Type: string

The name of a resource. This must be unique for the kind of resource within the namespace.

All resources must have a name. The name may be omitted and metadata.generateName used instead to generate a unique resource name.

For additional details on resource names, see the Kubernetes reference documentation.

Type: string

The namespace the resource resides in. All resources reside in a namespace.

The namespace is optional and may be specified in YAML configuration to override the namespace supplied by kubectl.

For additional details on namespaces, see the Kubernetes reference documentation.

Type: map[string]string

Labels allow resources to be labeled with key/value pairs of data. Labels are indexed and allow resources to be selected based upon specified labels.

Labels are relevant for certain types when using label selection within your resources.

For additional details on labels and selectors, see the Kubernetes reference documentation.

Type: map[string]string

Annotations allow resources to be annotated with key/value pairs of data. Annotations are arbitrary, and not indexed, so cannot be used to select resources, however may be used to add context or accounting to your resources.

For additional details on annotations, see the Kubernetes reference documentation.

Type: boolean

AntiAffinity forces the Operator to schedule different Couchbase server pods on different Kubernetes nodes. Anti-affinity reduces the likelihood of unrecoverable failure in the event of a node issue. Use of anti-affinity is highly recommended for production clusters.

Type: object

AutoResourceAllocation populates pod resource requests based on the services running on that pod. When enabled, this feature will calculate the memory request as the total of service allocations defined in spec.cluster, plus an overhead defined by spec.autoResourceAllocation.overheadPercent.Changing individual allocations for a service will cause a cluster upgrade as allocations are modified in the underlying pods. This field also allows default pod CPU requests and limits to be applied. All resource allocations can be overridden by explicitly configuring them in the spec.servers.resources field.

Type: string

Default: 4

Pattern (Regular Expression): ^(\+|-)?[0-9]+(\.[0-9]*)?)|(\.[0-9]+[KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]\*)?)|(\.[0-9]+))?$

CPULimits automatically populates the CPU limits across all Couchbase server pods. This field defaults to "4" CPUs. Explicitly specifying the CPU limit for a particular server class will override this value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes.

Type: string

Default: 2

Pattern (Regular Expression): ^(\+|-)?[0-9]+(\.[0-9]*)?)|(\.[0-9]+[KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]\*)?)|(\.[0-9]+))?$

CPURequests automatically populates the CPU requests across all Couchbase server pods. The default value of "2", is the minimum recommended number of CPUs required to run Couchbase Server. Explicitly specifying the CPU request for a particular server class will override this value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes.

Type: boolean

Enabled defines whether auto-resource allocation is enabled.

Type: string

Pattern (Regular Expression): ^(\+|-)?[0-9]+(\.[0-9]*)?)|(\.[0-9]+[KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]\*)?)|(\.[0-9]+))?$

OverheadMemory defines a static amount of memory above that required for individual services on a pod. This will override overheadPercent if both are specified.

Type: integer

Minimum: 0

OverheadPercent defines the amount of memory above that required for individual services on a pod. For Couchbase Server this should be approximately 25%.

Type: string

AutoscaleStabilizationPeriod defines how long after a rebalance the corresponding HorizontalPodAutoscaler should remain in maintenance mode. During maintenance mode all autoscaling is disabled since every HorizontalPodAutoscaler associated with the cluster becomes inactive. Since certain metrics can be unpredictable when Couchbase is rebalancing or upgrading, setting a stabilization period helps to prevent scaling recommendations from the HorizontalPodAutoscaler for a provided period of time. Values must be a valid Kubernetes duration of 0s or higher: https://golang.org/pkg/time/#ParseDuration A value of 0, puts the cluster in maintenance mode during rebalance but immediately exits this mode once the rebalance has completed. When undefined, the HPA is never put into maintenance mode during rebalance.

Type: object

Backup defines whether the Operator should manage automated backups, and how to lookup backup resources.

Type: map[string]string

Annotations defines additional annotations to appear on the backup/restore pods.

Required

Type: string

Default: couchbase/operator-backup:1.4.1

The Backup Image to run on backup pods.

Type: []object

ImagePullSecrets allow you to use an image from private repositories and non-dockerhub ones.

Type: string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names.

Type: map[string]string

Labels defines additional labels to appear on the backup/restore pods.

Type: boolean

Managed defines whether backups are managed by us or the clients.

Type: map[string]string

NodeSelector defines which nodes to constrain the pods that run any backup and restore operations to.

Type: object

Deprecated: by CouchbaseBackup.spec.objectStore.Endpoint ObjectEndpoint contains the configuration for connecting to a custom S3 compliant object store.

Type: string

The name of the secret, in this namespace, that contains the CA certificate for verification of a TLS endpoint The secret must have the key with the name "tls.crt".

Type: string

The host/address of the custom object endpoint.

Type: boolean

UseVirtualPath will force the AWS SDK to use the new virtual style paths which are often required by S3 compatible object stores.

Type: object

Resources is the resource requirements for the backup and restore containers. Will be populated by defaults if not specified.

Type: string

Deprecated: by CouchbaseBackup.spec.objectStore.secret S3Secret contains the key region and optionally access-key-id and secret-access-key for operating backups in S3. This field must be popluated when the spec.s3bucket field is specified for a backup or restore resource.

Type: object

Selector allows CouchbaseBackup and CouchbaseBackupRestore resources to be filtered based on labels.

Type: string

Default: couchbase-backup

The Service Account to run backup (and restore) pods under. Without this backup pods will not be able to update status.

Type: []object

Tolerations specifies all backup and restore pod tolerations.

Type: string

Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.

Type: string

Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.

Type: string

Operator represents a key’s relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.

Type: integer

TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.

Type: string

Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.

Type: boolean

Deprecated: by CouchbaseBackup.spec.objectStore.useIAM UseIAMRole enables backup to fetch EC2 instance metadata. This allows the AWS SDK to use the EC2’s IAM Role for S3 access. UseIAMRole will ignore credentials in s3Secret.

Type: object

Buckets defines whether the Operator should manage buckets, and how to lookup bucket resources.

Type: boolean

Used to define whether managed bucket storage backend migration routines should be enabled. This value defaults to false.

Type: boolean

Managed defines whether buckets are managed by the Operator (true), or user managed (false). When Operator managed, all buckets must be defined with either CouchbaseBucket or CouchbaseEphemeralBucket resources. Manual addition of buckets will be reverted by the Operator. When user managed, the Operator will not interrogate buckets at all. This field defaults to false.

Type: object

Selector is a label selector used to list buckets in the namespace that are managed by the Operator.

Type: []object

matchExpressions is a list of label selector requirements. The requirements are ANDed.

Required

Type: string

key is the label key that the selector applies to.

Required

Type: string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

Type: []string

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

Type: map[string]string

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

Type: boolean

Synchronize allows unmanaged buckets, scopes, and collections to be synchronized as Kubernetes resources by the Operator. This feature is intended for development only and should not be used for production workloads. The synchronization workflow starts with spec.buckets.managed being set to false, the user can manually create buckets, scopes, and collections using the Couchbase UI, or other tooling. When you wish to commit to Kubernetes resources, you must specify a unique label selector in the spec.buckets.selector field, and this field is set to true. The Operator will create Kubernetes resources for you, and upon completion set the cluster’s Synchronized status condition. Synchronizing will not create a Kubernetes resource for the Couchbase Server maintained _system scope. You may then safely set spec.buckets.managed to true and the Operator will manage these resources as per usual. To update an already managed data topology, you must first set it to unmanaged, make any changes, and delete any old resources, then follow the standard synchronization workflow. The Operator can not, and will not, ever delete, or make modifications to resource specifications that are intended to be user managed, or managed by a life cycle management tool. These actions must be instigated by an end user. For a more complete experience, refer to the documentation for the cao save and cao restore CLI commands.

Type: object

Default: {}

ClusterSettings define Couchbase cluster-wide settings such as memory allocation, failover characteristics and index settings.

Type: boolean

AllowFailoverEphemeralNoReplicas allows failover of ephemeral buckets with no replicas. This is only supported on Couchbase Server 8.0+.

Type: object

Analytics allows the analytics service to be configured.

Type: integer

Minimum: 0

Maximum: 3

NumReplicas specifies the number of replicas for Analytics. Changing the value in this field when the Analytics service is enabled will trigger a rebalance of the cluster.

Type: string

Default: 1Gi

Pattern (Regular Expression): ^(\+|-)?[0-9]+(\.[0-9]*)?)|(\.[0-9]+[KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]\*)?)|(\.[0-9]+))?$

AnalyticsServiceMemQuota is the amount of memory that should be allocated to the analytics service. This value is per-pod, and only applicable to pods belonging to server classes running the analytics service. This field must be a quantity greater than or equal to 1Gi. This field defaults to 1Gi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes.

Type: object

AppTelemetry allows the configuration of application telemetry. This is only supported on Couchbase Server 8.0+.

Required

Type: boolean

Default: False

Enabled controls whether application telemetry is enabled.

Type: integer

Default: 1024

Minimum: 1

Maximum: 1024

MaxScrapeClientsPerNode sets the maximum number of scrape clients per node. Must be between 1 and 1024.

Type: integer

Default: 60

Minimum: 60

Maximum: 600

ScrapeIntervalSeconds sets the scrape interval in seconds. Must be between 60 and 600.

Type: object

Default: {}

AutoCompaction allows the configuration of auto-compaction, including on what conditions disk space is reclaimed and when it is allowed to run. Cluster level settings will be used as the default when creating new buckets and any changes to the settings will be applied to all existing buckets that have not had their auto-compaction settings individually modified.

Type: object

Default: {}

DatabaseFragmentationThreshold defines the default database fragmentation level to determine the point when compaction is triggered for buckets with a couchstore storage backend.

Type: integer

Default: 30

Minimum: 2

Maximum: 100

Percent is the percentage of disk fragmentation after which to decompaction will be triggered. This field must be in the range 2-100, defaulting to 30.

Type: string

Pattern (Regular Expression): ^(\+|-)?[0-9]+(\.[0-9]*)?)|(\.[0-9]+[KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]\*)?)|(\.[0-9]+))?$

Size is the amount of disk framentation, that once exceeded, will trigger decompaction. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes.

Type: integer

Minimum: 10

Maximum: 100

MagmaFragmentationThresholdPercentage defines the default database fragmentation level to determine point when database compaction is triggered for buckets with a magma storage backend. This field must be in the range 10-100. This field is ignored for Couchstore buckets.

