API Reference
API Reference
authorization.dataservices.vmware.com/v1alpha1
Resource Types:
DsmRoleBinding
The DsmRoleBinding schema links DSM role to specific users or LDAP groups, defining the permissions each user or group receives. Multiple DsmRoleBinding resources can exist for the same role, but a specific user or group cannot be included in more than one binding.
| Name | Type | Description | Required |
|---|---|---|---|
apiVersion |
string |
authorization.dataservices.vmware.com.v1alpha1 |
true |
kind |
string |
DsmRoleBinding |
true |
object |
Refer to the Kubernetes API documentation for the fields of the |
true |
|
role |
string |
Assigns a DSM role to the specified subjects. Supported values: DSM_ADMIN, DSM_USER Immutable. |
true |
[]object |
Subjects represent either DSM local users (https://<provider_ip>/provider/users) or LDAP groups to which the role applies. Mutable.
|
true |
DsmRoleBinding.subjects[index]
Subject defines a user or group to be bound to a role
| Name | Type | Description | Required |
|---|---|---|---|
kind |
string |
Kind of the Subject. Supported values: User, Group |
true |
name |
string |
Name of the user or group. This value is stored exactly as provided (case-sensitive), but all comparisons and validations involving this field are case-insensitive. |
true |
databases.dataservices.vmware.com/v1alpha1
Resource Types:
ArchivedMySQLCluster
ArchivedMySQLCluster is the Schema for the ArchivedMySQLCluster API. ArchivedMySQLCluster is created automatically when MySQLCluster with enabled automated backups is deleted. An ArchivedMySQLCluster represents the retained automated backups and binlogs that were taken for that deleted MySQLCluster. It is named after the MySQLCluster and is created in the same namespace. ArchivedMySQLCluster can be used to perform point-in-time recovery for that deleted cluster. ArchivedMySQLCluster is automatically deleted once retention expires. To use a ArchivedMySQLCluster reference its name when creating a new MySQLCluster by passing the .spec.basedOn.cluster.name field. Example:
apiVersion: databases.dataservices.vmware.com/v1alpha1
kind: MySQLCluster
metadata:
name: restored-source-1
namespace: default
spec:
basedOn:
cluster:
name: source-1 # the name of the referenced ArchivedMySQLCluster
| Name | Type | Description | Required |
|---|---|---|---|
apiVersion |
string |
databases.dataservices.vmware.com.v1alpha1 |
true |
kind |
string |
ArchivedMySQLCluster |
true |
object |
Refer to the Kubernetes API documentation for the fields of the |
true |
|
object |
ArchivedMySQLClusterSpec defines the desired state of ArchivedMySQLCluster. |
false |
|
object |
ArchivedMySQLClusterStatus defines the observed state of ArchivedMySQLCluster. |
false |
ArchivedMySQLCluster.spec
ArchivedMySQLClusterSpec defines the desired state of ArchivedMySQLCluster.
| Name | Type | Description | Required |
|---|---|---|---|
expiresAt |
string |
ExpiresAt represent the point in time when backups and binary logs associated with ArchivedMySQLCluster will be expired. DSM will perform the cleanup after this point in time. Required. Mutable.
|
true |
ArchivedMySQLCluster.status
ArchivedMySQLClusterStatus defines the observed state of ArchivedMySQLCluster.
| Name | Type | Description | Required |
|---|---|---|---|
backupId |
string |
BackupId is set only for clusters with enabled automatic backups. This is a unique ID that can be used to locate backup files in storage. For MySQL, it is the UID of the MySQL cluster object in the workload cluster. Required. Immutable. |
true |
databaseName |
string |
The name of the default MySQL database used by any restored clusters from this archive. DSM will use the default database name from MySQLCluster.Status.Connection.DbName of the MySQLCluster associated with this archive. Required. Immutable. |
true |
object |
The last known spec of the cluster that got archived. Required. Immutable. |
true |
|
object |
UpgradeStatus represents version state transitions history for the deleted cluster Required. Immutable. |
true |
|
[]object |
Conditions contain the list of observed conditions of the archived cluster. One of the following statuses can occur.
|
false |
ArchivedMySQLCluster.status.mysqlClusterSpec
The last known spec of the cluster that got archived.
Required.
Immutable.
| Name | Type | Description | Required |
|---|---|---|---|
object |
InfrastructurePolicy refers to the infrastructure policy resource used to create this cluster. Required - Must refer to a valid Immutable. |
true |
|
storagePolicyName |
string |
StoragePolicyName declares the name of the storage policy that should be used to create this postgres cluster. It must be part of the InfrastructurePolicy used by this cluster. Required - Must refer to a valid Immutable. |
true |
storageSpace |
string |
StorageSpace declares the disk size allocated to each node hosting the workload. You can express storage as a plain integer or as a fixed-point number using one of these suffixes - E, P, T, G, M, k. You can also use the power-of-two equivalents - Ei, Pi, Ti, Gi, Mi, Ki Range - 20Gi - 10Ti. Required. Mutable - (increase only). |
true |
version |
string |
Version declares the version of the database engine to be used. To upgrade the database engine change this field. The list of supported engine versions can be found by inspecting the DataServiceVersion resources and in the VMware Data Services Manager UI. Required. Mutable. |
true |
object |
VMClass refers to the VM class that should be used to create this cluster. It must be part of the InfrastructurePolicy used by this cluster. Required - Must refer to a valid Mutable - (Only increases in resources are allowed). |
true |
|
object |
AdminPasswordRef refers to a v1.Secret containing the password which the privileged user will use to connect
to the database. The secret must be in the same namespace as the database cluster.
FieldPath field indicates which key in the secret contains the password. Default - If the cluster is a replica with SyncUsersFromSource=true, this field has no effect until the replica is promoted. Default - password is auto generated. Mutable. It is possible to refer to a new Secret to update the admin password, but it is not required. Updates in the already referenced Secret will also lead to update of the password. |
false |
|
adminUsername |
string |
AdminUserName is the desired name of the privileged user to be used when connecting to the database. AdminUserName should not be one of the following - root, mysql.sys, mysql.session, mysql.infoschema, mysql-backup, mysql-healthcheck, mysql-metrics, telegraf-metrics, mysql-tls-admin, mysql-router, innodb-cluster-admin, mysqlappuser, mysql-pitr. Its length should not be more than 32 characters. If the cluster is a replica with SyncUsersFromSource=true, this field has no effect until the replica is promoted. Default - mysql-admin. Immutable. |
false |
object |
BackupConfig declares the cluster’s backup configuration details. If specified a Optional. Mutable. |
false |
|
object |
BackupLocation, if specified, must point to an existing BackupLocation custom resource in the same namespace as the cluster or in the DSM system namespace. It will be used by the 'BackupConfig', which must be specified whenever BackupLocation is specified. If specified, a Optional. Mutable. |
false |
|
object |
BasedOn identifies the source cluster on which this cluster will be based on. Users cannot base their clusters on clusters owned by other users unless the user has DSM_Admin role. The new cluster will inherit the ownership from its source cluster. It can be changed if necessary after the cluster is created. Field Cluster works both if the cluster is alive and if it is deleted, but we are still retaining its backups. To create a new MySQL cluster based on a live cluster pass the name of the cluster. To create a new MySQL cluster based on an archived cluster with retained backups pass the name of the ArchivedMySQLCluster The only allowed mutation of the BasedOn field is to set it to nil if it was previously set to contain ReplicationSource. See MySQLBasedOnParams.ReplicationSource for details. Optional. Mutable. |
false |
|
object |
DatabaseConfig refers to the database config object that will be applied to this cluster. Database Config is used to apply custom params/configs to the database represented by this CR. A Database Config can only be applied to a single cluster at a time and cannot be deleted if it is in use by a cluster. The DatabaseConfig must exist in same namespace as cluster. Optional. Mutable. |
false |
|
databaseName |
string |
If DatabaseName is set, database with that name will be created (if it doesn’t exist) and MySQLCluster.Status.Connection.DbName and ArchivedMySQLCluster.Status.DatabaseName will be set to that name. If the cluster is restored from another cluster (Spec.BasedOn.Cluster field is used) all databases from the source cluster are restored with preserved names and one additional database is created with name the given DatabaseName. This database is empty and MySQLCluster.Status.Connection.DbName and ArchivedMySQLCluster.Status.DatabaseName refer to it. If DatabaseName is equal to the name of database from the source cluster no additional database is created and MySQLCluster.Status.Connection.DbName and ArchivedMySQLCluster.Status.DatabaseName refer to the specified database with name the given DatabaseName. If DatabaseName is empty no additional database is created and MySQLCluster.Status.Connection.DbName and ArchivedMySQLCluster.Status.DatabaseName refer the same database the status connection info of the source cluster refers to. DatabaseName should not be one of the following - root, mysql.sys, mysql.session, mysql.infoschema, mysql-backup, mysql-healthcheck, mysql-metrics, telegraf-metrics, mysql-tls-admin, mysql-router, innodb-cluster-admin, mysqlappuser, mysql-pitr. Its length should not be more than 64 characters. Default - if the cluster is restored one, the database name in the source cluster’s MySQLCluster.Status.Connection.DbName is used, otherwise DatabaseName is the same as the cluster’s name. Immutable. |
false |
description |
string |
Description contains the human-readable description of the cluster. Optional. Mutable. |
false |
object |
DirectoryService refers to the DirectoryService resource with LDAP settings used by this cluster for authenticating clients. Optional. Mutable. |
false |
|
dnsNames |
[]string |
One or more DNS names / FQDNs for database access. These DNS names will be included in the SAN field of the TLS certificate if auto-generated by DSM. The first DNS name will also be included in the URL connection string displayed in DSM UI. If a custom TLS certificate is provided, it is important its SAN field to match the DNS names provided here, so clients can ensure a secure connection. Optional. Mutable. When updated, DSM will re-generate the TLS certificate if no custom certificate is provided. |
false |
object |
MaintenanceWindow refers to the System maintenance window. Enabled Maintenance Window will allow CVEs, bug fixes and new Lifecycle Management features for the VM, OS, any supporting software to be addressed. Database minor version upgrades can also be performed. Changes applied during this window should only result in minimum downtime when the database is deployed with replication. Optional. Mutable. |
false |
|
members |
integer |
The number of members for cluster. Could be Default - Mutable.
|
false |
object |
PlacementSelector refers to a placement declared in the InfrastructurePolicy. Usually this field should be left empty to allow the system to determine it automatically.
A placement should be found in the Optional. Immutable. |
false |
|
supportAsynchReplicas |
boolean |
SupportAsynchReplicas controls whether the cluster is provisioned with features required for it to be used by replicas as a source. Optional. Mutable.
|
false |
object |
TLS refers to the SSL/TLS configuration of the database cluster. Optional. Mutable. |
false |
|
[]object |
VSphereTags is the list of vSphere tags that the cluster’s deployed virtual machines should have assigned. The tags should exist in vSphere in order to be successfully assigned. Optional. Mutable. |
false |
ArchivedMySQLCluster.status.mysqlClusterSpec.infrastructurePolicy
InfrastructurePolicy refers to the infrastructure policy resource used to create this cluster.
Required - Must refer to a valid InfrastructurePolicy.
Immutable.
| Name | Type | Description | Required |
|---|---|---|---|
name |
string |
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
false |
ArchivedMySQLCluster.status.mysqlClusterSpec.vmClass
VMClass refers to the VM class that should be used to create this cluster. It must be part of the InfrastructurePolicy used by this cluster.
Required - Must refer to a valid VMClass.
Mutable - (Only increases in resources are allowed).
| Name | Type | Description | Required |
|---|---|---|---|
name |
string |
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
false |
ArchivedMySQLCluster.status.mysqlClusterSpec.adminPasswordRef
AdminPasswordRef refers to a v1.Secret containing the password which the privileged user will use to connect
to the database. The secret must be in the same namespace as the database cluster.
FieldPath field indicates which key in the secret contains the password. Default - password.
Providing inline value with Value field is not supported.
The owner of the Secret must be the same as the owner of the DB cluster. When the owner of the DB
cluster is changed the owner of the Secret is automatically changed to the new owner.
If the cluster is a replica with SyncUsersFromSource=true, this field has no effect until the replica is promoted.
Default - password is auto generated.
Mutable. It is possible to refer to a new Secret to update the admin password, but it is not required. Updates in the already referenced Secret will also lead to update of the password.
| Name | Type | Description | Required |
|---|---|---|---|
fieldPath |
string |
data.<key> for secrets. Optional. For most references there is a canonical key |
false |
name |
string |
The name of the secret |
false |
value |
string |
Deprecated. This field is never used by the Data Services Manager. |
false |
ArchivedMySQLCluster.status.mysqlClusterSpec.backupConfig
BackupConfig declares the cluster’s backup configuration details.
If specified a BackupLocation must also be specified.
Optional.
Mutable.
| Name | Type | Description | Required |
|---|---|---|---|
backupRetentionDays |
integer |
BackupRetentionDays describes the number of days to store backups Must be Required. Mutable.
|
true |
[]object |
Schedules user defined schedules of when the system will perform backups. Required. Mutable. |
true |
|
uploadChunkSize |
int or string |
UploadChunkSize setting that allows for the user to override the default chunk size used in multipart uploads and specify the part size themselves, taking into account the specifics of their environment and the target backup storage. There are tradeoffs associated with tuning the value of the UploadChunkSize. On one hand side each part is a separate S3 PUT operation so chunking the backup in too small parts comes at a certain cost. On the other hand side, parts are buffered in memory and the larger the part, the greater the chance of an upload failure depending on the reliability of the network. Thus, a high chunk size value comes with a higher memory footprint and a higher risk for upload failure. The memory utilization of the backup routine may increase with up to 5 times the configured upload chunk size due to the parallel upload capability of the object uploader. Note that the backup doesn’t include all files in the MySQL data directory and the backup stream is compressed, which means that size of the backup object would vary significantly based on the type of data in the database. In general one can expect that the backup object size is around 1% to 10% of the disk utilization of the MySQL database instance (i.e. the MySQL data directory). The format of the specified value should be a Kubernetes resource quantity - https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/quantity/ Range - 5Mi - 5Gi Default - 10Mi Supported in Data Service Manager data plane version 2.2.2 and above. Optional. Mutable. |
false |
ArchivedMySQLCluster.status.mysqlClusterSpec.backupConfig.schedules[index]
| Name | Type | Description | Required |
|---|---|---|---|
name |
string |
Name of the schedule. Required. Immutable. |
true |
schedule |
string |
The schedule in the form of a cron schedule. Required. Mutable. |
true |
type |
string |
Type of schedule. Can be Required. Immutable. |
true |
ArchivedMySQLCluster.status.mysqlClusterSpec.backupLocation
BackupLocation, if specified, must point to an existing BackupLocation custom resource in the same namespace as the cluster or in the DSM system namespace. It will be used by the 'BackupConfig', which must be specified whenever BackupLocation is specified.
If specified, a backupConfig must also be specified.
Optional.
Mutable.
| Name | Type | Description | Required |
|---|---|---|---|
name |
string |
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
false |
ArchivedMySQLCluster.status.mysqlClusterSpec.basedOn
BasedOn identifies the source cluster on which this cluster will be based on.
Users cannot base their clusters on clusters owned by other users unless the user has DSM_Admin role. The new cluster will inherit the ownership from its source cluster. It can be changed if necessary after the cluster is created.
Field Cluster works both if the cluster is alive and if it is deleted, but we are still retaining its backups. To create a new MySQL cluster based on a live cluster pass the name of the cluster. To create a new MySQL cluster based on an archived cluster with retained backups pass the name of the ArchivedMySQLCluster
The only allowed mutation of the BasedOn field is to set it to nil if it was previously set to contain ReplicationSource. See MySQLBasedOnParams.ReplicationSource for details.
Optional.
Mutable.
| Name | Type | Description | Required |
|---|---|---|---|
object |
Cluster contains the name of the source cluster and timestamp to use as the restore point. Cannot be set if ReplicationSource is set, too. One of the two has to be set. Optional. Immutable. |
false |
|
object |
ReplicationSource specifies that the cluster will be based on a source cluster from which this cluster will replicate asynchronously. Cannot be set if Cluster is set, too. One of the two has to be set. When a cluster with previously configured basedOn.ReplicationSource field is updated to remove basedOn, the cluster will be decoupled from its source cluster and promoted to an independent read/write cluster. Promotion is irrevocable and doesn’t wait for in-flight data from the source to be flushed to the replica. The completion of promotion will be indicated by the removal of the IncomingReplicationStatus status field. If SyncUsersFromSource was previously true, the admin user credentials on the promoted cluster will be re-generated or, if AdminUser/AdminPasswordRef was populated, set to its value. In both cases, cluster connection status will be changed to refer to these admin user credentials as in any non-replica cluster. Optional. Immutable. |
false |
ArchivedMySQLCluster.status.mysqlClusterSpec.basedOn.cluster
Cluster contains the name of the source cluster and timestamp to use as the restore point. Cannot be set if ReplicationSource is set, too. One of the two has to be set.
Optional.
Immutable.
| Name | Type | Description | Required |
|---|---|---|---|
name |
string |
Name is the name of the source cluster from which to restore. Required. Immutable. |
true |
timestamp |
string |
Timestamp is the point in time to restore from. The restore will happen to the last available recovery time before the given time. If timestamp is not provided restore will be initiated to the latest available recovery time. Optional. Immutable.
|
false |
ArchivedMySQLCluster.status.mysqlClusterSpec.basedOn.replicationSource
ReplicationSource specifies that the cluster will be based on a source cluster from which this cluster will replicate asynchronously. Cannot be set if Cluster is set, too. One of the two has to be set.
When a cluster with previously configured basedOn.ReplicationSource field is updated to remove basedOn, the cluster will be decoupled from its source cluster and promoted to an independent read/write cluster. Promotion is irrevocable and doesn’t wait for in-flight data from the source to be flushed to the replica. The completion of promotion will be indicated by the removal of the IncomingReplicationStatus status field. If SyncUsersFromSource was previously true, the admin user credentials on the promoted cluster will be re-generated or, if AdminUser/AdminPasswordRef was populated, set to its value. In both cases, cluster connection status will be changed to refer to these admin user credentials as in any non-replica cluster.
Optional.
Immutable.
| Name | Type | Description | Required |
|---|---|---|---|
object |
ClusterConnectionParams specifies connection parameters for connecting to the source cluster. This is currently the only option for specifying a source cluster. Required |
true |
|
syncUsersFromSource |
boolean |
SyncUsersFromSource specifies whether database users and their credentials are managed locally on the replica (false) or replicated from the source cluster (true). When set to true, all DB users on the replica and their credentials will be replicated from the source. Cluster connection status will refer to a replication user and its credentials. No local user management (CREATE, DROP, ALTER) should be performed on the replica database directly. If AdminUserName or AdminPasswordRef are set on the replica, they will be ignored until it is promoted or SyncUsersFromSource is switched to false. When set to false, the replica cluster users are managed the same way as in a non-replica cluster. The only permitted change of this field is from true to false, in which case existing replicated users are retained as the initial state of locally managed users, and then AdminUserName/AdminPasswordRef are applied. Required Mutable
|
true |
ArchivedMySQLCluster.status.mysqlClusterSpec.basedOn.replicationSource.clusterConnectionParams
ClusterConnectionParams specifies connection parameters for connecting to the source cluster. This is currently the only option for specifying a source cluster.
Required
| Name | Type | Description | Required |
|---|---|---|---|
object |
Credentials specifies a Kubernetes secret that contains the credentials needed to connect to the source cluster. Required fields of the secret are username and password. The referenced MySQL user must have connection, replication and clone privilege on the source cluster. This field is mutable. Changes to the secret will be automatically applied on the instance. Required. Mutable. |
true |
|
endpoints |
[]string |
Endpoints is a list of servers that are members of a single cluster, in host:port format. Connections to the servers will be tried in the order specified, and a server will be used only if connection attempts to those preceding it in the list have failed. The list can contain a sub-set of the source cluster members, in which case replication will depend on the health of this sub-set. Required. Mutable. |
true |
object |
TrustBundle is a reference to a ConfigMap containing a set of certificates to be trusted when validating the Servers connection.
Optional. By default, it will use the DSM globally trusted certificates ConfigMap. Mutable. |
false |
ArchivedMySQLCluster.status.mysqlClusterSpec.basedOn.replicationSource.clusterConnectionParams.credentials
Credentials specifies a Kubernetes secret that contains the credentials needed to connect to the source cluster. Required fields of the secret are username and password. The referenced MySQL user must have connection, replication and clone privilege on the source cluster. This field is mutable. Changes to the secret will be automatically applied on the instance.
Required.
Mutable.
| Name | Type | Description | Required |
|---|---|---|---|
name |
string |
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
false |
ArchivedMySQLCluster.status.mysqlClusterSpec.basedOn.replicationSource.clusterConnectionParams.trustBundle
TrustBundle is a reference to a ConfigMap containing a set of certificates to be trusted when validating the Servers connection.
-
Well-known OS-trusted CA, or a DSM globally trusted certificate - TrustBundle can be omitted, or it should point to DSM globally trusted certificates ConfigMap.
-
Certificate signed by CA that should not be globally trusted by DSM - TrustBundle reference must point to ConfigMap with key
tls.crtthat contains only Issuer certificate(s). If an end-entity (i.e. server) certificate is provided it must be issued by itself, i.e. self-signed.
Optional. By default, it will use the DSM globally trusted certificates ConfigMap.
Mutable.
| Name | Type | Description | Required |
|---|---|---|---|
apiVersion |
string |
API version of the referent. |
false |
fieldPath |
string |
If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. |
false |
kind |
string |
Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
false |
name |
string |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
false |
namespace |
string |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
false |
resourceVersion |
string |
Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency |
false |
uid |
string |
UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids |
false |
ArchivedMySQLCluster.status.mysqlClusterSpec.databaseConfig
DatabaseConfig refers to the database config object that will be applied to this cluster.
Database Config is used to apply custom params/configs to the database represented by this CR.
A Database Config can only be applied to a single cluster at a time and cannot be deleted if it is in use by a cluster.
The DatabaseConfig must exist in same namespace as cluster.
Optional.
Mutable.
| Name | Type | Description | Required |
|---|---|---|---|
name |
string |
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
false |
ArchivedMySQLCluster.status.mysqlClusterSpec.directoryService
DirectoryService refers to the DirectoryService resource with LDAP settings used by this cluster for authenticating clients.
Optional.
Mutable.
| Name | Type | Description | Required |
|---|---|---|---|
apiVersion |
string |
API version of the referent. |
false |
fieldPath |
string |
If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. |
false |
kind |
string |
Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
false |
name |
string |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
false |
namespace |
string |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
false |
resourceVersion |
string |
Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency |
false |
uid |
string |
UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids |
false |
ArchivedMySQLCluster.status.mysqlClusterSpec.maintenanceWindow
MaintenanceWindow refers to the System maintenance window. Enabled Maintenance Window will allow CVEs, bug fixes and new Lifecycle Management features for the VM, OS, any supporting software to be addressed. Database minor version upgrades can also be performed. Changes applied during this window should only result in minimum downtime when the database is deployed with replication.
Optional.
Mutable.
| Name | Type | Description | Required |
|---|---|---|---|
duration |
string |
Duration describes the duration of the maintenance window. Required. Mutable. |
true |
startDay |
enum |
StartDay describes the day of the week the maintenance window will commence. Can be any of Required. Mutable.
|
true |
startTime |
string |
StartTime describes the time of the day to start the maintenance window. Required. Mutable. |
true |
ArchivedMySQLCluster.status.mysqlClusterSpec.placementSelector
PlacementSelector refers to a placement declared in the InfrastructurePolicy.
Usually this field should be left empty to allow the system to determine it automatically.
A placement should be found in the InfrastructurePolicy with the same datacenter,
cluster and resource pool to be considered valid.
Optional.
Immutable.
| Name | Type | Description | Required |
|---|---|---|---|
cluster |
string |
Cluster is the datacenter’s cluster name to be used when placing the data service workload. Use the full qualified name of the cluster, relative to the datacenter. A cluster "Cluster1" inside a folder "clusters", should be declared as "clusters/Cluster1". Any slash in the name is considered a path delimiter, use the literal '%2f' if need to represent a slash in the cluster name. Required. Mutable. |
true |
datacenter |
string |
Datacenter is the vSphere Datacenter to be used when placing the data service workload. The full qualified path to the datacenter must be provided if the datacenter is placed inside a folder. Any slash in the name is considered a path delimiter, use the literal '%2f' if need to represent a slash in the datacenter name. Required. Mutable. |
true |
resourcePool |
string |
ResourcePool is the Cluster’s resource pool to be used when placing the data service workload. If the resource pool is not provided, the whole cluster is used as the placement. Optional. Mutable. |
false |
ArchivedMySQLCluster.status.mysqlClusterSpec.tls
TLS refers to the SSL/TLS configuration of the database cluster.
Optional.
Mutable.
| Name | Type | Description | Required |
|---|---|---|---|
secretName |
string |
The name of a Secret resource present in the same namespace as the database cluster, describing a custom certificate. The expected format of the Secret is the same as the output Secrets created by cert-manager’s Certificate resource. It needs to have keys: tls.crt: PEM signed certificate chain tls.key: PEM private key ca.crt: PEM CA certificate The ca.crt is optional if there is at least one issuer certificate in the certificate chain (tls.crt key). That issuer can either be a self-signed leaf certificate, or an intermediate or root certificate authority. Optional. When omitted, DSM will auto-generate a certificate using its own internal certificate authority. When specified, DSM will override its auto-generated certificate and use the one described in the Secret. Mutable. To update a custom certificate, either refer to a new Secret, or update the already referenced one. If the database cluster will be accessed by IP, the TLS configuration needs to be applied after initial creation, because the IP can be retrieved only then, so it can be encoded in the certificate. |
false |
ArchivedMySQLCluster.status.mysqlClusterSpec.vSphereTags[index]
VSphereTag identifies a single vSphere tag by its tag category and tag name.
| Name | Type | Description | Required |
|---|---|---|---|
category |
string |
Category is the vSphere tag category Required. Mutable. |
true |
tag |
string |
Tag is the vSphere tag. It should be part of vSphere tag category Category. Required. Mutable. |
true |
ArchivedMySQLCluster.status.upgradeStatus
UpgradeStatus represents version state transitions history for the deleted cluster
Required.
Immutable.
| Name | Type | Description | Required |
|---|---|---|---|
currentVersion |
string |
The actual current version of the data service cluster. This is going to be the same as spec.version, unless an upgrade has been requested. In the latter case, this field will be updated once the upgrade completes. |
false |
[]object |
Historical data of the upgrades performed. |
false |
ArchivedMySQLCluster.status.upgradeStatus.history[index]
| Name | Type | Description | Required |
|---|---|---|---|
complete |
string |
Timestamp of when the upgrade completed.
|
false |
fromVersion |
string |
The version from which the cluster was upgraded. |
false |
isMajorUpgrade |
boolean |
IsMajorUpgrade specifies whether the upgrade was a major or a minor version upgrade. |
false |
message |
string |
Message contains the reason for a failure or rejection. |
false |
start |
string |
Timestamp of when the upgrade started. This is the time right before the upgrade operations has started and restores are guaranteed to succeed at or before that time. The period after Start and before Complete is considered a blackout period and restores within this interval could lead to unexpected results.
|
false |
status |
enum |
Status indicates the status of the upgrade.
|
false |
toVersion |
string |
The version to which the cluster was upgraded. If the upgrade was aborted or has failed, this field will have the same value as FromVersion. |
false |
ArchivedMySQLCluster.status.conditions[index]
Condition contains details for one aspect of the current state of this API Resource.
| Name | Type | Description | Required |
|---|---|---|---|
lastTransitionTime |
string |
lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
|
true |
message |
string |
message is a human readable message indicating details about the transition. This may be an empty string. |
true |
reason |
string |
reason contains a programmatic identifier indicating the reason for the condition’s last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. |
true |
status |
enum |
status of the condition, one of True, False, Unknown.
|
true |
type |
string |
type of condition in CamelCase or in foo.example.com/CamelCase. |
true |
observedGeneration |
integer |
observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
|
false |
ArchivedPostgresCluster
ArchivedPostgresCluster is the Schema for the archivedpostgrescluster API. ArchivedPostgresCluster is created automatically when PostgresCluster with enabled automated backups is deleted. An ArchivedPostgresCluster represents the retained automated backups and WAL archive that were taken for that deleted PostgresCluster. It is named after the PostgresCluster and is created in the same namespace. ArchivedPostgresCluster can be used to perform point-in-time recovery for that deleted cluster. ArchivedPostgresCluster is automatically deleted once retention expires.
To use a ArchivedPostgresCluster reference its name when creating a new PostgresCluster by passing the .spec.basedOn.cluster.name field. Example:
apiVersion: databases.dataservices.vmware.com/v1alpha1
kind: PostgresCluster
metadata:
name: restored-source-1
namespace: default
spec:
basedOn:
cluster:
name: source-1 # the name of the referenced ArchivedPostgresCluster
| Name | Type | Description | Required |
|---|---|---|---|
apiVersion |
string |
databases.dataservices.vmware.com.v1alpha1 |
true |
kind |
string |
ArchivedPostgresCluster |
true |
object |
Refer to the Kubernetes API documentation for the fields of the |
true |
|
object |
ArchivedPostgresClusterSpec is the Schema for the ArchivedPostgresCluster API. |
false |
|
object |
ArchivedPostgresClusterStatus defines the observed state of ArchivedPostgresCluster. |
false |
ArchivedPostgresCluster.spec
ArchivedPostgresClusterSpec is the Schema for the ArchivedPostgresCluster API.
| Name | Type | Description | Required |
|---|---|---|---|
expiresAt |
string |
ExpiresAt represent the point in time when backups and WAL archive associated with ArchivedPostgresCluster will be expired. DSM will perform the cleanup after this point in time. Required. Mutable.
|
true |
ArchivedPostgresCluster.status
ArchivedPostgresClusterStatus defines the observed state of ArchivedPostgresCluster.
| Name | Type | Description | Required |
|---|---|---|---|
backupId |
string |
BackupId is set only for clusters with enabled automatic backups. This is a unique ID that can be used to locate backup files in storage. For PostgreSQL, it is the stanzaName of the database cluster. Required. Immutable. |
true |
databaseName |
string |
The name of the default Postgres database used by any restored clusters from this archive. DSM will use the default database name from PostgresCluster.Status.Connection.DbName of the PostgresCluster associated with this archive. Required. Immutable. |
true |
object |
The last known spec of the cluster that got archived. Required. Immutable. |
true |
|
object |
UpgradeStatus represents version state transitions history for the deleted cluster Required. Immutable. |
true |
|
[]object |
Conditions contain the list of observed conditions of the archived clusters. One of the following statuses can occur.
|
false |
ArchivedPostgresCluster.status.postgresClusterSpec
The last known spec of the cluster that got archived.
Required.
Immutable.
| Name | Type | Description | Required |
|---|---|---|---|
object |
InfrastructurePolicy refers to the infrastructure policy resource used to create this cluster. Required - Must refer to a valid Immutable. |
true |
|
storagePolicyName |
string |
StoragePolicyName declares the name of the storage policy that should be used to create this postgres cluster. It must be part of the InfrastructurePolicy used by this cluster. Required - Must refer to a valid Immutable. |
true |
storageSpace |
string |
StorageSpace declares the disk size allocated to each node hosting the workload. You can express storage as a plain integer or as a fixed-point number using one of these suffixes - E, P, T, G, M, k. You can also use the power-of-two equivalents - Ei, Pi, Ti, Gi, Mi, Ki Range - 20Gi - 10Ti. Required. Mutable - (increase only). |
true |
version |
string |
Version declares the version of the database engine to be used. To upgrade the database engine change this field. The list of supported engine versions can be found by inspecting the DataServiceVersion resources and in the VMware Data Services Manager UI. Required. Mutable. |
true |
object |
VMClass refers to the VM class that should be used to create this cluster. It must be part of the InfrastructurePolicy used by this cluster. Required - Must refer to a valid Mutable - (Only increases in resources are allowed). |
true |
|
object |
AdminPasswordRef refers to a v1.Secret containing the password which the privileged user will use to connect
to the database. The secret must be in the same namespace as the database cluster.
