apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: operatorconfigurations.acid.zalan.do spec: group: acid.zalan.do names: kind: OperatorConfiguration listKind: OperatorConfigurationList plural: operatorconfigurations singular: operatorconfiguration shortNames: - opconfig categories: - all scope: Namespaced versions: - name: v1 served: true storage: true subresources: status: {} additionalPrinterColumns: - name: Image type: string description: Spilo image to be used for Pods jsonPath: .configuration.docker_image - name: Cluster-Label type: string description: Label for K8s resources created by operator jsonPath: .configuration.kubernetes.cluster_name_label - name: Service-Account type: string description: Name of service account to be used jsonPath: .configuration.kubernetes.pod_service_account_name - name: Min-Instances type: integer description: Minimum number of instances per Postgres cluster jsonPath: .configuration.min_instances - name: Age type: date jsonPath: .metadata.creationTimestamp schema: openAPIV3Schema: type: object required: - kind - apiVersion - configuration properties: kind: type: string enum: - OperatorConfiguration apiVersion: type: string enum: - acid.zalan.do/v1 configuration: type: object properties: crd_categories: type: array nullable: true items: type: string docker_image: type: string default: "ghcr.io/zalando/spilo-15:3.0-p1" enable_crd_registration: type: boolean default: true enable_crd_validation: type: boolean description: deprecated default: true enable_lazy_spilo_upgrade: type: boolean default: false enable_pgversion_env_var: type: boolean default: true enable_shm_volume: type: boolean default: true enable_spilo_wal_path_compat: type: boolean default: false enable_team_id_clustername_prefix: type: boolean default: false etcd_host: type: string default: "" ignore_instance_limits_annotation_key: type: string kubernetes_use_configmaps: type: boolean default: false max_instances: type: integer description: "-1 = disabled" minimum: -1 default: -1 min_instances: type: integer description: "-1 = disabled" minimum: -1 default: -1 resync_period: type: string default: "30m" repair_period: type: string default: "5m" set_memory_request_to_limit: type: boolean default: false sidecar_docker_images: type: object additionalProperties: type: string sidecars: type: array nullable: true items: type: object x-kubernetes-preserve-unknown-fields: true workers: type: integer minimum: 1 default: 8 users: type: object properties: additional_owner_roles: type: array nullable: true items: type: string enable_password_rotation: type: boolean default: false password_rotation_interval: type: integer default: 90 password_rotation_user_retention: type: integer default: 180 replication_username: type: string default: standby super_username: type: string default: postgres major_version_upgrade: type: object properties: major_version_upgrade_mode: type: string default: "off" major_version_upgrade_team_allow_list: type: array items: type: string minimal_major_version: type: string default: "11" target_major_version: type: string default: "15" kubernetes: type: object properties: additional_pod_capabilities: type: array items: type: string cluster_domain: type: string default: "cluster.local" cluster_labels: type: object additionalProperties: type: string default: application: spilo cluster_name_label: type: string default: "cluster-name" custom_pod_annotations: type: object additionalProperties: type: string delete_annotation_date_key: type: string delete_annotation_name_key: type: string downscaler_annotations: type: array items: type: string enable_cross_namespace_secret: type: boolean default: false enable_init_containers: type: boolean default: true enable_pod_antiaffinity: type: boolean default: false enable_pod_disruption_budget: type: boolean default: true enable_readiness_probe: type: boolean default: false enable_sidecars: type: boolean default: true ignored_annotations: type: array items: type: string infrastructure_roles_secret_name: type: string infrastructure_roles_secrets: type: array nullable: true items: type: object required: - secretname - userkey - passwordkey properties: secretname: type: string userkey: type: string passwordkey: type: string rolekey: type: string defaultuservalue: type: string defaultrolevalue: type: string details: type: string template: type: boolean inherited_annotations: type: array items: type: string inherited_labels: type: array items: type: string liveness_probe: description: Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic. properties: exec: description: One and only one of the following should be specified. Exec specifies the action to take. properties: command: description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. format: int32 type: integer