API Reference

Packages

enterprise.mariadb.com/v1alpha1

Package v1alpha1 contains API Schema definitions for the v1alpha1 API group

Resource Types

Affinity

Refer to the Kubernetes docs: #affinity-v1-core.

Appears in:

Field
Description
Default
Validation

podAntiAffinity PodAntiAffinity

nodeAffinity NodeAffinity

AffinityConfig

AffinityConfig defines policies to schedule Pods in Nodes.

Appears in:

Field
Description
Default
Validation

podAntiAffinity PodAntiAffinity

nodeAffinity NodeAffinity

antiAffinityEnabled boolean

AntiAffinityEnabled configures PodAntiAffinity so each Pod is scheduled in a different Node, enabling HA.Make sure you have at least as many Nodes available as the replicas to not end up with unscheduled Pods.

Backup

Backup is the Schema for the backups API. It is used to define backup jobs and its storage.

Field
Description
Default
Validation

apiVersion string

enterprise.mariadb.com/v1alpha1

kind string

Backup

metadata ObjectMeta

Refer to Kubernetes API documentation for fields of metadata.

BackupSpec

BackupSpec defines the desired state of Backup

Appears in:

Field
Description
Default
Validation

args string array

Args to be used in the Container.

Resouces describes the compute resource requirements.

securityContext SecurityContext

SecurityContext holds security configuration that will be applied to a container.

podMetadata Metadata

PodMetadata defines extra metadata for the Pod.

imagePullSecrets LocalObjectReference array

ImagePullSecrets is the list of pull Secrets to be used to pull the image.

podSecurityContext PodSecurityContext

SecurityContext holds pod-level security attributes and common container settings.

serviceAccountName string

ServiceAccountName is the name of the ServiceAccount to be used by the Pods.

Affinity to be used in the Pod.

nodeSelector object (keys:string, values:string)

NodeSelector to be used in the Pod.

tolerations Toleration array

Tolerations to be used in the Pod.

priorityClassName string

PriorityClassName to be used in the Pod.

successfulJobsHistoryLimit integer

SuccessfulJobsHistoryLimit defines the maximum number of successful Jobs to be displayed.

Minimum: 0

failedJobsHistoryLimit integer

FailedJobsHistoryLimit defines the maximum number of failed Jobs to be displayed.

Minimum: 0

timeZone string

TimeZone defines the timezone associated with the cron expression.

mariaDbRef MariaDBRef

MariaDBRef is a reference to a MariaDB object.

Required: {}

compression CompressAlgorithm

Compression algorithm to be used in the Backup.

Enum: [none bzip2 gzip]

stagingStorage BackupStagingStorage

StagingStorage defines the temporary storage used to keep external backups (i.e. S3) while they are being processed.It defaults to an emptyDir volume, meaning that the backups will be temporarily stored in the node where the Backup Job is scheduled.The staging area gets cleaned up after each backup is completed, consider this for sizing it appropriately.

Storage defines the final storage for backups.

Required: {}

schedule Schedule

Schedule defines when the Backup will be taken.

maxRetention Duration

MaxRetention defines the retention policy for backups. Old backups will be cleaned up by the Backup Job.It defaults to 30 days.

databases string array

Databases defines the logical databases to be backed up. If not provided, all databases are backed up.

ignoreGlobalPriv boolean

IgnoreGlobalPriv indicates to ignore the mysql.global_priv in backups.If not provided, it will default to true when the referred MariaDB instance has Galera enabled and otherwise to false.

logLevel string

LogLevel to be used n the Backup Job. It defaults to 'info'.

info

backoffLimit integer

BackoffLimit defines the maximum number of attempts to successfully take a Backup.

restartPolicy RestartPolicy

RestartPolicy to be added to the Backup Pod.

OnFailure

Enum: [Always OnFailure Never]

inheritMetadata Metadata

InheritMetadata defines the metadata to be inherited by children resources.

BackupStagingStorage

BackupStagingStorage defines the temporary storage used to keep external backups (i.e. S3) while they are being processed.

Appears in:

Field
Description
Default
Validation

persistentVolumeClaim PersistentVolumeClaimSpec

PersistentVolumeClaim is a Kubernetes PVC specification.

Volume is a Kubernetes volume specification.

BackupStorage

BackupStorage defines the final storage for backups.

Appears in:

Field
Description
Default
Validation

s3 S3

S3 defines the configuration to store backups in a S3 compatible storage.

persistentVolumeClaim PersistentVolumeClaimSpec

PersistentVolumeClaim is a Kubernetes PVC specification.

Volume is a Kubernetes volume specification.

BasicAuth

KubernetesAuth refers to the basic authentication mechanism utilized for establishing a connection from the operator to the agent.

Appears in:

Field
Description
Default
Validation

enabled boolean

Enabled is a flag to enable BasicAuth

username string

Username to be used for basic authentication

passwordSecretKeyRef GeneratedSecretKeyRef

PasswordSecretKeyRef to be used for basic authentication

BootstrapFrom

BootstrapFrom defines a source to bootstrap MariaDB from.

Appears in:

Field
Description
Default
Validation

BackupRef is a reference to a Backup object. It has priority over S3 and Volume.

s3 S3

S3 defines the configuration to restore backups from a S3 compatible storage. It has priority over Volume.

Volume is a Kubernetes Volume object that contains a backup.

targetRecoveryTime Time

TargetRecoveryTime is a RFC3339 (1970-01-01T00:00:00Z) date and time that defines the point in time recovery objective.It is used to determine the closest restoration source in time.

stagingStorage BackupStagingStorage

StagingStorage defines the temporary storage used to keep external backups (i.e. S3) while they are being processed.It defaults to an emptyDir volume, meaning that the backups will be temporarily stored in the node where the Restore Job is scheduled.

restoreJob Job

RestoreJob defines additional properties for the Job used to perform the Restore.

CSIVolumeSource

Refer to the Kubernetes docs: #csivolumesource-v1-core.

Appears in:

Field
Description
Default
Validation

driver string

readOnly boolean

fsType string

volumeAttributes object (keys:string, values:string)

nodePublishSecretRef LocalObjectReference

CleanupPolicy

Underlying type: string

CleanupPolicy defines the behavior for cleaning up a resource.

Appears in:

Field
Description

Skip

CleanupPolicySkip indicates that the resource will NOT be deleted from the database after the CR is deleted.

Delete

CleanupPolicyDelete indicates that the resource will be deleted from the database after the CR is deleted.

CompressAlgorithm

Underlying type: string

CompressAlgorithm defines the compression algorithm for a Backup resource.

Appears in:

Field
Description

none

No compression

bzip2

Bzip2 compression. Good compression ratio, but slower compression/decompression speed compared to gzip.

gzip

Gzip compression. Good compression/decompression speed, but worse compression ratio compared to bzip2.

ConfigMapKeySelector

Refer to the Kubernetes docs: #configmapkeyselector-v1-core.

Appears in:

Field
Description
Default
Validation

name string

key string

ConfigMapVolumeSource

Refer to the Kubernetes docs: #configmapvolumesource-v1-core.

Appears in:

Field
Description
Default
Validation

name string

defaultMode integer

Connection

Connection is the Schema for the connections API. It is used to configure connection strings for the applications connecting to MariaDB.

Field
Description
Default
Validation

apiVersion string

enterprise.mariadb.com/v1alpha1

kind string

Connection

metadata ObjectMeta

Refer to Kubernetes API documentation for fields of metadata.

ConnectionSpec

ConnectionSpec defines the desired state of Connection

Appears in:

Field
Description
Default
Validation

secretName string

SecretName to be used in the Connection.

secretTemplate SecretTemplate

SecretTemplate to be used in the Connection.

healthCheck HealthCheck

HealthCheck to be used in the Connection.

params object (keys:string, values:string)

Params to be used in the Connection.

serviceName string

ServiceName to be used in the Connection.

port integer

Port to connect to. If not provided, it defaults to the MariaDB port or to the first MaxScale listener.

mariaDbRef MariaDBRef

MariaDBRef is a reference to the MariaDB to connect to. Either MariaDBRef or MaxScaleRef must be provided.

maxScaleRef ObjectReference

MaxScaleRef is a reference to the MaxScale to connect to. Either MariaDBRef or MaxScaleRef must be provided.

username string

Username to use for configuring the Connection.

Required: {}

passwordSecretKeyRef SecretKeySelector

PasswordSecretKeyRef is a reference to the password to use for configuring the Connection.Either passwordSecretKeyRef or tlsClientCertSecretRef must be provided as client credentials.If the referred Secret is labeled with "enterprise.mariadb.com/watch", updates may be performed to the Secret in order to update the password.

tlsClientCertSecretRef LocalObjectReference

TLSClientCertSecretRef is a reference to a Kubernetes TLS Secret used as authentication when checking the connection health.Either passwordSecretKeyRef or tlsClientCertSecretRef must be provided as client credentials.If not provided, the client certificate provided by the referred MariaDB is used if TLS is enabled.If the referred Secret is labeled with "enterprise.mariadb.com/watch", updates may be performed to the Secret in order to update the client certificate.

host string

Host to connect to. If not provided, it defaults to the MariaDB host or to the MaxScale host.

database string

Database to use when configuring the Connection.

ConnectionTemplate

ConnectionTemplate defines a template to customize Connection objects.

Appears in:

Field
Description
Default
Validation

secretName string

SecretName to be used in the Connection.

secretTemplate SecretTemplate

SecretTemplate to be used in the Connection.

healthCheck HealthCheck

HealthCheck to be used in the Connection.

params object (keys:string, values:string)

Params to be used in the Connection.

serviceName string

ServiceName to be used in the Connection.

port integer

Port to connect to. If not provided, it defaults to the MariaDB port or to the first MaxScale listener.

Container

Container object definition.

Appears in:

Field
Description
Default
Validation

name string

Name to be given to the container.

image string

Image name to be used by the container. The supported format is :.

Required: {}

imagePullPolicy PullPolicy

ImagePullPolicy is the image pull policy. One of Always, Never or IfNotPresent. If not defined, it defaults to IfNotPresent.

Enum: [Always Never IfNotPresent]

command string array

Command to be used in the Container.

args string array

Args to be used in the Container.

env EnvVar array

Env represents the environment variables to be injected in a container.

volumeMounts VolumeMount array

VolumeMounts to be used in the Container.

Resouces describes the compute resource requirements.

ContainerTemplate

ContainerTemplate defines a template to configure Container objects.

