A newer version of this documentation is available.

View Latest

CouchbaseCluster Resource

      +

      The CouchbaseCluster resource represents a Couchbase cluster. It allows configuration of cluster topology, networking, storage and security options.

      The following is an example resource, depicting the overall structure and any defaults (consult the field reference for valid values for "empty" values, such as empty strings etc.):

      apiVersion: v2
      kind: CouchbaseCluster
      metadata:
        name: ""
      spec:
        antiAffinity: false
        autoResourceAllocation:
          cpuLimits: 4
          cpuRequests: 2
          enabled: false
          overheadPercent: 25
        autoscaleStabilizationPeriod: ""
        backup:
          annotations:
          image: couchbase/operator-backup:1.3.1
          imagePullSecrets:
          - name: ""
          labels:
          managed: false
          nodeSelector: {}
          objectEndpoint:
            secret: ""
            url: ""
            useVirtualPath: false
          resources: {}
          s3Secret: ""
          selector: {}
          serviceAccountName: couchbase-backup
          tolerations:
          - effect: ""
            key: ""
            operator: ""
            tolerationSeconds: 0
            value: ""
          useIAMRole: false
        buckets:
          managed: false
          selector:
            matchExpressions:
            - key: ""
              operator: ""
              values:
              - ""
            matchLabels:
          synchronize: false
        cluster:
          analyticsServiceMemoryQuota: 1Gi
          autoCompaction:
            databaseFragmentationThreshold:
              percent: 30
              size: ""
            parallelCompaction: false
            timeWindow:
              abortCompactionOutsideWindow: false
              end: ""
              start: ""
            tombstonePurgeInterval: 72h
            viewFragmentationThreshold:
              percent: 30
              size: ""
          autoFailoverMaxCount: 1
          autoFailoverOnDataDiskIssues: false
          autoFailoverOnDataDiskIssuesTimePeriod: 120s
          autoFailoverServerGroup: false
          autoFailoverTimeout: 120s
          clusterName: ""
          data:
            auxIOThreads: 0
            nonIOThreads: 0
            readerThreads: 0
            writerThreads: 0
          dataServiceMemoryQuota: 256Mi
          eventingServiceMemoryQuota: 256Mi
          indexServiceMemoryQuota: 256Mi
          indexStorageSetting: memory_optimized
          indexer:
            logLevel: info
            maxRollbackPoints: 2
            memorySnapshotInterval: 200ms
            numReplica: 0
            redistributeIndexes: false
            stableSnapshotInterval: 5s
            storageMode: memory_optimized
            threads: 0
          query:
            backfillEnabled: True
            temporarySpace: 5Gi
            temporarySpaceUnlimited: false
          queryServiceMemoryQuota: ""
          searchServiceMemoryQuota: 256Mi
        enableOnlineVolumeExpansion: false
        enablePreviewScaling: false
        envImagePrecedence: false
        hibernate: false
        hibernationStrategy: ""
        image: ""
        logging:
          audit:
            disabledEvents:
            - 0
            disabledUsers:
            - ""
            enabled: false
            garbageCollection:
              sidecar:
                age: 1h
                enabled: false
                image: busybox:1.33.1
                interval: 20m
                resources: {}
            rotation:
              interval: 15m
              size: 20Mi
          logRetentionCount: 0
          logRetentionTime: ""
          server:
            configurationName: fluent-bit-config
            enabled: false
            manageConfiguration: True
            sidecar:
              configurationMountPath: /fluent-bit/config/
              image: couchbase/fluent-bit:1.2.1
              resources: {}
        monitoring:
          prometheus:
            authorizationSecret: ""
            enabled: false
            image: ""
            refreshRate: 60
            resources: {}
        networking:
          addressFamily: ""
          adminConsoleServiceTemplate: {}
          adminConsoleServiceType: NodePort
          adminConsoleServices:
          - ""
          cloudNativeGateway:
            image: ""
            tls:
              serverSecretName: ""
          disableUIOverHTTP: false
          disableUIOverHTTPS: false
          dns:
            domain: ""
          exposeAdminConsole: false
          exposedFeatureServiceTemplate: {}
          exposedFeatureServiceType: NodePort
          exposedFeatureTrafficPolicy: ""
          exposedFeatures:
          - ""
          loadBalancerSourceRanges:
          - ""
          networkPlatform: ""
          serviceAnnotations:
          tls:
            allowPlainTextCertReload: false
            cipherSuites:
            - ""
            clientCertificatePaths:
            - delimiter: ""
              path: ""
              prefix: ""
            clientCertificatePolicy: ""
            nodeToNodeEncryption: ""
            passphrase:
              rest:
                addressFamily: inet
                headers:
                timeout: 5000
                url: ""
                verifyPeer: True
              script:
                secret: ""
            rootCAs:
            - ""
            secretSource:
              clientSecretName: ""
              serverSecretName: ""
            static:
              operatorSecret: ""
              serverSecret: ""
            tlsMinimumVersion: TLS1.2
          waitForAddressReachable: 10m
          waitForAddressReachableDelay: 2m
        onlineVolumeExpansionTimeoutInMins: 0
        paused: false
        platform: ""
        recoveryPolicy: ""
        rollingUpgrade:
          maxUpgradable: 0
          maxUpgradablePercent: ""
        security:
          adminSecret: ""
          ldap:
            authenticationEnabled: True
            authorizationEnabled: false
            bindDN: ""
            bindSecret: ""
            cacert: ""
            cacheValueLifetime: 30000
            encryption: ""
            groupsQuery: ""
            hosts:
            - ""
            nestedGroupsEnabled: false
            nestedGroupsMaxDepth: 10
            port: 389
            serverCertValidation: false
            tlsSecret: ""
            userDNMapping:
              query: ""
              template: ""
          podSecurityContext:
            fsGroup: 0
            fsGroupChangePolicy: ""
            runAsGroup: 0
            runAsNonRoot: false
            runAsUser: 0
            seLinuxOptions:
              level: ""
              role: ""
              type: ""
              user: ""
            seccompProfile:
              localhostProfile: ""
              type: ""
            supplementalGroups:
            - 0
            sysctls:
            - name: ""
              value: ""
            windowsOptions:
              gmsaCredentialSpec: ""
              gmsaCredentialSpecName: ""
              hostProcess: false
              runAsUserName: ""
          rbac:
            managed: false
            selector: {}
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              add:
              - ""
              drop:
              - ""
            privileged: false
            procMount: ""
            readOnlyRootFilesystem: false
            runAsGroup: 0
            runAsNonRoot: false
            runAsUser: 0
            seLinuxOptions:
              level: ""
              role: ""
              type: ""
              user: ""
            seccompProfile:
              localhostProfile: ""
              type: ""
            windowsOptions:
              gmsaCredentialSpec: ""
              gmsaCredentialSpecName: ""
              hostProcess: false
              runAsUserName: ""
          uiSessionTimeout: 0
        securityContext: {}
        serverGroups:
        - ""
        servers:
        - autoscaleEnabled: false
          env: []
          envFrom: []
          name: ""
          pod: {}
          resources: {}
          serverGroups:
          - ""
          services:
          - ""
          size: 0
          volumeMounts:
            analytics:
            - ""
            data: ""
            default: ""
            index: ""
            logs: ""
        softwareUpdateNotifications: false
        upgradeProcess: ""
        upgradeStrategy: ""
        volumeClaimTemplates: []
        xdcr:
          managed: false
          remoteClusters:
          - authenticationSecret: ""
            hostname: ""
            name: ""
            replications:
              selector: {}
            tls:
              secret: ""
            uuid: ""
      status:
        allocations:
        - allocatedMemory: ""
          allocatedMemoryPercent: 0
          analyticsServiceAllocation: ""
          dataServiceAllocation: ""
          eventingServiceAllocation: ""
          indexServiceAllocation: ""
          name: ""
          requestedMemory: ""
          searchServiceAllocation: ""
          unusedMemory: ""
          unusedMemoryPercent: 0
        autoscalers:
        - ""
        buckets:
        - compressionMode: ""
          conflictResolution: ""
          enableFlush: false
          enableIndexReplica: false
          evictionPolicy: ""
          ioPriority: ""
          memoryQuota: 0
          name: ""
          password: ""
          replicas: 0
          storageBackend: ""
          type: ""
        clusterId: ""
        conditions:
        - lastTransitionTime: ""
          lastUpdateTime: ""
          message: ""
          reason: ""
          status: ""
          type: ""
        controlPaused: false
        currentVersion: ""
        groups:
        - ""
        members:
          ready:
          - ""
          unready:
          - ""
        size: 0
        users:
        - ""

      couchbaseclusters.apiVersion

      Constraints

      Type: string

      Description

      APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources.

      couchbaseclusters.kind

      Constraints

      Type: string

      Description

      Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds.

      couchbaseclusters.metadata

      Constraints

      Required

      Type: object

      Description

      Standard object metadata as defined for all Kubernetes types.

      For additional details see the Kubernetes reference documentation.

      couchbaseclusters.metadata.name

      Constraints

      Type: string

      Description

      The name of a resource. This must be unique for the kind of resource within the namespace.

      All resources must have a name. The name may be omitted and metadata.generateName used instead to generate a unique resource name.

      For additional details on resource names, see the Kubernetes reference documentation.

      couchbaseclusters.metadata.namespace

      Constraints

      Type: string

      Description

      The namespace the resource resides in. All resources reside in a namespace.

      The namespace is optional and may be specified in YAML configuration to override the namespace supplied by kubectl.

      For additional details on namespaces, see the Kubernetes reference documentation.

      couchbaseclusters.metadata.labels

      Constraints

      Type: map[string]string

      Description

      Labels allow resources to be labeled with key/value pairs of data. Labels are indexed and allow resources to be selected based upon specified labels.

      Labels are relevant for certain types when using label selection within your resources.

      For additional details on labels and selectors, see the Kubernetes reference documentation.

      couchbaseclusters.metadata.annotations

      Constraints

      Type: map[string]string

      Description

      Annotations allow resources to be annotated with key/value pairs of data. Annotations are arbitrary, and not indexed, so cannot be used to select resources, however may be used to add context or accounting to your resources.

      For additional details on annotations, see the Kubernetes reference documentation.

      couchbaseclusters.spec

      Constraints

      Required

      Type: object

      Description

      ClusterSpec is the specification for a CouchbaseCluster resources, and allows the cluster to be customized.

      couchbaseclusters.spec.antiAffinity

      Constraints

      Type: boolean

      Description

      AntiAffinity forces the Operator to schedule different Couchbase server pods on different Kubernetes nodes. Anti-affinity reduces the likelihood of unrecoverable failure in the event of a node issue. Use of anti-affinity is highly recommended for production clusters.

      couchbaseclusters.spec.autoResourceAllocation

      Constraints

      Type: object

      Description

      AutoResourceAllocation populates pod resource requests based on the services running on that pod. When enabled, this feature will calculate the memory request as the total of service allocations defined in spec.cluster, plus an overhead defined by spec.autoResourceAllocation.overheadPercent.Changing individual allocations for a service will cause a cluster upgrade as allocations are modified in the underlying pods. This field also allows default pod CPU requests and limits to be applied. All resource allocations can be overridden by explicitly configuring them in the spec.servers.resources field.

      couchbaseclusters.spec.autoResourceAllocation.cpuLimits

      Constraints

      Type: string

      Default: 4

      Pattern (Regular Expression): ^(\+|-)?[0-9]+(\.[0-9]*)?)|(\.[0-9]+[KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]\*)?)|(\.[0-9]+))?$

      Description

      CPULimits automatically populates the CPU limits across all Couchbase server pods. This field defaults to "4" CPUs. Explicitly specifying the CPU limit for a particular server class will override this value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes.

      couchbaseclusters.spec.autoResourceAllocation.cpuRequests

      Constraints

      Type: string

      Default: 2

      Pattern (Regular Expression): ^(\+|-)?[0-9]+(\.[0-9]*)?)|(\.[0-9]+[KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]\*)?)|(\.[0-9]+))?$

      Description

      CPURequests automatically populates the CPU requests across all Couchbase server pods. The default value of "2", is the minimum recommended number of CPUs required to run Couchbase Server. Explicitly specifying the CPU request for a particular server class will override this value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes.

      couchbaseclusters.spec.autoResourceAllocation.enabled

      Constraints

      Type: boolean

      Description

      Enabled defines whether auto-resource allocation is enabled.

