diff --git a/charts/edb-postgres-distributed-for-kubernetes/Chart.yaml b/charts/edb-postgres-distributed-for-kubernetes/Chart.yaml index 513bba5..091bf08 100644 --- a/charts/edb-postgres-distributed-for-kubernetes/Chart.yaml +++ b/charts/edb-postgres-distributed-for-kubernetes/Chart.yaml @@ -17,12 +17,12 @@ name: edb-postgres-distributed-for-kubernetes description: EDB Postgres Distributed for Kubernetes Helm Chart icon: https://www.enterprisedb.com/themes/custom/edb_bootstrap_sass/edb-logo-disc-dark-2.svg type: application -version: "0.2.1" +version: "0.2.2" # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "0.6.0" +appVersion: "0.7.1" dependencies: - name: "cert-manager" diff --git a/charts/edb-postgres-distributed-for-kubernetes/README.md b/charts/edb-postgres-distributed-for-kubernetes/README.md index 4a79434..44a5d44 100644 --- a/charts/edb-postgres-distributed-for-kubernetes/README.md +++ b/charts/edb-postgres-distributed-for-kubernetes/README.md @@ -1,6 +1,6 @@ # edb-postgres-distributed-for-kubernetes -![Version: 0.2.1](https://img.shields.io/badge/Version-0.2.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.6.0](https://img.shields.io/badge/AppVersion-0.6.0-informational?style=flat-square) +![Version: 0.2.2](https://img.shields.io/badge/Version-0.2.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.7.1](https://img.shields.io/badge/AppVersion-0.7.1-informational?style=flat-square) EDB Postgres Distributed for Kubernetes Helm Chart @@ -36,8 +36,8 @@ EDB Postgres Distributed for Kubernetes Helm Chart | cert-manager.installCRDs | bool | `true` | | | commonAnnotations | object | `{}` | Annotations to be added to all other resources | | config.create | bool | `true` | Specifies whether the secret should be created | -| config.data.PGD_IMAGE_NAME | string | `"docker.enterprisedb.com/k8s_enterprise_pgd/postgresql-pgd:15.2-5.0.0-1"` | | -| config.data.PGD_PROXY_IMAGE_NAME | string | `"docker.enterprisedb.com/k8s_enterprise_pgd/edb-pgd-proxy:5.0.1-131"` | | +| config.data.PGD_IMAGE_NAME | string | `"docker.enterprisedb.com/k8s_enterprise_pgd/postgresql-pgd:15.4-5.2.0"` | | +| config.data.PGD_PROXY_IMAGE_NAME | string | `"docker.enterprisedb.com/k8s_enterprise_pgd/edb-pgd-proxy:5.2.0-1"` | | | config.data.PULL_SECRET_NAME | string | `"pgd-operator-pull-secret"` | | | config.name | string | `"pgd-operator-controller-manager-config"` | | | config.secret | bool | `false` | Specifies whether it should be stored in a secret, instead of a configmap | diff --git a/charts/edb-postgres-distributed-for-kubernetes/templates/crds/crds.yaml b/charts/edb-postgres-distributed-for-kubernetes/templates/crds/crds.yaml index eae98a1..c52a726 100644 --- a/charts/edb-postgres-distributed-for-kubernetes/templates/crds/crds.yaml +++ b/charts/edb-postgres-distributed-for-kubernetes/templates/crds/crds.yaml @@ -3,9 +3,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.1 + controller-gen.kubebuilder.io/version: v0.12.0 helm.sh/resource-policy: keep - creationTimestamp: null labels: app.kubernetes.io/name: pgd-operator name: pgdgroupcleanups.pgd.k8s.enterprisedb.io @@ -45,6 +44,11 @@ spec: properties: executor: type: string + force: + default: false + description: Force will force the removal of the PGDGroup even if + the target PGDGroup nodes are not parted + type: boolean target: type: string required: @@ -69,7 +73,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.1 + controller-gen.kubebuilder.io/version: v0.12.0 helm.sh/resource-policy: keep labels: app.kubernetes.io/name: pgd-operator @@ -80,8 +84,8 @@ spec: webhook: clientConfig: service: - name: {{ .Values.service.name }} - namespace: {{ .Release.Namespace }} + name: webhook-service + namespace: system path: /convert conversionReviewVersions: - v1 @@ -106,10 +110,6 @@ spec: jsonPath: .status.phase name: Phase type: string - - description: Additional details about the phase - jsonPath: .status.phaseDetails - name: Phase Details - type: string - jsonPath: .metadata.creationTimestamp name: Age type: date @@ -134,7 +134,7 @@ spec: description: PGDGroupSpec defines the desired state of PGDGroup properties: backup: - description: The configuration to be used for backups + description: The configuration to be used for backups in the CNP instances. properties: configuration: description: The CNP configuration to be used for backup. ServerName @@ -483,12 +483,10 @@ spec: required: - schedule type: object - required: - - configuration - - cron type: object cnp: - description: Instances configuration. + description: Instances configuration that will be injected into the + CNP clusters that compose the PGD Group properties: affinity: description: Affinity/Anti-affinity rules for Pods @@ -1436,7 +1434,7 @@ spec: type: integer enableSuperuserAccess: default: true - description: When this option is enabled the CNP operator will + description: When this option is enabled, the CNP operator will create or use the secret defined in the SuperuserSecret to allow superuser (postgres) access to the database. Disabled by default. type: boolean @@ -1451,6 +1449,19 @@ spec: - debug - trace type: string + metadata: + description: Metadata applied exclusively to the generated Cluster + resources. Useful for applying AppArmor profiles. + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object monitoring: description: The configuration of the monitoring infrastructure of this cluster @@ -1831,9 +1842,31 @@ spec: description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + to an implementation-defined value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object + seccompProfile: + description: 'The SeccompProfile applied to every Pod and Container. + Defaults to: `RuntimeDefault`' + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile must be + preconfigured on the node to work. Must be a descending + path, relative to the kubelet's configured seccomp profile + location. Must only be set if type is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - a profile + defined in a file on the node should be used. RuntimeDefault + - the container runtime default profile should be used. + Unconfined - no profile should be applied." + type: string + required: + - type + type: object serviceAccountTemplate: description: The service account template to be passed to CNP properties: @@ -2026,7 +2059,8 @@ spec: of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -2108,9 +2142,11 @@ spec: type: string type: object superuserSecret: - description: The secret containing the superuser password. If - not defined a new secret will be created with a randomly generated - password + description: The secret containing the superuser password. A new + secret will be created with a randomly generated password if + not defined. This field is only allowed in the CNP Instances + configuration. A Witness Node will always use the same SuperuserSecret + as the other instances. properties: name: description: Name of the referent. @@ -2270,7 +2306,8 @@ spec: of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + value. Requests cannot exceed Limits. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: @@ -2355,7 +2392,8 @@ spec: - storage type: object connectivity: - description: Configures the connectivity of the PGDGroup + description: Configures the connectivity of the PGDGroup, like services + and certificates that will be used. properties: dns: description: Describes how the FQDN for the resources should be @@ -2775,6 +2813,14 @@ spec: do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' type: string type: object + updateStrategy: + default: patch + description: UpdateStrategy indicates how to update the services + generated by this template. + enum: + - patch + - replace + type: string type: object nodeServiceTemplate: description: Instructs how to generate the service for each node @@ -3153,6 +3199,14 @@ spec: do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' type: string type: object + updateStrategy: + default: patch + description: UpdateStrategy indicates how to update the services + generated by this template. + enum: + - patch + - replace + type: string type: object proxyServiceTemplate: description: Instructs how to generate the service pointing to @@ -3532,6 +3586,14 @@ spec: do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' type: string type: object + updateStrategy: + default: patch + description: UpdateStrategy indicates how to update the services + generated by this template. + enum: + - patch + - replace + type: string type: object tls: description: The configuration of the TLS infrastructure @@ -4362,8 +4424,9 @@ spec: type: object failingFinalizerTimeLimitSeconds: default: 300 - description: The amount of seconds for the finalizer to start correctly, - measured from the deletion timestamp + description: The amount of seconds that the operator will wait in + case of a failing finalizer. A finalizer is considered failing when + the operator cannot reach any nodes of the PGDGroup format: int32 type: integer imageName: @@ -4377,9 +4440,8 @@ spec: More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' type: string imagePullSecrets: - description: The list of pull secrets to be used to pull the images. - If the license key contains a pull secret that secret will be automatically - included. + description: The list of pull secrets to be used to pull operator + and or the operand images items: description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. @@ -4455,6 +4517,7 @@ spec: type: integer type: object globalRouting: + default: false description: GlobalRouting is true when global routing is enabled, and in this case the proxies will be created in the parent group type: boolean @@ -4480,7 +4543,11 @@ spec: type: array type: default: always - description: The type of SQLMutation + description: 'Type determines when the SQLMutation occurs. + ''always'': reconcile the mutation at each reconciliation + cycle ''beforeSubgroupRaft'': are executed only before + the subgroupRaft is enabled If not specified, the Type + defaults to ''always''.' enum: - always - beforeSubgroupRaft @@ -4488,7 +4555,6 @@ spec: required: - exec - isApplied - - type type: object type: array nodeGroupSettings: @@ -4535,6 +4601,7 @@ spec: description: ParentGroup configures the topology of the PGD group properties: create: + default: false description: Create is true when the operator should create the parent group if it doesn't exist type: boolean @@ -4545,20 +4612,6 @@ spec: required: - name type: object - postInitSQL: - description: 'List of SQL queries to be executed as a superuser - immediately after a node has been created - to be used with - extreme care (by default empty) TODO: remove after 01/04/2023' - items: - type: string - type: array - postInitTemplateSQL: - description: 'List of SQL queries to be executed as a superuser - in the `template1` after a node has been created - to be used - with extreme care (by default empty) TODO: remove after 01/04/2023' - items: - type: string - type: array proxySettings: default: fallbackGroupTimeout: 60 @@ -5551,7 +5604,8 @@ spec: description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + to an implementation-defined value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object proxyTolerations: @@ -5602,7 +5656,8 @@ spec: minimum: 0 type: integer restore: - description: The configuration to restore this PGD group from + description: The configuration to restore this PGD group from an Object + Store service properties: barmanObjectStore: description: The configuration for the barman-cloud tool suite @@ -5889,7 +5944,9 @@ spec: order. type: string exclusive: - description: Set the target to be exclusive (defaults to true) + description: Set the target to be exclusive. If omitted, defaults + to false, so that in Postgres, `recovery_target_inclusive` + will be true type: boolean targetImmediate: description: End recovery as soon as a consistent state is @@ -5923,230 +5980,2119 @@ spec: required: - serverNames type: object - witnessInstances: - description: Number of witness instances required in the cluster - format: int32 - minimum: 0 - type: integer - required: - - cnp - - connectivity - - instances - - pgd - type: object - status: - description: PGDGroupStatus defines the observed state of PGDGroup - properties: - CNP: - description: Last known status of CNP - properties: - applicationUserSecretIsPresent: - type: boolean - dataInstances: - default: 0 - format: int32 - type: integer - firstRecoverabilityPoints: - additionalProperties: - type: string - description: The recoverability points, keyed per CNP clusterName, - as a date in RFC3339 format - type: object - podDisruptionBudgetIsPresent: - type: boolean - superUserSecretIsPresent: - type: boolean - witnessInstances: - default: 0 - format: int32 - type: integer - type: object - PGD: - description: Last known status of PGD - properties: - nodeGroup: - description: NodeGroup is the status of the node group associated - with the PGDGroup - properties: - enableProxyRouting: - description: EnableProxyRouting is true is the node group - allows running PGD Proxies - type: boolean - enableRaft: - description: EnableRaft is true if the node group has a subgroup - raft instance - type: boolean - name: - description: Name is the name of the node group - type: string - routeReaderMaxLag: - description: RouteReaderMaxLag Maximum lag in bytes for node - to be considered viable read-only node - format: int64 - type: integer - routeWriterMaxLag: - description: RouteWriterMaxLag Maximum lag in bytes of the - new write candidate to be selected as write leader, if no - candidate passes this, there will be no writer selected - automatically - format: int64 - type: integer - routeWriterWaitFlush: - description: RouteWriterWaitFlush Whether to wait for replication - queue flush before switching to new leader when using `bdr.routing_leadership_transfer()` - type: boolean - required: - - name - type: object - raftConsensusLastChangedMessage: - description: RaftConsensusLastChangedMessage indicates the latest - reported message from bdr.monitor_group_raft - type: string - raftConsensusLastChangedStatus: - description: RaftConsensusLastChangedStatus indicates the latest - reported status from bdr.monitor_group_raft - type: string - raftConsensusLastChangedTimestamp: - description: RaftConsensusLastChangedTimestamp indicates when - the status and message were first reported - type: string - registeredProxies: - description: RegisteredProxies is the status of the registered - proxies - items: - description: PGDProxyEntry shows information about the proxies - available in the PGD configuration - properties: - fallbackGroupNames: - description: FallbackGroupNames are the names of the fallback - groups configured for this proxy - items: - type: string - type: array - fallbackGroupTimeout: - description: FallbackGroupTimeout the interval after which - the routing falls back to one of the fallback_groups - format: int64 - type: integer - maxClientConn: - description: MaxClientConn maximum number of connections - the proxy will accept - type: integer - maxServerConn: - description: MaxServerConn maximum number of connections - the proxy will make to the Postgres node - type: integer - name: - description: Name is the name of the proxy - type: string - parentGroupName: - description: ParentGroupName is the parent PGD group of - this proxy - type: string - serverConnKeepalive: - description: ServerConnKeepalive keepalive interval for - server connections in seconds - format: int64 - type: integer - serverConnTimeout: - description: ServerConnTimeout connection timeout for server - connections in seconds - format: int64 - type: integer - required: - - name - type: object - type: array - type: object - PGDProxy: - description: Last known status of PGDProxy - properties: - proxyHash: - description: ProxyHash contains the hash we use to detect if we - need to reconcile the proxies - type: string - proxyInstances: - format: int32 - type: integer - writeLead: - description: WriteLead is a reserved field for the operator, is - not intended for external usage. Will be removed in future versions - type: string - type: object - backup: - description: The node that is taking backups of this PGDGroup - properties: - clusterName: - type: string - scheduledBackupName: - type: string - type: object - connectivity: - description: Last known status of Connectivity + witness: + description: WitnessInstances configuration that will be injected + into the WitnessInstances CNP clusters If not defined, it will default + to the Instances configuration properties: - configurationHash: - description: ConfigurationHash is the hash code of the connectivity - configuration, used to check if we had a change in the configuration - or not - type: string - nodeTLSCertificates: - description: NodeTLSCertificates are the names of the certificates - that have been created for the PGD nodes - items: - description: NodeCertificateStatus encapsulate the status of - the server certificate of a CNP node - properties: - hash: - description: Hash is the hash of the configuration for which - it has been generated - type: string - isReady: - description: Ready is true when the certificate is ready - type: boolean - name: - description: Name is the name of the certificate - type: string - nodeName: - description: NodeName is the name of the CNP cluster using - this certificate - type: string - preProvisioned: - description: PreProvisioned is true if the certificate is - preProvisioned - type: boolean - required: - - nodeName - type: object - type: array - nodesNeedingServiceReconciliation: - description: NodesNeedingServiceReconciliation are the names of - the nodes which have not a server certificate - items: - type: string - type: array - nodesWithoutCertificates: - description: NodesWithoutCertificates are the names of the nodes - which have not a server certificate - items: - type: string - type: array - replicationTLSCertificate: - description: ReplicationTLSCertificate is the name of the replication - TLS certificate, if we have it + affinity: + description: Affinity/Anti-affinity rules for Pods properties: - hash: - description: Hash is the hash of the configuration for which - it has been generated - type: string - isReady: - description: Ready is true when the certificate is ready - type: boolean - name: - description: Name is the name of the certificate - type: string - preProvisioned: - description: PreProvisioned is true if the certificate is - preProvisioned + additionalPodAffinity: + description: AdditionalPodAffinity allows to specify pod affinity + terms to be passed to all the cluster's pods. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + additionalPodAntiAffinity: + description: AdditionalPodAntiAffinity allows to specify pod + anti-affinity terms to be added to the ones generated by + the operator if EnablePodAntiAffinity is set to true (default) + or to be used exclusively if set to false. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node that + violates one or more of the expressions. The node that + is most preferred is the one with the greatest sum of + weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod + label update), the system may or may not try to eventually + evict the pod from its node. When there are multiple + elements, the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + enablePodAntiAffinity: + description: Activates anti-affinity for the pods. The operator + will define pods anti-affinity unless this field is explicitly + set to false + type: boolean + nodeAffinity: + description: 'NodeAffinity describes node affinity scheduling + rules for the pod. More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity' + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from + its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term + matches no objects. The requirements of them are + ANDed. The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector is map of key-value pairs used + to define the nodes on which the pods can run. More info: + https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + type: object + podAntiAffinityType: + description: 'PodAntiAffinityType allows the user to decide + whether pod anti-affinity between cluster instance has to + be considered a strong requirement during scheduling or + not. Allowed values are: "preferred" (default if empty) + or "required". Setting it to "required", could lead to instances + remaining pending until new kubernetes nodes are added if + all the existing nodes don''t match the required pod anti-affinity + rule. More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity' + type: string + tolerations: + description: 'Tolerations is a list of Tolerations that should + be set for all the pods, in order to allow them to run on + tainted nodes. More info: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/' + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, + allowed values are NoSchedule, PreferNoSchedule and + NoExecute. + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. If the + key is empty, operator must be Exists; this combination + means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and Equal. + Defaults to Equal. Exists is equivalent to wildcard + for value, so that a pod can tolerate all taints of + a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period + of time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the + taint forever (do not evict). Zero and negative values + will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration + matches to. If the operator is Exists, the value should + be empty, otherwise just a regular string. + type: string + type: object + type: array + topologyKey: + description: TopologyKey to use for anti-affinity configuration. + See k8s documentation for more info on that + type: string + type: object + clusterMaxStartDelay: + default: 300 + description: The time in seconds that is allowed for a PostgreSQL + instance to successfully start up (default 300) + format: int32 + type: integer + logLevel: + default: info + description: 'The instances'' log level, one of the following + values: error, warning, info (default), debug, trace' + enum: + - error + - warning + - info + - debug + - trace + type: string + metadata: + description: Metadata applied exclusively to the generated Cluster + resources. Useful for applying AppArmor profiles. + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + monitoring: + description: The configuration of the monitoring infrastructure + of this cluster + properties: + customQueriesConfigMap: + description: The list of config maps containing the custom + queries + items: + description: ConfigMapKeySelector contains enough information + to let you locate the key of a ConfigMap + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + type: array + customQueriesSecret: + description: The list of secrets containing the custom queries + items: + description: SecretKeySelector contains enough information + to let you locate the key of a Secret + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + type: array + disableDefaultQueries: + default: false + description: 'Whether the default queries should be injected. + Set it to `true` if you don''t want to inject default queries + into the cluster. Default: false.' + type: boolean + enablePodMonitor: + default: false + description: Enable or disable the `PodMonitor` + type: boolean + type: object + otel: + description: OpenTelemetry Configuration + properties: + metricsURL: + description: The OpenTelemetry HTTP endpoint URL to accept + metrics data + type: string + tls: + description: TLSConfiguration provides the TLS certificate + configuration when MetricsURL and TraceURL are using HTTPS + properties: + caBundleSecretRef: + description: CABundleSecretRef is a reference