Couchbase Helm Chart Specification

admissionCA.cert

string

nil

A base64 encoded PEM format certificate

admissionCA.expiration

int

365

Expiry time of CA in days for generated certs

admissionCA.key

string

nil

A base64 encoded PEM format private key

admissionController.commandArgs

object

{"default-file-system-group":true,"validate-secrets":true,"validate-storage-classes":true}

Set of command-line flags to pass on to the Admission Controller to modify its behavior. Do not change.

admissionController.disableValidatingWebhook

bool

false

Disable the creation of Validation webhook. Setting to 'false' may be helpful when installing into a restricted environments (ie Strict mTLS), since disabling avoids performing resource fetching and validation from the Kubernetes API server.

admissionController.image

object

{"repository":"couchbase/admission-controller","tag":"2.3.0"}

Image specifies repository and tag of the Couchbase Admission container.

admissionController.imagePullPolicy

string

"IfNotPresent"

The policy for pulling images from the repository onto hosts. The imagePullPolicy value defaults to IfNotPresent, which means that images are only pulled if they’re not present on the Kubernetes node. Values allowed are Always, IfNotPresent, and Never.

admissionController.imagePullSecrets

list

[]

ImagePullSecrets is an optional list of references to secrets to use for pulling images

admissionController.name

string

"couchbase-admission-controller"

admissionController.nodeSelector

object

{}

Specify a node selection constraint for couchbase-admission-controller pod assignment. Ref: https://kubernetes.io/docs/user-guide/node-selection/

admissionController.resources

object

{}

Resource Limits and requests for Pod CPU and Memory

admissionController.runAsNonRoot

bool

true

Specify whether to run as a non-root user. Running as non-root ensures least privilege.

admissionController.scope

string

"ClusterRole"

RBAC Scope of the Admission Controller. Must be either 'Role' or 'ClusterRole'. When scope is 'ClusterRole' the admission controller is able to validate resources in all namespaces. 'Role' scope limits validation to a single a namespace.

admissionController.tolerations

list

[]

Tolerations are applied to pods, and allow (but do not require) the pods to schedule onto nodes with matching taints.

admissionController.verboseLogging

bool

false

Determines whether the admission controller should log all of its validation notices within the console. When set to false, only validation errors are logged within the pod’s console.

admissionSecret.cert

string

nil

PEM format certificate (auto-generated) override via --set-file

admissionSecret.key

string

nil

PEM format certificate (auto-generated) override via --set-file

admissionSecret.name

string

nil

Name of the secret (auto-generated)

admissionService.name

string

nil

Name of the service (auto-generated)

admissionService.port

int

443

Port service exposes

admissionService.targetPort

int

8443

backuprestores

object

{}

backups

object

{}

CouchbaseBackups runs a job which preserves data into backups

buckets.default.compressionMode

string

"passive"

CompressionMode defines how Couchbase server handles document compression. When off, documents are stored in memory, and transferred to the client uncompressed. When passive, documents are stored compressed in memory, and transferred to the client compressed when requested. When active, documents are stored compresses in memory and when transferred to the client. This field must be "off", "passive" or "active", defaulting to "passive". Be aware "off" in YAML 1.2 is a boolean, so must be quoted as a string in configuration files.

buckets.default.conflictResolution

string

"seqno"

ConflictResolution defines how XDCR handles concurrent write conflicts. Sequence number based resolution selects the document with the highest sequence number as the most recent. Timestamp based resolution selects the document that was written to most recently as the most recent. This field must be "seqno" (sequence based), or "lww" (timestamp based), defaulting to "seqno".

buckets.default.enableFlush

bool

false

EnableFlush defines whether a client can delete all documents in a bucket. This field defaults to false.

buckets.default.enableIndexReplica

bool

false

EnableIndexReplica defines whether indexes for this bucket are replicated. This field defaults to false.

buckets.default.evictionPolicy

string

"valueOnly"

EvictionPolicy controls how Couchbase handles memory exhaustion. Value only eviction flushes documents to disk but maintains document metadata in memory in order to improve query performance. Full eviction removes all data from memory after the document is flushed to disk. This field must be "valueOnly" or "fullEviction", defaulting to "valueOnly".

buckets.default.ioPriority

string

"low"

IOPriority controls how many threads a bucket has, per pod, to process reads and writes. This field must be "low" or "high", defaulting to "low". Modification of this field will cause a temporary service disruption as threads are restarted.

buckets.default.kind

string

"CouchbaseBucket"

The type of the bucket to create by default. Removed from CRD as only used by Helm.

buckets.default.maxTTL

string

nil

MaxTTL defines how long a document is permitted to exist for, without modification, until it is automatically deleted. This is a default and maximum time-to-live and may be set to a lower value by the client. If the client specifies a higher value, then it is truncated to the maximum durability. Documents are removed by Couchbase, after they have expired, when either accessed, the expiry pager is run, or the bucket is compacted. When set to 0, then documents are not expired by default. This field must be a duration in the range 0-2147483648s, defaulting to 0. More info: https://golang.org/pkg/time/#ParseDuration

buckets.default.memoryQuota

string

"100Mi"

MemoryQuota is a memory limit to the size of a bucket. When this limit is exceeded, documents will be evicted from memory to disk as defined by the eviction policy. The memory quota is defined per Couchbase pod running the data service. This field defaults to, and must be greater than or equal to 100Mi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes

buckets.default.minimumDurability

string

nil

MiniumumDurability defines how durable a document write is by default, and can be made more durable by the client. This feature enables ACID transactions. When none, Couchbase server will respond when the document is in memory, it will become eventually consistent across the cluster. When majority, Couchbase server will respond when the document is replicated to at least half of the pods running the data service in the cluster. When majorityAndPersistActive, Couchbase server will respond when the document is replicated to at least half of the pods running the data service in the cluster and the document has been persisted to disk on the document master pod. When persistToMajority, Couchbase server will respond when the document is replicated and persisted to disk on at least half of the pods running the data service in the cluster. This field must be either "none", "majority", "majorityAndPersistActive" or "persistToMajority", defaulting to "none".

buckets.default.name

string

nil

Name is the name of the bucket within Couchbase server. By default the Operator will use the metadata.name field to define the bucket name. The metadata.name field only supports a subset of the supported character set. When specified, this field overrides metadata.name. Legal bucket names have a maximum length of 100 characters and may be composed of any character from "a-z", "A-Z", "0-9" and "-_%\.".

buckets.default.replicas

int

1

Replicas defines how many copies of documents Couchbase server maintains. This directly affects how fault tolerant a Couchbase cluster is. With a single replica, the cluster can tolerate one data pod going down and still service requests without data loss. The number of replicas also affect memory use. With a single replica, the effective memory quota for documents is halved, with two replicas it is one third. The number of replicas must be between 0 and 3, defaulting to 1.

buckets.default.scopes

object

{"managed":false,"resources":[],"selector":{"matchExpressions":{"key":null,"operator":null,"values":null},"matchLabels":null}}

Scopes defines whether the Operator manages scopes for the bucket or not, and the set of scopes defined for the bucket.

buckets.default.scopes.managed

bool

false

Managed defines whether scopes are managed for this bucket. This field is false by default, and the Operator will take no actions that will affect scopes and collections in this bucket. The default scope and collection will be present. When set to true, the Operator will manage user defined scopes, and optionally, their collections as defined by the CouchbaseScope, CouchbaseScopeGroup, CouchbaseCollection and CouchbaseCollectionGroup resource documentation. If this field is set to false while the already managed, then the Operator will leave whatever configuration is already present.

buckets.default.scopes.resources

list

[]

Resources is an explicit list of named resources that will be considered for inclusion in this bucket. If a resource reference doesn’t match a resource, then no error conditions are raised due to undefined resource creation ordering and eventual consistency.

