CouchbaseGroup Resource

    +

    The Couchbase Autonomous Operator operates on CouchbaseCluster objects. Groups are decoupled from this configuration and are selected for inclusion within a cluster with configurable label selectors.

    The CouchbaseGroup resource contains a set of roles that are to be applied to users. CouchbaseGroup resources are analogous to Kubernetes Role resources.

    The following YAML shows all possible fields that may be configured for a CouchbaseGroup. This configuration may not be valid and is only for illustrative purposes.

    All available CouchbaseGroup configuration parameters
    apiVersion: couchbase.com/v2
    kind: CouchbaseGroup
    metadata:
      name: my-group
      labels:
        cluster: my-cluster
    spec:
      roles:
      - name: bucket_admin
        bucket: my-bucket
      ldapGroupRef: cn=users,ou=Groups,dc=example,dc=com

    Top-Level Definitions

    The following are relevant generic parameters that can be defined:

    apiVersion: couchbase.com/v2
    kind: CouchbaseGroup
    metadata:
      name: my-group
      labels:
        cluster: my-cluster

    apiVersion

    The apiVersion defines which version of the resource this configuration refers to.

    Field rules: This field is required and must be set to couchbase.com/v2

    kind

    The kind defines the type of resource this configuration refers to.

    Field rules: This field is required and must be set to CouchbaseGroup

    metadata.name

    The metadata name defines the name of the resource. The name must be unique for the kind defined.

    Field rules: This field is required and must be unique as described above.

    metadata.labels

    The metadata labels allow the resource to be tagged so that it is only selected by specific CouchbaseCluster resources. Further details about resource selection can be found on the Couchbase Resources and RBAC page.

    Field rules: This field is optional and must be a map of string key/value pairs.

    spec

    The following are parameters that may be set on the role:

    spec:
      roles:
      - name: bucket_admin
        bucket: my-bucket

    spec.roles[]

    This field is a list of roles to be associated with a user or group of users.

    spec.roles[].name

    This field defines a Couchbase role to grant to a user.

    Field rules: This field is required and must be either admin, cluster_admin, security_admin, ro_admin, replication_admin, query_external_access, query_system_catalog, analytics_reader, bucket_admin, views_admin, fts_admin, bucket_full_access, data_reader, data_writer, data_dcp_reader, data_backup, data_monitoring, replication_target, analytics_manager, views_reader, fts_searcher, query_select, query_update, query_insert, query_delete or query_manage_index.

    spec.roles[].bucket

    This field defines the scope to which a role applies. Non-cluster roles may be limited to a specific bucket. If specified the bucket must exist on the related CouchbaseCluster resource.

    Field rules: This field is required and must be a bucket name string. This field is only relevant when used with the roles bucket_admin, views_admin, fts_admin, bucket_full_access, data_reader, data_writer, data_dcp_reader, data_backup, data_monitoring, replication_target, analytics_manager, views_reader, fts_searcher, query_select, query_update, query_insert, query_delete or query_manage_index.

    specldapGroupRef.

    This field defines the distinguished name (DN) of an external ldap group to use for authentication.

    Field rules: This field is optional and must be a string. If set, the roles of this group will be applied to users within the referenced LDAP group.