to a secret + field containing the CA bundle to verify the openTelemetry + server certificate + properties: + key: + description: The key to select + type: string + name: + description: Name of the referent. + type: string + required: + - key + - name + type: object + clientCertSecret: + description: ClientCertSecret is the name of the secret + containing the client certificate used to connect to + openTelemetry. It must contain both the standard "tls.crt" + and "tls.key" files, encoded in PEM format. + properties: + name: + description: Name of the referent. + type: string + required: + - name + type: object + type: object + traceEnable: + description: Whether to push trace data to OpenTelemetry traceUrl + type: boolean + traceURL: + description: The OpenTelemetry HTTP endpoint URL to accept + trace data + type: string + required: + - traceEnable + type: object + postInitSQL: + description: List of SQL queries to be executed as a superuser + immediately after a node has been created - to be used with + extreme care (by default empty) + items: + type: string + type: array + postInitTemplateSQL: + description: List of SQL queries to be executed as a superuser + in the `template1` after a node has been created - to be used + with extreme care (by default empty) + items: + type: string + type: array + postgresql: + description: Configuration of the PostgreSQL server + properties: + epas: + description: EDB Postgres Advanced Server specific configurations + properties: + audit: + description: If true enables edb_audit logging + type: boolean + tde: + description: TDE configuration + properties: + enabled: + description: True if we want to have TDE enabled + type: boolean + passphraseCommand: + description: PassphraseCommand is the command executed + to get the passphrase that will be passed to the + OpenSSL command to encrypt and decrypt + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Reference to the secret that contains + the encryption key + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + unwrapCommand: + description: UnwrapCommand is the decryption command + provided by the user + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + wrapCommand: + description: WrapCommand is the encrypt command provided + by the user + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + ldap: + description: Options to specify LDAP configuration + properties: + bindAsAuth: + description: Bind as authentication configuration + properties: + prefix: + description: Prefix for the bind authentication option + type: string + suffix: + description: Suffix for the bind authentication option + type: string + type: object + bindSearchAuth: + description: Bind+Search authentication configuration + properties: + baseDN: + description: Root DN to begin the user search + type: string + bindDN: + description: DN of the user to bind to the directory + type: string + bindPassword: + description: Secret with the password for the user + to bind to the directory + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + searchAttribute: + description: Attribute to match against the username + type: string + searchFilter: + description: Search filter to use when doing the search+bind + authentication + type: string + type: object + port: + description: LDAP server port + type: integer + scheme: + description: LDAP schema to be used, possible options + are `ldap` and `ldaps` + enum: + - ldap + - ldaps + type: string + server: + description: LDAP hostname or IP address + type: string + tls: + description: Set to 'true' to enable LDAP over TLS. 'false' + is default + type: boolean + type: object + parameters: + additionalProperties: + type: string + description: PostgreSQL configuration options (postgresql.conf) + type: object + pg_hba: + description: PostgreSQL Host Based Authentication rules (lines + to be appended to the pg_hba.conf file) + items: + type: string + type: array + promotionTimeout: + description: Specifies the maximum number of seconds to wait + when promoting an instance to primary. Default value is + 40000000, greater than one year in seconds, big enough to + simulate an infinite timeout + format: int32 + type: integer + shared_preload_libraries: + description: Lists of shared preload libraries to add to the + default ones + items: + type: string + type: array + syncReplicaElectionConstraint: + description: Requirements to be met by sync replicas. This + will affect how the "synchronous_standby_names" parameter + will be set up. + properties: + enabled: + description: This flag enables the constraints for sync + replicas + type: boolean + nodeLabelsAntiAffinity: + description: A list of node labels values to extract and + compare to evaluate if the pods reside in the same topology + or not + items: + type: string + type: array + required: + - enabled + type: object + type: object + resources: + description: Resources requirements of every generated Pod. Please + refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + for more information. + properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable. It can only be + set for containers." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in + pod.spec.resourceClaims of the Pod where this field + is used. It makes that resource available inside a + container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. Requests cannot exceed + Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + seccompProfile: + description: 'The SeccompProfile applied to every Pod and Container. + Defaults to: `RuntimeDefault`' + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile must be + preconfigured on the node to work. Must be a descending + path, relative to the kubelet's configured seccomp profile + location. Must only be set if type is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - a profile + defined in a file on the node should be used. RuntimeDefault + - the container runtime default profile should be used. + Unconfined - no profile should be applied." + type: string + required: + - type + type: object + serviceAccountTemplate: + description: The service account template to be passed to CNP + properties: + metadata: + description: Metadata are the metadata to be used for the + generated service account + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value + map stored with a resource that may be set by external + tools to store and retrieve arbitrary metadata. They + are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be + used to organize and categorize (scope and select) objects. + May match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + required: + - metadata + type: object + startDelay: + default: 30 + description: The time in seconds that is allowed for a PostgreSQL + instance to successfully start up (default 30) + format: int32 + type: integer + stopDelay: + default: 30 + description: The time in seconds that is allowed for a PostgreSQL + instance node to gracefully shutdown (default 30) + format: int32 + type: integer + storage: + description: Configuration of the storage of the instances + properties: + pvcTemplate: + description: Template to be used to generate the Persistent + Volume Claim + properties: + accessModes: + description: 'accessModes contains the desired access + modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'dataSource field can be used to specify + either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) If the provisioner + or an external controller can support the specified + data source, it will create a new volume based on the + contents of the specified data source. When the AnyVolumeDataSource + feature gate is enabled, dataSource contents will be + copied to dataSourceRef, and dataSourceRef contents + will be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace is specified, then + dataSourceRef will not be copied to dataSource.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: 'dataSourceRef specifies the object from + which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty + API group (non core object) or a PersistentVolumeClaim + object. When this field is specified, volume binding + will only succeed if the type of the specified object + matches some installed volume populator or dynamic provisioner. + This field will replace the functionality of the dataSource + field and as such if both fields are non-empty, they + must have the same value. For backwards compatibility, + when namespace isn''t specified in dataSourceRef, both + fields (dataSource and dataSourceRef) will be set to + the same value automatically if one of them is empty + and the other is non-empty. When namespace is specified + in dataSourceRef, dataSource isn''t set to the same + value and must be empty. There are three important differences + between dataSource and dataSourceRef: * While dataSource + only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim + objects. * While dataSource ignores disallowed values + (dropping them), dataSourceRef preserves all values, + and generates an error if a disallowed value is specified. + * While dataSource only allows local objects, dataSourceRef + allows objects in any namespaces. (Beta) Using this + field requires the AnyVolumeDataSource feature gate + to be enabled. (Alpha) Using the namespace field of + dataSourceRef requires the CrossNamespaceVolumeDataSource + feature gate to be enabled.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + namespace: + description: Namespace is the namespace of resource + being referenced Note that when a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant object + is required in the referent namespace to allow that + namespace's owner to accept the reference. See the + ReferenceGrant documentation for details. (Alpha) + This field requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: 'resources represents the minimum resources + the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to specify resource + requirements that are lower than previous value but + must still be higher than capacity recorded in the status + field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used by + this container. \n This is an alpha field and requires + enabling the DynamicResourceAllocation feature gate. + \n This field is immutable. It can only be set for + containers." + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one + entry in pod.spec.resourceClaims of the Pod + where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. Requests cannot exceed Limits. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: selector is a label query over volumes to + consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: 'storageClassName is the name of the StorageClass + required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume is + required by the claim. Value of Filesystem is implied + when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + resizeInUseVolumes: + default: true + description: Resize existent PVCs, defaults to true + type: boolean + size: + description: Size of the storage. Required if not already + specified in the PVC template. Changes to this field are + automatically reapplied to the created PVCs. Size cannot + be decreased. + type: string + storageClass: + description: StorageClass to use for database data (`PGDATA`). + Applied after evaluating the PVC template, if available. + If not specified, generated PVCs will be satisfied by the + default storage class + type: string + type: object + walStorage: + description: Configuration of the WAL storage for the instances + properties: + pvcTemplate: + description: Template to be used to generate the Persistent + Volume Claim + properties: + accessModes: + description: 'accessModes contains the desired access + modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' + items: + type: string + type: array + dataSource: + description: 'dataSource field can be used to specify + either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) If the provisioner + or an external controller can support the specified + data source, it will create a new volume based on the + contents of the specified data source. When the AnyVolumeDataSource + feature gate is enabled, dataSource contents will be + copied to dataSourceRef, and dataSourceRef contents + will be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace is specified, then + dataSourceRef will not be copied to dataSource.