-
-
Save tahmmee/3c48001cec378e497a8bed216996a4bf to your computer and use it in GitHub Desktop.
values
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Couchbase Operator Chart Values | |
# AntiAffinity forces the Operator to schedule different Couchbase server pods | |
# on different Kubernetes nodes. Anti-affinity reduces the likelihood of | |
# unrecoverable failure in the event of a node issue. Use of anti-affinity is | |
# highly recommended for production clusters. | |
antiAffinity: ahh | |
# AutoResourceAllocation populates pod resource requests based on the services | |
# running on that pod. When enabled, this feature will calculate the memory | |
# request as the total of service allocations defined in `spec.cluster`, plus an | |
# overhead defined by `spec.autoResourceAllocation.overheadPercent`.Changing | |
# individual allocations for a service will cause a cluster upgrade as | |
# allocations are modified in the underlying pods. This field also allows | |
# default pod CPU requests and limits to be applied. All resource allocations | |
# can be overridden by explcitly configuring them in the | |
# `spec.servers.resources` field. | |
autoResourceAllocation: | |
# CPULimits automatically populates the CPU limits across all Couchbase server | |
# pods. This field defaults to "4" CPUs. Explicitly specifying the CPU limit | |
# for a particular server class will override this value. More info: | |
# https://kubernetes.io/docs/concepts/configuration/manage-resources- | |
# containers/#resource-units-in-kubernetes | |
cpuLimits: '4' | |
# CPURequests automatically populates the CPU requests across all Couchbase | |
# server pods. The default vaule of "2", is the minimum recommended number of | |
# CPUs required to run Couchbase Server. Explicitly specifying the CPU | |
# request for a particular server class will override this value. More info: | |
# https://kubernetes.io/docs/concepts/configuration/manage-resources- | |
# containers/#resource-units-in-kubernetes | |
cpuRequests: '2' | |
# Enabled defines whether auto-resource allocation is enabled. | |
enabled: ahh | |
# OverheadPercent defines the amount of memory above that required for | |
# individual services on a pod. For Couchbase Server this should be | |
# approximately 25%. | |
overheadPercent: 25 | |
# AutoscaleStabilizationPeriod defines how long after a rebalance the | |
# corresponding HorizontalPodAutoscaler should remain in maintenance mode. | |
# During maintenance mode all autoscaling is disabled since every | |
# HorizontalPodAutoscaler associated with the cluster becomes inactive. Since | |
# certain metrics can be unpredictable when Couchbase is rebalancing or | |
# upgrading, setting a stabilization period helps to prevent scaling | |
# recommendations from the HorizontalPodAutoscaler for a provided period of | |
# time. Values must be a valid Kubernetes duration of 0s or higher: | |
# https://golang.org/pkg/time/#ParseDuration A value of 0, puts the cluster in | |
# maintenance mode during rebalance but immediately exits this mode once the | |
# rebalance has completed. When undefined, the HPA is never put into maintenance | |
# mode during rebalance. | |
autoscaleStabilizationPeriod: ahh | |
# Backup defines whether the Operator should manage automated backups, and how | |
# to lookup backup resources. | |
backup: | |
# The Backup Image to run on backup pods | |
image: ahh | |
# ImagePullSecrets allow you to use an image from private repositories and | |
# non-dockerhub ones. | |
imagePullSecrets: ahh | |
# Managed defines whether backups are managed by us or the clients. | |
managed: ahh | |
# NodeSelector defines which nodes to constrain the pods that run any backup | |
# operations to | |
nodeSelector: ahh | |
# Resources is the resource requirements for the backup container. Will be | |
# populated by defaults if not specified. | |
resources: | |
# Limits describes the maximum amount of compute resources allowed. More | |
# info: https://kubernetes.io/docs/concepts/configuration/manage-compute- | |
# resources-container/ | |
limits: ahh | |
# Requests describes the minimum amount of compute resources required. If | |
# Requests is omitted for a container, it defaults to Limits if that is | |
# explicitly specified, otherwise to an implementation-defined value. More | |
# info: https://kubernetes.io/docs/concepts/configuration/manage-compute- | |
# resources-container/ | |
requests: ahh | |
# S3Secret contains the region and credentials for operating backups in S3 | |
s3Secret: ahh | |
# Selector allows CouchbaseBackup and CouchbaseBackupRestore resources to be | |
# filtered based on labels. | |
selector: | |
# matchExpressions is a list of label selector requirements. The | |
# requirements are ANDed. | |
matchExpressions: ahh | |
# matchLabels is a map of {key,value} pairs. A single {key,value} in the | |
# matchLabels map is equivalent to an element of matchExpressions, whose key | |
# field is "key", the operator is "In", and the values array contains only | |
# "value". The requirements are ANDed. | |
matchLabels: ahh | |
# The Service Account to run backup (and restore) pods under. Without this | |
# backup pods will not be able to update status | |
serviceAccountName: ahh | |
# Tolerations specifies all backup pod tolerations. | |
tolerations: ahh | |
# Buckets defines whether the Operator should manage buckets, and how to lookup | |
# bucket resources. | |
buckets: | |
# Managed defines whether buckets are managed by us or the clients. | |
managed: ahh | |
# Selector is a label selector used to list buckets in the namespace that are | |
# managed by the Operator. | |
selector: | |
# matchExpressions is a list of label selector requirements. The | |
# requirements are ANDed. | |
matchExpressions: ahh | |
# matchLabels is a map of {key,value} pairs. A single {key,value} in the | |
# matchLabels map is equivalent to an element of matchExpressions, whose key | |
# field is "key", the operator is "In", and the values array contains only | |
# "value". The requirements are ANDed. | |
matchLabels: ahh | |
# ClusterSettings define Couchbase cluster-wide settings such as memory | |
# allocation, failover characteristics and index settings. | |
cluster: | |
# AnalyticsServiceMemQuota is the amount of memory that should be allocated to | |
# the analytics service. This value is per-pod, and only applicable to pods | |
# belonging to server classes running the analytics service. This field must | |
# be a quantity greater than or equal to 1Gi. This field defaults to 1Gi. | |
# More info: https://kubernetes.io/docs/concepts/configuration/manage- | |
# resources-containers/#resource-units-in-kubernetes | |
analyticsServiceMemoryQuota: 1Gi | |
# AutoCompaction allows the configuration of auto-compaction, including on | |
# what conditions disk space is reclaimed and when it is allowed to run. | |
autoCompaction: | |
# DatabaseFragmentationThreshold defines triggers for when database | |
# compaction should start. | |
databaseFragmentationThreshold: | |
# Percent is the percentage of disk fragmentation after which to | |
# decompaction will be triggered. This field must be in the range 2-100, | |
# defaulting to 30. | |
percent: 30 | |
# Size is the amount of disk framentation, that once exceeded, will | |
# trigger decompaction. More info: | |
# https://kubernetes.io/docs/concepts/configuration/manage-resources- | |
# containers/#resource-units-in-kubernetes | |
size: ahh | |
# ParallelCompaction controls whether database and view compactions can | |
# happen in parallel. | |
parallelCompaction: ahh | |
# TimeWindow allows restriction of when compaction can occur. | |
timeWindow: | |
# AbortCompactionOutsideWindow stops compaction processes when the process | |
# moves outside the window. | |
abortCompactionOutsideWindow: ahh | |
# End is a wallclock time, in the form HH:MM, when a compaction should | |
# stop. | |
end: ahh | |
# Start is a wallclock time, in the form HH:MM, when a compaction is | |
# permitted to start. | |
start: ahh | |
