CouchbaseCluster Resource

Type: string

The name of a resource. This must be unique for the kind of resource within the namespace.

All resources must have a name. The name may be omitted and metadata.generateName used instead to generate a unique resource name.

For additional details on resource names, see the Kubernetes reference documentation.

Type: string

The namespace the resource resides in. All resources reside in a namespace.

The namespace is optional and may be specified in YAML configuration to override the namespace supplied by kubectl.

For additional details on namespaces, see the Kubernetes reference documentation.

Type: map[string]string

Labels allow resources to be labeled with key/value pairs of data. Labels are indexed and allow resources to be selected based upon specified labels.

Labels are relevant for certain types when using label selection within your resources.

For additional details on labels and selectors, see the Kubernetes reference documentation.

Type: map[string]string

Annotations allow resources to be annotated with key/value pairs of data. Annotations are arbitrary, and not indexed, so cannot be used to select resources, however may be used to add context or accounting to your resources.

For additional details on annotations, see the Kubernetes reference documentation.

Type: boolean

AntiAffinity forces the Operator to schedule different Couchbase server pods on different Kubernetes nodes. Anti-affinity reduces the likelihood of unrecoverable failure in the event of a node issue. Use of anti-affinity is highly recommended for production clusters.

Type: object

AutoResourceAllocation populates pod resource requests based on the services running on that pod. When enabled, this feature will calculate the memory request as the total of service allocations defined in spec.cluster, plus an overhead defined by spec.autoResourceAllocation.overheadPercent.Changing individual allocations for a service will cause a cluster upgrade as allocations are modified in the underlying pods. This field also allows default pod CPU requests and limits to be applied. All resource allocations can be overridden by explicitly configuring them in the spec.servers.resources field.

Type: string

Default: 4

Pattern (Regular Expression): ^(\+|-)?[0-9]+(\.[0-9]*)?)|(\.[0-9]+[KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]\*)?)|(\.[0-9]+))?$

CPULimits automatically populates the CPU limits across all Couchbase server pods. This field defaults to "4" CPUs. Explicitly specifying the CPU limit for a particular server class will override this value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes.

Type: string

Default: 2

Pattern (Regular Expression): ^(\+|-)?[0-9]+(\.[0-9]*)?)|(\.[0-9]+[KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]\*)?)|(\.[0-9]+))?$

CPURequests automatically populates the CPU requests across all Couchbase server pods. The default value of "2", is the minimum recommended number of CPUs required to run Couchbase Server. Explicitly specifying the CPU request for a particular server class will override this value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes.

Type: boolean

Enabled defines whether auto-resource allocation is enabled.

Type: integer

Default: 25

Minimum: 0

OverheadPercent defines the amount of memory above that required for individual services on a pod. For Couchbase Server this should be approximately 25%.

Type: string

AutoscaleStabilizationPeriod defines how long after a rebalance the corresponding HorizontalPodAutoscaler should remain in maintenance mode. During maintenance mode all autoscaling is disabled since every HorizontalPodAutoscaler associated with the cluster becomes inactive. Since certain metrics can be unpredictable when Couchbase is rebalancing or upgrading, setting a stabilization period helps to prevent scaling recommendations from the HorizontalPodAutoscaler for a provided period of time. Values must be a valid Kubernetes duration of 0s or higher: https://golang.org/pkg/time/#ParseDuration A value of 0, puts the cluster in maintenance mode during rebalance but immediately exits this mode once the rebalance has completed. When undefined, the HPA is never put into maintenance mode during rebalance.

Type: object

Backup defines whether the Operator should manage automated backups, and how to lookup backup resources.

Type: map[string]string

Annotations defines additional annotations to appear on the backup/restore pods.

Required

Type: string

Default: couchbase/operator-backup:1.4.1

The Backup Image to run on backup pods.

Type: []object

ImagePullSecrets allow you to use an image from private repositories and non-dockerhub ones.

Type: string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?.

Type: map[string]string

Labels defines additional labels to appear on the backup/restore pods.

Type: boolean

Managed defines whether backups are managed by us or the clients.

Type: map[string]string

NodeSelector defines which nodes to constrain the pods that run any backup and restore operations to.

Type: object

Deprecated: by CouchbaseBackup.spec.objectStore.Endpoint ObjectEndpoint contains the configuration for connecting to a custom S3 compliant object store.

Type: string

The name of the secret, in this namespace, that contains the CA certificate for verification of a TLS endpoint The secret must have the key with the name "tls.crt".

Type: string

The host/address of the custom object endpoint.

Type: boolean

UseVirtualPath will force the AWS SDK to use the new virtual style paths which are often required by S3 compatible object stores.

Type: object

Resources is the resource requirements for the backup and restore containers. Will be populated by defaults if not specified.

Type: string

Deprecated: by CouchbaseBackup.spec.objectStore.secret S3Secret contains the key region and optionally access-key-id and secret-access-key for operating backups in S3. This field must be popluated when the spec.s3bucket field is specified for a backup or restore resource.

Type: object

Selector allows CouchbaseBackup and CouchbaseBackupRestore resources to be filtered based on labels.

Type: string

Default: couchbase-backup

The Service Account to run backup (and restore) pods under. Without this backup pods will not be able to update status.

Type: []object

Tolerations specifies all backup and restore pod tolerations.

Type: string

Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.

Type: string

Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.

Type: string

Operator represents a key’s relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.

Type: integer

TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.

Type: string

Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.

Type: boolean

Deprecated: by CouchbaseBackup.spec.objectStore.useIAM UseIAMRole enables backup to fetch EC2 instance metadata. This allows the AWS SDK to use the EC2’s IAM Role for S3 access. UseIAMRole will ignore credentials in s3Secret.

Type: object

Buckets defines whether the Operator should manage buckets, and how to lookup bucket resources.

Type: boolean

Managed defines whether buckets are managed by the Operator (true), or user managed (false). When Operator managed, all buckets must be defined with either CouchbaseBucket or CouchbaseEphemeralBucket resources. Manual addition of buckets will be reverted by the Operator. When user managed, the Operator will not interrogate buckets at all. This field defaults to false.

Type: object

Selector is a label selector used to list buckets in the namespace that are managed by the Operator.

Type: []object

matchExpressions is a list of label selector requirements. The requirements are ANDed.

Required

Type: string

key is the label key that the selector applies to.