Appears in:

Field
Description
Default
Validation

command string array

Command to be used in the Container.

args string array

Args to be used in the Container.

env EnvVar array

Env represents the environment variables to be injected in a container.

envFrom EnvFromSource array

EnvFrom represents the references (via ConfigMap and Secrets) to environment variables to be injected in the container.

volumeMounts VolumeMount array

VolumeMounts to be used in the Container.

livenessProbe Probe

LivenessProbe to be used in the Container.

readinessProbe Probe

ReadinessProbe to be used in the Container.

startupProbe Probe

StartupProbe to be used in the Container.

Resouces describes the compute resource requirements.

securityContext SecurityContext

SecurityContext holds security configuration that will be applied to a container.

CooperativeMonitoring

Underlying type: string

CooperativeMonitoring enables coordination between multiple MaxScale instances running monitors. See:

Appears in:

Field
Description

majority_of_all

CooperativeMonitoringMajorityOfAll requires a lock from the majority of the MariaDB servers, even the ones that are down.

majority_of_running

CooperativeMonitoringMajorityOfRunning requires a lock from the majority of the MariaDB servers.

CronJobTemplate

CronJobTemplate defines parameters for configuring CronJob objects.

Appears in:

Field
Description
Default
Validation

successfulJobsHistoryLimit integer

SuccessfulJobsHistoryLimit defines the maximum number of successful Jobs to be displayed.

Minimum: 0

failedJobsHistoryLimit integer

FailedJobsHistoryLimit defines the maximum number of failed Jobs to be displayed.

Minimum: 0

timeZone string

TimeZone defines the timezone associated with the cron expression.

Database

Database is the Schema for the databases API. It is used to define a logical database as if you were running a 'CREATE DATABASE' statement.

Field
Description
Default
Validation

apiVersion string

enterprise.mariadb.com/v1alpha1

kind string

Database

metadata ObjectMeta

Refer to Kubernetes API documentation for fields of metadata.

DatabaseSpec

DatabaseSpec defines the desired state of Database

Appears in:

Field
Description
Default
Validation

requeueInterval Duration

RequeueInterval is used to perform requeue reconciliations.

retryInterval Duration

RetryInterval is the interval used to perform retries.

cleanupPolicy CleanupPolicy

CleanupPolicy defines the behavior for cleaning up a SQL resource.

Enum: [Skip Delete]

mariaDbRef MariaDBRef

MariaDBRef is a reference to a MariaDB object.

Required: {}

characterSet string

CharacterSet to use in the Database.

utf8

collate string

Collate to use in the Database.

utf8_general_ci

name string

Name overrides the default Database name provided by metadata.name.

MaxLength: 80

EmptyDirVolumeSource

Refer to the Kubernetes docs: #emptydirvolumesource-v1-core.

Appears in:

Field
Description
Default
Validation

sizeLimit Quantity

EnvFromSource

Refer to the Kubernetes docs: #envfromsource-v1-core.

Appears in:

Field
Description
Default
Validation

prefix string

EnvVar

Refer to the Kubernetes docs: #envvarsource-v1-core.

Appears in:

Field
Description
Default
Validation

name string

Name of the environment variable. Must be a C_IDENTIFIER.

value string

valueFrom EnvVarSource

EnvVarSource

Refer to the Kubernetes docs: #envvarsource-v1-core.

Appears in:

Field
Description
Default
Validation

configMapKeyRef ConfigMapKeySelector

secretKeyRef SecretKeySelector

ExecAction

Refer to the Kubernetes docs: #execaction-v1-core.

Appears in:

Field
Description
Default
Validation

command string array

Exporter

Exporter defines a metrics exporter container.

Appears in:

Field
Description
Default
Validation

image string

Image name to be used as metrics exporter. The supported format is :.

imagePullPolicy PullPolicy

ImagePullPolicy is the image pull policy. One of Always, Never or IfNotPresent. If not defined, it defaults to IfNotPresent.

Enum: [Always Never IfNotPresent]

imagePullSecrets LocalObjectReference array

ImagePullSecrets is the list of pull Secrets to be used to pull the image.

args string array

Args to be used in the Container.

port integer

Port where the exporter will be listening for connections.

Resouces describes the compute resource requirements.

podMetadata Metadata

PodMetadata defines extra metadata for the Pod.

securityContext SecurityContext

SecurityContext holds container-level security attributes.

podSecurityContext PodSecurityContext

SecurityContext holds pod-level security attributes and common container settings.

Affinity to be used in the Pod.

nodeSelector object (keys:string, values:string)

NodeSelector to be used in the Pod.

tolerations Toleration array

Tolerations to be used in the Pod.

priorityClassName string

PriorityClassName to be used in the Pod.

Galera

Galera allows you to enable multi-master HA via Galera in your MariaDB cluster.

Appears in:

Field
Description
Default
Validation

Primary is the Galera configuration for the primary node.

sst SST

SST is the Snapshot State Transfer used when new Pods join the cluster.More info: sst.html.

Enum: [rsync mariadb-backup mysqldump]

availableWhenDonor boolean

AvailableWhenDonor indicates whether a donor node should be responding to queries. It defaults to false.

galeraLibPath string

GaleraLibPath is a path inside the MariaDB image to the wsrep provider plugin. It is defaulted if not provided.More info: mysql-wsrep-options.html#wsrep-provider.

replicaThreads integer

ReplicaThreads is the number of replica threads used to apply Galera write sets in parallel.More info: galera-cluster-system-variables#wsrep_slave_threads.

providerOptions object (keys:string, values:string)

ProviderOptions is map of Galera configuration parameters.More info: galera-cluster-system-variables#wsrep_provider_options.

GaleraAgent is a sidecar agent that co-operates with mariadb-enterprise-operator.

GaleraRecovery is the recovery process performed by the operator whenever the Galera cluster is not healthy.More info: crash-recovery.html.

initContainer GaleraInit

InitContainer is an init container that runs in the MariaDB Pod and co-operates with mariadb-enterprise-operator.

InitJob defines a Job that co-operates with mariadb-enterprise-operator by performing initialization tasks.

GaleraConfig defines storage options for the Galera configuration files.

clusterName string

ClusterName is the name of the cluster to be used in the Galera config file.

enabled boolean

Enabled is a flag to enable Galera.

GaleraAgent

GaleraAgent is a sidecar agent that co-operates with mariadb-enterprise-operator.

Appears in:

Field
Description
Default
Validation

command string array

Command to be used in the Container.

args string array

Args to be used in the Container.

env EnvVar array

Env represents the environment variables to be injected in a container.

envFrom EnvFromSource array

EnvFrom represents the references (via ConfigMap and Secrets) to environment variables to be injected in the container.

volumeMounts VolumeMount array

VolumeMounts to be used in the Container.

livenessProbe Probe

LivenessProbe to be used in the Container.

readinessProbe Probe

ReadinessProbe to be used in the Container.

startupProbe Probe

StartupProbe to be used in the Container.

Resouces describes the compute resource requirements.

securityContext SecurityContext

SecurityContext holds security configuration that will be applied to a container.

image string

Image name to be used by the MariaDB instances. The supported format is :.

imagePullPolicy PullPolicy

ImagePullPolicy is the image pull policy. One of Always, Never or IfNotPresent. If not defined, it defaults to IfNotPresent.

Enum: [Always Never IfNotPresent]

port integer

Port where the agent will be listening for API connections.

probePort integer

Port where the agent will be listening for probe connections.

kubernetesAuth KubernetesAuth

KubernetesAuth to be used by the agent container

basicAuth BasicAuth

BasicAuth to be used by the agent container

gracefulShutdownTimeout Duration

GracefulShutdownTimeout is the time we give to the agent container in order to gracefully terminate in-flight requests.

GaleraConfig

GaleraConfig defines storage options for the Galera configuration files.

Appears in:

Field
Description
Default
Validation

reuseStorageVolume boolean

ReuseStorageVolume indicates that storage volume used by MariaDB should be reused to store the Galera configuration files.It defaults to false, which implies that a dedicated volume for the Galera configuration files is provisioned.

volumeClaimTemplate VolumeClaimTemplate

VolumeClaimTemplate is a template for the PVC that will contain the Galera configuration files shared between the InitContainer, Agent and MariaDB.

GaleraInit

GaleraInit is an init container that runs in the MariaDB Pod and co-operates with mariadb-enterprise-operator.

Appears in:

Field
Description
Default
Validation

command string array

Command to be used in the Container.

args string array

Args to be used in the Container.

env EnvVar array

Env represents the environment variables to be injected in a container.

envFrom EnvFromSource array

EnvFrom represents the references (via ConfigMap and Secrets) to environment variables to be injected in the container.

volumeMounts VolumeMount array

VolumeMounts to be used in the Container.

livenessProbe Probe

LivenessProbe to be used in the Container.

readinessProbe Probe

ReadinessProbe to be used in the Container.

startupProbe Probe

StartupProbe to be used in the Container.

Resouces describes the compute resource requirements.

securityContext SecurityContext

SecurityContext holds security configuration that will be applied to a container.

image string

Image name to be used by the MariaDB instances. The supported format is :.

Required: {}

imagePullPolicy PullPolicy

ImagePullPolicy is the image pull policy. One of Always, Never or IfNotPresent. If not defined, it defaults to IfNotPresent.

Enum: [Always Never IfNotPresent]

GaleraInitJob

GaleraInitJob defines a Job used to be used to initialize the Galera cluster.

Appears in:

Field
Description
Default
Validation

metadata Metadata

Refer to Kubernetes API documentation for fields of metadata.

Resouces describes the compute resource requirements.

GaleraRecovery

GaleraRecovery is the recovery process performed by the operator whenever the Galera cluster is not healthy. More info: crash-recovery.html.

Appears in:

Field
Description
Default
Validation

enabled boolean

Enabled is a flag to enable GaleraRecovery.

minClusterSize IntOrString

MinClusterSize is the minimum number of replicas to consider the cluster healthy. It can be either a number of replicas (1) or a percentage (50%).If Galera consistently reports less replicas than this value for the given 'ClusterHealthyTimeout' interval, a cluster recovery is iniated.It defaults to '1' replica, and it is highly recommendeded to keep this value at '1' in most cases.If set to more than one replica, the cluster recovery process may restart the healthy replicas as well.

clusterMonitorInterval Duration

ClusterMonitorInterval represents the interval used to monitor the Galera cluster health.

clusterHealthyTimeout Duration

ClusterHealthyTimeout represents the duration at which a Galera cluster, that consistently failed health checks,is considered unhealthy, and consequently the Galera recovery process will be initiated by the operator.

clusterBootstrapTimeout Duration

ClusterBootstrapTimeout is the time limit for bootstrapping a cluster.Once this timeout is reached, the Galera recovery state is reset and a new cluster bootstrap will be attempted.

clusterUpscaleTimeout Duration

ClusterUpscaleTimeout represents the maximum duration for upscaling the cluster's StatefulSet during the recovery process.

clusterDownscaleTimeout Duration

ClusterDownscaleTimeout represents the maximum duration for downscaling the cluster's StatefulSet during the recovery process.

podRecoveryTimeout Duration

PodRecoveryTimeout is the time limit for recevorying the sequence of a Pod during the cluster recovery.

podSyncTimeout Duration

PodSyncTimeout is the time limit for a Pod to join the cluster after having performed a cluster bootstrap during the cluster recovery.

forceClusterBootstrapInPod string

ForceClusterBootstrapInPod allows you to manually initiate the bootstrap process in a specific Pod.IMPORTANT: Use this option only in exceptional circumstances. Not selecting the Pod with the highest sequence number may result in data loss.IMPORTANT: Ensure you unset this field after completing the bootstrap to allow the operator to choose the appropriate Pod to bootstrap from in an event of cluster recovery.