# TombstonePurgeInterval controls how long to wait before purging | |
# tombstones. This field must be in the range 1h-1440h, defaulting to 72h. | |
# More info: https://golang.org/pkg/time/#ParseDuration | |
tombstonePurgeInterval: 72h | |
# ViewFragmentationThreshold defines triggers for when view compaction | |
# should start. | |
viewFragmentationThreshold: | |
# Percent is the percentage of disk fragmentation after which to | |
# decompaction will be triggered. This field must be in the range 2-100, | |
# defaulting to 30. | |
percent: 30 | |
# Size is the amount of disk framentation, that once exceeded, will | |
# trigger decompaction. More info: | |
# https://kubernetes.io/docs/concepts/configuration/manage-resources- | |
# containers/#resource-units-in-kubernetes | |
size: ahh | |
# AutoFailoverMaxCount is the maximum number of automatic failovers Couchbase | |
# server will allow before not allowing any more. This field must be between | |
# 1-3, default 3. | |
autoFailoverMaxCount: 3 | |
# AutoFailoverOnDataDiskIssues defines whether Couchbase server should | |
# failover a pod if a disk issue was detected. | |
autoFailoverOnDataDiskIssues: ahh | |
# AutoFailoverOnDataDiskIssuesTimePeriod defines how long to wait for | |
# transient errors before failing over a faulty disk. This field must be in | |
# the range 5-3600s, defaulting to 120s. More info: | |
# https://golang.org/pkg/time/#ParseDuration | |
autoFailoverOnDataDiskIssuesTimePeriod: 120s | |
# AutoFailoverServerGroup whether to enable failing over a server group. | |
autoFailoverServerGroup: ahh | |
# AutoFailoverTimeout defines how long Couchbase server will wait between a | |
# pod being witnessed as down, until when it will failover the pod. Couchbase | |
# server will only failover pods if it deems it safe to do so, and not result | |
# in data loss. This field must be in the range 5-3600s, defaulting to 120s. | |
# More info: https://golang.org/pkg/time/#ParseDuration | |
autoFailoverTimeout: 120s | |
# ClusterName defines the name of the cluster, as displayed in the Couchbase | |
# UI. By default, the cluster name is that specified in the CouchbaseCluster | |
# resource's metadata. | |
clusterName: ahh | |
# Data allows the data service to be configured. | |
data: | |
# ReaderThreads allows the number of threads used by the data service, per | |
# pod, to be altered. This value must be between 4 and 64 threads, and | |
# should only be increased where there are sufficient CPU resources | |
# allocated for their use. If not specified, this defaults to the default | |
# value set by Couchbase Server. | |
readerThreads: ahh | |
# ReaderThreads allows the number of threads used by the data service, per | |
# pod, to be altered. This setting is especially relevant when using | |
# "durable writes", increaing this field will have a large impact on | |
# performance. This value must be between 4 and 64 threads, and should only | |
# be increased where there are sufficient CPU resources allocated for their | |
# use. If not specified, this defaults to the default value set by Couchbase | |
# Server. | |
writerThreads: ahh | |
# DataServiceMemQuota is the amount of memory that should be allocated to the | |
# data service. This value is per-pod, and only applicable to pods belonging | |
# to server classes running the data service. This field must be a quantity | |
# greater than or equal to 256Mi. This field defaults to 256Mi. More info: | |
# https://kubernetes.io/docs/concepts/configuration/manage-resources- | |
# containers/#resource-units-in-kubernetes | |
dataServiceMemoryQuota: 256Mi | |
# EventingServiceMemQuota is the amount of memory that should be allocated to | |
# the eventing service. This value is per-pod, and only applicable to pods | |
# belonging to server classes running the eventing service. This field must | |
# be a quantity greater than or equal to 256Mi. This field defaults to 256Mi. | |
# More info: https://kubernetes.io/docs/concepts/configuration/manage- | |
# resources-containers/#resource-units-in-kubernetes | |
eventingServiceMemoryQuota: 256Mi | |
# IndexServiceMemQuota is the amount of memory that should be allocated to the | |
# index service. This value is per-pod, and only applicable to pods belonging | |
# to server classes running the index service. This field must be a quantity | |
# greater than or equal to 256Mi. This field defaults to 256Mi. More info: | |
# https://kubernetes.io/docs/concepts/configuration/manage-resources- | |
# containers/#resource-units-in-kubernetes | |
indexServiceMemoryQuota: 256Mi | |
# DEPRECATED - by indexer. The index storage mode to use for secondary | |
# indexing. This field must be one of "memory_optimized" or "plasma", | |
# defaulting to "memory_optimized". This field is immutable and cannot be | |
# changed unless there are no server classes running the index service in the | |
# cluster. | |
indexStorageSetting: memory_optimized | |
# Indexer allows the indexer to be configured. | |
indexer: | |
# LogLevel controls the verbosity of indexer logs. This field must be one | |
# of "silent", "fatal", "error", "warn", "info", "verbose", "timing", | |
# "debug" or "trace", defaulting to "info". | |
logLevel: info | |
# MaxRollbackPoints controls the number of checkpoints that can be rolled | |
# back to. The default is 2, with a minimum of 1. | |
maxRollbackPoints: 2 | |
# MemorySnapshotInterval controls when memory indexes should be snapshotted. | |
# This defaults to 200ms, and must be greater than or equal to 1ms. | |
memorySnapshotInterval: 200ms | |
# StableSnapshotInterval controls when disk indexes should be snapshotted. | |
# This defaults to 5s, and must be greater than or equal to 1ms. | |
stableSnapshotInterval: 5s | |
# StorageMode controls the underlying storage engine for indexes. Once set | |
# it can only be modified if there are no nodes in the cluster running the | |
# index service. The field must be one of "memory_optimized" or "plasma", | |
# defaulting to "memory_optimized". | |
storageMode: memory_optimized | |
# Threads controls the number of processor threads to use for indexing. A | |
# value of 0 means 1 per CPU. This attribute must be greater than or equal | |
# to 0, defaulting to 0. | |
threads: ahh | |
# Query allows the query service to be configured. | |
query: | |
# BackfillEnabled allows the query service to backfill. | |
backfillEnabled: true | |
# TemporarySpace allows the temporary storage used by the query service | |
# backfill, per-pod, to be modified. This field requires `backfillEnabled` | |
# to be set to true in order to have any effect. | |
temporarySpace: 5Gi | |
# TemporarySpaceUnlimited allows the temporary storage used by the query | |
# service backfill, per-pod, to be unconstrainend. This field requires | |
# `backfillEnabled` to be set to true in order to have any effect. This | |
# field overrides `temporarySpace`. | |
temporarySpaceUnlimited: ahh | |
# QueryServiceMemQuota is a dummy field. By default, Couchbase server | |
# provides no memory resource constrints for the query service, so this has no | |
# effect on Couchbase server. It is, however, used when the | |
# spec.autoResourceAllocation feature is enabled, and is used to define the | |
# amount of memory reserved by the query service for use with Kubernetes | |
# resource scheduling. | |
queryServiceMemoryQuota: ahh | |
# SearchServiceMemQuota is the amount of memory that should be allocated to | |
# the search service. This value is per-pod, and only applicable to pods | |
# belonging to server classes running the search service. This field must be | |
# a quantity greater than or equal to 256Mi. This field defaults to 256Mi. | |
# More info: https://kubernetes.io/docs/concepts/configuration/manage- | |
# resources-containers/#resource-units-in-kubernetes | |
searchServiceMemoryQuota: 256Mi | |