      couchbaseclusters.spec.autoResourceAllocation.overheadPercent

      Constraints

      Type: integer

      Default: 25

      Minimum: 0

      Description

      OverheadPercent defines the amount of memory above that required for individual services on a pod. For Couchbase Server this should be approximately 25%.

      couchbaseclusters.spec.autoscaleStabilizationPeriod

      Constraints

      Type: string

      Description

      AutoscaleStabilizationPeriod defines how long after a rebalance the corresponding HorizontalPodAutoscaler should remain in maintenance mode. During maintenance mode all autoscaling is disabled since every HorizontalPodAutoscaler associated with the cluster becomes inactive. Since certain metrics can be unpredictable when Couchbase is rebalancing or upgrading, setting a stabilization period helps to prevent scaling recommendations from the HorizontalPodAutoscaler for a provided period of time. Values must be a valid Kubernetes duration of 0s or higher: https://golang.org/pkg/time/#ParseDuration A value of 0, puts the cluster in maintenance mode during rebalance but immediately exits this mode once the rebalance has completed. When undefined, the HPA is never put into maintenance mode during rebalance.

      couchbaseclusters.spec.backup

      Constraints

      Type: object

      Description

      Backup defines whether the Operator should manage automated backups, and how to lookup backup resources.

      couchbaseclusters.spec.backup.annotations

      Constraints

      Type: map[string]string

      Description

      Annotations defines additional annotations to appear on the backup/restore pods.

      couchbaseclusters.spec.backup.image

      Constraints

      Required

      Type: string

      Default: couchbase/operator-backup:1.3.1

      Description

      The Backup Image to run on backup pods.

      couchbaseclusters.spec.backup.imagePullSecrets

      Constraints

      Type: []object

      Description

      ImagePullSecrets allow you to use an image from private repositories and non-dockerhub ones.

      couchbaseclusters.spec.backup.imagePullSecrets.name

      Constraints

      Type: string

      Description

      Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?.

      couchbaseclusters.spec.backup.labels

      Constraints

      Type: map[string]string

      Description

      Labels defines additional labels to appear on the backup/restore pods.

      couchbaseclusters.spec.backup.managed

      Constraints

      Type: boolean

      Description

      Managed defines whether backups are managed by us or the clients.

      couchbaseclusters.spec.backup.nodeSelector

      Constraints

      Type: map[string]string

      Description

      NodeSelector defines which nodes to constrain the pods that run any backup and restore operations to.

      couchbaseclusters.spec.backup.objectEndpoint

      Constraints

      Type: object

      Description

      Deprecated: by CouchbaseBackup.spec.objectStore.Endpoint ObjectEndpoint contains the configuration for connecting to a custom S3 compliant object store.

      couchbaseclusters.spec.backup.objectEndpoint.secret

      Constraints

      Type: string

      Description

      The name of the secret, in this namespace, that contains the CA certificate for verification of a TLS endpoint The secret must have the key with the name "tls.crt".

      couchbaseclusters.spec.backup.objectEndpoint.url

      Constraints

      Type: string

      Description

      The host/address of the custom object endpoint.

      couchbaseclusters.spec.backup.objectEndpoint.useVirtualPath

      Constraints

      Type: boolean

      Description

      UseVirtualPath will force the AWS SDK to use the new virtual style paths which are often required by S3 compatible object stores.

      couchbaseclusters.spec.backup.resources

      Constraints

      Type: object

      Description

      Resources is the resource requirements for the backup and restore containers. Will be populated by defaults if not specified.

      couchbaseclusters.spec.backup.s3Secret

      Constraints

      Type: string

      Description

      Deprecated: by CouchbaseBackup.spec.objectStore.secret S3Secret contains the key region and optionally access-key-id and secret-access-key for operating backups in S3. This field must be popluated when the spec.s3bucket field is specified for a backup or restore resource.

      couchbaseclusters.spec.backup.selector

      Constraints

      Type: object

      Description

      Selector allows CouchbaseBackup and CouchbaseBackupRestore resources to be filtered based on labels.

      couchbaseclusters.spec.backup.serviceAccountName

      Constraints

      Type: string

      Default: couchbase-backup

      Description

      The Service Account to run backup (and restore) pods under. Without this backup pods will not be able to update status.

      couchbaseclusters.spec.backup.tolerations

      Constraints

      Type: []object

      Description

      Tolerations specifies all backup and restore pod tolerations.

      couchbaseclusters.spec.backup.tolerations.effect

      Constraints

      Type: string

      Description

      Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.

      couchbaseclusters.spec.backup.tolerations.key

      Constraints

      Type: string

      Description

      Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.

      couchbaseclusters.spec.backup.tolerations.operator

      Constraints

      Type: string

      Description

      Operator represents a key’s relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.

      couchbaseclusters.spec.backup.tolerations.tolerationSeconds

      Constraints

      Type: integer

      Description

      TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.

      couchbaseclusters.spec.backup.tolerations.value

      Constraints

      Type: string

      Description

      Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.

      couchbaseclusters.spec.backup.useIAMRole

      Constraints

      Type: boolean

      Description

      Deprecated: by CouchbaseBackup.spec.objectStore.useIAM UseIAMRole enables backup to fetch EC2 instance metadata. This allows the AWS SDK to use the EC2’s IAM Role for S3 access. UseIAMRole will ignore credentials in s3Secret.

      couchbaseclusters.spec.buckets

      Constraints

      Type: object

      Description

      Buckets defines whether the Operator should manage buckets, and how to lookup bucket resources.

      couchbaseclusters.spec.buckets.managed

      Constraints

      Type: boolean

      Description

      Managed defines whether buckets are managed by the Operator (true), or user managed (false). When Operator managed, all buckets must be defined with either CouchbaseBucket, CouchbaseEphemeralBucket or CouchbaseMemcachedBucket resources. Manual addition of buckets will be reverted by the Operator. When user managed, the Operator will not interrogate buckets at all. This field defaults to false.

      couchbaseclusters.spec.buckets.selector

      Constraints

      Type: object

      Description

      Selector is a label selector used to list buckets in the namespace that are managed by the Operator.

      couchbaseclusters.spec.buckets.selector.matchExpressions

      Constraints

      Type: []object

      Description

      matchExpressions is a list of label selector requirements. The requirements are ANDed.

      couchbaseclusters.spec.buckets.selector.matchExpressions.key

      Constraints

      Required

      Type: string

      Description

      key is the label key that the selector applies to.

      couchbaseclusters.spec.buckets.selector.matchExpressions.operator

      Constraints

      Required

      Type: string

      Description

      operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

      couchbaseclusters.spec.buckets.selector.matchExpressions.values

      Constraints

      Type: []string

      Description

      values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

      couchbaseclusters.spec.buckets.selector.matchLabels

      Constraints

      Type: map[string]string

      Description

      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

      couchbaseclusters.spec.buckets.synchronize

      Constraints

      Type: boolean

      Description

      Synchronize allows unmanaged buckets, scopes, and collections to be synchronized as Kubernetes resources by the Operator. This feature is intended for development only and should not be used for production workloads. The synchronization workflow starts with spec.buckets.managed being set to false, the user can manually create buckets, scopes, and collections using the Couchbase UI, or other tooling. When you wish to commit to Kubernetes resources, you must specify a unique label selector in the spec.buckets.selector field, and this field is set to true. The Operator will create Kubernetes resources for you, and upon completion set the cluster’s Synchronized status condition. Synchronizing will not create a Kubernetes resource for the Couchbase Server maintained _system scope. You may then safely set spec.buckets.managed to true and the Operator will manage these resources as per usual. To update an already managed data topology, you must first set it to unmanaged, make any changes, and delete any old resources, then follow the standard synchronization workflow. The Operator can not, and will not, ever delete, or make modifications to resource specifications that are intended to be user managed, or managed by a life cycle management tool. These actions must be instigated by an end user. For a more complete experience, refer to the documentation for the cao save and cao restore CLI commands.

      couchbaseclusters.spec.cluster

      Constraints

      Type: object

      Default: {}

      Description

      ClusterSettings define Couchbase cluster-wide settings such as memory allocation, failover characteristics and index settings.

      couchbaseclusters.spec.cluster.analyticsServiceMemoryQuota

      Constraints

      Type: string

      Default: 1Gi

      Pattern (Regular Expression): ^(\+|-)?[0-9]+(\.[0-9]*)?)|(\.[0-9]+[KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]\*)?)|(\.[0-9]+))?$

      Description

      AnalyticsServiceMemQuota is the amount of memory that should be allocated to the analytics service. This value is per-pod, and only applicable to pods belonging to server classes running the analytics service. This field must be a quantity greater than or equal to 1Gi. This field defaults to 1Gi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes.

      couchbaseclusters.spec.cluster.autoCompaction

      Constraints

      Type: object

      Default: {}

      Description

      AutoCompaction allows the configuration of auto-compaction, including on what conditions disk space is reclaimed and when it is allowed to run.

      couchbaseclusters.spec.cluster.autoCompaction.databaseFragmentationThreshold

      Constraints

      Type: object

      Default: {}

      Description

      DatabaseFragmentationThreshold defines triggers for when database compaction should start.

      couchbaseclusters.spec.cluster.autoCompaction.databaseFragmentationThreshold.percent

      Constraints

      Type: integer

      Default: 30

      Minimum: 2

      Maximum: 100

      Description

      Percent is the percentage of disk fragmentation after which to decompaction will be triggered. This field must be in the range 2-100, defaulting to 30.

      couchbaseclusters.spec.cluster.autoCompaction.databaseFragmentationThreshold.size

      Constraints

      Type: string

      Pattern (Regular Expression): ^(\+|-)?[0-9]+(\.[0-9]*)?)|(\.[0-9]+[KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]\*)?)|(\.[0-9]+))?$

      Description

      Size is the amount of disk framentation, that once exceeded, will trigger decompaction. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes.

      couchbaseclusters.spec.cluster.autoCompaction.parallelCompaction

      Constraints

      Type: boolean

      Description

      ParallelCompaction controls whether database and view compactions can happen in parallel.

      couchbaseclusters.spec.cluster.autoCompaction.timeWindow

      Constraints

      Type: object

      Description

      TimeWindow allows restriction of when compaction can occur.

      couchbaseclusters.spec.cluster.autoCompaction.timeWindow.abortCompactionOutsideWindow

      Constraints

      Type: boolean

      Default: False

      Description

      AbortCompactionOutsideWindow stops compaction processes when the process moves outside the window.

      couchbaseclusters.spec.cluster.autoCompaction.timeWindow.end

      Constraints

      Type: string

      Pattern (Regular Expression): ^(2[0-3]|[01]?[0-9]):([0-5]?[0-9])$

      Description

      End is a wallclock time, in the form HH:MM, when a compaction should stop.

      couchbaseclusters.spec.cluster.autoCompaction.timeWindow.start

      Constraints

      Type: string

      Pattern (Regular Expression): ^(2[0-3]|[01]?[0-9]):([0-5]?[0-9])$

      Description

      Start is a wallclock time, in the form HH:MM, when a compaction is permitted to start.

      couchbaseclusters.spec.cluster.autoCompaction.tombstonePurgeInterval

      Constraints

      Type: string

      Default: 72h

      Description

      TombstonePurgeInterval controls how long to wait before purging tombstones. This field must be in the range 1h-1440h, defaulting to 72h. More info: https://golang.org/pkg/time/#ParseDuration.

      couchbaseclusters.spec.cluster.autoCompaction.viewFragmentationThreshold

      Constraints

      Type: object

      Default: {}

      Description

      ViewFragmentationThreshold defines triggers for when view compaction should start.

      couchbaseclusters.spec.cluster.autoCompaction.viewFragmentationThreshold.percent

      Constraints

      Type: integer

      Default: 30

      Minimum: 2

      Maximum: 100

      Description

      Percent is the percentage of disk fragmentation after which to decompaction will be triggered. This field must be in the range 2-100, defaulting to 30.

      couchbaseclusters.spec.cluster.autoCompaction.viewFragmentationThreshold.size

      Constraints

      Type: string

      Pattern (Regular Expression): ^(\+|-)?[0-9]+(\.[0-9]*)?)|(\.[0-9]+[KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]\*)?)|(\.[0-9]+))?$

      Description

      Size is the amount of disk framentation, that once exceeded, will trigger decompaction. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes.

      couchbaseclusters.spec.cluster.autoFailoverMaxCount

      Constraints

      Type: integer

      Default: 1

      Minimum: 1

      Description

      AutoFailoverMaxCount is the maximum number of automatic failovers Couchbase server will allow before not allowing any more. This field must be between 1-3 for server versions prior to 7.1.0 default is 1.