buckets.default.scopes.selector

object

{"matchExpressions":{"key":null,"operator":null,"values":null},"matchLabels":null}

Selector allows resources to be implicitly considered for inclusion in this bucket. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#labelselector-v1-meta

buckets.default.scopes.selector.matchExpressions

object

{"key":null,"operator":null,"values":null}

matchExpressions is a list of label selector requirements. The requirements are ANDed.

buckets.default.scopes.selector.matchLabels

string

nil

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

cluster.antiAffinity

bool

false

AntiAffinity forces the Operator to schedule different Couchbase server pods on different Kubernetes nodes. Anti-affinity reduces the likelihood of unrecoverable failure in the event of a node issue. Use of anti-affinity is highly recommended for production clusters.

cluster.autoResourceAllocation

object

{"cpuLimits":"4","cpuRequests":"2","enabled":false,"overheadPercent":25}

AutoResourceAllocation populates pod resource requests based on the services running on that pod. When enabled, this feature will calculate the memory request as the total of service allocations defined in spec.cluster, plus an overhead defined by spec.autoResourceAllocation.overheadPercent.Changing individual allocations for a service will cause a cluster upgrade as allocations are modified in the underlying pods. This field also allows default pod CPU requests and limits to be applied. All resource allocations can be overridden by explicitly configuring them in the spec.servers.resources field.

cluster.autoResourceAllocation.cpuLimits

string

"4"

CPULimits automatically populates the CPU limits across all Couchbase server pods. This field defaults to "4" CPUs. Explicitly specifying the CPU limit for a particular server class will override this value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes

cluster.autoResourceAllocation.cpuRequests

string

"2"

CPURequests automatically populates the CPU requests across all Couchbase server pods. The default value of "2", is the minimum recommended number of CPUs required to run Couchbase Server. Explicitly specifying the CPU request for a particular server class will override this value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes

cluster.autoResourceAllocation.enabled

bool

false

Enabled defines whether auto-resource allocation is enabled.

cluster.autoResourceAllocation.overheadPercent

int

25

OverheadPercent defines the amount of memory above that required for individual services on a pod. For Couchbase Server this should be approximately 25%.

cluster.autoscaleStabilizationPeriod

string

nil

AutoscaleStabilizationPeriod defines how long after a rebalance the corresponding HorizontalPodAutoscaler should remain in maintenance mode. During maintenance mode all autoscaling is disabled since every HorizontalPodAutoscaler associated with the cluster becomes inactive. Since certain metrics can be unpredictable when Couchbase is rebalancing or upgrading, setting a stabilization period helps to prevent scaling recommendations from the HorizontalPodAutoscaler for a provided period of time. Values must be a valid Kubernetes duration of 0s or higher: https://golang.org/pkg/time/#ParseDuration A value of 0, puts the cluster in maintenance mode during rebalance but immediately exits this mode once the rebalance has completed. When undefined, the HPA is never put into maintenance mode during rebalance.

cluster.backup

object

{"image":"couchbase/operator-backup:1.2.0","imagePullSecrets":{"name":null},"managed":true,"nodeSelector":null,"objectEndpoint":{"secret":null,"url":null,"useVirtualPath":false},"resources":{"limits":null,"requests":null},"s3Secret":null,"selector":{"matchExpressions":{"key":null,"operator":null,"values":null},"matchLabels":null},"serviceAccountName":"couchbase-backup","tolerations":{"effect":null,"key":null,"operator":null,"tolerationSeconds":null,"value":null},"useIAMRole":false}

Backup defines whether the Operator should manage automated backups, and how to lookup backup resources. Refer to the documentation for supported values https://docs.couchbase.com/operator/current/howto-backup.html#enable-automated-backup

cluster.backup.image

string

"couchbase/operator-backup:1.2.0"

The Backup Image to run on backup pods.

cluster.backup.imagePullSecrets

object

{"name":null}

ImagePullSecrets allow you to use an image from private repositories and non-dockerhub ones.

cluster.backup.imagePullSecrets.name

string

nil

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?

cluster.backup.managed

bool

true

Managed defines whether backups are managed by us or the clients.

cluster.backup.nodeSelector

string

nil

NodeSelector defines which nodes to constrain the pods that run any backup and restore operations to.

cluster.backup.objectEndpoint

object

{"secret":null,"url":null,"useVirtualPath":false}

ObjectEndpoint contains the configuration for connecting to a custom S3 compliant object store.

cluster.backup.objectEndpoint.secret

string

nil

The name of the secret, in this namespace, that contains the CA certificate for verification of a TLS endpoint (when required, e.g. not signed by a public CA). The secret must have the key with the name "tls.crt"

cluster.backup.objectEndpoint.url

string

nil

The host/address of the custom object endpoint.

cluster.backup.objectEndpoint.useVirtualPath

bool

false

UseVirtualPath will force the AWS SDK to use the new virtual style paths. by default alternative path style URLs which are often required by S3 compatible object stores.

cluster.backup.resources

object

{"limits":null,"requests":null}

Resources is the resource requirements for the backup and restore containers. Will be populated by defaults if not specified.

cluster.backup.resources.limits

string

nil

Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/

cluster.backup.resources.requests

string

nil

Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/

cluster.backup.s3Secret

string

nil

S3Secret contains the region and credentials for operating backups in S3. This field must be popluated when the spec.s3bucket field is specified for a backup or restore resource.

cluster.backup.selector

object

{"matchExpressions":{"key":null,"operator":null,"values":null},"matchLabels":null}

Selector allows CouchbaseBackup and CouchbaseBackupRestore resources to be filtered based on labels.

cluster.backup.selector.matchExpressions

object

{"key":null,"operator":null,"values":null}

matchExpressions is a list of label selector requirements. The requirements are ANDed.

cluster.backup.selector.matchLabels

string

nil

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

cluster.backup.serviceAccountName

string

"couchbase-backup"

The Service Account to run backup (and restore) pods under. Without this backup pods will not be able to update status.

cluster.backup.tolerations

object

{"effect":null,"key":null,"operator":null,"tolerationSeconds":null,"value":null}

Tolerations specifies all backup and restore pod tolerations.

cluster.backup.tolerations.effect

string

nil

Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.

cluster.backup.tolerations.key

string

nil

Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.

cluster.backup.tolerations.operator

string

nil

Operator represents a key’s relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.

cluster.backup.tolerations.tolerationSeconds

string

nil

TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.

cluster.backup.tolerations.value

string

nil

Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.

cluster.backup.useIAMRole

bool

false

UseIAMRole enables backup to fetch EC2 instance metadata. This allows the AWS SDK to use the EC2’s IAM Role for S3 access. UseIAMRole will ignore credentials in s3Secret.

cluster.buckets

object

{"managed":true,"selector":{"matchExpressions":{"key":null,"operator":null,"values":null},"matchLabels":null},"synchronize":false}

Buckets defines whether the Operator should manage buckets, and how to lookup bucket resources.

cluster.buckets.managed

bool

true

Managed defines whether buckets are managed by the Operator (true), or user managed (false). When Operator managed, all buckets must be defined with either CouchbaseBucket, CouchbaseEphemeralBucket or CouchbaseMemcachedBucket resources. Manual addition of buckets will be reverted by the Operator. When user managed, the Operator will not interrogate buckets at all. This field defaults to false.

cluster.buckets.selector

object

{"matchExpressions":{"key":null,"operator":null,"values":null},"matchLabels":null}

Selector is a label selector used to list buckets in the namespace that are managed by the Operator.

cluster.buckets.selector.matchExpressions

object

{"key":null,"operator":null,"values":null}

matchExpressions is a list of label selector requirements. The requirements are ANDed.