# EnableOnlineVolumeExpansion enables online expansion of Persistent Volumes. | |
# You can only expand a PVC if its storage class's "allowVolumeExpansion" field | |
# is set to true. Additionally, Kubernetes feature | |
# "ExpandInUsePersistentVolumes" must be enabled in order to expand the volumes | |
# which are actively bound to Pods. Volumes can only be expanded and not reduced | |
# to a smaller size. See: | |
# https://kubernetes.io/docs/concepts/storage/persistent-volumes/#resizing-an- | |
# in-use-persistentvolumeclaim If "EnableOnlineVolumeExpansion" is enabled for | |
# use within an evironment that does not actually support online volume and file | |
# system expansion then the cluster will fallback to rolling upgrade procedure | |
# to create a new set of Pods for use with resized Volumes. More info: | |
# https://kubernetes.io/docs/concepts/storage/persistent-volumes/#expanding- | |
# persistent-volumes-claims | |
enableOnlineVolumeExpansion: ahh | |
# EnablePreviewScaling enables autoscaling for stateful services and buckets. | |
# DEPRECATED - This option only exists for backwards compatibility and no longer | |
# restricts autoscaling to ephemeral services. To be removed in future releases. | |
enablePreviewScaling: ahh | |
# Hibernate is whether to hibernate the cluster. | |
hibernate: ahh | |
# HibernationStrategy defines how to hibernate the cluster. When Immediate the | |
# Operator will immediately delete all pods and take no further action until the | |
# hibernate field is set to false. | |
hibernationStrategy: ahh | |
# Image is the container image name that will be used to launch Couchbase server | |
# instances. Updating this field will cause an automatic upgrade of the | |
# cluster. | |
image: ahh | |
# Logging defines Operator logging options. | |
logging: | |
# Used to manage the audit configuration directly | |
audit: | |
# The list of event ids to disable for auditing purposes. This is passed to | |
# the REST API with no verification by the operator. Refer to the | |
# documentation for details: | |
# https://docs.couchbase.com/server/current/audit-event-reference/audit- | |
# event-reference.html | |
disabledEvents: ahh | |
# The list of users to ignore for auditing purposes. This is passed to the | |
# REST API with minimal validation it meets an acceptable regex pattern. | |
# Refer to the documentation for full details on how to configure this: | |
# https://docs.couchbase.com/server/current/manage/manage-security/manage- | |
# auditing.html#ignoring-events-by-user | |
disabledUsers: ahh | |
# Enabled is a boolean that enables the audit capabilities. | |
enabled: ahh | |
# Handle all optional garbage collection (GC) configuration for the audit | |
# functionality. This is not part of the audit REST API, it is intended to | |
# handle GC automatically for the audit logs. By default the Couchbase | |
# Server rotates the audit logs but does not clean up the rotated logs. This | |
# is left as an operation for the cluster administrator to manage, the | |
# operator allows for us to automate this: | |
# https://docs.couchbase.com/server/current/manage/manage-security/manage- | |
# auditing.html | |
garbageCollection: | |
# Provide the sidecar configuration required (if so desired) to | |
# automatically clean up audit logs. | |
sidecar: | |
# The minimum age of rotated log files to remove, defaults to one hour. | |
age: 1h | |
# Enable this sidecar by setting to true, defaults to being disabled. | |
enabled: ahh | |
# Image is the image to be used to run the audit sidecar helper. No | |
# validation is carried out as this can be any arbitrary repo and tag. | |
image: busybox:1.32.1 | |
# The interval at which to check for rotated log files to remove, | |
# defaults to 20 minutes. | |
interval: 20m | |
# Resources is the resource requirements for the cleanup container. Will | |
# be populated by Kubernetes defaults if not specified. | |
resources: | |
# Limits describes the maximum amount of compute resources allowed. | |
# More info: https://kubernetes.io/docs/concepts/configuration/manage- | |
# compute-resources-container/ | |
limits: ahh | |
# Requests describes the minimum amount of compute resources required. | |
# If Requests is omitted for a container, it defaults to Limits if | |
# that is explicitly specified, otherwise to an implementation-defined | |
# value. More info: | |
# https://kubernetes.io/docs/concepts/configuration/manage-compute- | |
# resources-container/ | |
requests: ahh | |
# The interval to optionally rotate the audit log. This is passed to the | |
# REST API, see here for details: | |
# https://docs.couchbase.com/server/current/manage/manage-security/manage- | |
# auditing.html | |
rotation: | |
# The interval at which to rotate log files, defaults to 15 minutes. | |
interval: 15m | |
# Size allows the specification of a rotation size for the log, defaults | |
# to 20Mi. | |
size: 20Mi | |
# LogRetentionCount gives the number of persistent log PVCs to keep. | |
logRetentionCount: ahh | |
# LogRetentionTime gives the time to keep persistent log PVCs alive for. | |
logRetentionTime: ahh | |
# Specification of all logging configuration required to manage the sidecar | |
# containers in each pod. | |
server: | |
# ConfigurationName is the name of the Secret to use holding the logging | |
# configuration in the namespace. A Secret is used to ensure we can safely | |
# store credentials but this can be populated from plaintext if acceptable | |
# too. If it does not exist then one will be created with defaults in the | |
# namespace so it can be easily updated whilst running. | |
configurationName: fluent-bit-config | |
# Enabled is a boolean that enables the logging sidecar container. | |
enabled: ahh | |
# A boolean which indicates whether the operator should manage the | |
# configuration or not. If omitted then this defaults to true which means | |
# the operator will attempt to reconcile it to default values. To use a | |
# custom configuration make sure to set this to false. | |
manageConfiguration: true | |
# Any specific logging sidecar container configuration. | |
sidecar: | |
# ConfigurationMountPath is the location to mount the ConfigurationName | |
# Secret into the image. If another log shipping image is used that needs | |
# a different mount then modify this. | |
configurationMountPath: /fluent-bit/config/ | |
# Image is the image to be used to deal with logging as a sidecar. No | |
# validation is carried out as this can be any arbitrary repo and tag. It | |
# will default to the latest supported version of Fluent Bit. | |
image: couchbase/fluent-bit:1.0.0 | |
# Resources is the resource requirements for the sidecar container. Will | |
# be populated by Kubernetes defaults if not specified. | |
resources: | |
# Limits describes the maximum amount of compute resources allowed. More | |
# info: https://kubernetes.io/docs/concepts/configuration/manage- | |
# compute-resources-container/ | |
limits: ahh | |
# Requests describes the minimum amount of compute resources required. | |
# If Requests is omitted for a container, it defaults to Limits if that | |
# is explicitly specified, otherwise to an implementation-defined value. | |
# More info: https://kubernetes.io/docs/concepts/configuration/manage- | |
# compute-resources-container/ | |
requests: ahh | |
# Monitoring defines any Operator managed integration into 3rd party monitoring | |
# infrastructure. | |
monitoring: | |
# Prometheus provides integration with Prometheus monitoring. | |
prometheus: | |
# AuthorizationSecret is the name of a Kubernetes secret that contains a | |
# bearer token to authorize GET requests to the metrics endpoint | |
authorizationSecret: ahh | |
# Enabled is a boolean that enables/disables the metrics sidecar container. | |
enabled: ahh | |
# Image is the metrics image to be used to collect metrics. No validation is | |
# carried out as this can be any arbitrary repo and tag. | |
image: ahh | |
# Resources is the resource requirements for the metrics container. Will be | |
# populated by Kubernetes defaults if not specified. | |
resources: | |
# Limits describes the maximum amount of compute resources allowed. More | |
# info: https://kubernetes.io/docs/concepts/configuration/manage-compute- | |
# resources-container/ | |
limits: ahh | |
