| adminui.image.name |
string |
"stackgres/admin-ui" |
Web Console image name |
| adminui.image.pullPolicy |
string |
"IfNotPresent" |
Web Console image pull policy |
| adminui.image.tag |
string |
"main-1.5" |
Web Console image tag |
| adminui.name |
string |
"stackgres-adminui" |
Web Console container name |
| adminui.resources |
object |
{} |
Web Console resources. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#resourcerequirements-v1-core |
| adminui.service.exposeHTTP |
bool |
false |
When set to true the HTTP port will be exposed in the Web Console Service |
| adminui.service.loadBalancerIP |
string |
nil |
LoadBalancer will get created with the IP specified in this field. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature. |
| adminui.service.loadBalancerSourceRanges |
string |
nil |
If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature. More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/ |
| adminui.service.nodePort |
string |
nil |
The HTTPS port used to expose the Service on Kubernetes nodes |
| adminui.service.nodePortHTTP |
string |
nil |
The HTTP port used to expose the Service on Kubernetes nodes |
| adminui.service.type |
string |
"ClusterIP" |
The type used for the service of the UI: * Set to LoadBalancer to create a load balancer (if supported by the kubernetes cluster) to allow connect from Internet to the UI. Note that enabling this feature will probably incurr in some fee that depend on the host of the kubernetes cluster (for example this is true for EKS, GKE and AKS). * Set to NodePort to expose admin UI from kubernetes nodes. |
| authentication.oidc.authServerUrl |
string |
nil |
|
| authentication.oidc.clientId |
string |
nil |
|
| authentication.oidc.clientIdSecretRef.key |
string |
nil |
|
| authentication.oidc.clientIdSecretRef.name |
string |
nil |
|
| authentication.oidc.credentialsSecret |
string |
nil |
|
| authentication.oidc.credentialsSecretSecretRef.key |
string |
nil |
|
| authentication.oidc.credentialsSecretSecretRef.name |
string |
nil |
|
| authentication.oidc.tlsVerification |
string |
nil |
Can be one of required, certificate-validation or none |
| authentication.password |
string |
nil |
The admin password that will be required to access the UI |
| authentication.resetPassword |
bool |
false |
When set to true the admin user password will be reset. |
| authentication.secretRef.name |
string |
nil |
The admin user Secret name to be used. Allow to specify the secret name that will be used store the credentials to access the UI. It simply prevent creating the secret automatically. |
| authentication.type |
string |
"jwt" |
Specify the authentication mechanism to use. By default is jwt, see https://stackgres.io/doc/latest/api/rbac#local-secret-mechanism. If set to oidc then see https://stackgres.io/doc/latest/api/rbac/#openid-connect-provider-mechanism. |
| authentication.user |
string |
"admin" |
The admin username that will be required to access the UI |
| cert.autoapprove |
bool |
true |
If set to true the CertificateSigningRequest used to generate the certificate used by Webhooks will be approved by the Operator Installation Job. |
| cert.certManager.autoConfigure |
bool |
false |
When set to true then Issuer and Certificate for Operator and Web Console / REST API Pods will be generated |
| cert.certManager.duration |
string |
"2160h" |
The requested duration (i.e. lifetime) of the Certificates. See https://cert-manager.io/docs/reference/api-docs/#cert-manager.io%2fv1 |
| cert.certManager.encoding |
string |
"PKCS1" |
The private key cryptography standards (PKCS) encoding for this certificate’s private key to be encoded in. See https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificatePrivateKey |
| cert.certManager.renewBefore |
string |
"360h" |
How long before the currently issued certificate’s expiry cert-manager should renew the certificate. See https://cert-manager.io/docs/reference/api-docs/#cert-manager.io%2fv1 |
| cert.certManager.size |
int |
2048 |
Size is the key bit size of the corresponding private key for this certificate. See https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificatePrivateKey |
| cert.createForOperator |
bool |
true |
When set to true the Operator certificate will be created. |
| cert.createForWebApi |
bool |
true |
When set to true the Web Console / REST API certificate will be created. |
| cert.crt |
string |
nil |
The Operator Webhooks certificate issued by Kubernetes cluster CA. |
| cert.jwtRsaKey |
string |
nil |
The private RSA key used to generate JWTs used in REST API authentication. |
| cert.jwtRsaPub |
string |
nil |
The public RSA key used to verify JWTs used in REST API authentication. |
| cert.key |
string |
nil |
The private RSA key used to create the Operator Webhooks certificate issued by the Kubernetes cluster CA. |
| cert.resetCerts |
bool |
false |
When set to true the Web Console / REST API certificates will be reset. |
| cert.secretName |
string |
nil |
The Secret name with the Operator Webhooks certificate issued by the Kubernetes cluster CA of type kubernetes.io/tls. See https://kubernetes.io/docs/concepts/configuration/secret/#tls-secrets |
| cert.webCrt |
string |
nil |
The Web Console / REST API certificate |
| cert.webKey |
string |
nil |
The private RSA key used to create the Web Console / REST API certificate |
| cert.webSecretName |
string |
nil |
The Secret name with the Web Console / REST API certificate of type kubernetes.io/tls. See https://kubernetes.io/docs/concepts/configuration/secret/#tls-secrets |
| containerRegistry |
string |
"quay.io" |
The container registry host (and port) where the images will be pulled from. |
| deploy.operator |
bool |
true |
When set to true the Operator will be deployed. |
| deploy.restapi |
bool |
true |
When set to true the Web Console / REST API will be deployed. |
| developer.allowPullExtensionsFromImageRepository |
bool |
false |
If set to true and extensions.cache.enabled is also true it will try to download extensions from images (experimental) |
| developer.disableArbitraryUser |
bool |
false |
It set to true disable arbitrary user that is set for OpenShift clusters |
| developer.enableJvmDebug |
bool |
false |
Only work with JVM version and allow connect on port 8000 of operator Pod with jdb or similar |
| developer.enableJvmDebugSuspend |
bool |
false |
Only work with JVM version and if enableJvmDebug is true suspend the JVM until a debugger session is started |
| developer.externalOperatorIp |
string |
nil |
Set the external Operator IP |
| developer.externalOperatorPort |
integer |
nil |
Set the external Operator port |
| developer.externalRestApiIp |
string |
nil |
Set the external REST API IP |
| developer.externalRestApiPort |
integer |
nil |
Set the external REST API port |
| developer.logLevel |
string |
nil |
Set quarkus.log.level. See https://quarkus.io/guides/logging#root-logger-configuration |
| developer.showStackTraces |
bool |
false |
Set quarkus.log.console.format to %d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c{4.}] (%t) %s%e%n. See https://quarkus.io/guides/logging#logging-format |
| extensions.cache.enabled |
bool |
false |
When set to true enable the extensions cache. This feature is in beta and may cause failures, please use with caution and report any error to https://gitlab.com/ongresinc/stackgres/-/issues/new |
| extensions.cache.hostPath |
string |
nil |
If set, will use a host path volume with the specified path for the extensions cache instead of a PersistentVolume |
| extensions.cache.persistentVolume.size |
string |
"1Gi" |
The PersistentVolume size for the extensions cache Only use whole numbers (e.g. not 1e6) and K/Ki/M/Mi/G/Gi as units |
| extensions.cache.persistentVolume.storageClass |
string |
nil |
If defined set storage class If set to “-” (equivalent to storageClass: "" in a PV spec) disables dynamic provisioning If undefined (the default) or set to null, no storageClass spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack) |
| extensions.cache.preloadedExtensions |
list |
["x86_64/linux/timescaledb-1\\.7\\.4-pg12"] |
An array of extensions pattern used to pre-loaded estensions into the extensions cache |
| extensions.repositoryUrls |
list |
["https://extensions.stackgres.io/postgres/repository"] |
A list of extensions repository URLs used to retrieve extensions To set a proxy for extensions repository add parameter proxyUrl to the URL: https://extensions.stackgres.io/postgres/repository?proxyUrl=<proxy scheme>%3A%2F%2F<proxy host>[%3A<proxy port>] (URL encoded) |
| grafana.autoEmbed |
bool |
false |
When set to true embed automatically Grafana into the Web Console by creating the StackGres dashboard and the read-only role used to read it from the Web Console |
| grafana.dashboardConfigMap |
string |
nil |
The ConfigMap name with the dashboard JSON in the key grafana-dashboard.json that will be created in Grafana. If not set the default StackGres dashboard will be created. (used to embed automatically Grafana) |
| grafana.dashboardId |
string |
nil |
The dashboard id that will be create in Grafana (see https://grafana.com/grafana/dashboards). By default 9628. (used to embed automatically Grafana) |
| grafana.datasourceName |
string |
"Prometheus" |
The datasource name used to create the StackGres Dashboard into Grafana |
| grafana.password |
string |
"prom-operator" |
The password to access Grafana. By default prom-operator (the default in for kube-prometheus-stack helm chart). (used to embed automatically Grafana) |
| grafana.schema |
string |
"http" |
The schema to access Grafana. By default http. (used to embed manually and automatically grafana) |
| grafana.secretName |
string |
nil |
The name of secret with credentials to access Grafana. (used to embed automatically Grafana, alternative to use user and password) |
| grafana.secretNamespace |
string |
nil |
The namespace of secret with credentials to access Grafana. (used to embed automatically Grafana, alternative to use user and password) |
| grafana.secretPasswordKey |
string |
nil |
The key of secret with password used to access Grafana. (used to embed automatically Grafana, alternative to use user and password) |
| grafana.secretUserKey |
string |
nil |
The key of secret with username used to access Grafana. (used to embed automatically Grafana, alternative to use user and password) |
| grafana.token |
string |
nil |
The Grafana API token to access the PostgreSQL dashboard created in Grafana (used to embed manually Grafana) |
| grafana.url |
string |
nil |
The URL of the PostgreSQL dashboard created in Grafana (used to embed manually Grafana) |
| grafana.user |
string |
"admin" |
The username to access Grafana. By default admin. (used to embed automatically Grafana) |
| grafana.webHost |
string |
nil |
The service host name to access grafana (used to embed manually and automatically Grafana). The parameter value should point to the grafana service following the DNS reference svc_name.namespace |
| imagePullPolicy |
string |
"IfNotPresent" |
Image pull policy used for images loaded by the Operator |
| initClusterRole |
string |
"cluster-admin" |
The ClusterRole assigned to the Operation Installation Jobs. By default is cluster-admin. |
| jobs.affinity |
object |
{} |
Operator Installation Jobs affinity. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core |
| jobs.annotations |
object |
{} |
Operator Installation Jobs annotations |
| jobs.image.name |
string |
"stackgres/jobs" |
Operator Installation Jobs image name |
| jobs.image.pullPolicy |
string |
"IfNotPresent" |
Operator Installation Jobs image pull policy |
| jobs.image.tag |
string |
"main-1.5-jvm" |
Operator Installation Jobs image tag |
| jobs.nodeSelector |
object |
{} |
Operator Installation Jobs node selector |
| jobs.resources |
object |
{} |
Operator Installation Jobs resources. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#resourcerequirements-v1-core |
| jobs.tolerations |
list |
[] |
Operator Installation Jobs tolerations. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core |
| operator.affinity |
object |
{} |
Operator Pod affinity. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core |
| operator.annotations |
object |
{} |
Operator Pod annotations |
| operator.image.name |
string |
"stackgres/operator" |
Operator image name |
| operator.image.pullPolicy |
string |
"IfNotPresent" |
Operator image pull policy |
| operator.image.tag |
string |
"main-1.5-jvm" |
Operator image tag |
| operator.nodeSelector |
object |
{} |
Operator Pod node selector |
| operator.resources |
object |
{} |
Operator Pod resources. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#resourcerequirements-v1-core |
| operator.service.annotations |
object |
{} |
Section to configure Operator Service annotations |
| operator.serviceAccount.annotations |
object |
{} |
Section to configure Operator ServiceAccount annotations |
| operator.tolerations |
list |
[] |
Operator Pod tolerations. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core |
| prometheus.allowAutobind |
bool |
true |
If set to false disable automatic bind to Prometheus created using the Prometheus Operator. If disabled the cluster will not be binded to Prometheus automatically and will require manual intervention by the Kubernetes cluster administrator. |
| rbac.create |
bool |
true |
When set to true the admin user is assigned the cluster-admin ClusterRole by creating ClusterRoleBinding. |
| restapi.affinity |
object |
{} |
REST API Pod affinity. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core |
| restapi.annotations |
object |
{} |
REST API Pod annotations |
| restapi.image.name |
string |
"stackgres/restapi" |
REST API image name |
| restapi.image.pullPolicy |
string |
"IfNotPresent" |
REST API image pull policy |
| restapi.image.tag |
string |
"main-1.5-jvm" |
REST API image tag |
| restapi.name |
string |
"stackgres-restapi" |
REST API container name |
| restapi.nodeSelector |
object |
{} |
REST API Pod node selector |
| restapi.resources |
object |
{} |
REST API Pod resources. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#resourcerequirements-v1-core |
| restapi.service.annotations |
object |
{} |
REST API Service annotations |
| restapi.serviceAccount.annotations |
object |
{} |
REST API ServiceAccount annotations |
| restapi.tolerations |
list |
[] |
REST API Pod tolerations. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core |
| serviceAccount.create |
bool |
true |
If true the Operator Installation ServiceAccount will be created |
| serviceAccount.repoCredentials |
list |
[] |
Repositories credentials Secret names to attach to ServiceAccounts and Pods |