From dd3d025acf960f8ee43ddd90527ea71bdab1a295 Mon Sep 17 00:00:00 2001
From: byashimov <byashimov@users.noreply.github.com>
Date: Thu, 7 Dec 2023 10:45:41 +0000
Subject: [PATCH] deploy: e8a29914337b50f848057837fd0ef4e1c1b6d3fe

---
 api-reference/cassandra.html    |   1 +
 api-reference/clickhouse.html   |   1 +
 api-reference/grafana.html      |   1 +
 api-reference/kafka.html        |   2 +
 api-reference/kafkaconnect.html |   1 +
 api-reference/mysql.html        |   1 +
 api-reference/opensearch.html   |   1 +
 api-reference/postgresql.html   |  39 +++++++++++++--
 api-reference/redis.html        |   1 +
 changelog.html                  |  49 ++++++++++++++++++
 search/search_index.js          |   2 +-
 search/search_index.json        |   2 +-
 sitemap.xml                     |  86 ++++++++++++++++----------------
 sitemap.xml.gz                  | Bin 538 -> 539 bytes
 14 files changed, 138 insertions(+), 49 deletions(-)

diff --git a/api-reference/cassandra.html b/api-reference/cassandra.html
index 917d21d6..3e90dbfa 100644
--- a/api-reference/cassandra.html
+++ b/api-reference/cassandra.html
@@ -1938,6 +1938,7 @@ <h2 id="spec.userConfig">userConfig<a class="headerlink" href="#spec.userConfig"
 <li><a href="#spec.userConfig.private_access-property" name="spec.userConfig.private_access-property"><code>private_access</code></a> (object). Allow access to selected service ports from private networks. See below for <a href="#spec.userConfig.private_access">nested schema</a>.</li>
 <li><a href="#spec.userConfig.project_to_fork_from-property" name="spec.userConfig.project_to_fork_from-property"><code>project_to_fork_from</code></a> (string, Immutable, MaxLength: 63). Name of another project to fork a service from. This has effect only when a new service is being created.</li>
 <li><a href="#spec.userConfig.public_access-property" name="spec.userConfig.public_access-property"><code>public_access</code></a> (object). Allow access to selected service ports from the public Internet. See below for <a href="#spec.userConfig.public_access">nested schema</a>.</li>
+<li><a href="#spec.userConfig.service_log-property" name="spec.userConfig.service_log-property"><code>service_log</code></a> (boolean). Store logs for the service so that they are available in the HTTP API and console.</li>
 <li><a href="#spec.userConfig.service_to_fork_from-property" name="spec.userConfig.service_to_fork_from-property"><code>service_to_fork_from</code></a> (string, Immutable, MaxLength: 64). Name of another service to fork from. This has effect only when a new service is being created.</li>
 <li><a href="#spec.userConfig.service_to_join_with-property" name="spec.userConfig.service_to_join_with-property"><code>service_to_join_with</code></a> (string, MaxLength: 64). When bootstrapping, instead of creating a new Cassandra cluster try to join an existing one from another service. Can only be set on service creation.</li>
 <li><a href="#spec.userConfig.static_ips-property" name="spec.userConfig.static_ips-property"><code>static_ips</code></a> (boolean). Use static public IP addresses.</li>
diff --git a/api-reference/clickhouse.html b/api-reference/clickhouse.html
index 128ebf13..fc1dc023 100644
--- a/api-reference/clickhouse.html
+++ b/api-reference/clickhouse.html
@@ -1925,6 +1925,7 @@ <h2 id="spec.userConfig">userConfig<a class="headerlink" href="#spec.userConfig"
 <li><a href="#spec.userConfig.privatelink_access-property" name="spec.userConfig.privatelink_access-property"><code>privatelink_access</code></a> (object). Allow access to selected service components through Privatelink. See below for <a href="#spec.userConfig.privatelink_access">nested schema</a>.</li>
 <li><a href="#spec.userConfig.project_to_fork_from-property" name="spec.userConfig.project_to_fork_from-property"><code>project_to_fork_from</code></a> (string, Immutable, MaxLength: 63). Name of another project to fork a service from. This has effect only when a new service is being created.</li>
 <li><a href="#spec.userConfig.public_access-property" name="spec.userConfig.public_access-property"><code>public_access</code></a> (object). Allow access to selected service ports from the public Internet. See below for <a href="#spec.userConfig.public_access">nested schema</a>.</li>
+<li><a href="#spec.userConfig.service_log-property" name="spec.userConfig.service_log-property"><code>service_log</code></a> (boolean). Store logs for the service so that they are available in the HTTP API and console.</li>
 <li><a href="#spec.userConfig.service_to_fork_from-property" name="spec.userConfig.service_to_fork_from-property"><code>service_to_fork_from</code></a> (string, Immutable, MaxLength: 64). Name of another service to fork from. This has effect only when a new service is being created.</li>
 <li><a href="#spec.userConfig.static_ips-property" name="spec.userConfig.static_ips-property"><code>static_ips</code></a> (boolean). Use static public IP addresses.</li>
 </ul>
diff --git a/api-reference/grafana.html b/api-reference/grafana.html
index 4c70e0ad..8fea2d16 100644
--- a/api-reference/grafana.html
+++ b/api-reference/grafana.html
@@ -2103,6 +2103,7 @@ <h2 id="spec.userConfig">userConfig<a class="headerlink" href="#spec.userConfig"
 <li><a href="#spec.userConfig.project_to_fork_from-property" name="spec.userConfig.project_to_fork_from-property"><code>project_to_fork_from</code></a> (string, Immutable, MaxLength: 63). Name of another project to fork a service from. This has effect only when a new service is being created.</li>
 <li><a href="#spec.userConfig.public_access-property" name="spec.userConfig.public_access-property"><code>public_access</code></a> (object). Allow access to selected service ports from the public Internet. See below for <a href="#spec.userConfig.public_access">nested schema</a>.</li>
 <li><a href="#spec.userConfig.recovery_basebackup_name-property" name="spec.userConfig.recovery_basebackup_name-property"><code>recovery_basebackup_name</code></a> (string, Pattern: <code>^[a-zA-Z0-9-_:.]+$</code>, MaxLength: 128). Name of the basebackup to restore in forked service.</li>
+<li><a href="#spec.userConfig.service_log-property" name="spec.userConfig.service_log-property"><code>service_log</code></a> (boolean). Store logs for the service so that they are available in the HTTP API and console.</li>
 <li><a href="#spec.userConfig.service_to_fork_from-property" name="spec.userConfig.service_to_fork_from-property"><code>service_to_fork_from</code></a> (string, Immutable, MaxLength: 64). Name of another service to fork from. This has effect only when a new service is being created.</li>
 <li><a href="#spec.userConfig.smtp_server-property" name="spec.userConfig.smtp_server-property"><code>smtp_server</code></a> (object). SMTP server settings. See below for <a href="#spec.userConfig.smtp_server">nested schema</a>.</li>
 <li><a href="#spec.userConfig.static_ips-property" name="spec.userConfig.static_ips-property"><code>static_ips</code></a> (boolean). Use static public IP addresses.</li>
diff --git a/api-reference/kafka.html b/api-reference/kafka.html
index 6785b8c1..8d35907a 100644
--- a/api-reference/kafka.html
+++ b/api-reference/kafka.html
@@ -2075,6 +2075,7 @@ <h2 id="spec.userConfig">userConfig<a class="headerlink" href="#spec.userConfig"
 <li><a href="#spec.userConfig.public_access-property" name="spec.userConfig.public_access-property"><code>public_access</code></a> (object). Allow access to selected service ports from the public Internet. See below for <a href="#spec.userConfig.public_access">nested schema</a>.</li>
 <li><a href="#spec.userConfig.schema_registry-property" name="spec.userConfig.schema_registry-property"><code>schema_registry</code></a> (boolean). Enable Schema-Registry service.</li>
 <li><a href="#spec.userConfig.schema_registry_config-property" name="spec.userConfig.schema_registry_config-property"><code>schema_registry_config</code></a> (object). Schema Registry configuration. See below for <a href="#spec.userConfig.schema_registry_config">nested schema</a>.</li>
+<li><a href="#spec.userConfig.service_log-property" name="spec.userConfig.service_log-property"><code>service_log</code></a> (boolean). Store logs for the service so that they are available in the HTTP API and console.</li>
 <li><a href="#spec.userConfig.static_ips-property" name="spec.userConfig.static_ips-property"><code>static_ips</code></a> (boolean). Use static public IP addresses.</li>
 <li><a href="#spec.userConfig.tiered_storage-property" name="spec.userConfig.tiered_storage-property"><code>tiered_storage</code></a> (object). Tiered storage configuration. See below for <a href="#spec.userConfig.tiered_storage">nested schema</a>.</li>
 </ul>
@@ -2179,6 +2180,7 @@ <h3 id="spec.userConfig.kafka_rest_config">kafka_rest_config<a class="headerlink
 <li><a href="#spec.userConfig.kafka_rest_config.consumer_enable_auto_commit-property" name="spec.userConfig.kafka_rest_config.consumer_enable_auto_commit-property"><code>consumer_enable_auto_commit</code></a> (boolean). If true the consumer's offset will be periodically committed to Kafka in the background.</li>
 <li><a href="#spec.userConfig.kafka_rest_config.consumer_request_max_bytes-property" name="spec.userConfig.kafka_rest_config.consumer_request_max_bytes-property"><code>consumer_request_max_bytes</code></a> (integer, Minimum: 0, Maximum: 671088640). Maximum number of bytes in unencoded message keys and values by a single request.</li>
 <li><a href="#spec.userConfig.kafka_rest_config.consumer_request_timeout_ms-property" name="spec.userConfig.kafka_rest_config.consumer_request_timeout_ms-property"><code>consumer_request_timeout_ms</code></a> (integer, Enum: <code>1000</code>, <code>15000</code>, <code>30000</code>, Minimum: 1000, Maximum: 30000). The maximum total time to wait for messages for a request if the maximum number of messages has not yet been reached.</li>
+<li><a href="#spec.userConfig.kafka_rest_config.name_strategy_validation-property" name="spec.userConfig.kafka_rest_config.name_strategy_validation-property"><code>name_strategy_validation</code></a> (boolean). If true, validate that given schema is registered under expected subject name by the used name strategy when producing messages.</li>
 <li><a href="#spec.userConfig.kafka_rest_config.producer_acks-property" name="spec.userConfig.kafka_rest_config.producer_acks-property"><code>producer_acks</code></a> (string, Enum: <code>all</code>, <code>-1</code>, <code>0</code>, <code>1</code>). The number of acknowledgments the producer requires the leader to have received before considering a request complete. If set to <code>all</code> or <code>-1</code>, the leader will wait for the full set of in-sync replicas to acknowledge the record.</li>
 <li><a href="#spec.userConfig.kafka_rest_config.producer_compression_type-property" name="spec.userConfig.kafka_rest_config.producer_compression_type-property"><code>producer_compression_type</code></a> (string, Enum: <code>gzip</code>, <code>snappy</code>, <code>lz4</code>, <code>zstd</code>, <code>none</code>). Specify the default compression type for producers. This configuration accepts the standard compression codecs (<code>gzip</code>, <code>snappy</code>, <code>lz4</code>, <code>zstd</code>). It additionally accepts <code>none</code> which is the default and equivalent to no compression.</li>
 <li><a href="#spec.userConfig.kafka_rest_config.producer_linger_ms-property" name="spec.userConfig.kafka_rest_config.producer_linger_ms-property"><code>producer_linger_ms</code></a> (integer, Minimum: 0, Maximum: 5000). Wait for up to the given delay to allow batching records together.</li>
diff --git a/api-reference/kafkaconnect.html b/api-reference/kafkaconnect.html
index 1c32a953..3d980f1a 100644
--- a/api-reference/kafkaconnect.html
+++ b/api-reference/kafkaconnect.html
@@ -1905,6 +1905,7 @@ <h2 id="spec.userConfig">userConfig<a class="headerlink" href="#spec.userConfig"
 <li><a href="#spec.userConfig.private_access-property" name="spec.userConfig.private_access-property"><code>private_access</code></a> (object). Allow access to selected service ports from private networks. See below for <a href="#spec.userConfig.private_access">nested schema</a>.</li>
 <li><a href="#spec.userConfig.privatelink_access-property" name="spec.userConfig.privatelink_access-property"><code>privatelink_access</code></a> (object). Allow access to selected service components through Privatelink. See below for <a href="#spec.userConfig.privatelink_access">nested schema</a>.</li>
 <li><a href="#spec.userConfig.public_access-property" name="spec.userConfig.public_access-property"><code>public_access</code></a> (object). Allow access to selected service ports from the public Internet. See below for <a href="#spec.userConfig.public_access">nested schema</a>.</li>
+<li><a href="#spec.userConfig.service_log-property" name="spec.userConfig.service_log-property"><code>service_log</code></a> (boolean). Store logs for the service so that they are available in the HTTP API and console.</li>
 <li><a href="#spec.userConfig.static_ips-property" name="spec.userConfig.static_ips-property"><code>static_ips</code></a> (boolean). Use static public IP addresses.</li>
 </ul>
 <h3 id="spec.userConfig.ip_filter">ip_filter<a class="headerlink" href="#spec.userConfig.ip_filter" title="Permanent link">&para;</a></h3>
diff --git a/api-reference/mysql.html b/api-reference/mysql.html
index 28c7c457..283f00fe 100644
--- a/api-reference/mysql.html
+++ b/api-reference/mysql.html
@@ -1978,6 +1978,7 @@ <h2 id="spec.userConfig">userConfig<a class="headerlink" href="#spec.userConfig"
 <li><a href="#spec.userConfig.project_to_fork_from-property" name="spec.userConfig.project_to_fork_from-property"><code>project_to_fork_from</code></a> (string, Immutable, MaxLength: 63). Name of another project to fork a service from. This has effect only when a new service is being created.</li>
 <li><a href="#spec.userConfig.public_access-property" name="spec.userConfig.public_access-property"><code>public_access</code></a> (object). Allow access to selected service ports from the public Internet. See below for <a href="#spec.userConfig.public_access">nested schema</a>.</li>
 <li><a href="#spec.userConfig.recovery_target_time-property" name="spec.userConfig.recovery_target_time-property"><code>recovery_target_time</code></a> (string, Immutable, MaxLength: 32). Recovery target time when forking a service. This has effect only when a new service is being created.</li>
+<li><a href="#spec.userConfig.service_log-property" name="spec.userConfig.service_log-property"><code>service_log</code></a> (boolean). Store logs for the service so that they are available in the HTTP API and console.</li>
 <li><a href="#spec.userConfig.service_to_fork_from-property" name="spec.userConfig.service_to_fork_from-property"><code>service_to_fork_from</code></a> (string, Immutable, MaxLength: 64). Name of another service to fork from. This has effect only when a new service is being created.</li>
 <li><a href="#spec.userConfig.static_ips-property" name="spec.userConfig.static_ips-property"><code>static_ips</code></a> (boolean). Use static public IP addresses.</li>
 </ul>
diff --git a/api-reference/opensearch.html b/api-reference/opensearch.html
index a4c169bb..4273dafe 100644
--- a/api-reference/opensearch.html
+++ b/api-reference/opensearch.html
@@ -2124,6 +2124,7 @@ <h2 id="spec.userConfig">userConfig<a class="headerlink" href="#spec.userConfig"
 <li><a href="#spec.userConfig.public_access-property" name="spec.userConfig.public_access-property"><code>public_access</code></a> (object). Allow access to selected service ports from the public Internet. See below for <a href="#spec.userConfig.public_access">nested schema</a>.</li>
 <li><a href="#spec.userConfig.recovery_basebackup_name-property" name="spec.userConfig.recovery_basebackup_name-property"><code>recovery_basebackup_name</code></a> (string, Pattern: <code>^[a-zA-Z0-9-_:.]+$</code>, MaxLength: 128). Name of the basebackup to restore in forked service.</li>
 <li><a href="#spec.userConfig.saml-property" name="spec.userConfig.saml-property"><code>saml</code></a> (object). OpenSearch SAML configuration. See below for <a href="#spec.userConfig.saml">nested schema</a>.</li>
+<li><a href="#spec.userConfig.service_log-property" name="spec.userConfig.service_log-property"><code>service_log</code></a> (boolean). Store logs for the service so that they are available in the HTTP API and console.</li>
 <li><a href="#spec.userConfig.service_to_fork_from-property" name="spec.userConfig.service_to_fork_from-property"><code>service_to_fork_from</code></a> (string, Immutable, MaxLength: 64). Name of another service to fork from. This has effect only when a new service is being created.</li>
 <li><a href="#spec.userConfig.static_ips-property" name="spec.userConfig.static_ips-property"><code>static_ips</code></a> (boolean). Use static public IP addresses.</li>
 </ul>
diff --git a/api-reference/postgresql.html b/api-reference/postgresql.html
index bb1b8955..e6c50dcb 100644
--- a/api-reference/postgresql.html
+++ b/api-reference/postgresql.html
@@ -1514,6 +1514,15 @@
     </span>
   </a>
   
+</li>
+        
+          <li class="md-nav__item">
+  <a href="#spec.userConfig.pg_qualstats" class="md-nav__link">
+    <span class="md-ellipsis">
+      pg_qualstats
+    </span>
+  </a>
+  
 </li>
         
           <li class="md-nav__item">
@@ -1818,6 +1827,15 @@
     </span>
   </a>
   
+</li>
+        
+          <li class="md-nav__item">
+  <a href="#spec.userConfig.pg_qualstats" class="md-nav__link">
+    <span class="md-ellipsis">
+      pg_qualstats
+    </span>
+  </a>
+  
 </li>
         
           <li class="md-nav__item">
@@ -2021,22 +2039,24 @@ <h2 id="spec.userConfig">userConfig<a class="headerlink" href="#spec.userConfig"
 <li><a href="#spec.userConfig.ip_filter-property" name="spec.userConfig.ip_filter-property"><code>ip_filter</code></a> (array of objects, MaxItems: 1024). Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>. See below for <a href="#spec.userConfig.ip_filter">nested schema</a>.</li>
 <li><a href="#spec.userConfig.migration-property" name="spec.userConfig.migration-property"><code>migration</code></a> (object). Migrate data from existing server. See below for <a href="#spec.userConfig.migration">nested schema</a>.</li>
 <li><a href="#spec.userConfig.pg-property" name="spec.userConfig.pg-property"><code>pg</code></a> (object). postgresql.conf configuration values. See below for <a href="#spec.userConfig.pg">nested schema</a>.</li>
+<li><a href="#spec.userConfig.pg_qualstats-property" name="spec.userConfig.pg_qualstats-property"><code>pg_qualstats</code></a> (object). System-wide settings for the pg_qualstats extension. See below for <a href="#spec.userConfig.pg_qualstats">nested schema</a>.</li>
 <li><a href="#spec.userConfig.pg_read_replica-property" name="spec.userConfig.pg_read_replica-property"><code>pg_read_replica</code></a> (boolean). Should the service which is being forked be a read replica (deprecated, use read_replica service integration instead).</li>
 <li><a href="#spec.userConfig.pg_service_to_fork_from-property" name="spec.userConfig.pg_service_to_fork_from-property"><code>pg_service_to_fork_from</code></a> (string, Immutable, MaxLength: 64). Name of the PG Service from which to fork (deprecated, use service_to_fork_from). This has effect only when a new service is being created.</li>
 <li><a href="#spec.userConfig.pg_stat_monitor_enable-property" name="spec.userConfig.pg_stat_monitor_enable-property"><code>pg_stat_monitor_enable</code></a> (boolean). Enable the pg_stat_monitor extension. Enabling this extension will cause the cluster to be restarted.When this extension is enabled, pg_stat_statements results for utility commands are unreliable.</li>
 <li><a href="#spec.userConfig.pg_version-property" name="spec.userConfig.pg_version-property"><code>pg_version</code></a> (string, Enum: <code>11</code>, <code>12</code>, <code>13</code>, <code>14</code>, <code>15</code>). PostgreSQL major version.</li>
 <li><a href="#spec.userConfig.pgbouncer-property" name="spec.userConfig.pgbouncer-property"><code>pgbouncer</code></a> (object). PGBouncer connection pooling settings. See below for <a href="#spec.userConfig.pgbouncer">nested schema</a>.</li>
-<li><a href="#spec.userConfig.pglookout-property" name="spec.userConfig.pglookout-property"><code>pglookout</code></a> (object). PGLookout settings. See below for <a href="#spec.userConfig.pglookout">nested schema</a>.</li>
+<li><a href="#spec.userConfig.pglookout-property" name="spec.userConfig.pglookout-property"><code>pglookout</code></a> (object). System-wide settings for pglookout. See below for <a href="#spec.userConfig.pglookout">nested schema</a>.</li>
 <li><a href="#spec.userConfig.private_access-property" name="spec.userConfig.private_access-property"><code>private_access</code></a> (object). Allow access to selected service ports from private networks. See below for <a href="#spec.userConfig.private_access">nested schema</a>.</li>
 <li><a href="#spec.userConfig.privatelink_access-property" name="spec.userConfig.privatelink_access-property"><code>privatelink_access</code></a> (object). Allow access to selected service components through Privatelink. See below for <a href="#spec.userConfig.privatelink_access">nested schema</a>.</li>
 <li><a href="#spec.userConfig.project_to_fork_from-property" name="spec.userConfig.project_to_fork_from-property"><code>project_to_fork_from</code></a> (string, Immutable, MaxLength: 63). Name of another project to fork a service from. This has effect only when a new service is being created.</li>
 <li><a href="#spec.userConfig.public_access-property" name="spec.userConfig.public_access-property"><code>public_access</code></a> (object). Allow access to selected service ports from the public Internet. See below for <a href="#spec.userConfig.public_access">nested schema</a>.</li>
 <li><a href="#spec.userConfig.recovery_target_time-property" name="spec.userConfig.recovery_target_time-property"><code>recovery_target_time</code></a> (string, Immutable, MaxLength: 32). Recovery target time when forking a service. This has effect only when a new service is being created.</li>
+<li><a href="#spec.userConfig.service_log-property" name="spec.userConfig.service_log-property"><code>service_log</code></a> (boolean). Store logs for the service so that they are available in the HTTP API and console.</li>
 <li><a href="#spec.userConfig.service_to_fork_from-property" name="spec.userConfig.service_to_fork_from-property"><code>service_to_fork_from</code></a> (string, Immutable, MaxLength: 64). Name of another service to fork from. This has effect only when a new service is being created.</li>
 <li><a href="#spec.userConfig.shared_buffers_percentage-property" name="spec.userConfig.shared_buffers_percentage-property"><code>shared_buffers_percentage</code></a> (number, Minimum: 20, Maximum: 60). Percentage of total RAM that the database server uses for shared memory buffers. Valid range is 20-60 (float), which corresponds to 20% - 60%. This setting adjusts the shared_buffers configuration value.</li>
 <li><a href="#spec.userConfig.static_ips-property" name="spec.userConfig.static_ips-property"><code>static_ips</code></a> (boolean). Use static public IP addresses.</li>
 <li><a href="#spec.userConfig.synchronous_replication-property" name="spec.userConfig.synchronous_replication-property"><code>synchronous_replication</code></a> (string, Enum: <code>quorum</code>, <code>off</code>). Synchronous replication type. Note that the service plan also needs to support synchronous replication.</li>
-<li><a href="#spec.userConfig.timescaledb-property" name="spec.userConfig.timescaledb-property"><code>timescaledb</code></a> (object). TimescaleDB extension configuration values. See below for <a href="#spec.userConfig.timescaledb">nested schema</a>.</li>
+<li><a href="#spec.userConfig.timescaledb-property" name="spec.userConfig.timescaledb-property"><code>timescaledb</code></a> (object). System-wide settings for the timescaledb extension. See below for <a href="#spec.userConfig.timescaledb">nested schema</a>.</li>
 <li><a href="#spec.userConfig.variant-property" name="spec.userConfig.variant-property"><code>variant</code></a> (string, Enum: <code>aiven</code>, <code>timescale</code>). Variant of the PostgreSQL service, may affect the features that are exposed by default.</li>
 <li><a href="#spec.userConfig.work_mem-property" name="spec.userConfig.work_mem-property"><code>work_mem</code></a> (integer, Minimum: 1, Maximum: 1024). Sets the maximum amount of memory to be used by a query operation (such as a sort or hash table) before writing to temporary disk files, in MB. Default is 1MB + 0.075% of total RAM (up to 32MB).</li>
 </ul>
@@ -2123,6 +2143,17 @@ <h3 id="spec.userConfig.pg">pg<a class="headerlink" href="#spec.userConfig.pg" t
 <li><a href="#spec.userConfig.pg.wal_sender_timeout-property" name="spec.userConfig.pg.wal_sender_timeout-property"><code>wal_sender_timeout</code></a> (integer). Terminate replication connections that are inactive for longer than this amount of time, in milliseconds. Setting this value to zero disables the timeout.</li>
 <li><a href="#spec.userConfig.pg.wal_writer_delay-property" name="spec.userConfig.pg.wal_writer_delay-property"><code>wal_writer_delay</code></a> (integer, Minimum: 10, Maximum: 200). WAL flush interval in milliseconds. Note that setting this value to lower than the default 200ms may negatively impact performance.</li>
 </ul>
+<h3 id="spec.userConfig.pg_qualstats">pg_qualstats<a class="headerlink" href="#spec.userConfig.pg_qualstats" title="Permanent link">&para;</a></h3>
+<p><em>Appears on <a href="#spec.userConfig"><code>spec.userConfig</code></a>.</em></p>
+<p>System-wide settings for the pg_qualstats extension.</p>
+<p><strong>Optional</strong></p>
+<ul>
+<li><a href="#spec.userConfig.pg_qualstats.enabled-property" name="spec.userConfig.pg_qualstats.enabled-property"><code>enabled</code></a> (boolean). Enable / Disable pg_qualstats.</li>
+<li><a href="#spec.userConfig.pg_qualstats.min_err_estimate_num-property" name="spec.userConfig.pg_qualstats.min_err_estimate_num-property"><code>min_err_estimate_num</code></a> (integer, Minimum: 0). Error estimation num threshold to save quals.</li>
+<li><a href="#spec.userConfig.pg_qualstats.min_err_estimate_ratio-property" name="spec.userConfig.pg_qualstats.min_err_estimate_ratio-property"><code>min_err_estimate_ratio</code></a> (integer, Minimum: 0). Error estimation ratio threshold to save quals.</li>
+<li><a href="#spec.userConfig.pg_qualstats.track_constants-property" name="spec.userConfig.pg_qualstats.track_constants-property"><code>track_constants</code></a> (boolean). Enable / Disable pg_qualstats constants tracking.</li>
+<li><a href="#spec.userConfig.pg_qualstats.track_pg_catalog-property" name="spec.userConfig.pg_qualstats.track_pg_catalog-property"><code>track_pg_catalog</code></a> (boolean). Track quals on system catalogs too.</li>
+</ul>
 <h3 id="spec.userConfig.pgbouncer">pgbouncer<a class="headerlink" href="#spec.userConfig.pgbouncer" title="Permanent link">&para;</a></h3>
 <p><em>Appears on <a href="#spec.userConfig"><code>spec.userConfig</code></a>.</em></p>
 <p>PGBouncer connection pooling settings.</p>
@@ -2140,7 +2171,7 @@ <h3 id="spec.userConfig.pgbouncer">pgbouncer<a class="headerlink" href="#spec.us
 </ul>
 <h3 id="spec.userConfig.pglookout">pglookout<a class="headerlink" href="#spec.userConfig.pglookout" title="Permanent link">&para;</a></h3>
 <p><em>Appears on <a href="#spec.userConfig"><code>spec.userConfig</code></a>.</em></p>
-<p>PGLookout settings.</p>
+<p>System-wide settings for pglookout.</p>
 <p><strong>Required</strong></p>
 <ul>
 <li><a href="#spec.userConfig.pglookout.max_failover_replication_time_lag-property" name="spec.userConfig.pglookout.max_failover_replication_time_lag-property"><code>max_failover_replication_time_lag</code></a> (integer, Minimum: 10). Number of seconds of master unavailability before triggering database failover to standby.</li>
@@ -2174,7 +2205,7 @@ <h3 id="spec.userConfig.public_access">public_access<a class="headerlink" href="
 </ul>
 <h3 id="spec.userConfig.timescaledb">timescaledb<a class="headerlink" href="#spec.userConfig.timescaledb" title="Permanent link">&para;</a></h3>
 <p><em>Appears on <a href="#spec.userConfig"><code>spec.userConfig</code></a>.</em></p>
-<p>TimescaleDB extension configuration values.</p>
+<p>System-wide settings for the timescaledb extension.</p>
 <p><strong>Required</strong></p>
 <ul>
 <li><a href="#spec.userConfig.timescaledb.max_background_workers-property" name="spec.userConfig.timescaledb.max_background_workers-property"><code>max_background_workers</code></a> (integer, Minimum: 1, Maximum: 4096). The number of background workers for timescaledb operations. You should configure this setting to the sum of your number of databases and the total number of concurrent background workers you want running at any given point in time.</li>
diff --git a/api-reference/redis.html b/api-reference/redis.html
index 182c3ba7..00af2ae0 100644
--- a/api-reference/redis.html
+++ b/api-reference/redis.html
@@ -1959,6 +1959,7 @@ <h2 id="spec.userConfig">userConfig<a class="headerlink" href="#spec.userConfig"
 <li><a href="#spec.userConfig.redis_pubsub_client_output_buffer_limit-property" name="spec.userConfig.redis_pubsub_client_output_buffer_limit-property"><code>redis_pubsub_client_output_buffer_limit</code></a> (integer, Minimum: 32, Maximum: 512). Set output buffer limit for pub / sub clients in MB. The value is the hard limit, the soft limit is 1/4 of the hard limit. When setting the limit, be mindful of the available memory in the selected service plan.</li>
 <li><a href="#spec.userConfig.redis_ssl-property" name="spec.userConfig.redis_ssl-property"><code>redis_ssl</code></a> (boolean). Require SSL to access Redis.</li>
 <li><a href="#spec.userConfig.redis_timeout-property" name="spec.userConfig.redis_timeout-property"><code>redis_timeout</code></a> (integer, Minimum: 0, Maximum: 31536000). Redis idle connection timeout in seconds.</li>
+<li><a href="#spec.userConfig.service_log-property" name="spec.userConfig.service_log-property"><code>service_log</code></a> (boolean). Store logs for the service so that they are available in the HTTP API and console.</li>
 <li><a href="#spec.userConfig.service_to_fork_from-property" name="spec.userConfig.service_to_fork_from-property"><code>service_to_fork_from</code></a> (string, Immutable, MaxLength: 64). Name of another service to fork from. This has effect only when a new service is being created.</li>
 <li><a href="#spec.userConfig.static_ips-property" name="spec.userConfig.static_ips-property"><code>static_ips</code></a> (boolean). Use static public IP addresses.</li>
 </ul>
diff --git a/changelog.html b/changelog.html
index a6a81c99..cbe7bacf 100644
--- a/changelog.html
+++ b/changelog.html
@@ -426,6 +426,15 @@
     </label>
     <ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
       
+        <li class="md-nav__item">
+  <a href="#v0160-2023-12-07" class="md-nav__link">
+    <span class="md-ellipsis">
+      v0.16.0 - 2023-12-07
+    </span>
+  </a>
+  
+</li>
+      
         <li class="md-nav__item">
   <a href="#v0150-2023-11-17" class="md-nav__link">
     <span class="md-ellipsis">
@@ -1738,6 +1747,15 @@
     </label>
     <ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
       
+        <li class="md-nav__item">
+  <a href="#v0160-2023-12-07" class="md-nav__link">
+    <span class="md-ellipsis">
+      v0.16.0 - 2023-12-07
+    </span>
+  </a>
+  
+</li>
+      
         <li class="md-nav__item">
   <a href="#v0150-2023-11-17" class="md-nav__link">
     <span class="md-ellipsis">
@@ -1936,6 +1954,37 @@
 
 
 <h1 id="changelog">Changelog<a class="headerlink" href="#changelog" title="Permanent link">&para;</a></h1>
+<h2 id="v0160-2023-12-07">v0.16.0 - 2023-12-07<a class="headerlink" href="#v0160-2023-12-07" title="Permanent link">&para;</a></h2>
+<ul>
+<li>Set conditions on errors: <code>Preconditions</code>, <code>CreateOrUpdate</code>, <code>Delete</code>. Thanks to @atarax</li>
+<li>Fix object updates lost when reconciler exits before the object is committed  </li>
+<li>Add <code>Kafka</code> field <code>userConfig.kafka.transaction_partition_verification_enable</code>, type <code>boolean</code>: Enable
+  verification that checks that the partition has been added to the transaction before writing transactional
+  records to the partition</li>
+<li>Add <code>Cassandra</code> field <code>userConfig.service_log</code>, type <code>boolean</code>: Store logs for the service so that
+  they are available in the HTTP API and console</li>
+<li>Add <code>Clickhouse</code> field <code>userConfig.service_log</code>, type <code>boolean</code>: Store logs for the service so that
+  they are available in the HTTP API and console</li>
+<li>Add <code>Grafana</code> field <code>userConfig.service_log</code>, type <code>boolean</code>: Store logs for the service so that they
+  are available in the HTTP API and console</li>
+<li>Add <code>KafkaConnect</code> field <code>userConfig.service_log</code>, type <code>boolean</code>: Store logs for the service so that
+  they are available in the HTTP API and console</li>
+<li>Add <code>Kafka</code> field <code>userConfig.kafka_rest_config.name_strategy_validation</code>, type <code>boolean</code>: If true,
+  validate that given schema is registered under expected subject name by the used name strategy when
+  producing messages</li>
+<li>Add <code>Kafka</code> field <code>userConfig.service_log</code>, type <code>boolean</code>: Store logs for the service so that they
+  are available in the HTTP API and console</li>
+<li>Add <code>MySQL</code> field <code>userConfig.service_log</code>, type <code>boolean</code>: Store logs for the service so that they
+  are available in the HTTP API and console</li>
+<li>Add <code>OpenSearch</code> field <code>userConfig.service_log</code>, type <code>boolean</code>: Store logs for the service so that
+  they are available in the HTTP API and console</li>
+<li>Add <code>PostgreSQL</code> field <code>userConfig.pg_qualstats</code>, type <code>object</code>: System-wide settings for the pg_qualstats