      couchbaseclusters.spec.cluster.autoFailoverOnDataDiskIssues

      Constraints

      Type: boolean

      Description

      AutoFailoverOnDataDiskIssues defines whether Couchbase server should failover a pod if a disk issue was detected.

      couchbaseclusters.spec.cluster.autoFailoverOnDataDiskIssuesTimePeriod

      Constraints

      Type: string

      Default: 120s

      Description

      AutoFailoverOnDataDiskIssuesTimePeriod defines how long to wait for transient errors before failing over a faulty disk. This field must be in the range 5-3600s, defaulting to 120s. More info: https://golang.org/pkg/time/#ParseDuration.

      couchbaseclusters.spec.cluster.autoFailoverServerGroup

      Constraints

      Type: boolean

      Description

      AutoFailoverServerGroup whether to enable failing over a server group. This field is ignored in server versions 7.1+ as it has been removed from the Couchbase API.

      couchbaseclusters.spec.cluster.autoFailoverTimeout

      Constraints

      Type: string

      Default: 120s

      Description

      AutoFailoverTimeout defines how long Couchbase server will wait between a pod being witnessed as down, until when it will failover the pod. Couchbase server will only failover pods if it deems it safe to do so, and not result in data loss. This field must be in the range 5-3600s, defaulting to 120s. More info: https://golang.org/pkg/time/#ParseDuration.

      couchbaseclusters.spec.cluster.clusterName

      Constraints

      Type: string

      Description

      ClusterName defines the name of the cluster, as displayed in the Couchbase UI. By default, the cluster name is that specified in the CouchbaseCluster resource’s metadata.

      couchbaseclusters.spec.cluster.data

      Constraints

      Type: object

      Description

      Data allows the data service to be configured.

      couchbaseclusters.spec.cluster.data.auxIOThreads

      Constraints

      Type: integer

      Minimum: 1

      Maximum: 64

      Description

      AuxIOThreads allows the number of threads used by the data service, per pod, to be altered. This indicates the number of threads that are to be used in the AuxIO thread pool to run auxiliary I/O tasks. This value must be between 1 and 64 threads and is only supported on CB versions 7.1.0+. and should only be increased where there are sufficient CPU resources allocated for their use. If not specified, this defaults to the default value set by Couchbase Server.

      couchbaseclusters.spec.cluster.data.nonIOThreads

      Constraints

      Type: integer

      Minimum: 1

      Maximum: 64

      Description

      NonIOThreads allows the number of threads used by the data service, per pod, to be altered. This indicates the number of threads that are to be used in the NonIO thread pool to run in memory tasks. This value must be between 1 and 64 threads and is only supported on CB versions 7.1.0+. and should only be increased where there are sufficient CPU resources allocated for their use. If not specified, this defaults to the default value set by Couchbase Server.

      couchbaseclusters.spec.cluster.data.readerThreads

      Constraints

      Type: integer

      Minimum: 1

      Maximum: 64

      Description

      ReaderThreads allows the number of threads used by the data service, per pod, to be altered. This value must be between 4 and 64 threads for CB versions below 7.1.0 and, or 1 and 64 for CB versions 7.1.0+. and should only be increased where there are sufficient CPU resources allocated for their use. If not specified, this defaults to the default value set by Couchbase Server.

      couchbaseclusters.spec.cluster.data.writerThreads

      Constraints

      Type: integer

      Minimum: 1

      Maximum: 64

      Description

      WriterThreads allows the number of threads used by the data service, per pod, to be altered. This setting is especially relevant when using "durable writes", increasing this field will have a large impact on performance. This value must be between 4 and 64 threads for CB versions below 7.1.0 and, // or 1 and 64 for CB versions 7.1.0+. and should only be increased where there are sufficient CPU resources allocated for their use. If not specified, this defaults to the default value set by Couchbase Server.

      couchbaseclusters.spec.cluster.dataServiceMemoryQuota

      Constraints

      Type: string

      Default: 256Mi

      Pattern (Regular Expression): ^(\+|-)?[0-9]+(\.[0-9]*)?)|(\.[0-9]+[KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]\*)?)|(\.[0-9]+))?$

      Description

      DataServiceMemQuota is the amount of memory that should be allocated to the data service. This value is per-pod, and only applicable to pods belonging to server classes running the data service. This field must be a quantity greater than or equal to 256Mi. This field defaults to 256Mi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes.

      couchbaseclusters.spec.cluster.eventingServiceMemoryQuota

      Constraints

      Type: string

      Default: 256Mi

      Pattern (Regular Expression): ^(\+|-)?[0-9]+(\.[0-9]*)?)|(\.[0-9]+[KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]\*)?)|(\.[0-9]+))?$

      Description

      EventingServiceMemQuota is the amount of memory that should be allocated to the eventing service. This value is per-pod, and only applicable to pods belonging to server classes running the eventing service. This field must be a quantity greater than or equal to 256Mi. This field defaults to 256Mi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes.

      couchbaseclusters.spec.cluster.indexServiceMemoryQuota

      Constraints

      Type: string

      Default: 256Mi

      Pattern (Regular Expression): ^(\+|-)?[0-9]+(\.[0-9]*)?)|(\.[0-9]+[KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]\*)?)|(\.[0-9]+))?$

      Description

      IndexServiceMemQuota is the amount of memory that should be allocated to the index service. This value is per-pod, and only applicable to pods belonging to server classes running the index service. This field must be a quantity greater than or equal to 256Mi. This field defaults to 256Mi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes.

      couchbaseclusters.spec.cluster.indexStorageSetting

      Constraints

      Type: string

      Default: memory_optimized

      Enumerations: memory_optimized, plasma

      Description

      DEPRECATED - by indexer.

      The index storage mode to use for secondary indexing. This field must be one of "memory_optimized" or "plasma", defaulting to "memory_optimized". This field is immutable and cannot be changed unless there are no server classes running the index service in the cluster.

      couchbaseclusters.spec.cluster.indexer

      Constraints

      Type: object

      Description

      Indexer allows the indexer to be configured.

      couchbaseclusters.spec.cluster.indexer.logLevel

      Constraints

      Type: string

      Default: info

      Enumerations: silent, fatal, error, warn, info, verbose, timing, debug, trace

      Description

      LogLevel controls the verbosity of indexer logs. This field must be one of "silent", "fatal", "error", "warn", "info", "verbose", "timing", "debug" or "trace", defaulting to "info".

      couchbaseclusters.spec.cluster.indexer.maxRollbackPoints

      Constraints

      Type: integer

      Default: 2

      Minimum: 1

      Description

      MaxRollbackPoints controls the number of checkpoints that can be rolled back to. The default is 2, with a minimum of 1.

      couchbaseclusters.spec.cluster.indexer.memorySnapshotInterval

      Constraints

      Type: string

      Default: 200ms

      Description

      MemorySnapshotInterval controls when memory indexes should be snapshotted. This defaults to 200ms, and must be greater than or equal to 1ms.

      couchbaseclusters.spec.cluster.indexer.numReplica

      Constraints

      Type: integer

      Default: 0

      Minimum: 0

      Description

      NumberOfReplica specifies number of secondary index replicas to be created by the Index Service whenever CREATE INDEX is invoked, which ensures high availability and high performance. Note, if nodes and num_replica are both specified in the WITH clause, the specified number of nodes must be one greater than num_replica This defaults to 0, which means no index replicas to be created by default. Minimum must be 0.

      couchbaseclusters.spec.cluster.indexer.redistributeIndexes

      Constraints

      Type: boolean

      Default: False

      Description

      RedistributeIndexes when true, Couchbase Server redistributes indexes when rebalance occurs, in order to optimize performance. If false (the default), such redistribution does not occur.

      couchbaseclusters.spec.cluster.indexer.stableSnapshotInterval

      Constraints

      Type: string

      Default: 5s

      Description

      StableSnapshotInterval controls when disk indexes should be snapshotted. This defaults to 5s, and must be greater than or equal to 1ms.

      couchbaseclusters.spec.cluster.indexer.storageMode

      Constraints

      Type: string

      Default: memory_optimized

      Enumerations: memory_optimized, plasma

      Description

      StorageMode controls the underlying storage engine for indexes. Once set it can only be modified if there are no nodes in the cluster running the index service. The field must be one of "memory_optimized" or "plasma", defaulting to "memory_optimized".

      couchbaseclusters.spec.cluster.indexer.threads

      Constraints

      Type: integer

      Minimum: 0

      Description

      Threads controls the number of processor threads to use for indexing. A value of 0 means 1 per CPU. This attribute must be greater than or equal to 0, defaulting to 0.

      couchbaseclusters.spec.cluster.query

      Constraints

      Type: object

      Description

      Query allows the query service to be configured.

      couchbaseclusters.spec.cluster.query.backfillEnabled

      Constraints

      Type: boolean

      Default: True

      Description

      BackfillEnabled allows the query service to backfill.

      couchbaseclusters.spec.cluster.query.temporarySpace

      Constraints

      Type: string

      Default: 5Gi

      Pattern (Regular Expression): ^(\+|-)?[0-9]+(\.[0-9]*)?)|(\.[0-9]+[KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]\*)?)|(\.[0-9]+))?$

      Description

      TemporarySpace allows the temporary storage used by the query service backfill, per-pod, to be modified. This field requires backfillEnabled to be set to true in order to have any effect. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes.

      couchbaseclusters.spec.cluster.query.temporarySpaceUnlimited

      Constraints

      Type: boolean

      Description

      TemporarySpaceUnlimited allows the temporary storage used by the query service backfill, per-pod, to be unconstrained. This field requires backfillEnabled to be set to true in order to have any effect. This field overrides temporarySpace.

      couchbaseclusters.spec.cluster.queryServiceMemoryQuota

      Constraints

      Type: string

      Pattern (Regular Expression): ^(\+|-)?[0-9]+(\.[0-9]*)?)|(\.[0-9]+[KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]\*)?)|(\.[0-9]+))?$

      Description

      QueryServiceMemQuota is a dummy field. By default, Couchbase server provides no memory resource constraints for the query service, so this has no effect on Couchbase server. It is, however, used when the spec.autoResourceAllocation feature is enabled, and is used to define the amount of memory reserved by the query service for use with Kubernetes resource scheduling. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes.

      couchbaseclusters.spec.cluster.searchServiceMemoryQuota

      Constraints

      Type: string

      Default: 256Mi

      Pattern (Regular Expression): ^(\+|-)?[0-9]+(\.[0-9]*)?)|(\.[0-9]+[KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]\*)?)|(\.[0-9]+))?$

      Description

      SearchServiceMemQuota is the amount of memory that should be allocated to the search service. This value is per-pod, and only applicable to pods belonging to server classes running the search service. This field must be a quantity greater than or equal to 256Mi. This field defaults to 256Mi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes.

      couchbaseclusters.spec.enableOnlineVolumeExpansion

      Constraints

      Type: boolean

      Description

      EnableOnlineVolumeExpansion enables online expansion of Persistent Volumes. You can only expand a PVC if its storage class’s "allowVolumeExpansion" field is set to true. Additionally, Kubernetes feature "ExpandInUsePersistentVolumes" must be enabled in order to expand the volumes which are actively bound to Pods. Volumes can only be expanded and not reduced to a smaller size. See: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#resizing-an-in-use-persistentvolumeclaim If "EnableOnlineVolumeExpansion" is enabled for use within an environment that does not actually support online volume and file system expansion then the cluster will fallback to rolling upgrade procedure to create a new set of Pods for use with resized Volumes. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#expanding-persistent-volumes-claims.

      couchbaseclusters.spec.enablePreviewScaling

      Constraints

      Type: boolean

      Description

      DEPRECATED - This option only exists for backwards compatibility and no longer restricts autoscaling to ephemeral services.

