275 KiB
layout | parent | title |
---|---|---|
page | CRD reference | ArangoDeployment V1 |
API Reference for ArangoDeployment V1
Spec
.spec.agents.affinity
Type: core.PodAffinity
[ref]
Affinity specified additional affinity settings in ArangoDB Pod definitions
Links:
.spec.agents.allowMemberRecreation
Type: boolean
[ref]
AllowMemberRecreation allows to recreate member. This setting changes the member recreation logic based on group:
- For Sync Masters, Sync Workers, Coordinator and DB-Servers it determines if a member can be recreated in case of failure (default
true
) - For Agents and Single this value is hardcoded to
false
and the value provided in spec is ignored.
.spec.agents.annotations
Type: object
[ref]
Annotations specified the annotations added to Pods in this group.
Annotations are merged with spec.annotations
.
.spec.agents.annotationsIgnoreList
Type: array
[ref]
AnnotationsIgnoreList list regexp or plain definitions which annotations should be ignored
.spec.agents.annotationsMode
Type: string
[ref]
AnnotationsMode Define annotations mode which should be use while overriding annotations
.spec.agents.antiAffinity
Type: core.PodAntiAffinity
[ref]
AntiAffinity specified additional antiAffinity settings in ArangoDB Pod definitions
Links:
.spec.agents.args
Type: []string
[ref]
Args setting specifies additional command-line arguments passed to all servers of this group.
Default Value: []
.spec.agents.count
Type: integer
[ref]
Count setting specifies the number of servers to start for the given group.
For the Agent group, this value must be a positive, odd number.
The default value is 3
for all groups except single
(there the default is 1
for spec.mode: Single
and 2
for spec.mode: ActiveFailover
).
For the syncworkers
group, it is highly recommended to use the same number
as for the dbservers
group.
.spec.agents.entrypoint
Type: string
[ref]
Entrypoint overrides container executable
.spec.agents.envs[int].name
Type: string
[ref]
.spec.agents.envs[int].value
Type: string
[ref]
.spec.agents.ephemeralVolumes.apps.size
Type: resource.Quantity
[ref]
Size define size of the ephemeral volume
Links:
.spec.agents.ephemeralVolumes.temp.size
Type: resource.Quantity
[ref]
Size define size of the ephemeral volume
Links:
.spec.agents.exporterPort
Type: integer
[ref]
ExporterPort define Port used by exporter
.spec.agents.extendedRotationCheck
Type: boolean
[ref]
ExtendedRotationCheck extend checks for rotation
.spec.agents.externalPortEnabled
Type: boolean
[ref]
ExternalPortEnabled if external port should be enabled. If is set to false, ports needs to be exposed via sidecar. Only for ArangoD members
.spec.agents.indexMethod
Type: string
[ref]
IndexMethod define group Indexing method
Possible Values:
"random"
(default) - Pick random ID for member. Enforced on the Community Operator."ordered"
- Use sequential number as Member ID, starting from 0. Enterprise Operator required.
.spec.agents.initContainers.containers
Type: []core.Container
[ref]
Containers contains list of containers
Links:
.spec.agents.initContainers.mode
Type: string
[ref]
Mode keep container replace mode
.spec.agents.internalPort
Type: integer
[ref]
InternalPort define port used in internal communication, can be accessed over localhost via sidecar. Only for ArangoD members
.spec.agents.internalPortProtocol
Type: string
[ref]
InternalPortProtocol define protocol of port used in internal communication, can be accessed over localhost via sidecar. Only for ArangoD members
.spec.agents.labels
Type: object
[ref]
Labels specified the labels added to Pods in this group.
.spec.agents.labelsIgnoreList
Type: array
[ref]
LabelsIgnoreList list regexp or plain definitions which labels should be ignored
.spec.agents.labelsMode
Type: string
[ref]
LabelsMode Define labels mode which should be use while overriding labels
.spec.agents.maxCount
Type: integer
[ref]
MaxCount specifies a maximum for the count of servers. If set, a specification is invalid if count > maxCount
.
.spec.agents.memoryReservation
Type: integer
[ref]
MemoryReservation determines the system reservation of memory while calculating ARANGODB_OVERRIDE_DETECTED_TOTAL_MEMORY
value.
If this field is set, ARANGODB_OVERRIDE_DETECTED_TOTAL_MEMORY
is reduced by a specified value in percent.
Accepted Range <0, 50>. If the value is outside the accepted range, it is adjusted to the closest value.
Links:
Default Value: 0
.spec.agents.minCount
Type: integer
[ref]
MinCount specifies a minimum for the count of servers. If set, a specification is invalid if count < minCount
.
.spec.agents.nodeAffinity
Type: core.NodeAffinity
[ref]
NodeAffinity specified additional nodeAffinity settings in ArangoDB Pod definitions
Links:
.spec.agents.nodeSelector
Type: map[string]string
[ref]
NodeSelector setting specifies a set of labels to be used as nodeSelector
for Pods of this node.
Links:
.spec.agents.numactl.args
Type: array
[ref]
Args define list of the numactl process
Default Value: []
.spec.agents.numactl.enabled
Type: boolean
[ref]
Enabled define if numactl should be enabled
Default Value: false
.spec.agents.numactl.path
Type: string
[ref]
Path define numactl path within the container
Default Value: /usr/bin/numactl
.spec.agents.overrideDetectedNumberOfCores
Type: boolean
[ref]
Important
Values set by this feature override user-provided
ARANGODB_OVERRIDE_DETECTED_NUMBER_OF_CORES
Container Environment Variable
OverrideDetectedNumberOfCores determines if number of cores should be overridden based on values in resources.
If is set to true and Container CPU Limits are set, it sets Container Environment Variable ARANGODB_OVERRIDE_DETECTED_NUMBER_OF_CORES
to the value from the Container CPU Limits.
Links:
Default Value: true
.spec.agents.overrideDetectedTotalMemory
Type: boolean
[ref]
Important
Values set by this feature override user-provided
ARANGODB_OVERRIDE_DETECTED_TOTAL_MEMORY
Container Environment Variable
OverrideDetectedTotalMemory determines if memory should be overridden based on values in resources.
If is set to true and Container Memory Limits are set, it sets Container Environment Variable ARANGODB_OVERRIDE_DETECTED_TOTAL_MEMORY
to the value from the Container Memory Limits.
Links:
Default Value: true
.spec.agents.podModes.network
Type: string
[ref]
.spec.agents.podModes.pid
Type: string
[ref]
.spec.agents.port
Type: integer
[ref]
Port define Port used by member
.spec.agents.priorityClassName
Type: string
[ref]
PriorityClassName specifies a priority class name Will be forwarded to the pod spec.
Links:
.spec.agents.probes.livenessProbeDisabled
Type: boolean
[ref]
LivenessProbeDisabled if set to true, the operator does not generate a liveness probe for new pods belonging to this group
Default Value: false
.spec.agents.probes.livenessProbeSpec.failureThreshold
Type: integer
[ref]
FailureThreshold when a Pod starts and the probe fails, Kubernetes will try failureThreshold times before giving up. Giving up means restarting the container. Minimum value is 1.
Default Value: 3
.spec.agents.probes.livenessProbeSpec.initialDelaySeconds
Type: integer
[ref]
InitialDelaySeconds specifies number of seconds after the container has started before liveness or readiness probes are initiated. Minimum value is 0.
Default Value: 2
.spec.agents.probes.livenessProbeSpec.periodSeconds
Type: integer
[ref]
PeriodSeconds How often (in seconds) to perform the probe. Minimum value is 1.
Default Value: 10
.spec.agents.probes.livenessProbeSpec.successThreshold
Type: integer
[ref]
SuccessThreshold Minimum consecutive successes for the probe to be considered successful after having failed. Minimum value is 1.
Default Value: 1
.spec.agents.probes.livenessProbeSpec.timeoutSeconds
Type: integer
[ref]
TimeoutSeconds specifies number of seconds after which the probe times out Minimum value is 1.
Default Value: 2
.spec.agents.probes.ReadinessProbeDisabled
Type: boolean
[ref]
Warning
DEPRECATED
This field is deprecated, kept only for backward compatibility.
OldReadinessProbeDisabled if true readinessProbes are disabled
.spec.agents.probes.readinessProbeDisabled
Type: boolean
[ref]
ReadinessProbeDisabled override flag for probe disabled in good manner (lowercase) with backward compatibility
.spec.agents.probes.readinessProbeSpec.failureThreshold
Type: integer
[ref]
FailureThreshold when a Pod starts and the probe fails, Kubernetes will try failureThreshold times before giving up. Giving up means restarting the container. Minimum value is 1.
Default Value: 3
.spec.agents.probes.readinessProbeSpec.initialDelaySeconds
Type: integer
[ref]
InitialDelaySeconds specifies number of seconds after the container has started before liveness or readiness probes are initiated. Minimum value is 0.
Default Value: 2
.spec.agents.probes.readinessProbeSpec.periodSeconds
Type: integer
[ref]
PeriodSeconds How often (in seconds) to perform the probe. Minimum value is 1.
Default Value: 10
.spec.agents.probes.readinessProbeSpec.successThreshold
Type: integer
[ref]
SuccessThreshold Minimum consecutive successes for the probe to be considered successful after having failed. Minimum value is 1.
Default Value: 1
.spec.agents.probes.readinessProbeSpec.timeoutSeconds
Type: integer
[ref]
TimeoutSeconds specifies number of seconds after which the probe times out Minimum value is 1.
Default Value: 2
.spec.agents.probes.startupProbeDisabled
Type: boolean
[ref]
StartupProbeDisabled if true startupProbes are disabled
.spec.agents.probes.startupProbeSpec.failureThreshold
Type: integer
[ref]
FailureThreshold when a Pod starts and the probe fails, Kubernetes will try failureThreshold times before giving up. Giving up means restarting the container. Minimum value is 1.
Default Value: 3
.spec.agents.probes.startupProbeSpec.initialDelaySeconds
Type: integer
[ref]
InitialDelaySeconds specifies number of seconds after the container has started before liveness or readiness probes are initiated. Minimum value is 0.
Default Value: 2
.spec.agents.probes.startupProbeSpec.periodSeconds
Type: integer
[ref]
PeriodSeconds How often (in seconds) to perform the probe. Minimum value is 1.
Default Value: 10
.spec.agents.probes.startupProbeSpec.successThreshold
Type: integer
[ref]
SuccessThreshold Minimum consecutive successes for the probe to be considered successful after having failed. Minimum value is 1.
Default Value: 1
.spec.agents.probes.startupProbeSpec.timeoutSeconds
Type: integer
[ref]
TimeoutSeconds specifies number of seconds after which the probe times out Minimum value is 1.
Default Value: 2
.spec.agents.pvcResizeMode
Type: string
[ref]
VolumeResizeMode specified resize mode for PVCs and PVs
Possible Values:
"runtime"
(default) - PVC will be resized in Pod runtime (EKS, GKE)"rotate"
- Pod will be shutdown and PVC will be resized (AKS)
.spec.agents.resources
Type: core.ResourceRequirements
[ref]
Resources holds resource requests & limits
Links:
.spec.agents.schedulerName
Type: string
[ref]
SchedulerName define scheduler name used for group
.spec.agents.securityContext.addCapabilities
Type: []core.Capability
[ref]
AddCapabilities add new capabilities to containers
.spec.agents.securityContext.allowPrivilegeEscalation
Type: boolean
[ref]
AllowPrivilegeEscalation Controls whether a process can gain more privileges than its parent process.
.spec.agents.securityContext.dropAllCapabilities
Type: boolean
[ref]
Warning
DEPRECATED
This field is added for backward compatibility. Will be removed in 1.1.0.
DropAllCapabilities specifies if capabilities should be dropped for this pod containers
.spec.agents.securityContext.fsGroup
Type: integer
[ref]
FSGroup is a special supplemental group that applies to all containers in a pod.
.spec.agents.securityContext.privileged
Type: boolean
[ref]
Privileged If true, runs container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host.
.spec.agents.securityContext.readOnlyRootFilesystem
Type: boolean
[ref]
ReadOnlyRootFilesystem if true, mounts the container's root filesystem as read-only.
.spec.agents.securityContext.runAsGroup
Type: integer
[ref]
RunAsGroup is the GID to run the entrypoint of the container process.
.spec.agents.securityContext.runAsNonRoot
Type: boolean
[ref]
RunAsNonRoot if true, indicates that the container must run as a non-root user.
.spec.agents.securityContext.runAsUser
Type: integer
[ref]
RunAsUser is the UID to run the entrypoint of the container process.
.spec.agents.securityContext.seccompProfile
Type: core.SeccompProfile
[ref]
SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.
Links:
.spec.agents.securityContext.seLinuxOptions
Type: core.SELinuxOptions
[ref]
SELinuxOptions are the labels to be applied to the container
Links:
.spec.agents.securityContext.supplementalGroups
Type: array
[ref]
SupplementalGroups is a list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process.
.spec.agents.securityContext.sysctls
Type: map[string]intstr.IntOrString
[ref]
Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Map Value can be String or Int
Links:
Example:
sysctls:
"kernel.shm_rmid_forced": "0"
"net.core.somaxconn": 1024
"kernel.msgmax": "65536"
.spec.agents.serviceAccountName
Type: string
[ref]
ServiceAccountName setting specifies the serviceAccountName
for the Pods
created
for each server of this group. If empty, it defaults to using the
default
service account.
Using an alternative ServiceAccount
is typically used to separate access rights.
The ArangoDB deployments need some very minimal access rights. With the
deployment of the operator, we grant the rights to 'get' all 'pod' resources.
If you are using a different service account, please grant these rights
to that service account.
.spec.agents.shutdownDelay
Type: integer
[ref]
ShutdownDelay define how long operator should delay finalizer removal after shutdown
.spec.agents.shutdownMethod
Type: string
[ref]
ShutdownMethod describe procedure of member shutdown taken by Operator
.spec.agents.sidecarCoreNames
Type: array
[ref]
SidecarCoreNames is a list of sidecar containers which must run in the pod. Some names (e.g.: "server", "worker") are reserved, and they don't have any impact.
.spec.agents.sidecars
Type: []core.Container
[ref]
Sidecars specifies a list of additional containers to be started
Links:
.spec.agents.storageClassName
Type: string
[ref]
Warning
DEPRECATED
Use VolumeClaimTemplate instead.
StorageClassName specifies the classname for storage of the servers.
.spec.agents.terminationGracePeriodSeconds
Type: integer
[ref]
TerminationGracePeriodSeconds override default TerminationGracePeriodSeconds for pods - via silent rotation
.spec.agents.tolerations
Type: []core.Toleration
[ref]
Tolerations specifies the tolerations added to Pods in this group.
By default, suitable tolerations are set for the following keys with the NoExecute
effect:
node.kubernetes.io/not-ready
node.kubernetes.io/unreachable
node.alpha.kubernetes.io/unreachable
(will be removed in future version) For more information on tolerations, consult the https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
Links:
.spec.agents.volumeAllowShrink
Type: boolean
[ref]
Warning
DEPRECATED
Not used anymore
VolumeAllowShrink allows shrinking of the volume
.spec.agents.volumeClaimTemplate
Type: core.PersistentVolumeClaim
[ref]
VolumeClaimTemplate specifies a volumeClaimTemplate used by operator to create to volume claims for pods of this group.
This setting is not available for group coordinators
, syncmasters
& syncworkers
.
The default value describes a volume with 8Gi
storage, ReadWriteOnce
access mode and volume mode set to PersistentVolumeFilesystem
.
If this field is not set and spec.<group>.resources.requests.storage
is set, then a default volume claim
with size as specified by spec.<group>.resources.requests.storage
will be created. In that case storage
and iops
is not forwarded to the pods resource requirements.
Links:
.spec.agents.volumeMounts
Type: []ServerGroupSpecVolumeMount
[ref]
VolumeMounts define list of volume mounts mounted into server container
Links:
.spec.agents.volumes[int].configMap
Type: core.ConfigMapVolumeSource
[ref]
ConfigMap which should be mounted into pod
Links:
.spec.agents.volumes[int].emptyDir
Type: core.EmptyDirVolumeSource
[ref]
EmptyDir
Links:
.spec.agents.volumes[int].hostPath
Type: core.HostPathVolumeSource
[ref]
HostPath
Links:
.spec.agents.volumes[int].name
Type: string
[ref]
Name of volume
.spec.agents.volumes[int].persistentVolumeClaim
Type: core.PersistentVolumeClaimVolumeSource
[ref]
PersistentVolumeClaim
Links:
.spec.agents.volumes[int].secret
Type: core.SecretVolumeSource
[ref]
Secret which should be mounted into pod
Links:
.spec.allowUnsafeUpgrade
Type: boolean
[ref]
AllowUnsafeUpgrade determines if upgrade on missing member or with not in sync shards is allowed
.spec.annotations
Type: object
[ref]
Annotations specifies the annotations added to all ArangoDeployment owned resources (pods, services, PVC’s, PDB’s).
.spec.annotationsIgnoreList
Type: array
[ref]
AnnotationsIgnoreList list regexp or plain definitions which annotations should be ignored
.spec.annotationsMode
Type: string
[ref]
AnnotationsMode defines annotations mode which should be use while overriding annotations.
Possible Values:
"disabled"
(default) - Disable annotations/labels override. Default if there is no annotations/labels set in ArangoDeployment"append"
- Add new annotations/labels without affecting old ones"replace"
- Replace existing annotations/labels
.spec.architecture
Type: []string
[ref]
Architecture defines the list of supported architectures. First element on the list is marked as default architecture. Possible values are:
amd64
: Use processors with the x86-64 architecture.arm64
: Use processors with the 64-bit ARM architecture. The setting expects a list of strings, but you should only specify a single list item for the architecture, except when you want to migrate from one architecture to the other. The first list item defines the new default architecture for the deployment that you want to migrate to.
Links:
Default Value: ['amd64']
.spec.auth.jwtSecretName
Type: string
[ref]
JWTSecretName setting specifies the name of a kubernetes Secret
that contains a secret key used for generating
JWT tokens to access all ArangoDB servers.
When no name is specified, it defaults to <deployment-name>-jwt
.
To disable authentication, set this value to None
.
If you specify a name of a Secret
, that secret must have the key value in a data field named token
.
If you specify a name of a Secret
that does not exist, a random key is created and stored in a Secret
with given name.
Changing secret key results in restarting of a whole cluster.
.spec.bootstrap.passwordSecretNames
Type: map[string]string
[ref]
PasswordSecretNames contains a map of username to password-secret-name This setting specifies a secret name for the credentials per specific users. When a deployment is created the operator will setup the user accounts according to the credentials given by the secret. If the secret doesn't exist the operator creates a secret with a random password. There are two magic values for the secret name:
None
specifies no action. This disables root password randomization. This is the default value. (Thus the root password is empty - not recommended)Auto
specifies automatic name generation, which is<deploymentname>-root-password
.
Links:
.spec.chaos.enabled
Type: boolean
[ref]
Enabled switches the chaos monkey for a deployment on or off.
.spec.chaos.interval
Type: integer
[ref]
Interval is the time between events
.spec.chaos.kill-pod-probability
Type: integer
[ref]
KillPodProbability is the chance of a pod being killed during an event
.spec.ClusterDomain
Type: string
[ref]
ClusterDomain define domain used in the kubernetes cluster. Required only of domain is not set to default (cluster.local)
Default Value: cluster.local
.spec.communicationMethod
Type: string
[ref]
CommunicationMethod define communication method used in deployment
Possible Values:
"headless"
(default) - Define old communication mechanism, based on headless service."dns"
- Define ClusterIP Service DNS based communication."short-dns"
- Define ClusterIP Service DNS based communication. Use namespaced short DNS (used in migration)"headless-dns"
- Define Headless Service DNS based communication."ip"
- Define ClusterIP Service IP based communication.
.spec.coordinators.affinity
Type: core.PodAffinity
[ref]
Affinity specified additional affinity settings in ArangoDB Pod definitions
Links:
.spec.coordinators.allowMemberRecreation
Type: boolean
[ref]
AllowMemberRecreation allows to recreate member. This setting changes the member recreation logic based on group:
- For Sync Masters, Sync Workers, Coordinator and DB-Servers it determines if a member can be recreated in case of failure (default
true
) - For Agents and Single this value is hardcoded to
false
and the value provided in spec is ignored.
.spec.coordinators.annotations
Type: object
[ref]
Annotations specified the annotations added to Pods in this group.
Annotations are merged with spec.annotations
.
.spec.coordinators.annotationsIgnoreList
Type: array
[ref]
AnnotationsIgnoreList list regexp or plain definitions which annotations should be ignored
.spec.coordinators.annotationsMode
Type: string
[ref]
AnnotationsMode Define annotations mode which should be use while overriding annotations
.spec.coordinators.antiAffinity
Type: core.PodAntiAffinity
[ref]
AntiAffinity specified additional antiAffinity settings in ArangoDB Pod definitions
Links:
.spec.coordinators.args
Type: []string
[ref]
Args setting specifies additional command-line arguments passed to all servers of this group.
Default Value: []
.spec.coordinators.count
Type: integer
[ref]
Count setting specifies the number of servers to start for the given group.
For the Agent group, this value must be a positive, odd number.
The default value is 3
for all groups except single
(there the default is 1
for spec.mode: Single
and 2
for spec.mode: ActiveFailover
).
For the syncworkers
group, it is highly recommended to use the same number
as for the dbservers
group.
.spec.coordinators.entrypoint
Type: string
[ref]
Entrypoint overrides container executable
.spec.coordinators.envs[int].name
Type: string
[ref]
.spec.coordinators.envs[int].value
Type: string
[ref]
.spec.coordinators.ephemeralVolumes.apps.size
Type: resource.Quantity
[ref]
Size define size of the ephemeral volume
Links:
.spec.coordinators.ephemeralVolumes.temp.size
Type: resource.Quantity
[ref]
Size define size of the ephemeral volume
Links:
.spec.coordinators.exporterPort
Type: integer
[ref]
ExporterPort define Port used by exporter
.spec.coordinators.extendedRotationCheck
Type: boolean
[ref]
ExtendedRotationCheck extend checks for rotation
.spec.coordinators.externalPortEnabled
Type: boolean
[ref]
ExternalPortEnabled if external port should be enabled. If is set to false, ports needs to be exposed via sidecar. Only for ArangoD members
.spec.coordinators.indexMethod
Type: string
[ref]
IndexMethod define group Indexing method
Possible Values:
"random"
(default) - Pick random ID for member. Enforced on the Community Operator."ordered"
- Use sequential number as Member ID, starting from 0. Enterprise Operator required.
.spec.coordinators.initContainers.containers
Type: []core.Container
[ref]
Containers contains list of containers
Links:
.spec.coordinators.initContainers.mode
Type: string
[ref]
Mode keep container replace mode
.spec.coordinators.internalPort
Type: integer
[ref]
InternalPort define port used in internal communication, can be accessed over localhost via sidecar. Only for ArangoD members
.spec.coordinators.internalPortProtocol
Type: string
[ref]
InternalPortProtocol define protocol of port used in internal communication, can be accessed over localhost via sidecar. Only for ArangoD members
.spec.coordinators.labels
Type: object
[ref]
Labels specified the labels added to Pods in this group.
.spec.coordinators.labelsIgnoreList
Type: array
[ref]
LabelsIgnoreList list regexp or plain definitions which labels should be ignored
.spec.coordinators.labelsMode
Type: string
[ref]
LabelsMode Define labels mode which should be use while overriding labels
.spec.coordinators.maxCount
Type: integer
[ref]
MaxCount specifies a maximum for the count of servers. If set, a specification is invalid if count > maxCount
.
.spec.coordinators.memoryReservation
Type: integer
[ref]
MemoryReservation determines the system reservation of memory while calculating ARANGODB_OVERRIDE_DETECTED_TOTAL_MEMORY
value.
If this field is set, ARANGODB_OVERRIDE_DETECTED_TOTAL_MEMORY
is reduced by a specified value in percent.
Accepted Range <0, 50>. If the value is outside the accepted range, it is adjusted to the closest value.
Links:
Default Value: 0
.spec.coordinators.minCount
Type: integer
[ref]
MinCount specifies a minimum for the count of servers. If set, a specification is invalid if count < minCount
.
.spec.coordinators.nodeAffinity
Type: core.NodeAffinity
[ref]
NodeAffinity specified additional nodeAffinity settings in ArangoDB Pod definitions
Links:
.spec.coordinators.nodeSelector
Type: map[string]string
[ref]
NodeSelector setting specifies a set of labels to be used as nodeSelector
for Pods of this node.
Links:
.spec.coordinators.numactl.args
Type: array
[ref]
Args define list of the numactl process
Default Value: []
.spec.coordinators.numactl.enabled
Type: boolean
[ref]
Enabled define if numactl should be enabled
Default Value: false
.spec.coordinators.numactl.path
Type: string
[ref]
Path define numactl path within the container
Default Value: /usr/bin/numactl
.spec.coordinators.overrideDetectedNumberOfCores
Type: boolean
[ref]
Important
Values set by this feature override user-provided
ARANGODB_OVERRIDE_DETECTED_NUMBER_OF_CORES
Container Environment Variable
OverrideDetectedNumberOfCores determines if number of cores should be overridden based on values in resources.
If is set to true and Container CPU Limits are set, it sets Container Environment Variable ARANGODB_OVERRIDE_DETECTED_NUMBER_OF_CORES
to the value from the Container CPU Limits.
Links:
Default Value: true
.spec.coordinators.overrideDetectedTotalMemory
Type: boolean
[ref]
Important
Values set by this feature override user-provided
ARANGODB_OVERRIDE_DETECTED_TOTAL_MEMORY
Container Environment Variable
OverrideDetectedTotalMemory determines if memory should be overridden based on values in resources.
If is set to true and Container Memory Limits are set, it sets Container Environment Variable ARANGODB_OVERRIDE_DETECTED_TOTAL_MEMORY
to the value from the Container Memory Limits.
Links:
Default Value: true
.spec.coordinators.podModes.network
Type: string
[ref]
.spec.coordinators.podModes.pid
Type: string
[ref]
.spec.coordinators.port
Type: integer
[ref]
Port define Port used by member
.spec.coordinators.priorityClassName
Type: string
[ref]
PriorityClassName specifies a priority class name Will be forwarded to the pod spec.
Links:
.spec.coordinators.probes.livenessProbeDisabled
Type: boolean
[ref]
LivenessProbeDisabled if set to true, the operator does not generate a liveness probe for new pods belonging to this group
Default Value: false
.spec.coordinators.probes.livenessProbeSpec.failureThreshold
Type: integer
[ref]
FailureThreshold when a Pod starts and the probe fails, Kubernetes will try failureThreshold times before giving up. Giving up means restarting the container. Minimum value is 1.
Default Value: 3
.spec.coordinators.probes.livenessProbeSpec.initialDelaySeconds
Type: integer
[ref]
InitialDelaySeconds specifies number of seconds after the container has started before liveness or readiness probes are initiated. Minimum value is 0.
Default Value: 2
.spec.coordinators.probes.livenessProbeSpec.periodSeconds
Type: integer
[ref]
PeriodSeconds How often (in seconds) to perform the probe. Minimum value is 1.
Default Value: 10
.spec.coordinators.probes.livenessProbeSpec.successThreshold
Type: integer
[ref]
SuccessThreshold Minimum consecutive successes for the probe to be considered successful after having failed. Minimum value is 1.
Default Value: 1
.spec.coordinators.probes.livenessProbeSpec.timeoutSeconds
Type: integer
[ref]
TimeoutSeconds specifies number of seconds after which the probe times out Minimum value is 1.
Default Value: 2
.spec.coordinators.probes.ReadinessProbeDisabled
Type: boolean
[ref]
Warning
DEPRECATED
This field is deprecated, kept only for backward compatibility.
OldReadinessProbeDisabled if true readinessProbes are disabled
.spec.coordinators.probes.readinessProbeDisabled
Type: boolean
[ref]
ReadinessProbeDisabled override flag for probe disabled in good manner (lowercase) with backward compatibility
.spec.coordinators.probes.readinessProbeSpec.failureThreshold
Type: integer
[ref]
FailureThreshold when a Pod starts and the probe fails, Kubernetes will try failureThreshold times before giving up. Giving up means restarting the container. Minimum value is 1.
Default Value: 3
.spec.coordinators.probes.readinessProbeSpec.initialDelaySeconds
Type: integer
[ref]
InitialDelaySeconds specifies number of seconds after the container has started before liveness or readiness probes are initiated. Minimum value is 0.
Default Value: 2
.spec.coordinators.probes.readinessProbeSpec.periodSeconds
Type: integer
[ref]
PeriodSeconds How often (in seconds) to perform the probe. Minimum value is 1.
Default Value: 10
.spec.coordinators.probes.readinessProbeSpec.successThreshold
Type: integer
[ref]
SuccessThreshold Minimum consecutive successes for the probe to be considered successful after having failed. Minimum value is 1.
Default Value: 1
.spec.coordinators.probes.readinessProbeSpec.timeoutSeconds
Type: integer
[ref]
TimeoutSeconds specifies number of seconds after which the probe times out Minimum value is 1.
Default Value: 2
.spec.coordinators.probes.startupProbeDisabled
Type: boolean
[ref]
StartupProbeDisabled if true startupProbes are disabled
.spec.coordinators.probes.startupProbeSpec.failureThreshold
Type: integer
[ref]
FailureThreshold when a Pod starts and the probe fails, Kubernetes will try failureThreshold times before giving up. Giving up means restarting the container. Minimum value is 1.
Default Value: 3
.spec.coordinators.probes.startupProbeSpec.initialDelaySeconds
Type: integer
[ref]
InitialDelaySeconds specifies number of seconds after the container has started before liveness or readiness probes are initiated. Minimum value is 0.
Default Value: 2
.spec.coordinators.probes.startupProbeSpec.periodSeconds
Type: integer
[ref]
PeriodSeconds How often (in seconds) to perform the probe. Minimum value is 1.
Default Value: 10
.spec.coordinators.probes.startupProbeSpec.successThreshold
Type: integer
[ref]
SuccessThreshold Minimum consecutive successes for the probe to be considered successful after having failed. Minimum value is 1.
Default Value: 1
.spec.coordinators.probes.startupProbeSpec.timeoutSeconds
Type: integer
[ref]
TimeoutSeconds specifies number of seconds after which the probe times out Minimum value is 1.
Default Value: 2
.spec.coordinators.pvcResizeMode
Type: string
[ref]
VolumeResizeMode specified resize mode for PVCs and PVs
Possible Values:
"runtime"
(default) - PVC will be resized in Pod runtime (EKS, GKE)"rotate"
- Pod will be shutdown and PVC will be resized (AKS)
.spec.coordinators.resources
Type: core.ResourceRequirements
[ref]
Resources holds resource requests & limits
Links:
.spec.coordinators.schedulerName
Type: string
[ref]
SchedulerName define scheduler name used for group
.spec.coordinators.securityContext.addCapabilities
Type: []core.Capability
[ref]
AddCapabilities add new capabilities to containers
.spec.coordinators.securityContext.allowPrivilegeEscalation
Type: boolean
[ref]
AllowPrivilegeEscalation Controls whether a process can gain more privileges than its parent process.
.spec.coordinators.securityContext.dropAllCapabilities
Type: boolean
[ref]
Warning
DEPRECATED
This field is added for backward compatibility. Will be removed in 1.1.0.
DropAllCapabilities specifies if capabilities should be dropped for this pod containers
.spec.coordinators.securityContext.fsGroup
Type: integer
[ref]
FSGroup is a special supplemental group that applies to all containers in a pod.
.spec.coordinators.securityContext.privileged
Type: boolean
[ref]
Privileged If true, runs container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host.
.spec.coordinators.securityContext.readOnlyRootFilesystem
Type: boolean
[ref]
ReadOnlyRootFilesystem if true, mounts the container's root filesystem as read-only.
.spec.coordinators.securityContext.runAsGroup
Type: integer
[ref]
RunAsGroup is the GID to run the entrypoint of the container process.
.spec.coordinators.securityContext.runAsNonRoot
Type: boolean
[ref]
RunAsNonRoot if true, indicates that the container must run as a non-root user.
.spec.coordinators.securityContext.runAsUser
Type: integer
[ref]
RunAsUser is the UID to run the entrypoint of the container process.
.spec.coordinators.securityContext.seccompProfile
Type: core.SeccompProfile
[ref]
SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.
Links:
.spec.coordinators.securityContext.seLinuxOptions
Type: core.SELinuxOptions
[ref]
SELinuxOptions are the labels to be applied to the container
Links:
.spec.coordinators.securityContext.supplementalGroups
Type: array
[ref]
SupplementalGroups is a list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process.
.spec.coordinators.securityContext.sysctls
Type: map[string]intstr.IntOrString
[ref]
Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Map Value can be String or Int
Links:
Example:
sysctls:
"kernel.shm_rmid_forced": "0"
"net.core.somaxconn": 1024
"kernel.msgmax": "65536"
.spec.coordinators.serviceAccountName
Type: string
[ref]
ServiceAccountName setting specifies the serviceAccountName
for the Pods
created
for each server of this group. If empty, it defaults to using the
default
service account.
Using an alternative ServiceAccount
is typically used to separate access rights.
The ArangoDB deployments need some very minimal access rights. With the
deployment of the operator, we grant the rights to 'get' all 'pod' resources.
If you are using a different service account, please grant these rights
to that service account.
.spec.coordinators.shutdownDelay
Type: integer
[ref]
ShutdownDelay define how long operator should delay finalizer removal after shutdown
.spec.coordinators.shutdownMethod
Type: string
[ref]
ShutdownMethod describe procedure of member shutdown taken by Operator
.spec.coordinators.sidecarCoreNames
Type: array
[ref]
SidecarCoreNames is a list of sidecar containers which must run in the pod. Some names (e.g.: "server", "worker") are reserved, and they don't have any impact.
.spec.coordinators.sidecars
Type: []core.Container
[ref]
Sidecars specifies a list of additional containers to be started
Links:
.spec.coordinators.storageClassName
Type: string
[ref]
Warning
DEPRECATED
Use VolumeClaimTemplate instead.
StorageClassName specifies the classname for storage of the servers.
.spec.coordinators.terminationGracePeriodSeconds
Type: integer
[ref]
TerminationGracePeriodSeconds override default TerminationGracePeriodSeconds for pods - via silent rotation
.spec.coordinators.tolerations
Type: []core.Toleration
[ref]
Tolerations specifies the tolerations added to Pods in this group.
By default, suitable tolerations are set for the following keys with the NoExecute
effect:
node.kubernetes.io/not-ready
node.kubernetes.io/unreachable
node.alpha.kubernetes.io/unreachable
(will be removed in future version) For more information on tolerations, consult the https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
Links:
.spec.coordinators.volumeAllowShrink
Type: boolean
[ref]
Warning
DEPRECATED
Not used anymore
VolumeAllowShrink allows shrinking of the volume
.spec.coordinators.volumeClaimTemplate
Type: core.PersistentVolumeClaim
[ref]
VolumeClaimTemplate specifies a volumeClaimTemplate used by operator to create to volume claims for pods of this group.
This setting is not available for group coordinators
, syncmasters
& syncworkers
.
The default value describes a volume with 8Gi
storage, ReadWriteOnce
access mode and volume mode set to PersistentVolumeFilesystem
.
If this field is not set and spec.<group>.resources.requests.storage
is set, then a default volume claim
with size as specified by spec.<group>.resources.requests.storage
will be created. In that case storage
and iops
is not forwarded to the pods resource requirements.
Links:
.spec.coordinators.volumeMounts
Type: []ServerGroupSpecVolumeMount
[ref]
VolumeMounts define list of volume mounts mounted into server container
Links:
.spec.coordinators.volumes[int].configMap
Type: core.ConfigMapVolumeSource
[ref]
ConfigMap which should be mounted into pod
Links:
.spec.coordinators.volumes[int].emptyDir
Type: core.EmptyDirVolumeSource
[ref]
EmptyDir
Links:
.spec.coordinators.volumes[int].hostPath
Type: core.HostPathVolumeSource
[ref]
HostPath
Links:
.spec.coordinators.volumes[int].name
Type: string
[ref]
Name of volume
.spec.coordinators.volumes[int].persistentVolumeClaim
Type: core.PersistentVolumeClaimVolumeSource
[ref]
PersistentVolumeClaim
Links:
.spec.coordinators.volumes[int].secret
Type: core.SecretVolumeSource
[ref]
Secret which should be mounted into pod
Links:
.spec.database.maintenance
Type: boolean
[ref]
Maintenance manage maintenance mode on Cluster side. Requires maintenance feature to be enabled
.spec.dbservers.affinity
Type: core.PodAffinity
[ref]
Affinity specified additional affinity settings in ArangoDB Pod definitions
Links:
.spec.dbservers.allowMemberRecreation
Type: boolean
[ref]
AllowMemberRecreation allows to recreate member. This setting changes the member recreation logic based on group:
- For Sync Masters, Sync Workers, Coordinator and DB-Servers it determines if a member can be recreated in case of failure (default
true
) - For Agents and Single this value is hardcoded to
false
and the value provided in spec is ignored.
.spec.dbservers.annotations
Type: object
[ref]
Annotations specified the annotations added to Pods in this group.
Annotations are merged with spec.annotations
.
.spec.dbservers.annotationsIgnoreList
Type: array
[ref]
AnnotationsIgnoreList list regexp or plain definitions which annotations should be ignored
.spec.dbservers.annotationsMode
Type: string
[ref]
AnnotationsMode Define annotations mode which should be use while overriding annotations
.spec.dbservers.antiAffinity
Type: core.PodAntiAffinity
[ref]
AntiAffinity specified additional antiAffinity settings in ArangoDB Pod definitions
Links:
.spec.dbservers.args
Type: []string
[ref]
Args setting specifies additional command-line arguments passed to all servers of this group.
Default Value: []
.spec.dbservers.count
Type: integer
[ref]
Count setting specifies the number of servers to start for the given group.
For the Agent group, this value must be a positive, odd number.
The default value is 3
for all groups except single
(there the default is 1
for spec.mode: Single
and 2
for spec.mode: ActiveFailover
).
For the syncworkers
group, it is highly recommended to use the same number
as for the dbservers
group.
.spec.dbservers.entrypoint
Type: string
[ref]
Entrypoint overrides container executable
.spec.dbservers.envs[int].name
Type: string
[ref]
.spec.dbservers.envs[int].value
Type: string
[ref]
.spec.dbservers.ephemeralVolumes.apps.size
Type: resource.Quantity
[ref]
Size define size of the ephemeral volume
Links:
.spec.dbservers.ephemeralVolumes.temp.size
Type: resource.Quantity
[ref]
Size define size of the ephemeral volume
Links:
.spec.dbservers.exporterPort
Type: integer
[ref]
ExporterPort define Port used by exporter
.spec.dbservers.extendedRotationCheck
Type: boolean
[ref]
ExtendedRotationCheck extend checks for rotation
.spec.dbservers.externalPortEnabled
Type: boolean
[ref]
ExternalPortEnabled if external port should be enabled. If is set to false, ports needs to be exposed via sidecar. Only for ArangoD members
.spec.dbservers.indexMethod
Type: string
[ref]
IndexMethod define group Indexing method
Possible Values:
"random"
(default) - Pick random ID for member. Enforced on the Community Operator."ordered"
- Use sequential number as Member ID, starting from 0. Enterprise Operator required.
.spec.dbservers.initContainers.containers
Type: []core.Container
[ref]
Containers contains list of containers
Links:
.spec.dbservers.initContainers.mode
Type: string
[ref]
Mode keep container replace mode
.spec.dbservers.internalPort
Type: integer
[ref]
InternalPort define port used in internal communication, can be accessed over localhost via sidecar. Only for ArangoD members
.spec.dbservers.internalPortProtocol
Type: string
[ref]
InternalPortProtocol define protocol of port used in internal communication, can be accessed over localhost via sidecar. Only for ArangoD members
.spec.dbservers.labels
Type: object
[ref]
Labels specified the labels added to Pods in this group.
.spec.dbservers.labelsIgnoreList
Type: array
[ref]
LabelsIgnoreList list regexp or plain definitions which labels should be ignored
.spec.dbservers.labelsMode
Type: string
[ref]
LabelsMode Define labels mode which should be use while overriding labels
.spec.dbservers.maxCount
Type: integer
[ref]
MaxCount specifies a maximum for the count of servers. If set, a specification is invalid if count > maxCount
.
.spec.dbservers.memoryReservation
Type: integer
[ref]
MemoryReservation determines the system reservation of memory while calculating ARANGODB_OVERRIDE_DETECTED_TOTAL_MEMORY
value.
If this field is set, ARANGODB_OVERRIDE_DETECTED_TOTAL_MEMORY
is reduced by a specified value in percent.
Accepted Range <0, 50>. If the value is outside the accepted range, it is adjusted to the closest value.
Links:
Default Value: 0
.spec.dbservers.minCount
Type: integer
[ref]
MinCount specifies a minimum for the count of servers. If set, a specification is invalid if count < minCount
.
.spec.dbservers.nodeAffinity
Type: core.NodeAffinity
[ref]
NodeAffinity specified additional nodeAffinity settings in ArangoDB Pod definitions
Links:
.spec.dbservers.nodeSelector
Type: map[string]string
[ref]
NodeSelector setting specifies a set of labels to be used as nodeSelector
for Pods of this node.
Links:
.spec.dbservers.numactl.args
Type: array
[ref]
Args define list of the numactl process
Default Value: []
.spec.dbservers.numactl.enabled
Type: boolean
[ref]
Enabled define if numactl should be enabled
Default Value: false
.spec.dbservers.numactl.path
Type: string
[ref]
Path define numactl path within the container
Default Value: /usr/bin/numactl
.spec.dbservers.overrideDetectedNumberOfCores
Type: boolean
[ref]
Important
Values set by this feature override user-provided
ARANGODB_OVERRIDE_DETECTED_NUMBER_OF_CORES
Container Environment Variable
OverrideDetectedNumberOfCores determines if number of cores should be overridden based on values in resources.
If is set to true and Container CPU Limits are set, it sets Container Environment Variable ARANGODB_OVERRIDE_DETECTED_NUMBER_OF_CORES
to the value from the Container CPU Limits.
Links:
Default Value: true
.spec.dbservers.overrideDetectedTotalMemory
Type: boolean
[ref]
Important
Values set by this feature override user-provided
ARANGODB_OVERRIDE_DETECTED_TOTAL_MEMORY
Container Environment Variable
OverrideDetectedTotalMemory determines if memory should be overridden based on values in resources.
If is set to true and Container Memory Limits are set, it sets Container Environment Variable ARANGODB_OVERRIDE_DETECTED_TOTAL_MEMORY
to the value from the Container Memory Limits.
Links:
Default Value: true
.spec.dbservers.podModes.network
Type: string
[ref]
.spec.dbservers.podModes.pid
Type: string
[ref]
.spec.dbservers.port
Type: integer
[ref]
Port define Port used by member
.spec.dbservers.priorityClassName
Type: string
[ref]
PriorityClassName specifies a priority class name Will be forwarded to the pod spec.
Links:
.spec.dbservers.probes.livenessProbeDisabled
Type: boolean
[ref]
LivenessProbeDisabled if set to true, the operator does not generate a liveness probe for new pods belonging to this group
Default Value: false
.spec.dbservers.probes.livenessProbeSpec.failureThreshold
Type: integer
[ref]
FailureThreshold when a Pod starts and the probe fails, Kubernetes will try failureThreshold times before giving up. Giving up means restarting the container. Minimum value is 1.
Default Value: 3
.spec.dbservers.probes.livenessProbeSpec.initialDelaySeconds
Type: integer
[ref]
InitialDelaySeconds specifies number of seconds after the container has started before liveness or readiness probes are initiated. Minimum value is 0.
Default Value: 2
.spec.dbservers.probes.livenessProbeSpec.periodSeconds
Type: integer
[ref]
PeriodSeconds How often (in seconds) to perform the probe. Minimum value is 1.
Default Value: 10
.spec.dbservers.probes.livenessProbeSpec.successThreshold
Type: integer
[ref]
SuccessThreshold Minimum consecutive successes for the probe to be considered successful after having failed. Minimum value is 1.
Default Value: 1
.spec.dbservers.probes.livenessProbeSpec.timeoutSeconds
Type: integer
[ref]
TimeoutSeconds specifies number of seconds after which the probe times out Minimum value is 1.
Default Value: 2
.spec.dbservers.probes.ReadinessProbeDisabled
Type: boolean
[ref]
Warning
DEPRECATED
This field is deprecated, kept only for backward compatibility.
OldReadinessProbeDisabled if true readinessProbes are disabled
.spec.dbservers.probes.readinessProbeDisabled
Type: boolean
[ref]
ReadinessProbeDisabled override flag for probe disabled in good manner (lowercase) with backward compatibility
.spec.dbservers.probes.readinessProbeSpec.failureThreshold
Type: integer
[ref]
FailureThreshold when a Pod starts and the probe fails, Kubernetes will try failureThreshold times before giving up. Giving up means restarting the container. Minimum value is 1.
Default Value: 3
.spec.dbservers.probes.readinessProbeSpec.initialDelaySeconds
Type: integer
[ref]
InitialDelaySeconds specifies number of seconds after the container has started before liveness or readiness probes are initiated. Minimum value is 0.
Default Value: 2
.spec.dbservers.probes.readinessProbeSpec.periodSeconds
Type: integer
[ref]
PeriodSeconds How often (in seconds) to perform the probe. Minimum value is 1.
Default Value: 10
.spec.dbservers.probes.readinessProbeSpec.successThreshold
Type: integer
[ref]
SuccessThreshold Minimum consecutive successes for the probe to be considered successful after having failed. Minimum value is 1.
Default Value: 1
.spec.dbservers.probes.readinessProbeSpec.timeoutSeconds
Type: integer
[ref]
TimeoutSeconds specifies number of seconds after which the probe times out Minimum value is 1.
Default Value: 2
.spec.dbservers.probes.startupProbeDisabled
Type: boolean
[ref]
StartupProbeDisabled if true startupProbes are disabled
.spec.dbservers.probes.startupProbeSpec.failureThreshold
Type: integer
[ref]
FailureThreshold when a Pod starts and the probe fails, Kubernetes will try failureThreshold times before giving up. Giving up means restarting the container. Minimum value is 1.
Default Value: 3
.spec.dbservers.probes.startupProbeSpec.initialDelaySeconds
Type: integer
[ref]
InitialDelaySeconds specifies number of seconds after the container has started before liveness or readiness probes are initiated. Minimum value is 0.
Default Value: 2
.spec.dbservers.probes.startupProbeSpec.periodSeconds
Type: integer
[ref]
PeriodSeconds How often (in seconds) to perform the probe. Minimum value is 1.
Default Value: 10
.spec.dbservers.probes.startupProbeSpec.successThreshold
Type: integer
[ref]
SuccessThreshold Minimum consecutive successes for the probe to be considered successful after having failed. Minimum value is 1.
Default Value: 1
.spec.dbservers.probes.startupProbeSpec.timeoutSeconds
Type: integer
[ref]
TimeoutSeconds specifies number of seconds after which the probe times out Minimum value is 1.
Default Value: 2
.spec.dbservers.pvcResizeMode
Type: string
[ref]
VolumeResizeMode specified resize mode for PVCs and PVs
Possible Values:
"runtime"
(default) - PVC will be resized in Pod runtime (EKS, GKE)"rotate"
- Pod will be shutdown and PVC will be resized (AKS)
.spec.dbservers.resources
Type: core.ResourceRequirements
[ref]
Resources holds resource requests & limits
Links:
.spec.dbservers.schedulerName
Type: string
[ref]
SchedulerName define scheduler name used for group
.spec.dbservers.securityContext.addCapabilities
Type: []core.Capability
[ref]
AddCapabilities add new capabilities to containers
.spec.dbservers.securityContext.allowPrivilegeEscalation
Type: boolean
[ref]
AllowPrivilegeEscalation Controls whether a process can gain more privileges than its parent process.
.spec.dbservers.securityContext.dropAllCapabilities
Type: boolean
[ref]
Warning
DEPRECATED
This field is added for backward compatibility. Will be removed in 1.1.0.
DropAllCapabilities specifies if capabilities should be dropped for this pod containers
.spec.dbservers.securityContext.fsGroup
Type: integer
[ref]
FSGroup is a special supplemental group that applies to all containers in a pod.
.spec.dbservers.securityContext.privileged
Type: boolean
[ref]
Privileged If true, runs container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host.
.spec.dbservers.securityContext.readOnlyRootFilesystem
Type: boolean
[ref]
ReadOnlyRootFilesystem if true, mounts the container's root filesystem as read-only.
.spec.dbservers.securityContext.runAsGroup
Type: integer
[ref]
RunAsGroup is the GID to run the entrypoint of the container process.
.spec.dbservers.securityContext.runAsNonRoot
Type: boolean
[ref]
RunAsNonRoot if true, indicates that the container must run as a non-root user.
.spec.dbservers.securityContext.runAsUser
Type: integer
[ref]
RunAsUser is the UID to run the entrypoint of the container process.
.spec.dbservers.securityContext.seccompProfile
Type: core.SeccompProfile
[ref]
SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.
Links:
.spec.dbservers.securityContext.seLinuxOptions
Type: core.SELinuxOptions
[ref]
SELinuxOptions are the labels to be applied to the container
Links:
.spec.dbservers.securityContext.supplementalGroups
Type: array
[ref]
SupplementalGroups is a list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process.
.spec.dbservers.securityContext.sysctls
Type: map[string]intstr.IntOrString
[ref]
Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Map Value can be String or Int
Links:
Example:
sysctls:
"kernel.shm_rmid_forced": "0"
"net.core.somaxconn": 1024
"kernel.msgmax": "65536"
.spec.dbservers.serviceAccountName
Type: string
[ref]
ServiceAccountName setting specifies the serviceAccountName
for the Pods
created
for each server of this group. If empty, it defaults to using the
default
service account.
Using an alternative ServiceAccount
is typically used to separate access rights.
The ArangoDB deployments need some very minimal access rights. With the
deployment of the operator, we grant the rights to 'get' all 'pod' resources.
If you are using a different service account, please grant these rights
to that service account.
.spec.dbservers.shutdownDelay
Type: integer
[ref]
ShutdownDelay define how long operator should delay finalizer removal after shutdown
.spec.dbservers.shutdownMethod
Type: string
[ref]
ShutdownMethod describe procedure of member shutdown taken by Operator
.spec.dbservers.sidecarCoreNames
Type: array
[ref]
SidecarCoreNames is a list of sidecar containers which must run in the pod. Some names (e.g.: "server", "worker") are reserved, and they don't have any impact.
.spec.dbservers.sidecars
Type: []core.Container
[ref]
Sidecars specifies a list of additional containers to be started
Links:
.spec.dbservers.storageClassName
Type: string
[ref]
Warning
DEPRECATED
Use VolumeClaimTemplate instead.
StorageClassName specifies the classname for storage of the servers.
.spec.dbservers.terminationGracePeriodSeconds
Type: integer
[ref]
TerminationGracePeriodSeconds override default TerminationGracePeriodSeconds for pods - via silent rotation
.spec.dbservers.tolerations
Type: []core.Toleration
[ref]
Tolerations specifies the tolerations added to Pods in this group.
By default, suitable tolerations are set for the following keys with the NoExecute
effect:
node.kubernetes.io/not-ready
node.kubernetes.io/unreachable
node.alpha.kubernetes.io/unreachable
(will be removed in future version) For more information on tolerations, consult the https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
Links:
.spec.dbservers.volumeAllowShrink
Type: boolean
[ref]
Warning
DEPRECATED
Not used anymore
VolumeAllowShrink allows shrinking of the volume
.spec.dbservers.volumeClaimTemplate
Type: core.PersistentVolumeClaim
[ref]
VolumeClaimTemplate specifies a volumeClaimTemplate used by operator to create to volume claims for pods of this group.
This setting is not available for group coordinators
, syncmasters
& syncworkers
.
The default value describes a volume with 8Gi
storage, ReadWriteOnce
access mode and volume mode set to PersistentVolumeFilesystem
.
If this field is not set and spec.<group>.resources.requests.storage
is set, then a default volume claim
with size as specified by spec.<group>.resources.requests.storage
will be created. In that case storage
and iops
is not forwarded to the pods resource requirements.
Links:
.spec.dbservers.volumeMounts
Type: []ServerGroupSpecVolumeMount
[ref]
VolumeMounts define list of volume mounts mounted into server container
Links:
.spec.dbservers.volumes[int].configMap
Type: core.ConfigMapVolumeSource
[ref]
ConfigMap which should be mounted into pod
Links:
.spec.dbservers.volumes[int].emptyDir
Type: core.EmptyDirVolumeSource
[ref]
EmptyDir
Links:
.spec.dbservers.volumes[int].hostPath
Type: core.HostPathVolumeSource
[ref]
HostPath
Links:
.spec.dbservers.volumes[int].name
Type: string
[ref]
Name of volume
.spec.dbservers.volumes[int].persistentVolumeClaim
Type: core.PersistentVolumeClaimVolumeSource
[ref]
PersistentVolumeClaim
Links:
.spec.dbservers.volumes[int].secret
Type: core.SecretVolumeSource
[ref]
Secret which should be mounted into pod
Links:
.spec.disableIPv6
Type: boolean
[ref]
DisableIPv6 setting prevents the use of IPv6 addresses by ArangoDB servers. This setting cannot be changed after the deployment has been created.
Default Value: false
.spec.downtimeAllowed
Type: boolean
[ref]
DowntimeAllowed setting is used to allow automatic reconciliation actions that yield some downtime of the ArangoDB deployment. When this setting is set to false, no automatic action that may result in downtime is allowed. If the need for such an action is detected, an event is added to the ArangoDeployment. Once this setting is set to true, the automatic action is executed. Operations that may result in downtime are:
- Rotating TLS CA certificate Note: It is still possible that there is some downtime when the Kubernetes cluster is down, or in a bad state, irrespective of the value of this setting.
Default Value: false
.spec.environment
Type: string
[ref]
Environment setting specifies the type of environment in which the deployment is created.
Possible Values:
"Development"
(default) - This value optimizes the deployment for development use. It is possible to run a deployment on a small number of nodes (e.g. minikube)."Production"
- This value optimizes the deployment for production use. It puts required affinity constraints on all pods to avoid Agents & DB-Servers from running on the same machine.
.spec.externalAccess.advertisedEndpoint
Type: string
[ref]
AdvertisedEndpoint is passed to the coordinators/single servers for advertising a specific endpoint
.spec.externalAccess.loadBalancerIP
Type: string
[ref]
LoadBalancerIP define optional IP used to configure a load-balancer on, in case of Auto or LoadBalancer type. If you do not specify this setting, an IP will be chosen automatically by the load-balancer provisioner.
.spec.externalAccess.loadBalancerSourceRanges
Type: array
[ref]
LoadBalancerSourceRanges define LoadBalancerSourceRanges used for LoadBalancer Service type If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature.
Links:
.spec.externalAccess.managedServiceNames
Type: array
[ref]
ManagedServiceNames keeps names of services which are not managed by KubeArangoDB.
It is only relevant when type of service is managed
.
.spec.externalAccess.nodePort
Type: integer
[ref]
NodePort define optional port used in case of Auto or NodePort type.
This setting is used when spec.externalAccess.type
is set to NodePort
or Auto
.
If you do not specify this setting, a random port will be chosen automatically.
.spec.externalAccess.type
Type: string
[ref]
Type specifies the type of Service that will be created to provide access to the ArangoDB deployment from outside the Kubernetes cluster.
Possible Values:
"Auto"
(default) - Create a Service of type LoadBalancer and fallback to a Service or type NodePort when the LoadBalancer is not assigned an IP address."None"
- limit access to application running inside the Kubernetes cluster."LoadBalancer"
- Create a Service of type LoadBalancer for the ArangoDB deployment."NodePort"
- Create a Service of type NodePort for the ArangoDB deployment.
.spec.features.foxx.queues
Type: boolean
[ref]
.spec.gateway.enabled
Type: boolean
[ref]
Enabled setting enables/disables support for gateway in the cluster.
When enabled, the cluster will contain a number of gateway
servers.
Default Value: false
.spec.gateway.image
Type: string
[ref]
Image is the image to use for the gateway. By default, the image is determined by the operator.
.spec.gateway.sidecar.args
Type: array
[ref]
Arguments to the entrypoint.
The container image's CMD is used if this is not provided.
Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
cannot be resolved, the reference in the input string will be unchanged. Double are reduced
to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
of whether the variable exists or not. Cannot be updated.
Links:
.spec.gateway.sidecar.command
Type: array
[ref]
Entrypoint array. Not executed within a shell.
The container image's ENTRYPOINT is used if this is not provided.
Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
cannot be resolved, the reference in the input string will be unchanged. Double are reduced
to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
of whether the variable exists or not. Cannot be updated.
Links:
.spec.gateway.sidecar.controllerListenPort
Type: integer
[ref]
ControllerListenPort defines on which port the sidecar container will be listening for controller requests
Default Value: 9202
.spec.gateway.sidecar.env
Type: core.EnvVar
[ref]
Env keeps the information about environment variables provided to the container
Links:
.spec.gateway.sidecar.envFrom
Type: core.EnvFromSource
[ref]
EnvFrom keeps the information about environment variable sources provided to the container
Links:
.spec.gateway.sidecar.image
Type: string
[ref]
Image define image details
.spec.gateway.sidecar.imagePullPolicy
Type: string
[ref]
ImagePullPolicy define Image pull policy
Default Value: IfNotPresent
.spec.gateway.sidecar.lifecycle
Type: core.Lifecycle
[ref]
Lifecycle keeps actions that the management system should take in response to container lifecycle events.
.spec.gateway.sidecar.listenPort
Type: integer
[ref]
ListenPort defines on which port the sidecar container will be listening for connections
Default Value: 9201
.spec.gateway.sidecar.livenessProbe
Type: core.Probe
[ref]
LivenessProbe keeps configuration of periodic probe of container liveness. Container will be restarted if the probe fails.
Links:
.spec.gateway.sidecar.ports
Type: []core.ContainerPort
[ref]
Ports contains list of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network.
.spec.gateway.sidecar.readinessProbe
Type: core.Probe
[ref]
ReadinessProbe keeps configuration of periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails.
Links:
.spec.gateway.sidecar.resources
Type: core.ResourceRequirements
[ref]
Resources holds resource requests & limits for container
Links:
.spec.gateway.sidecar.securityContext
Type: core.SecurityContext
[ref]
SecurityContext holds container-level security attributes and common container settings.
Links:
.spec.gateway.sidecar.startupProbe
Type: core.Probe
[ref]
StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation.
Links:
.spec.gateway.sidecar.volumeMounts
Type: []core.VolumeMount
[ref]
VolumeMounts keeps list of pod volumes to mount into the container's filesystem.
.spec.gateway.sidecar.workingDir
Type: string
[ref]
Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image.
.spec.gateways.affinity
Type: core.PodAffinity
[ref]
Affinity specified additional affinity settings in ArangoDB Pod definitions
Links:
.spec.gateways.allowMemberRecreation
Type: boolean
[ref]
AllowMemberRecreation allows to recreate member. This setting changes the member recreation logic based on group:
- For Sync Masters, Sync Workers, Coordinator and DB-Servers it determines if a member can be recreated in case of failure (default
true
) - For Agents and Single this value is hardcoded to
false
and the value provided in spec is ignored.
.spec.gateways.annotations
Type: object
[ref]
Annotations specified the annotations added to Pods in this group.
Annotations are merged with spec.annotations
.
.spec.gateways.annotationsIgnoreList
Type: array
[ref]
AnnotationsIgnoreList list regexp or plain definitions which annotations should be ignored
.spec.gateways.annotationsMode
Type: string
[ref]
AnnotationsMode Define annotations mode which should be use while overriding annotations
.spec.gateways.antiAffinity
Type: core.PodAntiAffinity
[ref]
AntiAffinity specified additional antiAffinity settings in ArangoDB Pod definitions
Links:
.spec.gateways.args
Type: []string
[ref]
Args setting specifies additional command-line arguments passed to all servers of this group.
Default Value: []
.spec.gateways.count
Type: integer
[ref]
Count setting specifies the number of servers to start for the given group.
For the Agent group, this value must be a positive, odd number.
The default value is 3
for all groups except single
(there the default is 1
for spec.mode: Single
and 2
for spec.mode: ActiveFailover
).
For the syncworkers
group, it is highly recommended to use the same number
as for the dbservers
group.
.spec.gateways.entrypoint
Type: string
[ref]
Entrypoint overrides container executable
.spec.gateways.envs[int].name
Type: string
[ref]
.spec.gateways.envs[int].value
Type: string
[ref]
.spec.gateways.ephemeralVolumes.apps.size
Type: resource.Quantity
[ref]
Size define size of the ephemeral volume
Links:
.spec.gateways.ephemeralVolumes.temp.size
Type: resource.Quantity
[ref]
Size define size of the ephemeral volume
Links:
.spec.gateways.exporterPort
Type: integer
[ref]
ExporterPort define Port used by exporter
.spec.gateways.extendedRotationCheck
Type: boolean
[ref]
ExtendedRotationCheck extend checks for rotation
.spec.gateways.externalPortEnabled
Type: boolean
[ref]
ExternalPortEnabled if external port should be enabled. If is set to false, ports needs to be exposed via sidecar. Only for ArangoD members
.spec.gateways.indexMethod
Type: string
[ref]
IndexMethod define group Indexing method
Possible Values:
"random"
(default) - Pick random ID for member. Enforced on the Community Operator."ordered"
- Use sequential number as Member ID, starting from 0. Enterprise Operator required.
.spec.gateways.initContainers.containers
Type: []core.Container
[ref]
Containers contains list of containers
Links:
.spec.gateways.initContainers.mode
Type: string
[ref]
Mode keep container replace mode
.spec.gateways.internalPort
Type: integer
[ref]
InternalPort define port used in internal communication, can be accessed over localhost via sidecar. Only for ArangoD members
.spec.gateways.internalPortProtocol
Type: string
[ref]
InternalPortProtocol define protocol of port used in internal communication, can be accessed over localhost via sidecar. Only for ArangoD members
.spec.gateways.labels
Type: object
[ref]
Labels specified the labels added to Pods in this group.
.spec.gateways.labelsIgnoreList
Type: array
[ref]
LabelsIgnoreList list regexp or plain definitions which labels should be ignored
.spec.gateways.labelsMode
Type: string
[ref]
LabelsMode Define labels mode which should be use while overriding labels
.spec.gateways.maxCount
Type: integer
[ref]
MaxCount specifies a maximum for the count of servers. If set, a specification is invalid if count > maxCount
.
.spec.gateways.memoryReservation
Type: integer
[ref]
MemoryReservation determines the system reservation of memory while calculating ARANGODB_OVERRIDE_DETECTED_TOTAL_MEMORY
value.
If this field is set, ARANGODB_OVERRIDE_DETECTED_TOTAL_MEMORY
is reduced by a specified value in percent.
Accepted Range <0, 50>. If the value is outside the accepted range, it is adjusted to the closest value.
Links:
Default Value: 0
.spec.gateways.minCount
Type: integer
[ref]
MinCount specifies a minimum for the count of servers. If set, a specification is invalid if count < minCount
.
.spec.gateways.nodeAffinity
Type: core.NodeAffinity
[ref]
NodeAffinity specified additional nodeAffinity settings in ArangoDB Pod definitions
Links:
.spec.gateways.nodeSelector
Type: map[string]string
[ref]
NodeSelector setting specifies a set of labels to be used as nodeSelector
for Pods of this node.
Links:
.spec.gateways.numactl.args
Type: array
[ref]
Args define list of the numactl process
Default Value: []
.spec.gateways.numactl.enabled
Type: boolean
[ref]
Enabled define if numactl should be enabled
Default Value: false
.spec.gateways.numactl.path
Type: string
[ref]
Path define numactl path within the container
Default Value: /usr/bin/numactl
.spec.gateways.overrideDetectedNumberOfCores
Type: boolean
[ref]
Important
Values set by this feature override user-provided
ARANGODB_OVERRIDE_DETECTED_NUMBER_OF_CORES
Container Environment Variable
OverrideDetectedNumberOfCores determines if number of cores should be overridden based on values in resources.
If is set to true and Container CPU Limits are set, it sets Container Environment Variable ARANGODB_OVERRIDE_DETECTED_NUMBER_OF_CORES
to the value from the Container CPU Limits.
Links:
Default Value: true
.spec.gateways.overrideDetectedTotalMemory
Type: boolean
[ref]
Important
Values set by this feature override user-provided
ARANGODB_OVERRIDE_DETECTED_TOTAL_MEMORY
Container Environment Variable
OverrideDetectedTotalMemory determines if memory should be overridden based on values in resources.
If is set to true and Container Memory Limits are set, it sets Container Environment Variable ARANGODB_OVERRIDE_DETECTED_TOTAL_MEMORY
to the value from the Container Memory Limits.
Links:
Default Value: true
.spec.gateways.podModes.network
Type: string
[ref]
.spec.gateways.podModes.pid
Type: string
[ref]
.spec.gateways.port
Type: integer
[ref]
Port define Port used by member
.spec.gateways.priorityClassName
Type: string
[ref]
PriorityClassName specifies a priority class name Will be forwarded to the pod spec.
Links:
.spec.gateways.probes.livenessProbeDisabled
Type: boolean
[ref]
LivenessProbeDisabled if set to true, the operator does not generate a liveness probe for new pods belonging to this group
Default Value: false
.spec.gateways.probes.livenessProbeSpec.failureThreshold
Type: integer
[ref]
FailureThreshold when a Pod starts and the probe fails, Kubernetes will try failureThreshold times before giving up. Giving up means restarting the container. Minimum value is 1.
Default Value: 3
.spec.gateways.probes.livenessProbeSpec.initialDelaySeconds
Type: integer
[ref]
InitialDelaySeconds specifies number of seconds after the container has started before liveness or readiness probes are initiated. Minimum value is 0.
Default Value: 2
.spec.gateways.probes.livenessProbeSpec.periodSeconds
Type: integer
[ref]
PeriodSeconds How often (in seconds) to perform the probe. Minimum value is 1.
Default Value: 10
.spec.gateways.probes.livenessProbeSpec.successThreshold
Type: integer
[ref]
SuccessThreshold Minimum consecutive successes for the probe to be considered successful after having failed. Minimum value is 1.
Default Value: 1
.spec.gateways.probes.livenessProbeSpec.timeoutSeconds
Type: integer
[ref]
TimeoutSeconds specifies number of seconds after which the probe times out Minimum value is 1.
Default Value: 2
.spec.gateways.probes.ReadinessProbeDisabled
Type: boolean
[ref]
Warning
DEPRECATED
This field is deprecated, kept only for backward compatibility.
OldReadinessProbeDisabled if true readinessProbes are disabled
.spec.gateways.probes.readinessProbeDisabled
Type: boolean
[ref]
ReadinessProbeDisabled override flag for probe disabled in good manner (lowercase) with backward compatibility
.spec.gateways.probes.readinessProbeSpec.failureThreshold
Type: integer
[ref]
FailureThreshold when a Pod starts and the probe fails, Kubernetes will try failureThreshold times before giving up. Giving up means restarting the container. Minimum value is 1.
Default Value: 3
.spec.gateways.probes.readinessProbeSpec.initialDelaySeconds
Type: integer
[ref]
InitialDelaySeconds specifies number of seconds after the container has started before liveness or readiness probes are initiated. Minimum value is 0.
Default Value: 2
.spec.gateways.probes.readinessProbeSpec.periodSeconds
Type: integer
[ref]
PeriodSeconds How often (in seconds) to perform the probe. Minimum value is 1.
Default Value: 10
.spec.gateways.probes.readinessProbeSpec.successThreshold
Type: integer
[ref]
SuccessThreshold Minimum consecutive successes for the probe to be considered successful after having failed. Minimum value is 1.
Default Value: 1
.spec.gateways.probes.readinessProbeSpec.timeoutSeconds
Type: integer
[ref]
TimeoutSeconds specifies number of seconds after which the probe times out Minimum value is 1.
Default Value: 2
.spec.gateways.probes.startupProbeDisabled
Type: boolean
[ref]
StartupProbeDisabled if true startupProbes are disabled
.spec.gateways.probes.startupProbeSpec.failureThreshold
Type: integer
[ref]
FailureThreshold when a Pod starts and the probe fails, Kubernetes will try failureThreshold times before giving up. Giving up means restarting the container. Minimum value is 1.
Default Value: 3
.spec.gateways.probes.startupProbeSpec.initialDelaySeconds
Type: integer
[ref]
InitialDelaySeconds specifies number of seconds after the container has started before liveness or readiness probes are initiated. Minimum value is 0.
Default Value: 2
.spec.gateways.probes.startupProbeSpec.periodSeconds
Type: integer
[ref]
PeriodSeconds How often (in seconds) to perform the probe. Minimum value is 1.
Default Value: 10
.spec.gateways.probes.startupProbeSpec.successThreshold
Type: integer
[ref]
SuccessThreshold Minimum consecutive successes for the probe to be considered successful after having failed. Minimum value is 1.
Default Value: 1
.spec.gateways.probes.startupProbeSpec.timeoutSeconds
Type: integer
[ref]
TimeoutSeconds specifies number of seconds after which the probe times out Minimum value is 1.
Default Value: 2
.spec.gateways.pvcResizeMode
Type: string
[ref]
VolumeResizeMode specified resize mode for PVCs and PVs
Possible Values:
"runtime"
(default) - PVC will be resized in Pod runtime (EKS, GKE)"rotate"
- Pod will be shutdown and PVC will be resized (AKS)
.spec.gateways.resources
Type: core.ResourceRequirements
[ref]
Resources holds resource requests & limits
Links:
.spec.gateways.schedulerName
Type: string
[ref]
SchedulerName define scheduler name used for group
.spec.gateways.securityContext.addCapabilities
Type: []core.Capability
[ref]
AddCapabilities add new capabilities to containers
.spec.gateways.securityContext.allowPrivilegeEscalation
Type: boolean
[ref]
AllowPrivilegeEscalation Controls whether a process can gain more privileges than its parent process.
.spec.gateways.securityContext.dropAllCapabilities
Type: boolean
[ref]
Warning
DEPRECATED
This field is added for backward compatibility. Will be removed in 1.1.0.
DropAllCapabilities specifies if capabilities should be dropped for this pod containers
.spec.gateways.securityContext.fsGroup
Type: integer
[ref]
FSGroup is a special supplemental group that applies to all containers in a pod.
.spec.gateways.securityContext.privileged
Type: boolean
[ref]
Privileged If true, runs container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host.
.spec.gateways.securityContext.readOnlyRootFilesystem
Type: boolean
[ref]
ReadOnlyRootFilesystem if true, mounts the container's root filesystem as read-only.
.spec.gateways.securityContext.runAsGroup
Type: integer
[ref]
RunAsGroup is the GID to run the entrypoint of the container process.
.spec.gateways.securityContext.runAsNonRoot
Type: boolean
[ref]
RunAsNonRoot if true, indicates that the container must run as a non-root user.
.spec.gateways.securityContext.runAsUser
Type: integer
[ref]
RunAsUser is the UID to run the entrypoint of the container process.
.spec.gateways.securityContext.seccompProfile
Type: core.SeccompProfile
[ref]
SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.
Links:
.spec.gateways.securityContext.seLinuxOptions
Type: core.SELinuxOptions
[ref]
SELinuxOptions are the labels to be applied to the container
Links:
.spec.gateways.securityContext.supplementalGroups
Type: array
[ref]
SupplementalGroups is a list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process.
.spec.gateways.securityContext.sysctls
Type: map[string]intstr.IntOrString
[ref]
Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Map Value can be String or Int
Links:
Example:
sysctls:
"kernel.shm_rmid_forced": "0"
"net.core.somaxconn": 1024
"kernel.msgmax": "65536"
.spec.gateways.serviceAccountName
Type: string
[ref]
ServiceAccountName setting specifies the serviceAccountName
for the Pods
created
for each server of this group. If empty, it defaults to using the
default
service account.
Using an alternative ServiceAccount
is typically used to separate access rights.
The ArangoDB deployments need some very minimal access rights. With the
deployment of the operator, we grant the rights to 'get' all 'pod' resources.
If you are using a different service account, please grant these rights
to that service account.
.spec.gateways.shutdownDelay
Type: integer
[ref]
ShutdownDelay define how long operator should delay finalizer removal after shutdown
.spec.gateways.shutdownMethod
Type: string
[ref]
ShutdownMethod describe procedure of member shutdown taken by Operator
.spec.gateways.sidecarCoreNames
Type: array
[ref]
SidecarCoreNames is a list of sidecar containers which must run in the pod. Some names (e.g.: "server", "worker") are reserved, and they don't have any impact.
.spec.gateways.sidecars
Type: []core.Container
[ref]
Sidecars specifies a list of additional containers to be started
Links:
.spec.gateways.storageClassName
Type: string
[ref]
Warning
DEPRECATED
Use VolumeClaimTemplate instead.
StorageClassName specifies the classname for storage of the servers.
.spec.gateways.terminationGracePeriodSeconds
Type: integer
[ref]
TerminationGracePeriodSeconds override default TerminationGracePeriodSeconds for pods - via silent rotation
.spec.gateways.tolerations
Type: []core.Toleration
[ref]
Tolerations specifies the tolerations added to Pods in this group.
By default, suitable tolerations are set for the following keys with the NoExecute
effect:
node.kubernetes.io/not-ready
node.kubernetes.io/unreachable
node.alpha.kubernetes.io/unreachable
(will be removed in future version) For more information on tolerations, consult the https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
Links:
.spec.gateways.volumeAllowShrink
Type: boolean
[ref]
Warning
DEPRECATED
Not used anymore
VolumeAllowShrink allows shrinking of the volume
.spec.gateways.volumeClaimTemplate
Type: core.PersistentVolumeClaim
[ref]
VolumeClaimTemplate specifies a volumeClaimTemplate used by operator to create to volume claims for pods of this group.
This setting is not available for group coordinators
, syncmasters
& syncworkers
.
The default value describes a volume with 8Gi
storage, ReadWriteOnce
access mode and volume mode set to PersistentVolumeFilesystem
.
If this field is not set and spec.<group>.resources.requests.storage
is set, then a default volume claim
with size as specified by spec.<group>.resources.requests.storage
will be created. In that case storage
and iops
is not forwarded to the pods resource requirements.
Links:
.spec.gateways.volumeMounts
Type: []ServerGroupSpecVolumeMount
[ref]
VolumeMounts define list of volume mounts mounted into server container
Links:
.spec.gateways.volumes[int].configMap
Type: core.ConfigMapVolumeSource
[ref]
ConfigMap which should be mounted into pod
Links:
.spec.gateways.volumes[int].emptyDir
Type: core.EmptyDirVolumeSource
[ref]
EmptyDir
Links:
.spec.gateways.volumes[int].hostPath
Type: core.HostPathVolumeSource
[ref]
HostPath
Links:
.spec.gateways.volumes[int].name
Type: string
[ref]
Name of volume
.spec.gateways.volumes[int].persistentVolumeClaim
Type: core.PersistentVolumeClaimVolumeSource
[ref]
PersistentVolumeClaim
Links:
.spec.gateways.volumes[int].secret
Type: core.SecretVolumeSource
[ref]
Secret which should be mounted into pod
Links:
.spec.id.affinity
Type: core.PodAffinity
[ref]
Affinity specified additional affinity settings in ArangoDB Pod definitions
Links:
.spec.id.antiAffinity
Type: core.PodAntiAffinity
[ref]
AntiAffinity specified additional antiAffinity settings in ArangoDB Pod definitions
Links:
.spec.id.args
Type: []string
[ref]
Args setting specifies additional command-line arguments passed to all servers of this group.
Default Value: []
.spec.id.entrypoint
Type: string
[ref]
Entrypoint overrides container executable
.spec.id.nodeAffinity
Type: core.NodeAffinity
[ref]
NodeAffinity specified additional nodeAffinity settings in ArangoDB Pod definitions
Links:
.spec.id.nodeSelector
Type: object
[ref]
NodeSelector specifies a set of selectors for nodes
.spec.id.priorityClassName
Type: string
[ref]
PriorityClassName specifies a priority class name
.spec.id.resources
Type: core.ResourceRequirements
[ref]
Resources holds resource requests & limits
Links:
.spec.id.securityContext.addCapabilities
Type: []core.Capability
[ref]
AddCapabilities add new capabilities to containers
.spec.id.securityContext.allowPrivilegeEscalation
Type: boolean
[ref]
AllowPrivilegeEscalation Controls whether a process can gain more privileges than its parent process.
.spec.id.securityContext.dropAllCapabilities
Type: boolean
[ref]
Warning
DEPRECATED
This field is added for backward compatibility. Will be removed in 1.1.0.
DropAllCapabilities specifies if capabilities should be dropped for this pod containers
.spec.id.securityContext.fsGroup
Type: integer
[ref]
FSGroup is a special supplemental group that applies to all containers in a pod.
.spec.id.securityContext.privileged
Type: boolean
[ref]
Privileged If true, runs container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host.
.spec.id.securityContext.readOnlyRootFilesystem
Type: boolean
[ref]
ReadOnlyRootFilesystem if true, mounts the container's root filesystem as read-only.
.spec.id.securityContext.runAsGroup
Type: integer
[ref]
RunAsGroup is the GID to run the entrypoint of the container process.
.spec.id.securityContext.runAsNonRoot
Type: boolean
[ref]
RunAsNonRoot if true, indicates that the container must run as a non-root user.
.spec.id.securityContext.runAsUser
Type: integer
[ref]
RunAsUser is the UID to run the entrypoint of the container process.
.spec.id.securityContext.seccompProfile
Type: core.SeccompProfile
[ref]
SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.
Links:
.spec.id.securityContext.seLinuxOptions
Type: core.SELinuxOptions
[ref]
SELinuxOptions are the labels to be applied to the container
Links:
.spec.id.securityContext.supplementalGroups
Type: array
[ref]
SupplementalGroups is a list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process.
.spec.id.securityContext.sysctls
Type: map[string]intstr.IntOrString
[ref]
Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Map Value can be String or Int
Links:
Example:
sysctls:
"kernel.shm_rmid_forced": "0"
"net.core.somaxconn": 1024
"kernel.msgmax": "65536"
.spec.id.serviceAccountName
Type: string
[ref]
ServiceAccountName specifies the name of the service account used for Pods in this group.
.spec.id.tolerations
Type: []core.Toleration
[ref]
Tolerations specifies the tolerations added to Pods in this group.
Links:
.spec.image
Type: string
[ref]
Image specifies the docker image to use for all ArangoDB servers. In a development environment this setting defaults to arangodb/arangodb:latest. For production environments this is a required setting without a default value. It is highly recommend to use explicit version (not latest) for production environments.
.spec.imageDiscoveryMode
Type: string
[ref]
ImageDiscoveryMode specifies the image discovery mode.
Possible Values:
"kubelet"
(default) - Use sha256 of the discovered image in the pods"direct"
- Use image provided in the spec.image directly in the pods
.spec.imagePullPolicy
Type: core.PullPolicy
[ref]
ImagePullPolicy specifies the pull policy for the docker image to use for all ArangoDB servers.
Links:
Possible Values:
"Always"
(default) - Means that kubelet always attempts to pull the latest image. Container will fail If the pull fails."Never"
- Means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present"IfNotPresent"
- Means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails.
.spec.imagePullSecrets
Type: array
[ref]
ImagePullSecrets specifies the list of image pull secrets for the docker image to use for all ArangoDB servers.
.spec.labels
Type: object
[ref]
Labels specifies the labels added to Pods in this group.
.spec.labelsIgnoreList
Type: array
[ref]
LabelsIgnoreList list regexp or plain definitions which labels should be ignored
.spec.labelsMode
Type: string
[ref]
LabelsMode Define labels mode which should be use while overriding labels
Possible Values:
"disabled"
(default) - Disable annotations/labels override. Default if there is no annotations/labels set in ArangoDeployment"append"
- Add new annotations/labels without affecting old ones"replace"
- Replace existing annotations/labels
.spec.license.secretName
Type: string
[ref]
SecretName setting specifies the name of a kubernetes Secret
that contains
the license key token used for enterprise images. This value is not used for
the Community Edition.
.spec.lifecycle.resources
Type: core.ResourceRequirements
[ref]
Resources holds resource requests & limits
Links:
.spec.memberPropagationMode
Type: string
[ref]
MemberPropagationMode defines how changes to pod spec should be propogated. Changes to a pod’s configuration require a restart of that pod in almost all cases. Pods are restarted eagerly by default, which can cause more restarts than desired, especially when updating arangod as well as the operator. The propagation of the configuration changes can be deferred to the next restart, either triggered manually by the user or by another operation like an upgrade. This reduces the number of restarts for upgrading both the server and the operator from two to one.
Possible Values:
"always"
(default) - Restart the member as soon as a configuration change is discovered"on-restart"
- Wait until the next restart to change the member configuration
.spec.metrics.authentication.jwtTokenSecretName
Type: string
[ref]
JWTTokenSecretName contains the name of the JWT kubernetes secret used for authentication
.spec.metrics.enabled
Type: boolean
[ref]
Enabled if this is set to true
, the operator runs a sidecar container for
every Agent, DB-Server, Coordinator and Single server.
Links:
Default Value: false
.spec.metrics.extensions.usageMetrics
Type: boolean
[ref]
Important
UsageMetrics needs to be also enabled via DBServer Arguments
UsageMetrics enables ArangoDB Usage metrics scrape. Affects only DBServers in the Cluster mode.
Links:
Default Value: false
.spec.metrics.image
Type: string
[ref]
Warning
DEPRECATED
Image is now extracted from Operator Pod
Image used for the Metrics Sidecar
.spec.metrics.mode
Type: string
[ref]
Warning
DEPRECATED
Not used anymore
Mode define metrics exported mode
.spec.metrics.port
Type: integer
[ref]
.spec.metrics.resources
Type: core.ResourceRequirements
[ref]
Resources holds resource requests & limits
Links:
.spec.metrics.serviceMonitor.enabled
Type: boolean
[ref]
.spec.metrics.serviceMonitor.labels
Type: object
[ref]
.spec.metrics.tls
Type: boolean
[ref]
TLS defines if TLS should be enabled on Metrics exporter endpoint.
This option will enable TLS only if TLS is enabled on ArangoDeployment,
otherwise true
value will not take any effect.
Default Value: true
.spec.mode
Type: string
[ref]
Mode specifies the type of ArangoDB deployment to create.
Possible Values:
"Cluster"
(default) - Full cluster. Defaults to 3 Agents, 3 DB-Servers & 3 Coordinators."ActiveFailover"
- Active-failover single pair. Defaults to 3 Agents and 2 single servers."Single"
- Single server only (note this does not provide high availability or reliability).
This field is immutable: Change of the ArangoDeployment Mode is not possible after creation.
.spec.networkAttachedVolumes
Type: boolean
[ref]
NetworkAttachedVolumes
If set to true
, a ResignLeadership operation will be triggered when a DB-Server pod is evicted (rather than a CleanOutServer operation).
Furthermore, the pod will simply be redeployed on a different node, rather than cleaned and retired and replaced by a new member.
You must only set this option to true if your persistent volumes are “movable” in the sense that they can be mounted from a different k8s node, like in the case of network attached volumes.
If your persistent volumes are tied to a specific pod, you must leave this option on false.
Default Value: true
.spec.rebalancer.enabled
Type: boolean
[ref]
.spec.rebalancer.optimizers.leader
Type: boolean
[ref]
.spec.rebalancer.parallelMoves
Type: integer
[ref]
.spec.rebalancer.readers.count
Type: boolean
[ref]
Warning
DEPRECATED
does not work in Rebalancer V2
Count Enable Shard Count machanism
.spec.recovery.autoRecover
Type: boolean
[ref]
.spec.restoreEncryptionSecret
Type: string
[ref]
RestoreEncryptionSecret specifies optional name of secret which contains encryption key used for restore
.spec.restoreFrom
Type: string
[ref]
RestoreFrom setting specifies a ArangoBackup
resource name the cluster should be restored from.
After a restore or failure to do so, the status of the deployment contains information about the restore operation in the restore key.
It will contain some of the following fields:
requestedFrom
: name of the ArangoBackup used to restore from.message
: optional message explaining why the restore failed.state
: state indicating if the restore was successful or not. Possible values: Restoring, Restored, RestoreFailed If the restoreFrom key is removed from the spec, the restore key is deleted as well. A new restore attempt is made if and only if either in the status restore is not set or if spec.restoreFrom and status.requestedFrom are different.
.spec.rocksdb.encryption.keySecretName
Type: string
[ref]
KeySecretName setting specifies the name of a Kubernetes Secret
that contains an encryption key used for encrypting all data stored by ArangoDB servers.
When an encryption key is used, encryption of the data in the cluster is enabled, without it encryption is disabled.
The default value is empty.
This requires the Enterprise Edition.
The encryption key cannot be changed after the cluster has been created.
The secret specified by this setting, must have a data field named 'key' containing an encryption key that is exactly 32 bytes long.
.spec.single.affinity
Type: core.PodAffinity
[ref]
Affinity specified additional affinity settings in ArangoDB Pod definitions
Links:
.spec.single.allowMemberRecreation
Type: boolean
[ref]
AllowMemberRecreation allows to recreate member. This setting changes the member recreation logic based on group:
- For Sync Masters, Sync Workers, Coordinator and DB-Servers it determines if a member can be recreated in case of failure (default
true
) - For Agents and Single this value is hardcoded to
false
and the value provided in spec is ignored.
.spec.single.annotations
Type: object
[ref]
Annotations specified the annotations added to Pods in this group.
Annotations are merged with spec.annotations
.
.spec.single.annotationsIgnoreList
Type: array
[ref]
AnnotationsIgnoreList list regexp or plain definitions which annotations should be ignored
.spec.single.annotationsMode
Type: string
[ref]
AnnotationsMode Define annotations mode which should be use while overriding annotations
.spec.single.antiAffinity
Type: core.PodAntiAffinity
[ref]
AntiAffinity specified additional antiAffinity settings in ArangoDB Pod definitions
Links:
.spec.single.args
Type: []string
[ref]
Args setting specifies additional command-line arguments passed to all servers of this group.
Default Value: []
.spec.single.count
Type: integer
[ref]
Count setting specifies the number of servers to start for the given group.
For the Agent group, this value must be a positive, odd number.
The default value is 3
for all groups except single
(there the default is 1
for spec.mode: Single
and 2
for spec.mode: ActiveFailover
).
For the syncworkers
group, it is highly recommended to use the same number
as for the dbservers
group.
.spec.single.entrypoint
Type: string
[ref]
Entrypoint overrides container executable
.spec.single.envs[int].name
Type: string
[ref]
.spec.single.envs[int].value
Type: string
[ref]
.spec.single.ephemeralVolumes.apps.size
Type: resource.Quantity
[ref]
Size define size of the ephemeral volume
Links:
.spec.single.ephemeralVolumes.temp.size
Type: resource.Quantity
[ref]
Size define size of the ephemeral volume
Links:
.spec.single.exporterPort
Type: integer
[ref]
ExporterPort define Port used by exporter
.spec.single.extendedRotationCheck
Type: boolean
[ref]
ExtendedRotationCheck extend checks for rotation
.spec.single.externalPortEnabled
Type: boolean
[ref]
ExternalPortEnabled if external port should be enabled. If is set to false, ports needs to be exposed via sidecar. Only for ArangoD members
.spec.single.indexMethod
Type: string
[ref]
IndexMethod define group Indexing method
Possible Values:
"random"
(default) - Pick random ID for member. Enforced on the Community Operator."ordered"
- Use sequential number as Member ID, starting from 0. Enterprise Operator required.
.spec.single.initContainers.containers
Type: []core.Container
[ref]
Containers contains list of containers
Links:
.spec.single.initContainers.mode
Type: string
[ref]
Mode keep container replace mode
.spec.single.internalPort
Type: integer
[ref]
InternalPort define port used in internal communication, can be accessed over localhost via sidecar. Only for ArangoD members
.spec.single.internalPortProtocol
Type: string
[ref]
InternalPortProtocol define protocol of port used in internal communication, can be accessed over localhost via sidecar. Only for ArangoD members
.spec.single.labels
Type: object
[ref]
Labels specified the labels added to Pods in this group.
.spec.single.labelsIgnoreList
Type: array
[ref]
LabelsIgnoreList list regexp or plain definitions which labels should be ignored
.spec.single.labelsMode
Type: string
[ref]
LabelsMode Define labels mode which should be use while overriding labels
.spec.single.maxCount
Type: integer
[ref]
MaxCount specifies a maximum for the count of servers. If set, a specification is invalid if count > maxCount
.
.spec.single.memoryReservation
Type: integer
[ref]
MemoryReservation determines the system reservation of memory while calculating ARANGODB_OVERRIDE_DETECTED_TOTAL_MEMORY
value.
If this field is set, ARANGODB_OVERRIDE_DETECTED_TOTAL_MEMORY
is reduced by a specified value in percent.
Accepted Range <0, 50>. If the value is outside the accepted range, it is adjusted to the closest value.
Links:
Default Value: 0
.spec.single.minCount
Type: integer
[ref]
MinCount specifies a minimum for the count of servers. If set, a specification is invalid if count < minCount
.
.spec.single.nodeAffinity
Type: core.NodeAffinity
[ref]
NodeAffinity specified additional nodeAffinity settings in ArangoDB Pod definitions
Links:
.spec.single.nodeSelector
Type: map[string]string
[ref]
NodeSelector setting specifies a set of labels to be used as nodeSelector
for Pods of this node.
Links:
.spec.single.numactl.args
Type: array
[ref]
Args define list of the numactl process
Default Value: []
.spec.single.numactl.enabled
Type: boolean
[ref]
Enabled define if numactl should be enabled
Default Value: false
.spec.single.numactl.path
Type: string
[ref]
Path define numactl path within the container
Default Value: /usr/bin/numactl
.spec.single.overrideDetectedNumberOfCores
Type: boolean
[ref]
Important
Values set by this feature override user-provided
ARANGODB_OVERRIDE_DETECTED_NUMBER_OF_CORES
Container Environment Variable
OverrideDetectedNumberOfCores determines if number of cores should be overridden based on values in resources.
If is set to true and Container CPU Limits are set, it sets Container Environment Variable ARANGODB_OVERRIDE_DETECTED_NUMBER_OF_CORES
to the value from the Container CPU Limits.
Links:
Default Value: true
.spec.single.overrideDetectedTotalMemory
Type: boolean
[ref]
Important
Values set by this feature override user-provided
ARANGODB_OVERRIDE_DETECTED_TOTAL_MEMORY
Container Environment Variable
OverrideDetectedTotalMemory determines if memory should be overridden based on values in resources.
If is set to true and Container Memory Limits are set, it sets Container Environment Variable ARANGODB_OVERRIDE_DETECTED_TOTAL_MEMORY
to the value from the Container Memory Limits.
Links:
Default Value: true
.spec.single.podModes.network
Type: string
[ref]
.spec.single.podModes.pid
Type: string
[ref]
.spec.single.port
Type: integer
[ref]
Port define Port used by member
.spec.single.priorityClassName
Type: string
[ref]
PriorityClassName specifies a priority class name Will be forwarded to the pod spec.
Links:
.spec.single.probes.livenessProbeDisabled
Type: boolean
[ref]
LivenessProbeDisabled if set to true, the operator does not generate a liveness probe for new pods belonging to this group
Default Value: false
.spec.single.probes.livenessProbeSpec.failureThreshold
Type: integer
[ref]
FailureThreshold when a Pod starts and the probe fails, Kubernetes will try failureThreshold times before giving up. Giving up means restarting the container. Minimum value is 1.
Default Value: 3
.spec.single.probes.livenessProbeSpec.initialDelaySeconds
Type: integer
[ref]
InitialDelaySeconds specifies number of seconds after the container has started before liveness or readiness probes are initiated. Minimum value is 0.
Default Value: 2
.spec.single.probes.livenessProbeSpec.periodSeconds
Type: integer
[ref]
PeriodSeconds How often (in seconds) to perform the probe. Minimum value is 1.
Default Value: 10
.spec.single.probes.livenessProbeSpec.successThreshold
Type: integer
[ref]
SuccessThreshold Minimum consecutive successes for the probe to be considered successful after having failed. Minimum value is 1.
Default Value: 1
.spec.single.probes.livenessProbeSpec.timeoutSeconds
Type: integer
[ref]
TimeoutSeconds specifies number of seconds after which the probe times out Minimum value is 1.
Default Value: 2
.spec.single.probes.ReadinessProbeDisabled
Type: boolean
[ref]
Warning
DEPRECATED
This field is deprecated, kept only for backward compatibility.
OldReadinessProbeDisabled if true readinessProbes are disabled
.spec.single.probes.readinessProbeDisabled
Type: boolean
[ref]
ReadinessProbeDisabled override flag for probe disabled in good manner (lowercase) with backward compatibility
.spec.single.probes.readinessProbeSpec.failureThreshold
Type: integer
[ref]
FailureThreshold when a Pod starts and the probe fails, Kubernetes will try failureThreshold times before giving up. Giving up means restarting the container. Minimum value is 1.
Default Value: 3
.spec.single.probes.readinessProbeSpec.initialDelaySeconds
Type: integer
[ref]
InitialDelaySeconds specifies number of seconds after the container has started before liveness or readiness probes are initiated. Minimum value is 0.
Default Value: 2
.spec.single.probes.readinessProbeSpec.periodSeconds
Type: integer
[ref]
PeriodSeconds How often (in seconds) to perform the probe. Minimum value is 1.
Default Value: 10
.spec.single.probes.readinessProbeSpec.successThreshold
Type: integer
[ref]
SuccessThreshold Minimum consecutive successes for the probe to be considered successful after having failed. Minimum value is 1.
Default Value: 1
.spec.single.probes.readinessProbeSpec.timeoutSeconds
Type: integer
[ref]
TimeoutSeconds specifies number of seconds after which the probe times out Minimum value is 1.
Default Value: 2
.spec.single.probes.startupProbeDisabled
Type: boolean
[ref]
StartupProbeDisabled if true startupProbes are disabled
.spec.single.probes.startupProbeSpec.failureThreshold
Type: integer
[ref]
FailureThreshold when a Pod starts and the probe fails, Kubernetes will try failureThreshold times before giving up. Giving up means restarting the container. Minimum value is 1.
Default Value: 3
.spec.single.probes.startupProbeSpec.initialDelaySeconds
Type: integer
[ref]
InitialDelaySeconds specifies number of seconds after the container has started before liveness or readiness probes are initiated. Minimum value is 0.
Default Value: 2
.spec.single.probes.startupProbeSpec.periodSeconds
Type: integer
[ref]
PeriodSeconds How often (in seconds) to perform the probe. Minimum value is 1.
Default Value: 10
.spec.single.probes.startupProbeSpec.successThreshold
Type: integer
[ref]
SuccessThreshold Minimum consecutive successes for the probe to be considered successful after having failed. Minimum value is 1.
Default Value: 1
.spec.single.probes.startupProbeSpec.timeoutSeconds
Type: integer
[ref]
TimeoutSeconds specifies number of seconds after which the probe times out Minimum value is 1.
Default Value: 2
.spec.single.pvcResizeMode
Type: string
[ref]
VolumeResizeMode specified resize mode for PVCs and PVs
Possible Values:
"runtime"
(default) - PVC will be resized in Pod runtime (EKS, GKE)"rotate"
- Pod will be shutdown and PVC will be resized (AKS)
.spec.single.resources
Type: core.ResourceRequirements
[ref]
Resources holds resource requests & limits
Links:
.spec.single.schedulerName
Type: string
[ref]
SchedulerName define scheduler name used for group
.spec.single.securityContext.addCapabilities
Type: []core.Capability
[ref]
AddCapabilities add new capabilities to containers
.spec.single.securityContext.allowPrivilegeEscalation
Type: boolean
[ref]
AllowPrivilegeEscalation Controls whether a process can gain more privileges than its parent process.
.spec.single.securityContext.dropAllCapabilities
Type: boolean
[ref]
Warning
DEPRECATED
This field is added for backward compatibility. Will be removed in 1.1.0.
DropAllCapabilities specifies if capabilities should be dropped for this pod containers
.spec.single.securityContext.fsGroup
Type: integer
[ref]
FSGroup is a special supplemental group that applies to all containers in a pod.
.spec.single.securityContext.privileged
Type: boolean
[ref]
Privileged If true, runs container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host.
.spec.single.securityContext.readOnlyRootFilesystem
Type: boolean
[ref]
ReadOnlyRootFilesystem if true, mounts the container's root filesystem as read-only.
.spec.single.securityContext.runAsGroup
Type: integer
[ref]
RunAsGroup is the GID to run the entrypoint of the container process.
.spec.single.securityContext.runAsNonRoot
Type: boolean
[ref]
RunAsNonRoot if true, indicates that the container must run as a non-root user.
.spec.single.securityContext.runAsUser
Type: integer
[ref]
RunAsUser is the UID to run the entrypoint of the container process.
.spec.single.securityContext.seccompProfile
Type: core.SeccompProfile
[ref]
SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.
Links:
.spec.single.securityContext.seLinuxOptions
Type: core.SELinuxOptions
[ref]
SELinuxOptions are the labels to be applied to the container
Links:
.spec.single.securityContext.supplementalGroups
Type: array
[ref]
SupplementalGroups is a list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process.
.spec.single.securityContext.sysctls
Type: map[string]intstr.IntOrString
[ref]
Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Map Value can be String or Int
Links:
Example:
sysctls:
"kernel.shm_rmid_forced": "0"
"net.core.somaxconn": 1024
"kernel.msgmax": "65536"
.spec.single.serviceAccountName
Type: string
[ref]
ServiceAccountName setting specifies the serviceAccountName
for the Pods
created
for each server of this group. If empty, it defaults to using the
default
service account.
Using an alternative ServiceAccount
is typically used to separate access rights.
The ArangoDB deployments need some very minimal access rights. With the
deployment of the operator, we grant the rights to 'get' all 'pod' resources.
If you are using a different service account, please grant these rights
to that service account.
.spec.single.shutdownDelay
Type: integer
[ref]
ShutdownDelay define how long operator should delay finalizer removal after shutdown
.spec.single.shutdownMethod
Type: string
[ref]
ShutdownMethod describe procedure of member shutdown taken by Operator
.spec.single.sidecarCoreNames
Type: array
[ref]
SidecarCoreNames is a list of sidecar containers which must run in the pod. Some names (e.g.: "server", "worker") are reserved, and they don't have any impact.
.spec.single.sidecars
Type: []core.Container
[ref]
Sidecars specifies a list of additional containers to be started
Links:
.spec.single.storageClassName
Type: string
[ref]
Warning
DEPRECATED
Use VolumeClaimTemplate instead.
StorageClassName specifies the classname for storage of the servers.
.spec.single.terminationGracePeriodSeconds
Type: integer
[ref]
TerminationGracePeriodSeconds override default TerminationGracePeriodSeconds for pods - via silent rotation
.spec.single.tolerations
Type: []core.Toleration
[ref]
Tolerations specifies the tolerations added to Pods in this group.
By default, suitable tolerations are set for the following keys with the NoExecute
effect:
node.kubernetes.io/not-ready
node.kubernetes.io/unreachable
node.alpha.kubernetes.io/unreachable
(will be removed in future version) For more information on tolerations, consult the https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
Links:
.spec.single.volumeAllowShrink
Type: boolean
[ref]
Warning
DEPRECATED
Not used anymore
VolumeAllowShrink allows shrinking of the volume
.spec.single.volumeClaimTemplate
Type: core.PersistentVolumeClaim
[ref]
VolumeClaimTemplate specifies a volumeClaimTemplate used by operator to create to volume claims for pods of this group.
This setting is not available for group coordinators
, syncmasters
& syncworkers
.
The default value describes a volume with 8Gi
storage, ReadWriteOnce
access mode and volume mode set to PersistentVolumeFilesystem
.
If this field is not set and spec.<group>.resources.requests.storage
is set, then a default volume claim
with size as specified by spec.<group>.resources.requests.storage
will be created. In that case storage
and iops
is not forwarded to the pods resource requirements.
Links:
.spec.single.volumeMounts
Type: []ServerGroupSpecVolumeMount
[ref]
VolumeMounts define list of volume mounts mounted into server container
Links:
.spec.single.volumes[int].configMap
Type: core.ConfigMapVolumeSource
[ref]
ConfigMap which should be mounted into pod
Links:
.spec.single.volumes[int].emptyDir
Type: core.EmptyDirVolumeSource
[ref]
EmptyDir
Links:
.spec.single.volumes[int].hostPath
Type: core.HostPathVolumeSource
[ref]
HostPath
Links:
.spec.single.volumes[int].name
Type: string
[ref]
Name of volume
.spec.single.volumes[int].persistentVolumeClaim
Type: core.PersistentVolumeClaimVolumeSource
[ref]
PersistentVolumeClaim
Links:
.spec.single.volumes[int].secret
Type: core.SecretVolumeSource
[ref]
Secret which should be mounted into pod
Links:
.spec.storageEngine
Type: string
[ref]
StorageEngine specifies the type of storage engine used for all servers in the cluster.
Possible Values:
"RocksDB"
(default) - To use the RocksDB storage engine."MMFiles"
- To use the MMFiles storage engine. Deprecated.
This field is immutable: This setting cannot be changed after the cluster has been created.
.spec.sync.auth.clientCASecretName
Type: string
[ref]
ClientCASecretName setting specifies the name of a kubernetes Secret
that contains
a PEM encoded CA certificate used for client certificate verification
in all ArangoSync master servers.
This is a required setting when spec.sync.enabled
is true
.
.spec.sync.auth.jwtSecretName
Type: string
[ref]
JWTSecretName setting specifies the name of a kubernetes Secret
that contains
the JWT token used for accessing all ArangoSync master servers.
When not specified, the spec.auth.jwtSecretName
value is used.
If you specify a name of a Secret
that does not exist, a random token is created
and stored in a Secret
with given name.
.spec.sync.enabled
Type: boolean
[ref]
Enabled setting enables/disables support for data center 2 data center
replication in the cluster. When enabled, the cluster will contain
a number of syncmaster
& syncworker
servers.
Default Value: false
.spec.sync.externalAccess.accessPackageSecretNames
Type: []string
[ref]
AccessPackageSecretNames setting specifies the names of zero of more Secrets
that will be created by the deployment
operator containing "access packages". An access package contains those Secrets
that are needed
to access the SyncMasters of this ArangoDeployment
.
By removing a name from this setting, the corresponding Secret
is also deleted.
Note that to remove all access packages, leave an empty array in place ([]
).
Completely removing the setting results in not modifying the list.
Links:
.spec.sync.externalAccess.advertisedEndpoint
Type: string
[ref]
AdvertisedEndpoint is passed to the coordinators/single servers for advertising a specific endpoint
.spec.sync.externalAccess.loadBalancerIP
Type: string
[ref]
LoadBalancerIP define optional IP used to configure a load-balancer on, in case of Auto or LoadBalancer type. If you do not specify this setting, an IP will be chosen automatically by the load-balancer provisioner.
.spec.sync.externalAccess.loadBalancerSourceRanges
Type: array
[ref]
LoadBalancerSourceRanges define LoadBalancerSourceRanges used for LoadBalancer Service type If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature.
Links:
.spec.sync.externalAccess.managedServiceNames
Type: array
[ref]
ManagedServiceNames keeps names of services which are not managed by KubeArangoDB.
It is only relevant when type of service is managed
.
.spec.sync.externalAccess.masterEndpoint
Type: []string
[ref]
MasterEndpoint setting specifies the master endpoint(s) advertised by the ArangoSync SyncMasters. If not set, this setting defaults to:
- If
spec.sync.externalAccess.loadBalancerIP
is set, it defaults tohttps://<load-balancer-ip>:<8629>
. - Otherwise it defaults to
https://<sync-service-dns-name>:<8629>
.
.spec.sync.externalAccess.nodePort
Type: integer
[ref]
NodePort define optional port used in case of Auto or NodePort type.
This setting is used when spec.externalAccess.type
is set to NodePort
or Auto
.
If you do not specify this setting, a random port will be chosen automatically.
.spec.sync.externalAccess.type
Type: string
[ref]
Type specifies the type of Service that will be created to provide access to the ArangoDB deployment from outside the Kubernetes cluster.
Possible Values:
"Auto"
(default) - Create a Service of type LoadBalancer and fallback to a Service or type NodePort when the LoadBalancer is not assigned an IP address."None"
- limit access to application running inside the Kubernetes cluster."LoadBalancer"
- Create a Service of type LoadBalancer for the ArangoDB deployment."NodePort"
- Create a Service of type NodePort for the ArangoDB deployment.
.spec.sync.image
Type: string
[ref]
.spec.sync.monitoring.tokenSecretName
Type: string
[ref]
TokenSecretName setting specifies the name of a kubernetes Secret
that contains
the bearer token used for accessing all monitoring endpoints of all arangod/arangosync servers.
When not specified, no monitoring token is used.
.spec.sync.tls.altNames
Type: []string
[ref]
AltNames setting specifies a list of alternate names that will be added to all generated certificates. These names can be DNS names or email addresses. The default value is empty.
.spec.sync.tls.caSecretName
Type: string
[ref]
CASecretName setting specifies the name of a kubernetes Secret
that contains
a standard CA certificate + private key used to sign certificates for individual
ArangoDB servers.
When no name is specified, it defaults to <deployment-name>-ca
.
To disable authentication, set this value to None
.
If you specify a name of a Secret
that does not exist, a self-signed CA certificate + key is created
and stored in a Secret
with given name.
The specified Secret
, must contain the following data fields:
ca.crt
PEM encoded public key of the CA certificateca.key
PEM encoded private key of the CA certificate
.spec.sync.tls.mode
Type: string
[ref]
.spec.sync.tls.sni.mapping.<string>
Type: array
[ref]
.spec.sync.tls.ttl
Type: string
[ref]
TTL setting specifies the time to live of all generated server certificates. When the server certificate is about to expire, it will be automatically replaced by a new one and the affected server will be restarted. Note: The time to live of the CA certificate (when created automatically) will be set to 10 years.
Default Value: "2160h" (about 3 months)
.spec.syncmasters.affinity
Type: core.PodAffinity
[ref]
Affinity specified additional affinity settings in ArangoDB Pod definitions
Links:
.spec.syncmasters.allowMemberRecreation
Type: boolean
[ref]
AllowMemberRecreation allows to recreate member. This setting changes the member recreation logic based on group:
- For Sync Masters, Sync Workers, Coordinator and DB-Servers it determines if a member can be recreated in case of failure (default
true
) - For Agents and Single this value is hardcoded to
false
and the value provided in spec is ignored.
.spec.syncmasters.annotations
Type: object
[ref]
Annotations specified the annotations added to Pods in this group.
Annotations are merged with spec.annotations
.
.spec.syncmasters.annotationsIgnoreList
Type: array
[ref]
AnnotationsIgnoreList list regexp or plain definitions which annotations should be ignored
.spec.syncmasters.annotationsMode
Type: string
[ref]
AnnotationsMode Define annotations mode which should be use while overriding annotations
.spec.syncmasters.antiAffinity
Type: core.PodAntiAffinity
[ref]
AntiAffinity specified additional antiAffinity settings in ArangoDB Pod definitions
Links:
.spec.syncmasters.args
Type: []string
[ref]
Args setting specifies additional command-line arguments passed to all servers of this group.
Default Value: []
.spec.syncmasters.count
Type: integer
[ref]
Count setting specifies the number of servers to start for the given group.
For the Agent group, this value must be a positive, odd number.
The default value is 3
for all groups except single
(there the default is 1
for spec.mode: Single
and 2
for spec.mode: ActiveFailover
).
For the syncworkers
group, it is highly recommended to use the same number
as for the dbservers
group.
.spec.syncmasters.entrypoint
Type: string
[ref]
Entrypoint overrides container executable
.spec.syncmasters.envs[int].name
Type: string
[ref]
.spec.syncmasters.envs[int].value
Type: string
[ref]
.spec.syncmasters.ephemeralVolumes.apps.size
Type: resource.Quantity
[ref]
Size define size of the ephemeral volume
Links:
.spec.syncmasters.ephemeralVolumes.temp.size
Type: resource.Quantity
[ref]
Size define size of the ephemeral volume
Links:
.spec.syncmasters.exporterPort
Type: integer
[ref]
ExporterPort define Port used by exporter
.spec.syncmasters.extendedRotationCheck
Type: boolean
[ref]
ExtendedRotationCheck extend checks for rotation
.spec.syncmasters.externalPortEnabled
Type: boolean
[ref]
ExternalPortEnabled if external port should be enabled. If is set to false, ports needs to be exposed via sidecar. Only for ArangoD members
.spec.syncmasters.indexMethod
Type: string
[ref]
IndexMethod define group Indexing method
Possible Values:
"random"
(default) - Pick random ID for member. Enforced on the Community Operator."ordered"
- Use sequential number as Member ID, starting from 0. Enterprise Operator required.
.spec.syncmasters.initContainers.containers
Type: []core.Container
[ref]
Containers contains list of containers
Links:
.spec.syncmasters.initContainers.mode
Type: string
[ref]
Mode keep container replace mode
.spec.syncmasters.internalPort
Type: integer
[ref]
InternalPort define port used in internal communication, can be accessed over localhost via sidecar. Only for ArangoD members
.spec.syncmasters.internalPortProtocol
Type: string
[ref]
InternalPortProtocol define protocol of port used in internal communication, can be accessed over localhost via sidecar. Only for ArangoD members
.spec.syncmasters.labels
Type: object
[ref]
Labels specified the labels added to Pods in this group.
.spec.syncmasters.labelsIgnoreList
Type: array
[ref]
LabelsIgnoreList list regexp or plain definitions which labels should be ignored
.spec.syncmasters.labelsMode
Type: string
[ref]
LabelsMode Define labels mode which should be use while overriding labels
.spec.syncmasters.maxCount
Type: integer
[ref]
MaxCount specifies a maximum for the count of servers. If set, a specification is invalid if count > maxCount
.
.spec.syncmasters.memoryReservation
Type: integer
[ref]
MemoryReservation determines the system reservation of memory while calculating ARANGODB_OVERRIDE_DETECTED_TOTAL_MEMORY
value.
If this field is set, ARANGODB_OVERRIDE_DETECTED_TOTAL_MEMORY
is reduced by a specified value in percent.
Accepted Range <0, 50>. If the value is outside the accepted range, it is adjusted to the closest value.
Links:
Default Value: 0
.spec.syncmasters.minCount
Type: integer
[ref]
MinCount specifies a minimum for the count of servers. If set, a specification is invalid if count < minCount
.
.spec.syncmasters.nodeAffinity
Type: core.NodeAffinity
[ref]
NodeAffinity specified additional nodeAffinity settings in ArangoDB Pod definitions
Links:
.spec.syncmasters.nodeSelector
Type: map[string]string
[ref]
NodeSelector setting specifies a set of labels to be used as nodeSelector
for Pods of this node.
Links:
.spec.syncmasters.numactl.args
Type: array
[ref]
Args define list of the numactl process
Default Value: []
.spec.syncmasters.numactl.enabled
Type: boolean
[ref]
Enabled define if numactl should be enabled
Default Value: false
.spec.syncmasters.numactl.path
Type: string
[ref]
Path define numactl path within the container
Default Value: /usr/bin/numactl
.spec.syncmasters.overrideDetectedNumberOfCores
Type: boolean
[ref]
Important
Values set by this feature override user-provided
ARANGODB_OVERRIDE_DETECTED_NUMBER_OF_CORES
Container Environment Variable
OverrideDetectedNumberOfCores determines if number of cores should be overridden based on values in resources.
If is set to true and Container CPU Limits are set, it sets Container Environment Variable ARANGODB_OVERRIDE_DETECTED_NUMBER_OF_CORES
to the value from the Container CPU Limits.
Links:
Default Value: true
.spec.syncmasters.overrideDetectedTotalMemory
Type: boolean
[ref]
Important
Values set by this feature override user-provided
ARANGODB_OVERRIDE_DETECTED_TOTAL_MEMORY
Container Environment Variable
OverrideDetectedTotalMemory determines if memory should be overridden based on values in resources.
If is set to true and Container Memory Limits are set, it sets Container Environment Variable ARANGODB_OVERRIDE_DETECTED_TOTAL_MEMORY
to the value from the Container Memory Limits.
Links:
Default Value: true
.spec.syncmasters.podModes.network
Type: string
[ref]
.spec.syncmasters.podModes.pid
Type: string
[ref]
.spec.syncmasters.port
Type: integer
[ref]
Port define Port used by member
.spec.syncmasters.priorityClassName
Type: string
[ref]
PriorityClassName specifies a priority class name Will be forwarded to the pod spec.
Links:
.spec.syncmasters.probes.livenessProbeDisabled
Type: boolean
[ref]
LivenessProbeDisabled if set to true, the operator does not generate a liveness probe for new pods belonging to this group
Default Value: false
.spec.syncmasters.probes.livenessProbeSpec.failureThreshold
Type: integer
[ref]
FailureThreshold when a Pod starts and the probe fails, Kubernetes will try failureThreshold times before giving up. Giving up means restarting the container. Minimum value is 1.
Default Value: 3
.spec.syncmasters.probes.livenessProbeSpec.initialDelaySeconds
Type: integer
[ref]
InitialDelaySeconds specifies number of seconds after the container has started before liveness or readiness probes are initiated. Minimum value is 0.
Default Value: 2
.spec.syncmasters.probes.livenessProbeSpec.periodSeconds
Type: integer
[ref]
PeriodSeconds How often (in seconds) to perform the probe. Minimum value is 1.
Default Value: 10
.spec.syncmasters.probes.livenessProbeSpec.successThreshold
Type: integer
[ref]
SuccessThreshold Minimum consecutive successes for the probe to be considered successful after having failed. Minimum value is 1.
Default Value: 1
.spec.syncmasters.probes.livenessProbeSpec.timeoutSeconds
Type: integer
[ref]
TimeoutSeconds specifies number of seconds after which the probe times out Minimum value is 1.
Default Value: 2
.spec.syncmasters.probes.ReadinessProbeDisabled
Type: boolean
[ref]
Warning
DEPRECATED
This field is deprecated, kept only for backward compatibility.
OldReadinessProbeDisabled if true readinessProbes are disabled
.spec.syncmasters.probes.readinessProbeDisabled
Type: boolean
[ref]
ReadinessProbeDisabled override flag for probe disabled in good manner (lowercase) with backward compatibility
.spec.syncmasters.probes.readinessProbeSpec.failureThreshold
Type: integer
[ref]
FailureThreshold when a Pod starts and the probe fails, Kubernetes will try failureThreshold times before giving up. Giving up means restarting the container. Minimum value is 1.
Default Value: 3
.spec.syncmasters.probes.readinessProbeSpec.initialDelaySeconds
Type: integer
[ref]
InitialDelaySeconds specifies number of seconds after the container has started before liveness or readiness probes are initiated. Minimum value is 0.
Default Value: 2
.spec.syncmasters.probes.readinessProbeSpec.periodSeconds
Type: integer
[ref]
PeriodSeconds How often (in seconds) to perform the probe. Minimum value is 1.
Default Value: 10
.spec.syncmasters.probes.readinessProbeSpec.successThreshold
Type: integer
[ref]
SuccessThreshold Minimum consecutive successes for the probe to be considered successful after having failed. Minimum value is 1.
Default Value: 1
.spec.syncmasters.probes.readinessProbeSpec.timeoutSeconds
Type: integer
[ref]
TimeoutSeconds specifies number of seconds after which the probe times out Minimum value is 1.
Default Value: 2
.spec.syncmasters.probes.startupProbeDisabled
Type: boolean
[ref]
StartupProbeDisabled if true startupProbes are disabled
.spec.syncmasters.probes.startupProbeSpec.failureThreshold
Type: integer
[ref]
FailureThreshold when a Pod starts and the probe fails, Kubernetes will try failureThreshold times before giving up. Giving up means restarting the container. Minimum value is 1.
Default Value: 3
.spec.syncmasters.probes.startupProbeSpec.initialDelaySeconds
Type: integer
[ref]
InitialDelaySeconds specifies number of seconds after the container has started before liveness or readiness probes are initiated. Minimum value is 0.
Default Value: 2
.spec.syncmasters.probes.startupProbeSpec.periodSeconds
Type: integer
[ref]
PeriodSeconds How often (in seconds) to perform the probe. Minimum value is 1.
Default Value: 10
.spec.syncmasters.probes.startupProbeSpec.successThreshold
Type: integer
[ref]
SuccessThreshold Minimum consecutive successes for the probe to be considered successful after having failed. Minimum value is 1.
Default Value: 1
.spec.syncmasters.probes.startupProbeSpec.timeoutSeconds
Type: integer
[ref]
TimeoutSeconds specifies number of seconds after which the probe times out Minimum value is 1.
Default Value: 2
.spec.syncmasters.pvcResizeMode
Type: string
[ref]
VolumeResizeMode specified resize mode for PVCs and PVs
Possible Values:
"runtime"
(default) - PVC will be resized in Pod runtime (EKS, GKE)"rotate"
- Pod will be shutdown and PVC will be resized (AKS)
.spec.syncmasters.resources
Type: core.ResourceRequirements
[ref]
Resources holds resource requests & limits
Links:
.spec.syncmasters.schedulerName
Type: string
[ref]
SchedulerName define scheduler name used for group
.spec.syncmasters.securityContext.addCapabilities
Type: []core.Capability
[ref]
AddCapabilities add new capabilities to containers
.spec.syncmasters.securityContext.allowPrivilegeEscalation
Type: boolean
[ref]
AllowPrivilegeEscalation Controls whether a process can gain more privileges than its parent process.
.spec.syncmasters.securityContext.dropAllCapabilities
Type: boolean
[ref]
Warning
DEPRECATED
This field is added for backward compatibility. Will be removed in 1.1.0.
DropAllCapabilities specifies if capabilities should be dropped for this pod containers
.spec.syncmasters.securityContext.fsGroup
Type: integer
[ref]
FSGroup is a special supplemental group that applies to all containers in a pod.
.spec.syncmasters.securityContext.privileged
Type: boolean
[ref]
Privileged If true, runs container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host.
.spec.syncmasters.securityContext.readOnlyRootFilesystem
Type: boolean
[ref]
ReadOnlyRootFilesystem if true, mounts the container's root filesystem as read-only.
.spec.syncmasters.securityContext.runAsGroup
Type: integer
[ref]
RunAsGroup is the GID to run the entrypoint of the container process.
.spec.syncmasters.securityContext.runAsNonRoot
Type: boolean
[ref]
RunAsNonRoot if true, indicates that the container must run as a non-root user.
.spec.syncmasters.securityContext.runAsUser
Type: integer
[ref]
RunAsUser is the UID to run the entrypoint of the container process.
.spec.syncmasters.securityContext.seccompProfile
Type: core.SeccompProfile
[ref]
SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.
Links:
.spec.syncmasters.securityContext.seLinuxOptions
Type: core.SELinuxOptions
[ref]
SELinuxOptions are the labels to be applied to the container
Links:
.spec.syncmasters.securityContext.supplementalGroups
Type: array
[ref]
SupplementalGroups is a list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process.
.spec.syncmasters.securityContext.sysctls
Type: map[string]intstr.IntOrString
[ref]
Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Map Value can be String or Int
Links:
Example:
sysctls:
"kernel.shm_rmid_forced": "0"
"net.core.somaxconn": 1024
"kernel.msgmax": "65536"
.spec.syncmasters.serviceAccountName
Type: string
[ref]
ServiceAccountName setting specifies the serviceAccountName
for the Pods
created
for each server of this group. If empty, it defaults to using the
default
service account.
Using an alternative ServiceAccount
is typically used to separate access rights.
The ArangoDB deployments need some very minimal access rights. With the
deployment of the operator, we grant the rights to 'get' all 'pod' resources.
If you are using a different service account, please grant these rights
to that service account.
.spec.syncmasters.shutdownDelay
Type: integer
[ref]
ShutdownDelay define how long operator should delay finalizer removal after shutdown
.spec.syncmasters.shutdownMethod
Type: string
[ref]
ShutdownMethod describe procedure of member shutdown taken by Operator
.spec.syncmasters.sidecarCoreNames
Type: array
[ref]
SidecarCoreNames is a list of sidecar containers which must run in the pod. Some names (e.g.: "server", "worker") are reserved, and they don't have any impact.
.spec.syncmasters.sidecars
Type: []core.Container
[ref]
Sidecars specifies a list of additional containers to be started
Links:
.spec.syncmasters.storageClassName
Type: string
[ref]
Warning
DEPRECATED
Use VolumeClaimTemplate instead.
StorageClassName specifies the classname for storage of the servers.
.spec.syncmasters.terminationGracePeriodSeconds
Type: integer
[ref]
TerminationGracePeriodSeconds override default TerminationGracePeriodSeconds for pods - via silent rotation
.spec.syncmasters.tolerations
Type: []core.Toleration
[ref]
Tolerations specifies the tolerations added to Pods in this group.
By default, suitable tolerations are set for the following keys with the NoExecute
effect:
node.kubernetes.io/not-ready
node.kubernetes.io/unreachable
node.alpha.kubernetes.io/unreachable
(will be removed in future version) For more information on tolerations, consult the https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
Links:
.spec.syncmasters.volumeAllowShrink
Type: boolean
[ref]
Warning
DEPRECATED
Not used anymore
VolumeAllowShrink allows shrinking of the volume
.spec.syncmasters.volumeClaimTemplate
Type: core.PersistentVolumeClaim
[ref]
VolumeClaimTemplate specifies a volumeClaimTemplate used by operator to create to volume claims for pods of this group.
This setting is not available for group coordinators
, syncmasters
& syncworkers
.
The default value describes a volume with 8Gi
storage, ReadWriteOnce
access mode and volume mode set to PersistentVolumeFilesystem
.
If this field is not set and spec.<group>.resources.requests.storage
is set, then a default volume claim
with size as specified by spec.<group>.resources.requests.storage
will be created. In that case storage
and iops
is not forwarded to the pods resource requirements.
Links:
.spec.syncmasters.volumeMounts
Type: []ServerGroupSpecVolumeMount
[ref]
VolumeMounts define list of volume mounts mounted into server container
Links:
.spec.syncmasters.volumes[int].configMap
Type: core.ConfigMapVolumeSource
[ref]
ConfigMap which should be mounted into pod
Links:
.spec.syncmasters.volumes[int].emptyDir
Type: core.EmptyDirVolumeSource
[ref]
EmptyDir
Links:
.spec.syncmasters.volumes[int].hostPath
Type: core.HostPathVolumeSource
[ref]
HostPath
Links:
.spec.syncmasters.volumes[int].name
Type: string
[ref]
Name of volume
.spec.syncmasters.volumes[int].persistentVolumeClaim
Type: core.PersistentVolumeClaimVolumeSource
[ref]
PersistentVolumeClaim
Links:
.spec.syncmasters.volumes[int].secret
Type: core.SecretVolumeSource
[ref]
Secret which should be mounted into pod
Links:
.spec.syncworkers.affinity
Type: core.PodAffinity
[ref]
Affinity specified additional affinity settings in ArangoDB Pod definitions
Links:
.spec.syncworkers.allowMemberRecreation
Type: boolean
[ref]
AllowMemberRecreation allows to recreate member. This setting changes the member recreation logic based on group:
- For Sync Masters, Sync Workers, Coordinator and DB-Servers it determines if a member can be recreated in case of failure (default
true
) - For Agents and Single this value is hardcoded to
false
and the value provided in spec is ignored.
.spec.syncworkers.annotations
Type: object
[ref]
Annotations specified the annotations added to Pods in this group.
Annotations are merged with spec.annotations
.
.spec.syncworkers.annotationsIgnoreList
Type: array
[ref]
AnnotationsIgnoreList list regexp or plain definitions which annotations should be ignored
.spec.syncworkers.annotationsMode
Type: string
[ref]
AnnotationsMode Define annotations mode which should be use while overriding annotations
.spec.syncworkers.antiAffinity
Type: core.PodAntiAffinity
[ref]
AntiAffinity specified additional antiAffinity settings in ArangoDB Pod definitions
Links:
.spec.syncworkers.args
Type: []string
[ref]
Args setting specifies additional command-line arguments passed to all servers of this group.
Default Value: []
.spec.syncworkers.count
Type: integer
[ref]
Count setting specifies the number of servers to start for the given group.
For the Agent group, this value must be a positive, odd number.
The default value is 3
for all groups except single
(there the default is 1
for spec.mode: Single
and 2
for spec.mode: ActiveFailover
).
For the syncworkers
group, it is highly recommended to use the same number
as for the dbservers
group.
.spec.syncworkers.entrypoint
Type: string
[ref]
Entrypoint overrides container executable
.spec.syncworkers.envs[int].name
Type: string
[ref]
.spec.syncworkers.envs[int].value
Type: string
[ref]
.spec.syncworkers.ephemeralVolumes.apps.size
Type: resource.Quantity
[ref]
Size define size of the ephemeral volume
Links:
.spec.syncworkers.ephemeralVolumes.temp.size
Type: resource.Quantity
[ref]
Size define size of the ephemeral volume
Links:
.spec.syncworkers.exporterPort
Type: integer
[ref]
ExporterPort define Port used by exporter
.spec.syncworkers.extendedRotationCheck
Type: boolean
[ref]
ExtendedRotationCheck extend checks for rotation
.spec.syncworkers.externalPortEnabled
Type: boolean
[ref]
ExternalPortEnabled if external port should be enabled. If is set to false, ports needs to be exposed via sidecar. Only for ArangoD members
.spec.syncworkers.indexMethod
Type: string
[ref]
IndexMethod define group Indexing method
Possible Values:
"random"
(default) - Pick random ID for member. Enforced on the Community Operator."ordered"
- Use sequential number as Member ID, starting from 0. Enterprise Operator required.
.spec.syncworkers.initContainers.containers
Type: []core.Container
[ref]
Containers contains list of containers
Links:
.spec.syncworkers.initContainers.mode
Type: string
[ref]
Mode keep container replace mode
.spec.syncworkers.internalPort
Type: integer
[ref]
InternalPort define port used in internal communication, can be accessed over localhost via sidecar. Only for ArangoD members
.spec.syncworkers.internalPortProtocol
Type: string
[ref]
InternalPortProtocol define protocol of port used in internal communication, can be accessed over localhost via sidecar. Only for ArangoD members
.spec.syncworkers.labels
Type: object
[ref]
Labels specified the labels added to Pods in this group.
.spec.syncworkers.labelsIgnoreList
Type: array
[ref]
LabelsIgnoreList list regexp or plain definitions which labels should be ignored
.spec.syncworkers.labelsMode
Type: string
[ref]
LabelsMode Define labels mode which should be use while overriding labels
.spec.syncworkers.maxCount
Type: integer
[ref]
MaxCount specifies a maximum for the count of servers. If set, a specification is invalid if count > maxCount
.
.spec.syncworkers.memoryReservation
Type: integer
[ref]
MemoryReservation determines the system reservation of memory while calculating ARANGODB_OVERRIDE_DETECTED_TOTAL_MEMORY
value.
If this field is set, ARANGODB_OVERRIDE_DETECTED_TOTAL_MEMORY
is reduced by a specified value in percent.
Accepted Range <0, 50>. If the value is outside the accepted range, it is adjusted to the closest value.
Links:
Default Value: 0
.spec.syncworkers.minCount
Type: integer
[ref]
MinCount specifies a minimum for the count of servers. If set, a specification is invalid if count < minCount
.
.spec.syncworkers.nodeAffinity
Type: core.NodeAffinity
[ref]
NodeAffinity specified additional nodeAffinity settings in ArangoDB Pod definitions
Links:
.spec.syncworkers.nodeSelector
Type: map[string]string
[ref]
NodeSelector setting specifies a set of labels to be used as nodeSelector
for Pods of this node.
Links:
.spec.syncworkers.numactl.args
Type: array
[ref]
Args define list of the numactl process
Default Value: []
.spec.syncworkers.numactl.enabled
Type: boolean
[ref]
Enabled define if numactl should be enabled
Default Value: false
.spec.syncworkers.numactl.path
Type: string
[ref]
Path define numactl path within the container
Default Value: /usr/bin/numactl
.spec.syncworkers.overrideDetectedNumberOfCores
Type: boolean
[ref]
Important
Values set by this feature override user-provided
ARANGODB_OVERRIDE_DETECTED_NUMBER_OF_CORES
Container Environment Variable
OverrideDetectedNumberOfCores determines if number of cores should be overridden based on values in resources.
If is set to true and Container CPU Limits are set, it sets Container Environment Variable ARANGODB_OVERRIDE_DETECTED_NUMBER_OF_CORES
to the value from the Container CPU Limits.
Links:
Default Value: true
.spec.syncworkers.overrideDetectedTotalMemory
Type: boolean
[ref]
Important
Values set by this feature override user-provided
ARANGODB_OVERRIDE_DETECTED_TOTAL_MEMORY
Container Environment Variable
OverrideDetectedTotalMemory determines if memory should be overridden based on values in resources.
If is set to true and Container Memory Limits are set, it sets Container Environment Variable ARANGODB_OVERRIDE_DETECTED_TOTAL_MEMORY
to the value from the Container Memory Limits.
Links:
Default Value: true
.spec.syncworkers.podModes.network
Type: string
[ref]
.spec.syncworkers.podModes.pid
Type: string
[ref]
.spec.syncworkers.port
Type: integer
[ref]
Port define Port used by member
.spec.syncworkers.priorityClassName
Type: string
[ref]
PriorityClassName specifies a priority class name Will be forwarded to the pod spec.
Links:
.spec.syncworkers.probes.livenessProbeDisabled
Type: boolean
[ref]
LivenessProbeDisabled if set to true, the operator does not generate a liveness probe for new pods belonging to this group
Default Value: false
.spec.syncworkers.probes.livenessProbeSpec.failureThreshold
Type: integer
[ref]
FailureThreshold when a Pod starts and the probe fails, Kubernetes will try failureThreshold times before giving up. Giving up means restarting the container. Minimum value is 1.
Default Value: 3
.spec.syncworkers.probes.livenessProbeSpec.initialDelaySeconds
Type: integer
[ref]
InitialDelaySeconds specifies number of seconds after the container has started before liveness or readiness probes are initiated. Minimum value is 0.
Default Value: 2
.spec.syncworkers.probes.livenessProbeSpec.periodSeconds
Type: integer
[ref]
PeriodSeconds How often (in seconds) to perform the probe. Minimum value is 1.
Default Value: 10
.spec.syncworkers.probes.livenessProbeSpec.successThreshold
Type: integer
[ref]
SuccessThreshold Minimum consecutive successes for the probe to be considered successful after having failed. Minimum value is 1.
Default Value: 1
.spec.syncworkers.probes.livenessProbeSpec.timeoutSeconds
Type: integer
[ref]
TimeoutSeconds specifies number of seconds after which the probe times out Minimum value is 1.
Default Value: 2
.spec.syncworkers.probes.ReadinessProbeDisabled
Type: boolean
[ref]
Warning
DEPRECATED
This field is deprecated, kept only for backward compatibility.
OldReadinessProbeDisabled if true readinessProbes are disabled
.spec.syncworkers.probes.readinessProbeDisabled
Type: boolean
[ref]
ReadinessProbeDisabled override flag for probe disabled in good manner (lowercase) with backward compatibility
.spec.syncworkers.probes.readinessProbeSpec.failureThreshold
Type: integer
[ref]
FailureThreshold when a Pod starts and the probe fails, Kubernetes will try failureThreshold times before giving up. Giving up means restarting the container. Minimum value is 1.
Default Value: 3
.spec.syncworkers.probes.readinessProbeSpec.initialDelaySeconds
Type: integer
[ref]
InitialDelaySeconds specifies number of seconds after the container has started before liveness or readiness probes are initiated. Minimum value is 0.
Default Value: 2
.spec.syncworkers.probes.readinessProbeSpec.periodSeconds
Type: integer
[ref]
PeriodSeconds How often (in seconds) to perform the probe. Minimum value is 1.
Default Value: 10
.spec.syncworkers.probes.readinessProbeSpec.successThreshold
Type: integer
[ref]
SuccessThreshold Minimum consecutive successes for the probe to be considered successful after having failed. Minimum value is 1.
Default Value: 1
.spec.syncworkers.probes.readinessProbeSpec.timeoutSeconds
Type: integer
[ref]
TimeoutSeconds specifies number of seconds after which the probe times out Minimum value is 1.
Default Value: 2
.spec.syncworkers.probes.startupProbeDisabled
Type: boolean
[ref]
StartupProbeDisabled if true startupProbes are disabled
.spec.syncworkers.probes.startupProbeSpec.failureThreshold
Type: integer
[ref]
FailureThreshold when a Pod starts and the probe fails, Kubernetes will try failureThreshold times before giving up. Giving up means restarting the container. Minimum value is 1.
Default Value: 3
.spec.syncworkers.probes.startupProbeSpec.initialDelaySeconds
Type: integer
[ref]
InitialDelaySeconds specifies number of seconds after the container has started before liveness or readiness probes are initiated. Minimum value is 0.
Default Value: 2
.spec.syncworkers.probes.startupProbeSpec.periodSeconds
Type: integer
[ref]
PeriodSeconds How often (in seconds) to perform the probe. Minimum value is 1.
Default Value: 10
.spec.syncworkers.probes.startupProbeSpec.successThreshold
Type: integer
[ref]
SuccessThreshold Minimum consecutive successes for the probe to be considered successful after having failed. Minimum value is 1.
Default Value: 1
.spec.syncworkers.probes.startupProbeSpec.timeoutSeconds
Type: integer
[ref]
TimeoutSeconds specifies number of seconds after which the probe times out Minimum value is 1.
Default Value: 2
.spec.syncworkers.pvcResizeMode
Type: string
[ref]
VolumeResizeMode specified resize mode for PVCs and PVs
Possible Values:
"runtime"
(default) - PVC will be resized in Pod runtime (EKS, GKE)"rotate"
- Pod will be shutdown and PVC will be resized (AKS)
.spec.syncworkers.resources
Type: core.ResourceRequirements
[ref]
Resources holds resource requests & limits
Links:
.spec.syncworkers.schedulerName
Type: string
[ref]
SchedulerName define scheduler name used for group
.spec.syncworkers.securityContext.addCapabilities
Type: []core.Capability
[ref]
AddCapabilities add new capabilities to containers
.spec.syncworkers.securityContext.allowPrivilegeEscalation
Type: boolean
[ref]
AllowPrivilegeEscalation Controls whether a process can gain more privileges than its parent process.
.spec.syncworkers.securityContext.dropAllCapabilities
Type: boolean
[ref]
Warning
DEPRECATED
This field is added for backward compatibility. Will be removed in 1.1.0.
DropAllCapabilities specifies if capabilities should be dropped for this pod containers
.spec.syncworkers.securityContext.fsGroup
Type: integer
[ref]
FSGroup is a special supplemental group that applies to all containers in a pod.
.spec.syncworkers.securityContext.privileged
Type: boolean
[ref]
Privileged If true, runs container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host.
.spec.syncworkers.securityContext.readOnlyRootFilesystem
Type: boolean
[ref]
ReadOnlyRootFilesystem if true, mounts the container's root filesystem as read-only.
.spec.syncworkers.securityContext.runAsGroup
Type: integer
[ref]
RunAsGroup is the GID to run the entrypoint of the container process.
.spec.syncworkers.securityContext.runAsNonRoot
Type: boolean
[ref]
RunAsNonRoot if true, indicates that the container must run as a non-root user.
.spec.syncworkers.securityContext.runAsUser
Type: integer
[ref]
RunAsUser is the UID to run the entrypoint of the container process.
.spec.syncworkers.securityContext.seccompProfile
Type: core.SeccompProfile
[ref]
SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.
Links:
.spec.syncworkers.securityContext.seLinuxOptions
Type: core.SELinuxOptions
[ref]
SELinuxOptions are the labels to be applied to the container
Links:
.spec.syncworkers.securityContext.supplementalGroups
Type: array
[ref]
SupplementalGroups is a list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process.
.spec.syncworkers.securityContext.sysctls
Type: map[string]intstr.IntOrString
[ref]
Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Map Value can be String or Int
Links:
Example:
sysctls:
"kernel.shm_rmid_forced": "0"
"net.core.somaxconn": 1024
"kernel.msgmax": "65536"
.spec.syncworkers.serviceAccountName
Type: string
[ref]
ServiceAccountName setting specifies the serviceAccountName
for the Pods
created
for each server of this group. If empty, it defaults to using the
default
service account.
Using an alternative ServiceAccount
is typically used to separate access rights.
The ArangoDB deployments need some very minimal access rights. With the
deployment of the operator, we grant the rights to 'get' all 'pod' resources.
If you are using a different service account, please grant these rights
to that service account.
.spec.syncworkers.shutdownDelay
Type: integer
[ref]
ShutdownDelay define how long operator should delay finalizer removal after shutdown
.spec.syncworkers.shutdownMethod
Type: string
[ref]
ShutdownMethod describe procedure of member shutdown taken by Operator
.spec.syncworkers.sidecarCoreNames
Type: array
[ref]
SidecarCoreNames is a list of sidecar containers which must run in the pod. Some names (e.g.: "server", "worker") are reserved, and they don't have any impact.
.spec.syncworkers.sidecars
Type: []core.Container
[ref]
Sidecars specifies a list of additional containers to be started
Links:
.spec.syncworkers.storageClassName
Type: string
[ref]
Warning
DEPRECATED
Use VolumeClaimTemplate instead.
StorageClassName specifies the classname for storage of the servers.
.spec.syncworkers.terminationGracePeriodSeconds
Type: integer
[ref]
TerminationGracePeriodSeconds override default TerminationGracePeriodSeconds for pods - via silent rotation
.spec.syncworkers.tolerations
Type: []core.Toleration
[ref]
Tolerations specifies the tolerations added to Pods in this group.
By default, suitable tolerations are set for the following keys with the NoExecute
effect:
node.kubernetes.io/not-ready
node.kubernetes.io/unreachable
node.alpha.kubernetes.io/unreachable
(will be removed in future version) For more information on tolerations, consult the https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
Links:
.spec.syncworkers.volumeAllowShrink
Type: boolean
[ref]
Warning
DEPRECATED
Not used anymore
VolumeAllowShrink allows shrinking of the volume
.spec.syncworkers.volumeClaimTemplate
Type: core.PersistentVolumeClaim
[ref]
VolumeClaimTemplate specifies a volumeClaimTemplate used by operator to create to volume claims for pods of this group.
This setting is not available for group coordinators
, syncmasters
& syncworkers
.
The default value describes a volume with 8Gi
storage, ReadWriteOnce
access mode and volume mode set to PersistentVolumeFilesystem
.
If this field is not set and spec.<group>.resources.requests.storage
is set, then a default volume claim
with size as specified by spec.<group>.resources.requests.storage
will be created. In that case storage
and iops
is not forwarded to the pods resource requirements.
Links:
.spec.syncworkers.volumeMounts
Type: []ServerGroupSpecVolumeMount
[ref]
VolumeMounts define list of volume mounts mounted into server container
Links:
.spec.syncworkers.volumes[int].configMap
Type: core.ConfigMapVolumeSource
[ref]
ConfigMap which should be mounted into pod
Links:
.spec.syncworkers.volumes[int].emptyDir
Type: core.EmptyDirVolumeSource
[ref]
EmptyDir
Links:
.spec.syncworkers.volumes[int].hostPath
Type: core.HostPathVolumeSource
[ref]
HostPath
Links:
.spec.syncworkers.volumes[int].name
Type: string
[ref]
Name of volume
.spec.syncworkers.volumes[int].persistentVolumeClaim
Type: core.PersistentVolumeClaimVolumeSource
[ref]
PersistentVolumeClaim
Links:
.spec.syncworkers.volumes[int].secret
Type: core.SecretVolumeSource
[ref]
Secret which should be mounted into pod
Links:
.spec.timeouts.actions
Type: map[string]meta.Duration
[ref]
Actions keep map of the actions timeouts.
Links:
Example:
actions:
AddMember: 30m
.spec.timeouts.maintenanceGracePeriod
Type: integer
[ref]
MaintenanceGracePeriod action timeout
.spec.timezone
Type: string
[ref]
Timezone if specified, will set a timezone for deployment.
Must be in format accepted by "tzdata", e.g. America/New_York
or Europe/London
.spec.tls.altNames
Type: []string
[ref]
AltNames setting specifies a list of alternate names that will be added to all generated certificates. These names can be DNS names or email addresses. The default value is empty.
.spec.tls.caSecretName
Type: string
[ref]
CASecretName setting specifies the name of a kubernetes Secret
that contains
a standard CA certificate + private key used to sign certificates for individual
ArangoDB servers.
When no name is specified, it defaults to <deployment-name>-ca
.
To disable authentication, set this value to None
.
If you specify a name of a Secret
that does not exist, a self-signed CA certificate + key is created
and stored in a Secret
with given name.
The specified Secret
, must contain the following data fields:
ca.crt
PEM encoded public key of the CA certificateca.key
PEM encoded private key of the CA certificate
.spec.tls.mode
Type: string
[ref]
.spec.tls.sni.mapping.<string>
Type: array
[ref]
.spec.tls.ttl
Type: string
[ref]
TTL setting specifies the time to live of all generated server certificates. When the server certificate is about to expire, it will be automatically replaced by a new one and the affected server will be restarted. Note: The time to live of the CA certificate (when created automatically) will be set to 10 years.
Default Value: "2160h" (about 3 months)
.spec.topology.enabled
Type: boolean
[ref]
.spec.topology.label
Type: string
[ref]
.spec.topology.zones
Type: integer
[ref]
.spec.upgrade.autoUpgrade
Type: boolean
[ref]
AutoUpgrade flag specifies if upgrade should be auto-injected, even if is not required (in case of stuck)
Default Value: false
.spec.upgrade.debugLog
Type: boolean
[ref]
DebugLog flag specifies if containers running upgrade process should print more debugging information. This applies only to init containers.
Default Value: false