API Reference

Package v1 contains API Schema definitions for the postgresql v1 API group

Resource Types

Backup

Backup is the Schema for the backups API

FieldDescription
apiVersion [Required]
string
postgresql.cnpg.io/v1
kind [Required]
string
Backup
metadata [Required]
meta/v1.ObjectMeta
No description provided.Refer to the Kubernetes API documentation for the fields of the metadata field.
spec [Required]
BackupSpec

Specification of the desired behavior of the backup. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

status
BackupStatus

Most recently observed status of the backup. This data may not be up to date. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

Cluster

Cluster is the Schema for the PostgreSQL API

FieldDescription
apiVersion [Required]
string
postgresql.cnpg.io/v1
kind [Required]
string
Cluster
metadata [Required]
meta/v1.ObjectMeta
No description provided.Refer to the Kubernetes API documentation for the fields of the metadata field.
spec [Required]
ClusterSpec

Specification of the desired behavior of the cluster. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

status
ClusterStatus

Most recently observed status of the cluster. This data may not be up to date. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

Pooler

Pooler is the Schema for the poolers API

FieldDescription
apiVersion [Required]
string
postgresql.cnpg.io/v1
kind [Required]
string
Pooler
metadata [Required]
meta/v1.ObjectMeta
No description provided.Refer to the Kubernetes API documentation for the fields of the metadata field.
spec [Required]
PoolerSpec

Specification of the desired behavior of the Pooler. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

status
PoolerStatus

Most recently observed status of the Pooler. This data may not be up to date. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

ScheduledBackup

ScheduledBackup is the Schema for the scheduledbackups API

FieldDescription
apiVersion [Required]
string
postgresql.cnpg.io/v1
kind [Required]
string
ScheduledBackup
metadata [Required]
meta/v1.ObjectMeta
No description provided.Refer to the Kubernetes API documentation for the fields of the metadata field.
spec [Required]
ScheduledBackupSpec

Specification of the desired behavior of the ScheduledBackup. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

status
ScheduledBackupStatus

Most recently observed status of the ScheduledBackup. This data may not be up to date. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

AffinityConfiguration

Appears in:

AffinityConfiguration contains the info we need to create the affinity rules for Pods

FieldDescription
enablePodAntiAffinity
bool

Activates anti-affinity for the pods. The operator will define pods anti-affinity unless this field is explicitly set to false

topologyKey
string

TopologyKey to use for anti-affinity configuration. See k8s documentation for more info on that

nodeSelector
map[string]string

NodeSelector is map of key-value pairs used to define the nodes on which the pods can run. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/

nodeAffinity
core/v1.NodeAffinity

NodeAffinity describes node affinity scheduling rules for the pod. More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity

tolerations
[]core/v1.Toleration

Tolerations is a list of Tolerations that should be set for all the pods, in order to allow them to run on tainted nodes. More info: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/

podAntiAffinityType
string

PodAntiAffinityType allows the user to decide whether pod anti-affinity between cluster instance has to be considered a strong requirement during scheduling or not. Allowed values are: "preferred" (default if empty) or "required". Setting it to "required", could lead to instances remaining pending until new kubernetes nodes are added if all the existing nodes don't match the required pod anti-affinity rule. More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity

additionalPodAntiAffinity
core/v1.PodAntiAffinity

AdditionalPodAntiAffinity allows to specify pod anti-affinity terms to be added to the ones generated by the operator if EnablePodAntiAffinity is set to true (default) or to be used exclusively if set to false.

additionalPodAffinity
core/v1.PodAffinity

AdditionalPodAffinity allows to specify pod affinity terms to be passed to all the cluster's pods.

AvailableArchitecture

Appears in:

AvailableArchitecture represents the state of a cluster's architecture

FieldDescription
goArch [Required]
string

GoArch is the name of the executable architecture

hash [Required]
string

Hash is the hash of the executable

AzureCredentials

Appears in:

AzureCredentials is the type for the credentials to be used to upload files to Azure Blob Storage. The connection string contains every needed information. If the connection string is not specified, we'll need the storage account name and also one (and only one) of:

  • storageKey

  • storageSasToken

  • inheriting the credentials from the pod environment by setting inheritFromAzureAD to true

FieldDescription
connectionString
SecretKeySelector

The connection string to be used

storageAccount
SecretKeySelector

The storage account where to upload data

storageKey
SecretKeySelector

The storage account key to be used in conjunction with the storage account name

storageSasToken
SecretKeySelector

A shared-access-signature to be used in conjunction with the storage account name

inheritFromAzureAD
bool

Use the Azure AD based authentication without providing explicitly the keys.

BackupConfiguration

Appears in:

BackupConfiguration defines how the backup of the cluster are taken. The supported backup methods are BarmanObjectStore and VolumeSnapshot. For details and examples refer to the Backup and Recovery section of the documentation

FieldDescription
volumeSnapshot
VolumeSnapshotConfiguration

VolumeSnapshot provides the configuration for the execution of volume snapshot backups.

barmanObjectStore
BarmanObjectStoreConfiguration

The configuration for the barman-cloud tool suite

retentionPolicy
string

RetentionPolicy is the retention policy to be used for backups and WALs (i.e. '60d'). The retention policy is expressed in the form of XXu where XX is a positive integer and u is in [dwm] - days, weeks, months. It's currently only applicable when using the BarmanObjectStore method.

target
BackupTarget

The policy to decide which instance should perform backups. Available options are empty string, which will default to prefer-standby policy, primary to have backups run always on primary instances, prefer-standby to have backups run preferably on the most updated standby, if available.

BackupMethod

(Alias of string)

Appears in:

BackupMethod defines the way of executing the physical base backups of the selected PostgreSQL instance

BackupPhase

(Alias of string)

Appears in:

BackupPhase is the phase of the backup

BackupSnapshotElementStatus

Appears in:

BackupSnapshotElementStatus is a volume snapshot that is part of a volume snapshot method backup

FieldDescription
name [Required]
string

Name is the snapshot resource name

type [Required]
string

Type is tho role of the snapshot in the cluster, such as PG_DATA and PG_WAL

BackupSnapshotStatus

Appears in:

BackupSnapshotStatus the fields exclusive to the volumeSnapshot method backup

FieldDescription
elements
[]BackupSnapshotElementStatus

The elements list, populated with the gathered volume snapshots

BackupSource

Appears in:

BackupSource contains the backup we need to restore from, plus some information that could be needed to correctly restore it.

FieldDescription
LocalObjectReference
LocalObjectReference
(Members of LocalObjectReference are embedded into this type.) No description provided.
endpointCA
SecretKeySelector

EndpointCA store the CA bundle of the barman endpoint. Useful when using self-signed certificates to avoid errors with certificate issuer and barman-cloud-wal-archive.

