API reference

EDB Postgres Distributed for Kubernetes extends the Kubernetes API by defining the custom resources that follow.

All the resources are defined in the pgd.k8s.enterprisedb.io/v1beta1 API.

Backup

Backup configures the backup of cnp-pgd nodes

NameDescriptionType
configurationThe CNP configuration to be used for backup. ServerName value is reserved by the operator.cnpv1.BackupConfiguration
cron The scheduled backup for the datacnpv1.ScheduledBackupSpec

BackupStatus

BackupStatus contains the current status of the pgd backup

NameDescriptionType
clusterName string
scheduledBackupNamestring

CNPStatus

CNPStatus contains any relevant status for the operator about CNP

NameDescriptionType
dataInstances int32
witnessInstances int32
firstRecoverabilityPoints The recoverability points, keyed per CNP clusterName, as a date in RFC3339 formatmap[string]string
superUserSecretIsPresent bool
applicationUserSecretIsPresentbool
podDisruptionBudgetIsPresent bool

CertManagerTemplate

CertManagerTemplate contains the data to generate a certificate request

NameDescriptionType
spec The Certificate object specification - mandatory*certmanagerv1.CertificateSpec
metadataThe label and annotations metadataMetadata

ClientCertConfiguration

ClientCertConfiguration contains the information to generate the certificate for the streaming_replica user

NameDescriptionType
caCertSecret CACertSecret is the secret of the CA to be injected into the CloudNativePG configuration - mandatorystring
certManager The cert-manager template used to generate the certificates*CertManagerTemplate
preProvisionedPreProvisioned contains how to fetch the pre-generated client certificates*ClientPreProvisionedCertificates

ClientPreProvisionedCertificates

ClientPreProvisionedCertificates instruct how to fetch the pre-generated client certificates

NameDescriptionType
streamingReplicaStreamingReplica the pre-generated certificate for 'streaming_replica' user*PreProvisionedCertificate

CnpBaseConfiguration

CnpBaseConfiguration contains the configuration parameters that can be applied to both CNP Witness and Data nodes

NameDescriptionType
startDelay The time in seconds that is allowed for a PostgreSQL instance to successfully start up (default 30)int32
stopDelay The time in seconds that is allowed for a PostgreSQL instance node to gracefully shutdown (default 30)int32
storage Configuration of the storage of the instances - mandatorycnpv1.StorageConfiguration
walStorage Configuration of the WAL storage for the instances*cnpv1.StorageConfiguration
clusterMaxStartDelay The time in seconds that is allowed for a PostgreSQL instance to successfully start up (default 300)int32
affinity Affinity/Anti-affinity rules for Podscnpv1.AffinityConfiguration
resources Resources requirements of every generated Pod. Please refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ for more information.corev1.ResourceRequirements
postgresql Configuration of the PostgreSQL servercnpv1.PostgresConfiguration
monitoring The configuration of the monitoring infrastructure of this cluster*cnpv1.MonitoringConfiguration
logLevel The instances' log level, one of the following values: error, warning, info (default), debug, tracestring
serviceAccountTemplateThe service account template to be passed to CNP*cnpv1.ServiceAccountTemplate
otel OpenTelemetry ConfigurationOTELConfiguration
postInitSQL List of SQL queries to be executed as a superuser immediately after a node has been created - to be used with extreme care (by default empty)[]string
postInitTemplateSQL List of SQL queries to be executed as a superuser in the template1 after a node has been created - to be used with extreme care (by default empty)[]string
seccompProfile The SeccompProfile applied to every Pod and Container. Defaults to: RuntimeDefault*corev1.SeccompProfile
metadata Metadata applied exclusively to the generated Cluster resources. Useful for applying AppArmor profiles.InheritedMetadata

CnpConfiguration

CnpConfiguration contains the configurations of the data nodes that will be injected into the resulting clusters composing the PGD group

NameDescriptionType
enableSuperuserAccessWhen this option is enabled, the CNP operator will create or use the secret defined in the SuperuserSecret to allow superuser (postgres) access to the database. Disabled by default.*bool
superuserSecret The secret containing the superuser password. A new secret will be created with a randomly generated password if not defined. This field is only allowed in the CNP Instances configuration. A Witness Node will always use the same SuperuserSecret as the other instances.*cnpv1.LocalObjectReference

ConnectivityConfiguration

ConnectivityConfiguration describes how to generate the services and certificates for the PGDGroup

NameDescriptionType
dns Describes how the FQDN for the resources should be generatedRootDNSConfiguration
tls The configuration of the TLS infrastructure - mandatoryTLSConfiguration
nodeServiceTemplate Instructs how to generate the service for each node*ServiceTemplate
groupServiceTemplateInstructs how to generate the service for the PGDGroup*ServiceTemplate
proxyServiceTemplateInstructs how to generate the service pointing to the PGD Proxy*ServiceTemplate

ConnectivityStatus

ConnectivityStatus contains any relevant status for the operator about Connectivity

NameDescriptionType
replicationTLSCertificate ReplicationTLSCertificate is the name of the replication TLS certificate, if we have itReplicationCertificateStatus
nodeTLSCertificates NodeTLSCertificates are the names of the certificates that have been created for the PGD nodes[]NodeCertificateStatus
unusedCertificates UnusedCertificates are the names of the certificates that we don't use anymore for the PGD nodes[]string
nodesWithoutCertificates NodesWithoutCertificates are the names of the nodes which have not a server certificate[]string
nodesNeedingServiceReconciliationNodesNeedingServiceReconciliation are the names of the nodes which have not a server certificate[]string
configurationHash ConfigurationHash is the hash code of the connectivity configuration, used to check if we had a change in the configuration or notstring

DNSConfiguration

DNSConfiguration describes how the FQDN for the resources should be generated

NameDescriptionType
domain Contains the domain name of by all services in the PGDGroup. It is responsibility of the user to ensure that the value specified here matches with the rendered nodeServiceTemplate and groupServiceTemplatestring
hostSuffixContains an optional suffix to add to all the service names in the PGDGroup. The meaning of this setting it to allow the user to easily mark all the services created in a location for routing purpose (i.e., add a generic rule to CoreDNS to rewrite some service suffixes as local)string

DiscoveryJobConfig

DiscoveryJobConfig contains a series of fields that configure the discovery job

NameDescriptionType
delay Delay amount of time to sleep between retries, measured in secondsint
retriesRetries how many times the operation should be retriedint
timeoutTimeout amount of time given to the operation to succeed, measured in secondsint

InheritedMetadata

InheritedMetadata contains metadata to be inherited by all resources related to a Cluster

NameDescriptionType
labels map[string]string
annotationsmap[string]string

Metadata

Metadata is a structure similar to the metav1.ObjectMeta, but still parseable by controller-gen to create a suitable CRD for the user.

NameDescriptionType
labels Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labelsmap[string]string
annotationsAnnotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotationsmap[string]string

NameKindGroup

NameKindGroup a struct containing name kind and group

NameDescriptionType
name - mandatorystring
kind - mandatorystring
group- mandatorystring

NodeCertificateStatus

NodeCertificateStatus encapsulate the status of the server certificate of a CNP node

NameDescriptionType
nodeNameNodeName is the name of the CNP cluster using this certificate - mandatorystring

NodeSummary

NodeSummary shows relevant info from bdr.node_summary

NameDescriptionType
node_name Name of the nodestring
node_group_name NodeGroupName is the name of the joined groupstring
peer_state_name Consistent state of the node in human-readable formstring
peer_target_state_nameState which the node is trying to reach (during join or promotion)string
node_kind_name The kind of node: witness or dataNodeKindName

OTELConfiguration

OTELConfiguration is the configuration for external openTelemetry

NameDescriptionType
metricsURL The OpenTelemetry HTTP endpoint URL to accept metrics datastring
traceURL The OpenTelemetry HTTP endpoint URL to accept trace datastring
traceEnableWhether to push trace data to OpenTelemetry traceUrl - mandatorybool
tls TLSConfiguration provides the TLS certificate configuration when MetricsURL and TraceURL are using HTTPSOTELTLSConfiguration

OTELTLSConfiguration

OTELTLSConfiguration contains the certificate configuration for TLS connections to openTelemetry

NameDescriptionType
caBundleSecretRefCABundleSecretRef is a reference to a secret field containing the CA bundle to verify the openTelemetry server certificate*cnpv1.SecretKeySelector
clientCertSecret ClientCertSecret is the name of the secret containing the client certificate used to connect to openTelemetry. It must contain both the standard "tls.crt" and "tls.key" files, encoded in PEM format.*cnpv1.LocalObjectReference

PGDGroup

PGDGroup is the Schema for the pgdgroups API

NameDescriptionType
metadatametav1.ObjectMeta
spec PGDGroupSpec
status PGDGroupStatus

PGDGroupCleanup

PGDGroupCleanup is the Schema for the pgdgroupcleanups API

NameDescriptionType
metadatametav1.ObjectMeta
spec PGDGroupCleanupSpec
status PGDGroupCleanupStatus

PGDGroupCleanupList

PGDGroupCleanupList contains a list of PGDGroupCleanup

NameDescriptionType
metadatametav1.ListMeta
items - mandatory[]PGDGroupCleanup

PGDGroupCleanupSpec

PGDGroupCleanupSpec defines the desired state of PGDGroupCleanup

NameDescriptionType
executor- mandatorystring
target - mandatorystring
force Force will force the removal of the PGDGroup even if the target PGDGroup nodes are not partedbool

PGDGroupCleanupStatus

PGDGroupCleanupStatus defines the observed state of PGDGroupCleanup

NameDescriptionType
phaseresources.OperatorPhaseCleanup

PGDGroupList

PGDGroupList contains a list of PGDGroup

NameDescriptionType
metadatametav1.ListMeta
items - mandatory[]PGDGroup

PGDGroupSpec

PGDGroupSpec defines the desired state of PGDGroup

NameDescriptionType
imageName Name of the container image, supporting both tags (<image>:<tag>) and digests for deterministic and repeatable deployments (<image>:<tag>@sha256:<digestValue>)string
imagePullPolicy Image pull policy. One of Always, Never or IfNotPresent. If not defined, it defaults to IfNotPresent. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-imagescorev1.PullPolicy
imagePullSecrets The list of pull secrets to be used to pull operator and or the operand images[]corev1.LocalObjectReference
inheritedMetadata Metadata that will be inherited by all objects related to the pgdGroup*InheritedMetadata
instances Number of instances required in the cluster - mandatoryint32
proxyInstances Number of proxy instances required in the clusterint32
witnessInstances Number of witness instances required in the clusterint32
backup The configuration to be used for backups in the CNP instances.*Backup
restore The configuration to restore this PGD group from an Object Store service*Restore
cnp Instances configuration that will be injected into the CNP clusters that compose the PGD Group - mandatoryCnpConfiguration
witness WitnessInstances configuration that will be injected into the WitnessInstances CNP clusters If not defined, it will default to the Instances configuration*CnpBaseConfiguration
pgd Pgd contains instructions to bootstrap this cluster - mandatoryPgdConfiguration
pgdProxy PGDProxy contains instructions to configure PGD ProxyPGDProxyConfiguration
connectivity Configures the connectivity of the PGDGroup, like services and certificates that will be used. - mandatoryConnectivityConfiguration
failingFinalizerTimeLimitSecondsThe amount of seconds that the operator will wait in case of a failing finalizer. A finalizer is considered failing when the operator cannot reach any nodes of the PGDGroupint32

PGDGroupStatus

PGDGroupStatus defines the observed state of PGDGroup

NameDescriptionType
latestGeneratedNode ID of the latest generated node (used to avoid node name clashing)int32
phase The initialization phase of this clusterresources.OperatorPhase
phaseDetails The details of the current phasestring
phaseTroubleshootHintsPhaseTroubleshootHints general troubleshooting indications for the given phasestring
phaseType PhaseType describes the phase category.resources.PhaseType
nodes The list of summaries for the nodes in the group[]NodeSummary
backup The node that is taking backups of this PGDGroupBackupStatus
restore The status of the restore processRestoreStatus
PGD Last known status of PGDPGDStatus
CNP Last known status of CNPCNPStatus
PGDProxy Last known status of PGDProxyPGDProxyStatus
connectivity Last known status of ConnectivityConnectivityStatus

PGDNodeGroupEntry

PGDNodeGroupEntry shows information about the node groups available in the PGD configuration

NameDescriptionType
name Name is the name of the node group - mandatorystring
enableProxyRouting EnableProxyRouting is true is the node group allows running PGD Proxiesbool
enableRaft EnableRaft is true if the node group has a subgroup raft instancebool
routeWriterMaxLag RouteWriterMaxLag Maximum lag in bytes of the new write candidate to be

selected as write leader, if no candidate passes this, there will be no writer selected automatically | int64 routeReaderMaxLag | RouteReaderMaxLag Maximum lag in bytes for node to be considered viable read-only node | int64 routeWriterWaitFlush | RouteWriterWaitFlush Whether to wait for replication queue flush before switching to new leader when using bdr.routing_leadership_transfer() | bool

PGDNodeGroupSettings

PGDNodeGroupSettings contains the settings of the PGD Group

NameDescriptionType
routeWriterMaxLag RouteWriterMaxLag Maximum lag in bytes of the new write candidate to be

selected as write leader, if no candidate passes this, there will be no writer selected automatically Defaults to -1 | int64 routeReaderMaxLag | RouteReaderMaxLag Maximum lag in bytes for node to be considered viable read-only node Defaults to -1 | int64 routeWriterWaitFlush | RouteWriterWaitFlush Whether to wait for replication queue flush before switching to new leader when using bdr.routing_leadership_transfer() Defaults to false | bool

PGDProxyConfiguration

PGDProxyConfiguration defines the configuration of PGD Proxy

NameDescriptionType
imageName Name of the PGDProxy container imagestring
logLevel The PGD Proxy log level, one of the following values: error, warning, info (default), debug, tracestring
logEncoder The format of the log outputstring
proxyAffinity ProxyAffinity/Anti-affinity rules for pods*corev1.Affinity
proxyNodeSelectorProxyNodeSelector rules for podsmap[string]string
proxyTolerations ProxyTolerations rules for pods[]corev1.Toleration
proxyResources Defines the resources assigned to the proxy. If not defined uses defaults requests and limits values.corev1.ResourceRequirements

PGDProxyEntry

PGDProxyEntry shows information about the proxies available in the PGD configuration

NameDescriptionType
name Name is the name of the proxy - mandatorystring
fallbackGroupNames FallbackGroupNames are the names of the fallback groups configured for this proxy[]string
parentGroupName ParentGroupName is the parent PGD group of this proxystring
maxClientConn MaxClientConn maximum number of connections the proxy will acceptint
maxServerConn MaxServerConn maximum number of connections the proxy will make to the Postgres nodeint
serverConnTimeout ServerConnTimeout connection timeout for server connections in secondsint64
serverConnKeepalive ServerConnKeepalive keepalive interval for server connections in secondsint64
fallbackGroupTimeoutFallbackGroupTimeout the interval after which the routing falls back to one of the fallback_groupsint64

PGDProxySettings

PGDProxySettings contains the settings of the proxy

NameDescriptionType
fallbackGroups FallbackGroups is the list of groups the proxy should forward connection to when all the data nodes of this PGD group are not available[]string
maxClientConn MaxClientConn maximum number of connections the proxy will accept. Defaults to 32767int
maxServerConn MaxServerConn maximum number of connections the proxy will make to the Postgres node. Defaults to 32767int
serverConnTimeout ServerConnTimeout connection timeout for server connections in seconds. Defaults to 2int64
serverConnKeepalive ServerConnKeepalive keepalive interval for server connections in seconds. Defaults to 10int64
fallbackGroupTimeoutFallbackGroupTimeout the interval after which the routing falls back to one of the fallback_groups. Defaults to 60int64

PGDProxyStatus

PGDProxyStatus any relevant status for the operator about PGDProxy

NameDescriptionType
proxyInstancesint32
writeLead WriteLead is a reserved field for the operator, is not intended for external usage. Will be removed in future versionsstring
proxyHash ProxyHash contains the hash we use to detect if we need to reconcile the proxiesstring

PGDStatus

PGDStatus any relevant status for the operator about PGD

NameDescriptionType
raftConsensusLastChangedStatus RaftConsensusLastChangedStatus indicates the latest reported status from bdr.monitor_group_raftresources.PGDRaftStatus
raftConsensusLastChangedMessage RaftConsensusLastChangedMessage indicates the latest reported message from bdr.monitor_group_raftstring
raftConsensusLastChangedTimestampRaftConsensusLastChangedTimestamp indicates when the status and message were first reportedstring
registeredProxies RegisteredProxies is the status of the registered proxies[]PGDProxyEntry
nodeGroup NodeGroup is the status of the node group associated with the PGDGroupPGDNodeGroupEntry

ParentGroupConfiguration

ParentGroupConfiguration contains the topology configuration of PGD

NameDescriptionType
name Name of the parent group - mandatorystring
createCreate is true when the operator should create the parent group if it doesn't existbool

PgdConfiguration

PgdConfiguration is the configuration of the PGD group structure

NameDescriptionType
parentGroup ParentGroup configures the topology of the PGD group - mandatoryParentGroupConfiguration
discovery The parameters we will use to connect to a node belonging to the parent PGD group. Even if provided, the following parameters will be overridden with default values: application_name, sslmode, dbname and user. The following parameters should not be provided nor used, as they are not even overridden with defaults:sslkey, sslcert, sslrootcert[]ConnectionString
discoveryJob DiscoveryJob the configuration of the PGD Discovery jobDiscoveryJobConfig
databaseName Name of the database used by the application. Default: app.string
ownerName Name of the owner of the database in the instance to be used by applications. Defaults to the value of the database key.string
ownerCredentialsSecretName of the secret containing the initial credentials for the owner of the user database. If empty a new secret will be created from scratch*cnpv1.LocalObjectReference
proxySettings Configuration for the proxyPGDProxySettings
nodeGroupSettings Configuration for the PGD Group*PGDNodeGroupSettings
globalRouting GlobalRouting is true when global routing is enabled, and in this case the proxies will be created in the parent groupbool
mutations List of SQL mutations to apply to the node groupSQLMutations

PreProvisionedCertificate

PreProvisionedCertificate contains the data needed to supply a pre-generated certificate

NameDescriptionType
secretRefSecretRef a name pointing to a secret that contains a tls.crt and tls.keystring

ReplicationCertificateStatus

ReplicationCertificateStatus encapsulate the certificate status

NameDescriptionType
name Name is the name of the certificatestring
hash Hash is the hash of the configuration for which it has been generatedstring
isReady Ready is true when the certificate is readybool
preProvisionedPreProvisioned is true if the certificate is preProvisionedbool

Restore

Restore configures the restore of a PGD group from an object store

NameDescriptionType
barmanObjectStoreThe configuration for the barman-cloud tool suite*cnpv1.BarmanObjectStoreConfiguration
recoveryTarget By default, the recovery process applies all the available WAL files in the archive (full recovery). However, you can also end the recovery as soon as a consistent state is reached or recover to a point-in-time (PITR) by specifying a RecoveryTarget object, as expected by PostgreSQL (i.e., timestamp, transaction Id, LSN, ...). More info: https://www.postgresql.org/docs/current/runtime-config-wal.html#RUNTIME-CONFIG-WAL-RECOVERY-TARGET*cnpv1.RecoveryTarget
serverNames The list of server names to be used as a recovery origin. One of these servers will be elected as the seeding one when evaluating the recovery target - mandatory[]string

RestoreStatus

RestoreStatus contains the current status of the restore process

NameDescriptionType
serverNameThe name of the server to be restored - mandatorystring

RootDNSConfiguration

RootDNSConfiguration describes how the FQDN for the resources should be generated

NameDescriptionType
additionalAdditionalDNSConfigurations adds more possible FQDNs for the resources[]DNSConfiguration

SQLMutation

SQLMutation is a series of SQL statements to apply atomically

NameDescriptionType
isAppliedList of boolean-returning SQL queries. If any of them returns false the mutation will be applied - mandatory[]string
exec List of SQL queries to be executed to apply this mutation - mandatory[]string
type Type determines when the SQLMutation occurs. 'always': reconcile the mutation at each reconciliation cycle 'beforeSubgroupRaft': are executed only before the subgroupRaft is enabled If not specified, the Type defaults to 'always'. - mandatorySQLMutationType

ServerCertConfiguration

ServerCertConfiguration contains the information to generate the certificates for the nodes

NameDescriptionType
caCertSecretCACertSecret is the secret of the CA to be injected into the CloudNativePG configuration - mandatorystring
certManager The cert-manager template used to generate the certificates - mandatoryCertManagerTemplate

ServiceTemplate

ServiceTemplate is a structure that allows the user to set a template for the Service generation.

NameDescriptionType
metadata Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadataMetadata
spec Specification of the desired behavior of the service. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-statuscorev1.ServiceSpec
updateStrategyUpdateStrategy indicates how to update the services generated by this template.*ServiceUpdateStrategy

TLSConfiguration

TLSConfiguration is the configuration of the TLS infrastructure used by PGD to connect to the nodes

NameDescriptionType
mode - mandatoryTLSMode
serverCertThe configuration for the server certificates - mandatoryServerCertConfiguration
clientCertThe configuration for the client certificates - mandatoryClientCertConfiguration