Skip to content

api_reference.md

Latest commit

 

History

History
3607 lines (2145 loc) · 184 KB

api_reference.md

File metadata and controls

3607 lines (2145 loc) · 184 KB

API Reference

Packages

k8s.mariadb.com/v1alpha1

Package v1alpha1 contains API Schema definitions for the v1alpha1 API group

Resource Types

Affinity

Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.36/#affinity-v1-core.

Appears in:

Field Description Default Validation
podAntiAffinity PodAntiAffinity
nodeAffinity NodeAffinity

AffinityConfig

AffinityConfig defines policies to schedule Pods in Nodes.

Appears in:

Field Description Default Validation
podAntiAffinity PodAntiAffinity
nodeAffinity NodeAffinity
antiAffinityEnabled boolean AntiAffinityEnabled configures PodAntiAffinity so each Pod is scheduled in a different Node, enabling HA.
Make sure you have at least as many Nodes available as the replicas to not end up with unscheduled Pods.

Agent

Agent is a sidecar agent that co-operates with mariadb-operator.

Appears in:

Field Description Default Validation
command string array Command to be used in the Container.
args string array Args to be used in the Container.
env EnvVar array Env represents the environment variables to be injected in a container.
envFrom EnvFromSource array EnvFrom represents the references (via ConfigMap and Secrets) to environment variables to be injected in the container.
volumeMounts VolumeMount array VolumeMounts to be used in the Container.
livenessProbe Probe LivenessProbe to be used in the Container.
readinessProbe Probe ReadinessProbe to be used in the Container.
startupProbe Probe StartupProbe to be used in the Container.
resources ResourceRequirements Resources describes the compute resource requirements.
securityContext SecurityContext SecurityContext holds security configuration that will be applied to a container.
lifecycle Lifecycle Lifecycle are actions that the management system should take in response to container lifecycle events.
image string Image name to be used by the MariaDB instances. The supported format is <image>:<tag>.
imagePullPolicy PullPolicy ImagePullPolicy is the image pull policy. One of Always, Never or IfNotPresent. If not defined, it defaults to IfNotPresent. Enum: [Always Never IfNotPresent]
port integer Port where the agent will be listening for API connections.
probePort integer Port where the agent will be listening for probe connections.
kubernetesAuth KubernetesAuth KubernetesAuth to be used by the agent container
basicAuth BasicAuth BasicAuth to be used by the agent container
gracefulShutdownTimeout Duration GracefulShutdownTimeout is the time we give to the agent container in order to gracefully terminate in-flight requests.

AzureBlob

Appears in:

Field Description Default Validation
containerName string ContainerName is the name of the storage container. Required: {}
serviceURL string ServiceURL is the full URL for connecting to Azure, usually in the form: http(s)://.blob.core.windows.net/. Required: {}
prefix string Prefix indicates a folder/subfolder in the container. For example: mariadb/ or mariadb/backups. A trailing slash '/' is added if not provided.
storageAccountName string StorageAccountName is the name of the storage account. Pairs with StorageAccountKey for static credential authentication
storageAccountKey SecretKeySelector StorageAccountKey is a reference to a Secret key containing the Azure Blob Storage Storage account Key. Pairs with StorageAccountKey for static credential authentication
tls TLSConfig TLS provides the configuration required to establish TLS connections with Azure Blob Storage.

Backup

Backup is the Schema for the backups API. It is used to define backup jobs and its storage.

Field Description Default Validation
apiVersion string k8s.mariadb.com/v1alpha1
kind string Backup
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec BackupSpec

BackupContentType

Underlying type: string

BackupContentType defines the backup content type.

Appears in:

Field Description
Logical BackupContentTypeLogical represents a logical backup created using mariadb-dump.
Physical BackupContentTypePhysical represents a physical backup created using mariadb-backup or a VolumeSnapshot.

BackupSpec

BackupSpec defines the desired state of Backup

Appears in:

Field Description Default Validation
args string array Args to be used in the Container.
resources ResourceRequirements Resources describes the compute resource requirements.
securityContext SecurityContext SecurityContext holds security configuration that will be applied to a container.
podMetadata Metadata PodMetadata defines extra metadata for the Pod.
imagePullSecrets LocalObjectReference array ImagePullSecrets is the list of pull Secrets to be used to pull the image.
podSecurityContext PodSecurityContext SecurityContext holds pod-level security attributes and common container settings.
serviceAccountName string ServiceAccountName is the name of the ServiceAccount to be used by the Pods.
affinity AffinityConfig Affinity to be used in the Pod.
nodeSelector object (keys:string, values:string) NodeSelector to be used in the Pod.
tolerations Toleration array Tolerations to be used in the Pod.
priorityClassName string PriorityClassName to be used in the Pod.
successfulJobsHistoryLimit integer SuccessfulJobsHistoryLimit defines the maximum number of successful Jobs to be displayed. Minimum: 0
failedJobsHistoryLimit integer FailedJobsHistoryLimit defines the maximum number of failed Jobs to be displayed. Minimum: 0
timeZone string TimeZone defines the timezone associated with the cron expression.
mariaDbRef MariaDBRef MariaDBRef is a reference to a MariaDB object. Required: {}
compression CompressAlgorithm Compression algorithm to be used in the Backup. Enum: [none bzip2 gzip]
stagingStorage StagingStorage StagingStorage defines the temporary storage used to keep external backups (i.e. S3) while they are being processed.
It defaults to an emptyDir volume, meaning that the backups will be temporarily stored in the node where the Backup Job is scheduled.
The staging area gets cleaned up after each backup is completed, consider this for sizing it appropriately.
storage BackupStorage Storage defines the final storage for backups. Required: {}
schedule Schedule Schedule defines when the Backup will be taken.
maxRetention Duration MaxRetention defines the retention policy for backups. Old backups will be cleaned up by the Backup Job.
It defaults to 30 days.
databases string array Databases defines the logical databases to be backed up. If not provided, all databases are backed up.
ignoreGlobalPriv boolean IgnoreGlobalPriv indicates to ignore the mysql.global_priv in backups.
If not provided, it will default to true when the referred MariaDB instance has Galera enabled and otherwise to false.
See: mariadb-operator#556
logLevel string LogLevel to be used in the Backup Job. It defaults to 'info'. info Enum: [debug info warn error dpanic panic fatal]
backoffLimit integer BackoffLimit defines the maximum number of attempts to successfully take a Backup.
restartPolicy RestartPolicy RestartPolicy to be added to the Backup Pod. OnFailure Enum: [Always OnFailure Never]
inheritMetadata Metadata InheritMetadata defines the metadata to be inherited by children resources.

BackupStorage

BackupStorage defines the final storage for backups.

Appears in:

Field Description Default Validation
s3 S3 S3 defines the configuration to store backups in a S3 compatible storage.
persistentVolumeClaim PersistentVolumeClaimSpec PersistentVolumeClaim is a Kubernetes PVC specification.
volume StorageVolumeSource Volume is a Kubernetes volume specification.

BasicAuth

BasicAuth refers to the basic authentication mechanism utilized for establishing a connection from the operator to the agent.

Appears in:

Field Description Default Validation
enabled boolean Enabled is a flag to enable BasicAuth
username string Username to be used for basic authentication
passwordSecretKeyRef GeneratedSecretKeyRef PasswordSecretKeyRef to be used for basic authentication

BootstrapFrom

BootstrapFrom defines a source to bootstrap MariaDB from.

Appears in:

Field Description Default Validation
backupRef TypedLocalObjectReference BackupRef is reference to a backup object. If the Kind is not specified, a logical Backup is assumed.
This field takes precedence over S3 and Volume sources.
volumeSnapshotRef LocalObjectReference VolumeSnapshotRef is a reference to a VolumeSnapshot object.
This field takes precedence over S3 and Volume sources.
pointInTimeRecoveryRef LocalObjectReference PointInTimeRecoveryRef is a reference to a PointInTimeRecovery object.
Providing this field implies restoring the PhysicalBackup referenced in the PointInTimeRecovery object and replaying the
archived binary logs up to the point-in-time restoration target, defined by the targetRecoveryTime field.
backupContentType BackupContentType BackupContentType is the backup content type available in the source to bootstrap from.
It is inferred based on the BackupRef and VolumeSnapshotRef fields. If inference is not possible, it defaults to Logical.
Set this field explicitly when using physical backups from S3 or Volume sources.		 Enum: [Logical Physical]
s3 S3 S3 defines the configuration to restore backups from a S3 compatible storage.
This field takes precedence over the Volume source.
azureBlob AzureBlob AzureBlob defines the configuration to restore from Azure Blob compatible storage.
This field takes precedence over the Volume source.
volume StorageVolumeSource Volume is a Kubernetes Volume object that contains a backup.
targetRecoveryTime Time TargetRecoveryTime is a RFC3339 (1970-01-01T00:00:00Z) date and time that defines the point in time recovery objective.
It is used to determine the closest restoration source in time.
stagingStorage StagingStorage StagingStorage defines the temporary storage used to keep external backups and binary logs (i.e. S3) while they are being processed.
It defaults to an emptyDir volume, meaning that the backups will be temporarily stored in the node where the Job is scheduled.
restoreJob Job RestoreJob defines additional properties for the restoration Job.
logLevel string LogLevel to be used in the mariadb-operator container of the restoration Job. It defaults to 'info'. info Enum: [debug info warn error dpanic panic fatal]

CSIVolumeSource

Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.36/#csivolumesource-v1-core.

Appears in:

Field Description Default Validation
driver string
readOnly boolean
fsType string
volumeAttributes object (keys:string, values:string)
nodePublishSecretRef LocalObjectReference

CleanupPolicy

Underlying type: string

CleanupPolicy defines the behavior for cleaning up a resource.

Appears in:

Field Description
Skip CleanupPolicySkip indicates that the resource will NOT be deleted from the database after the CR is deleted.
Delete CleanupPolicyDelete indicates that the resource will be deleted from the database after the CR is deleted.

CompressAlgorithm

Underlying type: string

CompressAlgorithm defines the compression algorithm for a Backup resource.

Appears in:

Field Description
none No compression
bzip2 Bzip2 compression. Good compression ratio, but slower compression/decompression speed compared to gzip.
gzip Gzip compression. Good compression/decompression speed, but worse compression ratio compared to bzip2.

ConfigMapKeySelector

Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.36/#configmapkeyselector-v1-core.

Appears in:

Field Description Default Validation
name string
key string

ConfigMapVolumeSource

Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.36/#configmapvolumesource-v1-core.

Appears in:

Field Description Default Validation
name string
defaultMode integer

Connection

Connection is the Schema for the connections API. It is used to configure connection strings for the applications connecting to MariaDB.

Field Description Default Validation
apiVersion string k8s.mariadb.com/v1alpha1
kind string Connection
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec ConnectionSpec

ConnectionSpec

ConnectionSpec defines the desired state of Connection

Appears in:

Field Description Default Validation
secretName string SecretName to be used in the Connection.
secretTemplate SecretTemplate SecretTemplate to be used in the Connection.
healthCheck HealthCheck HealthCheck to be used in the Connection.
params object (keys:string, values:string) Params to be used in the Connection.
serviceName string ServiceName to be used in the Connection.
port integer Port to connect to. If not provided, it defaults to the MariaDB port or to the first MaxScale listener.
mariaDbRef MariaDBRef MariaDBRef is a reference to the MariaDB to connect to. Either MariaDBRef or MaxScaleRef must be provided.
maxScaleRef ObjectReference MaxScaleRef is a reference to the MaxScale to connect to. Either MariaDBRef or MaxScaleRef must be provided.
username string Username to use for configuring the Connection. Required: {}
passwordSecretKeyRef SecretKeySelector PasswordSecretKeyRef is a reference to the password to use for configuring the Connection.
Either passwordSecretKeyRef or tlsClientCertSecretRef must be provided as client credentials.
If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password.
tlsClientCertSecretRef LocalObjectReference TLSClientCertSecretRef is a reference to a Kubernetes TLS Secret used as authentication when checking the connection health.
Either passwordSecretKeyRef or tlsClientCertSecretRef must be provided as client credentials.
If not provided, the client certificate provided by the referred MariaDB is used if TLS is enabled.
If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the client certificate.
host string Host to connect to. If not provided, it defaults to the MariaDB host or to the MaxScale host.
database string Database to use when configuring the Connection.

ConnectionTemplate

ConnectionTemplate defines a template to customize Connection objects.

Appears in:

Field Description Default Validation
secretName string SecretName to be used in the Connection.
secretTemplate SecretTemplate SecretTemplate to be used in the Connection.
healthCheck HealthCheck HealthCheck to be used in the Connection.
params object (keys:string, values:string) Params to be used in the Connection.
serviceName string ServiceName to be used in the Connection.
port integer Port to connect to. If not provided, it defaults to the MariaDB port or to the first MaxScale listener.

Container

Container object definition.

Appears in:

Field Description Default Validation
name string Name to be given to the container.
image string Image name to be used by the container. The supported format is <image>:<tag>. Required: {}
imagePullPolicy PullPolicy ImagePullPolicy is the image pull policy. One of Always, Never or IfNotPresent. If not defined, it defaults to IfNotPresent. Enum: [Always Never IfNotPresent]
command string array Command to be used in the Container.
args string array Args to be used in the Container.
env EnvVar array Env represents the environment variables to be injected in a container.
volumeMounts VolumeMount array VolumeMounts to be used in the Container.
resources ResourceRequirements Resources describes the compute resource requirements.

ContainerTemplate

ContainerTemplate defines a template to configure Container objects.

Appears in:

Field Description Default Validation
command string array Command to be used in the Container.
args string array Args to be used in the Container.
env EnvVar array Env represents the environment variables to be injected in a container.
envFrom EnvFromSource array EnvFrom represents the references (via ConfigMap and Secrets) to environment variables to be injected in the container.
volumeMounts VolumeMount array VolumeMounts to be used in the Container.
livenessProbe Probe LivenessProbe to be used in the Container.
readinessProbe Probe ReadinessProbe to be used in the Container.
startupProbe Probe StartupProbe to be used in the Container.
resources ResourceRequirements Resources describes the compute resource requirements.
securityContext SecurityContext SecurityContext holds security configuration that will be applied to a container.
lifecycle Lifecycle Lifecycle are actions that the management system should take in response to container lifecycle events.