BackupSpec

Appears in:

BackupSpec defines the desired state of Backup

FieldDescription
cluster [Required]
LocalObjectReference

The cluster to backup

target
BackupTarget

The policy to decide which instance should perform this backup. If empty, it defaults to cluster.spec.backup.target. Available options are empty string, primary and prefer-standby. primary to have backups run always on primary instances, prefer-standby to have backups run preferably on the most updated standby, if available.

method
BackupMethod

The backup method to be used, possible options are barmanObjectStore and volumeSnapshot. Defaults to: barmanObjectStore.

online
bool

Whether the default type of backup with volume snapshots is online/hot (true, default) or offline/cold (false) Overrides the default setting specified in the cluster field '.spec.backup.volumeSnapshot.online'

onlineConfiguration
OnlineConfiguration

Configuration parameters to control the online/hot backup with volume snapshots Overrides the default settings specified in the cluster '.backup.volumeSnapshot.onlineConfiguration' stanza

BackupStatus

Appears in:

BackupStatus defines the observed state of Backup

FieldDescription
BarmanCredentials
BarmanCredentials
(Members of BarmanCredentials are embedded into this type.)

The potential credentials for each cloud provider

endpointCA
SecretKeySelector

EndpointCA store the CA bundle of the barman endpoint. Useful when using self-signed certificates to avoid errors with certificate issuer and barman-cloud-wal-archive.

endpointURL
string

Endpoint to be used to upload data to the cloud, overriding the automatic endpoint discovery

destinationPath
string

The path where to store the backup (i.e. s3://bucket/path/to/folder) this path, with different destination folders, will be used for WALs and for data. This may not be populated in case of errors.

serverName
string

The server name on S3, the cluster name is used if this parameter is omitted

encryption
string

Encryption method required to S3 API

backupId
string

The ID of the Barman backup

backupName
string

The Name of the Barman backup

phase
BackupPhase

The last backup status

startedAt
meta/v1.Time

When the backup was started

stoppedAt
meta/v1.Time

When the backup was terminated

beginWal
string

The starting WAL

endWal
string

The ending WAL

beginLSN
string

The starting xlog

endLSN
string

The ending xlog

error
string

The detected error

commandOutput
string

Unused. Retained for compatibility with old versions.

commandError
string

The backup command output in case of error

backupLabelFile
[]byte

Backup label file content as returned by Postgres in case of online (hot) backups

tablespaceMapFile
[]byte

Tablespace map file content as returned by Postgres in case of online (hot) backups

instanceID
InstanceID

Information to identify the instance where the backup has been taken from

snapshotBackupStatus
BackupSnapshotStatus

Status of the volumeSnapshot backup

method
BackupMethod

The backup method being used

online [Required]
bool

Whether the backup was online/hot (true) or offline/cold (false)

BackupTarget

(Alias of string)

Appears in:

BackupTarget describes the preferred targets for a backup

BarmanCredentials

Appears in:

BarmanCredentials an object containing the potential credentials for each cloud provider

FieldDescription
googleCredentials
GoogleCredentials

The credentials to use to upload data to Google Cloud Storage

s3Credentials
S3Credentials

The credentials to use to upload data to S3

azureCredentials
AzureCredentials

The credentials to use to upload data to Azure Blob Storage

BarmanObjectStoreConfiguration

Appears in:

BarmanObjectStoreConfiguration contains the backup configuration using Barman against an S3-compatible object storage

FieldDescription
BarmanCredentials
BarmanCredentials
(Members of BarmanCredentials are embedded into this type.)

The potential credentials for each cloud provider

endpointURL
string

Endpoint to be used to upload data to the cloud, overriding the automatic endpoint discovery

endpointCA
SecretKeySelector

EndpointCA store the CA bundle of the barman endpoint. Useful when using self-signed certificates to avoid errors with certificate issuer and barman-cloud-wal-archive

destinationPath [Required]
string

The path where to store the backup (i.e. s3://bucket/path/to/folder) this path, with different destination folders, will be used for WALs and for data

serverName
string

The server name on S3, the cluster name is used if this parameter is omitted

wal
WalBackupConfiguration

The configuration for the backup of the WAL stream. When not defined, WAL files will be stored uncompressed and may be unencrypted in the object store, according to the bucket default policy.

data
DataBackupConfiguration

The configuration to be used to backup the data files When not defined, base backups files will be stored uncompressed and may be unencrypted in the object store, according to the bucket default policy.

tags
map[string]string

Tags is a list of key value pairs that will be passed to the Barman --tags option.

historyTags
map[string]string

HistoryTags is a list of key value pairs that will be passed to the Barman --history-tags option.

BootstrapConfiguration

Appears in:

BootstrapConfiguration contains information about how to create the PostgreSQL cluster. Only a single bootstrap method can be defined among the supported ones. initdb will be used as the bootstrap method if left unspecified. Refer to the Bootstrap page of the documentation for more information.

FieldDescription
initdb
BootstrapInitDB

Bootstrap the cluster via initdb

recovery
BootstrapRecovery

Bootstrap the cluster from a backup

pg_basebackup
BootstrapPgBaseBackup

Bootstrap the cluster taking a physical backup of another compatible PostgreSQL instance

BootstrapInitDB

Appears in:

BootstrapInitDB is the configuration of the bootstrap process when initdb is used Refer to the Bootstrap page of the documentation for more information.

FieldDescription
database
string

Name of the database used by the application. Default: app.

owner
string

Name of the owner of the database in the instance to be used by applications. Defaults to the value of the database key.

secret
LocalObjectReference

Name of the secret containing the initial credentials for the owner of the user database. If empty a new secret will be created from scratch

options
[]string

The list of options that must be passed to initdb when creating the cluster. Deprecated: This could lead to inconsistent configurations, please use the explicit provided parameters instead. If defined, explicit values will be ignored.

dataChecksums
bool

Whether the -k option should be passed to initdb, enabling checksums on data pages (default: false)

encoding
string

The value to be passed as option --encoding for initdb (default:UTF8)

localeCollate
string

The value to be passed as option --lc-collate for initdb (default:C)

localeCType
string

The value to be passed as option --lc-ctype for initdb (default:C)

walSegmentSize
int

The value in megabytes (1 to 1024) to be passed to the --wal-segsize option for initdb (default: empty, resulting in PostgreSQL default: 16MB)

postInitSQL
[]string

List of SQL queries to be executed as a superuser immediately after the cluster has been created - to be used with extreme care (by default empty)

postInitApplicationSQL
[]string

List of SQL queries to be executed as a superuser in the application database right after is created - to be used with extreme care (by default empty)

postInitTemplateSQL
[]string

List of SQL queries to be executed as a superuser in the template1 after the cluster has been created - to be used with extreme care (by default empty)

import
Import

Bootstraps the new cluster by importing data from an existing PostgreSQL instance using logical backup (pg_dump and pg_restore)

postInitApplicationSQLRefs
PostInitApplicationSQLRefs

PostInitApplicationSQLRefs points references to ConfigMaps or Secrets which contain SQL files, the general implementation order to these references is from all Secrets to all ConfigMaps, and inside Secrets or ConfigMaps, the implementation order is same as the order of each array (by default empty)

BootstrapPgBaseBackup

Appears in:

BootstrapPgBaseBackup contains the configuration required to take a physical backup of an existing PostgreSQL cluster

FieldDescription
source [Required]
string

The name of the server of which we need to take a physical backup

database
string

Name of the database used by the application. Default: app.

owner
string

Name of the owner of the database in the instance to be used by applications. Defaults to the value of the database key.

secret
LocalObjectReference

Name of the secret containing the initial credentials for the owner of the user database. If empty a new secret will be created from scratch