cluster.buckets.selector.matchLabels

string

nil

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

cluster.buckets.synchronize

bool

false

Synchronize allows unmanaged buckets, scopes, and collections to be synchronized as Kubernetes resources by the Operator. This feature is intended for development only and should not be used for production workloads. The synchronization workflow starts with spec.buckets.managed being set to false, the user can manually create buckets, scopes, and collections using the Couchbase UI, or other tooling. When you wish to commit to Kubernetes resources, you must specify a unique label selector in the spec.buckets.selector field, and this field is set to true. The Operator will create Kubernetes resources for you, and upon completion set the cluster’s Synchronized status condition. You may then safely set spec.buckets.managed to true and the Operator will manage these resources as per usual. To update an already managed data topology, you must first set it to unmanaged, make any changes, and delete any old resources, then follow the standard synchronization workflow. The Operator can not, and will not, ever delete, or make modifications to resource specifications that are intended to be user managed, or managed by a life cycle management tool. These actions must be instigated by an end user. For a more complete experience, refer to the documentation for the cao save and cao restore CLI commands.

cluster.cluster

object

{"analyticsServiceMemoryQuota":"1Gi","autoCompaction":{"databaseFragmentationThreshold":{"percent":30,"size":null},"parallelCompaction":false,"timeWindow":{"abortCompactionOutsideWindow":false,"end":null,"start":null},"tombstonePurgeInterval":"72h","viewFragmentationThreshold":{"percent":30,"size":null}},"autoFailoverMaxCount":3,"autoFailoverOnDataDiskIssues":false,"autoFailoverOnDataDiskIssuesTimePeriod":"120s","autoFailoverServerGroup":false,"autoFailoverTimeout":"120s","clusterName":null,"data":{"readerThreads":null,"writerThreads":null},"dataServiceMemoryQuota":"256Mi","eventingServiceMemoryQuota":"256Mi","indexServiceMemoryQuota":"256Mi","indexStorageSetting":"memory_optimized","indexer":{"logLevel":"info","maxRollbackPoints":2,"memorySnapshotInterval":"200ms","stableSnapshotInterval":"5s","storageMode":"memory_optimized","threads":null},"query":{"backfillEnabled":true,"temporarySpace":"5Gi","temporarySpaceUnlimited":false},"queryServiceMemoryQuota":null,"searchServiceMemoryQuota":"256Mi"}

ClusterSettings define Couchbase cluster-wide settings such as memory allocation, failover characteristics and index settings.

cluster.cluster.analyticsServiceMemoryQuota

string

"1Gi"

AnalyticsServiceMemQuota is the amount of memory that should be allocated to the analytics service. This value is per-pod, and only applicable to pods belonging to server classes running the analytics service. This field must be a quantity greater than or equal to 1Gi. This field defaults to 1Gi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes

cluster.cluster.autoCompaction

object

{"databaseFragmentationThreshold":{"percent":30,"size":null},"parallelCompaction":false,"timeWindow":{"abortCompactionOutsideWindow":false,"end":null,"start":null},"tombstonePurgeInterval":"72h","viewFragmentationThreshold":{"percent":30,"size":null}}

AutoCompaction allows the configuration of auto-compaction, including on what conditions disk space is reclaimed and when it is allowed to run.

cluster.cluster.autoCompaction.databaseFragmentationThreshold

object

{"percent":30,"size":null}

DatabaseFragmentationThreshold defines triggers for when database compaction should start.

cluster.cluster.autoCompaction.parallelCompaction

bool

false

ParallelCompaction controls whether database and view compactions can happen in parallel.

cluster.cluster.autoCompaction.timeWindow

object

{"abortCompactionOutsideWindow":false,"end":null,"start":null}

TimeWindow allows restriction of when compaction can occur.

cluster.cluster.autoCompaction.tombstonePurgeInterval

string

"72h"

TombstonePurgeInterval controls how long to wait before purging tombstones. This field must be in the range 1h-1440h, defaulting to 72h. More info: https://golang.org/pkg/time/#ParseDuration

cluster.cluster.autoCompaction.viewFragmentationThreshold

object

{"percent":30,"size":null}

ViewFragmentationThreshold defines triggers for when view compaction should start.

cluster.cluster.autoFailoverMaxCount

int

3

AutoFailoverMaxCount is the maximum number of automatic failovers Couchbase server will allow before not allowing any more. This field must be between 1-3, default 3.

cluster.cluster.autoFailoverOnDataDiskIssues

bool

false

AutoFailoverOnDataDiskIssues defines whether Couchbase server should failover a pod if a disk issue was detected.

cluster.cluster.autoFailoverOnDataDiskIssuesTimePeriod

string

"120s"

AutoFailoverOnDataDiskIssuesTimePeriod defines how long to wait for transient errors before failing over a faulty disk. This field must be in the range 5-3600s, defaulting to 120s. More info: https://golang.org/pkg/time/#ParseDuration

cluster.cluster.autoFailoverServerGroup

bool

false

AutoFailoverServerGroup whether to enable failing over a server group.

cluster.cluster.autoFailoverTimeout

string

"120s"

AutoFailoverTimeout defines how long Couchbase server will wait between a pod being witnessed as down, until when it will failover the pod. Couchbase server will only failover pods if it deems it safe to do so, and not result in data loss. This field must be in the range 5-3600s, defaulting to 120s. More info: https://golang.org/pkg/time/#ParseDuration

cluster.cluster.clusterName

string

nil

ClusterName defines the name of the cluster, as displayed in the Couchbase UI. By default, the cluster name is that specified in the CouchbaseCluster resource’s metadata.

cluster.cluster.data

object

{"readerThreads":null,"writerThreads":null}

Data allows the data service to be configured.

cluster.cluster.data.readerThreads

string

nil

ReaderThreads allows the number of threads used by the data service, per pod, to be altered. This value must be between 4 and 64 threads, and should only be increased where there are sufficient CPU resources allocated for their use. If not specified, this defaults to the default value set by Couchbase Server.

cluster.cluster.data.writerThreads

string

nil

ReaderThreads allows the number of threads used by the data service, per pod, to be altered. This setting is especially relevant when using "durable writes", increasing this field will have a large impact on performance. This value must be between 4 and 64 threads, and should only be increased where there are sufficient CPU resources allocated for their use. If not specified, this defaults to the default value set by Couchbase Server.

cluster.cluster.dataServiceMemoryQuota

string

"256Mi"

DataServiceMemQuota is the amount of memory that should be allocated to the data service. This value is per-pod, and only applicable to pods belonging to server classes running the data service. This field must be a quantity greater than or equal to 256Mi. This field defaults to 256Mi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes

cluster.cluster.eventingServiceMemoryQuota

string

"256Mi"

EventingServiceMemQuota is the amount of memory that should be allocated to the eventing service. This value is per-pod, and only applicable to pods belonging to server classes running the eventing service. This field must be a quantity greater than or equal to 256Mi. This field defaults to 256Mi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes

cluster.cluster.indexServiceMemoryQuota

string

"256Mi"

IndexServiceMemQuota is the amount of memory that should be allocated to the index service. This value is per-pod, and only applicable to pods belonging to server classes running the index service. This field must be a quantity greater than or equal to 256Mi. This field defaults to 256Mi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes

cluster.cluster.indexStorageSetting

string

"memory_optimized"

DEPRECATED - by indexer. The index storage mode to use for secondary indexing. This field must be one of "memory_optimized" or "plasma", defaulting to "memory_optimized". This field is immutable and cannot be changed unless there are no server classes running the index service in the cluster.

cluster.cluster.indexer

object

{"logLevel":"info","maxRollbackPoints":2,"memorySnapshotInterval":"200ms","stableSnapshotInterval":"5s","storageMode":"memory_optimized","threads":null}

Indexer allows the indexer to be configured.

cluster.cluster.indexer.logLevel

string

"info"