Type: boolean

ParallelCompaction controls whether database and view compactions can happen in parallel.

Type: object

TimeWindow allows restriction of when compaction can occur.

Type: boolean

AbortCompactionOutsideWindow stops compaction processes when the process moves outside the window, defaulting to false.

Type: string

Pattern (Regular Expression): ^(2[0-3]|[01]?[0-9]):([0-5]?[0-9])$

End is a wallclock time, in the form HH:MM, when a compaction should stop.

Type: string

Pattern (Regular Expression): ^(2[0-3]|[01]?[0-9]):([0-5]?[0-9])$

Start is a wallclock time, in the form HH:MM, when a compaction is permitted to start.

Type: string

Default: 72h

TombstonePurgeInterval controls how long to wait before purging tombstones. This field must be in the range 1h-1440h, defaulting to 72h. More info: https://golang.org/pkg/time/#ParseDuration.

Type: object

Default: {}

ViewFragmentationThreshold defines triggers for when view compaction should start.

Type: integer

Default: 30

Minimum: 2

Maximum: 100

Percent is the percentage of disk fragmentation after which to decompaction will be triggered. This field must be in the range 2-100, defaulting to 30.

Type: string

Pattern (Regular Expression): ^(\+|-)?[0-9]+(\.[0-9]*)?)|(\.[0-9]+[KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]\*)?)|(\.[0-9]+))?$

Size is the amount of disk framentation, that once exceeded, will trigger decompaction. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes.

Type: integer

Default: 1

Minimum: 1

AutoFailoverMaxCount is the maximum number of automatic failovers Couchbase server will allow before not allowing any more. This field must be between 1-3 for server versions prior to 7.1.0 default is 1.

Type: boolean

AutoFailoverOnDataDiskIssues defines whether Couchbase server should failover a pod if a disk issue was detected.

Type: string

Default: 120s

AutoFailoverOnDataDiskIssuesTimePeriod defines how long to wait for transient errors before failing over a faulty disk. This field must be in the range 5-3600s, defaulting to 120s. More info: https://golang.org/pkg/time/#ParseDuration.

Type: boolean

AutoFailoverServerGroup whether to enable failing over a server group. This field is ignored in server versions 7.1+ as it has been removed from the Couchbase API.

Type: string

Default: 120s

AutoFailoverTimeout defines how long Couchbase server will wait between a pod being witnessed as down, until when it will failover the pod. Couchbase server will only failover pods if it deems it safe to do so, and not result in data loss. This field must be in the range 5-3600s, defaulting to 120s. More info: https://golang.org/pkg/time/#ParseDuration.

Type: string

ClusterName defines the name of the cluster, as displayed in the Couchbase UI. By default, the cluster name is that specified in the CouchbaseCluster resource’s metadata.

Type: object

Data allows the data service to be configured.

Type: integer

Minimum: 1

Maximum: 64

AuxIOThreads allows the number of threads used by the data service, per pod, to be altered. This indicates the number of threads that are to be used in the AuxIO thread pool to run auxiliary I/O tasks. This value must be between 1 and 64 threads and is only supported on CB versions 7.1.0+. and should only be increased where there are sufficient CPU resources allocated for their use. If not specified, this defaults to the default value set by Couchbase Server.

Type: object

DiskUsageLimit allows a threshold to be set to limit the amount of disk space that can be used by buckets. If the disk usage limit is reached, Couchbase server will prevent data writes to buckets. Setting this value reserves disk space for recovery operations like performing rebalances to add a new node. This field is only supported on Couchbase server versions 8.0 and later.

Type: boolean

Default: False

Enabled specifies whether the disk usage limit is enabled, defaulting to false.

Type: integer

Default: 85

Minimum: 1

Maximum: 100

Percent is the percentage of disk space that can be used before bucket writes are prevented. This field must be in the range 1-100, defaulting to 85.

Type: integer

Default: 0

Minimum: 0

Maximum: 3

MinReplicasCount allows the minimum number of replicas required for buckets to be set. New buckets cannot be created with less than this minimum. This field must be between 0 and 3, defaulting to 0.

Type: integer

Minimum: 1

Maximum: 64

NonIOThreads allows the number of threads used by the data service, per pod, to be altered. This indicates the number of threads that are to be used in the NonIO thread pool to run in memory tasks. This value must be between 1 and 64 threads and is only supported on CB versions 7.1.0+. and should only be increased where there are sufficient CPU resources allocated for their use. If not specified, this defaults to the default value set by Couchbase Server.

Type: integer or string

ReaderThreads allows the number of threads used by the data service, per pod, to be altered. This can either be fixed to a number between 1 and 64, or to one of default(pre 8.0.0) / balanced(post 8.0.0) or disk_io_optimized. For server versions below 7.1.0, the minimum fixed value is 4. Increasing the fixed value should only be done where there are sufficient CPU resources. When using the default/balanced and disk_io_optimized options, CB server will automatically determine the number of threads to use. If not specified, this defaults to default/balanced.

Type: integer

TCPKeepAliveIdle is the number of seconds before the first TCP probe is sent. This field is only supported on Couchbase server versions 8.0.0 and later.

Type: integer

TCPKeepAliveInterval is the number of seconds between TCP probes. This field is only supported on Couchbase server versions 8.0.0 and later.

Type: integer

TCPKeepAliveProbes is the number of TCP probes missing before the connection is considered dead. This field is only supported on Couchbase server versions 8.0.0 and later.

Type: integer

TCPUserTimeout is the number of seconds data is stuck in the send buffer before the connection gets torn down. This field is only supported on Couchbase server versions 8.0.0 and later.

Type: integer or string

WriterThreads allows the number of threads used by the data service, per pod, to be altered. This can either be fixed to a number between 1 and 64, or to one of "default" (pre 8.0.0) / "balanced" (post 8.0.0) or "disk_io_optimized". For server versions below 7.1.0, the minimum fixed value is 4. Increasing the fixed value should only be done where there are sufficient CPU resources. When using the default/balanced and disk_io_optimized options, CB server will automatically determine the number of threads to use. If not specified, this defaults to default/balanced.

Type: string

Default: 256Mi

Pattern (Regular Expression): ^(\+|-)?[0-9]+(\.[0-9]*)?)|(\.[0-9]+[KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]\*)?)|(\.[0-9]+))?$

DataServiceMemQuota is the amount of memory that should be allocated to the data service. This value is per-pod, and only applicable to pods belonging to server classes running the data service. This field must be a quantity greater than or equal to 256Mi. This field defaults to 256Mi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes.

Type: string

Default: 256Mi

Pattern (Regular Expression): ^(\+|-)?[0-9]+(\.[0-9]*)?)|(\.[0-9]+[KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]\*)?)|(\.[0-9]+))?$

EventingServiceMemQuota is the amount of memory that should be allocated to the eventing service. This value is per-pod, and only applicable to pods belonging to server classes running the eventing service. This field must be a quantity greater than or equal to 256Mi. This field defaults to 256Mi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes.

Type: string

Default: 256Mi

Pattern (Regular Expression): ^(\+|-)?[0-9]+(\.[0-9]*)?)|(\.[0-9]+[KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]\*)?)|(\.[0-9]+))?$

IndexServiceMemQuota is the amount of memory that should be allocated to the index service. This value is per-pod, and only applicable to pods belonging to server classes running the index service. This field must be a quantity greater than or equal to 256Mi. This field defaults to 256Mi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes.

Type: string

Default: memory_optimized

Enumerations: memory_optimized, plasma

DEPRECATED - by indexer.

The index storage mode to use for secondary indexing. This field must be one of "memory_optimized" or "plasma", defaulting to "memory_optimized". This field is immutable and cannot be changed unless there are no server classes running the index service in the cluster.

Type: object

Indexer allows the indexer to be configured.

Type: boolean

Default: False

DeferBuild allows the indexer to defer building indexes. This field is only supported on CB versions 8.0.0+.

Type: boolean

Default: False

EnablePageBloomFilter gives Couchbase Server guidance whether bloom filters should be used when item lookups occur. These help to indicate during a lookup that an item is not on disk, and therefore prevent unnecessary on-disk searches. This field is only supported on CB versions 7.1.0+.

Type: boolean

Default: False

EnableShardAffinity when false Index Servers rebuild any index that are newly assigned to them during a rebalance. When set to true, Couchbase Server moves a reassigned index’s files between Index Servers. This field is only supported on CB versions 7.6.0+.

Type: string

Default: info

Enumerations: silent, fatal, error, warn, info, verbose, timing, debug, trace

LogLevel controls the verbosity of indexer logs. This field must be one of "silent", "fatal", "error", "warn", "info", "verbose", "timing", "debug" or "trace", defaulting to "info".

Type: integer

Default: 2

Minimum: 1

MaxRollbackPoints controls the number of checkpoints that can be rolled back to. The default is 2, with a minimum of 1.

Type: string

Default: 200ms

MemorySnapshotInterval controls when memory indexes should be snapshotted. This defaults to 200ms, and must be greater than or equal to 1ms.

Type: integer

Default: 0

Minimum: 0

Maximum: 16

NumberOfReplica specifies number of secondary index replicas to be created by the Index Service whenever CREATE INDEX is invoked, which ensures high availability and high performance. Note, if nodes and num_replica are both specified in the WITH clause, the specified number of nodes must be one greater than num_replica This field must be between 0 and 16, defaulting to 0, which means no index replicas to be created by default.

Type: boolean

Default: False

RedistributeIndexes when true, Couchbase Server redistributes indexes when rebalance occurs, in order to optimize performance. If false (the default), such redistribution does not occur.

Type: string

Default: 5s

StableSnapshotInterval controls when disk indexes should be snapshotted. This defaults to 5s, and must be greater than or equal to 1ms.

Type: string

Default: memory_optimized

Enumerations: memory_optimized, plasma

StorageMode controls the underlying storage engine for indexes. Once set it can only be modified if there are no nodes in the cluster running the index service. The field must be one of "memory_optimized" or "plasma", defaulting to "memory_optimized".

Type: integer

Minimum: 0

Threads controls the number of processor threads to use for indexing. A value of 0 means 1 per CPU. This attribute must be greater than or equal to 0, defaulting to 0.

Type: object

Query allows the query service to be configured.

Type: boolean

Default: True

BackfillEnabled allows the query service to backfill.

Required

Type: boolean

Default: True

CBOEnabled specifies whether the cost-based optimizer is enabled. Defaults to true.

Required

Type: boolean

Default: True

CleanupClientAttemptsEnabled specifies whether the Query service preferentially aims to clean up just transactions that it has created, leaving transactions for the distributed cleanup process only when it is forced to. Defaults to true.

Required

Type: boolean

Default: True

CleanupLostAttemptsEnabled specifies the Query service takes part in the distributed cleanup process, and cleans up expired transactions created by any client. Defaults to true.

Required

Type: string

Default: 60s

CleanupWindow specifies how frequently the Query service checks its subset of active transaction records for cleanup. Defaults to 60s.

Required

Type: integer

Default: 4000

CompletedLimit sets the number of requests to be logged in the completed requests catalog. As new completed requests are added, old ones are removed.

Required

Type: string

Default: 262144

Pattern (Regular Expression): ^(\+|-)?[0-9]+(\.[0-9]*)?)|(\.[0-9]+[KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]\*)?)|(\.[0-9]+))?$

CompletedMaxPlanSize limits the size of query execution plans that can be logged in the completed requests catalog. Queries with plans larger than this are not logged. This field is only supported on CB versions 7.6.0+. Defaults to 262144, maximum value is 20840448, and minimum value is 0.

Type: integer

Minimum: 0

CompletedStreamSize controls how much data about completed N1QL queries is saved to disk for analysis. When set to a value greater than 0 (measured in MiB), Couchbase saves information about completed queries to GZIP-compressed files with prefix local_request_log. This field is only supported on CB versions 8.0.0+. Defaults to 0 (disabled), minimum value is 0.

Type: string

Default: 1s

CompletedThreshold sets the minimum request duration after which requests are added to the completed requests catalog. This field accepts a duration string (e.g. "1s", "500ms") which is converted to milliseconds internally. Valid values are "-1" (disable logging), "0" (log all requests), or a positive duration. The maximum value is 2147483647ms (approximately 24.8 days). This field defaults to 1s.

Type: boolean

DEPRECATED - by spec.cluster.query.completedThreshold.

Set completedThreshold to "0" to log all requests. CompletedTrackingAllRequests allows all requests to be tracked regardless of their time. This field requires completedTrackingEnabled to be true.

Type: boolean

DEPRECATED - by spec.cluster.query.completedThreshold.

Set completedThreshold to "-1" to disable request tracking. CompletedTrackingEnabled allows completed requests to be tracked in the requests catalog.

Type: string

DEPRECATED - by spec.cluster.query.completedThreshold.

CompletedTrackingThreshold is a trigger for queries to be logged in the completed requests catalog. All completed queries lasting longer than this threshold are logged in the completed requests catalog. This field requires completedTrackingEnabled to be set to true and completedTrackingAllRequests to be false to have any effect.

Type: string

Default: info

Enumerations: debug, trace, info, warn, error, severe, none

LogLevel controls the verbosity of query logs. This field must be one of "debug", "trace", "info", "warn", "error", "severe", or "none", defaulting to "info".

Required

Type: integer

Default: 1

MaxParallelism specifies the maximum parallelism for queries on all Query nodes in the cluster. If the value is zero, negative, or larger than the number of allowed cored the maximum parallelism is restricted to the number of allowed cores. Defaults to 1.

Type: string

Default: 0

Pattern (Regular Expression): ^(\+|-)?[0-9]+(\.[0-9]*)?)|(\.[0-9]+[KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]\*)?)|(\.[0-9]+))?$

MemoryQuota specifies the maximum amount of memory a request may use on any Query node in the cluster. This parameter enforces a ceiling on the memory used for the tracked documents required for processing a request. It does not take into account any other memory that might be used to process a request, such as the stack, the operators, or some intermediate values. Defaults to 0.

Required

Type: integer

Default: 67

Minimum: 0

Maximum: 100

NodeQuotaValPercent sets the percentage of the useReplica that is dedicated to tracked value content memory across all active requests for every Query node in the cluster. This field is only supported on CB versions 7.6.0+. Defaults to 67.

Required

Type: integer

Default: 1024

Minimum: 1

NumActiveTransactionRecords specifies the total number of active transaction records for all Query nodes in the cluster. Default to 1024 and has a minimum of 1.

Required

Type: integer

Default: 0

Minimum: 0

NumCpus is the number of CPUs the Query service can use on any Query node in the cluster. When set to 0 (the default), the Query service can use all available CPUs, up to the limits described below. The number of CPUs can never be greater than the number of logical CPUs. In Community Edition, the number of allowed CPUs cannot be greater than 4. In Enterprise Edition, there is no limit to the number of allowed CPUs. This field is only supported on CB versions 7.6.0+. NOTE: This change requires a restart of the Query service to take effect which can be done by rescheduling nodes that are running the query service. Defaults to 0.

Required

Type: integer

Default: 16

PipelineBatch controls the number of items execution operators can batch for Fetch from the KV. Defaults to 16.

Required

Type: integer

Default: 512

PipelineCap controls the maximum number of items each execution operator can buffer between various operators. Defaults to 512.

Required

Type: integer

Default: 16384

PreparedLimit is the maximum number of prepared statements in the cache. When this cache reaches the limit, the least recently used prepared statements will be discarded as new prepared statements are created.

Required

Type: integer

Default: 512

ScapCan sets the maximum buffered channel size between the indexer client and the query service for index scans. Defaults to 512.

Type: string

Default: 5Gi

Pattern (Regular Expression): ^(\+|-)?[0-9]+(\.[0-9]*)?)|(\.[0-9]+[KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]\*)?)|(\.[0-9]+))?$

TemporarySpace allows the temporary storage used by the query service backfill, per-pod, to be modified. This field requires backfillEnabled to be set to true in order to have any effect. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes.

Type: boolean

TemporarySpaceUnlimited allows the temporary storage used by the query service backfill, per-pod, to be unconstrained. This field requires backfillEnabled to be set to true in order to have any effect. This field overrides temporarySpace.

Type: string

Timeout is the maximum time to spend on the request before timing out. If this field is not set then there will be no timeout.

Type: string

Default: 0ms

TxTimeout is the maximum time to spend on a transaction before timing out. This setting only applies to requests containing the BEGIN TRANSACTION statement, or to requests where the tximplicit parameter is set. For all other requests, it is ignored. Defaults to 0ms (no timeout).

Type: boolean

UseReplica specifies whether a query can fetch data from a replica vBucket if active vBuckets are inaccessible. If set to true then read from replica is enabled for all queries, but can be disabled at request level. If set to false read from replica is disabled for all queries and cannot be overridden at request level. If this field is unset then it is enabled/disabled at the request level. This field is only supported on CB versions 7.6.0+.

Type: string

Pattern (Regular Expression): ^(\+|-)?[0-9]+(\.[0-9]*)?)|(\.[0-9]+[KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]\*)?)|(\.[0-9]+))?$

QueryServiceMemQuota is used when the spec.autoResourceAllocation feature is enabled, and is used to define the amount of memory reserved by the query service for use with Kubernetes resource scheduling. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes In CB Server 7.6.0+ QueryServiceMemQuota also sets a soft memory limit for every Query node in the cluster. The garbage collector tries to keep below this target. It is not a hard, absolute limit, and memory usage may exceed this value.

Type: string

Default: 256Mi

Pattern (Regular Expression): ^(\+|-)?[0-9]+(\.[0-9]*)?)|(\.[0-9]+[KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]\*)?)|(\.[0-9]+))?$

SearchServiceMemQuota is the amount of memory that should be allocated to the search service. This value is per-pod, and only applicable to pods belonging to server classes running the search service. This field must be a quantity greater than or equal to 256Mi. This field defaults to 256Mi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes.

Type: boolean

EnableOnlineVolumeExpansion enables online expansion of Persistent Volumes. You can only expand a PVC if its storage class’s "allowVolumeExpansion" field is set to true. Additionally, Kubernetes feature "ExpandInUsePersistentVolumes" must be enabled in order to expand the volumes which are actively bound to Pods. Volumes can only be expanded and not reduced to a smaller size. See: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#resizing-an-in-use-persistentvolumeclaim

If "EnableOnlineVolumeExpansion" is enabled for use within an environment that does not actually support online volume and file system expansion then the cluster will fallback to rolling upgrade procedure to create a new set of Pods for use with resized Volumes. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#expanding-persistent-volumes-claims.

Type: boolean

DEPRECATED - This option only exists for backwards compatibility and no longer restricts autoscaling to ephemeral services.

EnablePreviewScaling enables autoscaling for stateful services and buckets.

Type: boolean

EnvImagePrecedence gives precedence over the default container image name in spec.Image to an image name provided through Operator environment variables. For more info on using Operator environment variables: https://docs.couchbase.com/operator/current/reference-operator-configuration.html.

Type: boolean

Hibernate is whether to hibernate the cluster.

Type: string

Enumerations: Immediate

HibernationStrategy defines how to hibernate the cluster. When Immediate the Operator will immediately delete all pods and take no further action until the hibernate field is set to false.

Required

Type: string

Pattern (Regular Expression): ^(.*?(:\d+)?/)?.\*?/.*?(:.\*?\d+\.\d+\.\d+.\*|@sha256:[0-9a-f]{64})$

Image is the container image name that will be used to launch Couchbase server instances. Updating this field will cause an automatic upgrade of the cluster. Explicitly specifying the image for a server class will override this value for the server class.

Type: object

Logging defines Operator logging options.

Type: object

Used to manage the audit configuration directly.

Type: []integer

The list of event ids to disable for auditing purposes. This is passed to the REST API with no verification by the operator. Refer to the documentation for details: https://docs.couchbase.com/server/current/audit-event-reference/audit-event-reference.html.

Type: []string

Pattern (Regular Expression): ^.+/(local|external)$

The list of users to ignore for auditing purposes. This is passed to the REST API with minimal validation it meets an acceptable regex pattern. Refer to the documentation for full details on how to configure this: https://docs.couchbase.com/server/current/manage/manage-security/manage-auditing.html#ignoring-events-by-user.

Type: boolean

Enabled is a boolean that enables the audit capabilities.

