CouchbaseUser Resource
The Couchbase Autonomous Operator operates on CouchbaseCluster
objects.
Users are decoupled from this configuration and are selected for inclusion within a cluster with configurable label selectors.
CouchbaseUser
resources are analogous to Kubernetes ServiceAccount
or OpenShift User
resources.
The following YAML shows all possible fields that may be configured for a CouchbaseUser
.
This configuration may not be valid and is only for illustrative purposes.
apiVersion: couchbase.com/v2
kind: CouchbaseUser
metadata:
name: my-user
labels:
cluster: my-cluster
spec:
fullName: "Jane Doe"
authDomain: local
authSecret: my-password-secret
Top-Level Definitions
The following are relevant generic parameters that can be defined:
apiVersion: couchbase.com/v2
kind: CouchbaseUser
metadata:
name: my-user
labels:
cluster: my-cluster
apiVersion
The apiVersion defines which version of the resource this configuration refers to.
Field rules: This field is required and must be set to
couchbase.com/v2
kind
The kind defines the type of resource this configuration refers to.
Field rules: This field is required and must be set to
CouchbaseUser
metadata.name
The metadata name defines the name of the resource. The name must be unique for the kind defined.
Field rules: This field is required and must be unique as described above.
metadata.labels
The metadata labels allow the resource to be tagged so that it is only selected by specific CouchbaseCluster resources. Further details about resource selection can be found on the Couchbase Resources and RBAC page.
Field rules: This field is optional and must be a map of string key/value pairs.
spec
The following are parameters that may be set on the user:
spec:
fullName: "Jane Doe"
authDomain: local
authSecret: my-password-secret
spec.fullName
This field defines the full name of the user.
The internal user ID is derived from the metadata.name
field.
Field rules: This field is required and must be a string.
spec.authDomain
This field defines how to authenticate the user.
If set to local
the user will be authenticated against a local password.
If set to external
the user will be authenticated against a remote LDAP server.
LDAP authentication requires the spec.security.rbac.ldap
object to be configured in a related CouchbaseCluster
resource.
Field rules: This field is required and must be either
local
orexteternal
.
spec.authSecret
This field defines the password of the user.
It is only relevant when using local
authentication.
If defined it must reference a Secret
resource in the current namespace containing the user’s password under the key password
.
Field rules: This field is required when using
local
authentication and must be a string.