LogLevel controls the verbosity of indexer logs. This field must be one of "silent", "fatal", "error", "warn", "info", "verbose", "timing", "debug" or "trace", defaulting to "info".

cluster.cluster.indexer.maxRollbackPoints

int

2

MaxRollbackPoints controls the number of checkpoints that can be rolled back to. The default is 2, with a minimum of 1.

cluster.cluster.indexer.memorySnapshotInterval

string

"200ms"

MemorySnapshotInterval controls when memory indexes should be snapshotted. This defaults to 200ms, and must be greater than or equal to 1ms.

cluster.cluster.indexer.stableSnapshotInterval

string

"5s"

StableSnapshotInterval controls when disk indexes should be snapshotted. This defaults to 5s, and must be greater than or equal to 1ms.

cluster.cluster.indexer.storageMode

string

"memory_optimized"

StorageMode controls the underlying storage engine for indexes. Once set it can only be modified if there are no nodes in the cluster running the index service. The field must be one of "memory_optimized" or "plasma", defaulting to "memory_optimized".

cluster.cluster.indexer.threads

string

nil

Threads controls the number of processor threads to use for indexing. A value of 0 means 1 per CPU. This attribute must be greater than or equal to 0, defaulting to 0.

cluster.cluster.query

object

{"backfillEnabled":true,"temporarySpace":"5Gi","temporarySpaceUnlimited":false}

Query allows the query service to be configured.

cluster.cluster.query.backfillEnabled

bool

true

BackfillEnabled allows the query service to backfill.

cluster.cluster.query.temporarySpace

string

"5Gi"

TemporarySpace allows the temporary storage used by the query service backfill, per-pod, to be modified. This field requires backfillEnabled to be set to true in order to have any effect. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes

cluster.cluster.query.temporarySpaceUnlimited

bool

false

TemporarySpaceUnlimited allows the temporary storage used by the query service backfill, per-pod, to be unconstrained. This field requires backfillEnabled to be set to true in order to have any effect. This field overrides temporarySpace.

cluster.cluster.queryServiceMemoryQuota

string

nil

QueryServiceMemQuota is a dummy field. By default, Couchbase server provides no memory resource constraints for the query service, so this has no effect on Couchbase server. It is, however, used when the spec.autoResourceAllocation feature is enabled, and is used to define the amount of memory reserved by the query service for use with Kubernetes resource scheduling. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes

cluster.cluster.searchServiceMemoryQuota

string

"256Mi"

SearchServiceMemQuota is the amount of memory that should be allocated to the search service. This value is per-pod, and only applicable to pods belonging to server classes running the search service. This field must be a quantity greater than or equal to 256Mi. This field defaults to 256Mi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes

cluster.enableOnlineVolumeExpansion

bool

false

EnableOnlineVolumeExpansion enables online expansion of Persistent Volumes. You can only expand a PVC if its storage class’s "allowVolumeExpansion" field is set to true. Additionally, Kubernetes feature "ExpandInUsePersistentVolumes" must be enabled in order to expand the volumes which are actively bound to Pods. Volumes can only be expanded and not reduced to a smaller size. See: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#resizing-an- in-use-persistentvolumeclaim If "EnableOnlineVolumeExpansion" is enabled for use within an environment that does not actually support online volume and file system expansion then the cluster will fallback to rolling upgrade procedure to create a new set of Pods for use with resized Volumes. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#expanding-persistent-volumes-claims

cluster.enablePreviewScaling

bool

false

DEPRECATED - This option only exists for backwards compatibility and no longer restricts autoscaling to ephemeral services. EnablePreviewScaling enables autoscaling for stateful services and buckets.

cluster.hibernate

bool

false

Hibernate is whether to hibernate the cluster.

cluster.hibernationStrategy

string

nil

HibernationStrategy defines how to hibernate the cluster. When Immediate the Operator will immediately delete all pods and take no further action until the hibernate field is set to false.

cluster.image

string

"couchbase/server:7.0.2"

Image is the container image name that will be used to launch Couchbase server instances. Updating this field will cause an automatic upgrade of the cluster.

cluster.logging

object

{"audit":{"disabledEvents":null,"disabledUsers":null,"enabled":false,"garbageCollection":{"sidecar":{"age":"1h","enabled":false,"image":"busybox:1.33.1","interval":"20m","resources":{"limits":null,"requests":null}}},"rotation":{"interval":"15m","size":"20Mi"}},"logRetentionCount":null,"logRetentionTime":null,"server":{"configurationName":"fluent-bit-config","enabled":false,"manageConfiguration":true,"sidecar":{"configurationMountPath":"/fluent-bit/config/","image":"couchbase/fluent-bit:1.1.1","resources":{"limits":null,"requests":null}}}}

Logging defines Operator logging options.

cluster.logging.audit

object

{"disabledEvents":null,"disabledUsers":null,"enabled":false,"garbageCollection":{"sidecar":{"age":"1h","enabled":false,"image":"busybox:1.33.1","interval":"20m","resources":{"limits":null,"requests":null}}},"rotation":{"interval":"15m","size":"20Mi"}}

Used to manage the audit configuration directly

cluster.logging.audit.disabledEvents

string

nil

The list of event ids to disable for auditing purposes. This is passed to the REST API with no verification by the operator. Refer to the documentation for details: https://docs.couchbase.com/server/current/audit-event-reference/audit-event-reference.html

cluster.logging.audit.disabledUsers

string

nil

The list of users to ignore for auditing purposes. This is passed to the REST API with minimal validation it meets an acceptable regex pattern. Refer to the documentation for full details on how to configure this: https://docs.couchbase.com/server/current/manage/manage-security/manage-auditing.html#ignoring-events-by-user

cluster.logging.audit.enabled

bool

false

Enabled is a boolean that enables the audit capabilities.

cluster.logging.audit.garbageCollection

object

{"sidecar":{"age":"1h","enabled":false,"image":"busybox:1.33.1","interval":"20m","resources":{"limits":null,"requests":null}}}

Handle all optional garbage collection (GC) configuration for the audit functionality. This is not part of the audit REST API, it is intended to handle GC automatically for the audit logs. By default the Couchbase Server rotates the audit logs but does not clean up the rotated logs. This is left as an operation for the cluster administrator to manage, the operator allows for us to automate this: https://docs.couchbase.com/server/current/manage/manage-security/manage-auditing.html

cluster.logging.audit.rotation

object

{"interval":"15m","size":"20Mi"}

The interval to optionally rotate the audit log. This is passed to the REST API, see here for details: https://docs.couchbase.com/server/current/manage/manage-security/manage-auditing.html

cluster.logging.logRetentionCount

string

nil

LogRetentionCount gives the number of persistent log PVCs to keep.

cluster.logging.logRetentionTime

string

nil

LogRetentionTime gives the time to keep persistent log PVCs alive for.

cluster.logging.server

object

{"configurationName":"fluent-bit-config","enabled":false,"manageConfiguration":true,"sidecar":{"configurationMountPath":"/fluent-bit/config/","image":"couchbase/fluent-bit:1.1.1","resources":{"limits":null,"requests":null}}}

Specification of all logging configuration required to manage the sidecar containers in each pod.

cluster.logging.server.configurationName

string

"fluent-bit-config"

ConfigurationName is the name of the Secret to use holding the logging configuration in the namespace. A Secret is used to ensure we can safely store credentials but this can be populated from plaintext if acceptable too. If it does not exist then one will be created with defaults in the namespace so it can be easily updated whilst running. Note that if running multiple clusters in the same kubernetes namespace then you should use a separate Secret for each, otherwise the first cluster will take ownership (if created) and the Secret will be cleaned up when that cluster is removed. If running clusters in separate namespaces then they will be separate Secrets anyway.

cluster.logging.server.enabled

bool

false

Enabled is a boolean that enables the logging sidecar container.