      EnablePreviewScaling enables autoscaling for stateful services and buckets.

      couchbaseclusters.spec.envImagePrecedence

      Constraints

      Type: boolean

      Description

      EnvImagePrecedence gives precedence over the default container image name in spec.Image to an image name provided through Operator environment variables. For more info on using Operator environment variables: https://docs.couchbase.com/operator/current/reference-operator-configuration.html.

      couchbaseclusters.spec.hibernate

      Constraints

      Type: boolean

      Description

      Hibernate is whether to hibernate the cluster.

      couchbaseclusters.spec.hibernationStrategy

      Constraints

      Type: string

      Enumerations: Immediate

      Description

      HibernationStrategy defines how to hibernate the cluster. When Immediate the Operator will immediately delete all pods and take no further action until the hibernate field is set to false.

      couchbaseclusters.spec.image

      Constraints

      Required

      Type: string

      Pattern (Regular Expression): ^(.*?(:\d+)?/)?.\*?/.*?(:.\*?\d+\.\d+\.\d+.\*|@sha256:[0-9a-f]{64})$

      Description

      Image is the container image name that will be used to launch Couchbase server instances. Updating this field will cause an automatic upgrade of the cluster.

      couchbaseclusters.spec.logging

      Constraints

      Type: object

      Description

      Logging defines Operator logging options.

      couchbaseclusters.spec.logging.audit

      Constraints

      Type: object

      Description

      Used to manage the audit configuration directly.

      couchbaseclusters.spec.logging.audit.disabledEvents

      Constraints

      Type: []integer

      Description

      The list of event ids to disable for auditing purposes. This is passed to the REST API with no verification by the operator. Refer to the documentation for details: https://docs.couchbase.com/server/current/audit-event-reference/audit-event-reference.html.

      couchbaseclusters.spec.logging.audit.disabledUsers

      Constraints

      Type: []string

      Pattern (Regular Expression): ^.+/(local|external)$

      Description

      The list of users to ignore for auditing purposes. This is passed to the REST API with minimal validation it meets an acceptable regex pattern. Refer to the documentation for full details on how to configure this: https://docs.couchbase.com/server/current/manage/manage-security/manage-auditing.html#ignoring-events-by-user.

      couchbaseclusters.spec.logging.audit.enabled

      Constraints

      Type: boolean

      Description

      Enabled is a boolean that enables the audit capabilities.

      couchbaseclusters.spec.logging.audit.garbageCollection

      Constraints

      Type: object

      Description

      Handle all optional garbage collection (GC) configuration for the audit functionality. This is not part of the audit REST API, it is intended to handle GC automatically for the audit logs. By default the Couchbase Server rotates the audit logs but does not clean up the rotated logs. This is left as an operation for the cluster administrator to manage, the operator allows for us to automate this: https://docs.couchbase.com/server/current/manage/manage-security/manage-auditing.html.

      couchbaseclusters.spec.logging.audit.garbageCollection.sidecar

      Constraints

      Type: object

      Description

      Provide the sidecar configuration required (if so desired) to automatically clean up audit logs.

      couchbaseclusters.spec.logging.audit.garbageCollection.sidecar.age

      Constraints

      Type: string

      Default: 1h

      Description

      The minimum age of rotated log files to remove, defaults to one hour.

      couchbaseclusters.spec.logging.audit.garbageCollection.sidecar.enabled

      Constraints

      Type: boolean

      Description

      Enable this sidecar by setting to true, defaults to being disabled.

      couchbaseclusters.spec.logging.audit.garbageCollection.sidecar.image

      Constraints

      Type: string

      Default: busybox:1.33.1

      Description

      Image is the image to be used to run the audit sidecar helper. No validation is carried out as this can be any arbitrary repo and tag.

      couchbaseclusters.spec.logging.audit.garbageCollection.sidecar.interval

      Constraints

      Type: string

      Default: 20m

      Description

      The interval at which to check for rotated log files to remove, defaults to 20 minutes.

      couchbaseclusters.spec.logging.audit.garbageCollection.sidecar.resources

      Constraints

      Type: object

      Description

      Resources is the resource requirements for the cleanup container. Will be populated by Kubernetes defaults if not specified.

      couchbaseclusters.spec.logging.audit.rotation

      Constraints

      Type: object

      Description

      The interval to optionally rotate the audit log. This is passed to the REST API, see here for details: https://docs.couchbase.com/server/current/manage/manage-security/manage-auditing.html.

      couchbaseclusters.spec.logging.audit.rotation.interval

      Constraints

      Type: string

      Default: 15m

      Description

      The interval at which to rotate log files, defaults to 15 minutes.

      couchbaseclusters.spec.logging.audit.rotation.size

      Constraints

      Type: string

      Default: 20Mi

      Pattern (Regular Expression): ^(\+|-)?[0-9]+(\.[0-9]*)?)|(\.[0-9]+[KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]\*)?)|(\.[0-9]+))?$

      Description

      Size allows the specification of a rotation size for the log, defaults to 20Mi. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes.

      couchbaseclusters.spec.logging.logRetentionCount

      Constraints

      Type: integer

      Minimum: 0

      Description

      LogRetentionCount gives the number of persistent log PVCs to keep.

      couchbaseclusters.spec.logging.logRetentionTime

      Constraints

      Type: string

      Pattern (Regular Expression): ^\d+(ns|us|ms|s|m|h)$

      Description

      LogRetentionTime gives the time to keep persistent log PVCs alive for.

      couchbaseclusters.spec.logging.server

      Constraints

      Type: object

      Description

      Specification of all logging configuration required to manage the sidecar containers in each pod.

      couchbaseclusters.spec.logging.server.configurationName

      Constraints

      Type: string

      Default: fluent-bit-config

      Description

      ConfigurationName is the name of the Secret to use holding the logging configuration in the namespace. A Secret is used to ensure we can safely store credentials but this can be populated from plaintext if acceptable too. If it does not exist then one will be created with defaults in the namespace so it can be easily updated whilst running. Note that if running multiple clusters in the same kubernetes namespace then you should use a separate Secret for each, otherwise the first cluster will take ownership (if created) and the Secret will be cleaned up when that cluster is removed. If running clusters in separate namespaces then they will be separate Secrets anyway.

      couchbaseclusters.spec.logging.server.enabled

      Constraints

      Type: boolean

      Description

      Enabled is a boolean that enables the logging sidecar container.

      couchbaseclusters.spec.logging.server.manageConfiguration

      Constraints

      Type: boolean

      Default: True

      Description

      A boolean which indicates whether the operator should manage the configuration or not. If omitted then this defaults to true which means the operator will attempt to reconcile it to default values. To use a custom configuration make sure to set this to false. Note that the ownership of any Secret is not changed so if a Secret is created externally it can be updated by the operator but it’s ownership stays the same so it will be cleaned up when it’s owner is.

      couchbaseclusters.spec.logging.server.sidecar

      Constraints

      Type: object

      Default: {}

      Description

      Any specific logging sidecar container configuration.

      couchbaseclusters.spec.logging.server.sidecar.configurationMountPath

      Constraints

      Type: string

      Default: /fluent-bit/config/

      Description

      ConfigurationMountPath is the location to mount the ConfigurationName Secret into the image. If another log shipping image is used that needs a different mount then modify this. Note that the configuration file must be called 'fluent-bit.conf' at the root of this path, there is no provision for overriding the name of the config file passed as the COUCHBASE_LOGS_CONFIG_FILE environment variable.

      couchbaseclusters.spec.logging.server.sidecar.image

      Constraints

      Type: string

      Default: couchbase/fluent-bit:1.2.1

      Description

      Image is the image to be used to deal with logging as a sidecar. No validation is carried out as this can be any arbitrary repo and tag. It will default to the latest supported version of Fluent Bit.

      couchbaseclusters.spec.logging.server.sidecar.resources

      Constraints

      Type: object

      Description

      Resources is the resource requirements for the sidecar container. Will be populated by Kubernetes defaults if not specified.

      couchbaseclusters.spec.monitoring

      Constraints

      Type: object

      Description

      Monitoring defines any Operator managed integration into 3rd party monitoring infrastructure.

      couchbaseclusters.spec.monitoring.prometheus

      Constraints

      Type: object

      Description

      Prometheus provides integration with Prometheus monitoring.

      couchbaseclusters.spec.monitoring.prometheus.authorizationSecret

      Constraints

      Type: string

      Description

      AuthorizationSecret is the name of a Kubernetes secret that contains a bearer token to authorize GET requests to the metrics endpoint.

      couchbaseclusters.spec.monitoring.prometheus.enabled

      Constraints

      Type: boolean

      Description

      Enabled is a boolean that enables/disables the metrics sidecar container. This must be set to true, when image is provided.

      couchbaseclusters.spec.monitoring.prometheus.image

      Constraints

      Required

      Type: string

      Description

      Image is the metrics image to be used to collect metrics. No validation is carried out as this can be any arbitrary repo and tag. enabled must be set to true, when image is provided.

      couchbaseclusters.spec.monitoring.prometheus.refreshRate

      Constraints

      Type: integer

      Default: 60

      Minimum: 1

      Maximum: 600

      Description

      RefreshRate is the frequency in which cached statistics are updated in seconds. Shorter intervals will add additional resource overhead to clusters running Couchbase Server 7.0+ Default is 60 seconds, Maximum value is 600 seconds, and minimum value is 1 second.

      couchbaseclusters.spec.monitoring.prometheus.resources

      Constraints

      Type: object

      Description

      Resources is the resource requirements for the metrics container. Will be populated by Kubernetes defaults if not specified.

      couchbaseclusters.spec.networking

      Constraints

      Type: object

      Description

      Networking defines Couchbase cluster networking options such as network topology, TLS and DDNS settings.

      couchbaseclusters.spec.networking.addressFamily

      Constraints

      Type: string

      Enumerations: IPv4, IPv6

      Description

      AddressFamily allows the manual selection of the address family to use. When this field is not set, Couchbase server will default to using IPv4 for internal communication and also support IPv6 on dual stack systems. Setting this field to either IPv4 or IPv6 will force Couchbase to use the selected protocol for internal communication, and also disable all other protocols to provide added security and simplicty when defining firewall rules. Disabling of address families is only supported in Couchbase Server 7.0.2+.

      couchbaseclusters.spec.networking.adminConsoleServiceTemplate

      Constraints

      Type: object

      Description

      AdminConsoleServiceTemplate provides a template used by the Operator to create and manage the admin console service. This allows services to be annotated, the service type defined and any other options that Kubernetes provides. When using a LoadBalancer service type, TLS and dynamic DNS must also be enabled. The Operator reserves the right to modify or replace any field. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#service-v1-core.

      couchbaseclusters.spec.networking.adminConsoleServiceType

      Constraints

      Type: string

      Default: NodePort

      Enumerations: NodePort, LoadBalancer

      Description

      DEPRECATED - by adminConsoleServiceTemplate.

      AdminConsoleServiceType defines whether to create a node port or load balancer service. When using a LoadBalancer service type, TLS and dynamic DNS must also be enabled. This field must be one of "NodePort" or "LoadBalancer", defaulting to "NodePort".

      couchbaseclusters.spec.networking.adminConsoleServices

      Constraints

      Type: []string

      Enumerations: admin, data, index, query, search, eventing, analytics

      Description

      DEPRECATED - not required by Couchbase Server.

      AdminConsoleServices is a selector to choose specific services to expose via the admin console. This field may contain any of "data", "index", "query", "search", "eventing" and "analytics". Each service may only be included once.

      couchbaseclusters.spec.networking.cloudNativeGateway

      Constraints

      Type: object

      Description

      CloudNativeGateway is used to provision a gRPC gateway proxying a Couchbase cluster.

      couchbaseclusters.spec.networking.cloudNativeGateway.image

      Constraints

      Required

      Type: string

      Description

      Image is the Cloud Native Gateway image to be used to run the sidecar container. No validation is carried out as this can be any arbitrary repo and tag. TODO: provide a default kubebuilder default image tag as field is mandatory.

      couchbaseclusters.spec.networking.cloudNativeGateway.tls

      Constraints

      Type: object

      Description

      TLS defines the TLS configuration for the Cloud Native Gateway server including server and client certificate configuration, and TLS security policies. If no TLS config are explicitly provided, the operator generates/manages self-signed certs/keys and creates a k8s secret named couchbase-cloud-native-gateway-self-signed-secret-<cluster-name> unique to a Couchbase cluster, which is volume mounted to the cb k8s pod. This action could be overidden at the outset or later, by using the below TLS config or generating the secret of same name as couchbase-cloud-native-gateway-self-signed-secret-<cluster-name> with certificates conforming to the keys of well-known type "kubernetes.io/tls" with "tls.crt" and "tls.key". N.B. The secret is on per cluster basis so it’s advised to use the unique cluster name else would be ignored.

      couchbaseclusters.spec.networking.cloudNativeGateway.tls.serverSecretName

      Constraints

      Type: string

      Description

      ServerSecretName specifies the secret name, in the same namespace as the cluster, that contains Cloud Native Gateway gRPC server TLS data. The secret is expected to contain "tls.crt" and "tls.key" as per the kubernetes.io/tls secret type.

      couchbaseclusters.spec.networking.disableUIOverHTTP

      Constraints

      Type: boolean

      Description

      DisableUIOverHTTP is used to explicitly enable and disable UI access over the HTTP protocol. If not specified, this field defaults to false.

      couchbaseclusters.spec.networking.disableUIOverHTTPS

      Constraints

      Type: boolean

      Description

      DisableUIOverHTTPS is used to explicitly enable and disable UI access over the HTTPS protocol. If not specified, this field defaults to false.

      couchbaseclusters.spec.networking.dns

      Constraints

      Type: object

      Description

      DNS defines information required for Dynamic DNS support.

      couchbaseclusters.spec.networking.dns.domain

      Constraints

      Type: string

      Description

      Domain is the domain to create pods in. When populated the Operator will annotate the admin console and per-pod services with the key "external-dns.alpha.kubernetes.io/hostname". These annotations can be used directly by a Kubernetes External-DNS controller to replicate load balancer service IP addresses into a public DNS server.

      couchbaseclusters.spec.networking.exposeAdminConsole

      Constraints

      Type: boolean

      Description

      ExposeAdminConsole creates a service referencing the admin console. The service is configured by the adminConsoleServiceTemplate field.

      couchbaseclusters.spec.networking.exposedFeatureServiceTemplate

      Constraints

      Type: object

      Description

      ExposedFeatureServiceTemplate provides a template used by the Operator to create and manage per-pod services. This allows services to be annotated, the service type defined and any other options that Kubernetes provides. When using a LoadBalancer service type, TLS and dynamic DNS must also be enabled. The Operator reserves the right to modify or replace any field. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#service-v1-core.

      couchbaseclusters.spec.networking.exposedFeatureServiceType

      Constraints

      Type: string

      Default: NodePort

      Enumerations: NodePort, LoadBalancer

      Description

      DEPRECATED - by exposedFeatureServiceTemplate.

