| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285 |
- apiVersion: apiextensions.k8s.io/v1
- kind: CustomResourceDefinition
- metadata:
- name: sgobjectstorages.stackgres.io
- spec:
- group: stackgres.io
- scope: Namespaced
- names:
- kind: SGObjectStorage
- listKind: SGObjectStorageList
- plural: sgobjectstorages
- singular: sgobjectstorage
- shortNames:
- - sgobjs
- versions:
- - name: v1beta1
- served: true
- storage: true
- additionalPrinterColumns:
- - name: type
- type: string
- jsonPath: .spec.type
- schema:
- openAPIV3Schema:
- type: object
- required: ["metadata", "spec"]
- properties:
- metadata:
- type: object
- properties:
- name:
- type: string
- description: |
- Name of the Object Storage configuration.
- The name must be unique across all object storage configurations in the same namespace.
- spec:
- type: object
- description: |
- Object Storage configuration
- properties:
- type:
- type: string
- enum: ["s3", "s3Compatible", "gcs", "azureBlob"]
- description: |
- Determine the type of object storage used for storing the base backups and WAL segments.
- Possible values:
- * `s3`: Amazon Web Services S3 (Simple Storage Service).
- * `s3Compatible`: non-AWS services that implement a compatibility API with AWS S3.
- * `gcs`: Google Cloud Storage.
- * `azureBlob`: Microsoft Azure Blob Storage.
- s3:
- type: object
- description: |
- Amazon Web Services S3 configuration.
- properties:
- bucket:
- type: string
- pattern: '^((s3|https?)://)?[^/]+(/[^/]*)*$'
- description: |
- AWS S3 bucket name.
- region:
- type: string
- description: |
- The AWS S3 region. The Region may be detected using s3:GetBucketLocation, but if you wish to avoid giving permissions to this API call or forbid it from the applicable IAM policy, you must then specify this property.
- storageClass:
- type: string
- description: |
- The [Amazon S3 Storage Class](https://aws.amazon.com/s3/storage-classes/) to use for the backup object storage. By default, the `STANDARD` storage class is used. Other supported values include `STANDARD_IA` for Infrequent Access and `REDUCED_REDUNDANCY`.
- awsCredentials:
- type: object
- description: |
- The credentials to access AWS S3 for writing and reading.
- properties:
- secretKeySelectors:
- type: object
- description: |
- Kubernetes [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#secretkeyselector-v1-core)(s) to reference the Secrets that contain the information about the `awsCredentials`. Note that you may use the same or different Secrets for the `accessKeyId` and the `secretAccessKey`. In the former case, the `keys` that identify each must be, obviously, different.
- properties:
- accessKeyId:
- type: object
- description: |
- AWS [access key ID](https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys). For example, `AKIAIOSFODNN7EXAMPLE`.
- properties:
- key:
- type: string
- description: |
- The key of the secret to select from. Must be a valid secret key.
- name:
- type: string
- description: |
- Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
- required: ["key", "name"]
- secretAccessKey:
- type: object
- description: |
- AWS [secret access key](https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys). For example, `wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY`.
- properties:
- key:
- type: string
- description: |
- The key of the secret to select from. Must be a valid secret key.
- name:
- type: string
- description: |
- Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
- required: ["key", "name"]
- required: ["accessKeyId", "secretAccessKey"]
- required: ["secretKeySelectors"]
- required: ["bucket", "awsCredentials"]
- s3Compatible:
- type: object
- description: "AWS S3-Compatible API configuration"
- properties:
- bucket:
- type: string
- pattern: '^((s3|https?)://)?[^/]+(/[^/]*)*$'
- description: |
- Bucket name.
- enablePathStyleAddressing:
- type: boolean
- description: |
- Enable path-style addressing (i.e. `http://s3.amazonaws.com/BUCKET/KEY`) when connecting to an S3-compatible service that lacks support for sub-domain style bucket URLs (i.e. `http://BUCKET.s3.amazonaws.com/KEY`).
-
- Defaults to false.
- endpoint:
- type: string
- description: |
- Overrides the default url to connect to an S3-compatible service.
- For example: `http://s3-like-service:9000`.
- region:
- type: string
- description: |
- The AWS S3 region. The Region may be detected using s3:GetBucketLocation, but if you wish to avoid giving permissions to this API call or forbid it from the applicable IAM policy, you must then specify this property.
- storageClass:
- type: string
- description: |
- The [Amazon S3 Storage Class](https://aws.amazon.com/s3/storage-classes/) to use for the backup object storage. By default, the `STANDARD` storage class is used. Other supported values include `STANDARD_IA` for Infrequent Access and `REDUCED_REDUNDANCY`.
