API Reference¶
Packages¶
dbops.dbprovision.io/v1alpha1¶
Package v1alpha1 contains API Schema definitions for the dbops v1alpha1 API group.
Resource Types¶
- Database
- DatabaseBackup
- DatabaseBackupSchedule
- DatabaseGrant
- DatabaseInstance
- DatabaseRestore
- DatabaseRole
- DatabaseUser
AppliedGrantsInfo¶
AppliedGrantsInfo contains information about applied grants
Appears in: - DatabaseGrantStatus
| Field | Description | Default | Validation |
|---|---|---|---|
roles string array |
Roles lists assigned roles | ||
directGrants integer |
DirectGrants is the count of direct grants applied | ||
defaultPrivileges integer |
DefaultPrivileges is the count of default privileges applied |
AzureStorageConfig¶
AzureStorageConfig defines Azure Blob Storage configuration
Appears in: - StorageConfig
| Field | Description | Default | Validation |
|---|---|---|---|
container string |
Container name | Required: {} |
|
storageAccount string |
StorageAccount name | Required: {} |
|
prefix string |
Prefix (path prefix within the container) | Optional: {} |
|
secretRef SecretReference |
SecretRef references a secret containing Azure credentials | Required: {} |
BackupInfo¶
BackupInfo contains backup file information
Appears in: - DatabaseBackupStatus
| Field | Description | Default | Validation |
|---|---|---|---|
path string |
Path is the full path to the backup file | ||
sizeBytes integer |
SizeBytes is the backup size in bytes (uncompressed) | ||
compressedSizeBytes integer |
CompressedSizeBytes is the backup size in bytes (compressed) | ||
checksum string |
Checksum is the backup file checksum | ||
format string |
Format is the backup format (e.g., custom, plain, directory) |
BackupReference¶
BackupReference references a DatabaseBackup
Appears in: - DatabaseRestoreSpec
| Field | Description | Default | Validation |
|---|---|---|---|
name string |
Name of the DatabaseBackup resource | Required: {} |
|
namespace string |
Namespace of the DatabaseBackup (defaults to the resource namespace) | Optional: {} |
BackupSourceInfo¶
BackupSourceInfo contains information about the backup source
Appears in: - DatabaseBackupStatus
| Field | Description | Default | Validation |
|---|---|---|---|
instance string |
Instance is the DatabaseInstance name | ||
database string |
Database is the database name | ||
engine string |
Engine is the database engine type | ||
version string |
Version is the database server version | ||
timestamp Time |
Timestamp is the point-in-time of the backup |
BackupStatistics¶
BackupStatistics contains backup statistics
Appears in: - DatabaseBackupScheduleStatus
| Field | Description | Default | Validation |
|---|---|---|---|
totalBackups integer |
TotalBackups is the total number of backups created | ||
successfulBackups integer |
SuccessfulBackups is the number of successful backups | ||
failedBackups integer |
FailedBackups is the number of failed backups | ||
averageDurationSeconds integer |
AverageDurationSeconds is the average backup duration | ||
averageSizeBytes integer |
AverageSizeBytes is the average backup size | ||
totalStorageBytes integer |
TotalStorageBytes is the total storage used by all backups |
BackupTemplateMeta¶
BackupTemplateMeta defines metadata for created backups
Appears in: - BackupTemplateSpec
| Field | Description | Default | Validation |
|---|---|---|---|
labels object (keys:string, values:string) |
Labels to add to created backups | Optional: {} |
|
annotations object (keys:string, values:string) |
Annotations to add to created backups | Optional: {} |
BackupTemplateSpec¶
BackupTemplateSpec defines the template for created backups
Appears in: - DatabaseBackupScheduleSpec
| Field | Description | Default | Validation |
|---|---|---|---|
metadata BackupTemplateMeta |
Refer to Kubernetes API documentation for fields of metadata. |
Optional: {} |
|
spec DatabaseBackupSpec |
Spec for the created backup | Required: {} |
CompressionAlgorithm¶
Underlying type: string
CompressionAlgorithm defines the compression algorithm
Validation: - Enum: [gzip lz4 zstd none]
Appears in: - CompressionConfig
| Field | Description |
|---|---|
gzip |
|
lz4 |
|
zstd |
|
none |
CompressionConfig¶
CompressionConfig defines backup compression settings
Appears in: - DatabaseBackupSpec - RestoreFromPath
| Field | Description | Default | Validation |
|---|---|---|---|
enabled boolean |
Enabled enables compression | true | |
algorithm CompressionAlgorithm |
Algorithm specifies the compression algorithm | gzip | Enum: [gzip lz4 zstd] |
level integer |
Level specifies the compression level (1-9) | 6 | Maximum: 9 Minimum: 1 |
ConcurrencyPolicy¶
Underlying type: string
ConcurrencyPolicy defines how to handle concurrent backups
Validation: - Enum: [Allow Forbid Replace]
Appears in: - DatabaseBackupScheduleSpec
| Field | Description |
|---|---|
Allow |
|
Forbid |
|
Replace |
ConnectionConfig¶
ConnectionConfig defines the database connection settings
Appears in: - DatabaseInstanceSpec
| Field | Description | Default | Validation |
|---|---|---|---|
host string |
Host is the database server hostname or IP | MinLength: 1 Required: {} |
|
port integer |
Port is the database server port | Maximum: 65535 Minimum: 1 Required: {} |
|
database string |
Database is the admin database name for initial connection | Required: {} |
|
secretRef CredentialSecretRef |
SecretRef references a secret containing credentials (mutually exclusive with ExistingSecret) | Optional: {} |
|
existingSecret CredentialSecretRef |
ExistingSecret references an existing secret with custom keys (mutually exclusive with SecretRef) | Optional: {} |
CredentialKeys¶
CredentialKeys defines the key names within a credential secret
Appears in: - CredentialSecretRef
| Field | Description | Default | Validation |
|---|---|---|---|
username string |
Username key in the secret (default: "username") | username | |
password string |
Password key in the secret (default: "password") | password |
CredentialSecretRef¶
CredentialSecretRef references credentials in a secret
Appears in: - ConnectionConfig
| Field | Description | Default | Validation |
|---|---|---|---|
name string |
Name of the secret containing credentials | Required: {} |
|
namespace string |
Namespace of the secret (defaults to the resource's namespace if not specified) | Optional: {} |
|
keys CredentialKeys |
Keys defines the key names for username and password | Optional: {} |
Database¶
Database is the Schema for the databases API.
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string |
dbops.dbprovision.io/v1alpha1 |
||
kind string |
Database |
||
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
||
spec DatabaseSpec |
|||
status DatabaseStatus |
DatabaseBackup¶
DatabaseBackup is the Schema for the databasebackups API.
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string |
dbops.dbprovision.io/v1alpha1 |
||
kind string |
DatabaseBackup |
||
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
||
spec DatabaseBackupSpec |
|||
status DatabaseBackupStatus |
DatabaseBackupSchedule¶
DatabaseBackupSchedule is the Schema for the databasebackupschedules API.
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string |
dbops.dbprovision.io/v1alpha1 |
||
kind string |
DatabaseBackupSchedule |
||
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
||
spec DatabaseBackupScheduleSpec |
|||
status DatabaseBackupScheduleStatus |
DatabaseBackupScheduleSpec¶
DatabaseBackupScheduleSpec defines the desired state of DatabaseBackupSchedule.
Appears in: - DatabaseBackupSchedule
| Field | Description | Default | Validation |
|---|---|---|---|
schedule string |
Schedule is the cron expression for the backup schedule | MinLength: 1 Required: {} |
|
timezone string |
Timezone is the timezone for the schedule (e.g., "Asia/Bangkok") | UTC | |
paused boolean |
Paused suspends the schedule | Optional: {} |
|
concurrencyPolicy ConcurrencyPolicy |
ConcurrencyPolicy defines how to handle concurrent backups | Forbid | Enum: [Allow Forbid Replace] |
template BackupTemplateSpec |
Template defines the DatabaseBackup to create | Required: {} |
|
retention RetentionPolicy |
Retention defines the backup retention policy | Optional: {} |
|
successfulBackupsHistoryLimit integer |
SuccessfulBackupsHistoryLimit is the number of successful backups to keep in status | 5 | Minimum: 0 |
failedBackupsHistoryLimit integer |
FailedBackupsHistoryLimit is the number of failed backups to keep in status | 3 | Minimum: 0 |
deletionProtection boolean |
DeletionProtection prevents accidental deletion | Optional: {} |
DatabaseBackupScheduleStatus¶
DatabaseBackupScheduleStatus defines the observed state of DatabaseBackupSchedule.
Appears in: - DatabaseBackupSchedule
| Field | Description | Default | Validation |
|---|---|---|---|
phase Phase |
Phase represents the current state | Enum: [Active Paused] |
|
lastBackup ScheduledBackupInfo |
LastBackup contains information about the last backup | ||
nextBackupTime Time |
NextBackupTime is the next scheduled backup time | ||
statistics BackupStatistics |
Statistics contains backup statistics | ||
recentBackups RecentBackupInfo array |
RecentBackups lists recent backup names and statuses | ||
conditions Condition array |
Conditions represent the latest available observations | Optional: {} |
DatabaseBackupSpec¶
DatabaseBackupSpec defines the desired state of DatabaseBackup.
Appears in: - BackupTemplateSpec - DatabaseBackup
| Field | Description | Default | Validation |
|---|---|---|---|
databaseRef DatabaseReference |
DatabaseRef references the Database to backup | Required: {} |
|
storage StorageConfig |
Storage defines where to store the backup | Required: {} |
|
compression CompressionConfig |
Compression configures backup compression | Optional: {} |
|
encryption EncryptionConfig |
Encryption configures backup encryption | Optional: {} |
|
ttl string |
TTL is the time-to-live for the backup (e.g., "168h" for 7 days) | Optional: {} |
|
activeDeadlineSeconds integer |
ActiveDeadlineSeconds is the timeout for the backup operation | 3600 | Minimum: 1 |
postgres PostgresBackupConfig |
PostgreSQL-specific backup configuration | Optional: {} |
|
mysql MySQLBackupConfig |
MySQL-specific backup configuration | Optional: {} |
DatabaseBackupStatus¶
DatabaseBackupStatus defines the observed state of DatabaseBackup.
Appears in: - DatabaseBackup
| Field | Description | Default | Validation |
|---|---|---|---|
phase Phase |
Phase represents the current state | Enum: [Pending Running Completed Failed] |
|
startedAt Time |
StartedAt is the backup start time | ||
completedAt Time |
CompletedAt is the backup completion time | ||
message string |
Message provides additional information about the current state | ||
backup BackupInfo |
Backup contains backup-specific status information | ||
source BackupSourceInfo |
Source contains information about the backup source | ||
expiresAt Time |
ExpiresAt is when the backup will be deleted | ||
conditions Condition array |
Conditions represent the latest available observations | Optional: {} |
DatabaseGrant¶
DatabaseGrant is the Schema for the databasegrants API.
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string |
dbops.dbprovision.io/v1alpha1 |
||
kind string |
DatabaseGrant |
||
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
||
spec DatabaseGrantSpec |
|||
status DatabaseGrantStatus |
DatabaseGrantSpec¶
DatabaseGrantSpec defines the desired state of DatabaseGrant.
Appears in: - DatabaseGrant
| Field | Description | Default | Validation |
|---|---|---|---|
userRef UserReference |
UserRef references the DatabaseUser to grant permissions to | Required: {} |
|
databaseRef DatabaseReference |
DatabaseRef references the Database for context (optional) | Optional: {} |
|
postgres PostgresGrantConfig |
PostgreSQL-specific grants | Optional: {} |
|
mysql MySQLGrantConfig |
MySQL-specific grants | Optional: {} |
|
driftPolicy DriftPolicy |
DriftPolicy overrides the instance-level drift policy for this grant. If not specified, the instance's drift policy is used. |
Optional: {} |
|
deletionProtection boolean |
DeletionProtection prevents accidental deletion | Optional: {} |
DatabaseGrantStatus¶
DatabaseGrantStatus defines the observed state of DatabaseGrant.
Appears in: - DatabaseGrant
| Field | Description | Default | Validation |
|---|---|---|---|
phase Phase |
Phase represents the current state | Enum: [Pending Creating Ready Failed Deleting] |
|
observedGeneration integer |
ObservedGeneration is the last observed generation of the resource | ||
message string |
Message provides additional information about the current state | ||
appliedGrants AppliedGrantsInfo |
AppliedGrants contains information about applied grants | ||
drift DriftStatus |
Drift contains drift detection status information | Optional: {} |
|
conditions Condition array |
Conditions represent the latest available observations | Optional: {} |
DatabaseInfo¶
DatabaseInfo contains general database information
Appears in: - DatabaseStatus
| Field | Description | Default | Validation |
|---|---|---|---|
name string |
Name is the actual database name | ||
owner string |
Owner is the database owner | ||
sizeBytes integer |
SizeBytes is the database size in bytes | ||
createdAt Time |
CreatedAt is the creation timestamp |
DatabaseInstance¶
DatabaseInstance is the Schema for the databaseinstances API.
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string |
dbops.dbprovision.io/v1alpha1 |
||
kind string |
DatabaseInstance |
||
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
||
spec DatabaseInstanceSpec |
|||
status DatabaseInstanceStatus |
DatabaseInstanceSpec¶
DatabaseInstanceSpec defines the desired state of DatabaseInstance.
Appears in: - DatabaseInstance
| Field | Description | Default | Validation |
|---|---|---|---|
engine EngineType |
Engine type (required, immutable) | Enum: [postgres mysql mariadb cockroachdb] Required: {} |
|
connection ConnectionConfig |
Connection configuration | Required: {} |
|
tls TLSConfig |
TLS configuration | Optional: {} |
|
healthCheck HealthCheckConfig |
Health check configuration | Optional: {} |
|
driftPolicy DriftPolicy |
DriftPolicy defines the default drift detection policy for resources using this instance. Individual resources can override this policy. |
Optional: {} |
|
discovery DiscoveryConfig |
Discovery enables scanning for database resources not managed by Kubernetes CRs. Discovered resources can be adopted via annotations. |
Optional: {} |
|
postgres PostgresInstanceConfig |
PostgreSQL-specific options (only valid when engine is "postgres") | Optional: {} |
|
mysql MySQLInstanceConfig |
MySQL-specific options (only valid when engine is "mysql") | Optional: {} |
|
deletionProtection boolean |
DeletionProtection prevents accidental deletion | Optional: {} |
DatabaseInstanceStatus¶
DatabaseInstanceStatus defines the observed state of DatabaseInstance.
Appears in: - DatabaseInstance
| Field | Description | Default | Validation |
|---|---|---|---|
phase Phase |
Phase represents the current state of the instance | Enum: [Pending Ready Failed] |
|
version string |
Version is the detected database server version | ||
message string |
Message provides additional information about the current state | ||
lastCheckedAt Time |
LastCheckedAt is the timestamp of the last health check | ||
observedGeneration integer |
ObservedGeneration is the last observed generation of the resource | ||
discoveredResources DiscoveredResourcesStatus |
DiscoveredResources contains resources found in the database that are not managed by CRs. Only populated when discovery is enabled. |
Optional: {} |
|
conditions Condition array |
Conditions represent the latest available observations | Optional: {} |
DatabaseReference¶
DatabaseReference references a Database
Appears in: - DatabaseBackupSpec - DatabaseGrantSpec - RestoreTarget
| Field | Description | Default | Validation |
|---|---|---|---|
name string |
Name of the Database resource | Required: {} |
|
namespace string |
Namespace of the Database (defaults to the resource namespace) | Optional: {} |
DatabaseRestore¶
DatabaseRestore is the Schema for the databaserestores API.
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string |
dbops.dbprovision.io/v1alpha1 |
||
kind string |
DatabaseRestore |
||
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
||
spec DatabaseRestoreSpec |
|||
status DatabaseRestoreStatus |
DatabaseRestoreSpec¶
DatabaseRestoreSpec defines the desired state of DatabaseRestore.
Appears in: - DatabaseRestore
| Field | Description | Default | Validation |
|---|---|---|---|
backupRef BackupReference |
BackupRef references the DatabaseBackup to restore from | Optional: {} |
|
fromPath RestoreFromPath |
FromPath allows restoring from a direct path instead of a backup reference | Optional: {} |
|
target RestoreTarget |
Target defines where to restore the backup | Required: {} |
|
confirmation RestoreConfirmation |
Confirmation contains safety confirmations for destructive operations | Optional: {} |
|
activeDeadlineSeconds integer |
ActiveDeadlineSeconds is the timeout for the restore operation | 7200 | Minimum: 1 |
postgres PostgresRestoreConfig |
PostgreSQL-specific restore configuration | Optional: {} |
|
mysql MySQLRestoreConfig |
MySQL-specific restore configuration | Optional: {} |
DatabaseRestoreStatus¶
DatabaseRestoreStatus defines the observed state of DatabaseRestore.
Appears in: - DatabaseRestore
| Field | Description | Default | Validation |
|---|---|---|---|
phase Phase |
Phase represents the current state | Enum: [Pending Running Completed Failed] |
|
startedAt Time |
StartedAt is the restore start time | ||
completedAt Time |
CompletedAt is the restore completion time | ||
message string |
Message provides additional information about the current state | ||
restore RestoreInfo |
Restore contains restore-specific status information | ||
progress RestoreProgress |
Progress contains restore progress information | ||
warnings string array |
Warnings contains any warnings encountered during restore | ||
conditions Condition array |
Conditions represent the latest available observations | Optional: {} |
DatabaseRole¶
DatabaseRole is the Schema for the databaseroles API.
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string |
dbops.dbprovision.io/v1alpha1 |
||
kind string |
DatabaseRole |
||
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
||
spec DatabaseRoleSpec |
|||
status DatabaseRoleStatus |
DatabaseRoleSpec¶
DatabaseRoleSpec defines the desired state of DatabaseRole.
Appears in: - DatabaseRole
| Field | Description | Default | Validation |
|---|---|---|---|
instanceRef InstanceReference |
InstanceRef references the DatabaseInstance to use | Required: {} |
|
roleName string |
RoleName is the role name in the database (immutable after creation) | MaxLength: 63 MinLength: 1 Pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ Required: {} |
|
postgres PostgresRoleConfig |
PostgreSQL-specific configuration | Optional: {} |
|
mysql MySQLRoleConfig |
MySQL-specific configuration | Optional: {} |
|
driftPolicy DriftPolicy |
DriftPolicy overrides the instance-level drift policy for this role. If not specified, the instance's drift policy is used. |
Optional: {} |
DatabaseRoleStatus¶
DatabaseRoleStatus defines the observed state of DatabaseRole.
Appears in: - DatabaseRole
| Field | Description | Default | Validation |
|---|---|---|---|
phase Phase |
Phase represents the current state | Enum: [Pending Creating Ready Failed Deleting] |
|
observedGeneration integer |
ObservedGeneration is the last observed generation of the resource | ||
message string |
Message provides additional information about the current state | ||
role RoleInfo |
Role contains role-specific status information | ||
drift DriftStatus |
Drift contains drift detection status information | Optional: {} |
|
conditions Condition array |
Conditions represent the latest available observations | Optional: {} |
DatabaseSpec¶
DatabaseSpec defines the desired state of Database.
Appears in: - Database
| Field | Description | Default | Validation |
|---|---|---|---|
instanceRef InstanceReference |
InstanceRef references the DatabaseInstance to use | Required: {} |
|
name string |
Name is the database name in the database server (immutable after creation) | MaxLength: 63 MinLength: 1 Pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ Required: {} |
|
deletionPolicy DeletionPolicy |
DeletionPolicy defines what happens on CR deletion | Retain | Enum: [Retain Delete Snapshot] |
deletionProtection boolean |
DeletionProtection prevents accidental deletion | true | |
driftPolicy DriftPolicy |
DriftPolicy overrides the instance-level drift policy for this database. If not specified, the instance's drift policy is used. |
Optional: {} |
|
postgres PostgresDatabaseConfig |
PostgreSQL-specific configuration (required when instance engine is "postgres") | Optional: {} |
|
mysql MySQLDatabaseConfig |
MySQL-specific configuration (required when instance engine is "mysql") | Optional: {} |
DatabaseStatus¶
DatabaseStatus defines the observed state of Database.
Appears in: - Database
| Field | Description | Default | Validation |
|---|---|---|---|
phase Phase |
Phase represents the current state of the database | Enum: [Pending Creating Ready Failed Deleting] |
|
observedGeneration integer |
ObservedGeneration is the last observed generation of the resource | ||
message string |
Message provides additional information about the current state | ||
database DatabaseInfo |
Database contains database-specific status information | ||
postgres PostgresDatabaseStatus |
Postgres contains PostgreSQL-specific status information | Optional: {} |
|
mysql MySQLDatabaseStatus |
MySQL contains MySQL-specific status information | Optional: {} |
|
drift DriftStatus |
Drift contains drift detection status information | Optional: {} |
|
conditions Condition array |
Conditions represent the latest available observations | Optional: {} |
DatabaseUser¶
DatabaseUser is the Schema for the databaseusers API.
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string |
dbops.dbprovision.io/v1alpha1 |
||
kind string |
DatabaseUser |
||
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
||
spec DatabaseUserSpec |
|||
status DatabaseUserStatus |
DatabaseUserSpec¶
DatabaseUserSpec defines the desired state of DatabaseUser.
Appears in: - DatabaseUser
| Field | Description | Default | Validation |
|---|---|---|---|
instanceRef InstanceReference |
InstanceRef references the DatabaseInstance to use | Required: {} |
|
username string |
Username is the database username (immutable after creation) | MaxLength: 63 MinLength: 1 Pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$ Required: {} |
|
passwordSecret PasswordConfig |
PasswordSecret configures password generation and secret output | Optional: {} |
|
existingPasswordSecret ExistingPasswordSecret |
ExistingPasswordSecret references an existing secret containing the password | Optional: {} |
|
passwordRotation PasswordRotationConfig |
PasswordRotation configures automatic password rotation | Optional: {} |
|
postgres PostgresUserConfig |
PostgreSQL-specific configuration | Optional: {} |
|
mysql MySQLUserConfig |
MySQL-specific configuration | Optional: {} |
|
driftPolicy DriftPolicy |
DriftPolicy overrides the instance-level drift policy for this user. If not specified, the instance's drift policy is used. |
Optional: {} |
DatabaseUserStatus¶
DatabaseUserStatus defines the observed state of DatabaseUser.
Appears in: - DatabaseUser
| Field | Description | Default | Validation |
|---|---|---|---|
phase Phase |
Phase represents the current state | Enum: [Pending Creating Ready Failed Deleting] |
|
observedGeneration integer |
ObservedGeneration is the last observed generation of the resource | ||
message string |
Message provides additional information about the current state | ||
user UserInfo |
User contains user-specific status information | ||
secret SecretInfo |
Secret contains generated secret information | ||
drift DriftStatus |
Drift contains drift detection status information | Optional: {} |
|
conditions Condition array |
Conditions represent the latest available observations | Optional: {} |
DeletionPolicy¶
Underlying type: string
DeletionPolicy defines what happens when a resource is deleted
Validation: - Enum: [Retain Delete Snapshot]
Appears in: - DatabaseSpec
| Field | Description |
|---|---|
Retain |
|
Delete |
|
Snapshot |
DiscoveredResource¶
DiscoveredResource represents a resource found in the database that is not managed by a Kubernetes CR.
Appears in: - DiscoveredResourcesStatus
| Field | Description | Default | Validation |
|---|---|---|---|
name string |
Name is the name of the discovered resource | ||
discovered Time |
Discovered is when this resource was first discovered | ||
adopted boolean |
Adopted indicates if this resource has been adopted via annotation |
DiscoveredResourcesStatus¶
DiscoveredResourcesStatus contains discovered unmanaged resources.
Appears in: - DatabaseInstanceStatus
| Field | Description | Default | Validation |
|---|---|---|---|
databases DiscoveredResource array |
Databases contains discovered database resources | Optional: {} |
|
users DiscoveredResource array |
Users contains discovered user resources | Optional: {} |
|
roles DiscoveredResource array |
Roles contains discovered role resources | Optional: {} |
|
lastScan Time |
LastScan is when the last discovery scan was performed | Optional: {} |
DiscoveryConfig¶
DiscoveryConfig defines configuration for resource discovery. When enabled, the operator will scan the database for resources that exist but are not managed by Kubernetes CRs.
Appears in: - DatabaseInstanceSpec
| Field | Description | Default | Validation |
|---|---|---|---|
enabled boolean |
Enabled enables resource discovery | false | |
interval string |
Interval specifies how often to scan for unmanaged resources (Go duration string) | 30m | Optional: {} |
DriftDiff¶
DriftDiff represents a single difference between desired and actual state.
Appears in: - DriftStatus
| Field | Description | Default | Validation |
|---|---|---|---|
field string |
Field is the name of the field that differs | ||
expected string |
Expected is the expected value from the CR spec | ||
actual string |
Actual is the actual value in the database | ||
destructive boolean |
Destructive indicates if correcting this drift would be destructive | Optional: {} |
|
immutable boolean |
Immutable indicates if this field cannot be changed after creation | Optional: {} |
DriftMode¶
Underlying type: string
DriftMode defines how drift is handled
Validation: - Enum: [ignore detect correct]
Appears in: - DriftPolicy
| Field | Description |
|---|---|
ignore |
DriftModeIgnore disables drift detection entirely |
detect |
DriftModeDetect detects drift and reports in status/events but does not auto-correct |
correct |
DriftModeCorrect detects drift and automatically corrects it |
DriftPolicy¶
DriftPolicy defines how drift detection and correction should be handled. This can be set at the instance level (default for all child resources) or overridden at the individual resource level.
Appears in: - DatabaseGrantSpec - DatabaseInstanceSpec - DatabaseRoleSpec - DatabaseSpec - DatabaseUserSpec
| Field | Description | Default | Validation |
|---|---|---|---|
mode DriftMode |
Mode determines how drift is handled | detect | Enum: [ignore detect correct] |
interval string |
Interval specifies how often to check for drift (Go duration string) This is only meaningful when mode is "detect" or "correct" |
5m | Optional: {} |
DriftStatus¶
DriftStatus represents the current drift detection status for a resource.
Appears in: - DatabaseGrantStatus - DatabaseRoleStatus - DatabaseStatus - DatabaseUserStatus
| Field | Description | Default | Validation |
|---|---|---|---|
detected boolean |
Detected indicates if drift was detected | ||
lastChecked Time |
LastChecked is when drift was last checked | Optional: {} |
|
diffs DriftDiff array |
Diffs contains the specific differences found | Optional: {} |
EncryptionAlgorithm¶
Underlying type: string
EncryptionAlgorithm defines the encryption algorithm
Validation: - Enum: [aes-256-gcm aes-256-cbc]
Appears in: - EncryptionConfig
| Field | Description |
|---|---|
aes-256-gcm |
|
aes-256-cbc |
EncryptionConfig¶
EncryptionConfig defines backup encryption settings
Appears in: - DatabaseBackupSpec - RestoreFromPath
| Field | Description | Default | Validation |
|---|---|---|---|
enabled boolean |
Enabled enables encryption | Optional: {} |
|
algorithm EncryptionAlgorithm |
Algorithm specifies the encryption algorithm | aes-256-gcm | Enum: [aes-256-gcm aes-256-cbc] |
secretRef SecretKeySelector |
SecretRef references a secret containing the encryption key | Optional: {} |
EngineType¶
Underlying type: string
EngineType defines the database engine type
Validation: - Enum: [postgres mysql mariadb cockroachdb]
Appears in: - DatabaseInstanceSpec
| Field | Description |
|---|---|
postgres |
|
mysql |
|
mariadb |
|
cockroachdb |
ExistingPasswordSecret¶
ExistingPasswordSecret references an existing secret containing a password
Appears in: - DatabaseUserSpec
| Field | Description | Default | Validation |
|---|---|---|---|
name string |
Name of the secret | Required: {} |
|
namespace string |
Namespace of the secret (defaults to the resource namespace) | Optional: {} |
|
key string |
Key within the secret containing the password | Required: {} |
GCSStorageConfig¶
GCSStorageConfig defines Google Cloud Storage configuration
Appears in: - StorageConfig
| Field | Description | Default | Validation |
|---|---|---|---|
bucket string |
Bucket name | Required: {} |
|
prefix string |
Prefix (path prefix within the bucket) | Optional: {} |
|
secretRef SecretKeySelector |
SecretRef references a secret containing GCS credentials | Required: {} |
HealthCheckConfig¶
HealthCheckConfig defines health check settings
Appears in: - DatabaseInstanceSpec
| Field | Description | Default | Validation |
|---|---|---|---|
enabled boolean |
Enabled enables periodic health checks | true | |
intervalSeconds integer |
IntervalSeconds defines how often to check (default: 30) | 30 | Minimum: 5 |
timeoutSeconds integer |
TimeoutSeconds defines the health check timeout (default: 5) | 5 | Minimum: 1 |
InstanceReference¶
InstanceReference references a DatabaseInstance
Appears in: - DatabaseRoleSpec - DatabaseSpec - DatabaseUserSpec - RestoreTarget
| Field | Description | Default | Validation |
|---|---|---|---|
name string |
Name of the DatabaseInstance | Required: {} |
|
namespace string |
Namespace of the DatabaseInstance (defaults to the resource namespace) | Optional: {} |
MySQLAuthPlugin¶
Underlying type: string
MySQLAuthPlugin defines MySQL authentication plugins
Validation: - Enum: [mysql_native_password caching_sha2_password sha256_password]
Appears in: - MySQLUserConfig
| Field | Description |
|---|---|
mysql_native_password |
|
caching_sha2_password |
|
sha256_password |
MySQLBackupConfig¶
MySQLBackupConfig defines MySQL-specific backup configuration
Appears in: - DatabaseBackupSpec
| Field | Description | Default | Validation |
|---|---|---|---|
method MySQLBackupMethod |
Method specifies the backup method | mysqldump | Enum: [mysqldump xtrabackup mysqlpump] |
singleTransaction boolean |
SingleTransaction uses a single transaction for InnoDB tables | true | |
quick boolean |
Quick retrieves rows one at a time instead of buffering | true | |
lockTables boolean |
LockTables locks all tables before backup | Optional: {} |
|
routines boolean |
Routines includes stored procedures and functions | true | |
triggers boolean |
Triggers includes triggers | true | |
events boolean |
Events includes events | true | |
extendedInsert boolean |
ExtendedInsert uses extended INSERT statements | true | |
setGtidPurged MySQLGtidPurged |
SetGtidPurged controls SET @@GLOBAL.GTID_PURGED | AUTO | Enum: [OFF ON AUTO] |
databases string array |
Databases lists specific databases to backup (empty = all) | Optional: {} |
|
tables string array |
Tables lists specific tables to backup (empty = all) | Optional: {} |
|
excludeTables string array |
ExcludeTables lists tables to exclude | Optional: {} |
MySQLBackupMethod¶
Underlying type: string
MySQLBackupMethod defines MySQL backup methods
Validation: - Enum: [mysqldump xtrabackup mysqlpump]
Appears in: - MySQLBackupConfig
| Field | Description |
|---|---|
mysqldump |
|
xtrabackup |
|
mysqlpump |
MySQLDatabaseConfig¶
MySQLDatabaseConfig defines MySQL-specific database configuration
Appears in: - DatabaseSpec
| Field | Description | Default | Validation |
|---|---|---|---|
charset string |
Charset sets the database character set | utf8mb4 | |
collation string |
Collation sets the database collation | utf8mb4_unicode_ci | |
sqlMode string |
SQLMode sets the SQL mode for the database | Optional: {} |
|
defaultStorageEngine string |
DefaultStorageEngine sets the default storage engine | InnoDB |
MySQLDatabaseStatus¶
MySQLDatabaseStatus contains MySQL-specific database status
Appears in: - DatabaseStatus
| Field | Description | Default | Validation |
|---|---|---|---|
charset string |
Charset is the database character set | ||
collation string |
Collation is the database collation |
MySQLGrant¶
MySQLGrant defines a MySQL privilege grant
Appears in: - MySQLGrantConfig - MySQLRoleConfig
| Field | Description | Default | Validation |
|---|---|---|---|
level MySQLGrantLevel |
Level is the grant level | Enum: [global database table column procedure function] |
|
database string |
Database is the target database (for database/table/column/procedure/function levels) | Optional: {} |
|
table string |
Table is the target table (for table/column levels) | Optional: {} |
|
columns string array |
Columns lists target columns (for column level) | Optional: {} |
|
procedure string |
Procedure is the target procedure (for procedure level) | Optional: {} |
|
function string |
Function is the target function (for function level) | Optional: {} |
|
privileges string array |
Privileges to grant (SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, etc.) | MinItems: 1 |
|
withGrantOption boolean |
WithGrantOption allows the grantee to grant these privileges to others | Optional: {} |
MySQLGrantConfig¶
MySQLGrantConfig defines MySQL-specific grant configuration
Appears in: - DatabaseGrantSpec
| Field | Description | Default | Validation |
|---|---|---|---|
roles string array |
Roles to assign to the user (MySQL 8.0+) | Optional: {} |
|
grants MySQLGrant array |
Grants defines direct privilege grants | Optional: {} |
MySQLGrantLevel¶
Underlying type: string
MySQLGrantLevel defines the level of a MySQL grant
Validation: - Enum: [global database table column procedure function]
Appears in: - MySQLGrant
| Field | Description |
|---|---|
global |
|
database |
|
table |
|
column |
|
procedure |
|
function |
MySQLGtidPurged¶
Underlying type: string
MySQLGtidPurged defines GTID_PURGED setting
Validation: - Enum: [OFF ON AUTO]
Appears in: - MySQLBackupConfig
| Field | Description |
|---|---|
OFF |
|
ON |
|
AUTO |
MySQLInstanceConfig¶
MySQLInstanceConfig defines MySQL-specific instance configuration
Appears in: - DatabaseInstanceSpec
| Field | Description | Default | Validation |
|---|---|---|---|
charset string |
Charset sets the default character set | utf8mb4 | |
collation string |
Collation sets the default collation | utf8mb4_unicode_ci | |
parseTime boolean |
ParseTime enables parsing of DATE and DATETIME to time.Time | true | |
timeout string |
Timeout is the connection timeout (e.g., "10s") | 10s | |
readTimeout string |
ReadTimeout is the read timeout (e.g., "30s") | 30s | |
writeTimeout string |
WriteTimeout is the write timeout (e.g., "30s") | 30s | |
tls MySQLTLSMode |
TLS specifies the TLS mode | preferred | Enum: [disabled preferred required skip-verify] |
MySQLRestoreConfig¶
MySQLRestoreConfig defines MySQL-specific restore configuration
Appears in: - DatabaseRestoreSpec
| Field | Description | Default | Validation |
|---|---|---|---|
dropExisting boolean |
DropExisting drops existing database before restore | Optional: {} |
|
createDatabase boolean |
CreateDatabase creates the database if it doesn't exist | true | |
routines boolean |
Routines restores stored procedures and functions | true | |
triggers boolean |
Triggers restores triggers | true | |
events boolean |
Events restores events | true | |
disableForeignKeyChecks boolean |
DisableForeignKeyChecks disables foreign key checks during restore | true | |
disableBinlog boolean |
DisableBinlog disables binary logging during restore | true |
MySQLRoleConfig¶
MySQLRoleConfig defines MySQL-specific role configuration
Appears in: - DatabaseRoleSpec
| Field | Description | Default | Validation |
|---|---|---|---|
useNativeRoles boolean |
UseNativeRoles enables MySQL 8.0+ native roles | true | |
grants MySQLGrant array |
Grants defines the permissions this role grants | Optional: {} |
MySQLTLSMode¶
Underlying type: string
MySQLTLSMode defines MySQL TLS modes
Validation: - Enum: [disabled preferred required skip-verify]
Appears in: - MySQLInstanceConfig
| Field | Description |
|---|---|
disabled |
|
preferred |
|
required |
|
skip-verify |
MySQLUserConfig¶
MySQLUserConfig defines MySQL-specific user configuration
Appears in: - DatabaseUserSpec
| Field | Description | Default | Validation |
|---|---|---|---|
maxQueriesPerHour integer |
MaxQueriesPerHour limits queries per hour (0 = unlimited) | 0 | Minimum: 0 |
maxUpdatesPerHour integer |
MaxUpdatesPerHour limits updates per hour (0 = unlimited) | 0 | Minimum: 0 |
maxConnectionsPerHour integer |
MaxConnectionsPerHour limits connections per hour (0 = unlimited) | 0 | Minimum: 0 |
maxUserConnections integer |
MaxUserConnections limits concurrent connections (0 = unlimited) | 0 | Minimum: 0 |
authPlugin MySQLAuthPlugin |
AuthPlugin specifies the authentication plugin | caching_sha2_password | Enum: [mysql_native_password caching_sha2_password sha256_password] |
requireSSL boolean |
RequireSSL requires SSL for connections | Optional: {} |
|
requireX509 boolean |
RequireX509 requires X509 certificate for connections | Optional: {} |
|
allowedHosts string array |
AllowedHosts lists allowed host patterns for the user (e.g., "%", "localhost", "192.168.1.%") | [%] | |
accountLocked boolean |
AccountLocked locks the account | Optional: {} |
|
failedLoginAttempts integer |
FailedLoginAttempts sets failed login attempts before locking (0 = disabled) | 0 | Minimum: 0 |
passwordLockTime integer |
PasswordLockTime sets lock time in days after failed attempts (0 = permanent) | 0 | Minimum: 0 |
PVCStorageConfig¶
PVCStorageConfig defines PVC-based storage configuration
Appears in: - StorageConfig
| Field | Description | Default | Validation |
|---|---|---|---|
claimName string |
ClaimName is the name of the PersistentVolumeClaim | Required: {} |
|
subPath string |
SubPath within the PVC | Optional: {} |
PasswordConfig¶
PasswordConfig defines password generation settings
Appears in: - DatabaseUserSpec
| Field | Description | Default | Validation |
|---|---|---|---|
generate boolean |
Generate enables password generation | true | |
length integer |
Length of the generated password (default: 32) | 32 | Maximum: 128 Minimum: 8 |
includeSpecialChars boolean |
IncludeSpecialChars includes special characters in the password | true | |
excludeChars string |
ExcludeChars specifies characters to exclude from the password | Optional: {} |
|
secretName string |
SecretName is the name of the generated secret | Required: {} |
|
secretNamespace string |
SecretNamespace is the namespace for the generated secret (defaults to resource namespace) | Optional: {} |
|
format SecretFormat |
Format specifies the secret format | kubernetes | Enum: [kubernetes vault external-secrets] |
secretTemplate SecretTemplate |
SecretTemplate defines the secret template | Optional: {} |
PasswordRotationConfig¶
PasswordRotationConfig defines password rotation settings
Appears in: - DatabaseUserSpec
| Field | Description | Default | Validation |
|---|---|---|---|
enabled boolean |
Enabled enables automatic password rotation | Optional: {} |
|
schedule string |
Schedule is a cron expression for rotation (e.g., "0 0 1 * *" for monthly) | Optional: {} |
|
maxAge string |
MaxAge is the maximum age of a password before rotation (e.g., "90d") | Optional: {} |
Phase¶
Underlying type: string
Phase represents the current state of a resource
Appears in: - DatabaseBackupScheduleStatus - DatabaseBackupStatus - DatabaseGrantStatus - DatabaseInstanceStatus - DatabaseRestoreStatus - DatabaseRoleStatus - DatabaseStatus - DatabaseUserStatus
| Field | Description |
|---|---|
Pending |
|
Creating |
|
Ready |
|
Failed |
|
Deleting |
|
Running |
|
Completed |
|
Paused |
|
Active |
PostgresBackupConfig¶
PostgresBackupConfig defines PostgreSQL-specific backup configuration
Appears in: - DatabaseBackupSpec
| Field | Description | Default | Validation |
|---|---|---|---|
method PostgresBackupMethod |
Method specifies the backup method | pg_dump | Enum: [pg_dump pg_basebackup] |
format PostgresDumpFormat |
Format specifies the output format (for pg_dump) | custom | Enum: [plain custom directory tar] |
jobs integer |
Jobs sets the number of parallel jobs (for directory format) | 1 | Minimum: 1 |
dataOnly boolean |
DataOnly backs up only data, not schema | Optional: {} |
|
schemaOnly boolean |
SchemaOnly backs up only schema, not data | Optional: {} |
|
blobs boolean |
Blobs includes large objects in the backup | true | |
noOwner boolean |
NoOwner omits ownership information | Optional: {} |
|
noPrivileges boolean |
NoPrivileges omits privilege (GRANT/REVOKE) information | Optional: {} |
|
schemas string array |
Schemas lists specific schemas to include (empty = all) | Optional: {} |
|
excludeSchemas string array |
ExcludeSchemas lists schemas to exclude | Optional: {} |
|
tables string array |
Tables lists specific tables to include (empty = all) | Optional: {} |
|
excludeTables string array |
ExcludeTables lists tables to exclude (format: schema.table) | Optional: {} |
|
lockWaitTimeout string |
LockWaitTimeout sets the lock wait timeout (e.g., "60s") | 60s | |
noSync boolean |
NoSync disables fsync after backup | Optional: {} |
PostgresBackupMethod¶
Underlying type: string
PostgresBackupMethod defines PostgreSQL backup methods
Validation: - Enum: [pg_dump pg_basebackup]
Appears in: - PostgresBackupConfig
| Field | Description |
|---|---|
pg_dump |
|
pg_basebackup |
PostgresDatabaseConfig¶
PostgresDatabaseConfig defines PostgreSQL-specific database configuration
Appears in: - DatabaseSpec
| Field | Description | Default | Validation |
|---|---|---|---|
encoding string |
Encoding sets the database encoding (default: UTF8) | UTF8 | |
lcCollate string |
LCCollate sets the collation order | Optional: {} |
|
lcCtype string |
LCCtype sets the character classification | Optional: {} |
|
tablespace string |
Tablespace sets the default tablespace | pg_default | |
template string |
Template is the template database to use | template0 | |
connectionLimit integer |
ConnectionLimit sets the maximum concurrent connections (-1 = unlimited) | -1 | Minimum: -1 |
isTemplate boolean |
IsTemplate marks this as a template database | Optional: {} |
|
allowConnections boolean |
AllowConnections allows/disallows connections to this database | true | |
extensions PostgresExtension array |
Extensions to install in the database | Optional: {} |
|
schemas PostgresSchema array |
Schemas to create in the database | Optional: {} |
|
defaultPrivileges PostgresDefaultPrivilege array |
DefaultPrivileges sets default privileges for new objects | Optional: {} |
PostgresDatabaseStatus¶
PostgresDatabaseStatus contains PostgreSQL-specific database status
Appears in: - DatabaseStatus
| Field | Description | Default | Validation |
|---|---|---|---|
encoding string |
Encoding is the database encoding | ||
collation string |
Collation is the database collation | ||
installedExtensions PostgresExtensionStatus array |
InstalledExtensions lists installed extensions | ||
schemas string array |
Schemas lists schemas in the database |
PostgresDefaultPrivilege¶
PostgresDefaultPrivilege defines default privileges for new objects
Appears in: - PostgresDatabaseConfig
| Field | Description | Default | Validation |
|---|---|---|---|
role string |
Role to grant privileges to | Required: {} |
|
schema string |
Schema where the default applies | Required: {} |
|
objectType string |
ObjectType is the type of objects (tables, sequences, functions, types) | Enum: [tables sequences functions types] |
|
privileges string array |
Privileges to grant | MinItems: 1 |
PostgresDefaultPrivilegeGrant¶
PostgresDefaultPrivilegeGrant defines a default privilege grant
Appears in: - PostgresGrantConfig
| Field | Description | Default | Validation |
|---|---|---|---|
database string |
Database is the target database | Required: {} |
|
schema string |
Schema is the target schema | Required: {} |
|
grantedBy string |
GrantedBy is the role that creates the objects | Required: {} |
|
objectType string |
ObjectType is the type of objects (tables, sequences, functions, types) | Enum: [tables sequences functions types] |
|
privileges string array |
Privileges to grant | MinItems: 1 |
PostgresDumpFormat¶
Underlying type: string
PostgresDumpFormat defines pg_dump output formats
Validation: - Enum: [plain custom directory tar]
Appears in: - PostgresBackupConfig
| Field | Description |
|---|---|
plain |
|
custom |
|
directory |
|
tar |
PostgresExtension¶
PostgresExtension defines a PostgreSQL extension to install
Appears in: - PostgresDatabaseConfig
| Field | Description | Default | Validation |
|---|---|---|---|
name string |
Name of the extension | Required: {} |
|
schema string |
Schema to install the extension in (default: public) | public | |
version string |
Version of the extension (optional, uses default if not specified) | Optional: {} |
PostgresExtensionStatus¶
PostgresExtensionStatus contains extension status information
Appears in: - PostgresDatabaseStatus
| Field | Description | Default | Validation |
|---|---|---|---|
name string |
Name of the extension | ||
version string |
Version of the extension |
PostgresGrant¶
PostgresGrant defines a PostgreSQL privilege grant
Appears in: - PostgresGrantConfig - PostgresRoleConfig
| Field | Description | Default | Validation |
|---|---|---|---|
database string |
Database is the target database | Required: {} |
|
schema string |
Schema is the target schema (optional, for schema-level grants) | Optional: {} |
|
tables string array |
Tables lists specific tables or "*" for all tables | Optional: {} |
|
sequences string array |
Sequences lists specific sequences or "*" for all sequences | Optional: {} |
|
functions string array |
Functions lists specific functions or "*" for all functions | Optional: {} |
|
privileges string array |
Privileges to grant (SELECT, INSERT, UPDATE, DELETE, TRUNCATE, REFERENCES, TRIGGER, CREATE, CONNECT, TEMPORARY, EXECUTE, USAGE) | MinItems: 1 |
|
withGrantOption boolean |
WithGrantOption allows the grantee to grant these privileges to others | Optional: {} |
PostgresGrantConfig¶
PostgresGrantConfig defines PostgreSQL-specific grant configuration
Appears in: - DatabaseGrantSpec
| Field | Description | Default | Validation |
|---|---|---|---|
roles string array |
Roles to assign to the user | Optional: {} |
|
grants PostgresGrant array |
Grants defines direct privilege grants | Optional: {} |
|
defaultPrivileges PostgresDefaultPrivilegeGrant array |
DefaultPrivileges sets default privileges for future objects | Optional: {} |
PostgresInstanceConfig¶
PostgresInstanceConfig defines PostgreSQL-specific instance configuration
Appears in: - DatabaseInstanceSpec
| Field | Description | Default | Validation |
|---|---|---|---|
sslMode PostgresSSLMode |
SSLMode specifies the SSL mode for connections | prefer | Enum: [disable allow prefer require verify-ca verify-full] |
connectTimeout integer |
ConnectTimeout is the connection timeout in seconds | 10 | Minimum: 1 |
statementTimeout string |
StatementTimeout is the statement timeout (e.g., "30s") | Optional: {} |
|
applicationName string |
ApplicationName is the application name for connections | db-provision-operator |
PostgresRestoreConfig¶
PostgresRestoreConfig defines PostgreSQL-specific restore configuration
Appears in: - DatabaseRestoreSpec
| Field | Description | Default | Validation |
|---|---|---|---|
dropExisting boolean |
DropExisting drops existing database before restore | Optional: {} |
|
createDatabase boolean |
CreateDatabase creates the database if it doesn't exist | true | |
dataOnly boolean |
DataOnly restores only data, not schema | Optional: {} |
|
schemaOnly boolean |
SchemaOnly restores only schema, not data | Optional: {} |
|
noOwner boolean |
NoOwner omits ownership restoration | true | |
noPrivileges boolean |
NoPrivileges omits privilege restoration | Optional: {} |
|
roleMapping object (keys:string, values:string) |
RoleMapping maps old role names to new role names | Optional: {} |
|
schemas string array |
Schemas lists specific schemas to restore (empty = all) | Optional: {} |
|
tables string array |
Tables lists specific tables to restore (empty = all) | Optional: {} |
|
jobs integer |
Jobs sets the number of parallel jobs for restore | 1 | Minimum: 1 |
disableTriggers boolean |
DisableTriggers disables triggers during restore | Optional: {} |
|
analyze boolean |
Analyze runs ANALYZE after restore | true |
PostgresRoleConfig¶
PostgresRoleConfig defines PostgreSQL-specific role configuration
Appears in: - DatabaseRoleSpec
| Field | Description | Default | Validation |
|---|---|---|---|
login boolean |
Login enables login capability (usually false for group roles) | Optional: {} |
|
inherit boolean |
Inherit enables privilege inheritance | true | |
createDB boolean |
CreateDB allows the role to create databases | Optional: {} |
|
createRole boolean |
CreateRole allows the role to create other roles | Optional: {} |
|
superuser boolean |
Superuser grants superuser privileges | Optional: {} |
|
replication boolean |
Replication enables replication privileges | Optional: {} |
|
bypassRLS boolean |
BypassRLS allows bypassing row-level security | Optional: {} |
|
inRoles string array |
InRoles lists roles this role should inherit from | Optional: {} |
|
grants PostgresGrant array |
Grants defines the permissions this role grants | Optional: {} |
PostgresSSLMode¶
Underlying type: string
PostgresSSLMode defines PostgreSQL SSL modes
Validation: - Enum: [disable allow prefer require verify-ca verify-full]
Appears in: - PostgresInstanceConfig
| Field | Description |
|---|---|
disable |
|
allow |
|
prefer |
|
require |
|
verify-ca |
|
verify-full |
PostgresSchema¶
PostgresSchema defines a schema to create
Appears in: - PostgresDatabaseConfig
| Field | Description | Default | Validation |
|---|---|---|---|
name string |
Name of the schema | Required: {} |
|
owner string |
Owner of the schema (optional) | Optional: {} |
PostgresUserConfig¶
PostgresUserConfig defines PostgreSQL-specific user configuration
Appears in: - DatabaseUserSpec
| Field | Description | Default | Validation |
|---|---|---|---|
connectionLimit integer |
ConnectionLimit sets the maximum concurrent connections (-1 = unlimited) | -1 | Minimum: -1 |
validUntil string |
ValidUntil sets the password expiration time (RFC3339 format) | Optional: {} |
|
superuser boolean |
Superuser grants superuser privileges | Optional: {} |
|
createDB boolean |
CreateDB allows the user to create databases | Optional: {} |
|
createRole boolean |
CreateRole allows the user to create roles | Optional: {} |
|
inherit boolean |
Inherit enables privilege inheritance | true | |
login boolean |
Login enables login capability | true | |
replication boolean |
Replication enables replication privileges | Optional: {} |
|
bypassRLS boolean |
BypassRLS allows bypassing row-level security | Optional: {} |
|
inRoles string array |
InRoles lists roles this user should be a member of | Optional: {} |
|
configParameters object (keys:string, values:string) |
ConfigParameters sets session parameters for this user | Optional: {} |
RecentBackupInfo¶
RecentBackupInfo contains information about a recent backup
Appears in: - DatabaseBackupScheduleStatus
| Field | Description | Default | Validation |
|---|---|---|---|
name string |
Name of the backup | ||
status string |
Status of the backup |
RestoreConfirmation¶
RestoreConfirmation contains safety confirmations
Appears in: - DatabaseRestoreSpec
| Field | Description | Default | Validation |
|---|---|---|---|
acknowledgeDataLoss string |
AcknowledgeDataLoss must be set to "I-UNDERSTAND-DATA-LOSS" for destructive operations | Optional: {} |
RestoreFromPath¶
RestoreFromPath defines restoring from a direct path
Appears in: - DatabaseRestoreSpec
| Field | Description | Default | Validation |
|---|---|---|---|
storage StorageConfig |
Storage defines where the backup is stored | Required: {} |
|
backupPath string |
BackupPath is the path to the backup file within the storage | Required: {} |
|
compression CompressionConfig |
Compression settings used for the backup | Optional: {} |
|
encryption EncryptionConfig |
Encryption settings used for the backup | Optional: {} |
RestoreInfo¶
RestoreInfo contains restore-specific information
Appears in: - DatabaseRestoreStatus
| Field | Description | Default | Validation |
|---|---|---|---|
sourceBackup string |
SourceBackup is the source backup name | ||
targetInstance string |
TargetInstance is the target instance name | ||
targetDatabase string |
TargetDatabase is the target database name |
RestoreProgress¶
RestoreProgress contains restore progress information
Appears in: - DatabaseRestoreStatus
| Field | Description | Default | Validation |
|---|---|---|---|
percentage integer |
Percentage is the restore progress percentage (0-100) | ||
currentPhase string |
CurrentPhase is the current restore phase | ||
tablesRestored integer |
TablesRestored is the number of tables restored | ||
tablesTotal integer |
TablesTotal is the total number of tables to restore |
RestoreTarget¶
RestoreTarget defines where to restore the backup
Appears in: - DatabaseRestoreSpec
| Field | Description | Default | Validation |
|---|---|---|---|
instanceRef InstanceReference |
InstanceRef references the target DatabaseInstance | Optional: {} |
|
databaseName string |
DatabaseName is the target database name (for restore to new database) | Optional: {} |
|
inPlace boolean |
InPlace enables in-place restore (destructive!) | Optional: {} |
|
databaseRef DatabaseReference |
DatabaseRef references the target Database for in-place restore | Optional: {} |
RetentionPolicy¶
RetentionPolicy defines backup retention settings
Appears in: - DatabaseBackupScheduleSpec
| Field | Description | Default | Validation |
|---|---|---|---|
keepLast integer |
KeepLast keeps the N most recent backups | Minimum: 0 Optional: {} |
|
keepHourly integer |
KeepHourly keeps N hourly backups | Minimum: 0 Optional: {} |
|
keepDaily integer |
KeepDaily keeps N daily backups | Minimum: 0 Optional: {} |
|
keepWeekly integer |
KeepWeekly keeps N weekly backups | Minimum: 0 Optional: {} |
|
keepMonthly integer |
KeepMonthly keeps N monthly backups | Minimum: 0 Optional: {} |
|
keepYearly integer |
KeepYearly keeps N yearly backups | Minimum: 0 Optional: {} |
|
minAge string |
MinAge is the minimum age before a backup can be deleted | Optional: {} |
RoleInfo¶
RoleInfo contains role status information
Appears in: - DatabaseRoleStatus
| Field | Description | Default | Validation |
|---|---|---|---|
name string |
Name is the actual role name | ||
createdAt Time |
CreatedAt is the role creation timestamp |
S3SecretKeys¶
S3SecretKeys defines the key names within an S3 secret
Appears in: - S3SecretRef
| Field | Description | Default | Validation |
|---|---|---|---|
accessKey string |
Access key ID (default: "AWS_ACCESS_KEY_ID") | AWS_ACCESS_KEY_ID | |
secretKey string |
Secret access key (default: "AWS_SECRET_ACCESS_KEY") | AWS_SECRET_ACCESS_KEY |
S3SecretRef¶
S3SecretRef references S3 credentials in a secret
Appears in: - S3StorageConfig
| Field | Description | Default | Validation |
|---|---|---|---|
name string |
Name of the secret | Required: {} |
|
keys S3SecretKeys |
Keys defines the key names for S3 credentials | Optional: {} |
S3StorageConfig¶
S3StorageConfig defines S3-compatible storage configuration
Appears in: - StorageConfig
| Field | Description | Default | Validation |
|---|---|---|---|
bucket string |
Bucket name | Required: {} |
|
region string |
Region of the S3 bucket | Required: {} |
|
prefix string |
Prefix (path prefix within the bucket) | Optional: {} |
|
endpoint string |
Endpoint for S3-compatible storage (e.g., MinIO) | Optional: {} |
|
secretRef S3SecretRef |
SecretRef references a secret containing S3 credentials | Required: {} |
|
forcePathStyle boolean |
ForcePathStyle enables path-style addressing (required for MinIO) | Optional: {} |
ScheduledBackupInfo¶
ScheduledBackupInfo contains information about a scheduled backup
Appears in: - DatabaseBackupScheduleStatus
| Field | Description | Default | Validation |
|---|---|---|---|
name string |
Name of the backup | ||
status string |
Status of the backup | ||
startedAt Time |
StartedAt is when the backup started | ||
completedAt Time |
CompletedAt is when the backup completed |
SecretFormat¶
Underlying type: string
SecretFormat defines the output secret format
Validation: - Enum: [kubernetes vault external-secrets]
Appears in: - PasswordConfig
| Field | Description |
|---|---|
kubernetes |
|
vault |
|
external-secrets |
SecretInfo¶
SecretInfo contains generated secret information
Appears in: - DatabaseUserStatus
| Field | Description | Default | Validation |
|---|---|---|---|
name string |
Name is the secret name | ||
namespace string |
Namespace is the secret namespace | ||
lastRotatedAt Time |
LastRotatedAt is the last password rotation timestamp |
SecretKeySelector¶
SecretKeySelector contains a reference to a secret key
Appears in: - EncryptionConfig - GCSStorageConfig
| Field | Description | Default | Validation |
|---|---|---|---|
name string |
Name of the secret | Required: {} |
|
namespace string |
Namespace of the secret (defaults to the resource namespace) | Optional: {} |
|
key string |
Key within the secret | Required: {} |
SecretReference¶
SecretReference contains a reference to a secret with multiple keys
Appears in: - AzureStorageConfig
| Field | Description | Default | Validation |
|---|---|---|---|
name string |
Name of the secret | Required: {} |
|
namespace string |
Namespace of the secret (defaults to the resource namespace) | Optional: {} |
SecretTemplate¶
SecretTemplate defines the template for generated secrets
Appears in: - PasswordConfig
| Field | Description | Default | Validation |
|---|---|---|---|
type SecretType |
Type is the secret type (default: Opaque) | Opaque | |
labels object (keys:string, values:string) |
Labels to add to the secret | Optional: {} |
|
annotations object (keys:string, values:string) |
Annotations to add to the secret | Optional: {} |
|
data object (keys:string, values:string) |
Data defines templated data keys Available variables: .Username, .Password, .Host, .Port, .Database, .SSLMode |
Optional: {} |
StorageConfig¶
StorageConfig defines backup storage configuration
Appears in: - DatabaseBackupSpec - RestoreFromPath
| Field | Description | Default | Validation |
|---|---|---|---|
type StorageType |
Type of storage backend | Enum: [gcs s3 azure pvc] Required: {} |
|
gcs GCSStorageConfig |
GCS configuration (required when type is "gcs") | Optional: {} |
|
s3 S3StorageConfig |
S3 configuration (required when type is "s3") | Optional: {} |
|
azure AzureStorageConfig |
Azure configuration (required when type is "azure") | Optional: {} |
|
pvc PVCStorageConfig |
PVC configuration (required when type is "pvc") | Optional: {} |
StorageType¶
Underlying type: string
StorageType defines the backup storage type
Validation: - Enum: [gcs s3 azure pvc]
Appears in: - StorageConfig
| Field | Description |
|---|---|
gcs |
|
s3 |
|
azure |
|
pvc |
TLSConfig¶
TLSConfig defines TLS configuration for database connections
Appears in: - DatabaseInstanceSpec
| Field | Description | Default | Validation |
|---|---|---|---|
enabled boolean |
Enabled enables TLS for connections | Optional: {} |
|
mode string |
Mode specifies the TLS verification mode | disable | Enum: [disable require verify-ca verify-full] |
secretRef TLSSecretRef |
SecretRef references a secret containing TLS certificates | Optional: {} |
TLSKeys¶
TLSKeys defines the key names within a TLS secret
Appears in: - TLSSecretRef
| Field | Description | Default | Validation |
|---|---|---|---|
ca string |
CA certificate key (default: "ca.crt") | ca.crt | |
cert string |
Client certificate key for mTLS (optional) | Optional: {} |
|
key string |
Client key for mTLS (optional) | Optional: {} |
TLSSecretRef¶
TLSSecretRef references TLS certificates in a secret
Appears in: - TLSConfig
| Field | Description | Default | Validation |
|---|---|---|---|
name string |
Name of the secret containing TLS certificates | Required: {} |
|
keys TLSKeys |
Keys defines the key names for TLS certificates | Optional: {} |
UserInfo¶
UserInfo contains user status information
Appears in: - DatabaseUserStatus
| Field | Description | Default | Validation |
|---|---|---|---|
username string |
Username is the actual database username | ||
createdAt Time |
CreatedAt is the user creation timestamp |
UserReference¶
UserReference references a DatabaseUser
Appears in: - DatabaseGrantSpec
| Field | Description | Default | Validation |
|---|---|---|---|
name string |
Name of the DatabaseUser resource | Required: {} |
|
namespace string |
Namespace of the DatabaseUser (defaults to the resource namespace) | Optional: {} |