286 lines
16 KiB
YAML
286 lines
16 KiB
YAML
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
name: sgobjectstorages.stackgres.io
|
|
spec:
|
|
group: stackgres.io
|
|
scope: Namespaced
|
|
names:
|
|
kind: SGObjectStorage
|
|
listKind: SGObjectStorageList
|
|
plural: sgobjectstorages
|
|
singular: sgobjectstorage
|
|
shortNames:
|
|
- sgobjs
|
|
versions:
|
|
- name: v1beta1
|
|
served: true
|
|
storage: true
|
|
additionalPrinterColumns:
|
|
- name: type
|
|
type: string
|
|
jsonPath: .spec.type
|
|
schema:
|
|
openAPIV3Schema:
|
|
type: object
|
|
required: ["metadata", "spec"]
|
|
properties:
|
|
metadata:
|
|
type: object
|
|
properties:
|
|
name:
|
|
type: string
|
|
description: |
|
|
Name of the Object Storage configuration.
|
|
The name must be unique across all object storage configurations in the same namespace.
|
|
spec:
|
|
type: object
|
|
description: |
|
|
Object Storage configuration
|
|
properties:
|
|
type:
|
|
type: string
|
|
enum: ["s3", "s3Compatible", "gcs", "azureBlob"]
|
|
description: |
|
|
Determine the type of object storage used for storing the base backups and WAL segments.
|
|
Possible values:
|
|
* `s3`: Amazon Web Services S3 (Simple Storage Service).
|
|
* `s3Compatible`: non-AWS services that implement a compatibility API with AWS S3.
|
|
* `gcs`: Google Cloud Storage.
|
|
* `azureBlob`: Microsoft Azure Blob Storage.
|
|
s3:
|
|
type: object
|
|
description: |
|
|
Amazon Web Services S3 configuration.
|
|
properties:
|
|
bucket:
|
|
type: string
|
|
pattern: '^((s3|https?)://)?[^/]+(/[^/]*)*$'
|
|
description: |
|
|
AWS S3 bucket name.
|
|
region:
|
|
type: string
|
|
description: |
|
|
The AWS S3 region. The Region may be detected using s3:GetBucketLocation, but if you wish to avoid giving permissions to this API call or forbid it from the applicable IAM policy, you must then specify this property.
|
|
storageClass:
|
|
type: string
|
|
description: |
|
|
The [Amazon S3 Storage Class](https://aws.amazon.com/s3/storage-classes/) to use for the backup object storage. By default, the `STANDARD` storage class is used. Other supported values include `STANDARD_IA` for Infrequent Access and `REDUCED_REDUNDANCY`.
|
|
awsCredentials:
|
|
type: object
|
|
description: |
|
|
The credentials to access AWS S3 for writing and reading.
|
|
properties:
|
|
secretKeySelectors:
|
|
type: object
|
|
description: |
|
|
Kubernetes [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#secretkeyselector-v1-core)(s) to reference the Secrets that contain the information about the `awsCredentials`. Note that you may use the same or different Secrets for the `accessKeyId` and the `secretAccessKey`. In the former case, the `keys` that identify each must be, obviously, different.
|
|
properties:
|
|
accessKeyId:
|
|
type: object
|
|
description: |
|
|
AWS [access key ID](https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys). For example, `AKIAIOSFODNN7EXAMPLE`.
|
|
properties:
|
|
key:
|
|
type: string
|
|
description: |
|
|
The key of the secret to select from. Must be a valid secret key.
|
|
name:
|
|
type: string
|
|
description: |
|
|
Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
|
|
required: ["key", "name"]
|
|
secretAccessKey:
|
|
type: object
|
|
description: |
|
|
AWS [secret access key](https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys). For example, `wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY`.
|
|
properties:
|
|
key:
|
|
type: string
|
|
description: |
|
|
The key of the secret to select from. Must be a valid secret key.
|
|
name:
|
|
type: string
|
|
description: |
|
|
Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
|
|
required: ["key", "name"]
|
|
required: ["accessKeyId", "secretAccessKey"]
|
|
required: ["secretKeySelectors"]
|
|
required: ["bucket", "awsCredentials"]
|
|
s3Compatible:
|
|
type: object
|
|
description: "AWS S3-Compatible API configuration"
|
|
properties:
|
|
bucket:
|
|
type: string
|
|
pattern: '^((s3|https?)://)?[^/]+(/[^/]*)*$'
|
|
description: |
|
|
Bucket name.
|
|
enablePathStyleAddressing:
|
|
type: boolean
|
|
description: |
|
|
Enable path-style addressing (i.e. `http://s3.amazonaws.com/BUCKET/KEY`) when connecting to an S3-compatible service that lacks support for sub-domain style bucket URLs (i.e. `http://BUCKET.s3.amazonaws.com/KEY`).
|
|
|
|
Defaults to false.
|
|
endpoint:
|
|
type: string
|
|
description: |
|
|
Overrides the default url to connect to an S3-compatible service.
|
|
For example: `http://s3-like-service:9000`.
|
|
region:
|
|
type: string
|
|
description: |
|
|
The AWS S3 region. The Region may be detected using s3:GetBucketLocation, but if you wish to avoid giving permissions to this API call or forbid it from the applicable IAM policy, you must then specify this property.
|
|
storageClass:
|
|
type: string
|
|
description: |
|
|
The [Amazon S3 Storage Class](https://aws.amazon.com/s3/storage-classes/) to use for the backup object storage. By default, the `STANDARD` storage class is used. Other supported values include `STANDARD_IA` for Infrequent Access and `REDUCED_REDUNDANCY`.