CooperativeMonitoring

Underlying type: string

CooperativeMonitoring enables coordination between multiple MaxScale instances running monitors. See: https://mariadb.com/docs/server/architecture/components/maxscale/monitors/mariadbmon/use-cooperative-locking-ha-maxscale-mariadb-monitor/

Appears in:

Field Description
majority_of_all CooperativeMonitoringMajorityOfAll requires a lock from the majority of the MariaDB servers, even the ones that are down.
majority_of_running CooperativeMonitoringMajorityOfRunning requires a lock from the majority of the MariaDB servers.

Cordoning

Cordoning defines the parameters for cordoning a resource, resulting in the connections being blocked.

Appears in:

Field Description Default Validation
cordon boolean Cordon blocks connections to the resource.

CronJobTemplate

CronJobTemplate defines parameters for configuring CronJob objects.

Appears in:

Field Description Default Validation
successfulJobsHistoryLimit integer SuccessfulJobsHistoryLimit defines the maximum number of successful Jobs to be displayed. Minimum: 0
failedJobsHistoryLimit integer FailedJobsHistoryLimit defines the maximum number of failed Jobs to be displayed. Minimum: 0
timeZone string TimeZone defines the timezone associated with the cron expression.

Database

Database is the Schema for the databases API. It is used to define a logical database as if you were running a 'CREATE DATABASE' statement.

Field Description Default Validation
apiVersion string k8s.mariadb.com/v1alpha1
kind string Database
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec DatabaseSpec

DatabaseSpec

DatabaseSpec defines the desired state of Database

Appears in:

Field Description Default Validation
requeueInterval Duration RequeueInterval is used to perform requeue reconciliations.
retryInterval Duration RetryInterval is the interval used to perform retries.
cleanupPolicy CleanupPolicy CleanupPolicy defines the behavior for cleaning up a SQL resource. Enum: [Skip Delete]
mariaDbRef MariaDBRef MariaDBRef is a reference to a MariaDB object. Required: {}
characterSet string CharacterSet to use in the Database. utf8
collate string Collate to use in the Database. utf8_general_ci
name string Name overrides the default Database name provided by metadata.name. MaxLength: 80

EmptyDirVolumeSource

Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.36/#emptydirvolumesource-v1-core.

Appears in:

Field Description Default Validation
medium StorageMedium
sizeLimit Quantity

EnvFromSource

Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.36/#envfromsource-v1-core.

Appears in:

Field Description Default Validation
prefix string
configMapRef LocalObjectReference
secretRef LocalObjectReference

EnvVar

Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.36/#envvarsource-v1-core.

Appears in:

Field Description Default Validation
name string Name of the environment variable. Must be a C_IDENTIFIER.
value string
valueFrom EnvVarSource

EnvVarSource

Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.36/#envvarsource-v1-core.

Appears in:

Field Description Default Validation
fieldRef ObjectFieldSelector
configMapKeyRef ConfigMapKeySelector
secretKeyRef SecretKeySelector

EphemeralVolumeSource

Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.36/#ephemeralvolumesource-v1-core.

Appears in:

Field Description Default Validation
volumeClaimTemplate VolumeClaimTemplate

ExecAction

Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.36/#execaction-v1-core.

Appears in:

Field Description Default Validation
command string array

Exporter

Exporter defines a metrics exporter container.

Appears in:

Field Description Default Validation
image string Image name to be used as metrics exporter. The supported format is <image>:<tag>.
Only mysqld-exporter >= v0.15.0 is supported: https://github.com/prometheus/mysqld_exporter
imagePullPolicy PullPolicy ImagePullPolicy is the image pull policy. One of Always, Never or IfNotPresent. If not defined, it defaults to IfNotPresent. Enum: [Always Never IfNotPresent]
imagePullSecrets LocalObjectReference array ImagePullSecrets is the list of pull Secrets to be used to pull the image.
args string array Args to be used in the Container.
port integer Port where the exporter will be listening for connections.
resources ResourceRequirements Resources describes the compute resource requirements.
podMetadata Metadata PodMetadata defines extra metadata for the Pod.
securityContext SecurityContext SecurityContext holds container-level security attributes.
podSecurityContext PodSecurityContext SecurityContext holds pod-level security attributes and common container settings.
affinity AffinityConfig Affinity to be used in the Pod.
nodeSelector object (keys:string, values:string) NodeSelector to be used in the Pod.
tolerations Toleration array Tolerations to be used in the Pod.
priorityClassName string PriorityClassName to be used in the Pod.

ExternalMariaDB

ExternalMariaDB is the Schema for the external MariaDBs API. It is used to define external MariaDB server.

Field Description Default Validation
apiVersion string k8s.mariadb.com/v1alpha1
kind string ExternalMariaDB
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec ExternalMariaDBSpec

ExternalMariaDBSpec

ExternalMariaDBSpec defines the desired state of an External MariaDB

Appears in:

Field Description Default Validation
image string Image name to be used to perform operations on the external MariaDB, for example, for taking backups.
The supported format is <image>:<tag>. Only MariaDB official images are supported.
If not provided, the MariaDB image version be inferred by the operator in runtime. The default MariaDB image will be used in this case,
imagePullPolicy PullPolicy ImagePullPolicy is the image pull policy. One of Always, Never or IfNotPresent. If not defined, it defaults to IfNotPresent. Enum: [Always Never IfNotPresent]
imagePullSecrets LocalObjectReference array ImagePullSecrets is the list of pull Secrets to be used to pull the image.
inheritMetadata Metadata InheritMetadata defines the metadata to be inherited by children resources.
host string Hostname of the external MariaDB. Required: {}
port integer Port of the external MariaDB. 3306
username string Username is the username to connect to the external MariaDB. Required: {}
passwordSecretKeyRef SecretKeySelector PasswordSecretKeyRef is a reference to the password to connect to the external MariaDB.
tls ExternalTLS TLS defines the PKI to be used with the external MariaDB.
connection ConnectionTemplate Connection defines a template to configure a Connection for the external MariaDB.

ExternalTLS

ExternalTLS defines the TLS configuration for external MariaDB instances.

Appears in:

Field Description Default Validation
enabled boolean Enabled indicates whether TLS is enabled, determining if certificates should be issued and mounted to the MariaDB instance.
It is enabled by default.
required boolean Required specifies whether TLS must be enforced for all connections.
User TLS requirements take precedence over this.
It disabled by default.
serverCASecretRef LocalObjectReference ServerCASecretRef is a reference to a Secret containing the server certificate authority keypair. It is used to establish trust and issue server certificates.
One of:
- Secret containing both the 'ca.crt' and 'ca.key' keys. This allows you to bring your own CA to Kubernetes to issue certificates.
- Secret containing only the 'ca.crt' in order to establish trust. In this case, either serverCertSecretRef or serverCertIssuerRef must be provided.
If not provided, a self-signed CA will be provisioned to issue the server certificate.
serverCertSecretRef LocalObjectReference ServerCertSecretRef is a reference to a TLS Secret containing the server certificate.
It is mutually exclusive with serverCertIssuerRef.
serverCertIssuerRef IssuerReference ServerCertIssuerRef is a reference to a cert-manager issuer object used to issue the server certificate. cert-manager must be installed previously in the cluster.
It is mutually exclusive with serverCertSecretRef.
By default, the Secret field 'ca.crt' provisioned by cert-manager will be added to the trust chain. A custom trust bundle may be specified via serverCASecretRef.
clientCASecretRef LocalObjectReference ClientCASecretRef is a reference to a Secret containing the client certificate authority keypair. It is used to establish trust and issue client certificates.
One of:
- Secret containing both the 'ca.crt' and 'ca.key' keys. This allows you to bring your own CA to Kubernetes to issue certificates.
- Secret containing only the 'ca.crt' in order to establish trust. In this case, either clientCertSecretRef or clientCertIssuerRef fields must be provided.
If not provided, a self-signed CA will be provisioned to issue the client certificate.
clientCertSecretRef LocalObjectReference ClientCertSecretRef is a reference to a TLS Secret containing the client certificate.
It is mutually exclusive with clientCertIssuerRef.
clientCertIssuerRef IssuerReference ClientCertIssuerRef is a reference to a cert-manager issuer object used to issue the client certificate. cert-manager must be installed previously in the cluster.
It is mutually exclusive with clientCertSecretRef.
By default, the Secret field 'ca.crt' provisioned by cert-manager will be added to the trust chain. A custom trust bundle may be specified via clientCASecretRef.
galeraSSTEnabled boolean GaleraSSTEnabled determines whether Galera SST connections should use TLS.
It disabled by default.
serverCertAdditionalNames string array ServerCertAdditionalNames is a list of additional certificate common names
mutual boolean Mutual specifies whether TLS must be mutual between server and client for external connections.
When set to false, the client certificate will not be sent during the TLS handshake.
It is enabled by default.

Galera

Galera allows you to enable multi-master HA via Galera in your MariaDB cluster.

Appears in:

Field Description Default Validation
primary PrimaryGalera Primary is the Galera configuration for the primary node.
sst SST SST is the Snapshot State Transfer used when new Pods join the cluster.
More info: https://galeracluster.com/library/documentation/sst.html.		 Enum: [rsync mariabackup mysqldump]
availableWhenDonor boolean AvailableWhenDonor indicates whether a donor node should be responding to queries. It defaults to false.
galeraLibPath string GaleraLibPath is a path inside the MariaDB image to the wsrep provider plugin. It is defaulted if not provided.
More info: https://galeracluster.com/library/documentation/mysql-wsrep-options.html#wsrep-provider.
replicaThreads integer ReplicaThreads is the number of replica threads used to apply Galera write sets in parallel.
More info: https://mariadb.com/kb/en/galera-cluster-system-variables/#wsrep_slave_threads.
providerOptions object (keys:string, values:string) ProviderOptions is map of Galera configuration parameters.
More info: https://mariadb.com/kb/en/galera-cluster-system-variables/#wsrep_provider_options.
agent Agent Agent is a sidecar agent that co-operates with mariadb-operator.
recovery GaleraRecovery GaleraRecovery is the recovery process performed by the operator whenever the Galera cluster is not healthy.
More info: https://galeracluster.com/library/documentation/crash-recovery.html.
initContainer InitContainer InitContainer is an init container that runs in the MariaDB Pod and co-operates with mariadb-operator.
initJob GaleraInitJob InitJob defines a Job that co-operates with mariadb-operator by performing initialization tasks.
config GaleraConfig GaleraConfig defines storage options for the Galera configuration files.
gtidDomainId integer GtidDomainID is the domain ID to be used in GTID mode, enabled when the multi-cluster topology is used.
For example: if you set this to 0, the 'wsrep_gtid_domain_id' will be 0, while the replicas (if 3) will have 'gtid_domain_id' 1,2,3.
Make sure it has a different value on each the member of a multi-cluster topology.
See: https://mariadb.com/docs/galera-cluster/high-availability/using-mariadb-replication-with-mariadb-galera-cluster/configuring-mariadb-replication-between-two-mariadb-galera-clusters
serverId integer ServerID is the server ID to be used in GTID mode, enabled when the multi-cluster topology is used.
Make sure it has a different value on each the member of a multi-cluster topology.
See: https://mariadb.com/docs/galera-cluster/high-availability/using-mariadb-replication-with-mariadb-galera-cluster/configuring-mariadb-replication-between-two-mariadb-galera-clusters
replPasswordSecretKeyRef GeneratedSecretKeyRef ReplPasswordSecretKeyRef provides a reference to the Secret to use as password for the replication user.
This will be utilized as password of the replication user, when the multi-cluster topology is enabled.
By default, a random password will be generated.
enabled boolean Enabled is a flag to enable Galera.

GaleraConfig

GaleraConfig defines storage options for the Galera configuration files.

Appears in:

Field Description Default Validation
reuseStorageVolume boolean ReuseStorageVolume indicates that storage volume used by MariaDB should be reused to store the Galera configuration files.
It defaults to false, which implies that a dedicated volume for the Galera configuration files is provisioned.
volumeClaimTemplate VolumeClaimTemplate VolumeClaimTemplate is a template for the PVC that will contain the Galera configuration files shared between the InitContainer, Agent and MariaDB.

GaleraInitJob

GaleraInitJob defines a Job used to be used to initialize the Galera cluster.

Appears in:

Field Description Default Validation
metadata Metadata Refer to Kubernetes API documentation for fields of metadata.
resources ResourceRequirements Resources describes the compute resource requirements.

GaleraRecovery

GaleraRecovery is the recovery process performed by the operator whenever the Galera cluster is not healthy. More info: https://galeracluster.com/library/documentation/crash-recovery.html.

Appears in:

Field Description Default Validation
enabled boolean Enabled is a flag to enable GaleraRecovery.
minClusterSize IntOrString MinClusterSize is the minimum number of replicas to consider the cluster healthy. It can be either a number of replicas (1) or a percentage (50%).
If Galera consistently reports less replicas than this value for the given 'ClusterHealthyTimeout' interval, a cluster recovery is initiated.
It defaults to '1' replica, and it is highly recommended to keep this value at '1' in most cases.
If set to more than one replica, the cluster recovery process may restart the healthy replicas as well.
clusterMonitorInterval Duration ClusterMonitorInterval represents the interval used to monitor the Galera cluster health.
clusterHealthyTimeout Duration ClusterHealthyTimeout represents the duration at which a Galera cluster, that consistently failed health checks,
is considered unhealthy, and consequently the Galera recovery process will be initiated by the operator.
clusterBootstrapTimeout Duration ClusterBootstrapTimeout is the time limit for bootstrapping a cluster.
Once this timeout is reached, the Galera recovery state is reset and a new cluster bootstrap will be attempted.
clusterUpscaleTimeout Duration ClusterUpscaleTimeout represents the maximum duration for upscaling the cluster's StatefulSet during the recovery process.
clusterDownscaleTimeout Duration ClusterDownscaleTimeout represents the maximum duration for downscaling the cluster's StatefulSet during the recovery process.
podRecoveryTimeout Duration PodRecoveryTimeout is the time limit for recevorying the sequence of a Pod during the cluster recovery.
podSyncTimeout Duration PodSyncTimeout is the time limit for a Pod to join the cluster after having performed a cluster bootstrap during the cluster recovery.
forceClusterBootstrapInPod string ForceClusterBootstrapInPod allows you to manually initiate the bootstrap process in a specific Pod.
IMPORTANT: Use this option only in exceptional circumstances. Not selecting the Pod with the highest sequence number may result in data loss.
IMPORTANT: Ensure you unset this field after completing the bootstrap to allow the operator to choose the appropriate Pod to bootstrap from in an event of cluster recovery.
job GaleraRecoveryJob Job defines a Job that co-operates with mariadb-operator by performing the Galera cluster recovery .