Required

Type: string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

Type: []string

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

Type: map[string]string

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

Type: boolean

Synchronize allows unmanaged buckets, scopes, and collections to be synchronized as Kubernetes resources by the Operator. This feature is intended for development only and should not be used for production workloads. The synchronization workflow starts with spec.buckets.managed being set to false, the user can manually create buckets, scopes, and collections using the Couchbase UI, or other tooling. When you wish to commit to Kubernetes resources, you must specify a unique label selector in the spec.buckets.selector field, and this field is set to true. The Operator will create Kubernetes resources for you, and upon completion set the cluster’s Synchronized status condition. Synchronizing will not create a Kubernetes resource for the Couchbase Server maintained _system scope. You may then safely set spec.buckets.managed to true and the Operator will manage these resources as per usual. To update an already managed data topology, you must first set it to unmanaged, make any changes, and delete any old resources, then follow the standard synchronization workflow. The Operator can not, and will not, ever delete, or make modifications to resource specifications that are intended to be user managed, or managed by a life cycle management tool. These actions must be instigated by an end user. For a more complete experience, refer to the documentation for the cao save and cao restore CLI commands.

Type: object

Default: {}

ClusterSettings define Couchbase cluster-wide settings such as memory allocation, failover characteristics and index settings.

Type: string

Default: 1Gi

Pattern (Regular Expression): ^(\+|-)?[0-9]+(\.[0-9]*)?)|(\.[0-9]+[KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]\*)?)|(\.[0-9]+))?$

AnalyticsServiceMemQuota is the amount of memory that should be allocated to the analytics service. This value is per-pod, and only applicable to pods belonging to server classes running the analytics service. This field must be a quantity greater than or equal to 1Gi. This field defaults to 1Gi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes.

Type: object

Default: {}

AutoCompaction allows the configuration of auto-compaction, including on what conditions disk space is reclaimed and when it is allowed to run. Cluster level settings will be used as the default when creating new buckets and any changes to the settings will be applied to all existing buckets that have not had their auto-compaction settings individually modified.

Type: object

Default: {}

DatabaseFragmentationThreshold defines triggers for when database compaction should start.

Type: integer

Default: 30

Minimum: 2

Maximum: 100

Percent is the percentage of disk fragmentation after which to decompaction will be triggered. This field must be in the range 2-100, defaulting to 30.

Type: string

Pattern (Regular Expression): ^(\+|-)?[0-9]+(\.[0-9]*)?)|(\.[0-9]+[KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]\*)?)|(\.[0-9]+))?$

Size is the amount of disk framentation, that once exceeded, will trigger decompaction. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes.

Type: boolean

ParallelCompaction controls whether database and view compactions can happen in parallel.

Type: object

TimeWindow allows restriction of when compaction can occur.

Type: boolean

AbortCompactionOutsideWindow stops compaction processes when the process moves outside the window, defaulting to false.

Type: string

Pattern (Regular Expression): ^(2[0-3]|[01]?[0-9]):([0-5]?[0-9])$

End is a wallclock time, in the form HH:MM, when a compaction should stop.

Type: string

Pattern (Regular Expression): ^(2[0-3]|[01]?[0-9]):([0-5]?[0-9])$

Start is a wallclock time, in the form HH:MM, when a compaction is permitted to start.

Type: string

Default: 72h

TombstonePurgeInterval controls how long to wait before purging tombstones. This field must be in the range 1h-1440h, defaulting to 72h. More info: https://golang.org/pkg/time/#ParseDuration.

Type: object

Default: {}

ViewFragmentationThreshold defines triggers for when view compaction should start.

Type: integer

Default: 30

Minimum: 2

Maximum: 100

Percent is the percentage of disk fragmentation after which to decompaction will be triggered. This field must be in the range 2-100, defaulting to 30.

Type: string

Pattern (Regular Expression): ^(\+|-)?[0-9]+(\.[0-9]*)?)|(\.[0-9]+[KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]\*)?)|(\.[0-9]+))?$

Size is the amount of disk framentation, that once exceeded, will trigger decompaction. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes.

Type: integer

Default: 1

Minimum: 1

AutoFailoverMaxCount is the maximum number of automatic failovers Couchbase server will allow before not allowing any more. This field must be between 1-3 for server versions prior to 7.1.0 default is 1.

Type: boolean

AutoFailoverOnDataDiskIssues defines whether Couchbase server should failover a pod if a disk issue was detected.

Type: string

Default: 120s

AutoFailoverOnDataDiskIssuesTimePeriod defines how long to wait for transient errors before failing over a faulty disk. This field must be in the range 5-3600s, defaulting to 120s. More info: https://golang.org/pkg/time/#ParseDuration.

Type: boolean

AutoFailoverServerGroup whether to enable failing over a server group. This field is ignored in server versions 7.1+ as it has been removed from the Couchbase API.

Type: string

Default: 120s

AutoFailoverTimeout defines how long Couchbase server will wait between a pod being witnessed as down, until when it will failover the pod. Couchbase server will only failover pods if it deems it safe to do so, and not result in data loss. This field must be in the range 5-3600s, defaulting to 120s. More info: https://golang.org/pkg/time/#ParseDuration.

Type: string

ClusterName defines the name of the cluster, as displayed in the Couchbase UI. By default, the cluster name is that specified in the CouchbaseCluster resource’s metadata.

Type: object

Data allows the data service to be configured.

Type: integer

Minimum: 1

Maximum: 64

AuxIOThreads allows the number of threads used by the data service, per pod, to be altered. This indicates the number of threads that are to be used in the AuxIO thread pool to run auxiliary I/O tasks. This value must be between 1 and 64 threads and is only supported on CB versions 7.1.0+. and should only be increased where there are sufficient CPU resources allocated for their use. If not specified, this defaults to the default value set by Couchbase Server.

Type: integer

Default: 0

Minimum: 0

Maximum: 3

MinReplicasCount allows the minimum number of replicas required for buckets to be set. New buckets cannot be created with less than this minimum. This field must be between 0 and 3, defaulting to 0.

Type: integer

Minimum: 1

Maximum: 64

NonIOThreads allows the number of threads used by the data service, per pod, to be altered. This indicates the number of threads that are to be used in the NonIO thread pool to run in memory tasks. This value must be between 1 and 64 threads and is only supported on CB versions 7.1.0+. and should only be increased where there are sufficient CPU resources allocated for their use. If not specified, this defaults to the default value set by Couchbase Server.

Type: integer

Minimum: 1

Maximum: 64

ReaderThreads allows the number of threads used by the data service, per pod, to be altered. This value must be between 4 and 64 threads for CB versions below 7.1.0 and, or 1 and 64 for CB versions 7.1.0+. and should only be increased where there are sufficient CPU resources allocated for their use. If not specified, this defaults to the default value set by Couchbase Server.

Type: integer

Minimum: 1

Maximum: 64

WriterThreads allows the number of threads used by the data service, per pod, to be altered. This setting is especially relevant when using "durable writes", increasing this field will have a large impact on performance. This value must be between 4 and 64 threads for CB versions below 7.1.0 and, // or 1 and 64 for CB versions 7.1.0+. and should only be increased where there are sufficient CPU resources allocated for their use. If not specified, this defaults to the default value set by Couchbase Server.

Type: string

Default: 256Mi

Pattern (Regular Expression): ^(\+|-)?[0-9]+(\.[0-9]*)?)|(\.[0-9]+[KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]\*)?)|(\.[0-9]+))?$

DataServiceMemQuota is the amount of memory that should be allocated to the data service. This value is per-pod, and only applicable to pods belonging to server classes running the data service. This field must be a quantity greater than or equal to 256Mi. This field defaults to 256Mi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes.

Type: string

Default: 256Mi

Pattern (Regular Expression): ^(\+|-)?[0-9]+(\.[0-9]*)?)|(\.[0-9]+[KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]\*)?)|(\.[0-9]+))?$

EventingServiceMemQuota is the amount of memory that should be allocated to the eventing service. This value is per-pod, and only applicable to pods belonging to server classes running the eventing service. This field must be a quantity greater than or equal to 256Mi. This field defaults to 256Mi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes.

Type: string

Default: 256Mi

Pattern (Regular Expression): ^(\+|-)?[0-9]+(\.[0-9]*)?)|(\.[0-9]+[KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]\*)?)|(\.[0-9]+))?$

IndexServiceMemQuota is the amount of memory that should be allocated to the index service. This value is per-pod, and only applicable to pods belonging to server classes running the index service. This field must be a quantity greater than or equal to 256Mi. This field defaults to 256Mi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes.

Type: string

Default: memory_optimized

Enumerations: memory_optimized, plasma

DEPRECATED - by indexer.

The index storage mode to use for secondary indexing. This field must be one of "memory_optimized" or "plasma", defaulting to "memory_optimized". This field is immutable and cannot be changed unless there are no server classes running the index service in the cluster.

Type: object

Indexer allows the indexer to be configured.

Type: boolean

Default: False

EnablePageBloomFilter gives Couchbase Server guidance whether bloom filters should be used when item lookups occur. These help to indicate during a lookup that an item is not on disk, and therefore prevent unnecessary on-disk searches. This field is only supported on CB versions 7.1.0+.

Type: boolean

Default: False

EnableShardAffinity when false Index Servers rebuild any index that are newly assigned to them during a rebalance. When set to true, Couchbase Server moves a reassigned index’s files between Index Servers. This field is only supported on CB versions 7.6.0+.

Type: string

Default: info

Enumerations: silent, fatal, error, warn, info, verbose, timing, debug, trace

LogLevel controls the verbosity of indexer logs. This field must be one of "silent", "fatal", "error", "warn", "info", "verbose", "timing", "debug" or "trace", defaulting to "info".

Type: integer

Default: 2

Minimum: 1

MaxRollbackPoints controls the number of checkpoints that can be rolled back to. The default is 2, with a minimum of 1.

Type: string

Default: 200ms

MemorySnapshotInterval controls when memory indexes should be snapshotted. This defaults to 200ms, and must be greater than or equal to 1ms.

Type: integer

Default: 0

Minimum: 0

Maximum: 16

NumberOfReplica specifies number of secondary index replicas to be created by the Index Service whenever CREATE INDEX is invoked, which ensures high availability and high performance. Note, if nodes and num_replica are both specified in the WITH clause, the specified number of nodes must be one greater than num_replica This field must be between 0 and 16, defaulting to 0, which means no index replicas to be created by default.

Type: boolean

Default: False

RedistributeIndexes when true, Couchbase Server redistributes indexes when rebalance occurs, in order to optimize performance. If false (the default), such redistribution does not occur.

Type: string

Default: 5s

StableSnapshotInterval controls when disk indexes should be snapshotted. This defaults to 5s, and must be greater than or equal to 1ms.

Type: string

Default: memory_optimized

Enumerations: memory_optimized, plasma

StorageMode controls the underlying storage engine for indexes. Once set it can only be modified if there are no nodes in the cluster running the index service. The field must be one of "memory_optimized" or "plasma", defaulting to "memory_optimized".

Type: integer

Minimum: 0

Threads controls the number of processor threads to use for indexing. A value of 0 means 1 per CPU. This attribute must be greater than or equal to 0, defaulting to 0.

Type: object

Query allows the query service to be configured.

Type: boolean

Default: True

BackfillEnabled allows the query service to backfill.

Required

Type: boolean

Default: True

CBOEnabled specifies whether the cost-based optimizer is enabled. Defaults to true.

Required

Type: boolean

Default: True

CleanupClientAttemptsEnabled specifies whether the Query service preferentially aims to clean up just transactions that it has created, leaving transactions for the distributed cleanup process only when it is forced to. Defaults to true.

Required

Type: boolean

Default: True

CleanupLostAttemptsEnabled specifies the Query service takes part in the distributed cleanup process, and cleans up expired transactions created by any client. Defaults to true.

Required

Type: string

Default: 60s

CleanupWindow specifies how frequently the Query service checks its subset of active transaction records for cleanup. Defaults to 60s.

Required

Type: integer

Default: 4000

CompletedLimit sets the number of requests to be logged in the completed requests catalog. As new completed requests are added, old ones are removed.

Required

Type: string

Default: 262144

Pattern (Regular Expression): ^(\+|-)?[0-9]+(\.[0-9]*)?)|(\.[0-9]+[KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]\*)?)|(\.[0-9]+))?$

CompletedMaxPlanSize limits the size of query execution plans that can be logged in the completed requests catalog. Queries with plans larger than this are not logged. This field is only supported on CB versions 7.6.0+. Defaults to 262144, maximum value is 20840448, and minimum value is 0.

Required

Type: boolean

Default: False

CompletedTrackingAllRequests allows all requests to be tracked regardless of their time. This field requires completedTrackingEnabled to be true.

Required

Type: boolean

Default: True

CompletedTrackingEnabled allows completed requests to be tracked in the requests catalog.

Type: string

Default: 7s

CompletedThreshold is a trigger for queries to be logged in the completed requests catalog. All completed queries lasting longer than this threshold are logged in the completed requests catalog. This field requires completedTrackingEnabled to be set to true and completedTrackingAllRequests to be false to have any effect.

Type: string

Default: info

Enumerations: debug, trace, info, warn, error, severe, none

LogLevel controls the verbosity of query logs. This field must be one of "debug", "trace", "info", "warn", "error", "severe", or "none", defaulting to "info".

Required

Type: integer

Default: 1

MaxParallelism specifies the maximum parallelism for queries on all Query nodes in the cluster. If the value is zero, negative, or larger than the number of allowed cored the maximum parallelism is restricted to the number of allowed cores. Defaults to 1.

Type: string

Default: 0

Pattern (Regular Expression): ^(\+|-)?[0-9]+(\.[0-9]*)?)|(\.[0-9]+[KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]\*)?)|(\.[0-9]+))?$

MemoryQuota specifies the maximum amount of memory a request may use on any Query node in the cluster. This parameter enforces a ceiling on the memory used for the tracked documents required for processing a request. It does not take into account any other memory that might be used to process a request, such as the stack, the operators, or some intermediate values. Defaults to 0.

