# -- The container registry host (and port) where the images will be pulled from. containerRegistry: quay.io # -- Image pull policy used for images loaded by the Operator imagePullPolicy: "IfNotPresent" # -- Section to configure Operator allowed namespaces that the operator is allowed to use. If empty all namespaces will be allowed (default). allowedNamespaces: [] # Section to configure Operator Installation ServiceAccount serviceAccount: # -- If `true` the Operator Installation ServiceAccount will be created create: true # -- Section to configure Operator ServiceAccount annotations annotations: {} # -- Repositories credentials Secret names to attach to ServiceAccounts and Pods repoCredentials: [] # Section to configure Operator Pod operator: # Section to configure Operator image image: # -- Operator image name name: "stackgres/operator" # -- Operator image tag tag: "1.14.0" # -- Operator image pull policy pullPolicy: "IfNotPresent" # -- Operator Pod annotations annotations: {} # -- Operator Pod resources. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#resourcerequirements-v1-core resources: {} # -- Operator Pod node selector nodeSelector: {} # -- Operator Pod tolerations. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core tolerations: [] # -- Operator Pod affinity. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core affinity: {} # Section to configure Operator ServiceAccount serviceAccount: # -- Section to configure Operator ServiceAccount annotations annotations: {} # -- Repositories credentials Secret names to attach to ServiceAccounts and Pods repoCredentials: [] # Section to configure Operator Service service: # -- Section to configure Operator Service annotations annotations: {} # Section to configure REST API Pod restapi: # -- REST API Deployment name name: stackgres-restapi # Section to configure REST API image image: # -- REST API image name name: "stackgres/restapi" # -- REST API image tag tag: "1.14.0" # -- REST API image pull policy pullPolicy: "IfNotPresent" # -- REST API Pod annotations annotations: {} # -- REST API Pod resources. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#resourcerequirements-v1-core resources: {} # -- REST API Pod node selector nodeSelector: {} # -- REST API Pod tolerations. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core tolerations: [] # -- REST API Pod affinity. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core affinity: {} # Section to configure REST API ServiceAccount serviceAccount: # -- REST API ServiceAccount annotations annotations: {} # -- Repositories credentials Secret names to attach to ServiceAccounts and Pods repoCredentials: [] # Section to configure REST API Service service: # -- REST API Service annotations annotations: {} # Section to configure Web Console container adminui: # Section to configure Web Console image image: # -- Web Console image name name: "stackgres/admin-ui" # -- Web Console image tag tag: "1.14.0" # -- Web Console image pull policy pullPolicy: "IfNotPresent" # -- Web Console resources. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#resourcerequirements-v1-core resources: {} # Section to configure Web Console service. service: # -- When set to `true` the HTTP port will be exposed in the Web Console Service exposeHTTP: False # -- The type used for the service of the UI: # * Set to LoadBalancer to create a load balancer (if supported by the kubernetes cluster) # to allow connect from Internet to the UI. Note that enabling this feature will probably incurr in # some fee that depend on the host of the kubernetes cluster (for example this is true for EKS, GKE # and AKS). # * Set to NodePort to expose admin UI from kubernetes nodes. type: NodePort # -- (string) LoadBalancer will get created with the IP specified in # this field. This feature depends on whether the underlying cloud-provider supports specifying # the loadBalancerIP when a load balancer is created. This field will be ignored if the # cloud-provider does not support the feature. loadBalancerIP: # -- (array) If specified and supported by the platform, # this will restrict traffic through the cloud-provider load-balancer will be restricted to the # specified client IPs. This field will be ignored if the cloud-provider does not support the # feature. # More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/ loadBalancerSourceRanges: # -- (integer) The HTTPS port used to expose the Service on Kubernetes nodes nodePort: # -- (integer) The HTTP port used to expose the Service on Kubernetes nodes nodePortHTTP: # Section to configure OpenTelemetry Collector collector: # -- OpenTelemetry Collector Deployment/DeamonSet base name name: stackgres-collector # Section to configure OpenTelemetry Collector receivers # # By default a single instance of OpenTelemetry Collector will be created. # This section allow to have a variable number of OpenTelemetry Collector # exporters (by default equals to the number of Pod with metrics enabled) # that will scrape the metrics separately and send them to a defined number # of OpenTelemetry Collector receivers (by default 1). receivers: # -- When true the OpenTelemetry Collector receivers will be enabled enabled: false # -- Allow to increase the number of OpenTelemetry Collector exporters if receivers is enabled exporters: 1 # Section to configure OpenTelemetry Colelctor receivers Deployments. # # If receivers is enabled and this section is not defined # a number of Deployments equals to the number of SGClusters Pods that has `SGCluster.spec.configurations.observability.disableMetrics` set to `false`, # each with a pod affinity that match a different SGCluster's Pod and a configuration that will scrape from the same SGCluster's Pod. # # When deployments is defined, each Deployment will have a configuration that will scrape from a partition of the list of all the SGClusters Pods ordered by # the `Pod.metadata.creationTimestamp` (from older to newer), the `Pod.metadata.namespace` (alphabetically and ascending) and the `Pod.metadata.name` # (alphabetically and ascending). deployments: # -- OpenTelemetry Collector receivers Deployment list of a specific SGCluster Pods to be included together with the Pod list partition as described above. # - sgClusters: # -- namespace of an SGCluster. # - namespace: my-cluster-namespace # -- name of an SGCluster. # name: my-cluster-name # -- Indexes of the Pods to include. If not set all the SGCluster Pods will be included. # indexes: # - 0 # -- OpenTelemetry Collector receivers Deployment Pod resources # resources: {} # -- OpenTelemetry Collector receivers Deployment Pod affinity. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#resourcerequirements-v1-core # affinity: {} # -- OpenTelemetry Collector receivers Deployment Pod annotations. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#affinity-v1-core # annotations: {} # -- OpenTelemetry Collector receivers Deployment Pod node slector # nodeSelector: {} # -- OpenTelemetry Collector receivers Deployment Pod tolerations. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core # tolerations: [] # -- OpenTelemetry Collector Pod resources. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#resourcerequirements-v1-core resources: {} # -- OpenTelemetry Collector Pod affinity affinity: {} # -- OpenTelemetry Collector Pod annotations. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#affinity-v1-core annotations: {} # -- OpenTelemetry Collector Pod node slector nodeSelector: {} # -- OpenTelemetry Collector Pod tolerations. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core tolerations: [] # Section to configure OpenTelemetry Collector ServiceAccount serviceAccount: # -- OpenTelemetry Collector ServiceAccount annotations annotations: {} # Section to configure OpenTelemetry Collector Service service: # -- OpenTelemetry Collector Service annotations annotations: {} # Section to configure OpenTelemetry Collector Service specs. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#servicespec-v1-core spec: type: ClusterIP ports: - name: prom-http protocol: TCP port: 9464 targetPort: prom-http # Section to configure OpenTelemetry Collector Ports. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#containerport-v1-core ports: - name: prom-http protocol: TCP containerPort: 9464 # Section to configure OpenTelemetry Collector Volume Mounts. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#volumemount-v1-core volumeMounts: [] # Section to configure OpenTelemetry Collector Volumes. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#volume-v1-core volumes: [] # Section to configure OpenTelemetry Collector Configuration. See https://opentelemetry.io/docs/collector/configuration config: processors: {} receivers: otlp: protocols: grpc: endpoint: "0.0.0.0:4317" tls: ca_file: "/etc/operator/certs/tls.crt" cert_file: "/etc/operator/certs/tls.crt" key_file: "/etc/operator/certs/tls.key" exporters: prometheus: endpoint: "0.0.0.0:9464" tls: ca_file: "/etc/operator/certs/tls.crt" cert_file: "/etc/operator/certs/tls.crt" key_file: "/etc/operator/certs/tls.key" reload_interval: 10m send_timestamps: true metric_expiration: 180m enable_open_metrics: false resource_to_telemetry_conversion: enabled: false otlp: endpoint: stackgres-collector:4317 tls: ca_file: "/etc/operator/certs/tls.crt" service: extensions: [] pipelines: metrics: receivers: - prometheus processors: [] exporters: - debug - prometheus # Section to configure OpenTelemetry Collector integration with Prometheus Operator. prometheusOperator: # -- If set to false or monitors is set automatic bind to Prometheus # created using the [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator) will be disabled. # If disabled the cluster will not be binded to Prometheus automatically and will require manual configuration. # Will be ignored if monitors is set allowDiscovery: true # Optional section to configure PodMonitors for specific Prometheus instances # *WARNING*: resources created by this integration that does set # the metadata namespace to the same as the operator will not # be removed when removing the helm chart. Changing the namespace # may require configure the Prometheus CR properly in order to # discover PodMonitor in such namespace. monitors: # - name: # # Required. Will allow to create a PodMonitor in the Prometheus CR namespace that will scrape from the collector Pod pointing by default to the prometheus exporter # namespace: # # Required. Will allow to create a PodMonitor in the Prometheus CR namespace that will scrape from the collector Pod pointing by default to the prometheus exporter # metadata: # overwrite some PodMonitor metadata # name: # namespace: # changing the namespace may require configure the Prometheus CR properly in order to discover PodMonitor in such namespace. # labels: # annotations: # ownerReferences: # spec: {} # PodMonitor spec that will be overwritten by the operator # Section to configure Operator Installation Jobs jobs: # Section to configure Operator Installation Jobs image image: # -- Operator Installation Jobs image name name: "stackgres/jobs" # -- Operator Installation Jobs image tag tag: "1.14.0" # -- Operator Installation Jobs image pull policy pullPolicy: "IfNotPresent" # -- Operator Installation Jobs annotations annotations: {} # -- Operator Installation Jobs resources. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#resourcerequirements-v1-core resources: {} # -- Operator Installation Jobs node selector nodeSelector: {} # -- Operator Installation Jobs tolerations. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core tolerations: [] # -- Operator Installation Jobs affinity. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core affinity: {} # Section to configure deployment aspects. deploy: # -- When set to `true` the Operator will be deployed. operator: true # -- When set to `true` the Web Console / REST API will be deployed. restapi: true # -- When set to `true` the OpenTelemetry Collector will be deployed. collector: false # Section to configure the Operator, REST API and Web Console certificates and JWT RSA key-pair. cert: # -- If set to `true` the CertificateSigningRequest used to generate the certificate used by # Webhooks will be approved by the Operator Installation Job. autoapprove: true # -- When set to `true` the Operator certificate will be created. createForOperator: true # -- When set to `true` the Web Console / REST API certificate will be created. createForWebApi: true # -- When set to `true` the OpenTelemetry Collector certificate will be created. createForCollector: true # -- (string) The Secret name with the Operator Webhooks certificate issued by the Kubernetes cluster CA # of type kubernetes.io/tls. See https://kubernetes.io/docs/concepts/configuration/secret/#tls-secrets secretName: # -- When set to `true` the Operator certificates will be regenerated if `createForOperator` is set to `true`, and the certificate is expired or invalid. regenerateCert: true # -- (integer) The duration in days of the generated certificate for the Operator after which it will expire and be regenerated. # If not specified it will be set to 730 (2 years) by default. certDuration: 730 # -- (string) The Secret name with the Web Console / REST API certificate # of type kubernetes.io/tls. See https://kubernetes.io/docs/concepts/configuration/secret/#tls-secrets webSecretName: # -- When set to `true` the Web Console / REST API certificates will be regenerated if `createForWebApi` is set to `true`, and the certificate is expired or invalid. regenerateWebCert: true # -- When set to `true` the Web Console / REST API RSA key pair will be regenerated if `createForWebApi` is set to `true`, and the certificate is expired or invalid. regenerateWebRsa: true # -- (integer) The duration in days of the generated certificate for the Web Console / REST API after which it will expire and be regenerated. # If not specified it will be set to 730 (2 years) by default. webCertDuration: # -- (integer) The duration in days of the generated RSA key pair for the Web Console / REST API after which it will expire and be regenerated. # If not specified it will be set to 730 (2 years) by default. webRsaDuration: # -- (string) The private RSA key used to create the Operator Webhooks certificate issued by the # Kubernetes cluster CA. key: # -- (string) The Operator Webhooks certificate issued by Kubernetes cluster CA. crt: # -- (string) The private RSA key used to generate JWTs used in REST API authentication. jwtRsaKey: # -- (string) The public RSA key used to verify JWTs used in REST API authentication. jwtRsaPub: # -- (string) The private RSA key used to create the Web Console / REST API certificate webKey: # -- (string) The Web Console / REST API certificate webCrt: # Section to configure cert-manager integration to generate Operator certificates certManager: # -- When set to `true` then Issuer and Certificate for Operator and Web Console / REST API # Pods will be generated autoConfigure: false # -- The requested duration (i.e. lifetime) of the Certificates. See https://cert-manager.io/docs/reference/api-docs/#cert-manager.io%2fv1 duration: "2160h" # -- How long before the currently issued certificate’s expiry cert-manager should renew the certificate. See https://cert-manager.io/docs/reference/api-docs/#cert-manager.io%2fv1 renewBefore: "360h" # -- The private key cryptography standards (PKCS) encoding for this certificate’s private key to be encoded in. See https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificatePrivateKey encoding: PKCS1 # -- Size is the key bit size of the corresponding private key for this certificate. See https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificatePrivateKey size: 2048 # Section to configure RBAC for Web Console admin user rbac: # -- When set to `true` the admin user is assigned the `cluster-admin` ClusterRole by creating # ClusterRoleBinding. create: true # Section to configure Web Console authentication authentication: # -- Specify the authentication mechanism to use. By default is `jwt`, see https://stackgres.io/doc/latest/api/rbac#local-secret-mechanism. # If set to `oidc` then see https://stackgres.io/doc/latest/api/rbac/#openid-connect-provider-mechanism. type: jwt # -- (boolean) When `true` will create the secret used to store the `admin` user credentials to access the UI. createAdminSecret: true # -- The admin username that will be required to access the UI user: admin # -- (string) The admin password that will be required to access the UI password: # Section to configure Web Console OIDC authentication oidc: # tlsVerification -- (string) Can be one of `required`, `certificate-validation` or `none` # tlsVerification: # authServerUrl -- (string) # authServerUrl: # clientId -- (string) # clientId: # credentialsSecret -- (string) # credentialsSecret: # clientIdSecretRef -- (object) # clientIdSecretRef: # name -- (string) # name: # key -- (string) # key: # credentialsSecretSecretRef -- (object) # credentialsSecretSecretRef: # name -- (string) # name: # key -- (string) # key: # Section to configure Grafana integration grafana: # -- When set to `true` embed automatically Grafana into the Web Console by creating the # StackGres dashboards and the read-only role used to read it from the Web Console autoEmbed: false # -- The schema to access Grafana. By default http. (used to embed manually and # automatically grafana) schema: http # -- (string) The service host name to access grafana (used to embed manually and # automatically Grafana). # The parameter value should point to the grafana service following the # [DNS reference](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/) `svc_name.namespace` webHost: # -- The datasource name used to create the StackGres Dashboards into Grafana datasourceName: Prometheus # -- The username to access Grafana. By default admin. (used to embed automatically # Grafana) user: admin # -- The password to access Grafana. By default prom-operator (the default in for # kube-prometheus-stack helm chart). (used to embed automatically Grafana) password: prom-operator # -- Use follwing fields to indicate a secret where the grafana admin credentials are stored (replace user/password) # -- (string) The namespace of secret with credentials to access Grafana. (used to # embed automatically Grafana, alternative to use `user` and `password`) secretNamespace: # -- (string) The name of secret with credentials to access Grafana. (used to embed # automatically Grafana, alternative to use `user` and `password`) secretName: # -- (string) The key of secret with username used to access Grafana. (used to embed # automatically Grafana, alternative to use `user` and `password`) secretUserKey: # -- (string) The key of secret with password used to access Grafana. (used to # embed automatically Grafana, alternative to use `user` and `password`) secretPasswordKey: # -- (string) The ConfigMap name with the dashboard JSONs # that will be created in Grafana. If not set the default # StackGres dashboards will be created. (used to embed automatically Grafana) dashboardConfigMap: # -- (array) The URLs of the PostgreSQL dashboards created in Grafana (used to embed manually # Grafana). It must contain an entry for each JSON file under `grafana-dashboards` folder: `archiving.json`, # `connection-pooling.json`, `current-activity.json`, `db-info.json`, `db-objects.json`, `db-os.json`, `queries.json` # and `replication.json` urls: # Create and copy/paste grafana API token: # - Grafana > Configuration > API Keys > Add API key (for viewer) > Copy key value # -- (string) The Grafana API token to access the PostgreSQL dashboards created # in Grafana (used to embed manually Grafana) token: # Section to configure extensions extensions: # -- A list of extensions repository URLs used to retrieve extensions # # To set a proxy for extensions repository add parameter proxyUrl to the URL: # `https://extensions.stackgres.io/postgres/repository?proxyUrl=%3A%2F%2F[%3A]` (URL encoded) # # Other URL parameters are: # # * `skipHostnameVerification`: set it to `true` in order to use a server or a proxy with a self signed certificate # * `retry`: set it to `[:]` in order to retry a request on failure # * `setHttpScheme`: set it to `true` in order to force using HTTP scheme repositoryUrls: - https://extensions.stackgres.io/postgres/repository # Section to configure extensions cache (experimental). # # This feature is in beta and may cause failures, please use with caution and report any # error to https://gitlab.com/ongresinc/stackgres/-/issues/new cache: # -- When set to `true` enable the extensions cache. # # This feature is in beta and may cause failures, please use with caution and report any # error to https://gitlab.com/ongresinc/stackgres/-/issues/new enabled: false # -- An array of extensions pattern used to pre-loaded estensions into the extensions cache preloadedExtensions: - x86_64/linux/timescaledb-1\.7\.4-pg12 # Section to configure the extensions cache PersistentVolume persistentVolume: # -- The PersistentVolume size for the extensions cache # # Only use whole numbers (e.g. not 1e6) and K/Ki/M/Mi/G/Gi as units size: 1Gi # -- (string) If defined set storage class # If set to "-" (equivalent to storageClass: "" in a PV spec) disables # dynamic provisioning # If undefined (the default) or set to null, no storageClass spec is # set, choosing the default provisioner. (gp2 on AWS, standard on # GKE, AWS & OpenStack) storageClass: # -- (string) If set, will use a host path volume with the specified path for the extensions cache # instead of a PersistentVolume hostPath: # Following options are for developers only, but can also be useful in some cases ;) # Section to configure developer options. developer: # -- (string) Set the operator version (used for testing) version: # -- (string) Set `quarkus.log.level`. See https://quarkus.io/guides/logging#root-logger-configuration logLevel: # -- If set to `true` add extra debug to any script controlled by the reconciliation cycle of the operator configuration showDebug: false # -- Set `quarkus.log.console.format` to `%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c{4.}] (%t) %s%e%n`. See https://quarkus.io/guides/logging#logging-format showStackTraces: false # -- Only work with JVM version and allow connect # on port 8000 of operator Pod with jdb or similar enableJvmDebug: false # -- Only work with JVM version and if `enableJvmDebug` is `true` # suspend the JVM until a debugger session is started enableJvmDebugSuspend: false # -- (string) Set the external Operator IP externalOperatorIp: # -- (integer) Set the external Operator port externalOperatorPort: # -- (string) Set the external REST API IP externalRestApiIp: # -- (integer) Set the external REST API port externalRestApiPort: # -- If set to `true` and `extensions.cache.enabled` is also `true` # it will try to download extensions from images (experimental) allowPullExtensionsFromImageRepository: false # -- It set to `true` disable arbitrary user that is set for OpenShift clusters disableArbitraryUser: false # Section to define patches for some StackGres Pods patches: # Section to define volumes to be used by the operator container operator: # -- Pod volumes. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volume-v1-core volumes: [] # -- Pod's container volume mounts. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volumemount-v1-core volumeMounts: [] # Section to define volumes to be used by the restapi container restapi: # -- Pod volumes. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volume-v1-core volumes: [] # -- Pod's container volume mounts. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volumemount-v1-core volumeMounts: [] # Section to define volumes to be used by the adminui container adminui: # -- Pod volumes. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volume-v1-core volumes: [] # -- Pod's container volume mounts. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volumemount-v1-core volumeMounts: [] # Section to define volumes to be used by the jobs container jobs: # -- Pod volumes. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volume-v1-core volumes: [] # -- Pod's container volume mounts. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volumemount-v1-core volumeMounts: [] # Section to define volumes to be used by the cluster controller container clusterController: # -- Pod volumes. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volume-v1-core volumes: [] # -- Pod's container volume mounts. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volumemount-v1-core volumeMounts: [] # Section to define volumes to be used by the distributedlogs controller container distributedlogsController: # -- Pod volumes. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volume-v1-core volumes: [] # -- Pod's container volume mounts. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volumemount-v1-core volumeMounts: []