httpGet: description: HTTPGet specifies the http request to perform. properties: host: description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. type: string httpHeaders: description: Custom headers to set in the request. HTTP allows repeated headers. items: description: HTTPHeader describes a custom header to be used in HTTP probes properties: name: description: The header field name type: string value: description: The header field value type: string required: - name - value type: object type: array path: description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: description: Scheme to use for connecting to the host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. format: int32 type: integer tcpSocket: description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' properties: host: description: 'Optional: Host name to connect to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: description: Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. format: int64 type: integer timeoutSeconds: description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object master_pod_move_timeout: type: string default: "20m" node_readiness_label: type: object additionalProperties: type: string node_readiness_label_merge: type: string enum: - "AND" - "OR" oauth_token_secret_name: type: string default: "postgresql-operator" pdb_name_format: type: string default: "postgres-{cluster}-pdb" persistent_volume_claim_retention_policy: type: object properties: when_deleted: type: string enum: - "delete" - "retain" when_scaled: type: string enum: - "delete" - "retain" pod_antiaffinity_preferred_during_scheduling: type: boolean default: false pod_antiaffinity_topology_key: type: string default: "kubernetes.io/hostname" pod_environment_configmap: type: string pod_environment_secret: type: string pod_management_policy: type: string enum: - "ordered_ready" - "parallel" default: "ordered_ready" pod_priority_class_name: type: string pod_role_label: type: string default: "spilo-role" pod_service_account_definition: type: string default: "" pod_service_account_name: type: string default: "postgres-pod" pod_service_account_role_binding_definition: type: string default: "" pod_terminate_grace_period: type: string default: "5m" secret_name_template: type: string default: "{username}.{cluster}.credentials.{tprkind}.{tprgroup}" share_pgsocket_with_sidecars: type: boolean default: false spilo_allow_privilege_escalation: type: boolean default: true spilo_runasuser: type: integer spilo_runasgroup: type: integer spilo_fsgroup: type: integer spilo_privileged: type: boolean default: false storage_resize_mode: type: string enum: - "ebs" - "mixed" - "pvc" - "off" default: "pvc" toleration: type: object additionalProperties: type: string watched_namespace: type: string postgres_pod_resources: type: object properties: default_cpu_limit: type: string pattern: '^(\d+m|\d+(\.\d{1,3})?)$' default: "1" default_cpu_request: type: string pattern: '^(\d+m|\d+(\.\d{1,3})?)$' default: "100m" default_memory_limit: type: string pattern: '^(\d+(e\d+)?|\d+(\.\d+)?(e\d+)?[EPTGMK]i?)$' default: "500Mi" default_memory_request: type: string pattern: '^(\d+(e\d+)?|\d+(\.\d+)?(e\d+)?[EPTGMK]i?)$' default: "100Mi" max_cpu_request: type: string pattern: '^(\d+m|\d+(\.\d{1,3})?)$' max_memory_request: type: string pattern: '^(\d+(e\d+)?|\d+(\.\d+)?(e\d+)?[EPTGMK]i?)$' min_cpu_limit: type: string pattern: '^(\d+m|\d+(\.\d{1,3})?)$' default: "250m" min_memory_limit: type: string pattern: '^(\d+(e\d+)?|\d+(\.\d+)?(e\d+)?[EPTGMK]i?)$' default: "250Mi" timeouts: type: object properties: patroni_api_check_interval: type: string default: "1s" patroni_api_check_timeout: type: string default: "5s" pod_label_wait_timeout: type: string default: "10m" pod_deletion_wait_timeout: type: string default: "10m" ready_wait_interval: type: string default: "4s" ready_wait_timeout: type: string default: "30s" resource_check_interval: type: string default: "3s" resource_check_timeout: type: string default: "10m" load_balancer: type: object properties: custom_service_annotations: type: object additionalProperties: type: string db_hosted_zone: type: string default: "db.example.com" enable_master_load_balancer: type: boolean default: true enable_master_pooler_load_balancer: type: boolean default: false enable_replica_load_balancer: type: boolean default: false enable_replica_pooler_load_balancer: type: boolean default: false external_traffic_policy: type: string enum: - "Cluster" - "Local" default: "Cluster" master_dns_name_format: type: string default: "{cluster}.{namespace}.{hostedzone}" master_legacy_dns_name_format: type: string default: "{cluster}.{team}.{hostedzone}" replica_dns_name_format: type: string default: "{cluster}-repl.{namespace}.