |- + CBOEnabled specifies whether the cost-based optimizer is enabled. + Defaults to true. + type: boolean + cleanupClientAttemptsEnabled: + default: true + description: |- + CleanupClientAttemptsEnabled specifies whether the Query service preferentially aims to clean up just + transactions that it has created, leaving transactions for the distributed cleanup process only + when it is forced to. + Defaults to true. + type: boolean + cleanupLostAttemptsEnabled: + default: true + description: |- + CleanupLostAttemptsEnabled specifies the Query service takes part in the distributed cleanup + process, and cleans up expired transactions created by any client. + Defaults to true. + type: boolean + cleanupWindow: + default: 60s + description: |- + CleanupWindow specifies how frequently the Query service checks its subset of active + transaction records for cleanup. + Defaults to 60s + type: string + completedLimit: + default: 4000 + description: |- + CompletedLimit sets the number of requests to be logged in the completed + requests catalog. As new completed requests are added, old ones are removed. + format: int32 + type: integer + completedMaxPlanSize: + anyOf: + - type: integer + - type: string + default: "262144" + description: |- + CompletedMaxPlanSize limits the size of query execution plans that can be logged in the + completed requests catalog. Queries with plans larger than this are not logged. + This field is only supported on CB versions 7.6.0+. + Defaults to 262144, maximum value is 20840448, and minimum value is 0. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + type: string + x-kubernetes-int-or-string: true + completedTrackingAllRequests: + default: false + description: |- + CompletedTrackingAllRequests allows all requests to be tracked regardless of their + time. This field requires `completedTrackingEnabled` to be true. + type: boolean + completedTrackingEnabled: + default: true + description: |- + CompletedTrackingEnabled allows completed requests to be tracked in the requests + catalog. + type: boolean + completedTrackingThreshold: + default: 7s + description: |- + CompletedThreshold is a trigger for queries to be logged in the completed + requests catalog. All completed queries lasting longer than this threshold + are logged in the completed requests catalog. This field requires `completedTrackingEnabled` + to be set to true and `completedTrackingAllRequests` to be false to have any effect. + type: string + logLevel: + default: info + description: |- + LogLevel controls the verbosity of query logs. This field must be one of + "debug", "trace", "info", "warn", "error", "severe", or "none", defaulting to "info". + enum: + - debug + - trace + - info + - warn + - error + - severe + - none + type: string + maxParallelism: + default: 1 + description: |- + MaxParallelism specifies the maximum parallelism for queries on all Query nodes in the cluster. + If the value is zero, negative, or larger than the number of allowed cored the maximum parallelism + is restricted to the number of allowed cores. + Defaults to 1. + format: int32 + type: integer + memoryQuota: + anyOf: + - type: integer + - type: string + default: "0" + description: |- + MemoryQuota specifies the maximum amount of memory a request may use on any Query node in the cluster. + This parameter enforces a ceiling on the memory used for the tracked documents required for processing + a request. It does not take into account any other memory that might be used to process a request, + such as the stack, the operators, or some intermediate values. + Defaults to 0. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + type: string + x-kubernetes-int-or-string: true + nodeQuota: + anyOf: + - type: integer + - type: string + description: |- + NodeQuota sets a soft memory limit for every Query node in the cluster. The garbage + collector tries to keep below this target. It is not a hard, absolute limit, and memory + usage may exceed this value. + This field is only supported on CB versions 7.6.0+. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + type: string + x-kubernetes-int-or-string: true + nodeQuotaValPercent: + default: 67 + description: |- + NodeQuotaValPercent sets the percentage of the `useReplica` that is dedicated to tracked + value content memory across all active requests for every Query node in the cluster. + This field is only supported on CB versions 7.6.0+. + Defaults to 67. + format: int32 + maximum: 100 + minimum: 0 + type: integer + numActiveTransactionRecords: + default: 1024 + description: |- + NumActiveTransactionRecords specifies the total number of active transaction records for + all Query nodes in the cluster. + Default to 1024 and has a minimum of 1. + format: int32 + minimum: 1 + type: integer + numCpus: + default: 0 + description: |- + NumCpus is the number of CPUs the Query service can use on any Query node in the cluster. + When set to 0 (the default), the Query service can use all available CPUs, up to the limits described below. + The number of CPUs can never be greater than the number of logical CPUs. + In Community Edition, the number of allowed CPUs cannot be greater than 4. + In Enterprise Edition, there is no limit to the number of allowed CPUs. + This field is only supported on CB versions 7.6.0+. + NOTE: This change requires a restart of the Query service to take effect which can be done by rescheduling + nodes that are running the query service. + Defaults to 0 + format: int32 + minimum: 0 + type: integer + pipelineBatch: + default: 16 + description: |- + PipelineBatch controls the number of items execution operators can batch for + Fetch from the KV. Defaults to 16. + format: int32 + type: integer + pipelineCap: + default: 512 + description: |- + PipelineCap controls the maximum number of items each execution + operator can buffer between various operators. Defaults to 512. + format: int32 + type: integer + preparedLimit: + default: 16384 + description: |- + PreparedLimit is the maximum number of prepared statements in the cache. + When this cache reaches the limit, the least recently used prepared + statements will be discarded as new prepared statements are created. + format: int32 + type: integer + scanCap: + default: 512 + description: |- + ScapCan sets the maximum buffered channel size between the indexer client + and the query service for index scans. + Defaults to 512. + format: int32 + type: integer temporarySpace: anyOf: - type: integer - type: string default: 5Gi - description: 'TemporarySpace allows the temporary storage - used by the query service backfill, per-pod, to be modified. This - field requires `backfillEnabled` to be set to true in order - to have any effect. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes' + description: |- + TemporarySpace allows the temporary storage used by the query + service backfill, per-pod, to be modified. This field requires + `backfillEnabled` to be set to true in order to have any effect. + More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ type: string x-kubernetes-int-or-string: true temporarySpaceUnlimited: - description: TemporarySpaceUnlimited allows the temporary - storage used by the query service backfill, per-pod, to - be unconstrained. This field requires `backfillEnabled` - to be set to true in order to have any effect. This field - overrides `temporarySpace`. + description: |- + TemporarySpaceUnlimited allows the temporary storage used by + the query service backfill, per-pod, to be unconstrained. This field + requires `backfillEnabled` to be set to true in order to have any effect. + This field overrides `temporarySpace`. + type: boolean + timeout: + description: |- + Timeout is the maximum time to spend on the request before timing out. + If this field is not set then there will be no timeout. + type: string + txTimeout: + default: 0ms + description: |- + TxTimeout is the maximum time to spend on a transaction before timing out. This setting + only applies to requests containing the BEGIN TRANSACTION statement, or to requests where + the tximplicit parameter is set. For all other requests, it is ignored. + Defaults to 0ms (no timeout). + type: string + useReplica: + description: |- + UseReplica specifies whether a query can fetch data from a replica vBucket if active vBuckets + are inaccessible. If set to true then read from replica is enabled for all queries, but can + be disabled at request level. If set to false read from replica is disabled for all queries + and cannot be overridden at request level. If this field is unset then it is enabled/disabled + at the request level. + This field is only supported on CB versions 7.6.0+. type: boolean + required: + - cboEnabled + - cleanupClientAttemptsEnabled + - cleanupLostAttemptsEnabled + - cleanupWindow + - completedLimit + - completedMaxPlanSize + - completedTrackingAllRequests + - completedTrackingEnabled + - maxParallelism + - nodeQuotaValPercent + - numActiveTransactionRecords + - numCpus + - pipelineBatch + - pipelineCap + - preparedLimit + - scanCap type: object queryServiceMemoryQuota: anyOf: - type: integer - type: string - description: 'QueryServiceMemQuota is a dummy field. By default, - Couchbase server provides no memory resource constraints for - the query service, so this has no effect on Couchbase server. It - is, however, used when the spec.autoResourceAllocation feature - is enabled, and is used to define the amount of memory reserved - by the query service for use with Kubernetes resource scheduling. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes' + description: |- + QueryServiceMemQuota is a dummy field. By default, Couchbase server provides no + memory resource constraints for the query service, so this has no effect on Couchbase + server. It is, however, used when the spec.autoResourceAllocation feature is enabled, + and is used to define the amount of memory reserved by the query service for use with + Kubernetes resource scheduling. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ type: string x-kubernetes-int-or-string: true @@ -2051,55 +2441,61 @@ spec: - type: integer - type: string default: 256Mi - description: 'SearchServiceMemQuota is the amount of memory that - should be allocated to the search service. This value is per-pod, - and only applicable to pods belonging to server classes running - the search service. This field must be a quantity greater than - or equal to 256Mi. This field defaults to 256Mi. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes' + description: |- + SearchServiceMemQuota is the amount of memory that should be allocated to the search service. + This value is per-pod, and only applicable to pods belonging to server classes running + the search service. This field must be a quantity greater than or equal to 256Mi. This + field defaults to 256Mi. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ type: string x-kubernetes-int-or-string: true type: object enableOnlineVolumeExpansion: - description: "EnableOnlineVolumeExpansion enables online expansion - of Persistent Volumes. You can only expand a PVC if its storage - class's \"allowVolumeExpansion\" field is set to true. Additionally, - Kubernetes feature \"ExpandInUsePersistentVolumes\" must be enabled - in order to expand the volumes which are actively bound to Pods. + description: |- + EnableOnlineVolumeExpansion enables online expansion of Persistent Volumes. + You can only expand a PVC if its storage class's "allowVolumeExpansion" field is set to true. + Additionally, Kubernetes feature "ExpandInUsePersistentVolumes" must be enabled in order to + expand the volumes which are actively bound to Pods. Volumes can only be expanded and not reduced to a smaller size. See: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#resizing-an-in-use-persistentvolumeclaim - \n If \"EnableOnlineVolumeExpansion\" is enabled for use within - an environment that does not actually support online volume and - file system expansion then the cluster will fallback to rolling - upgrade procedure to create a new set of Pods for use with resized - Volumes. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#expanding-persistent-volumes-claims" + + + If "EnableOnlineVolumeExpansion" is enabled for use within an environment that does + not actually support online volume and file system expansion then the cluster will fallback to + rolling upgrade procedure to create a new set of Pods for use with resized Volumes. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#expanding-persistent-volumes-claims type: boolean enablePreviewScaling: - description: DEPRECATED - This option only exists for backwards compatibility - and no longer restricts autoscaling to ephemeral services. EnablePreviewScaling - enables autoscaling for stateful services and buckets. + description: |- + DEPRECATED - This option only exists for backwards compatibility and no longer + restricts autoscaling to ephemeral services. + EnablePreviewScaling enables autoscaling for stateful services and buckets. type: boolean envImagePrecedence: - description: 'EnvImagePrecedence gives precedence over the default - container image name in `spec.Image` to an image name provided through - Operator environment variables. For more info on using Operator - environment variables: https://docs.couchbase.com/operator/current/reference-operator-configuration.html' + description: |- + EnvImagePrecedence gives precedence over the default container image name in + `spec.Image` to an image name provided through Operator environment variables. + For more info on using Operator environment variables: + https://docs.couchbase.com/operator/current/reference-operator-configuration.html type: boolean hibernate: description: Hibernate is whether to hibernate the cluster. type: boolean hibernationStrategy: - description: HibernationStrategy defines how to hibernate the cluster. When - Immediate the Operator will immediately delete all pods and take - no further action until the hibernate field is set to false. + description: |- + HibernationStrategy defines how to hibernate the cluster. When Immediate + the Operator will immediately delete all pods and take no further action until + the hibernate field is set to false. enum: - Immediate type: string image: - description: Image is the container image name that will be used to - launch Couchbase server instances. Updating this field will cause - an automatic upgrade of the cluster. + description: |- + Image is the container image name that will be used to launch Couchbase + server instances. Updating this field will cause an automatic upgrade of + the cluster. Explicitly specifying the image for a server class will override + this value for the server class. pattern: ^(.*?(:\d+)?/)?.*?/.*?(:.*?\d+\.\d+\.\d+.*|@sha256:[0-9a-f]{64})$ type: string logging: @@ -2109,28 +2505,29 @@ spec: description: Used to manage the audit configuration directly properties: disabledEvents: - description: 'The list of event ids to disable for auditing - purposes. This is passed to the REST API with no verification - by the operator. Refer to the documentation for details: - https://docs.couchbase.com/server/current/audit-event-reference/audit-event-reference.html' + description: |- + The list of event ids to disable for auditing purposes. + This is passed to the REST API with no verification by the operator. + Refer to the documentation for details: + https://docs.couchbase.com/server/current/audit-event-reference/audit-event-reference.html items: type: integer type: array disabledUsers: - description: 'The list of users to ignore for auditing purposes. - This is passed to the REST API with minimal validation it - meets an acceptable regex pattern. Refer to the documentation - for full details on how to configure this: https://docs.couchbase.com/server/current/manage/manage-security/manage-auditing.html#ignoring-events-by-user' + description: |- + The list of users to ignore for auditing purposes. + This is passed to the REST API with minimal validation it meets an acceptable regex pattern. + Refer to the documentation for full details on how to configure this: + https://docs.couchbase.com/server/current/manage/manage-security/manage-auditing.html#ignoring-events-by-user items: - description: 'The AuditDisabledUser is actually a compound - string intended to feed a two-element struct. Its value - may be: 1. A local user, specified in the form localusername/local. + description: |- + The AuditDisabledUser is actually a compound string intended to feed a two-element struct. + Its value may be: + 1. A local user, specified in the form localusername/local. 2. An external user, specified in the form externalusername/external. 3. An internal user, specified in the form @internalusername/local. - We add a quick validation check to make sure these match - and prevent being rejected by the API later. This is just - a sanity check, the REST API may still reject the user - for other reasons.' + We add a quick validation check to make sure these match and prevent being rejected by the API later. + This is just a sanity check, the REST API may still reject the user for other reasons. pattern: ^.+/(local|external)$ type: string type: array @@ -2138,17 +2535,17 @@ spec: description: Enabled is a boolean that enables the audit capabilities. type: boolean garbageCollection: - description: 'Handle all optional garbage collection (GC) - configuration for the audit functionality. This is not part - of the audit REST API, it is intended to handle GC automatically - for the audit logs. By default the Couchbase Server rotates - the audit logs but does not clean up the rotated logs. This - is left as an operation for the cluster administrator to - manage, the operator allows for us to automate this: https://docs.couchbase.com/server/current/manage/manage-security/manage-auditing.html' + description: |- + Handle all optional garbage collection (GC) configuration for the audit functionality. + This is not part of the audit REST API, it is intended to handle GC automatically for the audit logs. + By default the Couchbase Server rotates the audit logs but does not clean up the rotated logs. + This is left as an operation for the cluster administrator to manage, the operator allows for us to automate this: + https://docs.couchbase.com/server/current/manage/manage-security/manage-auditing.html properties: sidecar: - description: Provide the sidecar configuration required - (if so desired) to automatically clean up audit logs. + description: |- + DEPRECATED - by spec.logging.audit.nativePruning for Couchbase Server 7.2.4+ + Provide the sidecar configuration required (if so desired) to automatically clean up audit logs. properties: age: default: 1h @@ -2161,9 +2558,9 @@ spec: type: boolean image: default: busybox:1.33.1 - description: Image is the image to be used to run - the audit sidecar helper. No validation is carried - out as this can be any arbitrary repo and tag. + description: |- + Image is the image to be used to run the audit sidecar helper. + No validation is carried out as this can be any arbitrary repo and tag. type: string interval: default: 20m @@ -2171,10 +2568,38 @@ spec: log files to remove, defaults to 20 minutes. type: string resources: - description: Resources is the resource requirements - for the cleanup container. Will be populated by - Kubernetes defaults if not specified. + description: |- + Resources is the resource requirements for the cleanup container. + Will be populated by Kubernetes defaults if not specified. properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -2182,8 +2607,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: @@ -2192,33 +2618,42 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount - of compute resources required. If Requests is - omitted for a container, it defaults to Limits - if that is explicitly specified, otherwise to - an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object type: object type: object rotation: - description: 'The interval to optionally rotate the audit - log. This is passed to the REST API, see here for details: - https://docs.couchbase.com/server/current/manage/manage-security/manage-auditing.html' + description: |- + The interval to optionally rotate the audit log. + This is passed to the REST API, see here for details: + https://docs.couchbase.com/server/current/manage/manage-security/manage-auditing.html properties: interval: default: 15m description: The interval at which to rotate log files, defaults to 15 minutes. type: string + pruneAge: + default: "0" + description: |- + How long Couchbase Server keeps rotated audit logs. + If set to 0 (the default) then audit logs won't be pruned. + Has a maximum of 35791394 seconds. + type: string size: anyOf: - type: integer - type: string default: 20Mi - description: 'Size allows the specification of a rotation - size for the log, defaults to 20Mi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes' + description: |- + Size allows the specification of a rotation size for the log, defaults to 20Mi. + More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ type: string x-kubernetes-int-or-string: true @@ -2240,18 +2675,13 @@ spec: properties: configurationName: default: fluent-bit-config - description: ConfigurationName is the name of the Secret to - use holding the logging configuration in the namespace. - A Secret is used to ensure we can safely store credentials - but this can be populated from plaintext if acceptable too. - If it does not exist then one will be created with defaults - in the namespace so it can be easily updated whilst running. - Note that if running multiple clusters in the same kubernetes - namespace then you should use a separate Secret for each, - otherwise the first cluster will take ownership (if created) - and the Secret will be cleaned up when that cluster is removed. - If running clusters in separate namespaces then they will - be separate Secrets anyway. + description: |- + ConfigurationName is the name of the Secret to use holding the logging configuration in the namespace. + A Secret is used to ensure we can safely store credentials but this can be populated from plaintext if acceptable too. + If it does not exist then one will be created with defaults in the namespace so it can be easily updated whilst running. + Note that if running multiple clusters in the same kubernetes namespace then you should use a separate Secret for each, + otherwise the first cluster will take ownership (if created) and the Secret will be cleaned up when that cluster is + removed. If running clusters in separate namespaces then they will be separate Secrets anyway. type: string enabled: description: Enabled is a boolean that enables the logging @@ -2259,14 +2689,12 @@ spec: type: boolean manageConfiguration: default: true - description: A boolean which indicates whether the operator - should manage the configuration or not. If omitted then - this defaults to true which means the operator will attempt - to reconcile it to default values. To use a custom configuration - make sure to set this to false. Note that the ownership - of any Secret is not changed so if a Secret is created externally - it can be updated by the operator but it's ownership stays - the same so it will be cleaned up when it's owner is. + description: |- + A boolean which indicates whether the operator should manage the configuration or not. + If omitted then this defaults to true which means the operator will attempt to reconcile it to default values. + To use a custom configuration make sure to set this to false. + Note that the ownership of any Secret is not changed so if a Secret is created externally it can be updated by + the operator but it's ownership stays the same so it will be cleaned up when it's owner is. type: boolean sidecar: default: {} @@ -2274,27 +2702,53 @@ spec: properties: configurationMountPath: default: /fluent-bit/config/ - description: ConfigurationMountPath is the location to - mount the ConfigurationName Secret into the image. If - another log shipping image is used that needs a different - mount then modify this. Note that the configuration - file must be called 'fluent-bit.conf' at the root of - this path, there is no provision for overriding the - name of the config file passed as the COUCHBASE_LOGS_CONFIG_FILE - environment variable. + description: |- + ConfigurationMountPath is the location to mount the ConfigurationName Secret into the image. + If another log shipping image is used that needs a different mount then modify this. + Note that the configuration file must be called 'fluent-bit.conf' at the root of this path, + there is no provision for overriding the name of the config file passed as the + COUCHBASE_LOGS_CONFIG_FILE environment variable. type: string image: default: couchbase/fluent-bit:1.2.1 - description: Image is the image to be used to deal with - logging as a sidecar. No validation is carried out as - this can be any arbitrary repo and tag. It will default - to the latest supported version of Fluent Bit. + description: |- + Image is the image to be used to deal with logging as a sidecar. + No validation is carried out as this can be any arbitrary repo and tag. + It will default to the latest supported version of Fluent Bit. type: string resources: - description: Resources is the resource requirements for - the sidecar container. Will be populated by Kubernetes - defaults if not specified. + description: |- + Resources is the resource requirements for the sidecar container. + Will be populated by Kubernetes defaults if not specified. properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -2302,8 +2756,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: @@ -2312,55 +2767,85 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount - of compute resources required. If Requests is omitted - for a container, it defaults to Limits if that is - explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object type: object type: object type: object monitoring: - description: Monitoring defines any Operator managed integration into - 3rd party monitoring infrastructure. + description: |- + DEPRECATED - By Couchbase Server metrics endpoint on version 7.0+ + Monitoring defines any Operator managed integration into 3rd party monitoring + infrastructure. properties: prometheus: - description: Prometheus provides integration with Prometheus monitoring. + description: |- + DEPRECATED - By Couchbase Server metrics endpoint on version 7.0+ + Prometheus provides integration with Prometheus monitoring. properties: authorizationSecret: - description: AuthorizationSecret is the name of a Kubernetes - secret that contains a bearer token to authorize GET requests - to the metrics endpoint + description: |- + AuthorizationSecret is the name of a Kubernetes secret that contains a + bearer token to authorize GET requests to the metrics endpoint type: string enabled: - description: Enabled is a boolean that enables/disables the - metrics sidecar container. This must be set to true, when - image is provided. + description: |- + Enabled is a boolean that enables/disables the metrics sidecar container. + This must be set to true, when image is provided. type: boolean image: - description: Image is the metrics image to be used to collect - metrics. No validation is carried out as this can be any - arbitrary repo and tag. enabled must be set to true, when - image is provided. + description: |- + Image is the metrics image to be used to collect metrics. + No validation is carried out as this can be any arbitrary repo and tag. + enabled must be set to true, when image is provided. type: string refreshRate: default: 60 - description: RefreshRate is the frequency in which cached - statistics are updated in seconds. Shorter intervals will - add additional resource overhead to clusters running Couchbase - Server 7.0+ Default is 60 seconds, Maximum value is 600 - seconds, and minimum value is 1 second. + description: |- + RefreshRate is the frequency in which cached statistics are updated in seconds. + Shorter intervals will add additional resource overhead to clusters running Couchbase Server 7.0+ + Default is 60 seconds, Maximum value is 600 seconds, and minimum value is 1 second. format: int64 maximum: 600 minimum: 1 type: integer resources: - description: Resources is the resource requirements for the - metrics container. Will be populated by Kubernetes defaults - if not specified. + description: |- + Resources is the resource requirements for the metrics container. + Will be populated by Kubernetes defaults if not specified. properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -2368,8 +2853,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: @@ -2378,11 +2864,11 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of - compute resources required. If Requests is omitted for - a container, it defaults to Limits if that is explicitly - specified, otherwise to an implementation-defined value. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object required: @@ -2390,52 +2876,54 @@ spec: type: object type: object networking: - description: Networking defines Couchbase cluster networking options - such as network topology, TLS and DDNS settings. + description: |- + Networking defines Couchbase cluster networking options such as network + topology, TLS and DDNS settings. properties: addressFamily: - description: AddressFamily allows the manual selection of the - address family to use. When this field is not set, Couchbase - server will default to using IPv4 for internal communication - and also support IPv6 on dual stack systems. Setting this field - to either IPv4 or IPv6 will force Couchbase to use the selected - protocol for internal communication, and also disable all other - protocols to provide added security and simplicty when defining - firewall rules. Disabling of address families is only supported - in Couchbase Server 7.0.2+. + description: |- + AddressFamily allows the manual selection of the address family to use. + When this field is not set, Couchbase server will default to using IPv4 + for internal communication and also support IPv6 on dual stack systems. + Setting this field to either IPv4 or IPv6 will force Couchbase to use the + selected protocol for internal communication, and also disable all other + protocols to provide added security and simplicty when defining firewall + rules. Disabling of address families is only supported in Couchbase + Server 7.0.2+. enum: - IPv4 - IPv6 type: string adminConsoleServiceTemplate: - description: 'AdminConsoleServiceTemplate provides a template - used by the Operator to create and manage the admin console - service. This allows services to be annotated, the service - type defined and any other options that Kubernetes provides. When - using a LoadBalancer service type, TLS and dynamic DNS must - also be enabled. The Operator reserves the right to modify or - replace any field. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#service-v1-core' + description: |- + AdminConsoleServiceTemplate provides a template used by the Operator to create + and manage the admin console service. This allows services to be annotated, the + service type defined and any other options that Kubernetes provides. When using + a LoadBalancer service type, TLS and dynamic DNS must also be enabled. The Operator + reserves the right to modify or replace any field. More info: + https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#service-v1-core properties: metadata: - description: Standard objects metadata. This is a curated - version for use with Couchbase resource templates. + description: |- + Standard objects metadata. This is a curated version for use with Couchbase + resource templates. properties: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured key value - map stored with a resource that may be set by external - tools to store and retrieve arbitrary metadata. They - are not queryable and should be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' + description: |- + Annotations is an unstructured key value map stored with a resource that + may be set by external tools to store and retrieve arbitrary metadata. They + are not queryable and should be preserved when modifying objects. More + info: http://kubernetes.io/docs/user-guide/annotations type: object labels: additionalProperties: type: string - description: 'Map of string keys and values that can be - used to organize and categorize (scope and select) objects. - May match selectors of replication controllers and services. - More info: http://kubernetes.io/docs/user-guide/labels' + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels type: object type: object spec: @@ -2443,219 +2931,195 @@ spec: creates on a service. properties: allocateLoadBalancerNodePorts: - description: allocateLoadBalancerNodePorts defines if - NodePorts will be automatically allocated for services - with type LoadBalancer. Default is "true". It may be - set to "false" if the cluster load-balancer does not - rely on NodePorts. If the caller requests specific - NodePorts (by specifying a value), those requests will - be respected, regardless of this field. This field may - only be set for services with type LoadBalancer and - will be cleared if the type is changed to any other - type. + description: |- + allocateLoadBalancerNodePorts defines if NodePorts will be automatically + allocated for services with type LoadBalancer. Default is "true". It + may be set to "false" if the cluster load-balancer does not rely on + NodePorts. If the caller requests specific NodePorts (by specifying a + value), those requests will be respected, regardless of this field. + This field may only be set for services with type LoadBalancer and will + be cleared if the type is changed to any other type. type: boolean clusterIP: - description: 'clusterIP is the IP address of the service - and is usually assigned randomly. If an address is specified - manually, is in-range (as per system configuration), - and is not in use, it will be allocated to the service; - otherwise creation of the service will fail. This field - may not be changed through updates unless the type field - is also being changed to ExternalName (which requires - this field to be blank) or the type field is being changed - from ExternalName (in which case this field may optionally - be specified, as describe above). Valid values are - "None", empty string (""), or a valid IP address. Setting - this to "None" makes a "headless service" (no virtual - IP), which is useful when direct endpoint connections - are preferred and proxying is not required. Only applies - to types ClusterIP, NodePort, and LoadBalancer. If this - field is specified when creating a Service of type ExternalName, - creation will fail. This field will be wiped when updating - a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + description: |- + clusterIP is the IP address of the service and is usually assigned + randomly. If an address is specified manually, is in-range (as per + system configuration), and is not in use, it will be allocated to the + service; otherwise creation of the service will fail. This field may not + be changed through updates unless the type field is also being changed + to ExternalName (which requires this field to be blank) or the type + field is being changed from ExternalName (in which case this field may + optionally be specified, as describe above). Valid values are "None", + empty string (""), or a valid IP address. Setting this to "None" makes a + "headless service" (no virtual IP), which is useful when direct endpoint + connections are preferred and proxying is not required. Only applies to + types ClusterIP, NodePort, and LoadBalancer. If this field is specified + when creating a Service of type ExternalName, creation will fail. This + field will be wiped when updating a Service to type ExternalName. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies type: string clusterIPs: - description: "ClusterIPs is a list of IP addresses assigned - to this service, and are usually assigned randomly. - \ If an address is specified manually, is in-range (as - per system configuration), and is not in use, it will - be allocated to the service; otherwise creation of the - service will fail. This field may not be changed through - updates unless the type field is also being changed - to ExternalName (which requires this field to be empty) - or the type field is being changed from ExternalName - (in which case this field may optionally be specified, - as describe above). Valid values are \"None\", empty - string (\"\"), or a valid IP address. Setting this - to \"None\" makes a \"headless service\" (no virtual - IP), which is useful when direct endpoint connections - are preferred and proxying is not required. Only applies - to types ClusterIP, NodePort, and LoadBalancer. If this - field is specified when creating a Service of type ExternalName, - creation will fail. This field will be wiped when updating - a Service to type ExternalName. If this field is not - specified, it will be initialized from the clusterIP - field. If this field is specified, clients must ensure - that clusterIPs[0] and clusterIP have the same value. - \n This field may hold a maximum of two entries (dual-stack - IPs, in either order). These IPs must correspond to - the values of the ipFamilies field. Both clusterIPs - and ipFamilies are governed by the ipFamilyPolicy field. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + description: |- + ClusterIPs is a list of IP addresses assigned to this service, and are + usually assigned randomly. If an address is specified manually, is + in-range (as per system configuration), and is not in use, it will be + allocated to the service; otherwise creation of the service will fail. + This field may not be changed through updates unless the type field is + also being changed to ExternalName (which requires this field to be + empty) or the type field is being changed from ExternalName (in which + case this field may optionally be specified, as describe above). Valid + values are "None", empty string (""), or a valid IP address. Setting + this to "None" makes a "headless service" (no virtual IP), which is + useful when direct endpoint connections are preferred and proxying is + not required. Only applies to types ClusterIP, NodePort, and + LoadBalancer. If this field is specified when creating a Service of type + ExternalName, creation will fail. This field will be wiped when updating + a Service to type ExternalName. If this field is not specified, it will + be initialized from the clusterIP field. If this field is specified, + clients must ensure that clusterIPs[0] and clusterIP have the same + value. + + + This field may hold a maximum of two entries (dual-stack IPs, in either order). + These IPs must correspond to the values of the ipFamilies field. Both + clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies items: type: string type: array x-kubernetes-list-type: atomic externalIPs: - description: externalIPs is a list of IP addresses for - which nodes in the cluster will also accept traffic - for this service. These IPs are not managed by Kubernetes. The - user is responsible for ensuring that traffic arrives - at a node with this IP. A common example is external - load-balancers that are not part of the Kubernetes system. + description: |- + externalIPs is a list of IP addresses for which nodes in the cluster + will also accept traffic for this service. These IPs are not managed by + Kubernetes. The user is responsible for ensuring that traffic arrives + at a node with this IP. A common example is external load-balancers + that are not part of the Kubernetes system. items: type: string type: array externalName: - description: externalName is the external reference that - discovery mechanisms will return as an alias for this - service (e.g. a DNS CNAME record). No proxying will - be involved. Must be a lowercase RFC-1123 hostname - (https://tools.ietf.org/html/rfc1123) and requires `type` - to be "ExternalName". + description: |- + externalName is the external reference that discovery mechanisms will + return as an alias for this service (e.g. a DNS CNAME record). No + proxying will be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". type: string externalTrafficPolicy: - description: externalTrafficPolicy describes how nodes - distribute service traffic they receive on one of the - Service's "externally-facing" addresses (NodePorts, - ExternalIPs, and LoadBalancer IPs). If set to "Local", - the proxy will configure the service in a way that assumes - that external load balancers will take care of balancing - the service traffic between nodes, and so each node - will deliver traffic only to the node-local endpoints - of the service, without masquerading the client source - IP. (Traffic mistakenly sent to a node with no endpoints - will be dropped.) The default value, "Cluster", uses - the standard behavior of routing to all endpoints evenly - (possibly modified by topology and other features). - Note that traffic sent to an External IP or LoadBalancer - IP from within the cluster will always get "Cluster" - semantics, but clients sending to a NodePort from within - the cluster may need to take traffic policy into account + description: |- + externalTrafficPolicy describes how nodes distribute service traffic they + receive on one of the Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure + the service in a way that assumes that external load balancers will take care + of balancing the service traffic between nodes, and so each node will deliver + traffic only to the node-local endpoints of the service, without masquerading + the client source IP. (Traffic mistakenly sent to a node with no endpoints will + be dropped.) The default value, "Cluster", uses the standard behavior of + routing to all endpoints evenly (possibly modified by topology and other + features). Note that traffic sent to an External IP or LoadBalancer IP from + within the cluster will always get "Cluster" semantics, but clients sending to + a NodePort from within the cluster may need to take traffic policy into account when picking a node. type: string healthCheckNodePort: - description: healthCheckNodePort specifies the healthcheck - nodePort for the service. This only applies when type - is set to LoadBalancer and externalTrafficPolicy is - set to Local. If a value is specified, is in-range, - and is not in use, it will be used. If not specified, - a value will be automatically allocated. External systems - (e.g. load-balancers) can use this port to determine - if a given node holds endpoints for this service or - not. If this field is specified when creating a Service - which does not need it, creation will fail. This field - will be wiped when updating a Service to no longer need - it (e.g. changing type). This field cannot be updated - once set. + description: |- + healthCheckNodePort specifies the healthcheck nodePort for the service. + This only applies when type is set to LoadBalancer and + externalTrafficPolicy is set to Local. If a value is specified, is + in-range, and is not in use, it will be used. If not specified, a value + will be automatically allocated. External systems (e.g. load-balancers) + can use this port to determine if a given node holds endpoints for this + service or not. If this field is specified when creating a Service + which does not need it, creation will fail. This field will be wiped + when updating a Service to no longer need it (e.g. changing type). + This field cannot be updated once set. format: int32 type: integer internalTrafficPolicy: - description: InternalTrafficPolicy describes how nodes - distribute service traffic they receive on the ClusterIP. - If set to "Local", the proxy will assume that pods only - want to talk to endpoints of the service on the same - node as the pod, dropping the traffic if there are no - local endpoints. The default value, "Cluster", uses - the standard behavior of routing to all endpoints evenly + description: |- + InternalTrafficPolicy describes how nodes distribute service traffic they + receive on the ClusterIP. If set to "Local", the proxy will assume that pods + only want to talk to endpoints of the service on the same node as the pod, + dropping the traffic if there are no local endpoints. The default value, + "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). type: string ipFamilies: - description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service. This field is - usually assigned automatically based on cluster configuration - and the ipFamilyPolicy field. If this field is specified + description: |- + IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this + service. This field is usually assigned automatically based on cluster + configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, - and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally - mutable: it allows for adding or removing a secondary - IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" - and \"IPv6\". This field only applies to Services of - types ClusterIP, NodePort, and LoadBalancer, and does - apply to \"headless\" services. This field will be wiped - when updating a Service to type ExternalName. \n This - field may hold a maximum of two entries (dual-stack - families, in either order). These families must correspond - to the values of the clusterIPs field, if specified. - Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy - field." + and ipFamilyPolicy allows it, it will be used; otherwise creation of + the service will fail. This field is conditionally mutable: it allows + for adding or removing a secondary IP family, but it does not allow + changing the primary IP family of the Service. Valid values are "IPv4" + and "IPv6". This field only applies to Services of types ClusterIP, + NodePort, and LoadBalancer, and does apply to "headless" services. + This field will be wiped when updating a Service to type ExternalName. + + + This field may hold a maximum of two entries (dual-stack families, in + either order). These families must correspond to the values of the + clusterIPs field, if specified. Both clusterIPs and ipFamilies are + governed by the ipFamilyPolicy field. items: - description: IPFamily represents the IP Family (IPv4 - or IPv6). This type is used to express the family - of an IP expressed by a type (e.g. service.spec.ipFamilies). + description: |- + IPFamily represents the IP Family (IPv4 or IPv6). This type is used + to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies). type: string type: array x-kubernetes-list-type: atomic ipFamilyPolicy: - description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service. If there is no - value provided, then this field will be set to SingleStack. - Services can be "SingleStack" (a single IP family), - "PreferDualStack" (two IP families on dual-stack configured - clusters or a single IP family on single-stack clusters), - or "RequireDualStack" (two IP families on dual-stack - configured clusters, otherwise fail). The ipFamilies - and clusterIPs fields depend on the value of this field. - This field will be wiped when updating a service to - type ExternalName. + description: |- + IPFamilyPolicy represents the dual-stack-ness requested or required by + this Service. If there is no value provided, then this field will be set + to SingleStack. Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured clusters or + a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise fail). The + ipFamilies and clusterIPs fields depend on the value of this field. This + field will be wiped when updating a service to type ExternalName. type: string loadBalancerClass: - description: loadBalancerClass is the class of the load - balancer implementation this Service belongs to. If - specified, the value of this field must be a label-style - identifier, with an optional prefix, e.g. "internal-vip" - or "example.com/internal-vip". Unprefixed names are - reserved for end-users. This field can only be set when - the Service type is 'LoadBalancer'. If not set, the - default load balancer implementation is used, today - this is typically done through the cloud provider integration, - but should apply for any default implementation. If - set, it is assumed that a load balancer implementation - is watching for Services with a matching class. Any - default load balancer implementation (e.g. cloud providers) - should ignore Services that set this field. This field - can only be set when creating or updating a Service - to type 'LoadBalancer'. Once set, it can not be changed. - This field will be wiped when a service is updated to - a non 'LoadBalancer' type. + description: |- + loadBalancerClass is the class of the load balancer implementation this Service belongs to. + If specified, the value of this field must be a label-style identifier, with an optional prefix, + e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. + This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load + balancer implementation is used, today this is typically done through the cloud provider integration, + but should apply for any default implementation. If set, it is assumed that a load balancer + implementation is watching for Services with a matching class. Any default load balancer + implementation (e.g. cloud providers) should ignore Services that set this field. + This field can only be set when creating or updating a Service to type 'LoadBalancer'. + Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. type: string loadBalancerIP: - description: 'Only applies to Service Type: LoadBalancer. - This feature depends on whether the underlying cloud-provider - supports specifying the loadBalancerIP when a load balancer - is created. This field will be ignored if the cloud-provider - does not support the feature. Deprecated: This field - was under-specified and its meaning varies across implementations, - and it cannot support dual-stack. As of Kubernetes v1.24, - users are encouraged to use implementation-specific - annotations when available. This field may be removed - in a future API version.' + description: |- + Only applies to Service Type: LoadBalancer. + This feature depends on whether the underlying cloud-provider supports specifying + the loadBalancerIP when a load balancer is created. + This field will be ignored if the cloud-provider does not support the feature. + Deprecated: This field was under-specified and its meaning varies across implementations. + Using it is non-portable and it may not support dual-stack. + Users are encouraged to use implementation-specific annotations when available. type: string loadBalancerSourceRanges: - description: 'If specified and supported by the platform, - this will restrict traffic through the cloud-provider - load-balancer will be restricted to the specified client - IPs. This field will be ignored if the cloud-provider - does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' + description: |- + If specified and supported by the platform, this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client IPs. This field will be ignored if the + cloud-provider does not support the feature." + More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ items: type: string type: array sessionAffinity: - description: 'Supports "ClientIP" and "None". Used to - maintain session affinity. Enable client IP based session - affinity. Must be ClientIP or None. Defaults to None. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + description: |- + Supports "ClientIP" and "None". Used to maintain session affinity. + Enable client IP based session affinity. + Must be ClientIP or None. + Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies type: string sessionAffinityConfig: description: sessionAffinityConfig contains the configurations @@ -2666,53 +3130,52 @@ spec: of Client IP based session affinity. properties: timeoutSeconds: - description: timeoutSeconds specifies the seconds - of ClientIP type session sticky time. The value - must be >0 && <=86400(for 1 day) if ServiceAffinity - == "ClientIP". Default value is 10800(for 3 - hours). + description: |- + timeoutSeconds specifies the seconds of ClientIP type session sticky time. + The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). format: int32 type: integer type: object type: object type: - description: 'type determines how the Service is exposed. - Defaults to ClusterIP. Valid options are ExternalName, - ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates - a cluster-internal IP address for load-balancing to - endpoints. Endpoints are determined by the selector - or if that is not specified, by manual construction - of an Endpoints object or EndpointSlice objects. If - clusterIP is "None", no virtual IP is allocated and - the endpoints are published as a set of endpoints rather - than a virtual IP. "NodePort" builds on ClusterIP and - allocates a port on every node which routes to the same - endpoints as the clusterIP. "LoadBalancer" builds on - NodePort and creates an external load-balancer (if supported - in the current cloud) which routes to the same endpoints - as the clusterIP. "ExternalName" aliases this service - to the specified externalName. Several other fields - do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' + description: |- + type determines how the Service is exposed. Defaults to ClusterIP. Valid + options are ExternalName, ClusterIP, NodePort, and LoadBalancer. + "ClusterIP" allocates a cluster-internal IP address for load-balancing + to endpoints. Endpoints are determined by the selector or if that is not + specified, by manual construction of an Endpoints object or + EndpointSlice objects. If clusterIP is "None", no virtual IP is + allocated and the endpoints are published as a set of endpoints rather + than a virtual IP. + "NodePort" builds on ClusterIP and allocates a port on every node which + routes to the same endpoints as the clusterIP. + "LoadBalancer" builds on NodePort and creates an external load-balancer + (if supported in the current cloud) which routes to the same endpoints + as the clusterIP. + "ExternalName" aliases this service to the specified externalName. + Several other fields do not apply to ExternalName services. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types type: string type: object type: object adminConsoleServiceType: default: NodePort - description: DEPRECATED - by adminConsoleServiceTemplate. AdminConsoleServiceType - defines whether to create a node port or load balancer service. - When using a LoadBalancer service type, TLS and dynamic DNS - must also be enabled. This field must be one of "NodePort" or - "LoadBalancer", defaulting to "NodePort". + description: |- + DEPRECATED - by adminConsoleServiceTemplate. + AdminConsoleServiceType defines whether to create a node port or load balancer service. + When using a LoadBalancer service type, TLS and dynamic DNS must also be enabled. + This field must be one of "NodePort" or "LoadBalancer", defaulting to "NodePort". enum: - NodePort - LoadBalancer type: string adminConsoleServices: - description: DEPRECATED - not required by Couchbase Server. AdminConsoleServices - is a selector to choose specific services to expose via the - admin console. This field may contain any of "data", "index", - "query", "search", "eventing" and "analytics". Each service - may only be included once. + description: |- + DEPRECATED - not required by Couchbase Server. + AdminConsoleServices is a selector to choose specific services to expose via the admin + console. This field may contain any of "data", "index", "query", "search", "eventing" + and "analytics". Each service may only be included once. items: description: Supported services enum: @@ -2727,92 +3190,122 @@ spec: type: array x-kubernetes-list-type: set cloudNativeGateway: - description: DEVELOPER PREVIEW - This feature is in developer - preview. CloudNativeGateway is used to provision a gRPC gateway - proxying a Couchbase cluster. + description: |- + CloudNativeGateway is used to provision a gRPC gateway proxying a Couchbase + cluster. properties: image: - description: 'DEVELOPER PREVIEW - This feature is in developer - preview. Image is the Cloud Native Gateway image to be used - to run the sidecar container. No validation is carried out - as this can be any arbitrary repo and tag. TODO: provide - a default kubebuilder default image tag as field is mandatory.' + description: |- + Image is the Cloud Native Gateway image to be used to run the sidecar container. + No validation is carried out as this can be any arbitrary repo and tag. + TODO: provide a default kubebuilder default image tag as field is mandatory. + type: string + logLevel: + default: info + description: |- + DEVELOPER PREVIEW - This feature is in developer preview. + LogLevel controls the verbosity of cloud native logs. This field must be one of + "fatal", "panic", "dpanic", "error", "warn", "info", "debug" defaulting to "info". + enum: + - fatal + - panic + - dpanic + - error + - warn + - info + - debug type: string + terminationGracePeriodSeconds: + default: 75 + description: |- + TerminationGracePeriodSeconds specifies the grace period for the container to + terminate. Defaults to 75 seconds. + format: int64 + type: integer tls: - description: DEVELOPER PREVIEW - This feature is in developer - preview. TLS defines the TLS configuration for the Cloud - Native Gateway server including server and client certificate - configuration, and TLS security policies. + description: |- + TLS defines the TLS configuration for the Cloud Native Gateway server including + server and client certificate configuration, and TLS security policies. + If no TLS config are explicitly provided, the operator generates/manages self-signed certs/keys + and creates a k8s secret named `couchbase-cloud-native-gateway-self-signed-secret-` + unique to a Couchbase cluster, which is volume mounted to the cb k8s pod. + This action could be overidden at the outset or later, by using the below + TLS config or generating the secret of same name as + `couchbase-cloud-native-gateway-self-signed-secret-` with certificates + conforming to the keys of well-known type "kubernetes.io/tls" with "tls.crt" and "tls.key". + N.B. The secret is on per cluster basis so it's advised to use the unique cluster name else + would be ignored. properties: serverSecretName: - description: DEVELOPER PREVIEW - This feature is in developer - preview. ServerSecretName specifies the secret name, - in the same namespace as the cluster, that contains - Cloud Native Gateway gRPC server TLS data. The secret - is expected to contain "tls.crt" and "tls.key" as per - the kubernetes.io/tls secret type. + description: |- + ServerSecretName specifies the secret name, in the same namespace as the cluster, + that contains Cloud Native Gateway gRPC server TLS data. + The secret is expected to contain "tls.crt" and + "tls.key" as per the kubernetes.io/tls secret type. type: string type: object required: - image + - logLevel type: object disableUIOverHTTP: - description: DisableUIOverHTTP is used to explicitly enable and - disable UI access over the HTTP protocol. If not specified, - this field defaults to false. + description: |- + DisableUIOverHTTP is used to explicitly enable and disable UI access over + the HTTP protocol. If not specified, this field defaults to false. type: boolean disableUIOverHTTPS: - description: DisableUIOverHTTPS is used to explicitly enable and - disable UI access over the HTTPS protocol. If not specified, - this field defaults to false. + description: |- + DisableUIOverHTTPS is used to explicitly enable and disable UI access over + the HTTPS protocol. If not specified, this field defaults to false. type: boolean dns: description: DNS defines information required for Dynamic DNS support. properties: domain: - description: Domain is the domain to create pods in. When - populated the Operator will annotate the admin console and - per-pod services with the key "external-dns.alpha.kubernetes.io/hostname". These - annotations can be used directly by a Kubernetes External-DNS - controller to replicate load balancer service IP addresses - into a public DNS server. + description: |- + Domain is the domain to create pods in. When populated the Operator + will annotate the admin console and per-pod services with the key + "external-dns.alpha.kubernetes.io/hostname". These annotations can + be used directly by a Kubernetes External-DNS controller to replicate + load balancer service IP addresses into a public DNS server. type: string type: object exposeAdminConsole: - description: ExposeAdminConsole creates a service referencing - the admin console. The service is configured by the adminConsoleServiceTemplate - field. + description: |- + ExposeAdminConsole creates a service referencing the admin console. + The service is configured by the adminConsoleServiceTemplate field. type: boolean exposedFeatureServiceTemplate: - description: 'ExposedFeatureServiceTemplate provides a template - used by the Operator to create and manage per-pod services. This - allows services to be annotated, the service type defined and - any other options that Kubernetes provides. When using a LoadBalancer - service type, TLS and dynamic DNS must also be enabled. The - Operator reserves the right to modify or replace any field. More - info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#service-v1-core' + description: |- + ExposedFeatureServiceTemplate provides a template used by the Operator to create + and manage per-pod services. This allows services to be annotated, the + service type defined and any other options that Kubernetes provides. When using + a LoadBalancer service type, TLS and dynamic DNS must also be enabled. The Operator + reserves the right to modify or replace any field. More info: + https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#service-v1-core properties: metadata: - description: Standard objects metadata. This is a curated - version for use with Couchbase resource templates. + description: |- + Standard objects metadata. This is a curated version for use with Couchbase + resource templates. properties: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured key value - map stored with a resource that may be set by external - tools to store and retrieve arbitrary metadata. They - are not queryable and should be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' + description: |- + Annotations is an unstructured key value map stored with a resource that + may be set by external tools to store and retrieve arbitrary metadata. They + are not queryable and should be preserved when modifying objects. More + info: http://kubernetes.io/docs/user-guide/annotations type: object labels: additionalProperties: type: string - description: 'Map of string keys and values that can be - used to organize and categorize (scope and select) objects. - May match selectors of replication controllers and services. - More info: http://kubernetes.io/docs/user-guide/labels' + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels type: object type: object spec: @@ -2820,219 +3313,195 @@ spec: creates on a service. properties: allocateLoadBalancerNodePorts: - description: allocateLoadBalancerNodePorts defines if - NodePorts will be automatically allocated for services - with type LoadBalancer. Default is "true". It may be - set to "false" if the cluster load-balancer does not - rely on NodePorts. If the caller requests specific - NodePorts (by specifying a value), those requests will - be respected, regardless of this field. This field may - only be set for services with type LoadBalancer and - will be cleared if the type is changed to any other - type. + description: |- + allocateLoadBalancerNodePorts defines if NodePorts will be automatically + allocated for services with type LoadBalancer. Default is "true". It + may be set to "false" if the cluster load-balancer does not rely on + NodePorts. If the caller requests specific NodePorts (by specifying a + value), those requests will be respected, regardless of this field. + This field may only be set for services with type LoadBalancer and will + be cleared if the type is changed to any other type. type: boolean clusterIP: - description: 'clusterIP is the IP address of the service - and is usually assigned randomly. If an address is specified - manually, is in-range (as per system configuration), - and is not in use, it will be allocated to the service; - otherwise creation of the service will fail. This field - may not be changed through updates unless the type field - is also being changed to ExternalName (which requires - this field to be blank) or the type field is being changed - from ExternalName (in which case this field may optionally - be specified, as describe above). Valid values are - "None", empty string (""), or a valid IP address. Setting - this to "None" makes a "headless service" (no virtual - IP), which is useful when direct endpoint connections - are preferred and proxying is not required. Only applies - to types ClusterIP, NodePort, and LoadBalancer. If this - field is specified when creating a Service of type ExternalName, - creation will fail. This field will be wiped when updating - a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + description: |- + clusterIP is the IP address of the service and is usually assigned + randomly. If an address is specified manually, is in-range (as per + system configuration), and is not in use, it will be allocated to the + service; otherwise creation of the service will fail. This field may not + be changed through updates unless the type field is also being changed + to ExternalName (which requires this field to be blank) or the type + field is being changed from ExternalName (in which case this field may + optionally be specified, as describe above). Valid values are "None", + empty string (""), or a valid IP address. Setting this to "None" makes a + "headless service" (no virtual IP), which is useful when direct endpoint + connections are preferred and proxying is not required. Only applies to + types ClusterIP, NodePort, and LoadBalancer. If this field is specified + when creating a Service of type ExternalName, creation will fail. This + field will be wiped when updating a Service to type ExternalName. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies type: string clusterIPs: - description: "ClusterIPs is a list of IP addresses assigned - to this service, and are usually assigned randomly. - \ If an address is specified manually, is in-range (as - per system configuration), and is not in use, it will - be allocated to the service; otherwise creation of the - service will fail. This field may not be changed through - updates unless the type field is also being changed - to ExternalName (which requires this field to be empty) - or the type field is being changed from ExternalName - (in which case this field may optionally be specified, - as describe above). Valid values are \"None\", empty - string (\"\"), or a valid IP address. Setting this - to \"None\" makes a \"headless service\" (no virtual - IP), which is useful when direct endpoint connections - are preferred and proxying is not required. Only applies - to types ClusterIP, NodePort, and LoadBalancer. If this - field is specified when creating a Service of type ExternalName, - creation will fail. This field will be wiped when updating - a Service to type ExternalName. If this field is not - specified, it will be initialized from the clusterIP - field. If this field is specified, clients must ensure - that clusterIPs[0] and clusterIP have the same value. - \n This field may hold a maximum of two entries (dual-stack - IPs, in either order). These IPs must correspond to - the values of the ipFamilies field. Both clusterIPs - and ipFamilies are governed by the ipFamilyPolicy field. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + description: |- + ClusterIPs is a list of IP addresses assigned to this service, and are + usually assigned randomly. If an address is specified manually, is + in-range (as per system configuration), and is not in use, it will be + allocated to the service; otherwise creation of the service will fail. + This field may not be changed through updates unless the type field is + also being changed to ExternalName (which requires this field to be + empty) or the type field is being changed from ExternalName (in which + case this field may optionally be specified, as describe above). Valid + values are "None", empty string (""), or a valid IP address. Setting + this to "None" makes a "headless service" (no virtual IP), which is + useful when direct endpoint connections are preferred and proxying is + not required. Only applies to types ClusterIP, NodePort, and + LoadBalancer. If this field is specified when creating a Service of type + ExternalName, creation will fail. This field will be wiped when updating + a Service to type ExternalName. If this field is not specified, it will + be initialized from the clusterIP field. If this field is specified, + clients must ensure that clusterIPs[0] and clusterIP have the same + value. + + + This field may hold a maximum of two entries (dual-stack IPs, in either order). + These IPs must correspond to the values of the ipFamilies field. Both + clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies items: type: string type: array x-kubernetes-list-type: atomic externalIPs: - description: externalIPs is a list of IP addresses for - which nodes in the cluster will also accept traffic - for this service. These IPs are not managed by Kubernetes. The - user is responsible for ensuring that traffic arrives - at a node with this IP. A common example is external - load-balancers that are not part of the Kubernetes system. + description: |- + externalIPs is a list of IP addresses for which nodes in the cluster + will also accept traffic for this service. These IPs are not managed by + Kubernetes. The user is responsible for ensuring that traffic arrives + at a node with this IP. A common example is external load-balancers + that are not part of the Kubernetes system. items: type: string type: array externalName: - description: externalName is the external reference that - discovery mechanisms will return as an alias for this - service (e.g. a DNS CNAME record). No proxying will - be involved. Must be a lowercase RFC-1123 hostname - (https://tools.ietf.org/html/rfc1123) and requires `type` - to be "ExternalName". + description: |- + externalName is the external reference that discovery mechanisms will + return as an alias for this service (e.g. a DNS CNAME record). No + proxying will be involved. Must be a lowercase RFC-1123 hostname + (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". type: string externalTrafficPolicy: - description: externalTrafficPolicy describes how nodes - distribute service traffic they receive on one of the - Service's "externally-facing" addresses (NodePorts, - ExternalIPs, and LoadBalancer IPs). If set to "Local", - the proxy will configure the service in a way that assumes - that external load balancers will take care of balancing - the service traffic between nodes, and so each node - will deliver traffic only to the node-local endpoints - of the service, without masquerading the client source - IP. (Traffic mistakenly sent to a node with no endpoints - will be dropped.) The default value, "Cluster", uses - the standard behavior of routing to all endpoints evenly - (possibly modified by topology and other features). - Note that traffic sent to an External IP or LoadBalancer - IP from within the cluster will always get "Cluster" - semantics, but clients sending to a NodePort from within - the cluster may need to take traffic policy into account + description: |- + externalTrafficPolicy describes how nodes distribute service traffic they + receive on one of the Service's "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure + the service in a way that assumes that external load balancers will take care + of balancing the service traffic between nodes, and so each node will deliver + traffic only to the node-local endpoints of the service, without masquerading + the client source IP. (Traffic mistakenly sent to a node with no endpoints will + be dropped.) The default value, "Cluster", uses the standard behavior of + routing to all endpoints evenly (possibly modified by topology and other + features). Note that traffic sent to an External IP or LoadBalancer IP from + within the cluster will always get "Cluster" semantics, but clients sending to + a NodePort from within the cluster may need to take traffic policy into account when picking a node. type: string healthCheckNodePort: - description: healthCheckNodePort specifies the healthcheck - nodePort for the service. This only applies when type - is set to LoadBalancer and externalTrafficPolicy is - set to Local. If a value is specified, is in-range, - and is not in use, it will be used. If not specified, - a value will be automatically allocated. External systems - (e.g. load-balancers) can use this port to determine - if a given node holds endpoints for this service or - not. If this field is specified when creating a Service - which does not need it, creation will fail. This field - will be wiped when updating a Service to no longer need - it (e.g. changing type). This field cannot be updated - once set. + description: |- + healthCheckNodePort specifies the healthcheck nodePort for the service. + This only applies when type is set to LoadBalancer and + externalTrafficPolicy is set to Local. If a value is specified, is + in-range, and is not in use, it will be used. If not specified, a value + will be automatically allocated. External systems (e.g. load-balancers) + can use this port to determine if a given node holds endpoints for this + service or not. If this field is specified when creating a Service + which does not need it, creation will fail. This field will be wiped + when updating a Service to no longer need it (e.g. changing type). + This field cannot be updated once set. format: int32 type: integer internalTrafficPolicy: - description: InternalTrafficPolicy describes how nodes - distribute service traffic they receive on the ClusterIP. - If set to "Local", the proxy will assume that pods only - want to talk to endpoints of the service on the same - node as the pod, dropping the traffic if there are no - local endpoints. The default value, "Cluster", uses - the standard behavior of routing to all endpoints evenly + description: |- + InternalTrafficPolicy describes how nodes distribute service traffic they + receive on the ClusterIP. If set to "Local", the proxy will assume that pods + only want to talk to endpoints of the service on the same node as the pod, + dropping the traffic if there are no local endpoints. The default value, + "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). type: string ipFamilies: - description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service. This field is - usually assigned automatically based on cluster configuration - and the ipFamilyPolicy field. If this field is specified + description: |- + IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this + service. This field is usually assigned automatically based on cluster + configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, - and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally - mutable: it allows for adding or removing a secondary - IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" - and \"IPv6\". This field only applies to Services of - types ClusterIP, NodePort, and LoadBalancer, and does - apply to \"headless\" services. This field will be wiped - when updating a Service to type ExternalName. \n This - field may hold a maximum of two entries (dual-stack - families, in either order). These families must correspond - to the values of the clusterIPs field, if specified. - Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy - field." + and ipFamilyPolicy allows it, it will be used; otherwise creation of + the service will fail. This field is conditionally mutable: it allows + for adding or removing a secondary IP family, but it does not allow + changing the primary IP family of the Service. Valid values are "IPv4" + and "IPv6". This field only applies to Services of types ClusterIP, + NodePort, and LoadBalancer, and does apply to "headless" services. + This field will be wiped when updating a Service to type ExternalName. + + + This field may hold a maximum of two entries (dual-stack families, in + either order). These families must correspond to the values of the + clusterIPs field, if specified. Both clusterIPs and ipFamilies are + governed by the ipFamilyPolicy field. items: - description: IPFamily represents the IP Family (IPv4 - or IPv6). This type is used to express the family - of an IP expressed by a type (e.g. service.spec.ipFamilies). + description: |- + IPFamily represents the IP Family (IPv4 or IPv6). This type is used + to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies). type: string type: array x-kubernetes-list-type: atomic ipFamilyPolicy: - description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service. If there is no - value provided, then this field will be set to SingleStack. - Services can be "SingleStack" (a single IP family), - "PreferDualStack" (two IP families on dual-stack configured - clusters or a single IP family on single-stack clusters), - or "RequireDualStack" (two IP families on dual-stack - configured clusters, otherwise fail). The ipFamilies - and clusterIPs fields depend on the value of this field. - This field will be wiped when updating a service to - type ExternalName. + description: |- + IPFamilyPolicy represents the dual-stack-ness requested or required by + this Service. If there is no value provided, then this field will be set + to SingleStack. Services can be "SingleStack" (a single IP family), + "PreferDualStack" (two IP families on dual-stack configured clusters or + a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise fail). The + ipFamilies and clusterIPs fields depend on the value of this field. This + field will be wiped when updating a service to type ExternalName. type: string loadBalancerClass: - description: loadBalancerClass is the class of the load - balancer implementation this Service belongs to. If - specified, the value of this field must be a label-style - identifier, with an optional prefix, e.g. "internal-vip" - or "example.com/internal-vip". Unprefixed names are - reserved for end-users. This field can only be set when - the Service type is 'LoadBalancer'. If not set, the - default load balancer implementation is used, today - this is typically done through the cloud provider integration, - but should apply for any default implementation. If - set, it is assumed that a load balancer implementation - is watching for Services with a matching class. Any - default load balancer implementation (e.g. cloud providers) - should ignore Services that set this field. This field - can only be set when creating or updating a Service - to type 'LoadBalancer'. Once set, it can not be changed. - This field will be wiped when a service is updated to - a non 'LoadBalancer' type. + description: |- + loadBalancerClass is the class of the load balancer implementation this Service belongs to. + If specified, the value of this field must be a label-style identifier, with an optional prefix, + e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. + This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load + balancer implementation is used, today this is typically done through the cloud provider integration, + but should apply for any default implementation. If set, it is assumed that a load balancer + implementation is watching for Services with a matching class. Any default load balancer + implementation (e.g. cloud providers) should ignore Services that set this field. + This field can only be set when creating or updating a Service to type 'LoadBalancer'. + Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. type: string loadBalancerIP: - description: 'Only applies to Service Type: LoadBalancer. - This feature depends on whether the underlying cloud-provider - supports specifying the loadBalancerIP when a load balancer - is created. This field will be ignored if the cloud-provider - does not support the feature. Deprecated: This field - was under-specified and its meaning varies across implementations, - and it cannot support dual-stack. As of Kubernetes v1.24, - users are encouraged to use implementation-specific - annotations when available. This field may be removed - in a future API version.' + description: |- + Only applies to Service Type: LoadBalancer. + This feature depends on whether the underlying cloud-provider supports specifying + the loadBalancerIP when a load balancer is created. + This field will be ignored if the cloud-provider does not support the feature. + Deprecated: This field was under-specified and its meaning varies across implementations. + Using it is non-portable and it may not support dual-stack. + Users are encouraged to use implementation-specific annotations when available. type: string loadBalancerSourceRanges: - description: 'If specified and supported by the platform, - this will restrict traffic through the cloud-provider - load-balancer will be restricted to the specified client - IPs. This field will be ignored if the cloud-provider - does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' + description: |- + If specified and supported by the platform, this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client IPs. This field will be ignored if the + cloud-provider does not support the feature." + More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ items: type: string type: array sessionAffinity: - description: 'Supports "ClientIP" and "None". Used to - maintain session affinity. Enable client IP based session - affinity. Must be ClientIP or None. Defaults to None. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' + description: |- + Supports "ClientIP" and "None". Used to maintain session affinity. + Enable client IP based session affinity. + Must be ClientIP or None. + Defaults to None. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies type: string sessionAffinityConfig: description: sessionAffinityConfig contains the configurations @@ -3043,72 +3512,69 @@ spec: of Client IP based session affinity. properties: timeoutSeconds: - description: timeoutSeconds specifies the seconds - of ClientIP type session sticky time. The value - must be >0 && <=86400(for 1 day) if ServiceAffinity - == "ClientIP". Default value is 10800(for 3 - hours). + description: |- + timeoutSeconds specifies the seconds of ClientIP type session sticky time. + The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". + Default value is 10800(for 3 hours). format: int32 type: integer type: object type: object type: - description: 'type determines how the Service is exposed. - Defaults to ClusterIP. Valid options are ExternalName, - ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates - a cluster-internal IP address for load-balancing to - endpoints. Endpoints are determined by the selector - or if that is not specified, by manual construction - of an Endpoints object or EndpointSlice objects. If - clusterIP is "None", no virtual IP is allocated and - the endpoints are published as a set of endpoints rather - than a virtual IP. "NodePort" builds on ClusterIP and - allocates a port on every node which routes to the same - endpoints as the clusterIP. "LoadBalancer" builds on - NodePort and creates an external load-balancer (if supported - in the current cloud) which routes to the same endpoints - as the clusterIP. "ExternalName" aliases this service - to the specified externalName. Several other fields - do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' + description: |- + type determines how the Service is exposed. Defaults to ClusterIP. Valid + options are ExternalName, ClusterIP, NodePort, and LoadBalancer. + "ClusterIP" allocates a cluster-internal IP address for load-balancing + to endpoints. Endpoints are determined by the selector or if that is not + specified, by manual construction of an Endpoints object or + EndpointSlice objects. If clusterIP is "None", no virtual IP is + allocated and the endpoints are published as a set of endpoints rather + than a virtual IP. + "NodePort" builds on ClusterIP and allocates a port on every node which + routes to the same endpoints as the clusterIP. + "LoadBalancer" builds on NodePort and creates an external load-balancer + (if supported in the current cloud) which routes to the same endpoints + as the clusterIP. + "ExternalName" aliases this service to the specified externalName. + Several other fields do not apply to ExternalName services. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types type: string type: object type: object exposedFeatureServiceType: default: NodePort - description: DEPRECATED - by exposedFeatureServiceTemplate. ExposedFeatureServiceType - defines whether to create a node port or load balancer service. - When using a LoadBalancer service type, TLS and dynamic DNS - must also be enabled. This field must be one of "NodePort" or - "LoadBalancer", defaulting to "NodePort". + description: |- + DEPRECATED - by exposedFeatureServiceTemplate. + ExposedFeatureServiceType defines whether to create a node port or load balancer service. + When using a LoadBalancer service type, TLS and dynamic DNS must also be enabled. + This field must be one of "NodePort" or "LoadBalancer", defaulting to "NodePort". enum: - NodePort - LoadBalancer type: string exposedFeatureTrafficPolicy: - description: DEPRECATED - by exposedFeatureServiceTemplate. ExposedFeatureTrafficPolicy - defines how packets should be routed from a load balancer service - to a Couchbase pod. When local, traffic is routed directly - to the pod. When cluster, traffic is routed to any node, then - forwarded on. While cluster routing may be slower, there are - some situations where it is required for connectivity. This - field must be either "Cluster" or "Local", defaulting to "Local", + description: |- + DEPRECATED - by exposedFeatureServiceTemplate. + ExposedFeatureTrafficPolicy defines how packets should be routed from a load balancer + service to a Couchbase pod. When local, traffic is routed directly to the pod. When + cluster, traffic is routed to any node, then forwarded on. While cluster routing may be + slower, there are some situations where it is required for connectivity. This field + must be either "Cluster" or "Local", defaulting to "Local", enum: - Cluster - Local type: string exposedFeatures: - description: ExposedFeatures is a list of Couchbase features to - expose when using a networking model that exposes the Couchbase - cluster externally to Kubernetes. This field also triggers - the creation of per-pod services used by clients to connect - to the Couchbase cluster. When admin, only the administrator - port is exposed, allowing remote administration. When xdcr, - only the services required for remote replication are exposed. - The xdcr feature is only required when the cluster is the destination - of an XDCR replication. When client, all services are exposed - as required for client SDK operation. This field may contain - any of "admin", "xdcr" and "client". Each feature may only - be included once. + description: |- + ExposedFeatures is a list of Couchbase features to expose when using a networking + model that exposes the Couchbase cluster externally to Kubernetes. This field also + triggers the creation of per-pod services used by clients to connect to the Couchbase + cluster. When admin, only the administrator port is exposed, allowing remote + administration. When xdcr, only the services required for remote replication are exposed. + The xdcr feature is only required when the cluster is the destination of an XDCR + replication. When client, all services are exposed as required for client SDK operation. + This field may contain any of "admin", "xdcr" and "client". Each feature may only be + included once. items: enum: - admin @@ -3118,121 +3584,121 @@ spec: type: array x-kubernetes-list-type: set loadBalancerSourceRanges: - description: DEPRECATED - by adminConsoleServiceTemplate and exposedFeatureServiceTemplate. - LoadBalancerSourceRanges applies only when an exposed service - is of type LoadBalancer and limits the source IP ranges that - are allowed to use the service. Items must use IPv4 class-less - interdomain routing (CIDR) notation e.g. 10.0.0.0/16. + description: |- + DEPRECATED - by adminConsoleServiceTemplate and exposedFeatureServiceTemplate. + LoadBalancerSourceRanges applies only when an exposed service is of type + LoadBalancer and limits the source IP ranges that are allowed to use the + service. Items must use IPv4 class-less interdomain routing (CIDR) notation + e.g. 10.0.0.0/16. items: pattern: ^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/\d{1,2}$ type: string type: array networkPlatform: - description: NetworkPlatform is used to enable support for various - networking technologies. This field must be one of "Istio". + description: |- + NetworkPlatform is used to enable support for various networking + technologies. This field must be one of "Istio". enum: - Istio type: string serviceAnnotations: additionalProperties: type: string - description: DEPRECATED - by adminConsoleServiceTemplate and exposedFeatureServiceTemplate. - ServiceAnnotations allows services to be annotated with custom - labels. Operator annotations are merged on top of these so have - precedence as they are required for correct operation. + description: |- + DEPRECATED - by adminConsoleServiceTemplate and exposedFeatureServiceTemplate. + ServiceAnnotations allows services to be annotated with custom labels. + Operator annotations are merged on top of these so have precedence as + they are required for correct operation. type: object tls: - description: TLS defines the TLS configuration for the cluster - including server and client certificate configuration, and TLS - security policies. + description: |- + TLS defines the TLS configuration for the cluster including + server and client certificate configuration, and TLS security policies. properties: allowPlainTextCertReload: default: false - description: AllowPlainTextCertReload allows the reload of - TLS certificates in plain text. This option should only - be enabled as a means to recover connectivity with server - in the event that any of the server certificates expire. - When enabled the Operator only attempts plain text cert - reloading when expired certificates are detected. + description: |- + AllowPlainTextCertReload allows the reload of TLS certificates in plain text. + This option should only be enabled as a means to recover connectivity with + server in the event that any of the server certificates expire. When enabled + the Operator only attempts plain text cert reloading when expired certificates + are detected. type: boolean cipherSuites: - description: CipherSuites specifies a list of cipher suites - for Couchbase server to select from when negotiating TLS - handshakes with a client. Suites are not validated by the - Operator. Run "openssl ciphers -v" in a Couchbase server - pod to interrogate supported values. + description: |- + CipherSuites specifies a list of cipher suites for Couchbase server to select + from when negotiating TLS handshakes with a client. Suites are not validated + by the Operator. Run "openssl ciphers -v" in a Couchbase server pod to + interrogate supported values. items: type: string type: array x-kubernetes-list-type: set clientCertificatePaths: - description: ClientCertificatePaths defines where to look - in client certificates in order to extract the user name. + description: |- + ClientCertificatePaths defines where to look in client certificates in order + to extract the user name. items: description: ClientCertificatePath defines how to extract a username from a client ceritficate. properties: delimiter: - description: Delimiter if specified allows a suffix - to be stripped from the username, once extracted from - the certificate path. + description: |- + Delimiter if specified allows a suffix to be stripped from the username, once + extracted from the certificate path. type: string path: - description: Path defines where in the X.509 specification - to extract the username from. This field must be either - "subject.cn", "san.uri", "san.dnsname" or "san.email". + description: |- + Path defines where in the X.509 specification to extract the username from. + This field must be either "subject.cn", "san.uri", "san.dnsname" or "san.email". pattern: ^subject\.cn|san\.uri|san\.dnsname|san\.email$ type: string prefix: - description: Prefix allows a prefix to be stripped from - the username, once extracted from the certificate - path. + description: |- + Prefix allows a prefix to be stripped from the username, once extracted from the + certificate path. type: string required: - path type: object type: array clientCertificatePolicy: - description: ClientCertificatePolicy defines the client authentication - policy to use. If set, the Operator expects TLS configuration - to contain a valid certificate/key pair for the Administrator - account. + description: |- + ClientCertificatePolicy defines the client authentication policy to use. + If set, the Operator expects TLS configuration to contain a valid certificate/key pair + for the Administrator account. enum: - enable - mandatory type: string nodeToNodeEncryption: - description: NodeToNodeEncryption specifies whether to encrypt - data between Couchbase nodes within the same cluster. This - may come at the expense of performance. When control plane - only encryption is used, only cluster management traffic - is encrypted between nodes. When all, all traffic is encrypted, - including database documents. When strict mode is used, - it is the same as all, but also disables all plaintext ports. Strict - mode is only available on Couchbase Server versions 7.1 - and greater. Node to node encryption can only be used when - TLS certificates are managed by the Operator. This field - must be either "ControlPlaneOnly", "All", or "Strict". + description: |- + NodeToNodeEncryption specifies whether to encrypt data between Couchbase nodes + within the same cluster. This may come at the expense of performance. When + control plane only encryption is used, only cluster management traffic is encrypted + between nodes. When all, all traffic is encrypted, including database documents. + When strict mode is used, it is the same as all, but also disables all plaintext + ports. Strict mode is only available on Couchbase Server versions 7.1 and greater. + Node to node encryption can only be used when TLS certificates are managed by the + Operator. This field must be either "ControlPlaneOnly", "All", or "Strict". enum: - ControlPlaneOnly - All - Strict type: string passphrase: - description: PassphraseConfig configures the passphrase key - to use with encrypted certificates. The passphrase may be - registered with Couchbase Server using a local script or - a rest endpoint. Private key encryption is only available - on Couchbase Server versions 7.1 and greater. + description: |- + PassphraseConfig configures the passphrase key to use with encrypted certificates. + The passphrase may be registered with Couchbase Server using a local script or a + rest endpoint. Private key encryption is only available on Couchbase Server + versions 7.1 and greater. properties: rest: - description: PassphraseRestConfig is the configuration - to register a private key passphrase with a rest endpoint. - When the private key is accessed, Couchbase Server attempts - to extract the password by means of the specified endpoint. - The response status must be 200 and the response text - must be the exact passphrase excluding newlines and - extraneous spaces. + description: |- + PassphraseRestConfig is the configuration to register a private key passphrase with a rest endpoint. + When the private key is accessed, Couchbase Server attempts to extract the password by means of the + specified endpoint. The response status must be 200 and the response text must be the exact passphrase + excluding newlines and extraneous spaces. properties: addressFamily: default: inet @@ -3255,9 +3721,9 @@ spec: format: int64 type: integer url: - description: URL is the endpoint to be called to retrieve - the passphrase. URL will be called using the GET - method and may use http/https protocol. + description: |- + URL is the endpoint to be called to retrieve the passphrase. + URL will be called using the GET method and may use http/https protocol. type: string verifyPeer: default: true @@ -3268,106 +3734,95 @@ spec: - url type: object script: - description: PassphraseScriptConfig is the configuration - to register a private key passphrase with a script. - The Operator