@@ -20,7 +20,7 @@ couchbaseOperator:
2020 # -- Image specifies repository and tag of the Couchbase Operator container.
2121 image :
2222 repository : couchbase/operator
23- tag : 2.4.2
23+ tag : 2.5.0
2424 # -- The policy for pulling images from the repository onto hosts.
2525 # The imagePullPolicy value defaults to IfNotPresent, which means
2626 # that images are only pulled if they’re not present on the Kubernetes node.
@@ -53,7 +53,7 @@ admissionController:
5353 # -- Image specifies repository and tag of the Couchbase Admission container.
5454 image :
5555 repository : couchbase/admission-controller
56- tag : 2.4.2
56+ tag : 2.5.0
5757 # -- The policy for pulling images from the repository onto hosts.
5858 # The imagePullPolicy value defaults to IfNotPresent, which means
5959 # that images are only pulled if they’re not present on the Kubernetes node.
@@ -311,8 +311,6 @@ scopes: {}
311311# # contain only [a-zA-Z0-9_-%] and not start with either _ or %.
312312# name:
313313
314-
315-
316314# -- Uncomment to create a "couchbasegroups" resource
317315groups : {}
318316# default:
@@ -739,7 +737,7 @@ cluster:
739737 useVirtualPath : false
740738 # -- The Service Account to run backup (and restore) pods under. Without
741739 # this backup pods will not be able to update status.
742- serviceAccountName :
740+ serviceAccountName : couchbase-backup
743741 # -- Deprecated: by CouchbaseBackup.spec.objectStore.useIAM UseIAMRole
744742 # enables backup to fetch EC2 instance metadata. This allows the AWS SDK to
745743 # use the EC2's IAM Role for S3 access. UseIAMRole will ignore credentials
@@ -817,8 +815,8 @@ cluster:
817815 percent : 30
818816 # -- AutoFailoverMaxCount is the maximum number of automatic failovers
819817 # Couchbase server will allow before not allowing any more. This field must
820- # be between 1-3 for server versions prior to 7.1.0 default is 3 .
821- autoFailoverMaxCount : 3
818+ # be between 1-3 for server versions prior to 7.1.0 default is 1 .
819+ autoFailoverMaxCount : 1
822820 # -- AutoFailoverOnDataDiskIssues defines whether Couchbase server should
823821 # failover a pod if a disk issue was detected.
824822 autoFailoverOnDataDiskIssues : false
@@ -947,7 +945,7 @@ cluster:
947945 envImagePrecedence : false
948946 # -- Hibernate is whether to hibernate the cluster.
949947 hibernate : false
950- image : couchbase/server:7.1.3
948+ image : couchbase/server:7.2.0
951949 # -- Logging defines Operator logging options.
952950 logging :
953951 # -- Used to manage the audit configuration directly
@@ -1095,40 +1093,62 @@ cluster:
10951093 adminSecret : ' '
10961094 # -- Cluster administrator pasword, auto-generated when empty
10971095 password : ' '
1096+ # -- PodSecurityContext allows the configuration of the security context for
1097+ # all Couchbase server pods. When using persistent volumes you may need to
1098+ # set the fsGroup field in order to write to the volume. For non-root
1099+ # clusters you must also set runAsUser to 1000, corresponding to the
1100+ # Couchbase user in official container images. More info:
1101+ # https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
1102+ podSecurityContext :
1103+ fsGroup : 1000
1104+ # -- Indicates that the container must run as a non-root user. If true,
1105+ # the Kubelet will validate the image at runtime to ensure that it does
1106+ # not run as UID 0 (root) and fail to start the container if it does. If
1107+ # unset or false, no such validation will be performed. May also be set in
1108+ # SecurityContext. If set in both SecurityContext and PodSecurityContext,
1109+ # the value specified in SecurityContext takes precedence.
1110+ runAsNonRoot : true
1111+ runAsUser : 1000
1112+ # -- The Windows specific settings applied to all containers. If
1113+ # unspecified, the options within a container's SecurityContext will be
1114+ # used. If set in both SecurityContext and PodSecurityContext, the value
1115+ # specified in SecurityContext takes precedence. Note that this field
1116+ # cannot be set when spec.os.name is linux.
1117+ windowsOptions :
1118+ # HostProcess determines if a container should be run as a 'Host
1119+ # Process' container. This field is alpha-level and will only be honored
1120+ # by components that enable the WindowsHostProcessContainers feature
1121+ # flag. Setting this field without the feature flag will result in
1122+ # errors when validating the Pod. All of a Pod's containers must have
1123+ # the same effective HostProcess value (it is not allowed to have a mix
1124+ # of HostProcess containers and non-HostProcess containers). In
1125+ # addition, if HostProcess is true then HostNetwork must also be set to
1126+ # true.
1127+ hostProcess : false
10981128 # -- RBAC is the options provided for enabling and selecting RBAC User
10991129 # resources to manage.
11001130 rbac :
11011131 # -- Managed defines whether RBAC is managed by us or the clients.
11021132 managed : true
1133+ # -- SecurityContext defines the security options the container should be
1134+ # run with. If set, the fields of SecurityContext override the equivalent
1135+ # fields of PodSecurityContext. Use securityContext.allowPrivilegeEscalation
1136+ # field to grant more privileges than its parent process. More info:
1137+ # https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
1138+ securityContext :
1139+ # -- AllowPrivilegeEscalation controls whether a process can gain more
1140+ # privileges than its parent process. This bool directly controls if the
1141+ # no_new_privs flag will be set on the container process.
1142+ # AllowPrivilegeEscalation is true always when the container is: 1) run as
1143+ # Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when
1144+ # spec.os.name is windows.
1145+ allowPrivilegeEscalation : false
11031146 # -- UISessionTimeout sets how long, in minutes, before a user is declared
11041147 # inactive and signed out from the Couchbase Server UI. 0 represents no time
11051148 # out.
11061149 uiSessionTimeout : 0
11071150 # -- Cluster administrator username
11081151 username : Administrator
1109- # -- SecurityContext allows the configuration of the security context for all
1110- # Couchbase server pods. When using persistent volumes you may need to set
1111- # the fsGroup field in order to write to the volume. For non-root clusters
1112- # you must also set runAsUser to 1000, corresponding to the Couchbase user in
1113- # official container images. More info:
1114- # https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
1115- securityContext :
1116- fsGroup : 1000
1117- # -- Indicates that the container must run as a non-root user. If true, the
1118- # Kubelet will validate the image at runtime to ensure that it does not run
1119- # as UID 0 (root) and fail to start the container if it does. If unset or
1120- # false, no such validation will be performed. May also be set in
1121- # SecurityContext. If set in both SecurityContext and PodSecurityContext,
1122- # the value specified in SecurityContext takes precedence.
1123- runAsNonRoot : true
1124- runAsUser : 1000
1125- sysctls : []
1126- # -- The Windows specific settings applied to all containers. If
1127- # unspecified, the options within a container's SecurityContext will be
1128- # used. If set in both SecurityContext and PodSecurityContext, the value
1129- # specified in SecurityContext takes precedence. Note that this field cannot
1130- # be set when spec.os.name is linux.
1131- windowsOptions : {}
11321152 # -- Servers defines server classes for the Operator to provision and manage.
11331153 # A server class defines what services are running and how many members make
11341154 # up that class. Specifying multiple server classes allows the Operator to
0 commit comments