|
56 | 56 | type: object |
57 | 57 | spec: |
58 | 58 | properties: |
| 59 | + authentication: |
| 60 | + description: |- |
| 61 | + Defines custom pg_hba.conf authentication rules. Rules are evaluated |
| 62 | + after mandatory operator rules and before the default scram-sha-256 |
| 63 | + fallback. Use this together with spec.config.files to supply supporting |
| 64 | + files such as an LDAP CA certificate. |
| 65 | + properties: |
| 66 | + rules: |
| 67 | + description: |- |
| 68 | + Rules to include in pg_hba.conf. They are evaluated after mandatory |
| 69 | + operator rules and before the default scram-sha-256 fallback. |
| 70 | + items: |
| 71 | + description: |- |
| 72 | + PostgresAuthenticationRule defines a single pg_hba.conf entry. Use either |
| 73 | + the structured fields or the raw HBA line, not both. |
| 74 | + properties: |
| 75 | + connection: |
| 76 | + description: 'Connection type: local, host, hostssl, hostnossl, |
| 77 | + hostgssenc, hostnogssenc.' |
| 78 | + type: string |
| 79 | + databases: |
| 80 | + description: Databases to match. An empty list matches all |
| 81 | + databases. |
| 82 | + items: |
| 83 | + type: string |
| 84 | + type: array |
| 85 | + hba: |
| 86 | + description: |- |
| 87 | + A raw pg_hba.conf line. When non-empty, this line is used as-is and the |
| 88 | + structured fields are ignored. |
| 89 | + type: string |
| 90 | + method: |
| 91 | + description: Authentication method to use when a connection |
| 92 | + matches this rule. |
| 93 | + type: string |
| 94 | + options: |
| 95 | + additionalProperties: |
| 96 | + anyOf: |
| 97 | + - type: integer |
| 98 | + - type: string |
| 99 | + x-kubernetes-int-or-string: true |
| 100 | + description: Options for the authentication method (e.g. |
| 101 | + ldapserver, ldapport). |
| 102 | + type: object |
| 103 | + users: |
| 104 | + description: Users to match. An empty list matches all users. |
| 105 | + items: |
| 106 | + type: string |
| 107 | + type: array |
| 108 | + required: |
| 109 | + - connection |
| 110 | + - method |
| 111 | + type: object |
| 112 | + type: array |
| 113 | + x-kubernetes-list-type: atomic |
| 114 | + type: object |
59 | 115 | autoCreateUserSchema: |
60 | 116 | description: |- |
61 | 117 | Indicates whether schemas are automatically created for the user |
@@ -7581,11 +7637,12 @@ spec: |
7581 | 7637 | type: string |
7582 | 7638 | config: |
7583 | 7639 | description: |- |
7584 | | - Additional configuration files to mount into PostgreSQL containers. |
7585 | | - Can be used to provide a custom CA certificate for LDAP authentication |
7586 | | - via spec.config.files (e.g. mounting a Secret with an LDAP CA cert). |
| 7640 | + Configuration for PostgreSQL config files and server parameters. |
| 7641 | + Use spec.config.files to mount files (e.g. LDAP CA certificate) under |
| 7642 | + /etc/postgres, and spec.config.parameters to set postgresql.conf values. |
7587 | 7643 | properties: |
7588 | 7644 | files: |
| 7645 | + description: Files to mount under "/etc/postgres". |
7589 | 7646 | items: |
7590 | 7647 | description: |- |
7591 | 7648 | Projection that may be projected along with other supported volume types. |
@@ -8027,6 +8084,55 @@ spec: |
8027 | 8084 | type: object |
8028 | 8085 | type: object |
8029 | 8086 | type: array |
| 8087 | + parameters: |
| 8088 | + additionalProperties: |
| 8089 | + anyOf: |
| 8090 | + - type: integer |
| 8091 | + - type: string |
| 8092 | + x-kubernetes-int-or-string: true |
| 8093 | + description: |- |
| 8094 | + Configuration parameters for the PostgreSQL server. Some values will |
| 8095 | + be reloaded without validation and some cause PostgreSQL to restart. |
| 8096 | + Some values cannot be changed at all. |
| 8097 | + More info: https://www.postgresql.org/docs/current/runtime-config.html |
| 8098 | + maxProperties: 50 |
| 8099 | + type: object |
| 8100 | + x-kubernetes-map-type: granular |
| 8101 | + x-kubernetes-validations: |
| 8102 | + - message: 'cannot change PGDATA path: config_file, data_directory' |
| 8103 | + rule: '!has(self.config_file) && !has(self.data_directory)' |
| 8104 | + - message: cannot change external_pid_file |
| 8105 | + rule: '!has(self.external_pid_file)' |
| 8106 | + - message: 'cannot change authentication path: hba_file, ident_file' |
| 8107 | + rule: '!has(self.hba_file) && !has(self.ident_file)' |
| 8108 | + - message: 'network connectivity is always enabled: listen_addresses' |
| 8109 | + rule: '!has(self.listen_addresses)' |
| 8110 | + - message: change port using .spec.port instead |
| 8111 | + rule: '!has(self.port)' |
| 8112 | + - message: TLS is always enabled |
| 8113 | + rule: '!has(self.ssl) && !self.exists(k, k.startsWith("ssl_") |
| 8114 | + && !(k == ''ssl_groups'' || k == ''ssl_ecdh_curve''))' |
| 8115 | + - message: domain socket paths cannot be changed |
| 8116 | + rule: '!self.exists(k, k.startsWith("unix_socket_"))' |
| 8117 | + - message: wal_level must be "replica" or higher |
| 8118 | + rule: '!has(self.wal_level) || self.wal_level in ["logical"]' |
| 8119 | + - message: wal_log_hints are always enabled |
| 8120 | + rule: '!has(self.wal_log_hints)' |
| 8121 | + - rule: '!has(self.archive_mode) && !has(self.archive_command) |
| 8122 | + && !has(self.restore_command)' |
| 8123 | + - rule: '!has(self.recovery_target) && !self.exists(k, k.startsWith("recovery_target_"))' |
| 8124 | + - message: hot_standby is always enabled |
| 8125 | + rule: '!has(self.hot_standby)' |
| 8126 | + - rule: '!has(self.synchronous_standby_names)' |
| 8127 | + - rule: '!has(self.primary_conninfo) && !has(self.primary_slot_name)' |
| 8128 | + - message: delayed replication is not supported at this time |
| 8129 | + rule: '!has(self.recovery_min_apply_delay)' |
| 8130 | + - message: cluster_name is derived from the PostgresCluster name |
| 8131 | + rule: '!has(self.cluster_name)' |
| 8132 | + - message: disabling logging_collector is unsafe |
| 8133 | + rule: '!has(self.logging_collector)' |
| 8134 | + - message: log_file_mode cannot be changed |
| 8135 | + rule: '!has(self.log_file_mode)' |
8030 | 8136 | type: object |
8031 | 8137 | crVersion: |
8032 | 8138 | description: |- |
|
0 commit comments