Job defines a Job that co-operates with mariadb-enterprise-operator by performing the Galera cluster recovery .

GaleraRecoveryJob

GaleraRecoveryJob defines a Job used to be used to recover the Galera cluster.

Appears in:

Field
Description
Default
Validation

metadata Metadata

Refer to Kubernetes API documentation for fields of metadata.

Resouces describes the compute resource requirements.

podAffinity boolean

PodAffinity indicates whether the recovery Jobs should run in the same Node as the MariaDB Pods. It defaults to true.

GaleraSpec

GaleraSpec is the Galera desired state specification.

Appears in:

Field
Description
Default
Validation

Primary is the Galera configuration for the primary node.

sst SST

SST is the Snapshot State Transfer used when new Pods join the cluster.More info: sst.html.

Enum: [rsync mariadb-backup mysqldump]

availableWhenDonor boolean

AvailableWhenDonor indicates whether a donor node should be responding to queries. It defaults to false.

galeraLibPath string

GaleraLibPath is a path inside the MariaDB image to the wsrep provider plugin. It is defaulted if not provided.More info: mysql-wsrep-options.html#wsrep-provider.

replicaThreads integer

ReplicaThreads is the number of replica threads used to apply Galera write sets in parallel.More info: galera-cluster-system-variables#wsrep_slave_threads.

providerOptions object (keys:string, values:string)

ProviderOptions is map of Galera configuration parameters.More info: galera-cluster-system-variables#wsrep_provider_options.

GaleraAgent is a sidecar agent that co-operates with mariadb-enterprise-operator.

GaleraRecovery is the recovery process performed by the operator whenever the Galera cluster is not healthy.More info: crash-recovery.html.

initContainer GaleraInit

InitContainer is an init container that runs in the MariaDB Pod and co-operates with mariadb-enterprise-operator.

InitJob defines a Job that co-operates with mariadb-enterprise-operator by performing initialization tasks.

GaleraConfig defines storage options for the Galera configuration files.

clusterName string

ClusterName is the name of the cluster to be used in the Galera config file.

GeneratedSecretKeyRef

GeneratedSecretKeyRef defines a reference to a Secret that can be automatically generated by mariadb-enterprise-operator if needed.

Appears in:

Field
Description
Default
Validation

name string

key string

generate boolean

Generate indicates whether the Secret should be generated if the Secret referenced is not present.

false

Grant

Grant is the Schema for the grants API. It is used to define grants as if you were running a 'GRANT' statement.

Field
Description
Default
Validation

apiVersion string

enterprise.mariadb.com/v1alpha1

kind string

Grant

metadata ObjectMeta

Refer to Kubernetes API documentation for fields of metadata.

GrantSpec

GrantSpec defines the desired state of Grant

Appears in:

Field
Description
Default
Validation

requeueInterval Duration

RequeueInterval is used to perform requeue reconciliations.

retryInterval Duration

RetryInterval is the interval used to perform retries.

cleanupPolicy CleanupPolicy

CleanupPolicy defines the behavior for cleaning up a SQL resource.

Enum: [Skip Delete]

mariaDbRef MariaDBRef

MariaDBRef is a reference to a MariaDB object.

Required: {}

privileges string array

Privileges to use in the Grant.

MinItems: 1 Required: {}

database string

Database to use in the Grant.

*

table string

Table to use in the Grant.

*

username string

Username to use in the Grant.

Required: {}

host string

Host to use in the Grant. It can be localhost, an IP or '%'.

grantOption boolean

GrantOption to use in the Grant.

false

HTTPGetAction

Refer to the Kubernetes docs: #httpgetaction-v1-core.

Appears in:

Field
Description
Default
Validation

path string

host string

scheme URIScheme

HealthCheck

HealthCheck defines intervals for performing health checks.

Appears in:

Field
Description
Default
Validation

interval Duration

Interval used to perform health checks.

retryInterval Duration

RetryInterval is the interval used to perform health check retries.

HostPathVolumeSource

Refer to the Kubernetes docs: #hostpathvolumesource-v1-core

Appears in:

Field
Description
Default
Validation

path string

type string

Job

Job defines a Job used to be used with MariaDB.

Appears in:

Field
Description
Default
Validation

metadata Metadata

Refer to Kubernetes API documentation for fields of metadata.

Affinity to be used in the Pod.

Resouces describes the compute resource requirements.

args string array

Args to be used in the Container.

JobContainerTemplate

JobContainerTemplate defines a template to configure Container objects that run in a Job.

Appears in:

Field
Description
Default
Validation

args string array

Args to be used in the Container.

Resouces describes the compute resource requirements.

securityContext SecurityContext

SecurityContext holds security configuration that will be applied to a container.

JobPodTemplate

JobPodTemplate defines a template to configure Container objects that run in a Job.

Appears in:

Field
Description
Default
Validation

podMetadata Metadata

PodMetadata defines extra metadata for the Pod.

imagePullSecrets LocalObjectReference array

ImagePullSecrets is the list of pull Secrets to be used to pull the image.

podSecurityContext PodSecurityContext

SecurityContext holds pod-level security attributes and common container settings.

serviceAccountName string

ServiceAccountName is the name of the ServiceAccount to be used by the Pods.

Affinity to be used in the Pod.

nodeSelector object (keys:string, values:string)

NodeSelector to be used in the Pod.

tolerations Toleration array

Tolerations to be used in the Pod.

priorityClassName string

PriorityClassName to be used in the Pod.

KubernetesAuth

KubernetesAuth refers to the Kubernetes authentication mechanism utilized for establishing a connection from the operator to the agent. The agent validates the legitimacy of the service account token provided as an Authorization header by creating a TokenReview resource.

Appears in:

Field
Description
Default
Validation

enabled boolean

Enabled is a flag to enable KubernetesAuth

authDelegatorRoleName string

AuthDelegatorRoleName is the name of the ClusterRoleBinding that is associated with the "system:auth-delegator" ClusterRole.It is necessary for creating TokenReview objects in order for the agent to validate the service account token.

LabelSelector

Underlying type: struct{MatchLabels map[string]string "json:"matchLabels,omitempty""; MatchExpressions []LabelSelectorRequirement "json:"matchExpressions,omitempty""}

Refer to the Kubernetes docs: #labelselector-v1-meta

Appears in:

LocalObjectReference

Refer to the Kubernetes docs: #localobjectreference-v1-core.

Appears in:

Field
Description
Default
Validation

name string

MariaDB

MariaDB is the Schema for the mariadbs API. It is used to define MariaDB clusters.

Field
Description
Default
Validation

apiVersion string

enterprise.mariadb.com/v1alpha1

kind string

MariaDB

metadata ObjectMeta

Refer to Kubernetes API documentation for fields of metadata.

MariaDBMaxScaleSpec

MariaDBMaxScaleSpec defines a reduced version of MaxScale to be used with the current MariaDB.

Appears in:

Field
Description
Default
Validation

enabled boolean

Enabled is a flag to enable a MaxScale instance to be used with the current MariaDB.

image string

Image name to be used by the MaxScale instances. The supported format is :.Only MariaDB official images are supported.

imagePullPolicy PullPolicy

ImagePullPolicy is the image pull policy. One of Always, Never or IfNotPresent. If not defined, it defaults to IfNotPresent.

Enum: [Always Never IfNotPresent]

services MaxScaleService array

Services define how the traffic is forwarded to the MariaDB servers.

Monitor monitors MariaDB server instances.

Admin configures the admin REST API and GUI.

Config defines the MaxScale configuration.

Auth defines the credentials required for MaxScale to connect to MariaDB.

Metrics configures metrics and how to scrape them.

TLS defines the PKI to be used with MaxScale.

Connection provides a template to define the Connection for MaxScale.

replicas integer

Replicas indicates the number of desired instances.

podDisruptionBudget PodDisruptionBudget

PodDisruptionBudget defines the budget for replica availability.

UpdateStrategy defines the update strategy for the StatefulSet object.

kubernetesService ServiceTemplate

KubernetesService defines a template for a Kubernetes Service object to connect to MaxScale.

guiKubernetesService ServiceTemplate

GuiKubernetesService define a template for a Kubernetes Service object to connect to MaxScale's GUI.

requeueInterval Duration

RequeueInterval is used to perform requeue reconciliations.

MariaDBRef

MariaDBRef is a reference to a MariaDB object.

Appears in:

Field
Description
Default
Validation

name string

namespace string

waitForIt boolean

WaitForIt indicates whether the controller using this reference should wait for MariaDB to be ready.

true

MariaDBSpec

MariaDBSpec defines the desired state of MariaDB

Appears in:

Field
Description
Default
Validation

command string array

Command to be used in the Container.

args string array

Args to be used in the Container.

env EnvVar array

Env represents the environment variables to be injected in a container.

envFrom EnvFromSource array

EnvFrom represents the references (via ConfigMap and Secrets) to environment variables to be injected in the container.

volumeMounts VolumeMount array

VolumeMounts to be used in the Container.

livenessProbe Probe

LivenessProbe to be used in the Container.

readinessProbe Probe

ReadinessProbe to be used in the Container.

startupProbe Probe

StartupProbe to be used in the Container.

Resouces describes the compute resource requirements.

securityContext SecurityContext

SecurityContext holds security configuration that will be applied to a container.

podMetadata Metadata

PodMetadata defines extra metadata for the Pod.

imagePullSecrets LocalObjectReference array

ImagePullSecrets is the list of pull Secrets to be used to pull the image.

initContainers Container array

InitContainers to be used in the Pod.

sidecarContainers Container array

SidecarContainers to be used in the Pod.

podSecurityContext PodSecurityContext

SecurityContext holds pod-level security attributes and common container settings.

serviceAccountName string

ServiceAccountName is the name of the ServiceAccount to be used by the Pods.