FieldPath field indicates which key in the secret contains the password. Default - Secondary instances (that is, instances with Spec.BasedOn.ContinuousRecovery.Enabled set to true) do not support do not support having their own privileged user. If this field is set on a secondary instance, it will only take effect after that instance is promoted. Default - password is auto generated. Mutable. It is possible to refer to a new Secret to update the admin password, but it is not required. Updates in the already referenced Secret will also lead to update of the password. |
false |
|
adminUsername |
string |
AdminUserName is the desired name of the privileged user to be used when connecting to the database. AdminUserName should not be one of the following - pg_read_all_data, pg_write_all_data, pg_read_all_settings, pg_read_all_stats, pg_stat_scan_tables, pg_monitor, pg_database_owner, pg_signal_backend, pg_read_server_files, pg_write_server_files, pg_execute_server_program, pg_checkpoint, pg_use_reserved_connections, pg_create_subscription, postgres, template1, template0. Default - pgadmin. Immutable. |
false |
object |
BackupConfig declares the cluster’s backup configuration details. If specified a Optional. Mutable. |
false |
|
object |
BackupLocation, if specified, must point to an existing BackupLocation custom resource in the same namespace as the cluster or in the DSM system namespace. It will be used by the 'BackupConfig', which must be specified whenever BackupLocation is specified. If specified, a Optional. Mutable. |
false |
|
object |
BasedOn identifies the source (primary) cluster on which this cluster will be based on. Users cannot base their clusters on clusters owned by other users unless the user has DSM_Admin role. The new cluster will inherit the ownership from its source(primary) cluster. It can be changed if necessary after the cluster is created. Field Cluster works both if the cluster is alive and if it is deleted, but we are still retaining its backups. To create a new Postgres cluster based on a live one pass the name of the cluster. To create a new Postgres cluster based on an archived cluster with retained backups pass the name of the ArchivedPostgresCluster. Optional. Immutable. |
false |
|
blockDatabaseConnections |
boolean |
BlockDatabaseConnections restricts all external client access to the database. When set to true, the database forcibly terminates all existing client connections and prevents any new connection attempts, including those from administrative users such as pgadmin. When set to false or unset, client access to the database is permitted as normal. The Ready condition, in combination with the observedGeneration, can be used to verify that this setting has been applied. This field can be useful in disaster recovery (DR) scenarios to ensure no writes or new sessions occur on the original primary(source) during switchover or failover. Default - Optional. Mutable.
|
false |
object |
DatabaseConfig refers to the database config object that will be applied to this cluster. Database Config is used to apply custom params/configs to the database represented by this CR. A Database Config can only be applied to a single cluster at a time and cannot be deleted if it is in use by a cluster. The DatabaseConfig must exist in same namespace as cluster. Optional. Mutable. |
false |
|
databaseName |
string |
If DatabaseName is set, database with that name will be created (if it doesn’t exist) and PostgresCluster.Status.Connection.DbName and ArchivedPostgresCluster.Status.DatabaseName will be set to that name. If the cluster is restored from another cluster (Spec.BasedOn.Cluster field is used) all databases from the source cluster are restored with preserved names and one additional database is created with name the given DatabaseName. This database is empty and PostgresCluster.Status.Connection.DbName and ArchivedPostgresCluster.Status.DatabaseName refer to it. If DatabaseName is equal to the name of database from the source cluster no additional database is created and PostgresCluster.Status.Connection.DbName and ArchivedPostgresCluster.Status.DatabaseName refer to the specified database with name the given DatabaseName. If DatabaseName is empty no additional database is created and PostgresCluster.Status.Connection.DbName and ArchivedPostgresCluster.Status.DatabaseName refer the same database the status connection info of the source cluster refers to. If the cluster is secondary instance of other cluster and has DatabaseName different from the names of the databases in the primary cluster, the additional database with name DatabaseName will be created only after the cluster is promoted to a standalone instance. DatabaseName should not be one of the following - pg_read_all_data, pg_write_all_data, pg_read_all_settings, pg_read_all_stats, pg_stat_scan_tables, pg_monitor, pg_database_owner, pg_signal_backend, pg_read_server_files, pg_write_server_files, pg_execute_server_program, pg_checkpoint, pg_use_reserved_connections, pg_create_subscription, postgres, template1, template0. It is recommended the length of DatabaseName to not exceed 63 characters, otherwise it will be truncated and only the first 63 characters will be used for database name. Default - if the cluster is restored one, the database name in the source cluster’s PostgresCluster.Status.Connection.DbName is used, otherwise DatabaseName is the same as the cluster’s name. Immutable. |
false |
description |
string |
Description contains the human-readable description of the cluster. Optional. Mutable. |
false |
object |
DirectoryService refers to the DirectoryService resource with LDAP settings used by this cluster for authenticating clients. Optional. Mutable. |
false |
|
dnsNames |
[]string |
One or more DNS names / FQDNs for database access. These DNS names will be included in the SAN field of the TLS certificate if auto-generated by DSM. The first DNS name will also be included in the URL connection string displayed in DSM UI. If a custom TLS certificate is provided, it is important its SAN field to match the DNS names provided here, so clients can ensure a secure connection. Optional. Mutable. When updated, DSM will re-generate the TLS certificate if no custom certificate is provided. |
false |
object |
HbaRef refers to a Secret containing custom The Secret must be in the same namespace as the database cluster. Once created, the HBA Secret cannot be modified. If you need to change the HBA configuration, create a new Secret and update the reference here. The Secret should contain the Only the authentication methods For example, to permit all users whose usernames end with @local to authenticate using their database passwords, you can add: kind: Secret
metadata:
name: db-cluster-1-custom-pg-hba
immutable: true
stringData:
pg_hba.conf: |
host all /^(.*)@local$ all scram-sha-256
Care should be taken to ensure that the custom entries do not interfere with the system-managed entries
or lock out users from accessing the cluster. This is because the order in which the HBA entries are defined matters.
The first record with a matching connection type, client address, requested database, and user name is used to perform authentication.
The final host all pgadmin all scram-sha-256 host all postgres_exporter all scram-sha-256 #<YOUR CUSTOM ENTRIES ARE ADDED HERE> host all all all ldap ... # This entry is added only if directory service is enabled for the cluster host all all all scram-sha-256 |
false |
|
object |
MaintenanceWindow refers to the System maintenance window. Enabled Maintenance Window will allow CVEs, bug fixes and new Lifecycle Management features for the VM, OS, any supporting software to be addressed. Database minor version upgrades can also be performed. Changes applied during this window should only result in minimum downtime when the database is deployed with replication. Optional. Mutable. |
false |
|
object |
PlacementSelector refers to a placement declared in the InfrastructurePolicy. Usually this field should be left empty to allow the system to determine it automatically.
A placement should be found in the Optional. Immutable. |
false |
|
replicas |
integer |
Represents the number of nodes that are replicating from the primary node. In event of a primary outage one of the replicas will be promoted to primary. Replicas can be set to 0 or 1. Starting with Data Services Manager 2.1, 3-replica clusters are no longer supported. If you have replicas set to 1, then you will have 1 primary node and 1 replica node. Secondary instances (that is, instances with Spec.BasedOn.ContinuousRecovery.Enabled set to true) do not support having their own replicas. If this field is set to a non-zero value on a secondary instance, it will only take effect after this instance is promoted. Default - Mutable.
|
false |
[]object |
ReplicationSlots configures a list of Postgres replication slots that will be created on this instance for disaster recovery or migration purposes. A replication slot can be removed if it is no longer needed and there is no active consumer of that replication slot. Secondary instances (that is, instances with Spec.BasedOn.ContinuousRecovery.Enabled set to true) do not support having replication slots. If this field is set on a secondary instance, it will only take effect after this instance is promoted. When upgrading the primary replication instance it is recommended to also upgrade all secondary instances to the same minor version, afterwards. |
false |
|
requestedSharedMemorySize |
int or string |
RequestedSharedMemorySize is the value we would try to assign for shared memory (/dev/shm) of the OS where the Postgres instance is running. No upper limit is enforced, but the system would apply one based on current VMClass memory. You can express RequestedSharedMemorySize as a fixed-point number using one of these suffixes - E, P, T, G, M, k. You can also use the power-of-two equivalents - Ei, Pi, Ti, Gi, Mi, Ki. Range - 64Mi - no limit. Default - Optional. Mutable.
|
false |
object |
TLS refers to the SSL/TLS configuration of the database cluster. Optional. Mutable. |
false |
|
[]object |
VSphereTags is the list of vSphere tags that the cluster’s deployed virtual machines should have assigned. The tags should exist in vSphere in order to be successfully assigned. Optional. Mutable. |
false |
ArchivedPostgresCluster.status.postgresClusterSpec.infrastructurePolicy
InfrastructurePolicy refers to the infrastructure policy resource used to create this cluster.
Required - Must refer to a valid InfrastructurePolicy.
Immutable.
| Name | Type | Description | Required |
|---|---|---|---|
name |
string |
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
false |
ArchivedPostgresCluster.status.postgresClusterSpec.vmClass
VMClass refers to the VM class that should be used to create this cluster. It must be part of the InfrastructurePolicy used by this cluster.
Required - Must refer to a valid VMClass.
Mutable - (Only increases in resources are allowed).
| Name | Type | Description | Required |
|---|---|---|---|
name |
string |
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
false |
ArchivedPostgresCluster.status.postgresClusterSpec.adminPasswordRef
AdminPasswordRef refers to a v1.Secret containing the password which the privileged user will use to connect
to the database. The secret must be in the same namespace as the database cluster.
FieldPath field indicates which key in the secret contains the password. Default - password.
Providing inline value with Value field is not supported.
The owner of the Secret must be the same as the owner of the DB cluster. When the owner of the DB
cluster is changed the owner of the Secret is automatically changed to the new owner.
Secondary instances (that is, instances with Spec.BasedOn.ContinuousRecovery.Enabled set to true) do not support do not support having their own privileged user. If this field is set on a secondary instance, it will only take effect after that instance is promoted.
Default - password is auto generated.
Mutable. It is possible to refer to a new Secret to update the admin password, but it is not required. Updates in the already referenced Secret will also lead to update of the password.
| Name | Type | Description | Required |
|---|---|---|---|
fieldPath |
string |
data.<key> for secrets. Optional. For most references there is a canonical key |
false |
name |
string |
The name of the secret |
false |
value |
string |
Deprecated. This field is never used by the Data Services Manager. |
false |
ArchivedPostgresCluster.status.postgresClusterSpec.backupConfig
BackupConfig declares the cluster’s backup configuration details.
If specified a BackupLocation must also be specified.
Optional.
Mutable.
| Name | Type | Description | Required |
|---|---|---|---|
backupRetentionDays |
integer |
BackupRetentionDays describes the number of days to store backups Must be Required. Mutable.
|
true |
[]object |
Schedules user defined schedules of when the system will perform backups. Required. Mutable. |
true |
ArchivedPostgresCluster.status.postgresClusterSpec.backupConfig.schedules[index]
| Name | Type | Description | Required |
|---|---|---|---|
name |
string |
Name of the schedule. Required. Immutable. |
true |
schedule |
string |
The schedule in the form of a cron schedule. Required. Mutable. |
true |
type |
string |
Type of schedule. Can be Required. Immutable. |
true |
ArchivedPostgresCluster.status.postgresClusterSpec.backupLocation
BackupLocation, if specified, must point to an existing BackupLocation custom resource in the same namespace as the cluster or in the DSM system namespace. It will be used by the 'BackupConfig', which must be specified whenever BackupLocation is specified.
If specified, a backupConfig must also be specified.
Optional.
Mutable.
| Name | Type | Description | Required |
|---|---|---|---|
name |
string |
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
false |
ArchivedPostgresCluster.status.postgresClusterSpec.basedOn
BasedOn identifies the source (primary) cluster on which this cluster will be based on.
Users cannot base their clusters on clusters owned by other users unless the user has DSM_Admin role. The new cluster will inherit the ownership from its source(primary) cluster. It can be changed if necessary after the cluster is created.
Field Cluster works both if the cluster is alive and if it is deleted, but we are still retaining its backups. To create a new Postgres cluster based on a live one pass the name of the cluster. To create a new Postgres cluster based on an archived cluster with retained backups pass the name of the ArchivedPostgresCluster.
Optional.
Immutable.
| Name | Type | Description | Required |
|---|---|---|---|
object |
Cluster contains the name of the source(primary) cluster and timestamp to use as the restore point. Optional. Immutable. |
false |
|
object |
ContinuousRecovery specifies the details of an external cluster that will be used as a source(primary) for continuous recovery. Once configured, this field can’t be unset. |
false |
ArchivedPostgresCluster.status.postgresClusterSpec.basedOn.cluster
Cluster contains the name of the source(primary) cluster and timestamp to use as the restore point.
Optional.
Immutable.
| Name | Type | Description | Required |
|---|---|---|---|
name |
string |
Name is the name of the source cluster from which to restore. Required. Immutable. |
true |
timestamp |
string |
Timestamp is the point in time to restore from. The restore will happen to the last available recovery time before the given time. If timestamp is not provided restore will be initiated to the latest available recovery time. Optional. Immutable.
|
false |
ArchivedPostgresCluster.status.postgresClusterSpec.basedOn.continuousRecovery
ContinuousRecovery specifies the details of an external cluster that will be used as a source(primary) for continuous recovery. Once configured, this field can’t be unset.
| Name | Type | Description | Required |
|---|---|---|---|
object |
ReplicationSlot specifies the Postgres replication slot and remote cluster details from which this cluster will continuously recover. If the source (primary) cluster is a DSM managed Postgres cluster, the replication slot details can be retrieved from the status sub-resource of the source (primary) cluster’s PostgresCluster resource. When demoting a Postgres cluster with configured backups to act as a secondary to another cluster, the timeline of the demoted cluster must not exceed the timeline of the source cluster. |
true |
|
enabled |
boolean |
Enabled specifies if this cluster should continuously retrieve activities from the source (primary) cluster. When Enabled is set to true, this cluster’s Ready condition implies that the cluster is now ready to serve read-only operations. When set to false, the Ready condition implies that the cluster is ready to serve read-write operations. |
false |
ArchivedPostgresCluster.status.postgresClusterSpec.basedOn.continuousRecovery.replicationSlot
ReplicationSlot specifies the Postgres replication slot and remote cluster details from which this cluster will continuously recover. If the source (primary) cluster is a DSM managed Postgres cluster, the replication slot details can be retrieved from the status sub-resource of the source (primary) cluster’s PostgresCluster resource.
When demoting a Postgres cluster with configured backups to act as a secondary to another cluster, the timeline of the demoted cluster must not exceed the timeline of the source cluster.
| Name | Type | Description | Required |
|---|---|---|---|
object |
Credentials specifies a Kubernetes secret that contains the credentials needed to connect to the source cluster. Required fields of the secret are user, password, dbName. And the optional fields are ca.crt. The referenced Postgres user must have connect and replication privilege on the source cluster. This field is mutable. Changes to the secret will be automatically applied on the instance. |
true |
|
hostname |
string |
Hostname specifies the hostname or ip address that can be used to connect to the source cluster. |
true |
slotName |
string |
SlotName specifies the Postgres replication slot name that will be used for streaming replication. |
true |
port |
integer |
Port specifies the port number that can be used to connect to the source cluster. This field is immutable.
|
false |
object |
TrustBundle is a reference to a ConfigMap containing a set of certificates to be trusted when validating the Servers connection.
Optional. By default, it will use the DSM globally trusted certificates ConfigMap. Mutable. |
false |
ArchivedPostgresCluster.status.postgresClusterSpec.basedOn.continuousRecovery.replicationSlot.credentials
Credentials specifies a Kubernetes secret that contains the credentials needed to connect to the source cluster. Required fields of the secret are user, password, dbName. And the optional fields are ca.crt. The referenced Postgres user must have connect and replication privilege on the source cluster. This field is mutable. Changes to the secret will be automatically applied on the instance.
| Name | Type | Description | Required |
|---|---|---|---|
name |
string |
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
false |
ArchivedPostgresCluster.status.postgresClusterSpec.basedOn.continuousRecovery.replicationSlot.trustBundle
TrustBundle is a reference to a ConfigMap containing a set of certificates to be trusted when validating the Servers connection.
-
Well-known OS-trusted CA, or a DSM globally trusted certificate - TrustBundle can be omitted, or it should point to DSM globally trusted certificates ConfigMap.
-
Certificate signed by CA that should not be globally trusted by DSM - TrustBundle reference must point to ConfigMap with key
tls.crtthat contains only Issuer certificate(s). If an end-entity (i.e. server) certificate is provided it must be issued by itself, i.e. self-signed.
Optional. By default, it will use the DSM globally trusted certificates ConfigMap.
Mutable.
| Name | Type | Description | Required |
|---|---|---|---|
apiVersion |
string |
API version of the referent. |
false |
fieldPath |
string |
If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. |
false |
kind |
string |
Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
false |
name |
string |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
false |
namespace |
string |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
false |
resourceVersion |
string |
Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency |
false |
uid |
string |
UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids |
false |
ArchivedPostgresCluster.status.postgresClusterSpec.databaseConfig
DatabaseConfig refers to the database config object that will be applied to this cluster.
Database Config is used to apply custom params/configs to the database represented by this CR.
A Database Config can only be applied to a single cluster at a time and cannot be deleted if it is in use by a cluster.
The DatabaseConfig must exist in same namespace as cluster.
Optional.
Mutable.
| Name | Type | Description | Required |
|---|---|---|---|
name |
string |
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
false |
ArchivedPostgresCluster.status.postgresClusterSpec.directoryService
DirectoryService refers to the DirectoryService resource with LDAP settings used by this cluster for authenticating clients.
Optional.
Mutable.
| Name | Type | Description | Required |
|---|---|---|---|
apiVersion |
string |
API version of the referent. |
false |
fieldPath |
string |
If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. |
false |
kind |
string |
Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
false |
name |
string |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
false |
namespace |
string |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
false |
resourceVersion |
string |
Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency |
false |
uid |
string |
UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids |
false |
ArchivedPostgresCluster.status.postgresClusterSpec.hbaRef
HbaRef refers to a Secret containing custom pg_hba.conf entries for user authentication.
See https://www.postgresql.org/docs/current/auth-pg-hba-conf.html
The Secret must be in the same namespace as the database cluster. Once created, the HBA Secret cannot be modified. If you need to change the HBA configuration, create a new Secret and update the reference here.
The Secret should contain the pg_hba.conf entries under a specific key pg_hba.conf.
These entries will be inserted into the pg_hba.conf file with a priority lower than system users
Only the authentication methods scram-sha-256,reject, cert are allowed in the custom entries.
When cert method is used spec.TLS field is used to supply the trusted CAs.
You cannot override the authentication method for the admin user specified with the AdminUserName field, e.g. pgadmin by default.
For this and any usernames reserved by DSM, the authentication is limited to password-based methods using SCRAM-SHA-256,
and you cannot enforce client certificate authentication.
For example, to permit all users whose usernames end with @local to authenticate using their database passwords, you can add:
kind: Secret
metadata:
name: db-cluster-1-custom-pg-hba
immutable: true
stringData:
pg_hba.conf: \|
host all /^(.*)@local$ all scram-sha-256
Care should be taken to ensure that the custom entries do not interfere with the system-managed entries
or lock out users from accessing the cluster. This is because the order in which the HBA entries are defined matters.
The first record with a matching connection type, client address, requested database, and user name is used to perform authentication.
The final pg_hba.conf will functionally look like:
host all pgadmin all scram-sha-256 host all postgres_exporter all scram-sha-256 #<YOUR CUSTOM ENTRIES ARE ADDED HERE> host all all all ldap ... # This entry is added only if directory service is enabled for the cluster host all all all scram-sha-256
| Name | Type | Description | Required |
|---|---|---|---|
name |
string |
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
false |
ArchivedPostgresCluster.status.postgresClusterSpec.maintenanceWindow
MaintenanceWindow refers to the System maintenance window. Enabled Maintenance Window will allow CVEs, bug fixes and new Lifecycle Management features for the VM, OS, any supporting software to be addressed. Database minor version upgrades can also be performed. Changes applied during this window should only result in minimum downtime when the database is deployed with replication.
Optional.
Mutable.
| Name | Type | Description | Required |
|---|---|---|---|
duration |
string |
Duration describes the duration of the maintenance window. Required. Mutable. |
true |
startDay |
enum |
StartDay describes the day of the week the maintenance window will commence. Can be any of Required. Mutable.
|
true |
startTime |
string |
StartTime describes the time of the day to start the maintenance window. Required. Mutable. |
true |
ArchivedPostgresCluster.status.postgresClusterSpec.placementSelector
PlacementSelector refers to a placement declared in the InfrastructurePolicy.
Usually this field should be left empty to allow the system to determine it automatically.
A placement should be found in the InfrastructurePolicy with the same datacenter,
cluster and resource pool to be considered valid.
Optional.
Immutable.
| Name | Type | Description | Required |
|---|---|---|---|
cluster |
string |
Cluster is the datacenter’s cluster name to be used when placing the data service workload. Use the full qualified name of the cluster, relative to the datacenter. A cluster "Cluster1" inside a folder "clusters", should be declared as "clusters/Cluster1". Any slash in the name is considered a path delimiter, use the literal '%2f' if need to represent a slash in the cluster name. Required. Mutable. |
true |
datacenter |
string |
Datacenter is the vSphere Datacenter to be used when placing the data service workload. The full qualified path to the datacenter must be provided if the datacenter is placed inside a folder. Any slash in the name is considered a path delimiter, use the literal '%2f' if need to represent a slash in the datacenter name. Required. Mutable. |
true |
resourcePool |
string |
ResourcePool is the Cluster’s resource pool to be used when placing the data service workload. If the resource pool is not provided, the whole cluster is used as the placement. Optional. Mutable. |
false |
ArchivedPostgresCluster.status.postgresClusterSpec.replicationSlots[index]
| Name | Type | Description | Required |
|---|---|---|---|
slotName |
string |
SlotName specifies the Postgres replication slot name that will be created on the instance. |
true |
description |
string |
Description specifies a human-readable description of this replication slot. |
false |
user |
string |
User specifies the name of the replication user that is associated with the configured replication slot. The lifecycle of this user is tied to the replication slot. If no value is provided, a replication user is auto generated using the resource name as prefix. User should not be one of the following - pg_read_all_data, pg_write_all_data, pg_read_all_settings, pg_read_all_stats, pg_stat_scan_tables, pg_monitor, pg_database_owner, pg_signal_backend, pg_read_server_files, pg_write_server_files, pg_execute_server_program, pg_checkpoint, pg_use_reserved_connections, pg_create_subscription, postgres, template1, template0. |
false |
ArchivedPostgresCluster.status.postgresClusterSpec.tls
TLS refers to the SSL/TLS configuration of the database cluster.
Optional.
Mutable.
| Name | Type | Description | Required |
|---|---|---|---|
object |
ClientTrustBundle is a reference to a ConfigMap containing SSL certificate authority/ies (CA). If ClientTrustBundle is configured, trust for client certificate connections from these CAs can be enabled using pg hba rules. To require the client to supply a certificate for authentication, add the authentication option clientcert=verify-ca or clientcert=verify-full
to the appropriate hostssl line(s) in pg hba which must be done via the Secret referenced by spec.hbaRef,
and optionally add the certificates of additional certificate authorities (CAs) you trust in the ConfigMap
by appending it/them to the value of key Optional. When omitted, only the root certificate authority (CA) of the server certificate will be trusted. When set, all the CAs from the ConfigMap will be trusted in addition to the CA of the server certificate. The root CA of the server certificate is set using the Secret which is referred by the spec.tls field. Mutable. To update the custom client trust bundle, either refer to a new ConfigMap, or update the already referenced one. |
false |
|
secretName |
string |
The name of a Secret resource present in the same namespace as the database cluster, describing a custom certificate. The expected format of the Secret is the same as the output Secrets created by cert-manager’s Certificate resource. It needs to have keys: tls.crt: PEM signed certificate chain tls.key: PEM private key ca.crt: PEM CA certificate The ca.crt is optional if there is at least one issuer certificate in the certificate chain (tls.crt key). That issuer can either be a self-signed leaf certificate, or an intermediate or root certificate authority. Optional. When omitted, DSM will auto-generate a certificate using its own internal certificate authority. When specified, DSM will override its auto-generated certificate and use the one described in the Secret. Mutable. To update a custom certificate, either refer to a new Secret, or update the already referenced one. If the database cluster will be accessed by IP, the TLS configuration needs to be applied after initial creation, because the IP can be retrieved only then, so it can be encoded in the certificate. |
false |
ArchivedPostgresCluster.status.postgresClusterSpec.tls.clientTrustBundle
ClientTrustBundle is a reference to a ConfigMap containing SSL certificate authority/ies (CA). If ClientTrustBundle is configured, trust for client certificate connections from these CAs can be enabled using pg hba rules.
To require the client to supply a certificate for authentication, add the authentication option clientcert=verify-ca or clientcert=verify-full
to the appropriate hostssl line(s) in pg hba which must be done via the Secret referenced by spec.hbaRef,
and optionally add the certificates of additional certificate authorities (CAs) you trust in the ConfigMap
by appending it/them to the value of key ca-bundle.crt
Optional. When omitted, only the root certificate authority (CA) of the server certificate will be trusted. When set, all the CAs from the ConfigMap will be trusted in addition to the CA of the server certificate. The root CA of the server certificate is set using the Secret which is referred by the spec.tls field.
Mutable. To update the custom client trust bundle, either refer to a new ConfigMap, or update the already referenced one.
| Name | Type | Description | Required |
|---|---|---|---|
name |
string |
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
false |
ArchivedPostgresCluster.status.postgresClusterSpec.vSphereTags[index]
VSphereTag identifies a single vSphere tag by its tag category and tag name.
| Name | Type | Description | Required |
|---|---|---|---|
category |
string |
Category is the vSphere tag category Required. Mutable. |
true |
tag |
string |
Tag is the vSphere tag. It should be part of vSphere tag category Category. Required. Mutable. |
true |
ArchivedPostgresCluster.status.upgradeStatus
UpgradeStatus represents version state transitions history for the deleted cluster
Required.
Immutable.
| Name | Type | Description | Required |
|---|---|---|---|
currentVersion |
string |
The actual current version of the data service cluster. This is going to be the same as spec.version, unless an upgrade has been requested. In the latter case, this field will be updated once the upgrade completes. |
false |
[]object |
Historical data of the upgrades performed. |
false |
ArchivedPostgresCluster.status.upgradeStatus.history[index]
| Name | Type | Description | Required |
|---|---|---|---|
complete |
string |
Timestamp of when the upgrade completed.
|
false |
fromVersion |
string |
The version from which the cluster was upgraded. |
false |
isMajorUpgrade |
boolean |
IsMajorUpgrade specifies whether the upgrade was a major or a minor version upgrade. |
false |
message |
string |
Message contains the reason for a failure or rejection. |
false |
start |
string |
Timestamp of when the upgrade started. This is the time right before the upgrade operations has started and restores are guaranteed to succeed at or before that time. The period after Start and before Complete is considered a blackout period and restores within this interval could lead to unexpected results.
|
false |
status |
enum |
Status indicates the status of the upgrade.
|
false |
toVersion |
string |
The version to which the cluster was upgraded. If the upgrade was aborted or has failed, this field will have the same value as FromVersion. |
false |
ArchivedPostgresCluster.status.conditions[index]
Condition contains details for one aspect of the current state of this API Resource.
| Name | Type | Description | Required |
|---|---|---|---|
lastTransitionTime |
string |
lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
|
true |
message |
string |
message is a human readable message indicating details about the transition. This may be an empty string. |
true |
reason |
string |
reason contains a programmatic identifier indicating the reason for the condition’s last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. |
true |
status |
enum |
status of the condition, one of True, False, Unknown.
|
true |
type |
string |
type of condition in CamelCase or in foo.example.com/CamelCase. |
true |
observedGeneration |
integer |
observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
|
false |
BackupLocation
BackupLocation contains access data for a remote storage location, supporting multiple cloud back-ends and holding all data required to access and perform 2-way authenticatation with the storage provider. All BackupLocation instances that can be used as a target for database cluster backups have the label 'dsm.vmware.com/database-backup-location=true'. In contrast, BackupLocation instances that are reserved for DSM control plane (i.e. Provider) use do not have this label set.
| Name | Type | Description | Required |
|---|---|---|---|
apiVersion |
string |
databases.dataservices.vmware.com.v1alpha1 |
true |
kind |
string |
BackupLocation |
true |
object |
Refer to the Kubernetes API documentation for the fields of the |
true |
|
object |
true |
BackupLocation.spec
| Name | Type | Description | Required |
|---|---|---|---|
object |
S3 contains S3-specific location details. At this time, S3 is the only supported storage protocol and this field has to be populated Mutable. |
true |
|
object |
Credentials is a reference to a Secret containing credentials to use when connecting to the Endpoint. At this time, S3 is the only supported storage protocol and the credentials required for it have to be populated. Mutable. |
true |
|
endpoint |
string |
Endpoint is the network endpoint to connect to for accessing the BackupLocation. Mutable. |
true |
object |
TrustBundle is a reference to a ConfigMap containing a set of certificates to be trusted when validating
the Endpoint TLS connection.
If the provided Endpoint is configured with:
- certificate signed by DSM trusted CA, TrustBundle must point to the predefined ConfigMap called Mutable. |
true |
BackupLocation.spec.S3
S3 contains S3-specific location details. At this time, S3 is the only supported storage protocol and this field has to be populated
Mutable.
| Name | Type | Description | Required |
|---|---|---|---|
bucket |
string |
Bucket is the S3 bucket. It must exist in the configured S3 service. Mutable. |
true |
forcePathStyle |
boolean |
ForcePathStyle forces the use of path-style addressing for S3 operations. The path-style addressing is deprecated for the official AWS S3, but is required for many in-house S3-like implementations to work. A value of true forces the use of path-style S3 URLs. A value of false uses virtual hosted-style S3 URLs. Path-style URLs look like the following: https://bucket-endpoint.example.com/bucket Virtual hosted-style URLs look like the following: https://bucket.bucket-endpoint.example.com Mutable. Default - false.
|
false |
region |
string |
Region is the S3 region. Mutable. |
false |
BackupLocation.spec.credentials
Credentials is a reference to a Secret containing credentials to use when connecting to the Endpoint. At this time, S3 is the only supported storage protocol and the credentials required for it have to be populated.
Mutable.
| Name | Type | Description | Required |
|---|---|---|---|
apiVersion |
string |
API version of the referent. |
false |
fieldPath |
string |
If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. |
false |
kind |
string |
Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
false |
name |
string |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
false |
namespace |
string |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
false |
resourceVersion |
string |
Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency |
false |
uid |
string |
UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids |
false |
BackupLocation.spec.trustBundle
TrustBundle is a reference to a ConfigMap containing a set of certificates to be trusted when validating
the Endpoint TLS connection.
If the provided Endpoint is configured with:
- certificate signed by DSM trusted CA, TrustBundle must point to the predefined ConfigMap called trusted-root-ca in the dsm-system namespace. By default, DSM trusts all well-known OS-trusted CAs. If the certificate is signed by a custom CA then as a prerequisite the custom CA certificate must be added to trusted-root-ca by appending it to the value of key ca-bundle.crt.
- certificate signed by authority that should not be globally trusted by DSM, TrustBundle reference must point to Configmap with key tls.crt that contains only Issuer certificate(s). If an end-entity (i.e. server) certificate is provided it must be issued by itself, i.e. self-signed.
Mutable.
| Name | Type | Description | Required |
|---|---|---|---|
apiVersion |
string |
API version of the referent. |
false |
fieldPath |
string |
If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. |
false |
kind |
string |
Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
false |
name |
string |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
false |
namespace |
string |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
false |
resourceVersion |
string |
Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency |
false |
uid |
string |
UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids |
false |
DatabaseConfig
| Name | Type | Description | Required |
|---|---|---|---|
apiVersion |
string |
databases.dataservices.vmware.com.v1alpha1 |
true |
kind |
string |
DatabaseConfig |
true |
object |
Refer to the Kubernetes API documentation for the fields of the |
true |
|
object |
DatabaseConfigSpec defines the desired state of the DatabaseConfig. |
false |
|
object |
DatabaseConfigStatus describes the observed status of the DatabaseConfig. |
false |
DatabaseConfig.spec
DatabaseConfigSpec defines the desired state of the DatabaseConfig.
| Name | Type | Description | Required |
|---|---|---|---|
params |
map[string]string |
Params is a map key value pairs which correspond to valid configurable parameters for a database. For MySQL these go into one of the For PostgreSQL:
* these values go into the |
false |
DatabaseConfig.status
DatabaseConfigStatus describes the observed status of the DatabaseConfig.
| Name | Type | Description | Required |
|---|---|---|---|
[]object |
Conditions contain the list of observed conditions of the DatabaseConfig.
|
false |
DatabaseConfig.status.conditions[index]
Condition contains details for one aspect of the current state of this API Resource.
| Name | Type | Description | Required |
|---|---|---|---|
lastTransitionTime |
string |
lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
|
true |
message |
string |
message is a human readable message indicating details about the transition. This may be an empty string. |
true |
reason |
string |
reason contains a programmatic identifier indicating the reason for the condition’s last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. |
true |
status |
enum |
status of the condition, one of True, False, Unknown.
|
true |
type |
string |
type of condition in CamelCase or in foo.example.com/CamelCase. |
true |
observedGeneration |
integer |
observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
|
false |
MySQLCluster
MySQLCluster is the schema for the mysqlclusters API. A MySQLCluster represents the desired specification and the observed status of a MySQLCluster instance. A MySQLCluster is backed by one or more nodes containing the mysql service and supporting services managed as a single object by the Data Services Manager.
Custom Annotations:
Force rolling update with active infra alert
dsm.vmware.com/modify-cluster-with-infra-alerts: generation of the resource
<generation of the resource> : The value of this annotation should match the current resource generation (.metadata.Generation) The system actively prevents edits to the Spec that induces a rolling update when there is an alert for the underlying infrastructure and this annotation can be used to bypass it. It should be used with caution as the System cannot guarantee the update will succeed under infra alert conditions. It is better to check with the Infra/DSM Admin prior to using this.
| Name | Type | Description | Required |
|---|---|---|---|
apiVersion |
string |
databases.dataservices.vmware.com.v1alpha1 |
true |
kind |
string |
MySQLCluster |
true |
object |
Refer to the Kubernetes API documentation for the fields of the |
true |
|
object |
MySQLClusterSpec defines the desired state of the MySQLCluster |
true |
|
object |
MySQLClusterStatus describes the observed status of the MySQLCluster |
false |
MySQLCluster.spec
MySQLClusterSpec defines the desired state of the MySQLCluster
| Name | Type | Description | Required |
|---|---|---|---|
object |
InfrastructurePolicy refers to the infrastructure policy resource used to create this cluster. Required - Must refer to a valid Immutable. |
true |
|
storagePolicyName |
string |
StoragePolicyName declares the name of the storage policy that should be used to create this postgres cluster. It must be part of the InfrastructurePolicy used by this cluster. Required - Must refer to a valid Immutable. |
true |
storageSpace |
string |
StorageSpace declares the disk size allocated to each node hosting the workload. You can express storage as a plain integer or as a fixed-point number using one of these suffixes - E, P, T, G, M, k. You can also use the power-of-two equivalents - Ei, Pi, Ti, Gi, Mi, Ki Range - 20Gi - 10Ti. Required. Mutable - (increase only). |
true |
version |
string |
Version declares the version of the database engine to be used. To upgrade the database engine change this field. The list of supported engine versions can be found by inspecting the DataServiceVersion resources and in the VMware Data Services Manager UI. Required. Mutable. |
true |
object |
VMClass refers to the VM class that should be used to create this cluster. It must be part of the InfrastructurePolicy used by this cluster. Required - Must refer to a valid Mutable - (Only increases in resources are allowed). |
true |
|
object |
AdminPasswordRef refers to a v1.Secret containing the password which the privileged user will use to connect
to the database. The secret must be in the same namespace as the database cluster.