# Requests describes the minimum amount of compute resources required. If | |
# Requests is omitted for a container, it defaults to Limits if that is | |
# explicitly specified, otherwise to an implementation-defined value. More | |
# info: https://kubernetes.io/docs/concepts/configuration/manage-compute- | |
# resources-container/ | |
requests: ahh | |
# Networking defines Couchbase cluster networking options such as network | |
# topology, TLS and DDNS settings. | |
networking: | |
# DEVELOPER PREVIEW - this feature is not for production use. AddressFamily | |
# allows the manual selection of the address family to use. Couchbase server | |
# will default to "IPv4" regardless of underlying network configuration, so | |
# this must be manually set to enable use on an "IPv6" only network. This | |
# field is immutable and cannot be changed once set. | |
addressFamily: ahh | |
# AdminConsoleServiceTemplate provides a template used by the Operator to | |
# create and manage the admin console service. This allows services to be | |
# annotated, the service type defined and any other options that Kubernetes | |
# provides. When using a LoadBalancer service type, TLS and dynamic DNS must | |
# also be enabled. The Operator reserves the right to modify or replace any | |
# field. More info: | |
# https://kubernetes.io/docs/reference/generated/kubernetes- | |
# api/v1.19/#service-v1-core | |
adminConsoleServiceTemplate: | |
# Standard objects metadata. This is a curated version for use with | |
# Couchbase resource templates. | |
metadata: | |
# Annotations is an unstructured key value map stored with a resource that | |
# may be set by external tools to store and retrieve arbitrary metadata. | |
# They are not queryable and should be preserved when modifying objects. | |
# More info: http://kubernetes.io/docs/user-guide/annotations | |
annotations: ahh | |
# Map of string keys and values that can be used to organize and | |
# categorize (scope and select) objects. May match selectors of | |
# replication controllers and services. More info: | |
# http://kubernetes.io/docs/user-guide/labels | |
labels: ahh | |
# ServiceSpec describes the attributes that a user creates on a service. | |
spec: | |
# clusterIP is the IP address of the service and is usually assigned | |
# randomly by the master. If an address is specified manually and is not | |
# in use by others, it will be allocated to the service; otherwise, | |
# creation of the service will fail. This field can not be changed through | |
# updates. Valid values are "None", empty string (""), or a valid IP | |
# address. "None" can be specified for headless services when proxying is | |
# not required. Only applies to types ClusterIP, NodePort, and | |
# LoadBalancer. Ignored if type is ExternalName. More info: | |
# https://kubernetes.io/docs/concepts/services- | |
# networking/service/#virtual-ips-and-service-proxies | |
clusterIP: ahh | |
# externalIPs is a list of IP addresses for which nodes in the cluster | |
# will also accept traffic for this service. These IPs are not managed by | |
# Kubernetes. The user is responsible for ensuring that traffic arrives | |
# at a node with this IP. A common example is external load-balancers | |
# that are not part of the Kubernetes system. | |
externalIPs: ahh | |
# externalName is the external reference that kubedns or equivalent will | |
# return as a CNAME record for this service. No proxying will be involved. | |
# Must be a valid RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) | |
# and requires Type to be ExternalName. | |
externalName: ahh | |
# externalTrafficPolicy denotes if this Service desires to route external | |
# traffic to node-local or cluster-wide endpoints. "Local" preserves the | |
# client source IP and avoids a second hop for LoadBalancer and Nodeport | |
# type services, but risks potentially imbalanced traffic spreading. | |
# "Cluster" obscures the client source IP and may cause a second hop to | |
# another node, but should have good overall load-spreading. | |
externalTrafficPolicy: ahh | |
# healthCheckNodePort specifies the healthcheck nodePort for the service. | |
# If not specified, HealthCheckNodePort is created by the service api | |
# backend with the allocated nodePort. Will use user-specified nodePort | |
# value if specified by the client. Only effects when Type is set to | |
# LoadBalancer and ExternalTrafficPolicy is set to Local. | |
healthCheckNodePort: ahh | |
# ipFamily specifies whether this Service has a preference for a | |
# particular IP family (e.g. IPv4 vs. IPv6) when the IPv6DualStack feature | |
# gate is enabled. In a dual-stack cluster, you can specify ipFamily when | |
# creating a ClusterIP Service to determine whether the controller will | |
# allocate an IPv4 or IPv6 IP for it, and you can specify ipFamily when | |
# creating a headless Service to determine whether it will have IPv4 or | |
# IPv6 Endpoints. In either case, if you do not specify an ipFamily | |
# explicitly, it will default to the cluster's primary IP family. This | |
# field is part of an alpha feature, and you should not make any | |
# assumptions about its semantics other than those described above. In | |
# particular, you should not assume that it can (or cannot) be changed | |
# after creation time; that it can only have the values "IPv4" and "IPv6"; | |
# or that its current value on a given Service correctly reflects the | |
# current state of that Service. (For ClusterIP Services, look at | |
# clusterIP to see if the Service is IPv4 or IPv6. For headless Services, | |
# look at the endpoints, which may be dual-stack in the future. For | |
# ExternalName Services, ipFamily has no meaning, but it may be set to an | |
# irrelevant value anyway.) | |
ipFamily: ahh | |
# Only applies to Service Type: LoadBalancer LoadBalancer will get created | |
# with the IP specified in this field. This feature depends on whether the | |
# underlying cloud-provider supports specifying the loadBalancerIP when a | |
# load balancer is created. This field will be ignored if the cloud- | |
# provider does not support the feature. | |
loadBalancerIP: ahh | |
# If specified and supported by the platform, this will restrict traffic | |
# through the cloud-provider load-balancer will be restricted to the | |
# specified client IPs. This field will be ignored if the cloud-provider | |
# does not support the feature." More info: | |
# https://kubernetes.io/docs/tasks/access-application-cluster/configure- | |
# cloud-provider-firewall/ | |
loadBalancerSourceRanges: ahh | |
# publishNotReadyAddresses indicates that any agent which deals with | |
# endpoints for this Service should disregard any indications of | |
# ready/not-ready. The primary use case for setting this field is for a | |
# StatefulSet's Headless Service to propagate SRV DNS records for its Pods | |
# for the purpose of peer discovery. The Kubernetes controllers that | |
# generate Endpoints and EndpointSlice resources for Services interpret | |
# this to mean that all endpoints are considered "ready" even if the Pods | |
# themselves are not. Agents which consume only Kubernetes generated | |
# endpoints through the Endpoints or EndpointSlice resources can safely | |
# assume this behavior. | |
publishNotReadyAddresses: ahh | |
# Route service traffic to pods with label keys and values matching this | |
# selector. If empty or not present, the service is assumed to have an | |
# external process managing its endpoints, which Kubernetes will not | |
# modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. | |
# Ignored if type is ExternalName. More info: | |
# https://kubernetes.io/docs/concepts/services-networking/service/ | |
selector: ahh | |
# Supports "ClientIP" and "None". Used to maintain session affinity. | |
# Enable client IP based session affinity. Must be ClientIP or None. | |
# Defaults to None. More info: | |
# https://kubernetes.io/docs/concepts/services- | |
# networking/service/#virtual-ips-and-service-proxies | |
sessionAffinity: ahh | |
# sessionAffinityConfig contains the configurations of session affinity. | |
sessionAffinityConfig: | |
