API Reference

object

Refer to the Kubernetes API documentation for the fields of the metadata field.

true

role

string

Assigns a DSM role to the specified subjects. Supported values: DSM_ADMIN, DSM_USER, OBJECT_STORE_ADMIN

Immutable.

true

subjects

[]object

Subjects represent either DSM local users (https://<provider_ip>/provider/users) or LDAP groups to which the role applies.

Mutable.

Default: []

false

DsmRoleBinding.subjects[index]

Subject defines a user or group to be bound to a role

Name	Type	Description	Required
kind	string	Kind of the Subject. Supported values: User, Group	true
name	string	Name of the user or group. This value is stored exactly as provided (case-sensitive), but all comparisons and validations involving this field are case-insensitive.	true

Name

Type

Description

Required

kind

string

Kind of the Subject. Supported values: User, Group

true

name

string

Name of the user or group. This value is stored exactly as provided (case-sensitive), but all comparisons and validations involving this field are case-insensitive.

true

databases.dataservices.vmware.com/v1alpha1

Resource Types:

ArchivedMySQLCluster
ArchivedPostgresCluster
BackupLocation
DatabaseConfig
MySQLCluster
PostgresCluster

ArchivedMySQLCluster

ArchivedMySQLCluster is the Schema for the ArchivedMySQLCluster API. ArchivedMySQLCluster is created automatically when MySQLCluster with enabled automated backups is deleted. An ArchivedMySQLCluster represents the retained automated backups and binlogs that were taken for that deleted MySQLCluster. It is named after the MySQLCluster and is created in the same namespace. ArchivedMySQLCluster can be used to perform point-in-time recovery for that deleted cluster. ArchivedMySQLCluster is automatically deleted once retention expires. To use a ArchivedMySQLCluster reference its name when creating a new MySQLCluster by passing the .spec.basedOn.cluster.name field. Example:

apiVersion: databases.dataservices.vmware.com/v1alpha1
kind: MySQLCluster
metadata:
  name: restored-source-1
  namespace: default
spec:
  basedOn:
    cluster:
      name: source-1 # the name of the referenced ArchivedMySQLCluster

Name Type Description Required

Name	Type	Description	Required
apiVersion	string	databases.dataservices.vmware.com.v1alpha1	true
kind	string	ArchivedMySQLCluster	true
metadata	object	Refer to the Kubernetes API documentation for the fields of the `metadata` field.	true
spec	object	ArchivedMySQLClusterSpec defines the desired state of ArchivedMySQLCluster.	false
status	object	ArchivedMySQLClusterStatus defines the observed state of ArchivedMySQLCluster.	false

apiVersion

string

databases.dataservices.vmware.com.v1alpha1

true

kind

string

ArchivedMySQLCluster

true

object

Refer to the Kubernetes API documentation for the fields of the metadata field.

true

spec

object

ArchivedMySQLClusterSpec defines the desired state of ArchivedMySQLCluster.

false

status

object

ArchivedMySQLClusterStatus defines the observed state of ArchivedMySQLCluster.

false

ArchivedMySQLCluster.spec

ArchivedMySQLClusterSpec defines the desired state of ArchivedMySQLCluster.

Name	Type	Description	Required
expiresAt	string	ExpiresAt represent the point in time when backups and binary logs associated with ArchivedMySQLCluster will be expired. DSM will perform the cleanup after this point in time. Required. Mutable. Format: date-time	false

Name

Type

Description

Required

expiresAt

string

ExpiresAt represent the point in time when backups and binary logs associated with ArchivedMySQLCluster will be expired. DSM will perform the cleanup after this point in time.

Required.

Mutable.

Format: date-time

false

ArchivedMySQLCluster.status

ArchivedMySQLClusterStatus defines the observed state of ArchivedMySQLCluster.

Name Type Description Required

Name	Type	Description	Required
backupId	string	BackupId is set only for clusters with enabled automatic backups. This is a unique ID that can be used to locate backup files in storage. For MySQL, it is the UID of the MySQL cluster object in the workload cluster. Required. Immutable.	false
conditions	[]object	Conditions contain the list of observed conditions of the archived cluster. One of the following statuses can occur. `Ready` condition with status True and reason Reconciled, indicates that the ArchivedMySQLCluster is ready to be used in restore flow. `Cleanup` condition with status False and reason Failed, indicates if there was an error during backup and binary log deletion.	false
databaseName	string	The name of the default MySQL database Required. Immutable.	false
mysqlClusterSpec	object	The last known spec of the cluster that got archived. Required. Immutable.	false
upgradeStatus	object	UpgradeStatus represents version state transitions history for the deleted cluster Required. Immutable.	false

backupId

string

BackupId is set only for clusters with enabled automatic backups. This is a unique ID that can be used to locate backup files in storage.

For MySQL, it is the UID of the MySQL cluster object in the workload cluster.

Required.

Immutable.

false

[]object

Conditions contain the list of observed conditions of the archived cluster. One of the following statuses can occur.

Ready condition with status True and reason Reconciled, indicates that the ArchivedMySQLCluster is ready to be used in restore flow. Cleanup condition with status False and reason Failed, indicates if there was an error during backup and binary log deletion.

false

databaseName

string

The name of the default MySQL database

Required.

Immutable.

false

mysqlClusterSpec

object

The last known spec of the cluster that got archived.

Required.

Immutable.

false

object

UpgradeStatus represents version state transitions history for the deleted cluster

Required.

Immutable.

false

ArchivedMySQLCluster.status.conditions[index]

Condition contains details for one aspect of the current state of this API Resource.

Name	Type	Description	Required
lastTransitionTime	string	lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. Format: date-time	true
message	string	message is a human readable message indicating details about the transition. This may be an empty string.	true
reason	string	reason contains a programmatic identifier indicating the reason for the condition’s last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.	true
status	enum	status of the condition, one of True, False, Unknown. Enum: True, False, Unknown	true
type	string	type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)	true
observedGeneration	integer	observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. Format: int64 Minimum: 0	false

Name

Type

Description

Required

lastTransitionTime

string

lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.

Format: date-time

true

message

string

message is a human readable message indicating details about the transition. This may be an empty string.

true

reason

string

reason contains a programmatic identifier indicating the reason for the condition’s last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.

true

status

enum

status of the condition, one of True, False, Unknown.

Enum: True, False, Unknown

true

type

string

type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)

true

observedGeneration

integer

observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.

Format: int64
Minimum: 0

false

ArchivedMySQLCluster.status.mysqlClusterSpec

The last known spec of the cluster that got archived.

Required.

Immutable.

Name Type Description Required

Name	Type	Description	Required
infrastructurePolicy	object	InfrastructurePolicy refers to the infrastructure policy resource used to create this cluster. Required - Must refer to a valid `InfrastructurePolicy`. Immutable.	true
storagePolicyName	string	StoragePolicyName declares the name of the storage policy that should be used to create this postgres cluster. It must be part of the InfrastructurePolicy used by this cluster. Required - Must refer to a valid `StoragePolicyName`. Immutable.	true
storageSpace	string	StorageSpace declares the disk size allocated to each node hosting the workload. You can express storage as a plain integer or as a fixed-point number using one of these suffixes - E, P, T, G, M, k. You can also use the power-of-two equivalents - Ei, Pi, Ti, Gi, Mi, Ki Range - 20Gi - 10Ti. Required. Mutable - (increase only).	true
version	string	Version declares the version of the database engine to be used. To upgrade the database engine change this field. The list of supported engine versions can be found by inspecting the DataServiceVersion resources and in the VMware Data Services Manager UI. Required. Mutable.	true
vmClass	object	VMClass refers to the VM class that should be used to create this cluster. It must be part of the InfrastructurePolicy used by this cluster. Required - Must refer to a valid `VMClass`. Mutable - (Only increases in resources are allowed).	true
backupConfig	object	BackupConfig declares the cluster’s backup configuration details. If specified a `BackupLocation` must also be specified. Optional. Mutable.	false
backupLocation	object	BackupLocation, if specified, must point to an existing BackupLocation custom resource in the same namespace as the cluster or in the dsm-system NS. It will be used by the 'BackupConfig', which must be specified whenever BackupLocation is specified. If specified, a `backupConfig` must also be specified. Optional. Mutable.	false
basedOn	object	BasedOn identifies the source cluster on which this cluster will be based on. Users cannot base their clusters on clusters owned by other users unless the user has DSM_Admin role. The new cluster will inherit the ownership from its source cluster. It can be changed if necessary after the cluster is created. Field Cluster works both if the cluster is alive and if it is deleted, but we are still retaining its backups. To create a new MySQL cluster based on a live cluster pass the name of the cluster. To create a new MySQL cluster based on an archived cluster with retained backups pass the name of the ArchivedMySQLCluster Optional. Immutable.	false
databaseConfig	object	DatabaseConfig refers to the database config object that will be applied to this cluster. Database Config is used to apply custom params/configs to the database represented by this CR. A Database Config can only be applied to a single cluster at a time and cannot be deleted if it is in use by a cluster. The DatabaseConfig must exist in same namespace as cluster. Optional. Mutable.	false
description	string	Description contains the human-readable description of the cluster. Optional. Mutable.	false
directoryService	object	DirectoryService refers to the DirectoryService resource with LDAP or Active Directory settings used by this cluster. Optional. Mutable.	false
dnsNames	[]string	One or more DNS names / FQDNs for database access. These DNS names will be included in the SAN field of the TLS certificate if auto-generated by DSM. The first DNS name will also be included in the URL connection string displayed in DSM UI. If a custom TLS certificate is provided, it is important its SAN field to match the DNS names provided here, so clients can ensure a secure connection. Optional. Mutable. When updated, DSM will re-generate the TLS certificate if no custom certificate is provided.	false
maintenanceWindow	object	MaintenanceWindow refers to the System maintenance window. Enabled Maintenance Window will allow CVEs, bug fixes and new Lifecycle Management features for the VM, OS, any supporting software to be addressed. Database minor version upgrades can also be performed. Changes applied during this window should only result in minimum downtime when the database is deployed with replication. Optional. Mutable.	false
members	integer	The number of members for cluster. Could be `1` or `3` Default - `1` Mutable. Enum: 1, 3 Default: 1	false
placementSelector	object	PlacementSelector refers to a placement declared in the InfrastructurePolicy. Usually this field should be left empty to allow the system to determine it automatically. A placement should be found in the `InfrastructurePolicy` with the same datacenter, cluster and resource pool to be considered valid. Optional. Immutable.	false
tls	object	TLS refers to the SSL/TLS configuration of the database cluster. Optional. Mutable.	false

object

InfrastructurePolicy refers to the infrastructure policy resource used to create this cluster.

Required - Must refer to a valid InfrastructurePolicy.

Immutable.

true

storagePolicyName

string

StoragePolicyName declares the name of the storage policy that should be used to create this postgres cluster. It must be part of the InfrastructurePolicy used by this cluster.

Required - Must refer to a valid StoragePolicyName.

Immutable.

true

storageSpace

string

StorageSpace declares the disk size allocated to each node hosting the workload. You can express storage as a plain integer or as a fixed-point number using one of these suffixes - E, P, T, G, M, k. You can also use the power-of-two equivalents - Ei, Pi, Ti, Gi, Mi, Ki

Range - 20Gi - 10Ti.

Required.

Mutable - (increase only).

true

version

string

Version declares the version of the database engine to be used.

To upgrade the database engine change this field.

The list of supported engine versions can be found by inspecting the DataServiceVersion resources and in the VMware Data Services Manager UI.

Required.

Mutable.

true

vmClass

object

VMClass refers to the VM class that should be used to create this cluster. It must be part of the InfrastructurePolicy used by this cluster.

Required - Must refer to a valid VMClass.

Mutable - (Only increases in resources are allowed).

true

object

BackupConfig declares the cluster’s backup configuration details.

If specified a BackupLocation must also be specified.

Optional.

Mutable.

false

object

BackupLocation, if specified, must point to an existing BackupLocation custom resource in the same namespace as the cluster or in the dsm-system NS. It will be used by the 'BackupConfig', which must be specified whenever BackupLocation is specified.

If specified, a backupConfig must also be specified.

Optional.

Mutable.

false

basedOn

object

BasedOn identifies the source cluster on which this cluster will be based on.

Users cannot base their clusters on clusters owned by other users unless the user has DSM_Admin role. The new cluster will inherit the ownership from its source cluster. It can be changed if necessary after the cluster is created.

Field Cluster works both if the cluster is alive and if it is deleted, but we are still retaining its backups. To create a new MySQL cluster based on a live cluster pass the name of the cluster. To create a new MySQL cluster based on an archived cluster with retained backups pass the name of the ArchivedMySQLCluster

Optional.

Immutable.

false

object

DatabaseConfig refers to the database config object that will be applied to this cluster.

Database Config is used to apply custom params/configs to the database represented by this CR.

A Database Config can only be applied to a single cluster at a time and cannot be deleted if it is in use by a cluster.

The DatabaseConfig must exist in same namespace as cluster.

Optional.

Mutable.

false

description

string

Description contains the human-readable description of the cluster.

Optional.

Mutable.

false

object

DirectoryService refers to the DirectoryService resource with LDAP or Active Directory settings used by this cluster.

Optional.

Mutable.

false

dnsNames

[]string

One or more DNS names / FQDNs for database access.

These DNS names will be included in the SAN field of the TLS certificate if auto-generated by DSM. The first DNS name will also be included in the URL connection string displayed in DSM UI.

If a custom TLS certificate is provided, it is important its SAN field to match the DNS names provided here, so clients can ensure a secure connection.

Optional.

Mutable. When updated, DSM will re-generate the TLS certificate if no custom certificate is provided.

false

object

MaintenanceWindow refers to the System maintenance window. Enabled Maintenance Window will allow CVEs, bug fixes and new Lifecycle Management features for the VM, OS, any supporting software to be addressed. Database minor version upgrades can also be performed. Changes applied during this window should only result in minimum downtime when the database is deployed with replication.

Optional.

Mutable.

false

members

integer

The number of members for cluster. Could be 1 or 3

Default - 1

Mutable.

Enum: 1, 3
Default: 1

false

object

PlacementSelector refers to a placement declared in the InfrastructurePolicy.

Usually this field should be left empty to allow the system to determine it automatically. A placement should be found in the InfrastructurePolicy with the same datacenter, cluster and resource pool to be considered valid.

Optional.

Immutable.

false

tls

object

TLS refers to the SSL/TLS configuration of the database cluster.

Optional.

Mutable.

false

ArchivedMySQLCluster.status.mysqlClusterSpec.infrastructurePolicy

InfrastructurePolicy refers to the infrastructure policy resource used to create this cluster.

Required - Must refer to a valid InfrastructurePolicy.

Immutable.

Name	Type	Description	Required
name	string	Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names ?	false

Name

Type

Description

Required

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names ?

false

ArchivedMySQLCluster.status.mysqlClusterSpec.vmClass

VMClass refers to the VM class that should be used to create this cluster. It must be part of the InfrastructurePolicy used by this cluster.

Required - Must refer to a valid VMClass.

Mutable - (Only increases in resources are allowed).

Name	Type	Description	Required
name	string	Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names ?	false

Name

Type

Description

Required

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names ?

false

ArchivedMySQLCluster.status.mysqlClusterSpec.backupConfig

BackupConfig declares the cluster’s backup configuration details.

If specified a BackupLocation must also be specified.

Optional.

Mutable.

Name Type Description Required

Name	Type	Description	Required
backupRetentionDays	integer	BackupRetentionDays describes the number of days to store backups Must be `1` or greater. Required. Mutable. Format: int64	false
schedules	[]object	Schedules user defined schedules of when the system will perform backups. Required. Mutable.	false

backupRetentionDays

integer

BackupRetentionDays describes the number of days to store backups Must be 1 or greater.

Required.

Mutable.

Format: int64

false

schedules

[]object

Schedules user defined schedules of when the system will perform backups.

Required.

Mutable.

false

ArchivedMySQLCluster.status.mysqlClusterSpec.backupConfig.schedules[index]

Name Type Description Required

Name	Type	Description	Required
name	string	Name of the schedule. Required. Immutable.	true
schedule	string	The schedule in the form of a cron schedule. Required. Mutable.	true
type	string	Type of schedule. Can be `full` or `incremental`. Required. Immutable.	true

name

string

Name of the schedule.

Required.

Immutable.

true

schedule

string

The schedule in the form of a cron schedule.

Required.

Mutable.

true

type

string

Type of schedule. Can be full or incremental.

Required.

Immutable.

true

ArchivedMySQLCluster.status.mysqlClusterSpec.backupLocation

If specified, a backupConfig must also be specified.

Optional.

Mutable.

Name	Type	Description	Required
name	string	Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names ?	false

Name

Type

Description

Required

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names ?

false

ArchivedMySQLCluster.status.mysqlClusterSpec.basedOn

BasedOn identifies the source cluster on which this cluster will be based on.

Optional.

Immutable.

Name	Type	Description	Required
cluster	object	Cluster contains the name of the source cluster and timestamp to use as the restore point. Required. Immutable.	true

Name

Type

Description

Required

cluster

object

Cluster contains the name of the source cluster and timestamp to use as the restore point.

Required.

Immutable.

true

ArchivedMySQLCluster.status.mysqlClusterSpec.basedOn.cluster

Cluster contains the name of the source cluster and timestamp to use as the restore point.

Required.

Immutable.

Name	Type	Description	Required
name	string	Name is the name of the source cluster from which to restore. Required. Immutable.	true
timestamp	string	Timestamp is the point in time to restore from. The restore will happen to the last available recovery time before the given time. If timestamp is not provided restore will be initiated to the latest available recovery time. Optional. Immutable. Format: date-time	false

Name

Type

Description

Required

name

string

Name is the name of the source cluster from which to restore.

Required.

Immutable.

true

timestamp

string

Timestamp is the point in time to restore from. The restore will happen to the last available recovery time before the given time. If timestamp is not provided restore will be initiated to the latest available recovery time.

Optional.

Immutable.

Format: date-time

false

ArchivedMySQLCluster.status.mysqlClusterSpec.databaseConfig

DatabaseConfig refers to the database config object that will be applied to this cluster.

Database Config is used to apply custom params/configs to the database represented by this CR.

A Database Config can only be applied to a single cluster at a time and cannot be deleted if it is in use by a cluster.

The DatabaseConfig must exist in same namespace as cluster.

Optional.

Mutable.

Name	Type	Description	Required
name	string	Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names ?	false

Name

Type

Description

Required

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names ?

false

ArchivedMySQLCluster.status.mysqlClusterSpec.directoryService

DirectoryService refers to the DirectoryService resource with LDAP or Active Directory settings used by this cluster.

Optional.

Mutable.

Name	Type	Description	Required
apiVersion	string	API version of the referent.	false
fieldPath	string	If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.	false
kind	string	Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds	false
name	string	Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names	false
namespace	string	Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/	false
resourceVersion	string	Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency	false
uid	string	UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids	false

Name

Type

Description

Required

apiVersion

string

API version of the referent.

false

fieldPath

string

If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.

false

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

false

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

false

namespace

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

false

resourceVersion

string

Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

false

uid

string

UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids

false

ArchivedMySQLCluster.status.mysqlClusterSpec.maintenanceWindow

Optional.

Mutable.

Name Type Description Required

Name	Type	Description	Required
duration	string	Duration describes the duration of the maintenance window. Required. Mutable.	true
startDay	enum	StartDay describes the day of the week the maintenance window will commence. Can be any of `MONDAY`;`TUESDAY`;`WEDNESDAY`;`THURSDAY`;`FRIDAY`;`SATURDAY`;`SUNDAY` Required. Mutable. Enum: MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY	true
startTime	string	StartTime describes the time of the day to start the maintenance window. Required. Mutable.	true

duration

string

Duration describes the duration of the maintenance window.

Required.

Mutable.

true

startDay

enum

StartDay describes the day of the week the maintenance window will commence.

Can be any of MONDAY;`TUESDAY`;`WEDNESDAY`;`THURSDAY`;`FRIDAY`;`SATURDAY`;`SUNDAY`

Required.

Mutable.

Enum: MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY

true

startTime

string

StartTime describes the time of the day to start the maintenance window.

Required.

Mutable.

true

ArchivedMySQLCluster.status.mysqlClusterSpec.placementSelector

PlacementSelector refers to a placement declared in the InfrastructurePolicy.

Optional.

Immutable.

Name	Type	Description	Required
cluster	string	Cluster is the datacenter’s cluster name to be used when placing the data service workload. Use the full qualified name of the cluster, relative to the datacenter. A cluster "Cluster1" inside a folder "clusters", should be declared as "clusters/Cluster1". Any slash in the name is considered a path delimiter, use the literal '%2f' if need to represent a slash in the cluster name. Required. Mutable.	true
datacenter	string	Datacenter is the vSphere Datacenter to be used when placing the data service workload. The full qualified path to the datacenter must be provided if the datacenter is placed inside a folder. Any slash in the name is considered a path delimiter, use the literal '%2f' if need to represent a slash in the datacenter name. Required. Mutable.	true
resourcePool	string	ResourcePool is the Cluster’s resource pool to be used when placing the data service workload. If the resource pool is not provided, the whole cluster is used as the placement. Optional. Mutable.	false

Name

Type

Description

Required

cluster

string

Cluster is the datacenter’s cluster name to be used when placing the data service workload. Use the full qualified name of the cluster, relative to the datacenter. A cluster "Cluster1" inside a folder "clusters", should be declared as "clusters/Cluster1". Any slash in the name is considered a path delimiter, use the literal '%2f' if need to represent a slash in the cluster name.

Required.

Mutable.

true

datacenter

string

Datacenter is the vSphere Datacenter to be used when placing the data service workload. The full qualified path to the datacenter must be provided if the datacenter is placed inside a folder. Any slash in the name is considered a path delimiter, use the literal '%2f' if need to represent a slash in the datacenter name.

Required.

Mutable.

true

resourcePool

string

ResourcePool is the Cluster’s resource pool to be used when placing the data service workload. If the resource pool is not provided, the whole cluster is used as the placement.

Optional.

Mutable.

false

ArchivedMySQLCluster.status.mysqlClusterSpec.tls

TLS refers to the SSL/TLS configuration of the database cluster.

Optional.

Mutable.

Name	Type	Description	Required
secretName	string	The name of a Secret resource present in the same namespace as the database cluster, describing a custom certificate. The expected format of the Secret is the same as the output Secrets created by cert-manager’s Certificate resource. It needs to have keys: tls.crt: PEM signed certificate chain tls.key: PEM private key ca.crt: PEM CA certificate The ca.crt is optional if there is at least one issuer certificate in the certificate chain (tls.crt key). That issuer can either be a self-signed leaf certificate, or an intermediate or root certificate authority. Optional. When omitted, DSM will auto-generate a certificate using its own internal certificate authority. When specified, DSM will override its auto-generated certificate and use the one described in the Secret. Mutable. To update a custom certificate, either refer to a new Secret, or update the already referenced one. If the database cluster will be accessed by IP, the TLS configuration needs to be applied after initial creation, because the IP can be retrieved only then, so it can be encoded in the certificate.	false

Name

Type

Description

Required

secretName

string

The name of a Secret resource present in the same namespace as the database cluster, describing a custom certificate.

The expected format of the Secret is the same as the output Secrets created by cert-manager’s Certificate resource. It needs to have keys: tls.crt: PEM signed certificate chain tls.key: PEM private key ca.crt: PEM CA certificate The ca.crt is optional if there is at least one issuer certificate in the certificate chain (tls.crt key). That issuer can either be a self-signed leaf certificate, or an intermediate or root certificate authority.

Optional. When omitted, DSM will auto-generate a certificate using its own internal certificate authority. When specified, DSM will override its auto-generated certificate and use the one described in the Secret.

Mutable. To update a custom certificate, either refer to a new Secret, or update the already referenced one. If the database cluster will be accessed by IP, the TLS configuration needs to be applied after initial creation, because the IP can be retrieved only then, so it can be encoded in the certificate.

false

ArchivedMySQLCluster.status.upgradeStatus

UpgradeStatus represents version state transitions history for the deleted cluster

Required.

Immutable.

Name	Type	Description	Required
currentVersion	string	The actual current version of the database cluster. This is going to be the same as spec.version, unless an upgrade has been requested. In the latter case, this field will be updated once the upgrade completes.	false
history	[]object	Historical data of the upgrades performed. It is not preserved for restored clusters.	false

Name

Type

Description

Required

currentVersion

string

The actual current version of the database cluster. This is going to be the same as spec.version, unless an upgrade has been requested. In the latter case, this field will be updated once the upgrade completes.

false

history

[]object

Historical data of the upgrades performed. It is not preserved for restored clusters.

false

ArchivedMySQLCluster.status.upgradeStatus.history[index]

Name	Type	Description	Required
complete	string	Timestamp of when the upgrade completed. Format: date-time	false
fromVersion	string	The version from which the cluster was upgraded.	false
isMajorUpgrade	boolean	IsMajorUpgrade specifies whether the upgrade was a major or a minor version upgrade.	false
message	string	Message contains the reason for a failure or rejection.	false
start	string	Timestamp of when the upgrade started. This is the time right before the upgrade operations has started and restores are guaranteed to succeed at or before that time. The period after Start and before Complete is considered a blackout period and restores within this interval could lead to unexpected results. Format: date-time	false
status	enum	Status indicates the status of the upgrade. Enum: Succeeded, Aborted, Failed	false
toVersion	string	The version to which the cluster was upgraded. If the upgrade was aborted or has failed, this field will have the same value as FromVersion.	false

Name

Type

Description

Required

complete

string

Timestamp of when the upgrade completed.

Format: date-time

false

fromVersion

string

The version from which the cluster was upgraded.

false

isMajorUpgrade

boolean

IsMajorUpgrade specifies whether the upgrade was a major or a minor version upgrade.

false

message

string

Message contains the reason for a failure or rejection.

false

start

string

Timestamp of when the upgrade started. This is the time right before the upgrade operations has started and restores are guaranteed to succeed at or before that time. The period after Start and before Complete is considered a blackout period and restores within this interval could lead to unexpected results.

Format: date-time

false

status

enum

Status indicates the status of the upgrade.

Enum: Succeeded, Aborted, Failed

false

toVersion

string

The version to which the cluster was upgraded. If the upgrade was aborted or has failed, this field will have the same value as FromVersion.

false

ArchivedPostgresCluster

ArchivedPostgresCluster is the Schema for the archivedpostgrescluster API. ArchivedPostgresCluster is created automatically when PostgresCluster with enabled automated backups is deleted. An ArchivedPostgresCluster represents the retained automated backups and WAL archive that were taken for that deleted PostgresCluster. It is named after the PostgresCluster and is created in the same namespace. ArchivedPostgresCluster can be used to perform point-in-time recovery for that deleted cluster. ArchivedPostgresCluster is automatically deleted once retention expires.

To use a ArchivedPostgresCluster reference its name when creating a new PostgresCluster by passing the .spec.basedOn.cluster.name field. Example:

apiVersion: databases.dataservices.vmware.com/v1alpha1
kind: PostgresCluster
metadata:
  name: restored-source-1
  namespace: default
spec:
  basedOn:
    cluster:
      name: source-1 # the name of the referenced ArchivedPostgresCluster

Name Type Description Required

Name	Type	Description	Required
apiVersion	string	databases.dataservices.vmware.com.v1alpha1	true
kind	string	ArchivedPostgresCluster	true
metadata	object	Refer to the Kubernetes API documentation for the fields of the `metadata` field.	true
spec	object	ArchivedPostgresClusterSpec is the Schema for the ArchivedPostgresCluster API.	false
status	object	ArchivedPostgresClusterStatus defines the observed state of ArchivedPostgresCluster.	false

apiVersion

string

databases.dataservices.vmware.com.v1alpha1

true

kind

string

ArchivedPostgresCluster

true

object

Refer to the Kubernetes API documentation for the fields of the metadata field.

true

spec

object

ArchivedPostgresClusterSpec is the Schema for the ArchivedPostgresCluster API.

false

status

object

ArchivedPostgresClusterStatus defines the observed state of ArchivedPostgresCluster.

false

ArchivedPostgresCluster.spec

ArchivedPostgresClusterSpec is the Schema for the ArchivedPostgresCluster API.

Name	Type	Description	Required
expiresAt	string	ExpiresAt represent the point in time when backups and WAL archive associated with ArchivedPostgresCluster will be expired. DSM will perform the cleanup after this point in time. Required. Mutable. Format: date-time	false

Name

Type

Description

Required

expiresAt

string

ExpiresAt represent the point in time when backups and WAL archive associated with ArchivedPostgresCluster will be expired. DSM will perform the cleanup after this point in time.

Required.

Mutable.

Format: date-time

false

ArchivedPostgresCluster.status

ArchivedPostgresClusterStatus defines the observed state of ArchivedPostgresCluster.

Name Type Description Required

Name	Type	Description	Required
backupId	string	BackupId is set only for clusters with enabled automatic backups. This is a unique ID that can be used to locate backup files in storage. For PostgreSQL, it is the stanzaName of the database cluster. Required. Immutable.	false
conditions	[]object	Conditions contain the list of observed conditions of the archived clusters. One of the following statuses can occur. `Ready` condition with status true and reason Reconciled, indicates that the ArchivedPostgresCluster is ready to be used in restore flow. `Cleanup` condition with status false and reason Failed, indicates if there was an error during backup and binary log deletion.	false
databaseName	string	The name of the default Postgres database in the connection string used by any restored clusters from this archive. DSM will use the default database name from connection string of the PostgresCluster associated with this archive, thus the value could be different from postgresClusterSpec.databaseName. Required. Immutable.	false
postgresClusterSpec	object	The last known spec of the cluster that got archived. Required. Immutable.	false
upgradeStatus	object	UpgradeStatus represents version state transitions history for the deleted cluster Required. Immutable.	false

backupId

string

BackupId is set only for clusters with enabled automatic backups. This is a unique ID that can be used to locate backup files in storage.

For PostgreSQL, it is the stanzaName of the database cluster.

Required.

Immutable.

false

[]object

Conditions contain the list of observed conditions of the archived clusters. One of the following statuses can occur.

Ready condition with status true and reason Reconciled, indicates that the ArchivedPostgresCluster is ready to be used in restore flow. Cleanup condition with status false and reason Failed, indicates if there was an error during backup and binary log deletion.

false

databaseName

string

The name of the default Postgres database in the connection string used by any restored clusters from this archive. DSM will use the default database name from connection string of the PostgresCluster associated with this archive, thus the value could be different from postgresClusterSpec.databaseName.

Required.

Immutable.

false

postgresClusterSpec

object

The last known spec of the cluster that got archived.

Required.

Immutable.

false

object

UpgradeStatus represents version state transitions history for the deleted cluster

Required.

Immutable.

false

ArchivedPostgresCluster.status.conditions[index]

Condition contains details for one aspect of the current state of this API Resource.

Name	Type	Description	Required
lastTransitionTime	string	lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. Format: date-time	true
message	string	message is a human readable message indicating details about the transition. This may be an empty string.	true
reason	string	reason contains a programmatic identifier indicating the reason for the condition’s last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.	true
status	enum	status of the condition, one of True, False, Unknown. Enum: True, False, Unknown	true
type	string	type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)	true
observedGeneration	integer	observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. Format: int64 Minimum: 0	false

Name

Type

Description

Required

lastTransitionTime

string

Format: date-time

true

message

string

message is a human readable message indicating details about the transition. This may be an empty string.

true

reason

string

true

status

enum

status of the condition, one of True, False, Unknown.

Enum: True, False, Unknown

true

type

string

true

observedGeneration

integer

Format: int64
Minimum: 0

false

ArchivedPostgresCluster.status.postgresClusterSpec

The last known spec of the cluster that got archived.

Required.

Immutable.

Name Type Description Required

Name	Type	Description	Required
infrastructurePolicy	object	InfrastructurePolicy refers to the infrastructure policy resource used to create this cluster. Required - Must refer to a valid `InfrastructurePolicy`. Immutable.	true
storagePolicyName	string	StoragePolicyName declares the name of the storage policy that should be used to create this postgres cluster. It must be part of the InfrastructurePolicy used by this cluster. Required - Must refer to a valid `StoragePolicyName`. Immutable.	true
storageSpace	string	StorageSpace declares the disk size allocated to each node hosting the workload. You can express storage as a plain integer or as a fixed-point number using one of these suffixes - E, P, T, G, M, k. You can also use the power-of-two equivalents - Ei, Pi, Ti, Gi, Mi, Ki Range - 20Gi - 10Ti. Required. Mutable - (increase only).	true
version	string	Version declares the version of the database engine to be used. To upgrade the database engine change this field. The list of supported engine versions can be found by inspecting the DataServiceVersion resources and in the VMware Data Services Manager UI. Required. Mutable.	true
vmClass	object	VMClass refers to the VM class that should be used to create this cluster. It must be part of the InfrastructurePolicy used by this cluster. Required - Must refer to a valid `VMClass`. Mutable - (Only increases in resources are allowed).	true
adminPasswordRef	object	AdminPasswordRef refers to a v1.Secret containing the password which the privileged user will use to connect to the database. FieldPath field indicates which key in the secret contains the password. Default - `password`. Providing inline value with Value field is not supported. The owner of the Secret must be the same as the owner of the DB cluster. When the owner of the DB cluster is changed the owner of the Secret is automatically changed to the new owner. Default - password is auto generated. Mutable. It is possible to refer to a new Secret to update the admin password, but it is not required. Updates in the already referenced Secret will also lead to update of the password.	false
adminUsername	string	AdminUserName is the desired name of the privileged user to be used when connecting to the database. AdminUserName should not be one of the following - pg_read_all_data, pg_write_all_data, pg_read_all_settings, pg_read_all_stats, pg_stat_scan_tables, pg_monitor, pg_database_owner, pg_signal_backend, pg_read_server_files, pg_write_server_files, pg_execute_server_program, pg_checkpoint, pg_use_reserved_connections, pg_create_subscription, postgres, template1, template0. Default - pgadmin. Mutable.	false
backupConfig	object	BackupConfig declares the cluster’s backup configuration details. If specified a `BackupLocation` must also be specified. Optional. Mutable.	false
backupLocation	object	BackupLocation, if specified, must point to an existing BackupLocation custom resource in the same namespace as the cluster or in the dsm-system NS. It will be used by the 'BackupConfig', which must be specified whenever BackupLocation is specified. If specified, a `backupConfig` must also be specified. Optional. Mutable.	false
basedOn	object	BasedOn identifies the source cluster on which this cluster will be based on. Users cannot base their clusters on clusters owned by other users unless the user has DSM_Admin role. The new cluster will inherit the ownership from its source cluster. It can be changed if necessary after the cluster is created. Field Cluster works both if the cluster is alive and if it is deleted, but we are still retaining its backups. To create a new Postgres cluster based on a live one pass the name of the cluster. To create a new Postgres cluster based on an archived cluster with retained backups pass the name of the ArchivedPostgresCluster. Optional. Immutable.	false
databaseConfig	object	DatabaseConfig refers to the database config object that will be applied to this cluster. Database Config is used to apply custom params/configs to the database represented by this CR. A Database Config can only be applied to a single cluster at a time and cannot be deleted if it is in use by a cluster. The DatabaseConfig must exist in same namespace as cluster. Optional. Mutable.	false
databaseName	string	DatabaseName is the name of the Database which the privileged user will have permissions on. DatabaseName should not be one of the following - pg_read_all_data, pg_write_all_data, pg_read_all_settings, pg_read_all_stats, pg_stat_scan_tables, pg_monitor, pg_database_owner, pg_signal_backend, pg_read_server_files, pg_write_server_files, pg_execute_server_program, pg_checkpoint, pg_use_reserved_connections, pg_create_subscription, postgres, template1, template0. Default - Same as database cluster name. Mutable.	false
description	string	Description contains the human-readable description of the cluster. Optional. Mutable.	false
directoryService	object	DirectoryService refers to the DirectoryService resource with LDAP or Active Directory settings used by this cluster. Optional. Mutable.	false
dnsNames	[]string	One or more DNS names / FQDNs for database access. These DNS names will be included in the SAN field of the TLS certificate if auto-generated by DSM. The first DNS name will also be included in the URL connection string displayed in DSM UI. If a custom TLS certificate is provided, it is important its SAN field to match the DNS names provided here, so clients can ensure a secure connection. Optional. Mutable. When updated, DSM will re-generate the TLS certificate if no custom certificate is provided.	false
hbaRef	object	HbaRef refers to a Secret containing custom `pg_hba.conf` entries for user authentication. See https://www.postgresql.org/docs/current/auth-pg-hba-conf.html The Secret must be in the same namespace as the database cluster. Once created, the HBA Secret cannot be modified. If you need to change the HBA configuration, create a new Secret and update the reference here. The Secret should contain the `pg_hba.conf` entries under a specific key `pg_hba.conf`. These entries will be inserted into the `pg_hba.conf` file with a priority lower than system users Only the authentication methods `scram-sha-256`,`reject` are allowed in the custom entries. For example, to permit all users whose usernames end with @local to authenticate using their database passwords, you can add: kind: Secret metadata: name: db-cluster-1-custom-pg-hba immutable: true stringData: pg_hba.conf: \| host all /^(.*)@local$ all scram-sha-256 Care should be taken to ensure that the custom entries do not interfere with the system-managed entries or lock out users from accessing the cluster. This is because the order in which the HBA entries are defined matters. The first record with a matching connection type, client address, requested database, and user name is used to perform authentication. The final `pg_hba.conf` will functionally look like: host all pgadmin all scram-sha-256 host all postgres_exporter all scram-sha-256 #<YOUR CUSTOM ENTRIES ARE ADDED HERE> host all all all ldap ... # This entry is added only if directory service is enabled for the cluster host all all all scram-sha-256	false
maintenanceWindow	object	MaintenanceWindow refers to the System maintenance window. Enabled Maintenance Window will allow CVEs, bug fixes and new Lifecycle Management features for the VM, OS, any supporting software to be addressed. Database minor version upgrades can also be performed. Changes applied during this window should only result in minimum downtime when the database is deployed with replication. Optional. Mutable.	false
placementSelector	object	PlacementSelector refers to a placement declared in the InfrastructurePolicy. Usually this field should be left empty to allow the system to determine it automatically. A placement should be found in the `InfrastructurePolicy` with the same datacenter, cluster and resource pool to be considered valid. Optional. Immutable.	false
replicas	integer	Represents the number of nodes that are replicating from the primary node. In event of a primary outage one of the replicas will be promoted to primary. Replicas can be set to 0 or 1. Starting with Data Services Manager 2.1, 3-replica clusters are no longer supported. If you have replicas set to 1, then you will have 1 primary node and 1 replica node. Default - `0` Mutable. Enum: 0, 1, 3 Default: 0	false
replicationSlots	[]object	ReplicationSlots configures a list postgres replication slots that will be created on this instance for disaster recovery or migration purposes. A replication slot can be removed if it is no longer needed and there is no active consumer of that replication slot.	false
requestedSharedMemorySize	int or string	RequestedSharedMemorySize is the value we would try to assign for shared memory (/dev/shm) of the OS where the Postgres instance is running. No upper limit is enforced, but the system would apply one based on current VMClass memory. You can express RequestedSharedMemorySize as a fixed-point number using one of these suffixes - E, P, T, G, M, k. You can also use the power-of-two equivalents - Ei, Pi, Ti, Gi, Mi, Ki. Range - 64Mi - no limit. Default - `64Mi`. Optional. Mutable. Default: 64Mi	false
tls	object	TLS refers to the SSL/TLS configuration of the database cluster. Optional. Mutable.	false

object

InfrastructurePolicy refers to the infrastructure policy resource used to create this cluster.

Required - Must refer to a valid InfrastructurePolicy.

Immutable.

true

storagePolicyName

string

StoragePolicyName declares the name of the storage policy that should be used to create this postgres cluster. It must be part of the InfrastructurePolicy used by this cluster.

Required - Must refer to a valid StoragePolicyName.

Immutable.

true

storageSpace

string

Range - 20Gi - 10Ti.

Required.

Mutable - (increase only).

true

version

string

Version declares the version of the database engine to be used.

To upgrade the database engine change this field.

The list of supported engine versions can be found by inspecting the DataServiceVersion resources and in the VMware Data Services Manager UI.

Required.

Mutable.

true

vmClass

object

VMClass refers to the VM class that should be used to create this cluster. It must be part of the InfrastructurePolicy used by this cluster.

Required - Must refer to a valid VMClass.

Mutable - (Only increases in resources are allowed).

true

adminPasswordRef

object

AdminPasswordRef refers to a v1.Secret containing the password which the privileged user will use to connect to the database. FieldPath field indicates which key in the secret contains the password. Default - password. Providing inline value with Value field is not supported. The owner of the Secret must be the same as the owner of the DB cluster. When the owner of the DB cluster is changed the owner of the Secret is automatically changed to the new owner.

Default - password is auto generated.

Mutable. It is possible to refer to a new Secret to update the admin password, but it is not required. Updates in the already referenced Secret will also lead to update of the password.

false

adminUsername

string

AdminUserName is the desired name of the privileged user to be used when connecting to the database.

AdminUserName should not be one of the following - pg_read_all_data, pg_write_all_data, pg_read_all_settings, pg_read_all_stats, pg_stat_scan_tables, pg_monitor, pg_database_owner, pg_signal_backend, pg_read_server_files, pg_write_server_files, pg_execute_server_program, pg_checkpoint, pg_use_reserved_connections, pg_create_subscription, postgres, template1, template0.

Default - pgadmin.

Mutable.

false

object

BackupConfig declares the cluster’s backup configuration details.

If specified a BackupLocation must also be specified.

Optional.

Mutable.

false

object

If specified, a backupConfig must also be specified.

Optional.

Mutable.

false

basedOn

object

BasedOn identifies the source cluster on which this cluster will be based on.

Field Cluster works both if the cluster is alive and if it is deleted, but we are still retaining its backups. To create a new Postgres cluster based on a live one pass the name of the cluster. To create a new Postgres cluster based on an archived cluster with retained backups pass the name of the ArchivedPostgresCluster.

Optional.

Immutable.

false

object

DatabaseConfig refers to the database config object that will be applied to this cluster.

Database Config is used to apply custom params/configs to the database represented by this CR.

A Database Config can only be applied to a single cluster at a time and cannot be deleted if it is in use by a cluster.

The DatabaseConfig must exist in same namespace as cluster.

Optional.

Mutable.

false

databaseName

string

DatabaseName is the name of the Database which the privileged user will have permissions on.

DatabaseName should not be one of the following - pg_read_all_data, pg_write_all_data, pg_read_all_settings, pg_read_all_stats, pg_stat_scan_tables, pg_monitor, pg_database_owner, pg_signal_backend, pg_read_server_files, pg_write_server_files, pg_execute_server_program, pg_checkpoint, pg_use_reserved_connections, pg_create_subscription, postgres, template1, template0.

Default - Same as database cluster name.

Mutable.

false

description

string

Description contains the human-readable description of the cluster.

Optional.

Mutable.

false

object

DirectoryService refers to the DirectoryService resource with LDAP or Active Directory settings used by this cluster.

Optional.

Mutable.

false

dnsNames

[]string

One or more DNS names / FQDNs for database access.

These DNS names will be included in the SAN field of the TLS certificate if auto-generated by DSM. The first DNS name will also be included in the URL connection string displayed in DSM UI.

If a custom TLS certificate is provided, it is important its SAN field to match the DNS names provided here, so clients can ensure a secure connection.

Optional.

Mutable. When updated, DSM will re-generate the TLS certificate if no custom certificate is provided.

false

hbaRef

object

HbaRef refers to a Secret containing custom pg_hba.conf entries for user authentication. See https://www.postgresql.org/docs/current/auth-pg-hba-conf.html

The Secret must be in the same namespace as the database cluster. Once created, the HBA Secret cannot be modified. If you need to change the HBA configuration, create a new Secret and update the reference here.

The Secret should contain the pg_hba.conf entries under a specific key pg_hba.conf. These entries will be inserted into the pg_hba.conf file with a priority lower than system users

Only the authentication methods scram-sha-256,reject are allowed in the custom entries.

For example, to permit all users whose usernames end with @local to authenticate using their database passwords, you can add:

kind: Secret
metadata:
  name: db-cluster-1-custom-pg-hba
immutable: true
stringData:
 pg_hba.conf: |
    host all /^(.*)@local$ all scram-sha-256

Care should be taken to ensure that the custom entries do not interfere with the system-managed entries or lock out users from accessing the cluster. This is because the order in which the HBA entries are defined matters. The first record with a matching connection type, client address, requested database, and user name is used to perform authentication. The final pg_hba.conf will functionally look like:

host all pgadmin all scram-sha-256
host all postgres_exporter all scram-sha-256
#<YOUR CUSTOM ENTRIES ARE ADDED HERE>
host all all all ldap ...  # This entry is added only if directory service is enabled for the cluster
host all all all scram-sha-256

false

object

Optional.

Mutable.

false

object

PlacementSelector refers to a placement declared in the InfrastructurePolicy.

Optional.

Immutable.

false

replicas

integer

Represents the number of nodes that are replicating from the primary node. In event of a primary outage one of the replicas will be promoted to primary.

Replicas can be set to 0 or 1. Starting with Data Services Manager 2.1, 3-replica clusters are no longer supported. If you have replicas set to 1, then you will have 1 primary node and 1 replica node.

Default - 0

Mutable.

Enum: 0, 1, 3
Default: 0

false

replicationSlots

[]object

ReplicationSlots configures a list postgres replication slots that will be created on this instance for disaster recovery or migration purposes. A replication slot can be removed if it is no longer needed and there is no active consumer of that replication slot.

false

requestedSharedMemorySize

int or string

RequestedSharedMemorySize is the value we would try to assign for shared memory (/dev/shm) of the OS where the Postgres instance is running. No upper limit is enforced, but the system would apply one based on current VMClass memory. You can express RequestedSharedMemorySize as a fixed-point number using one of these suffixes - E, P, T, G, M, k. You can also use the power-of-two equivalents - Ei, Pi, Ti, Gi, Mi, Ki.

Range - 64Mi - no limit.

Default - 64Mi.

Optional.

Mutable.

Default: 64Mi

false

tls

object

TLS refers to the SSL/TLS configuration of the database cluster.

Optional.

Mutable.

false

ArchivedPostgresCluster.status.postgresClusterSpec.infrastructurePolicy

InfrastructurePolicy refers to the infrastructure policy resource used to create this cluster.

Required - Must refer to a valid InfrastructurePolicy.

Immutable.

Name	Type	Description	Required
name	string	Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names ?	false

Name

Type

Description

Required

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names ?

false

ArchivedPostgresCluster.status.postgresClusterSpec.vmClass

VMClass refers to the VM class that should be used to create this cluster. It must be part of the InfrastructurePolicy used by this cluster.

Required - Must refer to a valid VMClass.

Mutable - (Only increases in resources are allowed).

Name	Type	Description	Required
name	string	Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names ?	false

Name

Type

Description

Required

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names ?

false

ArchivedPostgresCluster.status.postgresClusterSpec.adminPasswordRef

Default - password is auto generated.

Mutable. It is possible to refer to a new Secret to update the admin password, but it is not required. Updates in the already referenced Secret will also lead to update of the password.

Name	Type	Description	Required
fieldPath	string	data.<key> for secrets. Optional. For most references there is a canonical key	false
name	string	The name of the secret	false
value	string	Deprecated. This field is never used by the Data Services Manager.	false

Name

Type

Description

Required

fieldPath

string

data.<key> for secrets. Optional. For most references there is a canonical key

false

name

string

The name of the secret

false

value

string

Deprecated. This field is never used by the Data Services Manager.

false

ArchivedPostgresCluster.status.postgresClusterSpec.backupConfig

BackupConfig declares the cluster’s backup configuration details.

If specified a BackupLocation must also be specified.

Optional.

Mutable.

Name Type Description Required

Name	Type	Description	Required
backupRetentionDays	integer	BackupRetentionDays describes the number of days to store backups Must be `1` or greater. Required. Mutable. Format: int64	false
schedules	[]object	Schedules user defined schedules of when the system will perform backups. Required. Mutable.	false

backupRetentionDays

integer

BackupRetentionDays describes the number of days to store backups Must be 1 or greater.

Required.

Mutable.

Format: int64

false

schedules

[]object

Schedules user defined schedules of when the system will perform backups.

Required.

Mutable.

false

ArchivedPostgresCluster.status.postgresClusterSpec.backupConfig.schedules[index]

Name Type Description Required

Name	Type	Description	Required
name	string	Name of the schedule. Required. Immutable.	true
schedule	string	The schedule in the form of a cron schedule. Required. Mutable.	true
type	string	Type of schedule. Can be `full` or `incremental`. Required. Immutable.	true

name

string

Name of the schedule.

Required.

Immutable.

true

schedule

string

The schedule in the form of a cron schedule.

Required.

Mutable.

true

type

string

Type of schedule. Can be full or incremental.

Required.

Immutable.

true

ArchivedPostgresCluster.status.postgresClusterSpec.backupLocation

If specified, a backupConfig must also be specified.

Optional.

Mutable.

Name	Type	Description	Required
name	string	Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names ?	false

Name

Type

Description

Required

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names ?

false

ArchivedPostgresCluster.status.postgresClusterSpec.basedOn

BasedOn identifies the source cluster on which this cluster will be based on.

Optional.

Immutable.

Name	Type	Description	Required
cluster	object	Cluster contains the name of the source cluster and timestamp to use as the restore point. Optional. Immutable.	false
continuousRecovery	object	ContinuousRecovery specifies the details of an external cluster that will be used as a source for continuous recovery. Once configured, this field can’t be unset.	false

Name

Type

Description

Required

cluster

object

Cluster contains the name of the source cluster and timestamp to use as the restore point.

Optional.

Immutable.

false

continuousRecovery

object

ContinuousRecovery specifies the details of an external cluster that will be used as a source for continuous recovery. Once configured, this field can’t be unset.

false

ArchivedPostgresCluster.status.postgresClusterSpec.basedOn.cluster

Cluster contains the name of the source cluster and timestamp to use as the restore point.

Optional.

Immutable.

Name	Type	Description	Required
name	string	Name is the name of the source cluster from which to restore. Required. Immutable.	true
timestamp	string	Timestamp is the point in time to restore from. The restore will happen to the last available recovery time before the given time. If timestamp is not provided restore will be initiated to the latest available recovery time. Optional. Immutable. Format: date-time	false

Name

Type

Description

Required

name

string

Name is the name of the source cluster from which to restore.

Required.

Immutable.

true

timestamp

string

Optional.

Immutable.

Format: date-time

false

ArchivedPostgresCluster.status.postgresClusterSpec.basedOn.continuousRecovery

ContinuousRecovery specifies the details of an external cluster that will be used as a source for continuous recovery. Once configured, this field can’t be unset.

Name	Type	Description	Required
replicationSlot	object	ReplicationSlot specifies the Postgres replication slot and remote cluster details from which this instance will continuously recover. If the source cluster is a DSM managed Postgres instance, the replication slot details can be retrieved from the status sub-resource of the source cluster’s PostgresCluster resource.	true
enabled	boolean	Enabled specifies if this instance should continuously retrieve activities from the source cluster. When Enabled is set to true, this instance’s Ready condition implies that the instance is now ready to serve read-only operations. When set to false, the Ready condition implies that the instance is ready to serve read-write operations.	false

Name

Type

Description

Required

replicationSlot

object

ReplicationSlot specifies the Postgres replication slot and remote cluster details from which this instance will continuously recover. If the source cluster is a DSM managed Postgres instance, the replication slot details can be retrieved from the status sub-resource of the source cluster’s PostgresCluster resource.

true

enabled

boolean

Enabled specifies if this instance should continuously retrieve activities from the source cluster. When Enabled is set to true, this instance’s Ready condition implies that the instance is now ready to serve read-only operations. When set to false, the Ready condition implies that the instance is ready to serve read-write operations.

false

ArchivedPostgresCluster.status.postgresClusterSpec.basedOn.continuousRecovery.replicationSlot

Name Type Description Required

Name	Type	Description	Required
credentials	object	Credentials specifies a Kubernetes secret that contains the credentials needed to connect to the source cluster. Required fields of the secret are user, password, database. And the optional fields are ca.crt. The referenced Postgres user must have connect and replication privilege on the source cluster. This field is mutable. Changes to the secret will be automatically applied on the instance.	true
hostname	string	Hostname specifies the hostname or ip address that can be used to connect to the source cluster. This field is immutable. Validations:** self == oldSelf: hostname is an immutable field	true
slotName	string	SlotName specifies the Postgres replication slot name that will be used for streaming replication.	true
trustBundle	object	TrustBundle is a reference to a Configmap containing a set of certificates to be trusted when validating the Servers connection. If the provided servers are configured with: - certificate signed by DSM trusted CA, TrustBundle must point to the predefined ConfigMap called `trusted-root-ca` in the `dsm-system` namespace. By default, DSM trusts all well-known OS-trusted CAs. If the certificate is signed by a custom CA then as a prerequisite the custom CA certificate must be added to `trusted-root-ca` by appending it to the value of key `ca-bundle.crt`. - certificate signed by authority that should not be globally trusted by DSM, TrustBundle reference must point to Configmap with key `tls.crt` that contains only Issuer certificate(s). If an end-entity (i.e. server) certificate is provided it must be issued by itself, i.e. self-signed. Mutable.	true
port	integer	Port specifies the port number that can be used to connect to the source cluster. This field is immutable. Validations:** self == oldSelf: port is an immutable field* Default: 5432	false

object

Credentials specifies a Kubernetes secret that contains the credentials needed to connect to the source cluster. Required fields of the secret are user, password, database. And the optional fields are ca.crt. The referenced Postgres user must have connect and replication privilege on the source cluster. This field is mutable. Changes to the secret will be automatically applied on the instance.

true

hostname

string

Hostname specifies the hostname or ip address that can be used to connect to the source cluster. This field is immutable.

Validations:** self == oldSelf: hostname is an immutable field

true

slotName

string

SlotName specifies the Postgres replication slot name that will be used for streaming replication.

true

object

TrustBundle is a reference to a Configmap containing a set of certificates to be trusted when validating the Servers connection. If the provided servers are configured with: - certificate signed by DSM trusted CA, TrustBundle must point to the predefined ConfigMap called trusted-root-ca in the dsm-system namespace. By default, DSM trusts all well-known OS-trusted CAs. If the certificate is signed by a custom CA then as a prerequisite the custom CA certificate must be added to trusted-root-ca by appending it to the value of key ca-bundle.crt. - certificate signed by authority that should not be globally trusted by DSM, TrustBundle reference must point to Configmap with key tls.crt that contains only Issuer certificate(s). If an end-entity (i.e. server) certificate is provided it must be issued by itself, i.e. self-signed.

Mutable.

true

port

integer

Port specifies the port number that can be used to connect to the source cluster. This field is immutable.

Validations:** self == oldSelf: port is an immutable field* Default: 5432

false

ArchivedPostgresCluster.status.postgresClusterSpec.basedOn.continuousRecovery.replicationSlot.credentials

Name	Type	Description	Required
name	string	Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names ?	false

Name

Type

Description

Required

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names ?

false

ArchivedPostgresCluster.status.postgresClusterSpec.basedOn.continuousRecovery.replicationSlot.trustBundle

Mutable.

Name	Type	Description	Required
apiVersion	string	API version of the referent.	false
fieldPath	string	If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.	false
kind	string	Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds	false
name	string	Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names	false
namespace	string	Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/	false
resourceVersion	string	Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency	false
uid	string	UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids	false

Name

Type

Description

Required

apiVersion

string

API version of the referent.

false

fieldPath

string

false

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

false

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

false

namespace

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

false

resourceVersion

string

Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

false

uid

string

UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids

false

ArchivedPostgresCluster.status.postgresClusterSpec.databaseConfig

DatabaseConfig refers to the database config object that will be applied to this cluster.

Database Config is used to apply custom params/configs to the database represented by this CR.

A Database Config can only be applied to a single cluster at a time and cannot be deleted if it is in use by a cluster.

The DatabaseConfig must exist in same namespace as cluster.

Optional.

Mutable.

Name	Type	Description	Required
name	string	Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names ?	false

Name

Type

Description

Required

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names ?

false

ArchivedPostgresCluster.status.postgresClusterSpec.directoryService

DirectoryService refers to the DirectoryService resource with LDAP or Active Directory settings used by this cluster.

Optional.

Mutable.

Name	Type	Description	Required
apiVersion	string	API version of the referent.	false
fieldPath	string	If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.	false
kind	string	Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds	false
name	string	Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names	false
namespace	string	Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/	false
resourceVersion	string	Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency	false
uid	string	UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids	false

Name

Type

Description

Required

apiVersion

string

API version of the referent.

false

fieldPath

string

false

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

false

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

false

namespace

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

false

resourceVersion

string

Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

false

uid

string

UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids

false

ArchivedPostgresCluster.status.postgresClusterSpec.hbaRef

HbaRef refers to a Secret containing custom pg_hba.conf entries for user authentication. See https://www.postgresql.org/docs/current/auth-pg-hba-conf.html

The Secret should contain the pg_hba.conf entries under a specific key pg_hba.conf. These entries will be inserted into the pg_hba.conf file with a priority lower than system users

Only the authentication methods scram-sha-256,reject are allowed in the custom entries.

For example, to permit all users whose usernames end with @local to authenticate using their database passwords, you can add:

kind: Secret
metadata:
  name: db-cluster-1-custom-pg-hba
immutable: true
stringData:
 pg_hba.conf: |
    host all /^(.*)@local$ all scram-sha-256

host all pgadmin all scram-sha-256
host all postgres_exporter all scram-sha-256
#<YOUR CUSTOM ENTRIES ARE ADDED HERE>
host all all all ldap ...  # This entry is added only if directory service is enabled for the cluster
host all all all scram-sha-256

Name	Type	Description	Required
name	string	Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names ?	false

Name

Type

Description

Required

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names ?

false

ArchivedPostgresCluster.status.postgresClusterSpec.maintenanceWindow

Optional.

Mutable.

Name Type Description Required

Name	Type	Description	Required
duration	string	Duration describes the duration of the maintenance window. Required. Mutable.	true
startDay	enum	StartDay describes the day of the week the maintenance window will commence. Can be any of `MONDAY`;`TUESDAY`;`WEDNESDAY`;`THURSDAY`;`FRIDAY`;`SATURDAY`;`SUNDAY` Required. Mutable. Enum: MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY	true
startTime	string	StartTime describes the time of the day to start the maintenance window. Required. Mutable.	true

duration

string

Duration describes the duration of the maintenance window.

Required.

Mutable.

true

startDay

enum

StartDay describes the day of the week the maintenance window will commence.

Can be any of MONDAY;`TUESDAY`;`WEDNESDAY`;`THURSDAY`;`FRIDAY`;`SATURDAY`;`SUNDAY`

Required.

Mutable.

Enum: MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY

true

startTime

string

StartTime describes the time of the day to start the maintenance window.

Required.

Mutable.

true

ArchivedPostgresCluster.status.postgresClusterSpec.placementSelector

PlacementSelector refers to a placement declared in the InfrastructurePolicy.

Optional.

Immutable.

Name	Type	Description	Required
cluster	string	Cluster is the datacenter’s cluster name to be used when placing the data service workload. Use the full qualified name of the cluster, relative to the datacenter. A cluster "Cluster1" inside a folder "clusters", should be declared as "clusters/Cluster1". Any slash in the name is considered a path delimiter, use the literal '%2f' if need to represent a slash in the cluster name. Required. Mutable.	true
datacenter	string	Datacenter is the vSphere Datacenter to be used when placing the data service workload. The full qualified path to the datacenter must be provided if the datacenter is placed inside a folder. Any slash in the name is considered a path delimiter, use the literal '%2f' if need to represent a slash in the datacenter name. Required. Mutable.	true
resourcePool	string	ResourcePool is the Cluster’s resource pool to be used when placing the data service workload. If the resource pool is not provided, the whole cluster is used as the placement. Optional. Mutable.	false

Name

Type

Description

Required

cluster

string

Required.

Mutable.

true

datacenter

string

Required.

Mutable.

true

resourcePool

string

ResourcePool is the Cluster’s resource pool to be used when placing the data service workload. If the resource pool is not provided, the whole cluster is used as the placement.

Optional.

Mutable.

false

ArchivedPostgresCluster.status.postgresClusterSpec.replicationSlots[index]

Name	Type	Description	Required
slotName	string	SlotName specifies the Postgres replication slot name that will be created on the instance.	true
description	string	Description specifies a human-readable description of this replication slot.	false
user	string	User specifies the name of the replication user that is associated with the configured replication slot. The lifecycle of this user is tied to the replication slot. If no value is provided, a replication user is auto generated using the resource name as prefix. User should not be one of the following - pg_read_all_data, pg_write_all_data, pg_read_all_settings, pg_read_all_stats, pg_stat_scan_tables, pg_monitor, pg_database_owner, pg_signal_backend, pg_read_server_files, pg_write_server_files, pg_execute_server_program, pg_checkpoint, pg_use_reserved_connections, pg_create_subscription, postgres, template1, template0.	false

Name

Type

Description

Required

slotName

string

SlotName specifies the Postgres replication slot name that will be created on the instance.

true

description

string

Description specifies a human-readable description of this replication slot.

false

user

string

User specifies the name of the replication user that is associated with the configured replication slot. The lifecycle of this user is tied to the replication slot. If no value is provided, a replication user is auto generated using the resource name as prefix. User should not be one of the following - pg_read_all_data, pg_write_all_data, pg_read_all_settings, pg_read_all_stats, pg_stat_scan_tables, pg_monitor, pg_database_owner, pg_signal_backend, pg_read_server_files, pg_write_server_files, pg_execute_server_program, pg_checkpoint, pg_use_reserved_connections, pg_create_subscription, postgres, template1, template0.

false

ArchivedPostgresCluster.status.postgresClusterSpec.tls

TLS refers to the SSL/TLS configuration of the database cluster.

Optional.

Mutable.

Name	Type	Description	Required
secretName	string	The name of a Secret resource present in the same namespace as the database cluster, describing a custom certificate. The expected format of the Secret is the same as the output Secrets created by cert-manager’s Certificate resource. It needs to have keys: tls.crt: PEM signed certificate chain tls.key: PEM private key ca.crt: PEM CA certificate The ca.crt is optional if there is at least one issuer certificate in the certificate chain (tls.crt key). That issuer can either be a self-signed leaf certificate, or an intermediate or root certificate authority. Optional. When omitted, DSM will auto-generate a certificate using its own internal certificate authority. When specified, DSM will override its auto-generated certificate and use the one described in the Secret. Mutable. To update a custom certificate, either refer to a new Secret, or update the already referenced one. If the database cluster will be accessed by IP, the TLS configuration needs to be applied after initial creation, because the IP can be retrieved only then, so it can be encoded in the certificate.	false

Name

Type

Description

Required

secretName

string

The name of a Secret resource present in the same namespace as the database cluster, describing a custom certificate.

false

ArchivedPostgresCluster.status.upgradeStatus

UpgradeStatus represents version state transitions history for the deleted cluster

Required.

Immutable.

Name	Type	Description	Required
currentVersion	string	The actual current version of the database cluster. This is going to be the same as spec.version, unless an upgrade has been requested. In the latter case, this field will be updated once the upgrade completes.	false
history	[]object	Historical data of the upgrades performed. It is not preserved for restored clusters.	false

Name

Type

Description

Required

currentVersion

string

false

history

[]object

Historical data of the upgrades performed. It is not preserved for restored clusters.

false

ArchivedPostgresCluster.status.upgradeStatus.history[index]

Name	Type	Description	Required
complete	string	Timestamp of when the upgrade completed. Format: date-time	false
fromVersion	string	The version from which the cluster was upgraded.	false
isMajorUpgrade	boolean	IsMajorUpgrade specifies whether the upgrade was a major or a minor version upgrade.	false
message	string	Message contains the reason for a failure or rejection.	false
start	string	Timestamp of when the upgrade started. This is the time right before the upgrade operations has started and restores are guaranteed to succeed at or before that time. The period after Start and before Complete is considered a blackout period and restores within this interval could lead to unexpected results. Format: date-time	false
status	enum	Status indicates the status of the upgrade. Enum: Succeeded, Aborted, Failed	false
toVersion	string	The version to which the cluster was upgraded. If the upgrade was aborted or has failed, this field will have the same value as FromVersion.	false

Name

Type

Description

Required

complete

string

Timestamp of when the upgrade completed.

Format: date-time

false

fromVersion

string

The version from which the cluster was upgraded.

false

isMajorUpgrade

boolean

IsMajorUpgrade specifies whether the upgrade was a major or a minor version upgrade.

false

message

string

Message contains the reason for a failure or rejection.

false

start

string

Format: date-time

false

status

enum

Status indicates the status of the upgrade.

Enum: Succeeded, Aborted, Failed

false

toVersion

string

The version to which the cluster was upgraded. If the upgrade was aborted or has failed, this field will have the same value as FromVersion.

false

BackupLocation

BackupLocation contains access data for a remote storage location, supporting multiple cloud back-ends and holding all data required to access and perform 2-way authenticatation with the storage provider. All BackupLocation instances that can be used as a target for database cluster backups have the label 'dsm.vmware.com/database-backup-location=true'. In contrast, BackupLocation instances that are reserved for DSM control plane (i.e. Provider) use do not have this label set.

Name Type Description Required

Name	Type	Description	Required
apiVersion	string	databases.dataservices.vmware.com.v1alpha1	true
kind	string	BackupLocation	true
metadata	object	Refer to the Kubernetes API documentation for the fields of the `metadata` field.	true
spec	object		true

apiVersion

string

databases.dataservices.vmware.com.v1alpha1

true

kind

string

BackupLocation

true

object

Refer to the Kubernetes API documentation for the fields of the metadata field.

true

spec

object

true

BackupLocation.spec

Name Type Description Required

Name	Type	Description	Required
S3	object	S3 contains S3-specific location details. At this time, S3 is the only supported storage protocol and this field has to be populated Mutable.	true
credentials	object	Credentials is a reference to a Secret containing credentials to use when connecting to the Endpoint. At this time, S3 is the only supported storage protocol and the credentials required for it have to be populated. Mutable.	true
endpoint	string	Endpoint is the network endpoint to connect to for accessing the BackupLocation. Mutable.	true
trustBundle	object	TrustBundle is a reference to a ConfigMap containing a set of certificates to be trusted when validating the Endpoint TLS connection. If the provided Endpoint is configured with: - certificate signed by DSM trusted CA, TrustBundle must point to the predefined ConfigMap called `trusted-root-ca` in the `dsm-system` namespace. By default, DSM trusts all well-known OS-trusted CAs. If the certificate is signed by a custom CA then as a prerequisite the custom CA certificate must be added to `trusted-root-ca` by appending it to the value of key `ca-bundle.crt`. - certificate signed by authority that should not be globally trusted by DSM, TrustBundle reference must point to Configmap with key `tls.crt` that contains only Issuer certificate(s). If an end-entity (i.e. server) certificate is provided it must be issued by itself, i.e. self-signed. Mutable.	true

object

S3 contains S3-specific location details. At this time, S3 is the only supported storage protocol and this field has to be populated

Mutable.

true

object

Credentials is a reference to a Secret containing credentials to use when connecting to the Endpoint. At this time, S3 is the only supported storage protocol and the credentials required for it have to be populated.

Mutable.

true

endpoint

string

Endpoint is the network endpoint to connect to for accessing the BackupLocation.

Mutable.

true

object

TrustBundle is a reference to a ConfigMap containing a set of certificates to be trusted when validating the Endpoint TLS connection. If the provided Endpoint is configured with: - certificate signed by DSM trusted CA, TrustBundle must point to the predefined ConfigMap called trusted-root-ca in the dsm-system namespace. By default, DSM trusts all well-known OS-trusted CAs. If the certificate is signed by a custom CA then as a prerequisite the custom CA certificate must be added to trusted-root-ca by appending it to the value of key ca-bundle.crt. - certificate signed by authority that should not be globally trusted by DSM, TrustBundle reference must point to Configmap with key tls.crt that contains only Issuer certificate(s). If an end-entity (i.e. server) certificate is provided it must be issued by itself, i.e. self-signed.

Mutable.

true

BackupLocation.spec.S3

S3 contains S3-specific location details. At this time, S3 is the only supported storage protocol and this field has to be populated

Mutable.

Name	Type	Description	Required
bucket	string	Bucket is the S3 bucket. It must exist in the configured S3 service. Mutable.	true
forcePathStyle	boolean	ForcePathStyle forces the use of path-style addressing for S3 operations. The path-style addressing is deprecated for the official AWS S3, but is required for many in-house S3-like implementations to work. A value of true forces the use of path-style S3 URLs. A value of false uses virtual hosted-style S3 URLs. Path-style URLs look like the following: https://bucket-endpoint.example.com/bucket Virtual hosted-style URLs look like the following: https://bucket.bucket-endpoint.example.com Mutable. Default - false. Default: false	false
region	string	Region is the S3 region. Mutable.	false

Name

Type

Description

Required

bucket

string

Bucket is the S3 bucket. It must exist in the configured S3 service.

Mutable.

true

forcePathStyle

boolean

ForcePathStyle forces the use of path-style addressing for S3 operations. The path-style addressing is deprecated for the official AWS S3, but is required for many in-house S3-like implementations to work. A value of true forces the use of path-style S3 URLs. A value of false uses virtual hosted-style S3 URLs. Path-style URLs look like the following: https://bucket-endpoint.example.com/bucket Virtual hosted-style URLs look like the following: https://bucket.bucket-endpoint.example.com

Mutable.

Default - false.

Default: false

false

region

string

Region is the S3 region.

Mutable.

false

BackupLocation.spec.credentials

Mutable.

Name

Type

Description

Required

apiVersion

string

API version of the referent.

false

fieldPath

string

false

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

false

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

false

namespace

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

false

resourceVersion

string

Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

false

uid

string

UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids

false

BackupLocation.spec.trustBundle

Mutable.

Name

Type

Description

Required

apiVersion

string

API version of the referent.

false

fieldPath

string

false

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

false

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

false

namespace

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

false

resourceVersion

string

Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

false

uid

string

UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids

false

DatabaseConfig

Name Type Description Required

apiVersion

string

databases.dataservices.vmware.com.v1alpha1

true

kind

string

DatabaseConfig

true

object

Refer to the Kubernetes API documentation for the fields of the metadata field.

true

spec

object

DatabaseConfigSpec defines the desired state of the DatabaseConfig.

false

status

object

DatabaseConfigStatus describes the observed status of the DatabaseConfig.

false

DatabaseConfig.spec

DatabaseConfigSpec defines the desired state of the DatabaseConfig.

Name Type Description Required

params

map[string]string

Params is a map key value pairs which correspond to valid configurable parameters for a database.

For MySQL these go into one of the mysql.cnf files.

For PostgreSQL: * these values go into the postgresql.conf file. * keys must consist of alphanumeric characters, _ or .

false

DatabaseConfig.status

DatabaseConfigStatus describes the observed status of the DatabaseConfig.

Name Type Description Required

[]object

Conditions contain the list of observed conditions of the DatabaseConfig.

ready Indicates that the DatabaseConfig has been successfully created and is ready for use.

false

DatabaseConfig.status.conditions[index]

Condition contains details for one aspect of the current state of this API Resource.

Name

Type

Description

Required

lastTransitionTime

string

Format: date-time

true

message

string

message is a human readable message indicating details about the transition. This may be an empty string.

true

reason

string

true

status

enum

status of the condition, one of True, False, Unknown.

Enum: True, False, Unknown

true

type

string

true

observedGeneration

integer

Format: int64
Minimum: 0

false

MySQLCluster

MySQLCluster is the schema for the mysqlclusters API. A MySQLCluster represents the desired specification and the observed status of a MySQLCluster instance. A MySQLCluster is backed by one or more nodes containing the mysql service and supporting services managed as a single object by the Data Services Manager. # Custom Annotations:

Force rolling update with active infra alert

dsm.vmware.com/modify-cluster-with-infra-alerts: generation of the resource

<generation of the resource> : The value of this annotation should match the current resource generation (.metadata.Generation)
The system actively prevents edits to the Spec that induces a rolling update
   when there is an alert for the underlying infrastructure and this annotation can be used to bypass it.
It should be used with caution as the System cannot guarantee the update will succeed under infra alert conditions.
It is better to check with the Infra/DSM Admin prior to using this.

Name Type Description Required

apiVersion

string

databases.dataservices.vmware.com.v1alpha1

true

kind

string

MySQLCluster

true

object

Refer to the Kubernetes API documentation for the fields of the metadata field.

true

spec

object

MySQLClusterSpec defines the desired state of the MySQLCluster

true

status

object

MySQLClusterStatus describes the observed status of the MySQLCluster

false

MySQLCluster.spec

MySQLClusterSpec defines the desired state of the MySQLCluster

Name Type Description Required

object

InfrastructurePolicy refers to the infrastructure policy resource used to create this cluster.

Required - Must refer to a valid InfrastructurePolicy.

Immutable.

true

storagePolicyName

string

StoragePolicyName declares the name of the storage policy that should be used to create this postgres cluster. It must be part of the InfrastructurePolicy used by this cluster.

Required - Must refer to a valid StoragePolicyName.

Immutable.

true

storageSpace

string

Range - 20Gi - 10Ti.

Required.

Mutable - (increase only).

true

version

string

Version declares the version of the database engine to be used.

To upgrade the database engine change this field.

The list of supported engine versions can be found by inspecting the DataServiceVersion resources and in the VMware Data Services Manager UI.

Required.

Mutable.

true

vmClass

object

VMClass refers to the VM class that should be used to create this cluster. It must be part of the InfrastructurePolicy used by this cluster.

Required - Must refer to a valid VMClass.

Mutable - (Only increases in resources are allowed).

true

object

BackupConfig declares the cluster’s backup configuration details.

If specified a BackupLocation must also be specified.

Optional.

Mutable.

false

object

If specified, a backupConfig must also be specified.

Optional.

Mutable.

false

basedOn

object

BasedOn identifies the source cluster on which this cluster will be based on.

Optional.

Immutable.

false

object

DatabaseConfig refers to the database config object that will be applied to this cluster.

Database Config is used to apply custom params/configs to the database represented by this CR.

A Database Config can only be applied to a single cluster at a time and cannot be deleted if it is in use by a cluster.

The DatabaseConfig must exist in same namespace as cluster.

Optional.

Mutable.

false

description

string

Description contains the human-readable description of the cluster.

Optional.

Mutable.

false

object

DirectoryService refers to the DirectoryService resource with LDAP or Active Directory settings used by this cluster.

Optional.

Mutable.

false

dnsNames

[]string

One or more DNS names / FQDNs for database access.

These DNS names will be included in the SAN field of the TLS certificate if auto-generated by DSM. The first DNS name will also be included in the URL connection string displayed in DSM UI.

If a custom TLS certificate is provided, it is important its SAN field to match the DNS names provided here, so clients can ensure a secure connection.

Optional.

Mutable. When updated, DSM will re-generate the TLS certificate if no custom certificate is provided.

false

object

Optional.

Mutable.

false

members

integer

The number of members for cluster. Could be 1 or 3

Default - 1

Mutable.

Enum: 1, 3
Default: 1

false

object

PlacementSelector refers to a placement declared in the InfrastructurePolicy.

Optional.

Immutable.

false

tls

object

TLS refers to the SSL/TLS configuration of the database cluster.

Optional.

Mutable.

false

MySQLCluster.spec.infrastructurePolicy

InfrastructurePolicy refers to the infrastructure policy resource used to create this cluster.

Required - Must refer to a valid InfrastructurePolicy.

Immutable.

Name

Type

Description

Required

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names ?

false

MySQLCluster.spec.vmClass

VMClass refers to the VM class that should be used to create this cluster. It must be part of the InfrastructurePolicy used by this cluster.

Required - Must refer to a valid VMClass.

Mutable - (Only increases in resources are allowed).

Name

Type

Description

Required

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names ?

false

MySQLCluster.spec.backupConfig

BackupConfig declares the cluster’s backup configuration details.

If specified a BackupLocation must also be specified.

Optional.

Mutable.

Name Type Description Required

backupRetentionDays

integer

BackupRetentionDays describes the number of days to store backups Must be 1 or greater.

Required.

Mutable.

Format: int64

false

schedules

[]object

Schedules user defined schedules of when the system will perform backups.

Required.

Mutable.

false

MySQLCluster.spec.backupConfig.schedules[index]

Name Type Description Required

name

string

Name of the schedule.

Required.

Immutable.

true

schedule

string

The schedule in the form of a cron schedule.

Required.

Mutable.

true

type

string

Type of schedule. Can be full or incremental.

Required.

Immutable.

true

MySQLCluster.spec.backupLocation

If specified, a backupConfig must also be specified.

Optional.

Mutable.

Name

Type

Description

Required

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names ?

false

MySQLCluster.spec.basedOn

BasedOn identifies the source cluster on which this cluster will be based on.

Optional.

Immutable.

Name

Type

Description

Required

cluster

object

Cluster contains the name of the source cluster and timestamp to use as the restore point.

Required.

Immutable.

true

MySQLCluster.spec.basedOn.cluster

Cluster contains the name of the source cluster and timestamp to use as the restore point.

Required.

Immutable.

Name

Type

Description

Required

name

string

Name is the name of the source cluster from which to restore.

Required.

Immutable.

true

timestamp

string

Optional.

Immutable.

Format: date-time

false

MySQLCluster.spec.databaseConfig

DatabaseConfig refers to the database config object that will be applied to this cluster.

Database Config is used to apply custom params/configs to the database represented by this CR.

A Database Config can only be applied to a single cluster at a time and cannot be deleted if it is in use by a cluster.

The DatabaseConfig must exist in same namespace as cluster.

Optional.

Mutable.

Name

Type

Description

Required

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names ?

false

MySQLCluster.spec.directoryService

DirectoryService refers to the DirectoryService resource with LDAP or Active Directory settings used by this cluster.

Optional.

Mutable.

Name

Type

Description

Required

apiVersion

string

API version of the referent.

false

fieldPath

string

false

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

false

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

false

namespace

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

false

resourceVersion

string

Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

false

uid

string

UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids

false

MySQLCluster.spec.maintenanceWindow

Optional.

Mutable.

Name Type Description Required

duration

string

Duration describes the duration of the maintenance window.

Required.

Mutable.

true

startDay

enum

StartDay describes the day of the week the maintenance window will commence.

Can be any of MONDAY;`TUESDAY`;`WEDNESDAY`;`THURSDAY`;`FRIDAY`;`SATURDAY`;`SUNDAY`

Required.

Mutable.

Enum: MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY

true

startTime

string

StartTime describes the time of the day to start the maintenance window.

Required.

Mutable.

true

MySQLCluster.spec.placementSelector

PlacementSelector refers to a placement declared in the InfrastructurePolicy.

Optional.

Immutable.

Name

Type

Description

Required

cluster

string

Required.

Mutable.

true

datacenter

string

Required.

Mutable.

true

resourcePool

string

ResourcePool is the Cluster’s resource pool to be used when placing the data service workload. If the resource pool is not provided, the whole cluster is used as the placement.

Optional.

Mutable.

false

MySQLCluster.spec.tls

TLS refers to the SSL/TLS configuration of the database cluster.

Optional.

Mutable.

Name

Type

Description

Required

secretName

string

The name of a Secret resource present in the same namespace as the database cluster, describing a custom certificate.

false

MySQLCluster.status

MySQLClusterStatus describes the observed status of the MySQLCluster

Name Type Description Required

alertLevel

string

AlertLevel indicates the level of the most severe alert raised for a database cluster.

false

availableUpgrades

[]object

AvailableUpgrades lists the valid version upgrades for the database cluster. The information here may be stale: when a Data Services Release is enabled or disabled, the available upgrades for existing clusters are populated asynchronously. However, an actual upgrade attempt is always validated against the current system state and the service will accept valid upgrade paths even if they are not yet populated here.

false

backupId

string

BackupId is set only for clusters with enabled automatic backups. This is a unique ID that can be used to locate backup files in storage.

For PostgreSQL, it is the stanzaName of the database cluster.

For MySQL, it is the UID of the MySQL cluster object in the workload cluster.

false

[]object

Conditions contain the list of observed conditions of the cluster. The following statuses can occur.

Ready indicates if the cluster is fully operational.

MachinesReady indicates if the underlying VMs of the cluster have been created successfully.

DatabaseEngineReady indicates if the database engine is up and ready to accept queries.

Provisioning indicates if the provisioning of all resources necessary for cluster operation has completed.

false

connection

object

Connection describes the details which can be used to connect to the database represented by CR.

false

lastSuccessfulBackup

string

LastSuccessfulBackup indicates the time when the last successful backup completed. The time may refer to an incremental or full backup depending on which completed most recently.

Format: date-time

false

lastUpdate

string

LastUpdate gives the timestamp of when the desired state was last applied.

Format: date-time

false

nodes

[]object

Nodes represents the underlying infrastructure of a database cluster.

false

tlsSecretResourceVersion

string

TLSSecretResourceVersion is set only for clusters with custom certificates. It represents the resource version of the Secret that was last applied for the DB cluster.

false

object

UpgradeStatus represents that status of version upgrade

false

MySQLCluster.status.availableUpgrades[index]

Name

Type

Description

Required

impact

enum

Impact indicates whether Virtual Machines backing the workload cluster’s kubernetes nodes will be replaced during the upgrade.

When the impact is "RollingUpgrade" the upgrade is performed by adding a new node backed by a new Virtual Machine to the workload cluster, and one of the existing nodes is disabled, drained, and subsequently deleted. The process is repeated until all nodes are replaced.

When the impact is "InPlace" the upgrade is performed by replacing the PODs running in the workload cluster, but without replacing the kubernetes nodes.

Enum: RollingUpgrade, InPlace

true

version

string

Version indicates the target version of the upgrade path. The version is displayed in qualified canonical format i.e. engine version, followed by the string "+vmware.", followed by the release version.

true

autoUpgradeTarget

boolean

AutoUpgradeTarget indicates whether the cluster is eligible to be automatically upgraded to the specified version. Automatic upgrades are performed within the configured maintenance period.

Default: false

false

majorVersionUpgrade

boolean

MajorVersionUpgrade indicates whether the upgrade is to newer major version. MajorVersionUpgrade and AutoUpgradeTarget cannot be both true as major version upgrades are only manual.

Default: false

false

MySQLCluster.status.conditions[index]

Condition contains details for one aspect of the current state of this API Resource.

Name

Type

Description

Required

lastTransitionTime

string

Format: date-time

true

message

string

message is a human readable message indicating details about the transition. This may be an empty string.

true

reason

string

true

status

enum

status of the condition, one of True, False, Unknown.

Enum: True, False, Unknown

true

type

string

true

observedGeneration

integer

Format: int64
Minimum: 0

false

MySQLCluster.status.connection

Connection describes the details which can be used to connect to the database represented by CR.

Name

Type

Description

Required

dbname

string

Name of the Database

true

host

string

Host describes the IP address of the database cluster’s current primary node.

true

port

integer

Port describes the port on which the database cluster is listening.

true

passwordRef

object

Password for the admin account

Referred secret contains the CA used for verifying a secure database connection. Found under the key "ca.crt". To be used by clients when connecting to a database so they can verify trust.

false

username

string

Username for the admin account

false

MySQLCluster.status.connection.passwordRef

Password for the admin account

Referred secret contains the CA used for verifying a secure database connection. Found under the key "ca.crt". To be used by clients when connecting to a database so they can verify trust.

Name

Type

Description

Required

fieldPath

string

data.<key> for secrets. Optional. For most references there is a canonical key

false

name

string

The name of the secret

false

value

string

Deprecated. This field is never used by the Data Services Manager.

false

MySQLCluster.status.nodes[index]

Node represents the underlying infrastructure of a workload cluster

Name

Type

Description

Required

datacenter

string

Datacenter is the name or inventory path of the datacenter in which the virtual machine is created/located.

false

datastore

string

Datastore is the name or inventory path of the datastore in which the virtual machine is created/located.

false

folder

string

Folder is the name or inventory path of the folder in which the virtual machine is created/located.

false

network

object

Network is the network configuration for this VM.

false

resourcePool

string

ResourcePool is the name or inventory path of the resource pool in which the virtual machine is created/located.

false

server

string

Server is the IP address or FQDN of the vSphere server on which the virtual machine is created/located.

false

storagePolicyName

string

StoragePolicyName of the storage policy to use with this Virtual Machine

false

vmMoid

string

VmMoid is the VM’s Managed Object Reference on vSphere.

false

vmName

string

VmName is the name of the virtual machine on vSphere.

false

vmRole

string

VMRole identifies the role VM plays in the workload cluster. like ControlPlane, Worker.

false

MySQLCluster.status.nodes[index].network

Network is the network configuration for this VM.

Name

Type

Description

Required

devices

[]object

Devices is the list of network devices used by the virtual machine.

false

MySQLCluster.status.nodes[index].network.devices[index]

NetworkDevice defines the network configuration for a virtual machine’s network device.

Name

Type

Description

Required

ipPool

string

IPPool is the name of the IP Pool that was used to claim an IP address for the VM.

false

networkName

string

NetworkName is the name of the vSphere network to which the device will be connected.

false

MySQLCluster.status.upgradeStatus

UpgradeStatus represents that status of version upgrade

Name

Type

Description

Required

currentVersion

string

false

history

[]object

Historical data of the upgrades performed. It is not preserved for restored clusters.

false

lastTransitionTime

string

LastTransitionTime shows the last time the cluster’s upgradeStatus.Running field value changed

Format: date-time

false

running

boolean

Set to true to indicate that a database cluster upgrade if currently running. Once the upgrade completes, the field will be reset to empty.

false

MySQLCluster.status.upgradeStatus.history[index]

Name

Type

Description

Required

complete

string

Timestamp of when the upgrade completed.

Format: date-time

false

fromVersion

string

The version from which the cluster was upgraded.

false

isMajorUpgrade

boolean

IsMajorUpgrade specifies whether the upgrade was a major or a minor version upgrade.

false

message

string

Message contains the reason for a failure or rejection.

false

start

string

Format: date-time

false

status

enum

Status indicates the status of the upgrade.

Enum: Succeeded, Aborted, Failed

false

toVersion

string

The version to which the cluster was upgraded. If the upgrade was aborted or has failed, this field will have the same value as FromVersion.

false

PostgresCluster

PostgresCluster is the schema for the postgresclusters API. A PostgresCluster represents the desired specification and the observed status of a PostgresCluster instance. A PostgresCluster is backed by one or more nodes containing the postgresql service and supporting services managed as a single object by the Data Services Manager.

Custom Annotations:

Resource Locking: Protection from Updates or Deletes

dsm.vmware.com/locked-status: locked, unlocked-for-delete, unlocked-for-edit

locked              : will not allow edit or delete on the resource
unlocked-for-delete : allows the resource to be deleted but not edited, needs to be set together with dsm.vmware.com/unlock-reason annotation
unlocked-for-edit   : allows the resource to be edited but not deleted, needs to be set together with dsm.vmware.com/unlock-reason annotation. This is automatically reset to locked after the edit operation is applied.

dsm.vmware.com/unlock-reason: reason for unlock

<reason for unlock> : text to describe the reason for unlocking the resource. Used for audit purposes in DSM.

Force rolling update with active infra alert

dsm.vmware.com/modify-cluster-with-infra-alerts: generation of the resource

<generation of the resource> : The value of this annotation should match the current resource generation (.metadata.Generation).
The system actively prevents edits to the Spec that induces a rolling update  when there
   is an alert for the underlying infrastructure and this annotation can be used to bypass it.
It should be used with caution as the System cannot guarantee the update will succeed under infra alert conditions.
It is better to check with the Infra/DSM Admin prior to using this.

Name Type Description Required

apiVersion

string

databases.dataservices.vmware.com.v1alpha1

true

kind

string

PostgresCluster

true

object

Refer to the Kubernetes API documentation for the fields of the metadata field.

true

spec

object

PostgresClusterSpec defines the desired state of the PostgresCluster.

Special notes about the Spec.Version field:

Downgrades are not allowed.

In case of major version upgrade when the cluster does not have automatic backups enabled annotation "dsm.vmware.com/upgrade-cluster-without-backups" with value the requested version has to be added to confirm that major version upgrade is requested without any backups to restore from.

To opt-out of the backup that is automatically done before the upgrade starts, use the "dsm.vmware.com/skip-pre-upgrade-backup" annotation with value equal to the requested version.

In case of major version upgrade when there are critical alerts for the cluster annotation "dsm.vmware.com/upgrade-cluster-with-alerts" with value the requested version has to be added to confirm that major version upgrade is requested and the critical alerts for the cluster should be ignored.

true

status

object

PostgresClusterStatus describes the observed status of the PostgresCluster.

false

PostgresCluster.spec

PostgresClusterSpec defines the desired state of the PostgresCluster.

Special notes about the Spec.Version field:

Downgrades are not allowed.

To opt-out of the backup that is automatically done before the upgrade starts, use the "dsm.vmware.com/skip-pre-upgrade-backup" annotation with value equal to the requested version.

Name Type Description Required

object

InfrastructurePolicy refers to the infrastructure policy resource used to create this cluster.

Required - Must refer to a valid InfrastructurePolicy.

Immutable.

true

storagePolicyName

string

StoragePolicyName declares the name of the storage policy that should be used to create this postgres cluster. It must be part of the InfrastructurePolicy used by this cluster.

Required - Must refer to a valid StoragePolicyName.

Immutable.

true

storageSpace

string

Range - 20Gi - 10Ti.

Required.

Mutable - (increase only).

true

version

string

Version declares the version of the database engine to be used.

To upgrade the database engine change this field.

The list of supported engine versions can be found by inspecting the DataServiceVersion resources and in the VMware Data Services Manager UI.

Required.

Mutable.

true

vmClass

object

VMClass refers to the VM class that should be used to create this cluster. It must be part of the InfrastructurePolicy used by this cluster.

Required - Must refer to a valid VMClass.

Mutable - (Only increases in resources are allowed).

true

adminPasswordRef

object

Default - password is auto generated.

Mutable. It is possible to refer to a new Secret to update the admin password, but it is not required. Updates in the already referenced Secret will also lead to update of the password.

false

adminUsername

string

AdminUserName is the desired name of the privileged user to be used when connecting to the database.

Default - pgadmin.

Mutable.

false

object

BackupConfig declares the cluster’s backup configuration details.

If specified a BackupLocation must also be specified.

Optional.

Mutable.

false

object

If specified, a backupConfig must also be specified.

Optional.

Mutable.

false

basedOn

object

BasedOn identifies the source cluster on which this cluster will be based on.

Optional.

Immutable.

false

object

DatabaseConfig refers to the database config object that will be applied to this cluster.

Database Config is used to apply custom params/configs to the database represented by this CR.

A Database Config can only be applied to a single cluster at a time and cannot be deleted if it is in use by a cluster.

The DatabaseConfig must exist in same namespace as cluster.

Optional.

Mutable.

false

databaseName

string

DatabaseName is the name of the Database which the privileged user will have permissions on.

Default - Same as database cluster name.

Mutable.

false

description

string

Description contains the human-readable description of the cluster.

Optional.

Mutable.

false

object

DirectoryService refers to the DirectoryService resource with LDAP or Active Directory settings used by this cluster.

Optional.

Mutable.

false

dnsNames

[]string

One or more DNS names / FQDNs for database access.

These DNS names will be included in the SAN field of the TLS certificate if auto-generated by DSM. The first DNS name will also be included in the URL connection string displayed in DSM UI.

If a custom TLS certificate is provided, it is important its SAN field to match the DNS names provided here, so clients can ensure a secure connection.

Optional.

Mutable. When updated, DSM will re-generate the TLS certificate if no custom certificate is provided.

false

hbaRef

object

HbaRef refers to a Secret containing custom pg_hba.conf entries for user authentication. See https://www.postgresql.org/docs/current/auth-pg-hba-conf.html

The Secret should contain the pg_hba.conf entries under a specific key pg_hba.conf. These entries will be inserted into the pg_hba.conf file with a priority lower than system users

Only the authentication methods scram-sha-256,reject are allowed in the custom entries.

For example, to permit all users whose usernames end with @local to authenticate using their database passwords, you can add:

kind: Secret
metadata:
  name: db-cluster-1-custom-pg-hba
immutable: true
stringData:
 pg_hba.conf: |
    host all /^(.*)@local$ all scram-sha-256

host all pgadmin all scram-sha-256
host all postgres_exporter all scram-sha-256
#<YOUR CUSTOM ENTRIES ARE ADDED HERE>
host all all all ldap ...  # This entry is added only if directory service is enabled for the cluster
host all all all scram-sha-256

false

object

Optional.

Mutable.

false

object

PlacementSelector refers to a placement declared in the InfrastructurePolicy.

Optional.

Immutable.

false

replicas

integer

Represents the number of nodes that are replicating from the primary node. In event of a primary outage one of the replicas will be promoted to primary.

Default - 0

Mutable.

Enum: 0, 1, 3
Default: 0

false

replicationSlots

[]object

false

requestedSharedMemorySize

int or string

Range - 64Mi - no limit.

Default - 64Mi.

Optional.

Mutable.

Default: 64Mi

false

tls

object

TLS refers to the SSL/TLS configuration of the database cluster.

Optional.

Mutable.

false

PostgresCluster.spec.infrastructurePolicy

InfrastructurePolicy refers to the infrastructure policy resource used to create this cluster.

Required - Must refer to a valid InfrastructurePolicy.

Immutable.

Name

Type

Description

Required

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names ?

false

PostgresCluster.spec.vmClass

VMClass refers to the VM class that should be used to create this cluster. It must be part of the InfrastructurePolicy used by this cluster.

Required - Must refer to a valid VMClass.

Mutable - (Only increases in resources are allowed).

Name

Type

Description

Required

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names ?

false

PostgresCluster.spec.adminPasswordRef

Default - password is auto generated.

Mutable. It is possible to refer to a new Secret to update the admin password, but it is not required. Updates in the already referenced Secret will also lead to update of the password.

Name

Type

Description

Required

fieldPath

string

data.<key> for secrets. Optional. For most references there is a canonical key

false

name

string

The name of the secret

false

value

string

Deprecated. This field is never used by the Data Services Manager.

false

PostgresCluster.spec.backupConfig

BackupConfig declares the cluster’s backup configuration details.

If specified a BackupLocation must also be specified.

Optional.

Mutable.

Name Type Description Required

backupRetentionDays

integer

BackupRetentionDays describes the number of days to store backups Must be 1 or greater.

Required.

Mutable.

Format: int64

false

schedules

[]object

Schedules user defined schedules of when the system will perform backups.

Required.

Mutable.

false

PostgresCluster.spec.backupConfig.schedules[index]

Name Type Description Required

name

string

Name of the schedule.

Required.

Immutable.

true

schedule

string

The schedule in the form of a cron schedule.

Required.

Mutable.

true

type

string

Type of schedule. Can be full or incremental.

Required.

Immutable.

true

PostgresCluster.spec.backupLocation

If specified, a backupConfig must also be specified.

Optional.

Mutable.

Name

Type

Description

Required

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names ?

false

PostgresCluster.spec.basedOn

BasedOn identifies the source cluster on which this cluster will be based on.

Optional.

Immutable.

Name

Type

Description

Required

cluster

object

Cluster contains the name of the source cluster and timestamp to use as the restore point.

Optional.

Immutable.

false

continuousRecovery

object

ContinuousRecovery specifies the details of an external cluster that will be used as a source for continuous recovery. Once configured, this field can’t be unset.

false

PostgresCluster.spec.basedOn.cluster

Cluster contains the name of the source cluster and timestamp to use as the restore point.

Optional.

Immutable.

Name

Type

Description

Required

name

string

Name is the name of the source cluster from which to restore.

Required.

Immutable.

true

timestamp

string

Optional.

Immutable.

Format: date-time

false

PostgresCluster.spec.basedOn.continuousRecovery

ContinuousRecovery specifies the details of an external cluster that will be used as a source for continuous recovery. Once configured, this field can’t be unset.

Name

Type

Description

Required

replicationSlot

object

true

enabled

boolean

false

PostgresCluster.spec.basedOn.continuousRecovery.replicationSlot

Name Type Description Required

object

true

hostname

string

Hostname specifies the hostname or ip address that can be used to connect to the source cluster. This field is immutable.

Validations:** self == oldSelf: hostname is an immutable field

true

slotName

string

SlotName specifies the Postgres replication slot name that will be used for streaming replication.

true

object

Mutable.

true

port

integer

Port specifies the port number that can be used to connect to the source cluster. This field is immutable.

Validations:** self == oldSelf: port is an immutable field* Default: 5432

false

PostgresCluster.spec.basedOn.continuousRecovery.replicationSlot.credentials

Name

Type

Description

Required

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names ?

false

PostgresCluster.spec.basedOn.continuousRecovery.replicationSlot.trustBundle

Mutable.

Name

Type

Description

Required

apiVersion

string

API version of the referent.

false

fieldPath

string

false

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

false

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

false

namespace

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

false

resourceVersion

string

Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

false

uid

string

UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids

false

PostgresCluster.spec.databaseConfig

DatabaseConfig refers to the database config object that will be applied to this cluster.

Database Config is used to apply custom params/configs to the database represented by this CR.

A Database Config can only be applied to a single cluster at a time and cannot be deleted if it is in use by a cluster.

The DatabaseConfig must exist in same namespace as cluster.

Optional.

Mutable.

Name

Type

Description

Required

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names ?

false

PostgresCluster.spec.directoryService

DirectoryService refers to the DirectoryService resource with LDAP or Active Directory settings used by this cluster.

Optional.

Mutable.

Name

Type

Description

Required

apiVersion

string

API version of the referent.

false

fieldPath

string

false

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

false

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

false

namespace

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

false

resourceVersion

string

Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

false

uid

string

UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids

false

PostgresCluster.spec.hbaRef

HbaRef refers to a Secret containing custom pg_hba.conf entries for user authentication. See https://www.postgresql.org/docs/current/auth-pg-hba-conf.html

The Secret should contain the pg_hba.conf entries under a specific key pg_hba.conf. These entries will be inserted into the pg_hba.conf file with a priority lower than system users

Only the authentication methods scram-sha-256,reject are allowed in the custom entries.

For example, to permit all users whose usernames end with @local to authenticate using their database passwords, you can add:

kind: Secret
metadata:
  name: db-cluster-1-custom-pg-hba
immutable: true
stringData:
 pg_hba.conf: \|
    host all /^(.*)@local$ all scram-sha-256

host all pgadmin all scram-sha-256
host all postgres_exporter all scram-sha-256
#<YOUR CUSTOM ENTRIES ARE ADDED HERE>
host all all all ldap ...  # This entry is added only if directory service is enabled for the cluster
host all all all scram-sha-256

Name

Type

Description

Required

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names ?

false

PostgresCluster.spec.maintenanceWindow

Optional.

Mutable.

Name Type Description Required

duration

string

Duration describes the duration of the maintenance window.

Required.

Mutable.

true

startDay

enum

StartDay describes the day of the week the maintenance window will commence.

Can be any of MONDAY;`TUESDAY`;`WEDNESDAY`;`THURSDAY`;`FRIDAY`;`SATURDAY`;`SUNDAY`

Required.

Mutable.

Enum: MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY

true

startTime

string

StartTime describes the time of the day to start the maintenance window.

Required.

Mutable.

true

PostgresCluster.spec.placementSelector

PlacementSelector refers to a placement declared in the InfrastructurePolicy.

Optional.

Immutable.

Name

Type

Description

Required

cluster

string

Required.

Mutable.

true

datacenter

string

Required.

Mutable.

true

resourcePool

string

ResourcePool is the Cluster’s resource pool to be used when placing the data service workload. If the resource pool is not provided, the whole cluster is used as the placement.

Optional.

Mutable.

false

PostgresCluster.spec.replicationSlots[index]

Name

Type

Description

Required

slotName

string

SlotName specifies the Postgres replication slot name that will be created on the instance.

true

description

string

Description specifies a human-readable description of this replication slot.

false

user

string

false

PostgresCluster.spec.tls

TLS refers to the SSL/TLS configuration of the database cluster.

Optional.

Mutable.

Name

Type

Description

Required

secretName

string

The name of a Secret resource present in the same namespace as the database cluster, describing a custom certificate.

false

PostgresCluster.status

PostgresClusterStatus describes the observed status of the PostgresCluster.

Name Type Description Required

alertLevel

string

AlertLevel indicates the level of the most severe alert raised for a database cluster.

false

availableUpgrades

[]object

false

backupId

string

BackupId is set only for clusters with enabled automatic backups. This is a unique ID that can be used to locate backup files in storage.

For PostgreSQL, it is the stanzaName of the database cluster.

For MySQL, it is the UID of the MySQL cluster object in the workload cluster.

false

[]object

Conditions contain the list of observed conditions of the cluster. The following statuses can occur.

Ready indicates if the cluster is fully operational.

MachinesReady indicates if the underlying VMs of the cluster have been created successfully.

DatabaseEngineReady indicates if the database engine is up and ready to accept queries.

Provisioning indicates if the provisioning of all resources necessary for cluster operation has completed.

false

connection

object

Connection describes the details which can be used to connect to the database represented by CR.

false

lastSuccessfulBackup

string

LastSuccessfulBackup indicates the time when the last successful backup completed. The time may refer to an incremental or full backup depending on which completed most recently.

Format: date-time

false

lastUpdate

string

LastUpdate gives the timestamp of when the desired state was last applied.

Format: date-time

false

nodes

[]object

Nodes represents the underlying infrastructure of a database cluster.

false

requestedReplicationSlots

[]object

RequestedReplicationSlots describes a list slot names and a reference to the credential for that slot name.

false

tlsSecretResourceVersion

string

TLSSecretResourceVersion is set only for clusters with custom certificates. It represents the resource version of the Secret that was last applied for the DB cluster.

false

object

UpgradeStatus represents that status of version upgrade

false

PostgresCluster.status.availableUpgrades[index]

Name

Type

Description

Required

impact

enum

Impact indicates whether Virtual Machines backing the workload cluster’s kubernetes nodes will be replaced during the upgrade.

When the impact is "InPlace" the upgrade is performed by replacing the PODs running in the workload cluster, but without replacing the kubernetes nodes.

Enum: RollingUpgrade, InPlace

true

version

string

true

autoUpgradeTarget

boolean

AutoUpgradeTarget indicates whether the cluster is eligible to be automatically upgraded to the specified version. Automatic upgrades are performed within the configured maintenance period.

Default: false

false

majorVersionUpgrade

boolean

MajorVersionUpgrade indicates whether the upgrade is to newer major version. MajorVersionUpgrade and AutoUpgradeTarget cannot be both true as major version upgrades are only manual.

Default: false

false

PostgresCluster.status.conditions[index]

Condition contains details for one aspect of the current state of this API Resource.

Name

Type

Description

Required

lastTransitionTime

string

Format: date-time

true

message

string

message is a human readable message indicating details about the transition. This may be an empty string.

true

reason

string

true

status

enum

status of the condition, one of True, False, Unknown.

Enum: True, False, Unknown

true

type

string

true

observedGeneration

integer

Format: int64
Minimum: 0

false

PostgresCluster.status.connection

Connection describes the details which can be used to connect to the database represented by CR.

Name

Type

Description

Required

dbname

string

Name of the Database

true

host

string

Host describes the IP address of the database cluster’s current primary node.

true

port

integer

Port describes the port on which the database cluster is listening.

true

passwordRef

object

Password for the admin account

Referred secret contains the CA used for verifying a secure database connection. Found under the key "ca.crt". To be used by clients when connecting to a database so they can verify trust.

false

username

string

Username for the admin account

false

PostgresCluster.status.connection.passwordRef

Password for the admin account

Referred secret contains the CA used for verifying a secure database connection. Found under the key "ca.crt". To be used by clients when connecting to a database so they can verify trust.

Name

Type

Description

Required

fieldPath

string

data.<key> for secrets. Optional. For most references there is a canonical key

false

name

string

The name of the secret

false

value

string

Deprecated. This field is never used by the Data Services Manager.

false

PostgresCluster.status.nodes[index]

Node represents the underlying infrastructure of a workload cluster

Name

Type

Description

Required

datacenter

string

Datacenter is the name or inventory path of the datacenter in which the virtual machine is created/located.

false

datastore

string

Datastore is the name or inventory path of the datastore in which the virtual machine is created/located.

false

folder

string

Folder is the name or inventory path of the folder in which the virtual machine is created/located.

false

network

object

Network is the network configuration for this VM.

false

resourcePool

string

ResourcePool is the name or inventory path of the resource pool in which the virtual machine is created/located.

false

server

string

Server is the IP address or FQDN of the vSphere server on which the virtual machine is created/located.

false

storagePolicyName

string

StoragePolicyName of the storage policy to use with this Virtual Machine

false

vmMoid

string

VmMoid is the VM’s Managed Object Reference on vSphere.

false

vmName

string

VmName is the name of the virtual machine on vSphere.

false

vmRole

string

VMRole identifies the role VM plays in the workload cluster. like ControlPlane, Worker.

false

PostgresCluster.status.nodes[index].network

Network is the network configuration for this VM.

Name

Type

Description

Required

devices

[]object

Devices is the list of network devices used by the virtual machine.

false

PostgresCluster.status.nodes[index].network.devices[index]

NetworkDevice defines the network configuration for a virtual machine’s network device.

Name

Type

Description

Required

ipPool

string

IPPool is the name of the IP Pool that was used to claim an IP address for the VM.

false

networkName

string

NetworkName is the name of the vSphere network to which the device will be connected.

false

PostgresCluster.status.requestedReplicationSlots[index]

Name

Type

Description

Required

credentialsRef

string

CredentialsRef describes a reference to the kubernetes secret that contains the credentials for connecting to specified replication slot. The referenced secrets exist in the same namespace as the PostgresCluster resource.

true

slotName

string

SlotName describes the Postgres replication slot name that will be used for streaming replication.

true

clientHostname

string

ClientHostname indicates the host that is using the replication slot. Missing client hostname indicates that the slot is unused.

false

PostgresCluster.status.upgradeStatus

UpgradeStatus represents that status of version upgrade

Name

Type

Description

Required

currentVersion

string

false

history

[]object

Historical data of the upgrades performed. It is not preserved for restored clusters.

false

lastTransitionTime

string

LastTransitionTime shows the last time the cluster’s upgradeStatus.Running field value changed

Format: date-time

false

running

boolean

Set to true to indicate that a database cluster upgrade if currently running. Once the upgrade completes, the field will be reset to empty.

false

PostgresCluster.status.upgradeStatus.history[index]

Name

Type

Description

Required

complete

string

Timestamp of when the upgrade completed.

Format: date-time

false

fromVersion

string

The version from which the cluster was upgraded.

false

isMajorUpgrade

boolean

IsMajorUpgrade specifies whether the upgrade was a major or a minor version upgrade.

false

message

string

Message contains the reason for a failure or rejection.

false

start

string

Format: date-time

false

status

enum

Status indicates the status of the upgrade.

Enum: Succeeded, Aborted, Failed

false

toVersion

string

The version to which the cluster was upgraded. If the upgrade was aborted or has failed, this field will have the same value as FromVersion.

false

infrastructure.dataservices.vmware.com/v1alpha1

Resource Types:

DirectoryService
InfrastructurePolicy
IPPool
VMClass

DirectoryService

DirectoryService provides a flexible way to integrate with directory services like Microsoft AD (Active Directory) and LDAP (Lightweight Directory Access Protocol). It facilitates authentication against DSM managed database clusters and DSM Appliance, offering a centralized authentication strategy.

In order to enable DSM Appliance LDAP Authentication a well-known DirectoryService named "ldap-default" in dsm-system namespace needs to be created. This ldap-default DirectoryService can also be adopted by any DSM-managed database cluster.

Name Type Description Required

apiVersion

string

infrastructure.dataservices.vmware.com.v1alpha1

true

kind

string

DirectoryService

true

object

Refer to the Kubernetes API documentation for the fields of the metadata field.

true

spec

object

DirectoryServiceSpec defines the desired state of DirectoryService

false

status

object

DirectoryServiceStatus describes the observed status of the DirectoryService

false

DirectoryService.spec

DirectoryServiceSpec defines the desired state of DirectoryService

Name Type Description Required

baseDnUsers

string

Base Distinguished Name for users. Enter the DN from which to start user searches. For example, cn=Users,dc=myCorp,dc=com.

If not set Search will start from root DN

Mutable.

false

bindCredentials

object

Secret reference for the bind user credentials (user and password) of type 'kubernetes.io/basic-auth'

The user should have at least read access to the base DN for users ID of a user in the domain who has read-only access to Base DN for users . The ID should be in the format: * determined by userSearchAttribute, default is using UPN ([email protected]). * DN (cn=user,cn=Users,dc=domain,dc=com)

Mutable.

false

domain

string

The fully qualified domain name (FQDN) of the domain. For example, companydomain.company.com.

Mutable.

false

primaryServerUrl

string

Primary domain controller LDAP server for the domain. You can use either the host name or the IP address. Use the format ldaps://hostname_or_IPAddress:port. The port is typically 636 for LDAPS connections with OpenLDAP. For Active Directory multi-domain controller deployments, the port is typically 3269 for LDAPS.

Mutable.

Format: uri

false

secondaryServerUrls

[]string

List of URLs for secondary LDAP/AD servers used as a fallback. The application of these URLs is client-specific and some or all them may not be used

PostgresSQL supports specifying multiple secondary servers. MySQL supports specifying only single secondary server. DSM Appliance supports specifying only primary and will ignore any secondary servers set.

Mutable.

false

object

Mutable.

false

type

enum

Type specifies the directory type, either OpenLDAP or Active Directory.

Mutable.

Enum: OpenLDAP, ActiveDirectory
Default: ActiveDirectory

false

userSearchAttribute

string

The user search attribute to use when doing search+bind authentication.

The default is set to userPrincipalName which in most Active Directory setups correspond to user’s corporate email. So people would log in with '[email protected]' as username.

Other common options are "uid", "sAMAccountName" which correspond to user id only: "user"

Mutable

Default: userPrincipalName

false

DirectoryService.spec.bindCredentials

Secret reference for the bind user credentials (user and password) of type 'kubernetes.io/basic-auth'

Mutable.

Name

Type

Description

Required

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names ?

false

DirectoryService.spec.trustBundle

Mutable.

Name

Type

Description

Required

apiVersion

string

API version of the referent.

false

fieldPath

string

false

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

false

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

false

namespace

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

false

resourceVersion

string

Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

false

uid

string

UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids

false

DirectoryService.status

DirectoryServiceStatus describes the observed status of the DirectoryService

Name Type Description Required

alertLevel

string

AlertLevel indicates the level of the most severe alert raised for a database cluster.

false

[]object

Conditions contain the list of observed conditions of the DirectoryService.

The following statuses can occur.

Ready: Indicates if the DirectoryService is fully operational.
Status: "True" when DirectoryService is fully operational; "False" otherwise.
Reason includes:
"FullyOperational": If the DirectoryService is fully operational
"Degraded": Non-critical error detected; operation is degraded.
"Down": Critical error detected; the directory is completely down.
ServersReady: Reflects the status of the configured DirectoryService servers. It changes based on the operational status of primary and secondary servers and network connectivity.
Status: "True" if some servers are operational; "False" if there are errors .
"FullyOperational": All servers are currently operational.
"ServersDegraded": Non-critical error. For example Primary server is down; the secondary can handle requests.
"ServersDown": Directory Service servers are not reachable. For example Network connectivity issues are preventing access to servers.
ConfigurationReady: Indicates whether the configuration of the DirectoryService is set correctly.
Status: "True" if the configuration is valid; "False" if there are errors .
Reason includes:
"ConfigurationValid": Configuration is correct and operational.
"ConfigurationWarning": Non-critical configuration issues detected. Directory Service is still operational.
"ConfigurationError": Critical configuration errors that need immediate attention.
CertificateReady: Reflects the status of SSL/TLS certificates passed in TrustBundle for the DirectoryService servers.
Status: "True" if certificates are valid; "False" are invalid.
Reason includes:
"CertificatesValid": SSL/TLS certificates are valid.
"CertificateExpiringSoon": Certificate is nearing expiration; renewal needed soon.
"CertificateExpired": Certificate has expired. The directory service is down.
"CertificateInvalid": SSL/TLS certificate is invalid for some reason (specified in message).
BindCredentialsReady: Indicates the status of the bind credentials used for authentication.
Status: "True" if credentials are valid; "False" if they are invalid.
Reason includes:
"BindCredentialsValid": Authentication credentials are valid.
"BindCredentialsInvalid": Authentication issues detected with bind credentials.

false

DirectoryService.status.conditions[index]

Condition contains details for one aspect of the current state of this API Resource.

Name

Type

Description

Required

lastTransitionTime

string

Format: date-time

true

message

string

message is a human readable message indicating details about the transition. This may be an empty string.

true

reason

string

true

status

enum

status of the condition, one of True, False, Unknown.

Enum: True, False, Unknown

true

type

string

true

observedGeneration

integer

Format: int64
Minimum: 0

false

InfrastructurePolicy

InfrastructurePolicy defines constraints on which vSphere infrastructure resources to expose for usage by data service workloads

Name Type Description Required

apiVersion

string

infrastructure.dataservices.vmware.com.v1alpha1

true

kind

string

InfrastructurePolicy

true

object

Refer to the Kubernetes API documentation for the fields of the metadata field.

true

spec

object

Spec is the desired state of the InfrastructurePolicy

false

status

object

Status reports the observed state of the InfrastructurePolicy

false

InfrastructurePolicy.spec

Spec is the desired state of the InfrastructurePolicy

Name Type Description Required

enableCrossClusterHA

boolean

EnableCrossClusterHA specifies if the InfrastructurePolicy is configured to support Cross vSphere Cluster HA. Setting this to "true" will trigger several context specific validations on this resource. Defaults to false.

Exactly 3 placements must be provided.
The same portgroup must be used in all 3 placements
Only 1 portgroup can be specified within each placement
The same datacenter must be used in all 3 placements

Required.

Default: false

true

enabled

boolean

Enabled specifies if the InfrastructurePolicy is available for use. Must be true to allow clusters to use this InfrastructurePolicy. If set to false existing clusters can continue to reference it but it will not be an acceptable reference for new clusters.

Required.

Mutable.

true

ipRanges

[]object

IPRanges are the list of IPRange configurations available for use by data service workloads. Once a cluster is using the policy IPRanges can only be added to this list, not removed.

Required.

Mutable.

true

placements

[]object

Placements are the list of Placement configurations available for use by the InfrastructurePolicy. Once a cluster is using the policy Placements can only be added to this list, not removed

Required.

Mutable.

true

storagePolicies

[]string

StoragePolicies are the list of StoragePolicyReference configurations that can be used to deploy a data service workload. Once a cluster is using the policy StoragePolicies can only be added to this list, not removed.

Required.

Mutable.

true

vmClasses

[]object

VMClasses are the list of VMClass references available for use by a data service workload. Once a cluster is using the policy VMClasses can only be added to this list, not removed.

Required.

Mutable.

true

description

string

Human-readable description of the infrastructure policy.

Optional.

Mutable.

false

InfrastructurePolicy.spec.ipRanges[index]

IPRange associates an IP Pool name with the PortGroups that can use the IP Pool.

Name Type Description Required

poolName

string

PoolName is the name of the IP Pool to be associated with specified PortGroups.

Required.

Mutable.

true

portGroups

[]object

PortGroups is the list of IPRangePortGroups associated with the specified PoolName.

Required.

Mutable.

true

InfrastructurePolicy.spec.ipRanges[index].portGroups[index]

IPRangePortGroup specifies which datacenters' distributed port groups can be used by the data service workloads.

Name

Type

Description

Required

datacenter

string

Datacenter is the datacenter where the distributed port group is defined

true

moid

string

MOID is the managed object ID of a distributed port group. This must be used when NSX manages portgroups that have the same name. If the MOID is provided, then Name is ignored.

Optional.

Mutable.

false

name

string

Name is the name of a distributed port group

Optional.

Mutable.

false

InfrastructurePolicy.spec.placements[index]

Placement is the set of resources within a single vSphere cluster

Name

Type

Description

Required

cluster

string

Required.

Mutable.

true

datacenter

string

Required.

Mutable.

true

portGroups

[]string

PortGroups are the PortGroup names or MOIDs that can be used by the data service workload.

Required.

Mutable.

true

folder

string

Folder is the VM and Template Folder name to be used to organize VMs in the vSphere UI. Optional, VMs will be created in the root datacenter folder if not provided. Provide the full qualified path of the folder starting from the Datacenter. Any slash in the name is considered a path delimiter, use the literal '%2f' if need to represent a slash in the folder name.

Optional.

Mutable.

false

resourcePool

string

ResourcePool is the Cluster’s resource pool to be used when placing the data service workload. If the resource pool is not provided, the whole cluster is used as the placement.

Optional.

Mutable.

false

InfrastructurePolicy.spec.vmClasses[index]

LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.

Name

Type

Description

Required

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names ?

false

InfrastructurePolicy.status

Status reports the observed state of the InfrastructurePolicy

Name Type Description Required

alertLevel

string

AlertLevel indicates the level of the most severe alert raised for an infrastructure policy.

false

[]object

Conditions contain the list of observed conditions of the InfrastructurePolicy.

The following statuses can occur.

Ready indicates that the infrastructure policy is valid and ready to use.

Invalid indicates that the infrastructure policy has an invalid state.

false

resources

object

false

InfrastructurePolicy.status.conditions[index]

Condition contains details for one aspect of the current state of this API Resource.

Name

Type

Description

Required

lastTransitionTime

string

Format: date-time

true

message

string

message is a human readable message indicating details about the transition. This may be an empty string.

true

reason

string

true

status

enum

status of the condition, one of True, False, Unknown.

Enum: True, False, Unknown

true

type

string

true

observedGeneration

integer

Format: int64
Minimum: 0

false

InfrastructurePolicy.status.resources

Name

Type

Description

Required

ipRanges

[]object

IPRanges is the list of IPRanges configurations available for use by the InfrastructurePolicy. These are realized versions of the placement object from spec.ipRanges. MOIDs have been retrieved and saved for all paths to make infra polices resilient to files being renamed or moved

false

placements

[]object

PlacementsStatus is the list of Placement configurations available for use by the InfrastructurePolicy. These are realized versions of the placement object from spec.placement. Moids have been retrieved and saved for all paths to make infra polices resilient to files being renamed or moved

false

InfrastructurePolicy.status.resources.ipRanges[index]

IPRangeStatus is a realized version of IPRange from the spec.

Name

Type

Description

Required

poolName

string

true

portGroups

[]object

true

InfrastructurePolicy.status.resources.ipRanges[index].portGroups[index]

IPRangePortGroupStatus is a realized version of IPRangePortGroup from the spec. All paths have been converted to MOIDs to make them resilient to rename and moves. For details on any single field please look at the details for the same object in spec.IPRangePortGroup

Name

Type

Description

Required

datacenter

object

Datacenter is the datacenter where the distributed port group is defined

true

moid

string

false

name

string

false

InfrastructurePolicy.status.resources.ipRanges[index].portGroups[index].datacenter

Datacenter is the datacenter where the distributed port group is defined

Name

Type

Description

Required

inventoryPath

string

InventoryPath is the up to date location of this resource. In the case where a resource has been moved/renamed since the spec was submitted this path will not match what is in the spec and a condition may be raised The information contained on this field will be used to provision infrastructure resources.

true

moid

string

MOID the vSphere Managed Object ID of the resource

true

InfrastructurePolicy.status.resources.placements[index]

PlacementStatus is a realized version of placement from the spec. All paths have been converted to MOIDs to make them resilient to rename and moves. For details on any single field please look at the details for the same object in spec.placements

Name

Type

Description

Required

cluster

object

Resource represents an object with inventory path and moid

true

datacenter

object

Resource represents an object with inventory path and moid

true

folder

object

Resource represents an object with inventory path and moid

true

portGroups

[]object

true

resourcePool

object

Resource represents an object with inventory path and moid

false

InfrastructurePolicy.status.resources.placements[index].cluster

Resource represents an object with inventory path and moid

Name

Type

Description

Required

inventoryPath

string

true

moid

string

MOID the vSphere Managed Object ID of the resource

true

InfrastructurePolicy.status.resources.placements[index].datacenter

Resource represents an object with inventory path and moid

Name

Type

Description

Required

inventoryPath

string

true

moid

string

MOID the vSphere Managed Object ID of the resource

true

InfrastructurePolicy.status.resources.placements[index].folder

Resource represents an object with inventory path and moid

Name

Type

Description

Required

inventoryPath

string

true

moid

string

MOID the vSphere Managed Object ID of the resource

true

InfrastructurePolicy.status.resources.placements[index].portGroups[index]

Resource represents an object with inventory path and moid

Name

Type

Description

Required

inventoryPath

string

true

moid

string

MOID the vSphere Managed Object ID of the resource

true

InfrastructurePolicy.status.resources.placements[index].resourcePool

Resource represents an object with inventory path and moid

Name

Type

Description

Required

inventoryPath

string

true

moid

string

MOID the vSphere Managed Object ID of the resource

true

IPPool

IPPool defines the details of an IP Pool that can be used to deploy workload/database clusters

Name Type Description Required

apiVersion

string

infrastructure.dataservices.vmware.com.v1alpha1

true

kind

string

IPPool

true

object

Refer to the Kubernetes API documentation for the fields of the metadata field.

true

spec

object

Spec is the desired state of an IPPool

false

status

object

Status reports the observed state of the IPPool

false

IPPool.spec

Spec is the desired state of an IPPool

Name Type Description Required

addresses

[]string

Addresses is a list of IP addresses that can be assigned. This set of addresses can be non-contiguous. Please note that if multiple IPPools are created which contain the same IP addresses no cross validation between pools is performed. Only IPs which are not in use can be removed from pools.

Example

Addresses -

- 10.0.1.10-10.0.1.100

- 10.0.2.1

- 10.0.2.2

Required.

Mutable.

true

gateway

string

Gateway is the network gateway to use.

Example

10.0.0.1

Required.

Mutable.

true

prefix

integer

Prefix is the network prefix to use. It refers to the number of leading bits in the IP address.

Example

24 means a subnet mask of 255.255.255.0

22 means a subnet mask of 255.255.252.0

Required.

Mutable.

Minimum: 1
Maximum: 128

true

IPPool.status

Status reports the observed state of the IPPool

Name Type Description Required

alertLevel

string

AlertLevel indicates the level of the most severe alert raised for an IP Pool.

false

[]object

Conditions contain the list of observed conditions of the IPPool.

InProgress indicates that the ip pool is currently being created.

Ready indicates that the ip pool is ready to be used.

Failed indicates that the ip pool creation has failed, and it cannot be used for providing IP addresses.

Deleting indicates that the ip pool has been requested to be deleted and the operation has not completed yet.

OverProvisioned indicates that more IPs are being used in the IP Pool than are available to perform updates on the databases.

using the IP Pool

false

ipAddresses

object

IpAddresses reports the count of total, free, used and out of range IPs in the pool.

false

IPPool.status.conditions[index]

Condition contains details for one aspect of the current state of this API Resource.

Name

Type

Description

Required

lastTransitionTime

string

Format: date-time

true

message

string

message is a human readable message indicating details about the transition. This may be an empty string.

true

reason

string

true

status

enum

status of the condition, one of True, False, Unknown.

Enum: True, False, Unknown

true

type

string

true

observedGeneration

integer

Format: int64
Minimum: 0

false

IPPool.status.ipAddresses

IpAddresses reports the count of total, free, used and out of range IPs in the pool.

Name

Type

Description

Required

free

integer

Free is the count of unallocated IPs in the pool.

true

outOfRange

integer

Out of Range is the count of allocated IPs in the pool that is not contained within spec.Addresses. Legacy field

true

total

integer

Total is the total number of IPs configured for the pool.

true

used

integer

Used is the count of allocated IPs in the pool.

true

VMClass

VMClass defines VMs which are available to host dataservice workloads

Name Type Description Required

apiVersion

string

infrastructure.dataservices.vmware.com.v1alpha1

true

kind

string

VMClass

true

object

Refer to the Kubernetes API documentation for the fields of the metadata field.

true

spec

object

Spec is the desired state of the VMClass

false

status

object

Status reports the observed state of the VMClass

false

VMClass.spec

Spec is the desired state of the VMClass

Name

Type

Description

Required

requests

object

Requests defines the amount of resources that should be allocated and reserved when this class is consumed

false

VMClass.spec.requests

Requests defines the amount of resources that should be allocated and reserved when this class is consumed

Name Type Description Required

cpu

string

CPU defines the amount of vCPU that should be used when this class is consumed. Once a cluster is created this resource will be reserved on the underlying ESXI host. It should be represented as an integer, like 2. Kubernetes style resource capacity specifiers are not supported.

false

memory

string

Memory defines the amount of memory, in Gib that should be used when this class is consumed. Once a cluster is created this resource will be reserved on the underlying ESXI host. It should be represented as an integer, like 16. Kubernetes style resource capacity specifiers are not supported.

false

VMClass.status

Status reports the observed state of the VMClass

Name

Type

Description

Required

[]object

Conditions contain the list of observed conditions of the VMClass.

false

VMClass.status.conditions[index]

Condition contains details for one aspect of the current state of this API Resource.

Name

Type

Description

Required

lastTransitionTime

string

Format: date-time

true

message

string

message is a human readable message indicating details about the transition. This may be an empty string.

true

reason

string

true

status

enum

status of the condition, one of True, False, Unknown.

Enum: True, False, Unknown

true

type

string

true

observedGeneration

integer

Format: int64
Minimum: 0

false

objectstores.dataservices.vmware.com/v1alpha1

Resource Types:

MinioProvider

MinioProvider

MinioProvider is the Schema for the minioproviders API. It represents the desired specification and observed status of a MinIO cluster.

Name Type Description Required

apiVersion

string

objectstores.dataservices.vmware.com.v1alpha1

true

kind

string

MinioProvider

true

object

Refer to the Kubernetes API documentation for the fields of the metadata field.

true

spec

object

MinioProviderSpec defines the spec of the MinioProvider.

true

status

object

MinioProviderStatus describes the observed status of the MinioProvider.

false

MinioProvider.spec

MinioProviderSpec defines the spec of the MinioProvider.

Name

Type

Description

Required

license

object

License is the license required to start and run the MinIO Enterprise edition.

Mutable.

true

pools

[]object

Pools defines the object store pools.

Pool is a group of machines providing storage and processing capacity to a MinIO cluster. Pools are used to expand the cluster capacity, since neither the number of nodes of a cluster, nor the number of disks of a node can be changed on a running cluster. Users can add new pools to grow capacity or migrate.

It is desirable that characteristics on all the pool instances to be the same, so that all objects operations behave identically. Migrations are an exception, since new pools with new characteristics can be added, and the old pools being decommissioned after the migration

We want changes in behavior to be intentional thru selection and not on-accident.

true

version

string

Version is the version of the minio object store service.

true

controlPlane

object

ControlPlane contains the infrastructure components for control plane.

false

description

string

Description is a short description of this MinIO cluster.

false

erasureCodeParity

integer

ErasureCodeParity has the parity level of all pools that are part of the provider. MinIO enforces the same parity level on all pools.

Immutable.

Optional. If not specified, EC:1 is used. See https://min.io/docs/minio/linux/reference/minio-server/settings/storage-class.html for more details

Supported options are: - 1 (EC:1) - 2 (EC:2)

false

fqdn

string

FQDN allows setting Fully Qualified Domain Name for the object store instance which will be used to create console path and S3 compliant paths to bucket/objects. FQDN : example.com

Console : https://console.example.com

S3 API : https://storage.example.com

S3 Paths:

https://storage.example.com/mybucket/object.txt Path Style Access
https://mybucket.storage.example.com/object.txt Virtual Host Style Access

false

tls

object

TLS allows specifying a certificate that will be presented to users of the MinIO cluster.

Cert should contain the domain for console, storage api, and a wildcard for storage. Using example.com as FQDN, the certificate SAN should provide:

console.example.com
storage.example.com
*.storage.example.com

false

MinioProvider.spec.license

License is the license required to start and run the MinIO Enterprise edition.

Mutable.

Name

Type

Description

Required

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names ?

false

MinioProvider.spec.pools[index]

Name

Type

Description

Required

diskSize

int or string

DiskSize defines the size of the PVC used by each server.

Immutable

true

object

InfrastructurePolicy defines the infrastructure policy name to use for the pool.

Immutable.

true

name

string

Name a unique identifier for this pool.

Immutable

true

serverCount

integer

ServerCount defines the number of VMs of the MinIO pool.

Immutable

true

storagePolicyName

string

StoragePolicyName defines the storage policy to use for the pool. Should be the same across all pools to guarantee consistency. Can be different if the user intends to decommission an older pool. E.g.: StoragePolicy A might be using spinning disks and StoragePolicy B is your new all-flash array. If we create a pool in each, then objects landing across those pools will behave differently. But that might be your intent (decommissioning).

Immutable.

true

vmClass

object

VMClass defines the VM class size to use for the pool. Should be the same across all pools to guarantee consistency. Can be different if the user intends to decommission an older pool.

false

MinioProvider.spec.pools[index].infrastructurePolicy

InfrastructurePolicy defines the infrastructure policy name to use for the pool.

Immutable.

Name

Type

Description

Required

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names ?

false

MinioProvider.spec.pools[index].vmClass

VMClass defines the VM class size to use for the pool. Should be the same across all pools to guarantee consistency. Can be different if the user intends to decommission an older pool.

Name

Type

Description

Required

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names ?

false

MinioProvider.spec.controlPlane

ControlPlane contains the infrastructure components for control plane.

Name

Type

Description

Required

object

InfrastructurePolicy defines the infrastructure policy name to use for the control plane.

Immutable.

true

storagePolicyName

string

StoragePolicyName defines the storage policy to use for the control plane.

Immutable.

true

MinioProvider.spec.controlPlane.infrastructurePolicy

InfrastructurePolicy defines the infrastructure policy name to use for the control plane.

Immutable.

Name

Type

Description

Required

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names ?

false

MinioProvider.spec.tls

TLS allows specifying a certificate that will be presented to users of the MinIO cluster.

Cert should contain the domain for console, storage api, and a wildcard for storage. Using example.com as FQDN, the certificate SAN should provide:

console.example.com
storage.example.com
*.storage.example.com

Name

Type

Description

Required

disableTLS

boolean

DisableTLS disables tls.

false

secretName

string

SecretName is the name of a Secret resource present in the same namespace as the object store cluster, describing a custom certificate.

If the ca.crt is provided in the input secret, we simply copy it to the .connection.tlsSecretName of the MinioProvider. If the ca.crt is not provided in the input secret, we need to check if the tls.crt is self-signed or its last certificate in its chain is a CA. If it is self-signed, we use that as the ca.crt in the status.connection.tlsSecretName. If the last cert in the chain is a CA, we use that as the ca.crt in the .connection.tlsSecretName. If neither is true, there is an error.

Mutable. To update a custom certificate, either refer to a new Secret, or update the already referenced one. If the object store cluster will be accessed by IP, the TLS configuration needs to be applied after initial creation, because the IP can be retrieved only then, so it can be encoded in the certificate.

false

MinioProvider.status

MinioProviderStatus describes the observed status of the MinioProvider.

Name Type Description Required

[]object

Conditions contains the list of observed conditions on the MinIO cluster.

Ready: Indicates that the MinIO cluster has been successfully created and is ready for use.

true

connection

object

Connection contains the details for connecting to the instance from a client.

false

nodes

[]object

Nodes represents the underlying infrastructure of a minio cluster.

false

pools

[]object

Pools provides the status of all the MinIO pools.

false

MinioProvider.status.conditions[index]

Condition contains details for one aspect of the current state of this API Resource.

Name

Type

Description

Required

lastTransitionTime

string

Format: date-time

true

message

string

message is a human readable message indicating details about the transition. This may be an empty string.

true

reason

string

true

status

enum

status of the condition, one of True, False, Unknown.

Enum: True, False, Unknown

true

type

string

true

observedGeneration

integer

Format: int64
Minimum: 0

false

MinioProvider.status.connection

Connection contains the details for connecting to the instance from a client.

Name

Type

Description

Required

apiAccess

object

ApiAccess provides the host ("https://storage.FQDN") and addresses ("https://192.168.0.10") of the Object store API

true

consoleAccess

object

ConsoleAccess provides the host ("https://console.FQDN") and address ("https://192.168.0.11") of the Object Store Console

true

tlsSecretName

string

TLSSecretName is the name of the secret containing the TLS certificate (ca.crt).

false

MinioProvider.status.connection.apiAccess

ApiAccess provides the host ("https://storage.FQDN") and addresses ("https://192.168.0.10") of the Object store API

Name

Type

Description

Required

addresses

[]string

Addresses provides the list of ip addresses for API access

false

host

string

Host provides host for API access

false

MinioProvider.status.connection.consoleAccess

ConsoleAccess provides the host ("https://console.FQDN") and address ("https://192.168.0.11") of the Object Store Console

Name

Type

Description

Required

address

string

Address provides the ip address for console access

false

host

string

Host provides host for console access

false

MinioProvider.status.nodes[index]

Node represents the underlying infrastructure of a workload cluster

Name

Type

Description

Required

datacenter

string

Datacenter is the name or inventory path of the datacenter in which the virtual machine is created/located.

false

datastore

string

Datastore is the name or inventory path of the datastore in which the virtual machine is created/located.

false

folder

string

Folder is the name or inventory path of the folder in which the virtual machine is created/located.

false

network

object

Network is the network configuration for this VM.

false

resourcePool

string

ResourcePool is the name or inventory path of the resource pool in which the virtual machine is created/located.

false

server

string

Server is the IP address or FQDN of the vSphere server on which the virtual machine is created/located.

false

storagePolicyName

string

StoragePolicyName of the storage policy to use with this Virtual Machine

false

vmMoid

string

VmMoid is the VM’s Managed Object Reference on vSphere.

false

vmName

string

VmName is the name of the virtual machine on vSphere.

false

vmRole

string

VMRole identifies the role VM plays in the workload cluster. like ControlPlane, Worker.

false

MinioProvider.status.nodes[index].network

Network is the network configuration for this VM.

Name

Type

Description

Required

devices

[]object

Devices is the list of network devices used by the virtual machine.

false

MinioProvider.status.nodes[index].network.devices[index]

NetworkDevice defines the network configuration for a virtual machine’s network device.

Name

Type

Description

Required

ipPool

string

IPPool is the name of the IP Pool that was used to claim an IP address for the VM.

false

networkName

string

NetworkName is the name of the vSphere network to which the device will be connected.

false

MinioProvider.status.pools[index]

Name

Type

Description

Required

failureTolerance

integer

FailureTolerance provides the remaining # of server failure tolerance of the pool.

true

poolName

string

PoolName provides the name of the pool.

true

serversOnline

integer

ServersOnline provides the total # of servers online in the pool.

true

state

string

State has the current state of the pool.

true

storageEfficiency

string

StorageEfficiency provides the storage efficiency of the pool.

true

observability.dataservices.vmware.com/v1alpha1

Resource Types:

LogBundle

LogBundle

LogBundle defines a log bundle collection request to DSM A log bundle contains the object specific logs (e.g. DB engine logs for databases). LogBundle CR cannot be modified after creation.

Name Type Description Required

apiVersion

string

observability.dataservices.vmware.com.v1alpha1

true

kind

string

LogBundle

true

object

Refer to the Kubernetes API documentation for the fields of the metadata field.

true

spec

object

LogBundleSpec defines the details, such as the RetentionPeriod and target of the log bundle which will be created

false

status

object

LogBundleStatus reports the observed state of the LogBundle

false

LogBundle.spec

LogBundleSpec defines the details, such as the RetentionPeriod and target of the log bundle which will be created

Name Type Description Required

retentionPeriod

string

RetentionPeriod determines the duration of time until the log bundle gets expired. The retention period starts from the collection completion time. After it expires, DSM will change log bundle status to Expired, and the log bundle will be deleted from storage. Duration is a wrapper around Go style time.Duration. Example: "48h10m" The default retention period is 6 hours, the minimum is 10 minutes, and the maximum is 7 days. Any value out of those limit will result in validation failure.

Immutable.

Default: 6h0m0s

false

targetRef

object

TargetRef refers to the resource for which the log bundle is collected. The resource needs to be in the same namespace as the log bundle. Only the Kind - the type of data service resource (for example PostgresCluster, MySqlCluster,etc) and Name (name of the resource) fields are required.

Example:

targetRef:
  kind: "PostgresCluster"
  name: "example-db"

Required.

Immutable.

false

LogBundle.spec.targetRef

Example:

targetRef:
  kind: "PostgresCluster"
  name: "example-db"

Required.

Immutable.

Name

Type

Description

Required

apiVersion

string

API version of the referent.

false

fieldPath

string

false

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

false

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

false

namespace

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

false

resourceVersion

string

Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

false

uid

string

UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids

false

LogBundle.status

LogBundleStatus reports the observed state of the LogBundle

Name Type Description Required

collectionCompletedAt

string

CollectionCompletedAt indicates the time when the log bundle collection has completed

Format: date-time

false

collectionStartedAt

string

CollectionStartedAt indicates the time when the log bundle collection has started

Format: date-time

false

[]object

Conditions contain the list of observed conditions of the LogBundle.

The following statuses can occur.

Ready: Indicates if the LogBundle status.
Status: "True" when the LogBundle collection is ready. "False" otherwise.
Reason with status "True" includes:
"PartialSuccess": Logs were partially collected, some logs are missing
"Ready": All logs were collected
"Expired": The log bundle has expired and was deleted from the output storage.
Reason with status "False" includes:
"Failed": If the log bundle collection has failed, reporting status "False"
"InProgress": If the log bundle collection is still in progress
"Deleting": If the log bundle is being deleted

false

expiresAt

string

ExpiresAt indicates the time when the log bundled will expire and be deleted from the output storage

Format: date-time

false

logSecretRef

object

LogSecretRef is a reference to the v1.Secret living in the same namespace holding the output log bundle if such exists The download URL for the log bundle can be found in stringData section of the secret with key "downloadURL"

false

LogBundle.status.conditions[index]

Condition contains details for one aspect of the current state of this API Resource.