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: 'dataSourceRef specifies the object from + which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty + API group (non core object) or a PersistentVolumeClaim + object. When this field is specified, volume binding + will only succeed if the type of the specified object + matches some installed volume populator or dynamic provisioner. + This field will replace the functionality of the dataSource + field and as such if both fields are non-empty, they + must have the same value. For backwards compatibility, + when namespace isn''t specified in dataSourceRef, both + fields (dataSource and dataSourceRef) will be set to + the same value automatically if one of them is empty + and the other is non-empty. When namespace is specified + in dataSourceRef, dataSource isn''t set to the same + value and must be empty. There are three important differences + between dataSource and dataSourceRef: * While dataSource + only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim + objects. * While dataSource ignores disallowed values + (dropping them), dataSourceRef preserves all values, + and generates an error if a disallowed value is specified. + * While dataSource only allows local objects, dataSourceRef + allows objects in any namespaces. (Beta) Using this + field requires the AnyVolumeDataSource feature gate + to be enabled. (Alpha) Using the namespace field of + dataSourceRef requires the CrossNamespaceVolumeDataSource + feature gate to be enabled.' + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + namespace: + description: Namespace is the namespace of resource + being referenced Note that when a namespace is specified, + a gateway.networking.k8s.io/ReferenceGrant object + is required in the referent namespace to allow that + namespace's owner to accept the reference. See the + ReferenceGrant documentation for details. (Alpha) + This field requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: 'resources represents the minimum resources + the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to specify resource + requirements that are lower than previous value but + must still be higher than capacity recorded in the status + field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used by + this container. \n This is an alpha field and requires + enabling the DynamicResourceAllocation feature gate. + \n This field is immutable. It can only be set for + containers." + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one + entry in pod.spec.resourceClaims of the Pod + where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. Requests cannot exceed Limits. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + selector: + description: selector is a label query over volumes to + consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: 'storageClassName is the name of the StorageClass + required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + type: string + volumeMode: + description: volumeMode defines what type of volume is + required by the claim. Value of Filesystem is implied + when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference to the + PersistentVolume backing this claim. + type: string + type: object + resizeInUseVolumes: + default: true + description: Resize existent PVCs, defaults to true + type: boolean + size: + description: Size of the storage. Required if not already + specified in the PVC template. Changes to this field are + automatically reapplied to the created PVCs. Size cannot + be decreased. + type: string + storageClass: + description: StorageClass to use for database data (`PGDATA`). + Applied after evaluating the PVC template, if available. + If not specified, generated PVCs will be satisfied by the + default storage class + type: string + type: object + required: + - storage + type: object + witnessInstances: + description: Number of witness instances required in the cluster + format: int32 + minimum: 0 + type: integer + required: + - cnp + - connectivity + - instances + - pgd + type: object + status: + description: PGDGroupStatus defines the observed state of PGDGroup + properties: + CNP: + description: Last known status of CNP + properties: + applicationUserSecretIsPresent: + type: boolean + dataInstances: + default: 0 + format: int32 + type: integer + firstRecoverabilityPoints: + additionalProperties: + type: string + description: The recoverability points, keyed per CNP clusterName, + as a date in RFC3339 format + type: object + podDisruptionBudgetIsPresent: + type: boolean + superUserSecretIsPresent: + type: boolean + witnessInstances: + default: 0 + format: int32 + type: integer + type: object + PGD: + description: Last known status of PGD + properties: + nodeGroup: + description: NodeGroup is the status of the node group associated + with the PGDGroup + properties: + enableProxyRouting: + description: EnableProxyRouting is true is the node group + allows running PGD Proxies + type: boolean + enableRaft: + description: EnableRaft is true if the node group has a subgroup + raft instance + type: boolean + name: + description: Name is the name of the node group + type: string + routeReaderMaxLag: + description: RouteReaderMaxLag Maximum lag in bytes for node + to be considered viable read-only node + format: int64 + type: integer + routeWriterMaxLag: + description: RouteWriterMaxLag Maximum lag in bytes of the + new write candidate to be selected as write leader, if no + candidate passes