Affinity to be used in the Pod.

nodeSelector object (keys:string, values:string)

NodeSelector to be used in the Pod.

tolerations Toleration array

Tolerations to be used in the Pod.

volumes Volume array

Volumes to be used in the Pod.

priorityClassName string

PriorityClassName to be used in the Pod.

topologySpreadConstraints TopologySpreadConstraint array

TopologySpreadConstraints to be used in the Pod.

suspend boolean

Suspend indicates whether the current resource should be suspended or not.This can be useful for maintenance, as disabling the reconciliation prevents the operator from interfering with user operations during maintenance activities.

false

image string

Image name to be used by the MariaDB instances. The supported format is :.Only MariaDB official images are supported.

imagePullPolicy PullPolicy

ImagePullPolicy is the image pull policy. One of Always, Never or IfNotPresent. If not defined, it defaults to IfNotPresent.

Enum: [Always Never IfNotPresent]

inheritMetadata Metadata

InheritMetadata defines the metadata to be inherited by children resources.

rootPasswordSecretKeyRef GeneratedSecretKeyRef

RootPasswordSecretKeyRef is a reference to a Secret key containing the root password.

rootEmptyPassword boolean

RootEmptyPassword indicates if the root password should be empty. Don't use this feature in production, it is only intended for development and test environments.

database string

Database is the name of the initial Database.

username string

Username is the initial username to be created by the operator once MariaDB is ready.The initial User will have ALL PRIVILEGES in the initial Database.

passwordSecretKeyRef GeneratedSecretKeyRef

PasswordSecretKeyRef is a reference to a Secret that contains the password to be used by the initial User.If the referred Secret is labeled with "enterprise.mariadb.com/watch", updates may be performed to the Secret in order to update the password.

passwordHashSecretKeyRef SecretKeySelector

PasswordHashSecretKeyRef is a reference to the password hash to be used by the initial User.If the referred Secret is labeled with "enterprise.mariadb.com/watch", updates may be performed to the Secret in order to update the password hash.It requires the 'skip-strict-password-validation' option to be set. See:.

passwordPlugin PasswordPlugin

PasswordPlugin is a reference to the password plugin and arguments to be used by the initial User.It requires the 'skip-strict-password-validation' option to be set. See:.

myCnf string

MyCnf allows to specify the my.cnf file mounted by Mariadb.Updating this field will trigger an update to the Mariadb resource.

myCnfConfigMapKeyRef ConfigMapKeySelector

MyCnfConfigMapKeyRef is a reference to the my.cnf config file provided via a ConfigMap.If not provided, it will be defaulted with a reference to a ConfigMap containing the MyCnf field.If the referred ConfigMap is labeled with "enterprise.mariadb.com/watch", an update to the Mariadb resource will be triggered when the ConfigMap is updated.

timeZone string

TimeZone sets the default timezone. If not provided, it defaults to SYSTEM and the timezone data is not loaded.

bootstrapFrom BootstrapFrom

BootstrapFrom defines a source to bootstrap from.

storage Storage

Storage defines the storage options to be used for provisioning the PVCs mounted by MariaDB.

Metrics configures metrics and how to scrape them.

tls TLS

TLS defines the PKI to be used with MariaDB.

galera Galera

Galera configures high availability via Galera.

maxScaleRef ObjectReference

MaxScaleRef is a reference to a MaxScale resource to be used with the current MariaDB.Providing this field implies delegating high availability tasks such as primary failover to MaxScale.

MaxScale is the MaxScale specification that defines the MaxScale resource to be used with the current MariaDB.When enabling this field, MaxScaleRef is automatically set.

replicas integer

Replicas indicates the number of desired instances.

1

replicasAllowEvenNumber boolean

disables the validation check for an odd number of replicas.

false

port integer

Port where the instances will be listening for connections.

3306

servicePorts ServicePort array

ServicePorts is the list of additional named ports to be added to the Services created by the operator.

podDisruptionBudget PodDisruptionBudget

PodDisruptionBudget defines the budget for replica availability.

updateStrategy UpdateStrategy

UpdateStrategy defines how a MariaDB resource is updated.

Service defines a template to configure the general Service object.The network traffic of this Service will be routed to all Pods.

Connection defines a template to configure the general Connection object.This Connection provides the initial User access to the initial Database.It will make use of the Service to route network traffic to all Pods.

primaryService ServiceTemplate

PrimaryService defines a template to configure the primary Service object.The network traffic of this Service will be routed to the primary Pod.

primaryConnection ConnectionTemplate

PrimaryConnection defines a template to configure the primary Connection object.This Connection provides the initial User access to the initial Database.It will make use of the PrimaryService to route network traffic to the primary Pod.

secondaryService ServiceTemplate

SecondaryService defines a template to configure the secondary Service object.The network traffic of this Service will be routed to the secondary Pods.

secondaryConnection ConnectionTemplate

SecondaryConnection defines a template to configure the secondary Connection object.This Connection provides the initial User access to the initial Database.It will make use of the SecondaryService to route network traffic to the secondary Pods.

MariadbMetrics

MariadbMetrics defines the metrics for a MariaDB.

Appears in:

Field
Description
Default
Validation

enabled boolean

Enabled is a flag to enable Metrics

exporter Exporter

Exporter defines the metrics exporter container.

serviceMonitor ServiceMonitor

ServiceMonitor defines the ServiceMonior object.

username string

Username is the username of the monitoring user used by the exporter.

passwordSecretKeyRef GeneratedSecretKeyRef

PasswordSecretKeyRef is a reference to the password of the monitoring user used by the exporter.If the referred Secret is labeled with "enterprise.mariadb.com/watch", updates may be performed to the Secret in order to update the password.

MaxScale

MaxScale is the Schema for the maxscales API. It is used to define MaxScale clusters.

Field
Description
Default
Validation

apiVersion string

enterprise.mariadb.com/v1alpha1

kind string

MaxScale

metadata ObjectMeta

Refer to Kubernetes API documentation for fields of metadata.

MaxScaleAdmin

MaxScaleAdmin configures the admin REST API and GUI.

Appears in:

Field
Description
Default
Validation

port integer

Port where the admin REST API and GUI will be exposed.

guiEnabled boolean

GuiEnabled indicates whether the admin GUI should be enabled.

MaxScaleAuth

MaxScaleAuth defines the credentials required for MaxScale to connect to MariaDB.

Appears in:

Field
Description
Default
Validation

generate boolean

Generate defies whether the operator should generate users and grants for MaxScale to work.It only supports MariaDBs specified via spec.mariaDbRef.

adminUsername string

AdminUsername is an admin username to call the admin REST API. It is defaulted if not provided.

adminPasswordSecretKeyRef GeneratedSecretKeyRef

AdminPasswordSecretKeyRef is Secret key reference to the admin password to call the admin REST API. It is defaulted if not provided.

deleteDefaultAdmin boolean

DeleteDefaultAdmin determines whether the default admin user should be deleted after the initial configuration. If not provided, it defaults to true.

metricsUsername string

MetricsUsername is an metrics username to call the REST API. It is defaulted if metrics are enabled.

metricsPasswordSecretKeyRef GeneratedSecretKeyRef

MetricsPasswordSecretKeyRef is Secret key reference to the metrics password to call the admib REST API. It is defaulted if metrics are enabled.If the referred Secret is labeled with "enterprise.mariadb.com/watch", updates may be performed to the Secret in order to update the password.

clientUsername string

ClientUsername is the user to connect to MaxScale. It is defaulted if not provided.

clientPasswordSecretKeyRef GeneratedSecretKeyRef

ClientPasswordSecretKeyRef is Secret key reference to the password to connect to MaxScale. It is defaulted if not provided.If the referred Secret is labeled with "enterprise.mariadb.com/watch", updates may be performed to the Secret in order to update the password.

clientMaxConnections integer

ClientMaxConnections defines the maximum number of connections that the client can establish.If HA is enabled, make sure to increase this value, as more MaxScale replicas implies more connections.It defaults to 30 times the number of MaxScale replicas.

serverUsername string

ServerUsername is the user used by MaxScale to connect to MariaDB server. It is defaulted if not provided.

serverPasswordSecretKeyRef GeneratedSecretKeyRef

ServerPasswordSecretKeyRef is Secret key reference to the password used by MaxScale to connect to MariaDB server. It is defaulted if not provided.If the referred Secret is labeled with "enterprise.mariadb.com/watch", updates may be performed to the Secret in order to update the password.

serverMaxConnections integer

ServerMaxConnections defines the maximum number of connections that the server can establish.If HA is enabled, make sure to increase this value, as more MaxScale replicas implies more connections.It defaults to 30 times the number of MaxScale replicas.

monitorUsername string

MonitorUsername is the user used by MaxScale monitor to connect to MariaDB server. It is defaulted if not provided.

monitorPasswordSecretKeyRef GeneratedSecretKeyRef

MonitorPasswordSecretKeyRef is Secret key reference to the password used by MaxScale monitor to connect to MariaDB server. It is defaulted if not provided.If the referred Secret is labeled with "enterprise.mariadb.com/watch", updates may be performed to the Secret in order to update the password.

monitorMaxConnections integer

MonitorMaxConnections defines the maximum number of connections that the monitor can establish.If HA is enabled, make sure to increase this value, as more MaxScale replicas implies more connections.It defaults to 30 times the number of MaxScale replicas.

syncUsername string

MonitoSyncUsernamerUsername is the user used by MaxScale config sync to connect to MariaDB server. It is defaulted when HA is enabled.

syncPasswordSecretKeyRef GeneratedSecretKeyRef

SyncPasswordSecretKeyRef is Secret key reference to the password used by MaxScale config to connect to MariaDB server. It is defaulted when HA is enabled.If the referred Secret is labeled with "enterprise.mariadb.com/watch", updates may be performed to the Secret in order to update the password.

syncMaxConnections integer

SyncMaxConnections defines the maximum number of connections that the sync can establish.If HA is enabled, make sure to increase this value, as more MaxScale replicas implies more connections.It defaults to 30 times the number of MaxScale replicas.

MaxScaleConfig

MaxScaleConfig defines the MaxScale configuration.

Appears in:

Field
Description
Default
Validation

params object (keys:string, values:string)

Params is a key value pair of parameters to be used in the MaxScale static configuration file.Any parameter supported by MaxScale may be specified here. See reference:#global-settings.

volumeClaimTemplate VolumeClaimTemplate

VolumeClaimTemplate provides a template to define the PVCs for storing MaxScale runtime configuration files. It is defaulted if not provided.

Sync defines how to replicate configuration across MaxScale replicas. It is defaulted when HA is enabled.