cluster.logging.server.manageConfiguration

bool

true

A boolean which indicates whether the operator should manage the configuration or not. If omitted then this defaults to true which means the operator will attempt to reconcile it to default values. To use a custom configuration make sure to set this to false. Note that the ownership of any Secret is not changed so if a Secret is created externally it can be updated by the operator but it’s ownership stays the same so it will be cleaned up when it’s owner is.

cluster.logging.server.sidecar

object

{"configurationMountPath":"/fluent-bit/config/","image":"couchbase/fluent-bit:1.1.1","resources":{"limits":null,"requests":null}}

Any specific logging sidecar container configuration.

cluster.monitoring

object

{}

Monitoring defines any Operator managed integration into 3rd party monitoring infrastructure.

cluster.name

string

nil

Name of the cluster, defaults to name of chart release

cluster.networking

object

{"addressFamily":null,"adminConsoleServiceTemplate":{"metadata":{"annotations":null,"labels":null},"spec":{"clusterIP":null,"clusterIPs":null,"externalIPs":null,"externalName":null,"externalTrafficPolicy":null,"healthCheckNodePort":null,"internalTrafficPolicy":null,"ipFamilies":null,"ipFamilyPolicy":null,"loadBalancerClass":null,"loadBalancerIP":null,"loadBalancerSourceRanges":null,"sessionAffinity":null,"sessionAffinityConfig":{"clientIP":{"timeoutSeconds":null}},"type":"NodePort"}},"adminConsoleServices":["data"],"disableUIOverHTTP":false,"disableUIOverHTTPS":false,"dns":{"domain":null},"exposeAdminConsole":true,"exposedFeatureServiceTemplate":{"metadata":{"annotations":null,"labels":null},"spec":{"clusterIP":null,"clusterIPs":null,"externalIPs":null,"externalName":null,"externalTrafficPolicy":null,"healthCheckNodePort":null,"internalTrafficPolicy":null,"ipFamilies":null,"ipFamilyPolicy":null,"loadBalancerClass":null,"loadBalancerIP":null,"loadBalancerSourceRanges":null,"sessionAffinity":null,"sessionAffinityConfig":{"clientIP":{"timeoutSeconds":null}},"type":"NodePort"}},"exposedFeatureTrafficPolicy":null,"exposedFeatures":["client","xdcr"],"loadBalancerSourceRanges":null,"networkPlatform":null,"serviceAnnotations":null,"waitForAddressReachable":"10m","waitForAddressReachableDelay":"2m"}

Networking defines Couchbase cluster networking options such as network topology, TLS and DDNS settings.

cluster.networking.addressFamily

string

nil

AddressFamily allows the manual selection of the address family to use. When this field is not set, Couchbase server will default to using IPv4 for internal communication and also support IPv6 on dual stack systems. Setting this field to either IPv4 or IPv6 will force Couchbase to use the selected protocol for internal communication, and also disable all other protocols to provide added security and simplicty when defining firewall rules. Disabling of address families is only supported in Couchbase Server 7.0.2+.

cluster.networking.adminConsoleServiceTemplate

object

{"metadata":{"annotations":null,"labels":null},"spec":{"clusterIP":null,"clusterIPs":null,"externalIPs":null,"externalName":null,"externalTrafficPolicy":null,"healthCheckNodePort":null,"internalTrafficPolicy":null,"ipFamilies":null,"ipFamilyPolicy":null,"loadBalancerClass":null,"loadBalancerIP":null,"loadBalancerSourceRanges":null,"sessionAffinity":null,"sessionAffinityConfig":{"clientIP":{"timeoutSeconds":null}},"type":"NodePort"}}

AdminConsoleServiceTemplate provides a template used by the Operator to create and manage the admin console service. This allows services to be annotated, the service type defined and any other options that Kubernetes provides. When using a LoadBalancer service type, TLS and dynamic DNS must also be enabled. The Operator reserves the right to modify or replace any field. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#service-v1-core

cluster.networking.adminConsoleServiceTemplate.metadata

object

{"annotations":null,"labels":null}

Standard objects metadata. This is a curated version for use with Couchbase resource templates.

cluster.networking.adminConsoleServiceTemplate.spec

object

{"clusterIP":null,"clusterIPs":null,"externalIPs":null,"externalName":null,"externalTrafficPolicy":null,"healthCheckNodePort":null,"internalTrafficPolicy":null,"ipFamilies":null,"ipFamilyPolicy":null,"loadBalancerClass":null,"loadBalancerIP":null,"loadBalancerSourceRanges":null,"sessionAffinity":null,"sessionAffinityConfig":{"clientIP":{"timeoutSeconds":null}},"type":"NodePort"}

ServiceSpec describes the attributes that a user creates on a service.

cluster.networking.adminConsoleServices

list

["data"]

DEPRECATED - not required by Couchbase Server 6.5.0 onward. AdminConsoleServices is a selector to choose specific services to expose via the admin console. This field may contain any of "data", "index", "query", "search", "eventing" and "analytics". Each service may only be included once.

cluster.networking.disableUIOverHTTP

bool

false

DisableUIOverHTTP is used to explicitly enable and disable UI access over the HTTP protocol. If not specified, this field defaults to false.

cluster.networking.disableUIOverHTTPS

bool

false

DisableUIOverHTTPS is used to explicitly enable and disable UI access over the HTTPS protocol. If not specified, this field defaults to false.

cluster.networking.dns

object

{"domain":null}

DNS defines information required for Dynamic DNS support.

cluster.networking.dns.domain

string

nil

Domain is the domain to create pods in. When populated the Operator will annotate the admin console and per-pod services with the key "external-dns.alpha.kubernetes.io/hostname". These annotations can be used directly by a Kubernetes External-DNS controller to replicate load balancer service IP addresses into a public DNS server.

cluster.networking.exposeAdminConsole

bool

true

ExposeAdminConsole creates a service referencing the admin console. The service is configured by the adminConsoleServiceTemplate field.

cluster.networking.exposedFeatureServiceTemplate

object

{"metadata":{"annotations":null,"labels":null},"spec":{"clusterIP":null,"clusterIPs":null,"externalIPs":null,"externalName":null,"externalTrafficPolicy":null,"healthCheckNodePort":null,"internalTrafficPolicy":null,"ipFamilies":null,"ipFamilyPolicy":null,"loadBalancerClass":null,"loadBalancerIP":null,"loadBalancerSourceRanges":null,"sessionAffinity":null,"sessionAffinityConfig":{"clientIP":{"timeoutSeconds":null}},"type":"NodePort"}}

ExposedFeatureServiceTemplate provides a template used by the Operator to create and manage per-pod services. This allows services to be annotated, the service type defined and any other options that Kubernetes provides. When using a LoadBalancer service type, TLS and dynamic DNS must also be enabled. The Operator reserves the right to modify or replace any field. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#service-v1-core

cluster.networking.exposedFeatureServiceTemplate.metadata

object

{"annotations":null,"labels":null}

Standard objects metadata. This is a curated version for use with Couchbase resource templates.

cluster.networking.exposedFeatureServiceTemplate.spec

object

{"clusterIP":null,"clusterIPs":null,"externalIPs":null,"externalName":null,"externalTrafficPolicy":null,"healthCheckNodePort":null,"internalTrafficPolicy":null,"ipFamilies":null,"ipFamilyPolicy":null,"loadBalancerClass":null,"loadBalancerIP":null,"loadBalancerSourceRanges":null,"sessionAffinity":null,"sessionAffinityConfig":{"clientIP":{"timeoutSeconds":null}},"type":"NodePort"}

ServiceSpec describes the attributes that a user creates on a service.