Required

Type: integer

Default: 67

Minimum: 0

Maximum: 100

NodeQuotaValPercent sets the percentage of the useReplica that is dedicated to tracked value content memory across all active requests for every Query node in the cluster. This field is only supported on CB versions 7.6.0+. Defaults to 67.

Required

Type: integer

Default: 1024

Minimum: 1

NumActiveTransactionRecords specifies the total number of active transaction records for all Query nodes in the cluster. Default to 1024 and has a minimum of 1.

Required

Type: integer

Default: 0

Minimum: 0

NumCpus is the number of CPUs the Query service can use on any Query node in the cluster. When set to 0 (the default), the Query service can use all available CPUs, up to the limits described below. The number of CPUs can never be greater than the number of logical CPUs. In Community Edition, the number of allowed CPUs cannot be greater than 4. In Enterprise Edition, there is no limit to the number of allowed CPUs. This field is only supported on CB versions 7.6.0+. NOTE: This change requires a restart of the Query service to take effect which can be done by rescheduling nodes that are running the query service. Defaults to 0.

Required

Type: integer

Default: 16

PipelineBatch controls the number of items execution operators can batch for Fetch from the KV. Defaults to 16.

Required

Type: integer

Default: 512

PipelineCap controls the maximum number of items each execution operator can buffer between various operators. Defaults to 512.

Required

Type: integer

Default: 16384

PreparedLimit is the maximum number of prepared statements in the cache. When this cache reaches the limit, the least recently used prepared statements will be discarded as new prepared statements are created.

Required

Type: integer

Default: 512

ScapCan sets the maximum buffered channel size between the indexer client and the query service for index scans. Defaults to 512.

Type: string

Default: 5Gi

Pattern (Regular Expression): ^(\+|-)?[0-9]+(\.[0-9]*)?)|(\.[0-9]+[KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]\*)?)|(\.[0-9]+))?$

TemporarySpace allows the temporary storage used by the query service backfill, per-pod, to be modified. This field requires backfillEnabled to be set to true in order to have any effect. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes.

Type: boolean

TemporarySpaceUnlimited allows the temporary storage used by the query service backfill, per-pod, to be unconstrained. This field requires backfillEnabled to be set to true in order to have any effect. This field overrides temporarySpace.

Type: string

Timeout is the maximum time to spend on the request before timing out. If this field is not set then there will be no timeout.

Type: string

Default: 0ms

TxTimeout is the maximum time to spend on a transaction before timing out. This setting only applies to requests containing the BEGIN TRANSACTION statement, or to requests where the tximplicit parameter is set. For all other requests, it is ignored. Defaults to 0ms (no timeout).

Type: boolean

UseReplica specifies whether a query can fetch data from a replica vBucket if active vBuckets are inaccessible. If set to true then read from replica is enabled for all queries, but can be disabled at request level. If set to false read from replica is disabled for all queries and cannot be overridden at request level. If this field is unset then it is enabled/disabled at the request level. This field is only supported on CB versions 7.6.0+.

Type: string

Pattern (Regular Expression): ^(\+|-)?[0-9]+(\.[0-9]*)?)|(\.[0-9]+[KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]\*)?)|(\.[0-9]+))?$

QueryServiceMemQuota is used when the spec.autoResourceAllocation feature is enabled, and is used to define the amount of memory reserved by the query service for use with Kubernetes resource scheduling. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes In CB Server 7.6.0+ QueryServiceMemQuota also sets a soft memory limit for every Query node in the cluster. The garbage collector tries to keep below this target. It is not a hard, absolute limit, and memory usage may exceed this value.

Type: string

Default: 256Mi

Pattern (Regular Expression): ^(\+|-)?[0-9]+(\.[0-9]*)?)|(\.[0-9]+[KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]\*)?)|(\.[0-9]+))?$

SearchServiceMemQuota is the amount of memory that should be allocated to the search service. This value is per-pod, and only applicable to pods belonging to server classes running the search service. This field must be a quantity greater than or equal to 256Mi. This field defaults to 256Mi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes.

Type: boolean

EnableOnlineVolumeExpansion enables online expansion of Persistent Volumes. You can only expand a PVC if its storage class’s "allowVolumeExpansion" field is set to true. Additionally, Kubernetes feature "ExpandInUsePersistentVolumes" must be enabled in order to expand the volumes which are actively bound to Pods. Volumes can only be expanded and not reduced to a smaller size. See: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#resizing-an-in-use-persistentvolumeclaim

If "EnableOnlineVolumeExpansion" is enabled for use within an environment that does not actually support online volume and file system expansion then the cluster will fallback to rolling upgrade procedure to create a new set of Pods for use with resized Volumes. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#expanding-persistent-volumes-claims.

Type: boolean

DEPRECATED - This option only exists for backwards compatibility and no longer restricts autoscaling to ephemeral services.

EnablePreviewScaling enables autoscaling for stateful services and buckets.

Type: boolean

EnvImagePrecedence gives precedence over the default container image name in spec.Image to an image name provided through Operator environment variables. For more info on using Operator environment variables: https://docs.couchbase.com/operator/current/reference-operator-configuration.html.

Type: boolean

Hibernate is whether to hibernate the cluster.

Type: string

Enumerations: Immediate

HibernationStrategy defines how to hibernate the cluster. When Immediate the Operator will immediately delete all pods and take no further action until the hibernate field is set to false.

Required

Type: string

Pattern (Regular Expression): ^(.*?(:\d+)?/)?.\*?/.*?(:.\*?\d+\.\d+\.\d+.\*|@sha256:[0-9a-f]{64})$

Image is the container image name that will be used to launch Couchbase server instances. Updating this field will cause an automatic upgrade of the cluster. Explicitly specifying the image for a server class will override this value for the server class.

Type: object

Logging defines Operator logging options.

Type: object

Used to manage the audit configuration directly.

Type: []integer

The list of event ids to disable for auditing purposes. This is passed to the REST API with no verification by the operator. Refer to the documentation for details: https://docs.couchbase.com/server/current/audit-event-reference/audit-event-reference.html.

Type: []string

Pattern (Regular Expression): ^.+/(local|external)$

The list of users to ignore for auditing purposes. This is passed to the REST API with minimal validation it meets an acceptable regex pattern. Refer to the documentation for full details on how to configure this: https://docs.couchbase.com/server/current/manage/manage-security/manage-auditing.html#ignoring-events-by-user.

Type: boolean

Enabled is a boolean that enables the audit capabilities.

Type: object

Handle all optional garbage collection (GC) configuration for the audit functionality. This is not part of the audit REST API, it is intended to handle GC automatically for the audit logs. By default the Couchbase Server rotates the audit logs but does not clean up the rotated logs. This is left as an operation for the cluster administrator to manage, the operator allows for us to automate this: https://docs.couchbase.com/server/current/manage/manage-security/manage-auditing.html.