Name

Type

Description

Required

lastTransitionTime

string

Format: date-time

true

message

string

message is a human readable message indicating details about the transition. This may be an empty string.

true

reason

string

true

status

enum

status of the condition, one of True, False, Unknown.

Enum: True, False, Unknown

true

type

string

true

observedGeneration

integer

Format: int64
Minimum: 0

false

LogBundle.status.logSecretRef

Name

Type

Description

Required

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names ?

false

releases.dataservices.vmware.com/v1alpha2

Resource Types:

DataServiceVersion

DataServiceVersion

DataServiceVersion is a single supported version of a data service.

The DataServiceVersion resources are exclusively created by the Data Services Manager in response to the release of a new version, to provide semi-structured information about the supported versions to API clients.

Only the spec.approval field can be modified, and only by DSM Administrators. All other fields are read-only.

Name Type Description Required

apiVersion

string

releases.dataservices.vmware.com.v1alpha2

true

kind

string

DataServiceVersion

true

object

Refer to the Kubernetes API documentation for the fields of the metadata field.

true

spec

object

DataServiceVersionSpec represents the spec of the Data Service

true

status

object

DataServiceVersionStatus represents the status of the Data Service

false

DataServiceVersion.spec

DataServiceVersionSpec represents the spec of the Data Service

Name

Type

Description

Required

approval

enum

Indicates what operations is this version enabled for. The valid values are:

CreateDisabled : the version cannot be used to create new clusters. All other operations are enabled, including the upgrade of and the restore from existing clusters.
Preview : all operations are allowed, but the version is not (yet) recommended by the administrator for general use. The version does not become a target for automatic upgrade (unless there’s a newer Enabled version and the cluster has to go through the Preview version in order to reach that newer version).
Enabled : all operations are allowed, the version is enabled for general use, and it becomes a target for automatic upgrade. DSM will roll out upgrades across all clusters eligible for automatic upgrade to this version within their own maintenance windows.

Administrators can modify this field to enable or disable users to create clusters from this version.

Enum: CreateDisabled, Preview, Enabled

true

engineVersion

string

The engine version corresponding to this DataServiceVersion. The field is read-only.

true

release

string

The Data Services Manager release that this version is part of. The field is read-only.

true

releaseDate

string

The date the version’s corresponding release was assembled. This is not necessarily the date when it was made generally available. The field is read-only.

true

releaseNotesLink

string

Link (URL) to the release notes for the version’s corresponding release. The field is read-only.

true

serviceType

string

The engine type of the data service corresponding to this version. The Data Services Manager supports:

vmware-sql-postgres : managed PostgreSQL database cluster.
vmware-sql-mysql : managed MySQL database cluster.

The field is read-only.

true

version

string

The full version string that the users need to use when creating clusters of this version. The field is read-only.

true

DataServiceVersion.status

DataServiceVersionStatus represents the status of the Data Service

Name

Type

Description

Required

[]object

Conditions represent the state of the Data Service Version

false

linkedRegistries

[]object

LinkedRegistries show the ImageRegistries that are linked to this DataServiceVersion It is updated when the selector rules in the ImageRegistry match / unmatch the labels in the DataServiceVersion

false

requiredImages

[]object

RequiredImages contains information about the container images that apply to this data service version.

false

requiredReleases

[]string

Additional DSV that must be present and enabled for creation of this DSV to occur

false

DataServiceVersion.status.conditions[index]

Condition contains details for one aspect of the current state of this API Resource.

Name

Type

Description

Required

lastTransitionTime

string

Format: date-time

true

message

string

message is a human readable message indicating details about the transition. This may be an empty string.

true

reason

string

true

status

enum

status of the condition, one of True, False, Unknown.

Enum: True, False, Unknown

true

type

string

true

observedGeneration

integer

Format: int64
Minimum: 0

false

DataServiceVersion.status.linkedRegistries[index]

Name

Type

Description

Required

kind

string

Kind is the type of resource being referenced

true

name

string

Name is the name of resource being referenced

true

apiGroup

string

APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.

false

namespace

string

Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace’s owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.

false

DataServiceVersion.status.requiredImages[index]

Image provides the information regarding a specific Container Image

example: docker pull <registry-endpoint>/repo/relativePath/name:version

Name

Type

Description

Required

checksum

string

Checksum of the container image

false

fileName

string

FileName of the container image

false

relativePath

string

Relative path of the container image

false

status

string

Status of the container image

Ready: Image is ready for provisioning

SyncFailed: Image failed to sync

false

tag

string

Tag of the container image

false

system.dataservices.vmware.com/v1alpha1

Resource Types:

DsmSystemConfig
ImageRegistry
VCenterBinding

DsmSystemConfig

Name Type Description Required

apiVersion

string

system.dataservices.vmware.com.v1alpha1

true

kind

string

DsmSystemConfig

true

object

Refer to the Kubernetes API documentation for the fields of the metadata field.

true

spec

object

DsmSystemConfigSpec defines the desired state of the DsmSystemConfig. Spec holds the Dsm Provider appliance configurations. Only one instance of this Resource exists with the name 'dsm-system-config'

false

status

object

DsmSystemConfigStatus describes the observed status of the DsmSystemConfig.

false

DsmSystemConfig.spec

DsmSystemConfigSpec defines the desired state of the DsmSystemConfig. Spec holds the Dsm Provider appliance configurations. Only one instance of this Resource exists with the name 'dsm-system-config'

Name Type Description Required

dsmProviderId

string

DSMProviderId defines the unique id of the DSM Provider appliance.

Immutable

true

gateway

string

GATEWAY defines the IPv4 gateway of the DSM Provider appliance.

Immutable

true

string

IP defines the IPv4 address of the DSM Provider appliance.

Immutable

true

netmask

string

NETMASK defines the IPv4 netmask of the DSM Provider appliance.

Immutable

true

ceipConsent

boolean

CEIPConsent defines the user’s consent for data collection from Provider appliance.

Mutable

false

dnsNames

[]string

One or more DNS names / FQDNs of the DSM Provider appliance.

These DNS names will be included in the SAN field of the TLS certificate if auto-generated by DSM and in the Provider settings displayed in DSM UI.

If a custom TLS certificate is provided, it is important its SAN field to match the DNS names provided here, so clients can ensure a secure connection.

Mutable. When updated, DSM will re-generate the TLS certificate if no custom certificate is provided.

false

dnsServers

[]string

DNSServers defines the IP address(es) of the DNS server(s) used by DSM. Example

DNSServer -

- 8.8.8.8

- 10.0.2.2

Mutable

Default: []

false

externalLogDestination

object

ExternalLogDestination contains details required to setup external log forwarding.

Mutable.

false

ntpServers

[]string

NTPServers defines the NTP server(s) used by DSM. Although the value is optional the value must be set for DSM to work properly. Example

NTPServer -

- time.google.com

- 10.0.2.2

Mutable

Default: []

false

tls

object

TLS refers to the SSL/TLS configuration of the DSM Provider appliance.

Mutable.

false

workloadNetworkCidr

string

WorkloadNetworkCIDR defines the CIDR range for the workload clusters network reserved for DSM use. This range must not clash with any other networks used by non-DSM components. This setting is global across all workload clusters created by DSM. The value must be in CIDR notation, e.g. 192.168.0.0/16

Can be set or modified only if there are no existing data services workloads.

Default: 192.168.0.0/16

false

DsmSystemConfig.spec.externalLogDestination

https://{host}:9543/api/v2/events/ingest/dsm

ExternalLogDestination contains details required to setup external log forwarding.

Mutable.

Name Type Description Required

enabled

boolean

Enabled is a boolean which indicates whether log forwarding is currently active.

Mutable.

Default: false

false

remoteLogDestinationProvider

string

RemoteLogDestinationProvider is the remote logging storage provider.

Supported values are syslog server,cfapi. Aria Operations for Logs on Prem uses cfapi as Provider type while syslog is a standard protocol for logging.

Required when Enabled is true.

Mutable.

false

remoteLogUrl

string

RemoteLogUrl is a connection string required by logging service. It is usually a combination of line protocol, host, port and uri (protocol)://(host):(port)(uri) Example syslog

tcp://host:port for syslog with tcp

udp://host:port for syslog with udp

ssl://host:port for syslog with tcp+ssl

Example cfapi

Depending on the logging service, the type of information it expects can be different.

Required when Enabled is true.

Mutable.

false

object

TrustBundle is a reference to a v1.ConfigMap containing a set of certificates to be trusted when validating the log forwarding endpoint TLS connection. If the provided RemoteLogUrl is configured with: - certificate signed by DSM trusted CA, TrustBundle must point to the predefined ConfigMap called trusted-root-ca in the dsm-system namespace. By default, DSM trusts all well-known OS-trusted CAs. If the certificate is signed by a custom CA then as a prerequisite the custom CA certificate must be added to trusted-root-ca by appending it to the value of key ca-bundle.crt. - certificate signed by authority that should not be globally trusted by DSM, TrustBundle reference must point to Configmap with key tls.crt that contains only Issuer certificate(s). If an end-entity (i.e. server) certificate is provided it must be issued by itself, i.e. self-signed.

Mutable.

false

DsmSystemConfig.spec.externalLogDestination.trustBundle

Mutable.

Name

Type

Description

Required

apiVersion

string

API version of the referent.

false

fieldPath

string

false

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

false

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

false

namespace

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

false

resourceVersion

string

Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

false

uid

string

UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids

false

DsmSystemConfig.spec.tls

TLS refers to the SSL/TLS configuration of the DSM Provider appliance.

Mutable.

Name

Type

Description

Required

secretName

string

The name of a Secret resource present in the 'dsm-system' namespace, describing a custom certificate.

Mutable. To update a custom certificate, either refer to a new Secret, or update the already referenced one. Updating any certificate causes a restart of the provider, making the DSM UI inaccessible for few seconds. Updating the CA is an intrusive operation which causes a rolling restart of all database clusters. CA updates might cause DB metrics loss for a few minutes. To avoid any impact it is recommended to set the CA before creating any database clusters.

false

DsmSystemConfig.status

DsmSystemConfigStatus describes the observed status of the DsmSystemConfig.

Name Type Description Required

alertLevel

enum

Enum: critical, warning, ok

false

[]object

Conditions contain the list of observed conditions of the DsmSystemConfig. The following statuses can occur.

Ready: Indicates if the DsmSystemConfig is fully operational.
Status: "True" when DsmSystemConfig is fully operational; "False" otherwise.
Reason includes:
"Ready": If the DsmSystemConfig is fully operational
"RootUserPasswordExpired": If the DSM provider appliance’s root password is expired. Critical alert is raised.
"NTPSyncFailed": If the DSM provider appliance’s system time is not synced with the spec.NTPServer. Critical alert is raised.
RootUserReady: Reflects the status of the DSM provider appliance’s root password expiry. It changes based on the number of days to the expiry of root user password.
Status: "False" if there are errors .
Reason includes:
"RootUserPasswordExpireSoon": DSM Provider appliance’s root user password expiry has reached the configured root password expiry threshold (in number of days).
"RootUserPasswordExpired": DSM Provider appliance’s root user password has expired.

false

minDataServiceRelease

string

MinDataServiceRelease is set when the DSM Provider starts successfully after a fresh install, and updated when the DSM Provider upgrade is successfully completed. Represents the minimum release version of data services (identified by the 'release' field of each DataServiceVersion) compatible with current DSM Provider version. DataServiceVersion whose release is lower than this value are not compatible with current version of DSM Provider.

false

rootUserExpiryDate

string

RootUserExpiryDate indicates the time when the DSM provider appliance root password is expected to expire.

Format: date-time

false

tlsSecretResourceVersion

string

TLSSecretResourceVersion is set only for DSM provider appliances with custom certificates. It represents the resource version of the Secret that was last applied for the DSM Provider appliance.

false

DsmSystemConfig.status.conditions[index]

Condition contains details for one aspect of the current state of this API Resource.

Name

Type

Description

Required

lastTransitionTime

string

Format: date-time

true

message

string

message is a human readable message indicating details about the transition. This may be an empty string.

true

reason

string

true

status

enum

status of the condition, one of True, False, Unknown.

Enum: True, False, Unknown

true

type

string

true

observedGeneration

integer

Format: int64
Minimum: 0

false

ImageRegistry

ImageRegistry is the Schema for the imageRegistry API Certain Data Services in DSM do not come with the container images bundled and instead rely on an external registry for the images. The ImageRegistry API offers a way to register an external registry in DSM and associate it with different Data Service Versions. The ImageRegistry must be compliant with Open Container Initiative Spec and Docker V2 API.

Name Type Description Required

apiVersion

string

system.dataservices.vmware.com.v1alpha1

true

kind

string

ImageRegistry

true

object

Refer to the Kubernetes API documentation for the fields of the metadata field.

true

spec

object

ImageRegistrySpec defines the spec of the ImageRegistry

true

status

object

ImageRegistryStatus contains the status of the ImageRegistry

false

ImageRegistry.spec

ImageRegistrySpec defines the spec of the ImageRegistry

Name Type Description Required

endpoint

string

Endpoint specifies the URL of the external image registry.

Mutable

true

object

Credentials contain the name of the secret object containing the credentials to access the images. Supported authentication type: - basic auth: username/password (secret should have data.username and data.password)

Mutable

false

dataServiceSelector

object

DataServiceSelector contains the kubernetes label selector rules that are used to map Data Service Versions to the ImageRegistry. This can be configured to be a many:many relationship, as in - multiple imageRegistries can be configured to link to one Data Service Version (Redundancy) - one ImageRegistry can target multiple Data Service Versions (Single Source).

Mutable

false

repo

string

Repo specifies the repository/project/namespace inside the image registry that contains the images. Example:

endpoint: registry.example.com / 10.10.10.10:9000

repo: dsm-images

image: operator:v1.2.3 (from DataServiceVersion)

Image will be located at registry.example.com/dsm-images/operator:v1.2.3 / 10.10.10.10:9000/dsm-images/operator:v1.2.3

Mutable

false

object

Mutable.

false

ImageRegistry.spec.credentials

Mutable

Name

Type

Description

Required

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names ?

false

ImageRegistry.spec.dataServiceSelector

Mutable

Name

Type

Description

Required

matchExpressions

[]object

matchExpressions is a list of label selector requirements. The requirements are ANDed.

false

matchLabels

map[string]string

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

false

ImageRegistry.spec.dataServiceSelector.matchExpressions[index]

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

Name

Type

Description

Required

key

string

key is the label key that the selector applies to.

true

operator

string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

true

values

[]string

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

false

ImageRegistry.spec.trustBundle

Mutable.

Name

Type

Description

Required

apiVersion

string

API version of the referent.

false

fieldPath

string

false

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

false

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

false

namespace

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

false

resourceVersion

string

Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

false

uid

string

UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids

false

ImageRegistry.status

ImageRegistryStatus contains the status of the ImageRegistry

Name

Type

Description

Required

alertLevel

string

AlertLevel indicates the level of the most severe alert raised for a database cluster.

false

[]object

false

ImageRegistry.status.conditions[index]

Condition contains details for one aspect of the current state of this API Resource.

Name

Type

Description

Required

lastTransitionTime

string

Format: date-time

true

message

string

message is a human readable message indicating details about the transition. This may be an empty string.

true

reason

string

true

status

enum

status of the condition, one of True, False, Unknown.

Enum: True, False, Unknown

true

type

string

true

observedGeneration

integer

Format: int64
Minimum: 0

false

VCenterBinding

VCenterBinding defines a binding configuration for vCenter.

Name Type Description Required

apiVersion

string

system.dataservices.vmware.com.v1alpha1

true

kind

string

VCenterBinding

true

object

Refer to the Kubernetes API documentation for the fields of the metadata field.

true

spec

object

VCenterBindingSpec defines the details, such as the Host, Thumbprint, and VCenterAdminSecret of the target vCenter where DSM workload clusters will be deployed and managed.

false

status

object

VCenterBindingStatus describes the observed status of the VCenterBinding.

false

VCenterBinding.spec

VCenterBindingSpec defines the details, such as the Host, Thumbprint, and VCenterAdminSecret of the target vCenter where DSM workload clusters will be deployed and managed.

Name Type Description Required

host

string

Host is the FQDN or IP address of the target vCenter where DSM workload clusters will be deployed. Must be present in the vCenter server’s certificate SAN extension.

Required

Mutable.

true

thumbprint

string

Thumbprint represents the SHA-256 Thumbprint of the target vCenter’s server leaf certificate, where the workload clusters are managed. This field is optional and is only necessary for the initial vCenter trust setup. Subsequently, DSM will fetch the root CA bundle from vCenter and use it to establish secure connections to vCenter.

Mutable.

false

vcenterAdminSecret

object

VCenterAdminSecret refers to the v1.Secret containing the administrator credentials for the vCenter where the workload clusters are managed. The data field of this Secret must contain both 'username' and 'password' keys as base64 encoded strings. This secret may be deleted by the client after successful creation of the DSM Service account and registration of the DSM Plugin in vCenter as indicated by this resource status condition Ready.

Mutable.

false

VCenterBinding.spec.vcenterAdminSecret

Mutable.

Name

Type

Description

Required

apiVersion

string

API version of the referent.

false

fieldPath

string

false

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

false

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

false

namespace

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

false

resourceVersion

string

Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

false

uid

string

UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids

false

VCenterBinding.status

VCenterBindingStatus describes the observed status of the VCenterBinding.

Name Type Description Required

alertLevel

string

AlertLevel indicates the level of the most severe alert raised for a vCenter Binding.

false

[]object

Conditions contain the list of observed conditions of the VCenterBinding.

The following statuses can occur.

Ready: Indicates if the VCenterBinding status.
Status: "True" when the Service Account is created and VC Plugin is registered; "False" otherwise.
Reason includes:
"Ready": If the Service Account is created and VC Plugin is registered.
"VcenterUnreachable": vCenter is not reachable from the DSM Provider.
"InvalidDNS": vCenter FQDN is not resolvable by the DNS Server in the Provider.
"InvalidThumbprint": The given thumbprint is not matching with the VCenter.
"VCenterCertificateError": The vCenter certificate might be not found/expired/SAN not matching with the vCenter Host.
"AdministratorUserNotFound": vCenter Administrator User credentials are required to create the VCenter Service Account.
"InvalidAdministratorCredentials": The given vCenter Administrator user credentials are not valid.
"InsufficientPrivileges": The given vCenter Administrator user doesn’t have the required privileges.
"RootCANotConfigured": vCenter Root CA is not configured.
"ServiceAccountNotCreated": vCenter Service Account not created.
"PluginNotRegistered": vCenter Plugin not registered.
"ServiceAccountRotationFailed": vCenter Service account rotation failed.
"VCenterAuthenticationFailed": vCenter Service account authentication failed.

false

lastServiceAccountRotationTime

string

LastServiceAccountRotationTime indicates the time when the last service account password was rotated.

Mutable.

Format: date-time

false

rootCa

object

RootCA is a reference to the v1.ConfigMap named 'vcenter-ca' containing the vCenter’s root certificate in the key named 'ca-bundle'.

Mutable.

false

vcenterInstanceUuid

string

VcenterInstanceUuid defines the target vCenter instance uuid.

Immutable

false

VCenterBinding.status.conditions[index]

Condition contains details for one aspect of the current state of this API Resource.

Name

Type

Description

Required

lastTransitionTime

string

Format: date-time

true

message

string

message is a human readable message indicating details about the transition. This may be an empty string.

true

reason

string

true

status

enum

status of the condition, one of True, False, Unknown.

Enum: True, False, Unknown

true

type

string

true

observedGeneration

integer

Format: int64
Minimum: 0

false

VCenterBinding.status.rootCa