--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: sgconfigs.stackgres.io spec: group: stackgres.io names: kind: SGConfig listKind: SGConfigList plural: sgconfigs singular: sgconfig scope: Namespaced versions: - name: v1 served: true storage: true subresources: status: {} additionalPrinterColumns: - jsonPath: .metadata.annotations.stackgres\.io/lockPod name: operator-pod type: string - jsonPath: .status.version name: operator-version type: string schema: openAPIV3Schema: type: object description: | SGConfig stores the configuration of the StackGres Operator > **WARNING**: Creating more than one SGConfig is forbidden. The single SGConfig should be created automatically during installation. More SGConfig may exists only when allowedNamespaces or allowedNamespaceLabelSelector is used. properties: spec: description: Spec defines the desired state of SGConfig type: object properties: containerRegistry: type: string default: quay.io description: | The container registry host (and port) where the images will be pulled from. > This value can only be set in operator helm chart or with the environment variable `SG_CONTAINER_REGISTRY`. imagePullPolicy: type: string default: "IfNotPresent" description: Image pull policy used for images loaded by the Operator imagePullSecrets: type: array description: | The list of references to secrets in the same namespace where a ServiceAccount is created by the operator to use for pulling any images in pods that reference such ServiceAccount. ImagePullSecrets are distinct from Secrets because Secrets can be mounted in the pod, but ImagePullSecrets are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod items: type: object description: A reference to a secrets in the same namespace where a ServiceAccount is created by the operator to use for pulling any images in pods that reference such ServiceAccount. properties: name: type: string description: The name of the referenced Secret. allowedNamespaces: type: array description: | Section to configure allowed namespaces that the operator is allowed to use. If empty all namespaces will be allowed (default). > This value can only be set in operator helm chart or with the environment variable `ALLOWED_NAMESPACES`. > It is set by OLM when [scoping the operator](https://olm.operatorframework.io/docs/advanced-tasks/operator-scoping-with-operatorgroups/). items: type: string description: | A namespace that the operator is allowed to use. allowedNamespaceLabelSelector: type: object description: | Section to configure namespaces that the operator is allowed to use. If allowedNamespaces is defined it will be used instead. If empty all namespaces will be allowed (default). See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#labelselector-v1-meta > This value can only be set in operator helm chart. additionalProperties: type: string disableClusterRole: type: boolean description: | When set to `true` the creation of the operator ClusterRole and ClusterRoleBinding is disabled. Also, when `true`, some features that rely on unnamespaced resources premissions will be disabled: * Creation and upgrade of CustomResourceDefinitions * Set CA bundle for Webhooks * Check existence of CustomResourceDefinition when listing custom resources * Validation of StorageClass * REST API endpoint `can-i/{verb}/{resource}` and `can-i` will always return the full list of permissions for any resource and verb since they rely on creation of subjectaccessreviews unnamespaced resource that requires a cluster role. * Other REST API endpoints will not work since they rely on impersonation that requires a cluster role. This point in particular breaks the Web Console completely. You may still enable this specific cluster role with `.allowImpersonationForRestApi`. If you do not need the Web Console you may still disable it completely by setting `.deploy.restapi` to `false`. When set to `true` and `allowedNamespaces` is not set or is empty then `allowedNamespaces` will be considered set and containing only the namespace of the operator. It is `false` by default. > This value can only be set in operator helm chart. allowImpersonationForRestApi: type: boolean description: | When set to `true` the cluster role for impersonation will be created even if `disableClusterRole` is set to `true`. It is `false` by default. > This value can only be set in operator helm chart. disableCrdsAndWebhooksUpdate: type: boolean description: | When set to `true` the cluster role to update or patch CRDs will be disabled. It is `false` by default. > This value can only be set in operator helm chart. sgConfigNamespace: type: string description: | When set will indicate the namespace where the SGConfig used by the operator will be created. By default the SGConfig will be created in the same namespace as the operator. > This value can only be set in operator helm chart. serviceAccount: type: object description: Section to configure Operator Installation ServiceAccount properties: create: type: boolean default: true description: | If `true` the Operator Installation ServiceAccount will be created > This value can only be set in operator helm chart. annotations: type: object x-kubernetes-preserve-unknown-fields: true description: Section to configure Installation ServiceAccount annotations repoCredentials: type: array description: | Repositories credentials Secret names > This value can only be set in operator helm chart. items: type: string description: | Repository credentials Secret name > This value can only be set in operator helm chart. operator: type: object description: Section to configure Operator Pod properties: image: type: object description: Section to configure Operator image properties: name: type: string default: "stackgres/operator" description: | Operator image name > This value can only be set in operator helm chart. tag: type: string description: | Operator image tag > This value can only be set in operator helm chart. pullPolicy: type: string default: "IfNotPresent" description: | Operator image pull policy > This value can only be set in operator helm chart. annotations: type: object description: Operator Pod annotations x-kubernetes-preserve-unknown-fields: true resources: type: object description: | Operator Pod resources. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#resourcerequirements-v1-core > This value can only be set in operator helm chart. x-kubernetes-preserve-unknown-fields: true nodeSelector: type: object x-kubernetes-preserve-unknown-fields: true description: | Operator Pod node selector > This value can only be set in operator helm chart. tolerations: type: array description: | Operator Pod tolerations. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#toleration-v1-core > This value can only be set in operator helm chart. items: type: object x-kubernetes-preserve-unknown-fields: true affinity: type: object x-kubernetes-preserve-unknown-fields: true description: | Operator Pod affinity. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#affinity-v1-core > This value can only be set in operator helm chart. serviceAccount: type: object description: Section to configure Operator ServiceAccount properties: annotations: type: object x-kubernetes-preserve-unknown-fields: true description: | Section to configure Operator ServiceAccount annotations > This value can only be set in operator helm chart. repoCredentials: type: array description: | Repositories credentials Secret names > This value can only be set in operator helm chart. items: type: string service: type: object description: Section to configure Operator Service properties: annotations: type: object x-kubernetes-preserve-unknown-fields: true description: | Section to configure Operator Service annotations > This value can only be set in operator helm chart. restapi: type: object description: Section to configure REST API Pod properties: name: type: string default: stackgres-restapi description: REST API Deployment name image: type: object description: Section to configure REST API image properties: name: type: string default: "stackgres/restapi" description: REST API image name tag: type: string description: REST API image tag pullPolicy: type: string default: "IfNotPresent" description: REST API image pull policy annotations: type: object x-kubernetes-preserve-unknown-fields: true description: REST API Pod annotations resources: type: object x-kubernetes-preserve-unknown-fields: true description: REST API Pod resources. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#resourcerequirements-v1-core nodeSelector: type: object x-kubernetes-preserve-unknown-fields: true description: REST API Pod node selector tolerations: type: array description: REST API Pod tolerations. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#toleration-v1-core items: type: object x-kubernetes-preserve-unknown-fields: true affinity: type: object x-kubernetes-preserve-unknown-fields: true description: REST API Pod affinity. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#affinity-v1-core serviceAccount: type: object description: Section to configure REST API ServiceAccount properties: annotations: type: object x-kubernetes-preserve-unknown-fields: true description: REST API ServiceAccount annotations repoCredentials: type: array description: Repositories credentials Secret names items: type: string description: Repository credentials Secret name service: type: object description: Section to configure REST API Service properties: annotations: type: object x-kubernetes-preserve-unknown-fields: true description: REST API Service annotations adminui: type: object description: Section to configure Web Console container properties: image: type: object description: Section to configure Web Console image properties: name: type: string default: "stackgres/admin-ui" description: Web Console image name tag: type: string description: Web Console image tag pullPolicy: type: string default: "IfNotPresent" description: Web Console image pull policy resources: type: object x-kubernetes-preserve-unknown-fields: true description: Web Console resources. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#resourcerequirements-v1-core service: type: object description: Section to configure Web Console service. properties: exposeHTTP: type: boolean default: false description: When set to `true` the HTTP port will be exposed in the Web Console Service type: type: string default: ClusterIP description: | The type used for the service of the UI: * Set to LoadBalancer to create a load balancer (if supported by the kubernetes cluster) to allow connect from Internet to the UI. Note that enabling this feature will probably incurr in some fee that depend on the host of the kubernetes cluster (for example this is true for EKS, GKE and AKS). * Set to NodePort to expose admin UI from kubernetes nodes. loadBalancerIP: type: string description: | LoadBalancer will get created with the IP specified in this field. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature. loadBalancerSourceRanges: type: array description: | If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature. More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/ items: type: string nodePort: type: integer description: The HTTPS port used to expose the Service on Kubernetes nodes nodePortHTTP: type: integer description: The HTTP port used to expose the Service on Kubernetes nodes collector: type: object description: | Section to configure OpenTelemetry Collector By default a single instance of OpenTelemetry Collector will receive metrics from all monitored Pods and will then exports those metrics to a configured target (by default will expose a Prometheus exporter). See receivers section to scale this architecture to a set of OpenTelemetry Collectors. default: service: spec: type: ClusterIP ports: - name: prom-http protocol: TCP port: 9464 targetPort: prom-http ports: - name: prom-http protocol: TCP containerPort: 9464 config: receivers: otlp: protocols: grpc: endpoint: "0.0.0.0:4317" tls: ca_file: "/etc/operator/certs/tls.crt" cert_file: "/etc/operator/certs/tls.crt" key_file: "/etc/operator/certs/tls.key" exporters: prometheus: endpoint: "0.0.0.0:9464" tls: ca_file: "/etc/operator/certs/tls.crt" cert_file: "/etc/operator/certs/tls.crt" key_file: "/etc/operator/certs/tls.key" reload_interval: 10m send_timestamps: true metric_expiration: 180m enable_open_metrics: false resource_to_telemetry_conversion: enabled: false otlp: endpoint: stackgres-collector:4317 tls: ca_file: "/etc/operator/certs/tls.crt" service: pipelines: metrics: receivers: - prometheus exporters: - prometheus prometheusOperator: allowDiscovery: true properties: name: type: string default: stackgres-collector description: OpenTelemetry Collector Deploymnet/Deamonset base name receivers: type: object description: | This section allow to configure a variable number of OpenTelemetry Collector receivers (by default equals to the number of Pod with metrics enabled) that will scrape the metrics separately and send them to a defined number of OpenTelemetry Collector exporters (by default 1) that exports those metrics to one or more configured targets (by default will expose a Prometheus exporter). properties: enabled: type: boolean description: | When set to `true` it enables the creation of a set of OpenTelemetry Collectors receivers that will be scraping from the SGCluster Pods and allow to scale the observability architecture and a set of OpenTelemetry Collectors exporters that exports those metrics to one or more configured targets. default: false exporters: type: integer description: | When receivers are enabled indicates the number of OpenTelemetry Collectors exporters that exports metrics to one or more configured targets. default: 1 deployments: type: array description: | A set of separate Deployments of 1 instance each that allow to set the OpenTelemetry Collectors receivers to a specified number of instances. When not set the number of Deployment of OpenTelemetry Collectors receivers will match the number of instances of all the existing SGClusters that has the field `.spec.configurations.observability.enableMetrics` set to `true`. Also, when not set, each Deployment will include a pod affinity rule matching any of the SGClusters Pods set defined below. This will allow to create an OpenTelemetry Collector receiver instance dedicated to each SGCluster Pod running in the same Node. Each Deployment will use a configuration for the OpenTelemetry Collector that will scrape from a set of SGClusters Pods that has the field `.spec.configurations.observability.enableMetrics` set to `true`. The set of Pods of each of those OpenTelemetry Collector configuration will be a partition of the list of SGClusters Pods that has the field `.spec.configurations.observability.enableMetrics` set to `true` ordered by the field `Pod.metadata.creationTimestamp` (from the oldest to the newest) and ordered crescently alphabetically by the fields `Pod.metadata.namespace` and `Pod.metadata.name`. If is possible to override (even partially) the list of SGCluster Pods using the `sgClusters` section. items: type: object properties: sgClusters: type: array description: | List of SGCluster Pods to scrape from this Deployment's Pod that will be included to the OpenTelemetry Collector configuration alongside the SGCluster Pods assigned as described in `SGConfig.spec.collector.receivers.deployments`. items: type: object properties: namespace: type: string description: The namespace of the SGCluster name: type: string description: The name of the SGCluster indexes: type: array description: | The indexes of the SGCluster's Pods that will be included to the OpenTelemetry Collector configuration alongside the SGCluster Pods assigned as described in `SGConfig.spec.collector.receivers.deployments`. If not specified all the SGCluster's Pods will be included. items: type: integer annotations: type: object x-kubernetes-preserve-unknown-fields: true description: OpenTelemetry Collector Pod annotations resources: type: object x-kubernetes-preserve-unknown-fields: true description: OpenTelemetry Collector Pod resources. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#resourcerequirements-v1-core nodeSelector: type: object x-kubernetes-preserve-unknown-fields: true description: OpenTelemetry Collector Pod node selector tolerations: type: array description: OpenTelemetry Collector Pod tolerations. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#toleration-v1-core items: type: object x-kubernetes-preserve-unknown-fields: true affinity: type: object x-kubernetes-preserve-unknown-fields: true description: OpenTelemetry Collector Pod affinity. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#affinity-v1-core annotations: type: object x-kubernetes-preserve-unknown-fields: true description: OpenTelemetry Collector Pod annotations resources: type: object x-kubernetes-preserve-unknown-fields: true description: OpenTelemetry Collector Pod resources. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#resourcerequirements-v1-core nodeSelector: type: object x-kubernetes-preserve-unknown-fields: true description: OpenTelemetry Collector Pod node selector tolerations: type: array description: OpenTelemetry Collector Pod tolerations. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#toleration-v1-core items: type: object x-kubernetes-preserve-unknown-fields: true affinity: type: object x-kubernetes-preserve-unknown-fields: true description: OpenTelemetry Collector Pod affinity. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#affinity-v1-core serviceAccount: type: object description: Section to configure OpenTelemetry Collector ServiceAccount properties: annotations: type: object x-kubernetes-preserve-unknown-fields: true description: OpenTelemetry Collector ServiceAccount annotations repoCredentials: type: array description: Repositories credentials Secret names items: type: string description: Repository credentials Secret name service: type: object description: Section to configure OpenTelemetry Collector Service properties: annotations: type: object x-kubernetes-preserve-unknown-fields: true description: OpenTelemetry Collector Service annotations spec: type: object x-kubernetes-preserve-unknown-fields: true description: Section to configure OpenTelemetry Collector Service specs. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#servicespec-v1-core ports: type: array description: Section to configure OpenTelemetry Collector ports. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#containerport-v1-core items: type: object x-kubernetes-preserve-unknown-fields: true volumeMounts: type: array description: Section to configure OpenTelemetry Collector Volume Mounts. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#volumemount-v1-core items: type: object x-kubernetes-preserve-unknown-fields: true volumes: type: array description: Section to configure OpenTelemetry Collector Volumes. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#volume-v1-core items: type: object x-kubernetes-preserve-unknown-fields: true config: type: object x-kubernetes-preserve-unknown-fields: true description: Section to configure OpenTelemetry Collector Configuration. See https://opentelemetry.io/docs/collector/configuration prometheusOperator: type: object description: Section to configure OpenTelemetry Collector integration with Prometheus Operator. properties: allowDiscovery: type: boolean default: true description: | If set to false or monitors is set automatic bind to Prometheus created using the [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator) will be disabled. If disabled the cluster will not be binded to Prometheus automatically and will require manual configuration. Will be ignored if monitors is set. monitors: type: array description: | Optional section to configure PodMonitors for specific Prometheus instances *WARNING*: resources created by this integration that does set the metadata namespace to the same as the operator will not be removed when removing the helm chart. Changing the namespace may require configure the Prometheus CR properly in order to discover PodMonitor in such namespace. items: type: object description: Section to configure a PodMonitor for a specific Prometheus instance that will scrape from the collector Pod pointing by default to the prometheus exporter properties: name: type: string description: The name of the Prometheus resource that will scrape from the collector Pod pointing by default to the prometheus exporter namespace: type: string description: The namespace of the Prometheus resource that will scrape from the collector Pod pointing by default to the prometheus exporter metadata: type: object description: Section to overwrite some PodMonitor metadata properties: name: type: string description: The name of the PodMonitor namespace: type: string description: The namespace of the PodMonitor. Changing the namespace may require configure the Prometheus CR properly in order to discover PodMonitor in such namespace. labels: type: object x-kubernetes-preserve-unknown-fields: true description: The labels to set for the PodMonitor annotations: type: object x-kubernetes-preserve-unknown-fields: true description: The labels to set for the PodMonitor ownerReferences: type: array description: The ownerReferences to set for the PodMonitor in order to be garbage collected by the specified object. items: type: object x-kubernetes-preserve-unknown-fields: true spec: type: object x-kubernetes-preserve-unknown-fields: true description: The PodMonitor spec that will be overwritten by the operator. See https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#monitoring.coreos.com/v1.PodMonitorSpec jobs: type: object description: Section to configure Operator Installation Jobs properties: image: type: object description: Section to configure Operator Installation Jobs image properties: name: type: string default: "stackgres/jobs" description: Operator Installation Jobs image name tag: type: string description: Operator Installation Jobs image tag pullPolicy: type: string default: "IfNotPresent" description: Operator Installation Jobs image pull policy annotations: type: object x-kubernetes-preserve-unknown-fields: true description: Operator Installation Jobs annotations resources: type: object x-kubernetes-preserve-unknown-fields: true description: Operator Installation Jobs resources. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#resourcerequirements-v1-core nodeSelector: type: object x-kubernetes-preserve-unknown-fields: true description: Operator Installation Jobs node selector tolerations: type: array description: Operator Installation Jobs tolerations. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#toleration-v1-core items: type: object x-kubernetes-preserve-unknown-fields: true affinity: type: object x-kubernetes-preserve-unknown-fields: true description: Operator Installation Jobs affinity. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#affinity-v1-core serviceAccount: type: object description: Section to configure Jobs ServiceAccount properties: annotations: type: object x-kubernetes-preserve-unknown-fields: true description: Jobs ServiceAccount annotations repoCredentials: type: array description: Repositories credentials Secret names items: type: string description: Repository credentials Secret name deploy: type: object description: Section to configure deployment aspects. properties: operator: type: boolean default: true description: When set to `true` the Operator will be deployed. restapi: type: boolean default: true description: When set to `true` the Web Console / REST API will be deployed. collector: type: boolean default: true description: When set to `true` the OpenTelemetry Collector will be deployed. cert: type: object description: Section to configure the Operator, REST API and Web Console certificates and JWT RSA key-pair. properties: autoapprove: type: boolean default: true description: | If set to `true` the CertificateSigningRequest used to generate the certificate used by Webhooks will be approved by the Operator Installation Job. createForOperator: type: boolean default: true description: When set to `true` the Operator certificate will be created. createForWebApi: type: boolean default: true description: When set to `true` the Web Console / REST API certificate will be created. createForCollector: type: boolean default: true description: When set to `true` the OpenTelemetry Collector certificate will be created. secretName: type: string description: | The Secret name with the Operator Webhooks certificate issued by the Kubernetes cluster CA of type kubernetes.io/tls. See https://kubernetes.io/docs/concepts/configuration/secret/#tls-secrets regenerateCert: type: boolean description: | When set to `true` the Operator certificates will be regenerated if `createForOperator` is set to `true`, and the certificate is expired or invalid. default: true certDuration: type: integer description: | The duration in days of the generated certificate for the Operator after which it will expire and be regenerated. If not specified it will be set to 730 (2 years) by default. webSecretName: type: string description: | The Secret name with the Web Console / REST API certificate of type kubernetes.io/tls. See https://kubernetes.io/docs/concepts/configuration/secret/#tls-secrets regenerateWebCert: type: boolean description: | When set to `true` the Web Console / REST API certificates will be regenerated if `createForWebApi` is set to `true`, and the certificate is expired or invalid. default: true regenerateWebRsa: type: boolean description: | When set to `true` the Web Console / REST API RSA key pair will be regenerated if `createForWebApi` is set to `true`, and the certificate is expired or invalid. default: true webCertDuration: type: integer description: | The duration in days of the generated certificate for the Web Console / REST API after which it will expire and be regenerated. If not specified it will be set to 730 (2 years) by default. webRsaDuration: type: integer description: | The duration in days of the generated RSA key pair for the Web Console / REST API after which it will expire and be regenerated. If not specified it will be set to 730 (2 years) by default. collectorSecretName: type: string description: | The Secret name with the OpenTelemetry Collector certificate of type kubernetes.io/tls. See https://kubernetes.io/docs/concepts/configuration/secret/#tls-secrets regenerateCollectorCert: type: boolean description: | When set to `true` the OpenTelemetry Collector certificates will be regenerated if `createForCollector` is set to `true`, and the certificate is expired or invalid. default: true collectorCertDuration: type: integer description: | The duration in days of the generated certificate for the OpenTelemetry Collector after which it will expire and be regenerated. If not specified it will be set to 730 (2 years) by default. certManager: type: object description: Section to configure cert-manager integration to generate Operator certificates properties: autoConfigure: type: boolean default: false description: | When set to `true` then Issuer and Certificate for Operator, Web Console / REST API and OpenTelemetry Collector Pods will be generated duration: type: string default: "2160h" description: The requested duration (i.e. lifetime) of the Certificates. See https://cert-manager.io/docs/reference/api-docs/#cert-manager.io%2fv1 