MaxScaleConfigSync

MaxScaleConfigSync defines how the config changes are replicated across replicas.

Appears in:

Field
Description
Default
Validation

database string

Database is the MariaDB logical database where the 'maxscale_config' table will be created in order to persist and synchronize config changes. If not provided, it defaults to 'mysql'.

interval Duration

Interval defines the config synchronization interval. It is defaulted if not provided.

timeout Duration

Interval defines the config synchronization timeout. It is defaulted if not provided.

MaxScaleListener

MaxScaleListener defines how the MaxScale server will listen for connections.

Appears in:

Field
Description
Default
Validation

suspend boolean

Suspend indicates whether the current resource should be suspended or not.This can be useful for maintenance, as disabling the reconciliation prevents the operator from interfering with user operations during maintenance activities.

false

name string

Name is the identifier of the listener. It is defaulted if not provided

port integer

Port is the network port where the MaxScale server will listen.

Required: {}

protocol string

Protocol is the MaxScale protocol to use when communicating with the client. If not provided, it defaults to MariaDBProtocol.

params object (keys:string, values:string)

Params defines extra parameters to pass to the listener.Any parameter supported by MaxScale may be specified here. See reference:#listener_1.

MaxScaleMetrics

MaxScaleMetrics defines the metrics for a Maxscale.

Appears in:

Field
Description
Default
Validation

enabled boolean

Enabled is a flag to enable Metrics

exporter Exporter

Exporter defines the metrics exporter container.

serviceMonitor ServiceMonitor

ServiceMonitor defines the ServiceMonior object.

MaxScaleMonitor

MaxScaleMonitor monitors MariaDB server instances

Appears in:

Field
Description
Default
Validation

suspend boolean

Suspend indicates whether the current resource should be suspended or not.This can be useful for maintenance, as disabling the reconciliation prevents the operator from interfering with user operations during maintenance activities.

false

name string

Name is the identifier of the monitor. It is defaulted if not provided.

Module is the module to use to monitor MariaDB servers. It is mandatory when no MariaDB reference is provided.

interval Duration

Interval used to monitor MariaDB servers. It is defaulted if not provided.

cooperativeMonitoring CooperativeMonitoring

CooperativeMonitoring enables coordination between multiple MaxScale instances running monitors. It is defaulted when HA is enabled.

Enum: [majority_of_all majority_of_running]

params object (keys:string, values:string)

Params defines extra parameters to pass to the monitor.Any parameter supported by MaxScale may be specified here. See reference: Common Monitor Parameters

specific parameter are also suported: Galera Monitor

MaxScalePodTemplate

MaxScalePodTemplate defines a template for MaxScale Pods.

Appears in:

Field
Description
Default
Validation

podMetadata Metadata

PodMetadata defines extra metadata for the Pod.

imagePullSecrets LocalObjectReference array

ImagePullSecrets is the list of pull Secrets to be used to pull the image.

podSecurityContext PodSecurityContext

SecurityContext holds pod-level security attributes and common container settings.

serviceAccountName string

ServiceAccountName is the name of the ServiceAccount to be used by the Pods.

Affinity to be used in the Pod.

nodeSelector object (keys:string, values:string)

NodeSelector to be used in the Pod.

tolerations Toleration array

Tolerations to be used in the Pod.

priorityClassName string

PriorityClassName to be used in the Pod.

topologySpreadConstraints TopologySpreadConstraint array

TopologySpreadConstraints to be used in the Pod.

MaxScaleServer

MaxScaleServer defines a MariaDB server to forward traffic to.

Appears in:

Field
Description
Default
Validation

name string

Name is the identifier of the MariaDB server.

Required: {}

address string

Address is the network address of the MariaDB server.

Required: {}

port integer

Port is the network port of the MariaDB server. If not provided, it defaults to 3306.

protocol string

Protocol is the MaxScale protocol to use when communicating with this MariaDB server. If not provided, it defaults to MariaDBBackend.

maintenance boolean

Maintenance indicates whether the server is in maintenance mode.

params object (keys:string, values:string)

Params defines extra parameters to pass to the server.Any parameter supported by MaxScale may be specified here. See reference:#server_1.

MaxScaleService

Services define how the traffic is forwarded to the MariaDB servers.

Appears in:

Field
Description
Default
Validation

suspend boolean

Suspend indicates whether the current resource should be suspended or not.This can be useful for maintenance, as disabling the reconciliation prevents the operator from interfering with user operations during maintenance activities.

false

name string

Name is the identifier of the MaxScale service.

Required: {}

Router is the type of router to use.

Enum: [readwritesplit readconnroute] Required: {}

MaxScaleListener defines how the MaxScale server will listen for connections.

Required: {}

params object (keys:string, values:string)

Params defines extra parameters to pass to the service.Any parameter supported by MaxScale may be specified here. See reference:

https://app.gitbook.com/o/diTpXxF5WsbHqTReoBsS/s/0pSbu5DcMSW4KwAkUcmX/other-maxscale-versions/mariadb-maxscale-23-02/mariadb-maxscale-23-02-getting-started/mariadb-maxscale-2302-mariadb-maxscale-configuration-guide

specific parameter are also suported:

Readwritesplit

: Readconnroute

MaxScaleSpec

MaxScaleSpec defines the desired state of MaxScale.

Appears in:

Field
Description
Default
Validation

command string array

Command to be used in the Container.

args string array

Args to be used in the Container.

env EnvVar array

Env represents the environment variables to be injected in a container.

envFrom EnvFromSource array

EnvFrom represents the references (via ConfigMap and Secrets) to environment variables to be injected in the container.

volumeMounts VolumeMount array

VolumeMounts to be used in the Container.

livenessProbe Probe

LivenessProbe to be used in the Container.

readinessProbe Probe

ReadinessProbe to be used in the Container.

startupProbe Probe

StartupProbe to be used in the Container.

Resouces describes the compute resource requirements.

securityContext SecurityContext

SecurityContext holds security configuration that will be applied to a container.

podMetadata Metadata

PodMetadata defines extra metadata for the Pod.

imagePullSecrets LocalObjectReference array

ImagePullSecrets is the list of pull Secrets to be used to pull the image.

podSecurityContext PodSecurityContext

SecurityContext holds pod-level security attributes and common container settings.

serviceAccountName string

ServiceAccountName is the name of the ServiceAccount to be used by the Pods.

Affinity to be used in the Pod.

nodeSelector object (keys:string, values:string)

NodeSelector to be used in the Pod.

tolerations Toleration array

Tolerations to be used in the Pod.

priorityClassName string

PriorityClassName to be used in the Pod.

topologySpreadConstraints TopologySpreadConstraint array

TopologySpreadConstraints to be used in the Pod.

suspend boolean

Suspend indicates whether the current resource should be suspended or not.This can be useful for maintenance, as disabling the reconciliation prevents the operator from interfering with user operations during maintenance activities.

false

mariaDbRef MariaDBRef

MariaDBRef is a reference to the MariaDB that MaxScale points to. It is used to initialize the servers field.

servers MaxScaleServer array

Servers are the MariaDB servers to forward traffic to. It is required if 'spec.mariaDbRef' is not provided.

image string

Image name to be used by the MaxScale instances. The supported format is :.Only MaxScale official images are supported.

imagePullPolicy PullPolicy

ImagePullPolicy is the image pull policy. One of Always, Never or IfNotPresent. If not defined, it defaults to IfNotPresent.

Enum: [Always Never IfNotPresent]

inheritMetadata Metadata

InheritMetadata defines the metadata to be inherited by children resources.

services MaxScaleService array

Services define how the traffic is forwarded to the MariaDB servers. It is defaulted if not provided.

Monitor monitors MariaDB server instances. It is required if 'spec.mariaDbRef' is not provided.

Admin configures the admin REST API and GUI.

Config defines the MaxScale configuration.

Auth defines the credentials required for MaxScale to connect to MariaDB.

Metrics configures metrics and how to scrape them.

TLS defines the PKI to be used with MaxScale.

Connection provides a template to define the Connection for MaxScale.

replicas integer

Replicas indicates the number of desired instances.

1

podDisruptionBudget PodDisruptionBudget

PodDisruptionBudget defines the budget for replica availability.

UpdateStrategy defines the update strategy for the StatefulSet object.

kubernetesService ServiceTemplate

KubernetesService defines a template for a Kubernetes Service object to connect to MaxScale.

guiKubernetesService ServiceTemplate

GuiKubernetesService defines a template for a Kubernetes Service object to connect to MaxScale's GUI.

requeueInterval Duration

RequeueInterval is used to perform requeue reconciliations. If not defined, it defaults to 10s.

MaxScaleTLS

TLS defines the PKI to be used with MaxScale.

Appears in:

Field
Description
Default
Validation

enabled boolean

Enabled indicates whether TLS is enabled, determining if certificates should be issued and mounted to the MaxScale instance.It is enabled by default when the referred MariaDB instance (via mariaDbRef) has TLS enabled and enforced.

adminVersions string array

Versions specifies the supported TLS versions in the MaxScale REST API.By default, the MaxScale's default supported versions are used. See: MariaDB MaxScale Configuration Guide

serverVersions string array

ServerVersions specifies the supported TLS versions in both the servers and listeners managed by this MaxScale instance.By default, the MaxScale's default supported versions are used. See: MariaDB MaxScale Configuration Guide.

adminCASecretRef LocalObjectReference

AdminCASecretRef is a reference to a Secret containing the admin certificate authority keypair. It is used to establish trust and issue certificates for the MaxScale's administrative REST API and GUI.One of:- Secret containing both the 'ca.crt' and 'ca.key' keys. This allows you to bring your own CA to Kubernetes to issue certificates.- Secret containing only the 'ca.crt' in order to establish trust. In this case, either adminCertSecretRef or adminCertIssuerRef fields must be provided.If not provided, a self-signed CA will be provisioned to issue the server certificate.

adminCertSecretRef LocalObjectReference

AdminCertSecretRef is a reference to a TLS Secret used by the MaxScale's administrative REST API and GUI.

adminCertIssuerRef ObjectReference

AdminCertIssuerRef is a reference to a cert-manager issuer object used to issue the MaxScale's administrative REST API and GUI certificate. cert-manager must be installed previously in the cluster.It is mutually exclusive with adminCertSecretRef.By default, the Secret field 'ca.crt' provisioned by cert-manager will be added to the trust chain. A custom trust bundle may be specified via adminCASecretRef.

adminCertConfig TLSConfig

AdminCertConfig allows configuring the admin certificates, either issued by the operator or cert-manager.If not set, the default settings will be used.

