API Reference
databases.dataservices.vmware.com/v1alpha1
Resource Types:
BackupLocation
BackupLocation contains access data for a remote storage location, supporting multiple cloud back-ends and holding all data required to access and perform 2-way authenticatation with the storage provider. All BackupLocation instances that can be used as a target for database cluster backups have the label 'dsm.vmware.com/database-backup-location=true'. In contrast, BackupLocation instances that are reserved for DSM control plane (i.e. Provider) use do not have this label set.
Name | Type | Description | Required |
---|---|---|---|
apiVersion |
string |
databases.dataservices.vmware.com.v1alpha1 |
true |
kind |
string |
BackupLocation |
true |
object |
Refer to the Kubernetes API documentation for the fields of the |
true |
|
object |
true |
BackupLocation.spec
Name | Type | Description | Required |
---|---|---|---|
object |
S3 contains S3-specific location details. At this time, S3 is the only supported storage protocol and this field has to be populated Mutable. |
true |
|
object |
Credentials is a reference to a Secret containing credentials to use when connecting to the Endpoint. At this time, S3 is the only supported storage protocol and the credentials required for it have to be populated. Mutable. |
true |
|
endpoint |
string |
Endpoint is the network endpoint to connect to for accessing the BackupLocation. Mutable. |
true |
object |
TrustBundle is a reference to a ConfigMap containing a set of certificates to be trusted when validating the Endpoint TLS connection. If the provided Endpoint is configured with: - certificate signed by DSM trusted CA, TrustBundle must point to the predefined ConfigMap called Mutable. |
true |
BackupLocation.spec.S3
S3 contains S3-specific location details. At this time, S3 is the only supported storage protocol and this field has to be populated
Mutable.
Name | Type | Description | Required |
---|---|---|---|
bucket |
string |
Bucket is the S3 bucket. It must exist in the configured S3 service. Mutable. |
true |
forcePathStyle |
boolean |
ForcePathStyle forces the use of path-style addressing for S3 operations. The path-style addressing is deprecated for the official AWS S3, but is required for many in-house S3-like implementations to work. A value of true forces the use of path-style S3 URLs. A value of false uses virtual hosted-style S3 URLs. Path-style URLs look like the following: https://bucket-endpoint.example.com/bucket Virtual hosted-style URLs look like the following: https://bucket.bucket-endpoint.example.com Mutable. Default - false.
|
false |
region |
string |
Region is the S3 region. Mutable. |
false |
BackupLocation.spec.credentials
Credentials is a reference to a Secret containing credentials to use when connecting to the Endpoint. At this time, S3 is the only supported storage protocol and the credentials required for it have to be populated.
Mutable.
Name | Type | Description | Required |
---|---|---|---|
apiVersion |
string |
API version of the referent. |
false |
fieldPath |
string |
If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. |
false |
kind |
string |
Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
false |
name |
string |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
false |
namespace |
string |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
false |
resourceVersion |
string |
Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency |
false |
uid |
string |
UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids |
false |
BackupLocation.spec.trustBundle
TrustBundle is a reference to a ConfigMap containing a set of certificates to be trusted when validating the Endpoint TLS connection. If the provided Endpoint is configured with: - certificate signed by DSM trusted CA, TrustBundle must point to the predefined ConfigMap called trusted-root-ca
in the dsm-system
namespace. By default, DSM trusts all well-known OS-trusted CAs. If the certificate is signed by a custom CA then as a prerequisite the custom CA certificate must be added to trusted-root-ca
by appending it to the value of key ca-bundle.crt
. - certificate signed by authority that should not be globally trusted by DSM, TrustBundle reference must point to Configmap with key tls.crt
that contains only Issuer certificate(s). If an end-entity (i.e. server) certificate is provided it must be issued by itself, i.e. self-signed.
Mutable.
Name | Type | Description | Required |
---|---|---|---|
apiVersion |
string |
API version of the referent. |
false |
fieldPath |
string |
If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. |
false |
kind |
string |
Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
false |
name |
string |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
false |
namespace |
string |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
false |
resourceVersion |
string |
Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency |
false |
uid |
string |
UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids |
false |
DatabaseConfig
Name | Type | Description | Required |
---|---|---|---|
apiVersion |
string |
databases.dataservices.vmware.com.v1alpha1 |
true |
kind |
string |
DatabaseConfig |
true |
object |
Refer to the Kubernetes API documentation for the fields of the |
true |
|
object |
DatabaseConfigSpec defines the desired state of the DatabaseConfig. |
false |
|
object |
DatabaseConfigStatus describes the observed status of the DatabaseConfig. |
false |
DatabaseConfig.spec
DatabaseConfigSpec defines the desired state of the DatabaseConfig.
Name | Type | Description | Required |
---|---|---|---|
params |
map[string]string |
Params is a map key value pairs which correspond to valid configurable parameters for a database. For MySQL these go into one of the For PostgreSQL: * these values go into the |
false |
DatabaseConfig.status
DatabaseConfigStatus describes the observed status of the DatabaseConfig.
Name | Type | Description | Required |
---|---|---|---|
[]object |
Conditions contain the list of observed conditions of the DatabaseConfig.
|
false |
DatabaseConfig.status.conditions[index]
Condition contains details for one aspect of the current state of this API Resource.
Name | Type | Description | Required |
---|---|---|---|
lastTransitionTime |
string |
lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
|
true |
message |
string |
message is a human readable message indicating details about the transition. This may be an empty string. |
true |
reason |
string |
reason contains a programmatic identifier indicating the reason for the condition’s last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. |
true |
status |
enum |
status of the condition, one of True, False, Unknown.
|
true |
type |
string |
type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) |
true |
observedGeneration |
integer |
observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
|
false |
MySQLCluster
MySQLCluster is the schema for the mysqlclusters API. A MySQLCluster represents the desired specification and the observed status of a MySQLCluster instance. A MySQLCluster is backed by one or more nodes containing the mysql service and supporting services managed as a single object by the Data Services Manager.
Name | Type | Description | Required |
---|---|---|---|
apiVersion |
string |
databases.dataservices.vmware.com.v1alpha1 |
true |
kind |
string |
MySQLCluster |
true |
object |
Refer to the Kubernetes API documentation for the fields of the |
true |
|
object |
MySQLClusterSpec defines the desired state of the MySQLCluster |
true |
|
object |
MySQLClusterStatus describes the observed status of the MySQLCluster |
false |
MySQLCluster.spec
MySQLClusterSpec defines the desired state of the MySQLCluster
Name | Type | Description | Required |
---|---|---|---|
object |
InfrastructurePolicy refers to the infrastructure policy resource used to create this cluster. Required - Must refer to a valid Immutable. |
true |
|
storagePolicyName |
string |
StoragePolicyName declares the name of the storage policy that should be used to create this postgres cluster. It must be part of the InfrastructurePolicy used by this cluster. Required - Must refer to a valid Immutable. |
true |
storageSpace |
string |
StorageSpace declares the disk size allocated to each node hosting the workload. You can express storage as a plain integer or as a fixed-point number using one of these suffixes - E, P, T, G, M, k. You can also use the power-of-two equivalents - Ei, Pi, Ti, Gi, Mi, Ki Range - 20Gi - 10Ti. Required. Mutable - (increase only). |
true |
version |
string |
Version declares the version of the database engine to be used. The list of supported engine versions is available in the VMware Data Services Manager UI. Required. Immutable. |
true |
object |
VMClass refers to the VM class that should be used to create this cluster. It must be part of the InfrastructurePolicy used by this cluster. Required - Must refer to a valid Mutable - (Only increases in resources are allowed). |
true |
|
object |
BackupConfig declares the cluster’s backup configuration details. If specified a Optional. Mutable. |
false |
|
object |
BackupLocation, if specified, must point to an existing BackupLocation custom resource in the same namespace as the cluster or in the dsm-system NS. It will be used by the 'BackupConfig', which must be specified whenever BackupLocation is specified. If specified, a Optional. Mutable. |
false |
|
object |
Identifier of the source cluster on which this cluster will be based on. Optional. Immutable. |
false |
|
object |
DatabaseConfig refers to the database config object that will be applied to this cluster. Database Config is used to apply custom params/configs to the database represented by this CR. A Database Config can only be applied to a single cluster at a time and cannot be deleted if it is in use by a cluster. The DatabaseConfig must exist in same namespace as cluster. Optional. Mutable. |
false |
|
description |
string |
Description contains the human-readable description of the cluster. Optional. Mutable. |
false |
object |
DirectoryService refers to the DirectoryService resource with LDAP or Active Directory settings used by this cluster. Optional. Mutable. |
false |
|
dnsNames |
[]string |
One or more DNS names / FQDNs for database access. These DNS names will be included in the SAN field of the TLS certificate if auto-generated by DSM. The first DNS name will also be included in the URL connection string displayed in DSM UI. If a custom TLS certificate is provided, it is important its SAN field to match the DNS names provided here, so clients can ensure a secure connection. Optional. Mutable. When updated, DSM will re-generate the TLS certificate if no custom certificate is provided. |
false |
object |
MaintenanceWindow refers to the System maintenance window. Enabled Maintenance Window will allow CVEs, bug fixes and new Lifecycle Management features for the VM, OS, any supporting software to be addressed. Database minor version upgrades can also be performed. Changes applied during this window should only result in minimum downtime when the database is deployed with replication. Optional. Mutable. |
false |
|
members |
integer |
The number of members for cluster. Could be Default - Mutable.
|
false |
object |
PlacementSelector refers to a placement declared in the InfrastructurePolicy. Usually this field should be left empty to allow the system to determine it automatically. A placement should be found in the Optional. Immutable. |
false |
|
object |
TLS refers to the SSL/TLS configuration of the database cluster. Optional. Mutable. |
false |
MySQLCluster.spec.infrastructurePolicy
InfrastructurePolicy refers to the infrastructure policy resource used to create this cluster.