renewBefore: type: string default: "360h" description: How long before the currently issued certificate’s expiry cert-manager should renew the certificate. See https://cert-manager.io/docs/reference/api-docs/#cert-manager.io%2fv1 encoding: type: string default: PKCS1 description: The private key cryptography standards (PKCS) encoding for this certificate’s private key to be encoded in. See https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificatePrivateKey size: type: integer default: 2048 description: Size is the key bit size of the corresponding private key for this certificate. See https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificatePrivateKey rbac: type: object description: Section to configure RBAC for Web Console admin user properties: create: type: boolean default: true description: | When set to `true` the admin user is assigned the `cluster-admin` ClusterRole by creating ClusterRoleBinding. authentication: type: object description: Section to configure Web Console authentication properties: type: type: string default: jwt description: | Specify the authentication mechanism to use. By default is `jwt`, see https://stackgres.io/doc/latest/api/rbac#local-secret-mechanism. If set to `oidc` then see https://stackgres.io/doc/latest/api/rbac/#openid-connect-provider-mechanism. createAdminSecret: type: boolean description: | When `true` will create the secret used to store the admin user credentials to access the UI. default: true user: type: string default: admin description: | The admin username that will be created for the Web Console Operator bundle installation can not change the default value of this field. password: type: string description: | The admin password that will be created for the Web Console. If not specified a random password will be generated. secretRef: type: object description: | Allow to specify a reference to a Secret with the admin user credentials for the Web Console. In order to assign properly permissions. Make sure the `user` field match the value of the `k8sUsername` key in the referenced Secret. properties: name: description: The name of the Secret. type: string oidc: type: object description: Section to configure Web Console OIDC authentication properties: tlsVerification: type: string description: Can be one of `required`, `certificate-validation` or `none` authServerUrl: type: string clientId: type: string credentialsSecret: type: string clientIdSecretRef: type: object properties: name: type: string key: type: string credentialsSecretSecretRef: type: object properties: name: type: string key: type: string prometheus: type: object description: Section to configure Prometheus integration. properties: allowAutobind: type: boolean default: true description: | If set to false disable automatic bind to Prometheus created using the [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator). If disabled the cluster will not be binded to Prometheus automatically and will require manual intervention by the Kubernetes cluster administrator. grafana: type: object description: Section to configure Grafana integration properties: autoEmbed: type: boolean default: false description: | When set to `true` embed automatically Grafana into the Web Console by creating the StackGres dashboard and the read-only role used to read it from the Web Console schema: type: string default: http description: | The schema to access Grafana. By default http. (used to embed manually and automatically grafana) webHost: type: string description: | The service host name to access grafana (used to embed manually and automatically Grafana). The parameter value should point to the grafana service following the [DNS reference](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/) `svc_name.namespace` datasourceName: type: string default: Prometheus description: The datasource name used to create the StackGres Dashboard into Grafana user: type: string default: admin description: | The username to access Grafana. By default admin. (used to embed automatically Grafana) password: type: string default: prom-operator description: | The password to access Grafana. By default prom-operator (the default in for kube-prometheus-stack helm chart). (used to embed automatically Grafana) secretNamespace: type: string description: | The namespace of secret with credentials to access Grafana. (used to embed automatically Grafana, alternative to use `user` and `password`) secretName: type: string description: | The name of secret with credentials to access Grafana. (used to embed automatically Grafana, alternative to use `user` and `password`) secretUserKey: type: string description: | The key of secret with username used to access Grafana. (used to embed automatically Grafana, alternative to use `user` and `password`) secretPasswordKey: type: string description: | The key of secret with password used to access Grafana. (used to embed automatically Grafana, alternative to use `user` and `password`) dashboardConfigMap: type: string description: | The ConfigMap name with the dashboard JSON in the key `grafana-dashboard.json` that will be created in Grafana. If not set the default dashboardId: type: string description: | The dashboard id that will be create in Grafana (see https://grafana.com/grafana/dashboards). By default 9628. (used to embed automatically Grafana) Manual Steps: Create grafana dashboard for postgres exporter and copy/paste share URL: - Grafana > Create > Import > Grafana.com Dashboard 