BootstrapRecovery

Appears in:

BootstrapRecovery contains the configuration required to restore from an existing cluster using 3 methodologies: external cluster, volume snapshots or backup objects. Full recovery and Point-In-Time Recovery are supported. The method can be also be used to create clusters in continuous recovery (replica clusters), also supporting cascading replication when instances >

  1. Once the cluster exits recovery, the password for the superuser will be changed through the provided secret. Refer to the Bootstrap page of the documentation for more information.
FieldDescription
backup
BackupSource

The backup object containing the physical base backup from which to initiate the recovery procedure. Mutually exclusive with source and volumeSnapshots.

source
string

The external cluster whose backup we will restore. This is also used as the name of the folder under which the backup is stored, so it must be set to the name of the source cluster Mutually exclusive with backup.

volumeSnapshots
DataSource

The static PVC data source(s) from which to initiate the recovery procedure. Currently supporting VolumeSnapshot and PersistentVolumeClaim resources that map an existing PVC group, compatible with CloudNativePG, and taken with a cold backup copy on a fenced Postgres instance (limitation which will be removed in the future when online backup will be implemented). Mutually exclusive with backup.

recoveryTarget
RecoveryTarget

By default, the recovery process applies all the available WAL files in the archive (full recovery). However, you can also end the recovery as soon as a consistent state is reached or recover to a point-in-time (PITR) by specifying a RecoveryTarget object, as expected by PostgreSQL (i.e., timestamp, transaction Id, LSN, ...). More info: https://www.postgresql.org/docs/current/runtime-config-wal.html#RUNTIME-CONFIG-WAL-RECOVERY-TARGET

database
string

Name of the database used by the application. Default: app.

owner
string

Name of the owner of the database in the instance to be used by applications. Defaults to the value of the database key.

secret
LocalObjectReference

Name of the secret containing the initial credentials for the owner of the user database. If empty a new secret will be created from scratch

CertificatesConfiguration

Appears in:

CertificatesConfiguration contains the needed configurations to handle server certificates.

FieldDescription
serverCASecret
string

The secret containing the Server CA certificate. If not defined, a new secret will be created with a self-signed CA and will be used to generate the TLS certificate ServerTLSSecret. Contains:

  • ca.crt: CA that should be used to validate the server certificate, used as sslrootcert in client connection strings.
  • ca.key: key used to generate Server SSL certs, if ServerTLSSecret is provided, this can be omitted.
serverTLSSecret
string

The secret of type kubernetes.io/tls containing the server TLS certificate and key that will be set as ssl_cert_file and ssl_key_file so that clients can connect to postgres securely. If not defined, ServerCASecret must provide also ca.key and a new secret will be created using the provided CA.

replicationTLSSecret
string

The secret of type kubernetes.io/tls containing the client certificate to authenticate as the streaming_replica user. If not defined, ClientCASecret must provide also ca.key, and a new secret will be created using the provided CA.

clientCASecret
string

The secret containing the Client CA certificate. If not defined, a new secret will be created with a self-signed CA and will be used to generate all the client certificates. Contains:

  • ca.crt: CA that should be used to validate the client certificates, used as ssl_ca_file of all the instances.
  • ca.key: key used to generate client certificates, if ReplicationTLSSecret is provided, this can be omitted.
serverAltDNSNames
[]string

The list of the server alternative DNS names to be added to the generated server TLS certificates, when required.

CertificatesStatus

Appears in:

CertificatesStatus contains configuration certificates and related expiration dates.

FieldDescription
CertificatesConfiguration
CertificatesConfiguration
(Members of CertificatesConfiguration are embedded into this type.)

Needed configurations to handle server certificates, initialized with default values, if needed.

expirations
map[string]string

Expiration dates for all certificates.

ClusterSpec

Appears in:

ClusterSpec defines the desired state of Cluster

FieldDescription
description
string

Description of this PostgreSQL cluster

inheritedMetadata
EmbeddedObjectMetadata

Metadata that will be inherited by all objects related to the Cluster

imageName
string

Name of the container image, supporting both tags (<image>:<tag>) and digests for deterministic and repeatable deployments (<image>:<tag>@sha256:<digestValue>)

imagePullPolicy
core/v1.PullPolicy

Image pull policy. One of Always, Never or IfNotPresent. If not defined, it defaults to IfNotPresent. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images

schedulerName
string

If specified, the pod will be dispatched by specified Kubernetes scheduler. If not specified, the pod will be dispatched by the default scheduler. More info: https://kubernetes.io/docs/concepts/scheduling-eviction/kube-scheduler/

postgresUID
int64

The UID of the postgres user inside the image, defaults to 26

postgresGID
int64

The GID of the postgres user inside the image, defaults to 26

instances [Required]
int

Number of instances required in the cluster

minSyncReplicas
int

Minimum number of instances required in synchronous replication with the primary. Undefined or 0 allow writes to complete when no standby is available.

maxSyncReplicas
int

The target value for the synchronous replication quorum, that can be decreased if the number of ready standbys is lower than this. Undefined or 0 disable synchronous replication.

postgresql
PostgresConfiguration

Configuration of the PostgreSQL server

replicationSlots
ReplicationSlotsConfiguration

Replication slots management configuration

bootstrap
BootstrapConfiguration

Instructions to bootstrap this cluster

replica
ReplicaClusterConfiguration

Replica cluster configuration

superuserSecret
LocalObjectReference

The secret containing the superuser password. If not defined a new secret will be created with a randomly generated password

enableSuperuserAccess
bool

When this option is enabled, the operator will use the SuperuserSecret to update the postgres user password (if the secret is not present, the operator will automatically create one). When this option is disabled, the operator will ignore the SuperuserSecret content, delete it when automatically created, and then blank the password of the postgres user by setting it to NULL. Disabled by default.

certificates
CertificatesConfiguration

The configuration for the CA and related certificates

imagePullSecrets
[]LocalObjectReference

The list of pull secrets to be used to pull the images

storage
StorageConfiguration

Configuration of the storage of the instances

serviceAccountTemplate
ServiceAccountTemplate

Configure the generation of the service account

walStorage
StorageConfiguration

Configuration of the storage for PostgreSQL WAL (Write-Ahead Log)

ephemeralVolumeSource
core/v1.EphemeralVolumeSource

EphemeralVolumeSource allows the user to configure the source of ephemeral volumes.

startDelay
int32

The time in seconds that is allowed for a PostgreSQL instance to successfully start up (default 3600). The startup probe failure threshold is derived from this value using the formula: ceiling(startDelay / 10).

stopDelay
int32

The time in seconds that is allowed for a PostgreSQL instance to gracefully shutdown (default 1800)

smartShutdownTimeout
int32

The time in seconds that controls the window of time reserved for the smart shutdown of Postgres to complete. Make sure you reserve enough time for the operator to request a fast shutdown of Postgres (that is: stopDelay - smartShutdownTimeout).

switchoverDelay
int32

The time in seconds that is allowed for a primary PostgreSQL instance to gracefully shutdown during a switchover. Default value is 3600 seconds (1 hour).