Required - Must refer to a valid InfrastructurePolicy
.
Immutable.
Name | Type | Description | Required |
---|---|---|---|
name |
string |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
false |
MySQLCluster.spec.vmClass
VMClass refers to the VM class that should be used to create this cluster. It must be part of the InfrastructurePolicy used by this cluster.
Required - Must refer to a valid VMClass
.
Mutable - (Only increases in resources are allowed).
Name | Type | Description | Required |
---|---|---|---|
name |
string |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
false |
MySQLCluster.spec.backupConfig
BackupConfig declares the cluster’s backup configuration details.
If specified a BackupLocation
must also be specified.
Optional.
Mutable.
Name | Type | Description | Required |
---|---|---|---|
backupRetentionDays |
integer |
BackupRetentionDays describes the number of days to store backups Must be Required. Mutable.
|
false |
[]object |
Schedules user defined schedules of when the system will perform backups. Required. Mutable. |
false |
MySQLCluster.spec.backupConfig.schedules[index]
Name | Type | Description | Required |
---|---|---|---|
name |
string |
Name of the schedule. Required. Immutable. |
true |
schedule |
string |
The schedule in the form of a cron schedule. Required. Mutable. |
true |
type |
string |
Type of schedule. Can be Required. Immutable. |
true |
MySQLCluster.spec.backupLocation
BackupLocation, if specified, must point to an existing BackupLocation custom resource in the same namespace as the cluster or in the dsm-system NS. It will be used by the 'BackupConfig', which must be specified whenever BackupLocation is specified.
If specified, a backupConfig
must also be specified.
Optional.
Mutable.
Name | Type | Description | Required |
---|---|---|---|
name |
string |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
false |
MySQLCluster.spec.basedOn
Identifier of the source cluster on which this cluster will be based on.
Optional.
Immutable.
Name | Type | Description | Required |
---|---|---|---|
object |
Cluster contains the name of the source cluster and timestamp to use as the clone point. Optional. Immutable. |
true |
MySQLCluster.spec.basedOn.cluster
Cluster contains the name of the source cluster and timestamp to use as the clone point.
Optional.
Immutable.
Name | Type | Description | Required |
---|---|---|---|
name |
string |
Name is the name of the source cluster from which to restore. Required. Immutable. |
true |
timestamp |
string |
Timestamp is the point in time to restore from. The restore will happen to the last available recovery time before the given time. If timestamp is not provided restore will be initiated to the latest available recovery time. Optional. Immutable.
|
false |
MySQLCluster.spec.databaseConfig
DatabaseConfig refers to the database config object that will be applied to this cluster.
Database Config is used to apply custom params/configs to the database represented by this CR.
A Database Config can only be applied to a single cluster at a time and cannot be deleted if it is in use by a cluster.
The DatabaseConfig must exist in same namespace as cluster.
Optional.
Mutable.
Name | Type | Description | Required |
---|---|---|---|
name |
string |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
false |
MySQLCluster.spec.directoryService
DirectoryService refers to the DirectoryService resource with LDAP or Active Directory settings used by this cluster.
Optional.
Mutable.
Name | Type | Description | Required |
---|---|---|---|
apiVersion |
string |
API version of the referent. |
false |
fieldPath |
string |
If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. |
false |
kind |
string |
Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
false |
name |
string |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
false |
namespace |
string |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
false |
resourceVersion |
string |
Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency |
false |
uid |
string |
UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids |
false |
MySQLCluster.spec.maintenanceWindow
MaintenanceWindow refers to the System maintenance window. Enabled Maintenance Window will allow CVEs, bug fixes and new Lifecycle Management features for the VM, OS, any supporting software to be addressed. Database minor version upgrades can also be performed. Changes applied during this window should only result in minimum downtime when the database is deployed with replication.
Optional.
Mutable.
Name | Type | Description | Required |
---|---|---|---|
duration |
string |
Duration describes the duration of the maintenance window. Required. Mutable. |
true |
startDay |
enum |
StartDay describes the day of the week the maintenance window will commence. Can be any of Required. Mutable.
|
true |
startTime |
string |
StartTime describes the time of the day to start the maintenance window. Required. Mutable. |
true |
MySQLCluster.spec.placementSelector
PlacementSelector refers to a placement declared in the InfrastructurePolicy.
Usually this field should be left empty to allow the system to determine it automatically. A placement should be found in the InfrastructurePolicy
with the same datacenter, cluster and resource pool to be considered valid.
Optional.
Immutable.
Name | Type | Description | Required |
---|---|---|---|
cluster |
string |
Cluster is the datacenter’s cluster name to be used when placing the data service workload. Use the full qualified name of the cluster, relative to the datacenter. A cluster "Cluster1" inside a folder "clusters", should be declared as "clusters/Cluster1". Any slash in the name is considered a path delimiter, use the literal '%2f' if need to represent a slash in the cluster name. Required. Mutable. |
true |
datacenter |
string |
Datacenter is the vSphere Datacenter to be used when placing the data service workload. The full qualified path to the datacenter must be provided if the datacenter is placed inside a folder. Any slash in the name is considered a path delimiter, use the literal '%2f' if need to represent a slash in the datacenter name. Required. Mutable. |
true |
resourcePool |
string |
ResourcePool is the Cluster’s resource pool to be used when placing the data service workload. If the resource pool is not provided, the whole cluster is used as the placement. Optional. Mutable. |
false |
MySQLCluster.spec.tls
TLS refers to the SSL/TLS configuration of the database cluster.
Optional.
Mutable.
Name | Type | Description | Required |
---|---|---|---|
secretName |
string |
The name of a Secret resource present in the same namespace as the database cluster, describing a custom certificate. The expected format of the Secret is the same as the output Secrets created by cert-manager’s Certificate resource. It needs to have keys: tls.crt: PEM signed certificate chain tls.key: PEM private key ca.crt: PEM CA certificate The ca.crt is optional if there is at least one issuer certificate in the certificate chain (tls.crt key). That issuer can either be a self-signed leaf certificate, or an intermediate or root certificate authority. Optional. When omitted, DSM will auto-generate a certificate using its own internal certificate authority. When specified, DSM will override its auto-generated certificate and use the one described in the Secret. Mutable. To update a custom certificate, either refer to a new Secret, or update the already referenced one. If the database cluster will be accessed by IP, the TLS configuration needs to be applied after initial creation, because the IP can be retrieved only then, so it can be encoded in the certificate. |
false |
MySQLCluster.status
MySQLClusterStatus describes the observed status of the MySQLCluster
Name | Type | Description | Required |
---|---|---|---|
alertLevel |
string |
AlertLevel indicates the level of the most severe alert raised for a database cluster. |
false |
[]object |
AvailableUpgrades lists the valid version upgrades for the database cluster. The information here may be stale: when a Data Services Release is enabled or disabled, the available upgrades for existing clusters are populated asynchronously. However, an actual upgrade attempt is always validated against the current system state and the service will accept valid upgrade paths even if they are not yet populated here. |
false |
|
backupId |
string |
BackupId is set only for clusters with enabled automatic backups. This is a unique ID that can be used to locate backup files in storage. For PostgreSQL, it is the stanzaName of the database cluster. For MySQL, it is the UID of the MySQL cluster object in the workload cluster. |
false |
[]object |
Conditions contain the list of observed conditions of the cluster. The following statuses can occur.
|
false |
|
object |
Connection describes the details which can be used to connect to the database represented by CR. |
false |
|
lastSuccessfulBackup |
string |
LastSuccessfulBackup indicates the time when the last successful backup completed. The time may refer to an incremental or full backup depending on which completed most recently.
|
false |
lastUpdate |
string |
LastUpdate gives the timestamp of when the desired state was last applied.
|
false |
[]object |
Nodes represents the underlying infrastructure of a database cluster. |
false |
|
tlsSecretResourceVersion |
string |
TLSSecretResourceVersion is set only for clusters with custom certificates. It represents the resource version of the Secret that was last applied for the DB cluster. |
false |
object |
UpgradeStatus represents that status of version upgrade |
false |
MySQLCluster.status.availableUpgrades[index]
Name | Type | Description | Required |
---|---|---|---|
impact |
enum |
Impact indicates whether Virtual Machines backing the workload cluster’s kubernetes nodes will be replaced during the upgrade. When the impact is "RollingUpgrade" the upgrade is performed by adding a new node backed by a new Virtual Machine to the workload cluster, and one of the existing nodes is disabled, drained, and subsequently deleted. The process is repeated until all nodes are replaced. When the impact is "InPlace" the upgrade is performed by replacing the PODs running in the workload cluster, but without replacing the kubernetes nodes.
|
true |
version |
string |
Version indicates the target version of the upgrade path. The version is displayed in qualified canonical format i.e. engine version, followed by the string "+vmware.", followed by the release version. |
true |
autoUpgradeTarget |
boolean |
AutoUpgradeTarget indicates whether the cluster is eligible to be automatically upgraded to the specified version. Automatic upgrades are performed within the configured maintenance period.
|
false |
MySQLCluster.status.conditions[index]
Condition contains details for one aspect of the current state of this API Resource.