# clientIP contains the configurations of Client IP based session | |
# affinity. | |
clientIP: | |
# timeoutSeconds specifies the seconds of ClientIP type session sticky | |
# time. The value must be >0 && <=86400(for 1 day) if ServiceAffinity | |
# == "ClientIP". Default value is 10800(for 3 hours). | |
timeoutSeconds: ahh | |
# topologyKeys is a preference-order list of topology keys which | |
# implementations of services should use to preferentially sort endpoints | |
# when accessing this Service, it can not be used at the same time as | |
# externalTrafficPolicy=Local. Topology keys must be valid label keys and | |
# at most 16 keys may be specified. Endpoints are chosen based on the | |
# first topology key with available backends. If this field is specified | |
# and all entries have no backends that match the topology of the client, | |
# the service has no backends for that client and connections should fail. | |
# The special value "*" may be used to mean "any topology". This catch-all | |
# value, if used, only makes sense as the last value in the list. If this | |
# is not specified or empty, no topology constraints will be applied. | |
topologyKeys: ahh | |
# type determines how the Service is exposed. Defaults to ClusterIP. Valid | |
# options are ExternalName, ClusterIP, NodePort, and LoadBalancer. | |
# "ExternalName" maps to the specified externalName. "ClusterIP" allocates | |
# a cluster-internal IP address for load-balancing to endpoints. Endpoints | |
# are determined by the selector or if that is not specified, by manual | |
# construction of an Endpoints object. If clusterIP is "None", no virtual | |
# IP is allocated and the endpoints are published as a set of endpoints | |
# rather than a stable IP. "NodePort" builds on ClusterIP and allocates a | |
# port on every node which routes to the clusterIP. "LoadBalancer" builds | |
# on NodePort and creates an external load-balancer (if supported in the | |
# current cloud) which routes to the clusterIP. More info: | |
# https://kubernetes.io/docs/concepts/services- | |
# networking/service/#publishing-services-service-types | |
type: ahh | |
# DEPRECATED - by adminConsoleServiceTemplate. AdminConsoleServiceType defines | |
# whether to create a node port or load balancer service. When using a | |
# LoadBalancer service type, TLS and dynamic DNS must also be enabled. This | |
# field must be one of "NodePort" or "LoadBalancer", defaulting to "NodePort". | |
adminConsoleServiceType: NodePort | |
# DEPRECATED - not required by Couchbase Server 6.5.0 onward. | |
# AdminConsoleServices is a selector to choose specific services to expose via | |
# the admin console. This field may contain any of "data", "index", "query", | |
# "search", "eventing" and "analytics". Each service may only be included | |
# once. | |
adminConsoleServices: ahh | |
# DisableUIOverHTTP is used to explicitly enable and disable UI access over | |
# the HTTP protocol. If not specified, this field defaults to false. | |
disableUIOverHTTP: ahh | |
# DisableUIOverHTTPS is used to explicitly enable and disable UI access over | |
# the HTTPS protocol. If not specified, this field defaults to false. | |
disableUIOverHTTPS: ahh | |
# DNS defines information required for Dynamic DNS support. | |
dns: | |
# Domain is the domain to create pods in. When populated the Operator will | |
# annotate the admin console and per-pod services with the key "external- | |
# dns.alpha.kubernetes.io/hostname". These annotations can be used directly | |
# by a Kubernetes External-DNS controller to replicate load balancer service | |
# IP addresses into a public DNS server. | |
domain: ahh | |
# ExposeAdminConsole creates a service referencing the admin console. The | |
# service is configured by the adminConsoleServiceTemplate field. | |
exposeAdminConsole: ahh | |
# ExposedFeatureServiceTemplate provides a template used by the Operator to | |
# create and manage per-pod services. This allows services to be annotated, | |
# the service type defined and any other options that Kubernetes provides. | |
# When using a LoadBalancer service type, TLS and dynamic DNS must also be | |
# enabled. The Operator reserves the right to modify or replace any field. | |
# More info: https://kubernetes.io/docs/reference/generated/kubernetes- | |
# api/v1.19/#service-v1-core | |
exposedFeatureServiceTemplate: | |
# Standard objects metadata. This is a curated version for use with | |
# Couchbase resource templates. | |
metadata: | |
# Annotations is an unstructured key value map stored with a resource that | |
# may be set by external tools to store and retrieve arbitrary metadata. | |
# They are not queryable and should be preserved when modifying objects. | |
# More info: http://kubernetes.io/docs/user-guide/annotations | |
annotations: ahh | |
# Map of string keys and values that can be used to organize and | |
# categorize (scope and select) objects. May match selectors of | |
# replication controllers and services. More info: | |
# http://kubernetes.io/docs/user-guide/labels | |
labels: ahh | |
# ServiceSpec describes the attributes that a user creates on a service. | |
spec: | |
# clusterIP is the IP address of the service and is usually assigned | |
# randomly by the master. If an address is specified manually and is not | |
# in use by others, it will be allocated to the service; otherwise, | |
# creation of the service will fail. This field can not be changed through | |
# updates. Valid values are "None", empty string (""), or a valid IP | |
# address. "None" can be specified for headless services when proxying is | |
# not required. Only applies to types ClusterIP, NodePort, and | |
# LoadBalancer. Ignored if type is ExternalName. More info: | |
# https://kubernetes.io/docs/concepts/services- | |
# networking/service/#virtual-ips-and-service-proxies | |
clusterIP: ahh | |
# externalIPs is a list of IP addresses for which nodes in the cluster | |
# will also accept traffic for this service. These IPs are not managed by | |
# Kubernetes. The user is responsible for ensuring that traffic arrives | |
# at a node with this IP. A common example is external load-balancers | |
# that are not part of the Kubernetes system. | |
externalIPs: ahh | |
# externalName is the external reference that kubedns or equivalent will | |
# return as a CNAME record for this service. No proxying will be involved. | |
# Must be a valid RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) | |
# and requires Type to be ExternalName. | |
externalName: ahh | |
# externalTrafficPolicy denotes if this Service desires to route external | |
# traffic to node-local or cluster-wide endpoints. "Local" preserves the | |
# client source IP and avoids a second hop for LoadBalancer and Nodeport | |
# type services, but risks potentially imbalanced traffic spreading. | |
# "Cluster" obscures the client source IP and may cause a second hop to | |
# another node, but should have good overall load-spreading. | |
externalTrafficPolicy: ahh | |
# healthCheckNodePort specifies the healthcheck nodePort for the service. | |
# If not specified, HealthCheckNodePort is created by the service api | |
# backend with the allocated nodePort. Will use user-specified nodePort | |
# value if specified by the client. Only effects when Type is set to | |
# LoadBalancer and ExternalTrafficPolicy is set to Local. | |
healthCheckNodePort: ahh | |
# ipFamily specifies whether this Service has a preference for a | |
# particular IP family (e.g. IPv4 vs. IPv6) when the IPv6DualStack feature | |
# gate is enabled. In a dual-stack cluster, you can specify ipFamily when | |
# creating a ClusterIP Service to determine whether the controller will | |
# allocate an IPv4 or IPv6 IP for it, and you can specify ipFamily when | |
# creating a headless Service to determine whether it will have IPv4 or | |
# IPv6 Endpoints. In either case, if you do not specify an ipFamily | |
# explicitly, it will default to the cluster's primary IP family. This | |
# field is part of an alpha feature, and you should not make any | |
# assumptions about its semantics other than those described above. In | |
# particular, you should not assume that it can (or cannot) be changed | |
# after creation time; that it can only have the values "IPv4" and "IPv6"; | |
# or that its current value on a given Service correctly reflects the | |
# current state of that Service. (For ClusterIP Services, look at | |
# clusterIP to see if the Service is IPv4 or IPv6. For headless Services, | |
# look at the endpoints, which may be dual-stack in the future. For | |
# ExternalName Services, ipFamily has no meaning, but it may be set to an | |
# irrelevant value anyway.) | |
ipFamily: ahh | |