this, there will be no writer selected + automatically + format: int64 + type: integer + routeWriterWaitFlush: + description: RouteWriterWaitFlush Whether to wait for replication + queue flush before switching to new leader when using `bdr.routing_leadership_transfer()` + type: boolean + required: + - name + type: object + raftConsensusLastChangedMessage: + description: RaftConsensusLastChangedMessage indicates the latest + reported message from bdr.monitor_group_raft + type: string + raftConsensusLastChangedStatus: + description: RaftConsensusLastChangedStatus indicates the latest + reported status from bdr.monitor_group_raft + type: string + raftConsensusLastChangedTimestamp: + description: RaftConsensusLastChangedTimestamp indicates when + the status and message were first reported + type: string + registeredProxies: + description: RegisteredProxies is the status of the registered + proxies + items: + description: PGDProxyEntry shows information about the proxies + available in the PGD configuration + properties: + fallbackGroupNames: + description: FallbackGroupNames are the names of the fallback + groups configured for this proxy + items: + type: string + type: array + fallbackGroupTimeout: + description: FallbackGroupTimeout the interval after which + the routing falls back to one of the fallback_groups + format: int64 + type: integer + maxClientConn: + description: MaxClientConn maximum number of connections + the proxy will accept + type: integer + maxServerConn: + description: MaxServerConn maximum number of connections + the proxy will make to the Postgres node + type: integer + name: + description: Name is the name of the proxy + type: string + parentGroupName: + description: ParentGroupName is the parent PGD group of + this proxy + type: string + serverConnKeepalive: + description: ServerConnKeepalive keepalive interval for + server connections in seconds + format: int64 + type: integer + serverConnTimeout: + description: ServerConnTimeout connection timeout for server + connections in seconds + format: int64 + type: integer + required: + - name + type: object + type: array + type: object + PGDProxy: + description: Last known status of PGDProxy + properties: + proxyHash: + description: ProxyHash contains the hash we use to detect if we + need to reconcile the proxies + type: string + proxyInstances: + format: int32 + type: integer + writeLead: + description: WriteLead is a reserved field for the operator, is + not intended for external usage. Will be removed in future versions + type: string + type: object + backup: + description: The node that is taking backups of this PGDGroup + properties: + clusterName: + type: string + scheduledBackupName: + type: string + type: object + connectivity: + description: Last known status of Connectivity + properties: + configurationHash: + description: ConfigurationHash is the hash code of the connectivity + configuration, used to check if we had a change in the configuration + or not + type: string + nodeTLSCertificates: + description: NodeTLSCertificates are the names of the certificates + that have been created for the PGD nodes + items: + description: NodeCertificateStatus encapsulate the status of + the server certificate of a CNP node + properties: + hash: + description: Hash is the hash of the configuration for which + it has been generated + type: string + isReady: + description: Ready is true when the certificate is ready + type: boolean + name: + description: Name is the name of the certificate + type: string + nodeName: + description: NodeName is the name of the CNP cluster using + this certificate + type: string + preProvisioned: + description: PreProvisioned is true if the certificate is + preProvisioned + type: boolean + required: + - nodeName + type: object + type: array + nodesNeedingServiceReconciliation: + description: NodesNeedingServiceReconciliation are the names of + the nodes which have not a server certificate + items: + type: string + type: array + nodesWithoutCertificates: + description: NodesWithoutCertificates are the names of the nodes + which have not a server certificate + items: + type: string + type: array + replicationTLSCertificate: + description: ReplicationTLSCertificate is the name of the replication + TLS certificate, if we have it + properties: + hash: + description: Hash is the hash of the configuration for which + it has been generated + type: string + isReady: + description: Ready is true when the certificate is ready + type: boolean + name: + description: Name is the name of the certificate + type: string + preProvisioned: + description: PreProvisioned is true if the certificate is + preProvisioned type: boolean type: object unusedCertificates: @@ -6191,6 +8137,17 @@ spec: phaseDetails: description: The details of the current phase type: string + phaseTroubleshootHints: + description: PhaseTroubleshootHints general troubleshooting indications + for the given phase + type: string + phaseType: + description: PhaseType describes the phase category. + enum: + - action + - wait + - fail + type: string restore: description: The status of the restore process properties: diff --git a/charts/edb-postgres-distributed-for-kubernetes/values.yaml b/charts/edb-postgres-distributed-for-kubernetes/values.yaml index 44486db..e555ce9 100644 --- a/charts/edb-postgres-distributed-for-kubernetes/values.yaml +++ b/charts/edb-postgres-distributed-for-kubernetes/values.yaml @@ -79,8 +79,8 @@ config: data: PULL_SECRET_NAME: pgd-operator-pull-secret - PGD_IMAGE_NAME: docker.enterprisedb.com/k8s_enterprise_pgd/postgresql-pgd:15.2-5.0.0-1 - PGD_PROXY_IMAGE_NAME: docker.enterprisedb.com/k8s_enterprise_pgd/edb-pgd-proxy:5.0.1-131 + PGD_IMAGE_NAME: docker.enterprisedb.com/k8s_enterprise_pgd/postgresql-pgd:15.4-5.2.0 + PGD_PROXY_IMAGE_NAME: docker.enterprisedb.com/k8s_enterprise_pgd/edb-pgd-proxy:5.2.0-1 name: pgd-operator-controller-manager-config # -- Additional arguments to be added to the operator's args list