Type: object

Handle all optional garbage collection (GC) configuration for the audit functionality. This is not part of the audit REST API, it is intended to handle GC automatically for the audit logs. By default the Couchbase Server rotates the audit logs but does not clean up the rotated logs. This is left as an operation for the cluster administrator to manage, the operator allows for us to automate this: https://docs.couchbase.com/server/current/manage/manage-security/manage-auditing.html.

Type: object

DEPRECATED - by spec.logging.audit.rotation for Couchbase Server 7.2.4+ Provide the sidecar configuration required (if so desired) to automatically clean up audit logs.

Type: string

Default: 1h

The minimum age of rotated log files to remove, defaults to one hour.

Type: boolean

Enable this sidecar by setting to true, defaults to being disabled.

Type: string

Default: busybox:1.33.1

Image is the image to be used to run the audit sidecar helper. No validation is carried out as this can be any arbitrary repo and tag.

Type: string

Default: 20m

The interval at which to check for rotated log files to remove, defaults to 20 minutes.

Type: object

Resources is the resource requirements for the cleanup container. Will be populated by Kubernetes defaults if not specified.

Type: object

The interval to optionally rotate the audit log. This is passed to the REST API, see here for details: https://docs.couchbase.com/server/current/manage/manage-security/manage-auditing.html.

Type: string

Default: 15m

The interval at which to rotate log files, defaults to 15 minutes.

Type: string

Default: 0

How long Couchbase Server keeps rotated audit logs. If set to 0 (the default) then audit logs won’t be pruned. Has a maximum of 35791394 seconds.

Type: string

Default: 20Mi

Pattern (Regular Expression): ^(\+|-)?[0-9]+(\.[0-9]*)?)|(\.[0-9]+[KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]\*)?)|(\.[0-9]+))?$

Size allows the specification of a rotation size for the log, defaults to 20Mi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes.

Type: integer

Minimum: 0

LogRetentionCount gives the number of persistent log PVCs to keep.

Type: string

Pattern (Regular Expression): ^\d+(ns|us|ms|s|m|h)$

LogRetentionTime gives the time to keep persistent log PVCs alive for.

Type: object

Specification of all logging configuration required to manage the sidecar containers in each pod.

Type: string

Default: fluent-bit-config

ConfigurationName is the name of the Secret to use holding the logging configuration in the namespace. A Secret is used to ensure we can safely store credentials but this can be populated from plaintext if acceptable too. If it does not exist then one will be created with defaults in the namespace so it can be easily updated whilst running. Note that if running multiple clusters in the same kubernetes namespace then you should use a separate Secret for each, otherwise the first cluster will take ownership (if created) and the Secret will be cleaned up when that cluster is removed. If running clusters in separate namespaces then they will be separate Secrets anyway.

Type: boolean

Enabled is a boolean that enables the logging sidecar container.

Type: boolean

Default: True

A boolean which indicates whether the operator should manage the configuration or not. If omitted then this defaults to true which means the operator will attempt to reconcile it to default values. To use a custom configuration make sure to set this to false. Note that the ownership of any Secret is not changed so if a Secret is created externally it can be updated by the operator but it’s ownership stays the same so it will be cleaned up when it’s owner is.

Type: object

Default: {}

Any specific logging sidecar container configuration.

Type: string

Default: /fluent-bit/config/

ConfigurationMountPath is the location to mount the ConfigurationName Secret into the image. If another log shipping image is used that needs a different mount then modify this. Note that the configuration file must be called 'fluent-bit.conf' at the root of this path, there is no provision for overriding the name of the config file passed as the COUCHBASE_LOGS_CONFIG_FILE environment variable.

Type: string

Default: couchbase/fluent-bit:1.2.9

Image is the image to be used to deal with logging as a sidecar. No validation is carried out as this can be any arbitrary repo and tag. It will default to the latest supported version of Fluent Bit.

Type: object

Resources is the resource requirements for the sidecar container. Will be populated by Kubernetes defaults if not specified.

Type: object

TLS configures mounting kubernetes TLS secrets into the logging sidecar. The operator will (in a later release) mount each secret under <mountPath>/<secretName>/ and the files within the secret will retain their keys as filenames. This field is accepted by the CRD but not currently implemented. Functionality (mounting) is planned for Operator version 2.9.1.

Type: string

Default: /fluent-bit/certs/

MountPath is the parent directory into which each secret will be mounted as a sub-directory named after the secret. For example, a secret named fluent-bit-ca mounted with MountPath /fluent-bit/certs/ will expose files under /fluent-bit/certs/fluent-bit-ca/.

Type: []string

SecretNames is the list of Kubernetes Secret names (typically of type kubernetes.io/tls) to mount into the sidecar. Filenames inside each mounted directory will match the keys in the Secret’s data map.

Type: object

Migration defines the specification for a CouchbaseCluster assimilation of an unmanaged cluster to a managed Kubernetes cluster.

Type: integer

Default: 1

Minimum: 1

MaxConcurrentMigrations is the maximum number of nodes migrations the operator will run concurrently.

Type: object

MigrationOrderOverride defines the strategy for migration order. If not set then the operator will choose nodes at random.

Type: string

Enumerations: ByServerGroup, ByServerClass, ByNode

MigrationOrderOverrideStrategy defines the strategy for migration order. When not set, the operator will choose nodes at random. When ByServerGroup is set, the operator will migrate nodes in the order of the server groups defined in spec.migration.migrationOrderOverride.serverGroupOrder. If spec.migration.migrationOrderOverride.serverGroupOrder is not set, the operator will migrate the server groups in alphabetical order. When ByServerClass is set, the operator will migrate nodes in the order of the server classes defined in spec.migration.migrationOrderOverride.serverClassOrder. If spec.migration.migrationOrderOverride.serverClassOrder is not set, the operator will migrate the server classes in the order of the server classes defined in spec.servers. When ByNode is set, the operator will migrate nodes in the order of the nodes defined in spec.migration.migrationOrderOverride.nodeOrder. If spec.migration.migrationOrderOverride.nodeOrder is not set, the operator will migrate the nodes in alphabetical order.

Type: []string

NodeOrder defines the order of nodes for migration.

Type: []string

ServerClassOrder defines the order of server classes for migration.

Type: []string

ServerGroupOrder defines the order of server groups for migration.

Type: integer

NumUnmanagedNodes is the number of nodes the operator will leave in the cluster unmigrated. This is useful for controlling how much of the cluster to migrate over at a time. If not specified the operator will migrate all nodes. e.g. if the unmanaged cluster has 10 nodes and NumUnmanagedNodes is set to 2, then the operator will migrate 8 nodes to Kubernetes and leave 2 nodes.

Type: string

StabilizationPeriod is the time the operator will wait after a migration before starting the next migration. If not specified the operator will start the next migration immediately.

Type: string

Pattern (Regular Expression): ^((([a-zA-Z0-9](-?[a-zA-Z0-9])\*)\.)+[a-zA-Z]{2,})|((25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2})\.){3}(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2})|(([0-9A-Fa-f]{1,4}:){1,7}[0-9A-Fa-f]{1,4})$

UnmanagedClusterHost is a host of the unmanaged Couchbase cluster to be migrated. This is the host that the operator will connect to to start the migration process.

Type: object

MirWatchdog runs a series of out-of-band checks on the cluster outside the reconciliation loop to detect conditions that require manual intervention by a user. These checks include but are not limited to cluster login authentication failures, multiple consecutive rebalance failures, down nodes that cannot be recovered, and TLS certificate expiration. When enabled, if the operator detects that manual intervention is needed in order to continue to reconcile the cluster, it will add a cluster condition, emit a Kubernetes Event, and increment a gauge metric to support external alerting. Once the operator determines that manual intervention is no longer needed, it will clear the cluster condition, emit a Kubernetes Event, and decrement the gauge metric. By default this is disabled. DEVELOPER_PREVIEW: This feature is in developer preview and should not be used in production clusters.

Type: boolean

Enabled controls whether the additional out-of-band checks are enabled for the cluster. This defaults to false. DEVELOPER_PREVIEW: This feature is in developer preview and should not be used in production clusters.

Type: string

Interval controls the interval at which the additional out-of-band checks will be performed. The default interval is 20 seconds. DEVELOPER_PREVIEW: This feature is in developer preview and should not be used in production clusters.

Type: boolean

SkipReconciliation controls whether the operator will skip reconciliation when we are in the ManualInterventionRequired state and this condition is set. Once we leave the state the operator will resume reconciliation. This defaults to false and should only be used when additional alerting is in place. DEVELOPER_PREVIEW: This feature is in developer preview and should not be used in production clusters.

Type: object

DEPRECATED - By Couchbase Server metrics endpoint on version 7.0+ Monitoring defines any Operator managed integration into 3rd party monitoring infrastructure.

Type: object

DEPRECATED - By Couchbase Server metrics endpoint on version 7.0+ Prometheus provides integration with Prometheus monitoring.

Type: string

AuthorizationSecret is the name of a Kubernetes secret that contains a bearer token to authorize GET requests to the metrics endpoint.

Type: boolean

Enabled is a boolean that enables/disables the metrics sidecar container. This must be set to true, when image is provided.

Required

Type: string

Image is the metrics image to be used to collect metrics. No validation is carried out as this can be any arbitrary repo and tag. enabled must be set to true, when image is provided.

Type: integer

Default: 60

Minimum: 1

Maximum: 600

RefreshRate is the frequency in which cached statistics are updated in seconds. Shorter intervals will add additional resource overhead to clusters running Couchbase Server 7.0+ Default is 60 seconds, Maximum value is 600 seconds, and minimum value is 1 second.

Type: object

Resources is the resource requirements for the metrics container. Will be populated by Kubernetes defaults if not specified.

Type: object

Networking defines Couchbase cluster networking options such as network topology, TLS and DDNS settings.

Type: string

Enumerations: IPv4, IPv6, IPv4Priority, IPv6Priority, IPv6Only, IPv4Only

AddressFamily allows the manual selection of the address family to use. Setting this field to either IPv4Only or IPv6Only will exclusively use that address family. Setting this field to IPv4Priority or IPv6Priority will allow dual stack networking with the given address family being prioritised. When this field is not set, Couchbase server will default to using IPv4 for internal communication and also support IPv6 on dual stack systems. This is only supported in Couchbase Server 7.0.2+.

Type: object

AdminConsoleServiceTemplate provides a template used by the Operator to create and manage the admin console service. This allows services to be annotated, the service type defined and any other options that Kubernetes provides. When using a LoadBalancer service type, TLS and dynamic DNS must also be enabled. The Operator reserves the right to modify or replace any field. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#service-v1-core.