# Only applies to Service Type: LoadBalancer LoadBalancer will get created | |
# with the IP specified in this field. This feature depends on whether the | |
# underlying cloud-provider supports specifying the loadBalancerIP when a | |
# load balancer is created. This field will be ignored if the cloud- | |
# provider does not support the feature. | |
loadBalancerIP: ahh | |
# If specified and supported by the platform, this will restrict traffic | |
# through the cloud-provider load-balancer will be restricted to the | |
# specified client IPs. This field will be ignored if the cloud-provider | |
# does not support the feature." More info: | |
# https://kubernetes.io/docs/tasks/access-application-cluster/configure- | |
# cloud-provider-firewall/ | |
loadBalancerSourceRanges: ahh | |
# publishNotReadyAddresses indicates that any agent which deals with | |
# endpoints for this Service should disregard any indications of | |
# ready/not-ready. The primary use case for setting this field is for a | |
# StatefulSet's Headless Service to propagate SRV DNS records for its Pods | |
# for the purpose of peer discovery. The Kubernetes controllers that | |
# generate Endpoints and EndpointSlice resources for Services interpret | |
# this to mean that all endpoints are considered "ready" even if the Pods | |
# themselves are not. Agents which consume only Kubernetes generated | |
# endpoints through the Endpoints or EndpointSlice resources can safely | |
# assume this behavior. | |
publishNotReadyAddresses: ahh | |
# Route service traffic to pods with label keys and values matching this | |
# selector. If empty or not present, the service is assumed to have an | |
# external process managing its endpoints, which Kubernetes will not | |
# modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. | |
# Ignored if type is ExternalName. More info: | |
# https://kubernetes.io/docs/concepts/services-networking/service/ | |
selector: ahh | |
# Supports "ClientIP" and "None". Used to maintain session affinity. | |
# Enable client IP based session affinity. Must be ClientIP or None. | |
# Defaults to None. More info: | |
# https://kubernetes.io/docs/concepts/services- | |
# networking/service/#virtual-ips-and-service-proxies | |
sessionAffinity: ahh | |
# sessionAffinityConfig contains the configurations of session affinity. | |
sessionAffinityConfig: | |
# clientIP contains the configurations of Client IP based session | |
# affinity. | |
clientIP: | |
# timeoutSeconds specifies the seconds of ClientIP type session sticky | |
# time. The value must be >0 && <=86400(for 1 day) if ServiceAffinity | |
# == "ClientIP". Default value is 10800(for 3 hours). | |
timeoutSeconds: ahh | |
# topologyKeys is a preference-order list of topology keys which | |
# implementations of services should use to preferentially sort endpoints | |
# when accessing this Service, it can not be used at the same time as | |
# externalTrafficPolicy=Local. Topology keys must be valid label keys and | |
# at most 16 keys may be specified. Endpoints are chosen based on the | |
# first topology key with available backends. If this field is specified | |
# and all entries have no backends that match the topology of the client, | |
# the service has no backends for that client and connections should fail. | |
# The special value "*" may be used to mean "any topology". This catch-all | |
# value, if used, only makes sense as the last value in the list. If this | |
# is not specified or empty, no topology constraints will be applied. | |
topologyKeys: ahh | |
# type determines how the Service is exposed. Defaults to ClusterIP. Valid | |
# options are ExternalName, ClusterIP, NodePort, and LoadBalancer. | |
# "ExternalName" maps to the specified externalName. "ClusterIP" allocates | |
# a cluster-internal IP address for load-balancing to endpoints. Endpoints | |
# are determined by the selector or if that is not specified, by manual | |
# construction of an Endpoints object. If clusterIP is "None", no virtual | |
# IP is allocated and the endpoints are published as a set of endpoints | |
# rather than a stable IP. "NodePort" builds on ClusterIP and allocates a | |
# port on every node which routes to the clusterIP. "LoadBalancer" builds | |
# on NodePort and creates an external load-balancer (if supported in the | |
# current cloud) which routes to the clusterIP. More info: | |
# https://kubernetes.io/docs/concepts/services- | |
# networking/service/#publishing-services-service-types | |
type: ahh | |
# DEPRECATED - by exposedFeatureServiceTemplate. ExposedFeatureServiceType | |
# defines whether to create a node port or load balancer service. When using a | |
# LoadBalancer service type, TLS and dynamic DNS must also be enabled. This | |
# field must be one of "NodePort" or "LoadBalancer", defaulting to "NodePort". | |
exposedFeatureServiceType: NodePort | |
# DEPRECATED - by exposedFeatureServiceTemplate. ExposedFeatureTrafficPolicy | |
# defines how packets should be routed from a load balancer service to a | |
# Couchbase pod. When local, traffic is routed directly to the pod. When | |
# cluster, traffic is routed to any node, then forwarded on. While cluster | |
# routing may be slower, there are some situations where it is required for | |
# connectivity. This field must be either "Cluster" or "Local", defaulting to | |
# "Local", | |
exposedFeatureTrafficPolicy: ahh | |
# ExposedFeatures is a list of Couchbase features to expose when using a | |
# networking model that exposes the Couchbase cluster externally to | |
# Kubernetes. This field also triggers the creation of per-pod services used | |
# by clients to connect to the Couchbase cluster. When admin, only the | |
# administrator port is exposed, allowing remote administration. When xdcr, | |
# only the services required for remote replication are exposed. The xdcr | |
# feature is only required when the cluster is the destrination of an XDCR | |
# replication. When client, all services are exposed as required for client | |
# SDK operation. This field may contain any of "admin", "xdcr" and "client". | |
# Each feature may only be included once. | |
exposedFeatures: ahh | |
# DEPRECATED - by adminConsoleServiceTemplate and | |
# exposedFeatureServiceTemplate. LoadBalancerSourceRanges applies only when an | |
# exposed service is of type LoadBalancer and limits the source IP ranges that | |
# are allowed to use the service. Items must use IPv4 class-less interdomain | |
# routing (CIDR) notation e.g. 10.0.0.0/16. | |
loadBalancerSourceRanges: ahh | |
# NetworkPlatform is used to enable support for various networking | |
# technologies. This field must be one of "Istio". | |
networkPlatform: ahh | |
# DEPRECATED - by adminConsoleServiceTemplate and | |
# exposedFeatureServiceTemplate. ServiceAnnotations allows services to be | |
# annotated with custom labels. Operator annotations are merged on top of | |
# these so have precedence as they are required for correct operation. | |
serviceAnnotations: ahh | |
# TLS defines the TLS configuration for the cluster including server and | |
# client certificate configuration, and TLS security policies. | |
tls: | |
# CipherSuites specifies a list of cipher suites for Couchbase server to | |
# select from when negotiating TLS handshakes with a client. Suites are not | |
# validated by the Operator. Run "openssl ciphers -v" in a Couchbase server | |
# pod to interrogate supported values. | |
cipherSuites: ahh | |