Type: object

DEPRECATED - by spec.logging.audit.rotation for Couchbase Server 7.2.4+ Provide the sidecar configuration required (if so desired) to automatically clean up audit logs.

Type: string

Default: 1h

The minimum age of rotated log files to remove, defaults to one hour.

Type: boolean

Enable this sidecar by setting to true, defaults to being disabled.

Type: string

Default: busybox:1.33.1

Image is the image to be used to run the audit sidecar helper. No validation is carried out as this can be any arbitrary repo and tag.

Type: string

Default: 20m

The interval at which to check for rotated log files to remove, defaults to 20 minutes.

Type: object

Resources is the resource requirements for the cleanup container. Will be populated by Kubernetes defaults if not specified.

Type: object

The interval to optionally rotate the audit log. This is passed to the REST API, see here for details: https://docs.couchbase.com/server/current/manage/manage-security/manage-auditing.html.

Type: string

Default: 15m

The interval at which to rotate log files, defaults to 15 minutes.

Type: string

Default: 0

How long Couchbase Server keeps rotated audit logs. If set to 0 (the default) then audit logs won’t be pruned. Has a maximum of 35791394 seconds.

Type: string

Default: 20Mi

Pattern (Regular Expression): ^(\+|-)?[0-9]+(\.[0-9]*)?)|(\.[0-9]+[KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]\*)?)|(\.[0-9]+))?$

Size allows the specification of a rotation size for the log, defaults to 20Mi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes.

Type: integer

Minimum: 0

LogRetentionCount gives the number of persistent log PVCs to keep.

Type: string

Pattern (Regular Expression): ^\d+(ns|us|ms|s|m|h)$

LogRetentionTime gives the time to keep persistent log PVCs alive for.

Type: object

Specification of all logging configuration required to manage the sidecar containers in each pod.

Type: string

Default: fluent-bit-config

ConfigurationName is the name of the Secret to use holding the logging configuration in the namespace. A Secret is used to ensure we can safely store credentials but this can be populated from plaintext if acceptable too. If it does not exist then one will be created with defaults in the namespace so it can be easily updated whilst running. Note that if running multiple clusters in the same kubernetes namespace then you should use a separate Secret for each, otherwise the first cluster will take ownership (if created) and the Secret will be cleaned up when that cluster is removed. If running clusters in separate namespaces then they will be separate Secrets anyway.

Type: boolean

Enabled is a boolean that enables the logging sidecar container.

Type: boolean

Default: True

A boolean which indicates whether the operator should manage the configuration or not. If omitted then this defaults to true which means the operator will attempt to reconcile it to default values. To use a custom configuration make sure to set this to false. Note that the ownership of any Secret is not changed so if a Secret is created externally it can be updated by the operator but it’s ownership stays the same so it will be cleaned up when it’s owner is.

Type: object

Default: {}

Any specific logging sidecar container configuration.

Type: string

Default: /fluent-bit/config/

ConfigurationMountPath is the location to mount the ConfigurationName Secret into the image. If another log shipping image is used that needs a different mount then modify this. Note that the configuration file must be called 'fluent-bit.conf' at the root of this path, there is no provision for overriding the name of the config file passed as the COUCHBASE_LOGS_CONFIG_FILE environment variable.

Type: string

Default: couchbase/fluent-bit:1.2.9

Image is the image to be used to deal with logging as a sidecar. No validation is carried out as this can be any arbitrary repo and tag. It will default to the latest supported version of Fluent Bit.

Type: object

Resources is the resource requirements for the sidecar container. Will be populated by Kubernetes defaults if not specified.

Type: object

Migration defines the specification for a CouchbaseCluster assimilation of an unmanaged cluster to a managed Kubernetes cluster.

Type: integer

Default: 1

Minimum: 1

MaxConcurrentMigrations is the maximum number of nodes migrations the operator will run concurrently.

Type: integer

NumUnmanagedNodes is the number of nodes the operator will leave in the cluster unmigrated. This is useful for controlling how much of the cluster to migrate over at a time. If not specified the operator will migrate all nodes. e.g. if the unmanaged cluster has 10 nodes and NumUnmanagedNodes is set to 2, then the operator will migrate 8 nodes to Kubernetes and leave 2 nodes.

Type: string

StabilizationPeriod is the time the operator will wait after a migration before starting the next migration. If not specified the operator will start the next migration immediately.

Type: string

Pattern (Regular Expression): ^((([a-zA-Z0-9](-?[a-zA-Z0-9])\*)\.)+[a-zA-Z]{2,})|((25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2})\.){3}(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2})|(([0-9A-Fa-f]{1,4}:){1,7}[0-9A-Fa-f]{1,4})$

UnmanagedClusterHost is a host of the unmanaged Couchbase cluster to be migrated. This is the host that the operator will connect to to start the migration process.

Type: object

DEPRECATED - By Couchbase Server metrics endpoint on version 7.0+ Monitoring defines any Operator managed integration into 3rd party monitoring infrastructure.

Type: object

DEPRECATED - By Couchbase Server metrics endpoint on version 7.0+ Prometheus provides integration with Prometheus monitoring.

Type: string

AuthorizationSecret is the name of a Kubernetes secret that contains a bearer token to authorize GET requests to the metrics endpoint.

Type: boolean

Enabled is a boolean that enables/disables the metrics sidecar container. This must be set to true, when image is provided.

Required

Type: string

Image is the metrics image to be used to collect metrics. No validation is carried out as this can be any arbitrary repo and tag. enabled must be set to true, when image is provided.

Type: integer

Default: 60

Minimum: 1

Maximum: 600

RefreshRate is the frequency in which cached statistics are updated in seconds. Shorter intervals will add additional resource overhead to clusters running Couchbase Server 7.0+ Default is 60 seconds, Maximum value is 600 seconds, and minimum value is 1 second.

Type: object

Resources is the resource requirements for the metrics container. Will be populated by Kubernetes defaults if not specified.

Type: object

Networking defines Couchbase cluster networking options such as network topology, TLS and DDNS settings.

Type: string

Enumerations: IPv4, IPv6

AddressFamily allows the manual selection of the address family to use. When this field is not set, Couchbase server will default to using IPv4 for internal communication and also support IPv6 on dual stack systems. Setting this field to either IPv4 or IPv6 will force Couchbase to use the selected protocol for internal communication, and also disable all other protocols to provide added security and simplicty when defining firewall rules. Disabling of address families is only supported in Couchbase Server 7.0.2+.

Type: object

AdminConsoleServiceTemplate provides a template used by the Operator to create and manage the admin console service. This allows services to be annotated, the service type defined and any other options that Kubernetes provides. When using a LoadBalancer service type, TLS and dynamic DNS must also be enabled. The Operator reserves the right to modify or replace any field. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#service-v1-core.