failoverDelay
int32

The amount of time (in seconds) to wait before triggering a failover after the primary PostgreSQL instance in the cluster was detected to be unhealthy

livenessProbeTimeout
int32

LivenessProbeTimeout is the time (in seconds) that is allowed for a PostgreSQL instance to successfully respond to the liveness probe (default 30). The Liveness probe failure threshold is derived from this value using the formula: ceiling(livenessProbe / 10).

affinity
AffinityConfiguration

Affinity/Anti-affinity rules for Pods

topologySpreadConstraints
[]core/v1.TopologySpreadConstraint

TopologySpreadConstraints specifies how to spread matching pods among the given topology. More info: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/

resources
core/v1.ResourceRequirements

Resources requirements of every generated Pod. Please refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ for more information.

ephemeralVolumesSizeLimit [Required]
EphemeralVolumesSizeLimitConfiguration

EphemeralVolumesSizeLimit allows the user to set the limits for the ephemeral volumes

priorityClassName
string

Name of the priority class which will be used in every generated Pod, if the PriorityClass specified does not exist, the pod will not be able to schedule. Please refer to https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass for more information

primaryUpdateStrategy
PrimaryUpdateStrategy

Deployment strategy to follow to upgrade the primary server during a rolling update procedure, after all replicas have been successfully updated: it can be automated (unsupervised - default) or manual (supervised)

primaryUpdateMethod
PrimaryUpdateMethod

Method to follow to upgrade the primary server during a rolling update procedure, after all replicas have been successfully updated: it can be with a switchover (switchover) or in-place (restart - default)

backup
BackupConfiguration

The configuration to be used for backups

nodeMaintenanceWindow
NodeMaintenanceWindow

Define a maintenance window for the Kubernetes nodes

monitoring
MonitoringConfiguration

The configuration of the monitoring infrastructure of this cluster

externalClusters
[]ExternalCluster

The list of external clusters which are used in the configuration

logLevel
string

The instances' log level, one of the following values: error, warning, info (default), debug, trace

projectedVolumeTemplate
core/v1.ProjectedVolumeSource

Template to be used to define projected volumes, projected volumes will be mounted under /projected base folder

env
[]core/v1.EnvVar

Env follows the Env format to pass environment variables to the pods created in the cluster

envFrom
[]core/v1.EnvFromSource

EnvFrom follows the EnvFrom format to pass environment variables sources to the pods to be used by Env

managed
ManagedConfiguration

The configuration that is used by the portions of PostgreSQL that are managed by the instance manager

seccompProfile
core/v1.SeccompProfile

The SeccompProfile applied to every Pod and Container. Defaults to: RuntimeDefault

ClusterStatus

Appears in:

ClusterStatus defines the observed state of Cluster

FieldDescription
instances
int

The total number of PVC Groups detected in the cluster. It may differ from the number of existing instance pods.

readyInstances
int

The total number of ready instances in the cluster. It is equal to the number of ready instance pods.

instancesStatus
map[PodStatus][]string

InstancesStatus indicates in which status the instances are

instancesReportedState
map[PodName]InstanceReportedState

The reported state of the instances during the last reconciliation loop

managedRolesStatus
ManagedRoles

ManagedRolesStatus reports the state of the managed roles in the cluster

timelineID
int

The timeline of the Postgres cluster

topology
Topology

Instances topology.

latestGeneratedNode
int

ID of the latest generated node (used to avoid node name clashing)

currentPrimary
string

Current primary instance

targetPrimary
string

Target primary instance, this is different from the previous one during a switchover or a failover

pvcCount
int32

How many PVCs have been created by this cluster

jobCount
int32

How many Jobs have been created by this cluster

danglingPVC
[]string

List of all the PVCs created by this cluster and still available which are not attached to a Pod

resizingPVC
[]string

List of all the PVCs that have ResizingPVC condition.

initializingPVC
[]string

List of all the PVCs that are being initialized by this cluster

healthyPVC
[]string

List of all the PVCs not dangling nor initializing

unusablePVC
[]string

List of all the PVCs that are unusable because another PVC is missing

writeService
string

Current write pod

readService
string

Current list of read pods

phase
string

Current phase of the cluster

phaseReason
string

Reason for the current phase

secretsResourceVersion
SecretsResourceVersion

The list of resource versions of the secrets managed by the operator. Every change here is done in the interest of the instance manager, which will refresh the secret data

configMapResourceVersion
ConfigMapResourceVersion

The list of resource versions of the configmaps, managed by the operator. Every change here is done in the interest of the instance manager, which will refresh the configmap data

certificates
CertificatesStatus

The configuration for the CA and related certificates, initialized with defaults.

firstRecoverabilityPoint
string

The first recoverability point, stored as a date in RFC3339 format. This field is calculated from the content of FirstRecoverabilityPointByMethod

firstRecoverabilityPointByMethod
map[BackupMethod]meta/v1.Time

The first recoverability point, stored as a date in RFC3339 format, per backup method type

lastSuccessfulBackup
string

Last successful backup, stored as a date in RFC3339 format This field is calculated from the content of LastSuccessfulBackupByMethod

lastSuccessfulBackupByMethod
map[BackupMethod]meta/v1.Time

Last successful backup, stored as a date in RFC3339 format, per backup method type

lastFailedBackup
string

Stored as a date in RFC3339 format

cloudNativePGCommitHash
string

The commit hash number of which this operator running

currentPrimaryTimestamp
string

The timestamp when the last actual promotion to primary has occurred

currentPrimaryFailingSinceTimestamp
string

The timestamp when the primary was detected to be unhealthy This field is reported when .spec.failoverDelay is populated or during online upgrades

targetPrimaryTimestamp
string

The timestamp when the last request for a new primary has occurred

poolerIntegrations
PoolerIntegrations

The integration needed by poolers referencing the cluster

cloudNativePGOperatorHash
string

The hash of the binary of the operator

availableArchitectures
[]AvailableArchitecture

AvailableArchitectures reports the available architectures of a cluster

conditions
[]meta/v1.Condition

Conditions for cluster object

instanceNames
[]string

List of instance names in the cluster

onlineUpdateEnabled
bool

OnlineUpdateEnabled shows if the online upgrade is enabled inside the cluster

azurePVCUpdateEnabled
bool

AzurePVCUpdateEnabled shows if the PVC online upgrade is enabled for this cluster

CompressionType

(Alias of string)

Appears in:

CompressionType encapsulates the available types of compression

ConfigMapKeySelector

Appears in:

ConfigMapKeySelector contains enough information to let you locate the key of a ConfigMap

FieldDescription
LocalObjectReference
LocalObjectReference
(Members of LocalObjectReference are embedded into this type.)