      ExposedFeatureServiceType defines whether to create a node port or load balancer service. When using a LoadBalancer service type, TLS and dynamic DNS must also be enabled. This field must be one of "NodePort" or "LoadBalancer", defaulting to "NodePort".

      couchbaseclusters.spec.networking.exposedFeatureTrafficPolicy

      Constraints

      Type: string

      Enumerations: Cluster, Local

      Description

      DEPRECATED - by exposedFeatureServiceTemplate.

      ExposedFeatureTrafficPolicy defines how packets should be routed from a load balancer service to a Couchbase pod. When local, traffic is routed directly to the pod. When cluster, traffic is routed to any node, then forwarded on. While cluster routing may be slower, there are some situations where it is required for connectivity. This field must be either "Cluster" or "Local", defaulting to "Local",.

      couchbaseclusters.spec.networking.exposedFeatures

      Constraints

      Type: []string

      Enumerations: admin, xdcr, client

      Description

      ExposedFeatures is a list of Couchbase features to expose when using a networking model that exposes the Couchbase cluster externally to Kubernetes. This field also triggers the creation of per-pod services used by clients to connect to the Couchbase cluster. When admin, only the administrator port is exposed, allowing remote administration. When xdcr, only the services required for remote replication are exposed. The xdcr feature is only required when the cluster is the destination of an XDCR replication. When client, all services are exposed as required for client SDK operation. This field may contain any of "admin", "xdcr" and "client". Each feature may only be included once.

      couchbaseclusters.spec.networking.loadBalancerSourceRanges

      Constraints

      Type: []string

      Pattern (Regular Expression): ^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/\d{1,2}$

      Description

      DEPRECATED - by adminConsoleServiceTemplate and exposedFeatureServiceTemplate.

      LoadBalancerSourceRanges applies only when an exposed service is of type LoadBalancer and limits the source IP ranges that are allowed to use the service. Items must use IPv4 class-less interdomain routing (CIDR) notation e.g. 10.0.0.0/16.

      couchbaseclusters.spec.networking.networkPlatform

      Constraints

      Type: string

      Enumerations: Istio

      Description

      NetworkPlatform is used to enable support for various networking technologies. This field must be one of "Istio".

      couchbaseclusters.spec.networking.serviceAnnotations

      Constraints

      Type: map[string]string

      Description

      DEPRECATED - by adminConsoleServiceTemplate and exposedFeatureServiceTemplate.

      ServiceAnnotations allows services to be annotated with custom labels. Operator annotations are merged on top of these so have precedence as they are required for correct operation.

      couchbaseclusters.spec.networking.tls

      Constraints

      Type: object

      Description

      TLS defines the TLS configuration for the cluster including server and client certificate configuration, and TLS security policies.

      couchbaseclusters.spec.networking.tls.allowPlainTextCertReload

      Constraints

      Type: boolean

      Default: False

      Description

      AllowPlainTextCertReload allows the reload of TLS certificates in plain text. This option should only be enabled as a means to recover connectivity with server in the event that any of the server certificates expire. When enabled the Operator only attempts plain text cert reloading when expired certificates are detected.

      couchbaseclusters.spec.networking.tls.cipherSuites

      Constraints

      Type: []string

      Description

      CipherSuites specifies a list of cipher suites for Couchbase server to select from when negotiating TLS handshakes with a client. Suites are not validated by the Operator. Run "openssl ciphers -v" in a Couchbase server pod to interrogate supported values.

      couchbaseclusters.spec.networking.tls.clientCertificatePaths

      Constraints

      Type: []object

      Description

      ClientCertificatePaths defines where to look in client certificates in order to extract the user name.

      couchbaseclusters.spec.networking.tls.clientCertificatePaths.delimiter

      Constraints

      Type: string

      Description

      Delimiter if specified allows a suffix to be stripped from the username, once extracted from the certificate path.

      couchbaseclusters.spec.networking.tls.clientCertificatePaths.path

      Constraints

      Required

      Type: string

      Pattern (Regular Expression): ^subject\.cn|san\.uri|san\.dnsname|san\.email$

      Description

      Path defines where in the X.509 specification to extract the username from. This field must be either "subject.cn", "san.uri", "san.dnsname" or "san.email".

      couchbaseclusters.spec.networking.tls.clientCertificatePaths.prefix

      Constraints

      Type: string

      Description

      Prefix allows a prefix to be stripped from the username, once extracted from the certificate path.

      couchbaseclusters.spec.networking.tls.clientCertificatePolicy

      Constraints

      Type: string

      Enumerations: enable, mandatory

      Description

      ClientCertificatePolicy defines the client authentication policy to use. If set, the Operator expects TLS configuration to contain a valid certificate/key pair for the Administrator account.

      couchbaseclusters.spec.networking.tls.nodeToNodeEncryption

      Constraints

      Type: string

      Enumerations: ControlPlaneOnly, All, Strict

      Description

      NodeToNodeEncryption specifies whether to encrypt data between Couchbase nodes within the same cluster. This may come at the expense of performance. When control plane only encryption is used, only cluster management traffic is encrypted between nodes. When all, all traffic is encrypted, including database documents. When strict mode is used, it is the same as all, but also disables all plaintext ports. Strict mode is only available on Couchbase Server versions 7.1 and greater. Node to node encryption can only be used when TLS certificates are managed by the Operator. This field must be either "ControlPlaneOnly", "All", or "Strict".

      couchbaseclusters.spec.networking.tls.passphrase

      Constraints

      Type: object

      Description

      PassphraseConfig configures the passphrase key to use with encrypted certificates. The passphrase may be registered with Couchbase Server using a local script or a rest endpoint. Private key encryption is only available on Couchbase Server versions 7.1 and greater.

      couchbaseclusters.spec.networking.tls.passphrase.rest

      Constraints

      Type: object

      Description

      PassphraseRestConfig is the configuration to register a private key passphrase with a rest endpoint. When the private key is accessed, Couchbase Server attempts to extract the password by means of the specified endpoint. The response status must be 200 and the response text must be the exact passphrase excluding newlines and extraneous spaces.

      couchbaseclusters.spec.networking.tls.passphrase.rest.addressFamily

      Constraints

      Type: string

      Default: inet

      Enumerations: inet, inet6

      Description

      AddressFamily is the address family to use. By default inet (meaning IPV4) is used.

      couchbaseclusters.spec.networking.tls.passphrase.rest.headers

      Constraints

      Type: map[string]string

      Description

      Headers is a map of one or more key-value pairs to pass alongside the Get request.

      couchbaseclusters.spec.networking.tls.passphrase.rest.timeout

      Constraints

      Type: integer

      Default: 5000

      Description

      Timeout is the number of milliseconds that must elapse before the call is timed out.

      couchbaseclusters.spec.networking.tls.passphrase.rest.url

      Constraints

      Required

      Type: string

      Description

      URL is the endpoint to be called to retrieve the passphrase. URL will be called using the GET method and may use http/https protocol.

      couchbaseclusters.spec.networking.tls.passphrase.rest.verifyPeer

      Constraints

      Type: boolean

      Default: True

      Description

      VerifyPeer ensures peer verification is performed when Https is used.

      couchbaseclusters.spec.networking.tls.passphrase.script

      Constraints

      Type: object

      Description

      PassphraseScriptConfig is the configuration to register a private key passphrase with a script. The Operator auto-provisions the underlying script so this config simply provides a mechanism to perform the decryption of the Couchbase Private Key using a local script.

      couchbaseclusters.spec.networking.tls.passphrase.script.secret

      Constraints

      Required

      Type: string

      Description

      Secret is the secret containing the passphrase string. The secret is expected to contain "passphrase" key with the passphrase string as a value.

      couchbaseclusters.spec.networking.tls.rootCAs

      Constraints

      Type: []string

      Description

      RootCAs defines a set of secrets that reside in this namespace that contain additional CA certificates that should be installed in Couchbase. The CA certificates that are defined here are in addition to those defined for the cluster, optionally by couchbaseclusters.spec.networking.tls.secretSource, and thus should not be duplicated. Each Secret referred to must be of well-known type "kubernetes.io/tls" and must contain one or more CA certificates under the key "tls.crt". Multiple root CA certificates are only supported on Couchbase Server 7.1 and greater, and not with legacy couchbaseclusters.spec.networking.tls.static configuration.

      couchbaseclusters.spec.networking.tls.secretSource

      Constraints

      Type: object

      Description

      SecretSource enables the user to specify a secret conforming to the Kubernetes TLS secret specification that is used for the Couchbase server certificate, and optionally the Operator’s client certificate, providing cert-manager compatibility without having to specify a separate root CA. A server CA certificate must be supplied by one of the provided methods. Certificates referred to must conform to the keys of well-known type "kubernetes.io/tls" with "tls.crt" and "tls.key". If the "tls.key" is an encrypted private key then the secret type can be the generic Opaque type since "kubernetes.io/tls" type secrets cannot verify encrypted keys.

      couchbaseclusters.spec.networking.tls.secretSource.clientSecretName

      Constraints

      Type: string

      Description

      ClientSecretName specifies the secret name, in the same namespace as the cluster, the contains client TLS data. The secret is expected to contain "tls.crt" and "tls.key" as per the Kubernetes.io/tls secret type.

      couchbaseclusters.spec.networking.tls.secretSource.serverSecretName

      Constraints

      Required

      Type: string

      Description

      ServerSecretName specifies the secret name, in the same namespace as the cluster, that contains server TLS data. The secret is expected to contain "tls.crt" and "tls.key" as per the kubernetes.io/tls secret type. It may also contain "ca.crt". Only a single PEM formated x509 certificate can be provided to "ca.crt". The single certificate may also bundle together multiple root CA certificates. Multiple root CA certificates are only supported on Couchbase Server 7.1 and greater.

      couchbaseclusters.spec.networking.tls.static

      Constraints

      Type: object

      Description

      DEPRECATED - by couchbaseclusters.spec.networking.tls.secretSource.