Type: string

Default: NodePort

Enumerations: NodePort, LoadBalancer

DEPRECATED - by adminConsoleServiceTemplate.

AdminConsoleServiceType defines whether to create a node port or load balancer service. When using a LoadBalancer service type, TLS and dynamic DNS must also be enabled. This field must be one of "NodePort" or "LoadBalancer", defaulting to "NodePort".

Type: []string

Enumerations: admin, data, index, query, search, eventing, analytics

DEPRECATED - not required by Couchbase Server.

AdminConsoleServices is a selector to choose specific services to expose via the admin console. This field may contain any of "data", "index", "query", "search", "eventing" and "analytics". Each service may only be included once.

Type: object

CloudNativeGateway is used to provision a gRPC gateway proxying a Couchbase cluster.

Required

Type: string

Image is the Cloud Native Gateway image to be used to run the sidecar container. No validation is carried out as this can be any arbitrary repo and tag.

Required

Type: string

Default: info

Enumerations: fatal, panic, dpanic, error, warn, info, debug

DEVELOPER PREVIEW - This feature is in developer preview.

LogLevel controls the verbosity of cloud native logs. This field must be one of "fatal", "panic", "dpanic", "error", "warn", "info", "debug" defaulting to "info".

Type: integer

Default: 75

TerminationGracePeriodSeconds specifies the grace period for the container to terminate. Defaults to 75 seconds.

Type: object

TLS defines the TLS configuration for the Cloud Native Gateway server including server and client certificate configuration, and TLS security policies. If no TLS config are explicitly provided, the operator generates/manages self-signed certs/keys and creates a k8s secret named couchbase-cloud-native-gateway-self-signed-secret-<cluster-name> unique to a Couchbase cluster, which is volume mounted to the cb k8s pod. This action could be overidden at the outset or later, by using the below TLS config or generating the secret of same name as couchbase-cloud-native-gateway-self-signed-secret-<cluster-name> with certificates conforming to the keys of well-known type "kubernetes.io/tls" with "tls.crt" and "tls.key". N.B. The secret is on per cluster basis so it’s advised to use the unique cluster name else would be ignored.

Type: string

ServerSecretName specifies the secret name, in the same namespace as the cluster, that contains Cloud Native Gateway gRPC server TLS data. The secret is expected to contain "tls.crt" and "tls.key" as per the kubernetes.io/tls secret type.

Type: boolean

DisableUIOverHTTP is used to explicitly enable and disable UI access over the HTTP protocol. If not specified, this field defaults to false.

Type: boolean

DisableUIOverHTTPS is used to explicitly enable and disable UI access over the HTTPS protocol. If not specified, this field defaults to false.

Type: object

DNS defines information required for Dynamic DNS support.

Type: string

Domain is the domain to create pods in. When populated the Operator will annotate the admin console and per-pod services with the key "external-dns.alpha.kubernetes.io/hostname". These annotations can be used directly by a Kubernetes External-DNS controller to replicate load balancer service IP addresses into a public DNS server.

Type: boolean

ExposeAdminConsole creates a service referencing the admin console. The service is configured by the adminConsoleServiceTemplate field.

Type: object

ExposedFeatureServiceTemplate provides a template used by the Operator to create and manage per-pod services. This allows services to be annotated, the service type defined and any other options that Kubernetes provides. When using a LoadBalancer service type, TLS and dynamic DNS must also be enabled. The Operator reserves the right to modify or replace any field. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#service-v1-core.

Type: string

Default: NodePort

Enumerations: NodePort, LoadBalancer

DEPRECATED - by exposedFeatureServiceTemplate.

ExposedFeatureServiceType defines whether to create a node port or load balancer service. When using a LoadBalancer service type, TLS and dynamic DNS must also be enabled. This field must be one of "NodePort" or "LoadBalancer", defaulting to "NodePort".

Type: string

Enumerations: Cluster, Local

DEPRECATED - by exposedFeatureServiceTemplate.

ExposedFeatureTrafficPolicy defines how packets should be routed from a load balancer service to a Couchbase pod. When local, traffic is routed directly to the pod. When cluster, traffic is routed to any node, then forwarded on. While cluster routing may be slower, there are some situations where it is required for connectivity. This field must be either "Cluster" or "Local", defaulting to "Local",.

Type: []string

Enumerations: admin, xdcr, client, backup, external-cluster-connection

ExposedFeatures is a list of Couchbase features to expose when using a networking model that exposes the Couchbase cluster externally to Kubernetes. This field also triggers the creation of per-pod services used by clients to connect to the Couchbase cluster. When admin, only the administrator port is exposed, allowing remote administration. When xdcr, only the services required for remote replication are exposed. The xdcr feature is only required when the cluster is the destination of an XDCR replication. When client, all services are exposed as required for client SDK operation. This field may contain any of "admin", "xdcr" and "client". Each feature may only be included once.

Type: []string

Pattern (Regular Expression): ^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/\d{1,2}$

DEPRECATED - by adminConsoleServiceTemplate and exposedFeatureServiceTemplate.

LoadBalancerSourceRanges applies only when an exposed service is of type LoadBalancer and limits the source IP ranges that are allowed to use the service. Items must use IPv4 class-less interdomain routing (CIDR) notation e.g. 10.0.0.0/16.

Type: string

Enumerations: Istio

NetworkPlatform is used to enable support for various networking technologies. This field must be one of "Istio".

Type: map[string]string

DEPRECATED - by adminConsoleServiceTemplate and exposedFeatureServiceTemplate.

ServiceAnnotations allows services to be annotated with custom labels. Operator annotations are merged on top of these so have precedence as they are required for correct operation.

Type: object

TLS defines the TLS configuration for the cluster including server and client certificate configuration, and TLS security policies.

Type: boolean

Default: False

AllowPlainTextCertReload allows the reload of TLS certificates in plain text. This option should only be enabled as a means to recover connectivity with server in the event that any of the server certificates expire. When enabled the Operator only attempts plain text cert reloading when expired certificates are detected.

Type: []string

CipherSuites specifies a list of cipher suites for Couchbase server to select from when negotiating TLS handshakes with a client. Suites are not validated by the Operator. Run "openssl ciphers -v" in a Couchbase server pod to interrogate supported values.

Type: []object

ClientCertificatePaths defines where to look in client certificates in order to extract the user name.

Type: string

Delimiter if specified allows a suffix to be stripped from the username, once extracted from the certificate path.

Required

Type: string

Pattern (Regular Expression): ^subject\.cn|san\.uri|san\.dnsname|san\.email$

Path defines where in the X.509 specification to extract the username from. This field must be either "subject.cn", "san.uri", "san.dnsname" or "san.email".

Type: string

Prefix allows a prefix to be stripped from the username, once extracted from the certificate path.

Type: string

Enumerations: enable, mandatory

ClientCertificatePolicy defines the client authentication policy to use. If set, the Operator expects TLS configuration to contain a valid certificate/key pair for the Administrator account.

Type: string

Enumerations: ControlPlaneOnly, All, Strict

NodeToNodeEncryption specifies whether to encrypt data between Couchbase nodes within the same cluster. This may come at the expense of performance. When control plane only encryption is used, only cluster management traffic is encrypted between nodes. When all, all traffic is encrypted, including database documents. When strict mode is used, it is the same as all, but also disables all plaintext ports. Strict mode is only available on Couchbase Server versions 7.1 and greater. Node to node encryption can only be used when TLS certificates are managed by the Operator. This field must be either "ControlPlaneOnly", "All", or "Strict".

Type: object

PassphraseConfig configures the passphrase key to use with encrypted certificates. The passphrase may be registered with Couchbase Server using a local script or a rest endpoint. Private key encryption is only available on Couchbase Server versions 7.1 and greater.

Type: object

PassphraseRestConfig is the configuration to register a private key passphrase with a rest endpoint. When the private key is accessed, Couchbase Server attempts to extract the password by means of the specified endpoint. The response status must be 200 and the response text must be the exact passphrase excluding newlines and extraneous spaces.

Type: string

Default: inet

Enumerations: inet, inet6

AddressFamily is the address family to use. By default inet (meaning IPV4) is used.

Type: map[string]string

Headers is a map of one or more key-value pairs to pass alongside the Get request.

Type: integer

Default: 5000

Timeout is the number of milliseconds that must elapse before the call is timed out.

Required

Type: string

URL is the endpoint to be called to retrieve the passphrase. URL will be called using the GET method and may use http/https protocol.

Type: boolean

Default: True

VerifyPeer ensures peer verification is performed when Https is used.

Type: object

PassphraseScriptConfig is the configuration to register a private key passphrase with a script. The Operator auto-provisions the underlying script so this config simply provides a mechanism to perform the decryption of the Couchbase Private Key using a local script.

Required

Type: string

Secret is the secret containing the passphrase string. The secret is expected to contain "passphrase" key with the passphrase string as a value.

Type: []string

RootCAs defines a set of secrets that reside in this namespace that contain additional CA certificates that should be installed in Couchbase. The CA certificates that are defined here are in addition to those defined for the cluster, optionally by couchbaseclusters.spec.networking.tls.secretSource, and thus should not be duplicated. Each Secret referred to must be of well-known type "kubernetes.io/tls" and must contain one or more CA certificates under the key "tls.crt". Multiple root CA certificates are only supported on Couchbase Server 7.1 and greater, and not with legacy couchbaseclusters.spec.networking.tls.static configuration.

Type: object

SecretSource enables the user to specify a secret conforming to the Kubernetes TLS secret specification that is used for the Couchbase server certificate, and optionally the Operator’s client certificate, providing cert-manager compatibility without having to specify a separate root CA. A server CA certificate must be supplied by one of the provided methods. Certificates referred to must conform to the keys of well-known type "kubernetes.io/tls" with "tls.crt" and "tls.key". If the "tls.key" is an encrypted private key then the secret type can be the generic Opaque type since "kubernetes.io/tls" type secrets cannot verify encrypted keys.

Type: string

ClientSecretName specifies the secret name, in the same namespace as the cluster, the contains client TLS data. The secret is expected to contain "tls.crt" and "tls.key" as per the Kubernetes.io/tls secret type.

Required

Type: string

ServerSecretName specifies the secret name, in the same namespace as the cluster, that contains server TLS data. The secret is expected to contain "tls.crt" and "tls.key" as per the kubernetes.io/tls secret type. It may also contain "ca.crt". Only a single PEM formated x509 certificate can be provided to "ca.crt". The single certificate may also bundle together multiple root CA certificates. Multiple root CA certificates are only supported on Couchbase Server 7.1 and greater.

Type: object

DEPRECATED - by couchbaseclusters.spec.networking.tls.secretSource.

Static enables user to generate static x509 certificates and keys, put them into Kubernetes secrets, and specify them here. Static secrets are Couchbase specific, and follow no well-known standards.

Type: string

OperatorSecret is a secret name containing TLS certs used by operator to talk securely to this cluster. The secret must contain a CA certificate (data key ca.crt). If client authentication is enabled, then the secret must also contain a client certificate chain (data key "couchbase-operator.crt") and private key (data key "couchbase-operator.key").

Type: string

ServerSecret is a secret name containing TLS certs used by each Couchbase member pod for the communication between Couchbase server and its clients. The secret must contain a certificate chain (data key "chain.pem") and a private key (data key "pkey.key"). The private key must be in the PKCS#1 RSA format. The certificate chain must have a required set of X.509v3 subject alternative names for all cluster addressing modes. See the Operator TLS documentation for more information.

Type: string

Default: TLS1.2

Enumerations: TLS1.0, TLS1.1, TLS1.2, TLS1.3

TLSMinimumVersion specifies the minimum TLS version the Couchbase server can negotiate with a client. Must be one of TLS1.0, TLS1.1 TLS1.2 or TLS1.3, defaulting to TLS1.2. TLS1.3 is only valid for Couchbase Server 7.1.0 onward. TLS1.0 and TLS1.1 are not valid for Couchbase Server 7.6.0 onward.

Type: string

Default: 10m

WaitForAddressReachable is used to set the timeout between when polling of external addresses is started, and when it is deemed a failure. Polling of DNS name availability inherently dangerous due to negative caching, so prefer the use of an initial waitForAddressReachableDelay to allow propagation.

Type: string

Default: 2m

WaitForAddressReachableDelay is used to defer operator checks that ensure external addresses are reachable before new nodes are balanced in to the cluster. This prevents negative DNS caching while waiting for external-DDNS controllers to propagate addresses.

Type: integer

Minimum: 0

Maximum: 30

OnlineVolumeExpansionTimeoutInMins must be provided as a retry mechanism with a timeout in minutes for expanding volumes. This must only be provided, if EnableOnlineVolumeExpansion is set to true. Value must be between 0 and 30. If no value is provided, then it defaults to 10 minutes.

Type: boolean

Paused is to pause the control of the operator for the Couchbase cluster. This does not pause the cluster itself, instead stopping the operator from taking any action.

Type: boolean

Default: False

PerServiceClassPDB allows pod disruption budgets to be created on a per-serviceClass basis.

Type: string

Enumerations: aws, gce, azure

Platform gives a hint as to what platform we are running on and how to configure services. This field must be one of "aws", "gke" or "azure".