Type: string

Default: NodePort

Enumerations: NodePort, LoadBalancer

DEPRECATED - by adminConsoleServiceTemplate.

AdminConsoleServiceType defines whether to create a node port or load balancer service. When using a LoadBalancer service type, TLS and dynamic DNS must also be enabled. This field must be one of "NodePort" or "LoadBalancer", defaulting to "NodePort".

Type: []string

Enumerations: admin, data, index, query, search, eventing, analytics

DEPRECATED - not required by Couchbase Server.

AdminConsoleServices is a selector to choose specific services to expose via the admin console. This field may contain any of "data", "index", "query", "search", "eventing" and "analytics". Each service may only be included once.

Type: boolean

Default: False

AllowExternallyUnreachablePods is used to allow new pods to be rebalanced into the cluster regardless of whether the external DNS is reachable or not. If this is set to true, pods for which the DNS has not yet propagated will be balanced into the cluster and marked as ready once the WaitForAddressReachableDelay has elapsed. The external DNS will continue to be checked for reachability during each reconciliation loop and the couchbase node will not have it’s alternate addresses updated until it is reachable.

Type: object

CloudNativeGateway is used to provision a gRPC gateway proxying a Couchbase cluster.

Required

Type: string

Image is the Cloud Native Gateway image to be used to run the sidecar container. No validation is carried out as this can be any arbitrary repo and tag.

Required

Type: string

Default: info

Enumerations: fatal, panic, dpanic, error, warn, info, debug

DEVELOPER PREVIEW - This feature is in developer preview.

LogLevel controls the verbosity of cloud native logs. This field must be one of "fatal", "panic", "dpanic", "error", "warn", "info", "debug" defaulting to "info".

Type: object

ServiceTemplate can be used to provice a template used by the Operator when creating the CNG service. This allows services to be annotated, the service type defined and any other options that Kubernetes provides. The Operator reserves the right to modify or replace any field. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#service-v1-core.

Type: integer

Default: 75

TerminationGracePeriodSeconds specifies the grace period for the container to terminate. Defaults to 75 seconds.

Type: object

TLS defines the TLS configuration for the Cloud Native Gateway server including server and client certificate configuration, and TLS security policies. If no TLS config are explicitly provided, the operator generates/manages self-signed certs/keys and creates a k8s secret named couchbase-cloud-native-gateway-self-signed-secret-<cluster-name> unique to a Couchbase cluster, which is volume mounted to the cb k8s pod. This action could be overidden at the outset or later, by using the below TLS config or generating the secret of same name as couchbase-cloud-native-gateway-self-signed-secret-<cluster-name> with certificates conforming to the keys of well-known type "kubernetes.io/tls" with "tls.crt" and "tls.key". N.B. The secret is on per cluster basis so it’s advised to use the unique cluster name else would be ignored.

Type: string

ServerSecretName specifies the secret name, in the same namespace as the cluster, that contains Cloud Native Gateway gRPC server TLS data. The secret is expected to contain "tls.crt" and "tls.key" as per the kubernetes.io/tls secret type.

Type: boolean

DisableUIOverHTTP is used to explicitly enable and disable UI access over the HTTP protocol. If not specified, this field defaults to false.

Type: boolean

DisableUIOverHTTPS is used to explicitly enable and disable UI access over the HTTPS protocol. If not specified, this field defaults to false.

Type: object

DNS defines information required for Dynamic DNS support.

Type: string

Domain is the domain to create pods in. When populated the Operator will annotate the admin console and per-pod services with the key "external-dns.alpha.kubernetes.io/hostname". These annotations can be used directly by a Kubernetes External-DNS controller to replicate load balancer service IP addresses into a public DNS server.

Type: boolean

ExposeAdminConsole creates a service referencing the admin console. The service is configured by the adminConsoleServiceTemplate field.

Type: object

ExposedFeatureServiceTemplate provides a template used by the Operator to create and manage per-pod services. This allows services to be annotated, the service type defined and any other options that Kubernetes provides. When using a LoadBalancer service type, TLS and dynamic DNS must also be enabled. The Operator reserves the right to modify or replace any field. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#service-v1-core.

Type: string

Default: NodePort

Enumerations: NodePort, LoadBalancer

DEPRECATED - by exposedFeatureServiceTemplate.

ExposedFeatureServiceType defines whether to create a node port or load balancer service. When using a LoadBalancer service type, TLS and dynamic DNS must also be enabled. This field must be one of "NodePort" or "LoadBalancer", defaulting to "NodePort".

Type: string

Enumerations: Cluster, Local

DEPRECATED - by exposedFeatureServiceTemplate.

ExposedFeatureTrafficPolicy defines how packets should be routed from a load balancer service to a Couchbase pod. When local, traffic is routed directly to the pod. When cluster, traffic is routed to any node, then forwarded on. While cluster routing may be slower, there are some situations where it is required for connectivity. This field must be either "Cluster" or "Local", defaulting to "Local",.

Type: []string

Enumerations: admin, xdcr, client, backup, external-cluster-connection

ExposedFeatures is a list of Couchbase features to expose when using a networking model that exposes the Couchbase cluster externally to Kubernetes. This field also triggers the creation of per-pod services used by clients to connect to the Couchbase cluster. When admin, only the administrator port is exposed, allowing remote administration. When xdcr, only the services required for remote replication are exposed. The xdcr feature is only required when the cluster is the destination of an XDCR replication. When client, all services are exposed as required for client SDK operation. This field may contain any of "admin", "xdcr" and "client". Each feature may only be included once.

Type: boolean

ImprovedHostNetwork is used to set the alternate address of the pod to the node name.

Type: boolean

Default: False

InitPodsWithNodeHostname is used to set the hostname of the pod to the node name.

Type: []string

Pattern (Regular Expression): ^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/\d{1,2}$

DEPRECATED - by adminConsoleServiceTemplate and exposedFeatureServiceTemplate.

LoadBalancerSourceRanges applies only when an exposed service is of type LoadBalancer and limits the source IP ranges that are allowed to use the service. Items must use IPv4 class-less interdomain routing (CIDR) notation e.g. 10.0.0.0/16.

Type: string

Enumerations: Istio

NetworkPlatform is used to enable support for various networking technologies. This field must be one of "Istio".

Type: map[string]string

DEPRECATED - by adminConsoleServiceTemplate and exposedFeatureServiceTemplate.

ServiceAnnotations allows services to be annotated with custom labels. Operator annotations are merged on top of these so have precedence as they are required for correct operation.

Type: object

TLS defines the TLS configuration for the cluster including server and client certificate configuration, and TLS security policies.

Type: boolean

Default: False

AllowPlainTextCertReload allows the reload of TLS certificates in plain text. This option should only be enabled as a means to recover connectivity with server in the event that any of the server certificates expire. When enabled the Operator only attempts plain text cert reloading when expired certificates are detected.

Type: []string

CipherSuites specifies a list of cipher suites for Couchbase server to select from when negotiating TLS handshakes with a client. Suites are not validated by the Operator. Run "openssl ciphers -v" in a Couchbase server pod to interrogate supported values.

Type: []object

ClientCertificatePaths defines where to look in client certificates in order to extract the user name.

Type: string

Delimiter if specified allows a suffix to be stripped from the username, once extracted from the certificate path.

Required

Type: string

Pattern (Regular Expression): ^subject\.cn|san\.uri|san\.dnsname|san\.email$

Path defines where in the X.509 specification to extract the username from. This field must be either "subject.cn", "san.uri", "san.dnsname" or "san.email".

Type: string

Prefix allows a prefix to be stripped from the username, once extracted from the certificate path.

Type: string

Enumerations: enable, mandatory

ClientCertificatePolicy defines the client authentication policy to use. If set, the Operator expects TLS configuration to contain a valid certificate/key pair for the Administrator account.

Type: string

Enumerations: ControlPlaneOnly, All, Strict

NodeToNodeEncryption specifies whether to encrypt data between Couchbase nodes within the same cluster. This may come at the expense of performance. When control plane only encryption is used, only cluster management traffic is encrypted between nodes. When all, all traffic is encrypted, including database documents. When strict mode is used, it is the same as all, but also disables all plaintext ports. Strict mode is only available on Couchbase Server versions 7.1 and greater. Node to node encryption can only be used when TLS certificates are managed by the Operator. This field must be either "ControlPlaneOnly", "All", or "Strict".

Type: object

PassphraseConfig configures the passphrase key to use with encrypted certificates. The passphrase may be registered with Couchbase Server using a local script or a rest endpoint. Private key encryption is only available on Couchbase Server versions 7.1 and greater.

Type: object

PassphraseRestConfig is the configuration to register a private key passphrase with a rest endpoint. When the private key is accessed, Couchbase Server attempts to extract the password by means of the specified endpoint. The response status must be 200 and the response text must be the exact passphrase excluding newlines and extraneous spaces.

Type: string

Default: inet

Enumerations: inet, inet6

AddressFamily is the address family to use. By default inet (meaning IPV4) is used.

Type: map[string]string

Headers is a map of one or more key-value pairs to pass alongside the Get request.

Type: integer

Default: 5000

Timeout is the number of milliseconds that must elapse before the call is timed out.

Required

Type: string

URL is the endpoint to be called to retrieve the passphrase. URL will be called using the GET method and may use http/https protocol.

Type: boolean

Default: True

VerifyPeer ensures peer verification is performed when Https is used.

Type: object

PassphraseScriptConfig is the configuration to register a private key passphrase with a script. The Operator auto-provisions the underlying script so this config simply provides a mechanism to perform the decryption of the Couchbase Private Key using a local script.

Required

Type: string

Secret is the secret containing the passphrase string. The secret is expected to contain "passphrase" key with the passphrase string as a value.

Type: []string

RootCAs defines a set of secrets that reside in this namespace that contain additional CA certificates that should be installed in Couchbase. The CA certificates that are defined here are in addition to those defined for the cluster, optionally by couchbaseclusters.spec.networking.tls.secretSource, and thus should not be duplicated. Each Secret referred to must be of well-known type "kubernetes.io/tls" and must contain one or more CA certificates under the key "tls.crt". Multiple root CA certificates are only supported on Couchbase Server 7.1 and greater, and not with legacy couchbaseclusters.spec.networking.tls.static configuration.