The name of the secret in the pod's namespace to select from.

key [Required]
string

The key to select

ConfigMapResourceVersion

Appears in:

ConfigMapResourceVersion is the resource versions of the secrets managed by the operator

FieldDescription
metrics
map[string]string

A map with the versions of all the config maps used to pass metrics. Map keys are the config map names, map values are the versions

DataBackupConfiguration

Appears in:

DataBackupConfiguration is the configuration of the backup of the data directory

FieldDescription
compression
CompressionType

Compress a backup file (a tar file per tablespace) while streaming it to the object store. Available options are empty string (no compression, default), gzip, bzip2 or snappy.

encryption
EncryptionType

Whenever to force the encryption of files (if the bucket is not already configured for that). Allowed options are empty string (use the bucket policy, default), AES256 and aws:kms

jobs
int32

The number of parallel jobs to be used to upload the backup, defaults to 2

immediateCheckpoint
bool

Control whether the I/O workload for the backup initial checkpoint will be limited, according to the checkpoint_completion_target setting on the PostgreSQL server. If set to true, an immediate checkpoint will be used, meaning PostgreSQL will complete the checkpoint as soon as possible. false by default.

additionalCommandArgs [Required]
[]string

AdditionalCommandArgs represents additional arguments that can be appended to the 'barman-cloud-backup' command-line invocation. These arguments provide flexibility to customize the backup process further according to specific requirements or configurations.

Example: In a scenario where specialized backup options are required, such as setting a specific timeout or defining custom behavior, users can use this field to specify additional command arguments.

Note: It's essential to ensure that the provided arguments are valid and supported by the 'barman-cloud-backup' command, to avoid potential errors or unintended behavior during execution.

DataSource

Appears in:

DataSource contains the configuration required to bootstrap a PostgreSQL cluster from an existing storage

FieldDescription
storage [Required]
core/v1.TypedLocalObjectReference

Configuration of the storage of the instances

walStorage
core/v1.TypedLocalObjectReference

Configuration of the storage for PostgreSQL WAL (Write-Ahead Log)

EmbeddedObjectMetadata

Appears in:

EmbeddedObjectMetadata contains metadata to be inherited by all resources related to a Cluster

FieldDescription
labels
map[string]string
No description provided.
annotations
map[string]string
No description provided.

EncryptionType

(Alias of string)

Appears in:

EncryptionType encapsulated the available types of encryption

EnsureOption

(Alias of string)

Appears in:

EnsureOption represents whether we should enforce the presence or absence of a Role in a PostgreSQL instance

EphemeralVolumesSizeLimitConfiguration

Appears in:

EphemeralVolumesSizeLimitConfiguration contains the configuration of the ephemeral storage

FieldDescription
shm [Required]
k8s.io/apimachinery/pkg/api/resource.Quantity

Shm is the size limit of the shared memory volume

temporaryData [Required]
k8s.io/apimachinery/pkg/api/resource.Quantity

TemporaryData is the size limit of the temporary data volume

ExternalCluster

Appears in:

ExternalCluster represents the connection parameters to an external cluster which is used in the other sections of the configuration

FieldDescription
name [Required]
string

The server name, required

connectionParameters
map[string]string

The list of connection parameters, such as dbname, host, username, etc

sslCert
core/v1.SecretKeySelector

The reference to an SSL certificate to be used to connect to this instance

sslKey
core/v1.SecretKeySelector

The reference to an SSL private key to be used to connect to this instance

sslRootCert
core/v1.SecretKeySelector

The reference to an SSL CA public key to be used to connect to this instance

password
core/v1.SecretKeySelector

The reference to the password to be used to connect to the server. If a password is provided, CloudNativePG creates a PostgreSQL passfile at /controller/external/NAME/pass (where "NAME" is the cluster's name). This passfile is automatically referenced in the connection string when establishing a connection to the remote PostgreSQL server from the current PostgreSQL Cluster. This ensures secure and efficient password management for external clusters.

barmanObjectStore
BarmanObjectStoreConfiguration

The configuration for the barman-cloud tool suite

GoogleCredentials

Appears in:

GoogleCredentials is the type for the Google Cloud Storage credentials. This needs to be specified even if we run inside a GKE environment.

FieldDescription
applicationCredentials
SecretKeySelector

The secret containing the Google Cloud Storage JSON file with the credentials

gkeEnvironment
bool

If set to true, will presume that it's running inside a GKE environment, default to false.

Import

Appears in:

Import contains the configuration to init a database from a logic snapshot of an externalCluster

FieldDescription
source [Required]
ImportSource

The source of the import

type [Required]
SnapshotType

The import type. Can be microservice or monolith.

databases [Required]
[]string

The databases to import

roles
[]string

The roles to import

postImportApplicationSQL
[]string

List of SQL queries to be executed as a superuser in the application database right after is imported - to be used with extreme care (by default empty). Only available in microservice type.

schemaOnly
bool

When set to true, only the pre-data and post-data sections of pg_restore are invoked, avoiding data import. Default: false.

ImportSource

Appears in:

ImportSource describes the source for the logical snapshot

FieldDescription
externalCluster [Required]
string

The name of the externalCluster used for import

InstanceID

Appears in:

InstanceID contains the information to identify an instance

FieldDescription
podName
string

The pod name

ContainerID
string

The container ID

InstanceReportedState

Appears in:

InstanceReportedState describes the last reported state of an instance during a reconciliation loop

FieldDescription
isPrimary [Required]
bool

indicates if an instance is the primary one

timeLineID
int

indicates on which TimelineId the instance is

LDAPBindAsAuth

Appears in:

LDAPBindAsAuth provides the required fields to use the bind authentication for LDAP

FieldDescription
prefix
string

Prefix for the bind authentication option

suffix
string

Suffix for the bind authentication option

LDAPBindSearchAuth

Appears in:

LDAPBindSearchAuth provides the required fields to use the bind+search LDAP authentication process

FieldDescription
baseDN
string

Root DN to begin the user search

bindDN
string

DN of the user to bind to the directory

bindPassword
core/v1.SecretKeySelector

Secret with the password for the user to bind to the directory

searchAttribute
string

Attribute to match against the username

searchFilter
string

Search filter to use when doing the search+bind authentication

LDAPConfig

Appears in:

LDAPConfig contains the parameters needed for LDAP authentication

FieldDescription
server
string

LDAP hostname or IP address

port
int

LDAP server port

scheme
LDAPScheme

LDAP schema to be used, possible options are ldap and ldaps

bindAsAuth
LDAPBindAsAuth

Bind as authentication configuration

bindSearchAuth
LDAPBindSearchAuth

Bind+Search authentication configuration

tls
bool

Set to 'true' to enable LDAP over TLS. 'false' is default

LDAPScheme

(Alias of string)

Appears in:

LDAPScheme defines the possible schemes for LDAP

LocalObjectReference

Appears in:

LocalObjectReference contains enough information to let you locate a local object with a known type inside the same namespace

FieldDescription
name [Required]
string

Name of the referent.

ManagedConfiguration

Appears in:

ManagedConfiguration represents the portions of PostgreSQL that are managed by the instance manager

FieldDescription
roles
[]RoleConfiguration

Database roles managed by the Cluster

ManagedRoles

Appears in:

ManagedRoles tracks the status of a cluster's managed roles

FieldDescription
byStatus
map[RoleStatus][]string

ByStatus gives the list of roles in each state

cannotReconcile
map[string][]string

CannotReconcile lists roles that cannot be reconciled in PostgreSQL, with an explanation of the cause

passwordStatus
map[string]PasswordState

PasswordStatus gives the last transaction id and password secret version for each managed role

Metadata

Appears in:

Metadata is a structure similar to the metav1.ObjectMeta, but still parseable by controller-gen to create a suitable CRD for the user. The comment of PodTemplateSpec has an explanation of why we are not using the core data types.

