{ "description": "ObjectStore is the Schema for the objectstores API.", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { "description": "Specification of the desired behavior of the ObjectStore.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", "properties": { "configuration": { "description": "The configuration for the barman-cloud tool suite", "properties": { "azureCredentials": { "description": "The credentials to use to upload data to Azure Blob Storage", "properties": { "connectionString": { "description": "The connection string to be used", "properties": { "key": { "description": "The key to select", "type": "string" }, "name": { "description": "Name of the referent.", "type": "string" } }, "required": [ "key", "name" ], "type": "object", "additionalProperties": false }, "inheritFromAzureAD": { "description": "Use the Azure AD based authentication without providing explicitly the keys.", "type": "boolean" }, "storageAccount": { "description": "The storage account where to upload data", "properties": { "key": { "description": "The key to select", "type": "string" }, "name": { "description": "Name of the referent.", "type": "string" } }, "required": [ "key", "name" ], "type": "object", "additionalProperties": false }, "storageKey": { "description": "The storage account key to be used in conjunction\nwith the storage account name", "properties": { "key": { "description": "The key to select", "type": "string" }, "name": { "description": "Name of the referent.", "type": "string" } }, "required": [ "key", "name" ], "type": "object", "additionalProperties": false }, "storageSasToken": { "description": "A shared-access-signature to be used in conjunction with\nthe storage account name", "properties": { "key": { "description": "The key to select", "type": "string" }, "name": { "description": "Name of the referent.", "type": "string" } }, "required": [ "key", "name" ], "type": "object", "additionalProperties": false }, "useDefaultAzureCredentials": { "description": "Use the default Azure authentication flow, which includes DefaultAzureCredential.\nThis allows authentication using environment variables and managed identities.", "type": "boolean" } }, "type": "object", "additionalProperties": false }, "data": { "description": "The configuration to be used to backup the data files\nWhen not defined, base backups files will be stored uncompressed and may\nbe unencrypted in the object store, according to the bucket default\npolicy.", "properties": { "additionalCommandArgs": { "description": "AdditionalCommandArgs represents additional arguments that can be appended\nto the 'barman-cloud-backup' command-line invocation. These arguments\nprovide flexibility to customize the backup process further according to\nspecific requirements or configurations.\n\nExample:\nIn a scenario where specialized backup options are required, such as setting\na specific timeout or defining custom behavior, users can use this field\nto specify additional command arguments.\n\nNote:\nIt's essential to ensure that the provided arguments are valid and supported\nby the 'barman-cloud-backup' command, to avoid potential errors or unintended\nbehavior during execution.", "items": { "type": "string" }, "type": "array" }, "compression": { "description": "Compress a backup file (a tar file per tablespace) while streaming it\nto the object store. Available options are empty string (no\ncompression, default), `gzip`, `bzip2`, and `snappy`.", "enum": [ "bzip2", "gzip", "snappy" ], "type": "string" }, "encryption": { "description": "Whenever to force the encryption of files (if the bucket is\nnot already configured for that).\nAllowed options are empty string (use the bucket policy, default),\n`AES256` and `aws:kms`", "enum": [ "AES256", "aws:kms" ], "type": "string" }, "immediateCheckpoint": { "description": "Control whether the I/O workload for the backup initial checkpoint will\nbe limited, according to the `checkpoint_completion_target` setting on\nthe PostgreSQL server. If set to true, an immediate checkpoint will be\nused, meaning PostgreSQL will complete the checkpoint as soon as\npossible. `false` by default.", "type": "boolean" }, "jobs": { "description": "The number of parallel jobs to be used to upload the backup, defaults\nto 2", "format": "int32", "minimum": 1, "type": "integer" } }, "type": "object", "additionalProperties": false }, "destinationPath": { "description": "The path where to store the backup (i.e. s3://bucket/path/to/folder)\nthis path, with different destination folders, will be used for WALs\nand for data", "minLength": 1, "type": "string" }, "endpointCA": { "description": "EndpointCA store the CA bundle of the barman endpoint.\nUseful when using self-signed certificates to avoid\nerrors with certificate issuer and barman-cloud-wal-archive", "properties": { "key": { "description": "The key to select", "type": "string" }, "name": { "description": "Name of the referent.", "type": "string" } }, "required": [ "key", "name" ], "type": "object", "additionalProperties": false }, "endpointURL": { "description": "Endpoint to be used to upload data to the cloud,\noverriding the automatic endpoint discovery", "type": "string" }, "googleCredentials": { "description": "The credentials to use to upload data to Google Cloud Storage", "properties": { "applicationCredentials": { "description": "The secret containing the Google Cloud Storage JSON file with the credentials", "properties": { "key": { "description": "The key to select", "type": "string" }, "name": { "description": "Name of the referent.", "type": "string" } }, "required": [ "key", "name" ], "type": "object", "additionalProperties": false }, "gkeEnvironment": { "description": "If set to true, will presume that it's running inside a GKE environment,\ndefault to false.", "type": "boolean" } }, "type": "object", "additionalProperties": false }, "historyTags": { "additionalProperties": { "type": "string" }, "description": "HistoryTags is a list of key value pairs that will be passed to the\nBarman --history-tags option.", "type": "object" }, "s3Credentials": { "description": "The credentials to use to upload data to S3", "properties": { "accessKeyId": { "description": "The reference to the access key id", "properties": { "key": { "description": "The key to select", "type": "string" }, "name": { "description": "Name of the referent.", "type": "string" } }, "required": [ "key", "name" ], "type": "object", "additionalProperties": false }, "inheritFromIAMRole": { "description": "Use the role based authentication without providing explicitly the keys.", "type": "boolean" }, "region": { "description": "The reference to the secret containing the region name", "properties": { "key": { "description": "The key to select", "type": "string" }, "name": { "description": "Name of the referent.", "type": "string" } }, "required": [ "key", "name" ], "type": "object", "additionalProperties": false }, "secretAccessKey": { "description": "The reference to the secret access key", "properties": { "key": { "description": "The key to select", "type": "string" }, "name": { "description": "Name of the referent.", "type": "string" } }, "required": [ "key", "name" ], "type": "object", "additionalProperties": false }, "sessionToken": { "description": "The references to the session key", "properties": { "key": { "description": "The key to select", "type": "string" }, "name": { "description": "Name of the referent.", "type": "string" } }, "required": [ "key", "name" ], "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "serverName": { "description": "The server name on S3, the cluster name is used if this\nparameter is omitted", "type": "string" }, "tags": { "additionalProperties": { "type": "string" }, "description": "Tags is a list of key value pairs that will be passed to the\nBarman --tags option.", "type": "object" }, "wal": { "description": "The configuration for the backup of the WAL stream.\nWhen not defined, WAL files will be stored uncompressed and may be\nunencrypted in the object store, according to the bucket default policy.", "properties": { "archiveAdditionalCommandArgs": { "description": "Additional arguments that can be appended to the 'barman-cloud-wal-archive'\ncommand-line invocation. These arguments provide flexibility to customize\nthe WAL archive process further, according to specific requirements or configurations.\n\nExample:\nIn a scenario where specialized backup options are required, such as setting\na specific timeout or defining custom behavior, users can use this field\nto specify additional command arguments.\n\nNote:\nIt's essential to ensure that the provided arguments are valid and supported\nby the 'barman-cloud-wal-archive' command, to avoid potential errors or unintended\nbehavior during execution.", "items": { "type": "string" }, "type": "array" }, "compression": { "description": "Compress a WAL file before sending it to the object store. Available\noptions are empty string (no compression, default), `gzip`, `bzip2`,\n`lz4`, `snappy`, `xz`, and `zstd`.", "enum": [ "bzip2", "gzip", "lz4", "snappy", "xz", "zstd" ], "type": "string" }, "encryption": { "description": "Whenever to force the encryption of files (if the bucket is\nnot already configured for that).\nAllowed options are empty string (use the bucket policy, default),\n`AES256` and `aws:kms`", "enum": [ "AES256", "aws:kms" ], "type": "string" }, "maxParallel": { "description": "Number of WAL files to be either archived in parallel (when the\nPostgreSQL instance is archiving to a backup object store) or\nrestored in parallel (when a PostgreSQL standby is fetching WAL\nfiles from a recovery object store). If not specified, WAL files\nwill be processed one at a time. It accepts a positive integer as a\nvalue - with 1 being the minimum accepted value.", "minimum": 1, "type": "integer" }, "restoreAdditionalCommandArgs": { "description": "Additional arguments that can be appended to the 'barman-cloud-wal-restore'\ncommand-line invocation. These arguments provide flexibility to customize\nthe WAL restore process further, according to specific requirements or configurations.\n\nExample:\nIn a scenario where specialized backup options are required, such as setting\na specific timeout or defining custom behavior, users can use this field\nto specify additional command arguments.\n\nNote:\nIt's essential to ensure that the provided arguments are valid and supported\nby the 'barman-cloud-wal-restore' command, to avoid potential errors or unintended\nbehavior during execution.", "items": { "type": "string" }, "type": "array" } }, "type": "object", "additionalProperties": false } }, "required": [ "destinationPath" ], "type": "object", "x-kubernetes-validations": [ { "fieldPath": ".serverName", "message": "use the 'serverName' plugin parameter in the Cluster resource", "reason": "FieldValueForbidden", "rule": "!has(self.serverName)" } ], "additionalProperties": false }, "instanceSidecarConfiguration": { "description": "The configuration for the sidecar that runs in the instance pods", "properties": { "additionalContainerArgs": { "description": "AdditionalContainerArgs is an optional list of command-line arguments\nto be passed to the sidecar container when it starts.\nThe provided arguments are appended to the container\u2019s default arguments.", "items": { "type": "string" }, "type": "array", "x-kubernetes-validations": [ { "message": "do not set --log-level in additionalContainerArgs; use spec.instanceSidecarConfiguration.logLevel", "reason": "FieldValueForbidden", "rule": "!self.exists(a, a.startsWith('--log-level'))" } ] }, "env": { "description": "The environment to be explicitly passed to the sidecar", "items": { "description": "EnvVar represents an environment variable present in a Container.", "properties": { "name": { "description": "Name of the environment variable.\nMay consist of any printable ASCII characters except '='.", "type": "string" }, "value": { "description": "Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\".", "type": "string" }, "valueFrom": { "description": "Source for the environment variable's value. Cannot be used if value is not empty.", "properties": { "configMapKeyRef": { "description": "Selects a key of a ConfigMap.", "properties": { "key": { "description": "The key to select.", "type": "string" }, "name": { "default": "", "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { "description": "Specify whether the ConfigMap or its key must be defined", "type": "boolean" } }, "required": [ "key" ], "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "fieldRef": { "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", "properties": { "apiVersion": { "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", "type": "string" }, "fieldPath": { "description": "Path of the field to select in the specified API version.", "type": "string" } }, "required": [ "fieldPath" ], "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "fileKeyRef": { "description": "FileKeyRef selects a key of the env file.\nRequires the EnvFiles feature gate to be enabled.", "properties": { "key": { "description": "The key within the env file. An invalid key will prevent the pod from starting.\nThe keys defined within a source may consist of any printable ASCII characters except '='.\nDuring Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters.", "type": "string" }, "optional": { "default": false, "description": "Specify whether the file or its key must be defined. If the file or key\ndoes not exist, then the env var is not published.\nIf optional is set to true and the specified key does not exist,\nthe environment variable will not be set in the Pod's containers.\n\nIf optional is set to false and the specified key does not exist,\nan error will be returned during Pod creation.", "type": "boolean" }, "path": { "description": "The path within the volume from which to select the file.\nMust be relative and may not contain the '..' path or start with '..'.", "type": "string" }, "volumeName": { "description": "The name of the volume mount containing the env file.", "type": "string" } }, "required": [ "key", "path", "volumeName" ], "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "resourceFieldRef": { "description": "Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", "properties": { "containerName": { "description": "Container name: required for volumes, optional for env vars", "type": "string" }, "divisor": { "anyOf": [ { "type": "integer" }, { "type": "string" } ], "description": "Specifies the output format of the exposed resources, defaults to \"1\"", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, "resource": { "description": "Required: resource to select", "type": "string" } }, "required": [ "resource" ], "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false }, "secretKeyRef": { "description": "Selects a key of a secret in the pod's namespace", "properties": { "key": { "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string" }, "name": { "default": "", "description": "Name of the referent.\nThis field is effectively required, but due to backwards compatibility is\nallowed to be empty. Instances of this type with an empty value here are\nalmost certainly wrong.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string" }, "optional": { "description": "Specify whether the Secret or its key must be defined", "type": "boolean" } }, "required": [ "key" ], "type": "object", "x-kubernetes-map-type": "atomic", "additionalProperties": false } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "type": "array" }, "logLevel": { "default": "info", "description": "The log level for PostgreSQL instances. Valid values are: `error`, `warning`, `info` (default), `debug`, `trace`", "enum": [ "error", "warning", "info", "debug", "trace" ], "type": "string" }, "resources": { "description": "Resources define cpu/memory requests and limits for the sidecar that runs in the instance pods.", "properties": { "claims": { "description": "Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\nThis field depends on the\nDynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", "items": { "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", "properties": { "name": { "description": "Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container.", "type": "string" }, "request": { "description": "Request is the name chosen for a request in the referenced claim.\nIf empty, everything from the claim is made available, otherwise\nonly the result of this request.", "type": "string" } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "type": "array", "x-kubernetes-list-map-keys": [ "name" ], "x-kubernetes-list-type": "map" }, "limits": { "additionalProperties": { "anyOf": [ { "type": "integer" }, { "type": "string" } ], "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, "description": "Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object" }, "requests": { "additionalProperties": { "anyOf": [ { "type": "integer" }, { "type": "string" } ], "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "object" } }, "type": "object", "additionalProperties": false }, "retentionPolicyIntervalSeconds": { "default": 1800, "description": "The retentionCheckInterval defines the frequency at which the\nsystem checks and enforces retention policies.", "type": "integer" } }, "type": "object", "additionalProperties": false }, "retentionPolicy": { "description": "RetentionPolicy is the retention policy to be used for backups\nand WALs (i.e. '60d'). The retention policy is expressed in the form\nof `XXu` where `XX` is a positive integer and `u` is in `[dwm]` -\ndays, weeks, months.", "pattern": "^[1-9][0-9]*[dwm]$", "type": "string" } }, "required": [ "configuration" ], "type": "object", "additionalProperties": false }, "status": { "description": "Most recently observed status of the ObjectStore. This data may not be up to\ndate. Populated by the system. Read-only.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", "properties": { "serverRecoveryWindow": { "additionalProperties": { "description": "RecoveryWindow represents the time span between the first\nrecoverability point and the last successful backup of a PostgreSQL\nserver, defining the period during which data can be restored.", "properties": { "firstRecoverabilityPoint": { "description": "The first recoverability point in a PostgreSQL server refers to\nthe earliest point in time to which the database can be\nrestored.", "format": "date-time", "type": "string" }, "lastFailedBackupTime": { "description": "The last failed backup time", "format": "date-time", "type": "string" }, "lastSuccessfulBackupTime": { "description": "The last successful backup time", "format": "date-time", "type": "string" } }, "type": "object", "additionalProperties": false }, "description": "ServerRecoveryWindow maps each server to its recovery window", "type": "object" } }, "type": "object", "additionalProperties": false } }, "required": [ "metadata", "spec" ], "type": "object" }