9628 Copy/paste grafana dashboard URL for postgres exporter: - Grafana > Dashboard > Manage > Select postgres exporter dashboard > Copy URL url: type: string description: | The URL of the PostgreSQL dashboard created in Grafana (used to embed manually Grafana) token: type: string description: | The Grafana API token to access the PostgreSQL dashboard created in Grafana (used to embed manually Grafana) Manual Steps: Create and copy/paste grafana API token: - Grafana > Configuration > API Keys > Add API key (for viewer) > Copy key value extensions: type: object description: Section to configure extensions properties: repositoryUrls: type: array default: - https://extensions.stackgres.io/postgres/repository description: | A list of extensions repository URLs used to retrieve extensions To set a proxy for extensions repository add parameter proxyUrl to the URL: `https://extensions.stackgres.io/postgres/repository?proxyUrl=%3A%2F%2F[%3A]` (URL encoded) Other URL parameters are: * `skipHostnameVerification`: set it to `true` in order to use a server or a proxy with a self signed certificate * `retry`: set it to `[:]` in order to retry a request on failure * `setHttpScheme`: set it to `true` in order to force using HTTP scheme items: type: string cache: type: object description: | Section to configure extensions cache (experimental). This feature is in beta and may cause failures, please use with caution and report any error to https://gitlab.com/ongresinc/stackgres/-/issues/new properties: enabled: type: boolean default: false description: | When set to `true` enable the extensions cache. This feature is in beta and may cause failures, please use with caution and report any error to https://gitlab.com/ongresinc/stackgres/-/issues/new preloadedExtensions: type: array default: - x86_64/linux/timescaledb-1\.7\.4-pg12 description: An array of extensions pattern used to pre-loaded estensions into the extensions cache items: type: string description: An extension pattern used to pre-loaded estensions into the extensions cache persistentVolume: type: object description: Section to configure the extensions cache PersistentVolume properties: size: type: string default: 1Gi description: | The PersistentVolume size for the extensions cache Only use whole numbers (e.g. not 1e6) and K/Ki/M/Mi/G/Gi as units storageClass: type: string description: | If defined set storage class If set to "-" (equivalent to storageClass: "" in a PV spec) disables dynamic provisioning If undefined (the default) or set to null, no storageClass spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack) hostPath: type: string description: | If set, will use a host path volume with the specified path for the extensions cache instead of a PersistentVolume pga: type: object description: Section to configure PGA properties: repositoryUrls: type: array default: - https://pga.sh description: | A list of PGA repository URLs used to retrieve images To set a proxy for PGA repository add parameter proxyUrl to the URL: `https://extensions.stackgres.io/postgres/repository?proxyUrl=%3A%2F%2F[%3A]` (URL encoded) Other URL parameters are: * `skipHostnameVerification`: set it to `true` in order to use a server or a proxy with a self signed certificate * `retry`: set it to `[:]` in order to retry a request on failure * `setHttpScheme`: set it to `true` in order to force using HTTP scheme items: type: string shardingSphere: type: object description: Section to configure integration with ShardingSphere operator properties: serviceAccount: type: object description: | Section to configure ServiceAccount used by ShardingSphere operator. You may configure a specific value for a sharded cluster under section `SGShardedCluster.speccoordinator.configurations.shardingSphere.serviceAccount`. required: [namespace,name] properties: namespace: type: string description: The namespace of the ServiceAccount used by ShardingSphere operator name: type: string description: The name of the ServiceAccount used by ShardingSphere operator developer: type: object x-kubernetes-preserve-unknown-fields: true description: | Section to configure developer options. Following options are for developers only, but can also be useful in some cases ;) properties: version: type: string description: Set the operator version (used for testing) logLevel: type: string description: Set `quarkus.log.level`. See https://quarkus.io/guides/logging#root-logger-configuration showDebug: type: boolean default: false description: If set to `true` add extra debug to any script controlled by the reconciliation cycle of the operator configuration showStackTraces: type: boolean default: false description: Set `quarkus.log.console.format` to `%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c{4.}] (%t) %s%e%n`. See https://quarkus.io/guides/logging#logging-format useJvmImages: type: boolean default: false description: | The operator will use JVM version of the images enableJvmDebug: type: boolean default: false description: | Only work with JVM version and allow connect on port 8000 of operator Pod with jdb or similar enableJvmDebugSuspend: type: boolean default: false description: | Only work with JVM version and if `enableJvmDebug` is `true` suspend the JVM until a debugger session is started externalOperatorIp: type: string description: Set the external Operator IP externalOperatorPort: type: integer description: Set the external Operator port externalRestApiIp: type: string description: Set the external REST API IP externalRestApiPort: type: integer description: Set the external REST API port externalPgaIp: type: string description: Set the external PGA IP externalPgaPort: type: integer description: Set the external PGA port allowPullExtensionsFromImageRepository: type: boolean default: false description: | If set to `true` and `extensions.cache.enabled` is also `true` it will try to download extensions from images (experimental) disableArbitraryUser: type: boolean default: false description: | It set to `true` disable arbitrary user that is set for OpenShift clusters patches: type: object description: | Section to define patches for some StackGres Pods properties: operator: type: object description: | Section to define volumes to be used by the operator container properties: volumes: type: array description: Pod volumes. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#volume-v1-core items: type: object x-kubernetes-preserve-unknown-fields: true volumeMounts: type: array description: Pod's container volume mounts. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#volumemount-v1-core items: type: object x-kubernetes-preserve-unknown-fields: true stream: type: object description: | Section to define volumes to be used by the stream container properties: volumes: type: array description: Pod volumes. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#volume-v1-core items: type: object x-kubernetes-preserve-unknown-fields: true volumeMounts: type: array description: Pod's container volume mounts. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#volumemount-v1-core items: type: object x-kubernetes-preserve-unknown-fields: true restapi: type: object description: | Section to define volumes to be used by the restapi container properties: volumes: type: array description: Pod volumes. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#volume-v1-core items: type: object x-kubernetes-preserve-unknown-fields: true volumeMounts: type: array description: Pod's container volume mounts. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#volumemount-v1-core items: type: object x-kubernetes-preserve-unknown-fields: true adminui: type: object description: | Section to define volumes to be used by the adminui container properties: volumes: type: array description: Pod volumes. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#volume-v1-core items: type: object x-kubernetes-preserve-unknown-fields: true volumeMounts: type: array description: Pod's container volume mounts. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#volumemount-v1-core items: type: object x-kubernetes-preserve-unknown-fields: true jobs: type: object description: | Section to define volumes to be used by the jobs container properties: volumes: type: array description: Pod volumes. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#volume-v1-core items: type: object x-kubernetes-preserve-unknown-fields: true volumeMounts: type: array description: Pod's container volume mounts. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#volumemount-v1-core items: type: object x-kubernetes-preserve-unknown-fields: true clusterController: type: object description: | Section to define volumes to be used by the cluster controller container properties: volumes: type: array description: Pod volumes. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#volume-v1-core items: type: object x-kubernetes-preserve-unknown-fields: true volumeMounts: type: array description: Pod's container volume mounts. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#volumemount-v1-core items: type: object x-kubernetes-preserve-unknown-fields: true distributedlogsController: type: object description: | Section to define volumes to be used by the distributedlogs controller container properties: volumes: type: array description: Pod volumes. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#volume-v1-core items: type: object x-kubernetes-preserve-unknown-fields: true volumeMounts: type: array description: Pod's container volume mounts. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#volumemount-v1-core items: type: object x-kubernetes-preserve-unknown-fields: true status: type: object description: Status defines the observed state of SGConfig x-kubernetes-preserve-unknown-fields: true properties: conditions: type: array items: type: object properties: lastTransitionTime: description: Last time the condition transitioned from one status to another. type: string message: description: A human readable message indicating details about the transition. type: string reason: description: The reason for the condition's last transition. type: string status: description: Status of the condition, one of True, False, Unknown. type: string type: description: Type of deployment condition. type: string version: type: string description: Latest version of the operator used to check for updates removeOldOperatorBundleResources: type: boolean description: Indicate when the old operator bundle resources has been removed grafana: type: object properties: urls: description: Grafana URLs to StackGres dashboards type: array items: type: string description: Grafana URL to StackGres dashboards preceded by the dashboard name and a semicolon `:` token: description: Grafana Token that allow to access dashboards type: string configHash: description: Grafana configuration hash type: string existingCrUpdatedToVersion: type: string description: Indicate the version to which existing CRs have been updated to