Type: object

SecretSource enables the user to specify a secret conforming to the Kubernetes TLS secret specification that is used for the Couchbase server certificate, and optionally the Operator’s client certificate, providing cert-manager compatibility without having to specify a separate root CA. A server CA certificate must be supplied by one of the provided methods. Certificates referred to must conform to the keys of well-known type "kubernetes.io/tls" with "tls.crt" and "tls.key". If the "tls.key" is an encrypted private key then the secret type can be the generic Opaque type since "kubernetes.io/tls" type secrets cannot verify encrypted keys.

Type: string

ClientSecretName specifies the secret name, in the same namespace as the cluster, the contains client TLS data. The secret is expected to contain "tls.crt" and "tls.key" as per the Kubernetes.io/tls secret type.

Required

Type: string

ServerSecretName specifies the secret name, in the same namespace as the cluster, that contains server TLS data. The secret is expected to contain "tls.crt" and "tls.key" as per the kubernetes.io/tls secret type. It may also contain "ca.crt". Only a single PEM formated x509 certificate can be provided to "ca.crt". The single certificate may also bundle together multiple root CA certificates. Multiple root CA certificates are only supported on Couchbase Server 7.1 and greater.

Type: object

DEPRECATED - by couchbaseclusters.spec.networking.tls.secretSource.

Static enables user to generate static x509 certificates and keys, put them into Kubernetes secrets, and specify them here. Static secrets are Couchbase specific, and follow no well-known standards.

Type: string

OperatorSecret is a secret name containing TLS certs used by operator to talk securely to this cluster. The secret must contain a CA certificate (data key ca.crt). If client authentication is enabled, then the secret must also contain a client certificate chain (data key "couchbase-operator.crt") and private key (data key "couchbase-operator.key").

Type: string

ServerSecret is a secret name containing TLS certs used by each Couchbase member pod for the communication between Couchbase server and its clients. The secret must contain a certificate chain (data key "chain.pem") and a private key (data key "pkey.key"). The private key must be in the PKCS#1 RSA format. The certificate chain must have a required set of X.509v3 subject alternative names for all cluster addressing modes. See the Operator TLS documentation for more information.

Type: string

Default: TLS1.2

Enumerations: TLS1.0, TLS1.1, TLS1.2, TLS1.3

TLSMinimumVersion specifies the minimum TLS version the Couchbase server can negotiate with a client. Must be one of TLS1.0, TLS1.1 TLS1.2 or TLS1.3, defaulting to TLS1.2. TLS1.3 is only valid for Couchbase Server 7.1.0 onward. TLS1.0 and TLS1.1 are not valid for Couchbase Server 7.6.0 onward.

Required

Type: boolean

Default: True

ValidateBareHostnames controls whether the operator expects bare hostname entries (like "<cluster-name>-srv") in server certificates. When false, the operator will not require bare hostname SAN entries for its internal TLS verification. Defaults to true for backward compatibility.

Type: string

Default: 10m

WaitForAddressReachable is used to set the timeout between when polling of external addresses is started, and when it is deemed a failure. Polling of DNS name availability inherently dangerous due to negative caching, so prefer the use of an initial waitForAddressReachableDelay to allow propagation. Once the timeout has elapsed, pods without a reachable alternate address that have not been balanced into the cluster will be removed. This field will not effect pods that have already been balanced into the cluster and those will continue to have their alternate address validated during each reconciliation loop until it can be reached.

Type: string

Default: 2m

WaitForAddressReachableDelay is used to defer operator checks that ensure external addresses are reachable before new nodes are balanced in to the cluster. This prevents negative DNS caching while waiting for external-DDNS controllers to propagate addresses. Pods will not be marked as ready until external addresses are reachable which at the earliest will be after this delay has elapsed.

Type: integer

Minimum: 0

Maximum: 30

OnlineVolumeExpansionTimeoutInMins must be provided as a retry mechanism with a timeout in minutes for expanding volumes. This must only be provided, if EnableOnlineVolumeExpansion is set to true. Value must be between 0 and 30. If no value is provided, then it defaults to 10 minutes.

Type: boolean

Paused is to pause the control of the operator for the Couchbase cluster. This does not pause the cluster itself, instead stopping the operator from taking any action.

Type: boolean

Default: False

PerServiceClassPDB determines whether a pod disruption budget (PDB) should be created for each service class. By default, a single PDB will be created for the cluster with a minAvailable value of one less than the total number of requested Couchbase nodes in the cluster, meaning only a single Couchbase node can be voluntarily disrupted at a time. When this field is set to true, a PDB will be created for each service class, with a minAvailable value of one less than the service class size. This allows for a more granular control over the number of Couchbase nodes that can be voluntarily disrupted at a time, such as during a Kubernetes upgrade. In order to enable this feature, the size of each service class must be at least 2 and the maximum number of Couchbase nodes that the PDB’s would allow to be disrupted at once cannot exceed 50% of the total number of Couchbase nodes requested in the cluster specification. Furthermore, the requested number of replicas for both the index and data services must remain less than the minimum number of Couchbase nodes that the server class PDB’s will cumulatively allow for.

Type: string

Enumerations: aws, gce, azure

Platform gives a hint as to what platform we are running on and how to configure services. This field must be one of "aws", "gke" or "azure".

Type: string

Enumerations: PrioritizeDataIntegrity, PrioritizeUptime

RecoveryPolicy controls how aggressive the Operator is when recovering cluster topology. When PrioritizeDataIntegrity, the Operator will delegate failover exclusively to Couchbase server, relying on it to only allow recovery when safe to do so. When PrioritizeUptime, the Operator will wait for a period after the expected auto-failover of the cluster, before forcefully failing-over the pods. This may cause data loss, and is only expected to be used on clusters with ephemeral data, where the loss of the pod means that the data is known to be unrecoverable. This field must be either "PrioritizeDataIntegrity" or "PrioritizeUptime", defaulting to "PrioritizeDataIntegrity".

Type: object

DEPRECATED - By spec.upgrade.rollingUpgrade.

When spec.upgradeStrategy is set to RollingUpgrade it will, by default, upgrade one pod at a time. If this field is specified then that number can be increased.

Type: integer

Minimum: 1

MaxUpgradable allows the number of pods affected by an upgrade at any one time to be increased. By default a rolling upgrade will upgrade one pod at a time. This field allows that limit to be removed. This field must be greater than zero. The smallest of maxUpgradable and maxUpgradablePercent takes precedence if both are defined.

Type: string

Pattern (Regular Expression): ^(100|[1-9][0-9]|[1-9])%$

MaxUpgradablePercent allows the number of pods affected by an upgrade at any one time to be increased. By default a rolling upgrade will upgrade one pod at a time. This field allows that limit to be removed. This field must be an integer percentage, e.g. "10%", in the range 1% to 100%. Percentages are relative to the total cluster size, and rounded down to the nearest whole number, with a minimum of 1. For example, a 10 pod cluster, and 25% allowed to upgrade, would yield 2.5 pods per iteration, rounded down to 2. The smallest of maxUpgradable and maxUpgradablePercent takes precedence if both are defined.

Required

Type: object

Security defines Couchbase cluster security options such as the administrator account username and password, and user RBAC settings.

Required

Type: string

AdminSecret is the name of a Kubernetes secret to use for administrator authentication. The admin secret must contain the keys "username" and "password". The password data must be at least 6 characters in length, and not contain the any of the characters ()<>,;:\"/[]?={}.

Type: object

EncryptionAtRest configures encryption at rest for the cluster. This field is only supported on Couchbase Server 8.0.0+.

Type: object

Audit is the configuration for encryption at rest for the cluster.

Required

Type: boolean

Enabled enables encryption at rest for the cluster.

Type: string

Default: 8760h

KeyLifetime is the lifetime of the encryption key. Must be greater or equal to 30 days. Default is 365 days.

Type: string

Key is the name of the encryption key to use for encryption at rest. If not provided, the operator will use the master password.

Type: string

Default: 720h

RotationInterval is the interval at which the encryption key will be rotated. Must be greater or equal to 7 days. Default is 30 days.

Required

Type: object

Default: {'enabled': True}

Configuration defines how the configurations on the cluster should be encrypted at rest.

Required

Type: boolean

Enabled enables encryption at rest for the cluster.

Type: string

Default: 8760h

KeyLifetime is the lifetime of the encryption key. Must be greater or equal to 30 days. Default is 365 days.

Type: string

Key is the name of the encryption key to use for encryption at rest. If not provided, the operator will use the master password.

Type: string

Default: 720h

RotationInterval is the interval at which the encryption key will be rotated. Must be greater or equal to 7 days. Default is 30 days.

Type: object

Log is the configuration for encryption at rest for log files. NOTE: Enabled encryption at rest of logs will break fluent-bit log streaming.

Required

Type: boolean

Enabled enables encryption at rest for the cluster.

Type: string

Default: 8760h

KeyLifetime is the lifetime of the encryption key. Must be greater or equal to 30 days. Default is 365 days.

Type: string

Key is the name of the encryption key to use for encryption at rest. If not provided, the operator will use the master password.

Type: string

Default: 720h

RotationInterval is the interval at which the encryption key will be rotated. Must be greater or equal to 7 days. Default is 30 days.

Type: boolean

Managed defines whether the operator should manage encryption at rest for the cluster. This includes encryption keys and encryption at rest settings.

Type: object

Selector is a label selector used to select the encryption keys to use.

Type: []object

matchExpressions is a list of label selector requirements. The requirements are ANDed.

Required

Type: string

key is the label key that the selector applies to.

Required

Type: string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

Type: []string

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

Type: map[string]string

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

Type: object

LDAP provides settings to authenticate and authorize LDAP users with Couchbase Server. When specified, the Operator keeps these settings in sync with Cocuhbase Server’s LDAP configuration. Leave empty to manually manage LDAP configuration.

Type: boolean

Default: True

AuthenticationEnabled allows users who attempt to access Couchbase Server without having been added as local users to be authenticated against the specified LDAP Host(s).

Type: boolean

AuthorizationEnabled allows authenticated LDAP users to be authorized with RBAC roles granted to any Couchbase Server group associated with the user.

Type: string

DN to use for searching users and groups synchronization. More info: https://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html.

Required

Type: string

BindSecret is the name of a Kubernetes secret to use containing password for LDAP user binding. The bindSecret must have a key with the name "password" and a value which corresponds to the password of the binding LDAP user.

