Skip to content

Instantly share code, notes, and snippets.

@tahmmee

tahmmee/helmgen_poc.yaml Secret

Created April 29, 2021 06:14
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save tahmmee/3c48001cec378e497a8bed216996a4bf to your computer and use it in GitHub Desktop.
Save tahmmee/3c48001cec378e497a8bed216996a4bf to your computer and use it in GitHub Desktop.
Download ZIP
values
Raw
helmgen_poc.yaml
# Couchbase Operator Chart Values
# AntiAffinity forces the Operator to schedule different Couchbase server pods
# on different Kubernetes nodes. Anti-affinity reduces the likelihood of
# unrecoverable failure in the event of a node issue. Use of anti-affinity is
# highly recommended for production clusters.
antiAffinity: ahh
# AutoResourceAllocation populates pod resource requests based on the services
# running on that pod. When enabled, this feature will calculate the memory
# request as the total of service allocations defined in `spec.cluster`, plus an
# overhead defined by `spec.autoResourceAllocation.overheadPercent`.Changing
# individual allocations for a service will cause a cluster upgrade as
# allocations are modified in the underlying pods. This field also allows
# default pod CPU requests and limits to be applied. All resource allocations
# can be overridden by explcitly configuring them in the
# `spec.servers.resources` field.
autoResourceAllocation:
# CPULimits automatically populates the CPU limits across all Couchbase server
# pods. This field defaults to "4" CPUs. Explicitly specifying the CPU limit
# for a particular server class will override this value. More info:
# https://kubernetes.io/docs/concepts/configuration/manage-resources-
# containers/#resource-units-in-kubernetes
cpuLimits: '4'
# CPURequests automatically populates the CPU requests across all Couchbase
# server pods. The default vaule of "2", is the minimum recommended number of
# CPUs required to run Couchbase Server. Explicitly specifying the CPU
# request for a particular server class will override this value. More info:
# https://kubernetes.io/docs/concepts/configuration/manage-resources-
# containers/#resource-units-in-kubernetes
cpuRequests: '2'
# Enabled defines whether auto-resource allocation is enabled.
enabled: ahh
# OverheadPercent defines the amount of memory above that required for
# individual services on a pod. For Couchbase Server this should be
# approximately 25%.
overheadPercent: 25
# AutoscaleStabilizationPeriod defines how long after a rebalance the
# corresponding HorizontalPodAutoscaler should remain in maintenance mode.
# During maintenance mode all autoscaling is disabled since every
# HorizontalPodAutoscaler associated with the cluster becomes inactive. Since
# certain metrics can be unpredictable when Couchbase is rebalancing or
# upgrading, setting a stabilization period helps to prevent scaling
# recommendations from the HorizontalPodAutoscaler for a provided period of
# time. Values must be a valid Kubernetes duration of 0s or higher:
# https://golang.org/pkg/time/#ParseDuration A value of 0, puts the cluster in
# maintenance mode during rebalance but immediately exits this mode once the
# rebalance has completed. When undefined, the HPA is never put into maintenance
# mode during rebalance.
autoscaleStabilizationPeriod: ahh
# Backup defines whether the Operator should manage automated backups, and how
# to lookup backup resources.
backup:
# The Backup Image to run on backup pods
image: ahh
# ImagePullSecrets allow you to use an image from private repositories and
# non-dockerhub ones.
imagePullSecrets: ahh
# Managed defines whether backups are managed by us or the clients.
managed: ahh
# NodeSelector defines which nodes to constrain the pods that run any backup
# operations to
nodeSelector: ahh
# Resources is the resource requirements for the backup container. Will be
# populated by defaults if not specified.
resources:
# Limits describes the maximum amount of compute resources allowed. More
# info: https://kubernetes.io/docs/concepts/configuration/manage-compute-
# resources-container/
limits: ahh
# Requests describes the minimum amount of compute resources required. If
# Requests is omitted for a container, it defaults to Limits if that is
# explicitly specified, otherwise to an implementation-defined value. More
# info: https://kubernetes.io/docs/concepts/configuration/manage-compute-
# resources-container/
requests: ahh
# S3Secret contains the region and credentials for operating backups in S3
s3Secret: ahh
# Selector allows CouchbaseBackup and CouchbaseBackupRestore resources to be
# filtered based on labels.
selector:
# matchExpressions is a list of label selector requirements. The
# requirements are ANDed.
matchExpressions: ahh
# matchLabels is a map of {key,value} pairs. A single {key,value} in the
# matchLabels map is equivalent to an element of matchExpressions, whose key
# field is "key", the operator is "In", and the values array contains only
# "value". The requirements are ANDed.
matchLabels: ahh
# The Service Account to run backup (and restore) pods under. Without this
# backup pods will not be able to update status
serviceAccountName: ahh
# Tolerations specifies all backup pod tolerations.
tolerations: ahh
# Buckets defines whether the Operator should manage buckets, and how to lookup
# bucket resources.
buckets:
# Managed defines whether buckets are managed by us or the clients.
managed: ahh
# Selector is a label selector used to list buckets in the namespace that are
# managed by the Operator.
selector:
# matchExpressions is a list of label selector requirements. The
# requirements are ANDed.
matchExpressions: ahh
# matchLabels is a map of {key,value} pairs. A single {key,value} in the
# matchLabels map is equivalent to an element of matchExpressions, whose key
# field is "key", the operator is "In", and the values array contains only
# "value". The requirements are ANDed.
matchLabels: ahh
# ClusterSettings define Couchbase cluster-wide settings such as memory
# allocation, failover characteristics and index settings.
cluster:
# AnalyticsServiceMemQuota is the amount of memory that should be allocated to
# the analytics service. This value is per-pod, and only applicable to pods
# belonging to server classes running the analytics service. This field must
# be a quantity greater than or equal to 1Gi. This field defaults to 1Gi.
# More info: https://kubernetes.io/docs/concepts/configuration/manage-
# resources-containers/#resource-units-in-kubernetes
analyticsServiceMemoryQuota: 1Gi
# AutoCompaction allows the configuration of auto-compaction, including on
# what conditions disk space is reclaimed and when it is allowed to run.
autoCompaction:
# DatabaseFragmentationThreshold defines triggers for when database
# compaction should start.
databaseFragmentationThreshold:
# Percent is the percentage of disk fragmentation after which to
# decompaction will be triggered. This field must be in the range 2-100,
# defaulting to 30.
percent: 30
# Size is the amount of disk framentation, that once exceeded, will
# trigger decompaction. More info:
# https://kubernetes.io/docs/concepts/configuration/manage-resources-
# containers/#resource-units-in-kubernetes
size: ahh
# ParallelCompaction controls whether database and view compactions can
# happen in parallel.
parallelCompaction: ahh
# TimeWindow allows restriction of when compaction can occur.
timeWindow:
# AbortCompactionOutsideWindow stops compaction processes when the process
# moves outside the window.
abortCompactionOutsideWindow: ahh
# End is a wallclock time, in the form HH:MM, when a compaction should
# stop.
end: ahh
# Start is a wallclock time, in the form HH:MM, when a compaction is
# permitted to start.
start: ahh
# TombstonePurgeInterval controls how long to wait before purging
# tombstones. This field must be in the range 1h-1440h, defaulting to 72h.
# More info: https://golang.org/pkg/time/#ParseDuration
tombstonePurgeInterval: 72h
# ViewFragmentationThreshold defines triggers for when view compaction
# should start.
viewFragmentationThreshold:
# Percent is the percentage of disk fragmentation after which to
# decompaction will be triggered. This field must be in the range 2-100,
# defaulting to 30.
percent: 30
# Size is the amount of disk framentation, that once exceeded, will
# trigger decompaction. More info:
# https://kubernetes.io/docs/concepts/configuration/manage-resources-
# containers/#resource-units-in-kubernetes
size: ahh
# AutoFailoverMaxCount is the maximum number of automatic failovers Couchbase
# server will allow before not allowing any more. This field must be between
# 1-3, default 3.
autoFailoverMaxCount: 3
# AutoFailoverOnDataDiskIssues defines whether Couchbase server should
# failover a pod if a disk issue was detected.
autoFailoverOnDataDiskIssues: ahh
# AutoFailoverOnDataDiskIssuesTimePeriod defines how long to wait for
# transient errors before failing over a faulty disk. This field must be in
# the range 5-3600s, defaulting to 120s. More info:
# https://golang.org/pkg/time/#ParseDuration
autoFailoverOnDataDiskIssuesTimePeriod: 120s
# AutoFailoverServerGroup whether to enable failing over a server group.
autoFailoverServerGroup: ahh
# AutoFailoverTimeout defines how long Couchbase server will wait between a
# pod being witnessed as down, until when it will failover the pod. Couchbase
# server will only failover pods if it deems it safe to do so, and not result
# in data loss. This field must be in the range 5-3600s, defaulting to 120s.
# More info: https://golang.org/pkg/time/#ParseDuration
autoFailoverTimeout: 120s
# ClusterName defines the name of the cluster, as displayed in the Couchbase
# UI. By default, the cluster name is that specified in the CouchbaseCluster
# resource's metadata.
clusterName: ahh
# Data allows the data service to be configured.
data:
# ReaderThreads allows the number of threads used by the data service, per
# pod, to be altered. This value must be between 4 and 64 threads, and
# should only be increased where there are sufficient CPU resources
# allocated for their use. If not specified, this defaults to the default
# value set by Couchbase Server.
readerThreads: ahh
# ReaderThreads allows the number of threads used by the data service, per
# pod, to be altered. This setting is especially relevant when using
# "durable writes", increaing this field will have a large impact on
# performance. This value must be between 4 and 64 threads, and should only
# be increased where there are sufficient CPU resources allocated for their
# use. If not specified, this defaults to the default value set by Couchbase
# Server.
writerThreads: ahh
# DataServiceMemQuota is the amount of memory that should be allocated to the
# data service. This value is per-pod, and only applicable to pods belonging
# to server classes running the data service. This field must be a quantity
# greater than or equal to 256Mi. This field defaults to 256Mi. More info:
# https://kubernetes.io/docs/concepts/configuration/manage-resources-
# containers/#resource-units-in-kubernetes
dataServiceMemoryQuota: 256Mi
# EventingServiceMemQuota is the amount of memory that should be allocated to
# the eventing service. This value is per-pod, and only applicable to pods
# belonging to server classes running the eventing service. This field must
# be a quantity greater than or equal to 256Mi. This field defaults to 256Mi.
# More info: https://kubernetes.io/docs/concepts/configuration/manage-
# resources-containers/#resource-units-in-kubernetes
eventingServiceMemoryQuota: 256Mi
# IndexServiceMemQuota is the amount of memory that should be allocated to the
# index service. This value is per-pod, and only applicable to pods belonging
# to server classes running the index service. This field must be a quantity
# greater than or equal to 256Mi. This field defaults to 256Mi. More info:
# https://kubernetes.io/docs/concepts/configuration/manage-resources-
# containers/#resource-units-in-kubernetes
indexServiceMemoryQuota: 256Mi
# DEPRECATED - by indexer. The index storage mode to use for secondary
# indexing. This field must be one of "memory_optimized" or "plasma",
# defaulting to "memory_optimized". This field is immutable and cannot be
# changed unless there are no server classes running the index service in the
# cluster.
indexStorageSetting: memory_optimized
# Indexer allows the indexer to be configured.
indexer:
# LogLevel controls the verbosity of indexer logs. This field must be one
# of "silent", "fatal", "error", "warn", "info", "verbose", "timing",
# "debug" or "trace", defaulting to "info".
logLevel: info
# MaxRollbackPoints controls the number of checkpoints that can be rolled
# back to. The default is 2, with a minimum of 1.
maxRollbackPoints: 2
# MemorySnapshotInterval controls when memory indexes should be snapshotted.
# This defaults to 200ms, and must be greater than or equal to 1ms.
memorySnapshotInterval: 200ms
# StableSnapshotInterval controls when disk indexes should be snapshotted.
# This defaults to 5s, and must be greater than or equal to 1ms.
stableSnapshotInterval: 5s
# StorageMode controls the underlying storage engine for indexes. Once set
# it can only be modified if there are no nodes in the cluster running the
# index service. The field must be one of "memory_optimized" or "plasma",
# defaulting to "memory_optimized".
storageMode: memory_optimized
# Threads controls the number of processor threads to use for indexing. A
# value of 0 means 1 per CPU. This attribute must be greater than or equal
# to 0, defaulting to 0.
threads: ahh
# Query allows the query service to be configured.
query:
# BackfillEnabled allows the query service to backfill.
backfillEnabled: true
# TemporarySpace allows the temporary storage used by the query service
# backfill, per-pod, to be modified. This field requires `backfillEnabled`
# to be set to true in order to have any effect.
temporarySpace: 5Gi
# TemporarySpaceUnlimited allows the temporary storage used by the query
# service backfill, per-pod, to be unconstrainend. This field requires
# `backfillEnabled` to be set to true in order to have any effect. This
# field overrides `temporarySpace`.
temporarySpaceUnlimited: ahh
# QueryServiceMemQuota is a dummy field. By default, Couchbase server
# provides no memory resource constrints for the query service, so this has no
# effect on Couchbase server. It is, however, used when the
# spec.autoResourceAllocation feature is enabled, and is used to define the
# amount of memory reserved by the query service for use with Kubernetes
# resource scheduling.
queryServiceMemoryQuota: ahh
# SearchServiceMemQuota is the amount of memory that should be allocated to
# the search service. This value is per-pod, and only applicable to pods
# belonging to server classes running the search service. This field must be
# a quantity greater than or equal to 256Mi. This field defaults to 256Mi.
# More info: https://kubernetes.io/docs/concepts/configuration/manage-
# resources-containers/#resource-units-in-kubernetes
searchServiceMemoryQuota: 256Mi
# EnableOnlineVolumeExpansion enables online expansion of Persistent Volumes.
# You can only expand a PVC if its storage class's "allowVolumeExpansion" field
# is set to true. Additionally, Kubernetes feature
# "ExpandInUsePersistentVolumes" must be enabled in order to expand the volumes
# which are actively bound to Pods. Volumes can only be expanded and not reduced
# to a smaller size. See:
# https://kubernetes.io/docs/concepts/storage/persistent-volumes/#resizing-an-
# in-use-persistentvolumeclaim If "EnableOnlineVolumeExpansion" is enabled for
# use within an evironment that does not actually support online volume and file
# system expansion then the cluster will fallback to rolling upgrade procedure
# to create a new set of Pods for use with resized Volumes. More info:
# https://kubernetes.io/docs/concepts/storage/persistent-volumes/#expanding-
# persistent-volumes-claims
enableOnlineVolumeExpansion: ahh
# EnablePreviewScaling enables autoscaling for stateful services and buckets.
# DEPRECATED - This option only exists for backwards compatibility and no longer
# restricts autoscaling to ephemeral services. To be removed in future releases.
enablePreviewScaling: ahh
# Hibernate is whether to hibernate the cluster.
hibernate: ahh
# HibernationStrategy defines how to hibernate the cluster. When Immediate the
# Operator will immediately delete all pods and take no further action until the
# hibernate field is set to false.
hibernationStrategy: ahh
# Image is the container image name that will be used to launch Couchbase server
# instances. Updating this field will cause an automatic upgrade of the
# cluster.
image: ahh
# Logging defines Operator logging options.
logging:
# Used to manage the audit configuration directly
audit:
# The list of event ids to disable for auditing purposes. This is passed to
# the REST API with no verification by the operator. Refer to the
# documentation for details:
# https://docs.couchbase.com/server/current/audit-event-reference/audit-
# event-reference.html
disabledEvents: ahh
# The list of users to ignore for auditing purposes. This is passed to the
# REST API with minimal validation it meets an acceptable regex pattern.
# Refer to the documentation for full details on how to configure this:
# https://docs.couchbase.com/server/current/manage/manage-security/manage-
# auditing.html#ignoring-events-by-user
disabledUsers: ahh
# Enabled is a boolean that enables the audit capabilities.
enabled: ahh
# Handle all optional garbage collection (GC) configuration for the audit
# functionality. This is not part of the audit REST API, it is intended to
# handle GC automatically for the audit logs. By default the Couchbase
# Server rotates the audit logs but does not clean up the rotated logs. This
# is left as an operation for the cluster administrator to manage, the
# operator allows for us to automate this:
# https://docs.couchbase.com/server/current/manage/manage-security/manage-
# auditing.html
garbageCollection:
# Provide the sidecar configuration required (if so desired) to
# automatically clean up audit logs.
sidecar:
# The minimum age of rotated log files to remove, defaults to one hour.
age: 1h
# Enable this sidecar by setting to true, defaults to being disabled.
enabled: ahh
# Image is the image to be used to run the audit sidecar helper. No
# validation is carried out as this can be any arbitrary repo and tag.
image: busybox:1.32.1
# The interval at which to check for rotated log files to remove,
# defaults to 20 minutes.
interval: 20m
# Resources is the resource requirements for the cleanup container. Will
# be populated by Kubernetes defaults if not specified.
resources:
# Limits describes the maximum amount of compute resources allowed.
# More info: https://kubernetes.io/docs/concepts/configuration/manage-
# compute-resources-container/
limits: ahh
# Requests describes the minimum amount of compute resources required.
# If Requests is omitted for a container, it defaults to Limits if
# that is explicitly specified, otherwise to an implementation-defined
# value. More info:
# https://kubernetes.io/docs/concepts/configuration/manage-compute-
# resources-container/
requests: ahh
# The interval to optionally rotate the audit log. This is passed to the
# REST API, see here for details:
# https://docs.couchbase.com/server/current/manage/manage-security/manage-
# auditing.html
rotation:
# The interval at which to rotate log files, defaults to 15 minutes.
interval: 15m
# Size allows the specification of a rotation size for the log, defaults
# to 20Mi.
size: 20Mi
# LogRetentionCount gives the number of persistent log PVCs to keep.
logRetentionCount: ahh
# LogRetentionTime gives the time to keep persistent log PVCs alive for.
logRetentionTime: ahh
# Specification of all logging configuration required to manage the sidecar
# containers in each pod.
server:
# ConfigurationName is the name of the Secret to use holding the logging
# configuration in the namespace. A Secret is used to ensure we can safely
# store credentials but this can be populated from plaintext if acceptable
# too. If it does not exist then one will be created with defaults in the
# namespace so it can be easily updated whilst running.
configurationName: fluent-bit-config
# Enabled is a boolean that enables the logging sidecar container.
enabled: ahh
# A boolean which indicates whether the operator should manage the
# configuration or not. If omitted then this defaults to true which means
# the operator will attempt to reconcile it to default values. To use a
# custom configuration make sure to set this to false.
manageConfiguration: true
# Any specific logging sidecar container configuration.
sidecar:
# ConfigurationMountPath is the location to mount the ConfigurationName
# Secret into the image. If another log shipping image is used that needs
# a different mount then modify this.
configurationMountPath: /fluent-bit/config/
# Image is the image to be used to deal with logging as a sidecar. No
# validation is carried out as this can be any arbitrary repo and tag. It
# will default to the latest supported version of Fluent Bit.
image: couchbase/fluent-bit:1.0.0
# Resources is the resource requirements for the sidecar container. Will
# be populated by Kubernetes defaults if not specified.
resources:
# Limits describes the maximum amount of compute resources allowed. More
# info: https://kubernetes.io/docs/concepts/configuration/manage-
# compute-resources-container/
limits: ahh
# Requests describes the minimum amount of compute resources required.
# If Requests is omitted for a container, it defaults to Limits if that
# is explicitly specified, otherwise to an implementation-defined value.
# More info: https://kubernetes.io/docs/concepts/configuration/manage-
# compute-resources-container/
requests: ahh
# Monitoring defines any Operator managed integration into 3rd party monitoring
# infrastructure.
monitoring:
# Prometheus provides integration with Prometheus monitoring.
prometheus:
# AuthorizationSecret is the name of a Kubernetes secret that contains a
# bearer token to authorize GET requests to the metrics endpoint
authorizationSecret: ahh
# Enabled is a boolean that enables/disables the metrics sidecar container.
enabled: ahh
# Image is the metrics image to be used to collect metrics. No validation is
# carried out as this can be any arbitrary repo and tag.
image: ahh
# Resources is the resource requirements for the metrics container. Will be
# populated by Kubernetes defaults if not specified.
resources:
# Limits describes the maximum amount of compute resources allowed. More
# info: https://kubernetes.io/docs/concepts/configuration/manage-compute-
# resources-container/
limits: ahh
# Requests describes the minimum amount of compute resources required. If
# Requests is omitted for a container, it defaults to Limits if that is
# explicitly specified, otherwise to an implementation-defined value. More
# info: https://kubernetes.io/docs/concepts/configuration/manage-compute-
# resources-container/
requests: ahh
# Networking defines Couchbase cluster networking options such as network
# topology, TLS and DDNS settings.
networking:
# DEVELOPER PREVIEW - this feature is not for production use. AddressFamily
# allows the manual selection of the address family to use. Couchbase server
# will default to "IPv4" regardless of underlying network configuration, so
# this must be manually set to enable use on an "IPv6" only network. This
# field is immutable and cannot be changed once set.
addressFamily: ahh
# AdminConsoleServiceTemplate provides a template used by the Operator to
# create and manage the admin console service. This allows services to be
# annotated, the service type defined and any other options that Kubernetes
# provides. When using a LoadBalancer service type, TLS and dynamic DNS must
# also be enabled. The Operator reserves the right to modify or replace any
# field. More info:
# https://kubernetes.io/docs/reference/generated/kubernetes-
# api/v1.19/#service-v1-core
adminConsoleServiceTemplate:
# Standard objects metadata. This is a curated version for use with
# Couchbase resource templates.
metadata:
# Annotations is an unstructured key value map stored with a resource that
# may be set by external tools to store and retrieve arbitrary metadata.
# They are not queryable and should be preserved when modifying objects.
# More info: http://kubernetes.io/docs/user-guide/annotations
annotations: ahh
# Map of string keys and values that can be used to organize and
# categorize (scope and select) objects. May match selectors of
# replication controllers and services. More info:
# http://kubernetes.io/docs/user-guide/labels
labels: ahh
# ServiceSpec describes the attributes that a user creates on a service.
spec:
# clusterIP is the IP address of the service and is usually assigned
# randomly by the master. If an address is specified manually and is not
# in use by others, it will be allocated to the service; otherwise,
# creation of the service will fail. This field can not be changed through
# updates. Valid values are "None", empty string (""), or a valid IP
# address. "None" can be specified for headless services when proxying is
# not required. Only applies to types ClusterIP, NodePort, and
# LoadBalancer. Ignored if type is ExternalName. More info:
# https://kubernetes.io/docs/concepts/services-
# networking/service/#virtual-ips-and-service-proxies
clusterIP: ahh
# externalIPs is a list of IP addresses for which nodes in the cluster
# will also accept traffic for this service. These IPs are not managed by
# Kubernetes. The user is responsible for ensuring that traffic arrives
# at a node with this IP. A common example is external load-balancers
# that are not part of the Kubernetes system.
externalIPs: ahh
# externalName is the external reference that kubedns or equivalent will
# return as a CNAME record for this service. No proxying will be involved.
# Must be a valid RFC-1123 hostname (https://tools.ietf.org/html/rfc1123)
# and requires Type to be ExternalName.
externalName: ahh
# externalTrafficPolicy denotes if this Service desires to route external
# traffic to node-local or cluster-wide endpoints. "Local" preserves the
# client source IP and avoids a second hop for LoadBalancer and Nodeport
# type services, but risks potentially imbalanced traffic spreading.
# "Cluster" obscures the client source IP and may cause a second hop to
# another node, but should have good overall load-spreading.
externalTrafficPolicy: ahh
# healthCheckNodePort specifies the healthcheck nodePort for the service.
# If not specified, HealthCheckNodePort is created by the service api
# backend with the allocated nodePort. Will use user-specified nodePort
# value if specified by the client. Only effects when Type is set to
# LoadBalancer and ExternalTrafficPolicy is set to Local.
healthCheckNodePort: ahh
# ipFamily specifies whether this Service has a preference for a
# particular IP family (e.g. IPv4 vs. IPv6) when the IPv6DualStack feature
# gate is enabled. In a dual-stack cluster, you can specify ipFamily when
# creating a ClusterIP Service to determine whether the controller will
# allocate an IPv4 or IPv6 IP for it, and you can specify ipFamily when
# creating a headless Service to determine whether it will have IPv4 or
# IPv6 Endpoints. In either case, if you do not specify an ipFamily
# explicitly, it will default to the cluster's primary IP family. This
# field is part of an alpha feature, and you should not make any
# assumptions about its semantics other than those described above. In
# particular, you should not assume that it can (or cannot) be changed
# after creation time; that it can only have the values "IPv4" and "IPv6";
# or that its current value on a given Service correctly reflects the
# current state of that Service. (For ClusterIP Services, look at
# clusterIP to see if the Service is IPv4 or IPv6. For headless Services,
# look at the endpoints, which may be dual-stack in the future. For
# ExternalName Services, ipFamily has no meaning, but it may be set to an
# irrelevant value anyway.)
ipFamily: ahh
# Only applies to Service Type: LoadBalancer LoadBalancer will get created
# with the IP specified in this field. This feature depends on whether the
# underlying cloud-provider supports specifying the loadBalancerIP when a
# load balancer is created. This field will be ignored if the cloud-
# provider does not support the feature.
loadBalancerIP: ahh
# If specified and supported by the platform, this will restrict traffic
# through the cloud-provider load-balancer will be restricted to the
# specified client IPs. This field will be ignored if the cloud-provider
# does not support the feature." More info:
# https://kubernetes.io/docs/tasks/access-application-cluster/configure-
# cloud-provider-firewall/
loadBalancerSourceRanges: ahh
# publishNotReadyAddresses indicates that any agent which deals with
# endpoints for this Service should disregard any indications of
# ready/not-ready. The primary use case for setting this field is for a
# StatefulSet's Headless Service to propagate SRV DNS records for its Pods
# for the purpose of peer discovery. The Kubernetes controllers that
# generate Endpoints and EndpointSlice resources for Services interpret
# this to mean that all endpoints are considered "ready" even if the Pods
# themselves are not. Agents which consume only Kubernetes generated
# endpoints through the Endpoints or EndpointSlice resources can safely
# assume this behavior.
publishNotReadyAddresses: ahh
# Route service traffic to pods with label keys and values matching this
# selector. If empty or not present, the service is assumed to have an
# external process managing its endpoints, which Kubernetes will not
# modify. Only applies to types ClusterIP, NodePort, and LoadBalancer.
# Ignored if type is ExternalName. More info:
# https://kubernetes.io/docs/concepts/services-networking/service/
selector: ahh
# Supports "ClientIP" and "None". Used to maintain session affinity.
# Enable client IP based session affinity. Must be ClientIP or None.
# Defaults to None. More info:
# https://kubernetes.io/docs/concepts/services-
# networking/service/#virtual-ips-and-service-proxies
sessionAffinity: ahh
# sessionAffinityConfig contains the configurations of session affinity.
sessionAffinityConfig:
# clientIP contains the configurations of Client IP based session
# affinity.
clientIP:
# timeoutSeconds specifies the seconds of ClientIP type session sticky
# time. The value must be >0 && <=86400(for 1 day) if ServiceAffinity
# == "ClientIP". Default value is 10800(for 3 hours).
timeoutSeconds: ahh
# topologyKeys is a preference-order list of topology keys which
# implementations of services should use to preferentially sort endpoints
# when accessing this Service, it can not be used at the same time as
# externalTrafficPolicy=Local. Topology keys must be valid label keys and
# at most 16 keys may be specified. Endpoints are chosen based on the
# first topology key with available backends. If this field is specified
# and all entries have no backends that match the topology of the client,
# the service has no backends for that client and connections should fail.
# The special value "*" may be used to mean "any topology". This catch-all
# value, if used, only makes sense as the last value in the list. If this
# is not specified or empty, no topology constraints will be applied.
topologyKeys: ahh
# type determines how the Service is exposed. Defaults to ClusterIP. Valid
# options are ExternalName, ClusterIP, NodePort, and LoadBalancer.
# "ExternalName" maps to the specified externalName. "ClusterIP" allocates
# a cluster-internal IP address for load-balancing to endpoints. Endpoints
# are determined by the selector or if that is not specified, by manual
# construction of an Endpoints object. If clusterIP is "None", no virtual
# IP is allocated and the endpoints are published as a set of endpoints
# rather than a stable IP. "NodePort" builds on ClusterIP and allocates a
# port on every node which routes to the clusterIP. "LoadBalancer" builds
# on NodePort and creates an external load-balancer (if supported in the
# current cloud) which routes to the clusterIP. More info:
# https://kubernetes.io/docs/concepts/services-
# networking/service/#publishing-services-service-types
type: ahh
# DEPRECATED - by adminConsoleServiceTemplate. AdminConsoleServiceType defines
# whether to create a node port or load balancer service. When using a
# LoadBalancer service type, TLS and dynamic DNS must also be enabled. This
# field must be one of "NodePort" or "LoadBalancer", defaulting to "NodePort".
adminConsoleServiceType: NodePort
# DEPRECATED - not required by Couchbase Server 6.5.0 onward.
# AdminConsoleServices is a selector to choose specific services to expose via
# the admin console. This field may contain any of "data", "index", "query",
# "search", "eventing" and "analytics". Each service may only be included
# once.
adminConsoleServices: ahh
# DisableUIOverHTTP is used to explicitly enable and disable UI access over
# the HTTP protocol. If not specified, this field defaults to false.
disableUIOverHTTP: ahh
# DisableUIOverHTTPS is used to explicitly enable and disable UI access over
# the HTTPS protocol. If not specified, this field defaults to false.
disableUIOverHTTPS: ahh
# DNS defines information required for Dynamic DNS support.
dns:
# Domain is the domain to create pods in. When populated the Operator will
# annotate the admin console and per-pod services with the key "external-
# dns.alpha.kubernetes.io/hostname". These annotations can be used directly
# by a Kubernetes External-DNS controller to replicate load balancer service
# IP addresses into a public DNS server.
domain: ahh
# ExposeAdminConsole creates a service referencing the admin console. The
# service is configured by the adminConsoleServiceTemplate field.
exposeAdminConsole: ahh
# ExposedFeatureServiceTemplate provides a template used by the Operator to
# create and manage per-pod services. This allows services to be annotated,
# the service type defined and any other options that Kubernetes provides.
# When using a LoadBalancer service type, TLS and dynamic DNS must also be
# enabled. The Operator reserves the right to modify or replace any field.
# More info: https://kubernetes.io/docs/reference/generated/kubernetes-
# api/v1.19/#service-v1-core
exposedFeatureServiceTemplate:
# Standard objects metadata. This is a curated version for use with
# Couchbase resource templates.
metadata:
# Annotations is an unstructured key value map stored with a resource that
# may be set by external tools to store and retrieve arbitrary metadata.
# They are not queryable and should be preserved when modifying objects.
# More info: http://kubernetes.io/docs/user-guide/annotations
annotations: ahh
# Map of string keys and values that can be used to organize and
# categorize (scope and select) objects. May match selectors of
# replication controllers and services. More info:
# http://kubernetes.io/docs/user-guide/labels
labels: ahh
# ServiceSpec describes the attributes that a user creates on a service.
spec:
# clusterIP is the IP address of the service and is usually assigned
# randomly by the master. If an address is specified manually and is not
# in use by others, it will be allocated to the service; otherwise,
# creation of the service will fail. This field can not be changed through
# updates. Valid values are "None", empty string (""), or a valid IP
# address. "None" can be specified for headless services when proxying is
# not required. Only applies to types ClusterIP, NodePort, and
# LoadBalancer. Ignored if type is ExternalName. More info:
# https://kubernetes.io/docs/concepts/services-
# networking/service/#virtual-ips-and-service-proxies
clusterIP: ahh
# externalIPs is a list of IP addresses for which nodes in the cluster
# will also accept traffic for this service. These IPs are not managed by
# Kubernetes. The user is responsible for ensuring that traffic arrives
# at a node with this IP. A common example is external load-balancers
# that are not part of the Kubernetes system.
externalIPs: ahh
# externalName is the external reference that kubedns or equivalent will
# return as a CNAME record for this service. No proxying will be involved.
# Must be a valid RFC-1123 hostname (https://tools.ietf.org/html/rfc1123)
# and requires Type to be ExternalName.
externalName: ahh
# externalTrafficPolicy denotes if this Service desires to route external
# traffic to node-local or cluster-wide endpoints. "Local" preserves the
# client source IP and avoids a second hop for LoadBalancer and Nodeport
# type services, but risks potentially imbalanced traffic spreading.
# "Cluster" obscures the client source IP and may cause a second hop to
# another node, but should have good overall load-spreading.
externalTrafficPolicy: ahh
# healthCheckNodePort specifies the healthcheck nodePort for the service.
# If not specified, HealthCheckNodePort is created by the service api
# backend with the allocated nodePort. Will use user-specified nodePort
# value if specified by the client. Only effects when Type is set to
# LoadBalancer and ExternalTrafficPolicy is set to Local.
healthCheckNodePort: ahh
# ipFamily specifies whether this Service has a preference for a
# particular IP family (e.g. IPv4 vs. IPv6) when the IPv6DualStack feature
# gate is enabled. In a dual-stack cluster, you can specify ipFamily when
# creating a ClusterIP Service to determine whether the controller will
# allocate an IPv4 or IPv6 IP for it, and you can specify ipFamily when
# creating a headless Service to determine whether it will have IPv4 or
# IPv6 Endpoints. In either case, if you do not specify an ipFamily
# explicitly, it will default to the cluster's primary IP family. This
# field is part of an alpha feature, and you should not make any
# assumptions about its semantics other than those described above. In
# particular, you should not assume that it can (or cannot) be changed
# after creation time; that it can only have the values "IPv4" and "IPv6";
# or that its current value on a given Service correctly reflects the
# current state of that Service. (For ClusterIP Services, look at
# clusterIP to see if the Service is IPv4 or IPv6. For headless Services,
# look at the endpoints, which may be dual-stack in the future. For
# ExternalName Services, ipFamily has no meaning, but it may be set to an
# irrelevant value anyway.)
ipFamily: ahh
# Only applies to Service Type: LoadBalancer LoadBalancer will get created
# with the IP specified in this field. This feature depends on whether the
# underlying cloud-provider supports specifying the loadBalancerIP when a
# load balancer is created. This field will be ignored if the cloud-
# provider does not support the feature.
loadBalancerIP: ahh
# If specified and supported by the platform, this will restrict traffic
# through the cloud-provider load-balancer will be restricted to the
# specified client IPs. This field will be ignored if the cloud-provider
# does not support the feature." More info:
# https://kubernetes.io/docs/tasks/access-application-cluster/configure-
# cloud-provider-firewall/
loadBalancerSourceRanges: ahh
# publishNotReadyAddresses indicates that any agent which deals with
# endpoints for this Service should disregard any indications of
# ready/not-ready. The primary use case for setting this field is for a
# StatefulSet's Headless Service to propagate SRV DNS records for its Pods
# for the purpose of peer discovery. The Kubernetes controllers that
# generate Endpoints and EndpointSlice resources for Services interpret
# this to mean that all endpoints are considered "ready" even if the Pods
# themselves are not. Agents which consume only Kubernetes generated
# endpoints through the Endpoints or EndpointSlice resources can safely
# assume this behavior.
publishNotReadyAddresses: ahh
# Route service traffic to pods with label keys and values matching this
# selector. If empty or not present, the service is assumed to have an
# external process managing its endpoints, which Kubernetes will not
# modify. Only applies to types ClusterIP, NodePort, and LoadBalancer.
# Ignored if type is ExternalName. More info:
# https://kubernetes.io/docs/concepts/services-networking/service/
selector: ahh
# Supports "ClientIP" and "None". Used to maintain session affinity.
# Enable client IP based session affinity. Must be ClientIP or None.
# Defaults to None. More info:
# https://kubernetes.io/docs/concepts/services-
# networking/service/#virtual-ips-and-service-proxies
sessionAffinity: ahh
# sessionAffinityConfig contains the configurations of session affinity.
sessionAffinityConfig:
# clientIP contains the configurations of Client IP based session
# affinity.
clientIP:
# timeoutSeconds specifies the seconds of ClientIP type session sticky
# time. The value must be >0 && <=86400(for 1 day) if ServiceAffinity
# == "ClientIP". Default value is 10800(for 3 hours).
timeoutSeconds: ahh
# topologyKeys is a preference-order list of topology keys which
# implementations of services should use to preferentially sort endpoints
# when accessing this Service, it can not be used at the same time as
# externalTrafficPolicy=Local. Topology keys must be valid label keys and
# at most 16 keys may be specified. Endpoints are chosen based on the
# first topology key with available backends. If this field is specified
# and all entries have no backends that match the topology of the client,
# the service has no backends for that client and connections should fail.
# The special value "*" may be used to mean "any topology". This catch-all
# value, if used, only makes sense as the last value in the list. If this
# is not specified or empty, no topology constraints will be applied.
topologyKeys: ahh
# type determines how the Service is exposed. Defaults to ClusterIP. Valid
# options are ExternalName, ClusterIP, NodePort, and LoadBalancer.
# "ExternalName" maps to the specified externalName. "ClusterIP" allocates
# a cluster-internal IP address for load-balancing to endpoints. Endpoints
# are determined by the selector or if that is not specified, by manual
# construction of an Endpoints object. If clusterIP is "None", no virtual
# IP is allocated and the endpoints are published as a set of endpoints
# rather than a stable IP. "NodePort" builds on ClusterIP and allocates a
# port on every node which routes to the clusterIP. "LoadBalancer" builds
# on NodePort and creates an external load-balancer (if supported in the
# current cloud) which routes to the clusterIP. More info:
# https://kubernetes.io/docs/concepts/services-
# networking/service/#publishing-services-service-types
type: ahh
# DEPRECATED - by exposedFeatureServiceTemplate. ExposedFeatureServiceType
# defines whether to create a node port or load balancer service. When using a
# LoadBalancer service type, TLS and dynamic DNS must also be enabled. This
# field must be one of "NodePort" or "LoadBalancer", defaulting to "NodePort".
exposedFeatureServiceType: NodePort
# DEPRECATED - by exposedFeatureServiceTemplate. ExposedFeatureTrafficPolicy
# defines how packets should be routed from a load balancer service to a
# Couchbase pod. When local, traffic is routed directly to the pod. When
# cluster, traffic is routed to any node, then forwarded on. While cluster
# routing may be slower, there are some situations where it is required for
# connectivity. This field must be either "Cluster" or "Local", defaulting to
# "Local",
exposedFeatureTrafficPolicy: ahh
# ExposedFeatures is a list of Couchbase features to expose when using a
# networking model that exposes the Couchbase cluster externally to
# Kubernetes. This field also triggers the creation of per-pod services used
# by clients to connect to the Couchbase cluster. When admin, only the
# administrator port is exposed, allowing remote administration. When xdcr,
# only the services required for remote replication are exposed. The xdcr
# feature is only required when the cluster is the destrination of an XDCR
# replication. When client, all services are exposed as required for client
# SDK operation. This field may contain any of "admin", "xdcr" and "client".
# Each feature may only be included once.
exposedFeatures: ahh
# DEPRECATED - by adminConsoleServiceTemplate and
# exposedFeatureServiceTemplate. LoadBalancerSourceRanges applies only when an
# exposed service is of type LoadBalancer and limits the source IP ranges that
# are allowed to use the service. Items must use IPv4 class-less interdomain
# routing (CIDR) notation e.g. 10.0.0.0/16.
loadBalancerSourceRanges: ahh
# NetworkPlatform is used to enable support for various networking
# technologies. This field must be one of "Istio".
networkPlatform: ahh
# DEPRECATED - by adminConsoleServiceTemplate and
# exposedFeatureServiceTemplate. ServiceAnnotations allows services to be
# annotated with custom labels. Operator annotations are merged on top of
# these so have precedence as they are required for correct operation.
serviceAnnotations: ahh
# TLS defines the TLS configuration for the cluster including server and
# client certificate configuration, and TLS security policies.
tls:
# CipherSuites specifies a list of cipher suites for Couchbase server to
# select from when negotiating TLS handshakes with a client. Suites are not
# validated by the Operator. Run "openssl ciphers -v" in a Couchbase server
# pod to interrogate supported values.
cipherSuites: ahh
# ClientCertificatePaths defines where to look in client certificates in
# order to extract the user name.
clientCertificatePaths: ahh
# ClientCertificatePolicy defines the client authentication policy to use.
# If set, the Operator expects TLS configuration to contain a valid
# certificate/key pair for the Administrator account.
clientCertificatePolicy: ahh
# NodeToNodeEncryption specifies whether to encrypt data between Couchbase
# nodes within the same cluster. This may come at the expense of
# performance. When control plane only encryption is used, only cluster
# management traffic is encrypted between nodes. When all, all traffic is
# encrypted, including database documents. This field must be either
# "ControlPlaneOnly" or "All".
nodeToNodeEncryption: ahh
# SecretSource enables the user to specify a secret conforming to the
# Kubernetes TLS secret specification.
secretSource:
# ClientSecretName specifies the secret name, in the same namespace as the
# cluster, the contains client TLS data. The secret is expected to
# contain "tls.crt" and "tls.key" as per the Kubernetes.io/tls secret
# type.
clientSecretName: ahh
# ServerSecretName specfies the secret name, in the same namespace as the
# cluster, that contains server TLS data. The secret is expected to
# contain "tls.crt" and "tls.key" as per the kubernetes.io/tls secret
# type. It also additionally must contain "ca.crt".
serverSecretName: ahh
# Static enables user to generate static x509 certificates and keys, put
# them into Kubernetes secrets, and specify them here. Static secrets are
# very Couchbase specific.
static:
# OperatorSecret is a secret name containing TLS certs used by operator to
# talk securely to this cluster. The secret must contain a CA certificate
# (data key ca.crt). If client authentication is enabled, then the secret
# must also contain a client certificate chain (data key "couchbase-
# operator.crt") and private key (data key "couchbase-operator.key").
operatorSecret: ahh
# ServerSecret is a secret name containing TLS certs used by each
# Couchbase member pod for the communication between Couchbase server and
# its clients. The secret must contain a certificate chain (data key
# "couchbase-operator.crt") and a private key (data key "couchbase-
# operator.key"). The private key must be in the PKCS#1 RSA format. The
# certificate chain must have a required set of X.509v3 subject
# alternative names for all cluster addressing modes. See the Operator
# TLS documentation for more information.
serverSecret: ahh
# TLSMinimumVersion specifies the minimum TLS version the Couchbase server
# can negotiate with a client. Must be one of TLS1.0, TLS1.1 or TLS1.2,
# defaulting to TLS1.2.
tlsMinimumVersion: TLS1.2
# Paused is to pause the control of the operator for the Couchbase cluster. This
# does not pause the cluster itself, instead stopping the operator from taking
# any action.
paused: ahh
# Platform gives a hint as to what platform we are running on and how to
# configure services. This field must be one of "aws", "gke" or "azure".
platform: ahh
# RecoveryPolicy controls how aggressive the Operator is when recovering cluster
# topology. When PrioritizeDataIntegrity, the Operator will delegate failover
# exclusively to Couchbase server, relying on it to only allow recovery when
# safe to do so. When PrioritizeUptime, the Operator will wait for a period
# after the expected auto-failover of the cluster, before forcefully failing-
# over the pods. This may cause data loss, and is only expected to be used on
# clusters with ephemeral data, where the loss of the pod means that the data is
# known to be unrecoverable. This field must be either "PrioritizeDataIntegrity"
# or "PrioritizeUptime", defaulting to "PrioritizeDataIntegrity".
recoveryPolicy: ahh
# When `spec.upgradeStrategy` is set to `RollingUpgrade` it will, by default,
# upgrade one pod at a time. If this field is specified then that number can be
# increased.
rollingUpgrade:
# MaxUpgradable allows the number of pods affected by an upgrade at any one
# time to be increased. By default a rolling upgrade will upgrade one pod at
# a time. This field allows that limit to be removed. This field must be
# greater than zero. The smallest of `maxUpgradable` and
# `maxUpgradablePercent` takes precedence if both are defined.
maxUpgradable: ahh
# MaxUpgradablePercent allows the number of pods affected by an upgrade at any
# one time to be increased. By default a rolling upgrade will upgrade one pod
# at a time. This field allows that limit to be removed. This field must be
# an integer percentage, e.g. "10%", in the range 1% to 100%. Percentages are
# relative to the total cluster size, and rounded down to the nearest whole
# number, with a minimum of 1. For example, a 10 pod cluster, and 25% allowed
# to upgrade, would yield 2.5 pods per iteration, rounded down to 2. The
# smallest of `maxUpgradable` and `maxUpgradablePercent` takes precedence if
# both are defined.
maxUpgradablePercent: ahh
# Security defines Couchbase cluster security options such as the administrator
# account username and password, and user RBAC settings.
security:
# AdminSecret is the name of a Kubernetes secret to use for administrator
# authentication. The admin secret must contain the keys "username" and
# "password". The password data must be at least 6 characters in length, and
# not contain the any of the characters `()<>,;:\"/[]?={}`.
adminSecret: ahh
# LDAP Settings
ldap:
# Enables using LDAP to authenticate users.
authenticationEnabled: true
# Enables use of LDAP groups for authorization.
authorizationEnabled: ahh
# DN to use for searching users and groups synchronization.
bindDN: ahh
# BindSecret is the name of a Kubernetes secret to use containing password
# for LDAP user binding
bindSecret: ahh
# Certificate in PEM format to be used in LDAP server certificate validation
cacert: ahh
# Lifetime of values in cache in milliseconds. Default 300000 ms.
cacheValueLifetime: ahh
# Encryption method to communicate with LDAP servers. Can be
# StartTLSExtension, TLS, or false.
encryption: ahh
# LDAP query, to get the users' groups by username in RFC4516 format.
groupsQuery: ahh
# List of LDAP hosts.
hosts: ahh
# If enabled Couchbase server will try to recursively search for groups for
# every discovered ldap group. groups_query will be user for the search.
nestedGroupsEnabled: ahh
# Maximum number of recursive groups requests the server is allowed to
# perform. Requires NestedGroupsEnabled. Values between 1 and 100: the
# default is 10.
nestedGroupsMaxDepth: ahh
# LDAP port
port: ahh
# Whether server certificate validation be enabled
serverCertValidation: ahh
# TLSSecret is the name of a Kubernetes secret to use for LDAP ca cert.
tlsSecret: ahh
# User to distinguished name (DN) mapping. If none is specified, the
# username is used as the user’s distinguished name.
userDNMapping:
# Query is the LDAP query to run to map from Couchbase user to LDAP
# distinguished name.
query: ahh
# This field specifies list of templates to use for providing username to
# DN mapping. The template may contain a placeholder specified as `%u` to
# represent the Couchbase user who is attempting to gain access.
template: ahh
# Couchbase RBAC Users
rbac:
# Managed defines whether RBAC is managed by us or the clients.
managed: ahh
# Selector is a label selector used to list RBAC resources in the namespace
# that are managed by the Operator.
selector:
# matchExpressions is a list of label selector requirements. The
# requirements are ANDed.
matchExpressions: ahh
# matchLabels is a map of {key,value} pairs. A single {key,value} in the
# matchLabels map is equivalent to an element of matchExpressions, whose
# key field is "key", the operator is "In", and the values array contains
# only "value". The requirements are ANDed.
matchLabels: ahh
# SecurityContext allows the configuration of the security context for all
# Couchbase server pods. When using persistent volumes you may need to set the
# fsGroup field in order to write to the volume. For non-root clusters you must
# also set runAsUser to 1000, corresponding to the Couchbase user in official
# container images. More info: https://kubernetes.io/docs/tasks/configure-pod-
# container/security-context/
securityContext:
# A special supplemental group that applies to all containers in a pod. Some
# volume types allow the Kubelet to change the ownership of that volume to be
# owned by the pod: 1. The owning GID will be the FSGroup 2. The setgid bit
# is set (new files created in the volume will be owned by FSGroup) 3. The
# permission bits are OR'd with rw-rw---- If unset, the Kubelet will not
# modify the ownership and permissions of any volume.
fsGroup: ahh
# fsGroupChangePolicy defines behavior of changing ownership and permission of
# the volume before being exposed inside Pod. This field will only apply to
# volume types which support fsGroup based ownership(and permissions). It will
# have no effect on ephemeral volume types such as: secret, configmaps and
# emptydir. Valid values are "OnRootMismatch" and "Always". If not specified
# defaults to "Always".
fsGroupChangePolicy: ahh
# The GID to run the entrypoint of the container process. Uses runtime default
# if unset. May also be set in SecurityContext. If set in both
# SecurityContext and PodSecurityContext, the value specified in
# SecurityContext takes precedence for that container.
runAsGroup: ahh
# Indicates that the container must run as a non-root user. If true, the
# Kubelet will validate the image at runtime to ensure that it does not run as
# UID 0 (root) and fail to start the container if it does. If unset or false,
# no such validation will be performed. May also be set in SecurityContext.
# If set in both SecurityContext and PodSecurityContext, the value specified
# in SecurityContext takes precedence.
runAsNonRoot: ahh
# The UID to run the entrypoint of the container process. Defaults to user
# specified in image metadata if unspecified. May also be set in
# SecurityContext. If set in both SecurityContext and PodSecurityContext, the
# value specified in SecurityContext takes precedence for that container.
runAsUser: ahh
# The SELinux context to be applied to all containers. If unspecified, the
# container runtime will allocate a random SELinux context for each container.
# May also be set in SecurityContext. If set in both SecurityContext and
# PodSecurityContext, the value specified in SecurityContext takes precedence
# for that container.
seLinuxOptions:
# Level is SELinux level label that applies to the container.
level: ahh
# Role is a SELinux role label that applies to the container.
role: ahh
# Type is a SELinux type label that applies to the container.
type: ahh
# User is a SELinux user label that applies to the container.
user: ahh
# The seccomp options to use by the containers in this pod.
seccompProfile:
# localhostProfile indicates a profile defined in a file on the node should
# be used. The profile must be preconfigured on the node to work. Must be a
# descending path, relative to the kubelet's configured seccomp profile
# location. Must only be set if type is "Localhost".
localhostProfile: ahh
# type indicates which kind of seccomp profile will be applied. Valid
# options are: Localhost - a profile defined in a file on the node should
# be used. RuntimeDefault - the container runtime default profile should be
# used. Unconfined - no profile should be applied.
type: ahh
# A list of groups applied to the first process run in each container, in
# addition to the container's primary GID. If unspecified, no groups will be
# added to any container.
supplementalGroups: ahh
# Sysctls hold a list of namespaced sysctls used for the pod. Pods with
# unsupported sysctls (by the container runtime) might fail to launch.
sysctls: ahh
# The Windows specific settings applied to all containers. If unspecified, the
# options within a container's SecurityContext will be used. If set in both
# SecurityContext and PodSecurityContext, the value specified in
# SecurityContext takes precedence.
windowsOptions:
# GMSACredentialSpec is where the GMSA admission webhook
# (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of
# the GMSA credential spec named by the GMSACredentialSpecName field.
gmsaCredentialSpec: ahh
# GMSACredentialSpecName is the name of the GMSA credential spec to use.
gmsaCredentialSpecName: ahh
# The UserName in Windows to run the entrypoint of the container process.
# Defaults to the user specified in image metadata if unspecified. May also
# be set in PodSecurityContext. If set in both SecurityContext and
# PodSecurityContext, the value specified in SecurityContext takes
# precedence.
runAsUserName: ahh
# ServerGroups define the set of availability zones you want to distribute pods
# over, and construct Couchbase server groups for. By default, most cloud
# providers will label nodes with the key "failure-
# domain.beta.kubernetes.io/zone", the values associated with that key are used
# here to provide explicit scheduling by the Operator. You may manually label
# nodes using the "failure-domain.beta.kubernetes.io/zone" key, to provide
# failure-domain aware scheduling when none is provided for you. Global server
# groups are applied to all server classes, and may be overridden on a per-
# server class basis to give more control over scheduling and server groups.
serverGroups: ahh
# Servers defines server classes for the Operator to provision and manage. A
# server class defines what services are running and how many members make up
# that class. Specifying multiple server classes allows the Operator to
# provision clusters with Multi-Dimensional Scaling (MDS). At least one server
# class must be defined, and at least one server class must be running the data
# service.
servers: ahh
# SoftwareUpdateNotifications enables software update notifications in the UI.
# When enabled, the UI will alert when a Couchbase server upgrade is available.
softwareUpdateNotifications: ahh
# UpgradeStrategy controls how aggressive the Operator is when performing a
# cluster upgrade. When a rolling upgrade is requested, pods are upgraded one
# at a time. This strategy is slower, however less disruptive. When an
# immediate upgrade strategy is requested, all pods are upgraded at the same
# time. This strategy is faster, but more disruptive. This field must be
# either "RollingUpgrade" or "ImmediateUpgrade", defaulting to "RollingUpgrade".
upgradeStrategy: ahh
# VolumeClaimTemplates define the desired characteristics of a volume that can
# be requested/claimed by a pod, for example the storage class to use and the
# volume size. Volume claim templates are referred to by name by server class
# volume mount configuration.
volumeClaimTemplates: ahh
# XDCR defines whether the Operator should manage XDCR, remote clusters and how
# to lookup replication resources.
xdcr:
# Managed defines whether XDCR is managed by the operator or not.
managed: ahh
# RemoteClusters is a set of named remote clusters to establish replications
# to.
remoteClusters: ahh
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment