# -- The container registry host (and port) where the images will be pulled from. containerRegistry: quay.io # -- Image pull policy used for images loaded by the Operator imagePullPolicy: "IfNotPresent" # Section to configure Operator Installation ServiceAccount serviceAccount: # -- If `true` the Operator Installation ServiceAccount will be created create: true # -- Section to configure Operator ServiceAccount annotations annotations: {} # -- Repositories credentials Secret names to attach to ServiceAccounts and Pods repoCredentials: [] # Section to configure Operator Pod operator: # Section to configure Operator image image: # -- Operator image name name: "stackgres/operator" # -- Operator image tag tag: "1.10.0" # -- Operator image pull policy pullPolicy: "IfNotPresent" # -- Operator Pod annotations annotations: {} # -- Operator Pod resources. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#resourcerequirements-v1-core resources: {} # -- Operator Pod node selector nodeSelector: {} # -- Operator Pod tolerations. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core tolerations: [] # -- Operator Pod affinity. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core affinity: {} # Section to configure Operator ServiceAccount serviceAccount: # -- Section to configure Operator ServiceAccount annotations annotations: {} # -- Repositories credentials Secret names to attach to ServiceAccounts and Pods repoCredentials: [] # Section to configure Operator Service service: # -- Section to configure Operator Service annotations annotations: {} # Section to configure REST API Pod restapi: # -- REST API Pod name name: stackgres-restapi # Section to configure REST API image image: # -- REST API image name name: "stackgres/restapi" # -- REST API image tag tag: "1.10.0" # -- REST API image pull policy pullPolicy: "IfNotPresent" # -- REST API Pod annotations annotations: {} # -- REST API Pod resources. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#resourcerequirements-v1-core resources: {} # -- REST API Pod node selector nodeSelector: {} # -- REST API Pod tolerations. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core tolerations: [] # -- REST API Pod affinity. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core affinity: {} # Section to configure REST API ServiceAccount serviceAccount: # -- REST API ServiceAccount annotations annotations: {} # -- Repositories credentials Secret names to attach to ServiceAccounts and Pods repoCredentials: [] # Section to configure REST API Service service: # -- REST API Service annotations annotations: {} # Section to configure Web Console container adminui: # Section to configure Web Console image image: # -- Web Console image name name: "stackgres/admin-ui" # -- Web Console image tag tag: "1.10.0" # -- Web Console image pull policy pullPolicy: "IfNotPresent" # -- Web Console resources. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#resourcerequirements-v1-core resources: {} # Section to configure Web Console service. service: # -- When set to `true` the HTTP port will be exposed in the Web Console Service exposeHTTP: false # -- The type used for the service of the UI: # * Set to LoadBalancer to create a load balancer (if supported by the kubernetes cluster) # to allow connect from Internet to the UI. Note that enabling this feature will probably incurr in # some fee that depend on the host of the kubernetes cluster (for example this is true for EKS, GKE # and AKS). # * Set to NodePort to expose admin UI from kubernetes nodes. type: ClusterIP # -- (string) LoadBalancer will get created with the IP specified in # this field. This feature depends on whether the underlying cloud-provider supports specifying # the loadBalancerIP when a load balancer is created. This field will be ignored if the # cloud-provider does not support the feature. loadBalancerIP: # -- (array) If specified and supported by the platform, # this will restrict traffic through the cloud-provider load-balancer will be restricted to the # specified client IPs. This field will be ignored if the cloud-provider does not support the # feature. # More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/ loadBalancerSourceRanges: # -- (integer) The HTTPS port used to expose the Service on Kubernetes nodes nodePort: # -- (integer) The HTTP port used to expose the Service on Kubernetes nodes nodePortHTTP: # Section to configure Operator Installation Jobs jobs: # Section to configure Operator Installation Jobs image image: # -- Operator Installation Jobs image name name: "stackgres/jobs" # -- Operator Installation Jobs image tag tag: "1.10.0" # -- Operator Installation Jobs image pull policy pullPolicy: "IfNotPresent" # -- Operator Installation Jobs annotations annotations: {} # -- Operator Installation Jobs resources. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#resourcerequirements-v1-core resources: {} # -- Operator Installation Jobs node selector nodeSelector: {} # -- Operator Installation Jobs tolerations. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core tolerations: [] # -- Operator Installation Jobs affinity. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core affinity: {} # Section to configure deployment aspects. deploy: # -- When set to `true` the Operator will be deployed. operator: true # -- When set to `true` the Web Console / REST API will be deployed. restapi: true # Section to configure the Operator, REST API and Web Console certificates and JWT RSA key-pair. cert: # -- If set to `true` the CertificateSigningRequest used to generate the certificate used by # Webhooks will be approved by the Operator Installation Job. autoapprove: true # -- When set to `true` the Operator certificate will be created. createForOperator: true # -- When set to `true` the Web Console / REST API certificate will be created. createForWebApi: true # -- (string) The Secret name with the Operator Webhooks certificate issued by the Kubernetes cluster CA # of type kubernetes.io/tls. See https://kubernetes.io/docs/concepts/configuration/secret/#tls-secrets secretName: # -- When set to `true` the Operator certificates will be regenerated if `createForOperator` is set to `true`, and the certificate is expired or invalid. regenerateCert: true # -- (integer) The duration in days of the generated certificate for the Operator after which it will expire and be regenerated. # If not specified it will be set to 730 (2 years) by default. certDuration: 730 # -- (string) The Secret name with the Web Console / REST API certificate # of type kubernetes.io/tls. See https://kubernetes.io/docs/concepts/configuration/secret/#tls-secrets webSecretName: # -- When set to `true` the Web Console / REST API certificates will be regenerated if `createForWebApi` is set to `true`, and the certificate is expired or invalid. regenerateWebCert: true # -- When set to `true` the Web Console / REST API RSA key pair will be regenerated if `createForWebApi` is set to `true`, and the certificate is expired or invalid. regenerateWebRsa: true # -- (integer) The duration in days of the generated certificate for the Web Console / REST API after which it will expire and be regenerated. # If not specified it will be set to 730 (2 years) by default. webCertDuration: # -- (integer) The duration in days of the generated RSA key pair for the Web Console / REST API after which it will expire and be regenerated. # If not specified it will be set to 730 (2 years) by default. webRsaDuration: # -- (string) The private RSA key used to create the Operator Webhooks certificate issued by the # Kubernetes cluster CA. key: # -- (string) The Operator Webhooks certificate issued by Kubernetes cluster CA. crt: # -- (string) The private RSA key used to generate JWTs used in REST API authentication. jwtRsaKey: # -- (string) The public RSA key used to verify JWTs used in REST API authentication. jwtRsaPub: # -- (string) The private RSA key used to create the Web Console / REST API certificate webKey: # -- (string) The Web Console / REST API certificate webCrt: # Section to configure cert-manager integration to generate Operator certificates certManager: # -- When set to `true` then Issuer and Certificate for Operator and Web Console / REST API # Pods will be generated autoConfigure: false # -- The requested duration (i.e. lifetime) of the Certificates. See https://cert-manager.io/docs/reference/api-docs/#cert-manager.io%2fv1 duration: "2160h" # -- How long before the currently issued certificate’s expiry cert-manager should renew the certificate. See https://cert-manager.io/docs/reference/api-docs/#cert-manager.io%2fv1 renewBefore: "360h" # -- The private key cryptography standards (PKCS) encoding for this certificate’s private key to be encoded in. See https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificatePrivateKey encoding: PKCS1 # -- Size is the key bit size of the corresponding private key for this certificate. See https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificatePrivateKey size: 2048 # Section to configure RBAC for Web Console admin user rbac: # -- When set to `true` the admin user is assigned the `cluster-admin` ClusterRole by creating # ClusterRoleBinding. create: true # Section to configure Web Console authentication authentication: # -- Specify the authentication