      Static enables user to generate static x509 certificates and keys, put them into Kubernetes secrets, and specify them here. Static secrets are Couchbase specific, and follow no well-known standards.

      couchbaseclusters.spec.networking.tls.static.operatorSecret

      Constraints

      Type: string

      Description

      OperatorSecret is a secret name containing TLS certs used by operator to talk securely to this cluster. The secret must contain a CA certificate (data key ca.crt). If client authentication is enabled, then the secret must also contain a client certificate chain (data key "couchbase-operator.crt") and private key (data key "couchbase-operator.key").

      couchbaseclusters.spec.networking.tls.static.serverSecret

      Constraints

      Type: string

      Description

      ServerSecret is a secret name containing TLS certs used by each Couchbase member pod for the communication between Couchbase server and its clients. The secret must contain a certificate chain (data key "chain.pem") and a private key (data key "pkey.key"). The private key must be in the PKCS#1 RSA format. The certificate chain must have a required set of X.509v3 subject alternative names for all cluster addressing modes. See the Operator TLS documentation for more information.

      couchbaseclusters.spec.networking.tls.tlsMinimumVersion

      Constraints

      Type: string

      Default: TLS1.2

      Enumerations: TLS1.0, TLS1.1, TLS1.2, TLS1.3

      Description

      TLSMinimumVersion specifies the minimum TLS version the Couchbase server can negotiate with a client. Must be one of TLS1.0, TLS1.1 TLS1.2 or TLS1.3, defaulting to TLS1.2. TLS1.3 is only valid for Couchbase Server 7.1.0 onward.

      couchbaseclusters.spec.networking.waitForAddressReachable

      Constraints

      Type: string

      Default: 10m

      Description

      WaitForAddressReachable is used to set the timeout between when polling of external addresses is started, and when it is deemed a failure. Polling of DNS name availability inherently dangerous due to negative caching, so prefer the use of an initial waitForAddressReachableDelay to allow propagation.

      couchbaseclusters.spec.networking.waitForAddressReachableDelay

      Constraints

      Type: string

      Default: 2m

      Description

      WaitForAddressReachableDelay is used to defer operator checks that ensure external addresses are reachable before new nodes are balanced in to the cluster. This prevents negative DNS caching while waiting for external-DDNS controllers to propagate addresses.

      couchbaseclusters.spec.onlineVolumeExpansionTimeoutInMins

      Constraints

      Type: integer

      Minimum: 0

      Maximum: 30

      Description

      OnlineVolumeExpansionTimeoutInMins must be provided as a retry mechanism with a timeout in minutes for expanding volumes. This must only be provided, if EnableOnlineVolumeExpansion is set to true. Value must be between 0 and 30. If no value is provided, then it defaults to 10 minutes.

      couchbaseclusters.spec.paused

      Constraints

      Type: boolean

      Description

      Paused is to pause the control of the operator for the Couchbase cluster. This does not pause the cluster itself, instead stopping the operator from taking any action.

      couchbaseclusters.spec.platform

      Constraints

      Type: string

      Enumerations: aws, gce, azure

      Description

      Platform gives a hint as to what platform we are running on and how to configure services. This field must be one of "aws", "gke" or "azure".

      couchbaseclusters.spec.recoveryPolicy

      Constraints

      Type: string

      Enumerations: PrioritizeDataIntegrity, PrioritizeUptime

      Description

      RecoveryPolicy controls how aggressive the Operator is when recovering cluster topology. When PrioritizeDataIntegrity, the Operator will delegate failover exclusively to Couchbase server, relying on it to only allow recovery when safe to do so. When PrioritizeUptime, the Operator will wait for a period after the expected auto-failover of the cluster, before forcefully failing-over the pods. This may cause data loss, and is only expected to be used on clusters with ephemeral data, where the loss of the pod means that the data is known to be unrecoverable. This field must be either "PrioritizeDataIntegrity" or "PrioritizeUptime", defaulting to "PrioritizeDataIntegrity".

      couchbaseclusters.spec.rollingUpgrade

      Constraints

      Type: object

      Description

      When spec.upgradeStrategy is set to RollingUpgrade it will, by default, upgrade one pod at a time. If this field is specified then that number can be increased.

      couchbaseclusters.spec.rollingUpgrade.maxUpgradable

      Constraints

      Type: integer

      Minimum: 1

      Description

      MaxUpgradable allows the number of pods affected by an upgrade at any one time to be increased. By default a rolling upgrade will upgrade one pod at a time. This field allows that limit to be removed. This field must be greater than zero. The smallest of maxUpgradable and maxUpgradablePercent takes precedence if both are defined.

      couchbaseclusters.spec.rollingUpgrade.maxUpgradablePercent

      Constraints

      Type: string

      Pattern (Regular Expression): ^(100|[1-9][0-9]|[1-9])%$

      Description

      MaxUpgradablePercent allows the number of pods affected by an upgrade at any one time to be increased. By default a rolling upgrade will upgrade one pod at a time. This field allows that limit to be removed. This field must be an integer percentage, e.g. "10%", in the range 1% to 100%. Percentages are relative to the total cluster size, and rounded down to the nearest whole number, with a minimum of 1. For example, a 10 pod cluster, and 25% allowed to upgrade, would yield 2.5 pods per iteration, rounded down to 2. The smallest of maxUpgradable and maxUpgradablePercent takes precedence if both are defined.

      couchbaseclusters.spec.security

      Constraints

      Required

      Type: object

      Description

      Security defines Couchbase cluster security options such as the administrator account username and password, and user RBAC settings.

      couchbaseclusters.spec.security.adminSecret

      Constraints

      Required

      Type: string

      Description

      AdminSecret is the name of a Kubernetes secret to use for administrator authentication. The admin secret must contain the keys "username" and "password". The password data must be at least 6 characters in length, and not contain the any of the characters ()<>,;:\"/[]?={}.

      couchbaseclusters.spec.security.ldap

      Constraints

      Type: object

      Description

      LDAP provides settings to authenticate and authorize LDAP users with Couchbase Server. When specified, the Operator keeps these settings in sync with Cocuhbase Server’s LDAP configuration. Leave empty to manually manage LDAP configuration.

      couchbaseclusters.spec.security.ldap.authenticationEnabled

      Constraints

      Type: boolean

      Default: True

      Description

      AuthenticationEnabled allows users who attempt to access Couchbase Server without having been added as local users to be authenticated against the specified LDAP Host(s).

      couchbaseclusters.spec.security.ldap.authorizationEnabled

      Constraints

      Type: boolean

      Description

      AuthorizationEnabled allows authenticated LDAP users to be authorized with RBAC roles granted to any Couchbase Server group associated with the user.

      couchbaseclusters.spec.security.ldap.bindDN

      Constraints

      Type: string

      Description

      DN to use for searching users and groups synchronization. More info: https://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html.

      couchbaseclusters.spec.security.ldap.bindSecret

      Constraints

      Required

      Type: string

      Description

      BindSecret is the name of a Kubernetes secret to use containing password for LDAP user binding. The bindSecret must have a key with the name "password" and a value which corresponds to the password of the binding LDAP user.

      couchbaseclusters.spec.security.ldap.cacert

      Constraints

      Type: string

      Description

      DEPRECATED - Field is ignored, use tlsSecret.

      CA Certificate in PEM format to be used in LDAP server certificate validation. This cert is the string form of the secret provided to spec.tls.tlsSecret.

      couchbaseclusters.spec.security.ldap.cacheValueLifetime

      Constraints

      Type: integer

      Default: 30000

      Description

      Lifetime of values in cache in milliseconds. Default 300000 ms. More info: https://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html.

      couchbaseclusters.spec.security.ldap.encryption

      Constraints

      Type: string

      Enumerations: None, StartTLSExtension, TLS

      Description

      Encryption determines how the connection with the LDAP server should be encrypted. Encryption may set as either StartTLSExtension, TLS, or false. When set to "false" then no verification of the LDAP hostname is performed. When Encryption is StartTLSExtension, or TLS is set then the default behavior is to use the certificate already loaded into the Couchbase Cluster for certificate validation, otherwise ldap.tlsSecret may be set to override The Couchbase certificate.

      couchbaseclusters.spec.security.ldap.groupsQuery

      Constraints

      Type: string

      Description

      LDAP query, to get the users' groups by username in RFC4516 format. More info: https://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html.

      couchbaseclusters.spec.security.ldap.hosts

      Constraints

      Required

      Type: []string

      Minimum Items: 1

      Description

      List of LDAP hosts to provide authentication-support for Couchbase Server. Host name must be a valid IP address or DNS Name e.g openldap.default.svc, 10.0.92.147.

      couchbaseclusters.spec.security.ldap.nestedGroupsEnabled

      Constraints

      Type: boolean

      Description

      If enabled Couchbase server will try to recursively search for groups for every discovered ldap group. groups_query will be user for the search. More info: https://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html.

      couchbaseclusters.spec.security.ldap.nestedGroupsMaxDepth

      Constraints

      Type: integer

      Default: 10

      Minimum: 1

      Maximum: 100

      Description

      Maximum number of recursive groups requests the server is allowed to perform. Requires NestedGroupsEnabled. Values between 1 and 100: the default is 10. More info: https://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html.

      couchbaseclusters.spec.security.ldap.port

      Constraints

      Required

      Type: integer

      Default: 389

      Description

      LDAP port. This is typically 389 for LDAP, and 636 for LDAPS.

      couchbaseclusters.spec.security.ldap.serverCertValidation

      Constraints

      Type: boolean

      Description

      Whether server certificate validation be enabled.

      couchbaseclusters.spec.security.ldap.tlsSecret

      Constraints

      Type: string

      Description

      TLSSecret is the name of a Kubernetes secret to use explcitly for LDAP ca cert. If TLSSecret is not provided, certificates found in couchbaseclusters.spec.networking.tls.rootCAs will be used instead. If provided, the secret must contain the ca to be used under the name "ca.crt".

      couchbaseclusters.spec.security.ldap.userDNMapping

      Constraints

      Type: object

      Description

      User to distinguished name (DN) mapping. If none is specified, the username is used as the user’s distinguished name. More info: https://docs.couchbase.com/server/current/manage/manage-security/configure-ldap.html.

      couchbaseclusters.spec.security.ldap.userDNMapping.query

      Constraints

      Type: string

      Description

      Query is the LDAP query to run to map from Couchbase user to LDAP distinguished name.

      couchbaseclusters.spec.security.ldap.userDNMapping.template

      Constraints

      Type: string

      Description

      This field specifies list of templates to use for providing username to DN mapping. The template may contain a placeholder specified as %u to represent the Couchbase user who is attempting to gain access.

      couchbaseclusters.spec.security.podSecurityContext

      Constraints

      Type: object

      Description

      PodSecurityContext allows the configuration of the security context for all Couchbase server pods. When using persistent volumes you may need to set the fsGroup field in order to write to the volume. For non-root clusters you must also set runAsUser to 1000, corresponding to the Couchbase user in official container images. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/.

      couchbaseclusters.spec.security.podSecurityContext.fsGroup

      Constraints

      Type: integer

      Description

      A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR’d with rw-rw---- If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows.

      couchbaseclusters.spec.security.podSecurityContext.fsGroupChangePolicy

      Constraints

      Type: string

      Description

      fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows.

      couchbaseclusters.spec.security.podSecurityContext.runAsGroup

      Constraints

      Type: integer

      Description

      The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.

      couchbaseclusters.spec.security.podSecurityContext.runAsNonRoot

      Constraints

      Type: boolean

      Description

      Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

      couchbaseclusters.spec.security.podSecurityContext.runAsUser

      Constraints

      Type: integer

      Description

      The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.

      couchbaseclusters.spec.security.podSecurityContext.seLinuxOptions

      Constraints

      Type: object

      Description

      The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.

      couchbaseclusters.spec.security.podSecurityContext.seLinuxOptions.level

      Constraints

      Type: string

      Description

      Level is SELinux level label that applies to the container.

      couchbaseclusters.spec.security.podSecurityContext.seLinuxOptions.role

      Constraints

      Type: string

      Description

      Role is a SELinux role label that applies to the container.

      couchbaseclusters.spec.security.podSecurityContext.seLinuxOptions.type

      Constraints

      Type: string

      Description

      Type is a SELinux type label that applies to the container.

      couchbaseclusters.spec.security.podSecurityContext.seLinuxOptions.user

      Constraints

      Type: string

      Description

      User is a SELinux user label that applies to the container.

      couchbaseclusters.spec.security.podSecurityContext.seccompProfile

      Constraints

      Type: object

      Description

      The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.

      couchbaseclusters.spec.security.podSecurityContext.seccompProfile.localhostProfile

      Constraints

      Type: string

      Description

      localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet’s configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.

      couchbaseclusters.spec.security.podSecurityContext.seccompProfile.type

      Constraints

      Required

      Type: string

      Description

      type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.

      couchbaseclusters.spec.security.podSecurityContext.supplementalGroups

      Constraints

      Type: []integer

      Description

      A list of groups applied to the first process run in each container, in addition to the container’s primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows.

      couchbaseclusters.spec.security.podSecurityContext.sysctls

      Constraints

      Type: []object

      Description

      Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows.

      couchbaseclusters.spec.security.podSecurityContext.sysctls.name

      Constraints

      Required

      Type: string

      Description

      Name of a property to set.

      couchbaseclusters.spec.security.podSecurityContext.sysctls.value

      Constraints

      Required

      Type: string

      Description

      Value of a property to set.

      couchbaseclusters.spec.security.podSecurityContext.windowsOptions

      Constraints

      Type: object

      Description

      The Windows specific settings applied to all containers. If unspecified, the options within a container’s SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.

      couchbaseclusters.spec.security.podSecurityContext.windowsOptions.gmsaCredentialSpec

      Constraints

      Type: string

      Description

      GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.

      couchbaseclusters.spec.security.podSecurityContext.windowsOptions.gmsaCredentialSpecName

      Constraints

      Type: string

      Description

      GMSACredentialSpecName is the name of the GMSA credential spec to use.

      couchbaseclusters.spec.security.podSecurityContext.windowsOptions.hostProcess

      Constraints

      Type: boolean

      Description

      HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod’s containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.

      couchbaseclusters.spec.security.podSecurityContext.windowsOptions.runAsUserName

      Constraints

      Type: string

      Description

      The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

      couchbaseclusters.spec.security.rbac

      Constraints

      Type: object

      Description

      RBAC is the options provided for enabling and selecting RBAC User resources to manage.

      couchbaseclusters.spec.security.rbac.managed

      Constraints

      Type: boolean

      Description

      Managed defines whether RBAC is managed by us or the clients.

      couchbaseclusters.spec.security.rbac.selector

      Constraints

      Type: object

      Description

      Selector is a label selector used to list RBAC resources in the namespace that are managed by the Operator.

      couchbaseclusters.spec.security.securityContext

      Constraints

      Type: object

      Description

      SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. Use securityContext.allowPrivilegeEscalation field to grant more privileges than its parent process. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/.

      couchbaseclusters.spec.security.securityContext.allowPrivilegeEscalation

      Constraints

      Type: boolean

      Description

      AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.

      couchbaseclusters.spec.security.securityContext.capabilities

      Constraints

      Type: object

      Description

      The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.

      couchbaseclusters.spec.security.securityContext.capabilities.add

      Constraints

      Type: []string

      Description

      Added capabilities.

      couchbaseclusters.spec.security.securityContext.capabilities.drop

      Constraints

      Type: []string

      Description

      Removed capabilities.

      couchbaseclusters.spec.security.securityContext.privileged

      Constraints

      Type: boolean

      Description

      Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.

      couchbaseclusters.spec.security.securityContext.procMount

      Constraints

      Type: string

      Description

      procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.

      couchbaseclusters.spec.security.securityContext.readOnlyRootFilesystem

      Constraints

      Type: boolean

      Description

      Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.

      couchbaseclusters.spec.security.securityContext.runAsGroup

      Constraints

      Type: integer

      Description

      The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.

      couchbaseclusters.spec.security.securityContext.runAsNonRoot

      Constraints

      Type: boolean

      Description

      Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

      couchbaseclusters.spec.security.securityContext.runAsUser

      Constraints

      Type: integer

      Description

      The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.

      couchbaseclusters.spec.security.securityContext.seLinuxOptions

      Constraints

      Type: object

      Description

      The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.

      couchbaseclusters.spec.security.securityContext.seLinuxOptions.level

      Constraints

      Type: string

      Description

      Level is SELinux level label that applies to the container.

      couchbaseclusters.spec.security.securityContext.seLinuxOptions.role

      Constraints

      Type: string

      Description

      Role is a SELinux role label that applies to the container.

      couchbaseclusters.spec.security.securityContext.seLinuxOptions.type

      Constraints

      Type: string

      Description

      Type is a SELinux type label that applies to the container.

      couchbaseclusters.spec.security.securityContext.seLinuxOptions.user

      Constraints

      Type: string

      Description

      User is a SELinux user label that applies to the container.

      couchbaseclusters.spec.security.securityContext.seccompProfile

      Constraints

      Type: object

      Description

      The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.

      couchbaseclusters.spec.security.securityContext.seccompProfile.localhostProfile

      Constraints

      Type: string

      Description

      localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet’s configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.

      couchbaseclusters.spec.security.securityContext.seccompProfile.type

      Constraints

      Required

      Type: string

      Description

      type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.

      couchbaseclusters.spec.security.securityContext.windowsOptions

      Constraints

      Type: object

      Description

      The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.

      couchbaseclusters.spec.security.securityContext.windowsOptions.gmsaCredentialSpec

      Constraints

      Type: string

      Description

      GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.

      couchbaseclusters.spec.security.securityContext.windowsOptions.gmsaCredentialSpecName

      Constraints

      Type: string

      Description

      GMSACredentialSpecName is the name of the GMSA credential spec to use.

      couchbaseclusters.spec.security.securityContext.windowsOptions.hostProcess

      Constraints

      Type: boolean

      Description

      HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod’s containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.

      couchbaseclusters.spec.security.securityContext.windowsOptions.runAsUserName

      Constraints

      Type: string

      Description

      The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

      couchbaseclusters.spec.security.uiSessionTimeout

      Constraints

      Type: integer

      Default: 0

      Minimum: 0

      Maximum: 16666

      Description

      UISessionTimeout sets how long, in minutes, before a user is declared inactive and signed out from the Couchbase Server UI. 0 represents no time out.

      couchbaseclusters.spec.securityContext

      Constraints

      Type: object

      Description

      DEPRECATED - by spec.security.securityContext SecurityContext allows the configuration of the security context for all Couchbase server pods.

      When using persistent volumes you may need to set the fsGroup field in order to write to the volume. For non-root clusters you must also set runAsUser to 1000, corresponding to the Couchbase user in official container images. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/.

      couchbaseclusters.spec.serverGroups

      Constraints

      Type: []string

      Description

      ServerGroups define the set of availability zones you want to distribute pods over, and construct Couchbase server groups for. By default, most cloud providers will label nodes with the key "topology.kubernetes.io/zone", the values associated with that key are used here to provide explicit scheduling by the Operator. You may manually label nodes using the "topology.kubernetes.io/zone" key, to provide failure-domain aware scheduling when none is provided for you. Global server groups are applied to all server classes, and may be overridden on a per-server class basis to give more control over scheduling and server groups.

      couchbaseclusters.spec.servers

      Constraints

      Required

      Type: []object

      Minimum Items: 1

      Description

      Servers defines server classes for the Operator to provision and manage. A server class defines what services are running and how many members make up that class. Specifying multiple server classes allows the Operator to provision clusters with Multi-Dimensional Scaling (MDS). At least one server class must be defined, and at least one server class must be running the data service.

      couchbaseclusters.spec.servers.autoscaleEnabled

      Constraints

      Type: boolean

      Description

      AutoscaledEnabled defines whether the autoscaling feature is enabled for this class. When true, the Operator will create a CouchbaseAutoscaler resource for this server class. The CouchbaseAutoscaler implements the Kubernetes scale API and can be controlled by the Kubernetes horizontal pod autoscaler (HPA).

      couchbaseclusters.spec.servers.env

      Constraints

      Type: []object

      Description

      Env allows the setting of environment variables in the Couchbase server container.

      couchbaseclusters.spec.servers.envFrom

      Constraints

      Type: []object

      Description

      EnvFrom allows the setting of environment variables in the Couchbase server container.

      couchbaseclusters.spec.servers.name

      Constraints

      Required

      Type: string

      Description

      Name is a textual name for the server configuration and must be unique. The name is used by the operator to uniquely identify a server class, and map pods back to an intended configuration.

      couchbaseclusters.spec.servers.pod

      Constraints

      Type: object

      Description

      Pod defines a template used to create pod for each Couchbase server instance. Modifying pod metadata such as labels and annotations will update the pod in-place. Any other modification will result in a cluster upgrade in order to fulfill the request. The Operator reserves the right to modify or replace any field. More info: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#pod-v1-core.

      couchbaseclusters.spec.servers.resources

      Constraints

      Type: object

      Description

      Resources are the resource requirements for the Couchbase server container. This field overrides any automatic allocation as defined by spec.autoResourceAllocation.

      couchbaseclusters.spec.servers.serverGroups

      Constraints

      Type: []string

      Description

      ServerGroups define the set of availability zones you want to distribute pods over, and construct Couchbase server groups for. By default, most cloud providers will label nodes with the key "topology.kubernetes.io/zone", the values associated with that key are used here to provide explicit scheduling by the Operator. You may manually label nodes using the "topology.kubernetes.io/zone" key, to provide failure-domain aware scheduling when none is provided for you. Global server groups are applied to all server classes, and may be overridden on a per-server class basis to give more control over scheduling and server groups.

      couchbaseclusters.spec.servers.services

      Constraints

      Required

      Type: []string

      Enumerations: admin, data, index, query, search, eventing, analytics

      Description

      Services is the set of Couchbase services to run on this server class. At least one class must contain the data service. The field may contain any of "data", "index", "query", "search", "eventing" or "analytics". Each service may only be specified once.

      couchbaseclusters.spec.servers.size

      Constraints

      Required

      Type: integer

      Minimum: 1

      Description

      Size is the expected requested of the server class. This field must be greater than or equal to 1.

      couchbaseclusters.spec.servers.volumeMounts

      Constraints

      Type: object

      Description

      VolumeMounts define persistent volume claims to attach to pod.

      couchbaseclusters.spec.servers.volumeMounts.analytics

      Constraints

      Type: []string

      Description

      AnalyticsClaims are persistent volumes that encompass analytics storage associated with the analytics service. Analytics claims can only be used on server classes running the analytics service, and must be used in conjunction with the default claim. This field allows the analytics service to use different storage media (e.g. SSD), and scale horizontally, to improve performance of this service. This field references a volume claim template name as defined in "spec.volumeClaimTemplates".

      couchbaseclusters.spec.servers.volumeMounts.data

      Constraints

      Type: string

      Description

      DataClaim is a persistent volume that encompasses key/value storage associated with the data service. The data claim can only be used on server classes running the data service, and must be used in conjunction with the default claim. This field allows the data service to use different storage media (e.g. SSD) to improve performance of this service. This field references a volume claim template name as defined in "spec.volumeClaimTemplates".

      couchbaseclusters.spec.servers.volumeMounts.default

      Constraints

      Type: string

      Description

      DefaultClaim is a persistent volume that encompasses all Couchbase persistent data, including document storage, indexes and logs. The default volume can be used with any server class. Use of the default claim allows the Operator to recover failed pods from the persistent volume far quicker than if the pod were using ephemeral storage. The default claim cannot be used at the same time as the logs claim within the same server class. This field references a volume claim template name as defined in "spec.volumeClaimTemplates".

      couchbaseclusters.spec.servers.volumeMounts.index

      Constraints

      Type: string

      Description

      IndexClaim s a persistent volume that encompasses index storage associated with the index and search services. The index claim can only be used on server classes running the index or search services, and must be used in conjunction with the default claim. This field allows the index and/or search service to use different storage media (e.g. SSD) to improve performance of this service. This field references a volume claim template name as defined in "spec.volumeClaimTemplates". Whilst this references index primarily, note that the full text search (FTS) service also uses this same mount.

      couchbaseclusters.spec.servers.volumeMounts.logs

      Constraints

      Type: string

      Description

      LogsClaim is a persistent volume that encompasses only Couchbase server logs to aid with supporting the product. The logs claim can only be used on server classes running the following services: query, search & eventing. The logs claim cannot be used at the same time as the default claim within the same server class. This field references a volume claim template name as defined in "spec.volumeClaimTemplates". Whilst the logs claim can be used with the search service, the recommendation is to use the default claim for these. The reason for this is that a failure of these nodes will require indexes to be rebuilt and subsequent performance impact.

      couchbaseclusters.spec.softwareUpdateNotifications

      Constraints

      Type: boolean

      Description

      SoftwareUpdateNotifications enables software update notifications in the UI. When enabled, the UI will alert when a Couchbase server upgrade is available.

      couchbaseclusters.spec.upgradeProcess

      Constraints

      Type: string

      Enumerations: SwapRebalance, DeltaRecovery

      Description

      UpgradeProcess defines the process that will be used when performing a couchbase cluster upgrade. When SwapRebalance is requested (default), pods will be upgraded using either a RollingUpgrade or ImmediateUpgrade (determined by UpgradeStrategy). When DeltaRecovery is requested, the operator will perform an in-place upgrade on a best effort basis. DeltaRecovery cannot be used if the UpgradeStrategy is set to ImmediateUpgrade.