auto-provisions the underlying script so - this config simply provides a mechanism to perform the - decryption of the Couchbase Private Key using a local - script. + description: |- + PassphraseScriptConfig is the configuration to register a private key passphrase with a script. + The Operator auto-provisions the underlying script so this config simply provides a mechanism + to perform the decryption of the Couchbase Private Key using a local script. properties: secret: - description: Secret is the secret containing the passphrase - string. The secret is expected to contain "passphrase" - key with the passphrase string as a value. + description: |- + Secret is the secret containing the passphrase string. The secret is expected + to contain "passphrase" key with the passphrase string as a value. type: string required: - secret type: object type: object rootCAs: - description: RootCAs defines a set of secrets that reside - in this namespace that contain additional CA certificates - that should be installed in Couchbase. The CA certificates - that are defined here are in addition to those defined for - the cluster, optionally by couchbaseclusters.spec.networking.tls.secretSource, - and thus should not be duplicated. Each Secret referred - to must be of well-known type "kubernetes.io/tls" and must - contain one or more CA certificates under the key "tls.crt". - Multiple root CA certificates are only supported on Couchbase - Server 7.1 and greater, and not with legacy couchbaseclusters.spec.networking.tls.static - configuration. + description: |- + RootCAs defines a set of secrets that reside in this namespace that contain + additional CA certificates that should be installed in Couchbase. The CA + certificates that are defined here are in addition to those defined for the + cluster, optionally by couchbaseclusters.spec.networking.tls.secretSource, and + thus should not be duplicated. Each Secret referred to must be of well-known type + "kubernetes.io/tls" and must contain one or more CA certificates under the key "tls.crt". + Multiple root CA certificates are only supported on Couchbase Server 7.1 and greater, + and not with legacy couchbaseclusters.spec.networking.tls.static configuration. items: type: string type: array secretSource: - description: SecretSource enables the user to specify a secret - conforming to the Kubernetes TLS secret specification that - is used for the Couchbase server certificate, and optionally - the Operator's client certificate, providing cert-manager - compatibility without having to specify a separate root - CA. A server CA certificate must be supplied by one of - the provided methods. Certificates referred to must conform - to the keys of well-known type "kubernetes.io/tls" with - "tls.crt" and "tls.key". If the "tls.key" is an encrypted - private key then the secret type can be the generic Opaque - type since "kubernetes.io/tls" type secrets cannot verify - encrypted keys. + description: |- + SecretSource enables the user to specify a secret conforming to the Kubernetes TLS + secret specification that is used for the Couchbase server certificate, and optionally + the Operator's client certificate, providing cert-manager compatibility without having + to specify a separate root CA. A server CA certificate must be supplied by one of the + provided methods. Certificates referred to must conform to the keys of well-known type + "kubernetes.io/tls" with "tls.crt" and "tls.key". If the "tls.key" is an encrypted + private key then the secret type can be the generic Opaque type since "kubernetes.io/tls" + type secrets cannot verify encrypted keys. properties: clientSecretName: - description: ClientSecretName specifies the secret name, - in the same namespace as the cluster, the contains client - TLS data. The secret is expected to contain "tls.crt" - and "tls.key" as per the Kubernetes.io/tls secret type. + description: |- + ClientSecretName specifies the secret name, in the same namespace as the cluster, + the contains client TLS data. The secret is expected to contain "tls.crt" and + "tls.key" as per the Kubernetes.io/tls secret type. type: string serverSecretName: - description: ServerSecretName specifies the secret name, - in the same namespace as the cluster, that contains - server TLS data. The secret is expected to contain - "tls.crt" and "tls.key" as per the kubernetes.io/tls - secret type. It may also contain "ca.crt". Only a single - PEM formated x509 certificate can be provided to "ca.crt". - The single certificate may also bundle together multiple - root CA certificates. Multiple root CA certificates - are only supported on Couchbase Server 7.1 and greater. + description: |- + ServerSecretName specifies the secret name, in the same namespace as the cluster, + that contains server TLS data. The secret is expected to contain "tls.crt" and + "tls.key" as per the kubernetes.io/tls secret type. It may also contain "ca.crt". + Only a single PEM formated x509 certificate can be provided to "ca.crt". + The single certificate may also bundle together multiple root CA certificates. + Multiple root CA certificates are only supported on Couchbase Server 7.1 and greater. type: string required: - serverSecretName type: object static: - description: DEPRECATED - by couchbaseclusters.spec.networking.tls.secretSource. - Static enables user to generate static x509 certificates - and keys, put them into Kubernetes secrets, and specify - them here. Static secrets are Couchbase specific, and follow - no well-known standards. + description: |- + DEPRECATED - by couchbaseclusters.spec.networking.tls.secretSource. + Static enables user to generate static x509 certificates and keys, + put them into Kubernetes secrets, and specify them here. Static secrets + are Couchbase specific, and follow no well-known standards. properties: operatorSecret: - description: OperatorSecret is a secret name containing - TLS certs used by operator to talk securely to this - cluster. The secret must contain a CA certificate (data - key ca.crt). If client authentication is enabled, then - the secret must also contain a client certificate chain - (data key "couchbase-operator.crt") and private key + description: |- + OperatorSecret is a secret name containing TLS certs used by operator to + talk securely to this cluster. The secret must contain a CA certificate (data key + ca.crt). If client authentication is enabled, then the secret must also contain + a client certificate chain (data key "couchbase-operator.crt") and private key (data key "couchbase-operator.key"). type: string serverSecret: - description: ServerSecret is a secret name containing - TLS certs used by each Couchbase member pod for the - communication between Couchbase server and its clients. The - secret must contain a certificate chain (data key "chain.pem") - and a private key (data key "pkey.key"). The private - key must be in the PKCS#1 RSA format. The certificate - chain must have a required set of X.509v3 subject alternative - names for all cluster addressing modes. See the Operator - TLS documentation for more information. + description: |- + ServerSecret is a secret name containing TLS certs used by each Couchbase member pod + for the communication between Couchbase server and its clients. The secret must + contain a certificate chain (data key "chain.pem") and a private + key (data key "pkey.key"). The private key must be in the PKCS#1 RSA + format. The certificate chain must have a required set of X.509v3 subject alternative + names for all cluster addressing modes. See the Operator TLS documentation for more + information. type: string type: object tlsMinimumVersion: default: TLS1.2 - description: TLSMinimumVersion specifies the minimum TLS version - the Couchbase server can negotiate with a client. Must - be one of TLS1.0, TLS1.1 TLS1.2 or TLS1.3, defaulting to - TLS1.2. TLS1.3 is only valid for Couchbase Server 7.1.0 - onward. + description: |- + TLSMinimumVersion specifies the minimum TLS version the Couchbase server can + negotiate with a client. Must be one of TLS1.0, TLS1.1 TLS1.2 or TLS1.3, + defaulting to TLS1.2. TLS1.3 is only valid for Couchbase Server 7.1.0 onward. + TLS1.0 and TLS1.1 are not valid for Couchbase Server 7.6.0 onward. enum: - TLS1.0 - TLS1.1 @@ -3377,199 +3832,224 @@ spec: type: object waitForAddressReachable: default: 10m - description: WaitForAddressReachable is used to set the timeout - between when polling of external addresses is started, and when - it is deemed a failure. Polling of DNS name availability inherently - dangerous due to negative caching, so prefer the use of an initial - `waitForAddressReachableDelay` to allow propagation. + description: |- + WaitForAddressReachable is used to set the timeout between when polling of + external addresses is started, and when it is deemed a failure. Polling of + DNS name availability inherently dangerous due to negative caching, so prefer + the use of an initial `waitForAddressReachableDelay` to allow propagation. type: string waitForAddressReachableDelay: default: 2m - description: WaitForAddressReachableDelay is used to defer operator - checks that ensure external addresses are reachable before new - nodes are balanced in to the cluster. This prevents negative - DNS caching while waiting for external-DDNS controllers to propagate - addresses. + description: |- + WaitForAddressReachableDelay is used to defer operator checks that + ensure external addresses are reachable before new nodes are balanced + in to the cluster. This prevents negative DNS caching while waiting + for external-DDNS controllers to propagate addresses. type: string type: object + onlineVolumeExpansionTimeoutInMins: + description: |- + OnlineVolumeExpansionTimeoutInMins must be provided as a retry mechanism with a timeout in minutes + for expanding volumes. This must only be provided, if EnableOnlineVolumeExpansion is set to true. + Value must be between 0 and 30. + If no value is provided, then it defaults to 10 minutes. + maximum: 30 + minimum: 0 + type: integer paused: - description: Paused is to pause the control of the operator for the - Couchbase cluster. This does not pause the cluster itself, instead - stopping the operator from taking any action. + description: |- + Paused is to pause the control of the operator for the Couchbase cluster. + This does not pause the cluster itself, instead stopping the operator from + taking any action. type: boolean platform: - description: Platform gives a hint as to what platform we are running - on and how to configure services. This field must be one of "aws", - "gke" or "azure". + description: |- + Platform gives a hint as to what platform we are running on and how + to configure services. This field must be one of "aws", "gke" or "azure". enum: - aws - gce - azure type: string recoveryPolicy: - description: RecoveryPolicy controls how aggressive the Operator is - when recovering cluster topology. When PrioritizeDataIntegrity, - the Operator will delegate failover exclusively to Couchbase server, - relying on it to only allow recovery when safe to do so. When PrioritizeUptime, - the Operator will wait for a period after the expected auto-failover - of the cluster, before forcefully failing-over the pods. This may - cause data loss, and is only expected to be used on clusters with - ephemeral data, where the loss of the pod means that the data is - known to be unrecoverable. This field must be either "PrioritizeDataIntegrity" - or "PrioritizeUptime", defaulting to "PrioritizeDataIntegrity". + description: |- + RecoveryPolicy controls how aggressive the Operator is when recovering cluster + topology. When PrioritizeDataIntegrity, the Operator will delegate failover + exclusively to Couchbase server, relying on it to only allow recovery when safe to + do so. When PrioritizeUptime, the Operator will wait for a period after the + expected auto-failover of the cluster, before forcefully failing-over the pods. + This may cause data loss, and is only expected to be used on clusters with ephemeral + data, where the loss of the pod means that the data is known to be unrecoverable. + This field must be either "PrioritizeDataIntegrity" or "PrioritizeUptime", defaulting + to "PrioritizeDataIntegrity". enum: - PrioritizeDataIntegrity - PrioritizeUptime type: string rollingUpgrade: - description: When `spec.upgradeStrategy` is set to `RollingUpgrade` - it will, by default, upgrade one pod at a time. If this field is - specified then that number can be increased. + description: |- + When `spec.upgradeStrategy` is set to `RollingUpgrade` it will, by default, upgrade one pod + at a time. If this field is specified then that number can be increased. properties: maxUpgradable: - description: MaxUpgradable allows the number of pods affected - by an upgrade at any one time to be increased. By default a - rolling upgrade will upgrade one pod at a time. This field - allows that limit to be removed. This field must be greater - than zero. The smallest of `maxUpgradable` and `maxUpgradablePercent` - takes precedence if both are defined. + description: |- + MaxUpgradable allows the number of pods affected by an upgrade at any + one time to be increased. By default a rolling upgrade will + upgrade one pod at a time. This field allows that limit to be removed. + This field must be greater than zero. + The smallest of `maxUpgradable` and `maxUpgradablePercent` takes precedence if + both are defined. minimum: 1 type: integer maxUpgradablePercent: - description: MaxUpgradablePercent allows the number of pods affected - by an upgrade at any one time to be increased. By default a - rolling upgrade will upgrade one pod at a time. This field - allows that limit to be removed. This field must be an integer - percentage, e.g. "10%", in the range 1% to 100%. Percentages - are relative to the total cluster size, and rounded down to - the nearest whole number, with a minimum of 1. For example, - a 10 pod cluster, and 25% allowed to upgrade, would yield 2.5 - pods per iteration, rounded down to 2. The smallest of `maxUpgradable` - and `maxUpgradablePercent` takes precedence if both are defined. + description: |- + MaxUpgradablePercent allows the number of pods affected by an upgrade at any + one time to be increased. By default a rolling upgrade will + upgrade one pod at a time. This field allows that limit to be removed. + This field must be an integer percentage, e.g. "10%", in the range 1% to 100%. + Percentages are relative to the total cluster size, and rounded down to + the nearest whole number, with a minimum of 1. For example, a 10 pod + cluster, and 25% allowed to upgrade, would yield 2.5 pods per iteration, + rounded down to 2. + The smallest of `maxUpgradable` and `maxUpgradablePercent` takes precedence if + both are defined. pattern: ^(100|[1-9][0-9]|[1-9])%$ type: string type: object security: - description: Security defines Couchbase cluster security options such - as the administrator account username and password, and user RBAC - settings. + description: |- + Security defines Couchbase cluster security options such as the administrator + account username and password, and user RBAC settings. properties: adminSecret: - description: AdminSecret is the name of a Kubernetes secret to - use for administrator authentication. The admin secret must - contain the keys "username" and "password". The password data - must be at least 6 characters in length, and not contain the - any of the characters `()<>,;:\"/[]?={}`. + description: |- + AdminSecret is the name of a Kubernetes secret to use for administrator authentication. + The admin secret must contain the keys "username" and "password". The password data + must be at least 6 characters in length, and not contain the any of the characters + `()<>,;:\"/[]?={}`. type: string ldap: - description: LDAP provides settings to authenticate and authorize - LDAP users with Couchbase Server. When specified, the Operator - keeps these settings in sync with Cocuhbase Server's LDAP configuration. - Leave empty to manually manage LDAP configuration. + description: |- + LDAP provides settings to authenticate and authorize LDAP users with Couchbase Server. + When specified, the Operator keeps these settings in sync with Cocuhbase Server's + LDAP configuration. Leave empty to manually manage LDAP configuration. properties: authenticationEnabled: default: true - description: AuthenticationEnabled allows users who attempt - to access Couchbase Server without having been added as - local users to be authenticated against the specified LDAP - Host(s). + description: |- + AuthenticationEnabled allows users who attempt to access Couchbase Server without having been + added as local users to be authenticated against the specified LDAP Host(s). type: boolean authorizationEnabled: - description: AuthorizationEnabled allows authenticated LDAP - users to be authorized with RBAC roles granted to any Couchbase - Server group associated with the user. + description: |- + AuthorizationEnabled allows authenticated LDAP users to be authorized with RBAC roles granted to + any Couchbase Server group associated with the user. type: boolean bindDN: - description: 'DN to use for searching users and groups synchronization. - More info: https://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html' + description: |- + DN to use for searching users and groups synchronization. More info: + https://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html type: string bindSecret: - description: BindSecret is the name of a Kubernetes secret - to use containing password for LDAP user binding. The bindSecret - must have a key with the name "password" and a value which - corresponds to the password of the binding LDAP user. + description: |- + BindSecret is the name of a Kubernetes secret to use containing password for LDAP user binding. + The bindSecret must have a key with the name "password" and a value which corresponds to the + password of the binding LDAP user. type: string cacert: - description: DEPRECATED - Field is ignored, use tlsSecret. - CA Certificate in PEM format to be used in LDAP server certificate - validation. This cert is the string form of the secret provided - to `spec.tls.tlsSecret`. + description: |- + DEPRECATED - Field is ignored, use tlsSecret. + CA Certificate in PEM format to be used in LDAP server certificate validation. + This cert is the string form of the secret provided to `spec.tls.tlsSecret`. type: string cacheValueLifetime: default: 30000 - description: 'Lifetime of values in cache in milliseconds. - Default 300000 ms. More info: https://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html' + description: |- + Lifetime of values in cache in milliseconds. Default 300000 ms. More info: + https://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html format: int64 type: integer encryption: - description: Encryption determines how the connection with - the LDAP server should be encrypted. Encryption may set - as either StartTLSExtension, TLS, or false. When set to - "false" then no verification of the LDAP hostname is performed. - When Encryption is StartTLSExtension, or TLS is set then - the default behavior is to use the certificate already loaded - into the Couchbase Cluster for certificate validation, otherwise - `ldap.tlsSecret` may be set to override The Couchbase certificate. + description: |- + Encryption determines how the connection with the LDAP server should be encrypted. + Encryption may set as either StartTLSExtension, TLS, or false. + When set to "false" then no verification of the LDAP hostname is performed. + When Encryption is StartTLSExtension, or TLS is set then the default behavior is to + use the certificate already loaded into the Couchbase Cluster for certificate validation, + otherwise `ldap.tlsSecret` may be set to override The Couchbase certificate. enum: - None - StartTLSExtension - TLS type: string groupsQuery: - description: 'LDAP query, to get the users'' groups by username - in RFC4516 format. More info: https://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html' + description: |- + LDAP query, to get the users' groups by username in RFC4516 format. More info: + https://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html type: string hosts: - description: List of LDAP hosts to provide authentication-support - for Couchbase Server. Host name must be a valid IP address - or DNS Name e.g openldap.default.svc, 10.0.92.147. + description: |- + List of LDAP hosts to provide authentication-support for Couchbase Server. + Host name must be a valid IP address or DNS Name e.g openldap.default.svc, 10.0.92.147. items: type: string minItems: 1 type: array + middleboxCompMode: + default: true + description: |- + Sets middlebox compatibility mode for LDAP. This option is only available on + Couchbase Server 7.6.0+. + type: boolean nestedGroupsEnabled: - description: 'If enabled Couchbase server will try to recursively - search for groups for every discovered ldap group. groups_query - will be user for the search. More info: https://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html' + description: |- + If enabled Couchbase server will try to recursively search for groups + for every discovered ldap group. groups_query will be user for the search. + More info: + https://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html type: boolean nestedGroupsMaxDepth: default: 10 - description: 'Maximum number of recursive groups requests - the server is allowed to perform. Requires NestedGroupsEnabled. Values - between 1 and 100: the default is 10. More info: https://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html' + description: |- + Maximum number of recursive groups requests the server is allowed to perform. + Requires NestedGroupsEnabled. Values between 1 and 100: the default is 10. + More info: + https://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html format: int64 maximum: 100 minimum: 1 type: integer port: default: 389 - description: LDAP port. This is typically 389 for LDAP, and - 636 for LDAPS. + description: |- + LDAP port. + This is typically 389 for LDAP, and 636 for LDAPS. type: integer serverCertValidation: description: Whether server certificate validation be enabled. type: boolean tlsSecret: - description: TLSSecret is the name of a Kubernetes secret - to use explcitly for LDAP ca cert. If TLSSecret is not provided, - certificates found in `couchbaseclusters.spec.networking.tls.rootCAs` - will be used instead. If provided, the secret must contain - the ca to be used under the name "ca.crt". + description: |- + TLSSecret is the name of a Kubernetes secret to use explcitly for LDAP ca cert. + If TLSSecret is not provided, certificates found in `couchbaseclusters.spec.networking.tls.rootCAs` + will be used instead. + If provided, the secret must contain the ca to be used under the name "ca.crt". type: string userDNMapping: - description: 'User to distinguished name (DN) mapping. If - none is specified, the username is used as the user’s distinguished - name. More info: https://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html' + description: |- + User to distinguished name (DN) mapping. If none is specified, + the username is used as the user’s distinguished name. More info: + https://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html properties: query: description: Query is the LDAP query to run to map from Couchbase user to LDAP distinguished name. type: string template: - description: This field specifies list of templates to - use for providing username to DN mapping. The template - may contain a placeholder specified as `%u` to represent - the Couchbase user who is attempting to gain access. + description: |- + This field specifies list of templates to use for providing username to DN mapping. + The template may contain a placeholder specified as `%u` to represent the Couchbase + user who is attempting to gain access. type: string type: object required: @@ -3578,71 +4058,77 @@ spec: - port type: object podSecurityContext: - description: 'PodSecurityContext allows the configuration of the - security context for all Couchbase server pods. When using - persistent volumes you may need to set the fsGroup field in - order to write to the volume. For non-root clusters you must - also set runAsUser to 1000, corresponding to the Couchbase user - in official container images. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + description: |- + PodSecurityContext allows the configuration of the security context for all + Couchbase server pods. When using persistent volumes you may need to set + the fsGroup field in order to write to the volume. For non-root clusters + you must also set runAsUser to 1000, corresponding to the Couchbase user + in official container images. More info: + https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ properties: fsGroup: - description: "A special supplemental group that applies to - all containers in a pod. Some volume types allow the Kubelet - to change the ownership of that volume to be owned by the - pod: \n 1. The owning GID will be the FSGroup 2. The setgid - bit is set (new files created in the volume will be owned - by FSGroup) 3. The permission bits are OR'd with rw-rw---- - \n If unset, the Kubelet will not modify the ownership and - permissions of any volume. Note that this field cannot be - set when spec.os.name is windows." + description: |- + A special supplemental group that applies to all containers in a pod. + Some volume types allow the Kubelet to change the ownership of that volume + to be owned by the pod: + + + 1. The owning GID will be the FSGroup + 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- + + + If unset, the Kubelet will not modify the ownership and permissions of any volume. + Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior of changing - ownership and permission of the volume before being exposed - inside Pod. This field will only apply to volume types which - support fsGroup based ownership(and permissions). It will - have no effect on ephemeral volume types such as: secret, - configmaps and emptydir. Valid values are "OnRootMismatch" - and "Always". If not specified, "Always" is used. Note that - this field cannot be set when spec.os.name is windows.' + description: |- + fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + before being exposed inside Pod. This field will only apply to + volume types which support fsGroup based ownership(and permissions). + It will have no effect on ephemeral volume types such as: secret, configmaps + and emptydir. + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + Note that this field cannot be set when spec.os.name is windows. type: string runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set - in SecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. Note that this field - cannot be set when spec.os.name is windows. + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail - to start the container if it does. If unset or false, no - such validation will be performed. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata if - unspecified. May also be set in SecurityContext. If set - in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. - Note that this field cannot be set when spec.os.name is - windows. + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied to all containers. - If unspecified, the container runtime will allocate a random - SELinux context for each container. May also be set in - SecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence - for that container. Note that this field cannot be set when - spec.os.name is windows. + description: |- + The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in SecurityContext. If set in + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. properties: level: description: Level is SELinux level label that applies @@ -3662,42 +4148,48 @@ spec: type: string type: object seccompProfile: - description: The seccomp options to use by the containers - in this pod. Note that this field cannot be set when spec.os.name - is windows. + description: |- + The seccomp options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile indicates a profile defined - in a file on the node should be used. The profile must - be preconfigured on the node to work. Must be a descending - path, relative to the kubelet's configured seccomp profile - location. Must only be set if type is "Localhost". + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. type: string type: - description: "type indicates which kind of seccomp profile - will be applied. Valid options are: \n Localhost - a - profile defined in a file on the node should be used. - RuntimeDefault - the container runtime default profile - should be used. Unconfined - no profile should be applied." + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. type: string required: - type type: object supplementalGroups: - description: A list of groups applied to the first process - run in each container, in addition to the container's primary - GID. If unspecified, no groups will be added to any container. - Note that this field cannot be set when spec.os.name is - windows. + description: |- + A list of groups applied to the first process run in each container, in addition + to the container's primary GID, the fsGroup (if specified), and group memberships + defined in the container image for the uid of the container process. If unspecified, + no additional groups are added to any container. Note that group memberships + defined in the container image for the uid of the container process are still effective, + even if they are not included in this list. + Note that this field cannot be set when spec.os.name is windows. items: format: int64 type: integer type: array sysctls: - description: Sysctls hold a list of namespaced sysctls used - for the pod. Pods with unsupported sysctls (by the container - runtime) might fail to launch. Note that this field cannot - be set when spec.os.name is windows. + description: |- + Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name is windows. items: description: Sysctl defines a kernel parameter to be set properties: @@ -3713,42 +4205,35 @@ spec: type: object type: array windowsOptions: - description: The Windows specific settings applied to all - containers. If unspecified, the options within a container's - SecurityContext will be used. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when - spec.os.name is linux. + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named - by the GMSACredentialSpecName field. + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: description: GMSACredentialSpecName is the name of the GMSA credential spec to use. type: string hostProcess: - description: HostProcess determines if a container should - be run as a 'Host Process' container. This field is - alpha-level and will only be honored by components that - enable the WindowsHostProcessContainers feature flag. - Setting this field without the feature flag will result - in errors when validating the Pod. All of a Pod's containers - must have the same effective HostProcess value (it is - not allowed to have a mix of HostProcess containers - and non-HostProcess containers). In addition, if HostProcess - is true then HostNetwork must also be set to true. + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. type: boolean runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set in - PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext - takes precedence. + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. type: string type: object type: object @@ -3761,15 +4246,16 @@ spec: or the clients. type: boolean selector: - description: Selector is a label selector used to list RBAC - resources in the namespace that are managed by the Operator. + description: |- + Selector is a label selector used to list RBAC resources in the namespace + that are managed by the Operator. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: @@ -3777,17 +4263,16 @@ spec: applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -3799,35 +4284,36 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic type: object securityContext: - description: 'SecurityContext defines the security options the - container should be run with. If set, the fields of SecurityContext - override the equivalent fields of PodSecurityContext. Use securityContext.allowPrivilegeEscalation - field to grant more privileges than its parent process. More - info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + description: |- + SecurityContext defines the security options the container should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + Use securityContext.allowPrivilegeEscalation field to grant more privileges than its parent process. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ properties: allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a - process can gain more privileges than its parent process. - This bool directly controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN Note that this field cannot be set - when spec.os.name is windows.' + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. type: boolean capabilities: - description: The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by the - container runtime. Note that this field cannot be set when - spec.os.name is windows. + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. properties: add: description: Added capabilities @@ -3845,59 +4331,60 @@ spec: type: array type: object privileged: - description: Run container in privileged mode. Processes in - privileged containers are essentially equivalent to root - on the host. Defaults to false. Note that this field cannot - be set when spec.os.name is windows. + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. type: boolean procMount: - description: procMount denotes the type of proc mount to use - for the containers. The default is DefaultProcMount which - uses the container runtime defaults for readonly paths and - masked paths. This requires the ProcMountType feature flag - to be enabled. Note that this field cannot be set when spec.os.name - is windows. + description: |- + procMount denotes the type of proc mount to use for the containers. + The default is DefaultProcMount which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. type: string readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. - Default is false. Note that this field cannot be set when - spec.os.name is windows. + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. type: boolean runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set - in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when - spec.os.name is windows. + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail - to start the container if it does. If unset or false, no - such validation will be performed. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata if - unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name is windows. + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate a random - SELinux context for each container. May also be set in - PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when - spec.os.name is windows. + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. properties: level: description: Level is SELinux level label that applies @@ -3917,73 +4404,71 @@ spec: type: string type: object seccompProfile: - description: The seccomp options to use by this container. - If seccomp options are provided at both the pod & container - level, the container options override the pod options. Note - that this field cannot be set when spec.os.name is windows. + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile indicates a profile defined - in a file on the node should be used. The profile must - be preconfigured on the node to work. Must be a descending - path, relative to the kubelet's configured seccomp profile - location. Must only be set if type is "Localhost". + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. type: string type: - description: "type indicates which kind of seccomp profile - will be applied. Valid options are: \n Localhost - a - profile defined in a file on the node should be used. - RuntimeDefault - the container runtime default profile - should be used. Unconfined - no profile should be applied." + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. type: string required: - type type: object windowsOptions: - description: The Windows specific settings applied to all - containers. If unspecified, the options from the PodSecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is - linux. + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named - by the GMSACredentialSpecName field. + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: description: GMSACredentialSpecName is the name of the GMSA credential spec to use. type: string hostProcess: - description: HostProcess determines if a container should - be run as a 'Host Process' container. This field is - alpha-level and will only be honored by components that - enable the WindowsHostProcessContainers feature flag. - Setting this field without the feature flag will result - in errors when validating the Pod. All of a Pod's containers - must have the same effective HostProcess value (it is - not allowed to have a mix of HostProcess containers - and non-HostProcess containers). In addition, if HostProcess - is true then HostNetwork must also be set to true. + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. type: boolean runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set in - PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext - takes precedence. + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. type: string type: object type: object uiSessionTimeout: default: 0 - description: UISessionTimeout sets how long, in minutes, before - a user is declared inactive and signed out from the Couchbase - Server UI. 0 represents no time out. + description: |- + UISessionTimeout sets how long, in minutes, before a user is declared inactive + and signed out from the Couchbase Server UI. + 0 represents no time out. maximum: 16666 minimum: 0 type: integer @@ -3991,67 +4476,77 @@ spec: - adminSecret type: object securityContext: - description: 'DEPRECATED - by spec.security.securityContext SecurityContext - allows the configuration of the security context for all Couchbase - server pods. When using persistent volumes you may need to set - the fsGroup field in order to write to the volume. For non-root - clusters you must also set runAsUser to 1000, corresponding to the - Couchbase user in official container images. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + description: |- + DEPRECATED - by spec.security.securityContext + SecurityContext allows the configuration of the security context for all + Couchbase server pods. When using persistent volumes you may need to set + the fsGroup field in order to write to the volume. For non-root clusters + you must also set runAsUser to 1000, corresponding to the Couchbase user + in official container images. More info: + https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ properties: fsGroup: - description: "A special supplemental group that applies to all - containers in a pod. Some volume types allow the Kubelet to - change the ownership of that volume to be owned by the pod: - \n 1. The owning GID will be the FSGroup 2. The setgid bit is - set (new files created in the volume will be owned by FSGroup) - 3. The permission bits are OR'd with rw-rw---- \n If unset, - the Kubelet will not modify the ownership and permissions of - any volume. Note that this field cannot be set when spec.os.name - is windows." + description: |- + A special supplemental group that applies to all containers in a pod. + Some volume types allow the Kubelet to change the ownership of that volume + to be owned by the pod: + + + 1. The owning GID will be the FSGroup + 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- + + + If unset, the Kubelet will not modify the ownership and permissions of any volume. + Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior of changing - ownership and permission of the volume before being exposed - inside Pod. This field will only apply to volume types which - support fsGroup based ownership(and permissions). It will have - no effect on ephemeral volume types such as: secret, configmaps - and emptydir. Valid values are "OnRootMismatch" and "Always". - If not specified, "Always" is used. Note that this field cannot - be set when spec.os.name is windows.' + description: |- + fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + before being exposed inside Pod. This field will only apply to + volume types which support fsGroup based ownership(and permissions). + It will have no effect on ephemeral volume types such as: secret, configmaps + and emptydir. + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + Note that this field cannot be set when spec.os.name is windows. type: string runAsGroup: - description: The GID to run the entrypoint of the container process. - Uses runtime default if unset. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail to start - the container if it does. If unset or false, no such validation - will be performed. May also be set in SecurityContext. If set - in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. type: boolean runAsUser: - description: The UID to run the entrypoint of the container process. + description: |- + The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. - May also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. Note that this field cannot - be set when spec.os.name is windows. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: - description: The SELinux context to be applied to all containers. - If unspecified, the container runtime will allocate a random - SELinux context for each container. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. + description: |- + The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in SecurityContext. If set in + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. properties: level: @@ -4072,41 +4567,48 @@ spec: type: string type: object seccompProfile: - description: The seccomp options to use by the containers in this - pod. Note that this field cannot be set when spec.os.name is - windows. + description: |- + The seccomp options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. properties: localhostProfile: - description: localhostProfile indicates a profile defined - in a file on the node should be used. The profile must be - preconfigured on the node to work. Must be a descending - path, relative to the kubelet's configured seccomp profile - location. Must only be set if type is "Localhost". + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. type: string type: - description: "type indicates which kind of seccomp profile - will be applied. Valid options are: \n Localhost - a profile - defined in a file on the node should be used. RuntimeDefault - - the container runtime default profile should be used. - Unconfined - no profile should be applied." + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. type: string required: - type type: object supplementalGroups: - description: A list of groups applied to the first process run - in each container, in addition to the container's primary GID. If - unspecified, no groups will be added to any container. Note - that this field cannot be set when spec.os.name is windows. + description: |- + A list of groups applied to the first process run in each container, in addition + to the container's primary GID, the fsGroup (if specified), and group memberships + defined in the container image for the uid of the container process. If unspecified, + no additional groups are added to any container. Note that group memberships + defined in the container image for the uid of the container process are still effective, + even if they are not included in this list. + Note that this field cannot be set when spec.os.name is windows. items: format: int64 type: integer type: array sysctls: - description: Sysctls hold a list of namespaced sysctls used for - the pod. Pods with unsupported sysctls (by the container runtime) - might fail to launch. Note that this field cannot be set when - spec.os.name is windows. + description: |- + Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name is windows. items: description: Sysctl defines a kernel parameter to be set properties: @@ -4122,73 +4624,69 @@ spec: type: object type: array windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options within a container's SecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name is linux. + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. properties: gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named by - the GMSACredentialSpecName field. + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: description: GMSACredentialSpecName is the name of the GMSA credential spec to use. type: string hostProcess: - description: HostProcess determines if a container should - be run as a 'Host Process' container. This field is alpha-level - and will only be honored by components that enable the WindowsHostProcessContainers - feature flag. Setting this field without the feature flag - will result in errors when validating the Pod. All of a - Pod's containers must have the same effective HostProcess - value (it is not allowed to have a mix of HostProcess containers - and non-HostProcess containers). In addition, if HostProcess - is true then HostNetwork must also be set to true. + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. type: boolean runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set in PodSecurityContext. - If set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. type: string type: object type: object serverGroups: - description: ServerGroups define the set of availability zones you - want to distribute pods over, and construct Couchbase server groups - for. By default, most cloud providers will label nodes with the - key "topology.kubernetes.io/zone", the values associated with that - key are used here to provide explicit scheduling by the Operator. You - may manually label nodes using the "topology.kubernetes.io/zone" - key, to provide failure-domain aware scheduling when none is provided - for you. Global server groups are applied to all server classes, - and may be overridden on a per-server class basis to give more control - over scheduling and server groups. + description: |- + ServerGroups define the set of availability zones you want to distribute + pods over, and construct Couchbase server groups for. By default, most + cloud providers will label nodes with the key "topology.kubernetes.io/zone", + the values associated with that key are used here to provide explicit + scheduling by the Operator. You may manually label nodes using the + "topology.kubernetes.io/zone" key, to provide failure-domain + aware scheduling when none is provided for you. Global server groups are + applied to all server classes, and may be overridden on a per-server class + basis to give more control over scheduling and server groups. items: type: string type: array x-kubernetes-list-type: set servers: - description: Servers defines server classes for the Operator to provision - and manage. A server class defines what services are running and - how many members make up that class. Specifying multiple server - classes allows the Operator to provision clusters with Multi-Dimensional - Scaling (MDS). At least one server class must be defined, and at - least one server class must be running the data service. + description: |- + Servers defines server classes for the Operator to provision and manage. + A server class defines what services are running and how many members make + up that class. Specifying multiple server classes allows the Operator to + provision clusters with Multi-Dimensional Scaling (MDS). At least one server + class must be defined, and at least one server class must be running the data + service. items: properties: autoscaleEnabled: - description: AutoscaledEnabled defines whether the autoscaling - feature is enabled for this class. When true, the Operator - will create a CouchbaseAutoscaler resource for this server - class. The CouchbaseAutoscaler implements the Kubernetes - scale API and can be controlled by the Kubernetes horizontal - pod autoscaler (HPA). + description: |- + AutoscaledEnabled defines whether the autoscaling feature is enabled for this class. + When true, the Operator will create a CouchbaseAutoscaler resource for this + server class. The CouchbaseAutoscaler implements the Kubernetes scale API and + can be controlled by the Kubernetes horizontal pod autoscaler (HPA). type: boolean env: description: Env allows the setting of environment variables @@ -4202,16 +4700,16 @@ spec: a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in - the container and any service environment variables. - If a variable cannot be resolved, the reference in the - input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) - syntax: i.e. "$$(VAR_NAME)" will produce the string - literal "$(VAR_NAME)". Escaped references will never - be expanded, regardless of whether the variable exists - or not. Defaults to "".' + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". type: string valueFrom: description: Source for the environment variable's value. @@ -4224,10 +4722,10 @@ spec: description: The key to select. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or @@ -4236,12 +4734,11 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the pod: supports - metadata.name, metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. properties: apiVersion: description: Version of the schema the FieldPath @@ -4254,12 +4751,11 @@ spec: required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. properties: containerName: description: 'Container name: required for volumes, @@ -4279,6 +4775,7 @@ spec: required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: description: Selects a key of a secret in the pod's namespace @@ -4288,10 +4785,10 @@ spec: be a valid secret key. type: string name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its @@ -4300,6 +4797,7 @@ spec: required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -4316,15 +4814,17 @@ spec: description: The ConfigMap to select from properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap must be defined type: boolean type: object + x-kubernetes-map-type: atomic prefix: description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. @@ -4333,61 +4833,74 @@ spec: description: The Secret to select from properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret must be defined type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array + image: + description: |- + Image is the container image name that will be used to launch Couchbase + server instances in this server class. You cannot downgrade the Couchbase + version. Across spec.image and all server classes there can only be two + different Couchbase images. Updating this field to a value different than + spec.image will cause an automatic upgrade of the server class. If it isn't + specified then the cluster image will be used. + pattern: ^(.*?(:\d+)?/)?.*?/.*?(:.*?\d+\.\d+\.\d+.*|@sha256:[0-9a-f]{64})$ + type: string name: - description: Name is a textual name for the server configuration - and must be unique. The name is used by the operator to uniquely - identify a server class, and map pods back to an intended - configuration. + description: |- + Name is a textual name for the server configuration and must be unique. + The name is used by the operator to uniquely identify a server class, + and map pods back to an intended configuration. type: string pod: - description: 'Pod defines a template used to create pod for - each Couchbase server instance. Modifying pod metadata such - as labels and annotations will update the pod in-place. Any - other modification will result in a cluster upgrade in order - to fulfill the request. The Operator reserves the right to - modify or replace any field. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#pod-v1-core' + description: |- + Pod defines a template used to create pod for each Couchbase server + instance. Modifying pod metadata such as labels and annotations will + update the pod in-place. Any other modification will result in a cluster + upgrade in order to fulfill the request. The Operator reserves the right + to modify or replace any field. More info: + https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#pod-v1-core properties: metadata: - description: Standard objects metadata. This is a curated - version for use with Couchbase resource templates. + description: |- + Standard objects metadata. This is a curated version for use with Couchbase + resource templates. properties: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured key value - map stored with a resource that may be set by external - tools to store and retrieve arbitrary metadata. They - are not queryable and should be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' + description: |- + Annotations is an unstructured key value map stored with a resource that + may be set by external tools to store and retrieve arbitrary metadata. They + are not queryable and should be preserved when modifying objects. More + info: http://kubernetes.io/docs/user-guide/annotations type: object labels: additionalProperties: type: string - description: 'Map of string keys and values that can - be used to organize and categorize (scope and select) - objects. May match selectors of replication controllers - and services. More info: http://kubernetes.io/docs/user-guide/labels' + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels type: object type: object spec: description: PodSpec is a description of a pod. properties: activeDeadlineSeconds: - description: Optional duration in seconds the pod may - be active on the node relative to StartTime before - the system will actively try to mark it failed and - kill associated containers. Value must be a positive - integer. + description: |- + Optional duration in seconds the pod may be active on the node relative to + StartTime before the system will actively try to mark it failed and kill associated containers. + Value must be a positive integer. format: int64 type: integer affinity: @@ -4398,26 +4911,20 @@ spec: rules for the pod. properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule - pods to nodes that satisfy the affinity expressions - specified by this field, but it may choose - a node that violates one or more of the expressions. - The node that is most preferred is the one - with the greatest sum of weights, i.e. for - each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum - by iterating through the elements of this - field and adding "weight" to the sum if the - node matches the corresponding matchExpressions; - the node(s) with the highest sum are the most - preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. items: - description: An empty preferred scheduling - term matches all objects with implicit weight - 0 (i.e. it's a no-op). A null preferred - scheduling term matches no objects (i.e. - is also a no-op). + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). properties: preference: description: A node selector term, associated @@ -4427,35 +4934,26 @@ spec: description: A list of node selector requirements by node's labels. items: - description: A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's - relationship to a set of values. - Valid operators are In, NotIn, - Exists, DoesNotExist. Gt, - and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string - values. If the operator is - In or NotIn, the values array - must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. - If the operator is Gt or Lt, - the values array must have - a single element, which will - be interpreted as an integer. - This array is replaced during - a strategic merge patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -4468,35 +4966,26 @@ spec: description: A list of node selector requirements by node's fields. items: - description: A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's - relationship to a set of values. - Valid operators are In, NotIn, - Exists, DoesNotExist. Gt, - and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string - values. If the operator is - In or NotIn, the values array - must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. - If the operator is Gt or Lt, - the values array must have - a single element, which will - be interpreted as an integer. - This array is replaced during - a strategic merge patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -4506,6 +4995,7 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic weight: description: Weight associated with matching the corresponding nodeSelectorTerm, @@ -4518,57 +5008,46 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified - by this field are not met at scheduling time, - the pod will not be scheduled onto the node. - If the affinity requirements specified by - this field cease to be met at some point during - pod execution (e.g. due to an update), the - system may or may not try to eventually evict - the pod from its node. + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. properties: nodeSelectorTerms: description: Required. A list of node selector terms. The terms are ORed. items: - description: A null or empty node selector - term matches no objects. The requirements - of them are ANDed. The TopologySelectorTerm - type implements a subset of the NodeSelectorTerm. + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. properties: matchExpressions: description: A list of node selector requirements by node's labels. items: - description: A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's - relationship to a set of values. - Valid operators are In, NotIn, - Exists, DoesNotExist. Gt, - and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string - values. If the operator is - In or NotIn, the values array - must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. - If the operator is Gt or Lt, - the values array must have - a single element, which will - be interpreted as an integer. - This array is replaced during - a strategic merge patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -4581,35 +5060,26 @@ spec: description: A list of node selector requirements by node's fields. items: - description: A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's - relationship to a set of values. - Valid operators are In, NotIn, - Exists, DoesNotExist. Gt, - and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string - values. If the operator is - In or NotIn, the values array - must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be empty. - If the operator is Gt or Lt, - the values array must have - a single element, which will - be interpreted as an integer. - This array is replaced during - a strategic merge patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -4619,10 +5089,12 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic type: array required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: description: Describes pod affinity scheduling rules @@ -4630,20 +5102,16 @@ spec: etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule - pods to nodes that satisfy the affinity expressions - specified by this field, but it may choose - a node that violates one or more of the expressions. - The node that is most preferred is the one - with the greatest sum of weights, i.e. for - each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum - by iterating through the elements of this - field and adding "weight" to the sum if the - node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest - sum are the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. items: description: The weights of all of the matched WeightedPodAffinityTerm fields are added @@ -4664,11 +5132,9 @@ spec: requirements. The requirements are ANDed. items: - description: A label selector - requirement is a selector - that contains values, a key, - and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the @@ -4676,23 +5142,16 @@ spec: applies to. type: string operator: - description: operator represents - a key's relationship to - a set of values. Valid - operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an - array of string values. - If the operator is In - or NotIn, the values array - must be non-empty. If - the operator is Exists - or DoesNotExist, the values - array must be empty. This - array is replaced during - a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -4704,28 +5163,20 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a - map of {key,value} pairs. A - single {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator - is "In", and the values array - contains only "value". The requirements - are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: - description: A label query over the - set of namespaces that the term - applies to. The term is applied - to the union of the namespaces selected - by this field and the ones listed - in the namespaces field. null selector - and null or empty namespaces list - means "this pod's namespace". An - empty selector ({}) matches all - namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions @@ -4733,11 +5184,9 @@ spec: requirements. The requirements are ANDed. items: - description: A label selector - requirement is a selector - that contains values, a key, - and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the @@ -4745,23 +5194,16 @@ spec: applies to. type: string operator: - description: operator represents - a key's relationship to - a set of values. Valid - operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an - array of string values. - If the operator is In - or NotIn, the values array - must be non-empty. If - the operator is Exists - or DoesNotExist, the values - array must be empty. This - array is replaced during - a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -4773,49 +5215,37 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a - map of {key,value} pairs. A - single {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator - is "In", and the values array - contains only "value". The requirements - are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies - a static list of namespace names - that the term applies to. The term - is applied to the union of the namespaces - listed in this field and the ones - selected by namespaceSelector. null - or empty namespaces list and null - namespaceSelector means "this pod's - namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching the labelSelector - in the specified namespaces, where - co-located is defined as running - on a node whose value of the label - with key topologyKey matches that - of any node on which any of the - selected pods is running. Empty - topologyKey is not allowed. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching - the corresponding podAffinityTerm, in - the range 1-100. + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. format: int32 type: integer required: @@ -4824,27 +5254,22 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified - by this field are not met at scheduling time, - the pod will not be scheduled onto the node. - If the affinity requirements specified by - this field cease to be met at some point during - pod execution (e.g. due to a pod label update), - the system may or may not try to eventually - evict the pod from its node. When there are - multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. - all terms must be satisfied. + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely - those matching the labelSelector relative - to the given namespace(s)) that this pod - should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is - defined as running on a node whose value - of the label with key matches - that of any node on which a pod of the set - of pods is running + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running properties: labelSelector: description: A label query over a set @@ -4855,10 +5280,9 @@ spec: list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label @@ -4866,21 +5290,15 @@ spec: to. type: string operator: - description: operator represents - a key's relationship to a - set of values. Valid operators - are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array - of string values. If the operator - is In or NotIn, the values - array must be non-empty. If - the operator is Exists or - DoesNotExist, the values array - must be empty. This array - is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -4893,24 +5311,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map - of {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: - description: A label query over the set - of namespaces that the term applies - to. The term is applied to the union - of the namespaces selected by this field - and the ones listed in the namespaces - field. null selector and null or empty - namespaces list means "this pod's namespace". + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. properties: matchExpressions: @@ -4918,10 +5331,9 @@ spec: list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label @@ -4929,21 +5341,15 @@ spec: to. type: string operator: - description: operator represents - a key's relationship to a - set of values. Valid operators - are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array - of string values. If the operator - is In or NotIn, the values - array must be non-empty. If - the operator is Exists or - DoesNotExist, the values array - must be empty. This array - is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -4956,38 +5362,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map - of {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static - list of namespace names that the term - applies to. The term is applied to the - union of the namespaces listed in this - field and the ones selected by namespaceSelector. - null or empty namespaces list and null - namespaceSelector means "this pod's - namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching the labelSelector - in the specified namespaces, where co-located - is defined as running on a node whose - value of the label with key topologyKey - matches that of any node on which any - of the selected pods is running. Empty - topologyKey is not allowed. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. type: string required: - topologyKey @@ -5000,21 +5397,16 @@ spec: node, zone, etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule - pods to nodes that satisfy the anti-affinity - expressions specified by this field, but it - may choose a node that violates one or more - of the expressions. The node that is most - preferred is the one with the greatest sum - of weights, i.e. for each node that meets - all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity - expressions, etc.), compute a sum by iterating - through the elements of this field and adding - "weight" to the sum if the node has pods which - matches the corresponding podAffinityTerm; - the node(s) with the highest sum are the most - preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. items: description: The weights of all of the matched WeightedPodAffinityTerm fields are added @@ -5035,11 +5427,9 @@ spec: requirements. The requirements are ANDed. items: - description: A label selector - requirement is a selector - that contains values, a key, - and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the @@ -5047,23 +5437,16 @@ spec: applies to. type: string operator: - description: operator represents - a key's relationship to - a set of values. Valid - operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an - array of string values. - If the operator is In - or NotIn, the values array - must be non-empty. If - the operator is Exists - or DoesNotExist, the values - array must be empty. This - array is replaced during - a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -5075,28 +5458,20 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a - map of {key,value} pairs. A - single {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator - is "In", and the values array - contains only "value". The requirements - are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: - description: A label query over the - set of namespaces that the term - applies to. The term is applied - to the union of the namespaces selected - by this field and the ones listed - in the namespaces field. null selector - and null or empty namespaces list - means "this pod's namespace". An - empty selector ({}) matches all - namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions @@ -5104,11 +5479,9 @@ spec: requirements. The requirements are ANDed. items: - description: A label selector - requirement is a selector - that contains values, a key, - and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the @@ -5116,23 +5489,16 @@ spec: applies to. type: string operator: - description: operator represents - a key's relationship to - a set of values. Valid - operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an - array of string values. - If the operator is In - or NotIn, the values array - must be non-empty. If - the operator is Exists - or DoesNotExist, the values - array must be empty. This - array is replaced during - a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -5144,49 +5510,37 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a - map of {key,value} pairs. A - single {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator - is "In", and the values array - contains only "value". The requirements - are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies - a static list of namespace names - that the term applies to. The term - is applied to the union of the namespaces - listed in this field and the ones - selected by namespaceSelector. null - or empty namespaces list and null - namespaceSelector means "this pod's - namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching the labelSelector - in the specified namespaces, where - co-located is defined as running - on a node whose value of the label - with key topologyKey matches that - of any node on which any of the - selected pods is running. Empty - topologyKey is not allowed. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching - the corresponding podAffinityTerm, in - the range 1-100. + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. format: int32 type: integer required: @@ -5195,27 +5549,22 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements - specified by this field are not met at scheduling - time, the pod will not be scheduled onto the - node. If the anti-affinity requirements specified - by this field cease to be met at some point - during pod execution (e.g. due to a pod label - update), the system may or may not try to - eventually evict the pod from its node. When - there are multiple elements, the lists of - nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely - those matching the labelSelector relative - to the given namespace(s)) that this pod - should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is - defined as running on a node whose value - of the label with key matches - that of any node on which a pod of the set - of pods is running + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running properties: labelSelector: description: A label query over a set @@ -5226,10 +5575,9 @@ spec: list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label @@ -5237,21 +5585,15 @@ spec: to. type: string operator: - description: operator represents - a key's relationship to a - set of values. Valid operators - are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array - of string values. If the operator - is In or NotIn, the values - array must be non-empty. If - the operator is Exists or - DoesNotExist, the values array - must be empty. This array - is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -5264,24 +5606,19 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map - of {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: - description: A label query over the set - of namespaces that the term applies - to. The term is applied to the union - of the namespaces selected by this field - and the ones listed in the namespaces - field. null selector and null or empty - namespaces list means "this pod's namespace". + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. properties: matchExpressions: @@ -5289,10 +5626,9 @@ spec: list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label @@ -5300,21 +5636,15 @@ spec: to. type: string operator: - description: operator represents - a key's relationship to a - set of values. Valid operators - are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array - of string values. If the operator - is In or NotIn, the values - array must be non-empty. If - the operator is Exists or - DoesNotExist, the values array - must be empty. This array - is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -5327,38 +5657,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map - of {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static - list of namespace names that the term - applies to. The term is applied to the - union of the namespaces listed in this - field and the ones selected by namespaceSelector. - null or empty namespaces list and null - namespaceSelector means "this pod's - namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching the labelSelector - in the specified namespaces, where co-located - is defined as running on a node whose - value of the label with key topologyKey - matches that of any node on which any - of the selected pods is running. Empty - topologyKey is not allowed. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. type: string required: - topologyKey @@ -5372,24 +5693,25 @@ spec: mounted. type: boolean dnsConfig: - description: Specifies the DNS parameters of a pod. - Parameters specified here will be merged to the generated - DNS configuration based on DNSPolicy. + description: |- + Specifies the DNS parameters of a pod. + Parameters specified here will be merged to the generated DNS + configuration based on DNSPolicy. properties: nameservers: - description: A list of DNS name server IP addresses. - This will be appended to the base nameservers - generated from DNSPolicy. Duplicated nameservers - will be removed. + description: |- + A list of DNS name server IP addresses. + This will be appended to the base nameservers generated from DNSPolicy. + Duplicated nameservers will be removed. items: type: string type: array options: - description: A list of DNS resolver options. This - will be merged with the base options generated - from DNSPolicy. Duplicated entries will be removed. - Resolution options given in Options will override - those that appear in the base DNSPolicy. + description: |- + A list of DNS resolver options. + This will be merged with the base options generated from DNSPolicy. + Duplicated entries will be removed. Resolution options given in Options + will override those that appear in the base DNSPolicy. items: description: PodDNSConfigOption defines DNS resolver options of a pod. @@ -5402,120 +5724,130 @@ spec: type: object type: array searches: - description: A list of DNS search domains for host-name - lookup. This will be appended to the base search - paths generated from DNSPolicy. Duplicated search - paths will be removed. + description: |- + A list of DNS search domains for host-name lookup. + This will be appended to the base search paths generated from DNSPolicy. + Duplicated search paths will be removed. items: type: string type: array type: object dnsPolicy: - description: Set DNS policy for the pod. Defaults to - "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', - 'ClusterFirst', 'Default' or 'None'. DNS parameters - given in DNSConfig will be merged with the policy - selected with DNSPolicy. To have DNS options set along - with hostNetwork, you have to specify DNS policy explicitly - to 'ClusterFirstWithHostNet'. + description: |- + Set DNS policy for the pod. + Defaults to "ClusterFirst". + Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. + DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. + To have DNS options set along with hostNetwork, you have to specify DNS policy + explicitly to 'ClusterFirstWithHostNet'. type: string enableServiceLinks: - description: 'EnableServiceLinks indicates whether information - about services should be injected into pod''s environment - variables, matching the syntax of Docker links. Optional: - Defaults to true.' + description: |- + EnableServiceLinks indicates whether information about services should be injected into pod's + environment variables, matching the syntax of Docker links. + Optional: Defaults to true. type: boolean hostIPC: - description: 'Use the host''s ipc namespace. Optional: - Default to false.' + description: |- + Use the host's ipc namespace. + Optional: Default to false. type: boolean hostNetwork: - description: Host networking requested for this pod. - Use the host's network namespace. If this option is - set, the ports that will be used must be specified. + description: |- + Host networking requested for this pod. Use the host's network namespace. + If this option is set, the ports that will be used must be specified. Default to false. type: boolean hostPID: - description: 'Use the host''s pid namespace. Optional: - Default to false.' + description: |- + Use the host's pid namespace. + Optional: Default to false. type: boolean hostUsers: - description: 'Use the host''s user namespace. Optional: - Default to true. If set to true or not present, the - pod will be run in the host user namespace, useful - for when the pod needs a feature only available to - the host user namespace, such as loading a kernel - module with CAP_SYS_MODULE. When set to false, a new - userns is created for the pod. Setting false is useful - for mitigating container breakout vulnerabilities - even allowing users to run their containers as root - without actually having root privileges on the host. - This field is alpha-level and is only honored by servers - that enable the UserNamespacesSupport feature.' + description: |- + Use the host's user namespace. + Optional: Default to true. + If set to true or not present, the pod will be run in the host user namespace, useful + for when the pod needs a feature only available to the host user namespace, such as + loading a kernel module with CAP_SYS_MODULE. + When set to false, a new userns is created for the pod. Setting false is useful for + mitigating container breakout vulnerabilities even allowing users to run their + containers as root without actually having root privileges on the host. + This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature. type: boolean imagePullSecrets: - description: 'ImagePullSecrets is an optional list of - references to secrets in the same namespace to use - for pulling any of the images used by this PodSpec. - If specified, these secrets will be passed to individual - puller implementations for them to use. More info: - https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' + description: |- + ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. + If specified, these secrets will be passed to individual puller implementations for them to use. + More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod items: - description: LocalObjectReference contains enough - information to let you locate the referenced object - inside the same namespace. + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. properties: name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object + x-kubernetes-map-type: atomic type: array nodeName: - description: NodeName is a request to schedule this - pod onto a specific node. If it is non-empty, the - scheduler simply schedules this pod onto that node, - assuming that it fits resource requirements. + description: |- + NodeName is a request to schedule this pod onto a specific node. If it is non-empty, + the scheduler simply schedules this pod onto that node, assuming that it fits resource + requirements. type: string nodeSelector: additionalProperties: type: string - description: 'NodeSelector is a selector which must - be true for the pod to fit on a node. Selector which - must match a node''s labels for the pod to be scheduled - on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ type: object x-kubernetes-map-type: atomic os: - description: "Specifies the OS of the containers in - the pod. Some pod and container fields are restricted - if this is set. \n If the OS field is set to linux, - the following fields must be unset: -securityContext.windowsOptions - \n If the OS field is set to windows, following fields - must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers - - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile - - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy - - spec.securityContext.sysctls - spec.shareProcessNamespace - - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.seLinuxOptions + description: |- + Specifies the OS of the containers in the pod. + Some pod and container fields are restricted if this is set. + + + If the OS field is set to linux, the following fields must be unset: + -securityContext.windowsOptions + + + If the OS field is set to windows, following fields must be unset: + - spec.hostPID + - spec.hostIPC + - spec.hostUsers + - spec.securityContext.seLinuxOptions + - spec.securityContext.seccompProfile + - spec.securityContext.fsGroup + - spec.securityContext.fsGroupChangePolicy + - spec.securityContext.sysctls + - spec.shareProcessNamespace + - spec.securityContext.runAsUser + - spec.securityContext.runAsGroup + - spec.securityContext.supplementalGroups + - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - - spec.containers[*].securityContext.privileged - - spec.containers[*].securityContext.allowPrivilegeEscalation - - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser - - spec.containers[*].securityContext.runAsGroup" + - spec.containers[*].securityContext.privileged + - spec.containers[*].securityContext.allowPrivilegeEscalation + - spec.containers[*].securityContext.procMount + - spec.containers[*].securityContext.runAsUser + - spec.containers[*].securityContext.runAsGroup properties: name: - description: 'Name is the name of the operating - system. The currently supported values are linux - and windows. Additional value may be defined in - future and can be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration - Clients should expect to handle additional values - and treat unrecognized values in this field as - os: null' + description: |- + Name is the name of the operating system. The currently supported values are linux and windows. + Additional value may be defined in future and can be one of: + https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration + Clients should expect to handle additional values and treat unrecognized values in this field as os: null type: string required: - name @@ -5527,189 +5859,252 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Overhead represents the resource overhead - associated with running a pod for a given RuntimeClass. - This field will be autopopulated at admission time - by the RuntimeClass admission controller. If the RuntimeClass - admission controller is enabled, overhead must not - be set in Pod create requests. The RuntimeClass admission - controller will reject Pod create requests which have - the overhead already set. If RuntimeClass is configured - and selected in the PodSpec, Overhead will be set - to the value defined in the corresponding RuntimeClass, - otherwise it will remain unset and treated as zero. - More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md' + description: |- + Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. + This field will be autopopulated at admission time by the RuntimeClass admission controller. If + the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. + The RuntimeClass admission controller will reject Pod create requests which have the overhead already + set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value + defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. + More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md type: object preemptionPolicy: - description: PreemptionPolicy is the Policy for preempting - pods with lower priority. One of Never, PreemptLowerPriority. + description: |- + PreemptionPolicy is the Policy for preempting pods with lower priority. + One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset. type: string priority: - description: The priority value. Various system components - use this field to find the priority of the pod. When - Priority Admission Controller is enabled, it prevents - users from setting this field. The admission controller - populates this field from PriorityClassName. The higher - the value, the higher the priority. + description: |- + The priority value. Various system components use this field to find the + priority of the pod. When Priority Admission Controller is enabled, it + prevents users from setting this field. The admission controller populates + this field from PriorityClassName. + The higher the value, the higher the priority. format: int32 type: integer priorityClassName: - description: If specified, indicates the pod's priority. - "system-node-critical" and "system-cluster-critical" - are two special keywords which indicate the highest - priorities with the former being the highest priority. - Any other name must be defined by creating a PriorityClass - object with that name. If not specified, the pod priority - will be default or zero if there is no default. + description: |- + If specified, indicates the pod's priority. "system-node-critical" and + "system-cluster-critical" are two special keywords which indicate the + highest priorities with the former being the highest priority. Any other + name must be defined by creating a PriorityClass object with that name. + If not specified, the pod priority will be default or zero if there is no + default. type: string + resourceClaims: + description: |- + ResourceClaims defines which ResourceClaims must be allocated + and reserved before the Pod is allowed to start. The resources + will be made available to those containers which consume them + by name. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. + items: + description: |- + PodResourceClaim references exactly one ResourceClaim through a ClaimSource. + It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. + Containers that need access to the ResourceClaim reference it with this name. + properties: + name: + description: |- + Name uniquely identifies this resource claim inside the pod. + This must be a DNS_LABEL. + type: string + source: + description: Source describes where to find the + ResourceClaim. + properties: + resourceClaimName: + description: |- + ResourceClaimName is the name of a ResourceClaim object in the same + namespace as this pod. + type: string + resourceClaimTemplateName: + description: |- + ResourceClaimTemplateName is the name of a ResourceClaimTemplate + object in the same namespace as this pod. + + + The template will be used to create a new ResourceClaim, which will + be bound to this pod. When this pod is deleted, the ResourceClaim + will also be deleted. The pod name and resource name, along with a + generated component, will be used to form a unique name for the + ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses. + + + This field is immutable and no changes will be made to the + corresponding ResourceClaim by the control plane after creating the + ResourceClaim. + type: string + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map runtimeClassName: - description: 'RuntimeClassName refers to a RuntimeClass - object in the node.k8s.io group, which should be used - to run this pod. If no RuntimeClass resource matches - the named class, the pod will not be run. If unset - or empty, the "legacy" RuntimeClass will be used, - which is an implicit class with an empty definition - that uses the default runtime handler. More info: - https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class' + description: |- + RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used + to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. + If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an + empty definition that uses the default runtime handler. + More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class type: string schedulerName: - description: If specified, the pod will be dispatched - by specified scheduler. If not specified, the pod - will be dispatched by default scheduler. + description: |- + If specified, the pod will be dispatched by specified scheduler. + If not specified, the pod will be dispatched by default scheduler. type: string + schedulingGates: + description: |- + SchedulingGates is an opaque list of values that if specified will block scheduling the pod. + If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the + scheduler will not attempt to schedule the pod. + + + SchedulingGates can only be set at pod creation time, and be removed only afterwards. + + + This is a beta feature enabled by the PodSchedulingReadiness feature gate. + items: + description: PodSchedulingGate is associated to a + Pod to guard its scheduling. + properties: + name: + description: |- + Name of the scheduling gate. + Each scheduling gate must have a unique name field. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map serviceAccount: - description: 'DeprecatedServiceAccount is a depreciated - alias for ServiceAccountName. Deprecated: Use serviceAccountName - instead.' + description: |- + DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. + Deprecated: Use serviceAccountName instead. type: string serviceAccountName: - description: 'ServiceAccountName is the name of the - ServiceAccount to use to run this pod. More info: - https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + description: |- + ServiceAccountName is the name of the ServiceAccount to use to run this pod. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ type: string setHostnameAsFQDN: - description: If true the pod's hostname will be configured - as the pod's FQDN, rather than the leaf name (the - default). In Linux containers, this means setting - the FQDN in the hostname field of the kernel (the - nodename field of struct utsname). In Windows containers, - this means setting the registry value of hostname - for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters - to FQDN. If a pod does not have FQDN, this has no - effect. Default to false. + description: |- + If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). + In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). + In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters to FQDN. + If a pod does not have FQDN, this has no effect. + Default to false. type: boolean shareProcessNamespace: - description: 'Share a single process namespace between - all of the containers in a pod. When this is set containers - will be able to view and signal processes from other - containers in the same pod, and the first process - in each container will not be assigned PID 1. HostPID - and ShareProcessNamespace cannot both be set. Optional: - Default to false.' + description: |- + Share a single process namespace between all of the containers in a pod. + When this is set containers will be able to view and signal processes from other containers + in the same pod, and the first process in each container will not be assigned PID 1. + HostPID and ShareProcessNamespace cannot both be set. + Optional: Default to false. type: boolean terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully. May be decreased in delete - request. Value must be non-negative integer. The value - zero indicates stop immediately via the kill signal - (no opportunity to shut down). If this value is nil, - the default grace period will be used instead. The - grace period is the duration in seconds after the - processes running in the pod are sent a termination - signal and the time when the processes are forcibly - halted with a kill signal. Set this value longer than - the expected cleanup time for your process. Defaults - to 30 seconds. + description: |- + Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + If this value is nil, the default grace period will be used instead. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + Defaults to 30 seconds. format: int64 type: integer tolerations: description: If specified, the pod's tolerations. items: - description: The pod this Toleration is attached to - tolerates any taint that matches the triple - using the matching operator . + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . properties: effect: - description: Effect indicates the taint effect - to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, - PreferNoSchedule and NoExecute. + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. type: string key: - description: Key is the taint key that the toleration - applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; - this combination means to match all values and - all keys. + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. type: string operator: - description: Operator represents a key's relationship - to the value. Valid operators are Exists and - Equal. Defaults to Equal. Exists is equivalent - to wildcard for value, so that a pod can tolerate - all taints of a particular category. + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. type: string tolerationSeconds: - description: TolerationSeconds represents the - period of time the toleration (which must be - of effect NoExecute, otherwise this field is - ignored) tolerates the taint. By default, it - is not set, which means tolerate the taint forever - (do not evict). Zero and negative values will - be treated as 0 (evict immediately) by the system. + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. format: int64 type: integer value: - description: Value is the taint value the toleration - matches to. If the operator is Exists, the value - should be empty, otherwise just a regular string. + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. type: string type: object type: array topologySpreadConstraints: - description: TopologySpreadConstraints describes how - a group of pods ought to spread across topology domains. - Scheduler will schedule pods in a way which abides - by the constraints. All topologySpreadConstraints - are ANDed. + description: |- + TopologySpreadConstraints describes how a group of pods ought to spread across topology + domains. Scheduler will schedule pods in a way which abides by the constraints. + All topologySpreadConstraints are ANDed. items: description: TopologySpreadConstraint specifies how to spread matching pods among the given topology. properties: labelSelector: - description: LabelSelector is used to find matching - pods. Pods that match this label selector are - counted to determine the number of pods in their - corresponding topology domain. + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement - is a selector that contains values, a - key, and an operator that relates the - key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string @@ -5722,147 +6117,134 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic matchLabelKeys: - description: MatchLabelKeys is a set of pod label - keys to select the pods over which spreading - will be calculated. The keys are used to lookup - values from the incoming pod labels, those key-value - labels are ANDed with labelSelector to select - the group of existing pods over which spreading - will be calculated for the incoming pod. Keys - that don't exist in the incoming pod labels - will be ignored. A null or empty list means - only match against labelSelector. + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). items: type: string type: array x-kubernetes-list-type: atomic maxSkew: - description: 'MaxSkew describes the degree to - which pods may be unevenly distributed. When - `whenUnsatisfiable=DoNotSchedule`, it is the - maximum permitted difference between the number - of matching pods in the target topology and - the global minimum. The global minimum is the - minimum number of matching pods in an eligible - domain or zero if the number of eligible domains - is less than MinDomains. For example, in a 3-zone - cluster, MaxSkew is set to 1, and pods with - the same labelSelector spread as 2/2/1: In this - case, the global minimum is 1. | zone1 | zone2 - | zone3 | | P P | P P | P | - if MaxSkew - is 1, incoming pod can only be scheduled to - zone3 to become 2/2/2; scheduling it onto zone1(zone2) - would make the ActualSkew(3-1) on zone1(zone2) - violate MaxSkew(1). - if MaxSkew is 2, incoming - pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, - it is used to give higher precedence to topologies - that satisfy it. It''s a required field. Default - value is 1 and 0 is not allowed.' + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. format: int32 type: integer minDomains: - description: "MinDomains indicates a minimum number - of eligible domains. When the number of eligible - domains with matching topology keys is less - than minDomains, Pod Topology Spread treats - \"global minimum\" as 0, and then the calculation - of Skew is performed. And when the number of - eligible domains with matching topology keys - equals or greater than minDomains, this value - has no effect on scheduling. As a result, when - the number of eligible domains is less than - minDomains, scheduler won't schedule more than - maxSkew Pods to those domains. If value is nil, - the constraint behaves as if MinDomains is equal - to 1. Valid values are integers greater than - 0. When value is not nil, WhenUnsatisfiable - must be DoNotSchedule. \n For example, in a - 3-zone cluster, MaxSkew is set to 2, MinDomains - is set to 5 and pods with the same labelSelector - spread as 2/2/2: | zone1 | zone2 | zone3 | | - \ P P | P P | P P | The number of domains - is less than 5(MinDomains), so \"global minimum\" - is treated as 0. In this situation, new pod - with the same labelSelector cannot be scheduled, - because computed skew will be 3(3 - 0) if new - Pod is scheduled to any of the three zones, - it will violate MaxSkew. \n This is a beta field - and requires the MinDomainsInPodTopologySpread - feature gate to be enabled (enabled by default)." + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + + + This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). format: int32 type: integer nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates how - we will treat Pod's nodeAffinity/nodeSelector - when calculating pod topology spread skew. Options - are: - Honor: only nodes matching nodeAffinity/nodeSelector - are included in the calculations. - Ignore: - nodeAffinity/nodeSelector are ignored. All nodes - are included in the calculations. \n If this - value is nil, the behavior is equivalent to - the Honor policy. This is a alpha-level feature - enabled by the NodeInclusionPolicyInPodTopologySpread - feature flag." + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + + If this value is nil, the behavior is equivalent to the Honor policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates how we - will treat node taints when calculating pod - topology spread skew. Options are: - Honor: - nodes without taints, along with tainted nodes - for which the incoming pod has a toleration, - are included. - Ignore: node taints are ignored. - All nodes are included. \n If this value is - nil, the behavior is equivalent to the Ignore - policy. This is a alpha-level feature enabled - by the NodeInclusionPolicyInPodTopologySpread - feature flag." + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + + If this value is nil, the behavior is equivalent to the Ignore policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. type: string topologyKey: - description: TopologyKey is the key of node labels. - Nodes that have a label with this key and identical - values are considered to be in the same topology. - We consider each as a "bucket", - and try to put balanced number of pods into - each bucket. We define a domain as a particular - instance of a topology. Also, we define an eligible - domain as a domain whose nodes meet the requirements - of nodeAffinityPolicy and nodeTaintsPolicy. - e.g. If TopologyKey is "kubernetes.io/hostname", - each Node is a domain of that topology. And, - if TopologyKey is "topology.kubernetes.io/zone", - each zone is a domain of that topology. It's - a required field. + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. type: string whenUnsatisfiable: - description: 'WhenUnsatisfiable indicates how - to deal with a pod if it doesn''t satisfy the - spread constraint. - DoNotSchedule (default) - tells the scheduler not to schedule it. - ScheduleAnyway - tells the scheduler to schedule the pod in any - location, but giving higher precedence to topologies - that would help reduce the skew. A constraint - is considered "Unsatisfiable" for an incoming - pod if and only if every possible node assignment - for that pod would violate "MaxSkew" on some - topology. For example, in a 3-zone cluster, - MaxSkew is set to 1, and pods with the same - labelSelector spread as 3/1/1: | zone1 | zone2 - | zone3 | | P P P | P | P | If WhenUnsatisfiable - is set to DoNotSchedule, incoming pod can only - be scheduled to zone2(zone3) to become 3/2/1(3/1/2) - as ActualSkew(2-1) on zone2(zone3) satisfies - MaxSkew(1). In other words, the cluster can - still be imbalanced, but scheduler won''t make - it *more* imbalanced. It''s a required field.' + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. type: string required: - maxSkew @@ -5877,10 +6259,38 @@ spec: type: object type: object resources: - description: Resources are the resource requirements for the - Couchbase server container. This field overrides any automatic - allocation as defined by `spec.autoResourceAllocation`. + description: |- + Resources are the resource requirements for the Couchbase server container. + This field overrides any automatic allocation as defined by + `spec.autoResourceAllocation`. properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -5888,8 +6298,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: @@ -5898,35 +6309,34 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object serverGroups: - description: ServerGroups define the set of availability zones - you want to distribute pods over, and construct Couchbase - server groups for. By default, most cloud providers will - label nodes with the key "topology.kubernetes.io/zone", the - values associated with that key are used here to provide explicit - scheduling by the Operator. You may manually label nodes - using the "topology.kubernetes.io/zone" key, to provide failure-domain - aware scheduling when none is provided for you. Global server - groups are applied to all server classes, and may be overridden - on a per-server class basis to give more control over scheduling - and server groups. + description: |- + ServerGroups define the set of availability zones you want to distribute + pods over, and construct Couchbase server groups for. By default, most + cloud providers will label nodes with the key "topology.kubernetes.io/zone", + the values associated with that key are used here to provide explicit + scheduling by the Operator. You may manually label nodes using the + "topology.kubernetes.io/zone" key, to provide failure-domain + aware scheduling when none is provided for you. Global server groups are + applied to all server classes, and may be overridden on a per-server class + basis to give more control over scheduling and server groups. items: type: string type: array x-kubernetes-list-type: set services: - description: Services is the set of Couchbase services to run - on this server class. At least one class must contain the - data service. The field may contain any of "data", "index", - "query", "search", "eventing" or "analytics". Each service - may only be specified once. + description: |- + Services is the set of Couchbase services to run on this server class. + At least one class must contain the data service. The field may contain + any of "data", "index", "query", "search", "eventing" or "analytics". + Each service may only be specified once. items: description: Supported services enum: @@ -5941,8 +6351,9 @@ spec: type: array x-kubernetes-list-type: set size: - description: Size is the expected requested of the server class. This - field must be greater than or equal to 1. + description: |- + Size is the expected requested of the server class. This field + must be greater than or equal to 1. minimum: 1 type: integer volumeMounts: @@ -5950,64 +6361,56 @@ spec: attach to pod. properties: analytics: - description: AnalyticsClaims are persistent volumes that - encompass analytics storage associated with the analytics - service. Analytics claims can only be used on server - classes running the analytics service, and must be used - in conjunction with the default claim. This field allows - the analytics service to use different storage media (e.g. - SSD), and scale horizontally, to improve performance of - this service. This field references a volume claim template - name as defined in "spec.volumeClaimTemplates". + description: |- + AnalyticsClaims are persistent volumes that encompass analytics storage associated + with the analytics service. Analytics claims can only be used on server classes + running the analytics service, and must be used in conjunction with the default claim. + This field allows the analytics service to use different storage media (e.g. SSD), and + scale horizontally, to improve performance of this service. This field references a volume + claim template name as defined in "spec.volumeClaimTemplates". items: type: string type: array data: - description: DataClaim is a persistent volume that encompasses - key/value storage associated with the data service. The - data claim can only be used on server classes running - the data service, and must be used in conjunction with - the default claim. This field allows the data service - to use different storage media (e.g. SSD) to improve performance - of this service. This field references a volume claim - template name as defined in "spec.volumeClaimTemplates". + description: |- + DataClaim is a persistent volume that encompasses key/value storage associated + with the data service. The data claim can only be used on server classes running + the data service, and must be used in conjunction with the default claim. This + field allows the data service to use different storage media (e.g. SSD) to + improve performance of this service. This field references a volume + claim template name as defined in "spec.volumeClaimTemplates". type: string default: - description: DefaultClaim is a persistent volume that encompasses - all Couchbase persistent data, including document storage, - indexes and logs. The default volume can be used with - any server class. Use of the default claim allows the - Operator to recover failed pods from the persistent volume - far quicker than if the pod were using ephemeral storage. The - default claim cannot be used at the same time as the logs - claim within the same server class. This field references - a volume claim template name as defined in "spec.volumeClaimTemplates". + description: |- + DefaultClaim is a persistent volume that encompasses all Couchbase persistent + data, including document storage, indexes and logs. The default volume can be + used with any server class. Use of the default claim allows the Operator to + recover failed pods from the persistent volume far quicker than if the pod were + using ephemeral storage. The default claim cannot be used at the same time + as the logs claim within the same server class. This field references a volume + claim template name as defined in "spec.volumeClaimTemplates". type: string index: - description: IndexClaim s a persistent volume that encompasses - index storage associated with the index and search services. The - index claim can only be used on server classes running - the index or search services, and must be used in conjunction - with the default claim. This field allows the index and/or - search service to use different storage media (e.g. SSD) - to improve performance of this service. This field references - a volume claim template name as defined in "spec.volumeClaimTemplates". - Whilst this references index primarily, note that the - full text search (FTS) service also uses this same mount. + description: |- + IndexClaim s a persistent volume that encompasses index storage associated + with the index and search services. The index claim can only be used on server classes running + the index or search services, and must be used in conjunction with the default claim. This + field allows the index and/or search service to use different storage media (e.g. SSD) to + improve performance of this service. This field references a volume + claim template name as defined in "spec.volumeClaimTemplates". + Whilst this references index primarily, note that the full text search (FTS) service + also uses this same mount. type: string logs: - description: 'LogsClaim is a persistent volume that encompasses - only Couchbase server logs to aid with supporting the - product. The logs claim can only be used on server classes - running the following services: query, search & eventing. The - logs claim cannot be used at the same time as the default - claim within the same server class. This field references - a volume claim template name as defined in "spec.volumeClaimTemplates". - Whilst the logs claim can be used with the search service, - the recommendation is to use the default claim for these. - The reason for this is that a failure of these nodes will - require indexes to be rebuilt and subsequent performance - impact.' + description: |- + LogsClaim is a persistent volume that encompasses only Couchbase server logs to aid + with supporting the product. The logs claim can only be used on server classes running + the following services: query, search & eventing. The logs claim cannot be used at the same + time as the default claim within the same server class. This field references a volume + claim template name as defined in "spec.volumeClaimTemplates". + Whilst the logs claim can be used with the search service, the recommendation is to use the + default claim for these. The reason for this is that a failure of these nodes will require + indexes to be rebuilt and subsequent performance impact. type: string type: object required: @@ -6021,100 +6424,117 @@ spec: - name x-kubernetes-list-type: map softwareUpdateNotifications: - description: SoftwareUpdateNotifications enables software update notifications - in the UI. When enabled, the UI will alert when a Couchbase server - upgrade is available. + description: |- + SoftwareUpdateNotifications enables software update notifications in the UI. + When enabled, the UI will alert when a Couchbase server upgrade is available. type: boolean + upgradeProcess: + description: |- + UpgradeProcess defines the process that will be used when performing a couchbase cluster upgrade. + When SwapRebalance is requested (default), pods will be upgraded using either a RollingUpgrade or + ImmediateUpgrade (determined by UpgradeStrategy). When DeltaRecovery is requested, the operator will + perform an in-place upgrade on a best effort basis. DeltaRecovery cannot be used if the UpgradeStrategy + is set to ImmediateUpgrade. + enum: + - SwapRebalance + - DeltaRecovery + type: string upgradeStrategy: - description: UpgradeStrategy controls how aggressive the Operator - is when performing a cluster upgrade. When a rolling upgrade is - requested, pods are upgraded one at a time. This strategy is slower, - however less disruptive. When an immediate upgrade strategy is - requested, all pods are upgraded at the same time. This strategy - is faster, but more disruptive. This field must be either "RollingUpgrade" - or "ImmediateUpgrade", defaulting to "RollingUpgrade". + description: |- + UpgradeStrategy controls how aggressive the Operator is when performing a cluster + upgrade. When a rolling upgrade is requested, pods are upgraded one at a time. This + strategy is slower, however less disruptive. When an immediate upgrade strategy is + requested, all pods are upgraded at the same time. This strategy is faster, but more + disruptive. This field must be either "RollingUpgrade" or "ImmediateUpgrade", defaulting + to "RollingUpgrade". enum: - RollingUpgrade - ImmediateUpgrade type: string volumeClaimTemplates: - description: VolumeClaimTemplates define the desired characteristics - of a volume that can be requested/claimed by a pod, for example - the storage class to use and the volume size. Volume claim templates - are referred to by name by server class volume mount configuration. + description: |- + VolumeClaimTemplates define the desired characteristics of a volume + that can be requested/claimed by a pod, for example the storage class to + use and the volume size. Volume claim templates are referred to by name + by server class volume mount configuration. items: properties: metadata: - description: Standard objects metadata. This is a curated version - for use with Couchbase resource templates. + description: |- + Standard objects metadata. This is a curated version for use with Couchbase + resource templates. properties: annotations: additionalProperties: type: string - description: 'Annotations is an unstructured key value map - stored with a resource that may be set by external tools - to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations' + description: |- + Annotations is an unstructured key value map stored with a resource that + may be set by external tools to store and retrieve arbitrary metadata. They + are not queryable and should be preserved when modifying objects. More + info: http://kubernetes.io/docs/user-guide/annotations type: object labels: additionalProperties: type: string - description: 'Map of string keys and values that can be - used to organize and categorize (scope and select) objects. - May match selectors of replication controllers and services. - More info: http://kubernetes.io/docs/user-guide/labels' + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels type: object name: - description: 'Name must be unique within a namespace. Is - required when creating resources, although some resources - may allow a client to request the generation of an appropriate - name automatically. Name is primarily intended for creation - idempotence and configuration definition. Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' + description: |- + Name must be unique within a namespace. Is required when creating + resources, although some resources may allow a client to request the + generation of an appropriate name automatically. Name is primarily intended + for creation idempotence and configuration definition. Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/identifiers#names type: string required: - name type: object spec: - description: PersistentVolumeClaimSpec describes the common - attributes of storage devices and allows a Source for provider-specific - attributes + description: |- + PersistentVolumeClaimSpec describes the common attributes of storage devices + and allows a Source for provider-specific attributes properties: accessModes: - description: 'accessModes contains the desired access modes - the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 items: type: string type: array dataSourceRef: - description: 'dataSourceRef specifies the object from which - to populate the volume with data, if a non-empty volume - is desired. This may be any local object from a non-empty - API group (non core object) or a PersistentVolumeClaim - object. When this field is specified, volume binding will - only succeed if the type of the specified object matches - some installed volume populator or dynamic provisioner. - This field will replace the functionality of the DataSource - field and as such if both fields are non-empty, they must - have the same value. For backwards compatibility, both - fields (DataSource and DataSourceRef) will be set to the - same value automatically if one of them is empty and the - other is non-empty. There are two important differences - between DataSource and DataSourceRef: * While DataSource - only allows two specific types of objects, DataSourceRef - allows any non-core object, as well as PersistentVolumeClaim - objects. * While DataSource ignores disallowed values - (dropping them), DataSourceRef preserves all values, and - generates an error if a disallowed value is specified. - (Beta) Using this field requires the AnyVolumeDataSource - feature gate to be enabled.' + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. properties: apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, the - specified Kind must be in the core API group. For - any other third-party types, APIGroup is required. + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. type: string kind: description: Kind is the type of resource being referenced @@ -6122,18 +6542,52 @@ spec: name: description: Name is the name of resource being referenced type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string required: - kind - name type: object resources: - description: 'resources represents the minimum resources - the volume should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed to specify resource - requirements that are lower than previous value but must - still be higher than capacity recorded in the status field - of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one entry in + PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -6141,8 +6595,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of - compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: @@ -6151,11 +6606,11 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount - of compute resources required. If Requests is omitted - for a container, it defaults to Limits if that is - explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object selector: @@ -6166,8 +6621,8 @@ spec: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: @@ -6175,17 +6630,16 @@ spec: applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -6197,21 +6651,22 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic storageClassName: - description: 'storageClassName is the name of the StorageClass - required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 type: string volumeMode: - description: volumeMode defines what type of volume is required - by the claim. Value of Filesystem is implied when not - included in claim spec. + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. type: string volumeName: description: volumeName is the binding reference to the @@ -6224,8 +6679,9 @@ spec: type: object type: array xdcr: - description: XDCR defines whether the Operator should manage XDCR, - remote clusters and how to lookup replication resources. + description: |- + XDCR defines whether the Operator should manage XDCR, remote clusters and how + to lookup replication resources. properties: managed: description: Managed defines whether XDCR is managed by the operator @@ -6239,10 +6695,11 @@ spec: for XDCR. properties: authenticationSecret: - description: AuthenticationSecret is a secret used to authenticate - when establishing a remote connection. It is only required - when not using mTLS. The secret must contain a username - (secret key "username") and password (secret key "password"). + description: |- + AuthenticationSecret is a secret used to authenticate when establishing a + remote connection. It is only required when not using mTLS. The secret + must contain a username (secret key "username") and password (secret key + "password"). type: string hostname: description: Hostname is the connection string to use to @@ -6251,45 +6708,45 @@ spec: pattern: ^((couchbase|http)(s)?(://))?((\b((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\.|$)){4}\b)|((([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9]))|\[(\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?\s*\]))(:[0-9]{0,5})?(\\{0,1}\?network=[^&]+)?$ type: string name: - description: Name of the remote cluster. Note that, -operator-managed - is added as suffix by operator automatically to the name - in order to diffrentiate from non operator managed remote - clusters. + description: |- + Name of the remote cluster. + Note that, -operator-managed is added as suffix by operator automatically + to the name in order to diffrentiate from non operator managed remote clusters. type: string replications: - description: Replications are replication streams from this - cluster to the remote one. This field defines how to look - up CouchbaseReplication resources. By default any CouchbaseReplication - resources in the namespace will be considered. + description: |- + Replications are replication streams from this cluster to the remote one. + This field defines how to look up CouchbaseReplication resources. By default + any CouchbaseReplication resources in the namespace will be considered. properties: selector: - description: Selector allows CouchbaseReplication resources - to be filtered based on labels. + description: |- + Selector allows CouchbaseReplication resources to be filtered + based on labels. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -6301,32 +6758,32 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic type: object tls: - description: TLS if specified references a resource containing - the necessary certificate data for an encrypted connection. + description: |- + TLS if specified references a resource containing the necessary certificate + data for an encrypted connection. properties: secret: - description: Secret references a secret containing the - CA certificate (data key "ca"), and optionally a client - certificate (data key "certificate") and key (data - key "key"). + description: |- + Secret references a secret containing the CA certificate (data key "ca"), + and optionally a client certificate (data key "certificate") and key + (data key "key"). type: string required: - secret type: object uuid: - description: UUID of the remote cluster. The UUID of a - CouchbaseCluster resource is advertised in the status.clusterId - field of the resource. + description: |- + UUID of the remote cluster. The UUID of a CouchbaseCluster resource + is advertised in the status.clusterId field of the resource. pattern: ^[0-9a-f]{32}$ type: string required: @@ -6358,23 +6815,26 @@ spec: anyOf: - type: integer - type: string - description: 'AllocatedMemory defines the total memory allocated - for constrained Couchbase services. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes' + description: |- + AllocatedMemory defines the total memory allocated for constrained Couchbase services. + More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ type: string x-kubernetes-int-or-string: true allocatedMemoryPercent: - description: AllocatedMemoryPercent is set when memory resources - are requested and define how much of the requested memory - is allocated to constrained Couchbase services. + description: |- + AllocatedMemoryPercent is set when memory resources are requested and define how much of + the requested memory is allocated to constrained Couchbase services. type: integer analyticsServiceAllocation: anyOf: - type: integer - type: string - description: 'AnalyticsServiceAllocation is set when the analytics - service is enabled for this class and defines how much memory - this service consumes per pod. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes' + description: |- + AnalyticsServiceAllocation is set when the analytics service is enabled for this class and + defines how much memory this service consumes per pod. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ type: string x-kubernetes-int-or-string: true @@ -6382,9 +6842,10 @@ spec: anyOf: - type: integer - type: string - description: 'DataServiceAllocation is set when the data service - is enabled for this class and defines how much memory this - service consumes per pod. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes' + description: |- + DataServiceAllocation is set when the data service is enabled for this class and + defines how much memory this service consumes per pod. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ type: string x-kubernetes-int-or-string: true @@ -6392,9 +6853,10 @@ spec: anyOf: - type: integer - type: string - description: 'EventingServiceAllocation is set when the eventing - service is enabled for this class and defines how much memory - this service consumes per pod. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes' + description: |- + EventingServiceAllocation is set when the eventing service is enabled for this class and + defines how much memory this service consumes per pod. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ type: string x-kubernetes-int-or-string: true @@ -6402,9 +6864,10 @@ spec: anyOf: - type: integer - type: string - description: 'IndexServiceAllocation is set when the index service - is enabled for this class and defines how much memory this - service consumes per pod. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes' + description: |- + IndexServiceAllocation is set when the index service is enabled for this class and + defines how much memory this service consumes per pod. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ type: string x-kubernetes-int-or-string: true @@ -6416,8 +6879,10 @@ spec: anyOf: - type: integer - type: string - description: 'RequestedMemory, if set, defines the Kubernetes - resource request for the server class. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes' + description: |- + RequestedMemory, if set, defines the Kubernetes resource request for the server class. + More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ type: string x-kubernetes-int-or-string: true @@ -6425,9 +6890,10 @@ spec: anyOf: - type: integer - type: string - description: 'SearchServiceAllocation is set when the search - service is enabled for this class and defines how much memory - this service consumes per pod. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes' + description: |- + SearchServiceAllocation is set when the search service is enabled for this class and + defines how much memory this service consumes per pod. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ type: string x-kubernetes-int-or-string: true @@ -6435,16 +6901,17 @@ spec: anyOf: - type: integer - type: string - description: 'UnusedMemory is set when memory resources are - requested and is the difference between the requestedMemory - and allocatedMemory. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes' + description: |- + UnusedMemory is set when memory resources are requested and is the difference between + the requestedMemory and allocatedMemory. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ type: string x-kubernetes-int-or-string: true unusedMemoryPercent: - description: UnusedMemoryPercent is set when memory resources - are requested and defines how much requested memory is not - allocated. Couchbase server expects at least a 20% overhead. + description: |- + UnusedMemoryPercent is set when memory resources are requested and defines how much + requested memory is not allocated. Couchbase server expects at least a 20% overhead. type: integer required: - name @@ -6464,9 +6931,9 @@ spec: description: CompressionMode defines how documents are compressed. type: string conflictResolution: - description: ConflictResolution is relevant for `couchbase` - and `ephemeral` bucket types and indicates how to resolve - conflicts when using multi-master XDCR. + description: |- + ConflictResolution is relevant for `couchbase` and `ephemeral` bucket types + and indicates how to resolve conflicts when using multi-master XDCR. type: string enableFlush: description: EnableFlush is whether a client can delete all @@ -6477,13 +6944,14 @@ spec: documents are replicated. type: boolean evictionPolicy: - description: EvictionPolicy is relevant for `couchbase` and - `ephemeral` bucket types and indicates how documents are evicted - from memory when it is exhausted. + description: |- + EvictionPolicy is relevant for `couchbase` and `ephemeral` bucket types + and indicates how documents are evicted from memory when it is exhausted. type: string ioPriority: - description: IoPriority is `low` or `high` depending on the - number of threads spawned for data processing. + description: |- + IoPriority is `low` or `high` depending on the number of threads + spawned for data processing. type: string memoryQuota: description: BucketMemoryQuota is the bucket memory quota in @@ -6521,9 +6989,10 @@ spec: type: object type: array clusterId: - description: ClusterID is the unique cluster UUID. This is generated - every time a new cluster is created, so may vary over the lifetime - of a cluster if it is recreated by disaster recovery mechanisms. + description: |- + ClusterID is the unique cluster UUID. This is generated every time + a new cluster is created, so may vary over the lifetime of a cluster + if it is recreated by disaster recovery mechanisms. type: string conditions: description: Current service state of the Couchbase cluster. @@ -6569,13 +7038,15 @@ spec: type: object type: array controlPaused: - description: ControlPaused indicates if the Operator has acknowledged - and paused the control of the cluster. + description: |- + ControlPaused indicates if the Operator has acknowledged and paused the + control of the cluster. type: boolean currentVersion: - description: CurrentVersion is the current Couchbase version. This - reflects the version of the whole cluster, therefore during upgrade, - it is only updated when the upgrade has completed. + description: |- + CurrentVersion is the current Couchbase version. This reflects the + version of the whole cluster, therefore during upgrade, it is only + updated when the upgrade has completed. type: string groups: description: Groups describes all the groups managed by the cluster. @@ -6586,22 +7057,23 @@ spec: description: Members are the Couchbase members in the cluster. properties: ready: - description: Ready are the Couchbase members that are clustered - and ready to serve client requests. The member names are the - same as the Couchbase pod names. + description: |- + Ready are the Couchbase members that are clustered and ready to serve + client requests. The member names are the same as the Couchbase pod names. items: type: string type: array unready: - description: Unready are the Couchbase members not clustered or - unready to serve client requests. The member names are the - same as the Couchbase pod names. + description: |- + Unready are the Couchbase members not clustered or unready to serve + client requests. The member names are the same as the Couchbase pod names. items: type: string type: array type: object size: - description: Size is the current size of the cluster in terms of pods. Individual + description: |- + Size is the current size of the cluster in terms of pods. Individual pod status conditions are listed in the members status. type: integer users: @@ -6622,8 +7094,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - config.couchbase.com/version: 2.5.0 - controller-gen.kubebuilder.io/version: v0.8.0 + config.couchbase.com/version: 2.7.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: couchbasecollectiongroups.couchbase.com spec: group: couchbase.com @@ -6637,26 +7109,31 @@ spec: - name: v2 schema: openAPIV3Schema: - description: CouchbaseCollectionGroup represent the finest grained size of - data storage in Couchbase. Collections contain all documents and indexes - in the system. Collections also form the finest grain basis for role-based - access control (RBAC) and cross-datacenter replication (XDCR). In order - to be considered by the Operator, every collection group must be referenced - by a `CouchbaseScope` or `CouchbaseScopeGroup` resource. Unlike the CouchbaseCollection - resource, a collection group represents multiple collections, with common - configuration parameters, to be expressed as a single resource, minimizing - required configuration and Kubernetes API traffic. It also forms the basis - of Couchbase RBAC security boundaries. + description: |- + CouchbaseCollectionGroup represent the finest grained size of data storage in Couchbase. + Collections contain all documents and indexes in the system. Collections also form + the finest grain basis for role-based access control (RBAC) and cross-datacenter + replication (XDCR). In order to be considered by the Operator, every collection group + must be referenced by a `CouchbaseScope` or `CouchbaseScopeGroup` resource. Unlike the + CouchbaseCollection resource, a collection group represents multiple collections, with + common configuration parameters, to be expressed as a single resource, minimizing required + configuration and Kubernetes API traffic. It also forms the basis of Couchbase RBAC + security boundaries. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -6664,31 +7141,33 @@ spec: description: Spec defines the desired state of the resource. properties: maxTTL: - description: 'MaxTTL defines how long a document is permitted to exist - for, without modification, until it is automatically deleted. This - field takes precedence over any TTL defined at the bucket level. This - is a default, and maximum time-to-live and may be set to a lower - value by the client. If the client specifies a higher value, then - it is truncated to the maximum durability. Documents are removed - by Couchbase, after they have expired, when either accessed, the - expiry pager is run, or the bucket is compacted. When set to 0, - then documents are not expired by default. This field must be a - duration in the range 0-2147483648s, defaulting to 0. More info: - https://golang.org/pkg/time/#ParseDuration' + description: |- + MaxTTL defines how long a document is permitted to exist for, without + modification, until it is automatically deleted. This field takes precedence over + any TTL defined at the bucket level. This is a default, and maximum + time-to-live and may be set to a lower value by the client. If the client specifies + a higher value, then it is truncated to the maximum durability. Documents are + removed by Couchbase, after they have expired, when either accessed, the expiry + pager is run, or the bucket is compacted. When set to 0, then documents are not + expired by default. This field must be a duration in the range 0-2147483648s, + defaulting to 0. More info: + https://golang.org/pkg/time/#ParseDuration type: string names: - description: Names specifies the names of the collections. Unlike - CouchbaseCollection, which specifies a single collection, a collection - group specifies multiple, and the collection group must specify - at least one collection name. Any collection names specified must - be unique. Collection names must be 1-251 characters in length, - contain only [a-zA-Z0-9_-%] and not start with either _ or %. + description: |- + Names specifies the names of the collections. Unlike CouchbaseCollection, which + specifies a single collection, a collection group specifies multiple, and the + collection group must specify at least one collection name. + Any collection names specified must be unique. + Collection names must be 1-251 characters in length, contain only [a-zA-Z0-9_-%] + and not start with either _ or %. items: - description: ScopeOrCollectionName is a generic type to capture - a valid scope or collection name. These must consist of 1-251 - characters, include only A-Z, a-z, 0-9, -, _ or %, and must not - start with _ (which is an internal marker) or % (which is probably - an escape character in language X). + description: |- + ScopeOrCollectionName is a generic type to capture a valid + scope or collection name. These must consist of 1-251 characters, + include only A-Z, a-z, 0-9, -, _ or %, and must not start with + _ (which is an internal marker) or % (which is probably an escape + character in language X). maxLength: 251 minLength: 1 pattern: ^[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,250}$ @@ -6708,8 +7187,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - config.couchbase.com/version: 2.5.0 - controller-gen.kubebuilder.io/version: v0.8.0 + config.couchbase.com/version: 2.7.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: couchbasecollections.couchbase.com spec: group: couchbase.com @@ -6723,22 +7202,27 @@ spec: - name: v2 schema: openAPIV3Schema: - description: CouchbaseCollection represent the finest grained size of data - storage in Couchbase. Collections contain all documents and indexes in the - system. Collections also form the finest grain basis for role-based access - control (RBAC) and cross-datacenter replication (XDCR). In order to be - considered by the Operator, every collection must be referenced by a `CouchbaseScope` - or `CouchbaseScopeGroup` resource. + description: |- + CouchbaseCollection represent the finest grained size of data storage in Couchbase. + Collections contain all documents and indexes in the system. Collections also form + the finest grain basis for role-based access control (RBAC) and cross-datacenter + replication (XDCR). In order to be considered by the Operator, every collection + must be referenced by a `CouchbaseScope` or `CouchbaseScopeGroup` resource. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -6747,26 +7231,26 @@ spec: description: Spec defines the desired state of the resource. properties: maxTTL: - description: 'MaxTTL defines how long a document is permitted to exist - for, without modification, until it is automatically deleted. This - field takes precedence over any TTL defined at the bucket level. This - is a default, and maximum time-to-live and may be set to a lower - value by the client. If the client specifies a higher value, then - it is truncated to the maximum durability. Documents are removed - by Couchbase, after they have expired, when either accessed, the - expiry pager is run, or the bucket is compacted. When set to 0, - then documents are not expired by default. This field must be a - duration in the range 0-2147483648s, defaulting to 0. More info: - https://golang.org/pkg/time/#ParseDuration' + description: |- + MaxTTL defines how long a document is permitted to exist for, without + modification, until it is automatically deleted. This field takes precedence over + any TTL defined at the bucket level. This is a default, and maximum + time-to-live and may be set to a lower value by the client. If the client specifies + a higher value, then it is truncated to the maximum durability. Documents are + removed by Couchbase, after they have expired, when either accessed, the expiry + pager is run, or the bucket is compacted. When set to 0, then documents are not + expired by default. This field must be a duration in the range 0-2147483648s, + defaulting to 0. More info: + https://golang.org/pkg/time/#ParseDuration type: string name: - description: Name specifies the name of the collection. By default, - the metadata.name is used to define the collection name, however, - due to the limited character set, this field can be used to override - the default and provide the full functionality. Additionally the - `metadata.name` field is a DNS label, and thus limited to 63 characters, - this field must be used if the name is longer than this limit. Collection - names must be 1-251 characters in length, contain only [a-zA-Z0-9_-%] + description: |- + Name specifies the name of the collection. By default, the metadata.name is + used to define the collection name, however, due to the limited character set, + this field can be used to override the default and provide the full functionality. + Additionally the `metadata.name` field is a DNS label, and thus limited to 63 + characters, this field must be used if the name is longer than this limit. + Collection names must be 1-251 characters in length, contain only [a-zA-Z0-9_-%] and not start with either _ or %. maxLength: 251 minLength: 1 @@ -6781,8 +7265,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - config.couchbase.com/version: 2.5.0 - controller-gen.kubebuilder.io/version: v0.8.0 + config.couchbase.com/version: 2.7.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: couchbaseephemeralbuckets.couchbase.com spec: group: couchbase.com @@ -6815,40 +7299,46 @@ spec: name: v2 schema: openAPIV3Schema: - description: The CouchbaseEphemeralBucket resource defines a set of documents - in Couchbase server. A Couchbase client connects to and operates on a bucket, - which provides independent management of a set documents and a security - boundary for role based access control. A CouchbaseEphemeralBucket provides - in-memory only storage and replication for documents contained by it. + description: |- + The CouchbaseEphemeralBucket resource defines a set of documents in Couchbase server. + A Couchbase client connects to and operates on a bucket, which provides independent + management of a set documents and a security boundary for role based access control. + A CouchbaseEphemeralBucket provides in-memory only storage and replication for documents + contained by it. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: default: {} - description: CouchbaseEphemeralBucketSpec is the specification for an - ephemeral Couchbase bucket resource, and allows the bucket to be customized. + description: |- + CouchbaseEphemeralBucketSpec is the specification for an ephemeral Couchbase bucket + resource, and allows the bucket to be customized. properties: compressionMode: default: passive - description: CompressionMode defines how Couchbase server handles - document compression. When off, documents are stored in memory, - and transferred to the client uncompressed. When passive, documents - are stored compressed in memory, and transferred to the client compressed - when requested. When active, documents are stored compresses in - memory and when transferred to the client. This field must be "off", - "passive" or "active", defaulting to "passive". Be aware "off" - in YAML 1.2 is a boolean, so must be quoted as a string in configuration - files. + description: |- + CompressionMode defines how Couchbase server handles document compression. When + off, documents are stored in memory, and transferred to the client uncompressed. + When passive, documents are stored compressed in memory, and transferred to the + client compressed when requested. When active, documents are stored compresses + in memory and when transferred to the client. This field must be "off", "passive" + or "active", defaulting to "passive". Be aware "off" in YAML 1.2 is a boolean, so + must be quoted as a string in configuration files. enum: - "off" - passive @@ -6856,143 +7346,157 @@ spec: type: string conflictResolution: default: seqno - description: ConflictResolution defines how XDCR handles concurrent - write conflicts. Sequence number based resolution selects the document - with the highest sequence number as the most recent. Timestamp based - resolution selects the document that was written to most recently - as the most recent. This field must be "seqno" (sequence based), - or "lww" (timestamp based), defaulting to "seqno". + description: |- + ConflictResolution defines how XDCR handles concurrent write conflicts. Sequence number + based resolution selects the document with the highest sequence number as the most recent. + Timestamp based resolution selects the document that was written to most recently as the + most recent. This field must be "seqno" (sequence based), or "lww" (timestamp based), + defaulting to "seqno". enum: - seqno - lww type: string enableFlush: - description: EnableFlush defines whether a client can delete all documents - in a bucket. This field defaults to false. + description: |- + EnableFlush defines whether a client can delete all documents in a bucket. + This field defaults to false. type: boolean evictionPolicy: default: noEviction - description: EvictionPolicy controls how Couchbase handles memory - exhaustion. No eviction means that Couchbase server will make this - bucket read-only when memory is exhausted in order to avoid data - loss. NRU eviction will delete documents that haven't been used - recently in order to free up memory. This field must be "noEviction" - or "nruEviction", defaulting to "noEviction". + description: |- + EvictionPolicy controls how Couchbase handles memory exhaustion. No eviction means + that Couchbase server will make this bucket read-only when memory is exhausted in + order to avoid data loss. NRU eviction will delete documents that haven't been used + recently in order to free up memory. This field must be "noEviction" or "nruEviction", + defaulting to "noEviction". enum: - noEviction - nruEviction type: string ioPriority: default: low - description: IOPriority controls how many threads a bucket has, per - pod, to process reads and writes. This field must be "low" or "high", - defaulting to "low". Modification of this field will cause a temporary - service disruption as threads are restarted. + description: |- + IOPriority controls how many threads a bucket has, per pod, to process reads and writes. + This field must be "low" or "high", defaulting to "low". Modification of this field will + cause a temporary service disruption as threads are restarted. enum: - low - high type: string maxTTL: - description: 'MaxTTL defines how long a document is permitted to exist - for, without modification, until it is automatically deleted. This - is a default and maximum time-to-live and may be set to a lower - value by the client. If the client specifies a higher value, then - it is truncated to the maximum durability. Documents are removed - by Couchbase, after they have expired, when either accessed, the - expiry pager is run, or the bucket is compacted. When set to 0, - then documents are not expired by default. This field must be a - duration in the range 0-2147483648s, defaulting to 0. More info: - https://golang.org/pkg/time/#ParseDuration' + description: |- + MaxTTL defines how long a document is permitted to exist for, without + modification, until it is automatically deleted. This is a default and maximum + time-to-live and may be set to a lower value by the client. If the client specifies + a higher value, then it is truncated to the maximum durability. Documents are + removed by Couchbase, after they have expired, when either accessed, the expiry + pager is run, or the bucket is compacted. When set to 0, then documents are not + expired by default. This field must be a duration in the range 0-2147483648s, + defaulting to 0. More info: + https://golang.org/pkg/time/#ParseDuration type: string memoryQuota: anyOf: - type: integer - type: string default: 100Mi - description: 'MemoryQuota is a memory limit to the size of a bucket. When - this limit is exceeded, documents will be evicted from memory defined - by the eviction policy. The memory quota is defined per Couchbase - pod running the data service. This field defaults to, and must - be greater than or equal to 100Mi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes' + description: |- + MemoryQuota is a memory limit to the size of a bucket. When this limit is exceeded, + documents will be evicted from memory defined by the eviction policy. The memory quota + is defined per Couchbase pod running the data service. This field defaults to, and must + be greater than or equal to 100Mi. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ type: string x-kubernetes-int-or-string: true minimumDurability: - description: MiniumumDurability defines how durable a document write - is by default, and can be made more durable by the client. This - feature enables ACID transactions. When none, Couchbase server will - respond when the document is in memory, it will become eventually - consistent across the cluster. When majority, Couchbase server - will respond when the document is replicated to at least half of - the pods running the data service in the cluster. This field must - be either "none" or "majority", defaulting to "none". + description: |- + MiniumumDurability defines how durable a document write is by default, and can + be made more durable by the client. This feature enables ACID transactions. + When none, Couchbase server will respond when the document is in memory, it will + become eventually consistent across the cluster. When majority, Couchbase server will + respond when the document is replicated to at least half of the pods running the + data service in the cluster. This field must be either "none" or "majority", + defaulting to "none". enum: - none - majority type: string name: - description: Name is the name of the bucket within Couchbase server. By - default the Operator will use the `metadata.name` field to define - the bucket name. The `metadata.name` field only supports a subset - of the supported character set. When specified, this field overrides - `metadata.name`. Legal bucket names have a maximum length of 100 - characters and may be composed of any character from "a-z", "A-Z", - "0-9" and "-_%\.". + description: |- + Name is the name of the bucket within Couchbase server. By default the Operator + will use the `metadata.name` field to define the bucket name. The `metadata.name` + field only supports a subset of the supported character set. When specified, this + field overrides `metadata.name`. Legal bucket names have a maximum length of 100 + characters and may be composed of any character from "a-z", "A-Z", "0-9" and "-_%\.". maxLength: 100 pattern: ^[a-zA-Z0-9-_%\.]{1,100}$ type: string + rank: + default: 0 + description: |- + Rank determines the bucket’s place in the order in which the rebalance process + handles the buckets on the cluster. The higher a bucket’s assigned integer + (in relation to the integers assigned other buckets), the sooner in the + rebalance process the bucket is handled. This assignment of rank allows a + cluster’s most mission-critical data to be rebalanced with top priority. + This option is only supported for Couchbase Server 7.6.0+. + maximum: 1000 + minimum: 0 + type: integer replicas: default: 1 - description: Replicas defines how many copies of documents Couchbase - server maintains. This directly affects how fault tolerant a Couchbase - cluster is. With a single replica, the cluster can tolerate one - data pod going down and still service requests without data loss. The - number of replicas also affect memory use. With a single replica, - the effective memory quota for documents is halved, with two replicas - it is one third. The number of replicas must be between 0 and 3, - defaulting to 1. + description: |- + Replicas defines how many copies of documents Couchbase server maintains. This directly + affects how fault tolerant a Couchbase cluster is. With a single replica, the cluster + can tolerate one data pod going down and still service requests without data loss. The + number of replicas also affect memory use. With a single replica, the effective memory + quota for documents is halved, with two replicas it is one third. The number of replicas + must be between 0 and 3, defaulting to 1. maximum: 3 minimum: 0 type: integer scopes: - description: Scopes defines whether the Operator manages scopes for - the bucket or not, and the set of scopes defined for the bucket. + description: |- + Scopes defines whether the Operator manages scopes for the bucket or not, and + the set of scopes defined for the bucket. properties: managed: - description: Managed defines whether scopes are managed for this - bucket. This field is `false` by default, and the Operator will - take no actions that will affect scopes and collections in this - bucket. The default scope and collection will be present. When - set to `true`, the Operator will manage user defined scopes, - and optionally, their collections as defined by the `CouchbaseScope`, - `CouchbaseScopeGroup`, `CouchbaseCollection` and `CouchbaseCollectionGroup` - resource documentation. If this field is set to `false` while - the already managed, then the Operator will leave whatever + description: |- + Managed defines whether scopes are managed for this bucket. + This field is `false` by default, and the Operator will take no actions that + will affect scopes and collections in this bucket. The default scope and + collection will be present. When set to `true`, the Operator will manage + user defined scopes, and optionally, their collections as defined by the + `CouchbaseScope`, `CouchbaseScopeGroup`, `CouchbaseCollection` and + `CouchbaseCollectionGroup` resource documentation. If this field is set to + `false` while the already managed, then the Operator will leave whatever configuration is already present. type: boolean resources: - description: Resources is an explicit list of named resources - that will be considered for inclusion in this bucket. If a - resource reference doesn't match a resource, then no error conditions - are raised due to undefined resource creation ordering and eventual - consistency. + description: |- + Resources is an explicit list of named resources that will be considered + for inclusion in this bucket. If a resource reference doesn't + match a resource, then no error conditions are raised due to undefined + resource creation ordering and eventual consistency. items: properties: kind: default: CouchbaseScope - description: Kind indicates the kind of resource that is - being referenced. A scope can only reference `CouchbaseScope` - and `CouchbaseScopeGroup` resource kinds. This field - defaults to `CouchbaseScope` if not specified. + description: |- + Kind indicates the kind of resource that is being referenced. A scope + can only reference `CouchbaseScope` and `CouchbaseScopeGroup` + resource kinds. This field defaults to `CouchbaseScope` if not + specified. enum: - CouchbaseScope - CouchbaseScopeGroup type: string name: - description: Name is the name of the Kubernetes resource - name that is being referenced. Legal scope names have - a maximum length of 251 characters and may be composed - of any character from "a-z", "A-Z", "0-9" and "_-%". + description: |- + Name is the name of the Kubernetes resource name that is being referenced. + Legal scope names have a maximum length of 251 + characters and may be composed of any character from "a-z", "A-Z", "0-9" and "_-%". maxLength: 251 minLength: 1 pattern: ^[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,250}$ @@ -7002,32 +7506,34 @@ spec: type: object type: array selector: - description: 'Selector allows resources to be implicitly considered - for inclusion in this bucket. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#labelselector-v1-meta' + description: |- + Selector allows resources to be implicitly considered for inclusion in this + bucket. More info: + https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#labelselector-v1-meta properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -7039,13 +7545,13 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic type: object type: object type: object @@ -7056,8 +7562,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - config.couchbase.com/version: 2.5.0 - controller-gen.kubebuilder.io/version: v0.8.0 + config.couchbase.com/version: 2.7.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: couchbasegroups.couchbase.com spec: group: couchbase.com @@ -7074,14 +7580,19 @@ spec: description: CouchbaseGroup allows the automation of Couchbase group management. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -7097,33 +7608,32 @@ spec: items: properties: bucket: - description: 'Bucket name for bucket admin roles. When not - specified for a role that can be scoped to a specific bucket, - the role will apply to all buckets in the cluster. Deprecated: Couchbase - Autonomous Operator 2.3' + description: |- + Bucket name for bucket admin roles. When not specified for a role that can be scoped + to a specific bucket, the role will apply to all buckets in the cluster. + Deprecated: Couchbase Autonomous Operator 2.3 pattern: ^\*$|^[a-zA-Z0-9-_%\.]+$ type: string buckets: - description: Bucket level access to apply to specified role. - The bucket must exist. When not specified, the bucket field - will be checked. If both are empty and the role can be scoped - to a specific bucket, the role will apply to all buckets in - the cluster + description: |- + Bucket level access to apply to specified role. The bucket must exist. When not specified, + the bucket field will be checked. If both are empty and the role can be scoped to a specific bucket, the role + will apply to all buckets in the cluster properties: resources: - description: Resources is an explicit list of named bucket - resources that will be considered for inclusion in this - role. If a resource reference doesn't match a resource, - then no error conditions are raised due to undefined resource - creation ordering and eventual consistency. + description: |- + Resources is an explicit list of named bucket resources that will be considered + for inclusion in this role. If a resource reference doesn't + match a resource, then no error conditions are raised due to undefined + resource creation ordering and eventual consistency. items: properties: kind: default: CouchbaseBucket - description: Kind indicates the kind of resource that - is being referenced. A Role can only reference - `CouchbaseBucket` kind. This field defaults to - `CouchbaseBucket` if not specified. + description: |- + Kind indicates the kind of resource that is being referenced. A Role + can only reference `CouchbaseBucket` kind. This field defaults + to `CouchbaseBucket` if not specified. enum: - CouchbaseBucket type: string @@ -7136,15 +7646,17 @@ spec: type: object type: array selector: - description: 'Selector allows resources to be implicitly - considered for inclusion in this role. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#labelselector-v1-meta' + description: |- + Selector allows resources to be implicitly considered for inclusion in this + role. More info: + https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#labelselector-v1-meta properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: @@ -7152,17 +7664,16 @@ spec: applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -7174,44 +7685,43 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic type: object collections: - description: Collection level access to apply to the specified - role. The collection must exist. When not specified, the - role is subject to scope or bucket level access. + description: |- + Collection level access to apply to the specified role. The collection must exist. + When not specified, the role is subject to scope or bucket level access. properties: resources: - description: Resources is an explicit list of named resources - that will be considered for inclusion in this collection - or collections. If a resource reference doesn't match - a resource, then no error conditions are raised due to - undefined resource creation ordering and eventual consistency. + description: |- + Resources is an explicit list of named resources that will be considered + for inclusion in this collection or collections. If a resource reference doesn't + match a resource, then no error conditions are raised due to undefined + resource creation ordering and eventual consistency. items: properties: kind: default: CouchbaseCollection - description: Kind indicates the kind of resource that - is being referenced. A scope can only reference - `CouchbaseCollection` and `CouchbaseCollectionGroup` - resource kinds. This field defaults to `CouchbaseCollection` - if not specified. + description: |- + Kind indicates the kind of resource that is being referenced. A scope + can only reference `CouchbaseCollection` and `CouchbaseCollectionGroup` + resource kinds. This field defaults to `CouchbaseCollection` if not + specified. enum: - CouchbaseCollection - CouchbaseCollectionGroup type: string name: - description: Name is the name of the Kubernetes resource - name that is being referenced. Legal collection - names have a maximum length of 251 characters and - may be composed of any character from "a-z", "A-Z", - "0-9" and "_-%". + description: |- + Name is the name of the Kubernetes resource name that is being referenced. + Legal collection names have a maximum length of 251 + characters and may be composed of any character from "a-z", "A-Z", "0-9" and "_-%". maxLength: 251 minLength: 1 pattern: ^[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,250}$ @@ -7221,16 +7731,17 @@ spec: type: object type: array selector: - description: 'Selector allows resources to be implicitly - considered for inclusion in this collection or collections. More - info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#labelselector-v1-meta' + description: |- + Selector allows resources to be implicitly considered for inclusion in this + collection or collections. More info: + https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#labelselector-v1-meta properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: @@ -7238,17 +7749,16 @@ spec: applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -7260,13 +7770,13 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic type: object name: description: Name of role. @@ -7321,35 +7831,34 @@ spec: - views_reader type: string scopes: - description: Scope level access to apply to specified role. The - scope must exist. When not specified, the role will apply - to selected bucket or all buckets in the cluster. + description: |- + Scope level access to apply to specified role. The scope must exist. When not specified, + the role will apply to selected bucket or all buckets in the cluster. properties: resources: - description: Resources is an explicit list of named resources - that will be considered for inclusion in this scope or - scopes. If a resource reference doesn't match a resource, - then no error conditions are raised due to undefined resource - creation ordering and eventual consistency. + description: |- + Resources is an explicit list of named resources that will be considered + for inclusion in this scope or scopes. If a resource reference doesn't + match a resource, then no error conditions are raised due to undefined + resource creation ordering and eventual consistency. items: properties: kind: default: CouchbaseScope - description: Kind indicates the kind of resource that - is being referenced. A scope can only reference - `CouchbaseScope` and `CouchbaseScopeGroup` resource - kinds. This field defaults to `CouchbaseScope` - if not specified. + description: |- + Kind indicates the kind of resource that is being referenced. A scope + can only reference `CouchbaseScope` and `CouchbaseScopeGroup` + resource kinds. This field defaults to `CouchbaseScope` if not + specified. enum: - CouchbaseScope - CouchbaseScopeGroup type: string name: - description: Name is the name of the Kubernetes resource - name that is being referenced. Legal scope names - have a maximum length of 251 characters and may - be composed of any character from "a-z", "A-Z", - "0-9" and "_-%". + description: |- + Name is the name of the Kubernetes resource name that is being referenced. + Legal scope names have a maximum length of 251 + characters and may be composed of any character from "a-z", "A-Z", "0-9" and "_-%". maxLength: 251 minLength: 1 pattern: ^[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,250}$ @@ -7359,16 +7868,17 @@ spec: type: object type: array selector: - description: 'Selector allows resources to be implicitly - considered for inclusion in this scope or scopes. More - info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#labelselector-v1-meta' + description: |- + Selector allows resources to be implicitly considered for inclusion in this + scope or scopes. More info: + https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#labelselector-v1-meta properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: @@ -7376,17 +7886,16 @@ spec: applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -7398,13 +7907,13 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic type: object required: - name @@ -7423,8 +7932,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - config.couchbase.com/version: 2.5.0 - controller-gen.kubebuilder.io/version: v0.8.0 + config.couchbase.com/version: 2.7.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: couchbasememcachedbuckets.couchbase.com spec: group: couchbase.com @@ -7445,53 +7954,60 @@ spec: name: v2 schema: openAPIV3Schema: - description: The CouchbaseMemcachedBucket resource defines a set of documents - in Couchbase server. A Couchbase client connects to and operates on a bucket, - which provides independent management of a set documents and a security - boundary for role based access control. A CouchbaseEphemeralBucket provides - in-memory only storage for documents contained by it. + description: |- + The CouchbaseMemcachedBucket resource defines a set of documents in Couchbase server. + A Couchbase client connects to and operates on a bucket, which provides independent + management of a set documents and a security boundary for role based access control. + A CouchbaseEphemeralBucket provides in-memory only storage for documents contained by it. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: default: {} - description: CouchbaseMemcachedBucketSpec is the specification for a Memcached - bucket resource, and allows the bucket to be customized. + description: |- + CouchbaseMemcachedBucketSpec is the specification for a Memcached bucket + resource, and allows the bucket to be customized. properties: enableFlush: - description: EnableFlush defines whether a client can delete all documents - in a bucket. This field defaults to false. + description: |- + EnableFlush defines whether a client can delete all documents in a bucket. + This field defaults to false. type: boolean memoryQuota: anyOf: - type: integer - type: string default: 100Mi - description: 'MemoryQuota is a memory limit to the size of a bucket. - The memory quota is defined per Couchbase pod running the data service. This - field defaults to, and must be greater than or equal to 100Mi. More - info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes' + description: |- + MemoryQuota is a memory limit to the size of a bucket. The memory quota + is defined per Couchbase pod running the data service. This field defaults to, and must + be greater than or equal to 100Mi. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ type: string x-kubernetes-int-or-string: true name: - description: Name is the name of the bucket within Couchbase server. By - default the Operator will use the `metadata.name` field to define - the bucket name. The `metadata.name` field only supports a subset - of the supported character set. When specified, this field overrides - `metadata.name`. Legal bucket names have a maximum length of 100 - characters and may be composed of any character from "a-z", "A-Z", - "0-9" and "-_%\.". + description: |- + Name is the name of the bucket within Couchbase server. By default the Operator + will use the `metadata.name` field to define the bucket name. The `metadata.name` + field only supports a subset of the supported character set. When specified, this + field overrides `metadata.name`. Legal bucket names have a maximum length of 100 + characters and may be composed of any character from "a-z", "A-Z", "0-9" and "-_%\.". maxLength: 100 pattern: ^[a-zA-Z0-9-_%\.]{1,100}$ type: string @@ -7504,8 +8020,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - config.couchbase.com/version: 2.5.0 - controller-gen.kubebuilder.io/version: v0.8.0 + config.couchbase.com/version: 2.7.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: couchbasemigrationreplications.couchbase.com spec: group: couchbase.com @@ -7532,22 +8048,28 @@ spec: name: v2 schema: openAPIV3Schema: - description: The CouchbaseScopeMigration resource represents the use of the - special migration mapping within XDCR to take a filtered list from the default - scope and collection of the source bucket, replicate it to named scopes - and collections within the target bucket. The bucket-to-bucket replication - cannot duplicate any used by the CouchbaseReplication resource, as these - two types of replication are mutually exclusive between buckets. https://docs.couchbase.com/server/current/learn/clusters-and-availability/xdcr-with-scopes-and-collections.html#migration + description: |- + The CouchbaseScopeMigration resource represents the use of the special migration mapping + within XDCR to take a filtered list from the default scope and collection of the source bucket, + replicate it to named scopes and collections within the target bucket. + The bucket-to-bucket replication cannot duplicate any used by the CouchbaseReplication resource, + as these two types of replication are mutually exclusive between buckets. + https://docs.couchbase.com/server/current/learn/clusters-and-availability/xdcr-with-scopes-and-collections.html#migration properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -7559,14 +8081,15 @@ spec: description: The migration mappings to use, should never be empty as that is just an implicit bucket-to-bucket replication then. items: - description: Indicates whether this is using migration mapping or - not. This is only valid when using the default scope/collection. + description: |- + Indicates whether this is using migration mapping or not. + This is only valid when using the default scope/collection. properties: filter: default: _default._default - description: A filter to select from the source default scope - and collection. Defaults to select everything in the default - scope and collection. + description: |- + A filter to select from the source default scope and collection. + Defaults to select everything in the default scope and collection. type: string targetKeyspace: description: The destination of our migration, must be a scope @@ -7600,22 +8123,22 @@ spec: replication. properties: bucket: - description: Bucket is the source bucket to replicate from. This - refers to the Couchbase bucket name, not the resource name of the - bucket. A bucket with this name must be defined on this cluster. Legal - bucket names have a maximum length of 100 characters and may be - composed of any character from "a-z", "A-Z", "0-9" and "-_%\.". + description: |- + Bucket is the source bucket to replicate from. This refers to the Couchbase + bucket name, not the resource name of the bucket. A bucket with this name must + be defined on this cluster. Legal bucket names have a maximum length of 100 + characters and may be composed of any character from "a-z", "A-Z", "0-9" and "-_%\.". maxLength: 100 pattern: ^[a-zA-Z0-9-_%\.]{1,100}$ type: string compressionType: default: Auto - description: CompressionType is the type of compression to apply to - the replication. When None, no compression will be applied to documents - as they are transferred between clusters. When Auto, Couchbase - server will automatically compress documents as they are transferred - to reduce bandwidth requirements. This field must be one of "None" - or "Auto", defaulting to "Auto". + description: |- + CompressionType is the type of compression to apply to the replication. + When None, no compression will be applied to documents as they are + transferred between clusters. When Auto, Couchbase server will automatically + compress documents as they are transferred to reduce bandwidth requirements. + This field must be one of "None" or "Auto", defaulting to "Auto". enum: - None - Auto @@ -7625,15 +8148,16 @@ spec: out of the replication. type: string paused: - description: Paused allows a replication to be stopped and restarted - without having to restart the replication from the beginning. + description: |- + Paused allows a replication to be stopped and restarted without having to + restart the replication from the beginning. type: boolean remoteBucket: - description: RemoteBucket is the remote bucket name to synchronize - to. This refers to the Couchbase bucket name, not the resource - name of the bucket. Legal bucket names have a maximum length of - 100 characters and may be composed of any character from "a-z", - "A-Z", "0-9" and "-_%\.". + description: |- + RemoteBucket is the remote bucket name to synchronize to. This refers to the + Couchbase bucket name, not the resource name of the bucket. Legal bucket names + have a maximum length of 100 characters and may be composed of any character from + "a-z", "A-Z", "0-9" and "-_%\.". maxLength: 100 pattern: ^[a-zA-Z0-9-_%\.]{1,100}$ type: string @@ -7652,8 +8176,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - config.couchbase.com/version: 2.5.0 - controller-gen.kubebuilder.io/version: v0.8.0 + config.couchbase.com/version: 2.7.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: couchbasereplications.couchbase.com spec: group: couchbase.com @@ -7680,39 +8204,45 @@ spec: name: v2 schema: openAPIV3Schema: - description: The CouchbaseReplication resource represents a Couchbase-to-Couchbase, - XDCR replication stream from a source bucket to a destination bucket. This - provides off-site backup, migration, and disaster recovery. + description: |- + The CouchbaseReplication resource represents a Couchbase-to-Couchbase, XDCR replication + stream from a source bucket to a destination bucket. This provides off-site backup, + migration, and disaster recovery. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string explicitMapping: - description: The explicit mappings to use for replication which are optional. - For Scopes and Collection replication support we can specify a set of - implicit and explicit mappings to use. If none is specified then it - is assumed to be existing bucket level replication. https://docs.couchbase.com/server/current/learn/clusters-and-availability/xdcr-with-scopes-and-collections.html#explicit-mapping + description: |- + The explicit mappings to use for replication which are optional. + For Scopes and Collection replication support we can specify a set of implicit and + explicit mappings to use. If none is specified then it is assumed to be existing + bucket level replication. + https://docs.couchbase.com/server/current/learn/clusters-and-availability/xdcr-with-scopes-and-collections.html#explicit-mapping properties: allowRules: - description: 'The list of explicit replications to carry out including - any nested implicit replications: specifying a scope implicitly - replicates all collections within it. There should be no duplicates, - including more-specific duplicates, e.g. if you specify replication - of a scope then you can only deny replication of collections within - it.' + description: |- + The list of explicit replications to carry out including any nested implicit replications: + specifying a scope implicitly replicates all collections within it. + There should be no duplicates, including more-specific duplicates, e.g. if you specify replication + of a scope then you can only deny replication of collections within it. items: - description: CouchbaseAllowReplicationMapping is to cover Scope - and Collection explicit replication. If a scope is defined then - it implicitly allows all collections unless a more specific CouchbaseDenyReplicationMapping - rule is present to block it. Once a rule is defined at scope level - it should not be redefined at collection level. https://docs.couchbase.com/server/current/learn/clusters-and-availability/xdcr-with-scopes-and-collections.html + description: |- + CouchbaseAllowReplicationMapping is to cover Scope and Collection explicit replication. + If a scope is defined then it implicitly allows all collections unless a more specific + CouchbaseDenyReplicationMapping rule is present to block it. + Once a rule is defined at scope level it should not be redefined at collection level. + https://docs.couchbase.com/server/current/learn/clusters-and-availability/xdcr-with-scopes-and-collections.html properties: sourceKeyspace: - description: 'The source keyspace: where to replicate from. - Source and target must match whether they have a collection - or not, i.e. you cannot replicate from a scope to a collection.' + description: |- + The source keyspace: where to replicate from. + Source and target must match whether they have a collection or not, i.e. you cannot + replicate from a scope to a collection. properties: collection: description: The optional collection within the scope. May @@ -7731,9 +8261,10 @@ spec: - scope type: object targetKeyspace: - description: 'The target keyspace: where to replicate to. Source - and target must match whether they have a collection or not, - i.e. you cannot replicate from a scope to a collection.' + description: |- + The target keyspace: where to replicate to. + Source and target must match whether they have a collection or not, i.e. you cannot + replicate from a scope to a collection. properties: collection: description: The optional collection within the scope. May @@ -7757,17 +8288,16 @@ spec: type: object type: array denyRules: - description: 'The list of explicit replications to prevent including - any nested implicit denials: specifying a scope implicitly denies - all collections within it. There should be no duplicates, including - more-specific duplicates, e.g. if you specify denial of replication - of a scope then you can only specify replication of collections - within it.' + description: |- + The list of explicit replications to prevent including any nested implicit denials: + specifying a scope implicitly denies all collections within it. + There should be no duplicates, including more-specific duplicates, e.g. if you specify denial of + replication of a scope then you can only specify replication of collections within it. items: - description: Provide rules to block implicit replication at scope - or collection level. You may want to implicitly map all scopes - or collections except a specific one (or set) so this is a better - way to express that by creating rules just for those to deny. + description: |- + Provide rules to block implicit replication at scope or collection level. + You may want to implicitly map all scopes or collections except a specific one (or set) so this + is a better way to express that by creating rules just for those to deny. properties: sourceKeyspace: description: 'The source keyspace: where to block replication @@ -7795,9 +8325,12 @@ spec: type: array type: object kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -7806,22 +8339,22 @@ spec: replication. properties: bucket: - description: Bucket is the source bucket to replicate from. This - refers to the Couchbase bucket name, not the resource name of the - bucket. A bucket with this name must be defined on this cluster. Legal - bucket names have a maximum length of 100 characters and may be - composed of any character from "a-z", "A-Z", "0-9" and "-_%\.". + description: |- + Bucket is the source bucket to replicate from. This refers to the Couchbase + bucket name, not the resource name of the bucket. A bucket with this name must + be defined on this cluster. Legal bucket names have a maximum length of 100 + characters and may be composed of any character from "a-z", "A-Z", "0-9" and "-_%\.". maxLength: 100 pattern: ^[a-zA-Z0-9-_%\.]{1,100}$ type: string compressionType: default: Auto - description: CompressionType is the type of compression to apply to - the replication. When None, no compression will be applied to documents - as they are transferred between clusters. When Auto, Couchbase - server will automatically compress documents as they are transferred - to reduce bandwidth requirements. This field must be one of "None" - or "Auto", defaulting to "Auto". + description: |- + CompressionType is the type of compression to apply to the replication. + When None, no compression will be applied to documents as they are + transferred between clusters. When Auto, Couchbase server will automatically + compress documents as they are transferred to reduce bandwidth requirements. + This field must be one of "None" or "Auto", defaulting to "Auto". enum: - None - Auto @@ -7831,15 +8364,16 @@ spec: out of the replication. type: string paused: - description: Paused allows a replication to be stopped and restarted - without having to restart the replication from the beginning. + description: |- + Paused allows a replication to be stopped and restarted without having to + restart the replication from the beginning. type: boolean remoteBucket: - description: RemoteBucket is the remote bucket name to synchronize - to. This refers to the Couchbase bucket name, not the resource - name of the bucket. Legal bucket names have a maximum length of - 100 characters and may be composed of any character from "a-z", - "A-Z", "0-9" and "-_%\.". + description: |- + RemoteBucket is the remote bucket name to synchronize to. This refers to the + Couchbase bucket name, not the resource name of the bucket. Legal bucket names + have a maximum length of 100 characters and may be composed of any character from + "a-z", "A-Z", "0-9" and "-_%\.". maxLength: 100 pattern: ^[a-zA-Z0-9-_%\.]{1,100}$ type: string @@ -7857,8 +8391,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - config.couchbase.com/version: 2.5.0 - controller-gen.kubebuilder.io/version: v0.8.0 + config.couchbase.com/version: 2.7.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: couchbaserolebindings.couchbase.com spec: group: couchbase.com @@ -7876,20 +8410,26 @@ spec: groups. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: CouchbaseRoleBindingSpec defines the group of subjects i.e. - users, and the role i.e. group they are a member of. + description: |- + CouchbaseRoleBindingSpec defines the group of subjects i.e. users, and the + role i.e. group they are a member of. properties: roleRef: description: CouchbaseGroup being bound to subjects. @@ -7937,8 +8477,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - config.couchbase.com/version: 2.5.0 - controller-gen.kubebuilder.io/version: v0.8.0 + config.couchbase.com/version: 2.7.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: couchbasescopegroups.couchbase.com spec: group: couchbase.com @@ -7952,28 +8492,33 @@ spec: - name: v2 schema: openAPIV3Schema: - description: CouchbaseScopeGroup represents a logical unit of data storage - that sits between buckets and collections e.g. a bucket may contain multiple - scopes, and a scope may contain multiple collections. At present, scopes - are not nested, so provide only a single level of abstraction. Scopes provide - a coarser grained basis for role-based access control (RBAC) and cross-datacenter - replication (XDCR) than collections, but finer that buckets. In order to - be considered by the Operator, a scope must be referenced by either a `CouchbaseBucket` - or `CouchbaseEphemeralBucket` resource. Unlike `CouchbaseScope` resources, - scope groups represents multiple scopes, with the same common set of collections, - to be expressed as a single resource, minimizing required configuration - and Kubernetes API traffic. It also forms the basis of Couchbase RBAC security - boundaries. + description: |- + CouchbaseScopeGroup represents a logical unit of data storage that sits between buckets and + collections e.g. a bucket may contain multiple scopes, and a scope may contain multiple + collections. At present, scopes are not nested, so provide only a single level of + abstraction. Scopes provide a coarser grained basis for role-based access control (RBAC) + and cross-datacenter replication (XDCR) than collections, but finer that buckets. + In order to be considered by the Operator, a scope must be referenced by either a + `CouchbaseBucket` or `CouchbaseEphemeralBucket` resource. + Unlike `CouchbaseScope` resources, scope groups represents multiple scopes, with the same + common set of collections, to be expressed as a single resource, minimizing required + configuration and Kubernetes API traffic. It also forms the basis of Couchbase RBAC + security boundaries. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -7981,51 +8526,53 @@ spec: description: Spec defines the desired state of the resource. properties: collections: - description: Collections defines how to collate collections included - in this scope or scope group. Any of the provided methods may be - used to collate a set of collections to manage. Collated collections - must have unique names, otherwise it is considered ambiguous, and - an error condition. + description: |- + Collections defines how to collate collections included in this scope or scope group. + Any of the provided methods may be used to collate a set of collections to + manage. Collated collections must have unique names, otherwise it is + considered ambiguous, and an error condition. properties: managed: - description: Managed indicates whether collections within this - scope are managed. If not then you can dynamically create and - delete collections with the Couchbase UI or SDKs. + description: |- + Managed indicates whether collections within this scope are managed. + If not then you can dynamically create and delete collections with + the Couchbase UI or SDKs. type: boolean preserveDefaultCollection: - description: PreserveDefaultCollection indicates whether the Operator - should manage the default collection within the default scope. The - default collection can be deleted, but can not be recreated - by Couchbase Server. By setting this field to `true`, the Operator - will implicitly manage the default collection within the default - scope. The default collection cannot be modified and will have - no document time-to-live (TTL). When set to `false`, the operator - will not manage the default collection, which will be deleted - and cannot be used or recreated. + description: |- + PreserveDefaultCollection indicates whether the Operator should manage the + default collection within the default scope. The default collection can + be deleted, but can not be recreated by Couchbase Server. By setting this + field to `true`, the Operator will implicitly manage the default collection + within the default scope. The default collection cannot be modified and + will have no document time-to-live (TTL). When set to `false`, the operator + will not manage the default collection, which will be deleted and cannot be + used or recreated. type: boolean resources: - description: Resources is an explicit list of named resources - that will be considered for inclusion in this scope or scopes. If - a resource reference doesn't match a resource, then no error - conditions are raised due to undefined resource creation ordering - and eventual consistency. + description: |- + Resources is an explicit list of named resources that will be considered + for inclusion in this scope or scopes. If a resource reference doesn't + match a resource, then no error conditions are raised due to undefined + resource creation ordering and eventual consistency. items: properties: kind: default: CouchbaseCollection - description: Kind indicates the kind of resource that is - being referenced. A scope can only reference `CouchbaseCollection` - and `CouchbaseCollectionGroup` resource kinds. This field - defaults to `CouchbaseCollection` if not specified. + description: |- + Kind indicates the kind of resource that is being referenced. A scope + can only reference `CouchbaseCollection` and `CouchbaseCollectionGroup` + resource kinds. This field defaults to `CouchbaseCollection` if not + specified. enum: - CouchbaseCollection - CouchbaseCollectionGroup type: string name: - description: Name is the name of the Kubernetes resource - name that is being referenced. Legal collection names - have a maximum length of 251 characters and may be composed - of any character from "a-z", "A-Z", "0-9" and "_-%". + description: |- + Name is the name of the Kubernetes resource name that is being referenced. + Legal collection names have a maximum length of 251 + characters and may be composed of any character from "a-z", "A-Z", "0-9" and "_-%". maxLength: 251 minLength: 1 pattern: ^[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,250}$ @@ -8035,32 +8582,34 @@ spec: type: object type: array selector: - description: 'Selector allows resources to be implicitly considered - for inclusion in this scope or scopes. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#labelselector-v1-meta' + description: |- + Selector allows resources to be implicitly considered for inclusion in this + scope or scopes. More info: + https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#labelselector-v1-meta properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -8072,27 +8621,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic type: object names: - description: Names specifies the names of the scopes. Unlike CouchbaseScope, - which specifies a single scope, a scope group specifies multiple, - and the scope group must specify at least one scope name. Any scope - names specified must be unique. Scope names must be 1-251 characters - in length, contain only [a-zA-Z0-9_-%] and not start with either - _ or %. + description: |- + Names specifies the names of the scopes. Unlike CouchbaseScope, which + specifies a single scope, a scope group specifies multiple, and the + scope group must specify at least one scope name. + Any scope names specified must be unique. + Scope names must be 1-251 characters in length, contain only [a-zA-Z0-9_-%] + and not start with either _ or %. items: - description: ScopeOrCollectionName is a generic type to capture - a valid scope or collection name. These must consist of 1-251 - characters, include only A-Z, a-z, 0-9, -, _ or %, and must not - start with _ (which is an internal marker) or % (which is probably - an escape character in language X). + description: |- + ScopeOrCollectionName is a generic type to capture a valid + scope or collection name. These must consist of 1-251 characters, + include only A-Z, a-z, 0-9, -, _ or %, and must not start with + _ (which is an internal marker) or % (which is probably an escape + character in language X). maxLength: 251 minLength: 1 pattern: ^[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,250}$ @@ -8112,8 +8663,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - config.couchbase.com/version: 2.5.0 - controller-gen.kubebuilder.io/version: v0.8.0 + config.couchbase.com/version: 2.7.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: couchbasescopes.couchbase.com spec: group: couchbase.com @@ -8127,24 +8678,29 @@ spec: - name: v2 schema: openAPIV3Schema: - description: CouchbaseScope represents a logical unit of data storage that - sits between buckets and collections e.g. a bucket may contain multiple - scopes, and a scope may contain multiple collections. At present, scopes - are not nested, so provide only a single level of abstraction. Scopes provide - a coarser grained basis for role-based access control (RBAC) and cross-datacenter - replication (XDCR) than collections, but finer that buckets. In order to - be considered by the Operator, a scope must be referenced by either a `CouchbaseBucket` - or `CouchbaseEphemeralBucket` resource. + description: |- + CouchbaseScope represents a logical unit of data storage that sits between buckets and + collections e.g. a bucket may contain multiple scopes, and a scope may contain multiple + collections. At present, scopes are not nested, so provide only a single level of + abstraction. Scopes provide a coarser grained basis for role-based access control (RBAC) + and cross-datacenter replication (XDCR) than collections, but finer that buckets. + In order to be considered by the Operator, a scope must be referenced by either a + `CouchbaseBucket` or `CouchbaseEphemeralBucket` resource. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -8153,51 +8709,53 @@ spec: description: Spec defines the desired state of the resource. properties: collections: - description: Collections defines how to collate collections included - in this scope or scope group. Any of the provided methods may be - used to collate a set of collections to manage. Collated collections - must have unique names, otherwise it is considered ambiguous, and - an error condition. + description: |- + Collections defines how to collate collections included in this scope or scope group. + Any of the provided methods may be used to collate a set of collections to + manage. Collated collections must have unique names, otherwise it is + considered ambiguous, and an error condition. properties: managed: - description: Managed indicates whether collections within this - scope are managed. If not then you can dynamically create and - delete collections with the Couchbase UI or SDKs. + description: |- + Managed indicates whether collections within this scope are managed. + If not then you can dynamically create and delete collections with + the Couchbase UI or SDKs. type: boolean preserveDefaultCollection: - description: PreserveDefaultCollection indicates whether the Operator - should manage the default collection within the default scope. The - default collection can be deleted, but can not be recreated - by Couchbase Server. By setting this field to `true`, the Operator - will implicitly manage the default collection within the default - scope. The default collection cannot be modified and will have - no document time-to-live (TTL). When set to `false`, the operator - will not manage the default collection, which will be deleted - and cannot be used or recreated. + description: |- + PreserveDefaultCollection indicates whether the Operator should manage the + default collection within the default scope. The default collection can + be deleted, but can not be recreated by Couchbase Server. By setting this + field to `true`, the Operator will implicitly manage the default collection + within the default scope. The default collection cannot be modified and + will have no document time-to-live (TTL). When set to `false`, the operator + will not manage the default collection, which will be deleted and cannot be + used or recreated. type: boolean resources: - description: Resources is an explicit list of named resources - that will be considered for inclusion in this scope or scopes. If - a resource reference doesn't match a resource, then no error - conditions are raised due to undefined resource creation ordering - and eventual consistency. + description: |- + Resources is an explicit list of named resources that will be considered + for inclusion in this scope or scopes. If a resource reference doesn't + match a resource, then no error conditions are raised due to undefined + resource creation ordering and eventual consistency. items: properties: kind: default: CouchbaseCollection - description: Kind indicates the kind of resource that is - being referenced. A scope can only reference `CouchbaseCollection` - and `CouchbaseCollectionGroup` resource kinds. This field - defaults to `CouchbaseCollection` if not specified. + description: |- + Kind indicates the kind of resource that is being referenced. A scope + can only reference `CouchbaseCollection` and `CouchbaseCollectionGroup` + resource kinds. This field defaults to `CouchbaseCollection` if not + specified. enum: - CouchbaseCollection - CouchbaseCollectionGroup type: string name: - description: Name is the name of the Kubernetes resource - name that is being referenced. Legal collection names - have a maximum length of 251 characters and may be composed - of any character from "a-z", "A-Z", "0-9" and "_-%". + description: |- + Name is the name of the Kubernetes resource name that is being referenced. + Legal collection names have a maximum length of 251 + characters and may be composed of any character from "a-z", "A-Z", "0-9" and "_-%". maxLength: 251 minLength: 1 pattern: ^[a-zA-Z0-9\-][a-zA-Z0-9\-%_]{0,250}$ @@ -8207,32 +8765,34 @@ spec: type: object type: array selector: - description: 'Selector allows resources to be implicitly considered - for inclusion in this scope or scopes. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#labelselector-v1-meta' + description: |- + Selector allows resources to be implicitly considered for inclusion in this + scope or scopes. More info: + https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#labelselector-v1-meta properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -8244,32 +8804,32 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic type: object defaultScope: - description: DefaultScope indicates whether this resource represents - the default scope for a bucket. When set to `true`, this allows - the user to refer to and manage collections within the default scope. When - not defined, the Operator will implicitly manage the default scope - as the default scope can not be deleted from Couchbase Server. The - Operator defined default scope will also have the `persistDefaultCollection` - flag set to `true`. Only one default scope is permitted to be contained - in a bucket. + description: |- + DefaultScope indicates whether this resource represents the default scope + for a bucket. When set to `true`, this allows the user to refer to and + manage collections within the default scope. When not defined, the Operator + will implicitly manage the default scope as the default scope can not be + deleted from Couchbase Server. The Operator defined default scope will + also have the `persistDefaultCollection` flag set to `true`. Only one + default scope is permitted to be contained in a bucket. type: boolean name: - description: Name specifies the name of the scope. By default, the - metadata.name is used to define the scope name, however, due to - the limited character set, this field can be used to override the - default and provide the full functionality. Additionally the `metadata.name` - field is a DNS label, and thus limited to 63 characters, this field - must be used if the name is longer than this limit. Scope names - must be 1-251 characters in length, contain only [a-zA-Z0-9_-%] + description: |- + Name specifies the name of the scope. By default, the metadata.name is + used to define the scope name, however, due to the limited character set, + this field can be used to override the default and provide the full functionality. + Additionally the `metadata.name` field is a DNS label, and thus limited to 63 + characters, this field must be used if the name is longer than this limit. + Scope names must be 1-251 characters in length, contain only [a-zA-Z0-9_-%] and not start with either _ or %. maxLength: 251 minLength: 1 @@ -8284,8 +8844,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - config.couchbase.com/version: 2.5.0 - controller-gen.kubebuilder.io/version: v0.8.0 + config.couchbase.com/version: 2.7.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: couchbaseusers.couchbase.com spec: group: couchbase.com @@ -8302,14 +8862,19 @@ spec: description: CouchbaseUser allows the automation of Couchbase user management. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object diff --git a/charts/couchbase-operator/values-all.yaml b/charts/couchbase-operator/values-all.yaml index 5a5214c..9db7af1 100644 --- a/charts/couchbase-operator/values-all.yaml +++ b/charts/couchbase-operator/values-all.yaml @@ -20,7 +20,7 @@ couchbaseOperator: # -- Image specifies repository and tag of the Couchbase Operator container. image: repository: couchbase/operator - tag: 2.5.0 + tag: 2.7.0 # -- The policy for pulling images from the repository onto hosts. # The imagePullPolicy value defaults to IfNotPresent, which means # that images are only pulled if they’re not present on the Kubernetes node. @@ -53,7 +53,7 @@ admissionController: # -- Image specifies repository and tag of the Couchbase Admission container. image: repository: couchbase/admission-controller - tag: 2.5.0 + tag: 2.7.0 # -- The policy for pulling images from the repository onto hosts. # The imagePullPolicy value defaults to IfNotPresent, which means # that images are only pulled if they’re not present on the Kubernetes node. @@ -679,6 +679,13 @@ buckets: # Legal bucket names have a maximum length of 100 characters and may be # composed of any character from "a-z", "A-Z", "0-9" and "-_%\.". name: + # -- Rank determines the bucket’s place in the order in which the rebalance + # process handles the buckets on the cluster. The higher a bucket’s assigned + # integer (in relation to the integers assigned other buckets), the sooner + # in the rebalance process the bucket is handled. This assignment of rank + # allows a cluster’s most mission-critical data to be rebalanced with top + # priority. This option is only supported for Couchbase Server 7.6.0+. + rank: 0 # -- Replicas defines how many copies of documents Couchbase server # maintains. This directly affects how fault tolerant a Couchbase cluster # is. With a single replica, the cluster can tolerate one data pod going @@ -708,7 +715,7 @@ buckets: # -- Selector allows resources to be implicitly considered for inclusion # in this bucket. More info: # https://kubernetes.io/docs/reference/generated/kubernetes- - # api/v1.21/#labelselector-v1-meta + # api/v1.28/#labelselector-v1-meta selector: # -- matchExpressions is a list of label selector requirements. The # requirements are ANDed. @@ -730,9 +737,8 @@ buckets: matchLabels: # -- StorageBackend to be assigned to and used by the bucket. Only valid for # Couchbase Server 7.0.0 onward. Two different backend storage mechanisms - # can be used - "couchstore" or "magma", defaulting to "couchstore". This - # cannot be edited after bucket creation. Note: "magma" is only valid for - # Couchbase Server 7.1.0 onward. + # can be used - "couchstore" or "magma", defaulting to "couchstore". Note: + # "magma" is only valid for Couchbase Server 7.1.0 onward. storageBackend: couchstore # @default -- will be filled in as below @@ -828,15 +834,25 @@ cluster: # -- Resources is the resource requirements for the backup and restore # containers. Will be populated by defaults if not specified. resources: + # -- Claims lists the names of resources, defined in spec.resourceClaims, + # that are used by this container. This is an alpha field and requires + # enabling the DynamicResourceAllocation feature gate. This field is + # immutable. It can only be set for containers. + claims: + # Name must match the name of one entry in pod.spec.resourceClaims of + # the Pod where this field is used. It makes that resource available + # inside a container. + name: # -- Limits describes the maximum amount of compute resources allowed. # More info: https://kubernetes.io/docs/concepts/configuration/manage- # resources-containers/ limits: # -- Requests describes the minimum amount of compute resources required. # If Requests is omitted for a container, it defaults to Limits if that is - # explicitly specified, otherwise to an implementation-defined value. More - # info: https://kubernetes.io/docs/concepts/configuration/manage- - # resources-containers/ + # explicitly specified, otherwise to an implementation-defined value. + # Requests cannot exceed Limits. More info: + # https://kubernetes.io/docs/concepts/configuration/manage-resources- + # containers/ requests: # -- Deprecated: by CouchbaseBackup.spec.objectStore.secret S3Secret # contains the key region and optionally access-key-id and secret-access-key @@ -936,11 +952,13 @@ cluster: # When you wish to commit to Kubernetes resources, you must specify a unique # label selector in the `spec.buckets.selector` field, and this field is set # to true. The Operator will create Kubernetes resources for you, and upon - # completion set the cluster's `Synchronized` status condition. You may - # then safely set `spec.buckets.managed` to true and the Operator will - # manage these resources as per usual. To update an already managed data - # topology, you must first set it to unmanaged, make any changes, and delete - # any old resources, then follow the standard synchronization workflow. The + # completion set the cluster's `Synchronized` status condition. + # Synchronizing will not create a Kubernetes resource for the Couchbase + # Server maintained _system scope. You may then safely set + # `spec.buckets.managed` to true and the Operator will manage these + # resources as per usual. To update an already managed data topology, you + # must first set it to unmanaged, make any changes, and delete any old + # resources, then follow the standard synchronization workflow. The # Operator can not, and will not, ever delete, or make modifications to # resource specifications that are intended to be user managed, or managed # by a life cycle management tool. These actions must be instigated by an @@ -1034,30 +1052,38 @@ cluster: # -- AuxIOThreads allows the number of threads used by the data service, # per pod, to be altered. This indicates the number of threads that are # to be used in the AuxIO thread pool to run auxiliary I/O tasks. This - # value must be between 4 and 64 threads, and should only be increased - # where there are sufficient CPU resources allocated for their use. If not - # specified, this defaults to the default value set by Couchbase Server. + # value must be between 1 and 64 threads and is only supported on CB + # versions 7.1.0+. and should only be increased where there are sufficient + # CPU resources allocated for their use. If not specified, this defaults + # to the default value set by Couchbase Server. auxIOThreads: + # -- MinReplicasCount allows the minimum number of replicas required for + # buckets to be set. New buckets cannot be created with less than this + # minimum. Defaults to 0. + minReplicasCount: 0 # -- NonIOThreads allows the number of threads used by the data service, # per pod, to be altered. This indicates the number of threads that are # to be used in the NonIO thread pool to run in memory tasks. This value - # must be between 4 and 64 threads, and should only be increased where - # there are sufficient CPU resources allocated for their use. If not - # specified, this defaults to the default value set by Couchbase Server. + # must be between 1 and 64 threads and is only supported on CB versions + # 7.1.0+. and should only be increased where there are sufficient CPU + # resources allocated for their use. If not specified, this defaults to + # the default value set by Couchbase Server. nonIOThreads: # -- ReaderThreads allows the number of threads used by the data service, - # per pod, to be altered. This value must be between 4 and 64 threads, - # and should only be increased where there are sufficient CPU resources + # per pod, to be altered. This value must be between 4 and 64 threads for + # CB versions below 7.1.0 and, or 1 and 64 for CB versions 7.1.0+. and + # should only be increased where there are sufficient CPU resources # allocated for their use. If not specified, this defaults to the default # value set by Couchbase Server. readerThreads: # -- WriterThreads allows the number of threads used by the data service, # per pod, to be altered. This setting is especially relevant when using # "durable writes", increasing this field will have a large impact on - # performance. This value must be between 4 and 64 threads, and should - # only be increased where there are sufficient CPU resources allocated for - # their use. If not specified, this defaults to the default value set by - # Couchbase Server. + # performance. This value must be between 4 and 64 threads for CB + # versions below 7.1.0 and, // or 1 and 64 for CB versions 7.1.0+. + # and should only be increased where there are sufficient CPU resources + # allocated for their use. If not specified, this defaults to the default + # value set by Couchbase Server. writerThreads: # -- DataServiceMemQuota is the amount of memory that should be allocated to # the data service. This value is per-pod, and only applicable to pods @@ -1089,6 +1115,11 @@ cluster: indexStorageSetting: memory_optimized # -- Indexer allows the indexer to be configured. indexer: + # -- EnableShardAffinity when false Index Servers rebuild any index that + # are newly assigned to them during a rebalance. When set to true, + # Couchbase Server moves a reassigned index’s files between Index Servers. + # This field is only supported on CB versions 7.6.0+. + enableShardAffinity: false # -- LogLevel controls the verbosity of indexer logs. This field must be # one of "silent", "fatal", "error", "warn", "info", "verbose", "timing", # "debug" or "trace", defaulting to "info". @@ -1128,6 +1159,98 @@ cluster: query: # -- BackfillEnabled allows the query service to backfill. backfillEnabled: true + # -- CBOEnabled specifies whether the cost-based optimizer is enabled. + # Defaults to true. + cboEnabled: true + # -- CleanupClientAttemptsEnabled specifies whether the Query service + # preferentially aims to clean up just transactions that it has created, + # leaving transactions for the distributed cleanup process only when it is + # forced to. Defaults to true. + cleanupClientAttemptsEnabled: true + # -- CleanupLostAttemptsEnabled specifies the Query service takes part in + # the distributed cleanup process, and cleans up expired transactions + # created by any client. Defaults to true. + cleanupLostAttemptsEnabled: true + # -- CleanupWindow specifies how frequently the Query service checks its + # subset of active transaction records for cleanup. Defaults to 60s + cleanupWindow: 60s + # -- CompletedLimit sets the number of requests to be logged in the + # completed requests catalog. As new completed requests are added, old + # ones are removed. + completedLimit: 4000 + # -- CompletedMaxPlanSize limits the size of query execution plans that + # can be logged in the completed requests catalog. Queries with plans + # larger than this are not logged. This field is only supported on CB + # versions 7.6.0+. Defaults to 262144, maximum value is 20840448, and + # minimum value is 0. + completedMaxPlanSize: '262144' + # -- CompletedTrackingAllRequests allows all requests to be tracked + # regardless of their time. This field requires `completedTrackingEnabled` + # to be true. + completedTrackingAllRequests: false + # -- CompletedTrackingEnabled allows completed requests to be tracked in + # the requests catalog. + completedTrackingEnabled: true + # -- CompletedThreshold is a trigger for queries to be logged in the + # completed requests catalog. All completed queries lasting longer than + # this threshold are logged in the completed requests catalog. This field + # requires `completedTrackingEnabled` to be set to true and + # `completedTrackingAllRequests` to be false to have any effect. + completedTrackingThreshold: 7s + # -- LogLevel controls the verbosity of query logs. This field must be one + # of "debug", "trace", "info", "warn", "error", "severe", or "none", + # defaulting to "info". + logLevel: info + # -- MaxParallelism specifies the maximum parallelism for queries on all + # Query nodes in the cluster. If the value is zero, negative, or larger + # than the number of allowed cored the maximum parallelism is restricted + # to the number of allowed cores. Defaults to 1. + maxParallelism: 1 + # -- MemoryQuota specifies the maximum amount of memory a request may use + # on any Query node in the cluster. This parameter enforces a ceiling on + # the memory used for the tracked documents required for processing a + # request. It does not take into account any other memory that might be + # used to process a request, such as the stack, the operators, or some + # intermediate values. Defaults to 0. + memoryQuota: '0' + # -- NodeQuota sets a soft memory limit for every Query node in the + # cluster. The garbage collector tries to keep below this target. It is + # not a hard, absolute limit, and memory usage may exceed this value. This + # field is only supported on CB versions 7.6.0+. + nodeQuota: + # -- NodeQuotaValPercent sets the percentage of the `useReplica` that is + # dedicated to tracked value content memory across all active requests for + # every Query node in the cluster. This field is only supported on CB + # versions 7.6.0+. Defaults to 67. + nodeQuotaValPercent: 67 + # -- NumActiveTransactionRecords specifies the total number of active + # transaction records for all Query nodes in the cluster. Default to 1024 + # and has a minimum of 1. + numActiveTransactionRecords: 1024 + # -- NumCpus is the number of CPUs the Query service can use on any Query + # node in the cluster. When set to 0 (the default), the Query service can + # use all available CPUs, up to the limits described below. The number of + # CPUs can never be greater than the number of logical CPUs. In Community + # Edition, the number of allowed CPUs cannot be greater than 4. In + # Enterprise Edition, there is no limit to the number of allowed CPUs. + # This field is only supported on CB versions 7.6.0+. NOTE: This change + # requires a restart of the Query service to take effect which can be done + # by rescheduling nodes that are running the query service. Defaults to 0 + numCpus: 0 + # -- PipelineBatch controls the number of items execution operators can + # batch for Fetch from the KV. Defaults to 16. + pipelineBatch: 16 + # -- PipelineCap controls the maximum number of items each execution + # operator can buffer between various operators. Defaults to 512. + pipelineCap: 512 + # -- PreparedLimit is the maximum number of prepared statements in the + # cache. When this cache reaches the limit, the least recently used + # prepared statements will be discarded as new prepared statements are + # created. + preparedLimit: 16384 + # -- ScapCan sets the maximum buffered channel size between the indexer + # client and the query service for index scans. Defaults to 512. + scanCap: 512 # -- TemporarySpace allows the temporary storage used by the query service # backfill, per-pod, to be modified. This field requires # `backfillEnabled` to be set to true in order to have any effect. More @@ -1139,6 +1262,23 @@ cluster: # requires `backfillEnabled` to be set to true in order to have any # effect. This field overrides `temporarySpace`. temporarySpaceUnlimited: false + # -- Timeout is the maximum time to spend on the request before timing + # out. If this field is not set then there will be no timeout. + timeout: + # -- TxTimeout is the maximum time to spend on a transaction before timing + # out. This setting only applies to requests containing the BEGIN + # TRANSACTION statement, or to requests where the tximplicit parameter is + # set. For all other requests, it is ignored. Defaults to 0ms (no + # timeout). + txTimeout: 0ms + # -- UseReplica specifies whether a query can fetch data from a replica + # vBucket if active vBuckets are inaccessible. If set to true then read + # from replica is enabled for all queries, but can be disabled at request + # level. If set to false read from replica is disabled for all queries and + # cannot be overridden at request level. If this field is unset then it is + # enabled/disabled at the request level. This field is only supported on + # CB versions 7.6.0+. + useReplica: false # -- QueryServiceMemQuota is a dummy field. By default, Couchbase server # provides no memory resource constraints for the query service, so this has # no effect on Couchbase server. It is, however, used when the @@ -1188,7 +1328,8 @@ cluster: hibernationStrategy: # -- Image is the container image name that will be used to launch Couchbase # server instances. Updating this field will cause an automatic upgrade of - # the cluster. + # the cluster. Explicitly specifying the image for a server class will + # override this value for the server class. image: couchbase/server:7.2.0 # -- Logging defines Operator logging options. logging: @@ -1217,7 +1358,8 @@ cluster: # https://docs.couchbase.com/server/current/manage/manage-security/manage- # auditing.html garbageCollection: - # Provide the sidecar configuration required (if so desired) to + # DEPRECATED - by spec.logging.audit.nativePruning for Couchbase Server + # 7.2.4+ Provide the sidecar configuration required (if so desired) to # automatically clean up audit logs. sidecar: # The minimum age of rotated log files to remove, defaults to one @@ -1234,6 +1376,16 @@ cluster: # Resources is the resource requirements for the cleanup container. # Will be populated by Kubernetes defaults if not specified. resources: + # Claims lists the names of resources, defined in + # spec.resourceClaims, that are used by this container. This is an + # alpha field and requires enabling the DynamicResourceAllocation + # feature gate. This field is immutable. It can only be set for + # containers. + claims: + # Name must match the name of one entry in pod.spec.resourceClaims + # of the Pod where this field is used. It makes that resource + # available inside a container. + name: # Limits describes the maximum amount of compute resources allowed. # More info: # https://kubernetes.io/docs/concepts/configuration/manage- @@ -1242,8 +1394,8 @@ cluster: # Requests describes the minimum amount of compute resources # required. If Requests is omitted for a container, it defaults to # Limits if that is explicitly specified, otherwise to an - # implementation-defined value. More info: - # https://kubernetes.io/docs/concepts/configuration/manage- + # implementation-defined value. Requests cannot exceed Limits. More + # info: https://kubernetes.io/docs/concepts/configuration/manage- # resources-containers/ requests: # -- The interval to optionally rotate the audit log. This is passed to @@ -1253,6 +1405,10 @@ cluster: rotation: # The interval at which to rotate log files, defaults to 15 minutes. interval: 15m + # How long Couchbase Server keeps rotated audit logs. If set to 0 (the + # default) then audit logs won't be pruned. Has a maximum of 35791394 + # seconds. + pruneAge: '0' # Size allows the specification of a rotation size for the log, defaults # to 20Mi. More info: # https://kubernetes.io/docs/concepts/configuration/manage-resources- @@ -1302,6 +1458,15 @@ cluster: # Resources is the resource requirements for the sidecar container. Will # be populated by Kubernetes defaults if not specified. resources: + # Claims lists the names of resources, defined in spec.resourceClaims, + # that are used by this container. This is an alpha field and + # requires enabling the DynamicResourceAllocation feature gate. This + # field is immutable. It can only be set for containers. + claims: + # Name must match the name of one entry in pod.spec.resourceClaims + # of the Pod where this field is used. It makes that resource + # available inside a container. + name: # Limits describes the maximum amount of compute resources allowed. # More info: https://kubernetes.io/docs/concepts/configuration/manage- # resources-containers/ @@ -1309,11 +1474,12 @@ cluster: # Requests describes the minimum amount of compute resources required. # If Requests is omitted for a container, it defaults to Limits if # that is explicitly specified, otherwise to an implementation-defined - # value. More info: + # value. Requests cannot exceed Limits. More info: # https://kubernetes.io/docs/concepts/configuration/manage-resources- # containers/ requests: - # -- Monitoring defines any Operator managed integration into 3rd party + # -- DEPRECATED - By Couchbase Server metrics endpoint on version 7.0+ + # Monitoring defines any Operator managed integration into 3rd party # monitoring infrastructure. monitoring: {} # -- Name of the cluster, defaults to name of chart release @@ -1337,7 +1503,7 @@ cluster: # must also be enabled. The Operator reserves the right to modify or replace # any field. More info: # https://kubernetes.io/docs/reference/generated/kubernetes- - # api/v1.21/#service-v1-core + # api/v1.28/#service-v1-core adminConsoleServiceTemplate: # -- Standard objects metadata. This is a curated version for use with # Couchbase resource templates. @@ -1491,10 +1657,9 @@ cluster: # loadBalancerIP when a load balancer is created. This field will be # ignored if the cloud-provider does not support the feature. # Deprecated: This field was under-specified and its meaning varies - # across implementations, and it cannot support dual-stack. As of - # Kubernetes v1.24, users are encouraged to use implementation-specific - # annotations when available. This field may be removed in a future API - # version. + # across implementations. Using it is non-portable and it may not + # support dual-stack. Users are encouraged to use implementation- + # specific annotations when available. loadBalancerIP: # If specified and supported by the platform, this will restrict traffic # through the cloud-provider load-balancer will be restricted to the @@ -1542,21 +1707,36 @@ cluster: # "eventing" and "analytics". Each service may only be included once. adminConsoleServices: - data - # -- DEVELOPER PREVIEW - This feature is in developer preview. - # CloudNativeGateway is used to provision a gRPC gateway proxying a + # -- CloudNativeGateway is used to provision a gRPC gateway proxying a # Couchbase cluster. cloudNativeGateway: - # -- DEVELOPER PREVIEW - This feature is in developer preview. Image is - # the Cloud Native Gateway image to be used to run the sidecar container. - # No validation is carried out as this can be any arbitrary repo and tag. - # TODO: provide a default kubebuilder default image tag as field is - # mandatory. + # -- Image is the Cloud Native Gateway image to be used to run the sidecar + # container. No validation is carried out as this can be any arbitrary + # repo and tag. TODO: provide a default kubebuilder default image tag as + # field is mandatory. image: - # -- DEVELOPER PREVIEW - This feature is in developer preview. TLS defines - # the TLS configuration for the Cloud Native Gateway server including - # server and client certificate configuration, and TLS security policies. + # -- DEVELOPER PREVIEW - This feature is in developer preview. LogLevel + # controls the verbosity of cloud native logs. This field must be one of + # "fatal", "panic", "dpanic", "error", "warn", "info", "debug" defaulting + # to "info". + logLevel: info + # -- TerminationGracePeriodSeconds specifies the grace period for the + # container to terminate. Defaults to 75 seconds. + terminationGracePeriodSeconds: 75 + # -- TLS defines the TLS configuration for the Cloud Native Gateway server + # including server and client certificate configuration, and TLS security + # policies. If no TLS config are explicitly provided, the operator + # generates/manages self-signed certs/keys and creates a k8s secret named + # `couchbase-cloud-native-gateway-self-signed-secret-` + # unique to a Couchbase cluster, which is volume mounted to the cb k8s + # pod. This action could be overidden at the outset or later, by using the + # below TLS config or generating the secret of same name as `couchbase- + # cloud-native-gateway-self-signed-secret-` with + # certificates conforming to the keys of well-known type + # "kubernetes.io/tls" with "tls.crt" and "tls.key". N.B. The secret is on + # per cluster basis so it's advised to use the unique cluster name else + # would be ignored. tls: - # DEVELOPER PREVIEW - This feature is in developer preview. # ServerSecretName specifies the secret name, in the same namespace as # the cluster, that contains Cloud Native Gateway gRPC server TLS data. # The secret is expected to contain "tls.crt" and "tls.key" as per the @@ -1586,7 +1766,7 @@ cluster: # must also be enabled. The Operator reserves the right to modify or replace # any field. More info: # https://kubernetes.io/docs/reference/generated/kubernetes- - # api/v1.21/#service-v1-core + # api/v1.28/#service-v1-core exposedFeatureServiceTemplate: # -- Standard objects metadata. This is a curated version for use with # Couchbase resource templates. @@ -1740,10 +1920,9 @@ cluster: # loadBalancerIP when a load balancer is created. This field will be # ignored if the cloud-provider does not support the feature. # Deprecated: This field was under-specified and its meaning varies - # across implementations, and it cannot support dual-stack. As of - # Kubernetes v1.24, users are encouraged to use implementation-specific - # annotations when available. This field may be removed in a future API - # version. + # across implementations. Using it is non-portable and it may not + # support dual-stack. Users are encouraged to use implementation- + # specific annotations when available. loadBalancerIP: # If specified and supported by the platform, this will restrict traffic # through the cloud-provider load-balancer will be restricted to the @@ -1831,6 +2010,11 @@ cluster: # to the cluster. This prevents negative DNS caching while waiting for # external-DDNS controllers to propagate addresses. waitForAddressReachableDelay: 2m + # -- OnlineVolumeExpansionTimeoutInMins must be provided as a retry mechanism + # with a timeout in minutes for expanding volumes. This must only be provided, + # if EnableOnlineVolumeExpansion is set to true. Value must be between 0 and + # 30. If no value is provided, then it defaults to 10 minutes. + onlineVolumeExpansionTimeoutInMins: # -- Paused is to pause the control of the operator for the Couchbase cluster. # This does not pause the cluster itself, instead stopping the operator from # taking any action. @@ -1943,7 +2127,8 @@ cluster: # localhostProfile indicates a profile defined in a file on the node # should be used. The profile must be preconfigured on the node to work. # Must be a descending path, relative to the kubelet's configured - # seccomp profile location. Must only be set if type is "Localhost". + # seccomp profile location. Must be set if type is "Localhost". Must NOT + # be set for any other type. localhostProfile: # type indicates which kind of seccomp profile will be applied. Valid # options are: Localhost - a profile defined in a file on the node @@ -1951,8 +2136,12 @@ cluster: # should be used. Unconfined - no profile should be applied. type: # -- A list of groups applied to the first process run in each container, - # in addition to the container's primary GID. If unspecified, no groups - # will be added to any container. Note that this field cannot be set when + # in addition to the container's primary GID, the fsGroup (if specified), + # and group memberships defined in the container image for the uid of the + # container process. If unspecified, no additional groups are added to any + # container. Note that group memberships defined in the container image + # for the uid of the container process are still effective, even if they + # are not included in this list. Note that this field cannot be set when # spec.os.name is windows. supplementalGroups: # -- Sysctls hold a list of namespaced sysctls used for the pod. Pods with @@ -1976,14 +2165,10 @@ cluster: # GMSACredentialSpecName is the name of the GMSA credential spec to use. gmsaCredentialSpecName: # HostProcess determines if a container should be run as a 'Host - # Process' container. This field is alpha-level and will only be honored - # by components that enable the WindowsHostProcessContainers feature - # flag. Setting this field without the feature flag will result in - # errors when validating the Pod. All of a Pod's containers must have - # the same effective HostProcess value (it is not allowed to have a mix - # of HostProcess containers and non-HostProcess containers). In - # addition, if HostProcess is true then HostNetwork must also be set to - # true. + # Process' container. All of a Pod's containers must have the same + # effective HostProcess value (it is not allowed to have a mix of + # HostProcess containers and non-HostProcess containers). In addition, + # if HostProcess is true then HostNetwork must also be set to true. hostProcess: false # The UserName in Windows to run the entrypoint of the container # process. Defaults to the user specified in image metadata if @@ -2073,7 +2258,7 @@ cluster: # cluster upgrade in order to fulfill the request. The Operator reserves # the right to modify or replace any field. More info: # https://kubernetes.io/docs/reference/generated/kubernetes- - # api/v1.21/#pod-v1-core + # api/v1.28/#pod-v1-core pod: spec: {} # -- Services is the set of Couchbase services to run on this server @@ -2094,6 +2279,14 @@ cluster: # UI. When enabled, the UI will alert when a Couchbase server upgrade is # available. softwareUpdateNotifications: false + # -- UpgradeProcess defines the process that will be used when performing a + # couchbase cluster upgrade. When SwapRebalance is requested (default), pods + # will be upgraded using either a RollingUpgrade or ImmediateUpgrade + # (determined by UpgradeStrategy). When DeltaRecovery is requested, the + # operator will perform an in-place upgrade on a best effort basis. + # DeltaRecovery cannot be used if the UpgradeStrategy is set to + # ImmediateUpgrade. + upgradeProcess: # -- UpgradeStrategy controls how aggressive the Operator is when performing a # cluster upgrade. When a rolling upgrade is requested, pods are upgraded one # at a time. This strategy is slower, however less disruptive. When an @@ -2135,22 +2328,28 @@ cluster: # volumes#access-modes-1 accessModes: # -- dataSourceRef specifies the object from which to populate the volume - # with data, if a non-empty volume is desired. This may be any local - # object from a non-empty API group (non core object) or a - # PersistentVolumeClaim object. When this field is specified, volume - # binding will only succeed if the type of the specified object matches - # some installed volume populator or dynamic provisioner. This field will - # replace the functionality of the DataSource field and as such if both - # fields are non-empty, they must have the same value. For backwards - # compatibility, both fields (DataSource and DataSourceRef) will be set to - # the same value automatically if one of them is empty and the other is - # non-empty. There are two important differences between DataSource and - # DataSourceRef: * While DataSource only allows two specific types of - # objects, DataSourceRef allows any non-core object, as well as - # PersistentVolumeClaim objects. * While DataSource ignores disallowed - # values (dropping them), DataSourceRef preserves all values, and - # generates an error if a disallowed value is specified. (Beta) Using this - # field requires the AnyVolumeDataSource feature gate to be enabled. + # with data, if a non-empty volume is desired. This may be any object from + # a non-empty API group (non core object) or a PersistentVolumeClaim + # object. When this field is specified, volume binding will only succeed + # if the type of the specified object matches some installed volume + # populator or dynamic provisioner. This field will replace the + # functionality of the dataSource field and as such if both fields are + # non-empty, they must have the same value. For backwards compatibility, + # when namespace isn't specified in dataSourceRef, both fields (dataSource + # and dataSourceRef) will be set to the same value automatically if one of + # them is empty and the other is non-empty. When namespace is specified in + # dataSourceRef, dataSource isn't set to the same value and must be empty. + # There are three important differences between dataSource and + # dataSourceRef: * While dataSource only allows two specific types of + # objects, dataSourceRef allows any non-core object, as well as + # PersistentVolumeClaim objects. * While dataSource ignores disallowed + # values (dropping them), dataSourceRef preserves all values, and + # generates an error if a disallowed value is specified. * While + # dataSource only allows local objects, dataSourceRef allows objects in + # any namespaces. (Beta) Using this field requires the AnyVolumeDataSource + # feature gate to be enabled. (Alpha) Using the namespace field of + # dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate + # to be enabled. dataSourceRef: # APIGroup is the group for the resource being referenced. If APIGroup # is not specified, the specified Kind must be in the core API group. @@ -2160,6 +2359,13 @@ cluster: kind: # Name is the name of resource being referenced name: + # Namespace is the namespace of resource being referenced Note that when + # a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant + # object is required in the referent namespace to allow that namespace's + # owner to accept the reference. See the ReferenceGrant documentation + # for details. (Alpha) This field requires the + # CrossNamespaceVolumeDataSource feature gate to be enabled. + namespace: # -- resources represents the minimum resources the volume should have. If # RecoverVolumeExpansionFailure feature is enabled users are allowed to # specify resource requirements that are lower than previous value but @@ -2167,6 +2373,15 @@ cluster: # claim. More info: # https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources resources: + # Claims lists the names of resources, defined in spec.resourceClaims, + # that are used by this container. This is an alpha field and requires + # enabling the DynamicResourceAllocation feature gate. This field is + # immutable. It can only be set for containers. + claims: + # Name must match the name of one entry in pod.spec.resourceClaims of + # the Pod where this field is used. It makes that resource available + # inside a container. + name: # Limits describes the maximum amount of compute resources allowed. More # info: https://kubernetes.io/docs/concepts/configuration/manage- # resources-containers/ @@ -2174,8 +2389,9 @@ cluster: # Requests describes the minimum amount of compute resources required. # If Requests is omitted for a container, it defaults to Limits if that # is explicitly specified, otherwise to an implementation-defined value. - # More info: https://kubernetes.io/docs/concepts/configuration/manage- - # resources-containers/ + # Requests cannot exceed Limits. More info: + # https://kubernetes.io/docs/concepts/configuration/manage-resources- + # containers/ requests: # -- selector is a label query over volumes to consider for binding. selector: diff --git a/charts/couchbase-operator/values.yaml b/charts/couchbase-operator/values.yaml index 5c7fd1e..ccd5ed5 100644 --- a/charts/couchbase-operator/values.yaml +++ b/charts/couchbase-operator/values.yaml @@ -20,7 +20,7 @@ couchbaseOperator: # -- Image specifies repository and tag of the Couchbase Operator container. image: repository: couchbase/operator - tag: 2.5.0 + tag: 2.7.0 # -- The policy for pulling images from the repository onto hosts. # The imagePullPolicy value defaults to IfNotPresent, which means # that images are only pulled if they’re not present on the Kubernetes node. @@ -53,7 +53,7 @@ admissionController: # -- Image specifies repository and tag of the Couchbase Admission container. image: repository: couchbase/admission-controller - tag: 2.5.0 + tag: 2.7.0 # -- The policy for pulling images from the repository onto hosts. # The imagePullPolicy value defaults to IfNotPresent, which means # that images are only pulled if they’re not present on the Kubernetes node. @@ -647,6 +647,13 @@ buckets: # https://kubernetes.io/docs/concepts/configuration/manage-resources- # containers/#resource-units-in-kubernetes memoryQuota: 100Mi + # -- Rank determines the bucket’s place in the order in which the rebalance + # process handles the buckets on the cluster. The higher a bucket’s assigned + # integer (in relation to the integers assigned other buckets), the sooner + # in the rebalance process the bucket is handled. This assignment of rank + # allows a cluster’s most mission-critical data to be rebalanced with top + # priority. This option is only supported for Couchbase Server 7.6.0+. + rank: 0 # -- Replicas defines how many copies of documents Couchbase server # maintains. This directly affects how fault tolerant a Couchbase cluster # is. With a single replica, the cluster can tolerate one data pod going @@ -675,9 +682,8 @@ buckets: resources: [] # -- StorageBackend to be assigned to and used by the bucket. Only valid for # Couchbase Server 7.0.0 onward. Two different backend storage mechanisms - # can be used - "couchstore" or "magma", defaulting to "couchstore". This - # cannot be edited after bucket creation. Note: "magma" is only valid for - # Couchbase Server 7.1.0 onward. + # can be used - "couchstore" or "magma", defaulting to "couchstore". Note: + # "magma" is only valid for Couchbase Server 7.1.0 onward. storageBackend: couchstore # @default -- will be filled in as below @@ -762,11 +768,13 @@ cluster: # When you wish to commit to Kubernetes resources, you must specify a unique # label selector in the `spec.buckets.selector` field, and this field is set # to true. The Operator will create Kubernetes resources for you, and upon - # completion set the cluster's `Synchronized` status condition. You may - # then safely set `spec.buckets.managed` to true and the Operator will - # manage these resources as per usual. To update an already managed data - # topology, you must first set it to unmanaged, make any changes, and delete - # any old resources, then follow the standard synchronization workflow. The + # completion set the cluster's `Synchronized` status condition. + # Synchronizing will not create a Kubernetes resource for the Couchbase + # Server maintained _system scope. You may then safely set + # `spec.buckets.managed` to true and the Operator will manage these + # resources as per usual. To update an already managed data topology, you + # must first set it to unmanaged, make any changes, and delete any old + # resources, then follow the standard synchronization workflow. The # Operator can not, and will not, ever delete, or make modifications to # resource specifications that are intended to be user managed, or managed # by a life cycle management tool. These actions must be instigated by an @@ -835,6 +843,12 @@ cluster: # not result in data loss. This field must be in the range 5-3600s, # defaulting to 120s. More info: https://golang.org/pkg/time/#ParseDuration autoFailoverTimeout: 120s + # -- Data allows the data service to be configured. + data: + # -- MinReplicasCount allows the minimum number of replicas required for + # buckets to be set. New buckets cannot be created with less than this + # minimum. Defaults to 0. + minReplicasCount: 0 # -- DataServiceMemQuota is the amount of memory that should be allocated to # the data service. This value is per-pod, and only applicable to pods # belonging to server classes running the data service. This field must be @@ -865,6 +879,11 @@ cluster: indexStorageSetting: memory_optimized # -- Indexer allows the indexer to be configured. indexer: + # -- EnableShardAffinity when false Index Servers rebuild any index that + # are newly assigned to them during a rebalance. When set to true, + # Couchbase Server moves a reassigned index’s files between Index Servers. + # This field is only supported on CB versions 7.6.0+. + enableShardAffinity: false # -- LogLevel controls the verbosity of indexer logs. This field must be # one of "silent", "fatal", "error", "warn", "info", "verbose", "timing", # "debug" or "trace", defaulting to "info". @@ -900,6 +919,93 @@ cluster: query: # -- BackfillEnabled allows the query service to backfill. backfillEnabled: true + # -- CBOEnabled specifies whether the cost-based optimizer is enabled. + # Defaults to true. + cboEnabled: true + # -- CleanupClientAttemptsEnabled specifies whether the Query service + # preferentially aims to clean up just transactions that it has created, + # leaving transactions for the distributed cleanup process only when it is + # forced to. Defaults to true. + cleanupClientAttemptsEnabled: true + # -- CleanupLostAttemptsEnabled specifies the Query service takes part in + # the distributed cleanup process, and cleans up expired transactions + # created by any client. Defaults to true. + cleanupLostAttemptsEnabled: true + # -- CleanupWindow specifies how frequently the Query service checks its + # subset of active transaction records for cleanup. Defaults to 60s + cleanupWindow: 60s + # -- CompletedLimit sets the number of requests to be logged in the + # completed requests catalog. As new completed requests are added, old + # ones are removed. + completedLimit: 4000 + # -- CompletedMaxPlanSize limits the size of query execution plans that + # can be logged in the completed requests catalog. Queries with plans + # larger than this are not logged. This field is only supported on CB + # versions 7.6.0+. Defaults to 262144, maximum value is 20840448, and + # minimum value is 0. + completedMaxPlanSize: '262144' + # -- CompletedTrackingAllRequests allows all requests to be tracked + # regardless of their time. This field requires `completedTrackingEnabled` + # to be true. + completedTrackingAllRequests: false + # -- CompletedTrackingEnabled allows completed requests to be tracked in + # the requests catalog. + completedTrackingEnabled: true + # -- CompletedThreshold is a trigger for queries to be logged in the + # completed requests catalog. All completed queries lasting longer than + # this threshold are logged in the completed requests catalog. This field + # requires `completedTrackingEnabled` to be set to true and + # `completedTrackingAllRequests` to be false to have any effect. + completedTrackingThreshold: 7s + # -- LogLevel controls the verbosity of query logs. This field must be one + # of "debug", "trace", "info", "warn", "error", "severe", or "none", + # defaulting to "info". + logLevel: info + # -- MaxParallelism specifies the maximum parallelism for queries on all + # Query nodes in the cluster. If the value is zero, negative, or larger + # than the number of allowed cored the maximum parallelism is restricted + # to the number of allowed cores. Defaults to 1. + maxParallelism: 1 + # -- MemoryQuota specifies the maximum amount of memory a request may use + # on any Query node in the cluster. This parameter enforces a ceiling on + # the memory used for the tracked documents required for processing a + # request. It does not take into account any other memory that might be + # used to process a request, such as the stack, the operators, or some + # intermediate values. Defaults to 0. + memoryQuota: '0' + # -- NodeQuotaValPercent sets the percentage of the `useReplica` that is + # dedicated to tracked value content memory across all active requests for + # every Query node in the cluster. This field is only supported on CB + # versions 7.6.0+. Defaults to 67. + nodeQuotaValPercent: 67 + # -- NumActiveTransactionRecords specifies the total number of active + # transaction records for all Query nodes in the cluster. Default to 1024 + # and has a minimum of 1. + numActiveTransactionRecords: 1024 + # -- NumCpus is the number of CPUs the Query service can use on any Query + # node in the cluster. When set to 0 (the default), the Query service can + # use all available CPUs, up to the limits described below. The number of + # CPUs can never be greater than the number of logical CPUs. In Community + # Edition, the number of allowed CPUs cannot be greater than 4. In + # Enterprise Edition, there is no limit to the number of allowed CPUs. + # This field is only supported on CB versions 7.6.0+. NOTE: This change + # requires a restart of the Query service to take effect which can be done + # by rescheduling nodes that are running the query service. Defaults to 0 + numCpus: 0 + # -- PipelineBatch controls the number of items execution operators can + # batch for Fetch from the KV. Defaults to 16. + pipelineBatch: 16 + # -- PipelineCap controls the maximum number of items each execution + # operator can buffer between various operators. Defaults to 512. + pipelineCap: 512 + # -- PreparedLimit is the maximum number of prepared statements in the + # cache. When this cache reaches the limit, the least recently used + # prepared statements will be discarded as new prepared statements are + # created. + preparedLimit: 16384 + # -- ScapCan sets the maximum buffered channel size between the indexer + # client and the query service for index scans. Defaults to 512. + scanCap: 512 # -- TemporarySpace allows the temporary storage used by the query service # backfill, per-pod, to be modified. This field requires # `backfillEnabled` to be set to true in order to have any effect. More @@ -911,6 +1017,20 @@ cluster: # requires `backfillEnabled` to be set to true in order to have any # effect. This field overrides `temporarySpace`. temporarySpaceUnlimited: false + # -- TxTimeout is the maximum time to spend on a transaction before timing + # out. This setting only applies to requests containing the BEGIN + # TRANSACTION statement, or to requests where the tximplicit parameter is + # set. For all other requests, it is ignored. Defaults to 0ms (no + # timeout). + txTimeout: 0ms + # -- UseReplica specifies whether a query can fetch data from a replica + # vBucket if active vBuckets are inaccessible. If set to true then read + # from replica is enabled for all queries, but can be disabled at request + # level. If set to false read from replica is disabled for all queries and + # cannot be overridden at request level. If this field is unset then it is + # enabled/disabled at the request level. This field is only supported on + # CB versions 7.6.0+. + useReplica: false # -- SearchServiceMemQuota is the amount of memory that should be allocated # to the search service. This value is per-pod, and only applicable to pods # belonging to server classes running the search service. This field must @@ -961,7 +1081,8 @@ cluster: # https://docs.couchbase.com/server/current/manage/manage-security/manage- # auditing.html garbageCollection: - # Provide the sidecar configuration required (if so desired) to + # DEPRECATED - by spec.logging.audit.nativePruning for Couchbase Server + # 7.2.4+ Provide the sidecar configuration required (if so desired) to # automatically clean up audit logs. sidecar: # The minimum age of rotated log files to remove, defaults to one @@ -982,6 +1103,10 @@ cluster: rotation: # The interval at which to rotate log files, defaults to 15 minutes. interval: 15m + # How long Couchbase Server keeps rotated audit logs. If set to 0 (the + # default) then audit logs won't be pruned. Has a maximum of 35791394 + # seconds. + pruneAge: '0' # Size allows the specification of a rotation size for the log, defaults # to 20Mi. More info: # https://kubernetes.io/docs/concepts/configuration/manage-resources- @@ -1024,7 +1149,8 @@ cluster: # validation is carried out as this can be any arbitrary repo and tag. # It will default to the latest supported version of Fluent Bit. image: couchbase/fluent-bit:1.2.1 - # -- Monitoring defines any Operator managed integration into 3rd party + # -- DEPRECATED - By Couchbase Server metrics endpoint on version 7.0+ + # Monitoring defines any Operator managed integration into 3rd party # monitoring infrastructure. monitoring: {} # -- Name of the cluster, defaults to name of chart release @@ -1039,7 +1165,7 @@ cluster: # must also be enabled. The Operator reserves the right to modify or replace # any field. More info: # https://kubernetes.io/docs/reference/generated/kubernetes- - # api/v1.21/#service-v1-core + # api/v1.28/#service-v1-core adminConsoleServiceTemplate: # -- ServiceSpec describes the attributes that a user creates on a # service. @@ -1047,6 +1173,17 @@ cluster: type: NodePort adminConsoleServices: - data + # -- CloudNativeGateway is used to provision a gRPC gateway proxying a + # Couchbase cluster. + cloudNativeGateway: + # -- DEVELOPER PREVIEW - This feature is in developer preview. LogLevel + # controls the verbosity of cloud native logs. This field must be one of + # "fatal", "panic", "dpanic", "error", "warn", "info", "debug" defaulting + # to "info". + logLevel: info + # -- TerminationGracePeriodSeconds specifies the grace period for the + # container to terminate. Defaults to 75 seconds. + terminationGracePeriodSeconds: 75 # -- DisableUIOverHTTP is used to explicitly enable and disable UI access # over the HTTP protocol. If not specified, this field defaults to false. disableUIOverHTTP: false @@ -1063,7 +1200,7 @@ cluster: # must also be enabled. The Operator reserves the right to modify or replace # any field. More info: # https://kubernetes.io/docs/reference/generated/kubernetes- - # api/v1.21/#service-v1-core + # api/v1.28/#service-v1-core exposedFeatureServiceTemplate: # -- ServiceSpec describes the attributes that a user creates on a # service. @@ -1116,14 +1253,10 @@ cluster: # cannot be set when spec.os.name is linux. windowsOptions: # HostProcess determines if a container should be run as a 'Host - # Process' container. This field is alpha-level and will only be honored - # by components that enable the WindowsHostProcessContainers feature - # flag. Setting this field without the feature flag will result in - # errors when validating the Pod. All of a Pod's containers must have - # the same effective HostProcess value (it is not allowed to have a mix - # of HostProcess containers and non-HostProcess containers). In - # addition, if HostProcess is true then HostNetwork must also be set to - # true. + # Process' container. All of a Pod's containers must have the same + # effective HostProcess value (it is not allowed to have a mix of + # HostProcess containers and non-HostProcess containers). In addition, + # if HostProcess is true then HostNetwork must also be set to true. hostProcess: false # -- RBAC is the options provided for enabling and selecting RBAC User # resources to manage. @@ -1176,7 +1309,7 @@ cluster: # cluster upgrade in order to fulfill the request. The Operator reserves # the right to modify or replace any field. More info: # https://kubernetes.io/docs/reference/generated/kubernetes- - # api/v1.21/#pod-v1-core + # api/v1.28/#pod-v1-core pod: spec: {} services: diff --git a/charts/couchbase-operator/values.yamltmpl b/charts/couchbase-operator/values.yamltmpl index 0f87c82..31ee7b3 100644 --- a/charts/couchbase-operator/values.yamltmpl +++ b/charts/couchbase-operator/values.yamltmpl @@ -20,7 +20,7 @@ couchbaseOperator: # -- Image specifies repository and tag of the Couchbase Operator container. image: repository: couchbase/operator - tag: 2.5.0 + tag: 2.7.0 # -- The policy for pulling images from the repository onto hosts. # The imagePullPolicy value defaults to IfNotPresent, which means # that images are only pulled if they’re not present on the Kubernetes node. @@ -53,7 +53,7 @@ admissionController: # -- Image specifies repository and tag of the Couchbase Admission container. image: repository: couchbase/admission-controller - tag: 2.5.0 + tag: 2.7.0 # -- The policy for pulling images from the repository onto hosts. # The imagePullPolicy value defaults to IfNotPresent, which means # that images are only pulled if they’re not present on the Kubernetes node. From 3f2586c9204e44452160ff5996c3db77ccac5257 Mon Sep 17 00:00:00 2001 From: Yusuf Ramzan Date: Wed, 21 Aug 2024 13:17:04 +0100 Subject: [PATCH 2/2] K8S-3415 Updated helm chart for 2.7.0 --- charts/couchbase-operator/README.md | 7 +-- charts/couchbase-operator/README.md.adoc | 9 ++- .../crds/couchbase.crds.yaml | 60 ++++++++++++------- charts/couchbase-operator/values-all.yaml | 23 +++---- 4 files changed, 55 insertions(+), 44 deletions(-) diff --git a/charts/couchbase-operator/README.md b/charts/couchbase-operator/README.md index cb6c2cb..3d221a5 100644 --- a/charts/couchbase-operator/README.md +++ b/charts/couchbase-operator/README.md @@ -151,7 +151,7 @@ for more information about customizing and managing your charts. | cluster.cluster.indexer.stableSnapshotInterval | string | `"5s"` | StableSnapshotInterval controls when disk indexes should be snapshotted. This defaults to 5s, and must be greater than or equal to 1ms. | | cluster.cluster.indexer.storageMode | string | `"memory_optimized"` | StorageMode controls the underlying storage engine for indexes. Once set it can only be modified if there are no nodes in the cluster running the index service. The field must be one of "memory_optimized" or "plasma", defaulting to "memory_optimized". | | cluster.cluster.indexer.threads | string | `nil` | Threads controls the number of processor threads to use for indexing. A value of 0 means 1 per CPU. This attribute must be greater than or equal to 0, defaulting to 0. | -| cluster.cluster.query | object | `{"backfillEnabled":true,"cboEnabled":true,"cleanupClientAttemptsEnabled":true,"cleanupLostAttemptsEnabled":true,"cleanupWindow":"60s","completedLimit":4000,"completedMaxPlanSize":"262144","completedTrackingAllRequests":false,"completedTrackingEnabled":true,"completedTrackingThreshold":"7s","logLevel":"info","maxParallelism":1,"memoryQuota":"0","nodeQuota":null,"nodeQuotaValPercent":67,"numActiveTransactionRecords":1024,"numCpus":0,"pipelineBatch":16,"pipelineCap":512,"preparedLimit":16384,"scanCap":512,"temporarySpace":"5Gi","temporarySpaceUnlimited":false,"timeout":null,"txTimeout":"0ms","useReplica":false}` | Query allows the query service to be configured. | +| cluster.cluster.query | object | `{"backfillEnabled":true,"cboEnabled":true,"cleanupClientAttemptsEnabled":true,"cleanupLostAttemptsEnabled":true,"cleanupWindow":"60s","completedLimit":4000,"completedMaxPlanSize":"262144","completedTrackingAllRequests":false,"completedTrackingEnabled":true,"completedTrackingThreshold":"7s","logLevel":"info","maxParallelism":1,"memoryQuota":"0","nodeQuotaValPercent":67,"numActiveTransactionRecords":1024,"numCpus":0,"pipelineBatch":16,"pipelineCap":512,"preparedLimit":16384,"scanCap":512,"temporarySpace":"5Gi","temporarySpaceUnlimited":false,"timeout":null,"txTimeout":"0ms","useReplica":false}` | Query allows the query service to be configured. | | cluster.cluster.query.backfillEnabled | bool | `true` | BackfillEnabled allows the query service to backfill. | | cluster.cluster.query.cboEnabled | bool | `true` | CBOEnabled specifies whether the cost-based optimizer is enabled. Defaults to true. | | cluster.cluster.query.cleanupClientAttemptsEnabled | bool | `true` | CleanupClientAttemptsEnabled specifies whether the Query service preferentially aims to clean up just transactions that it has created, leaving transactions for the distributed cleanup process only when it is forced to. Defaults to true. | @@ -165,7 +165,6 @@ for more information about customizing and managing your charts. | cluster.cluster.query.logLevel | string | `"info"` | LogLevel controls the verbosity of query logs. This field must be one of "debug", "trace", "info", "warn", "error", "severe", or "none", defaulting to "info". | | cluster.cluster.query.maxParallelism | int | `1` | MaxParallelism specifies the maximum parallelism for queries on all Query nodes in the cluster. If the value is zero, negative, or larger than the number of allowed cored the maximum parallelism is restricted to the number of allowed cores. Defaults to 1. | | cluster.cluster.query.memoryQuota | string | `"0"` | MemoryQuota specifies the maximum amount of memory a request may use on any Query node in the cluster. This parameter enforces a ceiling on the memory used for the tracked documents required for processing a request. It does not take into account any other memory that might be used to process a request, such as the stack, the operators, or some intermediate values. Defaults to 0. | -| cluster.cluster.query.nodeQuota | string | `nil` | NodeQuota sets a soft memory limit for every Query node in the cluster. The garbage collector tries to keep below this target. It is not a hard, absolute limit, and memory usage may exceed this value. This field is only supported on CB versions 7.6.0+. | | cluster.cluster.query.nodeQuotaValPercent | int | `67` | NodeQuotaValPercent sets the percentage of the `useReplica` that is dedicated to tracked value content memory across all active requests for every Query node in the cluster. This field is only supported on CB versions 7.6.0+. Defaults to 67. | | cluster.cluster.query.numActiveTransactionRecords | int | `1024` | NumActiveTransactionRecords specifies the total number of active transaction records for all Query nodes in the cluster. Default to 1024 and has a minimum of 1. | | cluster.cluster.query.numCpus | int | `0` | NumCpus is the number of CPUs the Query service can use on any Query node in the cluster. When set to 0 (the default), the Query service can use all available CPUs, up to the limits described below. The number of CPUs can never be greater than the number of logical CPUs. In Community Edition, the number of allowed CPUs cannot be greater than 4. In Enterprise Edition, there is no limit to the number of allowed CPUs. This field is only supported on CB versions 7.6.0+. NOTE: This change requires a restart of the Query service to take effect which can be done by rescheduling nodes that are running the query service. Defaults to 0 | @@ -178,7 +177,7 @@ for more information about customizing and managing your charts. | cluster.cluster.query.timeout | string | `nil` | Timeout is the maximum time to spend on the request before timing out. If this field is not set then there will be no timeout. | | cluster.cluster.query.txTimeout | string | `"0ms"` | TxTimeout is the maximum time to spend on a transaction before timing out. This setting only applies to requests containing the BEGIN TRANSACTION statement, or to requests where the tximplicit parameter is set. For all other requests, it is ignored. Defaults to 0ms (no timeout). | | cluster.cluster.query.useReplica | bool | `false` | UseReplica specifies whether a query can fetch data from a replica vBucket if active vBuckets are inaccessible. If set to true then read from replica is enabled for all queries, but can be disabled at request level. If set to false read from replica is disabled for all queries and cannot be overridden at request level. If this field is unset then it is enabled/disabled at the request level. This field is only supported on CB versions 7.6.0+. | -| cluster.cluster.queryServiceMemoryQuota | string | `nil` | QueryServiceMemQuota is a dummy field. By default, Couchbase server provides no memory resource constraints for the query service, so this has no effect on Couchbase server. It is, however, used when the spec.autoResourceAllocation feature is enabled, and is used to define the amount of memory reserved by the query service for use with Kubernetes resource scheduling. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources- containers/#resource-units-in-kubernetes | +| cluster.cluster.queryServiceMemoryQuota | string | `nil` | QueryServiceMemQuota is used when the spec.autoResourceAllocation feature is enabled, and is used to define the amount of memory reserved by the query service for use with Kubernetes resource scheduling. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources- containers/#resource-units-in-kubernetes In CB Server 7.6.0+ QueryServiceMemQuota also sets a soft memory limit for every Query node in the cluster. The garbage collector tries to keep below this target. It is not a hard, absolute limit, and memory usage may exceed this value. | | cluster.cluster.searchServiceMemoryQuota | string | `"256Mi"` | SearchServiceMemQuota is the amount of memory that should be allocated to the search service. This value is per-pod, and only applicable to pods belonging to server classes running the search service. This field must be a quantity greater than or equal to 256Mi. This field defaults to 256Mi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources- containers/#resource-units-in-kubernetes | | cluster.enableOnlineVolumeExpansion | bool | `false` | EnableOnlineVolumeExpansion enables online expansion of Persistent Volumes. You can only expand a PVC if its storage class's "allowVolumeExpansion" field is set to true. Additionally, Kubernetes feature "ExpandInUsePersistentVolumes" must be enabled in order to expand the volumes which are actively bound to Pods. Volumes can only be expanded and not reduced to a smaller size. See: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#resizing-an- in-use-persistentvolumeclaim If "EnableOnlineVolumeExpansion" is enabled for use within an environment that does not actually support online volume and file system expansion then the cluster will fallback to rolling upgrade procedure to create a new set of Pods for use with resized Volumes. More info: https://kubernetes.io/docs/concepts/storage/persistent- volumes/#expanding-persistent-volumes-claims | | cluster.enablePreviewScaling | bool | `false` | DEPRECATED - This option only exists for backwards compatibility and no longer restricts autoscaling to ephemeral services. EnablePreviewScaling enables autoscaling for stateful services and buckets. | @@ -256,7 +255,7 @@ for more information about customizing and managing your charts. | cluster.servers.default.services | list | `["data","index","query","search","analytics","eventing"]` | Services is the set of Couchbase services to run on this server class. At least one class must contain the data service. The field may contain any of "data", "index", "query", "search", "eventing" or "analytics". Each service may only be specified once. | | cluster.servers.default.size | int | `3` | Size is the expected requested of the server class. This field must be greater than or equal to 1. | | cluster.softwareUpdateNotifications | bool | `false` | SoftwareUpdateNotifications enables software update notifications in the UI. When enabled, the UI will alert when a Couchbase server upgrade is available. | -| cluster.upgradeProcess | string | `nil` | UpgradeProcess defines the process that will be used when performing a couchbase cluster upgrade. When SwapRebalance is requested (default), pods will be upgraded using either a RollingUpgrade or ImmediateUpgrade (determined by UpgradeStrategy). When DeltaRecovery is requested, the operator will perform an in-place upgrade on a best effort basis. DeltaRecovery cannot be used if the UpgradeStrategy is set to ImmediateUpgrade. | +| cluster.upgradeProcess | string | `nil` | UpgradeProcess defines the process that will be used when performing a couchbase cluster upgrade. When SwapRebalance is requested (default), pods will be upgraded using either a RollingUpgrade or ImmediateUpgrade (determined by UpgradeStrategy). When InPlaceUpgrade is requested, the operator will perform an in-place upgrade on a best effort basis. InPlaceUpgrade cannot be used if the UpgradeStrategy is set to ImmediateUpgrade. | | cluster.upgradeStrategy | string | `nil` | UpgradeStrategy controls how aggressive the Operator is when performing a cluster upgrade. When a rolling upgrade is requested, pods are upgraded one at a time. This strategy is slower, however less disruptive. When an immediate upgrade strategy is requested, all pods are upgraded at the same time. This strategy is faster, but more disruptive. This field must be either "RollingUpgrade" or "ImmediateUpgrade", defaulting to "RollingUpgrade". | | cluster.volumeClaimTemplates | object | `{"metadata":{"annotations":null,"labels":null,"name":null},"spec":{"accessModes":null,"dataSourceRef":{"apiGroup":null,"kind":null,"name":null,"namespace":null},"resources":{"claims":{"name":null},"limits":null,"requests":null},"selector":{"matchExpressions":{"key":null,"operator":null,"values":null},"matchLabels":null},"storageClassName":null,"volumeMode":null,"volumeName":null}}` | VolumeClaimTemplates define the desired characteristics of a volume that can be requested/claimed by a pod, for example the storage class to use and the volume size. Volume claim templates are referred to by name by server class volume mount configuration. | | cluster.volumeClaimTemplates.metadata | object | `{"annotations":null,"labels":null,"name":null}` | Standard objects metadata. This is a curated version for use with Couchbase resource templates. | diff --git a/charts/couchbase-operator/README.md.adoc b/charts/couchbase-operator/README.md.adoc index 41f2ae6..aa88649 100644 --- a/charts/couchbase-operator/README.md.adoc +++ b/charts/couchbase-operator/README.md.adoc @@ -84,7 +84,7 @@ | cluster.buckets.selector.matchExpressions | object | `{"key":null,"operator":null,"values":null}` | matchExpressions is a list of label selector requirements. The requirements are ANDed. | cluster.buckets.selector.matchLabels | string | `nil` | matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. | cluster.buckets.synchronize | bool | `false` | Synchronize allows unmanaged buckets, scopes, and collections to be synchronized as Kubernetes resources by the Operator. This feature is intended for development only and should not be used for production workloads. The synchronization workflow starts with `spec.buckets.managed` being set to false, the user can manually create buckets, scopes, and collections using the Couchbase UI, or other tooling. When you wish to commit to Kubernetes resources, you must specify a unique label selector in the `spec.buckets.selector` field, and this field is set to true. The Operator will create Kubernetes resources for you, and upon completion set the cluster's `Synchronized` status condition. Synchronizing will not create a Kubernetes resource for the Couchbase Server maintained _system scope. You may then safely set `spec.buckets.managed` to true and the Operator will manage these resources as per usual. To update an already managed data topology, you must first set it to unmanaged, make any changes, and delete any old resources, then follow the standard synchronization workflow. The Operator can not, and will not, ever delete, or make modifications to resource specifications that are intended to be user managed, or managed by a life cycle management tool. These actions must be instigated by an end user. For a more complete experience, refer to the documentation for the `cao save` and `cao restore` CLI commands. -| cluster.cluster | object | `{"analyticsServiceMemoryQuota":"1Gi","autoCompaction":{"databaseFragmentationThreshold":{"percent":30,"size":null},"parallelCompaction":false,"timeWindow":{"abortCompactionOutsideWindow":false,"end":null,"start":null},"tombstonePurgeInterval":"72h","viewFragmentationThreshold":{"percent":30,"size":null}},"autoFailoverMaxCount":1,"autoFailoverOnDataDiskIssues":false,"autoFailoverOnDataDiskIssuesTimePeriod":"120s","autoFailoverServerGroup":false,"autoFailoverTimeout":"120s","clusterName":null,"data":{"auxIOThreads":null,"minReplicasCount":0,"nonIOThreads":null,"readerThreads":null,"writerThreads":null},"dataServiceMemoryQuota":"256Mi","eventingServiceMemoryQuota":"256Mi","indexServiceMemoryQuota":"256Mi","indexStorageSetting":"memory_optimized","indexer":{"enableShardAffinity":false,"logLevel":"info","maxRollbackPoints":2,"memorySnapshotInterval":"200ms","numReplica":0,"redistributeIndexes":false,"stableSnapshotInterval":"5s","storageMode":"memory_optimized","threads":null},"query":{"backfillEnabled":true,"cboEnabled":true,"cleanupClientAttemptsEnabled":true,"cleanupLostAttemptsEnabled":true,"cleanupWindow":"60s","completedLimit":4000,"completedMaxPlanSize":"262144","completedTrackingAllRequests":false,"completedTrackingEnabled":true,"completedTrackingThreshold":"7s","logLevel":"info","maxParallelism":1,"memoryQuota":"0","nodeQuota":null,"nodeQuotaValPercent":67,"numActiveTransactionRecords":1024,"numCpus":0,"pipelineBatch":16,"pipelineCap":512,"preparedLimit":16384,"scanCap":512,"temporarySpace":"5Gi","temporarySpaceUnlimited":false,"timeout":null,"txTimeout":"0ms","useReplica":false},"queryServiceMemoryQuota":null,"searchServiceMemoryQuota":"256Mi"}` | ClusterSettings define Couchbase cluster-wide settings such as memory allocation, failover characteristics and index settings. +| cluster.cluster | object | `{"analyticsServiceMemoryQuota":"1Gi","autoCompaction":{"databaseFragmentationThreshold":{"percent":30,"size":null},"parallelCompaction":false,"timeWindow":{"abortCompactionOutsideWindow":false,"end":null,"start":null},"tombstonePurgeInterval":"72h","viewFragmentationThreshold":{"percent":30,"size":null}},"autoFailoverMaxCount":1,"autoFailoverOnDataDiskIssues":false,"autoFailoverOnDataDiskIssuesTimePeriod":"120s","autoFailoverServerGroup":false,"autoFailoverTimeout":"120s","clusterName":null,"data":{"auxIOThreads":null,"minReplicasCount":0,"nonIOThreads":null,"readerThreads":null,"writerThreads":null},"dataServiceMemoryQuota":"256Mi","eventingServiceMemoryQuota":"256Mi","indexServiceMemoryQuota":"256Mi","indexStorageSetting":"memory_optimized","indexer":{"enableShardAffinity":false,"logLevel":"info","maxRollbackPoints":2,"memorySnapshotInterval":"200ms","numReplica":0,"redistributeIndexes":false,"stableSnapshotInterval":"5s","storageMode":"memory_optimized","threads":null},"query":{"backfillEnabled":true,"cboEnabled":true,"cleanupClientAttemptsEnabled":true,"cleanupLostAttemptsEnabled":true,"cleanupWindow":"60s","completedLimit":4000,"completedMaxPlanSize":"262144","completedTrackingAllRequests":false,"completedTrackingEnabled":true,"completedTrackingThreshold":"7s","logLevel":"info","maxParallelism":1,"memoryQuota":"0","nodeQuotaValPercent":67,"numActiveTransactionRecords":1024,"numCpus":0,"pipelineBatch":16,"pipelineCap":512,"preparedLimit":16384,"scanCap":512,"temporarySpace":"5Gi","temporarySpaceUnlimited":false,"timeout":null,"txTimeout":"0ms","useReplica":false},"queryServiceMemoryQuota":null,"searchServiceMemoryQuota":"256Mi"}` | ClusterSettings define Couchbase cluster-wide settings such as memory allocation, failover characteristics and index settings. | cluster.cluster.analyticsServiceMemoryQuota | string | `"1Gi"` | AnalyticsServiceMemQuota is the amount of memory that should be allocated to the analytics service. This value is per-pod, and only applicable to pods belonging to server classes running the analytics service. This field must be a quantity greater than or equal to 1Gi. This field defaults to 1Gi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes | cluster.cluster.autoCompaction | object | `{"databaseFragmentationThreshold":{"percent":30,"size":null},"parallelCompaction":false,"timeWindow":{"abortCompactionOutsideWindow":false,"end":null,"start":null},"tombstonePurgeInterval":"72h","viewFragmentationThreshold":{"percent":30,"size":null}}` | AutoCompaction allows the configuration of auto-compaction, including on what conditions disk space is reclaimed and when it is allowed to run. | cluster.cluster.autoCompaction.databaseFragmentationThreshold | object | `{"percent":30,"size":null}` | DatabaseFragmentationThreshold defines triggers for when database compaction should start. @@ -118,7 +118,7 @@ | cluster.cluster.indexer.stableSnapshotInterval | string | `"5s"` | StableSnapshotInterval controls when disk indexes should be snapshotted. This defaults to 5s, and must be greater than or equal to 1ms. | cluster.cluster.indexer.storageMode | string | `"memory_optimized"` | StorageMode controls the underlying storage engine for indexes. Once set it can only be modified if there are no nodes in the cluster running the index service. The field must be one of "memory_optimized" or "plasma", defaulting to "memory_optimized". | cluster.cluster.indexer.threads | string | `nil` | Threads controls the number of processor threads to use for indexing. A value of 0 means 1 per CPU. This attribute must be greater than or equal to 0, defaulting to 0. -| cluster.cluster.query | object | `{"backfillEnabled":true,"cboEnabled":true,"cleanupClientAttemptsEnabled":true,"cleanupLostAttemptsEnabled":true,"cleanupWindow":"60s","completedLimit":4000,"completedMaxPlanSize":"262144","completedTrackingAllRequests":false,"completedTrackingEnabled":true,"completedTrackingThreshold":"7s","logLevel":"info","maxParallelism":1,"memoryQuota":"0","nodeQuota":null,"nodeQuotaValPercent":67,"numActiveTransactionRecords":1024,"numCpus":0,"pipelineBatch":16,"pipelineCap":512,"preparedLimit":16384,"scanCap":512,"temporarySpace":"5Gi","temporarySpaceUnlimited":false,"timeout":null,"txTimeout":"0ms","useReplica":false}` | Query allows the query service to be configured. +| cluster.cluster.query | object | `{"backfillEnabled":true,"cboEnabled":true,"cleanupClientAttemptsEnabled":true,"cleanupLostAttemptsEnabled":true,"cleanupWindow":"60s","completedLimit":4000,"completedMaxPlanSize":"262144","completedTrackingAllRequests":false,"completedTrackingEnabled":true,"completedTrackingThreshold":"7s","logLevel":"info","maxParallelism":1,"memoryQuota":"0","nodeQuotaValPercent":67,"numActiveTransactionRecords":1024,"numCpus":0,"pipelineBatch":16,"pipelineCap":512,"preparedLimit":16384,"scanCap":512,"temporarySpace":"5Gi","temporarySpaceUnlimited":false,"timeout":null,"txTimeout":"0ms","useReplica":false}` | Query allows the query service to be configured. | cluster.cluster.query.backfillEnabled | bool | `true` | BackfillEnabled allows the query service to backfill. | cluster.cluster.query.cboEnabled | bool | `true` | CBOEnabled specifies whether the cost-based optimizer is enabled. Defaults to true. | cluster.cluster.query.cleanupClientAttemptsEnabled | bool | `true` | CleanupClientAttemptsEnabled specifies whether the Query service preferentially aims to clean up just transactions that it has created, leaving transactions for the distributed cleanup process only when it is forced to. Defaults to true. @@ -132,7 +132,6 @@ | cluster.cluster.query.logLevel | string | `"info"` | LogLevel controls the verbosity of query logs. This field must be one of "debug", "trace", "info", "warn", "error", "severe", or "none", defaulting to "info". | cluster.cluster.query.maxParallelism | int | `1` | MaxParallelism specifies the maximum parallelism for queries on all Query nodes in the cluster. If the value is zero, negative, or larger than the number of allowed cored the maximum parallelism is restricted to the number of allowed cores. Defaults to 1. | cluster.cluster.query.memoryQuota | string | `"0"` | MemoryQuota specifies the maximum amount of memory a request may use on any Query node in the cluster. This parameter enforces a ceiling on the memory used for the tracked documents required for processing a request. It does not take into account any other memory that might be used to process a request, such as the stack, the operators, or some intermediate values. Defaults to 0. -| cluster.cluster.query.nodeQuota | string | `nil` | NodeQuota sets a soft memory limit for every Query node in the cluster. The garbage collector tries to keep below this target. It is not a hard, absolute limit, and memory usage may exceed this value. This field is only supported on CB versions 7.6.0+. | cluster.cluster.query.nodeQuotaValPercent | int | `67` | NodeQuotaValPercent sets the percentage of the `useReplica` that is dedicated to tracked value content memory across all active requests for every Query node in the cluster. This field is only supported on CB versions 7.6.0+. Defaults to 67. | cluster.cluster.query.numActiveTransactionRecords | int | `1024` | NumActiveTransactionRecords specifies the total number of active transaction records for all Query nodes in the cluster. Default to 1024 and has a minimum of 1. | cluster.cluster.query.numCpus | int | `0` | NumCpus is the number of CPUs the Query service can use on any Query node in the cluster. When set to 0 (the default), the Query service can use all available CPUs, up to the limits described below. The number of CPUs can never be greater than the number of logical CPUs. In Community Edition, the number of allowed CPUs cannot be greater than 4. In Enterprise Edition, there is no limit to the number of allowed CPUs. This field is only supported on CB versions 7.6.0+. NOTE: This change requires a restart of the Query service to take effect which can be done by rescheduling nodes that are running the query service. Defaults to 0 @@ -145,7 +144,7 @@ | cluster.cluster.query.timeout | string | `nil` | Timeout is the maximum time to spend on the request before timing out. If this field is not set then there will be no timeout. | cluster.cluster.query.txTimeout | string | `"0ms"` | TxTimeout is the maximum time to spend on a transaction before timing out. This setting only applies to requests containing the BEGIN TRANSACTION statement, or to requests where the tximplicit parameter is set. For all other requests, it is ignored. Defaults to 0ms (no timeout). | cluster.cluster.query.useReplica | bool | `false` | UseReplica specifies whether a query can fetch data from a replica vBucket if active vBuckets are inaccessible. If set to true then read from replica is enabled for all queries, but can be disabled at request level. If set to false read from replica is disabled for all queries and cannot be overridden at request level. If this field is unset then it is enabled/disabled at the request level. This field is only supported on CB versions 7.6.0+. -| cluster.cluster.queryServiceMemoryQuota | string | `nil` | QueryServiceMemQuota is a dummy field. By default, Couchbase server provides no memory resource constraints for the query service, so this has no effect on Couchbase server. It is, however, used when the spec.autoResourceAllocation feature is enabled, and is used to define the amount of memory reserved by the query service for use with Kubernetes resource scheduling. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes +| cluster.cluster.queryServiceMemoryQuota | string | `nil` | QueryServiceMemQuota is used when the spec.autoResourceAllocation feature is enabled, and is used to define the amount of memory reserved by the query service for use with Kubernetes resource scheduling. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes In CB Server 7.6.0+ QueryServiceMemQuota also sets a soft memory limit for every Query node in the cluster. The garbage collector tries to keep below this target. It is not a hard, absolute limit, and memory usage may exceed this value. | cluster.cluster.searchServiceMemoryQuota | string | `"256Mi"` | SearchServiceMemQuota is the amount of memory that should be allocated to the search service. This value is per-pod, and only applicable to pods belonging to server classes running the search service. This field must be a quantity greater than or equal to 256Mi. This field defaults to 256Mi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes | cluster.enableOnlineVolumeExpansion | bool | `false` | EnableOnlineVolumeExpansion enables online expansion of Persistent Volumes. You can only expand a PVC if its storage class's "allowVolumeExpansion" field is set to true. Additionally, Kubernetes feature "ExpandInUsePersistentVolumes" must be enabled in order to expand the volumes which are actively bound to Pods. Volumes can only be expanded and not reduced to a smaller size. See: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#resizing-an- in-use-persistentvolumeclaim If "EnableOnlineVolumeExpansion" is enabled for use within an environment that does not actually support online volume and file system expansion then the cluster will fallback to rolling upgrade procedure to create a new set of Pods for use with resized Volumes. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#expanding-persistent-volumes-claims | cluster.enablePreviewScaling | bool | `false` | DEPRECATED - This option only exists for backwards compatibility and no longer restricts autoscaling to ephemeral services. EnablePreviewScaling enables autoscaling for stateful services and buckets. @@ -233,7 +232,7 @@ | cluster.servers.default.services | list | `["data","index","query","search","analytics","eventing"]` | Services is the set of Couchbase services to run on this server class. At least one class must contain the data service. The field may contain any of "data", "index", "query", "search", "eventing" or "analytics". Each service may only be specified once. | cluster.servers.default.size | int | `3` | Size is the expected requested of the server class. This field must be greater than or equal to 1. | cluster.softwareUpdateNotifications | bool | `false` | SoftwareUpdateNotifications enables software update notifications in the UI. When enabled, the UI will alert when a Couchbase server upgrade is available. -| cluster.upgradeProcess | string | `nil` | UpgradeProcess defines the process that will be used when performing a couchbase cluster upgrade. When SwapRebalance is requested (default), pods will be upgraded using either a RollingUpgrade or ImmediateUpgrade (determined by UpgradeStrategy). When DeltaRecovery is requested, the operator will perform an in-place upgrade on a best effort basis. DeltaRecovery cannot be used if the UpgradeStrategy is set to ImmediateUpgrade. +| cluster.upgradeProcess | string | `nil` | UpgradeProcess defines the process that will be used when performing a couchbase cluster upgrade. When SwapRebalance is requested (default), pods will be upgraded using either a RollingUpgrade or ImmediateUpgrade (determined by UpgradeStrategy). When InPlaceUpgrade is requested, the operator will perform an in-place upgrade on a best effort basis. InPlaceUpgrade cannot be used if the UpgradeStrategy is set to ImmediateUpgrade. | cluster.upgradeStrategy | string | `nil` | UpgradeStrategy controls how aggressive the Operator is when performing a cluster upgrade. When a rolling upgrade is requested, pods are upgraded one at a time. This strategy is slower, however less disruptive. When an immediate upgrade strategy is requested, all pods are upgraded at the same time. This strategy is faster, but more disruptive. This field must be either "RollingUpgrade" or "ImmediateUpgrade", defaulting to "RollingUpgrade". | cluster.volumeClaimTemplates | object | `{"metadata":{"annotations":null,"labels":null,"name":null},"spec":{"accessModes":null,"dataSourceRef":{"apiGroup":null,"kind":null,"name":null,"namespace":null},"resources":{"claims":{"name":null},"limits":null,"requests":null},"selector":{"matchExpressions":{"key":null,"operator":null,"values":null},"matchLabels":null},"storageClassName":null,"volumeMode":null,"volumeName":null}}` | VolumeClaimTemplates define the desired characteristics of a volume that can be requested/claimed by a pod, for example the storage class to use and the volume size. Volume claim templates are referred to by name by server class volume mount configuration. | cluster.volumeClaimTemplates.metadata | object | `{"annotations":null,"labels":null,"name":null}` | Standard objects metadata. This is a curated version for use with Couchbase resource templates. diff --git a/charts/couchbase-operator/crds/couchbase.crds.yaml b/charts/couchbase-operator/crds/couchbase.crds.yaml index 596c829..371680c 100644 --- a/charts/couchbase-operator/crds/couchbase.crds.yaml +++ b/charts/couchbase-operator/crds/couchbase.crds.yaml @@ -283,8 +283,14 @@ spec: type: object forceUpdates: description: |- - Forces data in the Couchbase cluster to be overwritten - even if the data in the cluster is newer than the restore + Forces data in the Couchbase cluster to be overwritten even if the data in the cluster is newer. + By default, the system does not force updates, + and all updates use Couchbase's conflict resolution mechanism to ensure + that if newer data exists on the cluster, + older restored data does not overwrite it. + However, if `couchbasebackuprestores.spec.forceUpdates` is true, + then the backup record will _always_ overwrite the cluster record, + regardless of Couchbase's conflict resolution. type: boolean logRetention: default: 168h @@ -336,6 +342,14 @@ spec: If set, will override `CouchbaseCluster.spec.backup.useIAM`. type: boolean type: object + overwriteUsers: + default: false + description: |- + Overwrites the already existing users in the cluster when user restoration is enabled (spec.services.users). + The default behavior of backup/restore of users is to skip already existing users. + This is only available for Couchbase Server 7.6 and later. + This field defaults to `false`. + type: boolean repo: description: |- Repo is the backup folder to restore from. If no repository is specified, @@ -416,6 +430,12 @@ spec: GSIIndex restores document indexes from the backup. This field defaults to true. type: boolean + users: + default: false + description: |- + Users restores cluster level users, including their roles and permissions. This is + only available for Couchbase Server 7.6 and later. This field defaults to `false`. + type: boolean views: default: true description: Views restores views from the backup. This field @@ -832,8 +852,8 @@ spec: default: {} description: |- Services allows control over what services are included in the backup. - By default, all service data and metadata are included. Modifications - to this field will only take effect on the next full backup. + By default, all service data and metadata are included apart from users. + Modifications to this field will only take effect on the next full backup. properties: analytics: default: true @@ -896,6 +916,12 @@ spec: GSIndexes enables the backup of global secondary index definitions for all buckets. This field defaults to `true`. type: boolean + users: + default: false + description: |- + Users enables the backup of users including their roles and permissions. This is + only available for Couchbase Server 7.6 and later. This field defaults to `false`. + type: boolean views: default: true description: |- @@ -2284,18 +2310,6 @@ spec: pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ type: string x-kubernetes-int-or-string: true - nodeQuota: - anyOf: - - type: integer - - type: string - description: |- - NodeQuota sets a soft memory limit for every Query node in the cluster. The garbage - collector tries to keep below this target. It is not a hard, absolute limit, and memory - usage may exceed this value. - This field is only supported on CB versions 7.6.0+. - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - type: string - x-kubernetes-int-or-string: true nodeQuotaValPercent: default: 67 description: |- @@ -2427,12 +2441,13 @@ spec: - type: integer - type: string description: |- - QueryServiceMemQuota is a dummy field. By default, Couchbase server provides no - memory resource constraints for the query service, so this has no effect on Couchbase - server. It is, however, used when the spec.autoResourceAllocation feature is enabled, + QueryServiceMemQuota is used when the spec.autoResourceAllocation feature is enabled, and is used to define the amount of memory reserved by the query service for use with Kubernetes resource scheduling. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes + In CB Server 7.6.0+ QueryServiceMemQuota also sets a soft memory limit for every Query node in the cluster. + The garbage collector tries to keep below this target. It is not a hard, absolute limit, and memory + usage may exceed this value. pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ type: string x-kubernetes-int-or-string: true @@ -3580,6 +3595,7 @@ spec: - admin - xdcr - client + - backup type: string type: array x-kubernetes-list-type: set @@ -6432,12 +6448,13 @@ spec: description: |- UpgradeProcess defines the process that will be used when performing a couchbase cluster upgrade. When SwapRebalance is requested (default), pods will be upgraded using either a RollingUpgrade or - ImmediateUpgrade (determined by UpgradeStrategy). When DeltaRecovery is requested, the operator will - perform an in-place upgrade on a best effort basis. DeltaRecovery cannot be used if the UpgradeStrategy + ImmediateUpgrade (determined by UpgradeStrategy). When InPlaceUpgrade is requested, the operator will + perform an in-place upgrade on a best effort basis. InPlaceUpgrade cannot be used if the UpgradeStrategy is set to ImmediateUpgrade. enum: - SwapRebalance - DeltaRecovery + - InPlaceUpgrade type: string upgradeStrategy: description: |- @@ -7829,6 +7846,7 @@ spec: - security_admin_local - views_admin - views_reader + - eventing_manage_functions type: string scopes: description: |- diff --git a/charts/couchbase-operator/values-all.yaml b/charts/couchbase-operator/values-all.yaml index 9db7af1..0fbbefd 100644 --- a/charts/couchbase-operator/values-all.yaml +++ b/charts/couchbase-operator/values-all.yaml @@ -1213,11 +1213,6 @@ cluster: # used to process a request, such as the stack, the operators, or some # intermediate values. Defaults to 0. memoryQuota: '0' - # -- NodeQuota sets a soft memory limit for every Query node in the - # cluster. The garbage collector tries to keep below this target. It is - # not a hard, absolute limit, and memory usage may exceed this value. This - # field is only supported on CB versions 7.6.0+. - nodeQuota: # -- NodeQuotaValPercent sets the percentage of the `useReplica` that is # dedicated to tracked value content memory across all active requests for # every Query node in the cluster. This field is only supported on CB @@ -1279,14 +1274,14 @@ cluster: # enabled/disabled at the request level. This field is only supported on # CB versions 7.6.0+. useReplica: false - # -- QueryServiceMemQuota is a dummy field. By default, Couchbase server - # provides no memory resource constraints for the query service, so this has - # no effect on Couchbase server. It is, however, used when the - # spec.autoResourceAllocation feature is enabled, and is used to define the - # amount of memory reserved by the query service for use with Kubernetes - # resource scheduling. More info: + # -- QueryServiceMemQuota is used when the spec.autoResourceAllocation + # feature is enabled, and is used to define the amount of memory reserved by + # the query service for use with Kubernetes resource scheduling. More info: # https://kubernetes.io/docs/concepts/configuration/manage-resources- - # containers/#resource-units-in-kubernetes + # containers/#resource-units-in-kubernetes In CB Server 7.6.0+ + # QueryServiceMemQuota also sets a soft memory limit for every Query node in + # the cluster. The garbage collector tries to keep below this target. It is + # not a hard, absolute limit, and memory usage may exceed this value. queryServiceMemoryQuota: # -- SearchServiceMemQuota is the amount of memory that should be allocated # to the search service. This value is per-pod, and only applicable to pods @@ -2282,9 +2277,9 @@ cluster: # -- UpgradeProcess defines the process that will be used when performing a # couchbase cluster upgrade. When SwapRebalance is requested (default), pods # will be upgraded using either a RollingUpgrade or ImmediateUpgrade - # (determined by UpgradeStrategy). When DeltaRecovery is requested, the + # (determined by UpgradeStrategy). When InPlaceUpgrade is requested, the # operator will perform an in-place upgrade on a best effort basis. - # DeltaRecovery cannot be used if the UpgradeStrategy is set to + # InPlaceUpgrade cannot be used if the UpgradeStrategy is set to # ImmediateUpgrade. upgradeProcess: # -- UpgradeStrategy controls how aggressive the Operator is when performing a