Type: string

Enumerations: PrioritizeDataIntegrity, PrioritizeUptime

RecoveryPolicy controls how aggressive the Operator is when recovering cluster topology. When PrioritizeDataIntegrity, the Operator will delegate failover exclusively to Couchbase server, relying on it to only allow recovery when safe to do so. When PrioritizeUptime, the Operator will wait for a period after the expected auto-failover of the cluster, before forcefully failing-over the pods. This may cause data loss, and is only expected to be used on clusters with ephemeral data, where the loss of the pod means that the data is known to be unrecoverable. This field must be either "PrioritizeDataIntegrity" or "PrioritizeUptime", defaulting to "PrioritizeDataIntegrity".

Type: object

When spec.upgradeStrategy is set to RollingUpgrade it will, by default, upgrade one pod at a time. If this field is specified then that number can be increased.

Type: integer

Minimum: 1

MaxUpgradable allows the number of pods affected by an upgrade at any one time to be increased. By default a rolling upgrade will upgrade one pod at a time. This field allows that limit to be removed. This field must be greater than zero. The smallest of maxUpgradable and maxUpgradablePercent takes precedence if both are defined.

Type: string

Pattern (Regular Expression): ^(100|[1-9][0-9]|[1-9])%$

MaxUpgradablePercent allows the number of pods affected by an upgrade at any one time to be increased. By default a rolling upgrade will upgrade one pod at a time. This field allows that limit to be removed. This field must be an integer percentage, e.g. "10%", in the range 1% to 100%. Percentages are relative to the total cluster size, and rounded down to the nearest whole number, with a minimum of 1. For example, a 10 pod cluster, and 25% allowed to upgrade, would yield 2.5 pods per iteration, rounded down to 2. The smallest of maxUpgradable and maxUpgradablePercent takes precedence if both are defined.

Required

Type: object

Security defines Couchbase cluster security options such as the administrator account username and password, and user RBAC settings.

Required

Type: string

AdminSecret is the name of a Kubernetes secret to use for administrator authentication. The admin secret must contain the keys "username" and "password". The password data must be at least 6 characters in length, and not contain the any of the characters ()<>,;:\"/[]?={}.

Type: object

LDAP provides settings to authenticate and authorize LDAP users with Couchbase Server. When specified, the Operator keeps these settings in sync with Cocuhbase Server’s LDAP configuration. Leave empty to manually manage LDAP configuration.

Type: boolean

Default: True

AuthenticationEnabled allows users who attempt to access Couchbase Server without having been added as local users to be authenticated against the specified LDAP Host(s).

Type: boolean

AuthorizationEnabled allows authenticated LDAP users to be authorized with RBAC roles granted to any Couchbase Server group associated with the user.

Type: string

DN to use for searching users and groups synchronization. More info: https://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html.

Required

Type: string

BindSecret is the name of a Kubernetes secret to use containing password for LDAP user binding. The bindSecret must have a key with the name "password" and a value which corresponds to the password of the binding LDAP user.

Type: string

DEPRECATED - Field is ignored, use tlsSecret.

CA Certificate in PEM format to be used in LDAP server certificate validation. This cert is the string form of the secret provided to spec.tls.tlsSecret.

Type: integer

Default: 30000

Lifetime of values in cache in milliseconds. Default 300000 ms. More info: https://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html.

Type: string

Enumerations: None, StartTLSExtension, TLS

Encryption determines how the connection with the LDAP server should be encrypted. Encryption may set as either StartTLSExtension, TLS, or false. When set to "false" then no verification of the LDAP hostname is performed. When Encryption is StartTLSExtension, or TLS is set then the default behavior is to use the certificate already loaded into the Couchbase Cluster for certificate validation, otherwise ldap.tlsSecret may be set to override The Couchbase certificate.

Type: string

LDAP query, to get the users' groups by username in RFC4516 format. More info: https://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html.

Required

Type: []string

Minimum Items: 1

List of LDAP hosts to provide authentication-support for Couchbase Server. Host name must be a valid IP address or DNS Name e.g openldap.default.svc, 10.0.92.147.

Type: boolean

Default: True

Sets middlebox compatibility mode for LDAP. This option is only available on Couchbase Server 7.6.0+.

Type: boolean

If enabled Couchbase server will try to recursively search for groups for every discovered ldap group. groups_query will be user for the search. More info: https://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html.

Type: integer

Default: 10

Minimum: 1

Maximum: 100

Maximum number of recursive groups requests the server is allowed to perform. Requires NestedGroupsEnabled. Values between 1 and 100: the default is 10. More info: https://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html.

Required

Type: integer

Default: 389

LDAP port. This is typically 389 for LDAP, and 636 for LDAPS.

Type: boolean

Whether server certificate validation be enabled.

Type: string

TLSSecret is the name of a Kubernetes secret to use explcitly for LDAP ca cert. If TLSSecret is not provided, certificates found in couchbaseclusters.spec.networking.tls.rootCAs will be used instead. If provided, the secret must contain the ca to be used under the name "ca.crt".

Type: object

User to distinguished name (DN) mapping. If none is specified, the username is used as the user’s distinguished name. More info: https://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html.

Type: string

Query is the LDAP query to run to map from Couchbase user to LDAP distinguished name.

Type: string

This field specifies list of templates to use for providing username to DN mapping. The template may contain a placeholder specified as %u to represent the Couchbase user who is attempting to gain access.

Type: object

PodSecurityContext allows the configuration of the security context for all Couchbase server pods. When using persistent volumes you may need to set the fsGroup field in order to write to the volume. For non-root clusters you must also set runAsUser to 1000, corresponding to the Couchbase user in official container images. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/.

Type: integer

A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod:

1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR’d with rw-rw----

If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows.

Type: string

fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows.

Type: integer

The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.

Type: boolean

Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

Type: integer

The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.

Type: object

The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.

Type: string

Level is SELinux level label that applies to the container.

Type: string

Role is a SELinux role label that applies to the container.

Type: string

Type is a SELinux type label that applies to the container.

Type: string

User is a SELinux user label that applies to the container.

Type: object

The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.

Type: string

localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet’s configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.

Required

Type: string

type indicates which kind of seccomp profile will be applied. Valid options are:

Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.

Type: []integer

A list of groups applied to the first process run in each container, in addition to the container’s primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows.

Type: []object

Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows.

Required

Type: string

Name of a property to set.

Required

Type: string

Value of a property to set.

Type: object

The Windows specific settings applied to all containers. If unspecified, the options within a container’s SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.

Type: string

GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.

Type: string

GMSACredentialSpecName is the name of the GMSA credential spec to use.

Type: boolean

HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod’s containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.

Type: string

The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

Type: object

RBAC is the options provided for enabling and selecting RBAC User resources to manage.

Type: boolean

Managed defines whether RBAC is managed by us or the clients.

Type: object

Selector is a label selector used to list RBAC resources in the namespace that are managed by the Operator.

Type: object

SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. Use securityContext.allowPrivilegeEscalation field to grant more privileges than its parent process. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/.