API Reference

API Reference

databases.dataservices.vmware.com/v1alpha1

Resource Types:

BackupLocation

BackupLocation contains access data for a remote storage location, supporting multiple cloud back-ends and holding all data required to access and perform 2-way authenticatation with the storage provider. All BackupLocation instances that can be used as a target for database cluster backups have the label 'dsm.vmware.com/database-backup-location=true'. In contrast, BackupLocation instances that are reserved for DSM control plane (i.e. Provider) use do not have this label set.

Name Type Description Required

apiVersion

string

databases.dataservices.vmware.com.v1alpha1

true

kind

string

BackupLocation

true

metadata

object

Refer to the Kubernetes API documentation for the fields of the metadata field.

true

spec

object

true

BackupLocation.spec

Name Type Description Required

S3

object

S3 contains S3-specific location details. At this time, S3 is the only supported storage protocol and this field has to be populated

Mutable.

true

credentials

object

Credentials is a reference to a Secret containing credentials to use when connecting to the Endpoint. At this time, S3 is the only supported storage protocol and the credentials required for it have to be populated.

Mutable.

true

endpoint

string

Endpoint is the network endpoint to connect to for accessing the BackupLocation.

Mutable.

true

trustBundle

object

TrustBundle is a reference to a ConfigMap containing a set of certificates to be trusted when validating the Endpoint TLS connection. If the provided Endpoint is configured with: - certificate signed by DSM trusted CA, TrustBundle must point to the predefined ConfigMap called trusted-root-ca in the dsm-system namespace. By default, DSM trusts all well-known OS-trusted CAs. If the certificate is signed by a custom CA then as a prerequisite the custom CA certificate must be added to trusted-root-ca by appending it to the value of key ca-bundle.crt. - certificate signed by authority that should not be globally trusted by DSM, TrustBundle reference must point to Configmap with key tls.crt that contains only Issuer certificate(s). If an end-entity (i.e. server) certificate is provided it must be issued by itself, i.e. self-signed.

Mutable.

true

BackupLocation.spec.S3

S3 contains S3-specific location details. At this time, S3 is the only supported storage protocol and this field has to be populated

Mutable.

Name Type Description Required

bucket

string

Bucket is the S3 bucket. It must exist in the configured S3 service.

Mutable.

true

forcePathStyle

boolean

ForcePathStyle forces the use of path-style addressing for S3 operations. The path-style addressing is deprecated for the official AWS S3, but is required for many in-house S3-like implementations to work. A value of true forces the use of path-style S3 URLs. A value of false uses virtual hosted-style S3 URLs. Path-style URLs look like the following: https://bucket-endpoint.example.com/bucket Virtual hosted-style URLs look like the following: https://bucket.bucket-endpoint.example.com

Mutable.

Default - false.

  • Default: false

false

region

string

Region is the S3 region.

Mutable.

false

BackupLocation.spec.credentials

Credentials is a reference to a Secret containing credentials to use when connecting to the Endpoint. At this time, S3 is the only supported storage protocol and the credentials required for it have to be populated.

Mutable.

Name Type Description Required

apiVersion

string

API version of the referent.

false

fieldPath

string

If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.

false

kind

string

false

name

string

false

namespace

string

false

resourceVersion

string

false

uid

string

false

BackupLocation.spec.trustBundle

TrustBundle is a reference to a ConfigMap containing a set of certificates to be trusted when validating the Endpoint TLS connection. If the provided Endpoint is configured with: - certificate signed by DSM trusted CA, TrustBundle must point to the predefined ConfigMap called trusted-root-ca in the dsm-system namespace. By default, DSM trusts all well-known OS-trusted CAs. If the certificate is signed by a custom CA then as a prerequisite the custom CA certificate must be added to trusted-root-ca by appending it to the value of key ca-bundle.crt. - certificate signed by authority that should not be globally trusted by DSM, TrustBundle reference must point to Configmap with key tls.crt that contains only Issuer certificate(s). If an end-entity (i.e. server) certificate is provided it must be issued by itself, i.e. self-signed.

Mutable.

Name Type Description Required

apiVersion

string

API version of the referent.

false

fieldPath

string

If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.

false

kind

string

false

name

string

false

namespace

string

false

resourceVersion

string

false

uid

string

false

DatabaseConfig

Name Type Description Required

apiVersion

string

databases.dataservices.vmware.com.v1alpha1

true

kind

string

DatabaseConfig

true

metadata

object

Refer to the Kubernetes API documentation for the fields of the metadata field.

true

spec

object

DatabaseConfigSpec defines the desired state of the DatabaseConfig.

false

status

object

DatabaseConfigStatus describes the observed status of the DatabaseConfig.

false

DatabaseConfig.spec

DatabaseConfigSpec defines the desired state of the DatabaseConfig.

Name Type Description Required

params

map[string]string

Params is a map key value pairs which correspond to valid configurable parameters for a database.

For MySQL these go into one of the mysql.cnf files.

For PostgreSQL: * these values go into the postgresql.conf file. * keys must consist of alphanumeric characters, _ or .

false

DatabaseConfig.status

DatabaseConfigStatus describes the observed status of the DatabaseConfig.

Name Type Description Required

conditions

[]object

Conditions contain the list of observed conditions of the DatabaseConfig.

ready Indicates that the DatabaseConfig has been successfully created and is ready for use.

false

DatabaseConfig.status.conditions[index]

Condition contains details for one aspect of the current state of this API Resource.

Name Type Description Required

lastTransitionTime

string

lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.

  • Format: date-time

true

message

string

message is a human readable message indicating details about the transition. This may be an empty string.

true

reason

string

reason contains a programmatic identifier indicating the reason for the condition’s last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.

true

status

enum

status of the condition, one of True, False, Unknown.

  • Enum: True, False, Unknown

true

type

string

type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)

true

observedGeneration

integer

observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.

  • Format: int64

  • Minimum: 0

false

MySQLCluster

MySQLCluster is the schema for the mysqlclusters API. A MySQLCluster represents the desired specification and the observed status of a MySQLCluster instance. A MySQLCluster is backed by one or more nodes containing the mysql service and supporting services managed as a single object by the Data Services Manager.

Name Type Description Required

apiVersion

string

databases.dataservices.vmware.com.v1alpha1

true

kind

string

MySQLCluster

true

metadata

object

Refer to the Kubernetes API documentation for the fields of the metadata field.

true

spec

object

MySQLClusterSpec defines the desired state of the MySQLCluster

true

status

object

MySQLClusterStatus describes the observed status of the MySQLCluster

false

MySQLCluster.spec

MySQLClusterSpec defines the desired state of the MySQLCluster

Name Type Description Required

infrastructurePolicy

object

InfrastructurePolicy refers to the infrastructure policy resource used to create this cluster.

Required - Must refer to a valid InfrastructurePolicy.

Immutable.

true

storagePolicyName

string

StoragePolicyName declares the name of the storage policy that should be used to create this postgres cluster. It must be part of the InfrastructurePolicy used by this cluster.

Required - Must refer to a valid StoragePolicyName.

Immutable.

true

storageSpace

string

StorageSpace declares the disk size allocated to each node hosting the workload. You can express storage as a plain integer or as a fixed-point number using one of these suffixes - E, P, T, G, M, k. You can also use the power-of-two equivalents - Ei, Pi, Ti, Gi, Mi, Ki

Range - 20Gi - 10Ti.

Required.

Mutable - (increase only).

true

version

string

Version declares the version of the database engine to be used.

The list of supported engine versions is available in the VMware Data Services Manager UI.

Required.

Immutable.

true

vmClass

object

VMClass refers to the VM class that should be used to create this cluster. It must be part of the InfrastructurePolicy used by this cluster.

Required - Must refer to a valid VMClass.

Mutable - (Only increases in resources are allowed).

true

backupConfig

object

BackupConfig declares the cluster’s backup configuration details.

If specified a BackupLocation must also be specified.

Optional.

Mutable.

false

backupLocation

object

BackupLocation, if specified, must point to an existing BackupLocation custom resource in the same namespace as the cluster or in the dsm-system NS. It will be used by the 'BackupConfig', which must be specified whenever BackupLocation is specified.

If specified, a backupConfig must also be specified.

Optional.

Mutable.

false

basedOn

object

Identifier of the source cluster on which this cluster will be based on.

Optional.

Immutable.

false

databaseConfig

object

DatabaseConfig refers to the database config object that will be applied to this cluster.

Database Config is used to apply custom params/configs to the database represented by this CR.

A Database Config can only be applied to a single cluster at a time and cannot be deleted if it is in use by a cluster.

The DatabaseConfig must exist in same namespace as cluster.

Optional.

Mutable.

false

description

string

Description contains the human-readable description of the cluster.

Optional.

Mutable.

false

directoryService

object

DirectoryService refers to the DirectoryService resource with LDAP or Active Directory settings used by this cluster.

Optional.

Mutable.

false

dnsNames

[]string

One or more DNS names / FQDNs for database access.

These DNS names will be included in the SAN field of the TLS certificate if auto-generated by DSM. The first DNS name will also be included in the URL connection string displayed in DSM UI.

If a custom TLS certificate is provided, it is important its SAN field to match the DNS names provided here, so clients can ensure a secure connection.

Optional.

Mutable. When updated, DSM will re-generate the TLS certificate if no custom certificate is provided.

false

maintenanceWindow

object

MaintenanceWindow refers to the System maintenance window. Enabled Maintenance Window will allow CVEs, bug fixes and new Lifecycle Management features for the VM, OS, any supporting software to be addressed. Database minor version upgrades can also be performed. Changes applied during this window should only result in minimum downtime when the database is deployed with replication.

Optional.

Mutable.

false

members

integer

The number of members for cluster. Could be 1 or 3

Default - 1

Mutable.

  • Enum: 1, 3

  • Default: 1

false

placementSelector

object

PlacementSelector refers to a placement declared in the InfrastructurePolicy.

Usually this field should be left empty to allow the system to determine it automatically. A placement should be found in the InfrastructurePolicy with the same datacenter, cluster and resource pool to be considered valid.

Optional.

Immutable.

false

tls

object

TLS refers to the SSL/TLS configuration of the database cluster.

Optional.

Mutable.

false

MySQLCluster.spec.infrastructurePolicy

InfrastructurePolicy refers to the infrastructure policy resource used to create this cluster.

Required - Must refer to a valid InfrastructurePolicy.

Immutable.

Name Type Description Required

name

string

false

MySQLCluster.spec.vmClass

VMClass refers to the VM class that should be used to create this cluster. It must be part of the InfrastructurePolicy used by this cluster.

Required - Must refer to a valid VMClass.

Mutable - (Only increases in resources are allowed).

Name Type Description Required

name

string

false

MySQLCluster.spec.backupConfig

BackupConfig declares the cluster’s backup configuration details.

If specified a BackupLocation must also be specified.

Optional.

Mutable.

Name Type Description Required

backupRetentionDays

integer

BackupRetentionDays describes the number of days to store backups Must be 1 or greater.

Required.

Mutable.

  • Format: int64

false

schedules

[]object

Schedules user defined schedules of when the system will perform backups.

Required.

Mutable.

false

MySQLCluster.spec.backupConfig.schedules[index]

Name Type Description Required

name

string

Name of the schedule.

Required.

Immutable.

true

schedule

string

The schedule in the form of a cron schedule.

Required.

Mutable.

true

type

string

Type of schedule. Can be full or incremental.

Required.

Immutable.

true

MySQLCluster.spec.backupLocation

BackupLocation, if specified, must point to an existing BackupLocation custom resource in the same namespace as the cluster or in the dsm-system NS. It will be used by the 'BackupConfig', which must be specified whenever BackupLocation is specified.

If specified, a backupConfig must also be specified.

Optional.

Mutable.

Name Type Description Required

name

string

false

MySQLCluster.spec.basedOn

Identifier of the source cluster on which this cluster will be based on.

Optional.

Immutable.

Name Type Description Required

cluster

object

Cluster contains the name of the source cluster and timestamp to use as the clone point.

Optional.

Immutable.

true

MySQLCluster.spec.basedOn.cluster

Cluster contains the name of the source cluster and timestamp to use as the clone point.

Optional.

Immutable.

Name Type Description Required

name

string

Name is the name of the source cluster from which to restore.

Required.

Immutable.

true

timestamp

string

Timestamp is the point in time to restore from. The restore will happen to the last available recovery time before the given time. If timestamp is not provided restore will be initiated to the latest available recovery time.

Optional.

Immutable.

  • Format: date-time

false

MySQLCluster.spec.databaseConfig

DatabaseConfig refers to the database config object that will be applied to this cluster.

Database Config is used to apply custom params/configs to the database represented by this CR.

A Database Config can only be applied to a single cluster at a time and cannot be deleted if it is in use by a cluster.

The DatabaseConfig must exist in same namespace as cluster.

Optional.

Mutable.

Name Type Description Required

name

string

false

MySQLCluster.spec.directoryService

DirectoryService refers to the DirectoryService resource with LDAP or Active Directory settings used by this cluster.

Optional.

Mutable.

Name Type Description Required

apiVersion

string

API version of the referent.

false

fieldPath

string

If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.

false

kind

string

false

name

string

false

namespace

string

false

resourceVersion

string

false

uid

string

false

MySQLCluster.spec.maintenanceWindow

MaintenanceWindow refers to the System maintenance window. Enabled Maintenance Window will allow CVEs, bug fixes and new Lifecycle Management features for the VM, OS, any supporting software to be addressed. Database minor version upgrades can also be performed. Changes applied during this window should only result in minimum downtime when the database is deployed with replication.

Optional.

Mutable.

Name Type Description Required

duration

string

Duration describes the duration of the maintenance window.

Required.

Mutable.

true

startDay

enum

StartDay describes the day of the week the maintenance window will commence.

Can be any of MONDAY;`TUESDAY`;`WEDNESDAY`;`THURSDAY`;`FRIDAY`;`SATURDAY`;`SUNDAY`

Required.

Mutable.

  • Enum: MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY

true

startTime

string

StartTime describes the time of the day to start the maintenance window.

Required.

Mutable.

true

MySQLCluster.spec.placementSelector

PlacementSelector refers to a placement declared in the InfrastructurePolicy.

Usually this field should be left empty to allow the system to determine it automatically. A placement should be found in the InfrastructurePolicy with the same datacenter, cluster and resource pool to be considered valid.

Optional.

Immutable.

Name Type Description Required

cluster

string

Cluster is the datacenter’s cluster name to be used when placing the data service workload. Use the full qualified name of the cluster, relative to the datacenter. A cluster "Cluster1" inside a folder "clusters", should be declared as "clusters/Cluster1". Any slash in the name is considered a path delimiter, use the literal '%2f' if need to represent a slash in the cluster name.

Required.

Mutable.

true

datacenter

string

Datacenter is the vSphere Datacenter to be used when placing the data service workload. The full qualified path to the datacenter must be provided if the datacenter is placed inside a folder. Any slash in the name is considered a path delimiter, use the literal '%2f' if need to represent a slash in the datacenter name.

Required.

Mutable.

true

resourcePool

string

ResourcePool is the Cluster’s resource pool to be used when placing the data service workload. If the resource pool is not provided, the whole cluster is used as the placement.

Optional.

Mutable.

false

MySQLCluster.spec.tls

TLS refers to the SSL/TLS configuration of the database cluster.

Optional.

Mutable.

Name Type Description Required

secretName

string

The name of a Secret resource present in the same namespace as the database cluster, describing a custom certificate.

The expected format of the Secret is the same as the output Secrets created by cert-manager’s Certificate resource. It needs to have keys: tls.crt: PEM signed certificate chain tls.key: PEM private key ca.crt: PEM CA certificate The ca.crt is optional if there is at least one issuer certificate in the certificate chain (tls.crt key). That issuer can either be a self-signed leaf certificate, or an intermediate or root certificate authority.

Optional. When omitted, DSM will auto-generate a certificate using its own internal certificate authority. When specified, DSM will override its auto-generated certificate and use the one described in the Secret.

Mutable. To update a custom certificate, either refer to a new Secret, or update the already referenced one. If the database cluster will be accessed by IP, the TLS configuration needs to be applied after initial creation, because the IP can be retrieved only then, so it can be encoded in the certificate.

false

MySQLCluster.status

MySQLClusterStatus describes the observed status of the MySQLCluster

Name Type Description Required

alertLevel

string

AlertLevel indicates the level of the most severe alert raised for a database cluster.

false

availableUpgrades

[]object

AvailableUpgrades lists the valid version upgrades for the database cluster. The information here may be stale: when a Data Services Release is enabled or disabled, the available upgrades for existing clusters are populated asynchronously. However, an actual upgrade attempt is always validated against the current system state and the service will accept valid upgrade paths even if they are not yet populated here.

false

backupId

string

BackupId is set only for clusters with enabled automatic backups. This is a unique ID that can be used to locate backup files in storage.

For PostgreSQL, it is the stanzaName of the database cluster.

For MySQL, it is the UID of the MySQL cluster object in the workload cluster.

false

conditions

[]object

Conditions contain the list of observed conditions of the cluster. The following statuses can occur.

Ready indicates if the cluster is fully operational.

MachinesReady indicates if the underlying VMs of the cluster have been created successfully.

DatabaseEngineReady indicates if the database engine is up and ready to accept queries.

Provisioning indicates if the provisioning of all resources necessary for cluster operation has completed.

false

connection

object

Connection describes the details which can be used to connect to the database represented by CR.

false

lastSuccessfulBackup

string

LastSuccessfulBackup indicates the time when the last successful backup completed. The time may refer to an incremental or full backup depending on which completed most recently.

  • Format: date-time

false

lastUpdate

string

LastUpdate gives the timestamp of when the desired state was last applied.

  • Format: date-time

false

nodes

[]object

Nodes represents the underlying infrastructure of a database cluster.

false

tlsSecretResourceVersion

string

TLSSecretResourceVersion is set only for clusters with custom certificates. It represents the resource version of the Secret that was last applied for the DB cluster.

false

upgradeStatus

object

UpgradeStatus represents that status of version upgrade

false

MySQLCluster.status.availableUpgrades[index]

Name Type Description Required

impact

enum

Impact indicates whether Virtual Machines backing the workload cluster’s kubernetes nodes will be replaced during the upgrade.

When the impact is "RollingUpgrade" the upgrade is performed by adding a new node backed by a new Virtual Machine to the workload cluster, and one of the existing nodes is disabled, drained, and subsequently deleted. The process is repeated until all nodes are replaced.

When the impact is "InPlace" the upgrade is performed by replacing the PODs running in the workload cluster, but without replacing the kubernetes nodes.

  • Enum: RollingUpgrade, InPlace

true

version

string

Version indicates the target version of the upgrade path. The version is displayed in qualified canonical format i.e. engine version, followed by the string "+vmware.", followed by the release version.

true

autoUpgradeTarget

boolean

AutoUpgradeTarget indicates whether the cluster is eligible to be automatically upgraded to the specified version. Automatic upgrades are performed within the configured maintenance period.

  • Default: false

false

MySQLCluster.status.conditions[index]

Condition contains details for one aspect of the current state of this API Resource.

Name Type Description Required

lastTransitionTime

string

lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.

  • Format: date-time

true

message

string

message is a human readable message indicating details about the transition. This may be an empty string.

true

reason

string

reason contains a programmatic identifier indicating the reason for the condition’s last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.

true

status

enum

status of the condition, one of True, False, Unknown.

  • Enum: True, False, Unknown

true

type

string

type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)

true

observedGeneration

integer

observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.

  • Format: int64

  • Minimum: 0

false

MySQLCluster.status.connection

Connection describes the details which can be used to connect to the database represented by CR.

Name Type Description Required

dbname

string

Name of the Database

true

host

string

Host describes the IP address of the database cluster’s current primary node.

true

port

integer

Port describes the port on which the database cluster is listening.

true

cname

string

Cname is currently unused.

false

passwordRef

object

Password for the admin account

Referred secret contains the CA used for verifying a secure database connection. Found under the key "ca.crt". To be used by clients when connecting to a database so they can verify trust.

false

username

string

Username for the admin account

false

MySQLCluster.status.connection.passwordRef

Password for the admin account

Referred secret contains the CA used for verifying a secure database connection. Found under the key "ca.crt". To be used by clients when connecting to a database so they can verify trust.

Name Type Description Required

fieldPath

string

data.<key> for secrets. Optional. For most references there is a canonical key

false

name

string

The name of the secret

false

value

string

If an inline value is provided, the secret reference is skipped

false

MySQLCluster.status.nodes[index]

Node represents the underlying infrastructure of a database cluster

Name Type Description Required

datacenter

string

Datacenter is the name or inventory path of the datacenter in which the virtual machine is created/located.

false

datastore

string

Datastore is the name or inventory path of the datastore in which the virtual machine is created/located.

false

folder

string

Folder is the name or inventory path of the folder in which the virtual machine is created/located.

false

network

object

Network is the network configuration for this VM.

false

resourcePool

string

ResourcePool is the name or inventory path of the resource pool in which the virtual machine is created/located.

false

server

string

Server is the IP address or FQDN of the vSphere server on which the virtual machine is created/located.

false

storagePolicyName

string

StoragePolicyName of the storage policy to use with this Virtual Machine

false

vmMoid

string

VmMoid is the VM’s Managed Object Reference on vSphere.

false

vmName

string

VmName is the name of the virtual machine on vSphere.

false

MySQLCluster.status.nodes[index].network

Network is the network configuration for this VM.

Name Type Description Required

devices

[]object

Devices is the list of network devices used by the virtual machine.

false

MySQLCluster.status.nodes[index].network.devices[index]

NetworkDevice defines the network configuration for a virtual machine’s network device.

Name Type Description Required

ipPool

string

IPPool is the name of the IP Pool that was used to claim an IP address for the VM.

false

networkName

string

NetworkName is the name of the vSphere network to which the device will be connected.

false

MySQLCluster.status.upgradeStatus

UpgradeStatus represents that status of version upgrade

Name Type Description Required

currentVersion

string

The actual current version of the database cluster. This is going to be the same as spec.version, unless an upgrade has been requested. In the latter case, this field will be updated once the upgrade completes.

false

running

boolean

Set to true to indicate that a database cluster upgrade if currently running. Once the upgrade completes, the field will be reset to empty.

false

PostgresCluster

PostgresCluster is the schema for the postgresclusters API. A PostgresCluster represents the desired specification and the observed status of a PostgresCluster instance. A PostgresCluster is backed by one or more nodes containing the postgresql service and supporting services managed as a single object by the Data Services Manager.

Name Type Description Required

apiVersion

string

databases.dataservices.vmware.com.v1alpha1

true

kind

string

PostgresCluster

true

metadata

object

Refer to the Kubernetes API documentation for the fields of the metadata field.

true

spec

object

PostgresClusterSpec defines the desired state of the PostgresCluster.

true

status

object

PostgresClusterStatus describes the observed status of the PostgresCluster.

false

PostgresCluster.spec

PostgresClusterSpec defines the desired state of the PostgresCluster.

Name Type Description Required

infrastructurePolicy

object

InfrastructurePolicy refers to the infrastructure policy resource used to create this cluster.

Required - Must refer to a valid InfrastructurePolicy.

Immutable.

true

storagePolicyName

string

StoragePolicyName declares the name of the storage policy that should be used to create this postgres cluster. It must be part of the InfrastructurePolicy used by this cluster.

Required - Must refer to a valid StoragePolicyName.

Immutable.

true

storageSpace

string

StorageSpace declares the disk size allocated to each node hosting the workload. You can express storage as a plain integer or as a fixed-point number using one of these suffixes - E, P, T, G, M, k. You can also use the power-of-two equivalents - Ei, Pi, Ti, Gi, Mi, Ki

Range - 20Gi - 10Ti.

Required.

Mutable - (increase only).

true

version

string

Version declares the version of the database engine to be used.

The list of supported engine versions is available in the VMware Data Services Manager UI.

Required.

Immutable.

true

vmClass

object

VMClass refers to the VM class that should be used to create this cluster. It must be part of the InfrastructurePolicy used by this cluster.

Required - Must refer to a valid VMClass.

Mutable - (Only increases in resources are allowed).

true

adminPasswordRef

object

AdminPasswordRef refers to a v1.Secret containing the password which the privileged user will use to connect to the database. FieldPath field indicates which key in the secret contains the password. Default - password. Providing inline value with Value field is not supported. The owner of the Secret must be the same as the owner of the DB cluster. When the owner of the DB cluster is changed the owner of the Secret is automatically changed to the new owner.

Default - password is auto generated.

Mutable. It is possible to refer to a new Secret to update the admin password, but it is not required. Updates in the already referenced Secret will also lead to update of the password.

false

adminUsername

string

AdminUserName is the desired name of the privileged user to be used when connecting to the database.

AdminUserName should not be one of the following - pg_read_all_data, pg_write_all_data, pg_read_all_settings, pg_read_all_stats, pg_stat_scan_tables, pg_monitor, pg_database_owner, pg_signal_backend, pg_read_server_files, pg_write_server_files, pg_execute_server_program, pg_checkpoint, pg_use_reserved_connections, pg_create_subscription, postgres, template1, template0.

Default - pgadmin.

Mutable.

false

backupConfig

object

BackupConfig declares the cluster’s backup configuration details.

If specified a BackupLocation must also be specified.

Optional.

Mutable.

false

backupLocation

object

BackupLocation, if specified, must point to an existing BackupLocation custom resource in the same namespace as the cluster or in the dsm-system NS. It will be used by the 'BackupConfig', which must be specified whenever BackupLocation is specified.

If specified, a backupConfig must also be specified.

Optional.

Mutable.

false

basedOn

object

Identifier of the source cluster on which this cluster will be based on.

Optional.

Immutable.

false

databaseConfig

object

DatabaseConfig refers to the database config object that will be applied to this cluster.

Database Config is used to apply custom params/configs to the database represented by this CR.

A Database Config can only be applied to a single cluster at a time and cannot be deleted if it is in use by a cluster.

The DatabaseConfig must exist in same namespace as cluster.

Optional.

Mutable.

false

databaseName

string

DatabaseName is the name of the Database which the privileged user will have permissions on.

DatabaseName should not be one of the following - pg_read_all_data, pg_write_all_data, pg_read_all_settings, pg_read_all_stats, pg_stat_scan_tables, pg_monitor, pg_database_owner, pg_signal_backend, pg_read_server_files, pg_write_server_files, pg_execute_server_program, pg_checkpoint, pg_use_reserved_connections, pg_create_subscription, postgres, template1, template0.

Default - Same as database cluster name.

Mutable.

false

description

string

Description contains the human-readable description of the cluster.

Optional.

Mutable.

false

directoryService

object

DirectoryService refers to the DirectoryService resource with LDAP or Active Directory settings used by this cluster.

Optional.

Mutable.

false

dnsNames

[]string

One or more DNS names / FQDNs for database access.

These DNS names will be included in the SAN field of the TLS certificate if auto-generated by DSM. The first DNS name will also be included in the URL connection string displayed in DSM UI.

If a custom TLS certificate is provided, it is important its SAN field to match the DNS names provided here, so clients can ensure a secure connection.

Optional.

Mutable. When updated, DSM will re-generate the TLS certificate if no custom certificate is provided.

false

hbaRef

object

HbaRef refers to a Secret containing custom pg_hba.conf entries for user authentication. See https://www.postgresql.org/docs/current/auth-pg-hba-conf.html

The Secret must be in the same namespace as the database cluster. Once created, the HBA Secret cannot be modified. If you need to change the HBA configuration, create a new Secret and update the reference here.

The Secret should contain the pg_hba.conf entries under a specific key pg_hba.conf. These entries will be inserted into the pg_hba.conf file with a priority lower than system users

Only the authentication methods scram-sha-256 is allowed in the custom entries.

For example, to permit all users whose usernames end with @local to authenticate using their database passwords, you can add:

kind: Secret
metadata:
  name: db-cluster-1-custom-pg-hba
immutable: true
stringData:
  pg_hba.conf: |
    host all /^(.*)@local$ all scram-sha-256

Care should be taken to ensure that the custom entries do not interfere with the system-managed entries or lock out users from accessing the cluster. This is because the order in which the HBA entries are defined matters. The first record with a matching connection type, client address, requested database, and user name is used to perform authentication. The final pg_hba.conf will functionally look like:

host all pgadmin all scram-sha-256
host all postgres_exporter all scram-sha-256
#<YOUR CUSTOM ENTRIES ARE ADDED HERE>
host all all all ldap ...  # This entry is added only if directory service is enabled for the cluster
host all all all scram-sha-256

false

maintenanceWindow

object

MaintenanceWindow refers to the System maintenance window. Enabled Maintenance Window will allow CVEs, bug fixes and new Lifecycle Management features for the VM, OS, any supporting software to be addressed. Database minor version upgrades can also be performed. Changes applied during this window should only result in minimum downtime when the database is deployed with replication.

Optional.

Mutable.

false

placementSelector

object

PlacementSelector refers to a placement declared in the InfrastructurePolicy.

Usually this field should be left empty to allow the system to determine it automatically. A placement should be found in the InfrastructurePolicy with the same datacenter, cluster and resource pool to be considered valid.

Optional.

Immutable.

false

replicas

integer

Represents the number of nodes that are replicating from the primary node. In event of a primary outage one of the replicas will be promoted to primary.

Replicas can be set to 0 or 1. Starting with Data Services Manager 2.1, 3-replica clusters are no longer supported. If you have replicas set to 1, then you will have 1 primary node and 1 replica node.

Default - 0

Mutable.

  • Enum: 0, 1, 3

  • Default: 0

false

tls

object

TLS refers to the SSL/TLS configuration of the database cluster.

Optional.

Mutable.

false

PostgresCluster.spec.infrastructurePolicy

InfrastructurePolicy refers to the infrastructure policy resource used to create this cluster.

Required - Must refer to a valid InfrastructurePolicy.

Immutable.

Name Type Description Required

name

string

false

PostgresCluster.spec.vmClass

VMClass refers to the VM class that should be used to create this cluster. It must be part of the InfrastructurePolicy used by this cluster.

Required - Must refer to a valid VMClass.

Mutable - (Only increases in resources are allowed).

Name Type Description Required

name

string

false

PostgresCluster.spec.adminPasswordRef

AdminPasswordRef refers to a v1.Secret containing the password which the privileged user will use to connect to the database. FieldPath field indicates which key in the secret contains the password. Default - password. Providing inline value with Value field is not supported. The owner of the Secret must be the same as the owner of the DB cluster. When the owner of the DB cluster is changed the owner of the Secret is automatically changed to the new owner.

Default - password is auto generated.

Mutable. It is possible to refer to a new Secret to update the admin password, but it is not required. Updates in the already referenced Secret will also lead to update of the password.

Name Type Description Required

fieldPath

string

data.<key> for secrets. Optional. For most references there is a canonical key

false

name

string

The name of the secret

false

value

string

If an inline value is provided, the secret reference is skipped

false

PostgresCluster.spec.backupConfig

BackupConfig declares the cluster’s backup configuration details.

If specified a BackupLocation must also be specified.

Optional.

Mutable.

Name Type Description Required

backupRetentionDays

integer

BackupRetentionDays describes the number of days to store backups Must be 1 or greater.

Required.

Mutable.

  • Format: int64

false

schedules

[]object

Schedules user defined schedules of when the system will perform backups.

Required.

Mutable.

false

PostgresCluster.spec.backupConfig.schedules[index]

Name Type Description Required

name

string

Name of the schedule.

Required.

Immutable.

true

schedule

string

The schedule in the form of a cron schedule.

Required.

Mutable.

true

type

string

Type of schedule. Can be full or incremental.

Required.

Immutable.

true

PostgresCluster.spec.backupLocation

BackupLocation, if specified, must point to an existing BackupLocation custom resource in the same namespace as the cluster or in the dsm-system NS. It will be used by the 'BackupConfig', which must be specified whenever BackupLocation is specified.

If specified, a backupConfig must also be specified.

Optional.

Mutable.

Name Type Description Required

name

string

false

PostgresCluster.spec.basedOn

Identifier of the source cluster on which this cluster will be based on.

Optional.

Immutable.

Name Type Description Required

cluster

object

Cluster contains the name of the source cluster and timestamp to use as the clone point.

Optional.

Immutable.

true

PostgresCluster.spec.basedOn.cluster

Cluster contains the name of the source cluster and timestamp to use as the clone point.

Optional.

Immutable.

Name Type Description Required

name

string

Name is the name of the source cluster from which to restore.

Required.

Immutable.

true

timestamp

string

Timestamp is the point in time to restore from. The restore will happen to the last available recovery time before the given time. If timestamp is not provided restore will be initiated to the latest available recovery time.

Optional.

Immutable.

  • Format: date-time

false

PostgresCluster.spec.databaseConfig

DatabaseConfig refers to the database config object that will be applied to this cluster.

Database Config is used to apply custom params/configs to the database represented by this CR.

A Database Config can only be applied to a single cluster at a time and cannot be deleted if it is in use by a cluster.

The DatabaseConfig must exist in same namespace as cluster.

Optional.

Mutable.

Name Type Description Required

name

string

false

PostgresCluster.spec.directoryService

DirectoryService refers to the DirectoryService resource with LDAP or Active Directory settings used by this cluster.

Optional.

Mutable.

Name Type Description Required

apiVersion

string

API version of the referent.

false

fieldPath

string

If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.

false

kind

string

false

name

string

false

namespace

string

false

resourceVersion

string

false

uid

string

false

PostgresCluster.spec.hbaRef

HbaRef refers to a Secret containing custom pg_hba.conf entries for user authentication. See https://www.postgresql.org/docs/current/auth-pg-hba-conf.html

The Secret must be in the same namespace as the database cluster. Once created, the HBA Secret cannot be modified. If you need to change the HBA configuration, create a new Secret and update the reference here.

The Secret should contain the pg_hba.conf entries under a specific key pg_hba.conf. These entries will be inserted into the pg_hba.conf file with a priority lower than system users

Only the authentication methods scram-sha-256 is allowed in the custom entries.

For example, to permit all users whose usernames end with @local to authenticate using their database passwords, you can add:

kind: Secret
metadata:
  name: db-cluster-1-custom-pg-hba
immutable: true
stringData:
  pg_hba.conf: \|
    host all /^(.*)@local$ all scram-sha-256

Care should be taken to ensure that the custom entries do not interfere with the system-managed entries or lock out users from accessing the cluster. This is because the order in which the HBA entries are defined matters. The first record with a matching connection type, client address, requested database, and user name is used to perform authentication. The final pg_hba.conf will functionally look like:

host all pgadmin all scram-sha-256
host all postgres_exporter all scram-sha-256
#<YOUR CUSTOM ENTRIES ARE ADDED HERE>
host all all all ldap ...  # This entry is added only if directory service is enabled for the cluster
host all all all scram-sha-256
Name Type Description Required

name

string

false

PostgresCluster.spec.maintenanceWindow

MaintenanceWindow refers to the System maintenance window. Enabled Maintenance Window will allow CVEs, bug fixes and new Lifecycle Management features for the VM, OS, any supporting software to be addressed. Database minor version upgrades can also be performed. Changes applied during this window should only result in minimum downtime when the database is deployed with replication.

Optional.

Mutable.

Name Type Description Required

duration

string

Duration describes the duration of the maintenance window.

Required.

Mutable.

true

startDay

enum

StartDay describes the day of the week the maintenance window will commence.

Can be any of MONDAY;`TUESDAY`;`WEDNESDAY`;`THURSDAY`;`FRIDAY`;`SATURDAY`;`SUNDAY`

Required.

Mutable.

  • Enum: MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY

true

startTime

string

StartTime describes the time of the day to start the maintenance window.

Required.

Mutable.

true

PostgresCluster.spec.placementSelector

PlacementSelector refers to a placement declared in the InfrastructurePolicy.

Usually this field should be left empty to allow the system to determine it automatically. A placement should be found in the InfrastructurePolicy with the same datacenter, cluster and resource pool to be considered valid.

Optional.

Immutable.

Name Type Description Required

cluster

string

Cluster is the datacenter’s cluster name to be used when placing the data service workload. Use the full qualified name of the cluster, relative to the datacenter. A cluster "Cluster1" inside a folder "clusters", should be declared as "clusters/Cluster1". Any slash in the name is considered a path delimiter, use the literal '%2f' if need to represent a slash in the cluster name.

Required.

Mutable.

true

datacenter

string

Datacenter is the vSphere Datacenter to be used when placing the data service workload. The full qualified path to the datacenter must be provided if the datacenter is placed inside a folder. Any slash in the name is considered a path delimiter, use the literal '%2f' if need to represent a slash in the datacenter name.

Required.

Mutable.

true

resourcePool

string

ResourcePool is the Cluster’s resource pool to be used when placing the data service workload. If the resource pool is not provided, the whole cluster is used as the placement.

Optional.

Mutable.

false

PostgresCluster.spec.tls

TLS refers to the SSL/TLS configuration of the database cluster.

Optional.

Mutable.

Name Type Description Required

secretName

string

The name of a Secret resource present in the same namespace as the database cluster, describing a custom certificate.

The expected format of the Secret is the same as the output Secrets created by cert-manager’s Certificate resource. It needs to have keys: tls.crt: PEM signed certificate chain tls.key: PEM private key ca.crt: PEM CA certificate The ca.crt is optional if there is at least one issuer certificate in the certificate chain (tls.crt key). That issuer can either be a self-signed leaf certificate, or an intermediate or root certificate authority.

Optional. When omitted, DSM will auto-generate a certificate using its own internal certificate authority. When specified, DSM will override its auto-generated certificate and use the one described in the Secret.

Mutable. To update a custom certificate, either refer to a new Secret, or update the already referenced one. If the database cluster will be accessed by IP, the TLS configuration needs to be applied after initial creation, because the IP can be retrieved only then, so it can be encoded in the certificate.

false

PostgresCluster.status

PostgresClusterStatus describes the observed status of the PostgresCluster.

Name Type Description Required

alertLevel

string

AlertLevel indicates the level of the most severe alert raised for a database cluster.

false

availableUpgrades

[]object

AvailableUpgrades lists the valid version upgrades for the database cluster. The information here may be stale: when a Data Services Release is enabled or disabled, the available upgrades for existing clusters are populated asynchronously. However, an actual upgrade attempt is always validated against the current system state and the service will accept valid upgrade paths even if they are not yet populated here.

false

backupId

string

BackupId is set only for clusters with enabled automatic backups. This is a unique ID that can be used to locate backup files in storage.

For PostgreSQL, it is the stanzaName of the database cluster.

For MySQL, it is the UID of the MySQL cluster object in the workload cluster.

false

conditions

[]object

Conditions contain the list of observed conditions of the cluster. The following statuses can occur.

Ready indicates if the cluster is fully operational.

MachinesReady indicates if the underlying VMs of the cluster have been created successfully.

DatabaseEngineReady indicates if the database engine is up and ready to accept queries.

Provisioning indicates if the provisioning of all resources necessary for cluster operation has completed.

false

connection

object

Connection describes the details which can be used to connect to the database represented by CR.

false

deletionState

string

DeletionState is currently unused.

false

lastRestartedAt

string

LastRestartedAt is currently unused.

  • Format: date-time

false

lastSuccessfulBackup

string

LastSuccessfulBackup indicates the time when the last successful backup completed. The time may refer to an incremental or full backup depending on which completed most recently.

  • Format: date-time

false

lastUpdate

string

LastUpdate gives the timestamp of when the desired state was last applied.

  • Format: date-time

false

needsReconcile

boolean

NeedsReconcile is currently unused.

false

nodes

[]object

Nodes represents the underlying infrastructure of a database cluster.

false

primary

boolean

Primary is currently unused.

false

replicationState

string

ReplicationState is currently unused.

false

scheduling

object

Scheduling is currently unused.

false

tlsSecretResourceVersion

string

TLSSecretResourceVersion is set only for clusters with custom certificates. It represents the resource version of the Secret that was last applied for the DB cluster.

false

upgradeStatus

object

UpgradeStatus represents that status of version upgrade

false

PostgresCluster.status.availableUpgrades[index]

Name Type Description Required

impact

enum

Impact indicates whether Virtual Machines backing the workload cluster’s kubernetes nodes will be replaced during the upgrade.

When the impact is "RollingUpgrade" the upgrade is performed by adding a new node backed by a new Virtual Machine to the workload cluster, and one of the existing nodes is disabled, drained, and subsequently deleted. The process is repeated until all nodes are replaced.

When the impact is "InPlace" the upgrade is performed by replacing the PODs running in the workload cluster, but without replacing the kubernetes nodes.

  • Enum: RollingUpgrade, InPlace

true

version

string

Version indicates the target version of the upgrade path. The version is displayed in qualified canonical format i.e. engine version, followed by the string "+vmware.", followed by the release version.

true

autoUpgradeTarget

boolean

AutoUpgradeTarget indicates whether the cluster is eligible to be automatically upgraded to the specified version. Automatic upgrades are performed within the configured maintenance period.

  • Default: false

false

PostgresCluster.status.conditions[index]

Condition contains details for one aspect of the current state of this API Resource.

Name Type Description Required

lastTransitionTime

string

lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.

  • Format: date-time

true

message

string

message is a human readable message indicating details about the transition. This may be an empty string.

true

reason

string

reason contains a programmatic identifier indicating the reason for the condition’s last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.

true

status

enum

status of the condition, one of True, False, Unknown.

  • Enum: True, False, Unknown

true

type

string

type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)

true

observedGeneration

integer

observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.

  • Format: int64

  • Minimum: 0

false

PostgresCluster.status.connection

Connection describes the details which can be used to connect to the database represented by CR.

Name Type Description Required

dbname

string

Name of the Database

true

host

string

Host describes the IP address of the database cluster’s current primary node.

true

port

integer

Port describes the port on which the database cluster is listening.

true

cname

string

Cname is currently unused.

false

passwordRef

object

Password for the admin account

Referred secret contains the CA used for verifying a secure database connection. Found under the key "ca.crt". To be used by clients when connecting to a database so they can verify trust.

false

username

string

Username for the admin account

false

PostgresCluster.status.connection.passwordRef

Password for the admin account

Referred secret contains the CA used for verifying a secure database connection. Found under the key "ca.crt". To be used by clients when connecting to a database so they can verify trust.

Name Type Description Required

fieldPath

string

data.<key> for secrets. Optional. For most references there is a canonical key

false

name

string

The name of the secret

false

value

string

If an inline value is provided, the secret reference is skipped

false

PostgresCluster.status.nodes[index]

Node represents the underlying infrastructure of a database cluster

Name Type Description Required

datacenter

string

Datacenter is the name or inventory path of the datacenter in which the virtual machine is created/located.

false

datastore

string

Datastore is the name or inventory path of the datastore in which the virtual machine is created/located.

false

folder

string

Folder is the name or inventory path of the folder in which the virtual machine is created/located.

false

network

object

Network is the network configuration for this VM.

false

resourcePool

string

ResourcePool is the name or inventory path of the resource pool in which the virtual machine is created/located.

false

server

string

Server is the IP address or FQDN of the vSphere server on which the virtual machine is created/located.

false

storagePolicyName

string

StoragePolicyName of the storage policy to use with this Virtual Machine

false

vmMoid

string

VmMoid is the VM’s Managed Object Reference on vSphere.

false

vmName

string

VmName is the name of the virtual machine on vSphere.

false

PostgresCluster.status.nodes[index].network

Network is the network configuration for this VM.

Name Type Description Required

devices

[]object

Devices is the list of network devices used by the virtual machine.

false

PostgresCluster.status.nodes[index].network.devices[index]

NetworkDevice defines the network configuration for a virtual machine’s network device.

Name Type Description Required

ipPool

string

IPPool is the name of the IP Pool that was used to claim an IP address for the VM.

false

networkName

string

NetworkName is the name of the vSphere network to which the device will be connected.

false

PostgresCluster.status.scheduling

Scheduling is currently unused.

Name Type Description Required

region

string

Not supported

false

PostgresCluster.status.upgradeStatus

UpgradeStatus represents that status of version upgrade

Name Type Description Required

currentVersion

string

The actual current version of the database cluster. This is going to be the same as spec.version, unless an upgrade has been requested. In the latter case, this field will be updated once the upgrade completes.

false

running

boolean

Set to true to indicate that a database cluster upgrade if currently running. Once the upgrade completes, the field will be reset to empty.

false

infrastructure.dataservices.vmware.com/v1alpha1

Resource Types:

DirectoryService

DirectoryService provides a flexible way to integrate with directory services like Microsoft AD (Active Directory) and LDAP (Lightweight Directory Access Protocol). It facilitates authentication against DSM managed database clusters and DSM Appliance, offering a centralized authentication strategy.

In order to enable DSM Appliance LDAP Authentication a well-known DirectoryService named "ldap-default" in dsm-system namespace needs to be created. This ldap-default DirectoryService can also be adopted by any DSM-managed database cluster.

Name Type Description Required

apiVersion

string

infrastructure.dataservices.vmware.com.v1alpha1

true

kind

string

DirectoryService

true

metadata

object

Refer to the Kubernetes API documentation for the fields of the metadata field.

true

spec

object

DirectoryServiceSpec defines the desired state of DirectoryService

false

status

object

DirectoryServiceStatus describes the observed status of the DirectoryService

false

DirectoryService.spec

DirectoryServiceSpec defines the desired state of DirectoryService

Name Type Description Required

baseDnUsers

string

Base Distinguished Name for users. Enter the DN from which to start user searches. For example, cn=Users,dc=myCorp,dc=com.

If not set Search will start from root DN

Mutable.

false

bindCredentials

object

Secret reference for the bind user credentials (user and password) of type 'kubernetes.io/basic-auth'

The user should have at least read access to the base DN for users ID of a user in the domain who has read-only access to Base DN for users . The ID should be in the format: * determined by userSearchAttribute, default is using UPN ([email protected]). * DN (cn=user,cn=Users,dc=domain,dc=com)

Mutable.

false

domain

string

The fully qualified domain name (FQDN) of the domain. For example, companydomain.company.com.

Mutable.

false

primaryServerUrl

string

Primary domain controller LDAP server for the domain. You can use either the host name or the IP address. Use the format ldaps://hostname_or_IPAddress:port. The port is typically 636 for LDAPS connections with OpenLDAP. For Active Directory multi-domain controller deployments, the port is typically 3269 for LDAPS.

Mutable.

  • Format: uri

false

secondaryServerUrls

[]string

List of URLs for secondary LDAP/AD servers used as a fallback. The application of these URLs is client-specific and some or all them may not be used

PostgresSQL supports specifying multiple secondary servers. MySQL supports specifying only single secondary server. DSM Appliance supports specifying only primary and will ignore any secondary servers set.

Mutable.

false

trustBundle

object

TrustBundle is a reference to a Configmap containing a set of certificates to be trusted when validating the Servers connection. If the provided servers are configured with: - certificate signed by DSM trusted CA, TrustBundle must point to the predefined ConfigMap called trusted-root-ca in the dsm-system namespace. By default, DSM trusts all well-known OS-trusted CAs. If the certificate is signed by a custom CA then as a prerequisite the custom CA certificate must be added to trusted-root-ca by appending it to the value of key ca-bundle.crt. - certificate signed by authority that should not be globally trusted by DSM, TrustBundle reference must point to Configmap with key tls.crt that contains only Issuer certificate(s). If an end-entity (i.e. server) certificate is provided it must be issued by itself, i.e. self-signed.

Mutable.

false

type

enum

Type specifies the directory type, either OpenLDAP or Active Directory.

Mutable.

  • Enum: OpenLDAP, ActiveDirectory

  • Default: ActiveDirectory

false

userSearchAttribute

string

The user search attribute to use when doing search+bind authentication.

The default is set to userPrincipalName which in most Active Directory setups correspond to user’s corporate email. So people would log in with '[email protected]' as username.

Other common options are "uid", "sAMAccountName" which correspond to user id only: "user"

Mutable

  • Default: userPrincipalName

false

DirectoryService.spec.bindCredentials

Secret reference for the bind user credentials (user and password) of type 'kubernetes.io/basic-auth'

The user should have at least read access to the base DN for users ID of a user in the domain who has read-only access to Base DN for users . The ID should be in the format: * determined by userSearchAttribute, default is using UPN ([email protected]). * DN (cn=user,cn=Users,dc=domain,dc=com)

Mutable.

Name Type Description Required

name

string

false

DirectoryService.spec.trustBundle

TrustBundle is a reference to a Configmap containing a set of certificates to be trusted when validating the Servers connection. If the provided servers are configured with: - certificate signed by DSM trusted CA, TrustBundle must point to the predefined ConfigMap called trusted-root-ca in the dsm-system namespace. By default, DSM trusts all well-known OS-trusted CAs. If the certificate is signed by a custom CA then as a prerequisite the custom CA certificate must be added to trusted-root-ca by appending it to the value of key ca-bundle.crt. - certificate signed by authority that should not be globally trusted by DSM, TrustBundle reference must point to Configmap with key tls.crt that contains only Issuer certificate(s). If an end-entity (i.e. server) certificate is provided it must be issued by itself, i.e. self-signed.

Mutable.

Name Type Description Required

apiVersion

string

API version of the referent.

false

fieldPath

string

If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.

false

kind

string

false

name

string

false

namespace

string

false

resourceVersion

string

false

uid

string

false

DirectoryService.status

DirectoryServiceStatus describes the observed status of the DirectoryService

Name Type Description Required

conditions

[]object

Conditions contain the list of observed conditions of the DirectoryService.

The following statuses can occur.

  • Ready: Indicates if the DirectoryService is fully operational.

  • Status: "True" when DirectoryService is fully operational; "False" otherwise.

  • Reason includes:

  • "FullyOperational": If the DirectoryService is fully operational

  • "Degraded": Non-critical error detected; operation is degraded.

  • "Down": Critical error detected; the directory is completely down.

  • ServersReady: Reflects the status of the configured DirectoryService servers. It changes based on the operational status of primary and secondary servers and network connectivity.

  • Status: "True" if some servers are operational; "False" if there are errors .

  • "FullyOperational": All servers are currently operational.

  • "ServersDegraded": Non-critical error. For example Primary server is down; the secondary can handle requests.

  • "ServersDown": Directory Service servers are not reachable. For example Network connectivity issues are preventing access to servers.

  • ConfigurationReady: Indicates whether the configuration of the DirectoryService is set correctly.

  • Status: "True" if the configuration is valid; "False" if there are errors .

  • Reason includes:

  • "ConfigurationValid": Configuration is correct and operational.

  • "ConfigurationWarning": Non-critical configuration issues detected. Directory Service is still operational.

  • "ConfigurationError": Critical configuration errors that need immediate attention.

  • CertificateReady: Reflects the status of SSL/TLS certificates passed in TrustBundle for the DirectoryService servers.

  • Status: "True" if certificates are valid; "False" are invalid.

  • Reason includes:

  • "CertificatesValid": SSL/TLS certificates are valid.

  • "CertificateExpiringSoon": Certificate is nearing expiration; renewal needed soon.

  • "CertificateExpired": Certificate has expired. The directory service is down.

  • "CertificateInvalid": SSL/TLS certificate is invalid for some reason (specified in message).

  • BindCredentialsReady: Indicates the status of the bind credentials used for authentication.

  • Status: "True" if credentials are valid; "False" if they are invalid.

  • Reason includes:

  • "BindCredentialsValid": Authentication credentials are valid.

  • "BindCredentialsInvalid": Authentication issues detected with bind credentials.

false

DirectoryService.status.conditions[index]

Condition contains details for one aspect of the current state of this API Resource.

Name Type Description Required

lastTransitionTime

string

lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.

  • Format: date-time

true

message

string

message is a human readable message indicating details about the transition. This may be an empty string.

true

reason

string

reason contains a programmatic identifier indicating the reason for the condition’s last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.

true

status

enum

status of the condition, one of True, False, Unknown.

  • Enum: True, False, Unknown

true

type

string

type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)

true

observedGeneration

integer

observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.

  • Format: int64

  • Minimum: 0

false

InfrastructurePolicy

InfrastructurePolicy defines constraints on which vSphere infrastructure resources to expose for usage by data service workloads

Name Type Description Required

apiVersion

string

infrastructure.dataservices.vmware.com.v1alpha1

true

kind

string

InfrastructurePolicy

true

metadata

object

Refer to the Kubernetes API documentation for the fields of the metadata field.

true

spec

object

Spec is the desired state of the InfrastructurePolicy

false

status

object

Status reports the observed state of the InfrastructurePolicy

false

InfrastructurePolicy.spec

Spec is the desired state of the InfrastructurePolicy

Name Type Description Required

enabled

boolean

Enabled specifies if the InfrastructurePolicy is available for use. Must be true to allow clusters to use this InfrastructurePolicy. If set to false existing clusters can continue to reference it but it will not be an acceptable reference for new clusters.

Required.

Mutable.

true

ipRanges

[]object

IPRanges are the list of IPRange configurations available for use by data service workloads. Once a cluster is using the policy IPRanges can only be added to this list, not removed.

Required.

Mutable.

true

placements

[]object

Placements are the list of Placement configurations available for use by the InfrastructurePolicy. Once a cluster is using the policy Placements can only be added to this list, not removed

Required.

Mutable.

true

storagePolicies

[]string

StoragePolicies are the list of StoragePolicyReference configurations that can be used to deploy a data service workload. Once a cluster is using the policy StoragePolicies can only be added to this list, not removed.

Required.

Mutable.

true

vmClasses

[]object

VMClasses are the list of VMClass references available for use by a data service workload. Once a cluster is using the policy VMClasses can only be added to this list, not removed.

Required.

Mutable.

true

description

string

Human-readable description of the infrastructure policy.

Optional.

Mutable.

false

InfrastructurePolicy.spec.ipRanges[index]

IPRange associates an IP Pool name with the PortGroups that can use the IP Pool.

Name Type Description Required

poolName

string

PoolName is the name of the IP Pool to be associated with specified PortGroups.

Required.

Mutable.

true

portGroups

[]object

PortGroups is the list of IPRangePortGroups associated with the specified PoolName.

Required.

Mutable.

true

InfrastructurePolicy.spec.ipRanges[index].portGroups[index]

IPRangePortGroup specifies which datacenters' distributed port groups can be used by the data service workloads.

Name Type Description Required

datacenter

string

Datacenter is the datacenter where the distributed port group is defined

true

moid

string

MOID is the managed object ID of a distributed port group. This must be used when NSX manages portgroups that have the same name. If the MOID is provided, then Name is ignored.

Optional.

Mutable.

false

name

string

Name is the name of a distributed port group

Optional.

Mutable.

false

InfrastructurePolicy.spec.placements[index]

Placement is the set of resources within a single vSphere cluster

Name Type Description Required

cluster

string

Cluster is the datacenter’s cluster name to be used when placing the data service workload. Use the full qualified name of the cluster, relative to the datacenter. A cluster "Cluster1" inside a folder "clusters", should be declared as "clusters/Cluster1". Any slash in the name is considered a path delimiter, use the literal '%2f' if need to represent a slash in the cluster name.

Required.

Mutable.

true

datacenter

string

Datacenter is the vSphere Datacenter to be used when placing the data service workload. The full qualified path to the datacenter must be provided if the datacenter is placed inside a folder. Any slash in the name is considered a path delimiter, use the literal '%2f' if need to represent a slash in the datacenter name.

Required.

Mutable.

true

portGroups

[]string

PortGroups are the PortGroup names or MOIDs that can be used by the data service workload.

Required.

Mutable.

true

folder

string

Folder is the VM and Template Folder name to be used to organize VMs in the vSphere UI. Optional, VMs will be created in the root datacenter folder if not provided. Provide the full qualified path of the folder starting from the Datacenter. Any slash in the name is considered a path delimiter, use the literal '%2f' if need to represent a slash in the folder name.

Optional.

Mutable.

false

resourcePool

string

ResourcePool is the Cluster’s resource pool to be used when placing the data service workload. If the resource pool is not provided, the whole cluster is used as the placement.

Optional.

Mutable.

false

InfrastructurePolicy.spec.vmClasses[index]

LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.

Name Type Description Required

name

string

false

InfrastructurePolicy.status

Status reports the observed state of the InfrastructurePolicy

Name Type Description Required

alertLevel

string

AlertLevel indicates the level of the most severe alert raised for an infrastructure policy.

false

conditions

[]object

Conditions contain the list of observed conditions of the InfrastructurePolicy.

The following statuses can occur.

Ready indicates that the infrastructure policy is valid and ready to use.

Invalid indicates that the infrastructure policy has an invalid state.

false

InfrastructurePolicy.status.conditions[index]

Condition contains details for one aspect of the current state of this API Resource.

Name Type Description Required

lastTransitionTime

string

lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.

  • Format: date-time

true

message

string

message is a human readable message indicating details about the transition. This may be an empty string.

true

reason

string

reason contains a programmatic identifier indicating the reason for the condition’s last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.

true

status

enum

status of the condition, one of True, False, Unknown.

  • Enum: True, False, Unknown

true

type

string

type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)

true

observedGeneration

integer

observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.

  • Format: int64

  • Minimum: 0

false

IPPool

IPPool defines the details of an IP Pool that can be used to deploy workload/database clusters

Name Type Description Required

apiVersion

string

infrastructure.dataservices.vmware.com.v1alpha1

true

kind

string

IPPool

true

metadata

object

Refer to the Kubernetes API documentation for the fields of the metadata field.

true

spec

object

Spec is the desired state of an IPPool

false

status

object

Status reports the observed state of the IPPool

false

IPPool.spec

Spec is the desired state of an IPPool

Name Type Description Required

addresses

[]string

Addresses is a list of IP addresses that can be assigned. This set of addresses can be non-contiguous. Please note that if multiple IPPools are created which contain the same IP addresses no cross validation between pools is performed. Only IPs which are not in use can be removed from pools.

Example

Addresses -

- 10.0.1.10-10.0.1.100

- 10.0.2.1

- 10.0.2.2

Required.

Mutable.

true

gateway

string

Gateway is the network gateway to use.

Example

10.0.0.1

Required.

Mutable.

true

prefix

integer

Prefix is the network prefix to use. It refers to the number of leading bits in the IP address.

Example

24 means a subnet mask of 255.255.255.0

22 means a subnet mask of 255.255.252.0

Required.

Mutable.

  • Minimum: 1

  • Maximum: 128

true

IPPool.status

Status reports the observed state of the IPPool

Name Type Description Required

alertLevel

string

AlertLevel indicates the level of the most severe alert raised for an IP Pool.

false

conditions

[]object

Conditions contain the list of observed conditions of the IPPool.

InProgress indicates that the ip pool is currently being created.

Ready indicates that the ip pool is ready to be used.

Failed indicates that the ip pool creation has failed, and it cannot be used for providing IP addresses.

Deleting indicates that the ip pool has been requested to be deleted and the operation has not completed yet.

OverProvisioned indicates that more IPs are being used in the IP Pool than are available to perform updates on the databases.

using the IP Pool

false

ipAddresses

object

IpAddresses reports the count of total, free, used and out of range IPs in the pool.

false

IPPool.status.conditions[index]

Condition contains details for one aspect of the current state of this API Resource.

Name Type Description Required

lastTransitionTime

string

lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.

  • Format: date-time

true

message

string

message is a human readable message indicating details about the transition. This may be an empty string.

true

reason

string

reason contains a programmatic identifier indicating the reason for the condition’s last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.

true

status

enum

status of the condition, one of True, False, Unknown.

  • Enum: True, False, Unknown

true

type

string

type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)

true

observedGeneration

integer

observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.

  • Format: int64

  • Minimum: 0

false

IPPool.status.ipAddresses

IpAddresses reports the count of total, free, used and out of range IPs in the pool.

Name Type Description Required

free

integer

Free is the count of unallocated IPs in the pool.

true

outOfRange

integer

Out of Range is the count of allocated IPs in the pool that is not contained within spec.Addresses. Legacy field

true

total

integer

Total is the total number of IPs configured for the pool.

true

used

integer

Used is the count of allocated IPs in the pool.

true

VMClass

VMClass defines VMs which are available to host dataservice workloads

Name Type Description Required

apiVersion

string

infrastructure.dataservices.vmware.com.v1alpha1

true

kind

string

VMClass

true

metadata

object

Refer to the Kubernetes API documentation for the fields of the metadata field.

true

spec

object

Spec is the desired state of the VMClass

false

status

object

Status reports the observed state of the VMClass

false

VMClass.spec

Spec is the desired state of the VMClass

Name Type Description Required

requests

object

Requests defines the amount of resources that should be allocated and reserved when this class is consumed

false

VMClass.spec.requests

Requests defines the amount of resources that should be allocated and reserved when this class is consumed

Name Type Description Required

cpu

string

CPU defines the amount of vCPU that should be used when this class is consumed. Once a cluster is created this resource will be reserved on the underlying ESXI host. It should be represented as an integer, like 2. Kubernetes style resource capacity specifiers are not supported.

false

memory

string

Memory defines the amount of memory, in Gib that should be used when this class is consumed. Once a cluster is created this resource will be reserved on the underlying ESXI host. It should be represented as an integer, like 16. Kubernetes style resource capacity specifiers are not supported.

false

VMClass.status

Status reports the observed state of the VMClass

Name Type Description Required

conditions

[]object

Conditions contain the list of observed conditions of the VMClass.

false

VMClass.status.conditions[index]

Condition contains details for one aspect of the current state of this API Resource.

Name Type Description Required

lastTransitionTime

string

lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.

  • Format: date-time

true

message

string

message is a human readable message indicating details about the transition. This may be an empty string.

true

reason

string

reason contains a programmatic identifier indicating the reason for the condition’s last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.

true

status

enum

status of the condition, one of True, False, Unknown.

  • Enum: True, False, Unknown

true

type

string

type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)

true

observedGeneration

integer

observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.

  • Format: int64

  • Minimum: 0

false

releases.dataservices.vmware.com/v1alpha2

Resource Types:

DataServiceVersion

DataServiceVersion is a single supported version of a data service.

The DataServiceVersion resources are exclusively created by the Data Services Manager in response to the release of a new version, and cannot be modified by users. The DataServiceVersion purpose is to provide semi-structured information about the supported versions to API clients. Administrators should continue to manage releases through the Data Services Manager Administration UI.

Name Type Description Required

apiVersion

string

releases.dataservices.vmware.com.v1alpha2

true

kind

string

DataServiceVersion

true

metadata

object

Refer to the Kubernetes API documentation for the fields of the metadata field.

true

spec

object

true

DataServiceVersion.spec

Name Type Description Required

approval

enum

Indicates what operations is this version enabled for. The valid values are:

  • CreateDisabled : the version cannot be used to create new clusters. All other operations are enabled, including the upgrade of and the restore from existing clusters.

  • Preview : all operations are allowed, but the version is not (yet) recommended by the administrator for general use.

  • Enabled : indicates that the version is enabled for general use. All operations are allowed.

    • Enum: CreateDisabled, Preview, Enabled

true

engineVersion

string

The engine version corresponding to this DataServiceVersion.

true

release

string

The Data Services Manager release that this version is part of.

true

releaseDate

string

The date the version’s corresponding release was assembled. This is not necessarily the date when it was made generally available.

true

releaseNotesLink

string

Link (URL) to the release notes for the version’s corresponding release.

true

serviceType

string

The engine type of the data service corresponding to this version. The Data Services Manager supports:

  • vmware-sql-postgres : managed PostgreSQL database cluster.

  • vmware-sql-mysql : managed MySQL database cluster.

  • vmware-sql-alloydb : technical preview of managed AlloyDB database cluster.

true

version

string

The full version string that the users need to use when creating clusters of this version.

true

system.dataservices.vmware.com/v1alpha1

Resource Types:

DsmSystemConfig

Name Type Description Required

apiVersion

string

system.dataservices.vmware.com.v1alpha1

true

kind

string

DsmSystemConfig

true

metadata

object

Refer to the Kubernetes API documentation for the fields of the metadata field.

true

spec

object

DsmSystemConfigSpec defines the desired state of the DsmSystemConfig. Spec holds the Dsm Provider appliance configurations. Only one instance of this Resource exists with the name 'dsm-system-config'

false

status

object

DsmSystemConfigStatus describes the observed status of the DsmSystemConfig.

false

DsmSystemConfig.spec

DsmSystemConfigSpec defines the desired state of the DsmSystemConfig. Spec holds the Dsm Provider appliance configurations. Only one instance of this Resource exists with the name 'dsm-system-config'

Name Type Description Required

dnsServers

[]string

DNSServers defines the IP address(es) of the DNS server(s) used by DSM. Example

DNSServer -

- 8.8.8.8

- 10.0.2.2

Mutable

true

dsmProviderId

string

DSMProviderId defines the unique id of the DSM Provider appliance.

Immutable

true

gateway

string

GATEWAY defines the IPv4 gateway of the DSM Provider appliance.

Immutable

true

ip

string

IP defines the IPv4 address of the DSM Provider appliance.

Immutable

true

netmask

string

NETMASK defines the IPv4 netmask of the DSM Provider appliance.

Immutable

true

ntpServers

[]string

NTPServers defines the NTP server(s) used by DSM. Example

NTPServer -

- time.google.com

- 10.0.2.2

Mutable

true

ceipConsent

boolean

CEIPConsent defines the user’s consent for data collection from Provider appliance.

Mutable

false

dnsNames

[]string

One or more DNS names / FQDNs of the DSM Provider appliance.

These DNS names will be included in the SAN field of the TLS certificate if auto-generated by DSM and in the Provider settings displayed in DSM UI.

If a custom TLS certificate is provided, it is important its SAN field to match the DNS names provided here, so clients can ensure a secure connection.

Mutable. When updated, DSM will re-generate the TLS certificate if no custom certificate is provided.

false

externalLogDestination

object

ExternalLogDestination contains details required to setup external log forwarding.

Mutable.

false

tls

object

TLS refers to the SSL/TLS configuration of the DSM Provider appliance.

Mutable.

false

workloadNetworkCidr

string

WorkloadNetworkCIDR defines the CIDR range for the workload clusters network reserved for DSM use. This range must not clash with any other networks used by non-DSM components. This setting is global across all workload clusters created by DSM. The value must be in CIDR notation, e.g. 192.168.0.0/16

Can be set or modified only if there are no existing data services workloads.

  • Default: 192.168.0.0/16

false

DsmSystemConfig.spec.externalLogDestination

ExternalLogDestination contains details required to setup external log forwarding.

Mutable.

Name Type Description Required

enabled

boolean

Enabled is a boolean which indicates whether log forwarding is currently active.

Mutable.

  • Default: false

false

remoteLogDestinationProvider

string

RemoteLogDestinationProvider is the remote logging storage provider.

Supported values are syslog server,cfapi. Aria Operations for Logs on Prem uses cfapi as Provider type while syslog is a standard protocol for logging.

Required when Enabled is true.

Mutable.

false

remoteLogUrl

string

RemoteLogUrl is a connection string required by logging service. It is usually a combination of line protocol, host, port and uri (protocol)://(host):(port)(uri) Example syslog

tcp://host:port for syslog with tcp

udp://host:port for syslog with udp

ssl://host:port for syslog with tcp+ssl

Example cfapi

Depending on the logging service, the type of information it expects can be different.

Required when Enabled is true.

Mutable.

false

trustBundle

object

TrustBundle is a reference to a v1.ConfigMap containing a set of certificates to be trusted when validating the log forwarding endpoint TLS connection. If the provided RemoteLogUrl is configured with: - certificate signed by DSM trusted CA, TrustBundle must point to the predefined ConfigMap called trusted-root-ca in the dsm-system namespace. By default, DSM trusts all well-known OS-trusted CAs. If the certificate is signed by a custom CA then as a prerequisite the custom CA certificate must be added to trusted-root-ca by appending it to the value of key ca-bundle.crt. - certificate signed by authority that should not be globally trusted by DSM, TrustBundle reference must point to Configmap with key tls.crt that contains only Issuer certificate(s). If an end-entity (i.e. server) certificate is provided it must be issued by itself, i.e. self-signed.

Mutable.

false

DsmSystemConfig.spec.externalLogDestination.trustBundle

TrustBundle is a reference to a v1.ConfigMap containing a set of certificates to be trusted when validating the log forwarding endpoint TLS connection. If the provided RemoteLogUrl is configured with: - certificate signed by DSM trusted CA, TrustBundle must point to the predefined ConfigMap called trusted-root-ca in the dsm-system namespace. By default, DSM trusts all well-known OS-trusted CAs. If the certificate is signed by a custom CA then as a prerequisite the custom CA certificate must be added to trusted-root-ca by appending it to the value of key ca-bundle.crt. - certificate signed by authority that should not be globally trusted by DSM, TrustBundle reference must point to Configmap with key tls.crt that contains only Issuer certificate(s). If an end-entity (i.e. server) certificate is provided it must be issued by itself, i.e. self-signed.

Mutable.

Name Type Description Required

apiVersion

string

API version of the referent.

false

fieldPath

string

If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.

false

kind

string

false

name

string

false

namespace

string

false

resourceVersion

string

false

uid

string

false

DsmSystemConfig.spec.tls

TLS refers to the SSL/TLS configuration of the DSM Provider appliance.

Mutable.

Name Type Description Required

secretName

string

The name of a Secret resource present in the 'dsm-system' namespace, describing a custom certificate.

The expected format of the Secret is the same as the output Secrets created by cert-manager’s Certificate resource. It needs to have keys: tls.crt: PEM signed certificate chain tls.key: PEM private key ca.crt: PEM CA certificate The ca.crt is optional if there is at least one issuer certificate in the certificate chain (tls.crt key). That issuer can either be a self-signed leaf certificate, or an intermediate or root certificate authority.

Optional. When omitted, DSM will auto-generate a certificate using its own internal certificate authority. When specified, DSM will override its auto-generated certificate and use the one described in the Secret.

Mutable. To update a custom certificate, either refer to a new Secret, or update the already referenced one. Updating any certificate causes a restart of the provider, making the DSM UI inaccessible for few seconds. Updating the CA is an intrusive operation which causes a rolling restart of all database clusters. CA updates might cause DB metrics loss for a few minutes. To avoid any impact it is recommended to set the CA before creating any database clusters.

false

DsmSystemConfig.status

DsmSystemConfigStatus describes the observed status of the DsmSystemConfig.

Name Type Description Required

alertLevel

enum

  • Enum: critical, warning, ok

false

conditions

[]object

Conditions contain the list of observed conditions of the DsmSystemConfig. The following statuses can occur.

  • Ready: Indicates if the DsmSystemConfig is fully operational.

  • Status: "True" when DsmSystemConfig is fully operational; "False" otherwise.

  • Reason includes:

  • "Ready": If the DsmSystemConfig is fully operational

  • "RootUserPasswordExpired": If the DSM provider appliance’s root password is expired. Critical alert is raised.

  • "NTPSyncFailed": If the DSM provider appliance’s system time is not synced with the spec.NTPServer. Critical alert is raised.

  • RootUserReady: Reflects the status of the DSM provider appliance’s root password expiry. It changes based on the number of days to the expiry of root user password.

  • Status: "False" if there are errors .

  • Reason includes:

  • "RootUserPasswordExpireSoon": DSM Provider appliance’s root user password expiry has reached the configured root password expiry threshold (in number of days).

  • "RootUserPasswordExpired": DSM Provider appliance’s root user password has expired.

false

rootUserExpiryDate

string

RootUserExpiryDate indicates the time when the DSM provider appliance root password is expected to expire.

  • Format: date-time

false

tlsSecretResourceVersion

string

TLSSecretResourceVersion is set only for DSM provider appliances with custom certificates. It represents the resource version of the Secret that was last applied for the DSM Provider appliance.

false

DsmSystemConfig.status.conditions[index]

Condition contains details for one aspect of the current state of this API Resource.

Name Type Description Required

lastTransitionTime

string

lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.

  • Format: date-time

true

message

string

message is a human readable message indicating details about the transition. This may be an empty string.

true

reason

string

reason contains a programmatic identifier indicating the reason for the condition’s last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.

true

status

enum

status of the condition, one of True, False, Unknown.

  • Enum: True, False, Unknown

true

type

string

type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)

true

observedGeneration

integer

observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.

  • Format: int64

  • Minimum: 0

false

VCenterBinding

VCenterBinding defines a binding configuration for vCenter.

Name Type Description Required

apiVersion

string

system.dataservices.vmware.com.v1alpha1

true

kind

string

VCenterBinding

true

metadata

object

Refer to the Kubernetes API documentation for the fields of the metadata field.

true

spec

object

VCenterBindingSpec defines the details, such as the Host, Thumbprint, and VCenterAdminSecret of the target vCenter where DSM workload clusters will be deployed and managed.

false

status

object

VCenterBindingStatus describes the observed status of the VCenterBinding.

false

VCenterBinding.spec

VCenterBindingSpec defines the details, such as the Host, Thumbprint, and VCenterAdminSecret of the target vCenter where DSM workload clusters will be deployed and managed.

Name Type Description Required

host

string

Host is the FQDN or IP address of the target vCenter where DSM workload clusters will be deployed. Must be present in the vCenter server’s certificate SAN extension.

Required

Mutable.

true

thumbprint

string

Thumbprint represents the SHA-256 Thumbprint of the target vCenter’s server leaf certificate, where the workload clusters are managed. This field is optional and is only necessary for the initial vCenter trust setup. Subsequently, DSM will fetch the root CA bundle from vCenter and use it to establish secure connections to vCenter.

Mutable.

false

vcenterAdminSecret

object

VCenterAdminSecret refers to the v1.Secret containing the administrator credentials for the vCenter where the workload clusters are managed. The data field of this Secret must contain both 'username' and 'password' keys as base64 encoded strings. This secret may be deleted by the client after successful creation of the DSM Service account and registration of the DSM Plugin in vCenter as indicated by this resource status condition Ready.

Mutable.

false

VCenterBinding.spec.vcenterAdminSecret

VCenterAdminSecret refers to the v1.Secret containing the administrator credentials for the vCenter where the workload clusters are managed. The data field of this Secret must contain both 'username' and 'password' keys as base64 encoded strings. This secret may be deleted by the client after successful creation of the DSM Service account and registration of the DSM Plugin in vCenter as indicated by this resource status condition Ready.

Mutable.

Name Type Description Required

apiVersion

string

API version of the referent.

false

fieldPath

string

If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.

false

kind

string

false

name

string

false

namespace

string

false

resourceVersion

string

false

uid

string

false

VCenterBinding.status

VCenterBindingStatus describes the observed status of the VCenterBinding.

Name Type Description Required

alertLevel

string

AlertLevel indicates the level of the most severe alert raised for a vCenter Binding.

false

conditions

[]object

Conditions contain the list of observed conditions of the VCenterBinding.

The following statuses can occur.

  • Ready: Indicates if the VCenterBinding status.

  • Status: "True" when the Service Account is created and VC Plugin is registered; "False" otherwise.

  • Reason includes:

  • "Ready": If the Service Account is created and VC Plugin is registered.

  • "VcenterUnreachable": vCenter is not reachable from the DSM Provider.

  • "InvalidDNS": vCenter FQDN is not resolvable by the DNS Server in the Provider.

  • "InvalidThumbprint": The given thumbprint is not matching with the VCenter.

  • "VCenterCertificateError": The vCenter certificate might be not found/expired/SAN not matching with the vCenter Host.

  • "AdministratorUserNotFound": vCenter Administrator User credentials are required to create the VCenter Service Account.

  • "InvalidAdministratorCredentials": The given vCenter Administrator user credentials are not valid.

  • "InsufficientPrivileges": The given vCenter Administrator user doesn’t have the required privileges.

  • "RootCANotConfigured": vCenter Root CA is not configured.

  • "ServiceAccountNotCreated": vCenter Service Account not created.

  • "PluginNotRegistered": vCenter Plugin not registered.

  • "ServiceAccountRotationFailed": vCenter Service account rotation failed.

  • "VCenterAuthenticationFailed": vCenter Service account authentication failed.

false

lastServiceAccountRotationTime

string

LastServiceAccountRotationTime indicates the time when the last service account password was rotated.

Mutable.

  • Format: date-time

false

rootCa

object

RootCA is a reference to the v1.ConfigMap named 'vcenter-ca' containing the vCenter’s root certificate in the key named 'ca-bundle'.

Mutable.

false

vcenterInstanceUuid

string

VcenterInstanceUuid defines the target vCenter instance uuid.

Immutable

false

VCenterBinding.status.conditions[index]

Condition contains details for one aspect of the current state of this API Resource.

Name Type Description Required

lastTransitionTime

string

lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.

  • Format: date-time

true

message

string

message is a human readable message indicating details about the transition. This may be an empty string.

true

reason

string

reason contains a programmatic identifier indicating the reason for the condition’s last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.

true

status

enum

status of the condition, one of True, False, Unknown.

  • Enum: True, False, Unknown

true

type

string

type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)

true

observedGeneration

integer

observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.

  • Format: int64

  • Minimum: 0

false

VCenterBinding.status.rootCa

RootCA is a reference to the v1.ConfigMap named 'vcenter-ca' containing the vCenter’s root certificate in the key named 'ca-bundle'.

Mutable.

Name Type Description Required

apiVersion

string

API version of the referent.

false

fieldPath

string

If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.

false

kind

string

false

name

string

false

namespace

string

false

resourceVersion

string

false

uid

string

false