cluster.networking.exposedFeatureTrafficPolicy

string

nil

DEPRECATED - by exposedFeatureServiceTemplate. ExposedFeatureTrafficPolicy defines how packets should be routed from a load balancer service to a Couchbase pod. When local, traffic is routed directly to the pod. When cluster, traffic is routed to any node, then forwarded on. While cluster routing may be slower, there are some situations where it is required for connectivity. This field must be either "Cluster" or "Local", defaulting to "Local",

cluster.networking.exposedFeatures

list

["client","xdcr"]

ExposedFeatures is a list of Couchbase features to expose when using a networking model that exposes the Couchbase cluster externally to Kubernetes. This field also triggers the creation of per-pod services used by clients to connect to the Couchbase cluster. When admin, only the administrator port is exposed, allowing remote administration. When xdcr, only the services required for remote replication are exposed. The xdcr feature is only required when the cluster is the destination of an XDCR replication. When client, all services are exposed as required for client SDK operation. This field may contain any of "admin", "xdcr" and "client". Each feature may only be included once.

cluster.networking.loadBalancerSourceRanges

string

nil

DEPRECATED - by adminConsoleServiceTemplate and exposedFeatureServiceTemplate. LoadBalancerSourceRanges applies only when an exposed service is of type LoadBalancer and limits the source IP ranges that are allowed to use the service. Items must use IPv4 class-less interdomain routing (CIDR) notation e.g. 10.0.0.0/16.

cluster.networking.networkPlatform

string

nil

NetworkPlatform is used to enable support for various networking technologies. This field must be one of "Istio".

cluster.networking.serviceAnnotations

string

nil

DEPRECATED - by adminConsoleServiceTemplate and exposedFeatureServiceTemplate. ServiceAnnotations allows services to be annotated with custom labels. Operator annotations are merged on top of these so have precedence as they are required for correct operation.

cluster.networking.waitForAddressReachable

string

"10m"

WaitForAddressReachable is used to set the timeout between when polling of external addresses is started, and when it is deemed a failure. Polling of DNS name availability inherently dangerous due to negative caching, so prefer the use of an initial waitForAddressReachableDelay to allow propagation.

cluster.networking.waitForAddressReachableDelay

string

"2m"

WaitForAddressReachableDelay is used to defer operator checks that ensure external addresses are reachable before new nodes are balanced in to the cluster. This prevents negative DNS caching while waiting for external-DDNS controllers to propagate addresses.

cluster.paused

bool

false

Paused is to pause the control of the operator for the Couchbase cluster. This does not pause the cluster itself, instead stopping the operator from taking any action.

cluster.platform

string

nil

Platform gives a hint as to what platform we are running on and how to configure services. This field must be one of "aws", "gke" or "azure".

cluster.recoveryPolicy

string

nil

RecoveryPolicy controls how aggressive the Operator is when recovering cluster topology. When PrioritizeDataIntegrity, the Operator will delegate failover exclusively to Couchbase server, relying on it to only allow recovery when safe to do so. When PrioritizeUptime, the Operator will wait for a period after the expected auto-failover of the cluster, before forcefully failing-over the pods. This may cause data loss, and is only expected to be used on clusters with ephemeral data, where the loss of the pod means that the data is known to be unrecoverable. This field must be either "PrioritizeDataIntegrity" or "PrioritizeUptime", defaulting to "PrioritizeDataIntegrity".

cluster.rollingUpgrade

object

{"maxUpgradable":null,"maxUpgradablePercent":null}

When spec.upgradeStrategy is set to RollingUpgrade it will, by default, upgrade one pod at a time. If this field is specified then that number can be increased.

cluster.rollingUpgrade.maxUpgradable

string

nil

MaxUpgradable allows the number of pods affected by an upgrade at any one time to be increased. By default a rolling upgrade will upgrade one pod at a time. This field allows that limit to be removed. This field must be greater than zero. The smallest of maxUpgradable and maxUpgradablePercent takes precedence if both are defined.

cluster.rollingUpgrade.maxUpgradablePercent

string

nil

MaxUpgradablePercent allows the number of pods affected by an upgrade at any one time to be increased. By default a rolling upgrade will upgrade one pod at a time. This field allows that limit to be removed. This field must be an integer percentage, e.g. "10%", in the range 1% to 100%. Percentages are relative to the total cluster size, and rounded down to the nearest whole number, with a minimum of 1. For example, a 10 pod cluster, and 25% allowed to upgrade, would yield 2.5 pods per iteration, rounded down to 2. The smallest of maxUpgradable and maxUpgradablePercent takes precedence if both are defined.

cluster.security

object

{"adminSecret":"","password":"","rbac":{"managed":true,"selector":{"matchExpressions":{"key":null,"operator":null,"values":null},"matchLabels":null}},"username":"Administrator"}

Security defines Couchbase cluster security options such as the administrator account username and password, and user RBAC settings.

cluster.security.adminSecret

string

""

AdminSecret is the name of a Kubernetes secret to use for administrator authentication. The admin secret must contain the keys "username" and "password". The password data must be at least 6 characters in length, and not contain the any of the characters ()<>,;:\"/[]?={}.

cluster.security.password

string

""

Cluster administrator pasword, auto-generated when empty

cluster.security.rbac

object

{"managed":true,"selector":{"matchExpressions":{"key":null,"operator":null,"values":null},"matchLabels":null}}

Couchbase RBAC Users

cluster.security.rbac.managed

bool

true

Managed defines whether RBAC is managed by us or the clients.

cluster.security.rbac.selector

object

{"matchExpressions":{"key":null,"operator":null,"values":null},"matchLabels":null}

Selector is a label selector used to list RBAC resources in the namespace that are managed by the Operator.

cluster.security.username

string

"Administrator"

Cluster administrator username

cluster.securityContext

object

{"fsGroup":1000,"fsGroupChangePolicy":null,"runAsGroup":null,"runAsNonRoot":true,"runAsUser":1000,"seLinuxOptions":{"level":null,"role":null,"type":null,"user":null},"seccompProfile":{"localhostProfile":null,"type":null},"supplementalGroups":null,"sysctls":[],"windowsOptions":{}}

SecurityContext allows the configuration of the security context for all Couchbase server pods. When using persistent volumes you may need to set the fsGroup field in order to write to the volume. For non-root clusters you must also set runAsUser to 1000, corresponding to the Couchbase user in official container images. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

cluster.securityContext.fsGroup

int

1000

A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR’d with rw-rw---- If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows.

cluster.securityContext.fsGroupChangePolicy

string

nil

fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows.

cluster.securityContext.runAsGroup

string

nil

The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.

cluster.securityContext.runAsNonRoot

bool

true

Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

cluster.securityContext.runAsUser

int

1000

The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.

cluster.securityContext.seLinuxOptions

object

{"level":null,"role":null,"type":null,"user":null}

The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.

cluster.securityContext.seLinuxOptions.level

string

nil

Level is SELinux level label that applies to the container.

cluster.securityContext.seLinuxOptions.role

string

nil

Role is a SELinux role label that applies to the container.

cluster.securityContext.seLinuxOptions.type

string

nil

Type is a SELinux type label that applies to the container.

cluster.securityContext.seLinuxOptions.user

string

nil

User is a SELinux user label that applies to the container.

cluster.securityContext.seccompProfile

object

{"localhostProfile":null,"type":null}

The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.

cluster.securityContext.seccompProfile.localhostProfile

string

nil

localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet’s configured seccomp profile location. Must only be set if type is "Localhost".

cluster.securityContext.seccompProfile.type

string

nil

type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.

cluster.securityContext.supplementalGroups

string

nil

A list of groups applied to the first process run in each container, in addition to the container’s primary GID. If unspecified, no groups will be added to any container. Note that this field cannot be set when spec.os.name is windows.

cluster.securityContext.sysctls

list

[]

Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows.

cluster.securityContext.windowsOptions

object

{}

The Windows specific settings applied to all containers. If unspecified, the options within a container’s SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.