FieldDescription
labels
map[string]string

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

annotations
map[string]string

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

MonitoringConfiguration

Appears in:

MonitoringConfiguration is the type containing all the monitoring configuration for a certain cluster

FieldDescription
disableDefaultQueries
bool

Whether the default queries should be injected. Set it to true if you don't want to inject default queries into the cluster. Default: false.

customQueriesConfigMap
[]ConfigMapKeySelector

The list of config maps containing the custom queries

customQueriesSecret
[]SecretKeySelector

The list of secrets containing the custom queries

enablePodMonitor
bool

Enable or disable the PodMonitor

podMonitorMetricRelabelings
[]github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1.RelabelConfig

The list of metric relabelings for the PodMonitor. Applied to samples before ingestion.

podMonitorRelabelings
[]github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1.RelabelConfig

The list of relabelings for the PodMonitor. Applied to samples before scraping.

NodeMaintenanceWindow

Appears in:

NodeMaintenanceWindow contains information that the operator will use while upgrading the underlying node.

This option is only useful when the chosen storage prevents the Pods from being freely moved across nodes.

FieldDescription
reusePVC
bool

Reuse the existing PVC (wait for the node to come up again) or not (recreate it elsewhere - when instances >1)

inProgress
bool

Is there a node maintenance activity in progress?

OnlineConfiguration

Appears in:

OnlineConfiguration contains the configuration parameters for the online volume snapshot

FieldDescription
waitForArchive
bool

If false, the function will return immediately after the backup is completed, without waiting for WAL to be archived. This behavior is only useful with backup software that independently monitors WAL archiving. Otherwise, WAL required to make the backup consistent might be missing and make the backup useless. By default, or when this parameter is true, pg_backup_stop will wait for WAL to be archived when archiving is enabled. On a standby, this means that it will wait only when archive_mode = always. If write activity on the primary is low, it may be useful to run pg_switch_wal on the primary in order to trigger an immediate segment switch.

immediateCheckpoint
bool

Control whether the I/O workload for the backup initial checkpoint will be limited, according to the checkpoint_completion_target setting on the PostgreSQL server. If set to true, an immediate checkpoint will be used, meaning PostgreSQL will complete the checkpoint as soon as possible. false by default.

PasswordState

Appears in:

PasswordState represents the state of the password of a managed RoleConfiguration

FieldDescription
transactionID
int64

the last transaction ID to affect the role definition in PostgreSQL

resourceVersion
string

the resource version of the password secret

PgBouncerIntegrationStatus

Appears in:

PgBouncerIntegrationStatus encapsulates the needed integration for the pgbouncer poolers referencing the cluster

FieldDescription
secrets
[]string
No description provided.

PgBouncerPoolMode

(Alias of string)

Appears in:

PgBouncerPoolMode is the mode of PgBouncer

PgBouncerSecrets

Appears in:

PgBouncerSecrets contains the versions of the secrets used by pgbouncer

FieldDescription
authQuery
SecretVersion

The auth query secret version

PgBouncerSpec

Appears in:

PgBouncerSpec defines how to configure PgBouncer

FieldDescription
poolMode
PgBouncerPoolMode

The pool mode. Default: session.

authQuerySecret
LocalObjectReference

The credentials of the user that need to be used for the authentication query. In case it is specified, also an AuthQuery (e.g. "SELECT usename, passwd FROM pg_catalog.pg_shadow WHERE usename=$1") has to be specified and no automatic CNPG Cluster integration will be triggered.

authQuery
string

The query that will be used to download the hash of the password of a certain user. Default: "SELECT usename, passwd FROM public.user_search($1)". In case it is specified, also an AuthQuerySecret has to be specified and no automatic CNPG Cluster integration will be triggered.

parameters
map[string]string

Additional parameters to be passed to PgBouncer - please check the CNPG documentation for a list of options you can configure

pg_hba
[]string

PostgreSQL Host Based Authentication rules (lines to be appended to the pg_hba.conf file)

paused
bool

When set to true, PgBouncer will disconnect from the PostgreSQL server, first waiting for all queries to complete, and pause all new client connections until this value is set to false (default). Internally, the operator calls PgBouncer's PAUSE and RESUME commands.

PodTemplateSpec

Appears in:

PodTemplateSpec is a structure allowing the user to set a template for Pod generation.

Unfortunately we can't use the corev1.PodTemplateSpec type because the generated CRD won't have the field for the metadata section.

References: https://github.com/kubernetes-sigs/controller-tools/issues/385 https://github.com/kubernetes-sigs/controller-tools/issues/448 https://github.com/prometheus-operator/prometheus-operator/issues/3041

FieldDescription
metadata
Metadata

Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec
core/v1.PodSpec

Specification of the desired behavior of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

PodTopologyLabels

(Alias of map[string]string)

Appears in:

PodTopologyLabels represent the topology of a Pod. map[labelName]labelValue

PoolerIntegrations

Appears in:

PoolerIntegrations encapsulates the needed integration for the poolers referencing the cluster

FieldDescription
pgBouncerIntegration
PgBouncerIntegrationStatus
No description provided.

PoolerMonitoringConfiguration

Appears in:

PoolerMonitoringConfiguration is the type containing all the monitoring configuration for a certain Pooler.

Mirrors the Cluster's MonitoringConfiguration but without the custom queries part for now.

FieldDescription
enablePodMonitor
bool

Enable or disable the PodMonitor

podMonitorMetricRelabelings
[]github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1.RelabelConfig

The list of metric relabelings for the PodMonitor. Applied to samples before ingestion.

podMonitorRelabelings
[]github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1.RelabelConfig

The list of relabelings for the PodMonitor. Applied to samples before scraping.

PoolerSecrets

Appears in:

PoolerSecrets contains the versions of all the secrets used

FieldDescription
serverTLS
SecretVersion

The server TLS secret version

serverCA
SecretVersion

The server CA secret version

clientCA
SecretVersion

The client CA secret version

pgBouncerSecrets
PgBouncerSecrets

The version of the secrets used by PgBouncer

PoolerSpec

Appears in:

PoolerSpec defines the desired state of Pooler

FieldDescription
cluster [Required]
LocalObjectReference

This is the cluster reference on which the Pooler will work. Pooler name should never match with any cluster name within the same namespace.

type
PoolerType

Type of service to forward traffic to. Default: rw.

instances
int32

The number of replicas we want. Default: 1.

template
PodTemplateSpec

The template of the Pod to be created

pgbouncer [Required]
PgBouncerSpec

The PgBouncer configuration

deploymentStrategy
apps/v1.DeploymentStrategy

The deployment strategy to use for pgbouncer to replace existing pods with new ones

monitoring
PoolerMonitoringConfiguration

The configuration of the monitoring infrastructure of this pooler.

PoolerStatus

Appears in:

PoolerStatus defines the observed state of Pooler

FieldDescription
secrets
PoolerSecrets

The resource version of the config object

instances
int32

The number of pods trying to be scheduled

PoolerType

(Alias of string)

Appears in:

PoolerType is the type of the connection pool, meaning the service we are targeting. Allowed values are rw and ro.

