CouchbaseUser Resource

The Couchbase Autonomous Operator operates on CouchbaseCluster objects. Users are decoupled from this configuration and are selected for inclusion within a cluster with configurable label selectors.

CouchbaseUser resources are analogous to Kubernetes ServiceAccount or OpenShift User resources.

The following YAML shows all possible fields that may be configured for a CouchbaseUser. This configuration may not be valid and is only for illustrative purposes.

All available CouchbaseUser configuration parameters

apiVersion: couchbase.com/v2
kind: CouchbaseUser
metadata:
  name: my-user
  labels:
    cluster: my-cluster
spec:
  fullName: "Jane Doe"
  authDomain: local
  authSecret: my-password-secret

Top-Level Definitions

The following are relevant generic parameters that can be defined:

apiVersion: couchbase.com/v2
kind: CouchbaseUser
metadata:
  name: my-user
  labels:
    cluster: my-cluster

apiVersion

The apiVersion defines which version of the resource this configuration refers to.

Field rules: This field is required and must be set to couchbase.com/v2

kind

The kind defines the type of resource this configuration refers to.

Field rules: This field is required and must be set to CouchbaseUser

metadata.name

The metadata name defines the name of the resource. The name must be unique for the kind defined.

Field rules: This field is required and must be unique as described above.

metadata.labels

The metadata labels allow the resource to be tagged so that it is only selected by specific CouchbaseCluster resources. Further details about resource selection can be found on the Couchbase Resources and RBAC page.

Field rules: This field is optional and must be a map of string key/value pairs.

spec

The following are parameters that may be set on the user:

spec:
  fullName: "Jane Doe"
  authDomain: local
  authSecret: my-password-secret

spec.fullName

This field defines the full name of the user. The internal user ID is derived from the metadata.name field.

Field rules: This field is required and must be a string.

spec.authDomain

This field defines how to authenticate the user. If set to local the user will be authenticated against a local password. If set to external the user will be authenticated against a remote LDAP server. LDAP authentication requires the spec.security.rbac.ldap object to be configured in a related CouchbaseCluster resource.

Field rules: This field is required and must be either local or exteternal.

spec.authSecret

This field defines the password of the user. It is only relevant when using local authentication. If defined it must reference a Secret resource in the current namespace containing the user’s password under the key password.

Field rules: This field is required when using local authentication and must be a string.