You can specify following parameters values:
Parameter | Description | Default |
---|---|---|
adminui.service.type |
The type used for the service of the UI:
|
ClusterIP |
adminui.service.loadBalancerIP |
LoadBalancer will get created with the IP specified in
this field. This feature depends on whether the underlying cloud-provider supports specifying
the loadBalancerIP when a load balancer is created. This field will be ignored if the
cloud-provider does not support the feature.
|
|
adminui.service.loadBalancerSourceRanges |
If specified and supported by the platform,
this will restrict traffic through the cloud-provider load-balancer will be restricted to the
specified client IPs. This field will be ignored if the cloud-provider does not support the
feature.
More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/
|
|
adminui.service.nodePort |
The port used to expose the service on kubernetes nodes
|
|
authentication.user |
Username that will be required to access the UI.
|
admin |
authentication.password |
Password that will be required to access the UI.
|
Autogenerated random value |
Parameter | Description | Default |
---|---|---|
grafana.autoEmbed |
Embed an existing grafana by setting
grafana.autoEmbed to true |
true |
grafana.schema |
The schema to access grafana. By default http. (used to embed manually and
automatically grafana)
|
http |
grafana.webHost |
The service host name to access grafana (used to embed manually and
automatically grafana).
The parameter value should point to the grafana service following the
DNS reference
svc_name.namespace |
|
grafana.user |
The username to access grafana. By default admin. (used to embed automatically
grafana)
|
|
grafana.password |
The password to access grafana. By default prom-operator (the default in for
kube-prometheus-stack helm chart). (used to embed automatically grafana)
|
|
grafana.secretNamespace |
The namespace of secret with credentials to access grafana. (used to
embed automatically grafana, alternative to use
grafana.user and grafana.password ) |
|
grafana.secretName |
The name of secret with credentials to access grafana. (used to embed
automatically grafana, alternative to use
grafana.user and grafana.password ) |
|
grafana.secretUserKey |
The key of secret with username used to access grafana. (used to embed
automatically grafana, alternative to use
grafana.user and grafana.password ) |
|
grafana.secretPasswordKey |
The key of secret with password used to access grafana. (used to
embed automatically grafana, alternative to use
grafana.user and grafana.password ) |
|
grafana.datasourceName |
The datasource name used by dashboard that will be created in grafana.
By default Prometheus. (used to embed automatically grafana)
|
Prometheus |
grafana.dashboardConfigMap |
{{ < description stackgres-operator.grafana.dashboardConfigMap > }} | |
grafana.dashboardId |
The dashboard id that will be create in grafana
(see https://grafana.com/grafana/dashboards). By default 9628. (used to embed automatically
grafana)
|
|
grafana.url |
The URL of the PostgreSQL dashboard created in grafana (used to embed manually
grafana)
|
|
grafana.token |
The grafana API token to access the PostgreSQL dashboard created
in grafana (used to embed manually grafana)
|
Parameter | Description | Default |
---|---|---|
prometheus.allowAutobind |
If set to false disable automatic bind to prometheus
created using the prometheus operator.
If disabled the cluster will not be binded to prometheus automatically and will require manual
interventin by the kubernetes cluster administrator.
|
true |
Parameter | Description | Default |
---|---|---|
cert.autoapprove |
If set to false disable automatic approve of certificate
used by the operator. If disabled the operator installation will not complete
until the certificate is approved by the kubernetes cluster administrator.
|
true |
cert.key |
The private RSA key used to generated the
cert.crt certificate that uses the
kubernetes cluster CA. |
true |
cert.crt |
The certificate that is generated using the
cert.key private RSA key and uses the
kubernetes cluster CA. |
true |
cert.jwtRsaKey |
The private RSA key used to generate JWTs used in REST API authentication.
|
true |
cert.jwtRsaPub |
The public RSA key used to verify JWTs used in REST API authentication.
|
true |
You can specify following parameters values:
Parameter | Description | Default |
---|---|---|
cluster.create |
If false does not create the cluster (useful to just create configurations).
|
true |
cluster.postgres.version |
Postgres version used on the cluster. It is either of:
|
latest |
cluster.postgres.extensions.<index>.name |
The name of the extension to deploy.
|
|
cluster.postgres.extensions.<index>.publisher |
The id of the publisher of the extension to deploy. If not specified
com.ongres will be used by default. |
|
cluster.postgres.extensions.<index>.repository |
The repository base URL from where to obtain the extension to deploy. If not specified https://stackgres.io/downloads/postgres/extensions will be used by default (or the value specified during operator deployment).
|
|
cluster.postgres.extensions.<index>.version |
The version of the extension to deploy. If not specified version of
stable channel will be used by default. |
|
cluster.postgres.ssl.enabled |
Allow to enable SSL for connections to Postgres. By default is If |
false |
cluster.postgres.ssl.certificateSecretKeySelector.name |
The name of Secret that contains the certificate or certificate chain for SSL connections
|
|
cluster.postgres.ssl.certificateSecretKeySelector.key |
The key of Secret that contains the certificate or certificate chain for SSL connections
|
|
cluster.postgres.ssl.secretKeyRef.name |
The name of Secret that contains the certificate or certificate chain for SSL connections
|
|
cluster.postgres.ssl.secretKeyRef.key |
The key of Secret that contains the certificate or certificate chain for SSL connections
|
|
cluster.instances |
Number of StackGres instances for the cluster. Each instance contains one Postgres server. Out of all of the Postgres servers, one is elected as the master, the rest remain as read-only replicas.
|
1 |
cluster.sgInstanceProfile |
Name of the SGInstanceProfile. A SGInstanceProfile defines CPU and memory limits. Must exist before creating a cluster. When no profile is set, a default (currently: 1 core, 2 GiB RAM) one is used.
|
size-xs |
cluster.configurations.sgPostgresConfig |
Name of the SGPostgresConfig used for the cluster. It must exist. When not set, a default Postgres config, for the major version selected, is used.
|
postgresconfig |
cluster.configurations.sgPoolingConfig |
Name of the SGPoolingConfig used for this cluster. Each pod contains a sidecar with a connection pooler (currently: PgBouncer). The connection pooler is implemented as a sidecar. If not set, a default configuration will be used. Disabling connection pooling altogether is possible if the disableConnectionPooling property of the pods object is set to true. |
poolingconfig |
cluster.configurations.sgBackupConfig |
Name of the SGBackupConfig to use for the cluster. It defines the backups policy, storage and retention, among others, applied to the cluster. When not set, backup configuration will not be used.
|
backupconfig |
cluster.prometheusAutobind |
If enabled, a ServiceMonitor is created for each Prometheus instance found in order to collect metrics.
|
true |
instanceProfiles |
An array of instance profiles (see instance profiles), if null or empty does not create any instance profile.
|
See instance profiles |
configurations.create |
If false does not create configuration CRs.
|
true |
configurations.postgresconfig |
The PostgreSQL configuration CR name (see postgres configuration).
|
See postgres configuration |
configurations.poolingconfig |
The connection pooling configuration CR name (see connection pooling configuration).
|
See connection pooling configuration |
configurations.backupconfig |
The backup configuration CR name (see backup configuration).
|
See backup configuration |
Parameter | Description | Default |
---|---|---|
cluster.postgresServices.primary.enabled |
Specify if the
-primary service should be created or not. |
true |
cluster.postgresServices.primary.type |
Specifies the type of Kubernetes service.
|
ClusterIP |
cluster.postgresServices.primary.externalIPs |
Specify custom external IPs for Postgres primary service
|
|
cluster.postgresServices.replicas.enabled |
Specify if the
-replicas service should be created or not. |
true |
cluster.postgresServices.replicas.type |
Specifies the type of Kubernetes service.
|
ClusterIP |
cluster.postgresServices.replicas.externalIPs |
Specify the custom external IPs for Postgres replicas service
|
Parameter | Description | Default |
---|---|---|
cluster.pods.persistentVolume.size |
Size of the PersistentVolume set for each instance of the cluster. This size is specified either in Mebibytes, Gibibytes or Tebibytes (multiples of 2^20, 2^30 or 2^40, respectively).
|
5Gi |
cluster.pods.persistentVolume.storageclass |
Name of an existing StorageClass in the Kubernetes cluster, used to create the PersistentVolumes for the instances of the cluster.
|
|
cluster.pods.disableConnectionPooling |
If set to
true , avoids creating a connection pooling (using PgBouncer) sidecar. |
false |
cluster.pods.disableMetricsExporter |
If set to
true , avoids creating the Prometheus exporter sidecar. Recommended when there’s no intention to use Prometheus for monitoring. |
false |
cluster.pods.disablePostgresUtil |
If set to
true , avoids creating the postgres-util sidecar. This sidecar contains usual Postgres administration utilities that are not present in the main (patroni ) container, like psql . Only disable if you know what you are doing. |
false |
cluster.pods.scheduling.nodeSelector |
Pod custom node selector.
|
|
cluster.pods.scheduling.nodeAffinity |
Node affinity is a group of node affinity scheduling rules.
|
Parameter | Description | Default |
---|---|---|
cluster.metadata.annotations.allResources |
Annotations to attach to any resource created or managed by StackGres.
|
|
cluster.metadata.annotations.clusterPods |
Annotations to attach to pods created or managed by StackGres.
|
|
cluster.metadata.annotations.services |
Annotations to attach to all services created or managed by StackGres.
|
|
cluster.metadata.annotations.primaryService |
Custom Kubernetes annotations passed to the
-primary service. |
|
cluster.metadata.annotations.replicasService |
Custom Kubernetes annotations passed to the
-replicas service. |
|
cluster.metadata.labels.clusterPods |
Labels to attach to pods created or managed by StackGres.
|
Parameter | Description | Default |
---|---|---|
instanceProfiles.<index>.name |
Name of the Instance Profile. An instance profile represents a ““kind”” of server (CPU and RAM) where you may run StackGres, classified by a given name. The profile may be referenced by zero or more SGClusters, and if so it would be referenced by its name. Following Kubernetes naming conventions, it must be an rfc1035/rfc1123 subdomain, that is, up to 253 characters consisting of one or more lowercase labels separated by The name must be unique across all instance profiles in the same namespace." |
See below |
instanceProfiles.<index>.cpu |
CPU(s) (cores) used for every instance of a SGCluster. Please note that every StackGres pod contains not only the Patroni+Postgres container, but several other sidecar containers. While the majority of the resources are devoted to the main Postgres container, some CPU is needed for the sidecars. The number of cores set is split between all the containers. A minimum of 2 cores is recommended. |
See below |
instanceProfiles.<index>.memory |
RAM allocated to every instance of a SGCluster. The suffix The amount of RAM set is split between all the containers. A minimum of 2-4Gi is recommended. |
See below |
By default following profiles are created:
instanceProfiles:
- name: size-xs
cpu: "500m"
memory: "512Mi"
- name: size-s
cpu: "1"
memory: "2Gi"
- name: size-m
cpu: "2"
memory: "4Gi"
- name: size-l
cpu: "4"
memory: "8Gi"
- name: size-xl
cpu: "6"
memory: "16Gi"
- name: size-xxl
cpu: "8"
memory: "32Gi"
Parameter | Description | Default |
---|---|---|
configurations.postgresconfig.postgresql\.conf |
The
postgresql.conf parameters the configuration contains, represented as an object where the keys are valid names for the postgresql.conf configuration file parameters of the given postgresVersion . You may check postgresqlco.nf as a reference on how to tune and find the valid parameters for a given major version. |
See below |
By default following parameters are specified:
configurations:
postgresconfig:
postgresql.conf:
shared_buffers: '256MB'
random_page_cost: '1.5'
password_encryption: 'scram-sha-256'
wal_compression: 'on'
checkpoint_timeout: '30'
Parameter | Description | Default |
---|---|---|
configurations.poolingconfig.pgBouncer.pgbouncer\.ini |
The Check pgbouncer configuration for more information about supported parameters. |
See below |
By default following parameters are specified:
configurations:
poolingconfig:
pgBouncer:
pgbouncer.ini:
pool_mode: transaction
max_client_conn: '200'
default_pool_size: '200'
By default the chart create a storage class backed by an MinIO server. To avoid the creation of the
MinIO server set nonProductionOptions.createMinio
to false
and fill any of the configurations.backupconfig.storage.s3
,
configurations.backupconfig.storage.gcs
or configurations.backupconfig.storage.azureBlob
sections.
Parameter | Description | Default |
---|---|---|
configurations.backupconfig.create |
If true create and set the backup configuration for the cluster.
|
true |
configurations.backupconfig.baseBackups.retention |
When an automatic retention policy is defined to delete old base backups, this parameter specifies the number of base backups to keep, in a sliding window. Consequently, the time range covered by backups is Default is 5. |
5 |
configurations.backupconfig.baseBackups.cronSchedule |
Continuous Archiving backups are composed of periodic base backups and all the WAL segments produced in between those base backups. This parameter specifies at what time and with what frequency to start performing a new base backup. Use cron syntax (
Also ranges of values ( If not set, full backups are performed each day at 05:00 UTC. |
Each 2 minutes |
configurations.backupconfig.baseBackups.compression |
Specifies the backup compression algorithm. Possible options are: lz4, lzma, brotli. The default method is
lz4 . LZ4 is the fastest method, but compression ratio is the worst. LZMA is way slower, but it compresses backups about 6 times better than LZ4. Brotli is a good trade-off between speed and compression ratio, being about 3 times better than LZ4. |
lz4 |
configurations.backupconfig.baseBackups.performance.uploadDiskConcurrency |
Backup storage may use several concurrent streams to store the data. This parameter configures the number of parallel streams to use. By default, it’s set to 1 (use one stream).
|
1 |
configurations.backupconfig.baseBackups.performance.maxNetworkBandwitdh |
Maximum disk read I/O when performing a backup. In bytes (per second).
|
unlimited |
configurations.backupconfig.baseBackups.performance.maxDiskBandwitdh |
Maximum storage upload bandwidth used when storing a backup. In bytes (per second).
|
unlimited |
Parameter | Description | Default |
---|---|---|
configurations.backupconfig.storage.s3.bucket |
AWS S3 bucket name.
|
|
configurations.backupconfig.storage.s3.path |
Optional path within the S3 bucket. Note that StackGres generates in any case a folder per StackGres cluster, using the
SGCluster.metadata.name . |
|
configurations.backupconfig.storage.s3.awsCredentials.secretKeySelectors.accessKeyId |
AWS access key ID. For example,
AKIAIOSFODNN7EXAMPLE . |
|
configurations.backupconfig.storage.s3.awsCredentials.secretKeySelectors.accessKeyId.name |
Name of the referent. More information.
|
|
configurations.backupconfig.storage.s3.awsCredentials.secretKeySelectors.accessKeyId.key |
The key of the secret to select from. Must be a valid secret key.
|
|
configurations.backupconfig.storage.s3.awsCredentials.secretKeySelectors.secretAccessKey |
AWS secret access key. For example,
wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY . |
|
configurations.backupconfig.storage.s3.awsCredentials.secretKeySelectors.secretAccessKey.name |
Name of the referent. More information.
|
|
configurations.backupconfig.storage.s3.awsCredentials.secretKeySelectors.secretAccessKey.key |
The key of the secret to select from. Must be a valid secret key.
|
|
configurations.backupconfig.storage.s3.region |
The AWS S3 region. The Region may be detected using s3:GetBucketLocation, but if you wish to avoid giving permissions to this API call or forbid it from the applicable IAM policy, you must then specify this property.
|
|
configurations.backupconfig.storage.s3.storageClass |
The Amazon S3 Storage Class to use for the backup object storage. By default, the
STANDARD storage class is used. Other supported values include STANDARD_IA for Infrequent Access and REDUCED_REDUNDANCY . |
Parameter | Description | Default |
---|---|---|
configurations.backupconfig.storage.s3Compatible.bucket |
Bucket name.
|
|
configurations.backupconfig.storage.s3Compatible.path |
Optional path within the S3 bucket. Note that StackGres generates in any case a folder per StackGres cluster, using the
SGCluster.metadata.name . |
|
configurations.backupconfig.storage.s3Compatible.bucket |
The AWS S3 bucket (eg. bucket). | |
configurations.backupconfig.storage.s3Compatible.path |
The AWS S3 bucket path (eg. /path/to/folder). | |
configurations.backupconfig.storage.s3Compatible.awsCredentials.secretKeySelectors.accessKeyId |
AWS access key ID. For example,
AKIAIOSFODNN7EXAMPLE . |
|
configurations.backupconfig.storage.s3Compatible.awsCredentials.secretKeySelectors.accessKeyId.name |
Name of the referent. More information.
|
|
configurations.backupconfig.storage.s3Compatible.awsCredentials.secretKeySelectors.accessKeyId.key |
The key of the secret to select from. Must be a valid secret key.
|
|
configurations.backupconfig.storage.s3Compatible.awsCredentials.secretKeySelectors.secretAccessKey |
AWS secret access key. For example,
wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY . |
|
configurations.backupconfig.storage.s3Compatible.awsCredentials.secretKeySelectors.secretAccessKey.name |
Name of the referent. More information.
|
|
configurations.backupconfig.storage.s3Compatible.awsCredentials.secretKeySelectors.secretAccessKey.key |
The key of the secret to select from. Must be a valid secret key.
|
|
configurations.backupconfig.storage.s3Compatible.region |
The AWS S3 region. The Region may be detected using s3:GetBucketLocation, but if you wish to avoid giving permissions to this API call or forbid it from the applicable IAM policy, you must then specify this property.
|
|
configurations.backupconfig.storage.s3Compatible.storageClass |
The Amazon S3 Storage Class to use for the backup object storage. By default, the
STANDARD storage class is used. Other supported values include STANDARD_IA for Infrequent Access and REDUCED_REDUNDANCY . |
|
configurations.backupconfig.storage.s3Compatible.endpoint |
Overrides the default url to connect to an S3-compatible service.
For example:
http://s3-like-service:9000 . |
|
configurations.backupconfig.storage.s3Compatible.enablePathStyleAddressing |
Enable path-style addressing (i.e. Defaults to false. |
Parameter | Description | Default |
---|---|---|
configurations.backupconfig.storage.gcs.bucket |
GCS bucket name.
|
|
configurations.backupconfig.storage.gcs.path |
Optional path within the GCS bucket. Note that StackGres generates in any case a folder per StackGres cluster, using the
SGCluster.metadata.name . |
|
configurations.backupconfig.storage.gcs.gcpCredentials.secretKeySelectors.serviceAccountJSON |
A service account key from GCP. In JSON format, as downloaded from the GCP Console.
|
|
configurations.backupconfig.storage.gcs.gcpCredentials.secretKeySelectors.serviceAccountJSON.name |
Name of the referent. More information.
|
|
configurations.backupconfig.storage.gcs.gcpCredentials.secretKeySelectors.serviceAccountJSON.key |
The key of the secret to select from. Must be a valid secret key.
|
Parameter | Description | Default |
---|---|---|
configurations.backupconfig.storage.azureBlob.bucket |
Azure Blob Storage bucket name.
|
|
configurations.backupconfig.storage.azureBlob.path |
Optional path within the Azure Blob bucket. Note that StackGres generates in any case a folder per StackGres cluster, using the
SGCluster.metadata.name . |
|
configurations.backupconfig.storage.azureBlob.azureCredentials.secretKeySelectors.storageAccount |
The Storage Account that contains the Blob bucket to be used.
|
|
configurations.backupconfig.storage.azureBlob.azureCredentials.secretKeySelectors.storageAccount.name |
Name of the referent. More information.
|
|
configurations.backupconfig.storage.azureBlob.azureCredentials.secretKeySelectors.storageAccount.key |
The key of the secret to select from. Must be a valid secret key.
|
|
configurations.backupconfig.storage.azureBlob.azureCredentials.secretKeySelectors.accessKey |
||
configurations.backupconfig.storage.azureBlob.azureCredentials.secretKeySelectors.accessKey.name |
Name of the referent. More information.
|
|
configurations.backupconfig.storage.azureBlob.azureCredentials.secretKeySelectors.accessKey.key |
The key of the secret to select from. Must be a valid secret key.
|
By default, stackgres creates as an empty database. To create a cluster with data from an existent backup, we have the restore options. It works, by simply indicating the backup CR Uid that we want to restore.
Parameter | Description | Default |
---|---|---|
cluster.initialData.restore.fromBackup |
From which backup to restore and how the process is configured
|
|
cluster.initialData.restore.downloadDiskConcurrency |
The backup fetch process may fetch several streams in parallel. Parallel fetching is enabled when set to a value larger than one. If not specified it will be interpreted as latest. |
By default, stackgres creates as an empty database. To execute some scripts, we have the scripts options where you can specify a script or reference a key in a ConfigMap or a Secret that contains the script to execute.
Parameter | Description | Default |
---|---|---|
cluster.initialData.scripts.<index>.name |
Name of the script. Must be unique across this SGCluster.
|
|
cluster.initialData.scripts.<index>.database |
Database where the script is executed. Defaults to the
postgres database, if not specified. |
postgres |
cluster.initialData.scripts.<index>.script |
Raw SQL script to execute. This field is mutually exclusive with
scriptFrom field. |
|
cluster.initialData.scripts.<index>.scriptFrom |
||
cluster.initialData.scripts.<index>.scriptFrom.configMapKeyRef |
A ConfigMap reference that contains the SQL script to execute. This field is mutually exclusive with
secretKeyRef field. |
|
cluster.initialData.scripts.<index>.scriptFrom.configMapKeyRef.name |
The name of the ConfigMap that contains the SQL script to execute.
|
|
cluster.initialData.scripts.<index>.scriptFrom.configMapKeyRef.key |
The key name within the ConfigMap that contains the SQL script to execute.
|
|
cluster.initialData.scripts.<index>.scriptFrom.secretKeyRef |
A Kubernetes SecretKeySelector that contains the SQL script to execute. This field is mutually exclusive with
configMapKeyRef field. |
|
cluster.initialData.scripts.<index>.scriptFrom.secretKeyRef.name |
Name of the referent. More information.
|
|
cluster.initialData.scripts.<index>.scriptFrom.secretKeyRef.key |
The key of the secret to select from. Must be a valid secret key.
|
By default, stackgres send logs to container stdout. To send logs to a distributed logs create a
distributed logs cluster and configure the cluster to use it by setting distributedLogs.enabled
to true
.
Parameter | Description | Default |
---|---|---|
cluster.distributedLogs.sgDistributedLogs |
Name of the SGDistributedLogs to use for this cluster. It must exist.
|
distributedlogs |
distributedLogs.enabled |
It enables distributed logs cluster creation and configuration in order to be used by the cluster.
|
false |
distributedLogs.create |
It controls the creation of the distirbuted logs cluster. If set to false the distributed logs cluster will not be
created and it must already exists in order to be used if
distributedLogs.enabled is set to true . |
true |
distributedLogs.persistentVolume.size |
Size of the PersistentVolume set for the pod of the cluster for distributed logs. This size is specified either in Mebibytes, Gibibytes or Tebibytes (multiples of 2^20, 2^30 or 2^40, respectively).
|
5Gi |
distributedLogs.persistentVolume.storageClass |
Name of an existing StorageClass in the Kubernetes cluster, used to create the PersistentVolumes for the instances of the cluster.
|
The following options should NOT be enabled in a production environment.
Parameter | Description | Default |
---|---|---|
nonProductionOptions.disableClusterPodAntiAffinity |
It is a best practice, on non-containerized environments, when running production workloads, to run each database server on a different server (virtual or physical), i.e., not to co-locate more than one database server per host. The same best practice applies to databases on containers. By default, StackGres will not allow to run more than one StackGres pod on a given Kubernetes node. Set this property to true to allow more than one StackGres pod per node. |
true |
nonProductionOptions.createMinio |
If true create a MinIO server that will be used to store backups.
|
true |