# ClientCertificatePaths defines where to look in client certificates in | |
# order to extract the user name. | |
clientCertificatePaths: ahh | |
# ClientCertificatePolicy defines the client authentication policy to use. | |
# If set, the Operator expects TLS configuration to contain a valid | |
# certificate/key pair for the Administrator account. | |
clientCertificatePolicy: ahh | |
# NodeToNodeEncryption specifies whether to encrypt data between Couchbase | |
# nodes within the same cluster. This may come at the expense of | |
# performance. When control plane only encryption is used, only cluster | |
# management traffic is encrypted between nodes. When all, all traffic is | |
# encrypted, including database documents. This field must be either | |
# "ControlPlaneOnly" or "All". | |
nodeToNodeEncryption: ahh | |
# SecretSource enables the user to specify a secret conforming to the | |
# Kubernetes TLS secret specification. | |
secretSource: | |
# ClientSecretName specifies the secret name, in the same namespace as the | |
# cluster, the contains client TLS data. The secret is expected to | |
# contain "tls.crt" and "tls.key" as per the Kubernetes.io/tls secret | |
# type. | |
clientSecretName: ahh | |
# ServerSecretName specfies the secret name, in the same namespace as the | |
# cluster, that contains server TLS data. The secret is expected to | |
# contain "tls.crt" and "tls.key" as per the kubernetes.io/tls secret | |
# type. It also additionally must contain "ca.crt". | |
serverSecretName: ahh | |
# Static enables user to generate static x509 certificates and keys, put | |
# them into Kubernetes secrets, and specify them here. Static secrets are | |
# very Couchbase specific. | |
static: | |
# OperatorSecret is a secret name containing TLS certs used by operator to | |
# talk securely to this cluster. The secret must contain a CA certificate | |
# (data key ca.crt). If client authentication is enabled, then the secret | |
# must also contain a client certificate chain (data key "couchbase- | |
# operator.crt") and private key (data key "couchbase-operator.key"). | |
operatorSecret: ahh | |
# ServerSecret is a secret name containing TLS certs used by each | |
# Couchbase member pod for the communication between Couchbase server and | |
# its clients. The secret must contain a certificate chain (data key | |
# "couchbase-operator.crt") and a private key (data key "couchbase- | |
# operator.key"). The private key must be in the PKCS#1 RSA format. The | |
# certificate chain must have a required set of X.509v3 subject | |
# alternative names for all cluster addressing modes. See the Operator | |
# TLS documentation for more information. | |
serverSecret: ahh | |
# TLSMinimumVersion specifies the minimum TLS version the Couchbase server | |
# can negotiate with a client. Must be one of TLS1.0, TLS1.1 or TLS1.2, | |
# defaulting to TLS1.2. | |
tlsMinimumVersion: TLS1.2 | |
# Paused is to pause the control of the operator for the Couchbase cluster. This | |
# does not pause the cluster itself, instead stopping the operator from taking | |
# any action. | |
paused: ahh | |
# Platform gives a hint as to what platform we are running on and how to | |
# configure services. This field must be one of "aws", "gke" or "azure". | |
platform: ahh | |
# RecoveryPolicy controls how aggressive the Operator is when recovering cluster | |
# topology. When PrioritizeDataIntegrity, the Operator will delegate failover | |
# exclusively to Couchbase server, relying on it to only allow recovery when | |
# safe to do so. When PrioritizeUptime, the Operator will wait for a period | |
# after the expected auto-failover of the cluster, before forcefully failing- | |
# over the pods. This may cause data loss, and is only expected to be used on | |
# clusters with ephemeral data, where the loss of the pod means that the data is | |
# known to be unrecoverable. This field must be either "PrioritizeDataIntegrity" | |
# or "PrioritizeUptime", defaulting to "PrioritizeDataIntegrity". | |
recoveryPolicy: ahh | |
# When `spec.upgradeStrategy` is set to `RollingUpgrade` it will, by default, | |
# upgrade one pod at a time. If this field is specified then that number can be | |
# increased. | |
rollingUpgrade: | |
# MaxUpgradable allows the number of pods affected by an upgrade at any one | |
# time to be increased. By default a rolling upgrade will upgrade one pod at | |
# a time. This field allows that limit to be removed. This field must be | |
# greater than zero. The smallest of `maxUpgradable` and | |
# `maxUpgradablePercent` takes precedence if both are defined. | |
maxUpgradable: ahh | |
# MaxUpgradablePercent allows the number of pods affected by an upgrade at any | |
# one time to be increased. By default a rolling upgrade will upgrade one pod | |
# at a time. This field allows that limit to be removed. This field must be | |
# an integer percentage, e.g. "10%", in the range 1% to 100%. Percentages are | |
# relative to the total cluster size, and rounded down to the nearest whole | |
# number, with a minimum of 1. For example, a 10 pod cluster, and 25% allowed | |
# to upgrade, would yield 2.5 pods per iteration, rounded down to 2. The | |
# smallest of `maxUpgradable` and `maxUpgradablePercent` takes precedence if | |
# both are defined. | |
maxUpgradablePercent: ahh | |
# Security defines Couchbase cluster security options such as the administrator | |
# account username and password, and user RBAC settings. | |
security: | |
# AdminSecret is the name of a Kubernetes secret to use for administrator | |
# authentication. The admin secret must contain the keys "username" and | |
# "password". The password data must be at least 6 characters in length, and | |
# not contain the any of the characters `()<>,;:\"/[]?={}`. | |
adminSecret: ahh | |
# LDAP Settings | |
ldap: | |
# Enables using LDAP to authenticate users. | |
authenticationEnabled: true | |
# Enables use of LDAP groups for authorization. | |
authorizationEnabled: ahh | |
# DN to use for searching users and groups synchronization. | |
bindDN: ahh | |
# BindSecret is the name of a Kubernetes secret to use containing password | |
# for LDAP user binding | |
bindSecret: ahh | |
# Certificate in PEM format to be used in LDAP server certificate validation | |
cacert: ahh | |
# Lifetime of values in cache in milliseconds. Default 300000 ms. | |
cacheValueLifetime: ahh | |
# Encryption method to communicate with LDAP servers. Can be | |
# StartTLSExtension, TLS, or false. | |
encryption: ahh | |
# LDAP query, to get the users' groups by username in RFC4516 format. | |
groupsQuery: ahh | |
# List of LDAP hosts. | |
hosts: ahh | |
# If enabled Couchbase server will try to recursively search for groups for | |
# every discovered ldap group. groups_query will be user for the search. | |
nestedGroupsEnabled: ahh | |
# Maximum number of recursive groups requests the server is allowed to | |
# perform. Requires NestedGroupsEnabled. Values between 1 and 100: the | |
# default is 10. | |
nestedGroupsMaxDepth: ahh | |
# LDAP port | |
port: ahh | |
# Whether server certificate validation be enabled | |
serverCertValidation: ahh | |
# TLSSecret is the name of a Kubernetes secret to use for LDAP ca cert. | |
tlsSecret: ahh | |
# User to distinguished name (DN) mapping. If none is specified, the | |
# username is used as the user’s distinguished name. | |
userDNMapping: | |
# Query is the LDAP query to run to map from Couchbase user to LDAP | |
# distinguished name. | |
query: ahh | |
# This field specifies list of templates to use for providing username to | |
# DN mapping. The template may contain a placeholder specified as `%u` to | |
# represent the Couchbase user who is attempting to gain access. | |
template: ahh | |
# Couchbase RBAC Users | |
rbac: | |
# Managed defines whether RBAC is managed by us or the clients. | |
managed: ahh | |
# Selector is a label selector used to list RBAC resources in the namespace | |
# that are managed by the Operator. | |
selector: | |
# matchExpressions is a list of label selector requirements. The | |
# requirements are ANDed. | |
matchExpressions: ahh | |