- awsCredentials:
- type: object
- description: |
- The credentials to access AWS S3 for writing and reading.
- properties:
- secretKeySelectors:
- type: object
- description: |
- Kubernetes [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#secretkeyselector-v1-core)(s) to reference the Secret(s) that contain the information about the `awsCredentials`. Note that you may use the same or different Secrets for the `accessKeyId` and the `secretAccessKey`. In the former case, the `keys` that identify each must be, obviously, different.
- properties:
- accessKeyId:
- type: object
- description: |
- AWS [access key ID](https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys). For example, `AKIAIOSFODNN7EXAMPLE`.
- properties:
- key:
- type: string
- description: |
- The key of the secret to select from. Must be a valid secret key.
- name:
- type: string
- description: |
- Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
- required: ["key", "name"]
- secretAccessKey:
- type: object
- description: |
- AWS [secret access key](https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys). For example, `wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY`.
- properties:
- key:
- type: string
- description: |
- The key of the secret to select from. Must be a valid secret key.
- name:
- type: string
- description: |
- Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
- required: ["key", "name"]
- caCertificate:
- type: object
- description: |
- CA Certificate file to be used when connecting to the S3 Compatible Service.
- properties:
- key:
- type: string
- description: |
- The key of the secret to select from. Must be a valid secret key.
- name:
- type: string
- description: |
- Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
- required: ["key", "name"]
- required: ["accessKeyId", "secretAccessKey"]
- required: ["secretKeySelectors"]
- required: ["bucket", "awsCredentials"]
- gcs:
- type: object
- description: |
- Google Cloud Storage configuration.
- properties:
- bucket:
- type: string
- pattern: "^(gs://)?[^/]+(/[^/]*)*$"
- description: |
- GCS bucket name.
- gcpCredentials:
- type: object
- description: |
- The credentials to access GCS for writing and reading.
- properties:
- fetchCredentialsFromMetadataService:
- type: boolean
- description: |
- If true, the credentials will be fetched from the GCE/GKE metadata service and the field `secretKeySelectors` have to be set to null or omitted.
-
- This is useful when running StackGres inside a GKE cluster using [Workload Identity](https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity).
- secretKeySelectors:
- type: object
- description: |
- A Kubernetes [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#secretkeyselector-v1-core) to reference the Secrets that contain the information about the Service Account to access GCS.
- properties:
- serviceAccountJSON:
- type: object
- description: |
- A service account key from GCP. In JSON format, as downloaded from the GCP Console.
- properties:
- key:
- type: string
- description: |
- The key of the secret to select from. Must be a valid secret key.
- name:
- type: string
- description: |
- Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
- required: [ "key", "name" ]
- required: [ "serviceAccountJSON" ]
- required: [ "bucket", "gcpCredentials" ]
- azureBlob:
- type: object
- description: |
- Azure Blob Storage configuration.
- properties:
- bucket:
- type: string
- pattern: "^(azure://)?[^/]+(/[^/]*)*$"
- description: |
- Azure Blob Storage bucket name.
- azureCredentials:
- type: object
- description: |
- The credentials to access Azure Blob Storage for writing and reading.
- properties:
- secretKeySelectors:
- type: object
- description: |
- Kubernetes [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#secretkeyselector-v1-core)(s) to reference the Secret(s) that contain the information about the `azureCredentials`. . Note that you may use the same or different Secrets for the `storageAccount` and the `accessKey`. In the former case, the `keys` that identify each must be, obviously, different.
- properties:
- storageAccount:
- type: object
- description: |
- The [Storage Account](https://docs.microsoft.com/en-us/azure/storage/common/storage-account-overview?toc=/azure/storage/blobs/toc.json) that contains the Blob bucket to be used.
- properties:
- key:
- type: string
- description: |
- The key of the secret to select from. Must be a valid secret key.
- name:
- type: string
- description: |
- Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
- required: [ "key", "name" ]
- accessKey:
- type: object
- description: |
- The [storage account access key](https://docs.microsoft.com/en-us/azure/storage/common/storage-account-keys-manage?tabs=azure-portal).
- properties:
- key:
- type: string
- description: |
- The key of the secret to select from. Must be a valid secret key.
- name:
- type: string
- description: |
- Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
- required: [ "key", "name" ]
- required: [ "storageAccount", "accessKey" ]
- required: [ "bucket", "azureCredentials" ]
- required: [ "type" ]
|
