Operator Parameters

Key
Type
Default
Description

Workaround for hugo bug not rendering first table row

adminui.image.name string "stackgres/admin-ui" Web Console image name
adminui.image.pullPolicy string "IfNotPresent" Web Console image pull policy
adminui.image.tag string "main-1.14" Web Console image tag
adminui.resources object {} Web Console resources. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#resourcerequirements-v1-core
adminui.service.exposeHTTP bool false When set to true the HTTP port will be exposed in the Web Console Service
adminui.service.loadBalancerIP string nil LoadBalancer will get created with the IP specified in this field. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature.
adminui.service.loadBalancerSourceRanges array nil If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature. More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/
adminui.service.nodePort integer nil The HTTPS port used to expose the Service on Kubernetes nodes
adminui.service.nodePortHTTP integer nil The HTTP port used to expose the Service on Kubernetes nodes
adminui.service.type string "ClusterIP" The type used for the service of the UI: * Set to LoadBalancer to create a load balancer (if supported by the kubernetes cluster) to allow connect from Internet to the UI. Note that enabling this feature will probably incurr in some fee that depend on the host of the kubernetes cluster (for example this is true for EKS, GKE and AKS). * Set to NodePort to expose admin UI from kubernetes nodes.
allowedNamespaces list [] Section to configure Operator allowed namespaces that the operator is allowed to use. If empty all namespaces will be allowed (default).
authentication.createAdminSecret boolean true When true will create the secret used to store the admin user credentials to access the UI.
authentication.oidc string nil
authentication.password string nil The admin password that will be required to access the UI
authentication.type string "jwt" Specify the authentication mechanism to use. By default is jwt, see https://stackgres.io/doc/latest/api/rbac#local-secret-mechanism. If set to oidc then see https://stackgres.io/doc/latest/api/rbac/#openid-connect-provider-mechanism.
authentication.user string "admin" The admin username that will be required to access the UI
cert.autoapprove bool true If set to true the CertificateSigningRequest used to generate the certificate used by Webhooks will be approved by the Operator Installation Job.
cert.certDuration integer 730 The duration in days of the generated certificate for the Operator after which it will expire and be regenerated. If not specified it will be set to 730 (2 years) by default.
cert.certManager.autoConfigure bool false When set to true then Issuer and Certificate for Operator and Web Console / REST API Pods will be generated
cert.certManager.duration string "2160h" The requested duration (i.e. lifetime) of the Certificates. See https://cert-manager.io/docs/reference/api-docs/#cert-manager.io%2fv1
cert.certManager.encoding string "PKCS1" The private key cryptography standards (PKCS) encoding for this certificate’s private key to be encoded in. See https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificatePrivateKey
cert.certManager.renewBefore string "360h" How long before the currently issued certificate’s expiry cert-manager should renew the certificate. See https://cert-manager.io/docs/reference/api-docs/#cert-manager.io%2fv1
cert.certManager.size int 2048 Size is the key bit size of the corresponding private key for this certificate. See https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificatePrivateKey
cert.createForCollector bool true When set to true the OpenTelemetry Collector certificate will be created.
cert.createForOperator bool true When set to true the Operator certificate will be created.
cert.createForWebApi bool true When set to true the Web Console / REST API certificate will be created.
cert.crt string nil The Operator Webhooks certificate issued by Kubernetes cluster CA.
cert.jwtRsaKey string nil The private RSA key used to generate JWTs used in REST API authentication.
cert.jwtRsaPub string nil The public RSA key used to verify JWTs used in REST API authentication.
cert.key string nil The private RSA key used to create the Operator Webhooks certificate issued by the Kubernetes cluster CA.
cert.regenerateCert bool true When set to true the Operator certificates will be regenerated if createForOperator is set to true, and the certificate is expired or invalid.
cert.regenerateWebCert bool true When set to true the Web Console / REST API certificates will be regenerated if createForWebApi is set to true, and the certificate is expired or invalid.
cert.regenerateWebRsa bool true When set to true the Web Console / REST API RSA key pair will be regenerated if createForWebApi is set to true, and the certificate is expired or invalid.
cert.secretName string nil The Secret name with the Operator Webhooks certificate issued by the Kubernetes cluster CA of type kubernetes.io/tls. See https://kubernetes.io/docs/concepts/configuration/secret/#tls-secrets
cert.webCertDuration integer nil The duration in days of the generated certificate for the Web Console / REST API after which it will expire and be regenerated. If not specified it will be set to 730 (2 years) by default.
cert.webCrt string nil The Web Console / REST API certificate
cert.webKey string nil The private RSA key used to create the Web Console / REST API certificate
cert.webRsaDuration integer nil The duration in days of the generated RSA key pair for the Web Console / REST API after which it will expire and be regenerated. If not specified it will be set to 730 (2 years) by default.
cert.webSecretName string nil The Secret name with the Web Console / REST API certificate of type kubernetes.io/tls. See https://kubernetes.io/docs/concepts/configuration/secret/#tls-secrets
collector.affinity object {} OpenTelemetry Collector Pod affinity
collector.annotations object {} OpenTelemetry Collector Pod annotations. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#affinity-v1-core
collector.config.exporters.otlp.endpoint string "stackgres-collector:4317"
collector.config.exporters.otlp.tls.ca_file string "/etc/operator/certs/tls.crt"
collector.config.exporters.prometheus.enable_open_metrics bool false
collector.config.exporters.prometheus.endpoint string "0.0.0.0:9464"
collector.config.exporters.prometheus.metric_expiration string "180m"
collector.config.exporters.prometheus.resource_to_telemetry_conversion.enabled bool false
collector.config.exporters.prometheus.send_timestamps bool true
collector.config.exporters.prometheus.tls.ca_file string "/etc/operator/certs/tls.crt"
collector.config.exporters.prometheus.tls.cert_file string "/etc/operator/certs/tls.crt"
collector.config.exporters.prometheus.tls.key_file string "/etc/operator/certs/tls.key"
collector.config.exporters.prometheus.tls.reload_interval string "10m"
collector.config.processors object {}
collector.config.receivers.otlp.protocols.grpc.endpoint string "0.0.0.0:4317"
collector.config.receivers.otlp.protocols.grpc.tls.ca_file string "/etc/operator/certs/tls.crt"
collector.config.receivers.otlp.protocols.grpc.tls.cert_file string "/etc/operator/certs/tls.crt"
collector.config.receivers.otlp.protocols.grpc.tls.key_file string "/etc/operator/certs/tls.key"
collector.config.service.extensions list []
collector.config.service.pipelines.metrics.exporters[0] string "prometheus"
collector.config.service.pipelines.metrics.processors list []
collector.config.service.pipelines.metrics.receivers[0] string "prometheus"
collector.name string "stackgres-collector" OpenTelemetry Collector Deployment/DeamonSet base name
collector.nodeSelector object {} OpenTelemetry Collector Pod node slector
collector.ports[0].containerPort int 9464
collector.ports[0].name string "prom-http"
collector.ports[0].protocol string "TCP"
collector.prometheusOperator.allowDiscovery bool true If set to false or monitors is set automatic bind to Prometheus created using the Prometheus Operator will be disabled. If disabled the cluster will not be binded to Prometheus automatically and will require manual configuration. Will be ignored if monitors is set
collector.prometheusOperator.monitors string nil
collector.receivers.deployments string nil
collector.receivers.enabled bool false When true the OpenTelemetry Collector receivers will be enabled
collector.receivers.exporters int 1 Allow to increase the number of OpenTelemetry Collector exporters if receivers is enabled
collector.resources object {} OpenTelemetry Collector Pod resources. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#resourcerequirements-v1-core
collector.service.annotations object {} OpenTelemetry Collector Service annotations
collector.service.spec.ports[0].name string "prom-http"
collector.service.spec.ports[0].port int 9464
collector.service.spec.ports[0].protocol string "TCP"
collector.service.spec.ports[0].targetPort string "prom-http"
collector.service.spec.type string "ClusterIP"
collector.serviceAccount.annotations object {} OpenTelemetry Collector ServiceAccount annotations
collector.tolerations list [] OpenTelemetry Collector Pod tolerations. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core
collector.volumeMounts list []
collector.volumes list []
containerRegistry string "quay.io" The container registry host (and port) where the images will be pulled from.
deploy.collector bool true When set to true the OpenTelemetry Collector will be deployed.
deploy.operator bool true When set to true the Operator will be deployed.
deploy.restapi bool true When set to true the Web Console / REST API will be deployed.
developer.allowPullExtensionsFromImageRepository bool false If set to true and extensions.cache.enabled is also true it will try to download extensions from images (experimental)
developer.disableArbitraryUser bool false It set to true disable arbitrary user that is set for OpenShift clusters
developer.enableJvmDebug bool false Only work with JVM version and allow connect on port 8000 of operator Pod with jdb or similar
developer.enableJvmDebugSuspend bool false Only work with JVM version and if enableJvmDebug is true suspend the JVM until a debugger session is started
developer.externalOperatorIp string nil Set the external Operator IP
developer.externalOperatorPort integer nil Set the external Operator port
developer.externalRestApiIp string nil Set the external REST API IP
developer.externalRestApiPort integer nil Set the external REST API port
developer.logLevel string nil Set quarkus.log.level. See https://quarkus.io/guides/logging#root-logger-configuration
developer.patches.adminui.volumeMounts list [] Pod’s container volume mounts. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volumemount-v1-core
developer.patches.adminui.volumes list [] Pod volumes. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volume-v1-core
developer.patches.clusterController.volumeMounts list [] Pod’s container volume mounts. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volumemount-v1-core
developer.patches.clusterController.volumes list [] Pod volumes. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volume-v1-core
developer.patches.distributedlogsController.volumeMounts list [] Pod’s container volume mounts. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volumemount-v1-core
developer.patches.distributedlogsController.volumes list [] Pod volumes. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volume-v1-core
developer.patches.jobs.volumeMounts list [] Pod’s container volume mounts. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volumemount-v1-core
developer.patches.jobs.volumes list [] Pod volumes. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volume-v1-core
developer.patches.operator.volumeMounts list [] Pod’s container volume mounts. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volumemount-v1-core
developer.patches.operator.volumes list [] Pod volumes. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volume-v1-core
developer.patches.restapi.volumeMounts list [] Pod’s container volume mounts. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volumemount-v1-core
developer.patches.restapi.volumes list [] Pod volumes. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volume-v1-core
developer.showDebug bool false If set to true add extra debug to any script controlled by the reconciliation cycle of the operator configuration
developer.showStackTraces bool false Set quarkus.log.console.format to %d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c{4.}] (%t) %s%e%n. See https://quarkus.io/guides/logging#logging-format
developer.version string nil Set the operator version (used for testing)
extensions.cache.enabled bool false When set to true enable the extensions cache. This feature is in beta and may cause failures, please use with caution and report any error to https://gitlab.com/ongresinc/stackgres/-/issues/new
extensions.cache.hostPath string nil If set, will use a host path volume with the specified path for the extensions cache instead of a PersistentVolume
extensions.cache.persistentVolume.size string "1Gi" The PersistentVolume size for the extensions cache Only use whole numbers (e.g. not 1e6) and K/Ki/M/Mi/G/Gi as units
extensions.cache.persistentVolume.storageClass string nil If defined set storage class If set to “-” (equivalent to storageClass: "" in a PV spec) disables dynamic provisioning If undefined (the default) or set to null, no storageClass spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack)
extensions.cache.preloadedExtensions list ["x86_64/linux/timescaledb-1\\.7\\.4-pg12"] An array of extensions pattern used to pre-loaded estensions into the extensions cache
extensions.repositoryUrls list ["https://extensions.stackgres.io/postgres/repository"] A list of extensions repository URLs used to retrieve extensions To set a proxy for extensions repository add parameter proxyUrl to the URL: https://extensions.stackgres.io/postgres/repository?proxyUrl=<proxy scheme>%3A%2F%2F<proxy host>[%3A<proxy port>] (URL encoded) Other URL parameters are: * skipHostnameVerification: set it to true in order to use a server or a proxy with a self signed certificate * retry: set it to <max retriex>[:<sleep before next retry>] in order to retry a request on failure * setHttpScheme: set it to true in order to force using HTTP scheme
grafana.autoEmbed bool false When set to true embed automatically Grafana into the Web Console by creating the StackGres dashboards and the read-only role used to read it from the Web Console
grafana.dashboardConfigMap string nil The ConfigMap name with the dashboard JSONs that will be created in Grafana. If not set the default StackGres dashboards will be created. (used to embed automatically Grafana)
grafana.datasourceName string "Prometheus" The datasource name used to create the StackGres Dashboards into Grafana
grafana.password string "prom-operator" The password to access Grafana. By default prom-operator (the default in for kube-prometheus-stack helm chart). (used to embed automatically Grafana)
grafana.schema string "http" The schema to access Grafana. By default http. (used to embed manually and automatically grafana)
grafana.secretName string nil The name of secret with credentials to access Grafana. (used to embed automatically Grafana, alternative to use user and password)
grafana.secretNamespace string nil The namespace of secret with credentials to access Grafana. (used to embed automatically Grafana, alternative to use user and password)
grafana.secretPasswordKey string nil The key of secret with password used to access Grafana. (used to embed automatically Grafana, alternative to use user and password)
grafana.secretUserKey string nil The key of secret with username used to access Grafana. (used to embed automatically Grafana, alternative to use user and password)
grafana.token string nil The Grafana API token to access the PostgreSQL dashboards created in Grafana (used to embed manually Grafana)
grafana.urls array nil The URLs of the PostgreSQL dashboards created in Grafana (used to embed manually Grafana). It must contain an entry for each JSON file under grafana-dashboards folder: archiving.json, connection-pooling.json, current-activity.json, db-info.json, db-objects.json, db-os.json, queries.json and replication.json
grafana.user string "admin" The username to access Grafana. By default admin. (used to embed automatically Grafana)
grafana.webHost string nil The service host name to access grafana (used to embed manually and automatically Grafana). The parameter value should point to the grafana service following the DNS reference svc_name.namespace
imagePullPolicy string "IfNotPresent" Image pull policy used for images loaded by the Operator
jobs.affinity object {} Operator Installation Jobs affinity. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core
jobs.annotations object {} Operator Installation Jobs annotations
jobs.image.name string "stackgres/jobs" Operator Installation Jobs image name
jobs.image.pullPolicy string "IfNotPresent" Operator Installation Jobs image pull policy
jobs.image.tag string "main-1.14-jvm" Operator Installation Jobs image tag
jobs.nodeSelector object {} Operator Installation Jobs node selector
jobs.resources object {} Operator Installation Jobs resources. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#resourcerequirements-v1-core
jobs.tolerations list [] Operator Installation Jobs tolerations. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core
operator.affinity object {} Operator Pod affinity. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core
operator.annotations object {} Operator Pod annotations
operator.image.name string "stackgres/operator" Operator image name
operator.image.pullPolicy string "IfNotPresent" Operator image pull policy
operator.image.tag string "main-1.14-jvm" Operator image tag
operator.nodeSelector object {} Operator Pod node selector
operator.resources object {} Operator Pod resources. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#resourcerequirements-v1-core
operator.service.annotations object {} Section to configure Operator Service annotations
operator.serviceAccount.annotations object {} Section to configure Operator ServiceAccount annotations
operator.serviceAccount.repoCredentials list [] Repositories credentials Secret names to attach to ServiceAccounts and Pods
operator.tolerations list [] Operator Pod tolerations. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core
rbac.create bool true When set to true the admin user is assigned the cluster-admin ClusterRole by creating ClusterRoleBinding.
restapi.affinity object {} REST API Pod affinity. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core
restapi.annotations object {} REST API Pod annotations
restapi.image.name string "stackgres/restapi" REST API image name
restapi.image.pullPolicy string "IfNotPresent" REST API image pull policy
restapi.image.tag string "main-1.14-jvm" REST API image tag
restapi.name string "stackgres-restapi" REST API Deployment name
restapi.nodeSelector object {} REST API Pod node selector
restapi.resources object {} REST API Pod resources. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#resourcerequirements-v1-core
restapi.service.annotations object {} REST API Service annotations
restapi.serviceAccount.annotations object {} REST API ServiceAccount annotations
restapi.serviceAccount.repoCredentials list [] Repositories credentials Secret names to attach to ServiceAccounts and Pods
restapi.tolerations list [] REST API Pod tolerations. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core
serviceAccount.annotations object {} Section to configure Operator ServiceAccount annotations
serviceAccount.create bool true If true the Operator Installation ServiceAccount will be created
serviceAccount.repoCredentials list [] Repositories credentials Secret names to attach to ServiceAccounts and Pods
specFields list ["containerRegistry","imagePullPolicy","imagePullSecrets","allowedNamespaces","allowedNamespaceLabelSelector","disableClusterRole","allowImpersonationForRestApi","disableCrdsAndWebhooksUpdate","sgConfigNamespace","serviceAccount","operator","restapi","adminui","collector","jobs","deploy","cert","rbac","authentication","prometheus","grafana","extensions","shardingSphere","developer"] The list of fields that are serialized into the spec of SGConfig
--- title: Operator Parameters weight: 1 url: /install/helm/parameters aliases: [ /install/operator/parameters ] description: Details about cluster parameters that can be used with Helm to set up the operator. showToc: true ---

Helm values will be mapped with the spec section of SGConfig.