FieldPath field indicates which key in the secret contains the password. Default - If the cluster is a replica with SyncUsersFromSource=true, this field has no effect until the replica is promoted. Default - password is auto generated. Mutable. It is possible to refer to a new Secret to update the admin password, but it is not required. Updates in the already referenced Secret will also lead to update of the password. |
false |
|
adminUsername |
string |
AdminUserName is the desired name of the privileged user to be used when connecting to the database. AdminUserName should not be one of the following - root, mysql.sys, mysql.session, mysql.infoschema, mysql-backup, mysql-healthcheck, mysql-metrics, telegraf-metrics, mysql-tls-admin, mysql-router, innodb-cluster-admin, mysqlappuser, mysql-pitr. Its length should not be more than 32 characters. If the cluster is a replica with SyncUsersFromSource=true, this field has no effect until the replica is promoted. Default - mysql-admin. Immutable. |
false |
object |
BackupConfig declares the cluster’s backup configuration details. If specified a Optional. Mutable. |
false |
|
object |
BackupLocation, if specified, must point to an existing BackupLocation custom resource in the same namespace as the cluster or in the DSM system namespace. It will be used by the 'BackupConfig', which must be specified whenever BackupLocation is specified. If specified, a Optional. Mutable. |
false |
|
object |
BasedOn identifies the source cluster on which this cluster will be based on. Users cannot base their clusters on clusters owned by other users unless the user has DSM_Admin role. The new cluster will inherit the ownership from its source cluster. It can be changed if necessary after the cluster is created. Field Cluster works both if the cluster is alive and if it is deleted, but we are still retaining its backups. To create a new MySQL cluster based on a live cluster pass the name of the cluster. To create a new MySQL cluster based on an archived cluster with retained backups pass the name of the ArchivedMySQLCluster The only allowed mutation of the BasedOn field is to set it to nil if it was previously set to contain ReplicationSource. See MySQLBasedOnParams.ReplicationSource for details. Optional. Mutable. |
false |
|
object |
DatabaseConfig refers to the database config object that will be applied to this cluster. Database Config is used to apply custom params/configs to the database represented by this CR. A Database Config can only be applied to a single cluster at a time and cannot be deleted if it is in use by a cluster. The DatabaseConfig must exist in same namespace as cluster. Optional. Mutable. |
false |
|
databaseName |
string |
If DatabaseName is set, database with that name will be created (if it doesn’t exist) and MySQLCluster.Status.Connection.DbName and ArchivedMySQLCluster.Status.DatabaseName will be set to that name. If the cluster is restored from another cluster (Spec.BasedOn.Cluster field is used) all databases from the source cluster are restored with preserved names and one additional database is created with name the given DatabaseName. This database is empty and MySQLCluster.Status.Connection.DbName and ArchivedMySQLCluster.Status.DatabaseName refer to it. If DatabaseName is equal to the name of database from the source cluster no additional database is created and MySQLCluster.Status.Connection.DbName and ArchivedMySQLCluster.Status.DatabaseName refer to the specified database with name the given DatabaseName. If DatabaseName is empty no additional database is created and MySQLCluster.Status.Connection.DbName and ArchivedMySQLCluster.Status.DatabaseName refer the same database the status connection info of the source cluster refers to. DatabaseName should not be one of the following - root, mysql.sys, mysql.session, mysql.infoschema, mysql-backup, mysql-healthcheck, mysql-metrics, telegraf-metrics, mysql-tls-admin, mysql-router, innodb-cluster-admin, mysqlappuser, mysql-pitr. Its length should not be more than 64 characters. Default - if the cluster is restored one, the database name in the source cluster’s MySQLCluster.Status.Connection.DbName is used, otherwise DatabaseName is the same as the cluster’s name. Immutable. |
false |
description |
string |
Description contains the human-readable description of the cluster. Optional. Mutable. |
false |
object |
DirectoryService refers to the DirectoryService resource with LDAP settings used by this cluster for authenticating clients. Optional. Mutable. |
false |
|
dnsNames |
[]string |
One or more DNS names / FQDNs for database access. These DNS names will be included in the SAN field of the TLS certificate if auto-generated by DSM. The first DNS name will also be included in the URL connection string displayed in DSM UI. If a custom TLS certificate is provided, it is important its SAN field to match the DNS names provided here, so clients can ensure a secure connection. Optional. Mutable. When updated, DSM will re-generate the TLS certificate if no custom certificate is provided. |
false |
object |
MaintenanceWindow refers to the System maintenance window. Enabled Maintenance Window will allow CVEs, bug fixes and new Lifecycle Management features for the VM, OS, any supporting software to be addressed. Database minor version upgrades can also be performed. Changes applied during this window should only result in minimum downtime when the database is deployed with replication. Optional. Mutable. |
false |
|
members |
integer |
The number of members for cluster. Could be Default - Mutable.
|
false |
object |
PlacementSelector refers to a placement declared in the InfrastructurePolicy. Usually this field should be left empty to allow the system to determine it automatically.
A placement should be found in the Optional. Immutable. |
false |
|
supportAsynchReplicas |
boolean |
SupportAsynchReplicas controls whether the cluster is provisioned with features required for it to be used by replicas as a source. Optional. Mutable.
|
false |
object |
TLS refers to the SSL/TLS configuration of the database cluster. Optional. Mutable. |
false |
|
[]object |
VSphereTags is the list of vSphere tags that the cluster’s deployed virtual machines should have assigned. The tags should exist in vSphere in order to be successfully assigned. Optional. Mutable. |
false |
MySQLCluster.spec.infrastructurePolicy
InfrastructurePolicy refers to the infrastructure policy resource used to create this cluster.
Required - Must refer to a valid InfrastructurePolicy.
Immutable.
| Name | Type | Description | Required |
|---|---|---|---|
name |
string |
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
false |
MySQLCluster.spec.vmClass
VMClass refers to the VM class that should be used to create this cluster. It must be part of the InfrastructurePolicy used by this cluster.
Required - Must refer to a valid VMClass.
Mutable - (Only increases in resources are allowed).
| Name | Type | Description | Required |
|---|---|---|---|
name |
string |
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
false |
MySQLCluster.spec.adminPasswordRef
AdminPasswordRef refers to a v1.Secret containing the password which the privileged user will use to connect
to the database. The secret must be in the same namespace as the database cluster.
FieldPath field indicates which key in the secret contains the password. Default - password.
Providing inline value with Value field is not supported.
The owner of the Secret must be the same as the owner of the DB cluster. When the owner of the DB
cluster is changed the owner of the Secret is automatically changed to the new owner.
If the cluster is a replica with SyncUsersFromSource=true, this field has no effect until the replica is promoted.
Default - password is auto generated.
Mutable. It is possible to refer to a new Secret to update the admin password, but it is not required. Updates in the already referenced Secret will also lead to update of the password.
| Name | Type | Description | Required |
|---|---|---|---|
fieldPath |
string |
data.<key> for secrets. Optional. For most references there is a canonical key |
false |
name |
string |
The name of the secret |
false |
value |
string |
Deprecated. This field is never used by the Data Services Manager. |
false |
MySQLCluster.spec.backupConfig
BackupConfig declares the cluster’s backup configuration details.
If specified a BackupLocation must also be specified.
Optional.
Mutable.
| Name | Type | Description | Required |
|---|---|---|---|
backupRetentionDays |
integer |
BackupRetentionDays describes the number of days to store backups Must be Required. Mutable.
|
true |
[]object |
Schedules user defined schedules of when the system will perform backups. Required. Mutable. |
true |
|
uploadChunkSize |
int or string |
UploadChunkSize setting that allows for the user to override the default chunk size used in multipart uploads and specify the part size themselves, taking into account the specifics of their environment and the target backup storage. There are tradeoffs associated with tuning the value of the UploadChunkSize. On one hand side each part is a separate S3 PUT operation so chunking the backup in too small parts comes at a certain cost. On the other hand side, parts are buffered in memory and the larger the part, the greater the chance of an upload failure depending on the reliability of the network. Thus, a high chunk size value comes with a higher memory footprint and a higher risk for upload failure. The memory utilization of the backup routine may increase with up to 5 times the configured upload chunk size due to the parallel upload capability of the object uploader. Note that the backup doesn’t include all files in the MySQL data directory and the backup stream is compressed, which means that size of the backup object would vary significantly based on the type of data in the database. In general one can expect that the backup object size is around 1% to 10% of the disk utilization of the MySQL database instance (i.e. the MySQL data directory). The format of the specified value should be a Kubernetes resource quantity - https://kubernetes.io/docs/reference/kubernetes-api/common-definitions/quantity/ Range - 5Mi - 5Gi Default - 10Mi Supported in Data Service Manager data plane version 2.2.2 and above. Optional. Mutable. |
false |
MySQLCluster.spec.backupConfig.schedules[index]
| Name | Type | Description | Required |
|---|---|---|---|
name |
string |
Name of the schedule. Required. Immutable. |
true |
schedule |
string |
The schedule in the form of a cron schedule. Required. Mutable. |
true |
type |
string |
Type of schedule. Can be Required. Immutable. |
true |
MySQLCluster.spec.backupLocation
BackupLocation, if specified, must point to an existing BackupLocation custom resource in the same namespace as the cluster or in the DSM system namespace. It will be used by the 'BackupConfig', which must be specified whenever BackupLocation is specified.
If specified, a backupConfig must also be specified.
Optional.
Mutable.
| Name | Type | Description | Required |
|---|---|---|---|
name |
string |
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
false |
MySQLCluster.spec.basedOn
BasedOn identifies the source cluster on which this cluster will be based on.
Users cannot base their clusters on clusters owned by other users unless the user has DSM_Admin role. The new cluster will inherit the ownership from its source cluster. It can be changed if necessary after the cluster is created.
Field Cluster works both if the cluster is alive and if it is deleted, but we are still retaining its backups. To create a new MySQL cluster based on a live cluster pass the name of the cluster. To create a new MySQL cluster based on an archived cluster with retained backups pass the name of the ArchivedMySQLCluster
The only allowed mutation of the BasedOn field is to set it to nil if it was previously set to contain ReplicationSource. See MySQLBasedOnParams.ReplicationSource for details.
Optional.
Mutable.
| Name | Type | Description | Required |
|---|---|---|---|
object |
Cluster contains the name of the source cluster and timestamp to use as the restore point. Cannot be set if ReplicationSource is set, too. One of the two has to be set. Optional. Immutable. |
false |
|
object |
ReplicationSource specifies that the cluster will be based on a source cluster from which this cluster will replicate asynchronously. Cannot be set if Cluster is set, too. One of the two has to be set. When a cluster with previously configured basedOn.ReplicationSource field is updated to remove basedOn, the cluster will be decoupled from its source cluster and promoted to an independent read/write cluster. Promotion is irrevocable and doesn’t wait for in-flight data from the source to be flushed to the replica. The completion of promotion will be indicated by the removal of the IncomingReplicationStatus status field. If SyncUsersFromSource was previously true, the admin user credentials on the promoted cluster will be re-generated or, if AdminUser/AdminPasswordRef was populated, set to its value. In both cases, cluster connection status will be changed to refer to these admin user credentials as in any non-replica cluster. Optional. Immutable. |
false |
MySQLCluster.spec.basedOn.cluster
Cluster contains the name of the source cluster and timestamp to use as the restore point. Cannot be set if ReplicationSource is set, too. One of the two has to be set.
Optional.
Immutable.
| Name | Type | Description | Required |
|---|---|---|---|
name |
string |
Name is the name of the source cluster from which to restore. Required. Immutable. |
true |
timestamp |
string |
Timestamp is the point in time to restore from. The restore will happen to the last available recovery time before the given time. If timestamp is not provided restore will be initiated to the latest available recovery time. Optional. Immutable.
|
false |
MySQLCluster.spec.basedOn.replicationSource
ReplicationSource specifies that the cluster will be based on a source cluster from which this cluster will replicate asynchronously. Cannot be set if Cluster is set, too. One of the two has to be set.
When a cluster with previously configured basedOn.ReplicationSource field is updated to remove basedOn, the cluster will be decoupled from its source cluster and promoted to an independent read/write cluster. Promotion is irrevocable and doesn’t wait for in-flight data from the source to be flushed to the replica. The completion of promotion will be indicated by the removal of the IncomingReplicationStatus status field. If SyncUsersFromSource was previously true, the admin user credentials on the promoted cluster will be re-generated or, if AdminUser/AdminPasswordRef was populated, set to its value. In both cases, cluster connection status will be changed to refer to these admin user credentials as in any non-replica cluster.
Optional.
Immutable.
| Name | Type | Description | Required |
|---|---|---|---|
object |
ClusterConnectionParams specifies connection parameters for connecting to the source cluster. This is currently the only option for specifying a source cluster. Required |
true |
|
syncUsersFromSource |
boolean |
SyncUsersFromSource specifies whether database users and their credentials are managed locally on the replica (false) or replicated from the source cluster (true). When set to true, all DB users on the replica and their credentials will be replicated from the source. Cluster connection status will refer to a replication user and its credentials. No local user management (CREATE, DROP, ALTER) should be performed on the replica database directly. If AdminUserName or AdminPasswordRef are set on the replica, they will be ignored until it is promoted or SyncUsersFromSource is switched to false. When set to false, the replica cluster users are managed the same way as in a non-replica cluster. The only permitted change of this field is from true to false, in which case existing replicated users are retained as the initial state of locally managed users, and then AdminUserName/AdminPasswordRef are applied. Required Mutable
|
true |
MySQLCluster.spec.basedOn.replicationSource.clusterConnectionParams
ClusterConnectionParams specifies connection parameters for connecting to the source cluster. This is currently the only option for specifying a source cluster.
Required
| Name | Type | Description | Required |
|---|---|---|---|
object |
Credentials specifies a Kubernetes secret that contains the credentials needed to connect to the source cluster. Required fields of the secret are username and password. The referenced MySQL user must have connection, replication and clone privilege on the source cluster. This field is mutable. Changes to the secret will be automatically applied on the instance. Required. Mutable. |
true |
|
endpoints |
[]string |
Endpoints is a list of servers that are members of a single cluster, in host:port format. Connections to the servers will be tried in the order specified, and a server will be used only if connection attempts to those preceding it in the list have failed. The list can contain a sub-set of the source cluster members, in which case replication will depend on the health of this sub-set. Required. Mutable. |
true |
object |
TrustBundle is a reference to a ConfigMap containing a set of certificates to be trusted when validating the Servers connection.
Optional. By default, it will use the DSM globally trusted certificates ConfigMap. Mutable. |
false |
MySQLCluster.spec.basedOn.replicationSource.clusterConnectionParams.credentials
Credentials specifies a Kubernetes secret that contains the credentials needed to connect to the source cluster. Required fields of the secret are username and password. The referenced MySQL user must have connection, replication and clone privilege on the source cluster. This field is mutable. Changes to the secret will be automatically applied on the instance.
Required.
Mutable.
| Name | Type | Description | Required |
|---|---|---|---|
name |
string |
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
false |
MySQLCluster.spec.basedOn.replicationSource.clusterConnectionParams.trustBundle
TrustBundle is a reference to a ConfigMap containing a set of certificates to be trusted when validating the Servers connection.
-
Well-known OS-trusted CA, or a DSM globally trusted certificate - TrustBundle can be omitted, or it should point to DSM globally trusted certificates ConfigMap.
-
Certificate signed by CA that should not be globally trusted by DSM - TrustBundle reference must point to ConfigMap with key
tls.crtthat contains only Issuer certificate(s). If an end-entity (i.e. server) certificate is provided it must be issued by itself, i.e. self-signed.
Optional. By default, it will use the DSM globally trusted certificates ConfigMap.
Mutable.
| Name | Type | Description | Required |
|---|---|---|---|
apiVersion |
string |
API version of the referent. |
false |
fieldPath |
string |
If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. |
false |
kind |
string |
Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
false |
name |
string |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
false |
namespace |
string |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
false |
resourceVersion |
string |
Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency |
false |
uid |
string |
UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids |
false |
MySQLCluster.spec.databaseConfig
DatabaseConfig refers to the database config object that will be applied to this cluster.
Database Config is used to apply custom params/configs to the database represented by this CR.
A Database Config can only be applied to a single cluster at a time and cannot be deleted if it is in use by a cluster.
The DatabaseConfig must exist in same namespace as cluster.
Optional.
Mutable.
| Name | Type | Description | Required |
|---|---|---|---|
name |
string |
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
false |
MySQLCluster.spec.directoryService
DirectoryService refers to the DirectoryService resource with LDAP settings used by this cluster for authenticating clients.
Optional.
Mutable.
| Name | Type | Description | Required |
|---|---|---|---|
apiVersion |
string |
API version of the referent. |
false |
fieldPath |
string |
If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. |
false |
kind |
string |
Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
false |
name |
string |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
false |
namespace |
string |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
false |
resourceVersion |
string |
Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency |
false |
uid |
string |
UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids |
false |
MySQLCluster.spec.maintenanceWindow
MaintenanceWindow refers to the System maintenance window. Enabled Maintenance Window will allow CVEs, bug fixes and new Lifecycle Management features for the VM, OS, any supporting software to be addressed. Database minor version upgrades can also be performed. Changes applied during this window should only result in minimum downtime when the database is deployed with replication.
Optional.
Mutable.
| Name | Type | Description | Required |
|---|---|---|---|
duration |
string |
Duration describes the duration of the maintenance window. Required. Mutable. |
true |
startDay |
enum |
StartDay describes the day of the week the maintenance window will commence. Can be any of Required. Mutable.
|
true |
startTime |
string |
StartTime describes the time of the day to start the maintenance window. Required. Mutable. |
true |
MySQLCluster.spec.placementSelector
PlacementSelector refers to a placement declared in the InfrastructurePolicy.
Usually this field should be left empty to allow the system to determine it automatically.
A placement should be found in the InfrastructurePolicy with the same datacenter,
cluster and resource pool to be considered valid.
Optional.
Immutable.
| Name | Type | Description | Required |
|---|---|---|---|
cluster |
string |
Cluster is the datacenter’s cluster name to be used when placing the data service workload. Use the full qualified name of the cluster, relative to the datacenter. A cluster "Cluster1" inside a folder "clusters", should be declared as "clusters/Cluster1". Any slash in the name is considered a path delimiter, use the literal '%2f' if need to represent a slash in the cluster name. Required. Mutable. |
true |
datacenter |
string |
Datacenter is the vSphere Datacenter to be used when placing the data service workload. The full qualified path to the datacenter must be provided if the datacenter is placed inside a folder. Any slash in the name is considered a path delimiter, use the literal '%2f' if need to represent a slash in the datacenter name. Required. Mutable. |
true |
resourcePool |
string |
ResourcePool is the Cluster’s resource pool to be used when placing the data service workload. If the resource pool is not provided, the whole cluster is used as the placement. Optional. Mutable. |
false |
MySQLCluster.spec.tls
TLS refers to the SSL/TLS configuration of the database cluster.
Optional.
Mutable.
| Name | Type | Description | Required |
|---|---|---|---|
secretName |
string |
The name of a Secret resource present in the same namespace as the database cluster, describing a custom certificate. The expected format of the Secret is the same as the output Secrets created by cert-manager’s Certificate resource. It needs to have keys: tls.crt: PEM signed certificate chain tls.key: PEM private key ca.crt: PEM CA certificate The ca.crt is optional if there is at least one issuer certificate in the certificate chain (tls.crt key). That issuer can either be a self-signed leaf certificate, or an intermediate or root certificate authority. Optional. When omitted, DSM will auto-generate a certificate using its own internal certificate authority. When specified, DSM will override its auto-generated certificate and use the one described in the Secret. Mutable. To update a custom certificate, either refer to a new Secret, or update the already referenced one. If the database cluster will be accessed by IP, the TLS configuration needs to be applied after initial creation, because the IP can be retrieved only then, so it can be encoded in the certificate. |
false |
MySQLCluster.spec.vSphereTags[index]
VSphereTag identifies a single vSphere tag by its tag category and tag name.
| Name | Type | Description | Required |
|---|---|---|---|
category |
string |
Category is the vSphere tag category Required. Mutable. |
true |
tag |
string |
Tag is the vSphere tag. It should be part of vSphere tag category Category. Required. Mutable. |
true |
MySQLCluster.status
MySQLClusterStatus describes the observed status of the MySQLCluster
| Name | Type | Description | Required |
|---|---|---|---|
alertLevel |
string |
AlertLevel indicates the level of the most severe alert raised for a database cluster. |
false |
[]object |
AvailableUpgrades lists the valid version upgrades for the database cluster. The information here may be stale: when a Data Services Release is enabled or disabled, the available upgrades for existing clusters are populated asynchronously. However, an actual upgrade attempt is always validated against the current system state and the service will accept valid upgrade paths even if they are not yet populated here. |
false |
|
backupId |
string |
BackupId is set only for clusters with enabled automatic backups. This is a unique ID that can be used to locate backup files in storage. For PostgreSQL, it is the stanzaName of the database cluster. For MySQL, it is the UID of the MySQL cluster object in the workload cluster. |
false |
[]object |
Conditions contain the list of observed conditions of the cluster. The following statuses can occur.
|
false |
|
object |
Connection describes the details which can be used to connect to the database represented by CR. |
false |
|
object |
IncomingReplicationStatus contains, only for replicas of another cluster, the replication status It will only be present if BasedOn.BasedOnReplicationSource is set. Optional. |
false |
|
lastSuccessfulBackup |
string |
LastSuccessfulBackup indicates the time when the last successful backup completed. The time may refer to an incremental or full backup depending on which completed most recently.
|
false |
lastUpdate |
string |
LastUpdate gives the timestamp of when the desired state was last applied.
|
false |
[]object |
Nodes represents the underlying infrastructure of a database cluster. |
false |
|
object |
OutgoingReplicationStatus contains the status of other clusters that are replicating from this cluster, if any. It will only be present if SupportAsynchReplicas is true. Optional. |
false |
|
tlsSecretResourceVersion |
string |
TLSSecretResourceVersion is set only for clusters with custom certificates. It represents the resource version of the Secret that was last applied for the DB cluster. |
false |
object |
UpgradeStatus represents that status of version upgrade |
false |
MySQLCluster.status.availableUpgrades[index]
| Name | Type | Description | Required |
|---|---|---|---|
impact |
enum |
Impact indicates whether Virtual Machines backing the workload cluster’s kubernetes nodes will be replaced during the upgrade. When the impact is "RollingUpgrade" the upgrade is performed by adding a new node backed by a new Virtual Machine to the workload cluster, and one of the existing nodes is disabled, drained, and subsequently deleted. The process is repeated until all nodes are replaced. When the impact is "InPlace" the upgrade is performed by replacing the PODs running in the workload cluster, but without replacing the kubernetes nodes.
|
true |
version |
string |
Version indicates the target version of the upgrade path. The version is displayed in qualified canonical format i.e. engine version, followed by the string "+vmware.", followed by the release version. |
true |
autoUpgradeTarget |
boolean |
AutoUpgradeTarget indicates whether the cluster is eligible to be automatically upgraded to the specified version. Automatic upgrades are performed within the configured maintenance period.
|
false |
majorVersionUpgrade |
boolean |
MajorVersionUpgrade indicates whether the upgrade is to newer major version. MajorVersionUpgrade and AutoUpgradeTarget cannot be both true as major version upgrades are only manual.
|
false |
MySQLCluster.status.conditions[index]
Condition contains details for one aspect of the current state of this API Resource.
| Name | Type | Description | Required |
|---|---|---|---|
lastTransitionTime |
string |
lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
|
true |
message |
string |
message is a human readable message indicating details about the transition. This may be an empty string. |
true |
reason |
string |
reason contains a programmatic identifier indicating the reason for the condition’s last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. |
true |
status |
enum |
status of the condition, one of True, False, Unknown.
|
true |
type |
string |
type of condition in CamelCase or in foo.example.com/CamelCase. |
true |
observedGeneration |
integer |
observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
|
false |
MySQLCluster.status.connection
Connection describes the details which can be used to connect to the database represented by CR.
| Name | Type | Description | Required |
|---|---|---|---|
dbname |
string |
Name of the Database |
true |
host |
string |
Host describes the IP address of the database cluster’s current primary node. |
true |
port |
integer |
Port describes the port on which the database cluster is listening. |
true |
[]object |
ClusterMemberConnectionDetails contains network connection details of individual servers within the cluster. This status will only be populated if the configuration of the server results in the exposure of individual cluster members to the external network. |
false |
|
object |
Password for the admin account Referred secret contains the CA used for verifying a secure database connection. Found under the key "ca.crt". To be used by clients when connecting to a database so they can verify trust. |
false |
|
username |
string |
Username for the admin account |
false |
MySQLCluster.status.connection.clusterMemberConnectionDetails[index]
ClusterMemberConnectionInfo contains cluster member identification and network connection details of a single member of a database cluster
| Name | Type | Description | Required |
|---|---|---|---|
clusterMemberId |
string |
ClusterMemberID contains an identification of the member server that will remain the same throughout the lifecycle of the cluster. E.g., for MySQL this will be the MySQL server ID. The cluster role of the member can change. Required. |
true |
host |
string |
Host contains the hostname or IP to connect to Required. |
true |
port |
integer |
Port contains the port to connect to Required.
|
true |
MySQLCluster.status.connection.passwordRef
Password for the admin account
Referred secret contains the CA used for verifying a secure database connection. Found under the key "ca.crt". To be used by clients when connecting to a database so they can verify trust.
| Name | Type | Description | Required |
|---|---|---|---|
fieldPath |
string |
data.<key> for secrets. Optional. For most references there is a canonical key |
false |
name |
string |
The name of the secret |
false |
value |
string |
Deprecated. This field is never used by the Data Services Manager. |
false |
MySQLCluster.status.incomingReplicationStatus
IncomingReplicationStatus contains, only for replicas of another cluster, the replication status It will only be present if BasedOn.BasedOnReplicationSource is set.
Optional.
| Name | Type | Description | Required |
|---|---|---|---|
sourceEndpoint |
string |
SourceEndpoint is the ClusterConnectionParams.EndpointElements element to which the replica is currently connected to, in the same host:port format. Required. |
true |
replicaIOState |
string |
ReplicaIOStatus is the replication IO status as reported by MySQL Optional. |
false |
MySQLCluster.status.nodes[index]
Node represents the underlying infrastructure of a workload cluster
| Name | Type | Description | Required |
|---|---|---|---|
datacenter |
string |
Datacenter is the name or inventory path of the datacenter in which the virtual machine is created/located. |
false |
datastore |
string |
Datastore is the name or inventory path of the datastore in which the virtual machine is created/located. |
false |
folder |
string |
Folder is the name or inventory path of the folder in which the virtual machine is created/located. |
false |
host |
string |
Host is the name or inventory path of the ESXi host on which the virtual machine is running. |
false |
object |
Network is the network configuration for this VM. |
false |
|
resourcePool |
string |
ResourcePool is the name or inventory path of the resource pool in which the virtual machine is created/located. |
false |
server |
string |
Server is the IP address or FQDN of the vSphere server on which the virtual machine is created/located. |
false |
storagePolicyName |
string |
StoragePolicyName of the storage policy to use with this Virtual Machine |
false |
vmMoid |
string |
VmMoid is the VM’s Managed Object Reference on vSphere. |
false |
vmName |
string |
VmName is the name of the virtual machine on vSphere. |
false |
vmRole |
string |
VMRole identifies the role VM plays in the workload cluster. like ControlPlane, Worker. |
false |
MySQLCluster.status.nodes[index].network
Network is the network configuration for this VM.
| Name | Type | Description | Required |
|---|---|---|---|
[]object |
Devices is the list of network devices used by the virtual machine. |
false |
MySQLCluster.status.nodes[index].network.devices[index]
NetworkDevice defines the network configuration for a virtual machine’s network device.
| Name | Type | Description | Required |
|---|---|---|---|
ipPool |
string |
IPPool is the name of the IP Pool that was used to claim an IP address for the VM. |
false |
networkName |
string |
NetworkName is the name of the vSphere network to which the device will be connected. |
false |
MySQLCluster.status.outgoingReplicationStatus
OutgoingReplicationStatus contains the status of other clusters that are replicating from this cluster, if any. It will only be present if SupportAsynchReplicas is true.
Optional.
| Name | Type | Description | Required |
|---|---|---|---|
[]object |
ConnectedReplicas contains information about replicas connected to this cluster, using it as a source. Required. |
true |
|
object |
CredentialsRef is a reference to the kubernetes secret that contains the credentials for connecting to this cluster as a replica. The referenced secrets exist in the same namespace as the cluster resource. Optional |
false |
MySQLCluster.status.outgoingReplicationStatus.connectedReplicas[index]
MySQLOutgoingReplicaStatus describes the status of a single replica of this cluster.
| Name | Type | Description | Required |
|---|---|---|---|
hostname |
string |
Hostname contains the hostname of the connected replica Required. |
true |
replicaUUID |
string |
ReplicaServerID contains the MySQL Server UUID of the connected replica server. Required. |
true |
MySQLCluster.status.outgoingReplicationStatus.credentialsRef
CredentialsRef is a reference to the kubernetes secret that contains the credentials for connecting to this cluster as a replica. The referenced secrets exist in the same namespace as the cluster resource.
Optional
| Name | Type | Description | Required |
|---|---|---|---|
name |
string |
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
false |
MySQLCluster.status.upgradeStatus
UpgradeStatus represents that status of version upgrade
| Name | Type | Description | Required |
|---|---|---|---|
currentVersion |
string |
The actual current version of the data service cluster. This is going to be the same as spec.version, unless an upgrade has been requested. In the latter case, this field will be updated once the upgrade completes. |
false |
[]object |
Historical data of the upgrades performed. |
false |
|
lastTransitionTime |
string |
LastTransitionTime shows the last time the cluster’s upgradeStatus.Running field value changed
|
false |
running |
boolean |
Set to true to indicate that a data service cluster upgrade if currently running. Once the upgrade completes, the field will be reset to empty. |
false |
MySQLCluster.status.upgradeStatus.history[index]
| Name | Type | Description | Required |
|---|---|---|---|
complete |
string |
Timestamp of when the upgrade completed.
|
false |
fromVersion |
string |
The version from which the cluster was upgraded. |
false |
isMajorUpgrade |
boolean |
IsMajorUpgrade specifies whether the upgrade was a major or a minor version upgrade. |
false |
message |
string |
Message contains the reason for a failure or rejection. |
false |
start |
string |
Timestamp of when the upgrade started. This is the time right before the upgrade operations has started and restores are guaranteed to succeed at or before that time. The period after Start and before Complete is considered a blackout period and restores within this interval could lead to unexpected results.
|
false |
status |
enum |
Status indicates the status of the upgrade.
|
false |
toVersion |
string |
The version to which the cluster was upgraded. If the upgrade was aborted or has failed, this field will have the same value as FromVersion. |
false |
PostgresCluster
PostgresCluster is the schema for the postgresclusters API. A PostgresCluster represents the desired specification and the observed status of a PostgresCluster instance. A PostgresCluster is backed by one or more nodes containing the postgresql service and supporting services managed as a single object by the Data Services Manager.
Custom Annotations:
Resource Locking: Protection from Updates or Deletes
dsm.vmware.com/locked-status: locked, unlocked-for-delete, unlocked-for-edit
locked : will not allow edit or delete on the resource unlocked-for-delete : allows the resource to be deleted but not edited, needs to be set together with dsm.vmware.com/unlock-reason annotation unlocked-for-edit : allows the resource to be edited but not deleted, needs to be set together with dsm.vmware.com/unlock-reason annotation. This is automatically reset to locked after the edit operation is applied.
dsm.vmware.com/unlock-reason: reason for unlock
<reason for unlock> : text to describe the reason for unlocking the resource. Used for audit purposes in DSM.
Force rolling update with active infra alert
dsm.vmware.com/modify-cluster-with-infra-alerts: generation of the resource
<generation of the resource> : The value of this annotation should match the current resource generation (.metadata.Generation). The system actively prevents edits to the Spec that induces a rolling update when there is an alert for the underlying infrastructure and this annotation can be used to bypass it. It should be used with caution as the System cannot guarantee the update will succeed under infra alert conditions. It is better to check with the Infra/DSM Admin prior to using this.
| Name | Type | Description | Required |
|---|---|---|---|
apiVersion |
string |
databases.dataservices.vmware.com.v1alpha1 |
true |
kind |
string |
PostgresCluster |
true |
object |
Refer to the Kubernetes API documentation for the fields of the |
true |
|
object |
PostgresClusterSpec defines the desired state of the PostgresCluster. Special notes about the Spec.Version field: Downgrades are not allowed. In case of major version upgrade when the cluster does not have automatic backups enabled annotation "dsm.vmware.com/upgrade-cluster-without-backups" with value the requested version has to be added to confirm that major version upgrade is requested without any backups to restore from. To opt-out of the backup that is automatically done before the upgrade starts, use the "dsm.vmware.com/skip-pre-upgrade-backup" annotation with value equal to the requested version. In case of major version upgrade when there are critical alerts for the cluster annotation "dsm.vmware.com/upgrade-cluster-with-alerts" with value the requested version has to be added to confirm that major version upgrade is requested and the critical alerts for the cluster should be ignored. |
true |
|
object |
PostgresClusterStatus describes the observed status of the PostgresCluster. |
false |
PostgresCluster.spec
PostgresClusterSpec defines the desired state of the PostgresCluster.
Special notes about the Spec.Version field:
Downgrades are not allowed.
In case of major version upgrade when the cluster does not have automatic backups enabled annotation "dsm.vmware.com/upgrade-cluster-without-backups" with value the requested version has to be added to confirm that major version upgrade is requested without any backups to restore from.
To opt-out of the backup that is automatically done before the upgrade starts, use the "dsm.vmware.com/skip-pre-upgrade-backup" annotation with value equal to the requested version.
In case of major version upgrade when there are critical alerts for the cluster annotation "dsm.vmware.com/upgrade-cluster-with-alerts" with value the requested version has to be added to confirm that major version upgrade is requested and the critical alerts for the cluster should be ignored.
| Name | Type | Description | Required |
|---|---|---|---|
object |
InfrastructurePolicy refers to the infrastructure policy resource used to create this cluster. Required - Must refer to a valid Immutable. |
true |
|
storagePolicyName |
string |
StoragePolicyName declares the name of the storage policy that should be used to create this postgres cluster. It must be part of the InfrastructurePolicy used by this cluster. Required - Must refer to a valid Immutable. |
true |
storageSpace |
string |
StorageSpace declares the disk size allocated to each node hosting the workload. You can express storage as a plain integer or as a fixed-point number using one of these suffixes - E, P, T, G, M, k. You can also use the power-of-two equivalents - Ei, Pi, Ti, Gi, Mi, Ki Range - 20Gi - 10Ti. Required. Mutable - (increase only). |
true |
version |
string |
Version declares the version of the database engine to be used. To upgrade the database engine change this field. The list of supported engine versions can be found by inspecting the DataServiceVersion resources and in the VMware Data Services Manager UI. Required. Mutable. |
true |
object |
VMClass refers to the VM class that should be used to create this cluster. It must be part of the InfrastructurePolicy used by this cluster. Required - Must refer to a valid Mutable - (Only increases in resources are allowed). |
true |
|
object |
AdminPasswordRef refers to a v1.Secret containing the password which the privileged user will use to connect
to the database. The secret must be in the same namespace as the database cluster.
FieldPath field indicates which key in the secret contains the password. Default - Secondary instances (that is, instances with Spec.BasedOn.ContinuousRecovery.Enabled set to true) do not support do not support having their own privileged user. If this field is set on a secondary instance, it will only take effect after that instance is promoted. Default - password is auto generated. Mutable. It is possible to refer to a new Secret to update the admin password, but it is not required. Updates in the already referenced Secret will also lead to update of the password. |
false |
|
adminUsername |
string |
AdminUserName is the desired name of the privileged user to be used when connecting to the database. AdminUserName should not be one of the following - pg_read_all_data, pg_write_all_data, pg_read_all_settings, pg_read_all_stats, pg_stat_scan_tables, pg_monitor, pg_database_owner, pg_signal_backend, pg_read_server_files, pg_write_server_files, pg_execute_server_program, pg_checkpoint, pg_use_reserved_connections, pg_create_subscription, postgres, template1, template0. Default - pgadmin. Immutable. |
false |
object |
BackupConfig declares the cluster’s backup configuration details. If specified a Optional. Mutable. |
false |
|
object |
BackupLocation, if specified, must point to an existing BackupLocation custom resource in the same namespace as the cluster or in the DSM system namespace. It will be used by the 'BackupConfig', which must be specified whenever BackupLocation is specified. If specified, a Optional. Mutable. |
false |
|
object |
BasedOn identifies the source (primary) cluster on which this cluster will be based on. Users cannot base their clusters on clusters owned by other users unless the user has DSM_Admin role. The new cluster will inherit the ownership from its source(primary) cluster. It can be changed if necessary after the cluster is created. Field Cluster works both if the cluster is alive and if it is deleted, but we are still retaining its backups. To create a new Postgres cluster based on a live one pass the name of the cluster. To create a new Postgres cluster based on an archived cluster with retained backups pass the name of the ArchivedPostgresCluster. Optional. Immutable. |
false |
|
blockDatabaseConnections |
boolean |
BlockDatabaseConnections restricts all external client access to the database. When set to true, the database forcibly terminates all existing client connections and prevents any new connection attempts, including those from administrative users such as pgadmin. When set to false or unset, client access to the database is permitted as normal. The Ready condition, in combination with the observedGeneration, can be used to verify that this setting has been applied. This field can be useful in disaster recovery (DR) scenarios to ensure no writes or new sessions occur on the original primary(source) during switchover or failover. Default - Optional. Mutable.
|
false |
object |
DatabaseConfig refers to the database config object that will be applied to this cluster. Database Config is used to apply custom params/configs to the database represented by this CR. A Database Config can only be applied to a single cluster at a time and cannot be deleted if it is in use by a cluster. The DatabaseConfig must exist in same namespace as cluster. Optional. Mutable. |
false |
|
databaseName |
string |
If DatabaseName is set, database with that name will be created (if it doesn’t exist) and PostgresCluster.Status.Connection.DbName and ArchivedPostgresCluster.Status.DatabaseName will be set to that name. If the cluster is restored from another cluster (Spec.BasedOn.Cluster field is used) all databases from the source cluster are restored with preserved names and one additional database is created with name the given DatabaseName. This database is empty and PostgresCluster.Status.Connection.DbName and ArchivedPostgresCluster.Status.DatabaseName refer to it. If DatabaseName is equal to the name of database from the source cluster no additional database is created and PostgresCluster.Status.Connection.DbName and ArchivedPostgresCluster.Status.DatabaseName refer to the specified database with name the given DatabaseName. If DatabaseName is empty no additional database is created and PostgresCluster.Status.Connection.DbName and ArchivedPostgresCluster.Status.DatabaseName refer the same database the status connection info of the source cluster refers to. If the cluster is secondary instance of other cluster and has DatabaseName different from the names of the databases in the primary cluster, the additional database with name DatabaseName will be created only after the cluster is promoted to a standalone instance. DatabaseName should not be one of the following - pg_read_all_data, pg_write_all_data, pg_read_all_settings, pg_read_all_stats, pg_stat_scan_tables, pg_monitor, pg_database_owner, pg_signal_backend, pg_read_server_files, pg_write_server_files, pg_execute_server_program, pg_checkpoint, pg_use_reserved_connections, pg_create_subscription, postgres, template1, template0. It is recommended the length of DatabaseName to not exceed 63 characters, otherwise it will be truncated and only the first 63 characters will be used for database name. Default - if the cluster is restored one, the database name in the source cluster’s PostgresCluster.Status.Connection.DbName is used, otherwise DatabaseName is the same as the cluster’s name. Immutable. |
false |
description |
string |
Description contains the human-readable description of the cluster. Optional. Mutable. |
false |
object |
DirectoryService refers to the DirectoryService resource with LDAP settings used by this cluster for authenticating clients. Optional. Mutable. |
false |
|
dnsNames |
[]string |
One or more DNS names / FQDNs for database access. These DNS names will be included in the SAN field of the TLS certificate if auto-generated by DSM. The first DNS name will also be included in the URL connection string displayed in DSM UI. If a custom TLS certificate is provided, it is important its SAN field to match the DNS names provided here, so clients can ensure a secure connection. Optional. Mutable. When updated, DSM will re-generate the TLS certificate if no custom certificate is provided. |
false |
object |
HbaRef refers to a Secret containing custom The Secret must be in the same namespace as the database cluster. Once created, the HBA Secret cannot be modified. If you need to change the HBA configuration, create a new Secret and update the reference here. The Secret should contain the Only the authentication methods For example, to permit all users whose usernames end with @local to authenticate using their database passwords, you can add: kind: Secret
metadata:
name: db-cluster-1-custom-pg-hba
immutable: true
stringData:
pg_hba.conf: |
host all /^(.*)@local$ all scram-sha-256
Care should be taken to ensure that the custom entries do not interfere with the system-managed entries
or lock out users from accessing the cluster. This is because the order in which the HBA entries are defined matters.
The first record with a matching connection type, client address, requested database, and user name is used to perform authentication.
The final host all pgadmin all scram-sha-256 host all postgres_exporter all scram-sha-256 #<YOUR CUSTOM ENTRIES ARE ADDED HERE> host all all all ldap ... # This entry is added only if directory service is enabled for the cluster host all all all scram-sha-256 |
false |
|
object |
MaintenanceWindow refers to the System maintenance window. Enabled Maintenance Window will allow CVEs, bug fixes and new Lifecycle Management features for the VM, OS, any supporting software to be addressed. Database minor version upgrades can also be performed. Changes applied during this window should only result in minimum downtime when the database is deployed with replication. Optional. Mutable. |
false |
|
object |
PlacementSelector refers to a placement declared in the InfrastructurePolicy. Usually this field should be left empty to allow the system to determine it automatically.
A placement should be found in the Optional. Immutable. |
false |
|
replicas |
integer |
Represents the number of nodes that are replicating from the primary node. In event of a primary outage one of the replicas will be promoted to primary. Replicas can be set to 0 or 1. Starting with Data Services Manager 2.1, 3-replica clusters are no longer supported. If you have replicas set to 1, then you will have 1 primary node and 1 replica node. Secondary instances (that is, instances with Spec.BasedOn.ContinuousRecovery.Enabled set to true) do not support having their own replicas. If this field is set to a non-zero value on a secondary instance, it will only take effect after this instance is promoted. Default - Mutable.
|
false |
[]object |
ReplicationSlots configures a list of Postgres replication slots that will be created on this instance for disaster recovery or migration purposes. A replication slot can be removed if it is no longer needed and there is no active consumer of that replication slot. Secondary instances (that is, instances with Spec.BasedOn.ContinuousRecovery.Enabled set to true) do not support having replication slots. If this field is set on a secondary instance, it will only take effect after this instance is promoted. When upgrading the primary replication instance it is recommended to also upgrade all secondary instances to the same minor version, afterwards. |
false |
|
requestedSharedMemorySize |
int or string |
RequestedSharedMemorySize is the value we would try to assign for shared memory (/dev/shm) of the OS where the Postgres instance is running. No upper limit is enforced, but the system would apply one based on current VMClass memory. You can express RequestedSharedMemorySize as a fixed-point number using one of these suffixes - E, P, T, G, M, k. You can also use the power-of-two equivalents - Ei, Pi, Ti, Gi, Mi, Ki. Range - 64Mi - no limit. Default - Optional. Mutable.
|
false |
object |
TLS refers to the SSL/TLS configuration of the database cluster. Optional. Mutable. |
false |
|
[]object |
VSphereTags is the list of vSphere tags that the cluster’s deployed virtual machines should have assigned. The tags should exist in vSphere in order to be successfully assigned. Optional. Mutable. |
false |
PostgresCluster.spec.infrastructurePolicy
InfrastructurePolicy refers to the infrastructure policy resource used to create this cluster.
Required - Must refer to a valid InfrastructurePolicy.
Immutable.
| Name | Type | Description | Required |
|---|---|---|---|
name |
string |
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
false |
PostgresCluster.spec.vmClass
VMClass refers to the VM class that should be used to create this cluster. It must be part of the InfrastructurePolicy used by this cluster.
Required - Must refer to a valid VMClass.
Mutable - (Only increases in resources are allowed).
| Name | Type | Description | Required |
|---|---|---|---|
name |
string |
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
false |
PostgresCluster.spec.adminPasswordRef
AdminPasswordRef refers to a v1.Secret containing the password which the privileged user will use to connect
to the database. The secret must be in the same namespace as the database cluster.
FieldPath field indicates which key in the secret contains the password. Default - password.
Providing inline value with Value field is not supported.
The owner of the Secret must be the same as the owner of the DB cluster. When the owner of the DB
cluster is changed the owner of the Secret is automatically changed to the new owner.
Secondary instances (that is, instances with Spec.BasedOn.ContinuousRecovery.Enabled set to true) do not support do not support having their own privileged user. If this field is set on a secondary instance, it will only take effect after that instance is promoted.
Default - password is auto generated.
Mutable. It is possible to refer to a new Secret to update the admin password, but it is not required. Updates in the already referenced Secret will also lead to update of the password.
| Name | Type | Description | Required |
|---|---|---|---|
fieldPath |
string |
data.<key> for secrets. Optional. For most references there is a canonical key |
false |
name |
string |
The name of the secret |
false |
value |
string |
Deprecated. This field is never used by the Data Services Manager. |
false |
PostgresCluster.spec.backupConfig
BackupConfig declares the cluster’s backup configuration details.
If specified a BackupLocation must also be specified.
Optional.
Mutable.
| Name | Type | Description | Required |
|---|---|---|---|
backupRetentionDays |
integer |
BackupRetentionDays describes the number of days to store backups Must be Required. Mutable.
|
true |
[]object |
Schedules user defined schedules of when the system will perform backups. Required. Mutable. |
true |
PostgresCluster.spec.backupConfig.schedules[index]
| Name | Type | Description | Required |
|---|---|---|---|
name |
string |
Name of the schedule. Required. Immutable. |
true |
schedule |
string |
The schedule in the form of a cron schedule. Required. Mutable. |
true |
type |
string |
Type of schedule. Can be Required. Immutable. |
true |
PostgresCluster.spec.backupLocation
BackupLocation, if specified, must point to an existing BackupLocation custom resource in the same namespace as the cluster or in the DSM system namespace. It will be used by the 'BackupConfig', which must be specified whenever BackupLocation is specified.
If specified, a backupConfig must also be specified.
Optional.
Mutable.
| Name | Type | Description | Required |
|---|---|---|---|
name |
string |
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
false |
PostgresCluster.spec.basedOn
BasedOn identifies the source (primary) cluster on which this cluster will be based on.
Users cannot base their clusters on clusters owned by other users unless the user has DSM_Admin role. The new cluster will inherit the ownership from its source(primary) cluster. It can be changed if necessary after the cluster is created.
Field Cluster works both if the cluster is alive and if it is deleted, but we are still retaining its backups. To create a new Postgres cluster based on a live one pass the name of the cluster. To create a new Postgres cluster based on an archived cluster with retained backups pass the name of the ArchivedPostgresCluster.
Optional.
Immutable.
| Name | Type | Description | Required |
|---|---|---|---|
object |
Cluster contains the name of the source(primary) cluster and timestamp to use as the restore point. Optional. Immutable. |
false |
|
object |
ContinuousRecovery specifies the details of an external cluster that will be used as a source(primary) for continuous recovery. Once configured, this field can’t be unset. |
false |
PostgresCluster.spec.basedOn.cluster
Cluster contains the name of the source(primary) cluster and timestamp to use as the restore point.
Optional.
Immutable.
| Name | Type | Description | Required |
|---|---|---|---|
name |
string |
Name is the name of the source cluster from which to restore. Required. Immutable. |
true |
timestamp |
string |
Timestamp is the point in time to restore from. The restore will happen to the last available recovery time before the given time. If timestamp is not provided restore will be initiated to the latest available recovery time. Optional. Immutable.
|
false |
PostgresCluster.spec.basedOn.continuousRecovery
ContinuousRecovery specifies the details of an external cluster that will be used as a source(primary) for continuous recovery. Once configured, this field can’t be unset.
| Name | Type | Description | Required |
|---|---|---|---|
object |
ReplicationSlot specifies the Postgres replication slot and remote cluster details from which this cluster will continuously recover. If the source (primary) cluster is a DSM managed Postgres cluster, the replication slot details can be retrieved from the status sub-resource of the source (primary) cluster’s PostgresCluster resource. When demoting a Postgres cluster with configured backups to act as a secondary to another cluster, the timeline of the demoted cluster must not exceed the timeline of the source cluster. |
true |
|
enabled |
boolean |
Enabled specifies if this cluster should continuously retrieve activities from the source (primary) cluster. When Enabled is set to true, this cluster’s Ready condition implies that the cluster is now ready to serve read-only operations. When set to false, the Ready condition implies that the cluster is ready to serve read-write operations. |
false |
PostgresCluster.spec.basedOn.continuousRecovery.replicationSlot
ReplicationSlot specifies the Postgres replication slot and remote cluster details from which this cluster will continuously recover. If the source (primary) cluster is a DSM managed Postgres cluster, the replication slot details can be retrieved from the status sub-resource of the source (primary) cluster’s PostgresCluster resource.
When demoting a Postgres cluster with configured backups to act as a secondary to another cluster, the timeline of the demoted cluster must not exceed the timeline of the source cluster.
| Name | Type | Description | Required |
|---|---|---|---|
object |
Credentials specifies a Kubernetes secret that contains the credentials needed to connect to the source cluster. Required fields of the secret are user, password, dbName. And the optional fields are ca.crt. The referenced Postgres user must have connect and replication privilege on the source cluster. This field is mutable. Changes to the secret will be automatically applied on the instance. |
true |
|
hostname |
string |
Hostname specifies the hostname or ip address that can be used to connect to the source cluster. |
true |
slotName |
string |
SlotName specifies the Postgres replication slot name that will be used for streaming replication. |
true |
port |
integer |
Port specifies the port number that can be used to connect to the source cluster. This field is immutable.
|
false |
object |
TrustBundle is a reference to a ConfigMap containing a set of certificates to be trusted when validating the Servers connection.
Optional. By default, it will use the DSM globally trusted certificates ConfigMap. Mutable. |
false |
PostgresCluster.spec.basedOn.continuousRecovery.replicationSlot.credentials
Credentials specifies a Kubernetes secret that contains the credentials needed to connect to the source cluster. Required fields of the secret are user, password, dbName. And the optional fields are ca.crt. The referenced Postgres user must have connect and replication privilege on the source cluster. This field is mutable. Changes to the secret will be automatically applied on the instance.
| Name | Type | Description | Required |
|---|---|---|---|
name |
string |
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
false |
PostgresCluster.spec.basedOn.continuousRecovery.replicationSlot.trustBundle
TrustBundle is a reference to a ConfigMap containing a set of certificates to be trusted when validating the Servers connection.
-
Well-known OS-trusted CA, or a DSM globally trusted certificate - TrustBundle can be omitted, or it should point to DSM globally trusted certificates ConfigMap.
-
Certificate signed by CA that should not be globally trusted by DSM - TrustBundle reference must point to ConfigMap with key
tls.crtthat contains only Issuer certificate(s). If an end-entity (i.e. server) certificate is provided it must be issued by itself, i.e. self-signed.
Optional. By default, it will use the DSM globally trusted certificates ConfigMap.
Mutable.
| Name | Type | Description | Required |
|---|---|---|---|
apiVersion |
string |
API version of the referent. |
false |
fieldPath |
string |
If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. |
false |
kind |
string |
Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
false |
name |
string |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
false |
namespace |
string |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
false |
resourceVersion |
string |
Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency |
false |
uid |
string |
UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids |
false |
PostgresCluster.spec.databaseConfig
DatabaseConfig refers to the database config object that will be applied to this cluster.
Database Config is used to apply custom params/configs to the database represented by this CR.
A Database Config can only be applied to a single cluster at a time and cannot be deleted if it is in use by a cluster.
The DatabaseConfig must exist in same namespace as cluster.
Optional.
Mutable.
| Name | Type | Description | Required |
|---|---|---|---|
name |
string |
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
false |
PostgresCluster.spec.directoryService
DirectoryService refers to the DirectoryService resource with LDAP settings used by this cluster for authenticating clients.
Optional.
Mutable.
| Name | Type | Description | Required |
|---|---|---|---|
apiVersion |
string |
API version of the referent. |
false |
fieldPath |
string |
If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. |
false |
kind |
string |
Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
false |
name |
string |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
false |
namespace |
string |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
false |
resourceVersion |
string |
Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency |
false |
uid |
string |
UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids |
false |
PostgresCluster.spec.hbaRef
HbaRef refers to a Secret containing custom pg_hba.conf entries for user authentication.
See https://www.postgresql.org/docs/current/auth-pg-hba-conf.html
The Secret must be in the same namespace as the database cluster. Once created, the HBA Secret cannot be modified. If you need to change the HBA configuration, create a new Secret and update the reference here.
The Secret should contain the pg_hba.conf entries under a specific key pg_hba.conf.
These entries will be inserted into the pg_hba.conf file with a priority lower than system users
Only the authentication methods scram-sha-256,reject, cert are allowed in the custom entries.
When cert method is used spec.TLS field is used to supply the trusted CAs.
You cannot override the authentication method for the admin user specified with the AdminUserName field, e.g. pgadmin by default.
For this and any usernames reserved by DSM, the authentication is limited to password-based methods using SCRAM-SHA-256,
and you cannot enforce client certificate authentication.
For example, to permit all users whose usernames end with @local to authenticate using their database passwords, you can add:
kind: Secret
metadata:
name: db-cluster-1-custom-pg-hba
immutable: true
stringData:
pg_hba.conf: \|
host all /^(.*)@local$ all scram-sha-256
Care should be taken to ensure that the custom entries do not interfere with the system-managed entries
or lock out users from accessing the cluster. This is because the order in which the HBA entries are defined matters.
The first record with a matching connection type, client address, requested database, and user name is used to perform authentication.
The final pg_hba.conf will functionally look like:
host all pgadmin all scram-sha-256 host all postgres_exporter all scram-sha-256 #<YOUR CUSTOM ENTRIES ARE ADDED HERE> host all all all ldap ... # This entry is added only if directory service is enabled for the cluster host all all all scram-sha-256
| Name | Type | Description | Required |
|---|---|---|---|
name |
string |
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
false |
PostgresCluster.spec.maintenanceWindow
MaintenanceWindow refers to the System maintenance window. Enabled Maintenance Window will allow CVEs, bug fixes and new Lifecycle Management features for the VM, OS, any supporting software to be addressed. Database minor version upgrades can also be performed. Changes applied during this window should only result in minimum downtime when the database is deployed with replication.
Optional.
Mutable.
| Name | Type | Description | Required |
|---|---|---|---|
duration |
string |
Duration describes the duration of the maintenance window. Required. Mutable. |
true |
startDay |
enum |
StartDay describes the day of the week the maintenance window will commence. Can be any of Required. Mutable.
|
true |
startTime |
string |
StartTime describes the time of the day to start the maintenance window. Required. Mutable. |
true |
PostgresCluster.spec.placementSelector
PlacementSelector refers to a placement declared in the InfrastructurePolicy.
Usually this field should be left empty to allow the system to determine it automatically.
A placement should be found in the InfrastructurePolicy with the same datacenter,
cluster and resource pool to be considered valid.
Optional.
Immutable.
| Name | Type | Description | Required |
|---|---|---|---|
cluster |
string |
Cluster is the datacenter’s cluster name to be used when placing the data service workload. Use the full qualified name of the cluster, relative to the datacenter. A cluster "Cluster1" inside a folder "clusters", should be declared as "clusters/Cluster1". Any slash in the name is considered a path delimiter, use the literal '%2f' if need to represent a slash in the cluster name. Required. Mutable. |
true |
datacenter |
string |
Datacenter is the vSphere Datacenter to be used when placing the data service workload. The full qualified path to the datacenter must be provided if the datacenter is placed inside a folder. Any slash in the name is considered a path delimiter, use the literal '%2f' if need to represent a slash in the datacenter name. Required. Mutable. |
true |
resourcePool |
string |
ResourcePool is the Cluster’s resource pool to be used when placing the data service workload. If the resource pool is not provided, the whole cluster is used as the placement. Optional. Mutable. |
false |
PostgresCluster.spec.replicationSlots[index]
| Name | Type | Description | Required |
|---|---|---|---|
slotName |
string |
SlotName specifies the Postgres replication slot name that will be created on the instance. |
true |
description |
string |
Description specifies a human-readable description of this replication slot. |
false |
user |
string |
User specifies the name of the replication user that is associated with the configured replication slot. The lifecycle of this user is tied to the replication slot. If no value is provided, a replication user is auto generated using the resource name as prefix. User should not be one of the following - pg_read_all_data, pg_write_all_data, pg_read_all_settings, pg_read_all_stats, pg_stat_scan_tables, pg_monitor, pg_database_owner, pg_signal_backend, pg_read_server_files, pg_write_server_files, pg_execute_server_program, pg_checkpoint, pg_use_reserved_connections, pg_create_subscription, postgres, template1, template0. |
false |
PostgresCluster.spec.tls
TLS refers to the SSL/TLS configuration of the database cluster.
Optional.
Mutable.
| Name | Type | Description | Required |
|---|---|---|---|
object |
ClientTrustBundle is a reference to a ConfigMap containing SSL certificate authority/ies (CA). If ClientTrustBundle is configured, trust for client certificate connections from these CAs can be enabled using pg hba rules. To require the client to supply a certificate for authentication, add the authentication option clientcert=verify-ca or clientcert=verify-full
to the appropriate hostssl line(s) in pg hba which must be done via the Secret referenced by spec.hbaRef,
and optionally add the certificates of additional certificate authorities (CAs) you trust in the ConfigMap
by appending it/them to the value of key Optional. When omitted, only the root certificate authority (CA) of the server certificate will be trusted. When set, all the CAs from the ConfigMap will be trusted in addition to the CA of the server certificate. The root CA of the server certificate is set using the Secret which is referred by the spec.tls field. Mutable. To update the custom client trust bundle, either refer to a new ConfigMap, or update the already referenced one. |
false |
|
secretName |
string |
The name of a Secret resource present in the same namespace as the database cluster, describing a custom certificate. The expected format of the Secret is the same as the output Secrets created by cert-manager’s Certificate resource. It needs to have keys: tls.crt: PEM signed certificate chain tls.key: PEM private key ca.crt: PEM CA certificate The ca.crt is optional if there is at least one issuer certificate in the certificate chain (tls.crt key). That issuer can either be a self-signed leaf certificate, or an intermediate or root certificate authority. Optional. When omitted, DSM will auto-generate a certificate using its own internal certificate authority. When specified, DSM will override its auto-generated certificate and use the one described in the Secret. Mutable. To update a custom certificate, either refer to a new Secret, or update the already referenced one. If the database cluster will be accessed by IP, the TLS configuration needs to be applied after initial creation, because the IP can be retrieved only then, so it can be encoded in the certificate. |
false |
PostgresCluster.spec.tls.clientTrustBundle
ClientTrustBundle is a reference to a ConfigMap containing SSL certificate authority/ies (CA). If ClientTrustBundle is configured, trust for client certificate connections from these CAs can be enabled using pg hba rules.
To require the client to supply a certificate for authentication, add the authentication option clientcert=verify-ca or clientcert=verify-full
to the appropriate hostssl line(s) in pg hba which must be done via the Secret referenced by spec.hbaRef,
and optionally add the certificates of additional certificate authorities (CAs) you trust in the ConfigMap
by appending it/them to the value of key ca-bundle.crt
Optional. When omitted, only the root certificate authority (CA) of the server certificate will be trusted. When set, all the CAs from the ConfigMap will be trusted in addition to the CA of the server certificate. The root CA of the server certificate is set using the Secret which is referred by the spec.tls field.
Mutable. To update the custom client trust bundle, either refer to a new ConfigMap, or update the already referenced one.
| Name | Type | Description | Required |
|---|---|---|---|
name |
string |
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
false |
PostgresCluster.spec.vSphereTags[index]
VSphereTag identifies a single vSphere tag by its tag category and tag name.
| Name | Type | Description | Required |
|---|---|---|---|
category |
string |
Category is the vSphere tag category Required. Mutable. |
true |
tag |
string |
Tag is the vSphere tag. It should be part of vSphere tag category Category. Required. Mutable. |
true |
PostgresCluster.status
PostgresClusterStatus describes the observed status of the PostgresCluster.
| Name | Type | Description | Required |
|---|---|---|---|
alertLevel |
string |
AlertLevel indicates the level of the most severe alert raised for a database cluster. |
false |
[]object |
AvailableUpgrades lists the valid version upgrades for the database cluster. The information here may be stale: when a Data Services Release is enabled or disabled, the available upgrades for existing clusters are populated asynchronously. However, an actual upgrade attempt is always validated against the current system state and the service will accept valid upgrade paths even if they are not yet populated here. |
false |
|
backupId |
string |
BackupId is set only for clusters with enabled automatic backups. This is a unique ID that can be used to locate backup files in storage. For PostgreSQL, it is the stanzaName of the database cluster. For MySQL, it is the UID of the MySQL cluster object in the workload cluster. |
false |
clientTrustBundleResourceVersion |
string |
ClientTrustBundleResourceVersion is set only for clusters with custom client trust bundle It represents the resource version of the clientTrustBundle ConfigMap that was last applied for the DB cluster. |
false |
[]object |
Conditions contain the list of observed conditions of the cluster. The following statuses can occur.
|
false |
|
object |
Connection describes the details which can be used to connect to the database represented by CR. |
false |
|
lastSuccessfulBackup |
string |
LastSuccessfulBackup indicates the time when the last successful backup completed. The time may refer to an incremental or full backup depending on which completed most recently.
|
false |
lastUpdate |
string |
LastUpdate gives the timestamp of when the desired state was last applied.
|
false |
[]object |
Nodes represents the underlying infrastructure of a database cluster. |
false |
|
postgresSystemID |
string |
PostgresSystemID indicates the Postgres database system identifier of this instance. This is an identifier generated by Postgres during database initialization. Instances with a shared origin, such as restored clusters or secondary instances, will have the same identifier. |
false |
[]object |
RequestedReplicationSlots describes a list slot names and a reference to the credential for that slot name. |
false |
|
timeline |
string |
Timeline indicates the timeline of this Postgres cluster. See https://www.postgresql.org/docs/current/continuous-archiving.html#BACKUP-TIMELINES |
false |
tlsSecretResourceVersion |
string |
TLSSecretResourceVersion is set only for clusters with custom certificates. It represents the resource version of the Secret that was last applied for the DB cluster. |
false |
object |
UpgradeStatus represents that status of version upgrade |
false |
PostgresCluster.status.availableUpgrades[index]
| Name | Type | Description | Required |
|---|---|---|---|
impact |
enum |
Impact indicates whether Virtual Machines backing the workload cluster’s kubernetes nodes will be replaced during the upgrade. When the impact is "RollingUpgrade" the upgrade is performed by adding a new node backed by a new Virtual Machine to the workload cluster, and one of the existing nodes is disabled, drained, and subsequently deleted. The process is repeated until all nodes are replaced. When the impact is "InPlace" the upgrade is performed by replacing the PODs running in the workload cluster, but without replacing the kubernetes nodes.
|
true |
version |
string |
Version indicates the target version of the upgrade path. The version is displayed in qualified canonical format i.e. engine version, followed by the string "+vmware.", followed by the release version. |
true |
autoUpgradeTarget |
boolean |
AutoUpgradeTarget indicates whether the cluster is eligible to be automatically upgraded to the specified version. Automatic upgrades are performed within the configured maintenance period.
|
false |
majorVersionUpgrade |
boolean |
MajorVersionUpgrade indicates whether the upgrade is to newer major version. MajorVersionUpgrade and AutoUpgradeTarget cannot be both true as major version upgrades are only manual.
|
false |
PostgresCluster.status.conditions[index]
Condition contains details for one aspect of the current state of this API Resource.
| Name | Type | Description | Required |
|---|---|---|---|
lastTransitionTime |
string |
lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
|
true |
message |
string |
message is a human readable message indicating details about the transition. This may be an empty string. |
true |
reason |
string |
reason contains a programmatic identifier indicating the reason for the condition’s last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. |
true |
status |
enum |
status of the condition, one of True, False, Unknown.
|
true |
type |
string |
type of condition in CamelCase or in foo.example.com/CamelCase. |
true |
observedGeneration |
integer |
observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
|
false |
PostgresCluster.status.connection
Connection describes the details which can be used to connect to the database represented by CR.
| Name | Type | Description | Required |
|---|---|---|---|
dbname |
string |
Name of the Database |
true |
host |
string |
Host describes the IP address of the database cluster’s current primary node. |
true |
port |
integer |
Port describes the port on which the database cluster is listening. |
true |
[]object |
ClusterMemberConnectionDetails contains network connection details of individual servers within the cluster. This status will only be populated if the configuration of the server results in the exposure of individual cluster members to the external network. |
false |
|
object |
Password for the admin account Referred secret contains the CA used for verifying a secure database connection. Found under the key "ca.crt". To be used by clients when connecting to a database so they can verify trust. |
false |
|
username |
string |
Username for the admin account |
false |
PostgresCluster.status.connection.clusterMemberConnectionDetails[index]
ClusterMemberConnectionInfo contains cluster member identification and network connection details of a single member of a database cluster
| Name | Type | Description | Required |
|---|---|---|---|
clusterMemberId |
string |
ClusterMemberID contains an identification of the member server that will remain the same throughout the lifecycle of the cluster. E.g., for MySQL this will be the MySQL server ID. The cluster role of the member can change. Required. |
true |
host |
string |
Host contains the hostname or IP to connect to Required. |
true |
port |
integer |
Port contains the port to connect to Required.
|
true |
PostgresCluster.status.connection.passwordRef
Password for the admin account
Referred secret contains the CA used for verifying a secure database connection. Found under the key "ca.crt". To be used by clients when connecting to a database so they can verify trust.
| Name | Type | Description | Required |
|---|---|---|---|
fieldPath |
string |
data.<key> for secrets. Optional. For most references there is a canonical key |
false |
name |
string |
The name of the secret |
false |
value |
string |
Deprecated. This field is never used by the Data Services Manager. |
false |
PostgresCluster.status.nodes[index]
Node represents the underlying infrastructure of a workload cluster
| Name | Type | Description | Required |
|---|---|---|---|
datacenter |
string |
Datacenter is the name or inventory path of the datacenter in which the virtual machine is created/located. |
false |
datastore |
string |
Datastore is the name or inventory path of the datastore in which the virtual machine is created/located. |
false |
folder |
string |
Folder is the name or inventory path of the folder in which the virtual machine is created/located. |
false |
host |
string |
Host is the name or inventory path of the ESXi host on which the virtual machine is running. |
false |
object |
Network is the network configuration for this VM. |
false |
|
resourcePool |
string |
ResourcePool is the name or inventory path of the resource pool in which the virtual machine is created/located. |
false |
server |
string |
Server is the IP address or FQDN of the vSphere server on which the virtual machine is created/located. |
false |
storagePolicyName |
string |
StoragePolicyName of the storage policy to use with this Virtual Machine |
false |
vmMoid |
string |
VmMoid is the VM’s Managed Object Reference on vSphere. |
false |
vmName |
string |
VmName is the name of the virtual machine on vSphere. |
false |
vmRole |
string |
VMRole identifies the role VM plays in the workload cluster. like ControlPlane, Worker. |
false |
PostgresCluster.status.nodes[index].network
Network is the network configuration for this VM.
| Name | Type | Description | Required |
|---|---|---|---|
[]object |
Devices is the list of network devices used by the virtual machine. |
false |
PostgresCluster.status.nodes[index].network.devices[index]
NetworkDevice defines the network configuration for a virtual machine’s network device.
| Name | Type | Description | Required |
|---|---|---|---|
ipPool |
string |
IPPool is the name of the IP Pool that was used to claim an IP address for the VM. |
false |
networkName |
string |
NetworkName is the name of the vSphere network to which the device will be connected. |
false |
PostgresCluster.status.requestedReplicationSlots[index]
| Name | Type | Description | Required |
|---|---|---|---|
credentialsRef |
string |
CredentialsRef describes a reference to the kubernetes secret that contains the credentials for connecting to specified replication slot. The referenced secrets exist in the same namespace as the PostgresCluster resource. |
true |
slotName |
string |
SlotName describes the Postgres replication slot name that will be used for streaming replication. |
true |
clientHostname |
string |
ClientHostname indicates the host that is using the replication slot. Missing client hostname indicates that the slot is unused. |
false |
replicationStatus |
enum |
ReplicationStatus describes the replication connection status between this instance and a Secondary instance using the replication slot. ReadyForPromotion: External database access has been blocked on this instance (blockDatabaseConnections is set to true), and there is no replication lag. The secondary instance using this replication slot is ready to be promoted to become a primary (source) instance. Replicating: An active replication connection exists through this replication slot. Disconnected: No active replication connection exists through this replication slot. Unknown: The status of the replication connection could not be determined. Either because there has never been an active replication connection through this replication slot, or the running Postgres Cluster does not support the ReplicationStatus feature.
|
false |
PostgresCluster.status.upgradeStatus
UpgradeStatus represents that status of version upgrade
| Name | Type | Description | Required |
|---|---|---|---|
currentVersion |
string |
The actual current version of the data service cluster. This is going to be the same as spec.version, unless an upgrade has been requested. In the latter case, this field will be updated once the upgrade completes. |
false |
[]object |
Historical data of the upgrades performed. |
false |
|
lastTransitionTime |
string |
LastTransitionTime shows the last time the cluster’s upgradeStatus.Running field value changed
|
false |
running |
boolean |
Set to true to indicate that a data service cluster upgrade if currently running. Once the upgrade completes, the field will be reset to empty. |
false |
PostgresCluster.status.upgradeStatus.history[index]
| Name | Type | Description | Required |
|---|---|---|---|
complete |
string |
Timestamp of when the upgrade completed.
|
false |
fromVersion |
string |
The version from which the cluster was upgraded. |
false |
isMajorUpgrade |
boolean |
IsMajorUpgrade specifies whether the upgrade was a major or a minor version upgrade. |
false |
message |
string |
Message contains the reason for a failure or rejection. |
false |
start |
string |
Timestamp of when the upgrade started. This is the time right before the upgrade operations has started and restores are guaranteed to succeed at or before that time. The period after Start and before Complete is considered a blackout period and restores within this interval could lead to unexpected results.
|
false |
status |
enum |
Status indicates the status of the upgrade.
|
false |
toVersion |
string |
The version to which the cluster was upgraded. If the upgrade was aborted or has failed, this field will have the same value as FromVersion. |
false |
SQLServerCluster
SQLServerCluster represents the desired state and observed status of a single Microsoft SQL Server instance managed by Data Services Manager. Each SQLServerCluster instance represents a single-node cluster without HA capability. This is currently a Technical Preview feature without any promises for backward compatibility across Data Services Manager releases.
| Name | Type | Description | Required |
|---|---|---|---|
apiVersion |
string |
databases.dataservices.vmware.com.v1alpha1 |
true |
kind |
string |
SQLServerCluster |
true |
object |
Refer to the Kubernetes API documentation for the fields of the |
true |
|
object |
SQLServerClusterSpec defines the desired state of the SQLServerCluster |
true |
|
object |
SQLServerClusterStatus describes the observed status of the SQLServerCluster |
false |
SQLServerCluster.spec
SQLServerClusterSpec defines the desired state of the SQLServerCluster
| Name | Type | Description | Required |
|---|---|---|---|
object |
InfrastructurePolicy refers to the infrastructure policy resource used to create this cluster. Required - Must refer to a valid Immutable. |
true |
|
storagePolicyName |
string |
StoragePolicyName declares the name of the storage policy that should be used to create this postgres cluster. It must be part of the InfrastructurePolicy used by this cluster. Required - Must refer to a valid Immutable. |
true |
storageSpace |
string |
StorageSpace declares the disk size allocated to each node hosting the workload. You can express storage as a plain integer or as a fixed-point number using one of these suffixes - E, P, T, G, M, k. You can also use the power-of-two equivalents - Ei, Pi, Ti, Gi, Mi, Ki Range - 20Gi - 10Ti. Required. Mutable - (increase only). |
true |
version |
string |
Version declares the version of the database engine to be used. To upgrade the database engine change this field. The list of supported engine versions can be found by inspecting the DataServiceVersion resources and in the VMware Data Services Manager UI. Required. Mutable. |
true |
object |
VMClass refers to the VM class that should be used to create this cluster. It must be part of the InfrastructurePolicy used by this cluster. Required - Must refer to a valid Mutable - (Only increases in resources are allowed). |
true |
|
object |
Configuration required to integrate this SQL Server cluster with a given Active Directory domain and enable Windows Authentication for machines part of this domain. Any changes to this configuration will trigger a restart of the SQL Server. Currently, the DSM user is required to perform the following steps upfront:
Some of the above steps can be automated by DSM - see the description of each field for more information. |
false |
|
object |
auditing contains configuration settings related to the SQL Server’s auditing subsystem. System administrators configure the auditing by using the standard T-SQL "CREATE AUDIT" and "CREATE AUDIT SPECIFICATION" DDL. In addition, DSM supports the automatic creation of a simple AUDIT which only captures login events; see the spec.auditing.preset field for more information. DSM-managed SQL Server instances run on Linux and as such only support "TO FILE" targets: - The FILEPATH parameter should be set to "/var/opt/mssql/audit". - The "ON_FAILURE = SHUTDOWN" option should not be used. Optional. Mutable. |
false |
|
object |
BackupConfig declares the cluster’s backup configuration details. If specified a Optional. Mutable. |
false |
|
object |
BackupLocation, if specified, must point to an existing BackupLocation custom resource in the same namespace as the cluster or in the DSM system namespace. It will be used by the 'BackupConfig', which must be specified whenever BackupLocation is specified. If specified, a Optional. Mutable. |
false |
|
object |
BasedOn identifies the source cluster on which this cluster will be based on. The source cluster must be live, i.e. must exist in Data Services Manager. Users cannot base their clusters on clusters owned by other users unless the user has DSM_Admin role. The new cluster will inherit the ownership from its source cluster. It can be changed if necessary after the cluster is created. Optional. Immutable. |
false |
|
object |
DatabaseConfig refers to the database config object that will be applied to this cluster. Database Config is used to apply custom params/configs to the database represented by this CR. A Database Config can only be applied to a single cluster at a time and cannot be deleted if it is in use by a cluster. The DatabaseConfig must exist in same namespace as cluster. Optional. Mutable. |
false |
|
description |
string |
Description contains the human-readable description of the cluster. Optional. Mutable. |
false |
object |
DirectoryService refers to the DirectoryService resource with LDAP settings used by this cluster for authenticating clients. Optional. Mutable. |
false |
|
dnsNames |
[]string |
One or more DNS names / FQDNs for database access. These DNS names will be included in the SAN field of the TLS certificate if auto-generated by DSM. The first DNS name will also be included in the URL connection string displayed in DSM UI. If a custom TLS certificate is provided, it is important its SAN field to match the DNS names provided here, so clients can ensure a secure connection. Optional. Mutable. When updated, DSM will re-generate the TLS certificate if no custom certificate is provided. |
false |
edition |
enum |
Edition specifies the SQL Server Edition to use. Possible values include: Evaluation, Developer, Express, Web, Standard, Enterprise, EnterpriseCore, or ProductKey. You must have a valid license obtained from Microsoft if you set a commercial edition. If ProductKey is specified than the actual edition is embedded in the product key which must be provided as a Secret referenced by the separate "productKey" field. Optional. Immutable.
|
false |
object |
MaintenanceWindow refers to the System maintenance window. Enabled Maintenance Window will allow CVEs, bug fixes and new Lifecycle Management features for the VM, OS, any supporting software to be addressed. Database minor version upgrades can also be performed. Changes applied during this window should only result in minimum downtime when the database is deployed with replication. Optional. Mutable. |
false |
|
object |
PlacementSelector refers to a placement declared in the InfrastructurePolicy. Usually this field should be left empty to allow the system to determine it automatically.
A placement should be found in the Optional. Immutable. |
false |
|
object |
ProductKey is a reference to a Secret with data field "productKey" whose value is in the form of #####-#####-#####-#####-#####, where '#' is a number or a letter. Should be set only if SQL Server should be activated with a Product Key. To set this field the edition field must be set to "ProductKey" Optional. Immutable. |
false |
|
object |
ServerConfig contains miscellaneous server-level settings such as supported TLS protocol versions and trace flags. Any changes to this configuration will trigger a restart of the SQL Server. Optional. Mutable. |
false |
|
object |
TLS refers to the SSL/TLS configuration of the SQL Server cluster. Optional. Mutable. |
false |
|
[]object |
VSphereTags is the list of vSphere tags that the cluster’s deployed virtual machines should have assigned. The tags should exist in vSphere in order to be successfully assigned. Optional. Mutable. |
false |
SQLServerCluster.spec.infrastructurePolicy
InfrastructurePolicy refers to the infrastructure policy resource used to create this cluster.
Required - Must refer to a valid InfrastructurePolicy.
Immutable.
| Name | Type | Description | Required |
|---|---|---|---|
name |
string |
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
false |
SQLServerCluster.spec.vmClass
VMClass refers to the VM class that should be used to create this cluster. It must be part of the InfrastructurePolicy used by this cluster.
Required - Must refer to a valid VMClass.
Mutable - (Only increases in resources are allowed).
| Name | Type | Description | Required |
|---|---|---|---|
name |
string |
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
false |
SQLServerCluster.spec.activeDirectory
Configuration required to integrate this SQL Server cluster with a given Active Directory domain and enable Windows Authentication for machines part of this domain. Any changes to this configuration will trigger a restart of the SQL Server.
Currently, the DSM user is required to perform the following steps upfront:
-
choose an FQDN for this SQL Server cluster
-
create DNS records (including PTR) in the domain’s DNS
-
create a regular domain user account in Active Directory for this SQL Server cluster (commonly referred to as privileged Active Directory account for SQL Server)
-
register Service Principal Names (SPNs) to this principal in Active Directory
-
create a keytab file that contains entries for each of the SPNs created above
Some of the above steps can be automated by DSM - see the description of each field for more information.
| Name | Type | Description | Required |
|---|---|---|---|
object |
The Active Directory domain that this SQL Server cluster is part of. The reference must point to an ActiveDirectoryDomain object. Required. |
true |
|
object |
The Active Directory domain user account that this SQL Server cluster
will use to perform group refresh (i.e. identify group membership of
users.) This is a regular Active Directory user member of the
This account name is used as the The reference must point to a Secret object with username field containing the unqualified name of the account. In addition, if no keytab is provided, Data Services Manager will attempt to generate a keytab for SQL Server which requires the Secret to also contain the account’s password in the "password" field. See keytab for details. Required. |
true |
|
object |
A reference to a secret that contains Kerberos keytab file to be used by this SQL Server cluster. The secret’s data must contain a key named 'keytab' and value created from the actual keytab file. SQL Server uses this keytab to authenticate itself to other services in the domain and to decrypt the Kerberos service ticket of inbound directory users. The keytab file contains the long-term key of the associated SPNs for this SQL Server cluster in the domain’s Key Distribution Center (KDC). The client is responsible to rotate this keytab file when needed and update its reference here. Mutable. Optional. If no reference is provided, Data Services Manager will attempt to automatically register Service Principal Names in the Active Directory domain and generate the necessary keytab, which requires:
|
false |
|
writeDNSNames |
enum |
If specified, enables writing of DNS records for this cluster’s dnsNames to the referenced ActiveDirectoryDomain’s primaryNameserver. The writes are performed using the "DNS UPDATE" protocol (RFC 2136) and are authenticated using the referenced domain’s privilegedAccountCredentials with the GSS-TSIG algorithm (RFC 3645.) Consequently, a non-empty value requires the privilegedAccountCredentials of the referenced domain to be non-empty. Writing the dnsNames is supported regardless whether the cluster is configured for automated keytab creation or a manually-created keytab is provided. The only currently valid value for the field is For each DNS name of the cluster, the Data Services Manager will create an A record pointing to the cluster’s IP address, and WILL DELETE all other A records for the same name. In addition, the Data Services Manager will create PTR records for the cluster’s IP address pointing to each configured DNS name, and WILL DELETE the records pointing to other DNS names. All created records have TTL of 600. For example, consider a SQLServerCluster with dnsNames configured to
DSM will create the following A records: my-cluster.db.example.org. 600 IN A 10.20.30.40 my-db.example.org. 600 IN A 10.20.30.40 and the following PTR records: 40.30.20.10.in-addr.arpa. 600 IN PTR my-cluster.db.example.org. 40.30.20.10.in-addr.arpa. 600 IN PTR my-db.example.org. All other A, AAAA, or PTR records for these names will be deleted. In the above example, any of the following will be DELETED: my-cluster.db.example.org. IN A 10.20.30.50 # Wrong address my-db.example.org. IN AAAA 2001::1 # Wrong address 40.30.20.10.in-addr.arpa. IN PTR other-db.example.org # Points to a wrong name
|
false |
SQLServerCluster.spec.activeDirectory.domain
The Active Directory domain that this SQL Server cluster is part of. The reference must point to an ActiveDirectoryDomain object.
Required.
| Name | Type | Description | Required |
|---|---|---|---|
name |
string |
The Name of the referent. Required. |
true |
namespace |
string |
The Namespace of the referent. Optional. If not specified, it’s implied that the referent object resides in the same namespace as the referer. |
false |
SQLServerCluster.spec.activeDirectory.sqlServerAccount
The Active Directory domain user account that this SQL Server cluster
will use to perform group refresh (i.e. identify group membership of
users.) This is a regular Active Directory user member of the
Domain Users group. The account must support Kerberos AES 128 and
256-bit encryption.
This account name is used as the network.privilegedadaccount setting
of the SQL Server.
The reference must point to a Secret object with username field containing the unqualified name of the account.
In addition, if no keytab is provided, Data Services Manager will attempt to generate a keytab for SQL Server which requires the Secret to also contain the account’s password in the "password" field. See keytab for details.
Required.
| Name | Type | Description | Required |
|---|---|---|---|
name |
string |
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
false |
SQLServerCluster.spec.activeDirectory.keytab
A reference to a secret that contains Kerberos keytab file to be used by this SQL Server cluster. The secret’s data must contain a key named 'keytab' and value created from the actual keytab file.
SQL Server uses this keytab to authenticate itself to other services in the domain and to decrypt the Kerberos service ticket of inbound directory users. The keytab file contains the long-term key of the associated SPNs for this SQL Server cluster in the domain’s Key Distribution Center (KDC). The client is responsible to rotate this keytab file when needed and update its reference here.
Mutable.
Optional. If no reference is provided, Data Services Manager will attempt to automatically register Service Principal Names in the Active Directory domain and generate the necessary keytab, which requires:
-
The ActiveDirectoryDomain must have a valid privilegedAccountCredentials, and that privileged account must be able to write SPNs under the sqlServerAccount.
-
The sqlServerAccount Secret must contain a password.
-
One or more DNS names must be provided in the dnsNames fields of the SQLServerCluster’s spec. While this is not strictly required from the Kerberos protocol perspective, in practice many tools including Microsoft SQL Server Management Studio and Azure Data Studio rely on the DNS to derive the server’s SPN, and they will not work without DNS records.
| Name | Type | Description | Required |
|---|---|---|---|
name |
string |
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
false |
SQLServerCluster.spec.auditing
auditing contains configuration settings related to the SQL Server’s auditing subsystem.
System administrators configure the auditing by using the standard T-SQL "CREATE AUDIT" and "CREATE AUDIT SPECIFICATION" DDL. In addition, DSM supports the automatic creation of a simple AUDIT which only captures login events; see the spec.auditing.preset field for more information.
DSM-managed SQL Server instances run on Linux and as such only support "TO FILE" targets: - The FILEPATH parameter should be set to "/var/opt/mssql/audit". - The "ON_FAILURE = SHUTDOWN" option should not be used.
Optional.
Mutable.
| Name | Type | Description | Required |
|---|---|---|---|
logRetention |
string |
The logRetention enables automatic cleanup of old .sqlaudit files after the specified time. The DSM automation removes old .sqlaudit files whose modification time is older than the current time minus the retention period. All .sqlaudit files are subject to clean up, including the files produced by administrator-created AUDITs. The latest log file of any active AUDIT is never cleaned up. The latest file of inactive audits is cleaned per the above rule. Optional. Mutable. If the field is not set, the .sqlaudit files are retained on the file system forever or until the SQL Server engine itself deletes them due to the MAX_ROLLOVER_FILES configuration. |
false |
preset |
enum |
If set, the preset enables the creation of a basic DSM-managed audit which only captures login events from the server and from all of its databases. The audit is named "dsm_login_audit", and its audit logs are saved under "/var/opt/mssql/audit". Administrators can read these audit logs can with the standard T-SQL function sys.fn_get_audit_file, or using the Security → Audits → View Audit Logs feature of the SQL Server Management Studio. The following values are supported: - AllLogins : the audit captures all login attempts, including the successful attempts. - FailedLogins : the audit captures only the failed login attempts. The AUDIT’s file configuration has MAXSIZE = 1GB. Administrators can create custom AUDITs instead of or in addition to the DSM-created AUDIT, using the standard T-SQL "CREATE AUDIT" and "CREATE AUDIT SPECIFICATION" DDL. Optional. Mutable. If the field is cleared after being previously configured, DSM disables the AUDIT object, but it does not delete any already captured logs. The log cleanup is controlled via the logRetention field.
|
false |
SQLServerCluster.spec.backupConfig
BackupConfig declares the cluster’s backup configuration details.
If specified a BackupLocation must also be specified.
Optional.
Mutable.
| Name | Type | Description | Required |
|---|---|---|---|
backupRetentionDays |
integer |
BackupRetentionDays describes the number of days to store backups Must be Required. Mutable.
|
true |
[]object |
Schedules user defined schedules of when the system will perform backups. Required. Mutable. |
true |
SQLServerCluster.spec.backupConfig.schedules[index]
| Name | Type | Description | Required |
|---|---|---|---|
name |
string |
Name of the schedule. Required. Immutable. |
true |
schedule |
string |
The schedule in the form of a cron schedule. Required. Mutable. |
true |
type |
string |
Type of schedule. Can be Required. Immutable. |
true |
SQLServerCluster.spec.backupLocation
BackupLocation, if specified, must point to an existing BackupLocation custom resource in the same namespace as the cluster or in the DSM system namespace. It will be used by the 'BackupConfig', which must be specified whenever BackupLocation is specified.
If specified, a backupConfig must also be specified.
Optional.
Mutable.
| Name | Type | Description | Required |
|---|---|---|---|
name |
string |
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
false |
SQLServerCluster.spec.basedOn
BasedOn identifies the source cluster on which this cluster will be based on. The source cluster must be live, i.e. must exist in Data Services Manager.
Users cannot base their clusters on clusters owned by other users unless the user has DSM_Admin role. The new cluster will inherit the ownership from its source cluster. It can be changed if necessary after the cluster is created.
Optional.
Immutable.
| Name | Type | Description | Required |
|---|---|---|---|
object |
Cluster contains the name of the source cluster and timestamp to use as the restore point. Required. Immutable. |
true |
SQLServerCluster.spec.basedOn.cluster
Cluster contains the name of the source cluster and timestamp to use as the restore point.
Required.
Immutable.
| Name | Type | Description | Required |
|---|---|---|---|
name |
string |
Name is the name of the source cluster from which to restore. Required. Immutable. |
true |
timestamp |
string |
Timestamp is the point in time to restore from. The restore will happen to the last available recovery time before the given time. If timestamp is not provided restore will be initiated to the latest available recovery time. Optional. Immutable.
|
false |
SQLServerCluster.spec.databaseConfig
DatabaseConfig refers to the database config object that will be applied to this cluster.
Database Config is used to apply custom params/configs to the database represented by this CR.
A Database Config can only be applied to a single cluster at a time and cannot be deleted if it is in use by a cluster.
The DatabaseConfig must exist in same namespace as cluster.
Optional.
Mutable.
| Name | Type | Description | Required |
|---|---|---|---|
name |
string |
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
false |
SQLServerCluster.spec.directoryService
DirectoryService refers to the DirectoryService resource with LDAP settings used by this cluster for authenticating clients.
Optional.
Mutable.
| Name | Type | Description | Required |
|---|---|---|---|
apiVersion |
string |
API version of the referent. |
false |
fieldPath |
string |
If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. |
false |
kind |
string |
Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
false |
name |
string |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
false |
namespace |
string |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
false |
resourceVersion |
string |
Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency |
false |
uid |
string |
UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids |
false |
SQLServerCluster.spec.maintenanceWindow
MaintenanceWindow refers to the System maintenance window. Enabled Maintenance Window will allow CVEs, bug fixes and new Lifecycle Management features for the VM, OS, any supporting software to be addressed. Database minor version upgrades can also be performed. Changes applied during this window should only result in minimum downtime when the database is deployed with replication.
Optional.
Mutable.
| Name | Type | Description | Required |
|---|---|---|---|
duration |
string |
Duration describes the duration of the maintenance window. Required. Mutable. |
true |
startDay |
enum |
StartDay describes the day of the week the maintenance window will commence. Can be any of Required. Mutable.
|
true |
startTime |
string |
StartTime describes the time of the day to start the maintenance window. Required. Mutable. |
true |
SQLServerCluster.spec.placementSelector
PlacementSelector refers to a placement declared in the InfrastructurePolicy.
Usually this field should be left empty to allow the system to determine it automatically.
A placement should be found in the InfrastructurePolicy with the same datacenter,
cluster and resource pool to be considered valid.
Optional.
Immutable.
| Name | Type | Description | Required |
|---|---|---|---|
cluster |
string |
Cluster is the datacenter’s cluster name to be used when placing the data service workload. Use the full qualified name of the cluster, relative to the datacenter. A cluster "Cluster1" inside a folder "clusters", should be declared as "clusters/Cluster1". Any slash in the name is considered a path delimiter, use the literal '%2f' if need to represent a slash in the cluster name. Required. Mutable. |
true |
datacenter |
string |
Datacenter is the vSphere Datacenter to be used when placing the data service workload. The full qualified path to the datacenter must be provided if the datacenter is placed inside a folder. Any slash in the name is considered a path delimiter, use the literal '%2f' if need to represent a slash in the datacenter name. Required. Mutable. |
true |
resourcePool |
string |
ResourcePool is the Cluster’s resource pool to be used when placing the data service workload. If the resource pool is not provided, the whole cluster is used as the placement. Optional. Mutable. |
false |
SQLServerCluster.spec.productKey
ProductKey is a reference to a Secret with data field "productKey" whose value is in the form of #####-#####-#####-#####-#####, where '#' is a number or a letter. Should be set only if SQL Server should be activated with a Product Key. To set this field the edition field must be set to "ProductKey"
Optional.
Immutable.
| Name | Type | Description | Required |
|---|---|---|---|
name |
string |
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
false |
SQLServerCluster.spec.serverConfig
ServerConfig contains miscellaneous server-level settings such as supported TLS protocol versions and trace flags. Any changes to this configuration will trigger a restart of the SQL Server.
Optional.
Mutable.
| Name | Type | Description | Required |
|---|---|---|---|
collation |
string |
Server collation. Default is The server collation becomes the default collation of the system
databases and all user databases. Database owners can change the
default collation of their database at any time via Warning: collation cannot be changed after the cluster is created. Optional. Immutable.
|
false |
mssqlConf |
map[string]string |
Extra settings to add to the For description of individual settings refer to the official Microsoft
documentation of the DSM users are allowed to configure only the following settings:
The desired settings should be set as map entries, for example: {
"coredump.disablecoredump" : "true",
"errorlog.numerrorlogs" : "36",
"network.tlsprotocols" : "1.2",
}
Optional. Mutable. |
false |
traceFlags |
[]integer |
Trace flags with global scope. For example, trace flag 3226 suppresses log messages for successful backups in the error log. Optional. Mutable. |
false |
SQLServerCluster.spec.tls
TLS refers to the SSL/TLS configuration of the SQL Server cluster.
Optional.
Mutable.
| Name | Type | Description | Required |
|---|---|---|---|
secretName |
string |
The name of a Secret resource present in the same namespace as the database cluster, describing a custom certificate. The expected format of the Secret is the same as the output Secrets created by cert-manager’s Certificate resource. It needs to have keys: tls.crt: PEM signed certificate chain tls.key: PEM private key ca.crt: PEM CA certificate The ca.crt is optional if there is at least one issuer certificate in the certificate chain (tls.crt key). That issuer can either be a self-signed leaf certificate, or an intermediate or root certificate authority. Optional. When omitted, DSM will auto-generate a certificate using its own internal certificate authority. When specified, DSM will override its auto-generated certificate and use the one described in the Secret. Mutable. To update a custom certificate, either refer to a new Secret, or update the already referenced one. If the database cluster will be accessed by IP, the TLS configuration needs to be applied after initial creation, because the IP can be retrieved only then, so it can be encoded in the certificate. |
false |
SQLServerCluster.spec.vSphereTags[index]
VSphereTag identifies a single vSphere tag by its tag category and tag name.
| Name | Type | Description | Required |
|---|---|---|---|
category |
string |
Category is the vSphere tag category Required. Mutable. |
true |
tag |
string |
Tag is the vSphere tag. It should be part of vSphere tag category Category. Required. Mutable. |
true |
SQLServerCluster.status
SQLServerClusterStatus describes the observed status of the SQLServerCluster
| Name | Type | Description | Required |
|---|---|---|---|
alertLevel |
string |
AlertLevel indicates the level of the most severe alert raised for a database cluster. |
false |
[]object |
AvailableUpgrades lists the valid version upgrades for the database cluster. The information here may be stale: when a Data Services Release is enabled or disabled, the available upgrades for existing clusters are populated asynchronously. However, an actual upgrade attempt is always validated against the current system state and the service will accept valid upgrade paths even if they are not yet populated here. |
false |
|
backupId |
string |
BackupId is set only for clusters with enabled automatic backups. This is a unique ID that can be used to locate backup files in storage. For PostgreSQL, it is the stanzaName of the database cluster. For MySQL, it is the UID of the MySQL cluster object in the workload cluster. |
false |
[]object |
Conditions contain the list of observed conditions of the cluster. The following statuses can occur.
|
false |
|
object |
Connection describes the details which can be used to connect to the database represented by CR. |
false |
|
lastSuccessfulBackup |
string |
LastSuccessfulBackup indicates the time when the last successful backup completed. The time may refer to an incremental or full backup depending on which completed most recently.
|
false |
lastUpdate |
string |
LastUpdate gives the timestamp of when the desired state was last applied.
|
false |
[]object |
Nodes represents the underlying infrastructure of a database cluster. |
false |
|
tlsSecretResourceVersion |
string |
TLSSecretResourceVersion is set only for clusters with custom certificates. It represents the resource version of the Secret that was last applied for the DB cluster. |
false |
object |
UpgradeStatus represents that status of version upgrade |
false |
SQLServerCluster.status.availableUpgrades[index]
| Name | Type | Description | Required |
|---|---|---|---|
impact |
enum |
Impact indicates whether Virtual Machines backing the workload cluster’s kubernetes nodes will be replaced during the upgrade. When the impact is "RollingUpgrade" the upgrade is performed by adding a new node backed by a new Virtual Machine to the workload cluster, and one of the existing nodes is disabled, drained, and subsequently deleted. The process is repeated until all nodes are replaced. When the impact is "InPlace" the upgrade is performed by replacing the PODs running in the workload cluster, but without replacing the kubernetes nodes.
|
true |
version |
string |
Version indicates the target version of the upgrade path. The version is displayed in qualified canonical format i.e. engine version, followed by the string "+vmware.", followed by the release version. |
true |
autoUpgradeTarget |
boolean |
AutoUpgradeTarget indicates whether the cluster is eligible to be automatically upgraded to the specified version. Automatic upgrades are performed within the configured maintenance period.
|
false |
majorVersionUpgrade |
boolean |
MajorVersionUpgrade indicates whether the upgrade is to newer major version. MajorVersionUpgrade and AutoUpgradeTarget cannot be both true as major version upgrades are only manual.
|
false |
SQLServerCluster.status.conditions[index]
Condition contains details for one aspect of the current state of this API Resource.
| Name | Type | Description | Required |
|---|---|---|---|
lastTransitionTime |
string |
lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
|
true |
message |
string |
message is a human readable message indicating details about the transition. This may be an empty string. |
true |
reason |
string |
reason contains a programmatic identifier indicating the reason for the condition’s last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. |
true |
status |
enum |
status of the condition, one of True, False, Unknown.
|
true |
type |
string |
type of condition in CamelCase or in foo.example.com/CamelCase. |
true |
observedGeneration |
integer |
observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
|
false |
SQLServerCluster.status.connection
Connection describes the details which can be used to connect to the database represented by CR.
| Name | Type | Description | Required |
|---|---|---|---|
dbname |
string |
Name of the Database |
true |
host |
string |
Host describes the IP address of the database cluster’s current primary node. |
true |
port |
integer |
Port describes the port on which the database cluster is listening. |
true |
[]object |
ClusterMemberConnectionDetails contains network connection details of individual servers within the cluster. This status will only be populated if the configuration of the server results in the exposure of individual cluster members to the external network. |
false |
|
object |
Password for the admin account Referred secret contains the CA used for verifying a secure database connection. Found under the key "ca.crt". To be used by clients when connecting to a database so they can verify trust. |
false |
|
username |
string |
Username for the admin account |
false |
SQLServerCluster.status.connection.clusterMemberConnectionDetails[index]
ClusterMemberConnectionInfo contains cluster member identification and network connection details of a single member of a database cluster
| Name | Type | Description | Required |
|---|---|---|---|
clusterMemberId |
string |
ClusterMemberID contains an identification of the member server that will remain the same throughout the lifecycle of the cluster. E.g., for MySQL this will be the MySQL server ID. The cluster role of the member can change. Required. |
true |
host |
string |
Host contains the hostname or IP to connect to Required. |
true |
port |
integer |
Port contains the port to connect to Required.
|
true |
SQLServerCluster.status.connection.passwordRef
Password for the admin account
Referred secret contains the CA used for verifying a secure database connection. Found under the key "ca.crt". To be used by clients when connecting to a database so they can verify trust.
| Name | Type | Description | Required |
|---|---|---|---|
fieldPath |
string |
data.<key> for secrets. Optional. For most references there is a canonical key |
false |
name |
string |
The name of the secret |
false |
value |
string |
Deprecated. This field is never used by the Data Services Manager. |
false |
SQLServerCluster.status.nodes[index]
Node represents the underlying infrastructure of a workload cluster
| Name | Type | Description | Required |
|---|---|---|---|
datacenter |
string |
Datacenter is the name or inventory path of the datacenter in which the virtual machine is created/located. |
false |
datastore |
string |
Datastore is the name or inventory path of the datastore in which the virtual machine is created/located. |
false |
folder |
string |
Folder is the name or inventory path of the folder in which the virtual machine is created/located. |
false |
host |
string |
Host is the name or inventory path of the ESXi host on which the virtual machine is running. |
false |
object |
Network is the network configuration for this VM. |
false |
|
resourcePool |
string |
ResourcePool is the name or inventory path of the resource pool in which the virtual machine is created/located. |
false |
server |
string |
Server is the IP address or FQDN of the vSphere server on which the virtual machine is created/located. |
false |
storagePolicyName |
string |
StoragePolicyName of the storage policy to use with this Virtual Machine |
false |
vmMoid |
string |
VmMoid is the VM’s Managed Object Reference on vSphere. |
false |
vmName |
string |
VmName is the name of the virtual machine on vSphere. |
false |
vmRole |
string |
VMRole identifies the role VM plays in the workload cluster. like ControlPlane, Worker. |
false |
SQLServerCluster.status.nodes[index].network
Network is the network configuration for this VM.
| Name | Type | Description | Required |
|---|---|---|---|
[]object |
Devices is the list of network devices used by the virtual machine. |
false |
SQLServerCluster.status.nodes[index].network.devices[index]
NetworkDevice defines the network configuration for a virtual machine’s network device.
| Name | Type | Description | Required |
|---|---|---|---|
ipPool |
string |
IPPool is the name of the IP Pool that was used to claim an IP address for the VM. |
false |
networkName |
string |
NetworkName is the name of the vSphere network to which the device will be connected. |
false |
SQLServerCluster.status.upgradeStatus
UpgradeStatus represents that status of version upgrade
| Name | Type | Description | Required |
|---|---|---|---|
currentVersion |
string |
The actual current version of the data service cluster. This is going to be the same as spec.version, unless an upgrade has been requested. In the latter case, this field will be updated once the upgrade completes. |
false |
[]object |
Historical data of the upgrades performed. |
false |
|
lastTransitionTime |
string |
LastTransitionTime shows the last time the cluster’s upgradeStatus.Running field value changed
|
false |
running |
boolean |
Set to true to indicate that a data service cluster upgrade if currently running. Once the upgrade completes, the field will be reset to empty. |
false |
SQLServerCluster.status.upgradeStatus.history[index]
| Name | Type | Description | Required |
|---|---|---|---|
complete |
string |
Timestamp of when the upgrade completed.
|
false |
fromVersion |
string |
The version from which the cluster was upgraded. |
false |
isMajorUpgrade |
boolean |
IsMajorUpgrade specifies whether the upgrade was a major or a minor version upgrade. |
false |
message |
string |
Message contains the reason for a failure or rejection. |
false |
start |
string |
Timestamp of when the upgrade started. This is the time right before the upgrade operations has started and restores are guaranteed to succeed at or before that time. The period after Start and before Complete is considered a blackout period and restores within this interval could lead to unexpected results.
|
false |
status |
enum |
Status indicates the status of the upgrade.
|
false |
toVersion |
string |
The version to which the cluster was upgraded. If the upgrade was aborted or has failed, this field will have the same value as FromVersion. |
false |
SQLServerDatabase
SQLServerDatabase represents the desired state and observed status of a single Microsoft SQL Server Database instance managed by Data Services Manager. Each database instance is managed separately from the actual SQL Server that hosts the database. The database instance is isolated from the SQL Server that hosts it through the use of the "Partially Contained Database" feature of SQL Server. For more information read Microsoft SQL Server official documentation for it.
The name of this resource (as specified in metadata.name field) becomes the name of the database that SQL clients must use when creating a connection to it.
This is currently a Technical Preview feature without any promises for backward compatibility across Data Services Manager releases.
| Name | Type | Description | Required |
|---|---|---|---|
apiVersion |
string |
databases.dataservices.vmware.com.v1alpha1 |
true |
kind |
string |
SQLServerDatabase |
true |
object |
Refer to the Kubernetes API documentation for the fields of the |
true |
|
object |
SQLServerDatabaseSpec defines the desired state of the SQLServerDatabase |
false |
|
object |
SQLServerDatabaseStatus describes the observed status of the SQLServerDatabase |
false |
SQLServerDatabase.spec
SQLServerDatabaseSpec defines the desired state of the SQLServerDatabase
| Name | Type | Description | Required |
|---|---|---|---|
[]object |
Owners specifies the contained database users with role 'db_owner' to create. Each user could be either a Windows/Domain principal or a SQL user with password. In both cases, the user is a database level security principal that does not have an associated login in the master database. |
true |
|
object |
Placement determines the SQL Server cluster instance where this databases should be placed on. Immutable. |
true |
|
object |
BackupConfig declares the database’s automated backups configuration details. If specified, the system will perform automatic database backups as per the configured schedule, and additionally it will continuously perform backups of the database transaction logs so that it can offer Point-in-Time Restore (PITR) capability. If specified a Warning: Do not use backup locations with the same host name but different ports on the same SQLServerCluster instance. SQL Server does not take into account the port difference when taking backups for different databases concurrently. As a result, backup intended for one backup location might end up on another one that has the same host name. Optional. Mutable. |
false |
|
object |
BackupLocation, if specified, must point to an existing BackupLocation custom resource in the same namespace as the database resource or in the DSM system namespace. It will be used by the 'BackupConfig', which must be specified whenever BackupLocation is specified. If specified, a Optional. Mutable. |
false |
|
object |
BasedOn identifies that this database must be restored from a backup of another (source) database. Optional. Immutable. |
false |
SQLServerDatabase.spec.owners[index]
DatabaseUser defines a user that can authenticate to the database.
| Name | Type | Description | Required |
|---|---|---|---|
type |
enum |
Type specifies the type of the user to create. Could be either 'WindowsPrincipal' or 'SQLUser'. Windows principal (WindowsPrincipal) can be used only if the SQL Server that hosts the database is integrated with Active Directory, and represents the principal that will be able to use Windows Authentication to connect to the database instance. Immutable.
|
true |
username |
string |
Username is the name of the database user. In case of Windows principal, it can be either a Windows/Domain user or a group in the format <domainName>\<loginName> For example: DOMAINFOO\johndoe |
true |
object |
PasswordRef refers to a v1.Secret containing the password for a user of type SQLUser.
The secret must be in the same namespace as the database resource.
FieldPath field indicates which key in the secret contains the password. Default - Must be omitted in case of WindowsPrincipal user type. |
false |
SQLServerDatabase.spec.owners[index].passwordRef
PasswordRef refers to a v1.Secret containing the password for a user of type SQLUser.
The secret must be in the same namespace as the database resource.
FieldPath field indicates which key in the secret contains the password. Default - password.
Providing inline value with Value field is not supported.
Must be omitted in case of WindowsPrincipal user type.
| Name | Type | Description | Required |
|---|---|---|---|
fieldPath |
string |
data.<key> for secrets. Optional. For most references there is a canonical key |
false |
name |
string |
The name of the secret |
false |
value |
string |
Deprecated. This field is never used by the Data Services Manager. |
false |
SQLServerDatabase.spec.placement
Placement determines the SQL Server cluster instance where this databases should be placed on.
Immutable.
| Name | Type | Description | Required |
|---|---|---|---|
object |
SQLServer is a reference to a SQLServerCluster resource that will host the database. Immutable. |
true |
SQLServerDatabase.spec.placement.sqlServer
SQLServer is a reference to a SQLServerCluster resource that will host the database.
Immutable.
| Name | Type | Description | Required |
|---|---|---|---|
name |
string |
The Name of the referent. Required. |
true |
namespace |
string |
The Namespace of the referent. Optional. If not specified, it’s implied that the referent object resides in the same namespace as the referer. |
false |
SQLServerDatabase.spec.backupConfig
BackupConfig declares the database’s automated backups configuration details. If specified, the system will perform automatic database backups as per the configured schedule, and additionally it will continuously perform backups of the database transaction logs so that it can offer Point-in-Time Restore (PITR) capability.
If specified a BackupLocation must also be specified.
If not specified, the database will not be protected with any backups and cannot be restored.
Warning: Do not use backup locations with the same host name but different ports on the same SQLServerCluster instance. SQL Server does not take into account the port difference when taking backups for different databases concurrently. As a result, backup intended for one backup location might end up on another one that has the same host name.
Optional.
Mutable.
| Name | Type | Description | Required |
|---|---|---|---|
backupRetentionDays |
integer |
BackupRetentionDays describes the number of days to store backups Must be Required. Mutable.
|
true |
[]object |
Schedules user defined schedules of when the system will perform backups. Required. Mutable. |
true |
SQLServerDatabase.spec.backupConfig.schedules[index]
| Name | Type | Description | Required |
|---|---|---|---|
name |
string |
Name of the schedule. Required. Immutable. |
true |
schedule |
string |
The schedule in the form of a cron schedule. Required. Mutable. |
true |
type |
string |
Type of schedule. Can be Required. Immutable. |
true |
SQLServerDatabase.spec.backupLocation
BackupLocation, if specified, must point to an existing BackupLocation custom resource in the same namespace as the database resource or in the DSM system namespace. It will be used by the 'BackupConfig', which must be specified whenever BackupLocation is specified.
If specified, a backupConfig must also be specified.
Optional.
Mutable.
| Name | Type | Description | Required |
|---|---|---|---|
name |
string |
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
false |
SQLServerDatabase.spec.basedOn
BasedOn identifies that this database must be restored from a backup of another (source) database.
Optional.
Immutable.
| Name | Type | Description | Required |
|---|---|---|---|
object |
Database contains the name of the source database and timestamp to use as the restore point. The source database must be live, i.e. the SQLServerDatabase resource representing it must exist in Data Services Manager and must be accessible to the user performing the restore operation. The source database may be hosted in a different SQL Server cluster instance than the target database. Required. Immutable. |
true |
SQLServerDatabase.spec.basedOn.database
Database contains the name of the source database and timestamp to use as the restore point. The source database must be live, i.e. the SQLServerDatabase resource representing it must exist in Data Services Manager and must be accessible to the user performing the restore operation. The source database may be hosted in a different SQL Server cluster instance than the target database.
Required.
Immutable.
| Name | Type | Description | Required |
|---|---|---|---|
name |
string |
Name is the name of the source database from which to restore. Required. Immutable. |
true |
timestamp |
string |
Timestamp is the point in time to restore from. The restore will happen to the last available recovery time before the given time. If timestamp is not provided restore will be initiated to the latest available recovery time. Optional. Immutable.
|
false |
SQLServerDatabase.status
SQLServerDatabaseStatus describes the observed status of the SQLServerDatabase
| Name | Type | Description | Required |
|---|---|---|---|
backupId |
string |
BackupId is set only for Databases with enabled automatic backups. This is a unique ID that can be used to locate backup files in storage. |
false |
[]object |
Conditions contain the list of observed conditions of the Database resource. The following statuses can occur.
|
false |
|
object |
Connection describes the details which can be used to connect to the database represented by CR. |
false |
|
lastSuccessfulBackup |
string |
LastSuccessfulBackup indicates the time when the last successful Database backup completed.
|
false |
[]object |
Owners list that was successfully applied to the SQLServerDatabase. |
false |
SQLServerDatabase.status.conditions[index]
Condition contains details for one aspect of the current state of this API Resource.
| Name | Type | Description | Required |
|---|---|---|---|
lastTransitionTime |
string |
lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
|
true |
message |
string |
message is a human readable message indicating details about the transition. This may be an empty string. |
true |
reason |
string |
reason contains a programmatic identifier indicating the reason for the condition’s last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. |
true |
status |
enum |
status of the condition, one of True, False, Unknown.
|
true |
type |
string |
type of condition in CamelCase or in foo.example.com/CamelCase. |
true |
observedGeneration |
integer |
observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
|
false |
SQLServerDatabase.status.connection
Connection describes the details which can be used to connect to the database represented by CR.
| Name | Type | Description | Required |
|---|---|---|---|
dbname |
string |
Name of the Database |
true |
host |
string |
Host describes the IP address of the database cluster’s current primary node. |
true |
port |
integer |
Port describes the port on which the database cluster is listening. |
true |
[]object |
ClusterMemberConnectionDetails contains network connection details of individual servers within the cluster. This status will only be populated if the configuration of the server results in the exposure of individual cluster members to the external network. |
false |
|
object |
Password for the admin account Referred secret contains the CA used for verifying a secure database connection. Found under the key "ca.crt". To be used by clients when connecting to a database so they can verify trust. |
false |
|
username |
string |
Username for the admin account |
false |
SQLServerDatabase.status.connection.clusterMemberConnectionDetails[index]
ClusterMemberConnectionInfo contains cluster member identification and network connection details of a single member of a database cluster
| Name | Type | Description | Required |
|---|---|---|---|
clusterMemberId |
string |
ClusterMemberID contains an identification of the member server that will remain the same throughout the lifecycle of the cluster. E.g., for MySQL this will be the MySQL server ID. The cluster role of the member can change. Required. |
true |
host |
string |
Host contains the hostname or IP to connect to Required. |
true |
port |
integer |
Port contains the port to connect to Required.
|
true |
SQLServerDatabase.status.connection.passwordRef
Password for the admin account
Referred secret contains the CA used for verifying a secure database connection. Found under the key "ca.crt". To be used by clients when connecting to a database so they can verify trust.
| Name | Type | Description | Required |
|---|---|---|---|
fieldPath |
string |
data.<key> for secrets. Optional. For most references there is a canonical key |
false |
name |
string |
The name of the secret |
false |
value |
string |
Deprecated. This field is never used by the Data Services Manager. |
false |
SQLServerDatabase.status.owners[index]
DatabaseUser defines a user that can authenticate to the database.
| Name | Type | Description | Required |
|---|---|---|---|
type |
enum |
Type specifies the type of the user to create. Could be either 'WindowsPrincipal' or 'SQLUser'. Windows principal (WindowsPrincipal) can be used only if the SQL Server that hosts the database is integrated with Active Directory, and represents the principal that will be able to use Windows Authentication to connect to the database instance. Immutable.
|
true |
username |
string |
Username is the name of the database user. In case of Windows principal, it can be either a Windows/Domain user or a group in the format <domainName>\<loginName> For example: DOMAINFOO\johndoe |
true |
object |
PasswordRef refers to a v1.Secret containing the password for a user of type SQLUser.
The secret must be in the same namespace as the database resource.
FieldPath field indicates which key in the secret contains the password. Default - Must be omitted in case of WindowsPrincipal user type. |
false |
SQLServerDatabase.status.owners[index].passwordRef
PasswordRef refers to a v1.Secret containing the password for a user of type SQLUser.
The secret must be in the same namespace as the database resource.
FieldPath field indicates which key in the secret contains the password. Default - password.
Providing inline value with Value field is not supported.
Must be omitted in case of WindowsPrincipal user type.
| Name | Type | Description | Required |
|---|---|---|---|
fieldPath |
string |
data.<key> for secrets. Optional. For most references there is a canonical key |
false |
name |
string |
The name of the secret |
false |
value |
string |
Deprecated. This field is never used by the Data Services Manager. |
false |
infrastructure.dataservices.vmware.com/v1alpha1
Resource Types:
ActiveDirectoryDomain
ActiveDirectoryDomain provides a way to enable Kerberos authentication for DSM managed database clusters by using Microsoft Active Directory.
The feature is currently only available for SQL Server clusters, and it’s a Technical Preview feature without any promises for backward compatibility across Data Services Manager releases.
| Name | Type | Description | Required |
|---|---|---|---|
apiVersion |
string |
infrastructure.dataservices.vmware.com.v1alpha1 |
true |
kind |
string |
ActiveDirectoryDomain |
true |
object |
Refer to the Kubernetes API documentation for the fields of the |
true |
|
object |
ActiveDirectoryDomainSpec defines the desired state of the ActiveDirectoryDomain |
false |
|
object |
ActiveDirectoryDomainStatus describes the observed status of the ActiveDirectoryDomain |
false |
ActiveDirectoryDomain.spec
ActiveDirectoryDomainSpec defines the desired state of the ActiveDirectoryDomain
| Name | Type | Description | Required |
|---|---|---|---|
name |
string |
The DNS name of the domain. Required. Immutable: cannot be changed after the object is created.
|
true |
nameservers |
[]string |
A list of DNS name server IP addresses that will be used to resolve the names and addresses of the Active Directory domain services like LDAP and KDC. Optional. If not provided, the Data Services Manager will default to the nameservers configured on the DSM appliance. |
false |
primaryNameserver |
string |
The IP address of a "primary" (or "master") nameserver of the Active Directory domain, from which record changes are replicated to all other nameservers. When dynamic DNS updates are requested for a cluster, the updates will execute against this server. Optional. If not specified, the Data Services Manager will use the first nameserver effectively configured for this ActiveDirectoryDomain. |
false |
object |
Credentials of a user account which will be used to perform automated Active Directory configuration when requested. If provided, the reference must point to a Secret object with "username" and "password" fields where the username contains the unqualified account name of the user. To support automatic creation of keytabs, the account must have the following privileges:
To support dynamic DNS updates, the account must have the following privileges over each DNS zone which will contain cluster DNS names:
Either set of privileges is only required for its respective automation function. I.e. Data Service Manager will successfully use the account to create Service Principal Names even if the account does not have DNS privileges, and vice versa. The credentials are optional. If not provided, the Data Service Manager will not support automated configuration for this domain. |
false |
|
object |
Reference to a Configmap containing a set of certificates to be trusted when validating LDAPS connections. If the domain’s LDAP servers are configured with:
Can be configured only if Optional. If not provided, the Data Services Manager uses the
|
false |
ActiveDirectoryDomain.spec.privilegedAccountCredentials
Credentials of a user account which will be used to perform automated Active Directory configuration when requested.
If provided, the reference must point to a Secret object with "username" and "password" fields where the username contains the unqualified account name of the user.
To support automatic creation of keytabs, the account must have the following privileges:
-
Write servicePrincipalName to all users
-
In addition, the account must support AES encryption for its Kerberos tickets.
To support dynamic DNS updates, the account must have the following privileges over each DNS zone which will contain cluster DNS names:
-
Create children of type dnsNode
-
If the zone already contains records created by other users that need to be overwritten by the Data Services Manager, the user must have "Change owner" in addition to the above.
Either set of privileges is only required for its respective automation function. I.e. Data Service Manager will successfully use the account to create Service Principal Names even if the account does not have DNS privileges, and vice versa.
The credentials are optional. If not provided, the Data Service Manager will not support automated configuration for this domain.
| Name | Type | Description | Required |
|---|---|---|---|
name |
string |
The Name of the referent. Required. |
true |
namespace |
string |
The Namespace of the referent. Optional. If not specified, it’s implied that the referent object resides in the same namespace as the referer. |
false |
ActiveDirectoryDomain.spec.trustBundle
Reference to a Configmap containing a set of certificates to be trusted when validating LDAPS connections.
If the domain’s LDAP servers are configured with:
-
certificate signed by DSM-trusted CA, TrustBundle must point to the predefined ConfigMap called
trusted-root-cain thedsm-systemnamespace. By default, DSM trusts all well-known OS-trusted CAs. If the certificate is signed by a custom CA then as a prerequisite the custom CA certificate must be added totrusted-root-caby appending it to the value of keyca-bundle.crt. -
certificate signed by authority that should not be globally trusted by DSM, TrustBundle reference must point to Configmap with key
tls.crtthat contains only Issuer certificate(s). If an end-entity (i.e. server) certificate is provided it must be issued by itself, i.e. self-signed.
Can be configured only if spec.privilegedAccountCredentials is set.
Optional. If not provided, the Data Services Manager uses the
trusted-root-ca bundle in the dsm-system namespace.
| Name | Type | Description | Required |
|---|---|---|---|
name |
string |
The Name of the referent. Required. |
true |
namespace |
string |
The Namespace of the referent. Optional. If not specified, it’s implied that the referent object resides in the same namespace as the referer. |
false |
ActiveDirectoryDomain.status
ActiveDirectoryDomainStatus describes the observed status of the ActiveDirectoryDomain
| Name | Type | Description | Required |
|---|---|---|---|
[]object |
Conditions contain the list of observed conditions of the ActiveDirectoryDomain. The following statuses can occur.
|
false |
ActiveDirectoryDomain.status.conditions[index]
Condition contains details for one aspect of the current state of this API Resource.
| Name | Type | Description | Required |
|---|---|---|---|
lastTransitionTime |
string |
lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
|
true |
message |
string |
message is a human readable message indicating details about the transition. This may be an empty string. |
true |
reason |
string |
reason contains a programmatic identifier indicating the reason for the condition’s last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. |
true |
status |
enum |
status of the condition, one of True, False, Unknown.
|
true |
type |
string |
type of condition in CamelCase or in foo.example.com/CamelCase. |
true |
observedGeneration |
integer |
observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
|
false |
DataServicePolicy
DataServicePolicy refers to a DataService type. Is a set of rules/constraints that can be applied to a set of Data Service instances and apply to each one individually. That is also how it differs from Quota, which is about the aggregation of resources across multiple instances. The infra related references to InfrastructurePolicy and BackupLocation have to be specified in each DataServicePolicy as that controls at the most basic level when that infrastructure can be used. Most other fields can be left empty and default to "allow all". DataServicePolicy also has a matchCriteria field which matches it to a set of namespaces, where those namespaces must have a DataServicePolicyBinding object. That Binding object contains attributes of the namespace that the matchCriteria can match against.
The name of the policy must be unique in the system. The namespace always needs to be dsm-system.
Mutation is allowed. If mutation takes away choices previously allowed, the data service instances that now violate the policy are tracked as "non compliant". The system doesn’t take any action to remediate the non compliance, and that is left to the admins and users. That’s because remediation can be impactful, like a major version upgrade. It shouldn’t be taken lightly. Non compliance with the latest requirements is a standard issue for enterprises. The policy helps by ensuring new instances comply with the new requirements, and that existing instances that are now non-compliant are tracked and reported.
| Name | Type | Description | Required |
|---|---|---|---|
apiVersion |
string |
infrastructure.dataservices.vmware.com.v1alpha1 |
true |
kind |
string |
DataServicePolicy |
true |
object |
Refer to the Kubernetes API documentation for the fields of the |
true |
|
object |
DataServicePolicySpec defines the desired state of DataServicePolicy |
false |
|
object |
DataServicePolicyStatus defines the observed state of DataServicePolicy. |
false |
DataServicePolicy.spec
DataServicePolicySpec defines the desired state of DataServicePolicy
| Name | Type | Description | Required |
|---|---|---|---|
[]object |
matchCriteria is used to match to a set of namespaces. On these namespaces the policy will be enforced. For example, an admin may say a policy should be enforced on all namespaces in all projects of a specific org. Or all namespaces with a specific suffix in the name, in a specific project in a specific org. Each namespace may have multiple matching policies and then all of them apply. This is particularly useful when multiple personas each express their policy. An infra admin may make high level policy decisions and then a tenant admin makes further policy decisions within their tenancy, and ultimately the combination of them apply. Mutable. |
true |
|
serviceType |
string |
Service Type of the Policy. Immutable. |
true |
description |
string |
Description contains the human-readable description of the policy. Optional. Mutable. |
false |
object |
MysqlPolicy being set means this Policy is about MySQL. All other DB types must have a nil spec and ServiceType must be MySQL. Mutable. |
false |
|
object |
PostgresPolicy being set means this Policy is about Postgres. All other DB types must have a nil spec and ServiceType must be Postgres. Mutable. |
false |
|
object |
SQLServerDatabasePolicy being set means this Policy is about SQL Server Databases. All other DB types must have a nil spec and ServiceType must be SQLServerDatabase. Mutable. |
false |
DataServicePolicy.spec.matchCriteria[index]
PolicyMatchCriteria captures one criteria for matching against the namespaceProperties of DataServicePolicyBinding.
| Name | Type | Description | Required |
|---|---|---|---|
key |
string |
Key relates to the key inside the namespaceProperties of DataServicePolicyBinding Mutable. |
true |
operator |
enum |
Operator Mutable.
|
true |
values |
[]string |
Values relates to the value inside the namespaceProperties of DataServicePolicyBinding Mutable. |
true |
DataServicePolicy.spec.mysqlPolicy
MysqlPolicy being set means this Policy is about MySQL. All other DB types must have a nil spec and ServiceType must be MySQL.
Mutable.
| Name | Type | Description | Required |
|---|---|---|---|
object |
CommonPolicySpec capures policy elements which are universal across all data service types |
true |
|
allowedMembers |
[]integer |
allowedMembers is a list of allowed member values. Unspecified defaults to "allow all", which can also be expressed with [-1]. Mutable.
|
|
x == 1 |
x == 3): |
false |
|
allowedVersions |
[]string |
allowedVersions is a list of allowed version prefixes. Unspecified defaults to "allow all", which can also be expressed with ["*"]. As they are prefixes, it is possible to express "all version 13, regardless of minor version" via "13.", or "all version 13.10, regardless of DSM version" via "13.10", or "specifcally DSM provided 13.10+vmware.2.0" to specify exact versions. The more specific the versions, the more often the policy will need to be updated to allow users to keep up with critical security and functional patches. Mutable. |
false |
DataServicePolicy.spec.mysqlPolicy.common
CommonPolicySpec capures policy elements which are universal across all data service types
| Name | Type | Description | Required |
|---|---|---|---|
allowedBackupLocations |
[]string |
allowedBackupLocations is a list of allowed Backup Locations. For Infra Admins this is a madatory field in all policies, while for tenant admins it may be left unspecified. Unspecified defaults to "allow all", which can also be expressed with ["*"]. An empty list essentially means backup is disallowed. Mutable. |
false |
allowedInfrastructurePolicies |
[]string |
allowedInfrastructurePolicies is a list of allowed Infrastructure Policies. For Infra Admins this is a madatory field in all policies, while for tenant admins it may be left unspecified. Unspecified defaults to "allow all", which can also be expressed with ["*"]. Mutable. |
false |
DataServicePolicy.spec.postgresPolicy
PostgresPolicy being set means this Policy is about Postgres. All other DB types must have a nil spec and ServiceType must be Postgres.
Mutable.
| Name | Type | Description | Required |
|---|---|---|---|
object |
CommonPolicySpec capures policy elements which are universal across all data service types |
true |
|
allowedReplicas |
[]integer |
allowedReplicas is a list of allowed replica values. Unspecified defaults to "allow all", which can also be expressed with [-1]. Mutable.
|
|
x == 0 |
x == 1): |
false |
|
allowedVersions |
[]string |
allowedVersions is a list of allowed version prefixes. Unspecified defaults to "allow all", which can also be expressed with ["*"]. As they are prefixes, it is possible to express "all version 13, regardless of minor version" via "13.", or "all version 13.10, regardless of DSM version" via "13.10", or "specifcally DSM provided 13.10+vmware.2.0" to specify exact versions. The more specific the versions, the more often the policy will need to be updated to allow users to keep up with critical security and functional patches. Mutable. |
false |
DataServicePolicy.spec.postgresPolicy.common
CommonPolicySpec capures policy elements which are universal across all data service types
| Name | Type | Description | Required |
|---|---|---|---|
allowedBackupLocations |
[]string |
allowedBackupLocations is a list of allowed Backup Locations. For Infra Admins this is a madatory field in all policies, while for tenant admins it may be left unspecified. Unspecified defaults to "allow all", which can also be expressed with ["*"]. An empty list essentially means backup is disallowed. Mutable. |
false |
allowedInfrastructurePolicies |
[]string |
allowedInfrastructurePolicies is a list of allowed Infrastructure Policies. For Infra Admins this is a madatory field in all policies, while for tenant admins it may be left unspecified. Unspecified defaults to "allow all", which can also be expressed with ["*"]. Mutable. |
false |
DataServicePolicy.spec.sqlServerDatabasePolicy
SQLServerDatabasePolicy being set means this Policy is about SQL Server Databases. All other DB types must have a nil spec and ServiceType must be SQLServerDatabase.
Mutable.
| Name | Type | Description | Required |
|---|---|---|---|
allowedBackupLocations |
[]string |
allowedBackupLocations is a list of allowed Backup Locations. For Infra Admins this is a madatory field in all policies, while for tenant admins it may be left unspecified. Unspecified defaults to "allow all", which can also be expressed with ["*"]. An empty list essentially means backup is disallowed. Mutable. |
false |
[]object |
AllowedPlacements is a list of allowed placements, i.e. of SQL Server Clusters onto which SQL Server databases can be placed. An explicit list has to be provided, wildcard is not allowed. Mutable. |
false |
DataServicePolicy.spec.sqlServerDatabasePolicy.allowedPlacements[index]
DatabasePlacement is used to determine the SQL Server to host the database.
| Name | Type | Description | Required |
|---|---|---|---|
object |
SQLServer is a reference to a SQLServerCluster resource that will host the database. Immutable. |
true |
DataServicePolicy.spec.sqlServerDatabasePolicy.allowedPlacements[index].sqlServer
SQLServer is a reference to a SQLServerCluster resource that will host the database.
Immutable.
| Name | Type | Description | Required |
|---|---|---|---|
name |
string |
The Name of the referent. Required. |
true |
namespace |
string |
The Namespace of the referent. Optional. If not specified, it’s implied that the referent object resides in the same namespace as the referer. |
false |
DataServicePolicy.status
DataServicePolicyStatus defines the observed state of DataServicePolicy.
| Name | Type | Description | Required |
|---|---|---|---|
[]object |
Conditions contain the list of observed conditions of the policy. So far no statuses have been defined |
false |
|
[]object |
Captures any non-compliance of data services for which this policy applies but its spec is violated. |
false |
DataServicePolicy.status.conditions[index]
Condition contains details for one aspect of the current state of this API Resource.
| Name | Type | Description | Required |
|---|---|---|---|
lastTransitionTime |
string |
lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
|
true |
message |
string |
message is a human readable message indicating details about the transition. This may be an empty string. |
true |
reason |
string |
reason contains a programmatic identifier indicating the reason for the condition’s last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. |
true |
status |
enum |
status of the condition, one of True, False, Unknown.
|
true |
type |
string |
type of condition in CamelCase or in foo.example.com/CamelCase. |
true |
observedGeneration |
integer |
observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
|
false |
DataServicePolicy.status.nonCompliance[index]
NonCompliance is the non-compliance of a single data service instance
| Name | Type | Description | Required |
|---|---|---|---|
dsName |
string |
The name of the data service that is not in compliance |
true |
dsType |
string |
The Type of the data service that is not in compliance |
true |
nsProps |
map[string]string |
NamespaceProperties mirrors the DSPolicyBinding.Spec.NamespaceProperties for the namespace in which the data service resides. Depending on scenario, this allows retriving namespace, and org/project information. |
true |
[]object |
The error that explains the non-compliance |
true |
DataServicePolicy.status.nonCompliance[index].violations[index]
NonComplianceViolation is the a single violation. One data service may have multiple.
| Name | Type | Description | Required |
|---|---|---|---|
category |
string |
Category of the violation for coarse grained sorting and filtering |
true |
err |
string |
Err is the error string with the exact violation |
true |
DataServicePolicyBinding
DataServicePolicyBinding has two jobs. First, it supplies information such as Organization, Project and Namespace about the namespace for which it was created, which allows DSM to lookup all matching DataServicePolicies. Second, DataServicePolicyBinding computes the effective policy a logical AND of all applicable policies.
If a DataServicePolicyBinding’s spec.namespaceProperties match all the criteria of a DataServicePolicy, as defined in its spec.matchCriteria, the DataServicePolicy will be enforced in the namespace of the DataServicePolicyBinding.
There can only be one DataServicePolicyBinding per namespace, and its name is well-known as "binding".
Mutation is allowed. If such a change would lead to existing PostgresCluster or MySQL instances being in violation of the matching policies, it would be rejected though. The same notes about the Consumption Operator as documented on the Data Service types themselves apply.
In the overall flow, we expect that first an infra admin creates Policies. Then a tenant admin may also make their own Policies. The tenant also creates projects and namespaces. Finally, when a namespace gets created, the Consumption Operator sees the new namespace, reads the organization/project/namespace information, and creates a DataServicePolicyBinding in DSM using the metadata.namespace field that follows the Consumption Operator convention of <k8s-cluster-prefix>-<co-nsname>, and populates the namespaceProperties field. DSM computes the effective policy on that namespace by looking up all matching Policies. Then the namespace is ready, and Data Service instances can be created.
In the case that DSM works without VMware Cloud Foundation Automation and the Consumption Operator, we expect the DSM admin to create the DataServicePolicyBinding in each namespace where DataServicePolicies should be enforced. The DSM admin can define any meaningful key-value pairs in a DataServicePolicyBinding as its namespaceProperties and the same keys and values in a DataServicePolicy as its matchCriteria. If a DataServicePolicyBinding includes all keys defined in a DataServicePolicy and their values can be matched by the matchCriteria operator, the DataServicePolicy will be enforced in the namespace of the DataServicePolicyBinding. For example, the DSM admin can use the namespace labels as the key-value pairs mentioned above so that they can assign DataServicePolicy to namespaces by namespace labels.
If a namespace is created from the DSM portal, the DataServicePolicyBinding will be automatically created in the namespace.
| Name | Type | Description | Required |
|---|---|---|---|
apiVersion |
string |
infrastructure.dataservices.vmware.com.v1alpha1 |
true |
kind |
string |
DataServicePolicyBinding |
true |
object |
Refer to the Kubernetes API documentation for the fields of the |
true |
|
object |
DataServicePolicyBindingSpec defines the desired state of DataServicePolicyBinding |
false |
|
object |
DataServicePolicyBindingStatus defines the observed state of DataServicePolicyBinding. |
false |
DataServicePolicyBinding.spec
DataServicePolicyBindingSpec defines the desired state of DataServicePolicyBinding
| Name | Type | Description | Required |
|---|---|---|---|
namespaceProperties |
map[string]string |
NamespaceProperties is a list of key value pairs, e.g. to hold tenancy information like org/project/namespace, but its key flexible intentionally. |
true |
DataServicePolicyBinding.status
DataServicePolicyBindingStatus defines the observed state of DataServicePolicyBinding.
| Name | Type | Description | Required |
|---|---|---|---|
object |
AggregatePostresPolicy is the effective policy for PostgresCluster based on a logical AND of all matching policies. |
true |
|
object |
AggregatePostresPolicy is the effective policy for PostgresCluster based on a logical AND of all matching policies. |
true |
|
object |
AggregateSQLServerDatabasePolicy is the effective policy for SQLServerDatabase based on a logical AND of all matching policies. |
true |
|
[]object |
Policies are the matching policies that apply with a logical AND. |
true |
|
[]object |
Conditions contain the list of observed conditions of the policybinding. XXX: List types |
false |
|
[]object |
List of all infrastructure policies that are referenced in the aggregate policies, so the possible values are known to the consumer. |
false |
|
[]object |
Captures any non-compliance of data services in this namespace with the AggregatePolicy |
false |
|
[]object |
List of all sqlservers that are referenced in the aggregate policies, so the possible values are known to the consumer. |
false |
DataServicePolicyBinding.status.aggregateMysqlPolicy
AggregatePostresPolicy is the effective policy for PostgresCluster based on a logical AND of all matching policies.
| Name | Type | Description | Required |
|---|---|---|---|
object |
CommonPolicySpec capures policy elements which are universal across all data service types |
true |
|
allowedMembers |
[]integer |
allowedMembers is a list of allowed member values. Unspecified defaults to "allow all", which can also be expressed with [-1]. Mutable.
|
|
x == 1 |
x == 3): |
false |
|
allowedVersions |
[]string |
allowedVersions is a list of allowed version prefixes. Unspecified defaults to "allow all", which can also be expressed with ["*"]. As they are prefixes, it is possible to express "all version 13, regardless of minor version" via "13.", or "all version 13.10, regardless of DSM version" via "13.10", or "specifcally DSM provided 13.10+vmware.2.0" to specify exact versions. The more specific the versions, the more often the policy will need to be updated to allow users to keep up with critical security and functional patches. Mutable. |
false |
DataServicePolicyBinding.status.aggregateMysqlPolicy.common
CommonPolicySpec capures policy elements which are universal across all data service types
| Name | Type | Description | Required |
|---|---|---|---|
allowedBackupLocations |
[]string |
allowedBackupLocations is a list of allowed Backup Locations. For Infra Admins this is a madatory field in all policies, while for tenant admins it may be left unspecified. Unspecified defaults to "allow all", which can also be expressed with ["*"]. An empty list essentially means backup is disallowed. Mutable. |
false |
allowedInfrastructurePolicies |
[]string |
allowedInfrastructurePolicies is a list of allowed Infrastructure Policies. For Infra Admins this is a madatory field in all policies, while for tenant admins it may be left unspecified. Unspecified defaults to "allow all", which can also be expressed with ["*"]. Mutable. |
false |
DataServicePolicyBinding.status.aggregatePostgresPolicy
AggregatePostresPolicy is the effective policy for PostgresCluster based on a logical AND of all matching policies.
| Name | Type | Description | Required |
|---|---|---|---|
object |
CommonPolicySpec capures policy elements which are universal across all data service types |
true |
|
allowedReplicas |
[]integer |
allowedReplicas is a list of allowed replica values. Unspecified defaults to "allow all", which can also be expressed with [-1]. Mutable.
|
|
x == 0 |
x == 1): |
false |
|
allowedVersions |
[]string |
allowedVersions is a list of allowed version prefixes. Unspecified defaults to "allow all", which can also be expressed with ["*"]. As they are prefixes, it is possible to express "all version 13, regardless of minor version" via "13.", or "all version 13.10, regardless of DSM version" via "13.10", or "specifcally DSM provided 13.10+vmware.2.0" to specify exact versions. The more specific the versions, the more often the policy will need to be updated to allow users to keep up with critical security and functional patches. Mutable. |
false |
DataServicePolicyBinding.status.aggregatePostgresPolicy.common
CommonPolicySpec capures policy elements which are universal across all data service types
| Name | Type | Description | Required |
|---|---|---|---|
allowedBackupLocations |
[]string |
allowedBackupLocations is a list of allowed Backup Locations. For Infra Admins this is a madatory field in all policies, while for tenant admins it may be left unspecified. Unspecified defaults to "allow all", which can also be expressed with ["*"]. An empty list essentially means backup is disallowed. Mutable. |
false |
allowedInfrastructurePolicies |
[]string |
allowedInfrastructurePolicies is a list of allowed Infrastructure Policies. For Infra Admins this is a madatory field in all policies, while for tenant admins it may be left unspecified. Unspecified defaults to "allow all", which can also be expressed with ["*"]. Mutable. |
false |
DataServicePolicyBinding.status.aggregateSQLServerDatabasePolicy
AggregateSQLServerDatabasePolicy is the effective policy for SQLServerDatabase based on a logical AND of all matching policies.
| Name | Type | Description | Required |
|---|---|---|---|
allowedBackupLocations |
[]string |
allowedBackupLocations is a list of allowed Backup Locations. For Infra Admins this is a madatory field in all policies, while for tenant admins it may be left unspecified. Unspecified defaults to "allow all", which can also be expressed with ["*"]. An empty list essentially means backup is disallowed. Mutable. |
false |
[]object |
AllowedPlacements is a list of allowed placements, i.e. of SQL Server Clusters onto which SQL Server databases can be placed. An explicit list has to be provided, wildcard is not allowed. Mutable. |
false |
DataServicePolicyBinding.status.aggregateSQLServerDatabasePolicy.allowedPlacements[index]
DatabasePlacement is used to determine the SQL Server to host the database.
| Name | Type | Description | Required |
|---|---|---|---|
object |
SQLServer is a reference to a SQLServerCluster resource that will host the database. Immutable. |
true |
DataServicePolicyBinding.status.aggregateSQLServerDatabasePolicy.allowedPlacements[index].sqlServer
SQLServer is a reference to a SQLServerCluster resource that will host the database.
Immutable.
| Name | Type | Description | Required |
|---|---|---|---|
name |
string |
The Name of the referent. Required. |
true |
namespace |
string |
The Namespace of the referent. Optional. If not specified, it’s implied that the referent object resides in the same namespace as the referer. |
false |
DataServicePolicyBinding.status.policies[index]
DataServicePolicyReference references a data service policy. For convenience, the type of the data service is provided.
| Name | Type | Description | Required |
|---|---|---|---|
name |
string |
Name of the data service policy |
true |
serviceType |
string |
DataServiceType describes the supported data service types. Each data service represents a specific kind of database. |
true |
DataServicePolicyBinding.status.conditions[index]
Condition contains details for one aspect of the current state of this API Resource.
| Name | Type | Description | Required |
|---|---|---|---|
lastTransitionTime |
string |
lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
|
true |
message |
string |
message is a human readable message indicating details about the transition. This may be an empty string. |
true |
reason |
string |
reason contains a programmatic identifier indicating the reason for the condition’s last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. |
true |
status |
enum |
status of the condition, one of True, False, Unknown.
|
true |
type |
string |
type of condition in CamelCase or in foo.example.com/CamelCase. |
true |
observedGeneration |
integer |
observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
|
false |
DataServicePolicyBinding.status.infrastructurePolicies[index]
InfrastructurePolicyBindingStatus includes enough information about an InfrastructurePolicy such that a consumer knows which values are allowed during Data Service Instance CRUD.
| Name | Type | Description | Required |
|---|---|---|---|
isSupervisor |
boolean |
Is this a SupervisorInfrastructurePolicy |
false |
name |
string |
Name of the InfrastructurePolicy |
false |
status |
string |
The status of the InfrastructurePolicy/SupervisorInfrastructurePolicy. It is populated from the reason of the 'Ready' condition of the InfrastructurePolicy/SupervisorInfrastructurePolicy |
false |
storagePolicies |
[]string |
StoragePolicies are the list of StoragePolicyReference configurations that can be used to deploy a data service workload |
false |
[]object |
VMClasses is a list of VMClasses available for use by a data service workload They are listed directly here, as names and values are only unique within a single infrastructure policy. |
false |
|
zoneCount |
integer |
ZoneCount refers to the count of zones available within this infrastructure policy. For non-supervisor InfrastructurePolicy in DSM, crossClusterHA enabled is equivalent to zoneCount=3, while with it disabled it is zoneCount=1. For supervisor based InfrastructurePolicy the zoneCount can also be higher numbers. |
false |
DataServicePolicyBinding.status.infrastructurePolicies[index].vmClasses[index]
VMClassBindingInfo includes the key information about the VMClass such that a consumer user can understand what they will get with this VMClass.
| Name | Type | Description | Required |
|---|---|---|---|
name |
string |
Name of the VMClass |
false |
object |
Requests defines the amount of resources that should be allocated and reserved when this class is consumed |
false |
DataServicePolicyBinding.status.infrastructurePolicies[index].vmClasses[index].requests
Requests defines the amount of resources that should be allocated and reserved when this class is consumed
| Name | Type | Description | Required |
|---|---|---|---|
cpu |
string |
CPU defines the amount of vCPU that should be used when this class is consumed. Once a cluster is created this resource will be reserved on the underlying ESXI host.
It should be represented as an integer, like |
false |
memory |
string |
Memory defines the amount of memory, in Gib that should be used when this class is
consumed. Once a cluster is created this resource will be reserved on the underlying ESXI host.
It should be represented as an integer, like |
false |
DataServicePolicyBinding.status.nonCompliance[index]
NonCompliance is the non-compliance of a single data service instance
| Name | Type | Description | Required |
|---|---|---|---|
dsName |
string |
The name of the data service that is not in compliance |
true |
dsType |
string |
The Type of the data service that is not in compliance |
true |
nsProps |
map[string]string |
NamespaceProperties mirrors the DSPolicyBinding.Spec.NamespaceProperties for the namespace in which the data service resides. Depending on scenario, this allows retriving namespace, and org/project information. |
true |
[]object |
The error that explains the non-compliance |
true |
DataServicePolicyBinding.status.nonCompliance[index].violations[index]
NonComplianceViolation is the a single violation. One data service may have multiple.
| Name | Type | Description | Required |
|---|---|---|---|
category |
string |
Category of the violation for coarse grained sorting and filtering |
true |
err |
string |
Err is the error string with the exact violation |
true |
DataServicePolicyBinding.status.sqlServers[index]
SQLServerClusterBindingStatus captures the set of fields about a SQLServerCluster required for consumers, i.e. for users who wish to create SQLServerDatabases that are placed onto SQLServerClusters.
| Name | Type | Description | Required |
|---|---|---|---|
name |
string |
Name of the SQLServerCluster |
true |
namespace |
string |
Namespace of the SQLServerCluster |
true |
version |
string |
The DSM version of the SQLServerCluster |
true |
domain |
string |
The Active Directory domain that this SQL Server cluster is part of, if any. |
false |
edition |
string |
Edition specifies the SQL Server edition. Possible values include: Evaluation, Developer, Express, Web, Standard, Enterprise, EnterpriseCore |
false |
status |
string |
The status of the SQLServerCluster. It is populated from the reason of the 'Ready' condition of the SQLServerCluster |
false |
DataServicePolicyComplianceReportRequest
DataServicePolicyComplianceReportRequest is in not a normal CRD for which instances are created in the API server. Instead, it is a REST API request body for the /compliance subresource of a DataServicePolicy. As such, this request happens in the context of a DataServicePolicy, and a DataServicePolicyComplianceReportResponse is syncronously returned from the REST API, and the response is also not stored in the API server. The REST API is supposed to be used for the UI which wants to show the impact of policy Create/Update, or wants to present reports with summaries and progressive disclosure. Those don’t fit well with the normal K8s CR model, and hence this Request → Response style is used instead.
| Name | Type | Description | Required |
|---|---|---|---|
apiVersion |
string |
infrastructure.dataservices.vmware.com.v1alpha1 |
true |
kind |
string |
DataServicePolicyComplianceReportRequest |
true |
object |
Refer to the Kubernetes API documentation for the fields of the |
true |
|
includeComplianceDetails |
boolean |
IncludeComplianceDetails requests the compliance report to include details of the data service instances are in violation. The Filter field controls which data services are included. |
true |
includeComplianceSummary |
boolean |
IncludeComplianceSummary requests a compliance summary to be included in the response. Summary table of policy violation counts, grouped by type of violation. Individual data service instances aren’t included, just their count. |
true |
object |
Filter applies to the returned details view only. Even if a filter is applied, the summary includes all data service instances. |
false |
|
whatIfObject |
object |
WhatIfObject can be supplied to express that instead of the current state of the object this new one should be used. Can also be used for objects that don’t exist yet. |
false |
DataServicePolicyComplianceReportRequest.filter
Filter applies to the returned details view only. Even if a filter is applied, the summary includes all data service instances.
| Name | Type | Description | Required |
|---|---|---|---|
category |
string |
Only match against this specific category |
false |
[]object |
Only data service instances are considered that are in a namespace that has a DataServicePolicyBinding.Spec.NamespaceProperties that matches this MatchCriteria |
false |
|
violation |
string |
Only match when the violation is exactly this string |
false |
DataServicePolicyComplianceReportRequest.filter.matchCriteria[index]
PolicyMatchCriteria captures one criteria for matching against the namespaceProperties of DataServicePolicyBinding.
| Name | Type | Description | Required |
|---|---|---|---|
key |
string |
Key relates to the key inside the namespaceProperties of DataServicePolicyBinding Mutable. |
true |
operator |
enum |
Operator Mutable.
|
true |
values |
[]string |
Values relates to the value inside the namespaceProperties of DataServicePolicyBinding Mutable. |
true |
DataServicePolicyComplianceReportResponse
DataServicePolicyComplianceReportResponse is the response to a DataServicePolicyComplianceReportRequest.
| Name | Type | Description | Required |
|---|---|---|---|
apiVersion |
string |
infrastructure.dataservices.vmware.com.v1alpha1 |
true |
kind |
string |
DataServicePolicyComplianceReportResponse |
true |
object |
Refer to the Kubernetes API documentation for the fields of the |
true |
|
[]object |
Details of the violations, if requested, with the requested filter applied. |
false |
|
object |
Summary of the violations, if requested |
false |
DataServicePolicyComplianceReportResponse.details[index]
NonCompliance is the non-compliance of a single data service instance
| Name | Type | Description | Required |
|---|---|---|---|
dsName |
string |
The name of the data service that is not in compliance |
true |
dsType |
string |
The Type of the data service that is not in compliance |
true |
nsProps |
map[string]string |
NamespaceProperties mirrors the DSPolicyBinding.Spec.NamespaceProperties for the namespace in which the data service resides. Depending on scenario, this allows retriving namespace, and org/project information. |
true |
[]object |
The error that explains the non-compliance |
true |
DataServicePolicyComplianceReportResponse.details[index].violations[index]
NonComplianceViolation is the a single violation. One data service may have multiple.
| Name | Type | Description | Required |
|---|---|---|---|
category |
string |
Category of the violation for coarse grained sorting and filtering |
true |
err |
string |
Err is the error string with the exact violation |
true |
DataServicePolicyComplianceReportResponse.summary
Summary of the violations, if requested
| Name | Type | Description | Required |
|---|---|---|---|
[]object |
Entries is a list of violations with their category and data service instance count |
false |
DataServicePolicyComplianceReportResponse.summary.entries[index]
DataServicePolicyComplianceSummaryEntry is one entry in the summary
| Name | Type | Description | Required |
|---|---|---|---|
category |
string |
Category of the violation |
true |
numNonCompliant |
integer |
NumNonCompliant is the number of data service instances that have this specific violation. |
true |
violation |
string |
Violation is an error message capturing the actual violation |
true |
DirectoryService
DirectoryService provides a flexible way to integrate with LDAP directory services like Microsoft Active Directory and OpenLDAP. It facilitates authentication against DSM managed database clusters and DSM Appliance, offering a centralized authentication strategy.
In order to enable DSM Appliance LDAP Authentication a well-known DirectoryService named "ldap-default" in dsm-system namespace needs to be created. This ldap-default DirectoryService can also be adopted by any DSM-managed database cluster.
Note: Here Active Directory is considered only as an LDAP server. This is not a mechanism to configure Kerberos or NTLM authentication against Active Directory.
| Name | Type | Description | Required |
|---|---|---|---|
apiVersion |
string |
infrastructure.dataservices.vmware.com.v1alpha1 |
true |
kind |
string |
DirectoryService |
true |
object |
Refer to the Kubernetes API documentation for the fields of the |
true |
|
object |
DirectoryServiceSpec defines the desired state of DirectoryService |
false |
|
object |
DirectoryServiceStatus describes the observed status of the DirectoryService |
false |
DirectoryService.spec
DirectoryServiceSpec defines the desired state of DirectoryService
| Name | Type | Description | Required |
|---|---|---|---|
object |
Secret reference for the bind user credentials (user and password) of type 'kubernetes.io/basic-auth' The user should have at least read access to the base DN for users ID of a user in the domain who has read-only access to Base DN for users . The ID should be in the format: * determined by userSearchAttribute, default is using UPN ([email protected]). * DN (cn=user,cn=Users,dc=domain,dc=com) Mutable. |
true |
|
domain |
string |
The fully qualified domain name (FQDN) of the domain. For example, companydomain.company.com. Mutable. |
true |
primaryServerUrl |
string |
Primary domain controller LDAP server for the domain. You can use either the host name or the IP address. Use the format ldaps://hostname_or_IPAddress:port. The port is typically 636 for LDAPS connections with OpenLDAP. For Active Directory multi-domain controller deployments, the port is typically 3269 for LDAPS. Mutable.
|
true |
baseDnUsers |
string |
Base Distinguished Name for users. Enter the DN from which to start user searches. For example, cn=Users,dc=myCorp,dc=com. If not set Search will start from root DN Mutable. |
false |
secondaryServerUrls |
[]string |
List of URLs for secondary LDAP/AD servers used as a fallback. The application of these URLs is client-specific and some or all them may not be used PostgresSQL supports specifying multiple secondary servers. MySQL supports specifying only single secondary server. DSM Appliance supports specifying only primary and will ignore any secondary servers set. Mutable. |
false |
object |
TrustBundle is a reference to a Configmap containing a set of certificates to be trusted when validating
the Servers connection.
If the provided servers are configured with:
- certificate signed by DSM trusted CA, TrustBundle must point to the predefined ConfigMap called Mutable. |
false |
|
type |
enum |
Type specifies the directory type, either Mutable.
|
false |
userSearchAttribute |
string |
The user search attribute to use when doing search+bind authentication. The default is set to userPrincipalName which in most Active Directory setups correspond to user’s corporate email. So people would log in with '[email protected]' as username. Other common options are "uid", "sAMAccountName" which correspond to user id only: "user" Mutable
|
false |
DirectoryService.spec.bindCredentials
Secret reference for the bind user credentials (user and password) of type 'kubernetes.io/basic-auth'
The user should have at least read access to the base DN for users ID of a user in the domain who has read-only access to Base DN for users . The ID should be in the format: * determined by userSearchAttribute, default is using UPN ([email protected]). * DN (cn=user,cn=Users,dc=domain,dc=com)
Mutable.
| Name | Type | Description | Required |
|---|---|---|---|
name |
string |
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
false |
DirectoryService.spec.trustBundle
TrustBundle is a reference to a Configmap containing a set of certificates to be trusted when validating
the Servers connection.
If the provided servers are configured with:
- certificate signed by DSM trusted CA, TrustBundle must point to the predefined ConfigMap called trusted-root-ca in the dsm-system namespace. By default, DSM trusts all well-known OS-trusted CAs. If the certificate is signed by a custom CA then as a prerequisite the custom CA certificate must be added to trusted-root-ca by appending it to the value of key ca-bundle.crt.
- certificate signed by authority that should not be globally trusted by DSM, TrustBundle reference must point to Configmap with key tls.crt that contains only Issuer certificate(s). If an end-entity (i.e. server) certificate is provided it must be issued by itself, i.e. self-signed.
Mutable.
| Name | Type | Description | Required |
|---|---|---|---|
apiVersion |
string |
API version of the referent. |
false |
fieldPath |
string |
If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. |
false |
kind |
string |
Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
false |
name |
string |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
false |
namespace |
string |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
false |
resourceVersion |
string |
Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency |
false |
uid |
string |
UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids |
false |
DirectoryService.status
DirectoryServiceStatus describes the observed status of the DirectoryService
| Name | Type | Description | Required |
|---|---|---|---|
alertLevel |
string |
AlertLevel indicates the level of the most severe alert raised for a database cluster. |
false |
[]object |
Conditions contain the list of observed conditions of the DirectoryService. The following statuses can occur.
|
false |
DirectoryService.status.conditions[index]
Condition contains details for one aspect of the current state of this API Resource.
| Name | Type | Description | Required |
|---|---|---|---|
lastTransitionTime |
string |
lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
|
true |
message |
string |
message is a human readable message indicating details about the transition. This may be an empty string. |
true |
reason |
string |
reason contains a programmatic identifier indicating the reason for the condition’s last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. |
true |
status |
enum |
status of the condition, one of True, False, Unknown.
|
true |
type |
string |
type of condition in CamelCase or in foo.example.com/CamelCase. |
true |
observedGeneration |
integer |
observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
|
false |
InfrastructurePolicy
InfrastructurePolicy defines constraints on which vSphere infrastructure resources to expose for usage by data service workloads
| Name | Type | Description | Required |
|---|---|---|---|
apiVersion |
string |
infrastructure.dataservices.vmware.com.v1alpha1 |
true |
kind |
string |
InfrastructurePolicy |
true |
object |
Refer to the Kubernetes API documentation for the fields of the |
true |
|
object |
Spec is the desired state of the InfrastructurePolicy |
false |
|
object |
Status reports the observed state of the InfrastructurePolicy |
false |
InfrastructurePolicy.spec
Spec is the desired state of the InfrastructurePolicy
| Name | Type | Description | Required |
|---|---|---|---|
enableCrossClusterHA |
boolean |
EnableCrossClusterHA specifies if the InfrastructurePolicy is configured to support Cross vSphere Cluster HA. Setting this to "true" will trigger several context specific validations on this resource. Defaults to false.
Required.
|
true |
enabled |
boolean |
Enabled specifies if the InfrastructurePolicy is available for use. Must be Required. Mutable. |
true |
[]object |
IPRanges are the list of IPRange configurations available for use by data service workloads. Once a cluster is using the policy IPRanges can only be added to this list, not removed. Required. Mutable. |
true |
|
[]object |
Placements are the list of Placement configurations available for use by the InfrastructurePolicy. Once a cluster is using the policy Placements can only be added to this list, not removed Required. Mutable. |
true |
|
storagePolicies |
[]string |
StoragePolicies are the list of StoragePolicyReference configurations that can be used to deploy a data service workload. Once a cluster is using the policy StoragePolicies can only be added to this list, not removed. Required. Mutable. |
true |
[]object |
VMClasses are the list of VMClass references available for use by a data service workload. Once a cluster is using the policy VMClasses can only be added to this list, not removed. Required. Mutable. |
true |
|
description |
string |
Human-readable description of the infrastructure policy. Optional. Mutable. |
false |
InfrastructurePolicy.spec.ipRanges[index]
IPRange associates an IP Pool name with the PortGroups that can use the IP Pool.
| Name | Type | Description | Required |
|---|---|---|---|
poolName |
string |
PoolName is the name of the IP Pool to be associated with specified PortGroups. Required. Mutable. |
true |
[]object |
PortGroups is the list of IPRangePortGroups associated with the specified Required. Mutable. |
true |
InfrastructurePolicy.spec.ipRanges[index].portGroups[index]
IPRangePortGroup specifies which datacenters' distributed port groups can be used by the data service workloads.
| Name | Type | Description | Required |
|---|---|---|---|
datacenter |
string |
Datacenter is the datacenter where the distributed port group is defined |
true |
moid |
string |
MOID is the managed object ID of a distributed port group. This must be used when NSX manages portgroups that have the same name. If the MOID is provided, then Name is ignored. Optional. Mutable. |
false |
name |
string |
Name is the name of a distributed port group Optional. Mutable. |
false |
InfrastructurePolicy.spec.placements[index]
Placement is the set of resources within a single vSphere cluster
| Name | Type | Description | Required |
|---|---|---|---|
cluster |
string |
Cluster is the datacenter’s cluster name to be used when placing the data service workload. Use the full qualified name of the cluster, relative to the datacenter. A cluster "Cluster1" inside a folder "clusters", should be declared as "clusters/Cluster1". Any slash in the name is considered a path delimiter, use the literal '%2f' if need to represent a slash in the cluster name. Required. Mutable. |
true |
datacenter |
string |
Datacenter is the vSphere Datacenter to be used when placing the data service workload. The full qualified path to the datacenter must be provided if the datacenter is placed inside a folder. Any slash in the name is considered a path delimiter, use the literal '%2f' if need to represent a slash in the datacenter name. Required. Mutable. |
true |
portGroups |
[]string |
PortGroups are the PortGroup names or MOIDs that can be used by the data service workload. Required. Mutable. |
true |
folder |
string |
Folder is the VM and Template Folder name to be used to organize VMs in the vSphere UI. Optional, VMs will be created in the root datacenter folder if not provided. Provide the full qualified path of the folder starting from the Datacenter. Any slash in the name is considered a path delimiter, use the literal '%2f' if need to represent a slash in the folder name. Optional. Mutable. |
false |
resourcePool |
string |
ResourcePool is the Cluster’s resource pool to be used when placing the data service workload. If the resource pool is not provided, the whole cluster is used as the placement. Optional. Mutable. |
false |
InfrastructurePolicy.spec.vmClasses[index]
LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
| Name | Type | Description | Required |
|---|---|---|---|
name |
string |
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
false |
InfrastructurePolicy.status
Status reports the observed state of the InfrastructurePolicy
| Name | Type | Description | Required |
|---|---|---|---|
alertLevel |
string |
AlertLevel indicates the level of the most severe alert raised for an infrastructure policy. |
false |
[]object |
Conditions contain the list of observed conditions of the InfrastructurePolicy. The following statuses can occur.
|
false |
|
object |
false |
InfrastructurePolicy.status.conditions[index]
Condition contains details for one aspect of the current state of this API Resource.
| Name | Type | Description | Required |
|---|---|---|---|
lastTransitionTime |
string |
lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
|
true |
message |
string |
message is a human readable message indicating details about the transition. This may be an empty string. |
true |
reason |
string |
reason contains a programmatic identifier indicating the reason for the condition’s last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. |
true |
status |
enum |
status of the condition, one of True, False, Unknown.
|
true |
type |
string |
type of condition in CamelCase or in foo.example.com/CamelCase. |
true |
observedGeneration |
integer |
observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
|
false |
InfrastructurePolicy.status.resources
| Name | Type | Description | Required |
|---|---|---|---|
[]object |
IPRanges is the list of IPRanges configurations available for use by the InfrastructurePolicy. These are realized versions of the placement object from spec.ipRanges. MOIDs have been retrieved and saved for all paths to make infra polices resilient to files being renamed or moved |
false |
|
[]object |
PlacementsStatus is the list of Placement configurations available for use by the InfrastructurePolicy. These are realized versions of the placement object from spec.placement. Moids have been retrieved and saved for all paths to make infra polices resilient to files being renamed or moved |
false |
InfrastructurePolicy.status.resources.ipRanges[index]
IPRangeStatus is a realized version of IPRange from the spec.
| Name | Type | Description | Required |
|---|---|---|---|
poolName |
string |
true |
|
[]object |
true |
InfrastructurePolicy.status.resources.ipRanges[index].portGroups[index]
IPRangePortGroupStatus is a realized version of IPRangePortGroup from the spec. All paths have been converted to MOIDs to make them resilient to rename and moves. For details on any single field please look at the details for the same object in spec.IPRangePortGroup
| Name | Type | Description | Required |
|---|---|---|---|
object |
Datacenter is the datacenter where the distributed port group is defined |
true |
|
moid |
string |
false |
|
name |
string |
false |
InfrastructurePolicy.status.resources.ipRanges[index].portGroups[index].datacenter
Datacenter is the datacenter where the distributed port group is defined
| Name | Type | Description | Required |
|---|---|---|---|
inventoryPath |
string |
InventoryPath is the up to date location of this resource. In the case where a resource has been moved/renamed since the spec was submitted this path will not match what is in the spec and a condition may be raised The information contained on this field will be used to provision infrastructure resources. |
true |
moid |
string |
MOID the vSphere Managed Object ID of the resource |
true |
InfrastructurePolicy.status.resources.placements[index]
PlacementStatus is a realized version of placement from the spec. All paths have been converted to MOIDs to make them resilient to rename and moves. For details on any single field please look at the details for the same object in spec.placements
| Name | Type | Description | Required |
|---|---|---|---|
object |
Resource represents an object with inventory path and moid |
true |
|
object |
Resource represents an object with inventory path and moid |
true |
|
object |
Resource represents an object with inventory path and moid |
true |
|
[]object |
true |
||
object |
Resource represents an object with inventory path and moid |
false |
InfrastructurePolicy.status.resources.placements[index].cluster
Resource represents an object with inventory path and moid
| Name | Type | Description | Required |
|---|---|---|---|
inventoryPath |
string |
InventoryPath is the up to date location of this resource. In the case where a resource has been moved/renamed since the spec was submitted this path will not match what is in the spec and a condition may be raised The information contained on this field will be used to provision infrastructure resources. |
true |
moid |
string |
MOID the vSphere Managed Object ID of the resource |
true |
InfrastructurePolicy.status.resources.placements[index].datacenter
Resource represents an object with inventory path and moid
| Name | Type | Description | Required |
|---|---|---|---|
inventoryPath |
string |
InventoryPath is the up to date location of this resource. In the case where a resource has been moved/renamed since the spec was submitted this path will not match what is in the spec and a condition may be raised The information contained on this field will be used to provision infrastructure resources. |
true |
moid |
string |
MOID the vSphere Managed Object ID of the resource |
true |
InfrastructurePolicy.status.resources.placements[index].folder
Resource represents an object with inventory path and moid
| Name | Type | Description | Required |
|---|---|---|---|
inventoryPath |
string |
InventoryPath is the up to date location of this resource. In the case where a resource has been moved/renamed since the spec was submitted this path will not match what is in the spec and a condition may be raised The information contained on this field will be used to provision infrastructure resources. |
true |
moid |
string |
MOID the vSphere Managed Object ID of the resource |
true |
InfrastructurePolicy.status.resources.placements[index].portGroups[index]
Resource represents an object with inventory path and moid
| Name | Type | Description | Required |
|---|---|---|---|
inventoryPath |
string |
InventoryPath is the up to date location of this resource. In the case where a resource has been moved/renamed since the spec was submitted this path will not match what is in the spec and a condition may be raised The information contained on this field will be used to provision infrastructure resources. |
true |
moid |
string |
MOID the vSphere Managed Object ID of the resource |
true |
InfrastructurePolicy.status.resources.placements[index].resourcePool
Resource represents an object with inventory path and moid
| Name | Type | Description | Required |
|---|---|---|---|
inventoryPath |
string |
InventoryPath is the up to date location of this resource. In the case where a resource has been moved/renamed since the spec was submitted this path will not match what is in the spec and a condition may be raised The information contained on this field will be used to provision infrastructure resources. |
true |
moid |
string |
MOID the vSphere Managed Object ID of the resource |
true |
IPPool
IPPool defines the details of an IP Pool that can be used to deploy workload/database clusters
| Name | Type | Description | Required |
|---|---|---|---|
apiVersion |
string |
infrastructure.dataservices.vmware.com.v1alpha1 |
true |
kind |
string |
IPPool |
true |
object |
Refer to the Kubernetes API documentation for the fields of the |
true |
|
object |
Spec is the desired state of an IPPool |
false |
|
object |
Status reports the observed state of the IPPool |
false |
IPPool.spec
Spec is the desired state of an IPPool
| Name | Type | Description | Required |
|---|---|---|---|
addresses |
[]string |
Addresses is a list of IP addresses that can be assigned. This set of addresses can be non-contiguous. Please note that if multiple IPPools are created which contain the same IP addresses no cross validation between pools is performed. Only IPs which are not in use can be removed from pools. Example
Required. Mutable. |
true |
gateway |
string |
Gateway is the network gateway to use. Example
Required. Mutable. |
true |
prefix |
integer |
Prefix is the network prefix to use. It refers to the number of leading bits in the IP address. Example
Required. Mutable.
|
true |
IPPool.status
Status reports the observed state of the IPPool
| Name | Type | Description | Required |
|---|---|---|---|
alertLevel |
string |
AlertLevel indicates the level of the most severe alert raised for an IP Pool. |
false |
[]object |
Conditions contain the list of observed conditions of the IPPool.
using the IP Pool |
false |
|
object |
IpAddresses reports the count of total, free, used and out of range IPs in the pool. |
false |
IPPool.status.conditions[index]
Condition contains details for one aspect of the current state of this API Resource.
| Name | Type | Description | Required |
|---|---|---|---|
lastTransitionTime |
string |
lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
|
true |
message |
string |
message is a human readable message indicating details about the transition. This may be an empty string. |
true |
reason |
string |
reason contains a programmatic identifier indicating the reason for the condition’s last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. |
true |
status |
enum |
status of the condition, one of True, False, Unknown.
|
true |
type |
string |
type of condition in CamelCase or in foo.example.com/CamelCase. |
true |
observedGeneration |
integer |
observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
|
false |
IPPool.status.ipAddresses
IpAddresses reports the count of total, free, used and out of range IPs in the pool.
| Name | Type | Description | Required |
|---|---|---|---|
free |
integer |
Free is the count of unallocated IPs in the pool. |
true |
outOfRange |
integer |
Out of Range is the count of allocated IPs in the pool that is not contained within spec.Addresses. Legacy field |
true |
total |
integer |
Total is the total number of IPs configured for the pool. |
true |
used |
integer |
Used is the count of allocated IPs in the pool. |
true |
SupervisorInfrastructurePolicy
SupervisorInfrastructurePolicy defines which vSphere namespace resources to expose for usage by data service workloads
| Name | Type | Description | Required |
|---|---|---|---|
apiVersion |
string |
infrastructure.dataservices.vmware.com.v1alpha1 |
true |
kind |
string |
SupervisorInfrastructurePolicy |
true |
object |
Refer to the Kubernetes API documentation for the fields of the |
true |
|
object |
Status reports the observed state of the SupervisorInfrastructurePolicy |
false |
SupervisorInfrastructurePolicy.status
Status reports the observed state of the SupervisorInfrastructurePolicy
| Name | Type | Description | Required |
|---|---|---|---|
alertLevel |
string |
AlertLevel indicates the level of the most severe alert raised for an infrastructure policy. |
false |
[]object |
Conditions contain the list of observed conditions of the SupervisorInfrastructurePolicyStatus. |
false |
|
description |
string |
Human-readable description of the supervisor infrastructure policy. Optional. Mutable. |
false |
networkProvider |
string |
NetworkProvider contains the name of the Network Provider of the SupervisorInfrastructurePolicyStatus |
false |
object |
Resources show the overall resource usage and limits for the vsphere namespace |
false |
|
[]object |
StoragePolicies contains a list of storage policies that are enabled for the corresponding vsphere namespace |
false |
|
[]object |
VMClasses contains a list of VM classes that are enabled for the corresponding vsphere namespace |
false |
|
zoneCount |
integer |
ZoneCount refers to the count of zones available within this supervisor infrastructure policy. For supervisor InfrastructurePolicy in DSM, if crossClusterHA is disabled the zoneCount is 1. |
false |
SupervisorInfrastructurePolicy.status.conditions[index]
Condition contains details for one aspect of the current state of this API Resource.
| Name | Type | Description | Required |
|---|---|---|---|
lastTransitionTime |
string |
lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
|
true |
message |
string |
message is a human readable message indicating details about the transition. This may be an empty string. |
true |
reason |
string |
reason contains a programmatic identifier indicating the reason for the condition’s last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. |
true |
status |
enum |
status of the condition, one of True, False, Unknown.
|
true |
type |
string |
type of condition in CamelCase or in foo.example.com/CamelCase. |
true |
observedGeneration |
integer |
observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
|
false |
SupervisorInfrastructurePolicy.status.resources
Resources show the overall resource usage and limits for the vsphere namespace
| Name | Type | Description | Required |
|---|---|---|---|
cpuUsed |
string |
CpuUsed is the overall CPU usage of the namespace, in MHz. This is the sum of CPU usage across all pods in the Kubernetes namespace. |
true |
memoryUsed |
string |
Overall memory usage of the namespace (in mebibytes). This is the sum of memory usage across all pods. |
true |
storageUsed |
string |
StorageUsed is the overall storage used by the namespace (in mebibytes). This is the sum of storage used by pods across all datastores in the cluster associated with storage policies configured for the namespace. |
true |
cpuLimit |
string |
CpuLimit is the maximum amount of CPU (in MHz) which can be utilized by the namespace. If unset, no limits are placed. |
false |
memoryLimit |
string |
MemoryLimit is the maximum amount of memory (in mebibytes) which can be utilized by the namespace. If unset, no limits are placed. |
false |
storageLimit |
string |
StorageLimit is the maximum amount of storage (in mebibytes) which can be utilized by the namespace. If unset, no limits are placed. |
false |
SupervisorInfrastructurePolicy.status.storagePolicies[index]
| Name | Type | Description | Required |
|---|---|---|---|
name |
string |
Name indicates the storage policy name |
true |
limit |
string |
Limit is the maximum amount of storage (in mebibytes) which can be utilized by the namespace using the corresponding storage policy. If unset, no limits are placed. |
false |
SupervisorInfrastructurePolicy.status.vmClasses[index]
| Name | Type | Description | Required |
|---|---|---|---|
object |
CPU contains the CPU count and reservation for this vmclass |
true |
|
object |
Memory contains the memory count and reservation for this vmclass |
true |
|
name |
string |
Name denotes the VMClass name |
true |
SupervisorInfrastructurePolicy.status.vmClasses[index].cpu
CPU contains the CPU count and reservation for this vmclass
| Name | Type | Description | Required |
|---|---|---|---|
count |
string |
Count denotes the number of CPUs or amount of memory in Gib configured for virtual machine of this class. |
true |
reservation |
string |
Reservation denotes the percentage of total available CPUs or available memory reserved for a virtual machine. If unset, no reservation is requested for virtual machine. |
true |
SupervisorInfrastructurePolicy.status.vmClasses[index].memory
Memory contains the memory count and reservation for this vmclass
| Name | Type | Description | Required |
|---|---|---|---|
count |
string |
Count denotes the number of CPUs or amount of memory in Gib configured for virtual machine of this class. |
true |
reservation |
string |
Reservation denotes the percentage of total available CPUs or available memory reserved for a virtual machine. If unset, no reservation is requested for virtual machine. |
true |
VMClass
VMClass defines VMs which are available to host dataservice workloads
| Name | Type | Description | Required |
|---|---|---|---|
apiVersion |
string |
infrastructure.dataservices.vmware.com.v1alpha1 |
true |
kind |
string |
VMClass |
true |
object |
Refer to the Kubernetes API documentation for the fields of the |
true |
|
object |
Spec is the desired state of the VMClass |
false |
|
object |
Status reports the observed state of the VMClass |
false |
VMClass.spec
Spec is the desired state of the VMClass
| Name | Type | Description | Required |
|---|---|---|---|
object |
Requests defines the amount of resources that should be allocated and reserved when this class is consumed |
false |
VMClass.spec.requests
Requests defines the amount of resources that should be allocated and reserved when this class is consumed
| Name | Type | Description | Required |
|---|---|---|---|
cpu |
string |
CPU defines the amount of vCPU that should be used when this class is consumed. Once a cluster is created this resource will be reserved on the underlying ESXI host.
It should be represented as an integer, like |
false |
memory |
string |
Memory defines the amount of memory, in Gib that should be used when this class is
consumed. Once a cluster is created this resource will be reserved on the underlying ESXI host.
It should be represented as an integer, like |
false |
VMClass.status
Status reports the observed state of the VMClass
| Name | Type | Description | Required |
|---|---|---|---|
[]object |
Conditions contain the list of observed conditions of the VMClass. |
false |
VMClass.status.conditions[index]
Condition contains details for one aspect of the current state of this API Resource.
| Name | Type | Description | Required |
|---|---|---|---|
lastTransitionTime |
string |
lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
|
true |
message |
string |
message is a human readable message indicating details about the transition. This may be an empty string. |
true |
reason |
string |
reason contains a programmatic identifier indicating the reason for the condition’s last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. |
true |
status |
enum |
status of the condition, one of True, False, Unknown.
|
true |
type |
string |
type of condition in CamelCase or in foo.example.com/CamelCase. |
true |
observedGeneration |
integer |
observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
|
false |
observability.dataservices.vmware.com/v1alpha1
Resource Types:
LogBundle
LogBundle defines a log bundle collection request to DSM A log bundle contains the object specific logs (e.g. DB engine logs for databases). LogBundle CR cannot be modified after creation.
| Name | Type | Description | Required |
|---|---|---|---|
apiVersion |
string |
observability.dataservices.vmware.com.v1alpha1 |
true |
kind |
string |
LogBundle |
true |
object |
Refer to the Kubernetes API documentation for the fields of the |
true |
|
object |
LogBundleSpec defines the details, such as the RetentionPeriod and target of the log bundle which will be created |
false |
|
object |
LogBundleStatus reports the observed state of the LogBundle |
false |
LogBundle.spec
LogBundleSpec defines the details, such as the RetentionPeriod and target of the log bundle which will be created
| Name | Type | Description | Required |
|---|---|---|---|
object |
TargetRef refers to the resource for which the log bundle is collected.
The resource needs to be in the same namespace as the log bundle.
Only the Example: targetRef: kind: "PostgresCluster" name: "example-db" Required. Immutable. |
true |
|
retentionPeriod |
string |
RetentionPeriod determines the duration of time until the log bundle gets expired. The retention period starts from the collection completion time. After it expires, DSM will change log bundle status to Expired, and the log bundle will be deleted from storage. Duration is a wrapper around Go style time.Duration. Example: "48h10m" The default retention period is 6 hours, the minimum is 10 minutes, and the maximum is 7 days. Any value out of those limit will result in validation failure. Immutable.
|
false |
LogBundle.spec.targetRef
TargetRef refers to the resource for which the log bundle is collected.
The resource needs to be in the same namespace as the log bundle.
Only the Kind - the type of data service resource (for example PostgresCluster, MySqlCluster,etc) and
Name (name of the resource) fields are required.
Example:
targetRef: kind: "PostgresCluster" name: "example-db"
Required.
Immutable.
| Name | Type | Description | Required |
|---|---|---|---|
apiVersion |
string |
API version of the referent. |
false |
fieldPath |
string |
If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. |
false |
kind |
string |
Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
false |
name |
string |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
false |
namespace |
string |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
false |
resourceVersion |
string |
Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency |
false |
uid |
string |
UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids |
false |
LogBundle.status
LogBundleStatus reports the observed state of the LogBundle
| Name | Type | Description | Required |
|---|---|---|---|
collectionCompletedAt |
string |
CollectionCompletedAt indicates the time when the log bundle collection has completed
|
false |
collectionStartedAt |
string |
CollectionStartedAt indicates the time when the log bundle collection has started
|
false |
[]object |
Conditions contain the list of observed conditions of the LogBundle. The following statuses can occur.
|
false |
|
expiresAt |
string |
ExpiresAt indicates the time when the log bundled will expire and be deleted from the output storage
|
false |
object |
LogSecretRef is a reference to the v1.Secret living in the same namespace holding the output log bundle if such exists The download URL for the log bundle can be found in stringData section of the secret with key "downloadURL" |
false |
LogBundle.status.conditions[index]
Condition contains details for one aspect of the current state of this API Resource.
| Name | Type | Description | Required |
|---|---|---|---|
lastTransitionTime |
string |
lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
|
true |
message |
string |
message is a human readable message indicating details about the transition. This may be an empty string. |
true |
reason |
string |
reason contains a programmatic identifier indicating the reason for the condition’s last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. |
true |
status |
enum |
status of the condition, one of True, False, Unknown.
|
true |
type |
string |
type of condition in CamelCase or in foo.example.com/CamelCase. |
true |
observedGeneration |
integer |
observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
|
false |
LogBundle.status.logSecretRef
LogSecretRef is a reference to the v1.Secret living in the same namespace holding the output log bundle if such exists The download URL for the log bundle can be found in stringData section of the secret with key "downloadURL"
| Name | Type | Description | Required |
|---|---|---|---|
name |
string |
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
false |
MetricsTarget
MetricsTarget CRs provide a way to Bring Your Own Monitoring (BYOM) stack to monitor DSM-managed data services. Each MetricsTarget defines 1 additional metrics server / monitoring system and enables all DSM-managed data services within its scope to report Database metrics to it.
Currently, a MetricsTarget can be defined on 2 scopes: 1. Single global MetricsTarget within the DSM system namespace named "metrics-default". It applies to all DSM data services. 2. Single local MetricsTarget within each other namespace named "metrics-namespace". It applies to all DSM data services in the namespace.
The MetricsTarget within these scopes work together and metrics are delivered to all applicable MetricsTarget objects. Individual data services cannot opt out of the MetricsTarget objects defined for their scope.
|
Note
|
The metrics reporting works for data services versions from Data Services Manager release version 9.0 and above. If you have older data services, you need to upgrade them to use this feature. |
|
Note
|
The metrics reporting works for PostgresCluster and MySQLCluster data services. |
| Name | Type | Description | Required |
|---|---|---|---|
apiVersion |
string |
observability.dataservices.vmware.com.v1alpha1 |
true |
kind |
string |
MetricsTarget |
true |
object |
Refer to the Kubernetes API documentation for the fields of the |
true |
|
object |
MetricsTargetSpec defines the desired state of a MetricsTarget. |
false |
|
object |
MetricsTargetStatus reports the observed state of a MetricsTarget. |
false |
MetricsTarget.spec
MetricsTargetSpec defines the desired state of a MetricsTarget.
| Name | Type | Description | Required |
|---|---|---|---|
endpoint |
string |
Endpoint is the network endpoint to connect to the MetricsTarget server. The endpoints must be HTTP/S and typically hosts the APIs on the MetricsTarget servers that accept metrics from DSM. Each supported Type has its own API specifics and requirements. Examples:
Required. Mutable.
|
true |
type |
enum |
Type is the type of the MetricsTarget server. Supported values are Required. Mutable.
|
true |
advancedConfiguration |
map[string]string |
AdvancedConfiguration is a map of key value pairs which are predefined set of configurations that DSM will apply when configuring the MetricsTarget. Optional. Mutable. |
false |
object |
Secret reference for the user credentials (username and password) of type 'kubernetes.io/basic-auth'. Used for authentication against the MetricsTarget server when that is required. Optional. Some MetricsTarget servers don’t require / support basic authentication. Mutable. |
false |
|
headers |
map[string]string |
Headers is a map of key value pairs which are static values sent with each HTTP request from DSM to the MetricsTarget server. It can contain actual HTTP headers, or additional static metadata. A default set of headers is automatically populated by DSM for each MetricsTarget Type. If specified, the Headers parameters override the default headers for any key. Optional. Typically, this parameter should not be required, but can be useful for additional metadata propagation. Mutable. |
false |
timeout |
string |
Timeout specifies the timeout for each HTTP request from DSM to the MetricsTarget server. If the MetricsTarget server fails to respond within the Timeout metrics delivery is not guaranteed. Optional. The default timeout is The timeout value should be higher than Mutable.
|
false |
object |
TLS refers to TLS configuration for the MetricsTarget. Used for MetricsTarget server certificate verification, and TLS authentication. Optional. Some MetricsTarget server certificate is improper and cannot be verified. Some MetricsTarget servers don’t support / require TLS auth. |
false |
MetricsTarget.spec.credentials
Secret reference for the user credentials (username and password) of type 'kubernetes.io/basic-auth'. Used for authentication against the MetricsTarget server when that is required.
Optional. Some MetricsTarget servers don’t require / support basic authentication.
Mutable.
| Name | Type | Description | Required |
|---|---|---|---|
name |
string |
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
false |
MetricsTarget.spec.tls
TLS refers to TLS configuration for the MetricsTarget. Used for MetricsTarget server certificate verification, and TLS authentication.
Optional. Some MetricsTarget server certificate is improper and cannot be verified. Some MetricsTarget servers don’t support / require TLS auth.
| Name | Type | Description | Required |
|---|---|---|---|
object |
ClientCertificate is a reference to a Secret holding the DSM client certificate used to do TLS auth to a MetricsTarget server. The client certificate is typically issued by a CA that the MetricsTarget server uses and verifies with. The secret must follow the format of 'kubernetes.io/tls' Secrets, but it can also be of type Opaque, as long as it holds a valid certificate private-key pair in tls.crt and tls.key Data fields. When specified, the client certificate is sent along with the requests from DSM to MetricsTarget server which enables DSM TLS auth to the MetricsTarget server. MetricsTarget servers can have different requirements and support for TLS auth / client certificates. In some cases it can be required. In some cases it is strictly verified on the MetricsTarget server against its CA. Optional. Some MetricsTarget servers don’t require / support TLS auth. Mutable. |
false |
|
insecureSkipVerify |
boolean |
!!! WARNING !!! This setting is not recommended to be set. Use with caution as it can have security impact. InsecureSkipVerify skips the server certificate and issuers verification against the DSM MetricsTarget TrustBundle. It should only be set when the MetricsTarget server certificate issuer path cannot be trusted for example when the server certificate doesn’t contain the necessary SAN IP addresses / DNS names. Optional. By default, this setting is False, and all TLS verifications are performed. Mutable.
|
false |
object |
TrustBundle is a reference to a ConfigMap containing a set of certificates to be trusted when verifying the MetricsTarget server certificate chain. When InsecureSkipVerify is set to False, the contents are ignored as no verification is done. If the provided MetricsTarget server is configured with:
- Well-known OS-trusted CA, or a DSM globally trusted certificate - TrustBundle can be omitted, or it should point to DSM globally trusted certificates ConfigMap.
- Certificate signed by CA that should not be globally trusted by DSM - TrustBundle reference must point to ConfigMap with key Optional. By default, it will use the DSM globally trusted certificates ConfigMap if InsecureSkipVerify is false. It is not needed and will remain nil if InsecureSkipVerify is true. Mutable. |
false |
MetricsTarget.spec.tls.clientCertificate
ClientCertificate is a reference to a Secret holding the DSM client certificate used to do TLS auth to a MetricsTarget server. The client certificate is typically issued by a CA that the MetricsTarget server uses and verifies with. The secret must follow the format of 'kubernetes.io/tls' Secrets, but it can also be of type Opaque, as long as it holds a valid certificate private-key pair in tls.crt and tls.key Data fields.
When specified, the client certificate is sent along with the requests from DSM to MetricsTarget server which enables DSM TLS auth to the MetricsTarget server.
MetricsTarget servers can have different requirements and support for TLS auth / client certificates. In some cases it can be required. In some cases it is strictly verified on the MetricsTarget server against its CA.
Optional. Some MetricsTarget servers don’t require / support TLS auth.
Mutable.
| Name | Type | Description | Required |
|---|---|---|---|
name |
string |
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
false |
MetricsTarget.spec.tls.trustBundle
TrustBundle is a reference to a ConfigMap containing a set of certificates to be trusted when verifying the MetricsTarget server certificate chain. When InsecureSkipVerify is set to False, the contents are ignored as no verification is done.
If the provided MetricsTarget server is configured with:
- Well-known OS-trusted CA, or a DSM globally trusted certificate - TrustBundle can be omitted, or it should point to DSM globally trusted certificates ConfigMap.
- Certificate signed by CA that should not be globally trusted by DSM - TrustBundle reference must point to ConfigMap with key tls.crt that contains only Issuer certificate(s). If an end-entity (i.e. server) certificate is provided it must be issued by itself, i.e. self-signed.
Optional. By default, it will use the DSM globally trusted certificates ConfigMap if InsecureSkipVerify is false. It is not needed and will remain nil if InsecureSkipVerify is true.
Mutable.
| Name | Type | Description | Required |
|---|---|---|---|
apiVersion |
string |
API version of the referent. |
false |
fieldPath |
string |
If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. |
false |
kind |
string |
Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
false |
name |
string |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
false |
namespace |
string |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
false |
resourceVersion |
string |
Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency |
false |
uid |
string |
UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids |
false |
MetricsTarget.status
MetricsTargetStatus reports the observed state of a MetricsTarget.
| Name | Type | Description | Required |
|---|---|---|---|
alertLevel |
string |
AlertLevel indicates the level of the most severe alert raised for a Metrics Target. |
false |
[]object |
Conditions contain the list of observed conditions of the MetricsTarget. The following statuses can occur.
|
false |
MetricsTarget.status.conditions[index]
Condition contains details for one aspect of the current state of this API Resource.
| Name | Type | Description | Required |
|---|---|---|---|
lastTransitionTime |
string |
lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
|
true |
message |
string |
message is a human readable message indicating details about the transition. This may be an empty string. |
true |
reason |
string |
reason contains a programmatic identifier indicating the reason for the condition’s last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. |
true |
status |
enum |
status of the condition, one of True, False, Unknown.
|
true |
type |
string |
type of condition in CamelCase or in foo.example.com/CamelCase. |
true |
observedGeneration |
integer |
observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
|
false |
releases.dataservices.vmware.com/v1alpha2
Resource Types:
DataServiceVersion
DataServiceVersion is a single supported version of a data service.
The DataServiceVersion resources are exclusively created by the Data Services Manager in response to the release of a new version, to provide semi-structured information about the supported versions to API clients.
Only the spec.approval field can be modified, and only by DSM Administrators. All other fields are read-only.
| Name | Type | Description | Required |
|---|---|---|---|
apiVersion |
string |
releases.dataservices.vmware.com.v1alpha2 |
true |
kind |
string |
DataServiceVersion |
true |
object |
Refer to the Kubernetes API documentation for the fields of the |
true |
|
object |
DataServiceVersionSpec represents the spec of the Data Service |
true |
|
object |
DataServiceVersionStatus represents the status of the Data Service |
false |
DataServiceVersion.spec
DataServiceVersionSpec represents the spec of the Data Service
| Name | Type | Description | Required |
|---|---|---|---|
approval |
enum |
Indicates what operations is this version enabled for. The valid values are:
Administrators can modify this field to enable or disable users to create clusters from this version.
|
true |
engineVersion |
string |
The engine version corresponding to this DataServiceVersion. The field is read-only. |
true |
release |
string |
The Data Services Manager release that this version is part of. The field is read-only. |
true |
releaseDate |
string |
The date the version’s corresponding release was assembled. This is not necessarily the date when it was made generally available. The field is read-only. |
true |
releaseNotesLink |
string |
Link (URL) to the release notes for the version’s corresponding release. The field is read-only. |
true |
serviceType |
string |
The engine type of the data service corresponding to this version. The Data Services Manager supports:
The field is read-only. |
true |
version |
string |
The full version string that the users need to use when creating clusters of this version. The field is read-only. |
true |
[]object |
The kubernetes releases which are compatible with this data service version This field is read-only |
false |
DataServiceVersion.spec.kubernetesReleaseVersions[index]
| Name | Type | Description | Required |
|---|---|---|---|
type |
enum |
Kubernetes cluster type. Can be dsmManaged or supervisorManaged
|
true |
version |
string |
The version of this kubernetes release |
true |
DataServiceVersion.status
DataServiceVersionStatus represents the status of the Data Service
| Name | Type | Description | Required |
|---|---|---|---|
[]object |
Conditions represent the state of the Data Service Version |
false |
|
[]object |
LinkedRegistries show the ImageRegistries that are linked to this DataServiceVersion It is updated when the selector rules in the ImageRegistry match / unmatch the labels in the DataServiceVersion |
false |
|
[]object |
RequiredImages contains information about the container images that apply to this data service version. |
false |
|
requiredReleases |
[]string |
Additional DSV that must be present and enabled for creation of this DSV to occur |
false |
DataServiceVersion.status.conditions[index]
Condition contains details for one aspect of the current state of this API Resource.
| Name | Type | Description | Required |
|---|---|---|---|
lastTransitionTime |
string |
lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
|
true |
message |
string |
message is a human readable message indicating details about the transition. This may be an empty string. |
true |
reason |
string |
reason contains a programmatic identifier indicating the reason for the condition’s last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. |
true |
status |
enum |
status of the condition, one of True, False, Unknown.
|
true |
type |
string |
type of condition in CamelCase or in foo.example.com/CamelCase. |
true |
observedGeneration |
integer |
observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
|
false |
DataServiceVersion.status.linkedRegistries[index]
TypedObjectReference contains enough information to let you locate the typed referenced object
| Name | Type | Description | Required |
|---|---|---|---|
kind |
string |
Kind is the type of resource being referenced |
true |
name |
string |
Name is the name of resource being referenced |
true |
apiGroup |
string |
APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. |
false |
namespace |
string |
Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace’s owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. |
false |
DataServiceVersion.status.requiredImages[index]
Image provides the information regarding a specific Container Image
example: docker pull <registry-endpoint>/repo/relativePath/name:version
| Name | Type | Description | Required |
|---|---|---|---|
checksum |
string |
Checksum of the container image |
false |
fileName |
string |
FileName of the container image |
false |
relativePath |
string |
Relative path of the container image |
false |
status |
string |
Status of the container image Ready: Image is ready for provisioning SyncFailed: Image failed to sync |
false |
tag |
string |
Tag of the container image |
false |
system.dataservices.vmware.com/v1alpha1
Resource Types:
DsmSystemConfig
| Name | Type | Description | Required |
|---|---|---|---|
apiVersion |
string |
system.dataservices.vmware.com.v1alpha1 |
true |
kind |
string |
DsmSystemConfig |
true |
object |
Refer to the Kubernetes API documentation for the fields of the |
true |
|
object |
DsmSystemConfigSpec defines the desired state of the DsmSystemConfig. Spec holds the Dsm Provider appliance configurations. Only one instance of this Resource exists with the name 'dsm-system-config' |
false |
|
object |
DsmSystemConfigStatus describes the observed status of the DsmSystemConfig. |
false |
DsmSystemConfig.spec
DsmSystemConfigSpec defines the desired state of the DsmSystemConfig. Spec holds the Dsm Provider appliance configurations. Only one instance of this Resource exists with the name 'dsm-system-config'
| Name | Type | Description | Required |
|---|---|---|---|
dsmProviderId |
string |
DSMProviderId defines the unique id of the DSM Provider appliance. Immutable |
true |
gateway |
string |
GATEWAY defines the IPv4 gateway of the DSM Provider appliance. Immutable |
true |
ip |
string |
IP defines the IPv4 address of the DSM Provider appliance. Immutable |
true |
netmask |
string |
NETMASK defines the IPv4 netmask of the DSM Provider appliance. Immutable |
true |
ceipConsent |
boolean |
CEIPConsent defines the user’s consent for data collection from Provider appliance. Mutable |
false |
dnsNames |
[]string |
One or more DNS names / FQDNs of the DSM Provider appliance. These DNS names will be included in the SAN field of the TLS certificate if auto-generated by DSM and in the Provider settings displayed in DSM UI. If a custom TLS certificate is provided, it is important its SAN field to match the DNS names provided here, so clients can ensure a secure connection. Mutable. When updated, DSM will re-generate the TLS certificate if no custom certificate is provided. If Custom certificate via spec.tls.secretName with DNS only Subject Alternative Name (SAN) is specified then the first entry of DNSNames cannot be changed if there are created data services (see TLS.SecretName API doc) In that case this DNS Name will be used by DSM workloads and must be resolvable to the DSM Appliance VM IP within all networks where DSM data services are deployed and any client/application networks that need to access DSM Appliance (DSM APIs) |
false |
dnsServers |
[]string |
DNSServers defines the IP address(es) of the DNS server(s) used by DSM. Example
Mutable
|
false |
object |
ExternalLogDestination contains details required to setup external log forwarding. Mutable. |
false |
|
ntpServers |
[]string |
NTPServers defines the NTP server(s) used by DSM. Although the value is optional the value must be set for DSM to work properly. Example
Mutable
|
false |
object |
TLS refers to the SSL/TLS configuration of the DSM Provider appliance. Mutable. |
false |
|
workloadNetworkCidr |
string |
WorkloadNetworkCIDR defines the CIDR range for the workload clusters network reserved for DSM use. This range must not clash with any other networks used by non-DSM components. This setting is global across all workload clusters created by DSM. The value must be in CIDR notation, e.g. 192.168.0.0/16 Mutable. Can be set or modified irrespective of existing data services workloads. Only new workloads will reflect any changes to the configurations, existing workloads will not be changed. They can be cloned via backup-restore workflows to pick up the new configuration.
|
false |
workloadServiceCidr |
string |
WorkloadServiceCIDR defines the CIDR range for the workload clusters network reserved for DSM use. This will be used for cluster IPs in workload cluster. This range must not clash with any other networks used by non-DSM components. This setting is global across all workload clusters created by DSM. The value must be in CIDR notation, e.g. 10.96.0.0/12 Mutable. Can be set or modified irrespective of existing data services workloads. Only new workloads will reflect any changes to the configurations, existing workloads will not be changed. They can be cloned via backup-restore workflows to pick up the new configuration.
|
false |
DsmSystemConfig.spec.externalLogDestination
ExternalLogDestination contains details required to setup external log forwarding.
Mutable.
| Name | Type | Description | Required |
|---|---|---|---|
enabled |
boolean |
Enabled is a boolean which indicates whether log forwarding is currently active. Mutable.
|
false |
remoteLogDestinationProvider |
string |
RemoteLogDestinationProvider is the remote logging storage provider. Supported values are Required when Enabled is true. Mutable. |
false |
remoteLogUrl |
string |
RemoteLogUrl is a connection string required by logging service. It is usually a combination of line protocol, host, port and uri (protocol)://(host):(port)(uri) Example syslog
Example cfapi Depending on the logging service, the type of information it expects can be different. Required when Enabled is true. Mutable. |
false |
object |
TrustBundle is a reference to a v1.ConfigMap containing a set of certificates to be trusted when validating the log forwarding endpoint TLS connection.
If the provided RemoteLogUrl is configured with:
- certificate signed by DSM trusted CA, TrustBundle must point to the predefined ConfigMap called Mutable. |
false |
DsmSystemConfig.spec.externalLogDestination.trustBundle
TrustBundle is a reference to a v1.ConfigMap containing a set of certificates to be trusted when validating the log forwarding endpoint TLS connection.
If the provided RemoteLogUrl is configured with:
- certificate signed by DSM trusted CA, TrustBundle must point to the predefined ConfigMap called trusted-root-ca in the dsm-system namespace. By default, DSM trusts all well-known OS-trusted CAs. If the certificate is signed by a custom CA then as a prerequisite the custom CA certificate must be added to trusted-root-ca by appending it to the value of key ca-bundle.crt.
- certificate signed by authority that should not be globally trusted by DSM, TrustBundle reference must point to Configmap with key tls.crt that contains only Issuer certificate(s). If an end-entity (i.e. server) certificate is provided it must be issued by itself, i.e. self-signed.
Mutable.
| Name | Type | Description | Required |
|---|---|---|---|
apiVersion |
string |
API version of the referent. |
false |
fieldPath |
string |
If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. |
false |
kind |
string |
Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
false |
name |
string |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
false |
namespace |
string |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
false |
resourceVersion |
string |
Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency |
false |
uid |
string |
UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids |
false |
DsmSystemConfig.spec.tls
TLS refers to the SSL/TLS configuration of the DSM Provider appliance.
Mutable.
| Name | Type | Description | Required |
|---|---|---|---|
secretName |
string |
The name of a Secret resource present in the 'dsm-system' namespace, describing a custom certificate. The expected format of the Secret is the same as the output Secrets created by cert-manager’s Certificate resource. It needs to have keys: tls.crt: PEM signed certificate chain tls.key: PEM private key ca.crt: PEM CA certificate The ca.crt is optional if there is at least one issuer certificate in the certificate chain (tls.crt key). That issuer can either be a self-signed leaf certificate, or an intermediate or root certificate authority. There are specific requirements for how Subject Alternative Name (SAN) is set. Two mutually-exclusive styles are accepted: 1. IP-inclusive – SAN lists at least one IPAddress (one must equal the DSM Appliance VM IP) and may list DNS Names (FQDNs). In this case DSM will use internally the VM IP to connect to DSM Appliance 2. DNS-only – SAN lists at least one DNS Name and no IPAddress. At least one of the SAN DNS Names must equal spec.dnsNames[0] and resolve to the DSM Appliance VM IP (spec.IP) within all networks where DSM data services are deployed. DSM will use internally that DNS name (FQDN) to connect to DSM Appliance. After any data service has been deployed, you cannot: - switch between IP-inclusive and DNS-only certificates, or - change the primary DNS Name of a DNS-only certificate. These changes are supported only on a fresh appliance with no data services present. Optional. When omitted, DSM auto-generates a certificate via its internal CA. When specified, DSM overrides the auto-generated certificate with the one in the Secret. Mutable. To update a custom certificate, either refer to a new Secret, or update the already referenced one. Updating any certificate causes a restart of the provider, making the DSM UI inaccessible for few seconds. Updating the CA is an intrusive operation which causes a rolling restart of all database clusters. CA updates might cause DB metrics loss for a few minutes. To avoid any impact it is recommended to set the CA before creating any database clusters. |
false |
DsmSystemConfig.status
DsmSystemConfigStatus describes the observed status of the DsmSystemConfig.
| Name | Type | Description | Required |
|---|---|---|---|
alertLevel |
enum |
|
false |
appliancePublicAddress |
string |
AppliancePublicAddress is the address (IP or FQDN) that all DSM data-service workloads use to reach the DSM Appliance. It is set automatically based the configured TLS certificate, spec.dnsNames and spec.ip. The value must be reachable from every network where DSM data services run and, if it is an FQDN, must resolve to the Appliance VM IP (spec.ip). The value must also be reachable and resolvable by client/application networks that need to access DSM Appliance (DSM APIs) See spec.tls.secretName doc for certificate/SAN rules and how the address is determined. |
false |
[]object |
Conditions contain the list of observed conditions of the DsmSystemConfig. The following statuses can occur.
|
false |
|
minDataServiceRelease |
string |
MinDataServiceRelease is set when the DSM Provider starts successfully after a fresh install, and updated when the DSM Provider upgrade is successfully completed. Represents the minimum release version of data services (identified by the 'release' field of each DataServiceVersion) compatible with current DSM Provider version. DataServiceVersion whose release is lower than this value are not compatible with current version of DSM Provider. |
false |
rootUserExpiryDate |
string |
RootUserExpiryDate indicates the time when the DSM provider appliance root password is expected to expire.
|
false |
tlsSecretResourceVersion |
string |
TLSSecretResourceVersion is set only for DSM provider appliances with custom certificates. It represents the resource version of the Secret that was last applied for the DSM Provider appliance. |
false |
DsmSystemConfig.status.conditions[index]
Condition contains details for one aspect of the current state of this API Resource.
| Name | Type | Description | Required |
|---|---|---|---|
lastTransitionTime |
string |
lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
|
true |
message |
string |
message is a human readable message indicating details about the transition. This may be an empty string. |
true |
reason |
string |
reason contains a programmatic identifier indicating the reason for the condition’s last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. |
true |
status |
enum |
status of the condition, one of True, False, Unknown.
|
true |
type |
string |
type of condition in CamelCase or in foo.example.com/CamelCase. |
true |
observedGeneration |
integer |
observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
|
false |
ImageRegistry
ImageRegistry is the Schema for the imageRegistry API Certain Data Services in DSM do not come with the container images bundled and instead rely on an external registry for the images. The ImageRegistry API offers a way to register an external registry in DSM and associate it with different Data Service Versions. The ImageRegistry must be compliant with Open Container Initiative Spec and Docker V2 API.
| Name | Type | Description | Required |
|---|---|---|---|
apiVersion |
string |
system.dataservices.vmware.com.v1alpha1 |
true |
kind |
string |
ImageRegistry |
true |
object |
Refer to the Kubernetes API documentation for the fields of the |
true |
|
object |
ImageRegistrySpec defines the spec of the ImageRegistry |
true |
|
object |
ImageRegistryStatus contains the status of the ImageRegistry |
false |
ImageRegistry.spec
ImageRegistrySpec defines the spec of the ImageRegistry
| Name | Type | Description | Required |
|---|---|---|---|
endpoint |
string |
Endpoint specifies the URL of the external image registry. Mutable |
true |
object |
Credentials contain the name of the secret object containing the credentials to access the images. Supported authentication type: - basic auth: username/password (secret should have data.username and data.password) Mutable |
false |
|
object |
DataServiceSelector contains the kubernetes label selector rules that are used to map Data Service Versions to the ImageRegistry. This can be configured to be a many:many relationship, as in - multiple imageRegistries can be configured to link to one Data Service Version (Redundancy) - one ImageRegistry can target multiple Data Service Versions (Single Source). Mutable |
false |
|
repo |
string |
Repo specifies the repository/project/namespace inside the image registry that contains the images. Example: endpoint: registry.example.com / 10.10.10.10:9000 repo: dsm-images image: operator:v1.2.3 (from DataServiceVersion) Image will be located at registry.example.com/dsm-images/operator:v1.2.3 / 10.10.10.10:9000/dsm-images/operator:v1.2.3 Mutable |
false |
object |
TrustBundle is a reference to a ConfigMap containing a set of certificates to be trusted when validating
the Endpoint TLS connection.
If the provided Endpoint is configured with:
- certificate signed by DSM trusted CA, TrustBundle must point to the predefined ConfigMap called Mutable. |
false |
ImageRegistry.spec.credentials
Credentials contain the name of the secret object containing the credentials to access the images. Supported authentication type: - basic auth: username/password (secret should have data.username and data.password)
Mutable
| Name | Type | Description | Required |
|---|---|---|---|
name |
string |
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
|
false |
ImageRegistry.spec.dataServiceSelector
DataServiceSelector contains the kubernetes label selector rules that are used to map Data Service Versions to the ImageRegistry. This can be configured to be a many:many relationship, as in - multiple imageRegistries can be configured to link to one Data Service Version (Redundancy) - one ImageRegistry can target multiple Data Service Versions (Single Source).
Mutable
| Name | Type | Description | Required |
|---|---|---|---|
[]object |
matchExpressions is a list of label selector requirements. The requirements are ANDed. |
false |
|
matchLabels |
map[string]string |
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. |
false |
ImageRegistry.spec.dataServiceSelector.matchExpressions[index]
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
| Name | Type | Description | Required |
|---|---|---|---|
key |
string |
key is the label key that the selector applies to. |
true |
operator |
string |
operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. |
true |
values |
[]string |
values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. |
false |
ImageRegistry.spec.trustBundle
TrustBundle is a reference to a ConfigMap containing a set of certificates to be trusted when validating
the Endpoint TLS connection.
If the provided Endpoint is configured with:
- certificate signed by DSM trusted CA, TrustBundle must point to the predefined ConfigMap called trusted-root-ca in the dsm-system namespace. By default, DSM trusts all well-known OS-trusted CAs. If the certificate is signed by a custom CA then as a prerequisite the custom CA certificate must be added to trusted-root-ca by appending it to the value of key ca-bundle.crt.
- certificate signed by authority that should not be globally trusted by DSM, TrustBundle reference must point to Configmap with key tls.crt that contains only Issuer certificate(s). If an end-entity (i.e. server) certificate is provided it must be issued by itself, i.e. self-signed.
Mutable.
| Name | Type | Description | Required |
|---|---|---|---|
apiVersion |
string |
API version of the referent. |
false |
fieldPath |
string |
If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. |
false |
kind |
string |
Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
false |
name |
string |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
false |
namespace |
string |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
false |
resourceVersion |
string |
Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency |
false |
uid |
string |
UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids |
false |
ImageRegistry.status
ImageRegistryStatus contains the status of the ImageRegistry
| Name | Type | Description | Required |
|---|---|---|---|
alertLevel |
string |
AlertLevel indicates the level of the most severe alert raised for a database cluster. |
false |
[]object |
Conditions represent the status of image registry object and associated operations. |
false |
ImageRegistry.status.conditions[index]
Condition contains details for one aspect of the current state of this API Resource.
| Name | Type | Description | Required |
|---|---|---|---|
lastTransitionTime |
string |
lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
|
true |
message |
string |
message is a human readable message indicating details about the transition. This may be an empty string. |
true |
reason |
string |
reason contains a programmatic identifier indicating the reason for the condition’s last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. |
true |
status |
enum |
status of the condition, one of True, False, Unknown.
|
true |
type |
string |
type of condition in CamelCase or in foo.example.com/CamelCase. |
true |
observedGeneration |
integer |
observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
|
false |
VCenterBinding
VCenterBinding defines a binding configuration for vCenter.
| Name | Type | Description | Required |
|---|---|---|---|
apiVersion |
string |
system.dataservices.vmware.com.v1alpha1 |
true |
kind |
string |
VCenterBinding |
true |
object |
Refer to the Kubernetes API documentation for the fields of the |
true |
|
object |
VCenterBindingSpec defines the details, such as the Host, Thumbprint, and VCenterAdminSecret of the target vCenter where DSM workload clusters will be deployed and managed. |
false |
|
object |
VCenterBindingStatus describes the observed status of the VCenterBinding. |
false |
VCenterBinding.spec
VCenterBindingSpec defines the details, such as the Host, Thumbprint, and VCenterAdminSecret of the target vCenter where DSM workload clusters will be deployed and managed.
| Name | Type | Description | Required |
|---|---|---|---|
host |
string |
Host is the FQDN or IP address of the target vCenter where DSM workload clusters will be deployed. Must be present in the vCenter server’s certificate SAN extension. Required Mutable. |
true |
thumbprint |
string |
Thumbprint represents the SHA-256 Thumbprint of the target vCenter’s server leaf certificate, where the workload clusters are managed. This field is optional and is only necessary for the initial vCenter trust setup. Subsequently, DSM will fetch the root CA bundle from vCenter and use it to establish secure connections to vCenter. Mutable. |
false |
object |
VCenterAdminSecret refers to the v1.Secret containing the administrator credentials for the vCenter where the workload clusters are managed.
The data field of this Secret must contain both 'username' and 'password' keys as base64 encoded strings.
This secret may be deleted by the client after successful creation of the DSM Service account and registration of the DSM Plugin in vCenter as indicated by this resource status condition Mutable. |
false |
VCenterBinding.spec.vcenterAdminSecret
VCenterAdminSecret refers to the v1.Secret containing the administrator credentials for the vCenter where the workload clusters are managed.
The data field of this Secret must contain both 'username' and 'password' keys as base64 encoded strings.
This secret may be deleted by the client after successful creation of the DSM Service account and registration of the DSM Plugin in vCenter as indicated by this resource status condition Ready.
Mutable.
| Name | Type | Description | Required |
|---|---|---|---|
apiVersion |
string |
API version of the referent. |
false |
fieldPath |
string |
If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. |
false |
kind |
string |
Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
false |
name |
string |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
false |
namespace |
string |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
false |
resourceVersion |
string |
Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency |
false |
uid |
string |
UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids |
false |
VCenterBinding.status
VCenterBindingStatus describes the observed status of the VCenterBinding.
| Name | Type | Description | Required |
|---|---|---|---|
alertLevel |
string |
AlertLevel indicates the level of the most severe alert raised for a vCenter Binding. |
false |
[]object |
Conditions contain the list of observed conditions of the VCenterBinding. The following statuses can occur.
|
false |
|
lastServiceAccountRotationTime |
string |
LastServiceAccountRotationTime indicates the time when the last service account password was rotated. Mutable.
|
false |
object |
RootCA is a reference to the v1.ConfigMap named 'vcenter-ca' containing the vCenter’s root certificate in the key named 'ca-bundle'. Mutable. |
false |
|
vcenterInstanceUuid |
string |
VcenterInstanceUuid defines the target vCenter instance uuid. Immutable |
false |
version |
string |
Version is the version of vCenter Mutable |
false |
VCenterBinding.status.conditions[index]
Condition contains details for one aspect of the current state of this API Resource.
| Name | Type | Description | Required |
|---|---|---|---|
lastTransitionTime |
string |
lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
|
true |
message |
string |
message is a human readable message indicating details about the transition. This may be an empty string. |
true |
reason |
string |
reason contains a programmatic identifier indicating the reason for the condition’s last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. |
true |
status |
enum |
status of the condition, one of True, False, Unknown.
|
true |
type |
string |
type of condition in CamelCase or in foo.example.com/CamelCase. |
true |
observedGeneration |
integer |
observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
|
false |
VCenterBinding.status.rootCa
RootCA is a reference to the v1.ConfigMap named 'vcenter-ca' containing the vCenter’s root certificate in the key named 'ca-bundle'.
Mutable.
| Name | Type | Description | Required |
|---|---|---|---|
apiVersion |
string |
API version of the referent. |
false |
fieldPath |
string |
If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. |
false |
kind |
string |
Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
false |
name |
string |
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names |
false |
namespace |
string |
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ |
false |
resourceVersion |
string |
Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency |
false |
uid |
string |
UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids |
false |