mechanism to use. By default is `jwt`, see https://stackgres.io/doc/latest/api/rbac#local-secret-mechanism. # If set to `oidc` then see https://stackgres.io/doc/latest/api/rbac/#openid-connect-provider-mechanism. type: jwt # -- (boolean) When `true` will create the secret used to store the `admin` user credentials to access the UI. createAdminSecret: true # -- The admin username that will be required to access the UI user: admin # -- (string) The admin password that will be required to access the UI password: # Section to configure Web Console OIDC authentication oidc: # tlsVerification -- (string) Can be one of `required`, `certificate-validation` or `none` # tlsVerification: # authServerUrl -- (string) # authServerUrl: # clientId -- (string) # clientId: # credentialsSecret -- (string) # credentialsSecret: # clientIdSecretRef -- (object) # clientIdSecretRef: # name -- (string) # name: # key -- (string) # key: # credentialsSecretSecretRef -- (object) # credentialsSecretSecretRef: # name -- (string) # name: # key -- (string) # key: # Section to configure Prometheus integration. prometheus: # -- If set to false disable automatic bind to Prometheus # created using the [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator). # If disabled the cluster will not be binded to Prometheus automatically and will require manual # intervention by the Kubernetes cluster administrator. allowAutobind: true # Section to configure Grafana integration grafana: # -- When set to `true` embed automatically Grafana into the Web Console by creating the # StackGres dashboards and the read-only role used to read it from the Web Console autoEmbed: false # -- The schema to access Grafana. By default http. (used to embed manually and # automatically grafana) schema: http # -- (string) The service host name to access grafana (used to embed manually and # automatically Grafana). # The parameter value should point to the grafana service following the # [DNS reference](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/) `svc_name.namespace` webHost: # -- The datasource name used to create the StackGres Dashboards into Grafana datasourceName: Prometheus # -- The username to access Grafana. By default admin. (used to embed automatically # Grafana) user: admin # -- The password to access Grafana. By default prom-operator (the default in for # kube-prometheus-stack helm chart). (used to embed automatically Grafana) password: prom-operator # -- Use follwing fields to indicate a secret where the grafana admin credentials are stored (replace user/password) # -- (string) The namespace of secret with credentials to access Grafana. (used to # embed automatically Grafana, alternative to use `user` and `password`) secretNamespace: # -- (string) The name of secret with credentials to access Grafana. (used to embed # automatically Grafana, alternative to use `user` and `password`) secretName: # -- (string) The key of secret with username used to access Grafana. (used to embed # automatically Grafana, alternative to use `user` and `password`) secretUserKey: # -- (string) The key of secret with password used to access Grafana. (used to # embed automatically Grafana, alternative to use `user` and `password`) secretPasswordKey: # -- (string) The ConfigMap name with the dashboard JSONs # that will be created in Grafana. If not set the default # StackGres dashboards will be created. (used to embed automatically Grafana) dashboardConfigMap: # -- (array) The URLs of the PostgreSQL dashboards created in Grafana (used to embed manually # Grafana). It must contain an entry for each JSON file under `grafana-dashboards` folder: `archiving.json`, # `connection-pooling.json`, `current-activity.json`, `db-info.json`, `db-objects.json`, `db-os.json`, `queries.json` # and `replication.json` urls: # Create and copy/paste grafana API token: # - Grafana > Configuration > API Keys > Add API key (for viewer) > Copy key value # -- (string) The Grafana API token to access the PostgreSQL dashboards created # in Grafana (used to embed manually Grafana) token: # Section to configure extensions extensions: # -- A list of extensions repository URLs used to retrieve extensions # # To set a proxy for extensions repository add parameter proxyUrl to the URL: # `https://extensions.stackgres.io/postgres/repository?proxyUrl=%3A%2F%2F[%3A]` (URL encoded) # # Other URL parameters are: # # * `skipHostnameVerification`: set it to `true` in order to use a server or a proxy with a self signed certificate # * `retry`: set it to `[:]` in order to retry a request on failure # * `setHttpScheme`: set it to `true` in order to force using HTTP scheme repositoryUrls: - https://extensions.stackgres.io/postgres/repository # Section to configure extensions cache (experimental). # # This feature is in beta and may cause failures, please use with caution and report any # error to https://gitlab.com/ongresinc/stackgres/-/issues/new cache: # -- When set to `true` enable the extensions cache. # # This feature is in beta and may cause failures, please use with caution and report any # error to https://gitlab.com/ongresinc/stackgres/-/issues/new enabled: false # -- An array of extensions pattern used to pre-loaded estensions into the extensions cache preloadedExtensions: - x86_64/linux/timescaledb-1\.7\.4-pg12 # Section to configure the extensions cache PersistentVolume persistentVolume: # -- The PersistentVolume size for the extensions cache # # Only use whole numbers (e.g. not 1e6) and K/Ki/M/Mi/G/Gi as units size: 1Gi # -- (string) If defined set storage class # If set to "-" (equivalent to storageClass: "" in a PV spec) disables # dynamic provisioning # If undefined (the default) or set to null, no storageClass spec is # set, choosing the default provisioner. (gp2 on AWS, standard on # GKE, AWS & OpenStack) storageClass: # -- (string) If set, will use a host path volume with the specified path for the extensions cache # instead of a PersistentVolume hostPath: # Following options are for developers only, but can also be useful in some cases ;) # Section to configure developer options. developer: # -- (string) Set the operator version (used for testing) version: # -- (string) Set `quarkus.log.level`. See https://quarkus.io/guides/logging#root-logger-configuration logLevel: # -- If set to `true` add extra debug to any script controlled by the reconciliation cycle of the operator configuration showDebug: false # -- Set `quarkus.log.console.format` to `%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c{4.}] (%t) %s%e%n`. See https://quarkus.io/guides/logging#logging-format showStackTraces: false # -- Only work with JVM version and allow connect # on port 8000 of operator Pod with jdb or similar enableJvmDebug: false # -- Only work with JVM version and if `enableJvmDebug` is `true` # suspend the JVM until a debugger session is started enableJvmDebugSuspend: false # -- (string) Set the external Operator IP externalOperatorIp: # -- (integer) Set the external Operator port externalOperatorPort: # -- (string) Set the external REST API IP externalRestApiIp: # -- (integer) Set the external REST API port externalRestApiPort: # -- If set to `true` and `extensions.cache.enabled` is also `true` # it will try to download extensions from images (experimental) allowPullExtensionsFromImageRepository: false # -- It set to `true` disable arbitrary user that is set for OpenShift clusters disableArbitraryUser: false # Section to define patches for some StackGres Pods patches: # Section to define volumes to be used by the operator container operator: # -- Pod volumes. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volume-v1-core volumes: [] # -- Pod's container volume mounts. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volumemount-v1-core volumeMounts: [] # Section to define volumes to be used by the restapi container restapi: # -- Pod volumes. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volume-v1-core volumes: [] # -- Pod's container volume mounts. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volumemount-v1-core volumeMounts: [] # Section to define volumes to be used by the adminui container adminui: # -- Pod volumes. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volume-v1-core volumes: [] # -- Pod's container volume mounts. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volumemount-v1-core volumeMounts: [] # Section to define volumes to be used by the jobs container jobs: # -- Pod volumes. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volume-v1-core volumes: [] # -- Pod's container volume mounts. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volumemount-v1-core volumeMounts: [] # Section to define volumes to be used by the cluster controller container clusterController: # -- Pod volumes. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volume-v1-core volumes: [] # -- Pod's container volume mounts. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volumemount-v1-core volumeMounts: [] # Section to define volumes to be used by the distributedlogs controller container distributedlogsController: # -- Pod volumes. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volume-v1-core volumes: [] # -- Pod's container volume mounts. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volumemount-v1-core volumeMounts: []