Type: string

DEPRECATED - Field is ignored, use tlsSecret.

CA Certificate in PEM format to be used in LDAP server certificate validation. This cert is the string form of the secret provided to spec.tls.tlsSecret.

Type: integer

Default: 30000

Lifetime of values in cache in milliseconds. Default 300000 ms. More info: https://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html.

Type: string

Enumerations: None, StartTLSExtension, TLS

Encryption determines how the connection with the LDAP server should be encrypted. Encryption may set as either StartTLSExtension, TLS, or false. When set to "false" then no verification of the LDAP hostname is performed. When Encryption is StartTLSExtension, or TLS is set then the default behavior is to use the certificate already loaded into the Couchbase Cluster for certificate validation, otherwise ldap.tlsSecret may be set to override The Couchbase certificate.

Type: string

LDAP query, to get the users' groups by username in RFC4516 format. More info: https://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html.

Required

Type: []string

Minimum Items: 1

List of LDAP hosts to provide authentication-support for Couchbase Server. Host name must be a valid IP address or DNS Name e.g openldap.default.svc, 10.0.92.147.

Type: boolean

Default: True

Sets middlebox compatibility mode for LDAP. This option is only available on Couchbase Server 7.6.0+.

Type: boolean

If enabled Couchbase server will try to recursively search for groups for every discovered ldap group. groups_query will be user for the search. More info: https://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html.

Type: integer

Default: 10

Minimum: 1

Maximum: 100

Maximum number of recursive groups requests the server is allowed to perform. Requires NestedGroupsEnabled. Values between 1 and 100: the default is 10. More info: https://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html.

Required

Type: integer

Default: 389

LDAP port. This is typically 389 for LDAP, and 636 for LDAPS.

Type: boolean

Whether server certificate validation be enabled.

Type: string

TLSSecret is the name of a Kubernetes secret to use explcitly for LDAP ca cert. If TLSSecret is not provided, certificates found in couchbaseclusters.spec.networking.tls.rootCAs will be used instead. If provided, the secret must contain the ca to be used under the name "ca.crt".

Type: object

User to distinguished name (DN) mapping. If none is specified, the username is used as the user’s distinguished name. More info: https://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html.

Type: string

Query is the LDAP query to run to map from Couchbase user to LDAP distinguished name.

Type: string

This field specifies list of templates to use for providing username to DN mapping. The template may contain a placeholder specified as %u to represent the Couchbase user who is attempting to gain access.

Type: object

PasswordPolicy specifies a series of character-related requirements that must be met by all passwords whose definition occurs subsequent to the establishing of the policy. If this is updated, previously defined passwords continue to be valid, even if they do not meet the requirements specified in the new policy. If RBAC is managed, any CouchbaseUser resources which match the RBAC resource selector will be checked against this policy.

Type: boolean

EnforceDigits sets whether passwords must contain at least one digit.

Type: boolean

EnforceLowercase sets whether passwords must contain at least one lowercase letter.

Type: boolean

EnforceSpecialChars sets whether passwords must contain at least one special character. If this is set to true, the allowed special chars are limited to: @, %, +, /, ', \, ", !, #, $, ^, ?, :, ,, (, ), {, }, [, ], ~, `, -, and _.

Type: boolean

EnforceUppercase sets whether passwords must contain at least one uppercase letter.

Type: integer

Minimum: 0

Maximum: 100

MinLength sets the minimum length a password must be, This field must be between 0 and 100. If this field is set to 0, Couchbase Server will permit the definition of highly insecure zero-length passwords which is not recommended.

Type: []string

PolicyChangePasswordResetExemptUsers defines names of CouchbaseUser resources that will not be required to change their password if requirePasswordResetOnPolicyChange is set to true and the password policy is updated. This field is only available for Couchbase Server 8.0.0+.

Type: boolean

RequirePasswordResetOnPolicyChange defines whether users will be required to change their password when the password policy is updated. This field is only available for Couchbase Server 8.0.0+.

Type: object

PodSecurityContext allows the configuration of the security context for all Couchbase server pods. When using persistent volumes you may need to set the fsGroup field in order to write to the volume. For non-root clusters you must also set runAsUser to 1000, corresponding to the Couchbase user in official container images. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/.

Type: integer

A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod:

1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR’d with rw-rw----

If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows.

Type: string

fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows.

Type: integer

The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.

Type: boolean

Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

Type: integer

The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.

Type: object

The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.

Type: string

Level is SELinux level label that applies to the container.

Type: string

Role is a SELinux role label that applies to the container.

Type: string

Type is a SELinux type label that applies to the container.

Type: string

User is a SELinux user label that applies to the container.

Type: object

The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.

Type: string

localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet’s configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.

Required

Type: string

type indicates which kind of seccomp profile will be applied. Valid options are:

Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.

Type: []integer

A list of groups applied to the first process run in each container, in addition to the container’s primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows.

Type: []object

Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows.

Required

Type: string

Name of a property to set.

Required

Type: string

Value of a property to set.

Type: object

The Windows specific settings applied to all containers. If unspecified, the options within a container’s SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.

Type: string

GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.

Type: string

GMSACredentialSpecName is the name of the GMSA credential spec to use.

Type: boolean

HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod’s containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.

Type: string

The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

Type: object

RBAC is the options provided for enabling and selecting RBAC User resources to manage.

Type: boolean

Managed defines whether RBAC is managed by us or the clients.

Type: object

Selector is a label selector used to list RBAC resources in the namespace that are managed by the Operator.

Type: object

SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. Use securityContext.allowPrivilegeEscalation field to grant more privileges than its parent process. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/.

Type: boolean

AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.

Type: object

The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.

Type: []string

Added capabilities.

Type: []string

Removed capabilities.

Type: boolean

Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.

Type: string

procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.

Type: boolean

Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.

Type: integer

The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.

Type: boolean

Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

Type: integer

The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.

Type: object

The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.

Type: string

Level is SELinux level label that applies to the container.

Type: string

Role is a SELinux role label that applies to the container.

Type: string

Type is a SELinux type label that applies to the container.

Type: string

User is a SELinux user label that applies to the container.

Type: object

The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.

Type: string

localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet’s configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.

Required

Type: string

type indicates which kind of seccomp profile will be applied. Valid options are:

Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.

Type: object

The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.

Type: string

GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.

Type: string

GMSACredentialSpecName is the name of the GMSA credential spec to use.

Type: boolean

HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod’s containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.

Type: string

The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

Type: integer

Default: 0

Minimum: 0

Maximum: 16666

UISessionTimeout sets how long, in minutes, before a user is declared inactive and signed out from the Couchbase Server UI. 0 represents no time out.

Type: object

DEPRECATED - by spec.security.securityContext SecurityContext allows the configuration of the security context for all Couchbase server pods.

When using persistent volumes you may need to set the fsGroup field in order to write to the volume. For non-root clusters you must also set runAsUser to 1000, corresponding to the Couchbase user in official container images. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/.

Type: []string

Pattern (Regular Expression): ^[A-Za-z0-9]([A-Za-z0-9._-]\*[A-Za-z0-9])?$

ServerGroups define the set of availability zones you want to distribute pods over, and construct Couchbase server groups for. By default, most cloud providers will label nodes with the key "topology.kubernetes.io/zone", the values associated with that key are used here to provide explicit scheduling by the Operator. You may manually label nodes using the "topology.kubernetes.io/zone" key, to provide failure-domain aware scheduling when none is provided for you. Global server groups are applied to all server classes, and may be overridden on a per-server class basis to give more control over scheduling and server groups.

Required

Type: []object

Minimum Items: 1

Servers defines server classes for the Operator to provision and manage. A server class defines what services are running and how many members make up that class. Specifying multiple server classes allows the Operator to provision clusters with Multi-Dimensional Scaling (MDS). At least one server class must be defined, and at least one server class must be running the data service.

Type: boolean

AutoscaledEnabled defines whether the autoscaling feature is enabled for this class. When true, the Operator will create a CouchbaseAutoscaler resource for this server class. The CouchbaseAutoscaler implements the Kubernetes scale API and can be controlled by the Kubernetes horizontal pod autoscaler (HPA).

Type: []object

Env allows the setting of environment variables in the Couchbase server container.

Type: []object

EnvFrom allows the setting of environment variables in the Couchbase server container.

Type: string

Pattern (Regular Expression): ^(.*?(:\d+)?/)?.\*?/.*?(:.\*?\d+\.\d+\.\d+.\*|@sha256:[0-9a-f]{64})$

DEPRECATED - use spec.image and spec.upgrade instead Image is the container image name that will be used to launch Couchbase server instances in this server class.

You cannot downgrade the Couchbase version. Across spec.image and all server classes there can only be two different Couchbase images. Updating this field to a value different than spec.image will cause an automatic upgrade of the server class. If it isn’t specified then the cluster image will be used.

Required

Type: string

Name is a textual name for the server configuration and must be unique. The name is used by the operator to uniquely identify a server class, and map pods back to an intended configuration.

Type: object

Pod defines a template used to create pod for each Couchbase server instance. Modifying pod metadata such as labels and annotations will update the pod in-place. Any other modification will result in a cluster upgrade in order to fulfill the request. The Operator reserves the right to modify or replace any field. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#pod-v1-core.

Type: object

Resources are the resource requirements for the Couchbase server container. This field overrides any automatic allocation as defined by spec.autoResourceAllocation.

Type: []string

Pattern (Regular Expression): ^[A-Za-z0-9]([A-Za-z0-9._-]\*[A-Za-z0-9])?$

ServerGroups define the set of availability zones you want to distribute pods over, and construct Couchbase server groups for. By default, most cloud providers will label nodes with the key "topology.kubernetes.io/zone", the values associated with that key are used here to provide explicit scheduling by the Operator. You may manually label nodes using the "topology.kubernetes.io/zone" key, to provide failure-domain aware scheduling when none is provided for you. Global server groups are applied to all server classes, and may be overridden on a per-server class basis to give more control over scheduling and server groups.

Required

Type: []string

Enumerations: admin, data, index, query, search, eventing, analytics

Services is the set of Couchbase services to run on this server class. At least one class must contain the data service. The field may contain any of "data", "index", "query", "search", "eventing" or "analytics". Each service may only be specified once. An empty list can also be specified for an Arbiter class ("[]") if Couchbase version is 7.6.0 or greater.