listenerCASecretRef LocalObjectReference

ListenerCASecretRef is a reference to a Secret containing the listener certificate authority keypair. It is used to establish trust and issue certificates for the MaxScale's listeners.One of:- Secret containing both the 'ca.crt' and 'ca.key' keys. This allows you to bring your own CA to Kubernetes to issue certificates.- Secret containing only the 'ca.crt' in order to establish trust. In this case, either listenerCertSecretRef or listenerCertIssuerRef fields must be provided.If not provided, a self-signed CA will be provisioned to issue the listener certificate.

listenerCertSecretRef LocalObjectReference

ListenerCertSecretRef is a reference to a TLS Secret used by the MaxScale's listeners.

listenerCertIssuerRef ObjectReference

ListenerCertIssuerRef is a reference to a cert-manager issuer object used to issue the MaxScale's listeners certificate. cert-manager must be installed previously in the cluster.It is mutually exclusive with listenerCertSecretRef.By default, the Secret field 'ca.crt' provisioned by cert-manager will be added to the trust chain. A custom trust bundle may be specified via listenerCASecretRef.

listenerCertConfig TLSConfig

ListenerCertConfig allows configuring the listener certificates, either issued by the operator or cert-manager.If not set, the default settings will be used.

serverCASecretRef LocalObjectReference

ServerCASecretRef is a reference to a Secret containing the MariaDB server CA certificates. It is used to establish trust with MariaDB servers.The Secret should contain a 'ca.crt' key in order to establish trust.If not provided, and the reference to a MariaDB resource is set (mariaDbRef), it will be defaulted to the referred MariaDB CA bundle.

serverCertSecretRef LocalObjectReference

ServerCertSecretRef is a reference to a TLS Secret used by MaxScale to connect to the MariaDB servers.If not provided, and the reference to a MariaDB resource is set (mariaDbRef), it will be defaulted to the referred MariaDB client certificate (clientCertSecretRef).

verifyPeerCertificate boolean

VerifyPeerCertificate specifies whether the peer certificate's signature should be validated against the CA.It is disabled by default.

verifyPeerHost boolean

VerifyPeerHost specifies whether the peer certificate's SANs should match the peer host.It is disabled by default.

replicationSSLEnabled boolean

ReplicationSSLEnabled specifies whether the replication SSL is enabled. If enabled, the SSL options will be added to the server configuration.It is enabled by default when the referred MariaDB instance (via mariaDbRef) has replication enabled.If the MariaDB servers are manually provided by the user via the 'servers' field, this must be set by the user as well.

Metadata

Metadata defines the metadata to added to resources.

Appears in:

Field
Description
Default
Validation

labels object (keys:string, values:string)

Labels to be added to children resources.

annotations object (keys:string, values:string)

Annotations to be added to children resources.

MonitorModule

Underlying type: string

MonitorModule defines the type of monitor module

Appears in:

Field
Description

mariadbmon

MonitorModuleMariadb is a monitor to be used with MariaDB servers.

galeramon

MonitorModuleGalera is a monitor to be used with Galera servers.

NFSVolumeSource

Refer to the Kubernetes docs: #nfsvolumesource-v1-core.

Appears in:

Field
Description
Default
Validation

server string

path string

readOnly boolean

NodeAffinity

Refer to the Kubernetes docs: #nodeaffinity-v1-core

Appears in:

Field
Description
Default
Validation

requiredDuringSchedulingIgnoredDuringExecution NodeSelector

preferredDuringSchedulingIgnoredDuringExecution PreferredSchedulingTerm array

NodeSelector

Refer to the Kubernetes docs: #nodeselector-v1-core

Appears in:

Field
Description
Default
Validation

nodeSelectorTerms NodeSelectorTerm array

NodeSelectorTerm

Underlying type: struct{MatchExpressions []NodeSelectorRequirement "json:"matchExpressions,omitempty""; MatchFields []NodeSelectorRequirement "json:"matchFields,omitempty""}

Refer to the Kubernetes docs: #nodeselectorterm-v1-core

Appears in:

ObjectFieldSelector

Refer to the Kubernetes docs: #objectfieldselector-v1-core.

Appears in:

Field
Description
Default
Validation

apiVersion string

fieldPath string

ObjectReference

Refer to the Kubernetes docs: #objectreference-v1-core.

Appears in:

Field
Description
Default
Validation

name string

namespace string

PasswordPlugin

PasswordPlugin defines the password plugin and its arguments.

Appears in:

Field
Description
Default
Validation

pluginNameSecretKeyRef SecretKeySelector

PluginNameSecretKeyRef is a reference to the authentication plugin to be used by the User.If the referred Secret is labeled with "enterprise.mariadb.com/watch", updates may be performed to the Secret in order to update the authentication plugin.

pluginArgSecretKeyRef SecretKeySelector

PluginArgSecretKeyRef is a reference to the arguments to be provided to the authentication plugin for the User.If the referred Secret is labeled with "enterprise.mariadb.com/watch", updates may be performed to the Secret in order to update the authentication plugin arguments.

PersistentVolumeClaimSpec

Refer to the Kubernetes docs: #persistentvolumeclaimspec-v1-core.

Appears in:

Field
Description
Default
Validation

accessModes PersistentVolumeAccessMode array

selector LabelSelector

storageClassName string

PersistentVolumeClaimVolumeSource

Refer to the Kubernetes docs: #persistentvolumeclaimvolumesource-v1-core.

Appears in:

Field
Description
Default
Validation

claimName string

readOnly boolean

PodAffinityTerm

Refer to the Kubernetes docs: #podaffinityterm-v1-core.

Appears in:

Field
Description
Default
Validation

labelSelector LabelSelector

topologyKey string

PodAntiAffinity

Refer to the Kubernetes docs: #podantiaffinity-v1-core.

Appears in:

Field
Description
Default
Validation

requiredDuringSchedulingIgnoredDuringExecution PodAffinityTerm array

preferredDuringSchedulingIgnoredDuringExecution WeightedPodAffinityTerm array

PodDisruptionBudget

PodDisruptionBudget is the Pod availability bundget for a MariaDB

Appears in:

Field
Description
Default
Validation

minAvailable IntOrString

MinAvailable defines the number of minimum available Pods.

maxUnavailable IntOrString

MaxUnavailable defines the number of maximum unavailable Pods.

PodSecurityContext

Refer to the Kubernetes docs: #podsecuritycontext-v1-core

Appears in:

Field
Description
Default
Validation

seLinuxOptions SELinuxOptions

runAsUser integer

runAsGroup integer

runAsNonRoot boolean

supplementalGroups integer array

fsGroup integer

fsGroupChangePolicy PodFSGroupChangePolicy

seccompProfile SeccompProfile

appArmorProfile AppArmorProfile

PodTemplate

PodTemplate defines a template to configure Container objects.

Appears in:

Field
Description
Default
Validation

podMetadata Metadata

PodMetadata defines extra metadata for the Pod.

imagePullSecrets LocalObjectReference array

ImagePullSecrets is the list of pull Secrets to be used to pull the image.

initContainers Container array

InitContainers to be used in the Pod.

sidecarContainers Container array

SidecarContainers to be used in the Pod.

podSecurityContext PodSecurityContext

SecurityContext holds pod-level security attributes and common container settings.

serviceAccountName string

ServiceAccountName is the name of the ServiceAccount to be used by the Pods.

Affinity to be used in the Pod.

nodeSelector object (keys:string, values:string)

NodeSelector to be used in the Pod.

tolerations Toleration array

Tolerations to be used in the Pod.

volumes Volume array

Volumes to be used in the Pod.

priorityClassName string

PriorityClassName to be used in the Pod.

topologySpreadConstraints TopologySpreadConstraint array

TopologySpreadConstraints to be used in the Pod.

PreferredSchedulingTerm

Refer to the Kubernetes docs: #preferredschedulingterm-v1-core

Appears in:

Field
Description
Default
Validation

weight integer

preference NodeSelectorTerm

PrimaryGalera

PrimaryGalera is the Galera configuration for the primary node.

Appears in:

Field
Description
Default
Validation

podIndex integer

PodIndex is the StatefulSet index of the primary node. The user may change this field to perform a manual switchover.

automaticFailover boolean

AutomaticFailover indicates whether the operator should automatically update PodIndex to perform an automatic primary failover.

Probe

Refer to the Kubernetes docs: #probe-v1-core.

Appears in:

Field
Description
Default
Validation

tcpSocket TCPSocketAction

initialDelaySeconds integer

timeoutSeconds integer

periodSeconds integer

successThreshold integer

failureThreshold integer

ProbeHandler

Refer to the Kubernetes docs: #probe-v1-core.

Appears in:

Field
Description
Default
Validation

ResourceRequirements

Refer to the Kubernetes docs: #resourcerequirements-v1-core.

Appears in:

Restore

Restore is the Schema for the restores API. It is used to define restore jobs and its restoration source.

Field
Description
Default
Validation

apiVersion string

enterprise.mariadb.com/v1alpha1

kind string

Restore

metadata ObjectMeta

Refer to Kubernetes API documentation for fields of metadata.

RestoreSource

RestoreSource defines a source for restoring a MariaDB.

Appears in:

Field
Description
Default
Validation

BackupRef is a reference to a Backup object. It has priority over S3 and Volume.

s3 S3

S3 defines the configuration to restore backups from a S3 compatible storage. It has priority over Volume.

Volume is a Kubernetes Volume object that contains a backup.

targetRecoveryTime Time

TargetRecoveryTime is a RFC3339 (1970-01-01T00:00:00Z) date and time that defines the point in time recovery objective.It is used to determine the closest restoration source in time.

stagingStorage BackupStagingStorage

StagingStorage defines the temporary storage used to keep external backups (i.e. S3) while they are being processed.It defaults to an emptyDir volume, meaning that the backups will be temporarily stored in the node where the Restore Job is scheduled.

RestoreSpec

RestoreSpec defines the desired state of restore

Appears in:

Field
Description
Default
Validation

args string array

Args to be used in the Container.

Resouces describes the compute resource requirements.

securityContext SecurityContext

SecurityContext holds security configuration that will be applied to a container.

podMetadata Metadata

PodMetadata defines extra metadata for the Pod.

imagePullSecrets LocalObjectReference array

ImagePullSecrets is the list of pull Secrets to be used to pull the image.

podSecurityContext PodSecurityContext

SecurityContext holds pod-level security attributes and common container settings.

serviceAccountName string

ServiceAccountName is the name of the ServiceAccount to be used by the Pods.

Affinity to be used in the Pod.

nodeSelector object (keys:string, values:string)

NodeSelector to be used in the Pod.

tolerations Toleration array

Tolerations to be used in the Pod.

priorityClassName string

PriorityClassName to be used in the Pod.

BackupRef is a reference to a Backup object. It has priority over S3 and Volume.

s3 S3

S3 defines the configuration to restore backups from a S3 compatible storage. It has priority over Volume.

Volume is a Kubernetes Volume object that contains a backup.

targetRecoveryTime Time

TargetRecoveryTime is a RFC3339 (1970-01-01T00:00:00Z) date and time that defines the point in time recovery objective.It is used to determine the closest restoration source in time.

stagingStorage BackupStagingStorage

StagingStorage defines the temporary storage used to keep external backups (i.e. S3) while they are being processed.It defaults to an emptyDir volume, meaning that the backups will be temporarily stored in the node where the Restore Job is scheduled.

mariaDbRef MariaDBRef

MariaDBRef is a reference to a MariaDB object.

Required: {}

database string

Database defines the logical database to be restored. If not provided, all databases available in the backup are restored.IMPORTANT: The database must previously exist.

logLevel string

LogLevel to be used n the Backup Job. It defaults to 'info'.

info

backoffLimit integer

BackoffLimit defines the maximum number of attempts to successfully perform a Backup.

5

restartPolicy RestartPolicy

RestartPolicy to be added to the Backup Job.

OnFailure

Enum: [Always OnFailure Never]

inheritMetadata Metadata

InheritMetadata defines the metadata to be inherited by children resources.

S3

Appears in:

Field
Description
Default
Validation

bucket string

Bucket is the name Name of the bucket to store backups.

Required: {}

endpoint string

Endpoint is the S3 API endpoint without scheme.

Required: {}

region string

Region is the S3 region name to use.

prefix string

Prefix indicates a folder/subfolder in the bucket. For example: mariadb/ or mariadb/backups. A trailing slash '/' is added if not provided.

accessKeyIdSecretKeyRef SecretKeySelector

AccessKeyIdSecretKeyRef is a reference to a Secret key containing the S3 access key id.

secretAccessKeySecretKeyRef SecretKeySelector

AccessKeyIdSecretKeyRef is a reference to a Secret key containing the S3 secret key.

sessionTokenSecretKeyRef SecretKeySelector

SessionTokenSecretKeyRef is a reference to a Secret key containing the S3 session token.

tls TLSS3

TLS provides the configuration required to establish TLS connections with S3.

SQLTemplate

SQLTemplate defines a template to customize SQL objects.

Appears in:

Field
Description
Default
Validation

requeueInterval Duration

RequeueInterval is used to perform requeue reconciliations.

retryInterval Duration

RetryInterval is the interval used to perform retries.

cleanupPolicy CleanupPolicy

CleanupPolicy defines the behavior for cleaning up a SQL resource.

Enum: [Skip Delete]

SST

Underlying type: string

SST is the Snapshot State Transfer used when new Pods join the cluster. More info: sst.html.

Appears in:

Field
Description

rsync

SSTRsync is an SST based on rsync.

mariadb-backup

SSTmariadb-backup is an SST based on mariadb-backup. It is the recommended SST.

mysqldump

SSTMysqldump is an SST based on mysqldump.

Schedule

Schedule contains parameters to define a schedule

Appears in:

Field
Description
Default
Validation

cron string

Cron is a cron expression that defines the schedule.

Required: {}

suspend boolean

Suspend defines whether the schedule is active or not.

false

SecretKeySelector

Refer to the Kubernetes docs: #secretkeyselector-v1-core.

Appears in:

Field
Description
Default
Validation

name string

key string

SecretTemplate

SecretTemplate defines a template to customize Secret objects.

Appears in:

Field
Description
Default
Validation

metadata Metadata

Refer to Kubernetes API documentation for fields of metadata.

key string

Key to be used in the Secret.

format string

Format to be used in the Secret.

usernameKey string

UsernameKey to be used in the Secret.

passwordKey string

PasswordKey to be used in the Secret.

hostKey string

HostKey to be used in the Secret.

portKey string

PortKey to be used in the Secret.

databaseKey string

DatabaseKey to be used in the Secret.

SecretVolumeSource

Refer to the Kubernetes docs: #secretvolumesource-v1-core.

Appears in:

Field
Description
Default
Validation

secretName string

defaultMode integer

SecurityContext

Refer to the Kubernetes docs: #securitycontext-v1-core.

Appears in:

Field
Description
Default
Validation

capabilities Capabilities

privileged boolean

runAsUser integer

runAsGroup integer

runAsNonRoot boolean

readOnlyRootFilesystem boolean

allowPrivilegeEscalation boolean

ServiceMonitor

ServiceMonitor defines a prometheus ServiceMonitor object.

Appears in:

Field
Description
Default
Validation

prometheusRelease string

PrometheusRelease is the release label to add to the ServiceMonitor object.

jobLabel string

JobLabel to add to the ServiceMonitor object.

interval string

Interval for scraping metrics.

scrapeTimeout string

ScrapeTimeout defines the timeout for scraping metrics.

ServicePort

Refer to the Kubernetes docs: #serviceport-v1-core

Appears in:

Field
Description
Default
Validation

name string

port integer

ServiceRouter

Underlying type: string

ServiceRouter defines the type of service router.

Appears in:

Field
Description

readwritesplit

ServiceRouterReadWriteSplit splits the load based on the queries. Write queries are performed on master and read queries on the replicas.

readconnroute

ServiceRouterReadConnRoute splits the load based on the connections. Each connection is assigned to a server.

ServiceTemplate

ServiceTemplate defines a template to customize Service objects.

Appears in:

Field
Description
Default
Validation

Type is the Service type. One of ClusterIP, NodePort or LoadBalancer. If not defined, it defaults to ClusterIP.

ClusterIP

Enum: [ClusterIP NodePort LoadBalancer]

metadata Metadata

Refer to Kubernetes API documentation for fields of metadata.

loadBalancerIP string

LoadBalancerIP Service field.

loadBalancerSourceRanges string array

LoadBalancerSourceRanges Service field.

externalTrafficPolicy ServiceExternalTrafficPolicy

ExternalTrafficPolicy Service field.

sessionAffinity ServiceAffinity

SessionAffinity Service field.

allocateLoadBalancerNodePorts boolean

AllocateLoadBalancerNodePorts Service field.

SqlJob

SqlJob is the Schema for the sqljobs API. It is used to run sql scripts as jobs.

Field
Description
Default
Validation

apiVersion string

enterprise.mariadb.com/v1alpha1

kind string

SqlJob

metadata ObjectMeta

Refer to Kubernetes API documentation for fields of metadata.

SqlJobSpec

SqlJobSpec defines the desired state of SqlJob

Appears in:

Field
Description
Default
Validation

args string array

Args to be used in the Container.

Resouces describes the compute resource requirements.

securityContext SecurityContext

SecurityContext holds security configuration that will be applied to a container.

podMetadata Metadata

PodMetadata defines extra metadata for the Pod.

imagePullSecrets LocalObjectReference array

ImagePullSecrets is the list of pull Secrets to be used to pull the image.

podSecurityContext PodSecurityContext

SecurityContext holds pod-level security attributes and common container settings.

serviceAccountName string

ServiceAccountName is the name of the ServiceAccount to be used by the Pods.

Affinity to be used in the Pod.

nodeSelector object (keys:string, values:string)

NodeSelector to be used in the Pod.

tolerations Toleration array

Tolerations to be used in the Pod.

priorityClassName string

PriorityClassName to be used in the Pod.

successfulJobsHistoryLimit integer

SuccessfulJobsHistoryLimit defines the maximum number of successful Jobs to be displayed.

Minimum: 0

failedJobsHistoryLimit integer

FailedJobsHistoryLimit defines the maximum number of failed Jobs to be displayed.

Minimum: 0

timeZone string

TimeZone defines the timezone associated with the cron expression.

mariaDbRef MariaDBRef

MariaDBRef is a reference to a MariaDB object.

Required: {}

schedule Schedule

Schedule defines when the SqlJob will be executed.

username string

Username to be impersonated when executing the SqlJob.

Required: {}

passwordSecretKeyRef SecretKeySelector

UserPasswordSecretKeyRef is a reference to the impersonated user's password to be used when executing the SqlJob.

Required: {}

tlsCASecretRef LocalObjectReference

TLSCACertSecretRef is a reference toa CA Secret used to establish trust when executing the SqlJob.If not provided, the CA bundle provided by the referred MariaDB is used.

tlsClientCertSecretRef LocalObjectReference

TLSClientCertSecretRef is a reference to a Kubernetes TLS Secret used as authentication when executing the SqlJob.If not provided, the client certificate provided by the referred MariaDB is used.

database string

Username to be used when executing the SqlJob.

dependsOn LocalObjectReference array

DependsOn defines dependencies with other SqlJob objectecs.

sql string

Sql is the script to be executed by the SqlJob.

sqlConfigMapKeyRef ConfigMapKeySelector

SqlConfigMapKeyRef is a reference to a ConfigMap containing the Sql script.It is defaulted to a ConfigMap with the contents of the Sql field.

backoffLimit integer

BackoffLimit defines the maximum number of attempts to successfully execute a SqlJob.

5

restartPolicy RestartPolicy

RestartPolicy to be added to the SqlJob Pod.

OnFailure

Enum: [Always OnFailure Never]

inheritMetadata Metadata

InheritMetadata defines the metadata to be inherited by children resources.

Storage

Storage defines the storage options to be used for provisioning the PVCs mounted by MariaDB.

Appears in:

Field
Description
Default
Validation

ephemeral boolean

Ephemeral indicates whether to use ephemeral storage in the PVCs. It is only compatible with non HA MariaDBs.

Size of the PVCs to be mounted by MariaDB. Required if not provided in 'VolumeClaimTemplate'. It supersedes the storage size specified in 'VolumeClaimTemplate'.

storageClassName string

StorageClassName to be used to provision the PVCS. It supersedes the 'StorageClassName' specified in 'VolumeClaimTemplate'.If not provided, the default 'StorageClass' configured in the cluster is used.

resizeInUseVolumes boolean

ResizeInUseVolumes indicates whether the PVCs can be resized. The 'StorageClassName' used should have 'allowVolumeExpansion' set to 'true' to allow resizing.It defaults to true.

waitForVolumeResize boolean

WaitForVolumeResize indicates whether to wait for the PVCs to be resized before marking the MariaDB object as ready. This will block other operations such as cluster recovery while the resize is in progress.It defaults to true.

volumeClaimTemplate VolumeClaimTemplate

VolumeClaimTemplate provides a template to define the PVCs.

StorageVolumeSource

Refer to the Kubernetes docs: #volume-v1-core.

Appears in:

Field
Description
Default
Validation

SuspendTemplate

SuspendTemplate indicates whether the current resource should be suspended or not.

Appears in:

Field
Description
Default
Validation

suspend boolean

Suspend indicates whether the current resource should be suspended or not.This can be useful for maintenance, as disabling the reconciliation prevents the operator from interfering with user operations during maintenance activities.

false

TCPSocketAction

Refer to the Kubernetes docs: #tcpsocketaction-v1-core.

Appears in:

Field
Description
Default
Validation

host string

TLS

TLS defines the PKI to be used with MariaDB.

Appears in:

Field
Description
Default
Validation

enabled boolean

Enabled indicates whether TLS is enabled, determining if certificates should be issued and mounted to the MariaDB instance.It is enabled by default.

required boolean

Required specifies whether TLS must be enforced for all connections.User TLS requirements take precedence over this.It disabled by default.

versions string array

Versions specifies the supported TLS versions for this MariaDB instance.By default, the MariaDB's default supported versions are used. See: tls_version.

serverCASecretRef LocalObjectReference

ServerCASecretRef is a reference to a Secret containing the server certificate authority keypair. It is used to establish trust and issue server certificates.One of:- Secret containing both the 'ca.crt' and 'ca.key' keys. This allows you to bring your own CA to Kubernetes to issue certificates.- Secret containing only the 'ca.crt' in order to establish trust. In this case, either serverCertSecretRef or serverCertIssuerRef must be provided.If not provided, a self-signed CA will be provisioned to issue the server certificate.

serverCertSecretRef LocalObjectReference

ServerCertSecretRef is a reference to a TLS Secret containing the server certificate.It is mutually exclusive with serverCertIssuerRef.

serverCertIssuerRef ObjectReference

ServerCertIssuerRef is a reference to a cert-manager issuer object used to issue the server certificate. cert-manager must be installed previously in the cluster.It is mutually exclusive with serverCertSecretRef.By default, the Secret field 'ca.crt' provisioned by cert-manager will be added to the trust chain. A custom trust bundle may be specified via serverCASecretRef.

serverCertConfig TLSConfig

ServerCertConfig allows configuring the server certificates, either issued by the operator or cert-manager.If not set, the default settings will be used.

clientCASecretRef LocalObjectReference

ClientCASecretRef is a reference to a Secret containing the client certificate authority keypair. It is used to establish trust and issue client certificates.One of:- Secret containing both the 'ca.crt' and 'ca.key' keys. This allows you to bring your own CA to Kubernetes to issue certificates.- Secret containing only the 'ca.crt' in order to establish trust. In this case, either clientCertSecretRef or clientCertIssuerRef fields must be provided.If not provided, a self-signed CA will be provisioned to issue the client certificate.

clientCertSecretRef LocalObjectReference

ClientCertSecretRef is a reference to a TLS Secret containing the client certificate.It is mutually exclusive with clientCertIssuerRef.

clientCertIssuerRef ObjectReference

ClientCertIssuerRef is a reference to a cert-manager issuer object used to issue the client certificate. cert-manager must be installed previously in the cluster.It is mutually exclusive with clientCertSecretRef.By default, the Secret field 'ca.crt' provisioned by cert-manager will be added to the trust chain. A custom trust bundle may be specified via clientCASecretRef.

clientCertConfig TLSConfig

ClientCertConfig allows configuring the client certificates, either issued by the operator or cert-manager.If not set, the default settings will be used.

galeraSSTEnabled boolean

GaleraSSTEnabled determines whether Galera SST connections should use TLS.It disabled by default.

galeraServerSSLMode string

GaleraServerSSLMode defines the server SSL mode for a Galera Enterprise cluster.This field is only supported and applicable for Galera Enterprise >= 10.6 instances.Refer to the MariaDB Enterprise docs for more detail: #WSREP_TLS_Modes

Enum: [PROVIDER SERVER SERVER_X509]

galeraClientSSLMode string

GaleraClientSSLMode defines the client SSL mode for a Galera Enterprise cluster.This field is only supported and applicable for Galera Enterprise >= 10.6 instances.Refer to the MariaDB Enterprise docs for more detail: #SST_TLS_Modes

Enum: [DISABLED REQUIRED VERIFY_CA VERIFY_IDENTITY]

TLSConfig

TLSConfig defines parameters to configure a certificate.

Appears in:

Field
Description
Default
Validation

caLifetime Duration

CALifetime defines the CA certificate validity.

certLifetime Duration

CertLifetime defines the certificate validity.

privateKeyAlgorithm string

PrivateKeyAlgorithm is the algorithm to be used for the CA and leaf certificate private keys.One of: ECDSA or RSA

Enum: [ECDSA RSA]

privateKeySize integer

PrivateKeyAlgorithm is the key size to be used for the CA and leaf certificate private keys.Supported values: ECDSA(256, 384, 521), RSA(2048, 3072, 4096)

TLSRequirements

TLSRequirements specifies TLS requirements for the user to connect. See: Requiring TLS.

Appears in:

Field
Description
Default
Validation

ssl boolean

SSL indicates that the user must connect via TLS.

x509 boolean

X509 indicates that the user must provide a valid x509 certificate to connect.

issuer string

Issuer indicates that the TLS certificate provided by the user must be issued by a specific issuer.

subject string

Subject indicates that the TLS certificate provided by the user must have a specific subject.

TLSS3

Appears in:

Field
Description
Default
Validation

enabled boolean

Enabled is a flag to enable TLS.

caSecretKeyRef SecretKeySelector

CASecretKeyRef is a reference to a Secret key containing a CA bundle in PEM format used to establish TLS connections with S3.By default, the system trust chain will be used, but you can use this field to add more CAs to the bundle.

TopologySpreadConstraint

Refer to the Kubernetes docs: #topologyspreadconstraint-v1-core.

Appears in:

Field
Description
Default
Validation

maxSkew integer

topologyKey string

labelSelector LabelSelector

minDomains integer

nodeAffinityPolicy NodeInclusionPolicy

nodeTaintsPolicy NodeInclusionPolicy

matchLabelKeys string array

UpdateStrategy

UpdateStrategy defines how a MariaDB resource is updated.

Appears in:

Field
Description
Default
Validation

Type defines the type of updates. One of ReplicasFirstPrimaryLast, RollingUpdate or OnDelete. If not defined, it defaults to ReplicasFirstPrimaryLast.

ReplicasFirstPrimaryLast

Enum: [ReplicasFirstPrimaryLast RollingUpdate OnDelete Never]

RollingUpdate defines parameters for the RollingUpdate type.

autoUpdateDataPlane boolean

AutoUpdateDataPlane indicates whether the Galera data-plane version (agent and init containers) should be automatically updated based on the operator version. It defaults to false.Updating the operator will trigger updates on all the MariaDB instances that have this flag set to true. Thus, it is recommended to progressively set this flag after having updated the operator.

UpdateType

Underlying type: string

UpdateType defines the type of update for a MariaDB resource.

Appears in:

Field
Description

ReplicasFirstPrimaryLast

ReplicasFirstPrimaryLastUpdateType indicates that the update will be applied to all replica Pods first and later on to the primary Pod.The updates are applied one by one waiting until each Pod passes the readiness probei.e. the Pod gets synced and it is ready to receive traffic.

RollingUpdate

RollingUpdateUpdateType indicates that the update will be applied by the StatefulSet controller using the RollingUpdate strategy.This strategy is unaware of the roles that the Pod have (primary or replica) and it willperform the update following the StatefulSet ordinal, from higher to lower.

OnDelete

OnDeleteUpdateType indicates that the update will be applied by the StatefulSet controller using the OnDelete strategy.The update will be done when the Pods get manually deleted by the user.

Never

NeverUpdateType indicates that the StatefulSet will never be updated.This can be used to roll out updates progressively to a fleet of instances.

User

User is the Schema for the users API. It is used to define grants as if you were running a 'CREATE USER' statement.

Field
Description
Default
Validation

apiVersion string

enterprise.mariadb.com/v1alpha1

kind string

User

metadata ObjectMeta

Refer to Kubernetes API documentation for fields of metadata.

UserSpec

UserSpec defines the desired state of User

Appears in:

Field
Description
Default
Validation

requeueInterval Duration

RequeueInterval is used to perform requeue reconciliations.

retryInterval Duration

RetryInterval is the interval used to perform retries.

cleanupPolicy CleanupPolicy

CleanupPolicy defines the behavior for cleaning up a SQL resource.

Enum: [Skip Delete]

mariaDbRef MariaDBRef

MariaDBRef is a reference to a MariaDB object.

Required: {}

passwordSecretKeyRef SecretKeySelector

PasswordSecretKeyRef is a reference to the password to be used by the User.If not provided, the account will be locked and the password will expire.If the referred Secret is labeled with "enterprise.mariadb.com/watch", updates may be performed to the Secret in order to update the password.

passwordHashSecretKeyRef SecretKeySelector

PasswordHashSecretKeyRef is a reference to the password hash to be used by the User.If the referred Secret is labeled with "enterprise.mariadb.com/watch", updates may be performed to the Secret in order to update the password hash.It requires the 'skip-strict-password-validation' option to be set. See:.

passwordPlugin PasswordPlugin

PasswordPlugin is a reference to the password plugin and arguments to be used by the User.It requires the 'skip-strict-password-validation' option to be set. See:.

Require specifies TLS requirements for the user to connect. See: Requiring TLS.

maxUserConnections integer

MaxUserConnections defines the maximum number of simultaneous connections that the User can establish.

10

name string

Name overrides the default name provided by metadata.name.

MaxLength: 80

host string

Host related to the User.

MaxLength: 255

Volume

Refer to the Kubernetes docs: #volume-v1-core.

Appears in:

Field
Description
Default
Validation

VolumeClaimTemplate

VolumeClaimTemplate defines a template to customize PVC objects.

Appears in:

Field
Description
Default
Validation

accessModes PersistentVolumeAccessMode array

selector LabelSelector

storageClassName string

metadata Metadata

Refer to Kubernetes API documentation for fields of metadata.

VolumeMount

Refer to the Kubernetes docs: #volumemount-v1-core.

Appears in:

Field
Description
Default
Validation

name string

This must match the Name of a Volume.

readOnly boolean

mountPath string

subPath string

VolumeSource

Refer to the Kubernetes docs: #volume-v1-core.

Appears in:

Field
Description
Default
Validation

WeightedPodAffinityTerm

Refer to the Kubernetes docs: #weightedpodaffinityterm-v1-core.

Appears in:

Field
Description
Default
Validation

weight integer

podAffinityTerm PodAffinityTerm

This page is: Copyright © 2025 MariaDB. All rights reserved.

Last updated

Was this helpful?