Cluster Parameters

AdminUI Parameters

You can specify following parameters values:

Parameter Description Default
adminui.service.type

The type used for the service of the UI:

  • Set to LoadBalancer to create a load balancer (if supported by the kubernetes cluster) to allow connect from Internet to the UI. Note that enabling this feature will probably incurr in some fee that depend on the host of the kubernetes cluster (for example this is true for EKS, GKE and AKS).
  • Set to NodePort to expose admin UI from kubernetes nodes.
ClusterIP
adminui.service.loadBalancerIP
LoadBalancer will get created with the IP specified in this field. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature.
adminui.service.loadBalancerSourceRanges
If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature. More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/
adminui.service.nodePort
The port used to expose the service on kubernetes nodes
authentication.user
Username that will be required to access the UI.
admin
authentication.password
Password that will be required to access the UI.
Autogenerated random value

Grafana Parameters

Parameter Description Default
grafana.autoEmbed
Embed an existing grafana by setting grafana.autoEmbed to true
true
grafana.schema
The schema to access grafana. By default http. (used to embed manually and automatically grafana)
http
grafana.webHost
The service host name to access grafana (used to embed manually and automatically grafana). The parameter value should point to the grafana service following the DNS reference svc_name.namespace
grafana.user
The username to access grafana. By default admin. (used to embed automatically grafana)
grafana.password
The password to access grafana. By default prom-operator (the default in for kube-prometheus-stack helm chart). (used to embed automatically grafana)
grafana.secretNamespace
The namespace of secret with credentials to access grafana. (used to embed automatically grafana, alternative to use grafana.user and grafana.password)
grafana.secretName
The name of secret with credentials to access grafana. (used to embed automatically grafana, alternative to use grafana.user and grafana.password)
grafana.secretUserKey
The key of secret with username used to access grafana. (used to embed automatically grafana, alternative to use grafana.user and grafana.password)
grafana.secretPasswordKey
The key of secret with password used to access grafana. (used to embed automatically grafana, alternative to use grafana.user and grafana.password)
grafana.datasourceName
The datasource name used by dashboard that will be created in grafana. By default Prometheus. (used to embed automatically grafana)
Prometheus
grafana.dashboardConfigMap {{ < description stackgres-operator.grafana.dashboardConfigMap > }}
grafana.dashboardId
The dashboard id that will be create in grafana (see https://grafana.com/grafana/dashboards). By default 9628. (used to embed automatically grafana)
grafana.url
The URL of the PostgreSQL dashboard created in grafana (used to embed manually grafana)
grafana.token
The grafana API token to access the PostgreSQL dashboard created in grafana (used to embed manually grafana)

Prometheus Parameters

Parameter Description Default
prometheus.allowAutobind
If set to false disable automatic bind to prometheus created using the prometheus operator. If disabled the cluster will not be binded to prometheus automatically and will require manual interventin by the kubernetes cluster administrator.
true

Certificates Parameters

Parameter Description Default
cert.autoapprove
If set to false disable automatic approve of certificate used by the operator. If disabled the operator installation will not complete until the certificate is approved by the kubernetes cluster administrator.
true
cert.key
The private RSA key used to generated the cert.crt certificate that uses the kubernetes cluster CA.
true
cert.crt
The certificate that is generated using the cert.key private RSA key and uses the kubernetes cluster CA.
true
cert.jwtRsaKey
The private RSA key used to generate JWTs used in REST API authentication.
true
cert.jwtRsaPub
The public RSA key used to verify JWTs used in REST API authentication.
true

Configuration Cluster Parameters

You can specify following parameters values:

Parameter Description Default
cluster.create
If false does not create the cluster (useful to just create configurations).
true
cluster.postgres.version

Postgres version used on the cluster. It is either of:

  • The string ‘latest’, which automatically sets the latest major.minor Postgres version.
  • A major version, like ‘12’ or ‘11’, which sets that major version and the latest minor version.
  • A specific major.minor version, like ‘12.2’.
latest
cluster.postgres.extensions.<index>.name
The name of the extension to deploy.
cluster.postgres.extensions.<index>.publisher
The id of the publisher of the extension to deploy. If not specified com.ongres will be used by default.
cluster.postgres.extensions.<index>.repository
The repository base URL from where to obtain the extension to deploy. If not specified https://stackgres.io/downloads/postgres/extensions will be used by default (or the value specified during operator deployment).
cluster.postgres.extensions.<index>.version
The version of the extension to deploy. If not specified version of stable channel will be used by default.
cluster.postgres.ssl.enabled

Allow to enable SSL for connections to Postgres. By default is false.

If true fields certificateSecretKeySelector and privateKeySecretKeySelector will be required.

false
cluster.postgres.ssl.certificateSecretKeySelector.name
The name of Secret that contains the certificate or certificate chain for SSL connections
cluster.postgres.ssl.certificateSecretKeySelector.key
The key of Secret that contains the certificate or certificate chain for SSL connections
cluster.postgres.ssl.secretKeyRef.name
The name of Secret that contains the certificate or certificate chain for SSL connections
cluster.postgres.ssl.secretKeyRef.key
The key of Secret that contains the certificate or certificate chain for SSL connections
cluster.instances
Number of StackGres instances for the cluster. Each instance contains one Postgres server. Out of all of the Postgres servers, one is elected as the master, the rest remain as read-only replicas.
1
cluster.sgInstanceProfile
Name of the SGInstanceProfile. A SGInstanceProfile defines CPU and memory limits. Must exist before creating a cluster. When no profile is set, a default (currently: 1 core, 2 GiB RAM) one is used.
size-xs
cluster.configurations.sgPostgresConfig
Name of the SGPostgresConfig used for the cluster. It must exist. When not set, a default Postgres config, for the major version selected, is used.
postgresconfig
cluster.configurations.sgPoolingConfig

Name of the SGPoolingConfig used for this cluster. Each pod contains a sidecar with a connection pooler (currently: PgBouncer). The connection pooler is implemented as a sidecar.

If not set, a default configuration will be used. Disabling connection pooling altogether is possible if the disableConnectionPooling property of the pods object is set to true.

poolingconfig
cluster.configurations.sgBackupConfig
Name of the SGBackupConfig to use for the cluster. It defines the backups policy, storage and retention, among others, applied to the cluster. When not set, backup configuration will not be used.
backupconfig
cluster.prometheusAutobind
If enabled, a ServiceMonitor is created for each Prometheus instance found in order to collect metrics.
true
instanceProfiles
An array of instance profiles (see instance profiles), if null or empty does not create any instance profile.
See instance profiles
configurations.create
If false does not create configuration CRs.
true
configurations.postgresconfig
The PostgreSQL configuration CR name (see postgres configuration).
See postgres configuration
configurations.poolingconfig
The connection pooling configuration CR name (see connection pooling configuration).
See connection pooling configuration
configurations.backupconfig
The backup configuration CR name (see backup configuration).
See backup configuration

Postgres Services

Parameter Description Default
cluster.postgresServices.primary.enabled
Specify if the -primary service should be created or not.
true
cluster.postgresServices.primary.type
Specifies the type of Kubernetes service.
ClusterIP
cluster.postgresServices.primary.externalIPs
Specify custom external IPs for Postgres primary service
cluster.postgresServices.replicas.enabled
Specify if the -replicas service should be created or not.
true
cluster.postgresServices.replicas.type
Specifies the type of Kubernetes service.
ClusterIP
cluster.postgresServices.replicas.externalIPs
Specify the custom external IPs for Postgres replicas service

Pods

Parameter Description Default
cluster.pods.persistentVolume.size
Size of the PersistentVolume set for each instance of the cluster. This size is specified either in Mebibytes, Gibibytes or Tebibytes (multiples of 2^20, 2^30 or 2^40, respectively).
5Gi
cluster.pods.persistentVolume.storageclass
Name of an existing StorageClass in the Kubernetes cluster, used to create the PersistentVolumes for the instances of the cluster.
cluster.pods.disableConnectionPooling
If set to true, avoids creating a connection pooling (using PgBouncer) sidecar.
false
cluster.pods.disableMetricsExporter
If set to true, avoids creating the Prometheus exporter sidecar. Recommended when there’s no intention to use Prometheus for monitoring.
false
cluster.pods.disablePostgresUtil
If set to true, avoids creating the postgres-util sidecar. This sidecar contains usual Postgres administration utilities that are not present in the main (patroni) container, like psql. Only disable if you know what you are doing.
false
cluster.pods.scheduling.nodeSelector
Pod custom node selector.
cluster.pods.scheduling.nodeAffinity
Node affinity is a group of node affinity scheduling rules.

Resources metadata

Parameter Description Default
cluster.metadata.annotations.allResources
Annotations to attach to any resource created or managed by StackGres.
cluster.metadata.annotations.clusterPods
Annotations to attach to pods created or managed by StackGres.
cluster.metadata.annotations.services
Annotations to attach to all services created or managed by StackGres.
cluster.metadata.annotations.primaryService
Custom Kubernetes annotations passed to the -primary service.
cluster.metadata.annotations.replicasService
Custom Kubernetes annotations passed to the -replicas service.
cluster.metadata.labels.clusterPods
Labels to attach to pods created or managed by StackGres.

Instance profiles

Parameter Description Default
instanceProfiles.<index>.name

Name of the Instance Profile. An instance profile represents a ““kind”” of server (CPU and RAM) where you may run StackGres, classified by a given name. The profile may be referenced by zero or more SGClusters, and if so it would be referenced by its name. Following Kubernetes naming conventions, it must be an rfc1035/rfc1123 subdomain, that is, up to 253 characters consisting of one or more lowercase labels separated by .. Where each label is an alphanumeric (a-z, and 0-9) string, with a maximum length of 63 characters, with the - character allowed anywhere except the first or last character.

The name must be unique across all instance profiles in the same namespace."

See below
instanceProfiles.<index>.cpu

CPU(s) (cores) used for every instance of a SGCluster. Please note that every StackGres pod contains not only the Patroni+Postgres container, but several other sidecar containers. While the majority of the resources are devoted to the main Postgres container, some CPU is needed for the sidecars.

The number of cores set is split between all the containers.

A minimum of 2 cores is recommended.

See below
instanceProfiles.<index>.memory

RAM allocated to every instance of a SGCluster. The suffix Mi or Gi specifies Mebibytes or Gibibytes, respectively. Please note that every StackGres pod contains not only the Patroni+Postgres container, but several other sidecar containers. While the majority of the resources are devoted to the main Postgres container, some RAM is needed for the sidecars.

The amount of RAM set is split between all the containers.

A minimum of 2-4Gi is recommended.

See below

By default following profiles are created:

instanceProfiles:
  - name: size-xs
    cpu: "500m"
    memory: "512Mi"
  - name: size-s
    cpu: "1"
    memory: "2Gi"
  - name: size-m
    cpu: "2"
    memory: "4Gi"
  - name: size-l
    cpu: "4"
    memory: "8Gi"
  - name: size-xl
    cpu: "6"
    memory: "16Gi"
  - name: size-xxl
    cpu: "8"
    memory: "32Gi"

Postgres configuration

Parameter Description Default
configurations.postgresconfig.postgresql\.conf
The postgresql.conf parameters the configuration contains, represented as an object where the keys are valid names for the postgresql.conf configuration file parameters of the given postgresVersion. You may check postgresqlco.nf as a reference on how to tune and find the valid parameters for a given major version.
See below

By default following parameters are specified:

configurations:
  postgresconfig:
    postgresql.conf:
      shared_buffers: '256MB'
      random_page_cost: '1.5'
      password_encryption: 'scram-sha-256'
      wal_compression: 'on'
      checkpoint_timeout: '30'

Connection pooling configuration

Parameter Description Default
configurations.poolingconfig.pgBouncer.pgbouncer\.ini

The pgbouncer.ini parameters the configuration contains, represented as an object where the keys are valid names for the pgbouncer.ini configuration file parameters.

Check pgbouncer configuration for more information about supported parameters.

See below

By default following parameters are specified:

configurations:
  poolingconfig:
    pgBouncer:
      pgbouncer.ini:
        pool_mode: transaction
        max_client_conn: '200'
        default_pool_size: '200'

Backup configuration

By default the chart create a storage class backed by an MinIO server. To avoid the creation of the MinIO server set nonProductionOptions.createMinio to false and fill any of the configurations.backupconfig.storage.s3, configurations.backupconfig.storage.gcs or configurations.backupconfig.storage.azureBlob sections.

Parameter Description Default
configurations.backupconfig.create
If true create and set the backup configuration for the cluster.
true
configurations.backupconfig.baseBackups.retention

When an automatic retention policy is defined to delete old base backups, this parameter specifies the number of base backups to keep, in a sliding window.

Consequently, the time range covered by backups is periodicity*retention, where periodicity is the separation between backups as specified by the cronSchedule property.

Default is 5.

5
configurations.backupconfig.baseBackups.cronSchedule

Continuous Archiving backups are composed of periodic base backups and all the WAL segments produced in between those base backups. This parameter specifies at what time and with what frequency to start performing a new base backup.

Use cron syntax (m h dom mon dow) for this parameter, i.e., 5 values separated by spaces:

  • m: minute, 0 to 59.
  • h: hour, 0 to 23.
  • dom: day of month, 1 to 31 (recommended not to set it higher than 28).
  • mon: month, 1 to 12.
  • dow: day of week, 0 to 7 (0 and 7 both represent Sunday).

Also ranges of values (start-end), the symbol * (meaning first-last) or even */N, where N is a number, meaning ““every N, may be used. All times are UTC. It is recommended to avoid 00:00 as base backup time, to avoid overlapping with any other external operations happening at this time.

If not set, full backups are performed each day at 05:00 UTC.

Each 2 minutes
configurations.backupconfig.baseBackups.compression
Specifies the backup compression algorithm. Possible options are: lz4, lzma, brotli. The default method is lz4. LZ4 is the fastest method, but compression ratio is the worst. LZMA is way slower, but it compresses backups about 6 times better than LZ4. Brotli is a good trade-off between speed and compression ratio, being about 3 times better than LZ4.
lz4
configurations.backupconfig.baseBackups.performance.uploadDiskConcurrency
Backup storage may use several concurrent streams to store the data. This parameter configures the number of parallel streams to use. By default, it’s set to 1 (use one stream).
1
configurations.backupconfig.baseBackups.performance.maxNetworkBandwitdh
Maximum disk read I/O when performing a backup. In bytes (per second).
unlimited
configurations.backupconfig.baseBackups.performance.maxDiskBandwitdh
Maximum storage upload bandwidth used when storing a backup. In bytes (per second).
unlimited

Amazon Web Services S3

Parameter Description Default
configurations.backupconfig.storage.s3.bucket
AWS S3 bucket name.
configurations.backupconfig.storage.s3.path
Optional path within the S3 bucket. Note that StackGres generates in any case a folder per StackGres cluster, using the SGCluster.metadata.name.
configurations.backupconfig.storage.s3.awsCredentials.secretKeySelectors.accessKeyId
AWS access key ID. For example, AKIAIOSFODNN7EXAMPLE.
configurations.backupconfig.storage.s3.awsCredentials.secretKeySelectors.accessKeyId.name
Name of the referent. More information.
configurations.backupconfig.storage.s3.awsCredentials.secretKeySelectors.accessKeyId.key
The key of the secret to select from. Must be a valid secret key.
configurations.backupconfig.storage.s3.awsCredentials.secretKeySelectors.secretAccessKey
AWS secret access key. For example, wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY.
configurations.backupconfig.storage.s3.awsCredentials.secretKeySelectors.secretAccessKey.name
Name of the referent. More information.
configurations.backupconfig.storage.s3.awsCredentials.secretKeySelectors.secretAccessKey.key
The key of the secret to select from. Must be a valid secret key.
configurations.backupconfig.storage.s3.region
The AWS S3 region. The Region may be detected using s3:GetBucketLocation, but if you wish to avoid giving permissions to this API call or forbid it from the applicable IAM policy, you must then specify this property.
configurations.backupconfig.storage.s3.storageClass
The Amazon S3 Storage Class to use for the backup object storage. By default, the STANDARD storage class is used. Other supported values include STANDARD_IA for Infrequent Access and REDUCED_REDUNDANCY.

Amazon Web Services S3 Compatible

Parameter Description Default
configurations.backupconfig.storage.s3Compatible.bucket
Bucket name.
configurations.backupconfig.storage.s3Compatible.path
Optional path within the S3 bucket. Note that StackGres generates in any case a folder per StackGres cluster, using the SGCluster.metadata.name.
configurations.backupconfig.storage.s3Compatible.bucket The AWS S3 bucket (eg. bucket).
configurations.backupconfig.storage.s3Compatible.path The AWS S3 bucket path (eg. /path/to/folder).
configurations.backupconfig.storage.s3Compatible.awsCredentials.secretKeySelectors.accessKeyId
AWS access key ID. For example, AKIAIOSFODNN7EXAMPLE.
configurations.backupconfig.storage.s3Compatible.awsCredentials.secretKeySelectors.accessKeyId.name
Name of the referent. More information.
configurations.backupconfig.storage.s3Compatible.awsCredentials.secretKeySelectors.accessKeyId.key
The key of the secret to select from. Must be a valid secret key.
configurations.backupconfig.storage.s3Compatible.awsCredentials.secretKeySelectors.secretAccessKey
AWS secret access key. For example, wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY.
configurations.backupconfig.storage.s3Compatible.awsCredentials.secretKeySelectors.secretAccessKey.name
Name of the referent. More information.
configurations.backupconfig.storage.s3Compatible.awsCredentials.secretKeySelectors.secretAccessKey.key
The key of the secret to select from. Must be a valid secret key.
configurations.backupconfig.storage.s3Compatible.region
The AWS S3 region. The Region may be detected using s3:GetBucketLocation, but if you wish to avoid giving permissions to this API call or forbid it from the applicable IAM policy, you must then specify this property.
configurations.backupconfig.storage.s3Compatible.storageClass
The Amazon S3 Storage Class to use for the backup object storage. By default, the STANDARD storage class is used. Other supported values include STANDARD_IA for Infrequent Access and REDUCED_REDUNDANCY.
configurations.backupconfig.storage.s3Compatible.endpoint
Overrides the default url to connect to an S3-compatible service. For example: http://s3-like-service:9000.
configurations.backupconfig.storage.s3Compatible.enablePathStyleAddressing

Enable path-style addressing (i.e. http://s3.amazonaws.com/BUCKET/KEY) when connecting to an S3-compatible service that lacks support for sub-domain style bucket URLs (i.e. http://BUCKET.s3.amazonaws.com/KEY).

Defaults to false.

Google Cloud Storage

Parameter Description Default
configurations.backupconfig.storage.gcs.bucket
GCS bucket name.
configurations.backupconfig.storage.gcs.path
Optional path within the GCS bucket. Note that StackGres generates in any case a folder per StackGres cluster, using the SGCluster.metadata.name.
configurations.backupconfig.storage.gcs.gcpCredentials.secretKeySelectors.serviceAccountJSON
A service account key from GCP. In JSON format, as downloaded from the GCP Console.
configurations.backupconfig.storage.gcs.gcpCredentials.secretKeySelectors.serviceAccountJSON.name
Name of the referent. More information.
configurations.backupconfig.storage.gcs.gcpCredentials.secretKeySelectors.serviceAccountJSON.key
The key of the secret to select from. Must be a valid secret key.

Azure Blob Storage

Parameter Description Default
configurations.backupconfig.storage.azureBlob.bucket
Azure Blob Storage bucket name.
configurations.backupconfig.storage.azureBlob.path
Optional path within the Azure Blob bucket. Note that StackGres generates in any case a folder per StackGres cluster, using the SGCluster.metadata.name.
configurations.backupconfig.storage.azureBlob.azureCredentials.secretKeySelectors.storageAccount
The Storage Account that contains the Blob bucket to be used.
configurations.backupconfig.storage.azureBlob.azureCredentials.secretKeySelectors.storageAccount.name
Name of the referent. More information.
configurations.backupconfig.storage.azureBlob.azureCredentials.secretKeySelectors.storageAccount.key
The key of the secret to select from. Must be a valid secret key.
configurations.backupconfig.storage.azureBlob.azureCredentials.secretKeySelectors.accessKey
configurations.backupconfig.storage.azureBlob.azureCredentials.secretKeySelectors.accessKey.name
Name of the referent. More information.
configurations.backupconfig.storage.azureBlob.azureCredentials.secretKeySelectors.accessKey.key
The key of the secret to select from. Must be a valid secret key.

Restore configuration

By default, stackgres creates as an empty database. To create a cluster with data from an existent backup, we have the restore options. It works, by simply indicating the backup CR Uid that we want to restore.

Parameter Description Default
cluster.initialData.restore.fromBackup
From which backup to restore and how the process is configured
cluster.initialData.restore.downloadDiskConcurrency

The backup fetch process may fetch several streams in parallel. Parallel fetching is enabled when set to a value larger than one.

If not specified it will be interpreted as latest.

Scripts configuration

By default, stackgres creates as an empty database. To execute some scripts, we have the scripts options where you can specify a script or reference a key in a ConfigMap or a Secret that contains the script to execute.

Parameter Description Default
cluster.initialData.scripts.<index>.name
Name of the script. Must be unique across this SGCluster.
cluster.initialData.scripts.<index>.database
Database where the script is executed. Defaults to the postgres database, if not specified.
postgres
cluster.initialData.scripts.<index>.script
Raw SQL script to execute. This field is mutually exclusive with scriptFrom field.
cluster.initialData.scripts.<index>.scriptFrom

Reference to either a Kubernetes Secret or a ConfigMap that contains the SQL script to execute. This field is mutually exclusive with script field.

Fields secretKeyRef and configMapKeyRef are mutually exclusive, and one of them is required.

cluster.initialData.scripts.<index>.scriptFrom.configMapKeyRef
A ConfigMap reference that contains the SQL script to execute. This field is mutually exclusive with secretKeyRef field.
cluster.initialData.scripts.<index>.scriptFrom.configMapKeyRef.name
The name of the ConfigMap that contains the SQL script to execute.
cluster.initialData.scripts.<index>.scriptFrom.configMapKeyRef.key
The key name within the ConfigMap that contains the SQL script to execute.
cluster.initialData.scripts.<index>.scriptFrom.secretKeyRef
A Kubernetes SecretKeySelector that contains the SQL script to execute. This field is mutually exclusive with configMapKeyRef field.
cluster.initialData.scripts.<index>.scriptFrom.secretKeyRef.name
Name of the referent. More information.
cluster.initialData.scripts.<index>.scriptFrom.secretKeyRef.key
The key of the secret to select from. Must be a valid secret key.

Distributed logs

By default, stackgres send logs to container stdout. To send logs to a distributed logs create a distributed logs cluster and configure the cluster to use it by setting distributedLogs.enabled to true.

Parameter Description Default
cluster.distributedLogs.sgDistributedLogs
Name of the SGDistributedLogs to use for this cluster. It must exist.
distributedlogs
distributedLogs.enabled
It enables distributed logs cluster creation and configuration in order to be used by the cluster.
false
distributedLogs.create
It controls the creation of the distirbuted logs cluster. If set to false the distributed logs cluster will not be created and it must already exists in order to be used if distributedLogs.enabled is set to true.
true
distributedLogs.persistentVolume.size
Size of the PersistentVolume set for the pod of the cluster for distributed logs. This size is specified either in Mebibytes, Gibibytes or Tebibytes (multiples of 2^20, 2^30 or 2^40, respectively).
5Gi
distributedLogs.persistentVolume.storageClass
Name of an existing StorageClass in the Kubernetes cluster, used to create the PersistentVolumes for the instances of the cluster.

Non production options

The following options should NOT be enabled in a production environment.

Parameter Description Default
nonProductionOptions.disableClusterPodAntiAffinity

It is a best practice, on non-containerized environments, when running production workloads, to run each database server on a different server (virtual or physical), i.e., not to co-locate more than one database server per host.

The same best practice applies to databases on containers. By default, StackGres will not allow to run more than one StackGres pod on a given Kubernetes node. Set this property to true to allow more than one StackGres pod per node.

true
nonProductionOptions.createMinio
If true create a MinIO server that will be used to store backups.
true