Required

Type: integer

Minimum: 1

Size is the expected requested of the server class. This field must be greater than or equal to 1.

Type: object

VolumeMounts define persistent volume claims to attach to pod.

Type: []string

AnalyticsClaims are persistent volumes that encompass analytics storage associated with the analytics service. Analytics claims can only be used on server classes running the analytics service, and must be used in conjunction with the default claim. This field allows the analytics service to use different storage media (e.g. SSD), and scale horizontally, to improve performance of this service. This field references a volume claim template name as defined in "spec.volumeClaimTemplates".

Type: string

DataClaim is a persistent volume that encompasses key/value storage associated with the data service. The data claim can only be used on server classes running the data service, and must be used in conjunction with the default claim. This field allows the data service to use different storage media (e.g. SSD) to improve performance of this service. This field references a volume claim template name as defined in "spec.volumeClaimTemplates".

Type: string

DefaultClaim is a persistent volume that encompasses all Couchbase persistent data, including document storage, indexes and logs. The default volume can be used with any server class. Use of the default claim allows the Operator to recover failed pods from the persistent volume far quicker than if the pod were using ephemeral storage. The default claim cannot be used at the same time as the logs claim within the same server class. This field references a volume claim template name as defined in "spec.volumeClaimTemplates".

Type: string

IndexClaim s a persistent volume that encompasses index storage associated with the index and search services. The index claim can only be used on server classes running the index or search services, and must be used in conjunction with the default claim. This field allows the index and/or search service to use different storage media (e.g. SSD) to improve performance of this service. This field references a volume claim template name as defined in "spec.volumeClaimTemplates". Whilst this references index primarily, note that the full text search (FTS) service also uses this same mount.

Type: string

LogsClaim is a persistent volume that encompasses only Couchbase server logs to aid with supporting the product. The logs claim can only be used on server classes running the following services: query, search & eventing. The logs claim cannot be used at the same time as the default claim within the same server class. This field references a volume claim template name as defined in "spec.volumeClaimTemplates". Whilst the logs claim can be used with the search service, the recommendation is to use the default claim for these. The reason for this is that a failure of these nodes will require indexes to be rebuilt and subsequent performance impact.

Type: boolean

SoftwareUpdateNotifications enables software update notifications in the UI. When enabled, the UI will alert when a Couchbase server upgrade is available.

Type: object

Upgrade defines the upgrade configuration for a Couchbase cluster.

Type: integer

Default: 0

Minimum: 0

PreviousVersionPodCount is the number of pods that will be left running at the existing version. NOTE: The cluster will not be fully upgraded until all pods are at the new version. The default is 0.

Type: object

When spec.upgradeStrategy is set to RollingUpgrade it will, by default, upgrade one pod at a time. If this field is specified then that number can be increased.

Type: integer

Minimum: 1

MaxUpgradable allows the number of pods affected by an upgrade at any one time to be increased. By default a rolling upgrade will upgrade one pod at a time. This field allows that limit to be removed. This field must be greater than zero. The smallest of maxUpgradable and maxUpgradablePercent takes precedence if both are defined.

Type: string

Pattern (Regular Expression): ^(100|[1-9][0-9]|[1-9])%$

MaxUpgradablePercent allows the number of pods affected by an upgrade at any one time to be increased. By default a rolling upgrade will upgrade one pod at a time. This field allows that limit to be removed. This field must be an integer percentage, e.g. "10%", in the range 1% to 100%. Percentages are relative to the total cluster size, and rounded down to the nearest whole number, with a minimum of 1. For example, a 10 pod cluster, and 25% allowed to upgrade, would yield 2.5 pods per iteration, rounded down to 2. The smallest of maxUpgradable and maxUpgradablePercent takes precedence if both are defined.

Type: string

StabilizationPeriod is the time the operator will wait after an upgrade cycle before starting the next upgrade cycle. If not specified the operator will start the next upgrade immediately.

Type: []string

UpgradeOrder defines the sequence in which nodes will be upgraded. The sequence will be interpreted based on what spec.upgrade.upgradeOrderBy is set to. If spec.upgrade.upgradeOrderType is set to "Nodes" then the sequence will be a list of node names. If spec.upgrade.upgradeOrderType is set to "ServerGroups" then the sequence will be a list of server group names. If spec.upgrade.upgradeOrderType is set to "ServerClasses" then the sequence will be a list of server class names. If spec.upgrade.upgradeOrderType is set to "Services" then the sequence will be a list of service names.

Type: string

Default: Nodes

Enumerations: Nodes, ServerGroups, ServerClasses, Services

UpgradeOrderType defines the order in which spec.upgrade.upgradeOrderSequence will be interpreted.

Type: string

Default: SwapRebalance

Enumerations: SwapRebalance, DeltaRecovery, InPlaceUpgrade

UpgradeProcess defines the process that will be used when performing a couchbase cluster upgrade. When SwapRebalance is requested (default), pods will be upgraded using either a RollingUpgrade or ImmediateUpgrade (determined by UpgradeStrategy). When InPlaceUpgrade is requested, the operator will perform an in-place upgrade on a best effort basis. InPlaceUpgrade cannot be used if the UpgradeStrategy is set to ImmediateUpgrade.

Type: string

Default: RollingUpgrade

Enumerations: RollingUpgrade, ImmediateUpgrade

UpgradeStrategy controls how aggressive the Operator is when performing a cluster upgrade. When a rolling upgrade is requested, pods are upgraded one at a time. This strategy is slower, however less disruptive. When an immediate upgrade strategy is requested, all pods are upgraded at the same time. This strategy is faster, but more disruptive. This field must be either "RollingUpgrade" or "ImmediateUpgrade", defaulting to "RollingUpgrade".

Type: string

Enumerations: SwapRebalance, DeltaRecovery, InPlaceUpgrade

DEPRECATED - By spec.upgrade.upgradeProcess.

UpgradeProcess defines the process that will be used when performing a couchbase cluster upgrade. When SwapRebalance is requested (default), pods will be upgraded using either a RollingUpgrade or ImmediateUpgrade (determined by UpgradeStrategy). When InPlaceUpgrade is requested, the operator will perform an in-place upgrade on a best effort basis. InPlaceUpgrade cannot be used if the UpgradeStrategy is set to ImmediateUpgrade.

Type: string

Enumerations: RollingUpgrade, ImmediateUpgrade

DEPRECATED - By spec.upgrade.upgradeStrategy.

UpgradeStrategy controls how aggressive the Operator is when performing a cluster upgrade. When a rolling upgrade is requested, pods are upgraded one at a time. This strategy is slower, however less disruptive. When an immediate upgrade strategy is requested, all pods are upgraded at the same time. This strategy is faster, but more disruptive. This field must be either "RollingUpgrade" or "ImmediateUpgrade", defaulting to "RollingUpgrade".

Type: []object

VolumeClaimTemplates define the desired characteristics of a volume that can be requested/claimed by a pod, for example the storage class to use and the volume size. Volume claim templates are referred to by name by server class volume mount configuration.

Type: object

XDCR defines whether the Operator should manage XDCR, remote clusters and how to lookup replication resources.

Type: object

GlobalSettings configures cluster-wide XDCR advanced settings. These settings provide defaults for new replications and do not affect existing replications retroactively. Only specified fields are applied; unspecified fields are left unchanged on the server.

Type: integer

Minimum: 60

Maximum: 14400

CheckpointInterval is the interval in seconds between checkpoints. This field defaults to 600 and must be between 60 and 14400.

Type: boolean

CollectionsOSOMode optimizes for out-of-order mutations streaming (performance toggle). This field defaults to true.

Type: string

Enumerations: Auto, None

CompressionType is the compression used for XDCR traffic. This field must be one of "Auto" or "None", defaulting to "Auto".

Type: object

ConflictLogging is the configuration for conflict logging. This feature is available in Couchbase Server 8.0.0 and later.

Type: boolean

Enabled defines whether conflict logging is enabled.

Type: object

LogCollection defines the collection to log conflicts to.

Type: string

Maximum Length: 100

Pattern (Regular Expression): ^[a-zA-Z0-9-_%\.]{1,100}$

Bucket defines the bucket to log conflicts to.

Type: string

Minimum Length: 1

Maximum Length: 251

Pattern (Regular Expression): ^(default|[a-zA-Z0-9\-][a-zA-Z0-9\-%]{0,250})$

Collection defines the collection to log conflicts to.

Type: string

Minimum Length: 1

Maximum Length: 251

Pattern (Regular Expression): ^(default|[a-zA-Z0-9\-][a-zA-Z0-9\-%]{0,250})$

Scope defines the scope to log conflicts to.

Type: object

LoggingRules defines the list of logging rules for conflict logging. The rules can be scoped to a specific scope or a specific collection in a scope. The rules can disable logging, log to the default collection defined at spec.conflictLogging.logCollection, or log to a different collection.

Type: []object

CustomCollectionRules defines the rules for logging to a different collection.

Type: string

Minimum Length: 1

Maximum Length: 251

Pattern (Regular Expression): ^(default|[a-zA-Z0-9\-][a-zA-Z0-9\-%]{0,250})$

Collection defines the collection to apply the rule to.

Required

Type: object

LogCollection defines the collection to log conflicts to.

Type: string

Maximum Length: 100

Pattern (Regular Expression): ^[a-zA-Z0-9-_%\.]{1,100}$

Bucket defines the bucket to log conflicts to.

Type: string

Minimum Length: 1

Maximum Length: 251

Pattern (Regular Expression): ^(default|[a-zA-Z0-9\-][a-zA-Z0-9\-%]{0,250})$

Collection defines the collection to log conflicts to.

Type: string

Minimum Length: 1

Maximum Length: 251

Pattern (Regular Expression): ^(default|[a-zA-Z0-9\-][a-zA-Z0-9\-%]{0,250})$

Scope defines the scope to log conflicts to.

Required

Type: string

Minimum Length: 1

Maximum Length: 251

Pattern (Regular Expression): ^(default|[a-zA-Z0-9\-][a-zA-Z0-9\-%]{0,250})$

Scope defines the scope to apply the rule to.

Type: []object

DefaultCollectionRules defines the rules for logging to the default collection.

Type: string

Minimum Length: 1

Maximum Length: 251

Pattern (Regular Expression): ^(default|[a-zA-Z0-9\-][a-zA-Z0-9\-%]{0,250})$