cluster.serverGroups

string

nil

ServerGroups define the set of availability zones you want to distribute pods over, and construct Couchbase server groups for. By default, most cloud providers will label nodes with the key "topology.kubernetes.io/zone", the values associated with that key are used here to provide explicit scheduling by the Operator. You may manually label nodes using the "topology.kubernetes.io/zone" key, to provide failure-domain aware scheduling when none is provided for you. Global server groups are applied to all server classes, and may be overridden on a per-server class basis to give more control over scheduling and server groups.

cluster.servers

object

{"default":{"autoscaleEnabled":false,"env":[],"envFrom":[],"pod":{"spec":{}},"services":["data","index","query","search","analytics","eventing"],"size":3}}

Servers defines server classes for the Operator to provision and manage. A server class defines what services are running and how many members make up that class. Specifying multiple server classes allows the Operator to provision clusters with Multi-Dimensional Scaling (MDS). At least one server class must be defined, and at least one server class must be running the data service.

cluster.servers.default

object

{"autoscaleEnabled":false,"env":[],"envFrom":[],"pod":{"spec":{}},"services":["data","index","query","search","analytics","eventing"],"size":3}

Name for the server configuration. It must be unique.

cluster.servers.default.autoscaleEnabled

bool

false

AutoscaledEnabled defines whether the autoscaling feature is enabled for this class. When true, the Operator will create a CouchbaseAutoscaler resource for this server class. The CouchbaseAutoscaler implements the Kubernetes scale API and can be controlled by the Kubernetes horizontal pod autoscaler (HPA).

cluster.servers.default.env

list

[]

Env allows the setting of environment variables in the Couchbase server container.

cluster.servers.default.envFrom

list

[]

EnvFrom allows the setting of environment variables in the Couchbase server container.

cluster.servers.default.pod

object

{"spec":{}}

Pod defines a template used to create pod for each Couchbase server instance. Modifying pod metadata such as labels and annotations will update the pod in-place. Any other modification will result in a cluster upgrade in order to fulfill the request. The Operator reserves the right to modify or replace any field. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#pod-v1-core

cluster.servers.default.services

list

["data","index","query","search","analytics","eventing"]

Services is the set of Couchbase services to run on this server class. At least one class must contain the data service. The field may contain any of "data", "index", "query", "search", "eventing" or "analytics". Each service may only be specified once.

cluster.servers.default.size

int

3

Size is the expected requested of the server class. This field must be greater than or equal to 1.

cluster.softwareUpdateNotifications

bool

false

SoftwareUpdateNotifications enables software update notifications in the UI. When enabled, the UI will alert when a Couchbase server upgrade is available.

cluster.upgradeStrategy

string

nil

UpgradeStrategy controls how aggressive the Operator is when performing a cluster upgrade. When a rolling upgrade is requested, pods are upgraded one at a time. This strategy is slower, however less disruptive. When an immediate upgrade strategy is requested, all pods are upgraded at the same time. This strategy is faster, but more disruptive. This field must be either "RollingUpgrade" or "ImmediateUpgrade", defaulting to "RollingUpgrade".

cluster.volumeClaimTemplates

object

{"metadata":{"annotations":null,"labels":null,"name":null},"spec":{"accessModes":null,"dataSourceRef":{"apiGroup":null,"kind":null,"name":null},"resources":{"limits":null,"requests":null},"selector":{"matchExpressions":{"key":null,"operator":null,"values":null},"matchLabels":null},"storageClassName":null,"volumeMode":null,"volumeName":null}}

VolumeClaimTemplates define the desired characteristics of a volume that can be requested/claimed by a pod, for example the storage class to use and the volume size. Volume claim templates are referred to by name by server class volume mount configuration.

cluster.volumeClaimTemplates.metadata

object

{"annotations":null,"labels":null,"name":null}

Standard objects metadata. This is a curated version for use with Couchbase resource templates.

cluster.volumeClaimTemplates.metadata.annotations

string

nil

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

cluster.volumeClaimTemplates.metadata.labels

string

nil

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

cluster.volumeClaimTemplates.metadata.name

string

nil

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

cluster.volumeClaimTemplates.spec

object

{"accessModes":null,"dataSourceRef":{"apiGroup":null,"kind":null,"name":null},"resources":{"limits":null,"requests":null},"selector":{"matchExpressions":{"key":null,"operator":null,"values":null},"matchLabels":null},"storageClassName":null,"volumeMode":null,"volumeName":null}

PersistentVolumeClaimSpec describes the common attributes of storage devices and allows a Source for provider-specific attributes

cluster.volumeClaimTemplates.spec.accessModes

string

nil

AccessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1

cluster.volumeClaimTemplates.spec.dataSourceRef

object

{"apiGroup":null,"kind":null,"name":null}

Specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non- empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Alpha) Using this field requires the AnyVolumeDataSource feature gate to be enabled.

cluster.volumeClaimTemplates.spec.resources

object

{"limits":null,"requests":null}

Resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources

cluster.volumeClaimTemplates.spec.selector

object

{"matchExpressions":{"key":null,"operator":null,"values":null},"matchLabels":null}

A label query over volumes to consider for binding.

cluster.volumeClaimTemplates.spec.storageClassName

string

nil

Name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1

cluster.volumeClaimTemplates.spec.volumeMode

string

nil

volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.

cluster.volumeClaimTemplates.spec.volumeName

string

nil

VolumeName is the binding reference to the PersistentVolume backing this claim.

cluster.xdcr

object

{"managed":false,"remoteClusters":{"authenticationSecret":null,"hostname":null,"name":null,"replications":{"selector":{"matchExpressions":{"key":null,"operator":null,"values":null},"matchLabels":null}},"tls":{"secret":null},"uuid":null}}

XDCR defines whether the Operator should manage XDCR, remote clusters and how to lookup replication resources.

cluster.xdcr.managed

bool

false

Managed defines whether XDCR is managed by the operator or not.

cluster.xdcr.remoteClusters

object

{"authenticationSecret":null,"hostname":null,"name":null,"replications":{"selector":{"matchExpressions":{"key":null,"operator":null,"values":null},"matchLabels":null}},"tls":{"secret":null},"uuid":null}

RemoteClusters is a set of named remote clusters to establish replications to.

cluster.xdcr.remoteClusters.authenticationSecret

string

nil

AuthenticationSecret is a secret used to authenticate when establishing a remote connection. It is only required when not using mTLS. The secret must contain a username (secret key "username") and password (secret key "password").

cluster.xdcr.remoteClusters.hostname

string

nil

Hostname is the connection string to use to connect the remote cluster.

cluster.xdcr.remoteClusters.name

string

nil

Name of the remote cluster.

cluster.xdcr.remoteClusters.replications

object

{"selector":{"matchExpressions":{"key":null,"operator":null,"values":null},"matchLabels":null}}

Replications are replication streams from this cluster to the remote one. This field defines how to look up CouchbaseReplication resources. By default any CouchbaseReplication resources in the namespace will be considered.

cluster.xdcr.remoteClusters.tls

object

{"secret":null}

TLS if specified references a resource containing the necessary certificate data for an encrypted connection.

cluster.xdcr.remoteClusters.uuid

string

nil

UUID of the remote cluster. The UUID of a CouchbaseCluster resource is advertised in the status.clusterId field of the resource.

collectiongroups

object

{}

Uncomment to create a "couchbasecollectiongroups" resource Defines a group of collections. A collection is a data container, defined on Couchbase Server, within a bucket whose type is either Couchbase or Ephemeral. See https://docs.couchbase.com/operator/current/resource/couchbasecollectiongroup.html

collections

object

{}

Uncomment to create a "couchbasecollections" resource A collection is a data container, defined on Couchbase Server, within a bucket whose type is either Couchbase or Ephemeral. See https://docs.couchbase.com/operator/current/resource/couchbasecollection.html

coredns

object

{"searches":["default.svc.cluster.local","svc.cluster.local","cluster.local"],"service":null}