|
|
awsCredentials:
|
|
type: object
|
|
description: |
|
|
The credentials to access AWS S3 for writing and reading.
|
|
properties:
|
|
secretKeySelectors:
|
|
type: object
|
|
description: |
|
|
Kubernetes [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#secretkeyselector-v1-core)(s) to reference the Secret(s) that contain the information about the `awsCredentials`. Note that you may use the same or different Secrets for the `accessKeyId` and the `secretAccessKey`. In the former case, the `keys` that identify each must be, obviously, different.
|
|
properties:
|
|
accessKeyId:
|
|
type: object
|
|
description: |
|
|
AWS [access key ID](https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys). For example, `AKIAIOSFODNN7EXAMPLE`.
|
|
properties:
|
|
key:
|
|
type: string
|
|
description: |
|
|
The key of the secret to select from. Must be a valid secret key.
|
|
name:
|
|
type: string
|
|
description: |
|
|
Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
|
|
required: ["key", "name"]
|
|
secretAccessKey:
|
|
type: object
|
|
description: |
|
|
AWS [secret access key](https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys). For example, `wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY`.
|
|
properties:
|
|
key:
|
|
type: string
|
|
description: |
|
|
The key of the secret to select from. Must be a valid secret key.
|
|
name:
|
|
type: string
|
|
description: |
|
|
Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
|
|
required: ["key", "name"]
|
|
caCertificate:
|
|
type: object
|
|
description: |
|
|
CA Certificate file to be used when connecting to the S3 Compatible Service.
|
|
properties:
|
|
key:
|
|
type: string
|
|
description: |
|
|
The key of the secret to select from. Must be a valid secret key.
|
|
name:
|
|
type: string
|
|
description: |
|
|
Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
|
|
required: ["key", "name"]
|
|
required: ["accessKeyId", "secretAccessKey"]
|
|
required: ["secretKeySelectors"]
|
|
required: ["bucket", "awsCredentials"]
|
|
gcs:
|
|
type: object
|
|
description: |
|
|
Google Cloud Storage configuration.
|
|
properties:
|
|
bucket:
|
|
type: string
|
|
pattern: "^(gs://)?[^/]+(/[^/]*)*$"
|
|
description: |
|
|
GCS bucket name.
|
|
gcpCredentials:
|
|
type: object
|
|
description: |
|
|
The credentials to access GCS for writing and reading.
|
|
properties:
|
|
fetchCredentialsFromMetadataService:
|
|
type: boolean
|
|
description: |
|
|
If true, the credentials will be fetched from the GCE/GKE metadata service and the field `secretKeySelectors` have to be set to null or omitted.
|
|
|
|
This is useful when running StackGres inside a GKE cluster using [Workload Identity](https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity).
|
|
secretKeySelectors:
|
|
type: object
|
|
description: |
|
|
A Kubernetes [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#secretkeyselector-v1-core) to reference the Secrets that contain the information about the Service Account to access GCS.
|
|
properties:
|
|
serviceAccountJSON:
|
|
type: object
|
|
description: |
|
|
A service account key from GCP. In JSON format, as downloaded from the GCP Console.
|
|
properties:
|
|
key:
|
|
type: string
|
|
description: |
|
|
The key of the secret to select from. Must be a valid secret key.
|
|
name:
|
|
type: string
|
|
description: |
|
|
Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
|
|
required: [ "key", "name" ]
|
|
required: [ "serviceAccountJSON" ]
|
|
required: [ "bucket", "gcpCredentials" ]
|
|
azureBlob:
|
|
type: object
|
|
description: |
|
|
Azure Blob Storage configuration.
|
|
properties:
|
|
bucket:
|
|
type: string
|
|
pattern: "^(azure://)?[^/]+(/[^/]*)*$"
|
|
description: |
|
|
Azure Blob Storage bucket name.
|
|
azureCredentials:
|
|
type: object
|
|
description: |
|
|
The credentials to access Azure Blob Storage for writing and reading.
|
|
properties:
|
|
secretKeySelectors:
|
|
type: object
|
|
description: |
|
|
Kubernetes [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#secretkeyselector-v1-core)(s) to reference the Secret(s) that contain the information about the `azureCredentials`. . Note that you may use the same or different Secrets for the `storageAccount` and the `accessKey`. In the former case, the `keys` that identify each must be, obviously, different.
|
|
properties:
|
|
storageAccount:
|
|
type: object
|
|
description: |
|
|
The [Storage Account](https://docs.microsoft.com/en-us/azure/storage/common/storage-account-overview?toc=/azure/storage/blobs/toc.json) that contains the Blob bucket to be used.
|
|
properties:
|
|
key:
|
|
type: string
|
|
description: |
|
|
The key of the secret to select from. Must be a valid secret key.
|
|
name:
|
|
type: string
|
|
description: |
|
|
Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
|
|
required: [ "key", "name" ]
|
|
accessKey:
|
|
type: object
|
|
description: |
|
|
The [storage account access key](https://docs.microsoft.com/en-us/azure/storage/common/storage-account-keys-manage?tabs=azure-portal).
|
|
properties:
|
|
key:
|
|
type: string
|
|
description: |
|
|
The key of the secret to select from. Must be a valid secret key.
|
|
name:
|
|
type: string
|
|
description: |
|
|
Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
|
|
required: [ "key", "name" ]
|
|
required: [ "storageAccount", "accessKey" ]
|
|
required: [ "bucket", "azureCredentials" ]
|
|
required: [ "type" ]
|