GaleraRecoveryJob

GaleraRecoveryJob defines a Job used to be used to recover the Galera cluster.

Appears in:

Field Description Default Validation
metadata Metadata Refer to Kubernetes API documentation for fields of metadata.
resources ResourceRequirements Resources describes the compute resource requirements.
podAffinity boolean PodAffinity indicates whether the recovery Jobs should run in the same Node as the MariaDB Pods. It defaults to true.

GaleraSpec

GaleraSpec is the Galera desired state specification.

Appears in:

Field Description Default Validation
primary PrimaryGalera Primary is the Galera configuration for the primary node.
sst SST SST is the Snapshot State Transfer used when new Pods join the cluster.
More info: https://galeracluster.com/library/documentation/sst.html.		 Enum: [rsync mariabackup mysqldump]
availableWhenDonor boolean AvailableWhenDonor indicates whether a donor node should be responding to queries. It defaults to false.
galeraLibPath string GaleraLibPath is a path inside the MariaDB image to the wsrep provider plugin. It is defaulted if not provided.
More info: https://galeracluster.com/library/documentation/mysql-wsrep-options.html#wsrep-provider.
replicaThreads integer ReplicaThreads is the number of replica threads used to apply Galera write sets in parallel.
More info: https://mariadb.com/kb/en/galera-cluster-system-variables/#wsrep_slave_threads.
providerOptions object (keys:string, values:string) ProviderOptions is map of Galera configuration parameters.
More info: https://mariadb.com/kb/en/galera-cluster-system-variables/#wsrep_provider_options.
agent Agent Agent is a sidecar agent that co-operates with mariadb-operator.
recovery GaleraRecovery GaleraRecovery is the recovery process performed by the operator whenever the Galera cluster is not healthy.
More info: https://galeracluster.com/library/documentation/crash-recovery.html.
initContainer InitContainer InitContainer is an init container that runs in the MariaDB Pod and co-operates with mariadb-operator.
initJob GaleraInitJob InitJob defines a Job that co-operates with mariadb-operator by performing initialization tasks.
config GaleraConfig GaleraConfig defines storage options for the Galera configuration files.
gtidDomainId integer GtidDomainID is the domain ID to be used in GTID mode, enabled when the multi-cluster topology is used.
For example: if you set this to 0, the 'wsrep_gtid_domain_id' will be 0, while the replicas (if 3) will have 'gtid_domain_id' 1,2,3.
Make sure it has a different value on each the member of a multi-cluster topology.
See: https://mariadb.com/docs/galera-cluster/high-availability/using-mariadb-replication-with-mariadb-galera-cluster/configuring-mariadb-replication-between-two-mariadb-galera-clusters
serverId integer ServerID is the server ID to be used in GTID mode, enabled when the multi-cluster topology is used.
Make sure it has a different value on each the member of a multi-cluster topology.
See: https://mariadb.com/docs/galera-cluster/high-availability/using-mariadb-replication-with-mariadb-galera-cluster/configuring-mariadb-replication-between-two-mariadb-galera-clusters
replPasswordSecretKeyRef GeneratedSecretKeyRef ReplPasswordSecretKeyRef provides a reference to the Secret to use as password for the replication user.
This will be utilized as password of the replication user, when the multi-cluster topology is enabled.
By default, a random password will be generated.

GeneratedSecretKeyRef

GeneratedSecretKeyRef defines a reference to a Secret that can be automatically generated by mariadb-operator if needed.

Appears in:

Field Description Default Validation
name string
key string
generate boolean Generate indicates whether the Secret should be generated if the Secret referenced is not present. false

Grant

Grant is the Schema for the grants API. It is used to define grants as if you were running a 'GRANT' statement.

Field Description Default Validation
apiVersion string k8s.mariadb.com/v1alpha1
kind string Grant
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec GrantSpec

GrantSpec

GrantSpec defines the desired state of Grant

Appears in:

Field Description Default Validation
requeueInterval Duration RequeueInterval is used to perform requeue reconciliations.
retryInterval Duration RetryInterval is the interval used to perform retries.
cleanupPolicy CleanupPolicy CleanupPolicy defines the behavior for cleaning up a SQL resource. Enum: [Skip Delete]
mariaDbRef MariaDBRef MariaDBRef is a reference to a MariaDB object. Required: {}
privileges string array Privileges to use in the Grant. MinItems: 1
Required: {}
database string Database to use in the Grant. *
table string Table to use in the Grant. *
username string Username to use in the Grant. Required: {}
host string Host to use in the Grant. It can be localhost, an IP or '%'.
grantOption boolean GrantOption to use in the Grant. false

Gtid

Underlying type: string

Gtid indicates which Global Transaction ID (GTID) position mode should be used when connecting a replica to the master. See: https://mariadb.com/kb/en/gtid/#using-current_pos-vs-slave_pos.

Appears in:

Field Description
CurrentPos GtidCurrentPos indicates the union of gtid_binlog_pos and gtid_slave_pos will be used when replicating from master.
SlavePos GtidSlavePos indicates that gtid_slave_pos will be used when replicating from master.

HTTPGetAction

Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.36/#httpgetaction-v1-core.

Appears in:

Field Description Default Validation
path string
port IntOrString
host string
scheme URIScheme

HealthCheck

HealthCheck defines intervals for performing health checks.

Appears in:

Field Description Default Validation
interval Duration Interval used to perform health checks.
retryInterval Duration RetryInterval is the interval used to perform health check retries.

HostPathVolumeSource

Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.36/#hostpathvolumesource-v1-core

Appears in:

Field Description Default Validation
path string
type string

InitContainer

InitContainer is an init container that runs in the MariaDB Pod and co-operates with mariadb-operator.

Appears in:

Field Description Default Validation
command string array Command to be used in the Container.
args string array Args to be used in the Container.
env EnvVar array Env represents the environment variables to be injected in a container.
envFrom EnvFromSource array EnvFrom represents the references (via ConfigMap and Secrets) to environment variables to be injected in the container.
volumeMounts VolumeMount array VolumeMounts to be used in the Container.
livenessProbe Probe LivenessProbe to be used in the Container.
readinessProbe Probe ReadinessProbe to be used in the Container.
startupProbe Probe StartupProbe to be used in the Container.
resources ResourceRequirements Resources describes the compute resource requirements.
securityContext SecurityContext SecurityContext holds security configuration that will be applied to a container.
lifecycle Lifecycle Lifecycle are actions that the management system should take in response to container lifecycle events.
image string Image name to be used by the MariaDB instances. The supported format is <image>:<tag>. Required: {}
imagePullPolicy PullPolicy ImagePullPolicy is the image pull policy. One of Always, Never or IfNotPresent. If not defined, it defaults to IfNotPresent. Enum: [Always Never IfNotPresent]

Job

Job defines a Job used to be used with MariaDB.

Appears in:

Field Description Default Validation
metadata Metadata Refer to Kubernetes API documentation for fields of metadata.
affinity AffinityConfig Affinity to be used in the Pod.
nodeSelector object (keys:string, values:string) NodeSelector to be used in the Pod.
tolerations Toleration array Tolerations to be used in the Pod.
resources ResourceRequirements Resources describes the compute resource requirements.
args string array Args to be used in the Container.

JobContainerTemplate

JobContainerTemplate defines a template to configure Container objects that run in a Job.

Appears in:

Field Description Default Validation
args string array Args to be used in the Container.
resources ResourceRequirements Resources describes the compute resource requirements.
securityContext SecurityContext SecurityContext holds security configuration that will be applied to a container.

JobPodTemplate

JobPodTemplate defines a template to configure Container objects that run in a Job.

Appears in:

Field Description Default Validation
podMetadata Metadata PodMetadata defines extra metadata for the Pod.
imagePullSecrets LocalObjectReference array ImagePullSecrets is the list of pull Secrets to be used to pull the image.
podSecurityContext PodSecurityContext SecurityContext holds pod-level security attributes and common container settings.
serviceAccountName string ServiceAccountName is the name of the ServiceAccount to be used by the Pods.
affinity AffinityConfig Affinity to be used in the Pod.
nodeSelector object (keys:string, values:string) NodeSelector to be used in the Pod.
tolerations Toleration array Tolerations to be used in the Pod.
priorityClassName string PriorityClassName to be used in the Pod.

KubernetesAuth

KubernetesAuth refers to the Kubernetes authentication mechanism utilized for establishing a connection from the operator to the agent. The agent validates the legitimacy of the service account token provided as an Authorization header by creating a TokenReview resource.

Appears in:

Field Description Default Validation
enabled boolean Enabled is a flag to enable KubernetesAuth
authDelegatorRoleName string AuthDelegatorRoleName is the name of the ClusterRoleBinding that is associated with the "system:auth-delegator" ClusterRole.
It is necessary for creating TokenReview objects in order for the agent to validate the service account token.

LabelSelector

Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.36/#labelselector-v1-meta

Appears in:

Field Description Default Validation
matchLabels object (keys:string, values:string)
matchExpressions LabelSelectorRequirement array

LabelSelectorRequirement

Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.36/#labelselectorrequirement-v1-meta

Appears in:

Field Description Default Validation
key string
operator LabelSelectorOperator
values string array

Lifecycle

Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.36/#lifecycle-v1-core.

Appears in:

Field Description Default Validation
postStart LifecycleHandler
preStop LifecycleHandler

LifecycleHandler

Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.36/#lifecyclehandler-v1-core.

Appears in:

Field Description Default Validation
exec ExecAction
httpGet HTTPGetAction
sleep SleepAction

LocalObjectReference

Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.36/#localobjectreference-v1-core.

Appears in:

Field Description Default Validation
name string

MariaDB

MariaDB is the Schema for the mariadbs API. It is used to define MariaDB clusters.

Field Description Default Validation
apiVersion string k8s.mariadb.com/v1alpha1
kind string MariaDB
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec MariaDBSpec

MariaDBMaintenance

MariaDBMaintenance defines different capabilities of the operator to allow for maintenance to be performed on MariaDB.

Appears in:

Field Description Default Validation
cordon boolean Cordon blocks connections to the resource.
enabled boolean Enabled turns on maintenance mode
drainConnections boolean DrainConnections determines whether all connections in MariaDB should be drained after drainGracePeriodSeconds.
drainGracePeriodSeconds integer DrainGracePeriodSeconds defines the grace period in seconds before a connection in MariaDB is drained. 30
readOnly boolean ReadOnly will allow only read statements to be performed on the resource.

MariaDBPodTemplate

MariaDBPodTemplate defines a template for MariaDB Pods. Refer to the Kubernetes dos: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.36/#pod-v1-core.

Appears in:

Field Description Default Validation
podMetadata Metadata PodMetadata defines extra metadata for the Pod.
imagePullSecrets LocalObjectReference array ImagePullSecrets is the list of pull Secrets to be used to pull the image.
initContainers Container array InitContainers to be used in the Pod.
sidecarContainers Container array SidecarContainers to be used in the Pod.
podSecurityContext PodSecurityContext SecurityContext holds pod-level security attributes and common container settings.
serviceAccountName string ServiceAccountName is the name of the ServiceAccount to be used by the Pods.
affinity AffinityConfig Affinity to be used in the Pod.
nodeSelector object (keys:string, values:string) NodeSelector to be used in the Pod.
tolerations Toleration array Tolerations to be used in the Pod.
volumes MariaDBVolume array Volumes to be used in the Pod.
priorityClassName string PriorityClassName to be used in the Pod.
topologySpreadConstraints TopologySpreadConstraint array TopologySpreadConstraints to be used in the Pod.
enableServiceLinks boolean EnableServiceLinks to be used in the Pod.
terminationGracePeriodSeconds integer TerminationGracePeriodSeconds to be used in the Pod.

MariaDBRef

MariaDBRef is a reference to a MariaDB object.

Appears in:

Field Description Default Validation
name string
namespace string
kind string Kind of the referent.
waitForIt boolean WaitForIt indicates whether the controller using this reference should wait for MariaDB to be ready. true

MariaDBSpec

MariaDBSpec defines the desired state of MariaDB

Appears in:

Field Description Default Validation
command string array Command to be used in the Container.
args string array Args to be used in the Container.
env EnvVar array Env represents the environment variables to be injected in a container.
envFrom EnvFromSource array EnvFrom represents the references (via ConfigMap and Secrets) to environment variables to be injected in the container.
volumeMounts VolumeMount array VolumeMounts to be used in the Container.
livenessProbe Probe LivenessProbe to be used in the Container.
readinessProbe Probe ReadinessProbe to be used in the Container.
startupProbe Probe StartupProbe to be used in the Container.
resources ResourceRequirements Resources describes the compute resource requirements.
securityContext SecurityContext SecurityContext holds security configuration that will be applied to a container.
lifecycle Lifecycle Lifecycle are actions that the management system should take in response to container lifecycle events.
podMetadata Metadata PodMetadata defines extra metadata for the Pod.
imagePullSecrets LocalObjectReference array ImagePullSecrets is the list of pull Secrets to be used to pull the image.
initContainers Container array InitContainers to be used in the Pod.
sidecarContainers Container array SidecarContainers to be used in the Pod.
podSecurityContext PodSecurityContext SecurityContext holds pod-level security attributes and common container settings.
serviceAccountName string ServiceAccountName is the name of the ServiceAccount to be used by the Pods.
affinity AffinityConfig Affinity to be used in the Pod.
nodeSelector object (keys:string, values:string) NodeSelector to be used in the Pod.
tolerations Toleration array Tolerations to be used in the Pod.
volumes MariaDBVolume array Volumes to be used in the Pod.
priorityClassName string PriorityClassName to be used in the Pod.
topologySpreadConstraints TopologySpreadConstraint array TopologySpreadConstraints to be used in the Pod.
enableServiceLinks boolean EnableServiceLinks to be used in the Pod.
terminationGracePeriodSeconds integer TerminationGracePeriodSeconds to be used in the Pod.
suspend boolean Suspend indicates whether the current resource should be suspended or not.
This can be useful for maintenance, as disabling the reconciliation prevents the operator from interfering with user operations during maintenance activities.		 false
image string Image name to be used by the MariaDB instances. The supported format is <image>:<tag>.
Only MariaDB official images are supported.
imagePullPolicy PullPolicy ImagePullPolicy is the image pull policy. One of Always, Never or IfNotPresent. If not defined, it defaults to IfNotPresent. Enum: [Always Never IfNotPresent]
inheritMetadata Metadata InheritMetadata defines the metadata to be inherited by children resources.
rootPasswordSecretKeyRef GeneratedSecretKeyRef RootPasswordSecretKeyRef is a reference to a Secret key containing the root password.
rootEmptyPassword boolean RootEmptyPassword indicates if the root password should be empty. Don't use this feature in production, it is only intended for development and test environments.
database string Database is the name of the initial Database.
username string Username is the initial username to be created by the operator once MariaDB is ready.
The initial User will have ALL PRIVILEGES in the initial Database.
passwordSecretKeyRef GeneratedSecretKeyRef PasswordSecretKeyRef is a reference to a Secret that contains the password to be used by the initial User.
If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password.
passwordHashSecretKeyRef SecretKeySelector PasswordHashSecretKeyRef is a reference to the password hash to be used by the initial User.
If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password hash.
passwordPlugin PasswordPlugin PasswordPlugin is a reference to the password plugin and arguments to be used by the initial User.
cleanupPolicy CleanupPolicy CleanupPolicy defines the behavior for cleaning up the initial User, Database, and Grant created by the operator. Enum: [Skip Delete]
myCnf string MyCnf allows to specify the my.cnf file mounted by Mariadb.
Updating this field will trigger an update to the Mariadb resource.
myCnfConfigMapKeyRef ConfigMapKeySelector MyCnfConfigMapKeyRef is a reference to the my.cnf config file provided via a ConfigMap.
If not provided, it will be defaulted with a reference to a ConfigMap containing the MyCnf field.
If the referred ConfigMap is labeled with "k8s.mariadb.com/watch", an update to the Mariadb resource will be triggered when the ConfigMap is updated.
timeZone string TimeZone sets the default timezone. If not provided, it defaults to SYSTEM and the timezone data is not loaded.
bootstrapFrom BootstrapFrom BootstrapFrom defines a source to bootstrap from.
storage Storage Storage defines the storage options to be used for provisioning the PVCs mounted by MariaDB.
metrics MariadbMetrics Metrics configures metrics and how to scrape them.
tls TLS TLS defines the PKI to be used with MariaDB.
replication Replication Replication configures high availability via replication. This feature is still in alpha, use Galera if you are looking for a more production-ready HA.
galera Galera Replication configures high availability via Galera.
multiCluster MultiCluster MultiCluster configures the multi-cluster topology.
maxScaleRef ObjectReference MaxScaleRef is a reference to a MaxScale resource to be used with the current MariaDB.
Providing this reference implies delegating high availability tasks such as primary failover to MaxScale.
pointInTimeRecoveryRef LocalObjectReference PointInTimeRecoveryRef is a reference to a PointInTimeRecovery resource to be used with the current MariaDB.
Providing this reference implies configuring binary logs in the MariaDB instance and binary log archival in the sidecar agent.
replicas integer Replicas indicates the number of desired instances. 1
replicasAllowEvenNumber boolean disables the validation check for an odd number of replicas. false
port integer Port where the instances will be listening for connections. 3306
servicePorts ServicePort array ServicePorts is the list of additional named ports to be added to the Services created by the operator.
podDisruptionBudget PodDisruptionBudget PodDisruptionBudget defines the budget for replica availability.
updateStrategy UpdateStrategy UpdateStrategy defines how a MariaDB resource is updated.
service ServiceTemplate Service defines a template to configure the general Service object.
The network traffic of this Service will be routed to all Pods.
connection ConnectionTemplate Connection defines a template to configure the general Connection object.
This Connection provides the initial User access to the initial Database.
It will make use of the Service to route network traffic to all Pods.
primaryService ServiceTemplate PrimaryService defines a template to configure the primary Service object.
The network traffic of this Service will be routed to the primary Pod.
primaryConnection ConnectionTemplate PrimaryConnection defines a template to configure the primary Connection object.
This Connection provides the initial User access to the initial Database.
It will make use of the PrimaryService to route network traffic to the primary Pod.
secondaryService ServiceTemplate SecondaryService defines a template to configure the secondary Service object.
The network traffic of this Service will be routed to the secondary Pods.
secondaryConnection ConnectionTemplate SecondaryConnection defines a template to configure the secondary Connection object.
This Connection provides the initial User access to the initial Database.
It will make use of the SecondaryService to route network traffic to the secondary Pods.
maintenance MariaDBMaintenance Maintenance defines different capabilities of the operator to allow for maintenance to be performed on the DB.
Not to be confused with suspend, maintenance does not interfere with the normal reconciliation of the operator.

MariaDBVolume

Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.36/#volume-v1-core.

Appears in:

Field Description Default Validation
emptyDir EmptyDirVolumeSource
nfs NFSVolumeSource
csi CSIVolumeSource
hostPath HostPathVolumeSource
persistentVolumeClaim PersistentVolumeClaimVolumeSource
secret SecretVolumeSource
configMap ConfigMapVolumeSource
ephemeral EphemeralVolumeSource
name string

MariaDBVolumeSource

Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.36/#volume-v1-core.

Appears in:

Field Description Default Validation
emptyDir EmptyDirVolumeSource
nfs NFSVolumeSource
csi CSIVolumeSource
hostPath HostPathVolumeSource
persistentVolumeClaim PersistentVolumeClaimVolumeSource
secret SecretVolumeSource
configMap ConfigMapVolumeSource
ephemeral EphemeralVolumeSource

MariadbMetrics

MariadbMetrics defines the metrics for a MariaDB.

Appears in:

Field Description Default Validation
enabled boolean Enabled is a flag to enable Metrics
exporter Exporter Exporter defines the metrics exporter container.
serviceMonitor ServiceMonitor ServiceMonitor defines the ServiceMonior object.
username string Username is the username of the monitoring user used by the exporter.
passwordSecretKeyRef GeneratedSecretKeyRef PasswordSecretKeyRef is a reference to the password of the monitoring user used by the exporter.
If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password.

MaxScale

MaxScale is the Schema for the maxscales API. It is used to define MaxScale clusters.

Field Description Default Validation
apiVersion string k8s.mariadb.com/v1alpha1
kind string MaxScale
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec MaxScaleSpec

MaxScaleAdmin

MaxScaleAdmin configures the admin REST API and GUI.

Appears in:

Field Description Default Validation
port integer Port where the admin REST API and GUI will be exposed.
guiEnabled boolean GuiEnabled indicates whether the admin GUI should be enabled.

MaxScaleAuth

MaxScaleAuth defines the credentials required for MaxScale to connect to MariaDB.

Appears in:

Field Description Default Validation
generate boolean Generate defies whether the operator should generate users and grants for MaxScale to work.
It only supports MariaDBs specified via spec.mariaDbRef.
adminUsername string AdminUsername is an admin username to call the admin REST API. It is defaulted if not provided.
adminPasswordSecretKeyRef GeneratedSecretKeyRef AdminPasswordSecretKeyRef is Secret key reference to the admin password to call the admin REST API. It is defaulted if not provided.
deleteDefaultAdmin boolean DeleteDefaultAdmin determines whether the default admin user should be deleted after the initial configuration. If not provided, it defaults to true.
metricsUsername string MetricsUsername is an metrics username to call the REST API. It is defaulted if metrics are enabled.
metricsPasswordSecretKeyRef GeneratedSecretKeyRef MetricsPasswordSecretKeyRef is Secret key reference to the metrics password to call the admib REST API. It is defaulted if metrics are enabled.
clientUsername string ClientUsername is the user to connect to MaxScale. It is defaulted if not provided.
clientPasswordSecretKeyRef GeneratedSecretKeyRef ClientPasswordSecretKeyRef is Secret key reference to the password to connect to MaxScale. It is defaulted if not provided.
If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password.
clientMaxConnections integer ClientMaxConnections defines the maximum number of connections that the client can establish.
If HA is enabled, make sure to increase this value, as more MaxScale replicas implies more connections.
It defaults to 30 times the number of MaxScale replicas.
serverUsername string ServerUsername is the user used by MaxScale to connect to MariaDB server. It is defaulted if not provided.
serverPasswordSecretKeyRef GeneratedSecretKeyRef ServerPasswordSecretKeyRef is Secret key reference to the password used by MaxScale to connect to MariaDB server. It is defaulted if not provided.
If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password.
serverMaxConnections integer ServerMaxConnections defines the maximum number of connections that the server can establish.
If HA is enabled, make sure to increase this value, as more MaxScale replicas implies more connections.
It defaults to 30 times the number of MaxScale replicas.
monitorUsername string MonitorUsername is the user used by MaxScale monitor to connect to MariaDB server. It is defaulted if not provided.
monitorPasswordSecretKeyRef GeneratedSecretKeyRef MonitorPasswordSecretKeyRef is Secret key reference to the password used by MaxScale monitor to connect to MariaDB server. It is defaulted if not provided.
If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password.
monitorMaxConnections integer MonitorMaxConnections defines the maximum number of connections that the monitor can establish.
If HA is enabled, make sure to increase this value, as more MaxScale replicas implies more connections.
It defaults to 30 times the number of MaxScale replicas.
syncUsername string MonitoSyncUsernamerUsername is the user used by MaxScale config sync to connect to MariaDB server. It is defaulted when HA is enabled.
syncPasswordSecretKeyRef GeneratedSecretKeyRef SyncPasswordSecretKeyRef is Secret key reference to the password used by MaxScale config to connect to MariaDB server. It is defaulted when HA is enabled.
If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password.
syncMaxConnections integer SyncMaxConnections defines the maximum number of connections that the sync can establish.
If HA is enabled, make sure to increase this value, as more MaxScale replicas implies more connections.
It defaults to 30 times the number of MaxScale replicas.

MaxScaleConfig

MaxScaleConfig defines the MaxScale configuration.

Appears in:

Field Description Default Validation
params object (keys:string, values:string) Params is a key value pair of parameters to be used in the MaxScale static configuration file.
Any parameter supported by MaxScale may be specified here. See reference:
https://mariadb.com/kb/en/mariadb-maxscale-2308-mariadb-maxscale-configuration-guide/#global-settings.
volumeClaimTemplate VolumeClaimTemplate VolumeClaimTemplate provides a template to define the PVCs for storing MaxScale runtime configuration files. It is defaulted if not provided.
sync MaxScaleConfigSync Sync defines how to replicate configuration across MaxScale replicas. It is defaulted when HA is enabled.

MaxScaleConfigSync

MaxScaleConfigSync defines how the config changes are replicated across replicas.

Appears in:

Field Description Default Validation
database string Database is the MariaDB logical database where the 'maxscale_config' table will be created in order to persist and synchronize config changes. If not provided, it defaults to 'mysql'.
interval Duration Interval defines the config synchronization interval. It is defaulted if not provided.
timeout Duration Interval defines the config synchronization timeout. It is defaulted if not provided.

MaxScaleListener

MaxScaleListener defines how the MaxScale server will listen for connections.

Appears in:

Field Description Default Validation
suspend boolean Suspend indicates whether the current resource should be suspended or not.
This can be useful for maintenance, as disabling the reconciliation prevents the operator from interfering with user operations during maintenance activities.		 false
name string Name is the identifier of the listener. It is defaulted if not provided
port integer Port is the network port where the MaxScale server will listen. Required: {}
protocol string Protocol is the MaxScale protocol to use when communicating with the client. If not provided, it defaults to MariaDBProtocol.
params object (keys:string, values:string) Params defines extra parameters to pass to the listener.
Any parameter supported by MaxScale may be specified here. See reference:
https://mariadb.com/kb/en/mariadb-maxscale-2308-mariadb-maxscale-configuration-guide/#listener_1.

MaxScaleMaintenance

MaxScaleMaintenance defines different capabilities of the operator to allow for maintenance to be performed on MaxScale.

Appears in:

Field Description Default Validation
cordon boolean Cordon blocks connections to the resource.
enabled boolean Enabled turns on maintenance mode

MaxScaleMetrics

MaxScaleMetrics defines the metrics for a Maxscale.

Appears in:

Field Description Default Validation
enabled boolean Enabled is a flag to enable Metrics
exporter Exporter Exporter defines the metrics exporter container.
serviceMonitor ServiceMonitor ServiceMonitor defines the ServiceMonior object.

MaxScaleMonitor

MaxScaleMonitor monitors MariaDB server instances

Appears in:

Field Description Default Validation
suspend boolean Suspend indicates whether the current resource should be suspended or not.
This can be useful for maintenance, as disabling the reconciliation prevents the operator from interfering with user operations during maintenance activities.		 false
name string Name is the identifier of the monitor. It is defaulted if not provided.
module MonitorModule Module is the module to use to monitor MariaDB servers. It is mandatory when no MariaDB reference is provided.
interval Duration Interval used to monitor MariaDB servers. It is defaulted if not provided.
cooperativeMonitoring CooperativeMonitoring CooperativeMonitoring enables coordination between multiple MaxScale instances running monitors. It is defaulted when HA is enabled. Enum: [majority_of_all majority_of_running]
params object (keys:string, values:string) Params defines extra parameters to pass to the monitor.
Any parameter supported by MaxScale may be specified here. See reference:
https://mariadb.com/kb/en/mariadb-maxscale-2308-common-monitor-parameters/.
Monitor specific parameter are also supported:
https://mariadb.com/kb/en/mariadb-maxscale-2308-galera-monitor/#galera-monitor-optional-parameters.
https://mariadb.com/kb/en/mariadb-maxscale-2308-mariadb-monitor/#configuration.

MaxScalePodTemplate

MaxScalePodTemplate defines a template for MaxScale Pods.

Appears in:

Field Description Default Validation
podMetadata Metadata PodMetadata defines extra metadata for the Pod.
imagePullSecrets LocalObjectReference array ImagePullSecrets is the list of pull Secrets to be used to pull the image.
podSecurityContext PodSecurityContext SecurityContext holds pod-level security attributes and common container settings.
serviceAccountName string ServiceAccountName is the name of the ServiceAccount to be used by the Pods.
affinity AffinityConfig Affinity to be used in the Pod.
nodeSelector object (keys:string, values:string) NodeSelector to be used in the Pod.
tolerations Toleration array Tolerations to be used in the Pod.
priorityClassName string PriorityClassName to be used in the Pod.
topologySpreadConstraints TopologySpreadConstraint array TopologySpreadConstraints to be used in the Pod.
enableServiceLinks boolean EnableServiceLinks indicates whether information about services should be injected into pod's
environment variables, matching the syntax of Docker links. Defaults to true if not specified.
Set to false to disable injection of service link environment variables.