{hostedzone}" replica_legacy_dns_name_format: type: string default: "{cluster}-repl.{team}.{hostedzone}" aws_or_gcp: type: object properties: additional_secret_mount: type: string additional_secret_mount_path: type: string default: "/meta/credentials" aws_region: type: string default: "eu-central-1" enable_ebs_gp3_migration: type: boolean default: false enable_ebs_gp3_migration_max_size: type: integer default: 1000 gcp_credentials: type: string kube_iam_role: type: string log_s3_bucket: type: string wal_az_storage_account: type: string wal_gs_bucket: type: string wal_s3_bucket: type: string logical_backup: type: object properties: logical_backup_azure_storage_account_name: type: string logical_backup_azure_storage_container: type: string logical_backup_azure_storage_account_key: type: string logical_backup_cpu_limit: type: string pattern: '^(\d+m|\d+(\.\d{1,3})?)$' logical_backup_cpu_request: type: string pattern: '^(\d+m|\d+(\.\d{1,3})?)$' logical_backup_docker_image: type: string default: "registry.opensource.zalan.do/acid/logical-backup:v1.10.1" logical_backup_google_application_credentials: type: string logical_backup_job_prefix: type: string default: "logical-backup-" logical_backup_memory_limit: type: string pattern: '^(\d+(e\d+)?|\d+(\.\d+)?(e\d+)?[EPTGMK]i?)$' logical_backup_memory_request: type: string pattern: '^(\d+(e\d+)?|\d+(\.\d+)?(e\d+)?[EPTGMK]i?)$' logical_backup_provider: type: string enum: - "az" - "gcs" - "s3" default: "s3" logical_backup_s3_access_key_id: type: string logical_backup_s3_bucket: type: string logical_backup_s3_endpoint: type: string logical_backup_s3_region: type: string logical_backup_s3_secret_access_key: type: string logical_backup_s3_sse: type: string logical_backup_s3_retention_time: type: string logical_backup_schedule: type: string pattern: '^(\d+|\*)(/\d+)?(\s+(\d+|\*)(/\d+)?){4}$' default: "30 00 * * *" logical_backup_cronjob_environment_secret: type: string debug: type: object properties: debug_logging: type: boolean default: true enable_database_access: type: boolean default: true teams_api: type: object properties: enable_admin_role_for_users: type: boolean default: true enable_postgres_team_crd: type: boolean default: true enable_postgres_team_crd_superusers: type: boolean default: false enable_team_member_deprecation: type: boolean default: false enable_team_superuser: type: boolean default: false enable_teams_api: type: boolean default: true pam_configuration: type: string default: "https://info.example.com/oauth2/tokeninfo?access_token= uid realm=/employees" pam_role_name: type: string default: "zalandos" postgres_superuser_teams: type: array items: type: string protected_role_names: type: array items: type: string default: - admin - cron_admin role_deletion_suffix: type: string default: "_deleted" team_admin_role: type: string default: "admin" team_api_role_configuration: type: object additionalProperties: type: string default: log_statement: all teams_api_url: type: string default: "https://teams.example.com/api/" logging_rest_api: type: object properties: api_port: type: integer default: 8080 cluster_history_entries: type: integer default: 1000 ring_log_lines: type: integer default: 100 scalyr: # deprecated type: object properties: scalyr_api_key: type: string scalyr_cpu_limit: type: string pattern: '^(\d+m|\d+(\.\d{1,3})?)$' default: "1" scalyr_cpu_request: type: string pattern: '^(\d+m|\d+(\.\d{1,3})?)$' default: "100m" scalyr_image: type: string scalyr_memory_limit: type: string pattern: '^(\d+(e\d+)?|\d+(\.\d+)?(e\d+)?[EPTGMK]i?)$' default: "500Mi" scalyr_memory_request: type: string pattern: '^(\d+(e\d+)?|\d+(\.\d+)?(e\d+)?[EPTGMK]i?)$' default: "50Mi" scalyr_server_url: type: string default: "https://upload.eu.scalyr.com" connection_pooler: type: object properties: connection_pooler_schema: type: string default: "pooler" connection_pooler_user: type: string default: "pooler" connection_pooler_image: type: string default: "registry.opensource.zalan.do/acid/pgbouncer:master-27" connection_pooler_max_db_connections: type: integer default: 60 connection_pooler_mode: type: string enum: - "session" - "transaction" default: "transaction" connection_pooler_number_of_instances: type: integer minimum: 1 default: 2 connection_pooler_default_cpu_limit: type: string pattern: '^(\d+m|\d+(\.\d{1,3})?)$' default: "1" connection_pooler_default_cpu_request: type: string pattern: '^(\d+m|\d+(\.\d{1,3})?)$' default: "500m" connection_pooler_default_memory_limit: type: string pattern: '^(\d+(e\d+)?|\d+(\.\d+)?(e\d+)?[EPTGMK]i?)$' default: "100Mi" connection_pooler_default_memory_request: type: string pattern: '^(\d+(e\d+)?|\d+(\.\d+)?(e\d+)?[EPTGMK]i?)$' default: "100Mi" patroni: type: object properties: enable_patroni_failsafe_mode: type: boolean default: false status: type: object additionalProperties: type: string