# matchLabels is a map of {key,value} pairs. A single {key,value} in the | |
# matchLabels map is equivalent to an element of matchExpressions, whose | |
# key field is "key", the operator is "In", and the values array contains | |
# only "value". The requirements are ANDed. | |
matchLabels: ahh | |
# SecurityContext allows the configuration of the security context for all | |
# Couchbase server pods. When using persistent volumes you may need to set the | |
# fsGroup field in order to write to the volume. For non-root clusters you must | |
# also set runAsUser to 1000, corresponding to the Couchbase user in official | |
# container images. More info: https://kubernetes.io/docs/tasks/configure-pod- | |
# container/security-context/ | |
securityContext: | |
# A special supplemental group that applies to all containers in a pod. Some | |
# volume types allow the Kubelet to change the ownership of that volume to be | |
# owned by the pod: 1. The owning GID will be the FSGroup 2. The setgid bit | |
# is set (new files created in the volume will be owned by FSGroup) 3. The | |
# permission bits are OR'd with rw-rw---- If unset, the Kubelet will not | |
# modify the ownership and permissions of any volume. | |
fsGroup: ahh | |
# fsGroupChangePolicy defines behavior of changing ownership and permission of | |
# the volume before being exposed inside Pod. This field will only apply to | |
# volume types which support fsGroup based ownership(and permissions). It will | |
# have no effect on ephemeral volume types such as: secret, configmaps and | |
# emptydir. Valid values are "OnRootMismatch" and "Always". If not specified | |
# defaults to "Always". | |
fsGroupChangePolicy: ahh | |
# The GID to run the entrypoint of the container process. Uses runtime default | |
# if unset. May also be set in SecurityContext. If set in both | |
# SecurityContext and PodSecurityContext, the value specified in | |
# SecurityContext takes precedence for that container. | |
runAsGroup: ahh | |
# Indicates that the container must run as a non-root user. If true, the | |
# Kubelet will validate the image at runtime to ensure that it does not run as | |
# UID 0 (root) and fail to start the container if it does. If unset or false, | |
# no such validation will be performed. May also be set in SecurityContext. | |
# If set in both SecurityContext and PodSecurityContext, the value specified | |
# in SecurityContext takes precedence. | |
runAsNonRoot: ahh | |
# The UID to run the entrypoint of the container process. Defaults to user | |
# specified in image metadata if unspecified. May also be set in | |
# SecurityContext. If set in both SecurityContext and PodSecurityContext, the | |
# value specified in SecurityContext takes precedence for that container. | |
runAsUser: ahh | |
# The SELinux context to be applied to all containers. If unspecified, the | |
# container runtime will allocate a random SELinux context for each container. | |
# May also be set in SecurityContext. If set in both SecurityContext and | |
# PodSecurityContext, the value specified in SecurityContext takes precedence | |
# for that container. | |
seLinuxOptions: | |
# Level is SELinux level label that applies to the container. | |
level: ahh | |
# Role is a SELinux role label that applies to the container. | |
role: ahh | |
# Type is a SELinux type label that applies to the container. | |
type: ahh | |
# User is a SELinux user label that applies to the container. | |
user: ahh | |
# The seccomp options to use by the containers in this pod. | |
seccompProfile: | |
# localhostProfile indicates a profile defined in a file on the node should | |
# be used. The profile must be preconfigured on the node to work. Must be a | |
# descending path, relative to the kubelet's configured seccomp profile | |
# location. Must only be set if type is "Localhost". | |
localhostProfile: ahh | |
# type indicates which kind of seccomp profile will be applied. Valid | |
# options are: Localhost - a profile defined in a file on the node should | |
# be used. RuntimeDefault - the container runtime default profile should be | |
# used. Unconfined - no profile should be applied. | |
type: ahh | |
# A list of groups applied to the first process run in each container, in | |
# addition to the container's primary GID. If unspecified, no groups will be | |
# added to any container. | |
supplementalGroups: ahh | |
# Sysctls hold a list of namespaced sysctls used for the pod. Pods with | |
# unsupported sysctls (by the container runtime) might fail to launch. | |
sysctls: ahh | |
# The Windows specific settings applied to all containers. If unspecified, the | |
# options within a container's SecurityContext will be used. If set in both | |
# SecurityContext and PodSecurityContext, the value specified in | |
# SecurityContext takes precedence. | |
windowsOptions: | |
# GMSACredentialSpec is where the GMSA admission webhook | |
# (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of | |
# the GMSA credential spec named by the GMSACredentialSpecName field. | |
gmsaCredentialSpec: ahh | |
# GMSACredentialSpecName is the name of the GMSA credential spec to use. | |
gmsaCredentialSpecName: ahh | |
# The UserName in Windows to run the entrypoint of the container process. | |
# Defaults to the user specified in image metadata if unspecified. May also | |
# be set in PodSecurityContext. If set in both SecurityContext and | |
# PodSecurityContext, the value specified in SecurityContext takes | |
# precedence. | |
runAsUserName: ahh | |
# ServerGroups define the set of availability zones you want to distribute pods | |
# over, and construct Couchbase server groups for. By default, most cloud | |
# providers will label nodes with the key "failure- | |
# domain.beta.kubernetes.io/zone", the values associated with that key are used | |
# here to provide explicit scheduling by the Operator. You may manually label | |
# nodes using the "failure-domain.beta.kubernetes.io/zone" key, to provide | |
# failure-domain aware scheduling when none is provided for you. Global server | |
# groups are applied to all server classes, and may be overridden on a per- | |
# server class basis to give more control over scheduling and server groups. | |
serverGroups: ahh | |
# Servers defines server classes for the Operator to provision and manage. A | |
# server class defines what services are running and how many members make up | |
# that class. Specifying multiple server classes allows the Operator to | |
# provision clusters with Multi-Dimensional Scaling (MDS). At least one server | |
# class must be defined, and at least one server class must be running the data | |
# service. | |
servers: ahh | |
# SoftwareUpdateNotifications enables software update notifications in the UI. | |
# When enabled, the UI will alert when a Couchbase server upgrade is available. | |
softwareUpdateNotifications: ahh | |
# UpgradeStrategy controls how aggressive the Operator is when performing a | |
# cluster upgrade. When a rolling upgrade is requested, pods are upgraded one | |
# at a time. This strategy is slower, however less disruptive. When an | |
# immediate upgrade strategy is requested, all pods are upgraded at the same | |
# time. This strategy is faster, but more disruptive. This field must be | |
# either "RollingUpgrade" or "ImmediateUpgrade", defaulting to "RollingUpgrade". | |
upgradeStrategy: ahh | |
# VolumeClaimTemplates define the desired characteristics of a volume that can | |
# be requested/claimed by a pod, for example the storage class to use and the | |
# volume size. Volume claim templates are referred to by name by server class | |
# volume mount configuration. | |
volumeClaimTemplates: ahh | |
# XDCR defines whether the Operator should manage XDCR, remote clusters and how | |
# to lookup replication resources. | |
xdcr: | |
# Managed defines whether XDCR is managed by the operator or not. | |
managed: ahh | |
# RemoteClusters is a set of named remote clusters to establish replications | |
# to. | |
remoteClusters: ahh |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment