214 lines
7.0 KiB
YAML
214 lines
7.0 KiB
YAML
apiVersion: "acid.zalan.do/v1"
|
|
kind: OperatorConfiguration
|
|
metadata:
|
|
name: postgresql-operator-configuration
|
|
configuration:
|
|
docker_image: ghcr.io/zalando/spilo-15:3.0-p1
|
|
# enable_crd_registration: true
|
|
# crd_categories:
|
|
# - all
|
|
# enable_lazy_spilo_upgrade: false
|
|
enable_pgversion_env_var: true
|
|
# enable_shm_volume: true
|
|
enable_spilo_wal_path_compat: false
|
|
enable_team_id_clustername_prefix: false
|
|
etcd_host: ""
|
|
# ignore_instance_limits_annotation_key: ""
|
|
# kubernetes_use_configmaps: false
|
|
max_instances: -1
|
|
min_instances: -1
|
|
resync_period: 30m
|
|
repair_period: 5m
|
|
# set_memory_request_to_limit: false
|
|
# sidecars:
|
|
# - image: image:123
|
|
# name: global-sidecar-1
|
|
# ports:
|
|
# - containerPort: 80
|
|
# protocol: TCP
|
|
workers: 2
|
|
users:
|
|
# additional_owner_roles:
|
|
# - cron_admin
|
|
enable_password_rotation: false
|
|
password_rotation_interval: 90
|
|
password_rotation_user_retention: 180
|
|
replication_username: standby
|
|
super_username: postgres
|
|
major_version_upgrade:
|
|
major_version_upgrade_mode: "off"
|
|
# major_version_upgrade_team_allow_list:
|
|
# - acid
|
|
minimal_major_version: "11"
|
|
target_major_version: "15"
|
|
kubernetes:
|
|
# additional_pod_capabilities:
|
|
# - "SYS_NICE"
|
|
cluster_domain: cluster.local
|
|
cluster_labels:
|
|
application: spilo
|
|
cluster_name_label: cluster-name
|
|
# custom_pod_annotations:
|
|
# keya: valuea
|
|
# keyb: valueb
|
|
# delete_annotation_date_key: delete-date
|
|
# delete_annotation_name_key: delete-clustername
|
|
# downscaler_annotations:
|
|
# - deployment-time
|
|
# - downscaler/*
|
|
enable_cross_namespace_secret: true
|
|
enable_init_containers: true
|
|
enable_pod_antiaffinity: false
|
|
enable_pod_disruption_budget: true
|
|
enable_readiness_probe: false
|
|
enable_sidecars: true
|
|
# ignored_annotations:
|
|
# - k8s.v1.cni.cncf.io/network-status
|
|
# infrastructure_roles_secret_name: "postgresql-infrastructure-roles"
|
|
# infrastructure_roles_secrets:
|
|
# - secretname: "monitoring-roles"
|
|
# userkey: "user"
|
|
# passwordkey: "password"
|
|
# rolekey: "inrole"
|
|
# - secretname: "other-infrastructure-role"
|
|
# userkey: "other-user-key"
|
|
# passwordkey: "other-password-key"
|
|
# inherited_annotations:
|
|
# - owned-by
|
|
# inherited_labels:
|
|
# - application
|
|
# - environment
|
|
master_pod_move_timeout: 20m
|
|
# node_readiness_label:
|
|
# status: ready
|
|
# node_readiness_label_merge: "OR"
|
|
oauth_token_secret_name: postgresql-operator
|
|
pdb_name_format: "postgres-{cluster}-pdb"
|
|
pod_antiaffinity_preferred_during_scheduling: false
|
|
pod_antiaffinity_topology_key: "kubernetes.io/hostname"
|
|
pod_environment_configmap: postgresql/pod-env
|
|
pod_environment_secret: pod-secrets
|
|
pod_management_policy: "ordered_ready"
|
|
# pod_priority_class_name: "postgres-pod-priority"
|
|
pod_role_label: spilo-role
|
|
# pod_service_account_definition: ""
|
|
pod_service_account_name: postgres-pod
|
|
# pod_service_account_role_binding_definition: ""
|
|
pod_terminate_grace_period: 5m
|
|
secret_name_template: "{username}.{cluster}.credentials.{tprkind}.{tprgroup}"
|
|
share_pgsocket_with_sidecars: false
|
|
spilo_allow_privilege_escalation: true
|
|
# spilo_runasuser: 101
|
|
# spilo_runasgroup: 103
|
|
spilo_fsgroup: 103
|
|
spilo_privileged: false
|
|
storage_resize_mode: pvc
|
|
# toleration:
|
|
# key: db-only
|
|
# operator: Exists
|
|
# effect: NoSchedule
|
|
# watched_namespace: ""
|
|
postgres_pod_resources:
|
|
default_cpu_limit: "1"
|
|
default_cpu_request: 100m
|
|
default_memory_limit: 500Mi
|
|
default_memory_request: 100Mi
|
|
# max_cpu_request: "1"
|
|
# max_memory_request: 4Gi
|
|
# min_cpu_limit: 250m
|
|
# min_memory_limit: 250Mi
|
|
timeouts:
|
|
patroni_api_check_interval: 1s
|
|
patroni_api_check_timeout: 5s
|
|
pod_label_wait_timeout: 10m
|
|
pod_deletion_wait_timeout: 10m
|
|
ready_wait_interval: 4s
|
|
ready_wait_timeout: 30s
|
|
resource_check_interval: 3s
|
|
resource_check_timeout: 10m
|
|
load_balancer:
|
|
# custom_service_annotations:
|
|
# keyx: valuex
|
|
# keyy: valuey
|
|
# db_hosted_zone: ""
|
|
enable_master_load_balancer: false
|
|
enable_master_pooler_load_balancer: false
|
|
enable_replica_load_balancer: false
|
|
enable_replica_pooler_load_balancer: false
|
|
external_traffic_policy: "Cluster"
|
|
master_dns_name_format: "{cluster}.{namespace}.{hostedzone}"
|
|
# master_legacy_dns_name_format: "{cluster}.{team}.{hostedzone}"
|
|
replica_dns_name_format: "{cluster}-repl.{namespace}.{hostedzone}"
|
|
# replica_dns_old_name_format: "{cluster}-repl.{team}.{hostedzone}"
|
|
aws_or_gcp:
|
|
additional_secret_mount: ssh-auth
|
|
additional_secret_mount_path: /run/secrets/ssh-auth
|
|
aws_region: eu-central-1
|
|
enable_ebs_gp3_migration: false
|
|
# enable_ebs_gp3_migration_max_size: 1000
|
|
# gcp_credentials: ""
|
|
# kube_iam_role: ""
|
|
# log_s3_bucket: ""
|
|
# wal_az_storage_account: ""
|
|
# wal_gs_bucket: ""
|
|
# wal_s3_bucket: ""
|
|
logical_backup:
|
|
# logical_backup_azure_storage_account_name: ""
|
|
# logical_backup_azure_storage_container: ""
|
|
# logical_backup_azure_storage_account_key: ""
|
|
# logical_backup_cpu_limit: ""
|
|
# logical_backup_cpu_request: ""
|
|
# logical_backup_memory_limit: ""
|
|
# logical_backup_memory_request: ""
|
|
logical_backup_docker_image: "registry.opensource.zalan.do/acid/logical-backup:v1.10.0"
|
|
# logical_backup_google_application_credentials: ""
|
|
logical_backup_job_prefix: "logical-backup-"
|
|
logical_backup_provider: "s3"
|
|
# logical_backup_s3_access_key_id: ""
|
|
logical_backup_s3_bucket: "my-bucket-url"
|
|
# logical_backup_s3_endpoint: ""
|
|
# logical_backup_s3_region: ""
|
|
# logical_backup_s3_secret_access_key: ""
|
|
logical_backup_s3_sse: "AES256"
|
|
# logical_backup_s3_retention_time: ""
|
|
logical_backup_schedule: "30 00 * * *"
|
|
debug:
|
|
debug_logging: true
|
|
enable_database_access: true
|
|
teams_api:
|
|
# enable_admin_role_for_users: true
|
|
# enable_postgres_team_crd: false
|
|
# enable_postgres_team_crd_superusers: false
|
|
enable_team_member_deprecation: false
|
|
enable_team_superuser: false
|
|
enable_teams_api: false
|
|
# pam_configuration: ""
|
|
pam_role_name: zalandos
|
|
# postgres_superuser_teams:
|
|
# - postgres_superusers
|
|
protected_role_names:
|
|
- admin
|
|
- cron_admin
|
|
role_deletion_suffix: "_deleted"
|
|
team_admin_role: admin
|
|
team_api_role_configuration:
|
|
log_statement: all
|
|
# teams_api_url: ""
|
|
logging_rest_api:
|
|
api_port: 8080
|
|
cluster_history_entries: 1000
|
|
ring_log_lines: 100
|
|
connection_pooler:
|
|
connection_pooler_default_cpu_limit: "1"
|
|
connection_pooler_default_cpu_request: "500m"
|
|
connection_pooler_default_memory_limit: 100Mi
|
|
connection_pooler_default_memory_request: 100Mi
|
|
connection_pooler_image: "registry.opensource.zalan.do/acid/pgbouncer:master-27"
|
|
# connection_pooler_max_db_connections: 60
|
|
connection_pooler_mode: "transaction"
|
|
connection_pooler_number_of_instances: 2
|
|
# connection_pooler_schema: "pooler"
|
|
# connection_pooler_user: "pooler"
|
|
patroni:
|
|
enable_patroni_failsafe_mode: false
|