PostInitApplicationSQLRefs

Appears in:

PostInitApplicationSQLRefs points references to ConfigMaps or Secrets which contain SQL files, the general implementation order to these references is from all Secrets to all ConfigMaps, and inside Secrets or ConfigMaps, the implementation order is same as the order of each array

FieldDescription
secretRefs
[]SecretKeySelector

SecretRefs holds a list of references to Secrets

configMapRefs
[]ConfigMapKeySelector

ConfigMapRefs holds a list of references to ConfigMaps

PostgresConfiguration

Appears in:

PostgresConfiguration defines the PostgreSQL configuration

FieldDescription
parameters
map[string]string

PostgreSQL configuration options (postgresql.conf)

pg_hba
[]string

PostgreSQL Host Based Authentication rules (lines to be appended to the pg_hba.conf file)

pg_ident
[]string

PostgreSQL User Name Maps rules (lines to be appended to the pg_ident.conf file)

syncReplicaElectionConstraint
SyncReplicaElectionConstraints

Requirements to be met by sync replicas. This will affect how the "synchronous_standby_names" parameter will be set up.

shared_preload_libraries
[]string

Lists of shared preload libraries to add to the default ones

ldap
LDAPConfig

Options to specify LDAP configuration

promotionTimeout
int32

Specifies the maximum number of seconds to wait when promoting an instance to primary. Default value is 40000000, greater than one year in seconds, big enough to simulate an infinite timeout

enableAlterSystem
bool

If this parameter is true, the user will be able to invoke ALTER SYSTEM on this CloudNativePG Cluster. This should only be used for debugging and troubleshooting. Defaults to true.

PrimaryUpdateMethod

(Alias of string)

Appears in:

PrimaryUpdateMethod contains the method to use when upgrading the primary server of the cluster as part of rolling updates

PrimaryUpdateStrategy

(Alias of string)

Appears in:

PrimaryUpdateStrategy contains the strategy to follow when upgrading the primary server of the cluster as part of rolling updates

RecoveryTarget

Appears in:

RecoveryTarget allows to configure the moment where the recovery process will stop. All the target options except TargetTLI are mutually exclusive.

FieldDescription
backupID
string

The ID of the backup from which to start the recovery process. If empty (default) the operator will automatically detect the backup based on targetTime or targetLSN if specified. Otherwise use the latest available backup in chronological order.

targetTLI
string

The target timeline ("latest" or a positive integer)

targetXID
string

The target transaction ID

targetName
string

The target name (to be previously created with pg_create_restore_point)

targetLSN
string

The target LSN (Log Sequence Number)

targetTime
string

The target time as a timestamp in the RFC3339 standard

targetImmediate
bool

End recovery as soon as a consistent state is reached

exclusive
bool

Set the target to be exclusive. If omitted, defaults to false, so that in Postgres, recovery_target_inclusive will be true

ReplicaClusterConfiguration

Appears in:

ReplicaClusterConfiguration encapsulates the configuration of a replica cluster

FieldDescription
source [Required]
string

The name of the external cluster which is the replication origin

enabled [Required]
bool

If replica mode is enabled, this cluster will be a replica of an existing cluster. Replica cluster can be created from a recovery object store or via streaming through pg_basebackup. Refer to the Replica clusters page of the documentation for more information.

ReplicationSlotsConfiguration

Appears in:

ReplicationSlotsConfiguration encapsulates the configuration of replication slots

FieldDescription
highAvailability
ReplicationSlotsHAConfiguration

Replication slots for high availability configuration

updateInterval
int

Standby will update the status of the local replication slots every updateInterval seconds (default 30).

ReplicationSlotsHAConfiguration

Appears in:

ReplicationSlotsHAConfiguration encapsulates the configuration of the replication slots that are automatically managed by the operator to control the streaming replication connections with the standby instances for high availability (HA) purposes. Replication slots are a PostgreSQL feature that makes sure that PostgreSQL automatically keeps WAL files in the primary when a streaming client (in this specific case a replica that is part of the HA cluster) gets disconnected.

FieldDescription
enabled
bool

If enabled (default), the operator will automatically manage replication slots on the primary instance and use them in streaming replication connections with all the standby instances that are part of the HA cluster. If disabled, the operator will not take advantage of replication slots in streaming connections with the replicas. This feature also controls replication slots in replica cluster, from the designated primary to its cascading replicas.

slotPrefix
string

Prefix for replication slots managed by the operator for HA. It may only contain lower case letters, numbers, and the underscore character. This can only be set at creation time. By default set to _cnpg_.

RoleConfiguration

Appears in:

RoleConfiguration is the representation, in Kubernetes, of a PostgreSQL role with the additional field Ensure specifying whether to ensure the presence or absence of the role in the database

The defaults of the CREATE ROLE command are applied Reference: https://www.postgresql.org/docs/current/sql-createrole.html

FieldDescription
name [Required]
string

Name of the role

comment
string

Description of the role

ensure
EnsureOption

Ensure the role is present or absent - defaults to "present"

passwordSecret
LocalObjectReference

Secret containing the password of the role (if present) If null, the password will be ignored unless DisablePassword is set

connectionLimit
int64

If the role can log in, this specifies how many concurrent connections the role can make. -1 (the default) means no limit.

validUntil
meta/v1.Time

Date and time after which the role's password is no longer valid. When omitted, the password will never expire (default).

inRoles
[]string

List of one or more existing roles to which this role will be immediately added as a new member. Default empty.

inherit
bool

Whether a role "inherits" the privileges of roles it is a member of. Defaults is true.

disablePassword
bool

DisablePassword indicates that a role's password should be set to NULL in Postgres

superuser
bool

Whether the role is a superuser who can override all access restrictions within the database - superuser status is dangerous and should be used only when really needed. You must yourself be a superuser to create a new superuser. Defaults is false.

createdb
bool

When set to true, the role being defined will be allowed to create new databases. Specifying false (default) will deny a role the ability to create databases.

createrole
bool

Whether the role will be permitted to create, alter, drop, comment on, change the security label for, and grant or revoke membership in other roles. Default is false.

login
bool

Whether the role is allowed to log in. A role having the login attribute can be thought of as a user. Roles without this attribute are useful for managing database privileges, but are not users in the usual sense of the word. Default is false.

replication
bool

Whether a role is a replication role. A role must have this attribute (or be a superuser) in order to be able to connect to the server in replication mode (physical or logical replication) and in order to be able to create or drop replication slots. A role having the replication attribute is a very highly privileged role, and should only be used on roles actually used for replication. Default is false.

bypassrls
bool

Whether a role bypasses every row-level security (RLS) policy. Default is false.

S3Credentials

Appears in:

S3Credentials is the type for the credentials to be used to upload files to S3. It can be provided in two alternative ways:

  • explicitly passing accessKeyId and secretAccessKey

  • inheriting the role from the pod environment by setting inheritFromIAMRole to true

FieldDescription
accessKeyId
SecretKeySelector

The reference to the access key id

secretAccessKey
SecretKeySelector

The reference to the secret access key

region
SecretKeySelector

The reference to the secret containing the region name

sessionToken
SecretKeySelector

The references to the session key

inheritFromIAMRole
bool

Use the role based authentication without providing explicitly the keys.

