CouchbaseGroup Resource
The Couchbase Autonomous Operator operates on CouchbaseCluster
objects.
Groups are decoupled from this configuration and are selected for inclusion within a cluster with configurable label selectors.
The CouchbaseGroup
resource contains a set of roles that are to be applied to users.
CouchbaseGroup
resources are analogous to Kubernetes Role
resources.
The following YAML shows all possible fields that may be configured for a CouchbaseGroup
.
This configuration may not be valid and is only for illustrative purposes.
apiVersion: couchbase.com/v2
kind: CouchbaseGroup
metadata:
name: my-group
labels:
cluster: my-cluster
spec:
roles:
- name: bucket_admin
bucket: my-bucket
ldapGroupRef: cn=users,ou=Groups,dc=example,dc=com
Top-Level Definitions
The following are relevant generic parameters that can be defined:
apiVersion: couchbase.com/v2
kind: CouchbaseGroup
metadata:
name: my-group
labels:
cluster: my-cluster
apiVersion
The apiVersion defines which version of the resource this configuration refers to.
Field rules: This field is required and must be set to
couchbase.com/v2
kind
The kind defines the type of resource this configuration refers to.
Field rules: This field is required and must be set to
CouchbaseGroup
metadata.name
The metadata name defines the name of the resource. The name must be unique for the kind defined.
Field rules: This field is required and must be unique as described above.
metadata.labels
The metadata labels allow the resource to be tagged so that it is only selected by specific CouchbaseCluster resources. Further details about resource selection can be found on the Couchbase Resources and RBAC page.
Field rules: This field is optional and must be a map of string key/value pairs.
spec
The following are parameters that may be set on the role:
spec:
roles:
- name: bucket_admin
bucket: my-bucket
spec.roles[].name
This field defines a Couchbase role to grant to a user.
Field rules: This field is required and must be either
admin
,cluster_admin
,security_admin
,ro_admin
,replication_admin
,query_external_access
,query_system_catalog
,analytics_reader
,bucket_admin
,views_admin
,fts_admin
,bucket_full_access
,data_reader
,data_writer
,data_dcp_reader
,data_backup
,data_monitoring
,replication_target
,analytics_manager
,views_reader
,fts_searcher
,query_select
,query_update
,query_insert
,query_delete
orquery_manage_index
.
spec.roles[].bucket
This field defines the scope to which a role applies.
Non-cluster roles may be limited to a specific bucket.
If specified the bucket must exist on the related CouchbaseCluster
resource.
Field rules: This field is required and must be a bucket name string. This field is only relevant when used with the roles
bucket_admin
,views_admin
,fts_admin
,bucket_full_access
,data_reader
,data_writer
,data_dcp_reader
,data_backup
,data_monitoring
,replication_target
,analytics_manager
,views_reader
,fts_searcher
,query_select
,query_update
,query_insert
,query_delete
orquery_manage_index
.