      couchbaseclusters.spec.upgradeStrategy

      Constraints

      Type: string

      Enumerations: RollingUpgrade, ImmediateUpgrade

      Description

      UpgradeStrategy controls how aggressive the Operator is when performing a cluster upgrade. When a rolling upgrade is requested, pods are upgraded one at a time. This strategy is slower, however less disruptive. When an immediate upgrade strategy is requested, all pods are upgraded at the same time. This strategy is faster, but more disruptive. This field must be either "RollingUpgrade" or "ImmediateUpgrade", defaulting to "RollingUpgrade".

      couchbaseclusters.spec.volumeClaimTemplates

      Constraints

      Type: []object

      Description

      VolumeClaimTemplates define the desired characteristics of a volume that can be requested/claimed by a pod, for example the storage class to use and the volume size. Volume claim templates are referred to by name by server class volume mount configuration.

      couchbaseclusters.spec.xdcr

      Constraints

      Type: object

      Description

      XDCR defines whether the Operator should manage XDCR, remote clusters and how to lookup replication resources.

      couchbaseclusters.spec.xdcr.managed

      Constraints

      Type: boolean

      Description

      Managed defines whether XDCR is managed by the operator or not.

      couchbaseclusters.spec.xdcr.remoteClusters

      Constraints

      Type: []object

      Description

      RemoteClusters is a set of named remote clusters to establish replications to.

      couchbaseclusters.spec.xdcr.remoteClusters.authenticationSecret

      Constraints

      Type: string

      Description

      AuthenticationSecret is a secret used to authenticate when establishing a remote connection. It is only required when not using mTLS. The secret must contain a username (secret key "username") and password (secret key "password").

      couchbaseclusters.spec.xdcr.remoteClusters.hostname

      Constraints

      Required

      Type: string

      Pattern (Regular Expression): couchbase|http)(s)?(://?\b((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\.|${4}\b)|([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)\*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9]|\[(\s\*([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:|[0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d{3})|:))|[0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d{3})|:))|[0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d{3}))|:))|[0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d{3}))|:))|[0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d{3}))|:))|[0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d{3}))|:))|(:(:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d{3}))|:)))(%.+)?\s\*\]))(:[0-9]{0,5})?(\\{0,1}\?network=[&]+)?$

      Description

      Hostname is the connection string to use to connect the remote cluster. To use IPv6, place brackets ([, ]) around the IPv6 value.

      couchbaseclusters.spec.xdcr.remoteClusters.name

      Constraints

      Required

      Type: string

      Description

      Name of the remote cluster. Note that, -operator-managed is added as suffix by operator automatically to the name in order to diffrentiate from non operator managed remote clusters.

      couchbaseclusters.spec.xdcr.remoteClusters.replications

      Constraints

      Type: object

      Description

      Replications are replication streams from this cluster to the remote one. This field defines how to look up CouchbaseReplication resources. By default any CouchbaseReplication resources in the namespace will be considered.

      couchbaseclusters.spec.xdcr.remoteClusters.replications.selector

      Constraints

      Type: object

      Description

      Selector allows CouchbaseReplication resources to be filtered based on labels.

      couchbaseclusters.spec.xdcr.remoteClusters.tls

      Constraints

      Type: object

      Description

      TLS if specified references a resource containing the necessary certificate data for an encrypted connection.

      couchbaseclusters.spec.xdcr.remoteClusters.tls.secret

      Constraints

      Required

      Type: string

      Description

      Secret references a secret containing the CA certificate (data key "ca"), and optionally a client certificate (data key "certificate") and key (data key "key").

      couchbaseclusters.spec.xdcr.remoteClusters.uuid

      Constraints

      Required

      Type: string

      Pattern (Regular Expression): ^[0-9a-f]{32}$

      Description

      UUID of the remote cluster. The UUID of a CouchbaseCluster resource is advertised in the status.clusterId field of the resource.

      couchbaseclusters.status

      Constraints

      Type: object

      Description

      ClusterStatus defines any read-only status fields for the Couchbase server cluster.

      couchbaseclusters.status.allocations

      Constraints

      Type: []object

      Description

      Allocations shows memory allocations within server classes.

      couchbaseclusters.status.allocations.allocatedMemory

      Constraints

      Type: string

      Pattern (Regular Expression): ^(\+|-)?[0-9]+(\.[0-9]*)?)|(\.[0-9]+[KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]\*)?)|(\.[0-9]+))?$

      Description

      AllocatedMemory defines the total memory allocated for constrained Couchbase services. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes.

      couchbaseclusters.status.allocations.allocatedMemoryPercent

      Constraints

      Type: integer

      Description

      AllocatedMemoryPercent is set when memory resources are requested and define how much of the requested memory is allocated to constrained Couchbase services.

      couchbaseclusters.status.allocations.analyticsServiceAllocation

      Constraints

      Type: string

      Pattern (Regular Expression): ^(\+|-)?[0-9]+(\.[0-9]*)?)|(\.[0-9]+[KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]\*)?)|(\.[0-9]+))?$

      Description

      AnalyticsServiceAllocation is set when the analytics service is enabled for this class and defines how much memory this service consumes per pod. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes.

      couchbaseclusters.status.allocations.dataServiceAllocation

      Constraints

      Type: string

      Pattern (Regular Expression): ^(\+|-)?[0-9]+(\.[0-9]*)?)|(\.[0-9]+[KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]\*)?)|(\.[0-9]+))?$

      Description

      DataServiceAllocation is set when the data service is enabled for this class and defines how much memory this service consumes per pod. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes.

      couchbaseclusters.status.allocations.eventingServiceAllocation

      Constraints

      Type: string

      Pattern (Regular Expression): ^(\+|-)?[0-9]+(\.[0-9]*)?)|(\.[0-9]+[KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]\*)?)|(\.[0-9]+))?$

      Description

      EventingServiceAllocation is set when the eventing service is enabled for this class and defines how much memory this service consumes per pod. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes.

      couchbaseclusters.status.allocations.indexServiceAllocation

      Constraints

      Type: string

      Pattern (Regular Expression): ^(\+|-)?[0-9]+(\.[0-9]*)?)|(\.[0-9]+[KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]\*)?)|(\.[0-9]+))?$

      Description

      IndexServiceAllocation is set when the index service is enabled for this class and defines how much memory this service consumes per pod. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes.

      couchbaseclusters.status.allocations.name

      Constraints

      Required

      Type: string

      Description

      Name is the name of the server class defined in spec.servers.

      couchbaseclusters.status.allocations.requestedMemory

      Constraints

      Type: string

      Pattern (Regular Expression): ^(\+|-)?[0-9]+(\.[0-9]*)?)|(\.[0-9]+[KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]\*)?)|(\.[0-9]+))?$

      Description

      RequestedMemory, if set, defines the Kubernetes resource request for the server class. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes.

      couchbaseclusters.status.allocations.searchServiceAllocation

      Constraints

      Type: string

      Pattern (Regular Expression): ^(\+|-)?[0-9]+(\.[0-9]*)?)|(\.[0-9]+[KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]\*)?)|(\.[0-9]+))?$

      Description

      SearchServiceAllocation is set when the search service is enabled for this class and defines how much memory this service consumes per pod. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes.

      couchbaseclusters.status.allocations.unusedMemory

      Constraints

      Type: string

      Pattern (Regular Expression): ^(\+|-)?[0-9]+(\.[0-9]*)?)|(\.[0-9]+[KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]\*)?)|(\.[0-9]+))?$

      Description

      UnusedMemory is set when memory resources are requested and is the difference between the requestedMemory and allocatedMemory. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes.

      couchbaseclusters.status.allocations.unusedMemoryPercent

      Constraints

      Type: integer

      Description

      UnusedMemoryPercent is set when memory resources are requested and defines how much requested memory is not allocated. Couchbase server expects at least a 20% overhead.

      couchbaseclusters.status.autoscalers

      Constraints

      Type: []string

      Description

      Autscalers describes all the autoscalers managed by the cluster.

      couchbaseclusters.status.buckets

      Constraints

      Type: []object

      Description

      Buckets describes all the buckets managed by the cluster.

      couchbaseclusters.status.buckets.compressionMode

      Constraints

      Required

      Type: string

      Description

      CompressionMode defines how documents are compressed.

      couchbaseclusters.status.buckets.conflictResolution

      Constraints

      Required

      Type: string

      Description

      ConflictResolution is relevant for couchbase and ephemeral bucket types and indicates how to resolve conflicts when using multi-master XDCR.

      couchbaseclusters.status.buckets.enableFlush

      Constraints

      Required

      Type: boolean

      Description

      EnableFlush is whether a client can delete all documents in a bucket.

      couchbaseclusters.status.buckets.enableIndexReplica

      Constraints

      Required

      Type: boolean

      Description

      EnableIndexReplica is whether indexes against bucket documents are replicated.

      couchbaseclusters.status.buckets.evictionPolicy

      Constraints

      Required

      Type: string

      Description

      EvictionPolicy is relevant for couchbase and ephemeral bucket types and indicates how documents are evicted from memory when it is exhausted.

      couchbaseclusters.status.buckets.ioPriority

      Constraints

      Required

      Type: string

      Description

      IoPriority is low or high depending on the number of threads spawned for data processing.

      couchbaseclusters.status.buckets.memoryQuota

      Constraints

      Required

      Type: integer

      Description

      BucketMemoryQuota is the bucket memory quota in megabytes.

      couchbaseclusters.status.buckets.name

      Constraints

      Required

      Type: string

      Description

      BucketName is the full name of the bucket.

      couchbaseclusters.status.buckets.password

      Constraints

      Required

      Type: string

      Description

      BucketPassword will never be populated.

      couchbaseclusters.status.buckets.replicas

      Constraints

      Required

      Type: integer

      Description

      BucketReplicas is the number of data replicas.

      couchbaseclusters.status.buckets.storageBackend

      Constraints

      Type: string

      Description

      BucketStorageBackend is the storage backend of the bucket.

      couchbaseclusters.status.buckets.type

      Constraints

      Required

      Type: string

      Description

      BucketType is the type of the bucket.

      couchbaseclusters.status.clusterId

      Constraints

      Type: string

      Description

      ClusterID is the unique cluster UUID. This is generated every time a new cluster is created, so may vary over the lifetime of a cluster if it is recreated by disaster recovery mechanisms.

      couchbaseclusters.status.conditions

      Constraints

      Type: []object

      Description

      Current service state of the Couchbase cluster.

      couchbaseclusters.status.conditions.lastTransitionTime

      Constraints

      Type: string

      Description

      Last time the condition transitioned from one status to another.

      couchbaseclusters.status.conditions.lastUpdateTime

      Constraints

      Type: string

      Description

      Last time the condition status message updated.

      couchbaseclusters.status.conditions.message

      Constraints

      Type: string

      Description

      A human readable message indicating details about the transition.

      couchbaseclusters.status.conditions.reason

      Constraints

      Type: string

      Description

      Unique, one-word, CamelCase reason for the condition’s last transition.

      couchbaseclusters.status.conditions.status

      Constraints

      Required

      Type: string

      Description

      Status is the status of the condition. Can be one of True, False, Unknown.

      couchbaseclusters.status.conditions.type

      Constraints

      Required

      Type: string

      Enumerations: Available, Balanced, ManageConfig, Scaling, ScalingUp, ScalingDown, Upgrading, Hibernating, Error, AutoscaleReady, Synchronized

      Description

      Type is the type of condition.

      couchbaseclusters.status.controlPaused

      Constraints

      Type: boolean

      Description

      ControlPaused indicates if the Operator has acknowledged and paused the control of the cluster.

      couchbaseclusters.status.currentVersion

      Constraints

      Type: string

      Description

      CurrentVersion is the current Couchbase version. This reflects the version of the whole cluster, therefore during upgrade, it is only updated when the upgrade has completed.

      couchbaseclusters.status.groups

      Constraints

      Type: []string

      Description

      Groups describes all the groups managed by the cluster.

      couchbaseclusters.status.members

      Constraints

      Type: object

      Description

      Members are the Couchbase members in the cluster.

      couchbaseclusters.status.members.ready

      Constraints

      Type: []string

      Description

      Ready are the Couchbase members that are clustered and ready to serve client requests. The member names are the same as the Couchbase pod names.

      couchbaseclusters.status.members.unready

      Constraints

      Type: []string

      Description

      Unready are the Couchbase members not clustered or unready to serve client requests. The member names are the same as the Couchbase pod names.

      couchbaseclusters.status.size

      Constraints

      Required

      Type: integer

      Description

      Size is the current size of the cluster in terms of pods. Individual pod status conditions are listed in the members status.

      couchbaseclusters.status.users

      Constraints

      Type: []string

      Description

      Users describes all the users managed by the cluster.