Coredns service configuration to be applied to pods for cross-cluster deployments

coredns.searches

list

["default.svc.cluster.local","svc.cluster.local","cluster.local"]

Search list for host-name lookup

coredns.service

string

nil

Name of Kubernetes service which exposes DNS endpoints

couchbaseOperator.commandArgs

object

{"pod-create-timeout":"10m"}

Set of command-line flags to pass on to the Operator to modify its behavior. see: https://docs.couchbase.com/operator/2.0/reference-operator-configuration.html#command-line-arguments

couchbaseOperator.commandArgs.pod-create-timeout

string

"10m"

Pod creation timeout. The Operator allows the timeout of pod creation to be manually configured. It is primarily intended for use on cloud platforms where the deployment of multiple volumes and pulling of a Couchbase Server container image may take a longer time than the default timeout period.

couchbaseOperator.image

object

{"repository":"couchbase/operator","tag":"2.3.0"}

Image specifies repository and tag of the Couchbase Operator container.

couchbaseOperator.imagePullPolicy

string

"IfNotPresent"

The policy for pulling images from the repository onto hosts. The imagePullPolicy value defaults to IfNotPresent, which means that images are only pulled if they’re not present on the Kubernetes node. Values allowed are Always, IfNotPresent, and Never.

couchbaseOperator.imagePullSecrets

list

[]

ImagePullSecrets is an optional list of references to secrets to use for pulling images.

couchbaseOperator.name

string

"couchbase-operator"

Name of the couchbase operator Deployment

couchbaseOperator.nodeSelector

object

{}

Specify a node selection constraint for couchbase-admission-operator pod assignment. — Ref: https://kubernetes.io/docs/user-guide/node-selection/

couchbaseOperator.resources

object

{}

Resource Limits and requests for Pod CPU and Memory

couchbaseOperator.scope

string

"Role"

RBAC Scope of the Operator. Must be either 'Role' or 'ClusterRole'

couchbaseOperator.tolerations

list

[]

Tolerations are applied to pods, and allow (but do not require) the pods to schedule onto nodes with matching taints.

install.admissionController

bool

true

Install the admission controller

install.couchbaseCluster

bool

true

Install couchbase cluster

install.couchbaseOperator

bool

true

Install the couchbase operator

install.syncGateway

bool

false

Install sync gateway

scopegroups

object

{}

Uncomment to create a "couchbasescopegroups" resource CouchbaseScopeGroup represents a logical unit of data storage that sits between buckets and collections e.g. a bucket may contain multiple scopes, and a scope may contain multiple collections. See https://docs.couchbase.com/operator/current/resource/couchbasescopegroup.html

scopes

object

{}

Uncomment to create a "couchbasescopes" resource A scope is simply a single-tier namespace for a group of collections to exist within. Collections within a scope must all have unique names, but collections in different scopes may share the same name. This property allows multi-tenancy. See https://docs.couchbase.com/operator/current/resource/couchbasescope.html

syncGateway.admin.enabled

bool

false

Defines if the admin API will be exposed by sync gateway

syncGateway.affinity

object

{}

Affinity to apply to the pods

syncGateway.config

object

{"databases":{"db":{"allow_conflicts":false,"bucket":"default","cacert":null,"enable_shared_bucket_access":true,"password":null,"revs_limit":20,"server":null,"username":null,"users":{"GUEST":{"admin_channels":[""],"disabled":false}}}},"logging":{"console":{"enabled":true,"log_keys":[""],"log_level":"debug"}}}

Database config

syncGateway.config.databases

object

{"db":{"allow_conflicts":false,"bucket":"default","cacert":null,"enable_shared_bucket_access":true,"password":null,"revs_limit":20,"server":null,"username":null,"users":{"GUEST":{"admin_channels":["*"],"disabled":false}}}}

Databases is a list containing bucket replication configs

syncGateway.config.databases.db.bucket

string

"default"

Bucket replicated to sync gateway

syncGateway.config.databases.db.cacert

string

nil

Optional ca.cert for tls connection (auto-generated when tls.generate true)

syncGateway.config.databases.db.password

string

nil

Password of db admin, defaults to cluster admin password

syncGateway.config.databases.db.server

string

nil

Server to connect db to, defaults to cluster server

syncGateway.config.databases.db.username

string

nil

Username of db admin, defaults to cluster admin username

syncGateway.config.databases.db.users

object

{"GUEST":{"admin_channels":["*"],"disabled":false}}

Guest user config

syncGateway.config.databases.db.users.GUEST.admin_channels

list

["*"]

Channels guest user may access. defaults to all channels

syncGateway.config.databases.db.users.GUEST.disabled

bool

false

Disable creation of guest user

syncGateway.configSecret

string

nil

Optional secret to use with prepoulated database config

syncGateway.exposeServiceType

string

"ClusterIP"

Type of service to use for exposing Sync Gateway Set as empty string to prevent service creation

syncGateway.image

object

{"repository":"couchbase/sync-gateway","tag":"2.8.0-enterprise"}

Image of the sync gateway container

syncGateway.imagePullPolicy

string

"IfNotPresent"

syncGateway.kind

string

"Deployment"

Kind of resource to use when installing sync gateway resource. suppports (Deployment

Statefulset)

syncGateway.labels

object

{}

Labels to apply to the deployment resource

syncGateway.monitoring.prometheus.enabled

bool

false

Defines whether Prometheus metric collection is enabled

syncGateway.monitoring.prometheus.image

object

{"repository":"couchbasesamples/sync-gateway-prometheus-exporter","tag":"latest"}

Image used by the Sync Gateway to perform metric collection (injected as a "sidecar" in each Sync Gateway Pod)

syncGateway.monitoring.prometheus.resources

object

{}

syncGateway.name

string

nil

Name of the sync gateway pod. defaults to name of chart

syncGateway.nodeSelector

object

{}

Which nodes to run the pods on

syncGateway.podLabels

object

{}

Labels to apply to the pods

syncGateway.replicas

int

1

How many sync gateway pods to create horizontally scale the deployment

syncGateway.resources

object

{}

Resources to apply to the pods

syncGateway.revisionHistoryLimit

string

nil

Optional set to change cleanup policy

syncGateway.service.annotations

object

{}

Additional annotations to add to the Sync Gateway service. Useful for setting cloud provider specific annotations controlling the services deployed.

syncGateway.service.externalTrafficPolicy

string

nil

Optionally configure traffic policy for LoadBalancer and NodePort

syncGateway.tolerations

list

[]

Tolerations are applied to pods, and allow (but do not require) the pods to schedule onto nodes with matching taints.

syncGateway.volumeClaimTemplates

list

[{"metadata":{"name":"data"},"spec":{"accessModes":["ReadWriteOnce"],"resources":{"requests":{"storage":"1Gi"}},"storageClassName":"default"}}]

Volume claim template to define size of persistent volumes to provide for stateful sets

syncGateway.volumeMounts

list

[{"mountPath":"/dbs","name":"data","readOnly":true}]

Location within sync gateway to back with persistent volume

tls.expiration

int

365

Expiry time of CA in days for generated certs

tls.generate

bool

false

Enable to auto create certs

tls.legacy

bool

false

Legacy TLS configuration with static format which requires PKCS#1 formatted keys. Legacy format is used implicitly during upgrade when old static keys exist. The default is 'false' which supports additional formats and multiple root CAs.

tls.nodeToNodeEncryption

string

nil

This field defines whether node-to-node encryption is enabled. Must be either 'All' or 'ControlPlaneOnly'. If not specified, data between Couchbase Server nodes is not encrypted.

users

object

{}