Name | Type | Description | Required |
---|---|---|---|
lastTransitionTime |
string |
lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
|
true |
message |
string |
message is a human readable message indicating details about the transition. This may be an empty string. |
true |
reason |
string |
reason contains a programmatic identifier indicating the reason for the condition’s last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. |
true |
status |
enum |
status of the condition, one of True, False, Unknown.
|
true |
type |
string |
type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) |
true |
observedGeneration |
integer |
observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
|
false |
MySQLCluster.status.connection
Connection describes the details which can be used to connect to the database represented by CR.
Name | Type | Description | Required |
---|---|---|---|
dbname |
string |
Name of the Database |
true |
host |
string |
Host describes the IP address of the database cluster’s current primary node. |
true |
port |
integer |
Port describes the port on which the database cluster is listening. |
true |
cname |
string |
Cname is currently unused. |
false |
object |
Password for the admin account Referred secret contains the CA used for verifying a secure database connection. Found under the key "ca.crt". To be used by clients when connecting to a database so they can verify trust. |
false |
|
username |
string |
Username for the admin account |
false |
MySQLCluster.status.connection.passwordRef
Password for the admin account
Referred secret contains the CA used for verifying a secure database connection. Found under the key "ca.crt". To be used by clients when connecting to a database so they can verify trust.
Name | Type | Description | Required |
---|---|---|---|
fieldPath |
string |
data.<key> for secrets. Optional. For most references there is a canonical key |
false |
name |
string |
The name of the secret |
false |
value |
string |
If an inline value is provided, the secret reference is skipped |
false |
MySQLCluster.status.nodes[index]
Node represents the underlying infrastructure of a database cluster
Name | Type | Description | Required |
---|---|---|---|
datacenter |
string |
Datacenter is the name or inventory path of the datacenter in which the virtual machine is created/located. |
false |
datastore |
string |
Datastore is the name or inventory path of the datastore in which the virtual machine is created/located. |
false |
folder |
string |
Folder is the name or inventory path of the folder in which the virtual machine is created/located. |
false |
object |
Network is the network configuration for this VM. |
false |
|
resourcePool |
string |
ResourcePool is the name or inventory path of the resource pool in which the virtual machine is created/located. |
false |
server |
string |
Server is the IP address or FQDN of the vSphere server on which the virtual machine is created/located. |
false |
storagePolicyName |
string |
StoragePolicyName of the storage policy to use with this Virtual Machine |
false |
vmMoid |
string |
VmMoid is the VM’s Managed Object Reference on vSphere. |
false |
vmName |
string |
VmName is the name of the virtual machine on vSphere. |
false |
MySQLCluster.status.nodes[index].network
Network is the network configuration for this VM.
Name | Type | Description | Required |
---|---|---|---|
[]object |
Devices is the list of network devices used by the virtual machine. |
false |
MySQLCluster.status.nodes[index].network.devices[index]
NetworkDevice defines the network configuration for a virtual machine’s network device.
Name | Type | Description | Required |
---|---|---|---|
ipPool |
string |
IPPool is the name of the IP Pool that was used to claim an IP address for the VM. |
false |
networkName |
string |
NetworkName is the name of the vSphere network to which the device will be connected. |
false |
MySQLCluster.status.upgradeStatus
UpgradeStatus represents that status of version upgrade
Name | Type | Description | Required |
---|---|---|---|
currentVersion |
string |
The actual current version of the database cluster. This is going to be the same as spec.version, unless an upgrade has been requested. In the latter case, this field will be updated once the upgrade completes. |
false |
running |
boolean |
Set to true to indicate that a database cluster upgrade if currently running. Once the upgrade completes, the field will be reset to empty. |
false |
PostgresCluster
PostgresCluster is the schema for the postgresclusters API. A PostgresCluster represents the desired specification and the observed status of a PostgresCluster instance. A PostgresCluster is backed by one or more nodes containing the postgresql service and supporting services managed as a single object by the Data Services Manager.
Name | Type | Description | Required |
---|---|---|---|
apiVersion |
string |
databases.dataservices.vmware.com.v1alpha1 |
true |
kind |
string |
PostgresCluster |
true |
object |
Refer to the Kubernetes API documentation for the fields of the |
true |
|
object |
PostgresClusterSpec defines the desired state of the PostgresCluster. |
true |
|
object |
PostgresClusterStatus describes the observed status of the PostgresCluster. |
false |
PostgresCluster.spec
PostgresClusterSpec defines the desired state of the PostgresCluster.
Name | Type | Description | Required |
---|---|---|---|
object |
InfrastructurePolicy refers to the infrastructure policy resource used to create this cluster. Required - Must refer to a valid Immutable. |
true |
|
storagePolicyName |
string |
StoragePolicyName declares the name of the storage policy that should be used to create this postgres cluster. It must be part of the InfrastructurePolicy used by this cluster. Required - Must refer to a valid Immutable. |
true |
storageSpace |
string |
StorageSpace declares the disk size allocated to each node hosting the workload. You can express storage as a plain integer or as a fixed-point number using one of these suffixes - E, P, T, G, M, k. You can also use the power-of-two equivalents - Ei, Pi, Ti, Gi, Mi, Ki Range - 20Gi - 10Ti. Required. Mutable - (increase only). |
true |
version |
string |
Version declares the version of the database engine to be used. The list of supported engine versions is available in the VMware Data Services Manager UI. Required. Immutable. |
true |
object |
VMClass refers to the VM class that should be used to create this cluster. It must be part of the InfrastructurePolicy used by this cluster. Required - Must refer to a valid Mutable - (Only increases in resources are allowed). |
true |
|
object |
AdminPasswordRef refers to a v1.Secret containing the password which the privileged user will use to connect to the database. FieldPath field indicates which key in the secret contains the password. Default - Default - password is auto generated. Mutable. It is possible to refer to a new Secret to update the admin password, but it is not required. Updates in the already referenced Secret will also lead to update of the password. |
false |
|
adminUsername |
string |
AdminUserName is the desired name of the privileged user to be used when connecting to the database. AdminUserName should not be one of the following - pg_read_all_data, pg_write_all_data, pg_read_all_settings, pg_read_all_stats, pg_stat_scan_tables, pg_monitor, pg_database_owner, pg_signal_backend, pg_read_server_files, pg_write_server_files, pg_execute_server_program, pg_checkpoint, pg_use_reserved_connections, pg_create_subscription, postgres, template1, template0. Default - pgadmin. Mutable. |
false |
object |
BackupConfig declares the cluster’s backup configuration details. If specified a Optional. Mutable. |
false |
|
object |
BackupLocation, if specified, must point to an existing BackupLocation custom resource in the same namespace as the cluster or in the dsm-system NS. It will be used by the 'BackupConfig', which must be specified whenever BackupLocation is specified. If specified, a Optional. Mutable. |
false |
|
object |
Identifier of the source cluster on which this cluster will be based on. Optional. Immutable. |
false |
|
object |
DatabaseConfig refers to the database config object that will be applied to this cluster. Database Config is used to apply custom params/configs to the database represented by this CR. A Database Config can only be applied to a single cluster at a time and cannot be deleted if it is in use by a cluster. The DatabaseConfig must exist in same namespace as cluster. Optional. Mutable. |
false |
|
databaseName |
string |
DatabaseName is the name of the Database which the privileged user will have permissions on. DatabaseName should not be one of the following - pg_read_all_data, pg_write_all_data, pg_read_all_settings, pg_read_all_stats, pg_stat_scan_tables, pg_monitor, pg_database_owner, pg_signal_backend, pg_read_server_files, pg_write_server_files, pg_execute_server_program, pg_checkpoint, pg_use_reserved_connections, pg_create_subscription, postgres, template1, template0. Default - Same as database cluster name. Mutable. |
false |
description |
string |
Description contains the human-readable description of the cluster. Optional. Mutable. |
false |
object |
DirectoryService refers to the DirectoryService resource with LDAP or Active Directory settings used by this cluster. Optional. Mutable. |
false |
|
dnsNames |
[]string |
One or more DNS names / FQDNs for database access. These DNS names will be included in the SAN field of the TLS certificate if auto-generated by DSM. The first DNS name will also be included in the URL connection string displayed in DSM UI. If a custom TLS certificate is provided, it is important its SAN field to match the DNS names provided here, so clients can ensure a secure connection. Optional. Mutable. When updated, DSM will re-generate the TLS certificate if no custom certificate is provided. |
false |
object |
HbaRef refers to a Secret containing custom The Secret must be in the same namespace as the database cluster. Once created, the HBA Secret cannot be modified. If you need to change the HBA configuration, create a new Secret and update the reference here. The Secret should contain the Only the authentication methods For example, to permit all users whose usernames end with @local to authenticate using their database passwords, you can add: kind: Secret metadata: name: db-cluster-1-custom-pg-hba immutable: true stringData: pg_hba.conf: | host all /^(.*)@local$ all scram-sha-256 Care should be taken to ensure that the custom entries do not interfere with the system-managed entries or lock out users from accessing the cluster. This is because the order in which the HBA entries are defined matters. The first record with a matching connection type, client address, requested database, and user name is used to perform authentication. The final host all pgadmin all scram-sha-256 host all postgres_exporter all scram-sha-256 #<YOUR CUSTOM ENTRIES ARE ADDED HERE> host all all all ldap ... # This entry is added only if directory service is enabled for the cluster host all all all scram-sha-256 |
false |
|
object |
MaintenanceWindow refers to the System maintenance window. Enabled Maintenance Window will allow CVEs, bug fixes and new Lifecycle Management features for the VM, OS, any supporting software to be addressed. Database minor version upgrades can also be performed. Changes applied during this window should only result in minimum downtime when the database is deployed with replication. Optional. Mutable. |
false |
|
object |
PlacementSelector refers to a placement declared in the InfrastructurePolicy. Usually this field should be left empty to allow the system to determine it automatically. A placement should be found in the Optional. Immutable. |
false |
|
replicas |
integer |
Represents the number of nodes that are replicating from the primary node. In event of a primary outage one of the replicas will be promoted to primary. Replicas can be set to 0 or 1. Starting with Data Services Manager 2.1, 3-replica clusters are no longer supported. If you have replicas set to 1, then you will have 1 primary node and 1 replica node. Default - Mutable.