ScheduledBackupSpec

Appears in:

ScheduledBackupSpec defines the desired state of ScheduledBackup

FieldDescription
suspend
bool

If this backup is suspended or not

immediate
bool

If the first backup has to be immediately start after creation or not

schedule [Required]
string

The schedule does not follow the same format used in Kubernetes CronJobs as it includes an additional seconds specifier, see https://pkg.go.dev/github.com/robfig/cron#hdr-CRON_Expression_Format

cluster [Required]
LocalObjectReference

The cluster to backup

backupOwnerReference
string

Indicates which ownerReference should be put inside the created backup resources.

  • none: no owner reference for created backup objects (same behavior as before the field was introduced)
  • self: sets the Scheduled backup object as owner of the backup
  • cluster: set the cluster as owner of the backup
target
BackupTarget

The policy to decide which instance should perform this backup. If empty, it defaults to cluster.spec.backup.target. Available options are empty string, primary and prefer-standby. primary to have backups run always on primary instances, prefer-standby to have backups run preferably on the most updated standby, if available.

method
BackupMethod

The backup method to be used, possible options are barmanObjectStore and volumeSnapshot. Defaults to: barmanObjectStore.

online
bool

Whether the default type of backup with volume snapshots is online/hot (true, default) or offline/cold (false) Overrides the default setting specified in the cluster field '.spec.backup.volumeSnapshot.online'

onlineConfiguration
OnlineConfiguration

Configuration parameters to control the online/hot backup with volume snapshots Overrides the default settings specified in the cluster '.backup.volumeSnapshot.onlineConfiguration' stanza

ScheduledBackupStatus

Appears in:

ScheduledBackupStatus defines the observed state of ScheduledBackup

FieldDescription
lastCheckTime
meta/v1.Time

The latest time the schedule

lastScheduleTime
meta/v1.Time

Information when was the last time that backup was successfully scheduled.

nextScheduleTime
meta/v1.Time

Next time we will run a backup

SecretKeySelector

Appears in:

SecretKeySelector contains enough information to let you locate the key of a Secret

FieldDescription
LocalObjectReference
LocalObjectReference
(Members of LocalObjectReference are embedded into this type.)

The name of the secret in the pod's namespace to select from.

key [Required]
string

The key to select

SecretVersion

Appears in:

SecretVersion contains a secret name and its ResourceVersion

FieldDescription
name
string

The name of the secret

version
string

The ResourceVersion of the secret

SecretsResourceVersion

Appears in:

SecretsResourceVersion is the resource versions of the secrets managed by the operator

FieldDescription
superuserSecretVersion
string

The resource version of the "postgres" user secret

replicationSecretVersion
string

The resource version of the "streaming_replica" user secret

applicationSecretVersion
string

The resource version of the "app" user secret

managedRoleSecretVersion
map[string]string

The resource versions of the managed roles secrets

caSecretVersion
string

Unused. Retained for compatibility with old versions.

clientCaSecretVersion
string

The resource version of the PostgreSQL client-side CA secret version

serverCaSecretVersion
string

The resource version of the PostgreSQL server-side CA secret version

serverSecretVersion
string

The resource version of the PostgreSQL server-side secret version

barmanEndpointCA
string

The resource version of the Barman Endpoint CA if provided

externalClusterSecretVersion
map[string]string

The resource versions of the external cluster secrets

metrics
map[string]string

A map with the versions of all the secrets used to pass metrics. Map keys are the secret names, map values are the versions

ServiceAccountTemplate

Appears in:

ServiceAccountTemplate contains the template needed to generate the service accounts

FieldDescription
metadata [Required]
Metadata

Metadata are the metadata to be used for the generated service account

SnapshotOwnerReference

(Alias of string)

Appears in:

SnapshotOwnerReference defines the reference type for the owner of the snapshot. This specifies which owner the processed resources should relate to.

SnapshotType

(Alias of string)

Appears in:

SnapshotType is a type of allowed import

StorageConfiguration

Appears in:

StorageConfiguration is the configuration of the storage of the PostgreSQL instances

FieldDescription
storageClass
string

StorageClass to use for database data (PGDATA). Applied after evaluating the PVC template, if available. If not specified, generated PVCs will be satisfied by the default storage class

size
string

Size of the storage. Required if not already specified in the PVC template. Changes to this field are automatically reapplied to the created PVCs. Size cannot be decreased.

resizeInUseVolumes
bool

Resize existent PVCs, defaults to true

pvcTemplate
core/v1.PersistentVolumeClaimSpec

Template to be used to generate the Persistent Volume Claim

SyncReplicaElectionConstraints

Appears in:

SyncReplicaElectionConstraints contains the constraints for sync replicas election.

For anti-affinity parameters two instances are considered in the same location if all the labels values match.

In future synchronous replica election restriction by name will be supported.

FieldDescription
nodeLabelsAntiAffinity
[]string

A list of node labels values to extract and compare to evaluate if the pods reside in the same topology or not

enabled [Required]
bool

This flag enables the constraints for sync replicas

Topology

Appears in:

Topology contains the cluster topology

FieldDescription
instances
map[PodName]PodTopologyLabels

Instances contains the pod topology of the instances

nodesUsed
int32

NodesUsed represents the count of distinct nodes accommodating the instances. A value of '1' suggests that all instances are hosted on a single node, implying the absence of High Availability (HA). Ideally, this value should be the same as the number of instances in the Postgres HA cluster, implying shared nothing architecture on the compute side.

successfullyExtracted
bool

SuccessfullyExtracted indicates if the topology data was extract. It is useful to enact fallback behaviors in synchronous replica election in case of failures

VolumeSnapshotConfiguration

Appears in:

VolumeSnapshotConfiguration represents the configuration for the execution of snapshot backups.

FieldDescription
labels
map[string]string

Labels are key-value pairs that will be added to .metadata.labels snapshot resources.

annotations
map[string]string

Annotations key-value pairs that will be added to .metadata.annotations snapshot resources.

className
string

ClassName specifies the Snapshot Class to be used for PG_DATA PersistentVolumeClaim. It is the default class for the other types if no specific class is present

walClassName
string

WalClassName specifies the Snapshot Class to be used for the PG_WAL PersistentVolumeClaim.

snapshotOwnerReference
SnapshotOwnerReference

SnapshotOwnerReference indicates the type of owner reference the snapshot should have

online
bool

Whether the default type of backup with volume snapshots is online/hot (true, default) or offline/cold (false)

onlineConfiguration
OnlineConfiguration

Configuration parameters to control the online/hot backup with volume snapshots

WalBackupConfiguration

Appears in:

WalBackupConfiguration is the configuration of the backup of the WAL stream

FieldDescription
compression
CompressionType

Compress a WAL file before sending it to the object store. Available options are empty string (no compression, default), gzip, bzip2 or snappy.

encryption
EncryptionType

Whenever to force the encryption of files (if the bucket is not already configured for that). Allowed options are empty string (use the bucket policy, default), AES256 and aws:kms

maxParallel
int

Number of WAL files to be either archived in parallel (when the PostgreSQL instance is archiving to a backup object store) or restored in parallel (when a PostgreSQL standby is fetching WAL files from a recovery object store). If not specified, WAL files will be processed one at a time. It accepts a positive integer as a value - with 1 being the minimum accepted value.