--- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: labels: app: redis-enterprise name: redis-enterprise-operator rules: - apiGroups: - rbac.authorization.k8s.io resources: - roles - rolebindings verbs: - create - get - update - patch - delete - apiGroups: - "" resources: - serviceaccounts verbs: - create - get - update - patch - delete - apiGroups: - app.redislabs.com resources: - "*" verbs: - delete - get - list - patch - create - update - watch - apiGroups: - "" resources: - secrets verbs: - update - get - create - patch - delete - list - watch - apiGroups: - discovery.k8s.io resources: - endpointslices verbs: - get - list - watch - apiGroups: - "" resources: - events verbs: - create - patch - apiGroups: - apps resources: - deployments - statefulsets - replicasets verbs: - create - delete - get - patch - update - list - watch - apiGroups: - batch resources: - cronjobs verbs: - create - delete - get - patch - update - list - watch - apiGroups: - policy resources: - poddisruptionbudgets verbs: - create - delete - get - list - watch - update - apiGroups: - "" resources: - configmaps verbs: - create - delete - get - update - watch - list - apiGroups: - "" resources: - persistentvolumeclaims verbs: - create - delete - get - update - list - watch - apiGroups: - "" resources: - pods verbs: - get - list - update - patch - delete - watch - apiGroups: - "" resources: - services verbs: - get - list - update - patch - create - delete - watch - apiGroups: - networking.k8s.io resources: - ingresses verbs: - create - patch - delete - list - update - get - watch - apiGroups: - networking.istio.io resources: - gateways - virtualservices verbs: - get - list - update - patch - create - delete - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: app: redis-enterprise name: redis-enterprise-operator roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: redis-enterprise-operator subjects: - kind: ServiceAccount name: redis-enterprise-operator --- apiVersion: v1 kind: ServiceAccount metadata: labels: app: redis-enterprise name: redis-enterprise-operator --- apiVersion: v1 kind: Service metadata: name: admission labels: app: redis-enterprise spec: ports: - port: 443 protocol: TCP targetPort: 8443 selector: name: redis-enterprise-operator --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: redisenterpriseclusters.app.redislabs.com labels: app: redis-enterprise spec: group: app.redislabs.com names: kind: RedisEnterpriseCluster listKind: RedisEnterpriseClusterList plural: redisenterpriseclusters singular: redisenterprisecluster shortNames: - rec scope: Namespaced preserveUnknownFields: false versions: - name: v1 served: true storage: true subresources: status: {} additionalPrinterColumns: - jsonPath: .spec.nodes name: Nodes type: string - jsonPath: .status.licenseStatus.shardsUsage name: Shards type: string - jsonPath: .spec.redisEnterpriseImageSpec.versionTag name: Version type: string - jsonPath: .status.state name: State type: string - jsonPath: .status.specStatus name: Spec Status type: string - jsonPath: .status.licenseStatus.licenseState name: License State type: string - jsonPath: .status.licenseStatus.expirationDate name: License Expiration Date type: string - name: Age type: date jsonPath: .metadata.creationTimestamp schema: openAPIV3Schema: description: RedisEnterpriseCluster is the Schema for the redisenterpriseclusters API properties: apiVersion: type: string kind: type: string metadata: type: object status: type: object properties: specStatus: type: string state: type: string modules: type: array items: type: object properties: name: type: string displayName: type: string versions: type: array items: type: string ocspStatus: description: An API object that represents the cluster's OCSP status properties: certStatus: description: Indicates the proxy certificate status - GOOD/REVOKED/UNKNOWN. type: string nextUpdate: description: The time at or before which newer information will be available about the status of the certificate (if available) type: string producedAt: description: The time at which the OCSP responder signed this response. type: string responderUrl: description: The OCSP responder url from which this status came from. type: string revocationTime: description: The time at which the certificate was revoked or placed on hold. type: string thisUpdate: description: The most recent time at which the status being indicated is known by the responder to have been correct. type: string type: object licenseStatus: type: object properties: licenseState: type: string activationDate: type: string expirationDate: type: string shardsUsage: type: string features: type: array items: type: string owner: type: string flashShards: type: integer format: int32 flashShardsLimit: type: integer format: int32 nullable: true ramShards: type: integer format: int32 ramShardsLimit: type: integer format: int32 nullable: true shardsLimit: type: integer bundledDatabaseVersions: description: Versions of open source databases bundled by Redis Enterprise Software - please note that in order to use a specific version it should be supported by the ‘upgradePolicy’ - ‘major’ or ‘latest’ according to the desired version (major/minor) items: properties: dbType: type: string major: type: boolean version: type: string required: - dbType - version type: object type: array managedAPIs: description: Indicates cluster APIs that are being managed by the operator. This only applies to cluster APIs which are optionally-managed by the operator, such as cluster LDAP configuration. Most other APIs are automatically managed by the operator, and are not listed here. properties: ldap: description: Indicate whether cluster LDAP configuration is managed by the operator. When this is enabled, the operator will reconcile the cluster LDAP configuration according to the '.spec.ldap' field in the RedisEnterpriseCluster resource. type: boolean type: object certificatesStatus: description: Stores information about cluster certificates and their update process. In Active-Active databases, this is used to detect updates to the certificates, and trigger synchronization across the participating clusters. properties: generation: description: Generation stores the version of the cluster's Proxy and Syncer certificate secrets. This generation counter is automatically incremented when proxy or syncer certificates are updated. In Active-Active databases (REAADB), the operator monitors this field to detect certificate changes and automatically triggers a CRDB force update (equivalent to 'crdb-cli crdb update --force'), which synchronizes the certificate changes to all participating clusters, eliminating the need for manual intervention to maintain sync. format: int64 type: integer updateStatus: description: The status of the cluster's certificates update type: string type: object clusterCredentialSecretName: description: The name of the secret containing cluster credentials that was set upon cluster creation. This field is used to prevent changes to ClusterCredentialSecretName after cluster creation. type: string ingressOrRouteMethodStatus: description: The ingressOrRouteSpec/ActiveActive spec method that exist type: string persistenceStatus: description: The status of the Persistent Volume Claims that are used for Redis Enterprise cluster persistence. The status will correspond to the status of one or more of the PVCs (failed/resizing if one of them is in resize or failed to resize) properties: status: description: The current status of the PVCs type: string succeeded: description: The number of PVCs that are provisioned with the expected size type: string type: object redisEnterpriseIPFamily: type: string spec: description: RedisEnterpriseClusterSpec defines the desired state of RedisEnterpriseCluster properties: activeActive: description: Specification for ActiveActive setup. At most one of ingressOrRouteSpec or activeActive fields can be set at the same time. properties: apiIngressUrl: description: RS API URL type: string dbIngressSuffix: description: DB ENDPOINT SUFFIX - will be used to set the db host. ingress Creates a host name so it should be unique if more than one db is created on the cluster with the same name type: string ingressAnnotations: additionalProperties: type: string description: Used for ingress controllers such as ha-proxy or nginx in GKE type: object method: description: Used to distinguish between different platforms implementation enum: - openShiftRoute - ingress type: string required: - apiIngressUrl - dbIngressSuffix - method type: object antiAffinityAdditionalTopologyKeys: description: Additional antiAffinity terms in order to support installation on different zones/vcenters items: type: string type: array auditing: description: 'Cluster-level configuration for auditing database connection and authentication events. Includes both the audit listener connection parameters and the default policy for new databases.' properties: config: description: Configuration for the audit listener connection properties: auditAddress: description: 'TCP/IP address or file path where audit notifications will be sent. For TCP protocol: IP address of the audit listener. For local protocol: file path for audit output (development/testing only).' type: string auditPort: description: Port number where audit notifications will be sent (TCP protocol only). type: integer auditProtocol: description: 'Protocol used to send audit notifications. Valid values: "TCP" or "local". For production systems, use "TCP". "local" is for development/testing only.' enum: - TCP - local type: string auditReconnectInterval: description: Interval in seconds between attempts to reconnect to the audit listener. type: integer auditReconnectMaxAttempts: description: 'Maximum number of attempts to reconnect to the audit listener. Set to 0 for infinite attempts.' type: integer required: - auditAddress - auditProtocol type: object dbConnsAuditing: description: 'Cluster-wide default policy for database connection auditing. When set to true, connection auditing will be enabled by default for all new databases. Existing databases are not affected and can override this setting individually.' type: boolean type: object bootstrapperImageSpec: description: Specification for Bootstrapper container image properties: digestHash: description: 'The digest hash of the container image to pull. When specified, the container image is pulled according to the digest hash instead of the image tag. The versionTag field must also be specified with the image tag matching this digest hash. Note: This field is only supported for OLM deployments.' type: string imagePullPolicy: description: The image pull policy to be applied to the container image. One of Always, Never, IfNotPresent. type: string repository: description: The repository (name) of the container image to be deployed. type: string versionTag: description: The tag of the container image to be deployed. type: string type: object bootstrapperResources: description: Compute resource requirements for bootstrapper containers properties: claims: items: properties: name: type: string required: - name type: object x-kubernetes-map-type: atomic type: array x-kubernetes-list-type: set limits: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object type: object clusterCredentialSecretName: description: 'Name or path of the secret containing cluster credentials. Defaults to the cluster name if left blank. This field can only be set upon cluster creation and cannot be changed afterward. For For Kubernetes secrets (default): Can be customized to any valid secret name, or left blank to use the cluster name. The secret can be pre-created with ''username'' and ''password'' fields, or otherwise it will be automatically created with a default username and auto-generated password. For Vault secrets: Can be customized with the path of the secret within Vault. The secret must be pre-created in Vault before REC creation.' type: string clusterCredentialSecretRole: description: Used only if ClusterCredentialSecretType is vault, to define vault role to be used. If blank, defaults to "redis-enterprise-operator" type: string clusterCredentialSecretType: description: Type of Secret to use for ClusterCredential, Vault, Kuberetes,... If left blank, will default ot kubernetes secrets enum: - vault - kubernetes type: string clusterRecovery: description: ClusterRecovery initiates cluster recovery when set to true. Note that this field is cleared automatically after the cluster is recovered type: boolean redisEnterpriseIPFamily: description: Reserved, future use, only for use if instructed by Redis. IPFamily dictates what IP family to choose for pods' internal and external communication. type: string enum: - IPv4 - IPv6 containerTimezone: description: Container timezone configuration. While the default timezone on all containers is UTC, this setting can be used to set the timezone on services rigger/bootstrapper/RS containers. You can either propagate the hosts timezone to RS pods or set it manually via timezoneName. properties: propagateHost: description: Identifies that container timezone should be in sync with the host, this option mounts a hostPath volume onto RS pods that could be restricted in some systems. type: object timezoneName: description: POSIX-style timezone name as a string to be passed as EnvVar to RE pods, e.g. "Europe/London". type: string type: object createServiceAccount: description: Creates a service account for Redis Enterprise. type: boolean dataInternodeEncryption: description: Internode encryption (INE) cluster wide policy. An optional boolean setting. Specifies if INE should be on/off for new created REDBs. May be overridden for specific REDB via similar setting, please view the similar setting for REDB for more info. type: boolean encryptPkeys: description: 'Private key encryption Possible values: true/false' type: boolean certificates: description: RS Cluster Certificates. Used to modify the certificates used by the cluster. See the "RSClusterCertificates" struct described above to see the supported certificates. properties: apiCertificateSecretName: description: Secret name to use for cluster's API certificate. The secret must contain the following structure - A key 'name' with the value 'api'. - A key 'certificate' with the value of the certificate in PEM format. - A key 'key' with the value of the private key. If left blank, a cluster-provided certificate will be used. type: string cmCertificateSecretName: description: Secret name to use for cluster's CM (Cluster Manager) certificate. The secret must contain the following structure - A key 'name' with the value 'cm'. - A key 'certificate' with the value of the certificate in PEM format. - A key 'key' with the value of the private key. If left blank, a cluster-provided certificate will be used. type: string metricsExporterCertificateSecretName: description: Secret name to use for cluster's Metrics Exporter certificate. The secret must contain the following structure - A key 'name' with the value 'metrics_exporter'. - A key 'certificate' with the value of the certificate in PEM format. - A key 'key' with the value of the private key. If left blank, a cluster-provided certificate will be used. type: string proxyCertificateSecretName: description: 'Secret name to use for cluster''s Proxy certificate. The secret must contain the following structure - A key ''name'' with the value ''proxy''. - A key ''certificate'' with the value of the certificate in PEM format. - A key ''key'' with the value of the private key. If left blank, a cluster-provided certificate will be used. Note: For Active-Active databases (REAADB), certificate updates are automatically reconciled. When you update this secret, the operator detects the change and automatically executes a CRDB force update (equivalent to ''crdb-cli crdb update --force''), which synchronizes the certificate changes to all participating clusters, eliminating the need for manual intervention.' type: string syncerCertificateSecretName: description: 'Secret name to use for cluster''s Syncer certificate. The secret must contain the following structure - A key ''name'' with the value ''syncer''. - A key ''certificate'' with the value of the certificate in PEM format. - A key ''key'' with the value of the private key. If left blank, a cluster-provided certificate will be used. Note: For Active-Active databases (REAADB), certificate updates are automatically reconciled. When you update this secret, the operator detects the change and automatically executes a CRDB force update (equivalent to ''crdb-cli crdb update --force''), which synchronizes the certificate changes to all participating clusters, eliminating the need for manual intervention.' type: string ldapClientCertificateSecretName: description: Secret name to use for cluster's LDAP client certificate. The secret must contain the following structure - A key 'name' with the value 'ldap_client'. - A key 'certificate' with the value of the certificate in PEM format. - A key 'key' with the value of the private key. If left blank, LDAP client certificate authentication will be disabled. type: string dpInternodeEncryptionCertificateSecretName: description: Secret name to use for cluster's Data Plane Internode Encryption (DPINE) certificate. The secret must contain the following structure - A key 'name' with the value 'data_internode_encryption'. - A key 'certificate' with the value of the certificate in PEM format. - A key 'key' with the value of the private key. If left blank, a cluster-provided certificate will be used. type: string cpInternodeEncryptionCertificateSecretName: description: Secret name to use for cluster's Control Plane Internode Encryption (CPINE) certificate. The secret must contain the following structure - A key 'name' with the value 'ccs_internode_encryption'. - A key 'certificate' with the value of the certificate in PEM format. - A key 'key' with the value of the private key. If left blank, a cluster-provided certificate will be used. type: string ssoServiceCertificateSecretName: description: Secret name to use for cluster's SSO service certificate. Used for SAML-based SSO authentication to the Cluster Manager. The secret must contain 'name', 'certificate', and 'key' fields (same format as other cluster certificates). If left blank, SSO will not be configured. type: string ssoIssuerCertificateSecretName: description: Secret name to use for the SSO Identity Provider (IdP) certificate. This is the public certificate from your SAML Identity Provider used to verify SAML assertions. The secret must contain 'name' and 'certificate' fields (no 'key' field needed for IdP cert). This is optional - if using IdP metadata XML, the IdP certificate is included in the metadata. type: string type: object enforceIPv4: description: Sets ENFORCE_IPV4 environment variable type: boolean extraEnvVars: description: 'ADVANCED USAGE: use carefully. Add environment variables to RS StatefulSet''s containers.' items: properties: name: type: string value: type: string valueFrom: properties: configMapKeyRef: properties: key: type: string name: type: string optional: type: boolean required: - key type: object fieldRef: properties: apiVersion: type: string fieldPath: type: string required: - fieldPath type: object resourceFieldRef: properties: containerName: type: string divisor: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: type: string required: - resource type: object secretKeyRef: properties: key: type: string name: type: string optional: type: boolean required: - key type: object type: object required: - name type: object type: array extraLabels: additionalProperties: type: string description: Labels that the user defines for their convenience type: object hostAliases: description: Adds hostAliases entries to the Redis Enterprise pods items: description: HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file. properties: hostnames: description: Hostnames for the above IP address. items: type: string type: array ip: description: IP address of the host file entry. type: string type: object type: array ingressOrRouteSpec: description: Access configurations for the Redis Enterprise cluster and databases. At most one of ingressOrRouteSpec or activeActive fields can be set at the same time. properties: apiFqdnUrl: description: RS API URL type: string dbFqdnSuffix: description: DB ENDPOINT SUFFIX - will be used to set the db host ingress . Creates a host name so it should be unique if more than one db is created on the cluster with the same name type: string ingressAnnotations: additionalProperties: type: string description: Additional annotations to set on ingress resources created by the operator type: object method: description: Used to distinguish between different platforms implementation. enum: - openShiftRoute - ingress - istio type: string required: - apiFqdnUrl - dbFqdnSuffix - method type: object services: description: Customization options for operator-managed service resources created for Redis Enterprise clusters and databases properties: apiService: description: Customization options for the REC API service. properties: type: description: Type of service to create for the REC API service. Defaults to ClusterIP service, if not specified otherwise. enum: - ClusterIP - NodePort - LoadBalancer type: string type: object servicesAnnotations: additionalProperties: type: string description: Global additional annotations to set on service resources created by the operator. The specified annotations will not override annotations that already exist and didn't originate from the operator. type: object type: object ossClusterSettings: description: Cluster-level configuration for OSS cluster mode databases. properties: externalAccessType: description: 'Specifies the mechanism for enabling external access to OSS cluster databases. When unset or set to "Disabled", external access is not allowed for any OSS cluster databases. When set to a specific mechanism (e.g., "LoadBalancer"), that mechanism is used to provide external access. Note: Individual databases must still enable external access via their ossClusterSettings.enableExternalAccess field.' enum: - LoadBalancer - Disabled type: string loadBalancer: description: Configuration for LoadBalancer services created to assign public IPs for Redis Enterprise cluster nodes. properties: serviceAnnotations: additionalProperties: type: string description: Additional annotations to set on LoadBalancer services created for Redis Enterprise cluster nodes. These annotations are merged with global service annotations from spec.services.servicesAnnotations. type: object externalTrafficPolicy: description: 'ExternalTrafficPolicy specifies the externalTrafficPolicy for LoadBalancer services created for Redis Enterprise cluster nodes. Choose "Local" to configure the LoadBalancer to only route traffic to the single worker node hosting the Redis Enterprise cluster node for that service. Choose "Cluster" to route traffic to any worker node, providing a more stable behavior during failovers, but with increased overhead due to additional hop. Defaults to "Local" when podCIDRs is configured, and "Cluster" otherwise.' enum: - Cluster - Local type: string type: object podCIDRs: description: 'A list of Kubernetes pod CIDR ranges from which pod IPs are allocated. Supports both IPv4 (e.g., "10.30.0.0/16") and IPv6 addresses. This field should only be configured when OSS cluster databases need to be accessed from both internal and external clients. When configured, internal communication can reach pods directly using their pod IPs, bypassing the external access mechanism (e.g., load balancer services) for improved performance. IMPORTANT: For this feature to work correctly, the entire data path must preserve the client source IP address. This is required because the Redis server uses the client''s source IP to construct the CLUSTER SHARDS/SLOTS response - returning pod IPs for internal clients (matching podCIDRs) or load balancer addresses for external clients. On cloud platforms, this typically requires configuring the load balancer to preserve source IPs.' items: type: string type: array type: object ldap: description: Cluster-level LDAP configuration, such as server addresses, protocol, authentication and query settings. properties: authenticationQuery: description: Configuration of authentication queries, mapping between the username, provided to the cluster for authentication, and the LDAP Distinguished Name. properties: query: description: Configuration for a search query. Mutually exclusive with the 'template' field. The substring '%u' in the query filter will be replaced with the username. properties: base: description: The Distinguished Name of the entry at which to start the search, e.g., 'ou=dev,dc=example,dc=com'. type: string filter: description: An RFC-4515 string representation of the filter to apply in the search. For an authentication query, the substring '%u' will be replaced with the username, e.g., '(cn=%u)'. For an authorization query, the substring '%D' will be replaced with the user's Distinguished Name, e.g., '(members=%D)'. type: string scope: description: 'The search scope for an LDAP query. One of: BaseObject, SingleLevel, WholeSubtree' enum: - BaseObject - SingleLevel - WholeSubtree type: string required: - base - filter - scope type: object template: description: Configuration for a template query. Mutually exclusive with the 'query' field. The substring '%u' will be replaced with the username, e.g., 'cn=%u,ou=dev,dc=example,dc=com'. type: string type: object authorizationQuery: description: Configuration of authorization queries, mapping between a user's Distinguished Name and its group memberships. properties: attribute: description: Configuration for an attribute query. Mutually exclusive with the 'query' field. Holds the name of an attribute of the LDAP user entity that contains a list of the groups that the user belongs to, e.g., 'memberOf'. type: string query: description: Configuration for a search query. Mutually exclusive with the 'attribute' field. The substring '%D' in the query filter will be replaced with the user's Distinguished Name. properties: base: description: The Distinguished Name of the entry at which to start the search, e.g., 'ou=dev,dc=example,dc=com'. type: string filter: description: An RFC-4515 string representation of the filter to apply in the search. For an authentication query, the substring '%u' will be replaced with the username, e.g., '(cn=%u)'. For an authorization query, the substring '%D' will be replaced with the user's Distinguished Name, e.g., '(members=%D)'. type: string scope: description: 'The search scope for an LDAP query. One of: BaseObject, SingleLevel, WholeSubtree' enum: - BaseObject - SingleLevel - WholeSubtree type: string required: - base - filter - scope type: object type: object bindCredentialsSecretName: description: Name of a secret within the same namespace, holding the credentials used to communicate with the LDAP server for authentication queries. The secret must have a key named 'dn' with the Distinguished Name of the user to execute the query, and 'password' with its password. If left blank, credentials-based authentication is disabled. type: string caCertificateSecretName: description: Name of a secret within the same namespace, holding a PEM-encoded CA certificate for validating the TLS connection to the LDAP server. The secret must have a key named 'cert' with the certificate data. This field is applicable only when the protocol is LDAPS or STARTTLS. type: string cacheTTLSeconds: description: The maximum TTL of cached entries. type: integer directoryTimeoutSeconds: description: The connection timeout to the LDAP server when authenticating a user, in seconds type: integer enabledForControlPlane: description: Whether to enable LDAP for control plane access. Disabled by default. type: boolean enabledForDataPlane: description: Whether to enable LDAP for data plane access. Disabled by default. type: boolean protocol: description: 'Specifies the LDAP protocol to use. One of: LDAP, LDAPS, STARTTLS.' enum: - LDAP - LDAPS - STARTTLS type: string servers: description: One or more LDAP servers. If multiple servers are specified, they must all share an identical organization tree structure. items: description: Address of an LDAP server. properties: host: description: Host name of the LDAP server type: string port: description: Port number of the LDAP server. If unspecified, defaults to 389 for LDAP and STARTTLS protocols, and 636 for LDAPS protocol. format: int32 type: integer required: - host type: object type: array required: - authenticationQuery - authorizationQuery - protocol - servers type: object sso: description: Cluster-level SSO configuration for authentication to the Cluster Manager UI. properties: enabled: description: Enables SSO for Cluster Manager authentication. SSO requires the following configuration - Service Provider certificate (spec.certificates.ssoServiceCertificateSecretName), Identity Provider certificate (spec.certificates.ssoIssuerCertificateSecretName), IdP metadata or manual issuer configuration (spec.sso.saml.idpMetadataSecretName or spec.sso.saml.issuer), and Base address for Service Provider URLs (auto-determined from UI service or set via spec.sso.saml.serviceProvider.baseAddress). type: boolean enforceSSO: description: Enforces SSO-only authentication for the Cluster Manager. When true, local username/password authentication is disabled for non-admin users. When false (default), both SSO and local authentication are available. type: boolean saml: description: SAML-based SSO configuration. Currently,SAML is the only supported SSO protocol. properties: idpMetadataSecretName: description: Name of a secret in the same namespace that contains the Identity Provider (IdP) metadata XML. The secret must contain a key named 'idp_metadata' with the IdP metadata XML content. The XML can be plain text or base64-encoded; the operator handles encoding as needed. Obtain this metadata from your SAML Identity Provider (e.g., Okta or Azure AD). This is the recommended configuration method, as it's less error-prone. Either idpMetadataSecretName or issuer must be specified. If both are provided, idpMetadataSecretName takes precedence and issuer is ignored. type: string issuer: description: Manual Identity Provider (IdP) configuration. Use this when IdP metadata XML is unavailable. Either idpMetadataSecretName or issuer must be specified. If both are provided, idpMetadataSecretName takes precedence and issuer is ignored. properties: entityID: description: 'Identity Provider entity ID (issuer identifier). Example: "urn:sso:example:idp" or "https://idp.example.com".' type: string loginURL: description: 'Identity Provider SSO login URL where SAML authentication requests are sent. Example: "https://idp.example.com/sso/saml".' type: string logoutURL: description: Identity Provider single logout URL where SAML logout requests are sent. type: string required: - entityID - loginURL type: object spMetadataSecretName: description: 'Name of a secret where the operator stores the Service Provider (SP) metadata XML. The operator creates this secret with a key named ''sp_metadata'' that contains the base64-encoded SP metadata XML. Upload this metadata to your Identity Provider. If not specified, defaults to "-sso-sp-metadata". If not specified, the Service Provider metadata isn''t stored in a K8s secret, but can still be obtained directly from the cluster''s UI and/or API. Note: This secret is only created when the cluster is configured to use Kubernetes secrets (spec.clusterCredentialSecretType is unset or set to "kubernetes"). When using Vault secrets, the operator does not create this secret. Users can obtain the SP metadata directly from the Redis Enterprise Server API endpoint: GET /v1/cluster/sso/saml/metadata/sp and store it in Vault themselves if needed.' type: string serviceProvider: description: Service Provider (SP) configuration. properties: baseAddress: description: 'Base address used to construct Service Provider (SP) URLs, such as the ACS URL and SLO URL. Format: [://][:]. Examples: "https://redis-ui.example.com:9443" (recommended - explicit scheme), "redis-ui.example.com:9443" (defaults to https://), "http://redis-ui.example.com:9443" (NOT recommended for production). If the scheme is not specified, the operator automatically prepends "https://". WARNING: Using "http://" is NOT recommended for production environments as it transmits sensitive SAML assertions in plaintext. Only use "http://" for testing/development purposes. If set, this value is used to construct the SP URLs. If unset, the base address is automatically determined from the REC Cluster Manager UI service: - If the UI service type is LoadBalancer (configured via spec.uiServiceType), the load balancer address is used. - Otherwise, the cluster-internal DNS name is used (e.g., rec-ui.svc.cluster.local). - The port defaults to 8443 if not specified. Usage guidelines: - For LoadBalancer services: Leave this field blank to use the default REC UI service, or set it explicitly to the LoadBalancer address for custom services. - For Ingress: Set this to the ingress hostname and port (typically 443), e.g., "https://redis-ui.example.com:443".' type: string type: object type: object required: - enabled - saml type: object license: description: Redis Enterprise License type: string licenseSecretName: description: K8s secret or Vault Secret Name/Path to use for Cluster License. When left blank, the license is read from the "license" field. Note that you can't specify non-empty values in both "license" and "licenseSecretName", only one of these fields can be used to pass the license string. The license needs to be stored under the key "license". type: string nodeSelector: additionalProperties: type: string description: Selector for nodes that could fit Redis Enterprise pod type: object ocspConfiguration: description: An API object that represents the cluster's OCSP configuration. To enable OCSP, the cluster's proxy certificate should contain the OCSP responder URL. properties: ocspFunctionality: description: Whether to enable/disable OCSP mechanism for the cluster. type: boolean queryFrequency: description: Determines the interval (in seconds) in which the control plane will poll the OCSP responder for a new status for the server certificate. Minimum value is 60. Maximum value is 86400. type: integer recoveryFrequency: description: Determines the interval (in seconds) in which the control plane will poll the OCSP responder for a new status for the server certificate when the current staple is invalid. Minimum value is 60. Maximum value is 86400. type: integer recoveryMaxTries: description: Determines the maximum number for the OCSP recovery attempts. After max number of tries passed, the control plane will revert back to the regular frequency. Minimum value is 1. Maximum value is 100. type: integer responseTimeout: description: Determines the time interval (in seconds) for which the request waits for a response from the OCSP responder. Minimum value is 1. Maximum value is 60. type: integer type: object nodes: description: Number of Redis Enterprise nodes (pods) format: int32 type: integer persistentSpec: description: Persistent storage configuration for Redis Enterprise cluster. properties: enablePersistentVolumeResize: description: Whether to enable PersistentVolumes resize. Disabled by default. Read the instruction in pvc_expansion readme carefully before using this feature. type: boolean enabled: description: Whether to add persistent volume to Redis Enterprise pods type: boolean storageClassName: description: Storage class for persistent volume in Redis Enterprise pods. Leave empty to use the default. If using the default this way, make sure the Kubernetes Cluster has a default Storage Class configured. This can be done by running a `kubectl get storageclass` and see if one of the Storage Classes' names contains a `(default)` mark. type: string volumeSize: anyOf: - type: integer - type: string description: >- By default, if you omit spec.persistentSpec.volumeSize, the operator allocates a persistent volume that is five times (5x) the Redis Enterprise node memory request defined in spec.redisEnterpriseNodeResources.requests.memory (per node). This 5x ratio is the recommended minimum capacity. To enable resizing after creating the cluster, see the Expand PVC docs: https://redis.io/docs/latest/operate/kubernetes/re-clusters/expand-pvc/ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object podAnnotations: additionalProperties: type: string description: annotations for the service rigger and redis enterprise pods type: object redisEnterprisePodAnnotations: additionalProperties: type: string description: annotations for redis enterprise pod type: object podAntiAffinity: description: 'Override for the default anti-affinity rules of the Redis Enterprise pods. More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#an-example-of-a-pod-that-uses-pod-affinity' properties: preferredDuringSchedulingIgnoredDuringExecution: items: properties: podAffinityTerm: properties: labelSelector: properties: matchExpressions: items: properties: key: type: string operator: type: string values: items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string type: object type: object namespaceSelector: properties: matchExpressions: items: properties: key: type: string operator: type: string values: items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string type: object type: object namespaces: items: type: string type: array topologyKey: type: string required: - topologyKey type: object weight: format: int32 type: integer required: - podAffinityTerm - weight type: object type: array requiredDuringSchedulingIgnoredDuringExecution: items: properties: labelSelector: properties: matchExpressions: items: properties: key: type: string operator: type: string values: items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string type: object type: object namespaceSelector: properties: matchExpressions: items: properties: key: type: string operator: type: string values: items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string type: object type: object namespaces: items: type: string type: array topologyKey: type: string required: - topologyKey type: object type: array type: object podStartingPolicy: description: Mitigation setting for STS pods stuck in "ContainerCreating" properties: enabled: description: Enables detection and mitigation of pod startup issues. type: boolean startingThresholdSeconds: description: Time in seconds to wait before taking action on a pod stuck during startup. Set to 0 to disable. format: int32 type: integer required: - enabled - startingThresholdSeconds type: object podTolerations: description: 'Tolerations that are added to all managed pods. More information: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/' items: properties: effect: type: string key: type: string operator: type: string tolerationSeconds: format: int64 type: integer value: type: string type: object type: array priorityClassName: description: Adds the priority class to pods managed by the operator type: string pullSecrets: description: 'PullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/' items: properties: name: description: 'Secret name' type: string type: object type: array rackAwarenessNodeLabel: description: Node label that specifies rack ID - if specified, will create rack aware cluster. Rack awareness requires node label must exist on all nodes. Additionally, operator needs a special cluster role with permission to list nodes. type: string redisEnterpriseAdditionalPodSpecAttributes: description: ADVANCED USAGE USE AT YOUR OWN RISK - specify pod attributes that are required for the statefulset - Redis Enterprise pods. Pod attributes managed by the operator might override these settings. Also make sure the attributes are supported by the K8s version running on the cluster - the operator does not validate that. properties: activeDeadlineSeconds: format: int64 type: integer affinity: properties: nodeAffinity: properties: preferredDuringSchedulingIgnoredDuringExecution: items: properties: preference: properties: matchExpressions: items: properties: key: type: string operator: type: string values: items: type: string type: array required: - key - operator type: object type: array matchFields: items: properties: key: type: string operator: type: string values: items: type: string type: array required: - key - operator type: object type: array type: object weight: format: int32 type: integer required: - preference - weight type: object type: array requiredDuringSchedulingIgnoredDuringExecution: properties: nodeSelectorTerms: items: properties: matchExpressions: items: properties: key: type: string operator: type: string values: items: type: string type: array required: - key - operator type: object type: array matchFields: items: properties: key: type: string operator: type: string values: items: type: string type: array required: - key - operator type: object type: array type: object type: array required: - nodeSelectorTerms type: object type: object podAffinity: properties: preferredDuringSchedulingIgnoredDuringExecution: items: properties: podAffinityTerm: properties: labelSelector: properties: matchExpressions: items: properties: key: type: string operator: type: string values: items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string type: object type: object namespaceSelector: properties: matchExpressions: items: properties: key: type: string operator: type: string values: items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string type: object type: object namespaces: items: type: string type: array topologyKey: type: string required: - topologyKey type: object weight: format: int32 type: integer required: - podAffinityTerm - weight type: object type: array requiredDuringSchedulingIgnoredDuringExecution: items: properties: labelSelector: properties: matchExpressions: items: properties: key: type: string operator: type: string values: items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string type: object type: object namespaceSelector: properties: matchExpressions: items: properties: key: type: string operator: type: string values: items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string type: object type: object namespaces: items: type: string type: array topologyKey: type: string required: - topologyKey type: object type: array type: object podAntiAffinity: properties: preferredDuringSchedulingIgnoredDuringExecution: items: properties: podAffinityTerm: properties: labelSelector: properties: matchExpressions: items: properties: key: type: string operator: type: string values: items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string type: object type: object namespaceSelector: properties: matchExpressions: items: properties: key: type: string operator: type: string values: items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string type: object type: object namespaces: items: type: string type: array topologyKey: type: string required: - topologyKey type: object weight: format: int32 type: integer required: - podAffinityTerm - weight type: object type: array requiredDuringSchedulingIgnoredDuringExecution: items: properties: labelSelector: properties: matchExpressions: items: properties: key: type: string operator: type: string values: items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string type: object type: object namespaceSelector: properties: matchExpressions: items: properties: key: type: string operator: type: string values: items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string type: object type: object namespaces: items: type: string type: array topologyKey: type: string required: - topologyKey type: object type: array type: object type: object automountServiceAccountToken: type: boolean dnsConfig: properties: nameservers: items: type: string type: array options: items: properties: name: type: string value: type: string type: object type: array searches: items: type: string type: array type: object dnsPolicy: type: string enableServiceLinks: type: boolean ephemeralContainers: items: properties: args: items: type: string type: array command: items: type: string type: array env: items: properties: name: type: string value: type: string valueFrom: properties: configMapKeyRef: properties: key: type: string name: type: string optional: type: boolean required: - key type: object fieldRef: properties: apiVersion: type: string fieldPath: type: string required: - fieldPath type: object resourceFieldRef: properties: containerName: type: string divisor: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: type: string required: - resource type: object secretKeyRef: properties: key: type: string name: type: string optional: type: boolean required: - key type: object type: object required: - name type: object type: array envFrom: items: properties: configMapRef: properties: name: type: string optional: type: boolean type: object prefix: type: string secretRef: properties: name: type: string optional: type: boolean type: object type: object type: array image: type: string imagePullPolicy: type: string lifecycle: properties: postStart: properties: exec: properties: command: items: type: string type: array type: object httpGet: properties: host: type: string httpHeaders: items: properties: name: type: string value: type: string required: - name - value type: object type: array path: type: string port: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true scheme: type: string required: - port type: object tcpSocket: properties: host: type: string port: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true required: - port type: object type: object preStop: properties: exec: properties: command: items: type: string type: array type: object httpGet: properties: host: type: string httpHeaders: items: properties: name: type: string value: type: string required: - name - value type: object type: array path: type: string port: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true scheme: type: string required: - port type: object tcpSocket: properties: host: type: string port: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true required: - port type: object type: object type: object livenessProbe: properties: exec: properties: command: items: type: string type: array type: object failureThreshold: format: int32 type: integer grpc: properties: port: format: int32 type: integer service: type: string required: - port type: object httpGet: properties: host: type: string httpHeaders: items: properties: name: type: string value: type: string required: - name - value type: object type: array path: type: string port: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true scheme: type: string required: - port type: object initialDelaySeconds: format: int32 type: integer periodSeconds: format: int32 type: integer successThreshold: format: int32 type: integer tcpSocket: properties: host: type: string port: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: format: int64 type: integer timeoutSeconds: format: int32 type: integer type: object name: type: string ports: items: properties: containerPort: format: int32 type: integer hostIP: type: string hostPort: format: int32 type: integer name: type: string protocol: default: TCP type: string required: - containerPort type: object type: array readinessProbe: properties: exec: properties: command: items: type: string type: array type: object failureThreshold: format: int32 type: integer grpc: properties: port: format: int32 type: integer service: type: string required: - port type: object httpGet: properties: host: type: string httpHeaders: items: properties: name: type: string value: type: string required: - name - value type: object type: array path: type: string port: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true scheme: type: string required: - port type: object initialDelaySeconds: format: int32 type: integer periodSeconds: format: int32 type: integer successThreshold: format: int32 type: integer tcpSocket: properties: host: type: string port: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: format: int64 type: integer timeoutSeconds: format: int32 type: integer type: object resources: properties: claims: items: properties: name: type: string required: - name type: object x-kubernetes-map-type: atomic type: array x-kubernetes-list-type: set limits: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object type: object securityContext: properties: allowPrivilegeEscalation: type: boolean capabilities: properties: add: items: type: string type: array drop: items: type: string type: array type: object privileged: type: boolean procMount: type: string readOnlyRootFilesystem: type: boolean runAsGroup: format: int64 type: integer runAsNonRoot: type: boolean runAsUser: format: int64 type: integer seLinuxOptions: properties: level: type: string role: type: string type: type: string user: type: string type: object seccompProfile: properties: localhostProfile: type: string type: type: string required: - type type: object windowsOptions: properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string type: object type: object startupProbe: properties: exec: properties: command: items: type: string type: array type: object failureThreshold: format: int32 type: integer grpc: properties: port: format: int32 type: integer service: type: string required: - port type: object httpGet: properties: host: type: string httpHeaders: items: properties: name: type: string value: type: string required: - name - value type: object type: array path: type: string port: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true scheme: type: string required: - port type: object initialDelaySeconds: format: int32 type: integer periodSeconds: format: int32 type: integer successThreshold: format: int32 type: integer tcpSocket: properties: host: type: string port: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: format: int64 type: integer timeoutSeconds: format: int32 type: integer type: object stdin: type: boolean stdinOnce: type: boolean targetContainerName: type: string terminationMessagePath: type: string terminationMessagePolicy: type: string tty: type: boolean volumeDevices: items: properties: devicePath: type: string name: type: string required: - devicePath - name type: object type: array volumeMounts: items: properties: mountPath: type: string mountPropagation: type: string name: type: string readOnly: type: boolean subPath: type: string subPathExpr: type: string required: - mountPath - name type: object type: array workingDir: type: string required: - name type: object type: array hostAliases: items: properties: hostnames: items: type: string type: array ip: type: string type: object type: array hostIPC: type: boolean hostNetwork: type: boolean hostPID: type: boolean hostUsers: type: boolean hostname: type: string imagePullSecrets: items: properties: name: type: string type: object type: array initContainers: items: properties: args: items: type: string type: array command: items: type: string type: array env: items: properties: name: type: string value: type: string valueFrom: properties: configMapKeyRef: properties: key: type: string name: type: string optional: type: boolean required: - key type: object fieldRef: properties: apiVersion: type: string fieldPath: type: string required: - fieldPath type: object resourceFieldRef: properties: containerName: type: string divisor: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: type: string required: - resource type: object secretKeyRef: properties: key: type: string name: type: string optional: type: boolean required: - key type: object type: object required: - name type: object type: array envFrom: items: properties: configMapRef: properties: name: type: string optional: type: boolean type: object prefix: type: string secretRef: properties: name: type: string optional: type: boolean type: object type: object type: array image: type: string imagePullPolicy: type: string lifecycle: properties: postStart: properties: exec: properties: command: items: type: string type: array type: object httpGet: properties: host: type: string httpHeaders: items: properties: name: type: string value: type: string required: - name - value type: object type: array path: type: string port: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true scheme: type: string required: - port type: object tcpSocket: properties: host: type: string port: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true required: - port type: object type: object preStop: properties: exec: properties: command: items: type: string type: array type: object httpGet: properties: host: type: string httpHeaders: items: properties: name: type: string value: type: string required: - name - value type: object type: array path: type: string port: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true scheme: type: string required: - port type: object tcpSocket: properties: host: type: string port: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true required: - port type: object type: object type: object livenessProbe: properties: exec: properties: command: items: type: string type: array type: object failureThreshold: format: int32 type: integer grpc: properties: port: format: int32 type: integer service: type: string required: - port type: object httpGet: properties: host: type: string httpHeaders: items: properties: name: type: string value: type: string required: - name - value type: object type: array path: type: string port: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true scheme: type: string required: - port type: object initialDelaySeconds: format: int32 type: integer periodSeconds: format: int32 type: integer successThreshold: format: int32 type: integer tcpSocket: properties: host: type: string port: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: format: int64 type: integer timeoutSeconds: format: int32 type: integer type: object name: type: string ports: items: properties: containerPort: format: int32 type: integer hostIP: type: string hostPort: format: int32 type: integer name: type: string protocol: default: TCP type: string required: - containerPort type: object type: array x-kubernetes-list-map-keys: - containerPort - protocol x-kubernetes-list-type: map readinessProbe: properties: exec: properties: command: items: type: string type: array type: object failureThreshold: format: int32 type: integer grpc: properties: port: format: int32 type: integer service: type: string required: - port type: object httpGet: properties: host: type: string httpHeaders: items: properties: name: type: string value: type: string required: - name - value type: object type: array path: type: string port: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true scheme: type: string required: - port type: object initialDelaySeconds: format: int32 type: integer periodSeconds: format: int32 type: integer successThreshold: format: int32 type: integer tcpSocket: properties: host: type: string port: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: format: int64 type: integer timeoutSeconds: format: int32 type: integer type: object resources: properties: claims: items: properties: name: type: string required: - name type: object x-kubernetes-map-type: atomic type: array x-kubernetes-list-type: set limits: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object type: object securityContext: properties: allowPrivilegeEscalation: type: boolean capabilities: properties: add: items: type: string type: array drop: items: type: string type: array type: object privileged: type: boolean procMount: type: string readOnlyRootFilesystem: type: boolean runAsGroup: format: int64 type: integer runAsNonRoot: type: boolean runAsUser: format: int64 type: integer seLinuxOptions: properties: level: type: string role: type: string type: type: string user: type: string type: object seccompProfile: properties: localhostProfile: type: string type: type: string required: - type type: object windowsOptions: properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string type: object type: object startupProbe: properties: exec: properties: command: items: type: string type: array type: object failureThreshold: format: int32 type: integer grpc: properties: port: format: int32 type: integer service: type: string required: - port type: object httpGet: properties: host: type: string httpHeaders: items: properties: name: type: string value: type: string required: - name - value type: object type: array path: type: string port: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true scheme: type: string required: - port type: object initialDelaySeconds: format: int32 type: integer periodSeconds: format: int32 type: integer successThreshold: format: int32 type: integer tcpSocket: properties: host: type: string port: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: format: int64 type: integer timeoutSeconds: format: int32 type: integer type: object stdin: type: boolean stdinOnce: type: boolean terminationMessagePath: type: string terminationMessagePolicy: type: string tty: type: boolean volumeDevices: items: properties: devicePath: type: string name: type: string required: - devicePath - name type: object type: array volumeMounts: items: properties: mountPath: type: string mountPropagation: type: string name: type: string readOnly: type: boolean subPath: type: string subPathExpr: type: string required: - mountPath - name type: object type: array workingDir: type: string required: - name type: object type: array nodeName: type: string nodeSelector: additionalProperties: type: string type: object x-kubernetes-map-type: atomic os: properties: name: type: string required: - name type: object overhead: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object preemptionPolicy: type: string priority: format: int32 type: integer priorityClassName: type: string readinessGates: items: properties: conditionType: type: string required: - conditionType type: object type: array resourceClaims: items: properties: name: type: string source: properties: resourceClaimName: type: string resourceClaimTemplateName: type: string type: object required: - name type: object type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map restartPolicy: type: string runtimeClassName: type: string schedulerName: type: string schedulingGates: items: properties: name: type: string required: - name type: object type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map securityContext: properties: fsGroup: format: int64 type: integer fsGroupChangePolicy: type: string runAsGroup: format: int64 type: integer runAsNonRoot: type: boolean runAsUser: format: int64 type: integer seLinuxOptions: properties: level: type: string role: type: string type: type: string user: type: string type: object seccompProfile: properties: localhostProfile: type: string type: type: string required: - type type: object supplementalGroups: items: format: int64 type: integer type: array sysctls: items: properties: name: type: string value: type: string required: - name - value type: object type: array windowsOptions: properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string type: object type: object serviceAccount: type: string serviceAccountName: type: string setHostnameAsFQDN: type: boolean shareProcessNamespace: type: boolean subdomain: type: string terminationGracePeriodSeconds: format: int64 type: integer tolerations: items: properties: effect: type: string key: type: string operator: type: string tolerationSeconds: format: int64 type: integer value: type: string type: object type: array topologySpreadConstraints: items: properties: labelSelector: properties: matchExpressions: items: properties: key: type: string operator: type: string values: items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string type: object type: object matchLabelKeys: items: type: string type: array x-kubernetes-list-type: atomic maxSkew: format: int32 type: integer minDomains: format: int32 type: integer nodeAffinityPolicy: type: string nodeTaintsPolicy: type: string topologyKey: type: string whenUnsatisfiable: type: string required: - maxSkew - topologyKey - whenUnsatisfiable type: object type: array x-kubernetes-list-map-keys: - topologyKey - whenUnsatisfiable x-kubernetes-list-type: map volumes: items: properties: awsElasticBlockStore: properties: fsType: type: string partition: format: int32 type: integer readOnly: type: boolean volumeID: type: string required: - volumeID type: object azureDisk: properties: cachingMode: type: string diskName: type: string diskURI: type: string fsType: type: string kind: type: string readOnly: type: boolean required: - diskName - diskURI type: object azureFile: properties: readOnly: type: boolean secretName: type: string shareName: type: string required: - secretName - shareName type: object cephfs: properties: monitors: items: type: string type: array path: type: string readOnly: type: boolean secretFile: type: string secretRef: properties: name: type: string type: object user: type: string required: - monitors type: object cinder: properties: fsType: type: string readOnly: type: boolean secretRef: properties: name: type: string type: object volumeID: type: string required: - volumeID type: object configMap: properties: defaultMode: format: int32 type: integer items: items: properties: key: type: string mode: format: int32 type: integer path: type: string required: - key - path type: object type: array name: type: string optional: type: boolean type: object csi: properties: driver: type: string fsType: type: string nodePublishSecretRef: properties: name: type: string type: object readOnly: type: boolean volumeAttributes: additionalProperties: type: string type: object required: - driver type: object downwardAPI: properties: defaultMode: format: int32 type: integer items: items: properties: fieldRef: properties: apiVersion: type: string fieldPath: type: string required: - fieldPath type: object mode: format: int32 type: integer path: type: string resourceFieldRef: properties: containerName: type: string divisor: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: type: string required: - resource type: object required: - path type: object type: array type: object emptyDir: properties: medium: type: string sizeLimit: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: properties: volumeClaimTemplate: properties: metadata: type: object spec: properties: accessModes: items: type: string type: array dataSource: properties: apiGroup: type: string kind: type: string name: type: string required: - kind - name type: object dataSourceRef: properties: apiGroup: type: string kind: type: string name: type: string namespace: type: string required: - kind - name type: object resources: properties: claims: items: properties: name: type: string required: - name type: object x-kubernetes-map-type: atomic type: array x-kubernetes-list-type: set limits: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object type: object selector: properties: matchExpressions: items: properties: key: type: string operator: type: string values: items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string type: object type: object storageClassName: type: string volumeMode: type: string volumeName: type: string type: object required: - spec type: object type: object fc: properties: fsType: type: string lun: format: int32 type: integer readOnly: type: boolean targetWWNs: items: type: string type: array wwids: items: type: string type: array type: object flexVolume: properties: driver: type: string fsType: type: string options: additionalProperties: type: string type: object readOnly: type: boolean secretRef: properties: name: type: string type: object required: - driver type: object flocker: properties: datasetName: type: string datasetUUID: type: string type: object gcePersistentDisk: properties: fsType: type: string partition: format: int32 type: integer pdName: type: string readOnly: type: boolean required: - pdName type: object gitRepo: properties: directory: type: string repository: type: string revision: type: string required: - repository type: object glusterfs: properties: endpoints: type: string path: type: string readOnly: type: boolean required: - endpoints - path type: object hostPath: properties: path: type: string type: type: string required: - path type: object iscsi: properties: chapAuthDiscovery: type: boolean chapAuthSession: type: boolean fsType: type: string initiatorName: type: string iqn: type: string iscsiInterface: type: string lun: format: int32 type: integer portals: items: type: string type: array readOnly: type: boolean secretRef: properties: name: type: string type: object targetPortal: type: string required: - iqn - lun - targetPortal type: object name: type: string nfs: properties: path: type: string readOnly: type: boolean server: type: string required: - path - server type: object persistentVolumeClaim: properties: claimName: type: string readOnly: type: boolean required: - claimName type: object photonPersistentDisk: properties: fsType: type: string pdID: type: string required: - pdID type: object portworxVolume: properties: fsType: type: string readOnly: type: boolean volumeID: type: string required: - volumeID type: object projected: properties: defaultMode: format: int32 type: integer sources: items: properties: configMap: properties: items: items: properties: key: type: string mode: format: int32 type: integer path: type: string required: - key - path type: object type: array name: type: string optional: type: boolean type: object downwardAPI: properties: items: items: properties: fieldRef: properties: apiVersion: type: string fieldPath: type: string required: - fieldPath type: object mode: format: int32 type: integer path: type: string resourceFieldRef: properties: containerName: type: string divisor: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: type: string required: - resource type: object required: - path type: object type: array type: object secret: properties: items: items: properties: key: type: string mode: format: int32 type: integer path: type: string required: - key - path type: object type: array name: type: string optional: type: boolean type: object serviceAccountToken: properties: audience: type: string expirationSeconds: format: int64 type: integer path: type: string required: - path type: object type: object type: array type: object quobyte: properties: group: type: string readOnly: type: boolean registry: type: string tenant: type: string user: type: string volume: type: string required: - registry - volume type: object rbd: properties: fsType: type: string image: type: string keyring: type: string monitors: items: type: string type: array pool: type: string readOnly: type: boolean secretRef: properties: name: type: string type: object user: type: string required: - image - monitors type: object scaleIO: properties: fsType: type: string gateway: type: string protectionDomain: type: string readOnly: type: boolean secretRef: properties: name: type: string type: object sslEnabled: type: boolean storageMode: type: string storagePool: type: string system: type: string volumeName: type: string required: - gateway - secretRef - system type: object secret: properties: defaultMode: format: int32 type: integer items: items: properties: key: type: string mode: format: int32 type: integer path: type: string required: - key - path type: object type: array optional: type: boolean secretName: type: string type: object storageos: properties: fsType: type: string readOnly: type: boolean secretRef: properties: name: type: string type: object volumeName: type: string volumeNamespace: type: string type: object vsphereVolume: properties: fsType: type: string storagePolicyID: type: string storagePolicyName: type: string volumePath: type: string required: - volumePath type: object required: - name type: object type: array type: object redisEnterpriseImageSpec: description: Specification for Redis Enterprise container image properties: digestHash: description: 'The digest hash of the container image to pull. When specified, the container image is pulled according to the digest hash instead of the image tag. The versionTag field must also be specified with the image tag matching this digest hash. Note: This field is only supported for OLM deployments.' type: string imagePullPolicy: description: The image pull policy to be applied to the container image. One of Always, Never, IfNotPresent. type: string repository: description: The repository (name) of the container image to be deployed. type: string versionTag: description: The tag of the container image to be deployed. type: string type: object redisEnterpriseNodeResources: description: Compute resource requirements for Redis Enterprise containers properties: claims: items: properties: name: type: string required: - name type: object x-kubernetes-map-type: atomic type: array x-kubernetes-list-type: set limits: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object type: object redisEnterpriseServicesConfiguration: description: RS Cluster optional services settings properties: cmServer: properties: operatingMode: description: Whether to enable/disable the CM server enum: - enabled - disabled type: string required: - operatingMode type: object crdbCoordinator: properties: operatingMode: description: Whether to enable/disable the crdb coordinator process enum: - enabled - disabled type: string required: - operatingMode type: object crdbWorker: properties: operatingMode: description: Whether to enable/disable the crdb worker processes enum: - enabled - disabled type: string required: - operatingMode type: object mdnsServer: properties: operatingMode: description: Whether to enable/disable the Multicast DNS server enum: - enabled - disabled type: string required: - operatingMode type: object pdnsServer: properties: operatingMode: description: 'Deprecated: The PDNS Server is now disabled by the operator. This field will be ignored.' enum: - enabled - disabled type: string required: - operatingMode type: object saslauthd: properties: operatingMode: description: Whether to enable/disable the saslauthd service enum: - enabled - disabled type: string required: - operatingMode type: object statsArchiver: properties: operatingMode: description: Whether to enable/disable the stats archiver service enum: - enabled - disabled type: string required: - operatingMode type: object type: object redisEnterpriseServicesRiggerImageSpec: description: Specification for Services Rigger container image properties: digestHash: description: 'The digest hash of the container image to pull. When specified, the container image is pulled according to the digest hash instead of the image tag. The versionTag field must also be specified with the image tag matching this digest hash. Note: This field is only supported for OLM deployments.' type: string imagePullPolicy: description: The image pull policy to be applied to the container image. One of Always, Never, IfNotPresent. type: string repository: description: The repository (name) of the container image to be deployed. type: string versionTag: description: The tag of the container image to be deployed. type: string type: object redisEnterpriseServicesRiggerResources: description: Compute resource requirements for Services Rigger pod properties: claims: items: properties: name: type: string required: - name type: object x-kubernetes-map-type: atomic type: array x-kubernetes-list-type: set limits: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object type: object redisEnterpriseTerminationGracePeriodSeconds: description: The TerminationGracePeriodSeconds value for the (STS created) REC pods format: int64 type: integer redisEnterpriseVolumeMounts: description: 'additional volume mounts within the redis enterprise containers. More info: https://kubernetes.io/docs/concepts/storage/volumes/' items: properties: mountPath: type: string mountPropagation: type: string name: type: string readOnly: type: boolean subPath: type: string subPathExpr: type: string required: - mountPath - name type: object type: array redisUpgradePolicy: description: 'Redis upgrade policy to be set on the Redis Enterprise cluster. Possible values: major/latest This value is used by the cluster to choose the Redis version of the database when an upgrade is performed. The Redis Enterprise cluster includes multiple versions of OSS Redis that can be used for databases.' enum: - major - latest type: string resp3Default: description: Whether databases will turn on RESP3 compatibility upon database upgrade. Note - Deleting this property after explicitly setting its value shall have no effect. Please view the corresponding field in RS doc for more info. type: boolean securityContext: description: The security configuration that will be applied to RS pods. properties: readOnlyRootFilesystemPolicy: description: Policy controlling whether to enable read-only root filesystem for the Redis Enterprise software containers. Note that certain filesystem paths remain writable through mounted volumes to ensure proper functionality. properties: enabled: description: Whether to enable read-only root filesystem for the Redis Enterprise software containers. Default is false. type: boolean required: - enabled type: object resourceLimits: description: Settings pertaining to resource limits management by the Redis Enterprise node container. properties: allowAutoAdjustment: description: Allow Redis Enterprise to adjust resource limits, like max open file descriptors, of its data plane processes. When this option is enabled, the SYS_RESOURCE capability is added to the Redis Enterprise pods, and their allowPrivilegeEscalation field is set. Turned off by default. type: boolean type: object type: object backup: description: Cluster-wide backup configurations properties: s3: description: Configurations for backups to s3 and s3-compatible storage properties: caCertificateSecretName: description: Secret name that holds the S3 CA certificate, which contains the TLS certificate mapped to the key in the secret 'cert' type: string url: description: Specifies the URL for S3 export and import type: string type: object type: object serviceAccountName: description: Name of the service account to use for Redis Enterprise. type: string servicesRiggerSpec: description: Specification for service rigger properties: databaseServiceType: description: Service types for access to databases. should be a comma separated list. The possible values are cluster_ip, headless and load_balancer. type: string extraEnvVars: items: description: 'EnvVar represents an environment variable present in a Container. More info: https://kubernetes.io/docs/tasks/inject-data-application/environment-variable-expose-pod-information/' properties: name: description: Name of the environment variable. type: string value: type: string valueFrom: description: Source for the environment variable's value. Cannot be used if value is not empty. properties: configMapKeyRef: description: Selects a key of a ConfigMap. properties: key: description: The key to select. type: string name: description: Name of the referent type: string optional: description: Specify whether the ConfigMap or its key must be defined type: boolean required: - key type: object fieldRef: description: Selects a field of the pod properties: apiVersion: description: Version of the schema the FieldPath is written in terms of, defaults to "v1". type: string fieldPath: description: Path of the field to select in the specified API version. type: string required: - fieldPath type: object resourceFieldRef: description: 'Selects a resource of the container: only resources limits and requests are currently supported.' properties: containerName: description: 'Container name: required for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string description: Specifies the output format of the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: description: 'Required: resource to select' type: string required: - resource type: object secretKeyRef: description: Selects a key of a secret in the pod's namespace properties: key: description: The key of the secret to select from. Must be a valid secret key. type: string name: description: Name of the referent type: string optional: description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object type: object required: - name type: object type: array serviceNaming: description: Used to determine how to name the services created automatically when a database is created. When bdb_name is used, the database name will be also used for the service name. When redis-port is used, the service will be named redis-. enum: - bdb_name - redis-port type: string servicesRiggerAdditionalPodSpecAttributes: description: ADVANCED USAGE USE AT YOUR OWN RISK - specify pod attributes that are required for the rigger deployment pod. Pod attributes managed by the operator might override these settings (Containers, serviceAccountName, podTolerations, ImagePullSecrets, nodeSelector, PriorityClassName, PodSecurityContext). Also make sure the attributes are supported by the K8s version running on the cluster - the operator does not validate that. properties: activeDeadlineSeconds: format: int64 type: integer affinity: properties: nodeAffinity: properties: preferredDuringSchedulingIgnoredDuringExecution: items: properties: preference: properties: matchExpressions: items: properties: key: type: string operator: type: string values: items: type: string type: array required: - key - operator type: object type: array matchFields: items: properties: key: type: string operator: type: string values: items: type: string type: array required: - key - operator type: object type: array type: object weight: format: int32 type: integer required: - preference - weight type: object type: array requiredDuringSchedulingIgnoredDuringExecution: properties: nodeSelectorTerms: items: properties: matchExpressions: items: properties: key: type: string operator: type: string values: items: type: string type: array required: - key - operator type: object type: array matchFields: items: properties: key: type: string operator: type: string values: items: type: string type: array required: - key - operator type: object type: array type: object type: array required: - nodeSelectorTerms type: object type: object podAffinity: properties: preferredDuringSchedulingIgnoredDuringExecution: items: properties: podAffinityTerm: properties: labelSelector: properties: matchExpressions: items: properties: key: type: string operator: type: string values: items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string type: object type: object namespaceSelector: properties: matchExpressions: items: properties: key: type: string operator: type: string values: items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string type: object type: object namespaces: items: type: string type: array topologyKey: type: string required: - topologyKey type: object weight: format: int32 type: integer required: - podAffinityTerm - weight type: object type: array requiredDuringSchedulingIgnoredDuringExecution: items: properties: labelSelector: properties: matchExpressions: items: properties: key: type: string operator: type: string values: items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string type: object type: object namespaceSelector: properties: matchExpressions: items: properties: key: type: string operator: type: string values: items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string type: object type: object namespaces: items: type: string type: array topologyKey: type: string required: - topologyKey type: object type: array type: object podAntiAffinity: properties: preferredDuringSchedulingIgnoredDuringExecution: items: properties: podAffinityTerm: properties: labelSelector: properties: matchExpressions: items: properties: key: type: string operator: type: string values: items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string type: object type: object namespaceSelector: properties: matchExpressions: items: properties: key: type: string operator: type: string values: items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string type: object type: object namespaces: items: type: string type: array topologyKey: type: string required: - topologyKey type: object weight: format: int32 type: integer required: - podAffinityTerm - weight type: object type: array requiredDuringSchedulingIgnoredDuringExecution: items: properties: labelSelector: properties: matchExpressions: items: properties: key: type: string operator: type: string values: items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string type: object type: object namespaceSelector: properties: matchExpressions: items: properties: key: type: string operator: type: string values: items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string type: object type: object namespaces: items: type: string type: array topologyKey: type: string required: - topologyKey type: object type: array type: object type: object automountServiceAccountToken: type: boolean dnsConfig: properties: nameservers: items: type: string type: array options: items: properties: name: type: string value: type: string type: object type: array searches: items: type: string type: array type: object dnsPolicy: type: string enableServiceLinks: type: boolean ephemeralContainers: items: properties: args: items: type: string type: array command: items: type: string type: array env: items: properties: name: type: string value: type: string valueFrom: properties: configMapKeyRef: properties: key: type: string name: type: string optional: type: boolean required: - key type: object fieldRef: properties: apiVersion: type: string fieldPath: type: string required: - fieldPath type: object resourceFieldRef: properties: containerName: type: string divisor: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: type: string required: - resource type: object secretKeyRef: properties: key: type: string name: type: string optional: type: boolean required: - key type: object type: object required: - name type: object type: array envFrom: items: properties: configMapRef: properties: name: type: string optional: type: boolean type: object prefix: type: string secretRef: properties: name: type: string optional: type: boolean type: object type: object type: array image: type: string imagePullPolicy: type: string lifecycle: properties: postStart: properties: exec: properties: command: items: type: string type: array type: object httpGet: properties: host: type: string httpHeaders: items: properties: name: type: string value: type: string required: - name - value type: object type: array path: type: string port: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true scheme: type: string required: - port type: object tcpSocket: properties: host: type: string port: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true required: - port type: object type: object preStop: properties: exec: properties: command: items: type: string type: array type: object httpGet: properties: host: type: string httpHeaders: items: properties: name: type: string value: type: string required: - name - value type: object type: array path: type: string port: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true scheme: type: string required: - port type: object tcpSocket: properties: host: type: string port: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true required: - port type: object type: object type: object livenessProbe: properties: exec: properties: command: items: type: string type: array type: object failureThreshold: format: int32 type: integer grpc: properties: port: format: int32 type: integer service: type: string required: - port type: object httpGet: properties: host: type: string httpHeaders: items: properties: name: type: string value: type: string required: - name - value type: object type: array path: type: string port: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true scheme: type: string required: - port type: object initialDelaySeconds: format: int32 type: integer periodSeconds: format: int32 type: integer successThreshold: format: int32 type: integer tcpSocket: properties: host: type: string port: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: format: int64 type: integer timeoutSeconds: format: int32 type: integer type: object name: type: string ports: items: properties: containerPort: format: int32 type: integer hostIP: type: string hostPort: format: int32 type: integer name: type: string protocol: default: TCP type: string required: - containerPort type: object type: array readinessProbe: properties: exec: properties: command: items: type: string type: array type: object failureThreshold: format: int32 type: integer grpc: properties: port: format: int32 type: integer service: type: string required: - port type: object httpGet: properties: host: type: string httpHeaders: items: properties: name: type: string value: type: string required: - name - value type: object type: array path: type: string port: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true scheme: type: string required: - port type: object initialDelaySeconds: format: int32 type: integer periodSeconds: format: int32 type: integer successThreshold: format: int32 type: integer tcpSocket: properties: host: type: string port: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: format: int64 type: integer timeoutSeconds: format: int32 type: integer type: object resources: properties: claims: items: properties: name: type: string required: - name type: object x-kubernetes-map-type: atomic type: array x-kubernetes-list-type: set limits: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object type: object securityContext: properties: allowPrivilegeEscalation: type: boolean capabilities: properties: add: items: type: string type: array drop: items: type: string type: array type: object privileged: type: boolean procMount: type: string readOnlyRootFilesystem: type: boolean runAsGroup: format: int64 type: integer runAsNonRoot: type: boolean runAsUser: format: int64 type: integer seLinuxOptions: properties: level: type: string role: type: string type: type: string user: type: string type: object seccompProfile: properties: localhostProfile: type: string type: type: string required: - type type: object windowsOptions: properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string type: object type: object startupProbe: properties: exec: properties: command: items: type: string type: array type: object failureThreshold: format: int32 type: integer grpc: properties: port: format: int32 type: integer service: type: string required: - port type: object httpGet: properties: host: type: string httpHeaders: items: properties: name: type: string value: type: string required: - name - value type: object type: array path: type: string port: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true scheme: type: string required: - port type: object initialDelaySeconds: format: int32 type: integer periodSeconds: format: int32 type: integer successThreshold: format: int32 type: integer tcpSocket: properties: host: type: string port: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: format: int64 type: integer timeoutSeconds: format: int32 type: integer type: object stdin: type: boolean stdinOnce: type: boolean targetContainerName: type: string terminationMessagePath: type: string terminationMessagePolicy: type: string tty: type: boolean volumeDevices: items: properties: devicePath: type: string name: type: string required: - devicePath - name type: object type: array volumeMounts: items: properties: mountPath: type: string mountPropagation: type: string name: type: string readOnly: type: boolean subPath: type: string subPathExpr: type: string required: - mountPath - name type: object type: array workingDir: type: string required: - name type: object type: array hostAliases: items: properties: hostnames: items: type: string type: array ip: type: string type: object type: array hostIPC: type: boolean hostNetwork: type: boolean hostPID: type: boolean hostUsers: type: boolean hostname: type: string imagePullSecrets: items: properties: name: type: string type: object type: array initContainers: items: properties: args: items: type: string type: array command: items: type: string type: array env: items: properties: name: type: string value: type: string valueFrom: properties: configMapKeyRef: properties: key: type: string name: type: string optional: type: boolean required: - key type: object fieldRef: properties: apiVersion: type: string fieldPath: type: string required: - fieldPath type: object resourceFieldRef: properties: containerName: type: string divisor: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: type: string required: - resource type: object secretKeyRef: properties: key: type: string name: type: string optional: type: boolean required: - key type: object type: object required: - name type: object type: array envFrom: items: properties: configMapRef: properties: name: type: string optional: type: boolean type: object prefix: type: string secretRef: properties: name: type: string optional: type: boolean type: object type: object type: array image: type: string imagePullPolicy: type: string lifecycle: properties: postStart: properties: exec: properties: command: items: type: string type: array type: object httpGet: properties: host: type: string httpHeaders: items: properties: name: type: string value: type: string required: - name - value type: object type: array path: type: string port: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true scheme: type: string required: - port type: object tcpSocket: properties: host: type: string port: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true required: - port type: object type: object preStop: properties: exec: properties: command: items: type: string type: array type: object httpGet: properties: host: type: string httpHeaders: items: properties: name: type: string value: type: string required: - name - value type: object type: array path: type: string port: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true scheme: type: string required: - port type: object tcpSocket: properties: host: type: string port: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true required: - port type: object type: object type: object livenessProbe: properties: exec: properties: command: items: type: string type: array type: object failureThreshold: format: int32 type: integer grpc: properties: port: format: int32 type: integer service: type: string required: - port type: object httpGet: properties: host: type: string httpHeaders: items: properties: name: type: string value: type: string required: - name - value type: object type: array path: type: string port: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true scheme: type: string required: - port type: object initialDelaySeconds: format: int32 type: integer periodSeconds: format: int32 type: integer successThreshold: format: int32 type: integer tcpSocket: properties: host: type: string port: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: format: int64 type: integer timeoutSeconds: format: int32 type: integer type: object name: type: string ports: items: properties: containerPort: format: int32 type: integer hostIP: type: string hostPort: format: int32 type: integer name: type: string protocol: default: TCP type: string required: - containerPort type: object type: array x-kubernetes-list-map-keys: - containerPort - protocol x-kubernetes-list-type: map readinessProbe: properties: exec: properties: command: items: type: string type: array type: object failureThreshold: format: int32 type: integer grpc: properties: port: format: int32 type: integer service: type: string required: - port type: object httpGet: properties: host: type: string httpHeaders: items: properties: name: type: string value: type: string required: - name - value type: object type: array path: type: string port: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true scheme: type: string required: - port type: object initialDelaySeconds: format: int32 type: integer periodSeconds: format: int32 type: integer successThreshold: format: int32 type: integer tcpSocket: properties: host: type: string port: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: format: int64 type: integer timeoutSeconds: format: int32 type: integer type: object resources: properties: claims: items: properties: name: type: string required: - name type: object x-kubernetes-map-type: atomic type: array x-kubernetes-list-type: set limits: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object type: object securityContext: properties: allowPrivilegeEscalation: type: boolean capabilities: properties: add: items: type: string type: array drop: items: type: string type: array type: object privileged: type: boolean procMount: type: string readOnlyRootFilesystem: type: boolean runAsGroup: format: int64 type: integer runAsNonRoot: type: boolean runAsUser: format: int64 type: integer seLinuxOptions: properties: level: type: string role: type: string type: type: string user: type: string type: object seccompProfile: properties: localhostProfile: type: string type: type: string required: - type type: object windowsOptions: properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string type: object type: object startupProbe: properties: exec: properties: command: items: type: string type: array type: object failureThreshold: format: int32 type: integer grpc: properties: port: format: int32 type: integer service: type: string required: - port type: object httpGet: properties: host: type: string httpHeaders: items: properties: name: type: string value: type: string required: - name - value type: object type: array path: type: string port: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true scheme: type: string required: - port type: object initialDelaySeconds: format: int32 type: integer periodSeconds: format: int32 type: integer successThreshold: format: int32 type: integer tcpSocket: properties: host: type: string port: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: format: int64 type: integer timeoutSeconds: format: int32 type: integer type: object stdin: type: boolean stdinOnce: type: boolean terminationMessagePath: type: string terminationMessagePolicy: type: string tty: type: boolean volumeDevices: items: properties: devicePath: type: string name: type: string required: - devicePath - name type: object type: array volumeMounts: items: properties: mountPath: type: string mountPropagation: type: string name: type: string readOnly: type: boolean subPath: type: string subPathExpr: type: string required: - mountPath - name type: object type: array workingDir: type: string required: - name type: object type: array nodeName: type: string nodeSelector: additionalProperties: type: string type: object x-kubernetes-map-type: atomic os: properties: name: type: string required: - name type: object overhead: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object preemptionPolicy: type: string priority: format: int32 type: integer priorityClassName: type: string readinessGates: items: properties: conditionType: type: string required: - conditionType type: object type: array resourceClaims: items: properties: name: type: string source: properties: resourceClaimName: type: string resourceClaimTemplateName: type: string type: object required: - name type: object type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map restartPolicy: type: string runtimeClassName: type: string schedulerName: type: string schedulingGates: items: properties: name: type: string required: - name type: object type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map securityContext: properties: fsGroup: format: int64 type: integer fsGroupChangePolicy: type: string runAsGroup: format: int64 type: integer runAsNonRoot: type: boolean runAsUser: format: int64 type: integer seLinuxOptions: properties: level: type: string role: type: string type: type: string user: type: string type: object seccompProfile: properties: localhostProfile: type: string type: type: string required: - type type: object supplementalGroups: items: format: int64 type: integer type: array sysctls: items: properties: name: type: string value: type: string required: - name - value type: object type: array windowsOptions: properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string type: object type: object serviceAccount: type: string serviceAccountName: type: string setHostnameAsFQDN: type: boolean shareProcessNamespace: type: boolean subdomain: type: string terminationGracePeriodSeconds: format: int64 type: integer tolerations: items: properties: effect: type: string key: type: string operator: type: string tolerationSeconds: format: int64 type: integer value: type: string type: object type: array topologySpreadConstraints: items: properties: labelSelector: properties: matchExpressions: items: properties: key: type: string operator: type: string values: items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string type: object type: object matchLabelKeys: items: type: string type: array x-kubernetes-list-type: atomic maxSkew: format: int32 type: integer minDomains: format: int32 type: integer nodeAffinityPolicy: type: string nodeTaintsPolicy: type: string topologyKey: type: string whenUnsatisfiable: type: string required: - maxSkew - topologyKey - whenUnsatisfiable type: object type: array x-kubernetes-list-map-keys: - topologyKey - whenUnsatisfiable x-kubernetes-list-type: map volumes: items: properties: awsElasticBlockStore: properties: fsType: type: string partition: format: int32 type: integer readOnly: type: boolean volumeID: type: string required: - volumeID type: object azureDisk: properties: cachingMode: type: string diskName: type: string diskURI: type: string fsType: type: string kind: type: string readOnly: type: boolean required: - diskName - diskURI type: object azureFile: properties: readOnly: type: boolean secretName: type: string shareName: type: string required: - secretName - shareName type: object cephfs: properties: monitors: items: type: string type: array path: type: string readOnly: type: boolean secretFile: type: string secretRef: properties: name: type: string type: object user: type: string required: - monitors type: object cinder: properties: fsType: type: string readOnly: type: boolean secretRef: properties: name: type: string type: object volumeID: type: string required: - volumeID type: object configMap: properties: defaultMode: format: int32 type: integer items: items: properties: key: type: string mode: format: int32 type: integer path: type: string required: - key - path type: object type: array name: type: string optional: type: boolean type: object csi: properties: driver: type: string fsType: type: string nodePublishSecretRef: properties: name: type: string type: object readOnly: type: boolean volumeAttributes: additionalProperties: type: string type: object required: - driver type: object downwardAPI: properties: defaultMode: format: int32 type: integer items: items: properties: fieldRef: properties: apiVersion: type: string fieldPath: type: string required: - fieldPath type: object mode: format: int32 type: integer path: type: string resourceFieldRef: properties: containerName: type: string divisor: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: type: string required: - resource type: object required: - path type: object type: array type: object emptyDir: properties: medium: type: string sizeLimit: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: properties: volumeClaimTemplate: properties: metadata: type: object spec: properties: accessModes: items: type: string type: array dataSource: properties: apiGroup: type: string kind: type: string name: type: string required: - kind - name type: object dataSourceRef: properties: apiGroup: type: string kind: type: string name: type: string namespace: type: string required: - kind - name type: object resources: properties: claims: items: properties: name: type: string required: - name type: object x-kubernetes-map-type: atomic type: array x-kubernetes-list-type: set limits: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object type: object selector: properties: matchExpressions: items: properties: key: type: string operator: type: string values: items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string type: object type: object storageClassName: type: string volumeMode: type: string volumeName: type: string type: object required: - spec type: object type: object fc: properties: fsType: type: string lun: format: int32 type: integer readOnly: type: boolean targetWWNs: items: type: string type: array wwids: items: type: string type: array type: object flexVolume: properties: driver: type: string fsType: type: string options: additionalProperties: type: string type: object readOnly: type: boolean secretRef: properties: name: type: string type: object required: - driver type: object flocker: properties: datasetName: type: string datasetUUID: type: string type: object gcePersistentDisk: properties: fsType: type: string partition: format: int32 type: integer pdName: type: string readOnly: type: boolean required: - pdName type: object gitRepo: properties: directory: type: string repository: type: string revision: type: string required: - repository type: object glusterfs: properties: endpoints: type: string path: type: string readOnly: type: boolean required: - endpoints - path type: object hostPath: properties: path: type: string type: type: string required: - path type: object iscsi: properties: chapAuthDiscovery: type: boolean chapAuthSession: type: boolean fsType: type: string initiatorName: type: string iqn: type: string iscsiInterface: type: string lun: format: int32 type: integer portals: items: type: string type: array readOnly: type: boolean secretRef: properties: name: type: string type: object targetPortal: type: string required: - iqn - lun - targetPortal type: object name: type: string nfs: properties: path: type: string readOnly: type: boolean server: type: string required: - path - server type: object persistentVolumeClaim: properties: claimName: type: string readOnly: type: boolean required: - claimName type: object photonPersistentDisk: properties: fsType: type: string pdID: type: string required: - pdID type: object portworxVolume: properties: fsType: type: string readOnly: type: boolean volumeID: type: string required: - volumeID type: object projected: properties: defaultMode: format: int32 type: integer sources: items: properties: configMap: properties: items: items: properties: key: type: string mode: format: int32 type: integer path: type: string required: - key - path type: object type: array name: type: string optional: type: boolean type: object downwardAPI: properties: items: items: properties: fieldRef: properties: apiVersion: type: string fieldPath: type: string required: - fieldPath type: object mode: format: int32 type: integer path: type: string resourceFieldRef: properties: containerName: type: string divisor: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: type: string required: - resource type: object required: - path type: object type: array type: object secret: properties: items: items: properties: key: type: string mode: format: int32 type: integer path: type: string required: - key - path type: object type: array name: type: string optional: type: boolean type: object serviceAccountToken: properties: audience: type: string expirationSeconds: format: int64 type: integer path: type: string required: - path type: object type: object type: array type: object quobyte: properties: group: type: string readOnly: type: boolean registry: type: string tenant: type: string user: type: string volume: type: string required: - registry - volume type: object rbd: properties: fsType: type: string image: type: string keyring: type: string monitors: items: type: string type: array pool: type: string readOnly: type: boolean secretRef: properties: name: type: string type: object user: type: string required: - image - monitors type: object scaleIO: properties: fsType: type: string gateway: type: string protectionDomain: type: string readOnly: type: boolean secretRef: properties: name: type: string type: object sslEnabled: type: boolean storageMode: type: string storagePool: type: string system: type: string volumeName: type: string required: - gateway - secretRef - system type: object secret: properties: defaultMode: format: int32 type: integer items: items: properties: key: type: string mode: format: int32 type: integer path: type: string required: - key - path type: object type: array optional: type: boolean secretName: type: string type: object storageos: properties: fsType: type: string readOnly: type: boolean secretRef: properties: name: type: string type: object volumeName: type: string volumeNamespace: type: string type: object vsphereVolume: properties: fsType: type: string storagePolicyID: type: string storagePolicyName: type: string volumePath: type: string required: - volumePath type: object required: - name type: object type: array type: object podAnnotations: additionalProperties: type: string description: annotations for the service rigger pod type: object databaseServicePortPolicy: description: databaseServicePortPolicy instructs how to determine the service ports for REDB services. Defaults to DatabasePortForward, if not specified otherwise. Note - Regardless whether this flag is set or not, if an REDB/REAADB configured with databaseServicePort that would be the port exposed by the Service. DatabasePortForward - The service port will be the same as the database port. RedisDefaultPort - The service port will be the default Redis port (6379). enum: - DatabasePortForward - RedisDefaultPort type: string type: object sideContainersSpec: items: properties: args: items: type: string type: array command: items: type: string type: array env: items: properties: name: type: string value: type: string valueFrom: properties: configMapKeyRef: properties: key: type: string name: type: string optional: type: boolean required: - key type: object fieldRef: properties: apiVersion: type: string fieldPath: type: string required: - fieldPath type: object resourceFieldRef: properties: containerName: type: string divisor: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: type: string required: - resource type: object secretKeyRef: properties: key: type: string name: type: string optional: type: boolean required: - key type: object type: object required: - name type: object type: array envFrom: items: properties: configMapRef: properties: name: type: string optional: type: boolean type: object prefix: type: string secretRef: properties: name: type: string optional: type: boolean type: object type: object type: array image: type: string imagePullPolicy: type: string lifecycle: properties: postStart: properties: exec: properties: command: items: type: string type: array type: object httpGet: properties: host: type: string httpHeaders: items: properties: name: type: string value: type: string required: - name - value type: object type: array path: type: string port: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true scheme: type: string required: - port type: object tcpSocket: properties: host: type: string port: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true required: - port type: object type: object preStop: properties: exec: properties: command: items: type: string type: array type: object httpGet: properties: host: type: string httpHeaders: items: properties: name: type: string value: type: string required: - name - value type: object type: array path: type: string port: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true scheme: type: string required: - port type: object tcpSocket: properties: host: type: string port: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true required: - port type: object type: object type: object livenessProbe: properties: exec: properties: command: items: type: string type: array type: object failureThreshold: format: int32 type: integer grpc: properties: port: format: int32 type: integer service: type: string required: - port type: object httpGet: properties: host: type: string httpHeaders: items: properties: name: type: string value: type: string required: - name - value type: object type: array path: type: string port: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true scheme: type: string required: - port type: object initialDelaySeconds: format: int32 type: integer periodSeconds: format: int32 type: integer successThreshold: format: int32 type: integer tcpSocket: properties: host: type: string port: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: format: int64 type: integer timeoutSeconds: format: int32 type: integer type: object name: type: string ports: items: properties: containerPort: format: int32 type: integer hostIP: type: string hostPort: format: int32 type: integer name: type: string protocol: default: TCP type: string required: - containerPort type: object type: array x-kubernetes-list-map-keys: - containerPort - protocol x-kubernetes-list-type: map readinessProbe: properties: exec: properties: command: items: type: string type: array type: object failureThreshold: format: int32 type: integer grpc: properties: port: format: int32 type: integer service: type: string required: - port type: object httpGet: properties: host: type: string httpHeaders: items: properties: name: type: string value: type: string required: - name - value type: object type: array path: type: string port: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true scheme: type: string required: - port type: object initialDelaySeconds: format: int32 type: integer periodSeconds: format: int32 type: integer successThreshold: format: int32 type: integer tcpSocket: properties: host: type: string port: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: format: int64 type: integer timeoutSeconds: format: int32 type: integer type: object resources: properties: claims: items: properties: name: type: string required: - name type: object x-kubernetes-map-type: atomic type: array x-kubernetes-list-type: set limits: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object type: object securityContext: properties: allowPrivilegeEscalation: type: boolean capabilities: properties: add: items: type: string type: array drop: items: type: string type: array type: object privileged: type: boolean procMount: type: string readOnlyRootFilesystem: type: boolean runAsGroup: format: int64 type: integer runAsNonRoot: type: boolean runAsUser: format: int64 type: integer seLinuxOptions: properties: level: type: string role: type: string type: type: string user: type: string type: object seccompProfile: properties: localhostProfile: type: string type: type: string required: - type type: object windowsOptions: properties: gmsaCredentialSpec: type: string gmsaCredentialSpecName: type: string hostProcess: type: boolean runAsUserName: type: string type: object type: object startupProbe: properties: exec: properties: command: items: type: string type: array type: object failureThreshold: format: int32 type: integer grpc: properties: port: format: int32 type: integer service: type: string required: - port type: object httpGet: properties: host: type: string httpHeaders: items: properties: name: type: string value: type: string required: - name - value type: object type: array path: type: string port: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true scheme: type: string required: - port type: object initialDelaySeconds: format: int32 type: integer periodSeconds: format: int32 type: integer successThreshold: format: int32 type: integer tcpSocket: properties: host: type: string port: anyOf: - type: integer - type: string x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: format: int64 type: integer timeoutSeconds: format: int32 type: integer type: object stdin: type: boolean stdinOnce: type: boolean terminationMessagePath: type: string terminationMessagePolicy: type: string tty: type: boolean volumeDevices: items: properties: devicePath: type: string name: type: string required: - devicePath - name type: object type: array volumeMounts: items: properties: mountPath: type: string mountPropagation: type: string name: type: string readOnly: type: boolean subPath: type: string subPathExpr: type: string required: - mountPath - name type: object type: array workingDir: type: string required: - name type: object type: array slaveHA: description: Slave high availability mechanism configuration. properties: slaveHAGracePeriod: description: Grace period in seconds between node failure and when the high availability mechanism starts relocating shards. Set to 0 to not affect cluster configuration. format: int32 type: integer required: - slaveHAGracePeriod type: object uiAnnotations: additionalProperties: type: string description: Additional annotations for the Redis Enterprise UI service. These annotations override overlapping global annotations set under spec.services.servicesAnnotations. The specified annotations will not override annotations that already exist and didn't originate from the operator, except for the 'redis.io/last-keys' annotation which is reserved. type: object uiServiceType: description: Service type for exposing the Redis Enterprise UI (https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types). enum: - ClusterIP - NodePort - LoadBalancer - ExternalName type: string redisOnFlashSpec: description: Auto Tiering (Redis on Flash) configuration. When provided, the cluster can create Auto Tiering databases. properties: enabled: type: boolean flashStorageEngine: type: string enum: - rocksdb storageClassName: type: string flashDiskSize: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true bigStoreDriver: type: string enum: - rocksdb - speedb required: - enabled - storageClassName type: object upgradeSpec: description: Redis Enterprise upgrade configuration properties: autoUpgradeRedisEnterprise: description: Enables automatic Redis Enterprise upgrades when the operator is upgraded. type: boolean required: - autoUpgradeRedisEnterprise type: object usageMeter: description: The configuration of the usage meter. properties: callHomeClient: properties: resources: description: Compute resource requirements for Call Home Client pod properties: claims: description: "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. \n This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. \n This field is immutable. It can only be set for containers." items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: description: Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. type: string required: - name type: object type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map limits: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object disabled: description: Whether to disable the call home client. Enabled by default. type: boolean imageSpec: description: Image specification properties: digestHash: description: 'The digest hash of the container image to pull. When specified, the container image is pulled according to the digest hash instead of the image tag. The versionTag field must also be specified with the image tag matching this digest hash. Note: This field is only supported for OLM deployments.' type: string imagePullPolicy: description: The image pull policy to be applied to the container image. One of Always, Never, IfNotPresent. type: string repository: description: The repository (name) of the container image to be deployed. type: string versionTag: description: The tag of the container image to be deployed. type: string type: object proxySecretName: description: 'if needed, add proxy details in secret. the name of the proxy secret in the secret, can send the following keys: proxy-url, proxy-username, proxy-password (the url includes the proxy port).' type: string type: object type: object userDefinedModules: description: List of user-defined modules to be downloaded and installed during cluster bootstrap The modules on the list will be downloaded on cluster creation, upgrade, scale-out and recovery and installed on all nodes. Note that changing this field for a running cluster will trigger a rolling update. items: description: UserDefinedModule represents a user-defined Redis module to be downloaded and installed during bootstrap properties: name: description: Name of the module type: string source: description: Source location for downloading the module properties: http: description: HTTP source configuration for downloading the module via HTTP properties: credentialsSecret: description: Name of the Kubernetes secret containing credentials for downloading the module, if needed. The secret must contain 'username' and 'password' keys. type: string url: description: URL to download the module from (must use http:// scheme) type: string required: - url type: object https: description: HTTPS source configuration for downloading the module via HTTPS properties: credentialsSecret: description: Name of the Kubernetes secret containing credentials for downloading the module, if needed. The secret must contain 'username' and 'password' keys. type: string url: description: URL to download the module from (must use https:// scheme) type: string required: - url type: object type: object required: - name - source type: object type: array username: description: Username for the admin user of Redis Enterprise type: string vaultCASecret: description: K8s secret name containing Vault's CA cert - defaults to "vault-ca-cert" type: string volumes: description: additional volumes items: description: 'Volume represents a named volume in a pod that may be accessed by any container in the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' properties: awsElasticBlockStore: properties: fsType: type: string partition: format: int32 type: integer readOnly: type: boolean volumeID: type: string required: - volumeID type: object azureDisk: properties: cachingMode: type: string diskName: type: string diskURI: type: string fsType: type: string kind: type: string readOnly: type: boolean required: - diskName - diskURI type: object azureFile: properties: readOnly: type: boolean secretName: type: string shareName: type: string required: - secretName - shareName type: object cephfs: properties: monitors: items: type: string type: array path: type: string readOnly: type: boolean secretFile: type: string secretRef: properties: name: type: string type: object user: type: string required: - monitors type: object cinder: properties: fsType: type: string readOnly: type: boolean secretRef: properties: name: type: string type: object volumeID: type: string required: - volumeID type: object configMap: properties: defaultMode: format: int32 type: integer items: items: properties: key: type: string mode: format: int32 type: integer path: type: string required: - key - path type: object type: array name: type: string optional: type: boolean type: object csi: properties: driver: type: string fsType: type: string nodePublishSecretRef: properties: name: type: string type: object readOnly: type: boolean volumeAttributes: additionalProperties: type: string type: object required: - driver type: object downwardAPI: properties: defaultMode: format: int32 type: integer items: items: properties: fieldRef: properties: apiVersion: type: string fieldPath: type: string required: - fieldPath type: object mode: format: int32 type: integer path: type: string resourceFieldRef: properties: containerName: type: string divisor: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: type: string required: - resource type: object required: - path type: object type: array type: object emptyDir: properties: medium: type: string sizeLimit: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object fc: properties: fsType: type: string lun: format: int32 type: integer readOnly: type: boolean targetWWNs: items: type: string type: array wwids: items: type: string type: array type: object flexVolume: properties: driver: type: string fsType: type: string options: additionalProperties: type: string type: object readOnly: type: boolean secretRef: properties: name: type: string type: object required: - driver type: object flocker: properties: datasetName: type: string datasetUUID: type: string type: object gcePersistentDisk: properties: fsType: type: string partition: format: int32 type: integer pdName: type: string readOnly: type: boolean required: - pdName type: object gitRepo: properties: directory: type: string repository: type: string revision: type: string required: - repository type: object glusterfs: properties: endpoints: type: string path: type: string readOnly: type: boolean required: - endpoints - path type: object hostPath: properties: path: type: string type: type: string required: - path type: object iscsi: properties: chapAuthDiscovery: type: boolean chapAuthSession: type: boolean fsType: type: string initiatorName: type: string iqn: type: string iscsiInterface: type: string lun: format: int32 type: integer portals: items: type: string type: array readOnly: type: boolean secretRef: properties: name: type: string type: object targetPortal: type: string required: - iqn - lun - targetPortal type: object name: type: string nfs: properties: path: type: string readOnly: type: boolean server: type: string required: - path - server type: object persistentVolumeClaim: properties: claimName: type: string readOnly: type: boolean required: - claimName type: object photonPersistentDisk: properties: fsType: type: string pdID: type: string required: - pdID type: object portworxVolume: properties: fsType: type: string readOnly: type: boolean volumeID: type: string required: - volumeID type: object projected: properties: defaultMode: format: int32 type: integer sources: items: properties: configMap: properties: items: items: properties: key: type: string mode: format: int32 type: integer path: type: string required: - key - path type: object type: array name: type: string optional: type: boolean type: object downwardAPI: properties: items: items: properties: fieldRef: properties: apiVersion: type: string fieldPath: type: string required: - fieldPath type: object mode: format: int32 type: integer path: type: string resourceFieldRef: properties: containerName: type: string divisor: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: type: string required: - resource type: object required: - path type: object type: array type: object secret: properties: items: items: properties: key: type: string mode: format: int32 type: integer path: type: string required: - key - path type: object type: array name: type: string optional: type: boolean type: object serviceAccountToken: properties: audience: type: string expirationSeconds: format: int64 type: integer path: type: string required: - path type: object type: object type: array required: - sources type: object quobyte: properties: group: type: string readOnly: type: boolean registry: type: string tenant: type: string user: type: string volume: type: string required: - registry - volume type: object rbd: properties: fsType: type: string image: type: string keyring: type: string monitors: items: type: string type: array pool: type: string readOnly: type: boolean secretRef: properties: name: type: string type: object user: type: string required: - image - monitors type: object scaleIO: properties: fsType: type: string gateway: type: string protectionDomain: type: string readOnly: type: boolean secretRef: properties: name: type: string type: object sslEnabled: type: boolean storageMode: type: string storagePool: type: string system: type: string volumeName: type: string required: - gateway - secretRef - system type: object secret: properties: defaultMode: format: int32 type: integer items: items: properties: key: type: string mode: format: int32 type: integer path: type: string required: - key - path type: object type: array optional: type: boolean secretName: type: string type: object storageos: properties: fsType: type: string readOnly: type: boolean secretRef: properties: name: type: string type: object volumeName: type: string volumeNamespace: type: string type: object vsphereVolume: properties: fsType: type: string storagePolicyID: type: string storagePolicyName: type: string volumePath: type: string required: - volumePath type: object required: - name type: object type: array type: object type: object - name: v1alpha1 additionalPrinterColumns: - jsonPath: .spec.nodes name: Nodes type: string - jsonPath: .status.licenseStatus.shardsUsage name: Shards type: string - jsonPath: .spec.redisEnterpriseImageSpec.versionTag name: Version type: string - jsonPath: .status.state name: State type: string - jsonPath: .status.specStatus name: Spec Status type: string - jsonPath: .status.licenseStatus.licenseState name: License State type: string - jsonPath: .status.licenseStatus.expirationDate name: License Expiration Date type: string - name: Age type: date jsonPath: .metadata.creationTimestamp served: true storage: false subresources: status: {} schema: openAPIV3Schema: properties: apiVersion: type: string kind: type: string metadata: type: object status: type: object properties: specStatus: type: string state: type: string modules: type: array items: type: object properties: name: type: string displayName: type: string versions: type: array items: type: string ocspStatus: properties: certStatus: type: string nextUpdate: type: string producedAt: type: string responderUrl: type: string revocationTime: type: string thisUpdate: type: string type: object licenseStatus: type: object properties: licenseState: type: string activationDate: type: string expirationDate: type: string shardsUsage: type: string features: type: array items: type: string owner: type: string flashShards: type: integer format: int32 flashShardsLimit: type: integer format: int32 nullable: true ramShards: type: integer format: int32 ramShardsLimit: type: integer format: int32 nullable: true shardsLimit: type: integer bundledDatabaseVersions: items: properties: dbType: type: string version: type: string major: type: boolean required: - dbType - version type: object type: array certificatesStatus: properties: generation: format: int64 type: integer updateStatus: type: string type: object clusterCredentialSecretName: type: string ingressOrRouteMethodStatus: type: string managedAPIs: properties: ldap: type: boolean type: object persistenceStatus: properties: status: type: string succeeded: type: string type: object redisEnterpriseIPFamily: type: string spec: properties: activeActive: properties: apiIngressUrl: type: string dbIngressSuffix: type: string ingressAnnotations: additionalProperties: type: string type: object method: enum: - openShiftRoute - ingress - istio type: string required: - apiIngressUrl - dbIngressSuffix - method type: object antiAffinityAdditionalTopologyKeys: items: type: string type: array auditing: properties: config: properties: auditAddress: type: string auditPort: type: integer auditProtocol: enum: - TCP - local type: string auditReconnectInterval: type: integer auditReconnectMaxAttempts: type: integer required: - auditAddress - auditProtocol type: object dbConnsAuditing: type: boolean type: object bootstrapperImageSpec: properties: digestHash: type: string imagePullPolicy: type: string repository: type: string versionTag: type: string type: object bootstrapperResources: properties: claims: items: properties: name: type: string required: - name type: object x-kubernetes-map-type: atomic type: array x-kubernetes-list-type: set limits: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object type: object clusterCredentialSecretName: type: string clusterCredentialSecretRole: type: string clusterCredentialSecretType: enum: - vault - kubernetes type: string clusterRecovery: type: boolean redisEnterpriseIPFamily: type: string enum: - IPv4 - IPv6 containerTimezone: properties: propagateHost: type: object timezoneName: type: string type: object createServiceAccount: type: boolean dataInternodeEncryption: type: boolean encryptPkeys: type: boolean certificates: properties: apiCertificateSecretName: type: string cmCertificateSecretName: type: string metricsExporterCertificateSecretName: type: string proxyCertificateSecretName: type: string syncerCertificateSecretName: type: string ldapClientCertificateSecretName: type: string dpInternodeEncryptionCertificateSecretName: type: string cpInternodeEncryptionCertificateSecretName: type: string ssoServiceCertificateSecretName: type: string ssoIssuerCertificateSecretName: type: string type: object enforceIPv4: type: boolean extraEnvVars: description: 'ADVANCED USAGE: use carefully. Add environment variables to RS StatefulSet''s containers.' items: properties: name: type: string value: type: string valueFrom: properties: configMapKeyRef: properties: key: type: string name: type: string optional: type: boolean required: - key type: object fieldRef: properties: apiVersion: type: string fieldPath: type: string required: - fieldPath type: object resourceFieldRef: properties: containerName: type: string divisor: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: type: string required: - resource type: object secretKeyRef: properties: key: type: string name: type: string optional: type: boolean required: - key type: object type: object required: - name type: object type: array extraLabels: additionalProperties: type: string type: object hostAliases: description: Adds hostAliases entries to the Redis Enterprise pods items: properties: hostnames: items: type: string type: array ip: type: string type: object type: array ingressOrRouteSpec: properties: apiFqdnUrl: type: string dbFqdnSuffix: type: string ingressAnnotations: additionalProperties: type: string type: object method: enum: - openShiftRoute - ingress - istio type: string required: - apiFqdnUrl - dbFqdnSuffix - method type: object services: properties: apiService: properties: type: enum: - ClusterIP - NodePort - LoadBalancer type: string type: object servicesAnnotations: additionalProperties: type: string type: object type: object ossClusterSettings: properties: externalAccessType: enum: - LoadBalancer - Disabled type: string loadBalancer: properties: serviceAnnotations: additionalProperties: type: string type: object externalTrafficPolicy: enum: - Cluster - Local type: string type: object podCIDRs: items: type: string type: array type: object ldap: properties: authenticationQuery: properties: query: properties: base: type: string filter: type: string scope: enum: - BaseObject - SingleLevel - WholeSubtree type: string required: - base - filter - scope type: object template: type: string type: object authorizationQuery: properties: attribute: type: string query: properties: base: type: string filter: type: string scope: enum: - BaseObject - SingleLevel - WholeSubtree type: string required: - base - filter - scope type: object type: object bindCredentialsSecretName: type: string caCertificateSecretName: type: string cacheTTLSeconds: type: integer directoryTimeoutSeconds: type: integer enabledForControlPlane: type: boolean enabledForDataPlane: type: boolean protocol: enum: - LDAP - LDAPS - STARTTLS type: string servers: items: properties: host: type: string port: format: int32 type: integer required: - host type: object type: array required: - authenticationQuery - authorizationQuery - protocol - servers type: object sso: properties: enabled: type: boolean enforceSSO: type: boolean saml: properties: idpMetadataSecretName: type: string issuer: properties: entityID: type: string loginURL: type: string logoutURL: type: string required: - entityID - loginURL type: object spMetadataSecretName: type: string serviceProvider: properties: baseAddress: type: string type: object type: object required: - enabled - saml type: object license: type: string licenseSecretName: type: string nodeSelector: additionalProperties: type: string type: object ocspConfiguration: properties: ocspFunctionality: type: boolean queryFrequency: type: integer recoveryFrequency: type: integer recoveryMaxTries: type: integer responseTimeout: type: integer type: object nodes: format: int32 type: integer persistentSpec: properties: enablePersistentVolumeResize: type: boolean enabled: type: boolean storageClassName: type: string volumeSize: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object podAnnotations: additionalProperties: type: string description: annotations for the service rigger and redis enterprise pods type: object redisEnterprisePodAnnotations: additionalProperties: type: string description: annotations for redis enterprise pod type: object podAntiAffinity: properties: preferredDuringSchedulingIgnoredDuringExecution: items: properties: podAffinityTerm: properties: labelSelector: properties: matchExpressions: items: properties: key: type: string operator: type: string values: items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string type: object type: object namespaceSelector: properties: matchExpressions: items: properties: key: type: string operator: type: string values: items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string type: object type: object namespaces: items: type: string type: array topologyKey: type: string required: - topologyKey type: object weight: format: int32 type: integer required: - podAffinityTerm - weight type: object type: array requiredDuringSchedulingIgnoredDuringExecution: items: properties: labelSelector: properties: matchExpressions: items: properties: key: type: string operator: type: string values: items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string type: object type: object namespaceSelector: properties: matchExpressions: items: properties: key: type: string operator: type: string values: items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: type: string type: object type: object namespaces: items: type: string type: array topologyKey: type: string required: - topologyKey type: object type: array type: object podStartingPolicy: properties: enabled: type: boolean startingThresholdSeconds: format: int32 type: integer required: - enabled - startingThresholdSeconds type: object podTolerations: items: properties: effect: type: string key: type: string operator: type: string tolerationSeconds: format: int64 type: integer value: type: string type: object type: array priorityClassName: type: string pullSecrets: items: properties: name: type: string type: object type: array rackAwarenessNodeLabel: type: string redisEnterpriseAdditionalPodSpecAttributes: type: object x-kubernetes-preserve-unknown-fields: true redisEnterpriseImageSpec: properties: digestHash: type: string imagePullPolicy: type: string repository: type: string versionTag: type: string type: object redisEnterpriseNodeResources: properties: claims: items: properties: name: type: string required: - name type: object x-kubernetes-map-type: atomic type: array x-kubernetes-list-type: set limits: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object type: object redisEnterpriseServicesConfiguration: properties: cmServer: properties: operatingMode: enum: - enabled - disabled type: string required: - operatingMode type: object crdbCoordinator: properties: operatingMode: enum: - enabled - disabled type: string required: - operatingMode type: object crdbWorker: properties: operatingMode: enum: - enabled - disabled type: string required: - operatingMode type: object mdnsServer: properties: operatingMode: enum: - enabled - disabled type: string required: - operatingMode type: object pdnsServer: properties: operatingMode: enum: - enabled - disabled type: string required: - operatingMode type: object saslauthd: properties: operatingMode: enum: - enabled - disabled type: string required: - operatingMode type: object statsArchiver: properties: operatingMode: enum: - enabled - disabled type: string required: - operatingMode type: object type: object redisEnterpriseServicesRiggerImageSpec: properties: digestHash: type: string imagePullPolicy: type: string repository: type: string versionTag: type: string type: object redisEnterpriseServicesRiggerResources: properties: claims: items: properties: name: type: string required: - name type: object x-kubernetes-map-type: atomic type: array x-kubernetes-list-type: set limits: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object type: object redisEnterpriseTerminationGracePeriodSeconds: format: int64 type: integer redisEnterpriseVolumeMounts: items: properties: mountPath: type: string mountPropagation: type: string name: type: string readOnly: type: boolean subPath: type: string subPathExpr: type: string required: - mountPath - name type: object type: array redisUpgradePolicy: enum: - major - latest type: string resp3Default: type: boolean securityContext: description: The security configuration that will be applied to RS pods. properties: readOnlyRootFilesystemPolicy: description: Policy controlling whether to enable read-only root filesystem for the Redis Enterprise software containers. Note that certain filesystem paths remain writable through mounted volumes to ensure proper functionality. properties: enabled: description: Whether to enable read-only root filesystem for the Redis Enterprise software containers. Default is false. type: boolean required: - enabled type: object resourceLimits: description: Settings pertaining to resource limits management by the Redis Enterprise node container. properties: allowAutoAdjustment: description: Allow Redis Enterprise to adjust resource limits, like max open file descriptors, of its data plane processes. When this option is enabled, the SYS_RESOURCE capability is added to the Redis Enterprise pods, and their allowPrivilegeEscalation field is set. Turned off by default. type: boolean type: object type: object backup: properties: s3: properties: caCertificateSecretName: type: string url: type: string type: object type: object serviceAccountName: type: string servicesRiggerSpec: properties: databaseServiceType: type: string extraEnvVars: items: properties: name: type: string value: type: string valueFrom: properties: configMapKeyRef: properties: key: type: string name: type: string optional: type: boolean required: - key type: object fieldRef: properties: apiVersion: type: string fieldPath: type: string required: - fieldPath type: object resourceFieldRef: properties: containerName: type: string divisor: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: type: string required: - resource type: object secretKeyRef: properties: key: type: string name: type: string optional: type: boolean required: - key type: object type: object required: - name type: object type: array serviceNaming: description: Used to determine how to name the services created automatically when a database is created. When bdb_name is used, the database name will be also used for the service name. When redis-port is used, the service will be named redis-. enum: - bdb_name - redis-port type: string servicesRiggerAdditionalPodSpecAttributes: type: object x-kubernetes-preserve-unknown-fields: true podAnnotations: additionalProperties: type: string description: annotations for the service rigger pod type: object databaseServicePortPolicy: description: databaseServicePortPolicy instructs how to determine the service ports for REDB services. Defaults to DatabasePortForward, if not specified otherwise. Note - Regardless whether this flag is set or not, if an REDB/REAADB configured with databaseServicePort that would be the port exposed by the Service. DatabasePortForward - The service port will be the same as the database port. RedisDefaultPort - The service port will be the default Redis port (6379). enum: - DatabasePortForward - RedisDefaultPort type: string type: object sideContainersSpec: items: type: object x-kubernetes-preserve-unknown-fields: true type: array slaveHA: properties: slaveHAGracePeriod: format: int32 type: integer required: - slaveHAGracePeriod type: object uiAnnotations: additionalProperties: type: string type: object uiServiceType: enum: - ClusterIP - NodePort - LoadBalancer - ExternalName type: string redisOnFlashSpec: properties: enabled: type: boolean flashStorageEngine: type: string enum: - rocksdb storageClassName: type: string flashDiskSize: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true bigStoreDriver: type: string enum: - rocksdb - speedb required: - enabled - storageClassName type: object upgradeSpec: properties: autoUpgradeRedisEnterprise: type: boolean required: - autoUpgradeRedisEnterprise type: object usageMeter: properties: callHomeClient: properties: resources: properties: claims: items: properties: name: type: string required: - name type: object type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map limits: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object type: object disabled: type: boolean imageSpec: properties: digestHash: type: string imagePullPolicy: type: string repository: type: string versionTag: type: string type: object proxySecretName: type: string type: object type: object userDefinedModules: items: properties: name: type: string source: properties: http: properties: credentialsSecret: type: string url: type: string required: - url type: object https: properties: credentialsSecret: type: string url: type: string required: - url type: object type: object required: - name - source type: object type: array username: type: string vaultCASecret: type: string volumes: items: properties: awsElasticBlockStore: properties: fsType: type: string partition: format: int32 type: integer readOnly: type: boolean volumeID: type: string required: - volumeID type: object azureDisk: properties: cachingMode: type: string diskName: type: string diskURI: type: string fsType: type: string kind: type: string readOnly: type: boolean required: - diskName - diskURI type: object azureFile: properties: readOnly: type: boolean secretName: type: string shareName: type: string required: - secretName - shareName type: object cephfs: properties: monitors: items: type: string type: array path: type: string readOnly: type: boolean secretFile: type: string secretRef: properties: name: type: string type: object user: type: string required: - monitors type: object cinder: properties: fsType: type: string readOnly: type: boolean secretRef: properties: name: type: string type: object volumeID: type: string required: - volumeID type: object configMap: properties: defaultMode: format: int32 type: integer items: items: properties: key: type: string mode: format: int32 type: integer path: type: string required: - key - path type: object type: array name: type: string optional: type: boolean type: object csi: properties: driver: type: string fsType: type: string nodePublishSecretRef: properties: name: type: string type: object readOnly: type: boolean volumeAttributes: additionalProperties: type: string type: object required: - driver type: object downwardAPI: properties: defaultMode: format: int32 type: integer items: items: properties: fieldRef: properties: apiVersion: type: string fieldPath: type: string required: - fieldPath type: object mode: format: int32 type: integer path: type: string resourceFieldRef: properties: containerName: type: string divisor: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: type: string required: - resource type: object required: - path type: object type: array type: object emptyDir: properties: medium: type: string sizeLimit: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object fc: properties: fsType: type: string lun: format: int32 type: integer readOnly: type: boolean targetWWNs: items: type: string type: array wwids: items: type: string type: array type: object flexVolume: properties: driver: type: string fsType: type: string options: additionalProperties: type: string type: object readOnly: type: boolean secretRef: properties: name: type: string type: object required: - driver type: object flocker: properties: datasetName: type: string datasetUUID: type: string type: object gcePersistentDisk: properties: fsType: type: string partition: format: int32 type: integer pdName: type: string readOnly: type: boolean required: - pdName type: object gitRepo: properties: directory: type: string repository: type: string revision: type: string required: - repository type: object glusterfs: properties: endpoints: type: string path: type: string readOnly: type: boolean required: - endpoints - path type: object hostPath: properties: path: type: string type: type: string required: - path type: object iscsi: properties: chapAuthDiscovery: type: boolean chapAuthSession: type: boolean fsType: type: string initiatorName: type: string iqn: type: string iscsiInterface: type: string lun: format: int32 type: integer portals: items: type: string type: array readOnly: type: boolean secretRef: properties: name: type: string type: object targetPortal: type: string required: - iqn - lun - targetPortal type: object name: type: string nfs: properties: path: type: string readOnly: type: boolean server: type: string required: - path - server type: object persistentVolumeClaim: properties: claimName: type: string readOnly: type: boolean required: - claimName type: object photonPersistentDisk: properties: fsType: type: string pdID: type: string required: - pdID type: object portworxVolume: properties: fsType: type: string readOnly: type: boolean volumeID: type: string required: - volumeID type: object projected: properties: defaultMode: format: int32 type: integer sources: items: properties: configMap: properties: items: items: properties: key: type: string mode: format: int32 type: integer path: type: string required: - key - path type: object type: array name: type: string optional: type: boolean type: object downwardAPI: properties: items: items: properties: fieldRef: properties: apiVersion: type: string fieldPath: type: string required: - fieldPath type: object mode: format: int32 type: integer path: type: string resourceFieldRef: properties: containerName: type: string divisor: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: type: string required: - resource type: object required: - path type: object type: array type: object secret: properties: items: items: properties: key: type: string mode: format: int32 type: integer path: type: string required: - key - path type: object type: array name: type: string optional: type: boolean type: object serviceAccountToken: properties: audience: type: string expirationSeconds: format: int64 type: integer path: type: string required: - path type: object type: object type: array required: - sources type: object quobyte: properties: group: type: string readOnly: type: boolean registry: type: string tenant: type: string user: type: string volume: type: string required: - registry - volume type: object rbd: properties: fsType: type: string image: type: string keyring: type: string monitors: items: type: string type: array pool: type: string readOnly: type: boolean secretRef: properties: name: type: string type: object user: type: string required: - image - monitors type: object scaleIO: properties: fsType: type: string gateway: type: string protectionDomain: type: string readOnly: type: boolean secretRef: properties: name: type: string type: object sslEnabled: type: boolean storageMode: type: string storagePool: type: string system: type: string volumeName: type: string required: - gateway - secretRef - system type: object secret: properties: defaultMode: format: int32 type: integer items: items: properties: key: type: string mode: format: int32 type: integer path: type: string required: - key - path type: object type: array optional: type: boolean secretName: type: string type: object storageos: properties: fsType: type: string readOnly: type: boolean secretRef: properties: name: type: string type: object volumeName: type: string volumeNamespace: type: string type: object vsphereVolume: properties: fsType: type: string storagePolicyID: type: string storagePolicyName: type: string volumePath: type: string required: - volumePath type: object required: - name type: object type: array type: object type: object --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: redisenterprisedatabases.app.redislabs.com labels: app: redis-enterprise spec: group: app.redislabs.com names: kind: RedisEnterpriseDatabase listKind: RedisEnterpriseDatabaseList plural: redisenterprisedatabases singular: redisenterprisedatabase shortNames: - redb scope: Namespaced preserveUnknownFields: false versions: - name: v1alpha1 served: true storage: true additionalPrinterColumns: - jsonPath: .status.version name: Version type: string - jsonPath: .status.internalEndpoints[*].port name: Port type: string - jsonPath: .status.redisEnterpriseCluster name: Cluster type: string - jsonPath: .status.shardStatuses.active name: Shards type: string - jsonPath: .status.status name: Status type: string - jsonPath: .status.specStatus name: Spec Status type: string - jsonPath: .metadata.creationTimestamp name: Age type: date subresources: status: {} schema: openAPIV3Schema: description: RedisEnterpriseDatabase is the Schema for the redisenterprisedatabases API properties: apiVersion: type: string kind: type: string metadata: type: object spec: description: RedisEnterpriseDatabaseSpec defines the desired state of RedisEnterpriseDatabase properties: alertSettings: description: Settings for database alerts properties: bdb_backup_delayed: description: "Periodic backup has been delayed for longer than specified threshold value [minutes]. -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" properties: enabled: description: Alert enabled or disabled type: boolean # threshold: # description: Threshold for alert going on/off # type: string x-kubernetes-preserve-unknown-fields: true type: object bdb_crdt_src_high_syncer_lag: description: "Active-active source - sync lag is higher than specified threshold value [seconds] -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" properties: enabled: description: Alert enabled or disabled type: boolean # threshold: # description: Threshold for alert going on/off # type: string x-kubernetes-preserve-unknown-fields: true type: object bdb_crdt_src_syncer_connection_error: description: "Active-active source - sync has connection error while trying to connect replica source -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" properties: enabled: description: Alert enabled or disabled type: boolean # threshold: # description: Threshold for alert going on/off # type: string x-kubernetes-preserve-unknown-fields: true type: object bdb_crdt_src_syncer_general_error: description: "Active-active source - sync encountered in general error -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" properties: enabled: description: Alert enabled or disabled type: boolean # threshold: # description: Threshold for alert going on/off # type: string x-kubernetes-preserve-unknown-fields: true type: object bdb_high_latency: description: "Latency is higher than specified threshold value [micro-sec] -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" properties: enabled: description: Alert enabled or disabled type: boolean # threshold: # description: Threshold for alert going on/off # type: string x-kubernetes-preserve-unknown-fields: true type: object bdb_high_throughput: description: "Throughput is higher than specified threshold value [requests / sec.] -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" properties: enabled: description: Alert enabled or disabled type: boolean # threshold: # description: Threshold for alert going on/off # type: string x-kubernetes-preserve-unknown-fields: true type: object bdb_long_running_action: description: "An alert for state-machines that are running for too long -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" properties: enabled: description: Alert enabled or disabled type: boolean # threshold: # description: Threshold for alert going on/off # type: string x-kubernetes-preserve-unknown-fields: true type: object bdb_low_throughput: description: "Throughput is lower than specified threshold value [requests / sec.] -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" properties: enabled: description: Alert enabled or disabled type: boolean # threshold: # description: Threshold for alert going on/off # type: string x-kubernetes-preserve-unknown-fields: true type: object bdb_proxy_cert_expiring_soon: description: "Proxy certificate will expire in less than specified threshold value [days]" properties: enabled: description: Alert enabled or disabled type: boolean # threshold: # description: Threshold for alert going on/off # type: string x-kubernetes-preserve-unknown-fields: true type: object bdb_ram_dataset_overhead: description: "Dataset RAM overhead of a shard has reached the threshold value [% of its RAM limit] -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" properties: enabled: description: Alert enabled or disabled type: boolean # threshold: # description: Threshold for alert going on/off # type: string x-kubernetes-preserve-unknown-fields: true type: object bdb_ram_values: description: "Percent of values kept in a shard's RAM is lower than [% of its key count] -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" properties: enabled: description: Alert enabled or disabled type: boolean # threshold: # description: Threshold for alert going on/off # type: string x-kubernetes-preserve-unknown-fields: true type: object bdb_replica_src_high_syncer_lag: description: "Replica-of source - sync lag is higher than specified threshold value [seconds] -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" properties: enabled: description: Alert enabled or disabled type: boolean # threshold: # description: Threshold for alert going on/off # type: string x-kubernetes-preserve-unknown-fields: true type: object bdb_replica_src_syncer_connection_error: description: "Replica-of source - sync has connection error while trying to connect replica source -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" properties: enabled: description: Alert enabled or disabled type: boolean # threshold: # description: Threshold for alert going on/off # type: string x-kubernetes-preserve-unknown-fields: true type: object bdb_shard_num_ram_values: description: "Number of values kept in a shard's RAM is lower than [values] -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" properties: enabled: description: Alert enabled or disabled type: boolean # threshold: # description: Threshold for alert going on/off # type: string x-kubernetes-preserve-unknown-fields: true type: object bdb_size: description: "Dataset size has reached the threshold value [% of the memory limit] expected fields: -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" properties: enabled: description: Alert enabled or disabled type: boolean # threshold: # description: Threshold for alert going on/off # type: string x-kubernetes-preserve-unknown-fields: true type: object type: object backup: description: Target for automatic database backups. properties: abs: properties: absSecretName: description: The name of the K8s secret that holds ABS credentials. The secret must contain the keys "AccountName" and "AccountKey", and these must hold the corresponding credentials type: string container: description: Azure Blob Storage container name. type: string subdir: description: Optional. Azure Blob Storage subdir under container. type: string required: - absSecretName - container type: object ftp: properties: url: description: "a URI of the ftps://[USER[:PASSWORD]@]HOST[:PORT]/PATH[/]" type: string pattern: ftps?://(([^@]+)@)?([^@/:]+)(:(\d+))?([/\.]/?[^@/\.]+)*?/?$ required: - url type: object gcs: description: GoogleStorage properties: bucketName: description: Google Storage bucket name. type: string gcsSecretName: description: The name of the K8s secret that holds the Google Cloud Storage credentials. The secret must contain the keys "CLIENT_ID", "PRIVATE_KEY", "PRIVATE_KEY_ID", "CLIENT_EMAIL" and these must hold the corresponding credentials. The keys should correspond to the values in the key JSON. type: string subdir: description: Optional. Google Storage subdir under bucket. type: string required: - bucketName - gcsSecretName type: object interval: description: Backup Interval in seconds type: integer mount: description: MountPointStorage properties: path: description: Path to the local mount point. You must create the mount point on all nodes, and the redislabs:redislabs user must have read and write permissions on the local mount point. type: string required: - path type: object s3: properties: awsSecretName: description: The name of the K8s secret that holds the AWS credentials. The secret must contain the keys "AWS_ACCESS_KEY_ID" and "AWS_SECRET_ACCESS_KEY", and these must hold the corresponding credentials. type: string bucketName: description: Amazon S3 bucket name. type: string subdir: description: Optional. Amazon S3 subdir under bucket. type: string required: - awsSecretName - bucketName type: object sftp: properties: sftp_url: description: SFTP url type: string pattern: ^sftp://(([^@]+)@)?([^@/:]+)(:(\d+))?(/([^@/\.]+[/\.]?)*)?$ sftpSecretName: description: The name of the K8s secret that holds SFTP credentials. The secret must contain the "Key" key, which is the SSH private key for connecting to the sftp server. type: string required: - sftpSecretName - sftp_url type: object swift: properties: auth_url: description: Swift service authentication URL. type: string pattern: ^https?://(([^@]+)@)?([^@/:]+)(:(\d+))?([/\.]([^@/\.]+))*?/?$ container: description: Swift object store container for storing the backup files. type: string prefix: description: Optional. Prefix (path) of backup files in the swift container. type: string swiftSecretName: description: 'The name of the K8s secret that holds Swift credentials. The secret must contain the keys "Key" and "User", and these must hold the corresponding credentials: service access key and service user name (pattern for the latter does not allow special characters &,<,>,")' type: string required: - auth_url - container - swiftSecretName type: object type: object clientAuthenticationCertificates: description: The Secrets containing TLS Client Certificate to use for Authentication items: type: string type: array dataInternodeEncryption: description: Internode encryption (INE) setting. An optional boolean setting, overriding a similar cluster-wide policy. If set to False, INE is guaranteed to be turned off for this DB (regardless of cluster-wide policy). If set to True, INE will be turned on, unless the capability is not supported by the DB ( in such a case we will get an error and database creation will fail). If left unspecified, will be disabled if internode encryption is not supported by the DB (regardless of cluster default). Deleting this property after explicitly setting its value shall have no effect. type: boolean databasePort: description: TCP port assigned to the database within the Redis Enterprise cluster. Must be unique across all databases in the Redis Enterprise cluster. Will be generated automatically if omitted. can not be changed after creation type: integer databaseServicePort: description: A custom port to be exposed by the database Services. Can be modified/added/removed after REDB creation. If set, it'll replace the default service port (namely, databasePort or defaultRedisPort). type: integer auditing: description: Database auditing configuration. properties: dbConnsAuditing: description: |- Enables auditing of database connection and authentication events. When enabled, connection, authentication, and disconnection events are tracked and sent to the configured audit listener (configured at the cluster level). The cluster-level auditing configuration must be set before enabling this on a database. type: boolean type: object databaseSecretName: description: 'Name of the secret containing the database password (Redis databases only). The secret is created automatically if it does not exist. The password is stored under the "password" key in the secret. If creating the secret manually, create an opaque secret with the password under the "password" key. To disable authentication, set the value of the "password" key in the secret to an empty string. Note: For Active-Active databases, this secret is not created automatically. For memcached databases, use memcachedSaslSecretName instead.' type: string defaultUser: description: 'Allows connections with the default user. When disabled, the DatabaseSecret is not created or updated.' type: boolean evictionPolicy: description: 'Database eviction policy. See https://redis.io/docs/latest/operate/rs/databases/memory-performance/eviction-policy/' type: string isRof: description: 'Enables Auto Tiering (formerly Redis on Flash) for Redis databases only. Defaults to false.' type: boolean memorySize: description: Memory size for the database using formats like 100MB or 0.1GB. Minimum value is 100MB. For Auto Tiering (formerly Redis on Flash), this value represents RAM+Flash memory and must be at least 1GB. type: string modulesList: description: List of modules associated with the database. The list of valid modules for the specific cluster can be retrieved from the status of the REC object. Use the "name" and "versions" fields for the specific module configuration. If specifying an explicit version for a module, automatic modules versions upgrade must be disabled by setting the '.upgradeSpec.upgradeModulesToLatest' field in the REC to 'false'. Note that the option to specify module versions is deprecated, and will be removed in future releases. for Redis version 8 and above, bundled modules are enabled automatically, so there is no need to specify them items: description: Redis Enterprise module (see https://redis.io/docs/latest/develop/reference/modules/) properties: config: description: Module command line arguments e.g. VKEY_MAX_ENTITY_COUNT 30 30 type: string name: description: The name of the module, e.g. "search" or "ReJSON". The complete list of modules available in the cluster can be retrieved from the '.status.modules' field in the REC. type: string version: description: The semantic version of the module, e.g. '1.6.12'. Optional for REDB, must be set for REAADB. Note that this field is deprecated, and will be removed in future releases. type: string required: - name type: object type: array ossCluster: description: 'Enables OSS cluster mode for this database. By default, advertised database topology includes the internal endpoints (pod IPs) for the Redis Enterprise nodes hosting the database shards. To enable external access, configure ossClusterSettings.enableExternalAccess for this RedisEnterpriseDatabase as well as ossClusterSettings.externalAccessType for the RedisEnterpriseCluster. Note: Not all client libraries support OSS cluster mode.' type: boolean ossClusterSettings: description: Additional OSS cluster mode settings. type: object properties: enableExternalAccess: description: 'Toggles whether this database supports external access in OSS cluster mode. When enabled, advertised database topology includes the external endpoints for the Redis Enterprise nodes hosting the database shards. The external access mechanism (e.g., LoadBalancer services) is configured via the ossClusterSettings.externalAccessType field of the RedisEnterpriseCluster. When external access is enabled, the corresponding database secret will have the list of primary shard IPs in the oss_startup_nodes field.' type: boolean persistence: description: Database persistence policy for on-disk storage. enum: - disabled - aofEverySecond - aofAlways - snapshotEvery1Hour - snapshotEvery6Hour - snapshotEvery12Hour type: string proxyPolicy: description: 'Proxy policy for the database. Supported proxy policies are: single/all-master-shards/all-nodes When left blank, the default value will be chosen according to the value of ossCluster - single if disabled, all-master-shards when enabled' type: string rackAware: description: 'Enables rack awareness for improved availability. See https://redis.io/docs/latest/operate/rs/clusters/configure/rack-zone-awareness/' type: boolean redisEnterpriseCluster: description: Connection to the Redis Enterprise Cluster. properties: name: description: The name of the Redis Enterprise Cluster where the database should be stored. type: string required: - name type: object replicaSources: description: What databases to replicate from items: properties: clientKeySecret: description: 'Secret that defines the client certificate and key used by the syncer in the target database cluster. The secret must have 2 keys in its map: "cert" which is the PEM encoded certificate, and "key" which is the PEM encoded private key.' type: string compression: description: GZIP compression level (0-6) to use for replication. type: integer replicaSourceName: description: The name of the resource from which the source database URI is derived. The type of resource must match the type specified in the ReplicaSourceType field. type: string replicaSourceType: description: The type of resource from which the source database URI is derived. If set to 'SECRET', the source database URI is derived from the secret named in the ReplicaSourceName field. The secret must have a key named 'uri' that defines the URI of the source database in the form of 'redis://...'. The type of secret (kubernetes, vault, ...) is determined by the secret mechanism used by the underlying REC object. If set to 'REDB', the source database URI is derived from the RedisEnterpriseDatabase resource named in the ReplicaSourceName field. type: string serverCertSecret: description: 'Secret that defines the server certificate used by the proxy in the source database cluster. The secret must have 1 key in its map: "cert" which is the PEM encoded certificate.' type: string tlsSniName: description: TLS SNI name to use for the replication link. type: string required: - replicaSourceName - replicaSourceType type: object type: array replication: description: Enables in-memory database replication for higher availability. Creates a replica shard for every master shard. Defaults to false. type: boolean rolesPermissions: description: List of Redis Enteprise ACL and Role bindings to apply items: description: Redis Enterprise Role and ACL Binding properties: acl: description: Acl Name of RolePermissionType type: string role: description: Role Name of RolePermissionType type: string type: description: Type of Redis Enterprise Database Role Permission. Currently, only "redis-enterprise" is supported, which uses roles and ACLs defined within Redis Enterprise directly. type: string enum: - redis-enterprise default: redis-enterprise required: - acl - role - type type: object type: array shardingEnabled: description: Toggles database sharding for REAADBs (Active Active databases) and enabled by default. This field is blocked for REDB (non-Active Active databases) and sharding is toggled via the shardCount field - when shardCount is 1 this is disabled otherwise enabled. type: boolean shardCount: description: Number of database server-side shards. type: integer shardsPlacement: description: 'Shard placement strategy: "dense" or "sparse". dense: Shards reside on as few nodes as possible. sparse: Shards are distributed across as many nodes as possible.' enum: - dense - sparse type: string tlsMode: description: Require TLS authenticated and encrypted connections to the database. enabled - all client and replication connections to the Database must use TLS. disabled - no incoming connection to the Database should use TLS. replica_ssl - databases that replicate from this one need to use TLS. enum: - disabled - enabled - replica_ssl type: string type: description: "Database type: redis or memcached." enum: - redis - memcached type: string rofRamSize: description: The size of the RAM portion of an Auto Tiering (formerly Redis on Flash) database. Similarly to "memorySize" use formats like 100MB, 0.1GB. It must be at least 10% of combined memory size (RAM and Flash), as specified by "memorySize". type: string rofRamRatio: description: RAM allocation ratio for Redis Flex (v2) databases as a percentage of total data size. Valid range 0-100. When omitted, RS uses the default value of 50%. Controls how much RAM is allocated per unit of data (e.g., 30% means 3MB RAM per 10MB data). RAM grows proportionally with data until rofRamSize limit is reached (if specified). Only applicable when isRof=true and Redis version >= 8.0 (BigStore v2 - Redis Flex). type: integer minimum: 0 maximum: 100 redisVersion: description: Redis OSS version. Version can be specified via prefix, or via channels - for existing databases - Upgrade Redis OSS version. For new databases - the version which the database will be created with. If set to 'major' - will always upgrade to the most recent major Redis version. If set to 'latest' - will always upgrade to the most recent Redis version. Depends on 'redisUpgradePolicy' - if you want to set the value to 'latest' for some databases, you must set redisUpgradePolicy on the cluster before. Possible values are 'major' or 'latest' When using upgrade - make sure to backup the database before. This value is used only for database type 'redis' type: string upgradeSpec: description: Specifications for DB upgrade. properties: upgradeModulesToLatest: description: DEPRECATED Upgrades the modules to the latest version that supports the DB version during a DB upgrade action, to upgrade the DB version view the 'redisVersion' field. Notes - All modules must be without specifying the version. in addition, This field is currently not supported for Active-Active databases. The default is true type: boolean required: - upgradeModulesToLatest type: object activeActive: description: Connection/ association to the Active-Active database. properties: name: description: 'The the corresponding Active-Active database name, Redis Enterprise Active Active Database custom resource name, this Resource is associated with. In case this resource is created manually at the active active database creation this field must be filled via the user, otherwise, the operator will assign this field automatically. Note: this feature is currently unsupported.' type: string participatingClusterName: description: 'The corresponding participating cluster name, Redis Enterprise Remote Cluster custom resource name, in the Active-Active database, In case this resource is created manually at the active active database creation this field must be filled via the user, otherwise, the operator will assign this field automatically. Note: this feature is currently unsupported.' type: string required: - name - participatingClusterName type: object memcachedSaslSecretName: description: 'Name of the secret containing credentials for memcached database authentication. Store credentials in an opaque secret with "username" and "password" keys. Note: Connections are not encrypted.' type: string resp3: description: Whether this database supports RESP3 protocol. Note - Deleting this property after explicitly setting its value shall have no effect. Please view the corresponding field in RS doc for more info. type: boolean type: object status: description: RedisEnterpriseDatabaseStatus defines the observed state of RedisEnterpriseDatabase properties: createdTime: description: Time when the database was created type: string databaseUID: description: Database UID provided by redis enterprise type: string internalEndpoints: description: Endpoints listed internally by the Redis Enterprise Cluster. Can be used to correlate a ReplicaSourceStatus entry. items: properties: host: description: Hostname assigned to the database type: string port: description: Database port name type: integer type: object type: array lastActionStatus: description: Status of the last action done by operator on this database type: string lastActionUid: description: UID of the last action done by operator on this database type: string lastUpdated: description: Time when the database was last updated type: string observedGeneration: description: 'The generation (built in update counter of K8s) of the REDB resource that was fully acted upon, meaning that all changes were handled and sent as an API call to the Redis Enterprise Cluster (REC). This field value should equal the current generation when the resource changes were handled. Note: the lastActionStatus field tracks actions handled asynchronously by the Redis Enterprise Cluster.' format: int64 type: integer redisEnterpriseCluster: description: The Redis Enterprise Cluster Object this Resource is associated with type: string replicaSourceStatuses: description: ReplicaSource statuses items: properties: endpointHost: description: The internal host name of the replica source database. Can be used as an identifier. See the internalEndpoints list on the REDB status. type: string lag: description: Lag in millisec between source and destination (while synced). type: integer lastError: description: Last error encountered when syncing from the source. type: string lastUpdate: description: Time when we last receive an update from the source. type: string rdbSize: description: The source’s RDB size to be transferred during the syncing phase. type: integer rdbTransferred: description: Number of bytes transferred from the source’s RDB during the syncing phase. type: integer status: description: Sync status of this source type: string required: - endpointHost type: object type: array shardStatuses: additionalProperties: type: integer description: Aggregated statuses of shards type: object backupInfo: description: Information on the database's periodic backup properties: backupFailureReason: description: Reason of last failed backup process type: string backupHistory: description: Backup history retention policy (number of days, 0 is forever) type: integer backupInterval: description: Interval in seconds in which automatic backup will be initiated type: integer backupIntervalOffset: description: Offset (in seconds) from round backup interval when automatic backup will be initiated (should be less than backup_interval) type: integer backupProgressPercentage: description: Database scheduled periodic backup progress (percentage) type: integer backupStatus: description: Status of scheduled periodic backup process type: string lastBackupTime: description: Time of last successful backup type: string type: object specStatus: description: Whether the desired specification is valid type: string status: description: The status of the database type: string version: description: Database compatibility version type: string activeActive: description: Connection/ association to the Active-Active database. properties: name: description: 'The the corresponding Active-Active database name, Redis Enterprise Active Active Database custom resource name, this Resource is associated with. In case this resource is created manually at the active active database creation this field must be filled via the user, otherwise, the operator will assign this field automatically. Note: this feature is currently unsupported.' type: string participatingClusterName: description: 'The corresponding participating cluster name, Redis Enterprise Remote Cluster custom resource name, in the Active-Active database, In case this resource is created manually at the active active database creation this field must be filled via the user, otherwise, the operator will assign this field automatically. Note: this feature is currently unsupported.' type: string required: - name - participatingClusterName type: object bigstoreVersion: description: BigStore version for Redis on Flash databases (1 for Auto Tiering, 2 for Redis Flex). Read-only field populated from RS. type: integer type: object type: object --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: redisenterpriseremoteclusters.app.redislabs.com labels: app: redis-enterprise spec: group: app.redislabs.com names: kind: RedisEnterpriseRemoteCluster listKind: RedisEnterpriseRemoteClusterList plural: redisenterpriseremoteclusters singular: redisenterpriseremotecluster shortNames: - rerc scope: Namespaced versions: - name: v1alpha1 served: true storage: true additionalPrinterColumns: - jsonPath: .status.status name: Status type: string - jsonPath: .status.specStatus name: Spec Status type: string - jsonPath: .status.local name: Local type: string subresources: status: {} schema: openAPIV3Schema: description: RedisEntepriseRemoteCluster represents a remote participating cluster. properties: apiVersion: type: string kind: type: string metadata: type: object status: properties: local: description: Indicates whether this object represents a local or a remote cluster. type: boolean specStatus: description: Whether the desired specification is valid. type: string status: description: The status of the remote cluster. type: string observedGeneration: description: The most recent generation observed for this RERC. It corresponds to the RERC's generation, which is updated by the API Server. type: integer internalObservedSecretResourceVersion: description: The observed secret resource version. Used for internal purposes only. type: string type: object spec: properties: apiFqdnUrl: description: The URL of the cluster, will be used for the active-active database URL. type: string dbFqdnSuffix: description: The database URL suffix, will be used for the active-active database replication endpoint and replication endpoint SNI. type: string apiPort: description: The port number of the cluster's URL used for connectivity/sync type: integer recNamespace: description: The namespace of the REC that the RERC is pointing at type: string recName: description: The name of the REC that the RERC is pointing at type: string secretName: description: 'The name of the secret containing cluster credentials. Must be of the following format: "redis-enterprise-"' type: string required: - apiFqdnUrl - recName - recNamespace type: object type: object --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: redisenterpriseactiveactivedatabases.app.redislabs.com labels: app: redis-enterprise spec: group: app.redislabs.com names: kind: RedisEnterpriseActiveActiveDatabase listKind: RedisEnterpriseActiveActiveDatabaseList plural: redisenterpriseactiveactivedatabases singular: redisenterpriseactiveactivedatabase shortNames: - reaadb preserveUnknownFields: false scope: Namespaced versions: - name: v1alpha1 served: true storage: true additionalPrinterColumns: - jsonPath: .status.status name: Status type: string - jsonPath: .status.specStatus name: Spec Status type: string - jsonPath: .status.linkedRedbs[*] name: Linked REDBs type: string - jsonPath: .status.replicationStatus name: Replication Status type: string subresources: status: {} schema: openAPIV3Schema: description: RedisEnterpriseActiveActiveDatabase is the Schema for the redisenterpriseactiveactivedatabase API properties: apiVersion: type: string kind: type: string metadata: type: object status: description: RedisEnterpriseActiveActiveDatabaseStatus defines the observed state of RedisEnterpriseActiveActiveDatabase properties: status: description: The status of the active active database. type: string specStatus: description: Whether the desired specification is valid type: string linkedRedbs: description: The linked REDBs. items: type: string type: array participatingClusters: description: The list of instances/ clusters statuses. items: description: Status of participating cluster. properties: name: description: The name of the remote cluster CR that is linked. type: string id: description: The corresponding ID of the instance in the active-active database. format: int64 type: integer replicationStatus: description: The replication status of the participating cluster enum: - up - down type: string required: - name type: object type: array guid: description: The active-active database corresponding GUID. type: string lastTaskUid: description: The last active-active database task UID. type: string redisEnterpriseCluster: description: The Redis Enterprise Cluster Object this Resource is associated with type: string replicationStatus: description: The overall replication status enum: - up - down type: string clusterCertificatesGeneration: description: Tracks the certificate generation from the participating cluster's REC.Status.CertificatesStatus.Generation. The operator automatically monitors this field to detect when proxy or syncer certificates are updated on the local participating cluster. When a change is detected, the operator automatically executes a CRDB force update (equivalent to 'crdb-cli crdb update --force'), which synchronizes the certificate changes to all participating clusters, preventing sync issues. This eliminates the manual step of running crdb-cli commands when rotating certificates in Active-Active deployments on Kubernetes. format: int64 type: integer secretsStatus: description: The status of the secrets items: description: Status of secrets. properties: name: description: The name of the secret. type: string status: description: The status of the secret. enum: - Valid - Invalid type: string required: - name type: object type: array type: object spec: description: RedisEnterpriseActiveActiveDatabaseSpec defines the desired state of RedisEnterpriseActiveActiveDatabase properties: redisEnterpriseCluster: description: Connection to Redis Enterprise Cluster properties: name: description: The name of the Redis Enterprise Cluster where the database should be stored. type: string required: - name type: object participatingClusters: description: The list of instances/ clusters specifications and configurations. items: properties: name: description: The name of the remote cluster CR to link. type: string externalReplicationPort: description: The desired replication endpoint's port number for users who utilize LoadBalancers for sync between AA replicas and need to provide the specific port number that the LoadBalancer listens to. type: integer namespace: description: Namespace in which the REAADB object will be deployed to within the corresponding participating cluster. The user must ensure that the Redis Enterprise operator is configured to watch this namespace in the corresponding cluster, and the required RBAC configuration is properly set up. See https://redis.io/docs/latest/operate/kubernetes/re-clusters/multi-namespace/ for more information how to set up multiple namespaces. If no namespace is specified, then the REAADB is deployed to the REC's namespace in the corresponding cluster. type: string required: - name type: object type: array globalConfigurations: description: The Active-Active database global configurations, contains the global properties for each of the participating clusters/ instances databases within the Active-Active database. properties: activeActive: description: Connection/ association to the Active-Active database. properties: name: description: 'The the corresponding Active-Active database name, Redis Enterprise Active Active Database custom resource name, this Resource is associated with. In case this resource is created manually at the active active database creation this field must be filled via the user, otherwise, the operator will assign this field automatically. Note: this feature is currently unsupported.' type: string participatingClusterName: description: 'The corresponding participating cluster name, Redis Enterprise Remote Cluster custom resource name, in the Active-Active database, In case this resource is created manually at the active active database creation this field must be filled via the user, otherwise, the operator will assign this field automatically. Note: this feature is currently unsupported.' type: string required: - name - participatingClusterName type: object alertSettings: description: Settings for database alerts. properties: bdb_backup_delayed: description: Periodic backup has been delayed for longer than specified threshold value [minutes] properties: enabled: description: Alert enabled or disabled type: boolean threshold: description: Threshold for alert going on/off type: string required: - enabled - threshold type: object bdb_crdt_src_high_syncer_lag: description: Active-active source - sync lag is higher than specified threshold value [seconds] properties: enabled: description: Alert enabled or disabled type: boolean threshold: description: Threshold for alert going on/off type: string required: - enabled - threshold type: object bdb_crdt_src_syncer_connection_error: description: Active-active source - sync has connection error while trying to connect replica source properties: enabled: description: Alert enabled or disabled type: boolean threshold: description: Threshold for alert going on/off type: string required: - enabled - threshold type: object bdb_crdt_src_syncer_general_error: description: Active-active source - sync encountered in general error properties: enabled: description: Alert enabled or disabled type: boolean threshold: description: Threshold for alert going on/off type: string required: - enabled - threshold type: object bdb_high_latency: description: Latency is higher than specified threshold value [micro-sec] properties: enabled: description: Alert enabled or disabled type: boolean threshold: description: Threshold for alert going on/off type: string required: - enabled - threshold type: object bdb_high_throughput: description: Throughput is higher than specified threshold value [requests / sec.] properties: enabled: description: Alert enabled or disabled type: boolean threshold: description: Threshold for alert going on/off type: string required: - enabled - threshold type: object bdb_long_running_action: description: An alert for state-machines that are running for too long properties: enabled: description: Alert enabled or disabled type: boolean threshold: description: Threshold for alert going on/off type: string required: - enabled - threshold type: object bdb_low_throughput: description: Throughput is lower than specified threshold value [requests / sec.] properties: enabled: description: Alert enabled or disabled type: boolean threshold: description: Threshold for alert going on/off type: string required: - enabled - threshold type: object bdb_ram_dataset_overhead: description: Dataset RAM overhead of a shard has reached the threshold value [% of its RAM limit] properties: enabled: description: Alert enabled or disabled type: boolean threshold: description: Threshold for alert going on/off type: string required: - enabled - threshold type: object bdb_ram_values: description: Percent of values kept in a shard's RAM is lower than [% of its key count] properties: enabled: description: Alert enabled or disabled type: boolean threshold: description: Threshold for alert going on/off type: string required: - enabled - threshold type: object bdb_replica_src_high_syncer_lag: description: Replica-of source - sync lag is higher than specified threshold value [seconds] properties: enabled: description: Alert enabled or disabled type: boolean threshold: description: Threshold for alert going on/off type: string required: - enabled - threshold type: object bdb_replica_src_syncer_connection_error: description: Replica-of source - sync has connection error while trying to connect replica source properties: enabled: description: Alert enabled or disabled type: boolean threshold: description: Threshold for alert going on/off type: string required: - enabled - threshold type: object bdb_shard_num_ram_values: description: Number of values kept in a shard's RAM is lower than [values] properties: enabled: description: Alert enabled or disabled type: boolean threshold: description: Threshold for alert going on/off type: string required: - enabled - threshold type: object bdb_size: description: Dataset size has reached the threshold value [% of the memory limit] properties: enabled: description: Alert enabled or disabled type: boolean threshold: description: Threshold for alert going on/off type: string required: - enabled - threshold type: object bdb_proxy_cert_expiring_soon: description: Proxy certificate will expire in less than specified threshold value [days] properties: enabled: description: Alert enabled or disabled type: boolean threshold: description: Threshold for alert going on/off type: string required: - enabled - threshold type: object type: object backup: description: Target for automatic database backups. properties: abs: properties: absSecretName: description: The name of the secret that holds ABS credentials. The secret must contain the keys "AccountName" and "AccountKey", and these must hold the corresponding credentials type: string container: description: Azure Blob Storage container name. type: string subdir: description: Optional. Azure Blob Storage subdir under container. type: string required: - absSecretName - container type: object ftp: properties: url: description: a URI of the "ftps://[USER[:PASSWORD]@]HOST[:PORT]/PATH[/]" format type: string required: - url type: object gcs: description: GoogleStorage properties: bucketName: description: Google Storage bucket name. type: string gcsSecretName: description: The name of the secret that holds the Google Cloud Storage credentials. The secret must contain the keys "CLIENT_ID", "PRIVATE_KEY", "PRIVATE_KEY_ID", "CLIENT_EMAIL" and these must hold the corresponding credentials. The keys should correspond to the values in the key JSON. type: string subdir: description: Optional. Google Storage subdir under bucket. type: string required: - bucketName - gcsSecretName type: object interval: description: Backup Interval in seconds type: integer mount: description: MountPointStorage properties: path: description: Path to the local mount point. You must create the mount point on all nodes, and the redislabs:redislabs user must have read and write permissions on the local mount point. type: string required: - path type: object s3: properties: awsSecretName: description: The name of the secret that holds the AWS credentials. The secret must contain the keys "AWS_ACCESS_KEY_ID" and "AWS_SECRET_ACCESS_KEY", and these must hold the corresponding credentials. type: string bucketName: description: Amazon S3 bucket name. type: string subdir: description: Optional. Amazon S3 subdir under bucket. type: string required: - awsSecretName - bucketName type: object sftp: properties: sftp_url: description: SFTP url type: string sftpSecretName: description: The name of the secret that holds SFTP credentials. The secret must contain the "Key" key, which is the SSH private key for connecting to the sftp server. type: string required: - sftpSecretName - sftp_url type: object swift: properties: auth_url: description: Swift service authentication URL. type: string container: description: Swift object store container for storing the backup files. type: string prefix: description: Optional. Prefix (path) of backup files in the swift container. type: string swiftSecretName: description: 'The name of the secret that holds Swift credentials. The secret must contain the keys "Key" and "User", and these must hold the corresponding credentials: service access key and service user name (pattern for the latter does not allow special characters &,<,>,")' type: string required: - auth_url - container - swiftSecretName type: object type: object clientAuthenticationCertificates: description: The Secrets containing TLS Client Certificate to use for Authentication items: type: string type: array dataInternodeEncryption: description: Internode encryption (INE) setting. An optional boolean setting, overriding a similar cluster-wide policy. If set to False, INE is guaranteed to be turned off for this DB (regardless of cluster-wide policy). If set to True, INE will be turned on, unless the capability is not supported by the DB ( in such a case we will get an error and database creation will fail). If left unspecified, will be disabled if internode encryption is not supported by the DB (regardless of cluster default). Deleting this property after explicitly setting its value shall have no effect. type: boolean auditing: description: Database auditing configuration. properties: dbConnsAuditing: description: "Enables auditing of database connection and authentication events. When enabled, connection, authentication, and disconnection events are tracked and sent to the configured audit listener (configured at the cluster level). The cluster-level auditing configuration must be set before enabling this on a database." type: boolean type: object databasePort: description: Database port number. TCP port on which the database is available. Will be generated automatically if omitted. can not be changed after creation type: integer databaseServicePort: description: A custom port to be exposed by the database services. Can be be modified/added/removed after REDB creation. If set, it'll replace the default service port (namely, databasePort or defaultRedisPort). type: integer databaseSecretName: description: The name of the secret that holds the password to the database (redis databases only). If secret does not exist, it will be created. To define the password, create an opaque secret and set the name in the spec. The password will be taken from the value of the 'password' key. Use an empty string as value within the secret to disable authentication for the database. Notes - For Active-Active databases this secret will not be automatically created, and also, memcached databases must not be set with a value, and a secret/password will not be automatically created for them. Use the memcachedSaslSecretName field to set authentication parameters for memcached databases. type: string defaultUser: description: Is connecting with a default user allowed? If disabled, the DatabaseSecret will not be created or updated type: boolean evictionPolicy: description: Database eviction policy. see more https://docs.redislabs.com/latest/rs/administering/database-operations/eviction-policy/ type: string isRof: description: Whether it is an RoF database or not. Applicable only for databases of type "REDIS". Assumed to be false if left blank. type: boolean memcachedSaslSecretName: description: Credentials used for binary authentication in memcached databases. The credentials should be saved as an opaque secret and the name of that secret should be configured using this field. For username, use 'username' as the key and the actual username as the value. For password, use 'password' as the key and the actual password as the value. Note that connections are not encrypted. type: string memorySize: description: memory size of database. use formats like 100MB, 0.1GB. minimum value in 100MB. When redis on flash (RoF) is enabled, this value refers to RAM+Flash memory, and it must not be below 1GB. type: string modulesList: description: List of modules associated with the database. The list of valid modules for the specific cluster can be retrieved from the status of the REC object. Use the "name" and "versions" fields for the specific module configuration. If specifying an explicit version for a module, automatic modules versions upgrade must be disabled by setting the '.upgradeSpec.upgradeModulesToLatest' field in the REC to 'false'. Note that the option to specify module versions is deprecated, and will be removed in future releases. items: description: Redis Enterprise module (see https://redis.io/docs/latest/develop/reference/modules/) properties: config: description: Module command line arguments e.g. VKEY_MAX_ENTITY_COUNT 30 30 type: string name: description: The name of the module, e.g. "search" or "ReJSON". The complete list of modules available in the cluster can be retrieved from the '.status.modules' field in the REC. type: string version: description: The semantic version of the module, e.g. '1.6.12'. Optional for REDB, must be set for REAADB. Note that this field is deprecated, and will be removed in future releases. type: string required: - name type: object type: array ossCluster: description: OSS Cluster mode option. Note that not all client libraries support OSS cluster mode. type: boolean ossClusterSettings: description: Additional OSS cluster settings that may be provided to tweak OSS cluster behavior. type: object properties: enableExternalAccess: type: boolean persistence: description: Database on-disk persistence policy enum: - disabled - aofEverySecond - aofAlways - snapshotEvery1Hour - snapshotEvery6Hour - snapshotEvery12Hour type: string proxyPolicy: description: 'The policy used for proxy binding to the endpoint. Supported proxy policies are: single/all-master-shards/all-nodes When left blank, the default value will be chosen according to the value of ossCluster - single if disabled, all-master-shards when enabled' type: string rackAware: description: 'Whether database should be rack aware. This improves availability - more information: https://docs.redislabs.com/latest/rs/concepts/high-availability/rack-zone-awareness/' type: boolean redisEnterpriseCluster: description: Connection to Redis Enterprise Cluster properties: name: description: The name of the Redis Enterprise Cluster where the database should be stored. type: string required: - name type: object redisVersion: description: Redis OSS version. Version can be specified via prefix, or via channels - for existing databases - Upgrade Redis OSS version. For new databases - the version which the database will be created with. If set to 'major' - will always upgrade to the most recent major Redis version. If set to 'latest' - will always upgrade to the most recent Redis version. Depends on 'redisUpgradePolicy' - if you want to set the value to 'latest' for some databases, you must set redisUpgradePolicy on the cluster before. Possible values are 'major' or 'latest' When using upgrade - make sure to backup the database before. This value is used only for database type 'redis'. Note - Specifying Redis version is currently not supported for Active-Active database. type: string upgradeSpec: description: Specifications for DB upgrade. properties: upgradeModulesToLatest: description: Upgrades the modules to the latest version that supports the DB version during a DB upgrade action, to upgrade the DB version view the 'redisVersion' field. Note - This field is currently not supported for Active-Active databases. type: boolean required: - upgradeModulesToLatest type: object replicaSources: description: What databases to replicate from items: properties: clientKeySecret: description: 'Secret that defines the client certificate and key used by the syncer in the target database cluster. The secret must have 2 keys in its map: "cert" which is the PEM encoded certificate, and "key" which is the PEM encoded private key.' type: string compression: description: GZIP compression level (0-6) to use for replication. type: integer replicaSourceName: description: The name of the resource from which the source database URI is derived. The type of resource must match the type specified in the ReplicaSourceType field. type: string replicaSourceType: description: The type of resource from which the source database URI is derived. If set to 'SECRET', the source database URI is derived from the secret named in the ReplicaSourceName field. The secret must have a key named 'uri' that defines the URI of the source database in the form of 'redis://...'. The type of secret (kubernetes, vault, ...) is determined by the secret mechanism used by the underlying REC object. If set to 'REDB', the source database URI is derived from the RedisEnterpriseDatabase resource named in the ReplicaSourceName field. type: string serverCertSecret: description: 'Secret that defines the server certificate used by the proxy in the source database cluster. The secret must have 1 key in its map: "cert" which is the PEM encoded certificate.' type: string tlsSniName: description: TLS SNI name to use for the replication link. type: string required: - replicaSourceName - replicaSourceType type: object type: array replication: description: In-memory database replication. When enabled, database will have replica shard for every master - leading to higher availability. Defaults to false. type: boolean resp3: description: Whether this database supports RESP3 protocol. Note - Deleting this property after explicitly setting its value shall have no effect. Please view the corresponding field in RS doc for more info. type: boolean rofRamSize: description: The size of the RAM portion of an RoF database. Similarly to "memorySize" use formats like 100MB, 0.1GB It must be at least 10% of combined memory size (RAM+Flash), as specified by "memorySize". type: string rofRamRatio: description: RAM allocation ratio for Redis Flex (v2) databases as a percentage of total data size. Valid range 0-100. When omitted, RS uses the default value of 50%. Controls how much RAM is allocated per unit of data (e.g., 30% means 3MB RAM per 10MB data). RAM grows proportionally with data until rofRamSize limit is reached (if specified). Only applicable when isRof=true and Redis version >= 8.0 (BigStore v2 - Redis Flex). type: integer minimum: 0 maximum: 100 rolesPermissions: description: List of Redis Enteprise ACL and Role bindings to apply items: description: Redis Enterprise Role and ACL Binding properties: acl: description: 'Acl Name of RolePermissionType (note: use exact name of the ACL from the Redis Enterprise ACL list, case sensitive)' type: string role: description: 'Role Name of RolePermissionType (note: use exact name of the role from the Redis Enterprise role list, case sensitive)' type: string type: description: Type of Redis Enterprise Database Role Permission. Currently, only "redis-enterprise" is supported, which uses roles and ACLs defined within Redis Enterprise directly. type: string enum: - redis-enterprise default: redis-enterprise required: - acl - role - type type: object type: array shardingEnabled: description: Toggles database sharding for REAADBs (Active Active databases) and enabled by default. This field is blocked for REDB (non-Active Active databases) and sharding is toggled via the shardCount field - when shardCount is 1 this is disabled otherwise enabled. type: boolean shardCount: description: Number of database server-side shards type: integer shardsPlacement: description: Control the density of shards - should they reside on as few or as many nodes as possible. Available options are "dense" or "sparse". If left unset, defaults to "dense". type: string tlsMode: description: Require SSL authenticated and encrypted connections to the database. enabled - all incoming connections to the Database must use SSL. disabled - no incoming connection to the Database should use SSL. replica_ssl - databases that replicate from this one need to use SSL. enum: - disabled - enabled - replica_ssl type: string type: description: The type of the database. enum: - redis - memcached type: string type: object required: - participatingClusters type: object type: object --- apiVersion: apps/v1 kind: Deployment metadata: labels: app: redis-enterprise name: redis-enterprise-operator spec: replicas: 1 selector: matchLabels: name: redis-enterprise-operator strategy: type: Recreate template: metadata: labels: app: redis-enterprise name: redis-enterprise-operator spec: containers: - command: - operator-root - operator env: - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: WATCH_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: OPERATOR_NAME value: redis-enterprise-operator envFrom: - configMapRef: name: "operator-environment-config" optional: true image: redislabs/operator:8.0.10-21 imagePullPolicy: Always livenessProbe: failureThreshold: 3 httpGet: path: /liveness port: 8080 scheme: HTTP periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 readinessProbe: failureThreshold: 3 exec: command: ["true"] periodSeconds: 60 successThreshold: 1 timeoutSeconds: 5 initialDelaySeconds: 0 name: redis-enterprise-operator ports: - containerPort: 8080 resources: limits: cpu: 4000m memory: 512Mi requests: cpu: 500m memory: 256Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL privileged: false readOnlyRootFilesystem: true - command: - operator-root - admission env: - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: WATCH_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name envFrom: - configMapRef: name: "operator-environment-config" optional: true image: redislabs/operator:8.0.10-21 imagePullPolicy: Always livenessProbe: failureThreshold: 3 httpGet: path: /liveness port: 8443 scheme: HTTPS initialDelaySeconds: 15 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 name: admission ports: - containerPort: 8443 readinessProbe: failureThreshold: 3 httpGet: path: /readiness port: 8443 scheme: HTTPS periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 resources: limits: cpu: 1000m memory: 512Mi requests: cpu: 250m memory: 256Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL privileged: false readOnlyRootFilesystem: true securityContext: seccompProfile: type: RuntimeDefault runAsNonRoot: true serviceAccountName: redis-enterprise-operator ---