|
false |
object |
TLS refers to the SSL/TLS configuration of the database cluster. Optional. Mutable. |
false |
PostgresCluster.spec.infrastructurePolicy
InfrastructurePolicy refers to the infrastructure policy resource used to create this cluster.
Required - Must refer to a valid InfrastructurePolicy
.
Immutable.
Name | Type | Description | Required |
---|---|---|---|
name |
string |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
false |
PostgresCluster.spec.vmClass
VMClass refers to the VM class that should be used to create this cluster. It must be part of the InfrastructurePolicy used by this cluster.
Required - Must refer to a valid VMClass
.
Mutable - (Only increases in resources are allowed).
Name | Type | Description | Required |
---|---|---|---|
name |
string |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
false |
PostgresCluster.spec.adminPasswordRef
AdminPasswordRef refers to a v1.Secret containing the password which the privileged user will use to connect to the database. FieldPath field indicates which key in the secret contains the password. Default - password
. Providing inline value with Value field is not supported. The owner of the Secret must be the same as the owner of the DB cluster. When the owner of the DB cluster is changed the owner of the Secret is automatically changed to the new owner.
Default - password is auto generated.
Mutable. It is possible to refer to a new Secret to update the admin password, but it is not required. Updates in the already referenced Secret will also lead to update of the password.
Name | Type | Description | Required |
---|---|---|---|
fieldPath |
string |
data.<key> for secrets. Optional. For most references there is a canonical key |
false |
name |
string |
The name of the secret |
false |
value |
string |
If an inline value is provided, the secret reference is skipped |
false |
PostgresCluster.spec.backupConfig
BackupConfig declares the cluster’s backup configuration details.
If specified a BackupLocation
must also be specified.
Optional.
Mutable.
Name | Type | Description | Required |
---|---|---|---|
backupRetentionDays |
integer |
BackupRetentionDays describes the number of days to store backups Must be Required. Mutable.
|
false |
[]object |
Schedules user defined schedules of when the system will perform backups. Required. Mutable. |
false |
PostgresCluster.spec.backupConfig.schedules[index]
Name | Type | Description | Required |
---|---|---|---|
name |
string |
Name of the schedule. Required. Immutable. |
true |
schedule |
string |
The schedule in the form of a cron schedule. Required. Mutable. |
true |
type |
string |
Type of schedule. Can be Required. Immutable. |
true |
PostgresCluster.spec.backupLocation
BackupLocation, if specified, must point to an existing BackupLocation custom resource in the same namespace as the cluster or in the dsm-system NS. It will be used by the 'BackupConfig', which must be specified whenever BackupLocation is specified.
If specified, a backupConfig
must also be specified.
Optional.
Mutable.
Name | Type | Description | Required |
---|---|---|---|
name |
string |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
false |
PostgresCluster.spec.basedOn
Identifier of the source cluster on which this cluster will be based on.
Optional.
Immutable.
Name | Type | Description | Required |
---|---|---|---|
object |
Cluster contains the name of the source cluster and timestamp to use as the clone point. Optional. Immutable. |
true |
PostgresCluster.spec.basedOn.cluster
Cluster contains the name of the source cluster and timestamp to use as the clone point.
Optional.
Immutable.
Name | Type | Description | Required |
---|---|---|---|
name |
string |
Name is the name of the source cluster from which to restore. Required. Immutable. |
true |
timestamp |
string |
Timestamp is the point in time to restore from. The restore will happen to the last available recovery time before the given time. If timestamp is not provided restore will be initiated to the latest available recovery time. Optional. Immutable.
|
false |
PostgresCluster.spec.databaseConfig
DatabaseConfig refers to the database config object that will be applied to this cluster.
Database Config is used to apply custom params/configs to the database represented by this CR.
A Database Config can only be applied to a single cluster at a time and cannot be deleted if it is in use by a cluster.
The DatabaseConfig must exist in same namespace as cluster.
Optional.
Mutable.
Name | Type | Description | Required |
---|---|---|---|
name |
string |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
false |
PostgresCluster.spec.directoryService
DirectoryService refers to the DirectoryService resource with LDAP or Active Directory settings used by this cluster.
Optional.
Mutable.
Name | Type | Description | Required |
---|---|---|---|
apiVersion |
string |
API version of the referent. |
false |
fieldPath |
string |
If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. |
false |
kind |
string |
Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
false |
name |
string |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
false |
namespace |
string |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
false |
resourceVersion |
string |
Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency |
false |
uid |
string |
UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids |
false |
PostgresCluster.spec.hbaRef
HbaRef refers to a Secret containing custom pg_hba.conf
entries for user authentication. See https://www.postgresql.org/docs/current/auth-pg-hba-conf.html
The Secret must be in the same namespace as the database cluster. Once created, the HBA Secret cannot be modified. If you need to change the HBA configuration, create a new Secret and update the reference here.
The Secret should contain the pg_hba.conf
entries under a specific key pg_hba.conf
. These entries will be inserted into the pg_hba.conf
file with a priority lower than system users
Only the authentication methods scram-sha-256
is allowed in the custom entries.
For example, to permit all users whose usernames end with @local to authenticate using their database passwords, you can add:
kind: Secret metadata: name: db-cluster-1-custom-pg-hba immutable: true stringData: pg_hba.conf: \| host all /^(.*)@local$ all scram-sha-256
Care should be taken to ensure that the custom entries do not interfere with the system-managed entries or lock out users from accessing the cluster. This is because the order in which the HBA entries are defined matters. The first record with a matching connection type, client address, requested database, and user name is used to perform authentication. The final pg_hba.conf
will functionally look like:
host all pgadmin all scram-sha-256 host all postgres_exporter all scram-sha-256 #<YOUR CUSTOM ENTRIES ARE ADDED HERE> host all all all ldap ... # This entry is added only if directory service is enabled for the cluster host all all all scram-sha-256
Name | Type | Description | Required |
---|---|---|---|
name |
string |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
false |
PostgresCluster.spec.maintenanceWindow
MaintenanceWindow refers to the System maintenance window. Enabled Maintenance Window will allow CVEs, bug fixes and new Lifecycle Management features for the VM, OS, any supporting software to be addressed. Database minor version upgrades can also be performed. Changes applied during this window should only result in minimum downtime when the database is deployed with replication.
Optional.
Mutable.
Name | Type | Description | Required |
---|---|---|---|
duration |
string |
Duration describes the duration of the maintenance window. Required. Mutable. |
true |
startDay |
enum |
StartDay describes the day of the week the maintenance window will commence. Can be any of Required. Mutable.
|
true |
startTime |
string |
StartTime describes the time of the day to start the maintenance window. Required. Mutable. |
true |
PostgresCluster.spec.placementSelector
PlacementSelector refers to a placement declared in the InfrastructurePolicy.
Usually this field should be left empty to allow the system to determine it automatically. A placement should be found in the InfrastructurePolicy
with the same datacenter, cluster and resource pool to be considered valid.
Optional.
Immutable.
Name | Type | Description | Required |
---|---|---|---|
cluster |
string |
Cluster is the datacenter’s cluster name to be used when placing the data service workload. Use the full qualified name of the cluster, relative to the datacenter. A cluster "Cluster1" inside a folder "clusters", should be declared as "clusters/Cluster1". Any slash in the name is considered a path delimiter, use the literal '%2f' if need to represent a slash in the cluster name. Required. Mutable. |
true |
datacenter |
string |
Datacenter is the vSphere Datacenter to be used when placing the data service workload. The full qualified path to the datacenter must be provided if the datacenter is placed inside a folder. Any slash in the name is considered a path delimiter, use the literal '%2f' if need to represent a slash in the datacenter name. Required. Mutable. |
true |
resourcePool |
string |
ResourcePool is the Cluster’s resource pool to be used when placing the data service workload. If the resource pool is not provided, the whole cluster is used as the placement. Optional. Mutable. |
false |
PostgresCluster.spec.tls
TLS refers to the SSL/TLS configuration of the database cluster.
Optional.
Mutable.
Name | Type | Description | Required |
---|---|---|---|
secretName |
string |
The name of a Secret resource present in the same namespace as the database cluster, describing a custom certificate. The expected format of the Secret is the same as the output Secrets created by cert-manager’s Certificate resource. It needs to have keys: tls.crt: PEM signed certificate chain tls.key: PEM private key ca.crt: PEM CA certificate The ca.crt is optional if there is at least one issuer certificate in the certificate chain (tls.crt key). That issuer can either be a self-signed leaf certificate, or an intermediate or root certificate authority. Optional. When omitted, DSM will auto-generate a certificate using its own internal certificate authority. When specified, DSM will override its auto-generated certificate and use the one described in the Secret. Mutable. To update a custom certificate, either refer to a new Secret, or update the already referenced one. If the database cluster will be accessed by IP, the TLS configuration needs to be applied after initial creation, because the IP can be retrieved only then, so it can be encoded in the certificate. |
false |
PostgresCluster.status
PostgresClusterStatus describes the observed status of the PostgresCluster.
Name | Type | Description | Required |
---|---|---|---|
alertLevel |
string |
AlertLevel indicates the level of the most severe alert raised for a database cluster. |
false |
[]object |
AvailableUpgrades lists the valid version upgrades for the database cluster. The information here may be stale: when a Data Services Release is enabled or disabled, the available upgrades for existing clusters are populated asynchronously. However, an actual upgrade attempt is always validated against the current system state and the service will accept valid upgrade paths even if they are not yet populated here. |
false |
|
backupId |
string |
BackupId is set only for clusters with enabled automatic backups. This is a unique ID that can be used to locate backup files in storage. For PostgreSQL, it is the stanzaName of the database cluster. For MySQL, it is the UID of the MySQL cluster object in the workload cluster. |
false |
[]object |
Conditions contain the list of observed conditions of the cluster. The following statuses can occur.
|
false |
|
object |
Connection describes the details which can be used to connect to the database represented by CR. |
false |
|
deletionState |
string |
DeletionState is currently unused. |
false |
lastRestartedAt |
string |
LastRestartedAt is currently unused.
|
false |
lastSuccessfulBackup |
string |
LastSuccessfulBackup indicates the time when the last successful backup completed. The time may refer to an incremental or full backup depending on which completed most recently.
|
false |
lastUpdate |
string |
LastUpdate gives the timestamp of when the desired state was last applied.
|
false |
needsReconcile |
boolean |
NeedsReconcile is currently unused. |
false |
[]object |
Nodes represents the underlying infrastructure of a database cluster. |
false |
|
primary |
boolean |
Primary is currently unused. |
false |
replicationState |
string |
ReplicationState is currently unused. |
false |
object |
Scheduling is currently unused. |
false |
|
tlsSecretResourceVersion |
string |
TLSSecretResourceVersion is set only for clusters with custom certificates. It represents the resource version of the Secret that was last applied for the DB cluster. |
false |
object |
UpgradeStatus represents that status of version upgrade |
false |
PostgresCluster.status.availableUpgrades[index]
Name | Type | Description | Required |
---|---|---|---|
impact |
enum |
Impact indicates whether Virtual Machines backing the workload cluster’s kubernetes nodes will be replaced during the upgrade. When the impact is "RollingUpgrade" the upgrade is performed by adding a new node backed by a new Virtual Machine to the workload cluster, and one of the existing nodes is disabled, drained, and subsequently deleted. The process is repeated until all nodes are replaced. When the impact is "InPlace" the upgrade is performed by replacing the PODs running in the workload cluster, but without replacing the kubernetes nodes.
|
true |
version |
string |
Version indicates the target version of the upgrade path. The version is displayed in qualified canonical format i.e. engine version, followed by the string "+vmware.", followed by the release version. |
true |
autoUpgradeTarget |
boolean |
AutoUpgradeTarget indicates whether the cluster is eligible to be automatically upgraded to the specified version. Automatic upgrades are performed within the configured maintenance period.
|
false |
PostgresCluster.status.conditions[index]
Condition contains details for one aspect of the current state of this API Resource.
Name | Type | Description | Required |
---|---|---|---|
lastTransitionTime |
string |
lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
|
true |
message |
string |
message is a human readable message indicating details about the transition. This may be an empty string. |
true |
reason |
string |
reason contains a programmatic identifier indicating the reason for the condition’s last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. |
true |
status |
enum |
status of the condition, one of True, False, Unknown.
|
true |
type |
string |
type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) |
true |
observedGeneration |
integer |
observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
|
false |
PostgresCluster.status.connection
Connection describes the details which can be used to connect to the database represented by CR.
Name | Type | Description | Required |
---|---|---|---|
dbname |
string |
Name of the Database |
true |
host |
string |
Host describes the IP address of the database cluster’s current primary node. |
true |
port |
integer |
Port describes the port on which the database cluster is listening. |
true |
cname |
string |
Cname is currently unused. |
false |
object |
Password for the admin account Referred secret contains the CA used for verifying a secure database connection. Found under the key "ca.crt". To be used by clients when connecting to a database so they can verify trust. |
false |
|
username |
string |
Username for the admin account |
false |
PostgresCluster.status.connection.passwordRef
Password for the admin account
Referred secret contains the CA used for verifying a secure database connection. Found under the key "ca.crt". To be used by clients when connecting to a database so they can verify trust.
Name | Type | Description | Required |
---|---|---|---|
fieldPath |
string |
data.<key> for secrets. Optional. For most references there is a canonical key |
false |
name |
string |
The name of the secret |
false |
value |
string |
If an inline value is provided, the secret reference is skipped |
false |
PostgresCluster.status.nodes[index]
Node represents the underlying infrastructure of a database cluster
Name | Type | Description | Required |
---|---|---|---|
datacenter |
string |
Datacenter is the name or inventory path of the datacenter in which the virtual machine is created/located. |
false |
datastore |
string |
Datastore is the name or inventory path of the datastore in which the virtual machine is created/located. |
false |
folder |
string |
Folder is the name or inventory path of the folder in which the virtual machine is created/located. |
false |
object |
Network is the network configuration for this VM. |
false |
|
resourcePool |
string |
ResourcePool is the name or inventory path of the resource pool in which the virtual machine is created/located. |
false |
server |
string |
Server is the IP address or FQDN of the vSphere server on which the virtual machine is created/located. |
false |
storagePolicyName |
string |
StoragePolicyName of the storage policy to use with this Virtual Machine |
false |
vmMoid |
string |
VmMoid is the VM’s Managed Object Reference on vSphere. |
false |
vmName |
string |
VmName is the name of the virtual machine on vSphere. |
false |
PostgresCluster.status.nodes[index].network
Network is the network configuration for this VM.
Name | Type | Description | Required |
---|---|---|---|
[]object |
Devices is the list of network devices used by the virtual machine. |
false |
PostgresCluster.status.nodes[index].network.devices[index]
NetworkDevice defines the network configuration for a virtual machine’s network device.
Name | Type | Description | Required |
---|---|---|---|
ipPool |
string |
IPPool is the name of the IP Pool that was used to claim an IP address for the VM. |
false |
networkName |
string |
NetworkName is the name of the vSphere network to which the device will be connected. |
false |
PostgresCluster.status.scheduling
Scheduling is currently unused.
Name | Type | Description | Required |
---|---|---|---|
region |
string |
Not supported |
false |
PostgresCluster.status.upgradeStatus
UpgradeStatus represents that status of version upgrade
Name | Type | Description | Required |
---|---|---|---|
currentVersion |
string |
The actual current version of the database cluster. This is going to be the same as spec.version, unless an upgrade has been requested. In the latter case, this field will be updated once the upgrade completes. |
false |
running |
boolean |
Set to true to indicate that a database cluster upgrade if currently running. Once the upgrade completes, the field will be reset to empty. |
false |
infrastructure.dataservices.vmware.com/v1alpha1
Resource Types:
DirectoryService
DirectoryService provides a flexible way to integrate with directory services like Microsoft AD (Active Directory) and LDAP (Lightweight Directory Access Protocol). It facilitates authentication against DSM managed database clusters and DSM Appliance, offering a centralized authentication strategy.
In order to enable DSM Appliance LDAP Authentication a well-known DirectoryService named "ldap-default" in dsm-system namespace needs to be created. This ldap-default DirectoryService can also be adopted by any DSM-managed database cluster.
Name | Type | Description | Required |
---|---|---|---|
apiVersion |
string |
infrastructure.dataservices.vmware.com.v1alpha1 |
true |
kind |
string |
DirectoryService |
true |
object |
Refer to the Kubernetes API documentation for the fields of the |
true |
|
object |
DirectoryServiceSpec defines the desired state of DirectoryService |
false |
|
object |
DirectoryServiceStatus describes the observed status of the DirectoryService |
false |
DirectoryService.spec
DirectoryServiceSpec defines the desired state of DirectoryService
Name | Type | Description | Required |
---|---|---|---|
baseDnUsers |
string |
Base Distinguished Name for users. Enter the DN from which to start user searches. For example, cn=Users,dc=myCorp,dc=com. If not set Search will start from root DN Mutable. |
false |
object |
Secret reference for the bind user credentials (user and password) of type 'kubernetes.io/basic-auth' The user should have at least read access to the base DN for users ID of a user in the domain who has read-only access to Base DN for users . The ID should be in the format: * determined by userSearchAttribute, default is using UPN ([email protected]). * DN (cn=user,cn=Users,dc=domain,dc=com) Mutable. |
false |
|
domain |
string |
The fully qualified domain name (FQDN) of the domain. For example, companydomain.company.com. Mutable. |
false |
primaryServerUrl |
string |
Primary domain controller LDAP server for the domain. You can use either the host name or the IP address. Use the format ldaps://hostname_or_IPAddress:port. The port is typically 636 for LDAPS connections with OpenLDAP. For Active Directory multi-domain controller deployments, the port is typically 3269 for LDAPS. Mutable.
|
false |
secondaryServerUrls |
[]string |
List of URLs for secondary LDAP/AD servers used as a fallback. The application of these URLs is client-specific and some or all them may not be used PostgresSQL supports specifying multiple secondary servers. MySQL supports specifying only single secondary server. DSM Appliance supports specifying only primary and will ignore any secondary servers set. Mutable. |
false |
object |
TrustBundle is a reference to a Configmap containing a set of certificates to be trusted when validating the Servers connection. If the provided servers are configured with: - certificate signed by DSM trusted CA, TrustBundle must point to the predefined ConfigMap called Mutable. |
false |
|
type |
enum |
Type specifies the directory type, either OpenLDAP or Active Directory. Mutable.
|
false |
userSearchAttribute |
string |
The user search attribute to use when doing search+bind authentication. The default is set to userPrincipalName which in most Active Directory setups correspond to user’s corporate email. So people would log in with '[email protected]' as username. Other common options are "uid", "sAMAccountName" which correspond to user id only: "user" Mutable
|
false |
DirectoryService.spec.bindCredentials
Secret reference for the bind user credentials (user and password) of type 'kubernetes.io/basic-auth'
The user should have at least read access to the base DN for users ID of a user in the domain who has read-only access to Base DN for users . The ID should be in the format: * determined by userSearchAttribute, default is using UPN ([email protected]). * DN (cn=user,cn=Users,dc=domain,dc=com)
Mutable.
Name | Type | Description | Required |
---|---|---|---|
name |
string |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
false |
DirectoryService.spec.trustBundle
TrustBundle is a reference to a Configmap containing a set of certificates to be trusted when validating the Servers connection. If the provided servers are configured with: - certificate signed by DSM trusted CA, TrustBundle must point to the predefined ConfigMap called trusted-root-ca
in the dsm-system
namespace. By default, DSM trusts all well-known OS-trusted CAs. If the certificate is signed by a custom CA then as a prerequisite the custom CA certificate must be added to trusted-root-ca
by appending it to the value of key ca-bundle.crt
. - certificate signed by authority that should not be globally trusted by DSM, TrustBundle reference must point to Configmap with key tls.crt
that contains only Issuer certificate(s). If an end-entity (i.e. server) certificate is provided it must be issued by itself, i.e. self-signed.
Mutable.
Name | Type | Description | Required |
---|---|---|---|
apiVersion |
string |
API version of the referent. |
false |
fieldPath |
string |
If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. |
false |
kind |
string |
Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
false |
name |
string |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
false |
namespace |
string |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
false |
resourceVersion |
string |
Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency |
false |
uid |
string |
UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids |
false |
DirectoryService.status
DirectoryServiceStatus describes the observed status of the DirectoryService
Name | Type | Description | Required |
---|---|---|---|
[]object |
Conditions contain the list of observed conditions of the DirectoryService. The following statuses can occur.
|
false |
DirectoryService.status.conditions[index]
Condition contains details for one aspect of the current state of this API Resource.
Name | Type | Description | Required |
---|---|---|---|
lastTransitionTime |
string |
lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
|
true |
message |
string |
message is a human readable message indicating details about the transition. This may be an empty string. |
true |
reason |
string |
reason contains a programmatic identifier indicating the reason for the condition’s last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. |
true |
status |
enum |
status of the condition, one of True, False, Unknown.
|
true |
type |
string |
type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) |
true |
observedGeneration |
integer |
observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
|
false |
InfrastructurePolicy
InfrastructurePolicy defines constraints on which vSphere infrastructure resources to expose for usage by data service workloads
Name | Type | Description | Required |
---|---|---|---|
apiVersion |
string |
infrastructure.dataservices.vmware.com.v1alpha1 |
true |
kind |
string |
InfrastructurePolicy |
true |
object |
Refer to the Kubernetes API documentation for the fields of the |
true |
|
object |
Spec is the desired state of the InfrastructurePolicy |
false |
|
object |
Status reports the observed state of the InfrastructurePolicy |
false |
InfrastructurePolicy.spec
Spec is the desired state of the InfrastructurePolicy
Name | Type | Description | Required |
---|---|---|---|
enabled |
boolean |
Enabled specifies if the InfrastructurePolicy is available for use. Must be Required. Mutable. |
true |
[]object |
IPRanges are the list of IPRange configurations available for use by data service workloads. Once a cluster is using the policy IPRanges can only be added to this list, not removed. Required. Mutable. |
true |
|
[]object |
Placements are the list of Placement configurations available for use by the InfrastructurePolicy. Once a cluster is using the policy Placements can only be added to this list, not removed Required. Mutable. |
true |
|
storagePolicies |
[]string |
StoragePolicies are the list of StoragePolicyReference configurations that can be used to deploy a data service workload. Once a cluster is using the policy StoragePolicies can only be added to this list, not removed. Required. Mutable. |
true |
[]object |
VMClasses are the list of VMClass references available for use by a data service workload. Once a cluster is using the policy VMClasses can only be added to this list, not removed. Required. Mutable. |
true |
|
description |
string |
Human-readable description of the infrastructure policy. Optional. Mutable. |
false |
InfrastructurePolicy.spec.ipRanges[index]
IPRange associates an IP Pool name with the PortGroups that can use the IP Pool.
Name | Type | Description | Required |
---|---|---|---|
poolName |
string |
PoolName is the name of the IP Pool to be associated with specified PortGroups. Required. Mutable. |
true |
[]object |
PortGroups is the list of IPRangePortGroups associated with the specified Required. Mutable. |
true |
InfrastructurePolicy.spec.ipRanges[index].portGroups[index]
IPRangePortGroup specifies which datacenters' distributed port groups can be used by the data service workloads.
Name | Type | Description | Required |
---|---|---|---|
datacenter |
string |
Datacenter is the datacenter where the distributed port group is defined |
true |
moid |
string |
MOID is the managed object ID of a distributed port group. This must be used when NSX manages portgroups that have the same name. If the MOID is provided, then Name is ignored. Optional. Mutable. |
false |
name |
string |
Name is the name of a distributed port group Optional. Mutable. |
false |
InfrastructurePolicy.spec.placements[index]
Placement is the set of resources within a single vSphere cluster
Name | Type | Description | Required |
---|---|---|---|
cluster |
string |
Cluster is the datacenter’s cluster name to be used when placing the data service workload. Use the full qualified name of the cluster, relative to the datacenter. A cluster "Cluster1" inside a folder "clusters", should be declared as "clusters/Cluster1". Any slash in the name is considered a path delimiter, use the literal '%2f' if need to represent a slash in the cluster name. Required. Mutable. |
true |
datacenter |
string |
Datacenter is the vSphere Datacenter to be used when placing the data service workload. The full qualified path to the datacenter must be provided if the datacenter is placed inside a folder. Any slash in the name is considered a path delimiter, use the literal '%2f' if need to represent a slash in the datacenter name. Required. Mutable. |
true |
portGroups |
[]string |
PortGroups are the PortGroup names or MOIDs that can be used by the data service workload. Required. Mutable. |
true |
folder |
string |
Folder is the VM and Template Folder name to be used to organize VMs in the vSphere UI. Optional, VMs will be created in the root datacenter folder if not provided. Provide the full qualified path of the folder starting from the Datacenter. Any slash in the name is considered a path delimiter, use the literal '%2f' if need to represent a slash in the folder name. Optional. Mutable. |
false |
resourcePool |
string |
ResourcePool is the Cluster’s resource pool to be used when placing the data service workload. If the resource pool is not provided, the whole cluster is used as the placement. Optional. Mutable. |
false |
InfrastructurePolicy.spec.vmClasses[index]
LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
Name | Type | Description | Required |
---|---|---|---|
name |
string |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
false |
InfrastructurePolicy.status
Status reports the observed state of the InfrastructurePolicy
Name | Type | Description | Required |
---|---|---|---|
alertLevel |
string |
AlertLevel indicates the level of the most severe alert raised for an infrastructure policy. |
false |
[]object |
Conditions contain the list of observed conditions of the InfrastructurePolicy. The following statuses can occur.
|
false |
InfrastructurePolicy.status.conditions[index]
Condition contains details for one aspect of the current state of this API Resource.
Name | Type | Description | Required |
---|---|---|---|
lastTransitionTime |
string |
lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
|
true |
message |
string |
message is a human readable message indicating details about the transition. This may be an empty string. |
true |
reason |
string |
reason contains a programmatic identifier indicating the reason for the condition’s last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. |
true |
status |
enum |
status of the condition, one of True, False, Unknown.
|
true |
type |
string |
type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) |
true |
observedGeneration |
integer |
observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
|
false |
IPPool
IPPool defines the details of an IP Pool that can be used to deploy workload/database clusters
Name | Type | Description | Required |
---|---|---|---|
apiVersion |
string |
infrastructure.dataservices.vmware.com.v1alpha1 |
true |
kind |
string |
IPPool |
true |
object |
Refer to the Kubernetes API documentation for the fields of the |
true |
|
object |
Spec is the desired state of an IPPool |
false |
|
object |
Status reports the observed state of the IPPool |
false |
IPPool.spec
Spec is the desired state of an IPPool
Name | Type | Description | Required |
---|---|---|---|
addresses |
[]string |
Addresses is a list of IP addresses that can be assigned. This set of addresses can be non-contiguous. Please note that if multiple IPPools are created which contain the same IP addresses no cross validation between pools is performed. Only IPs which are not in use can be removed from pools. Example
Required. Mutable. |
true |
gateway |
string |
Gateway is the network gateway to use. Example
Required. Mutable. |
true |
prefix |
integer |
Prefix is the network prefix to use. It refers to the number of leading bits in the IP address. Example
Required. Mutable.
|
true |
IPPool.status
Status reports the observed state of the IPPool
Name | Type | Description | Required |
---|---|---|---|
alertLevel |
string |
AlertLevel indicates the level of the most severe alert raised for an IP Pool. |
false |
[]object |
Conditions contain the list of observed conditions of the IPPool.
using the IP Pool |
false |
|
object |
IpAddresses reports the count of total, free, used and out of range IPs in the pool. |
false |
IPPool.status.conditions[index]
Condition contains details for one aspect of the current state of this API Resource.
Name | Type | Description | Required |
---|---|---|---|
lastTransitionTime |
string |
lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
|
true |
message |
string |
message is a human readable message indicating details about the transition. This may be an empty string. |
true |
reason |
string |
reason contains a programmatic identifier indicating the reason for the condition’s last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. |
true |
status |
enum |
status of the condition, one of True, False, Unknown.
|
true |
type |
string |
type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) |
true |
observedGeneration |
integer |
observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
|
false |
IPPool.status.ipAddresses
IpAddresses reports the count of total, free, used and out of range IPs in the pool.
Name | Type | Description | Required |
---|---|---|---|
free |
integer |
Free is the count of unallocated IPs in the pool. |
true |
outOfRange |
integer |
Out of Range is the count of allocated IPs in the pool that is not contained within spec.Addresses. Legacy field |
true |
total |
integer |
Total is the total number of IPs configured for the pool. |
true |
used |
integer |
Used is the count of allocated IPs in the pool. |
true |
VMClass
VMClass defines VMs which are available to host dataservice workloads
Name | Type | Description | Required |
---|---|---|---|
apiVersion |
string |
infrastructure.dataservices.vmware.com.v1alpha1 |
true |
kind |
string |
VMClass |
true |
object |
Refer to the Kubernetes API documentation for the fields of the |
true |
|
object |
Spec is the desired state of the VMClass |
false |
|
object |
Status reports the observed state of the VMClass |
false |
VMClass.spec
Spec is the desired state of the VMClass
Name | Type | Description | Required |
---|---|---|---|
object |
Requests defines the amount of resources that should be allocated and reserved when this class is consumed |
false |
VMClass.spec.requests
Requests defines the amount of resources that should be allocated and reserved when this class is consumed
Name | Type | Description | Required |
---|---|---|---|
cpu |
string |
CPU defines the amount of vCPU that should be used when this class is consumed. Once a cluster is created this resource will be reserved on the underlying ESXI host. It should be represented as an integer, like |
false |
memory |
string |
Memory defines the amount of memory, in Gib that should be used when this class is consumed. Once a cluster is created this resource will be reserved on the underlying ESXI host. It should be represented as an integer, like |
false |
VMClass.status
Status reports the observed state of the VMClass
Name | Type | Description | Required |
---|---|---|---|
[]object |
Conditions contain the list of observed conditions of the VMClass. |
false |
VMClass.status.conditions[index]
Condition contains details for one aspect of the current state of this API Resource.
Name | Type | Description | Required |
---|---|---|---|
lastTransitionTime |
string |
lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
|
true |
message |
string |
message is a human readable message indicating details about the transition. This may be an empty string. |
true |
reason |
string |
reason contains a programmatic identifier indicating the reason for the condition’s last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. |
true |
status |
enum |
status of the condition, one of True, False, Unknown.
|
true |
type |
string |
type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) |
true |
observedGeneration |
integer |
observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
|
false |
releases.dataservices.vmware.com/v1alpha2
Resource Types:
DataServiceVersion
DataServiceVersion is a single supported version of a data service.
The DataServiceVersion resources are exclusively created by the Data Services Manager in response to the release of a new version, and cannot be modified by users. The DataServiceVersion purpose is to provide semi-structured information about the supported versions to API clients. Administrators should continue to manage releases through the Data Services Manager Administration UI.
Name | Type | Description | Required |
---|---|---|---|
apiVersion |
string |
releases.dataservices.vmware.com.v1alpha2 |
true |
kind |
string |
DataServiceVersion |
true |
object |
Refer to the Kubernetes API documentation for the fields of the |
true |
|
object |
true |
DataServiceVersion.spec
Name | Type | Description | Required |
---|---|---|---|
approval |
enum |
Indicates what operations is this version enabled for. The valid values are:
|
true |
engineVersion |
string |
The engine version corresponding to this DataServiceVersion. |
true |
release |
string |
The Data Services Manager release that this version is part of. |
true |
releaseDate |
string |
The date the version’s corresponding release was assembled. This is not necessarily the date when it was made generally available. |
true |
releaseNotesLink |
string |
Link (URL) to the release notes for the version’s corresponding release. |
true |
serviceType |
string |
The engine type of the data service corresponding to this version. The Data Services Manager supports:
|
true |
version |
string |
The full version string that the users need to use when creating clusters of this version. |
true |
system.dataservices.vmware.com/v1alpha1
Resource Types:
DsmSystemConfig
Name | Type | Description | Required |
---|---|---|---|
apiVersion |
string |
system.dataservices.vmware.com.v1alpha1 |
true |
kind |
string |
DsmSystemConfig |
true |
object |
Refer to the Kubernetes API documentation for the fields of the |
true |
|
object |
DsmSystemConfigSpec defines the desired state of the DsmSystemConfig. Spec holds the Dsm Provider appliance configurations. Only one instance of this Resource exists with the name 'dsm-system-config' |
false |
|
object |
DsmSystemConfigStatus describes the observed status of the DsmSystemConfig. |
false |
DsmSystemConfig.spec
DsmSystemConfigSpec defines the desired state of the DsmSystemConfig. Spec holds the Dsm Provider appliance configurations. Only one instance of this Resource exists with the name 'dsm-system-config'
Name | Type | Description | Required |
---|---|---|---|
dnsServers |
[]string |
DNSServers defines the IP address(es) of the DNS server(s) used by DSM. Example
Mutable |
true |
dsmProviderId |
string |
DSMProviderId defines the unique id of the DSM Provider appliance. Immutable |
true |
gateway |
string |
GATEWAY defines the IPv4 gateway of the DSM Provider appliance. Immutable |
true |
ip |
string |
IP defines the IPv4 address of the DSM Provider appliance. Immutable |
true |
netmask |
string |
NETMASK defines the IPv4 netmask of the DSM Provider appliance. Immutable |
true |
ntpServers |
[]string |
NTPServers defines the NTP server(s) used by DSM. Example
Mutable |
true |
ceipConsent |
boolean |
CEIPConsent defines the user’s consent for data collection from Provider appliance. Mutable |
false |
dnsNames |
[]string |
One or more DNS names / FQDNs of the DSM Provider appliance. These DNS names will be included in the SAN field of the TLS certificate if auto-generated by DSM and in the Provider settings displayed in DSM UI. If a custom TLS certificate is provided, it is important its SAN field to match the DNS names provided here, so clients can ensure a secure connection. Mutable. When updated, DSM will re-generate the TLS certificate if no custom certificate is provided. |
false |
object |
ExternalLogDestination contains details required to setup external log forwarding. Mutable. |
false |
|
object |
TLS refers to the SSL/TLS configuration of the DSM Provider appliance. Mutable. |
false |
|
workloadNetworkCidr |
string |
WorkloadNetworkCIDR defines the CIDR range for the workload clusters network reserved for DSM use. This range must not clash with any other networks used by non-DSM components. This setting is global across all workload clusters created by DSM. The value must be in CIDR notation, e.g. 192.168.0.0/16 Can be set or modified only if there are no existing data services workloads.
|
false |
DsmSystemConfig.spec.externalLogDestination
ExternalLogDestination contains details required to setup external log forwarding.
Mutable.
Name | Type | Description | Required |
---|---|---|---|
enabled |
boolean |
Enabled is a boolean which indicates whether log forwarding is currently active. Mutable.
|
false |
remoteLogDestinationProvider |
string |
RemoteLogDestinationProvider is the remote logging storage provider. Supported values are Required when Enabled is true. Mutable. |
false |
remoteLogUrl |
string |
RemoteLogUrl is a connection string required by logging service. It is usually a combination of line protocol, host, port and uri (protocol)://(host):(port)(uri) Example syslog
Example cfapi Depending on the logging service, the type of information it expects can be different. Required when Enabled is true. Mutable. |
false |
object |
TrustBundle is a reference to a v1.ConfigMap containing a set of certificates to be trusted when validating the log forwarding endpoint TLS connection. If the provided RemoteLogUrl is configured with: - certificate signed by DSM trusted CA, TrustBundle must point to the predefined ConfigMap called Mutable. |
false |
DsmSystemConfig.spec.externalLogDestination.trustBundle
TrustBundle is a reference to a v1.ConfigMap containing a set of certificates to be trusted when validating the log forwarding endpoint TLS connection. If the provided RemoteLogUrl is configured with: - certificate signed by DSM trusted CA, TrustBundle must point to the predefined ConfigMap called trusted-root-ca
in the dsm-system
namespace. By default, DSM trusts all well-known OS-trusted CAs. If the certificate is signed by a custom CA then as a prerequisite the custom CA certificate must be added to trusted-root-ca
by appending it to the value of key ca-bundle.crt
. - certificate signed by authority that should not be globally trusted by DSM, TrustBundle reference must point to Configmap with key tls.crt
that contains only Issuer certificate(s). If an end-entity (i.e. server) certificate is provided it must be issued by itself, i.e. self-signed.
Mutable.
Name | Type | Description | Required |
---|---|---|---|
apiVersion |
string |
API version of the referent. |
false |
fieldPath |
string |
If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. |
false |
kind |
string |
Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
false |
name |
string |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
false |
namespace |
string |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
false |
resourceVersion |
string |
Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency |
false |
uid |
string |
UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids |
false |
DsmSystemConfig.spec.tls
TLS refers to the SSL/TLS configuration of the DSM Provider appliance.
Mutable.
Name | Type | Description | Required |
---|---|---|---|
secretName |
string |
The name of a Secret resource present in the 'dsm-system' namespace, describing a custom certificate. The expected format of the Secret is the same as the output Secrets created by cert-manager’s Certificate resource. It needs to have keys: tls.crt: PEM signed certificate chain tls.key: PEM private key ca.crt: PEM CA certificate The ca.crt is optional if there is at least one issuer certificate in the certificate chain (tls.crt key). That issuer can either be a self-signed leaf certificate, or an intermediate or root certificate authority. Optional. When omitted, DSM will auto-generate a certificate using its own internal certificate authority. When specified, DSM will override its auto-generated certificate and use the one described in the Secret. Mutable. To update a custom certificate, either refer to a new Secret, or update the already referenced one. Updating any certificate causes a restart of the provider, making the DSM UI inaccessible for few seconds. Updating the CA is an intrusive operation which causes a rolling restart of all database clusters. CA updates might cause DB metrics loss for a few minutes. To avoid any impact it is recommended to set the CA before creating any database clusters. |
false |
DsmSystemConfig.status
DsmSystemConfigStatus describes the observed status of the DsmSystemConfig.
Name | Type | Description | Required |
---|---|---|---|
alertLevel |
enum |
|
false |
[]object |
Conditions contain the list of observed conditions of the DsmSystemConfig. The following statuses can occur.
|
false |
|
rootUserExpiryDate |
string |
RootUserExpiryDate indicates the time when the DSM provider appliance root password is expected to expire.
|
false |
tlsSecretResourceVersion |
string |
TLSSecretResourceVersion is set only for DSM provider appliances with custom certificates. It represents the resource version of the Secret that was last applied for the DSM Provider appliance. |
false |
DsmSystemConfig.status.conditions[index]
Condition contains details for one aspect of the current state of this API Resource.
Name | Type | Description | Required |
---|---|---|---|
lastTransitionTime |
string |
lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
|
true |
message |
string |
message is a human readable message indicating details about the transition. This may be an empty string. |
true |
reason |
string |
reason contains a programmatic identifier indicating the reason for the condition’s last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. |
true |
status |
enum |
status of the condition, one of True, False, Unknown.
|
true |
type |
string |
type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) |
true |
observedGeneration |
integer |
observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
|
false |
VCenterBinding
VCenterBinding defines a binding configuration for vCenter.
Name | Type | Description | Required |
---|---|---|---|
apiVersion |
string |
system.dataservices.vmware.com.v1alpha1 |
true |
kind |
string |
VCenterBinding |
true |
object |
Refer to the Kubernetes API documentation for the fields of the |
true |
|
object |
VCenterBindingSpec defines the details, such as the Host, Thumbprint, and VCenterAdminSecret of the target vCenter where DSM workload clusters will be deployed and managed. |
false |
|
object |
VCenterBindingStatus describes the observed status of the VCenterBinding. |
false |
VCenterBinding.spec
VCenterBindingSpec defines the details, such as the Host, Thumbprint, and VCenterAdminSecret of the target vCenter where DSM workload clusters will be deployed and managed.
Name | Type | Description | Required |
---|---|---|---|
host |
string |
Host is the FQDN or IP address of the target vCenter where DSM workload clusters will be deployed. Must be present in the vCenter server’s certificate SAN extension. Required Mutable. |
true |
thumbprint |
string |
Thumbprint represents the SHA-256 Thumbprint of the target vCenter’s server leaf certificate, where the workload clusters are managed. This field is optional and is only necessary for the initial vCenter trust setup. Subsequently, DSM will fetch the root CA bundle from vCenter and use it to establish secure connections to vCenter. Mutable. |
false |
object |
VCenterAdminSecret refers to the v1.Secret containing the administrator credentials for the vCenter where the workload clusters are managed. The data field of this Secret must contain both 'username' and 'password' keys as base64 encoded strings. This secret may be deleted by the client after successful creation of the DSM Service account and registration of the DSM Plugin in vCenter as indicated by this resource status condition Mutable. |
false |
VCenterBinding.spec.vcenterAdminSecret
VCenterAdminSecret refers to the v1.Secret containing the administrator credentials for the vCenter where the workload clusters are managed. The data field of this Secret must contain both 'username' and 'password' keys as base64 encoded strings. This secret may be deleted by the client after successful creation of the DSM Service account and registration of the DSM Plugin in vCenter as indicated by this resource status condition Ready
.
Mutable.
Name | Type | Description | Required |
---|---|---|---|
apiVersion |
string |
API version of the referent. |
false |
fieldPath |
string |
If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. |
false |
kind |
string |
Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
false |
name |
string |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
false |
namespace |
string |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
false |
resourceVersion |
string |
Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency |
false |
uid |
string |
UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids |
false |
VCenterBinding.status
VCenterBindingStatus describes the observed status of the VCenterBinding.
Name | Type | Description | Required |
---|---|---|---|
alertLevel |
string |
AlertLevel indicates the level of the most severe alert raised for a vCenter Binding. |
false |
[]object |
Conditions contain the list of observed conditions of the VCenterBinding. The following statuses can occur.
|
false |
|
lastServiceAccountRotationTime |
string |
LastServiceAccountRotationTime indicates the time when the last service account password was rotated. Mutable.
|
false |
object |
RootCA is a reference to the v1.ConfigMap named 'vcenter-ca' containing the vCenter’s root certificate in the key named 'ca-bundle'. Mutable. |
false |
|
vcenterInstanceUuid |
string |
VcenterInstanceUuid defines the target vCenter instance uuid. Immutable |
false |
VCenterBinding.status.conditions[index]
Condition contains details for one aspect of the current state of this API Resource.
Name | Type | Description | Required |
---|---|---|---|
lastTransitionTime |
string |
lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
|
true |
message |
string |
message is a human readable message indicating details about the transition. This may be an empty string. |
true |
reason |
string |
reason contains a programmatic identifier indicating the reason for the condition’s last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. |
true |
status |
enum |
status of the condition, one of True, False, Unknown.
|
true |
type |
string |
type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) |
true |
observedGeneration |
integer |
observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
|
false |
VCenterBinding.status.rootCa
RootCA is a reference to the v1.ConfigMap named 'vcenter-ca' containing the vCenter’s root certificate in the key named 'ca-bundle'.
Mutable.
Name | Type | Description | Required |
---|---|---|---|
apiVersion |
string |
API version of the referent. |
false |
fieldPath |
string |
If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. |
false |
kind |
string |
Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
false |
name |
string |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
false |
namespace |
string |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
false |
resourceVersion |
string |
Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency |
false |
uid |
string |
UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids |
false |