MaxScaleServer

MaxScaleServer defines a MariaDB server to forward traffic to.

Appears in:

Field Description Default Validation
name string Name is the identifier of the MariaDB server. Required: {}
address string Address is the network address of the MariaDB server. Required: {}
port integer Port is the network port of the MariaDB server. If not provided, it defaults to 3306.
protocol string Protocol is the MaxScale protocol to use when communicating with this MariaDB server. If not provided, it defaults to MariaDBBackend.
maintenance boolean Maintenance indicates whether the server is in maintenance mode.
params object (keys:string, values:string) Params defines extra parameters to pass to the server.
Any parameter supported by MaxScale may be specified here. See reference:
https://mariadb.com/kb/en/mariadb-maxscale-2308-mariadb-maxscale-configuration-guide/#server_1.

MaxScaleService

Services define how the traffic is forwarded to the MariaDB servers.

Appears in:

Field Description Default Validation
suspend boolean Suspend indicates whether the current resource should be suspended or not.
This can be useful for maintenance, as disabling the reconciliation prevents the operator from interfering with user operations during maintenance activities.		 false
name string Name is the identifier of the MaxScale service. Required: {}
router ServiceRouter Router is the type of router to use. Enum: [readwritesplit readconnroute]
Required: {}
listener MaxScaleListener MaxScaleListener defines how the MaxScale server will listen for connections. Required: {}
params object (keys:string, values:string) Params defines extra parameters to pass to the service.
Any parameter supported by MaxScale may be specified here. See reference:
https://mariadb.com/kb/en/mariadb-maxscale-2308-mariadb-maxscale-configuration-guide/#service_1.
Router specific parameter are also supported:
https://mariadb.com/kb/en/mariadb-maxscale-2308-readwritesplit/#configuration.
https://mariadb.com/kb/en/mariadb-maxscale-2308-readconnroute/#configuration.

MaxScaleSpec

MaxScaleSpec defines the desired state of MaxScale.

Appears in:

Field Description Default Validation
command string array Command to be used in the Container.
args string array Args to be used in the Container.
env EnvVar array Env represents the environment variables to be injected in a container.
envFrom EnvFromSource array EnvFrom represents the references (via ConfigMap and Secrets) to environment variables to be injected in the container.
volumeMounts VolumeMount array VolumeMounts to be used in the Container.
livenessProbe Probe LivenessProbe to be used in the Container.
readinessProbe Probe ReadinessProbe to be used in the Container.
startupProbe Probe StartupProbe to be used in the Container.
resources ResourceRequirements Resources describes the compute resource requirements.
securityContext SecurityContext SecurityContext holds security configuration that will be applied to a container.
lifecycle Lifecycle Lifecycle are actions that the management system should take in response to container lifecycle events.
podMetadata Metadata PodMetadata defines extra metadata for the Pod.
imagePullSecrets LocalObjectReference array ImagePullSecrets is the list of pull Secrets to be used to pull the image.
podSecurityContext PodSecurityContext SecurityContext holds pod-level security attributes and common container settings.
serviceAccountName string ServiceAccountName is the name of the ServiceAccount to be used by the Pods.
affinity AffinityConfig Affinity to be used in the Pod.
nodeSelector object (keys:string, values:string) NodeSelector to be used in the Pod.
tolerations Toleration array Tolerations to be used in the Pod.
priorityClassName string PriorityClassName to be used in the Pod.
topologySpreadConstraints TopologySpreadConstraint array TopologySpreadConstraints to be used in the Pod.
enableServiceLinks boolean EnableServiceLinks indicates whether information about services should be injected into pod's
environment variables, matching the syntax of Docker links. Defaults to true if not specified.
Set to false to disable injection of service link environment variables.
suspend boolean Suspend indicates whether the current resource should be suspended or not.
This can be useful for maintenance, as disabling the reconciliation prevents the operator from interfering with user operations during maintenance activities.		 false
mariaDbRef MariaDBRef MariaDBRef is a reference to the MariaDB that MaxScale points to. It is used to initialize the servers field.
primaryServer string PrimaryServer specifies the desired primary server. Setting this field triggers a switchover operation in MaxScale to the desired server.
This option is only valid when using monitors that support switchover, currently limited to the MariaDB monitor.
servers MaxScaleServer array Servers are the MariaDB servers to forward traffic to. It is required if 'spec.mariaDbRef' is not provided.
image string Image name to be used by the MaxScale instances. The supported format is <image>:<tag>.
Only MaxScale official images are supported.
imagePullPolicy PullPolicy ImagePullPolicy is the image pull policy. One of Always, Never or IfNotPresent. If not defined, it defaults to IfNotPresent. Enum: [Always Never IfNotPresent]
inheritMetadata Metadata InheritMetadata defines the metadata to be inherited by children resources.
services MaxScaleService array Services define how the traffic is forwarded to the MariaDB servers. It is defaulted if not provided.
monitor MaxScaleMonitor Monitor monitors MariaDB server instances. It is required if 'spec.mariaDbRef' is not provided.
admin MaxScaleAdmin Admin configures the admin REST API and GUI.
config MaxScaleConfig Config defines the MaxScale configuration.
auth MaxScaleAuth Auth defines the credentials required for MaxScale to connect to MariaDB.
metrics MaxScaleMetrics Metrics configures metrics and how to scrape them.
tls MaxScaleTLS TLS defines the PKI to be used with MaxScale.
connection ConnectionTemplate Connection provides a template to define the Connection for MaxScale.
replicas integer Replicas indicates the number of desired instances. 1
podDisruptionBudget PodDisruptionBudget PodDisruptionBudget defines the budget for replica availability.
updateStrategy StatefulSetUpdateStrategy UpdateStrategy defines the update strategy for the StatefulSet object.
kubernetesService ServiceTemplate KubernetesService defines a template for a Kubernetes Service object to connect to MaxScale.
guiKubernetesService ServiceTemplate GuiKubernetesService defines a template for a Kubernetes Service object to connect to MaxScale's GUI.
requeueInterval Duration RequeueInterval is used to perform requeue reconciliations. If not defined, it defaults to 10s.
maintenance MaxScaleMaintenance Maintenance defines different capabilities of the operator to allow for maintenance to be performed on the DB.
Not to be confused with suspend, maintenance does not interfere with the normal reconciliation of the operator.

MaxScaleTLS

TLS defines the PKI to be used with MaxScale.

Appears in:

Field Description Default Validation
enabled boolean Enabled indicates whether TLS is enabled, determining if certificates should be issued and mounted to the MaxScale instance.
It is enabled by default when the referred MariaDB instance (via mariaDbRef) has TLS enabled and enforced.
adminCASecretRef LocalObjectReference AdminCASecretRef is a reference to a Secret containing the admin certificate authority keypair. It is used to establish trust and issue certificates for the MaxScale's administrative REST API and GUI.
One of:
- Secret containing both the 'ca.crt' and 'ca.key' keys. This allows you to bring your own CA to Kubernetes to issue certificates.
- Secret containing only the 'ca.crt' in order to establish trust. In this case, either adminCertSecretRef or adminCertIssuerRef fields must be provided.
If not provided, a self-signed CA will be provisioned to issue the server certificate.
adminCertSecretRef LocalObjectReference AdminCertSecretRef is a reference to a TLS Secret used by the MaxScale's administrative REST API and GUI.
adminCertIssuerRef IssuerReference AdminCertIssuerRef is a reference to a cert-manager issuer object used to issue the MaxScale's administrative REST API and GUI certificate. cert-manager must be installed previously in the cluster.
It is mutually exclusive with adminCertSecretRef.
By default, the Secret field 'ca.crt' provisioned by cert-manager will be added to the trust chain. A custom trust bundle may be specified via adminCASecretRef.
listenerCASecretRef LocalObjectReference ListenerCASecretRef is a reference to a Secret containing the listener certificate authority keypair. It is used to establish trust and issue certificates for the MaxScale's listeners.
One of:
- Secret containing both the 'ca.crt' and 'ca.key' keys. This allows you to bring your own CA to Kubernetes to issue certificates.
- Secret containing only the 'ca.crt' in order to establish trust. In this case, either listenerCertSecretRef or listenerCertIssuerRef fields must be provided.
If not provided, a self-signed CA will be provisioned to issue the listener certificate.
listenerCertSecretRef LocalObjectReference ListenerCertSecretRef is a reference to a TLS Secret used by the MaxScale's listeners.
listenerCertIssuerRef IssuerReference ListenerCertIssuerRef is a reference to a cert-manager issuer object used to issue the MaxScale's listeners certificate. cert-manager must be installed previously in the cluster.
It is mutually exclusive with listenerCertSecretRef.
By default, the Secret field 'ca.crt' provisioned by cert-manager will be added to the trust chain. A custom trust bundle may be specified via listenerCASecretRef.
serverCASecretRef LocalObjectReference ServerCASecretRef is a reference to a Secret containing the MariaDB server CA certificates. It is used to establish trust with MariaDB servers.
The Secret should contain a 'ca.crt' key in order to establish trust.
If not provided, and the reference to a MariaDB resource is set (mariaDbRef), it will be defaulted to the referred MariaDB CA bundle.
serverCertSecretRef LocalObjectReference ServerCertSecretRef is a reference to a TLS Secret used by MaxScale to connect to the MariaDB servers.
If not provided, and the reference to a MariaDB resource is set (mariaDbRef), it will be defaulted to the referred MariaDB client certificate (clientCertSecretRef).
verifyPeerCertificate boolean VerifyPeerCertificate specifies whether the peer certificate's signature should be validated against the CA.
It is disabled by default.
verifyPeerHost boolean VerifyPeerHost specifies whether the peer certificate's SANs should match the peer host.
It is disabled by default.
replicationSSLEnabled boolean ReplicationSSLEnabled specifies whether the replication SSL is enabled. If enabled, the SSL options will be added to the server configuration.
It is enabled by default when the referred MariaDB instance (via mariaDbRef) has replication enabled.
If the MariaDB servers are manually provided by the user via the 'servers' field, this must be set by the user as well.

Metadata

Metadata defines the metadata to added to resources.

Appears in:

Field Description Default Validation
labels object (keys:string, values:string) Labels to be added to children resources.
annotations object (keys:string, values:string) Annotations to be added to children resources.

MonitorModule

Underlying type: string

MonitorModule defines the type of monitor module

Appears in:

Field Description
mariadbmon MonitorModuleMariadb is a monitor to be used with MariaDB servers.
galeramon MonitorModuleGalera is a monitor to be used with Galera servers.

MultiCluster

MultiCluster is the multi-cluster topology configuration.

Appears in:

Field Description Default Validation
primary string Primary is the name of the primary cluster. It refers to a member in the 'members' field, containing its full specification.
members MultiClusterMember array Members is the specification of each member of the multi-cluster topology.
enabled boolean Enabled is a flag to enable the multi-cluster topology.

MultiClusterMember

MultiClusterMember defines the configuration for a multi-cluster topology member.

Appears in:

Field Description Default Validation
name string Name is the identifier of the member.
externalMariaDbRef ObjectReference ExternalMariaDBRef holds a reference to an ExternalMariaDB with connection details to form the multi-cluster topology.
These connection details are utilized to setup remote replicas.

MultiClusterSpec

MultiClusterSpec is the specification for the multi-cluster topology.

Appears in:

Field Description Default Validation
primary string Primary is the name of the primary cluster. It refers to a member in the 'members' field, containing its full specification.
members MultiClusterMember array Members is the specification of each member of the multi-cluster topology.

NFSVolumeSource

Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.36/#nfsvolumesource-v1-core.

Appears in:

Field Description Default Validation
server string
path string
readOnly boolean

NodeAffinity

Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.36/#nodeaffinity-v1-core

Appears in:

Field Description Default Validation
requiredDuringSchedulingIgnoredDuringExecution NodeSelector
preferredDuringSchedulingIgnoredDuringExecution PreferredSchedulingTerm array

NodeSelector

Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.36/#nodeselector-v1-core

Appears in:

Field Description Default Validation
nodeSelectorTerms NodeSelectorTerm array

NodeSelectorRequirement

Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.36/#nodeselectorrequirement-v1-core

Appears in:

Field Description Default Validation
key string
operator NodeSelectorOperator
values string array

NodeSelectorTerm

Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.36/#nodeselectorterm-v1-core

Appears in:

Field Description Default Validation
matchExpressions NodeSelectorRequirement array
matchFields NodeSelectorRequirement array

ObjectFieldSelector

Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.36/#objectfieldselector-v1-core.

Appears in:

Field Description Default Validation
apiVersion string
fieldPath string

ObjectReference

Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.36/#objectreference-v1-core.

Appears in:

Field Description Default Validation
name string
namespace string

PasswordPlugin

PasswordPlugin defines the password plugin and its arguments.

Appears in:

Field Description Default Validation
pluginNameSecretKeyRef SecretKeySelector PluginNameSecretKeyRef is a reference to the authentication plugin to be used by the User.
If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the authentication plugin.
pluginArgSecretKeyRef SecretKeySelector PluginArgSecretKeyRef is a reference to the arguments to be provided to the authentication plugin for the User.
If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the authentication plugin arguments.

PersistentVolumeClaimRetentionPolicyType

Underlying type: string

PersistentVolumeClaimRetentionPolicyType describes the lifecycle of persistent volume claims. Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.36/#statefulsetpersistentvolumeclaimretentionpolicy-v1-apps.

Appears in:

Field Description
Delete PersistentVolumeClaimRetentionPolicyDelete deletes PVCs when their owning pods or StatefulSet are deleted.
Retain PersistentVolumeClaimRetentionPolicyRetain retains PVCs when their owning pods or StatefulSet are deleted.

PersistentVolumeClaimSpec

Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.36/#persistentvolumeclaimspec-v1-core.

Appears in:

Field Description Default Validation
accessModes PersistentVolumeAccessMode array
selector LabelSelector
resources VolumeResourceRequirements
storageClassName string

PersistentVolumeClaimVolumeSource

Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.36/#persistentvolumeclaimvolumesource-v1-core.

Appears in:

Field Description Default Validation
claimName string
readOnly boolean

PhysicalBackup

PhysicalBackup is the Schema for the physicalbackups API. It is used to define physical backup jobs and its storage.

Field Description Default Validation
apiVersion string k8s.mariadb.com/v1alpha1
kind string PhysicalBackup
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec PhysicalBackupSpec

PhysicalBackupPodTemplate

PhysicalBackupPodTemplate defines a template to configure Container objects that run in a PhysicalBackup.

Appears in:

Field Description Default Validation
podMetadata Metadata PodMetadata defines extra metadata for the Pod.
imagePullSecrets LocalObjectReference array ImagePullSecrets is the list of pull Secrets to be used to pull the image.
podSecurityContext PodSecurityContext SecurityContext holds pod-level security attributes and common container settings.
serviceAccountName string ServiceAccountName is the name of the ServiceAccount to be used by the Pods.
tolerations Toleration array Tolerations to be used in the Pod.
priorityClassName string PriorityClassName to be used in the Pod.

PhysicalBackupSchedule

PhysicalBackupSchedule defines when the PhysicalBackup will be taken.

Appears in:

Field Description Default Validation
cron string Cron is a cron expression that defines the schedule.
suspend boolean Suspend defines whether the schedule is active or not. false
immediate boolean Immediate indicates whether the first backup should be taken immediately after creating the PhysicalBackup.
onDemand string OnDemand is an identifier used to trigger an on-demand backup.
If the identifier is different than the one tracked under status.lastScheduleOnDemand, a new physical backup will be triggered.

PhysicalBackupSpec

PhysicalBackupSpec defines the desired state of PhysicalBackup.

Appears in:

Field Description Default Validation
args string array Args to be used in the Container.
resources ResourceRequirements Resources describes the compute resource requirements.
securityContext SecurityContext SecurityContext holds security configuration that will be applied to a container.
podMetadata Metadata PodMetadata defines extra metadata for the Pod.
imagePullSecrets LocalObjectReference array ImagePullSecrets is the list of pull Secrets to be used to pull the image.
podSecurityContext PodSecurityContext SecurityContext holds pod-level security attributes and common container settings.
serviceAccountName string ServiceAccountName is the name of the ServiceAccount to be used by the Pods.
tolerations Toleration array Tolerations to be used in the Pod.
priorityClassName string PriorityClassName to be used in the Pod.
mariaDbRef MariaDBRef MariaDBRef is a reference to a MariaDB object. Required: {}
target PhysicalBackupTarget Target defines in which Pod the physical backups will be taken. It defaults to "Replica", meaning that the physical backups will only be taken in ready replicas. Enum: [Replica PreferReplica]
compression CompressAlgorithm Compression algorithm to be used in the Backup. Enum: [none bzip2 gzip]
stagingStorage StagingStorage StagingStorage defines the temporary storage used to keep external backups (i.e. S3) while they are being processed.
It defaults to an emptyDir volume, meaning that the backups will be temporarily stored in the node where the PhysicalBackup Job is scheduled.
The staging area gets cleaned up after each backup is completed, consider this for sizing it appropriately.
storage PhysicalBackupStorage Storage defines the final storage for backups. Required: {}
schedule PhysicalBackupSchedule Schedule defines when the PhysicalBackup will be taken.
maxRetention Duration MaxRetention defines the retention policy for backups. Old backups will be cleaned up by the Backup Job.
It defaults to 30 days.
timeout Duration Timeout defines the maximum duration of a PhysicalBackup job or snapshot.
If this duration is exceeded, the job or snapshot is considered expired and is deleted by the operator.
A new job or snapshot will then be created according to the schedule.
It defaults to 1 hour.
podAffinity boolean PodAffinity indicates whether the Jobs should run in the same Node as the MariaDB Pods to be able to attach the PVC.
It defaults to true.
backoffLimit integer BackoffLimit defines the maximum number of attempts to successfully take a PhysicalBackup.
restartPolicy RestartPolicy RestartPolicy to be added to the PhysicalBackup Pod. OnFailure Enum: [Always OnFailure Never]
inheritMetadata Metadata InheritMetadata defines the metadata to be inherited by children resources.
successfulJobsHistoryLimit integer SuccessfulJobsHistoryLimit defines the maximum number of successful Jobs to be displayed. It defaults to 5. Minimum: 0
failedJobsHistoryLimit integer FailedJobsHistoryLimit defines the maximum number of failed Jobs to be displayed. It defaults to 5. Minimum: 0
logLevel string LogLevel to be used in the PhysicalBackup Job. It defaults to 'info'. info Enum: [debug info warn error dpanic panic fatal]

PhysicalBackupStorage

PhysicalBackupStorage defines the storage for physical backups.

Appears in:

Field Description Default Validation
s3 S3 S3 defines the configuration to store backups in a S3 compatible storage.
azureBlob AzureBlob AzureBlob defines the configuration to store backups in a AzureBlob compatible storage.
persistentVolumeClaim PersistentVolumeClaimSpec PersistentVolumeClaim is a Kubernetes PVC specification.
volume StorageVolumeSource Volume is a Kubernetes volume specification.
volumeSnapshot PhysicalBackupVolumeSnapshot VolumeSnapshot is a Kubernetes VolumeSnapshot specification.

PhysicalBackupTarget

Underlying type: string

PhysicalBackupTarget defines in which Pod the physical backups will be taken.

Appears in:

Field Description
Replica PhysicalBackupTargetReplica indicates that the physical backup will be taken in a ready replica.
PreferReplica PhysicalBackupTargetReplica indicates that the physical backup will preferably be taken in a ready replica.
If no ready replicas are available, physical backups will be taken in the primary.

PhysicalBackupVolumeSnapshot

PhysicalBackupVolumeSnapshot defines parameters for the VolumeSnapshots used as physical backups.

Appears in:

Field Description Default Validation
metadata Metadata Refer to Kubernetes API documentation for fields of metadata.
volumeSnapshotClassName string VolumeSnapshotClassName is the VolumeSnapshot class to be used to take snapshots. Required: {}

PodAffinityTerm

Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.36/#podaffinityterm-v1-core.

Appears in:

Field Description Default Validation
labelSelector LabelSelector
topologyKey string

PodAntiAffinity

Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.36/#podantiaffinity-v1-core.

Appears in:

Field Description Default Validation
requiredDuringSchedulingIgnoredDuringExecution PodAffinityTerm array
preferredDuringSchedulingIgnoredDuringExecution WeightedPodAffinityTerm array

PodDisruptionBudget

PodDisruptionBudget is the Pod availability bundget for a MariaDB

Appears in:

Field Description Default Validation
minAvailable IntOrString MinAvailable defines the number of minimum available Pods.
maxUnavailable IntOrString MaxUnavailable defines the number of maximum unavailable Pods.

PodSecurityContext

Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.36/#podsecuritycontext-v1-core

Appears in:

Field Description Default Validation
seLinuxOptions SELinuxOptions
runAsUser integer
runAsGroup integer
runAsNonRoot boolean
supplementalGroups integer array
fsGroup integer
fsGroupChangePolicy PodFSGroupChangePolicy
seccompProfile SeccompProfile
appArmorProfile AppArmorProfile

PointInTimeRecovery

PointInTimeRecovery is the Schema for the pointintimerecoveries API. It contains binlog archival and point-in-time restoration settings.

Field Description Default Validation
apiVersion string k8s.mariadb.com/v1alpha1
kind string PointInTimeRecovery
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec PointInTimeRecoverySpec

PointInTimeRecoverySpec

PointInTimeRecoverySpec defines the desired state of PointInTimeRecovery. It contains binlog archive and point-in-time restoration settings.

Appears in:

Field Description Default Validation
physicalBackupRef LocalObjectReference PhysicalBackupRef is a reference to a PhysicalBackup object that will be used as base backup. Required: {}
storage PointInTimeRecoveryStorage PointInTimeRecoveryStorage is the storage where the point in time recovery data will be stored Required: {}
compression CompressAlgorithm Compression algorithm to be used for compressing the binary logs.
This field is immutable, it cannot be updated after creation.		 Enum: [none bzip2 gzip]
archiveTimeout Duration ArchiveTimeout defines the maximum duration for the binary log archival.
If this duration is exceeded, the sidecar agent will log an error and it will be retried in the next archive cycle.
It defaults to 1 hour.		 1h
strictMode boolean StrictMode controls the behavior when a point-in-time restoration cannot reach the exact target time:
When enabled: Returns an error and avoids replaying binary logs if target time is not reached.
When disabled (default): Replays available binary logs until the last recoverable time. It logs logs an error if target time is not reached.

PointInTimeRecoveryStorage

PointInTimeRecoveryStorage stores the different storage options for PITR

Appears in:

Field Description Default Validation
s3 S3 S3 is the S3-compatible storage where the binary logs will be kept.
azureBlob AzureBlob AzureBlob is the Azure Blob Storage where the binary logs will be kept.

PreferredSchedulingTerm

Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.36/#preferredschedulingterm-v1-core

Appears in:

Field Description Default Validation
weight integer
preference NodeSelectorTerm

PrimaryGalera

PrimaryGalera is the Galera configuration for the primary node.

Appears in:

Field Description Default Validation
podIndex integer PodIndex is the StatefulSet index of the primary node. The user may change this field to perform a manual switchover.
autoFailover boolean AutoFailover indicates whether the operator should automatically update PodIndex to perform an automatic primary failover.

PrimaryReplication

PrimaryReplication is the replication configuration and operation parameters for the primary.

Appears in:

Field Description Default Validation
podIndex integer PodIndex is the StatefulSet index of the primary node. The user may change this field to perform a manual switchover.
autoFailover boolean AutoFailover indicates whether the operator should automatically update PodIndex to perform an automatic primary failover.
It is enabled by default.
autoFailoverDelay Duration AutoFailoverDelay indicates the duration before performing an automatic primary failover.
By default, no extra delay is added.

Probe

Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.36/#probe-v1-core.

Appears in:

Field Description Default Validation
exec ExecAction
httpGet HTTPGetAction
tcpSocket TCPSocketAction
initialDelaySeconds integer
timeoutSeconds integer
periodSeconds integer
successThreshold integer
failureThreshold integer

ProbeHandler

Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.36/#probe-v1-core.

Appears in:

Field Description Default Validation
exec ExecAction
httpGet HTTPGetAction
tcpSocket TCPSocketAction

ReplicaBootstrapFrom

ReplicaBootstrapFrom defines the sources for bootstrapping new relicas.

Appears in:

Field Description Default Validation
physicalBackupTemplateRef LocalObjectReference PhysicalBackupTemplateRef is a reference to a PhysicalBackup object that will be used as template to create a new PhysicalBackup object
used synchronize the data from an up to date replica to the new replica to be bootstrapped.		 Required: {}
restoreJob Job RestoreJob defines additional properties for the Job used to perform the restoration.

ReplicaRecovery

ReplicaRecovery defines how the replicas should be recovered after they enter an error state.

Appears in:

Field Description Default Validation
enabled boolean Enabled is a flag to enable replica recovery. Required: {}
errorDurationThreshold Duration ErrorDurationThreshold defines the time duration after which, if a replica continues to report errors,
the operator will initiate the recovery process for that replica.
This threshold applies only to error codes not identified as recoverable by the operator.
Errors identified as recoverable will trigger the recovery process immediately.
It defaults to 5 minutes.

ReplicaReplication

ReplicaReplication is the replication configuration and operation parameters for the replicas.

Appears in:

Field Description Default Validation
replPasswordSecretKeyRef GeneratedSecretKeyRef ReplPasswordSecretKeyRef provides a reference to the Secret to use as password for the replication user.
By default, a random password will be generated.
gtid Gtid Gtid indicates which Global Transaction ID (GTID) position mode should be used when connecting a replica to the master.
By default, CurrentPos is used.
See: https://mariadb.com/docs/server/reference/sql-statements/administrative-sql-statements/replication-statements/change-master-to#master_use_gtid.		 Enum: [CurrentPos SlavePos]
connectionRetrySeconds integer ConnectionRetrySeconds is the number of seconds that the replica will wait between connection retries.
See: https://mariadb.com/docs/server/reference/sql-statements/administrative-sql-statements/replication-statements/change-master-to#master_connect_retry.
maxLagSeconds integer MaxLagSeconds is the maximum number of seconds that replicas are allowed to lag behind the primary.
If a replica exceeds this threshold, it is marked as not ready and read queries will no longer be forwarded to it.
If not provided, it defaults to 0, which means that replicas are not allowed to lag behind the primary (recommended).
Lagged replicas will not be taken into account as candidates for the new primary during failover,
and they will block other operations, such as switchover and upgrade.
This field is not taken into account by MaxScale, you can define the maximum lag as router parameters.
See: https://mariadb.com/docs/maxscale/reference/maxscale-routers/maxscale-readwritesplit#max_replication_lag.
syncTimeout Duration SyncTimeout defines the timeout for the synchronization phase during switchover and failover operations.
During switchover, all replicas must be synced with the current primary before promoting the new primary.
During failover, the new primary must be synced before being promoted as primary. This implies processing all the events in the relay log.
When the timeout is reached, the operator restarts the operation from the beginning.
It defaults to 10s.
See: https://mariadb.com/docs/server/reference/sql-functions/secondary-functions/miscellaneous-functions/master_gtid_wait
bootstrapFrom ReplicaBootstrapFrom ReplicaBootstrapFrom defines the data sources used to bootstrap new replicas.
This will be used as part of the scaling out and recovery operations, when new replicas are created.
If not provided, scale out and recovery operations will return an error.
recovery ReplicaRecovery ReplicaRecovery defines how the replicas should be recovered after they enter an error state.
This process deletes data from faulty replicas and recreates them using the source defined in the bootstrapFrom field.
It is disabled by default, and it requires the bootstrapFrom field to be set.

Replication

Replication defines replication configuration for a MariaDB cluster.

Appears in:

Field Description Default Validation
primary PrimaryReplication Primary is the replication configuration for the primary node.
replica ReplicaReplication ReplicaReplication is the replication configuration for the replica nodes.
gtidStrictMode boolean GtidStrictMode determines whether the GTID strict mode is enabled.
See: https://mariadb.com/docs/server/ha-and-performance/standard-replication/gtid#gtid_strict_mode.
It is enabled by default.
gtidDomainId integer GtidDomainID is gtid_domain_id for all of the MariaDB nodes.
It is immutable.
See: https://mariadb.com/docs/server/ha-and-performance/standard-replication/gtid#gtid_domain_id
serverIdStartIndex integer ServerIDStartIndex sets the start index of the MariaDB nodes. Each subsequent replica will increment this by 1.
It is immutable.
See: https://mariadb.com/docs/server/ha-and-performance/standard-replication/replication-and-binary-log-system-variables#server_id
semiSyncEnabled boolean SemiSyncEnabled determines whether semi-synchronous replication is enabled.
Semi-synchronous replication requires that at least one replica should have sent an ACK to the primary node
before committing the transaction back to the client.
See: https://mariadb.com/docs/server/ha-and-performance/standard-replication/semisynchronous-replication
It is enabled by default
semiSyncAckTimeout Duration SemiSyncAckTimeout for the replica to acknowledge transactions to the primary.
It requires semi-synchronous replication to be enabled.
See: https://mariadb.com/docs/server/ha-and-performance/standard-replication/semisynchronous-replication#rpl_semi_sync_master_timeout
semiSyncWaitPoint WaitPoint SemiSyncWaitPoint determines whether the transaction should wait for an ACK after having synced the binlog (AfterSync)
or after having committed to the storage engine (AfterCommit, the default).
It requires semi-synchronous replication to be enabled.
See: https://mariadb.com/kb/en/semisynchronous-replication/#rpl_semi_sync_master_wait_point.		 Enum: [AfterSync AfterCommit]
syncBinlog integer SyncBinlog indicates after how many events the binary log is synchronized to the disk.
See: https://mariadb.com/docs/server/ha-and-performance/standard-replication/replication-and-binary-log-system-variables#sync_binlog
initContainer InitContainer InitContainer is an init container that runs in the MariaDB Pod and co-operates with mariadb-operator.
agent Agent Agent is a sidecar agent that runs in the MariaDB Pod and co-operates with mariadb-operator.
standaloneProbes boolean StandaloneProbes indicates whether to use the default non-HA startup and liveness probes.
It is disabled by default
enabled boolean Enabled is a flag to enable replication.

ReplicationSpec

ReplicationSpec is the replication desired state.

Appears in:

Field Description Default Validation
primary PrimaryReplication Primary is the replication configuration for the primary node.
replica ReplicaReplication ReplicaReplication is the replication configuration for the replica nodes.
gtidStrictMode boolean GtidStrictMode determines whether the GTID strict mode is enabled.
See: https://mariadb.com/docs/server/ha-and-performance/standard-replication/gtid#gtid_strict_mode.
It is enabled by default.
gtidDomainId integer GtidDomainID is gtid_domain_id for all of the MariaDB nodes.
It is immutable.
See: https://mariadb.com/docs/server/ha-and-performance/standard-replication/gtid#gtid_domain_id
serverIdStartIndex integer ServerIDStartIndex sets the start index of the MariaDB nodes. Each subsequent replica will increment this by 1.
It is immutable.
See: https://mariadb.com/docs/server/ha-and-performance/standard-replication/replication-and-binary-log-system-variables#server_id
semiSyncEnabled boolean SemiSyncEnabled determines whether semi-synchronous replication is enabled.
Semi-synchronous replication requires that at least one replica should have sent an ACK to the primary node
before committing the transaction back to the client.
See: https://mariadb.com/docs/server/ha-and-performance/standard-replication/semisynchronous-replication
It is enabled by default
semiSyncAckTimeout Duration SemiSyncAckTimeout for the replica to acknowledge transactions to the primary.
It requires semi-synchronous replication to be enabled.
See: https://mariadb.com/docs/server/ha-and-performance/standard-replication/semisynchronous-replication#rpl_semi_sync_master_timeout
semiSyncWaitPoint WaitPoint SemiSyncWaitPoint determines whether the transaction should wait for an ACK after having synced the binlog (AfterSync)
or after having committed to the storage engine (AfterCommit, the default).
It requires semi-synchronous replication to be enabled.
See: https://mariadb.com/kb/en/semisynchronous-replication/#rpl_semi_sync_master_wait_point.		 Enum: [AfterSync AfterCommit]
syncBinlog integer SyncBinlog indicates after how many events the binary log is synchronized to the disk.
See: https://mariadb.com/docs/server/ha-and-performance/standard-replication/replication-and-binary-log-system-variables#sync_binlog
initContainer InitContainer InitContainer is an init container that runs in the MariaDB Pod and co-operates with mariadb-operator.
agent Agent Agent is a sidecar agent that runs in the MariaDB Pod and co-operates with mariadb-operator.
standaloneProbes boolean StandaloneProbes indicates whether to use the default non-HA startup and liveness probes.
It is disabled by default

ResourceRequirements

Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.36/#resourcerequirements-v1-core.

Appears in:

Restore

Restore is the Schema for the restores API. It is used to define restore jobs and its restoration source.

Field Description Default Validation
apiVersion string k8s.mariadb.com/v1alpha1
kind string Restore
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec RestoreSpec

RestoreSource

RestoreSource defines a source for restoring a logical backup.

Appears in:

Field Description Default Validation
backupRef LocalObjectReference BackupRef is a reference to a Backup object. It has priority over S3 and Volume.
s3 S3 S3 defines the configuration to restore backups from a S3 compatible storage. It has priority over Volume.
volume StorageVolumeSource Volume is a Kubernetes Volume object that contains a backup.
targetRecoveryTime Time TargetRecoveryTime is a RFC3339 (1970-01-01T00:00:00Z) date and time that defines the point in time recovery objective.
It is used to determine the closest restoration source in time.
stagingStorage StagingStorage StagingStorage defines the temporary storage used to keep external backups (i.e. S3) while they are being processed.
It defaults to an emptyDir volume, meaning that the backups will be temporarily stored in the node where the Restore Job is scheduled.

RestoreSpec

RestoreSpec defines the desired state of restore

Appears in:

Field Description Default Validation
args string array Args to be used in the Container.
resources ResourceRequirements Resources describes the compute resource requirements.
securityContext SecurityContext SecurityContext holds security configuration that will be applied to a container.
podMetadata Metadata PodMetadata defines extra metadata for the Pod.
imagePullSecrets LocalObjectReference array ImagePullSecrets is the list of pull Secrets to be used to pull the image.
podSecurityContext PodSecurityContext SecurityContext holds pod-level security attributes and common container settings.
serviceAccountName string ServiceAccountName is the name of the ServiceAccount to be used by the Pods.
affinity AffinityConfig Affinity to be used in the Pod.
nodeSelector object (keys:string, values:string) NodeSelector to be used in the Pod.
tolerations Toleration array Tolerations to be used in the Pod.
priorityClassName string PriorityClassName to be used in the Pod.
backupRef LocalObjectReference BackupRef is a reference to a Backup object. It has priority over S3 and Volume.
s3 S3 S3 defines the configuration to restore backups from a S3 compatible storage. It has priority over Volume.
volume StorageVolumeSource Volume is a Kubernetes Volume object that contains a backup.
targetRecoveryTime Time TargetRecoveryTime is a RFC3339 (1970-01-01T00:00:00Z) date and time that defines the point in time recovery objective.
It is used to determine the closest restoration source in time.
stagingStorage StagingStorage StagingStorage defines the temporary storage used to keep external backups (i.e. S3) while they are being processed.
It defaults to an emptyDir volume, meaning that the backups will be temporarily stored in the node where the Restore Job is scheduled.
mariaDbRef MariaDBRef MariaDBRef is a reference to a MariaDB object. Required: {}
database string Database defines the logical database to be restored. If not provided, all databases available in the backup are restored.
IMPORTANT: The database must previously exist.
logLevel string LogLevel to be used n the Backup Job. It defaults to 'info'. info Enum: [debug info warn error dpanic panic fatal]
backoffLimit integer BackoffLimit defines the maximum number of attempts to successfully perform a Backup. 5
restartPolicy RestartPolicy RestartPolicy to be added to the Backup Job. OnFailure Enum: [Always OnFailure Never]
inheritMetadata Metadata InheritMetadata defines the metadata to be inherited by children resources.

S3

Appears in:

Field Description Default Validation
bucket string Bucket is the name Name of the bucket to store backups. Required: {}
endpoint string Endpoint is the S3 API endpoint without scheme. Required: {}
region string Region is the S3 region name to use.
prefix string Prefix indicates a folder/subfolder in the bucket. For example: mariadb/ or mariadb/backups. A trailing slash '/' is added if not provided.
accessKeyIdSecretKeyRef SecretKeySelector AccessKeyIdSecretKeyRef is a reference to a Secret key containing the S3 access key id.
secretAccessKeySecretKeyRef SecretKeySelector AccessKeyIdSecretKeyRef is a reference to a Secret key containing the S3 secret key.
sessionTokenSecretKeyRef SecretKeySelector SessionTokenSecretKeyRef is a reference to a Secret key containing the S3 session token.
tls TLSConfig TLS provides the configuration required to establish TLS connections with S3.
ssec SSECConfig SSEC is a reference to a Secret containing the SSE-C (Server-Side Encryption with Customer-Provided Keys) key.
The secret must contain a 32-byte key (256 bits) in the specified key.
This enables server-side encryption where you provide and manage the encryption key.

SQLTemplate

SQLTemplate defines a template to customize SQL objects.

Appears in:

Field Description Default Validation
requeueInterval Duration RequeueInterval is used to perform requeue reconciliations.
retryInterval Duration RetryInterval is the interval used to perform retries.
cleanupPolicy CleanupPolicy CleanupPolicy defines the behavior for cleaning up a SQL resource. Enum: [Skip Delete]

SSECConfig

SSECConfig defines the configuration for SSE-C (Server-Side Encryption with Customer-Provided Keys).

Appears in:

Field Description Default Validation
customerKeySecretKeyRef SecretKeySelector CustomerKeySecretKeyRef is a reference to a Secret key containing the SSE-C customer-provided encryption key.
The key must be a 32-byte (256-bit) key encoded in base64.		 Required: {}

SST

Underlying type: string

SST is the Snapshot State Transfer used when new Pods join the cluster. More info: https://galeracluster.com/library/documentation/sst.html.

Appears in:

Field Description
rsync SSTRsync is an SST based on rsync.
mariabackup SSTMariaBackup is an SST based on mariabackup. It is the recommended SST.
mysqldump SSTMysqldump is an SST based on mysqldump.

Schedule

Schedule contains parameters to define a schedule

Appears in:

Field Description Default Validation
cron string Cron is a cron expression that defines the schedule. Required: {}
suspend boolean Suspend defines whether the schedule is active or not. false

SecretKeySelector

Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.36/#secretkeyselector-v1-core.

Appears in:

Field Description Default Validation
name string
key string

SecretTemplate

SecretTemplate defines a template to customize Secret objects.

Appears in:

Field Description Default Validation
metadata Metadata Refer to Kubernetes API documentation for fields of metadata.
key string Key to be used in the Secret.
format string Format to be used in the Secret.
usernameKey string UsernameKey to be used in the Secret.
passwordKey string PasswordKey to be used in the Secret.
hostKey string HostKey to be used in the Secret.
portKey string PortKey to be used in the Secret.
databaseKey string DatabaseKey to be used in the Secret.

SecretVolumeSource

Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.36/#secretvolumesource-v1-core.

Appears in:

Field Description Default Validation
secretName string
defaultMode integer

SecurityContext

Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.36/#securitycontext-v1-core.

Appears in:

Field Description Default Validation
capabilities Capabilities
privileged boolean
runAsUser integer
runAsGroup integer
runAsNonRoot boolean
readOnlyRootFilesystem boolean
allowPrivilegeEscalation boolean

ServiceMonitor

ServiceMonitor defines a prometheus ServiceMonitor object.

Appears in:

Field Description Default Validation
prometheusRelease string PrometheusRelease is the release label to add to the ServiceMonitor object.
jobLabel string JobLabel to add to the ServiceMonitor object.
interval string Interval for scraping metrics.
scrapeTimeout string ScrapeTimeout defines the timeout for scraping metrics.

ServicePort

Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.36/#serviceport-v1-core

Appears in:

Field Description Default Validation
name string
port integer

ServiceRouter

Underlying type: string

ServiceRouter defines the type of service router.

Appears in:

Field Description
readwritesplit ServiceRouterReadWriteSplit splits the load based on the queries. Write queries are performed on master and read queries on the replicas.
readconnroute ServiceRouterReadConnRoute splits the load based on the connections. Each connection is assigned to a server.

ServiceTemplate

ServiceTemplate defines a template to customize Service objects.

Appears in:

Field Description Default Validation
type ServiceType Type is the Service type. One of ClusterIP, NodePort or LoadBalancer. If not defined, it defaults to ClusterIP. ClusterIP Enum: [ClusterIP NodePort LoadBalancer]
metadata Metadata Refer to Kubernetes API documentation for fields of metadata.
loadBalancerIP string LoadBalancerIP Service field.
loadBalancerSourceRanges string array LoadBalancerSourceRanges Service field.
externalTrafficPolicy ServiceExternalTrafficPolicy ExternalTrafficPolicy Service field.
sessionAffinity ServiceAffinity SessionAffinity Service field.
allocateLoadBalancerNodePorts boolean AllocateLoadBalancerNodePorts Service field.
loadBalancerClass string LoadBalancerClass Service field.

SleepAction

Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.36/#sleepaction-v1-core

Appears in:

Field Description Default Validation
seconds integer

SqlJob

SqlJob is the Schema for the sqljobs API. It is used to run sql scripts as jobs.

Field Description Default Validation
apiVersion string k8s.mariadb.com/v1alpha1
kind string SqlJob
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec SqlJobSpec

SqlJobSpec

SqlJobSpec defines the desired state of SqlJob

Appears in:

Field Description Default Validation
args string array Args to be used in the Container.
resources ResourceRequirements Resources describes the compute resource requirements.
securityContext SecurityContext SecurityContext holds security configuration that will be applied to a container.
podMetadata Metadata PodMetadata defines extra metadata for the Pod.
imagePullSecrets LocalObjectReference array ImagePullSecrets is the list of pull Secrets to be used to pull the image.
podSecurityContext PodSecurityContext SecurityContext holds pod-level security attributes and common container settings.
serviceAccountName string ServiceAccountName is the name of the ServiceAccount to be used by the Pods.
affinity AffinityConfig Affinity to be used in the Pod.
nodeSelector object (keys:string, values:string) NodeSelector to be used in the Pod.
tolerations Toleration array Tolerations to be used in the Pod.
priorityClassName string PriorityClassName to be used in the Pod.
successfulJobsHistoryLimit integer SuccessfulJobsHistoryLimit defines the maximum number of successful Jobs to be displayed. Minimum: 0
failedJobsHistoryLimit integer FailedJobsHistoryLimit defines the maximum number of failed Jobs to be displayed. Minimum: 0
timeZone string TimeZone defines the timezone associated with the cron expression.
mariaDbRef MariaDBRef MariaDBRef is a reference to a MariaDB object. Required: {}
schedule Schedule Schedule defines when the SqlJob will be executed.
username string Username to be impersonated when executing the SqlJob. Required: {}
passwordSecretKeyRef SecretKeySelector UserPasswordSecretKeyRef is a reference to the impersonated user's password to be used when executing the SqlJob. Required: {}
tlsCASecretRef LocalObjectReference TLSCACertSecretRef is a reference toa CA Secret used to establish trust when executing the SqlJob.
If not provided, the CA bundle provided by the referred MariaDB is used.
tlsClientCertSecretRef LocalObjectReference TLSClientCertSecretRef is a reference to a Kubernetes TLS Secret used as authentication when executing the SqlJob.
If not provided, the client certificate provided by the referred MariaDB is used.
database string Username to be used when executing the SqlJob.
dependsOn LocalObjectReference array DependsOn defines dependencies with other SqlJob objectecs.
sql string Sql is the script to be executed by the SqlJob.
sqlConfigMapKeyRef ConfigMapKeySelector SqlConfigMapKeyRef is a reference to a ConfigMap containing the Sql script.
It is defaulted to a ConfigMap with the contents of the Sql field.
backoffLimit integer BackoffLimit defines the maximum number of attempts to successfully execute a SqlJob. 5
restartPolicy RestartPolicy RestartPolicy to be added to the SqlJob Pod. OnFailure Enum: [Always OnFailure Never]
inheritMetadata Metadata InheritMetadata defines the metadata to be inherited by children resources.

StagingStorage

StagingStorage defines the temporary storage used to keep external backups (i.e. S3) while they are being processed.

Appears in:

Field Description Default Validation
persistentVolumeClaim PersistentVolumeClaimSpec PersistentVolumeClaim is a Kubernetes PVC specification.
volume StorageVolumeSource Volume is a Kubernetes volume specification.

StatefulSetPersistentVolumeClaimRetentionPolicy

StatefulSetPersistentVolumeClaimRetentionPolicy describes the lifecycle of PVCs created from volumeClaimTemplates. Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.36/#statefulsetpersistentvolumeclaimretentionpolicy-v1-apps.

Appears in:

Field Description Default Validation
whenDeleted PersistentVolumeClaimRetentionPolicyType
whenScaled PersistentVolumeClaimRetentionPolicyType

Storage

Storage defines the storage options to be used for provisioning the PVCs mounted by MariaDB.

Appears in:

Field Description Default Validation
ephemeral boolean Ephemeral indicates whether to use ephemeral storage in the PVCs. It is only compatible with non HA MariaDBs.
size Quantity Size of the PVCs to be mounted by MariaDB. Required if not provided in 'VolumeClaimTemplate'. It supersedes the storage size specified in 'VolumeClaimTemplate'.
storageClassName string StorageClassName to be used to provision the PVCS. It supersedes the 'StorageClassName' specified in 'VolumeClaimTemplate'.
If not provided, the default 'StorageClass' configured in the cluster is used.
resizeInUseVolumes boolean ResizeInUseVolumes indicates whether the PVCs can be resized. The 'StorageClassName' used should have 'allowVolumeExpansion' set to 'true' to allow resizing.
It defaults to true.
waitForVolumeResize boolean WaitForVolumeResize indicates whether to wait for the PVCs to be resized before marking the MariaDB object as ready. This will block other operations such as cluster recovery while the resize is in progress.
It defaults to true.
volumeClaimTemplate VolumeClaimTemplate VolumeClaimTemplate provides a template to define the PVCs.
pvcRetentionPolicy StatefulSetPersistentVolumeClaimRetentionPolicy PersistentVolumeClaimRetentionPolicy describes the lifecycle of PVCs created from volumeClaimTemplates.
By default, all persistent volume claims are created as needed and retained until manually deleted.
This policy allows the lifecycle to be altered, for example by deleting PVCs when their statefulset is deleted,
or when their pod is scaled down.

StorageVolumeSource

Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.36/#volume-v1-core.

Appears in:

Field Description Default Validation
emptyDir EmptyDirVolumeSource
nfs NFSVolumeSource
csi CSIVolumeSource
hostPath HostPathVolumeSource
persistentVolumeClaim PersistentVolumeClaimVolumeSource

SuspendTemplate

SuspendTemplate indicates whether the current resource should be suspended or not.

Appears in:

Field Description Default Validation
suspend boolean Suspend indicates whether the current resource should be suspended or not.
This can be useful for maintenance, as disabling the reconciliation prevents the operator from interfering with user operations during maintenance activities.		 false

TCPSocketAction

Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.36/#tcpsocketaction-v1-core.

Appears in:

Field Description Default Validation
port IntOrString
host string

TLS

TLS defines the PKI to be used with MariaDB.

Appears in:

Field Description Default Validation
enabled boolean Enabled indicates whether TLS is enabled, determining if certificates should be issued and mounted to the MariaDB instance.
It is enabled by default.
required boolean Required specifies whether TLS must be enforced for all connections.
User TLS requirements take precedence over this.
It disabled by default.
serverCASecretRef LocalObjectReference ServerCASecretRef is a reference to a Secret containing the server certificate authority keypair. It is used to establish trust and issue server certificates.
One of:
- Secret containing both the 'ca.crt' and 'ca.key' keys. This allows you to bring your own CA to Kubernetes to issue certificates.
- Secret containing only the 'ca.crt' in order to establish trust. In this case, either serverCertSecretRef or serverCertIssuerRef must be provided.
If not provided, a self-signed CA will be provisioned to issue the server certificate.
serverCertSecretRef LocalObjectReference ServerCertSecretRef is a reference to a TLS Secret containing the server certificate.
It is mutually exclusive with serverCertIssuerRef.
serverCertIssuerRef IssuerReference ServerCertIssuerRef is a reference to a cert-manager issuer object used to issue the server certificate. cert-manager must be installed previously in the cluster.
It is mutually exclusive with serverCertSecretRef.
By default, the Secret field 'ca.crt' provisioned by cert-manager will be added to the trust chain. A custom trust bundle may be specified via serverCASecretRef.
clientCASecretRef LocalObjectReference ClientCASecretRef is a reference to a Secret containing the client certificate authority keypair. It is used to establish trust and issue client certificates.
One of:
- Secret containing both the 'ca.crt' and 'ca.key' keys. This allows you to bring your own CA to Kubernetes to issue certificates.
- Secret containing only the 'ca.crt' in order to establish trust. In this case, either clientCertSecretRef or clientCertIssuerRef fields must be provided.
If not provided, a self-signed CA will be provisioned to issue the client certificate.
clientCertSecretRef LocalObjectReference ClientCertSecretRef is a reference to a TLS Secret containing the client certificate.
It is mutually exclusive with clientCertIssuerRef.
clientCertIssuerRef IssuerReference ClientCertIssuerRef is a reference to a cert-manager issuer object used to issue the client certificate. cert-manager must be installed previously in the cluster.
It is mutually exclusive with clientCertSecretRef.
By default, the Secret field 'ca.crt' provisioned by cert-manager will be added to the trust chain. A custom trust bundle may be specified via clientCASecretRef.
galeraSSTEnabled boolean GaleraSSTEnabled determines whether Galera SST connections should use TLS.
It disabled by default.
serverCertAdditionalNames string array ServerCertAdditionalNames is a list of additional certificate common names

TLSConfig

Appears in:

Field Description Default Validation
enabled boolean Enabled is a flag to enable TLS.
caSecretKeyRef SecretKeySelector CASecretKeyRef is a reference to a Secret key containing a CA bundle in PEM format used to establish TLS connections with S3.
By default, the system trust chain will be used, but you can use this field to add more CAs to the bundle.

TLSRequirements

TLSRequirements specifies TLS requirements for the user to connect. See: https://mariadb.com/kb/en/securing-connections-for-client-and-server/#requiring-tls.

Appears in:

Field Description Default Validation
ssl boolean SSL indicates that the user must connect via TLS.
x509 boolean X509 indicates that the user must provide a valid x509 certificate to connect.
issuer string Issuer indicates that the TLS certificate provided by the user must be issued by a specific issuer.
subject string Subject indicates that the TLS certificate provided by the user must have a specific subject.

TopologySpreadConstraint

Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.36/#topologyspreadconstraint-v1-core.

Appears in:

Field Description Default Validation
maxSkew integer
topologyKey string
whenUnsatisfiable UnsatisfiableConstraintAction
labelSelector LabelSelector
minDomains integer
nodeAffinityPolicy NodeInclusionPolicy
nodeTaintsPolicy NodeInclusionPolicy
matchLabelKeys string array

TypedLocalObjectReference

TypedLocalObjectReference is a reference to a specific object type.

Appears in:

Field Description Default Validation
name string Name of the referent.
kind string Kind of the referent.

UpdateStrategy

UpdateStrategy defines how a MariaDB resource is updated.

Appears in:

Field Description Default Validation
type UpdateType Type defines the type of updates. One of ReplicasFirstPrimaryLast, RollingUpdate or OnDelete. If not defined, it defaults to ReplicasFirstPrimaryLast. ReplicasFirstPrimaryLast Enum: [ReplicasFirstPrimaryLast RollingUpdate OnDelete Never]
rollingUpdate RollingUpdateStatefulSetStrategy RollingUpdate defines parameters for the RollingUpdate type.
autoUpdateDataPlane boolean AutoUpdateDataPlane indicates whether the Galera data-plane version (agent and init containers) should be automatically updated based on the operator version. It defaults to false.
Updating the operator will trigger updates on all the MariaDB instances that have this flag set to true. Thus, it is recommended to progressively set this flag after having updated the operator.

UpdateType

Underlying type: string

UpdateType defines the type of update for a MariaDB resource.

Appears in:

Field Description
ReplicasFirstPrimaryLast ReplicasFirstPrimaryLastUpdateType indicates that the update will be applied to all replica Pods first and later on to the primary Pod.
The updates are applied one by one waiting until each Pod passes the readiness probe
i.e. the Pod gets synced and it is ready to receive traffic.
RollingUpdate RollingUpdateUpdateType indicates that the update will be applied by the StatefulSet controller using the RollingUpdate strategy.
This strategy is unaware of the roles that the Pod have (primary or replica) and it will
perform the update following the StatefulSet ordinal, from higher to lower.
OnDelete OnDeleteUpdateType indicates that the update will be applied by the StatefulSet controller using the OnDelete strategy.
The update will be done when the Pods get manually deleted by the user.
Never NeverUpdateType indicates that the StatefulSet will never be updated.
This can be used to roll out updates progressively to a fleet of instances.

User

User is the Schema for the users API. It is used to define grants as if you were running a 'CREATE USER' statement.

Field Description Default Validation
apiVersion string k8s.mariadb.com/v1alpha1
kind string User
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec UserSpec

UserSpec

UserSpec defines the desired state of User

Appears in:

Field Description Default Validation
requeueInterval Duration RequeueInterval is used to perform requeue reconciliations.
retryInterval Duration RetryInterval is the interval used to perform retries.
cleanupPolicy CleanupPolicy CleanupPolicy defines the behavior for cleaning up a SQL resource. Enum: [Skip Delete]
mariaDbRef MariaDBRef MariaDBRef is a reference to a MariaDB object. Required: {}
passwordSecretKeyRef SecretKeySelector PasswordSecretKeyRef is a reference to the password to be used by the User.
If not provided, the account will be locked and the password will expire.
If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password.
passwordHashSecretKeyRef SecretKeySelector PasswordHashSecretKeyRef is a reference to the password hash to be used by the User.
If the referred Secret is labeled with "k8s.mariadb.com/watch", updates may be performed to the Secret in order to update the password hash.
passwordPlugin PasswordPlugin PasswordPlugin is a reference to the password plugin and arguments to be used by the User.
require TLSRequirements Require specifies TLS requirements for the user to connect. See: https://mariadb.com/kb/en/securing-connections-for-client-and-server/#requiring-tls.
maxUserConnections integer MaxUserConnections defines the maximum number of simultaneous connections that the User can establish. 10
name string Name overrides the default name provided by metadata.name. MaxLength: 80
host string Host related to the User. MaxLength: 255

VolumeClaimTemplate

VolumeClaimTemplate defines a template to customize PVC objects.

Appears in:

Field Description Default Validation
accessModes PersistentVolumeAccessMode array
selector LabelSelector
resources VolumeResourceRequirements
storageClassName string
metadata Metadata Refer to Kubernetes API documentation for fields of metadata.

VolumeMount

Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.36/#volumemount-v1-core.

Appears in:

Field Description Default Validation
name string This must match the Name of a Volume.
readOnly boolean
mountPath string
subPath string

VolumeSource

Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.36/#volume-v1-core.

Appears in:

Field Description Default Validation
emptyDir EmptyDirVolumeSource
nfs NFSVolumeSource
csi CSIVolumeSource
hostPath HostPathVolumeSource
persistentVolumeClaim PersistentVolumeClaimVolumeSource
secret SecretVolumeSource
configMap ConfigMapVolumeSource

WaitPoint

Underlying type: string

WaitPoint defines whether the transaction should wait for ACK before committing to the storage engine. More info: https://mariadb.com/kb/en/semisynchronous-replication/#rpl_semi_sync_master_wait_point.

Appears in:

Field Description
AfterSync WaitPointAfterSync indicates that the primary waits for the replica ACK before committing the transaction to the storage engine.
It trades off performance for consistency.
AfterCommit WaitPointAfterCommit indicates that the primary commits the transaction to the storage engine and waits for the replica ACK afterwards.
It trades off consistency for performance.

WeightedPodAffinityTerm

Refer to the Kubernetes docs: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.36/#weightedpodaffinityterm-v1-core.

Appears in:

Field Description Default Validation
weight integer
podAffinityTerm PodAffinityTerm