+  extension</li>
+<li>Add <code>PostgreSQL</code> field <code>userConfig.service_log</code>, type <code>boolean</code>: Store logs for the service so that
+  they are available in the HTTP API and console</li>
+<li>Add <code>Redis</code> field <code>userConfig.service_log</code>, type <code>boolean</code>: Store logs for the service so that they
+  are available in the HTTP API and console</li>
+</ul>
 <h2 id="v0150-2023-11-17">v0.15.0 - 2023-11-17<a class="headerlink" href="#v0150-2023-11-17" title="Permanent link">&para;</a></h2>
 <ul>
 <li>Upgrade to Go 1.21</li>
diff --git a/search/search_index.js b/search/search_index.js
index 7d86166d..6adef4bd 100644
--- a/search/search_index.js
+++ b/search/search_index.js
@@ -1 +1 @@
-var __index = {"config":{"lang":["en"],"separator":"[\\s\\-]+","pipeline":["stopWordFilter"]},"docs":[{"location":"index.html","title":"Welcome to Aiven Operator for Kubernetes","text":"<p>Provision and manage Aiven services from your Kubernetes cluster.</p>"},{"location":"index.html#what-is-aiven","title":"What is Aiven?","text":"<p>Aiven offers managed services for the best open source data technologies, on a cloud of your choice.</p> <p>We offer multiple cloud options because we believe that everyone should have access to great data platforms wherever they host their applications. Our customers tell us they love it because they know that they aren\u2019t locked in to one particular cloud platform for all their data needs.</p>"},{"location":"index.html#contributing","title":"Contributing","text":"<p>The contribution guide covers everything you need to know about how you can contribute to Aiven Operator for Kubernetes. The developer guide will help you onboard as a developer.</p>"},{"location":"authentication.html","title":"Authenticating","text":"<p>To get authenticated and authorized, set up the communication between the Aiven Operator for Kubernetes and Aiven by using a token stored in a Kubernetes secret. You can then refer to the secret name on every custom resource in the <code>authSecretRef</code> field.</p> <p>If you don't have an Aiven account yet, sign up here for a free trial. \ud83e\udd80</p> <p>1. Generate an authentication token</p> <p>Refer to our documentation article to generate your authentication token.</p> <p>2. Create the Kubernetes Secret</p> <p>The following command creates a secret named <code>aiven-token</code> with a <code>token</code> field containing the authentication token:</p> <pre><code>kubectl create secret generic aiven-token --from-literal=token=\"&lt;your-token-here&gt;\"\n</code></pre> <p>When managing your Aiven resources, we will be using the created Secret in the <code>authSecretRef</code> field. It will look like the example below:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: PostgreSQL\nmetadata:\n  name: pg-sample\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n  [ ... ]\n</code></pre> <p>Also, note that within Aiven, all resources are conceptually inside a Project. By default, a random project name is generated when you signup, but you can also create new projects.</p> <p>The Project name is required in most of the resources. It will look like the example below:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: PostgreSQL\nmetadata:\n  name: pg-sample\nspec:\n  project: &lt;your-project-name-here&gt;\n  [ ... ]\n</code></pre>"},{"location":"changelog.html","title":"Changelog","text":""},{"location":"changelog.html#v0150-2023-11-17","title":"v0.15.0 - 2023-11-17","text":"<ul> <li>Upgrade to Go 1.21</li> <li>Add option to orphan resources. Thanks to @atarax</li> <li>Fix <code>ServiceIntegration</code>: do not send empty user config to the API </li> <li>Add a format for <code>string</code> type fields to the documentation</li> <li>Generate CRDs changelog</li> <li>Add <code>Clickhouse</code> field <code>userConfig.private_access.clickhouse_mysql</code>, type <code>boolean</code>: Allow clients   to connect to clickhouse_mysql with a DNS name that always resolves to the service's private IP addresses</li> <li>Add <code>Clickhouse</code> field <code>userConfig.privatelink_access.clickhouse_mysql</code>, type <code>boolean</code>: Enable clickhouse_mysql</li> <li>Add <code>Clickhouse</code> field <code>userConfig.public_access.clickhouse_mysql</code>, type <code>boolean</code>: Allow clients to   connect to clickhouse_mysql from the public internet for service nodes that are in a project VPC   or another type of private network</li> <li>Add <code>Grafana</code> field <code>userConfig.unified_alerting_enabled</code>, type <code>boolean</code>: Enable or disable Grafana   unified alerting functionality</li> <li>Add <code>Kafka</code> field <code>userConfig.aiven_kafka_topic_messages</code>, type <code>boolean</code>: Allow access to read Kafka   topic messages in the Aiven Console and REST API</li> <li>Add <code>Kafka</code> field <code>userConfig.kafka.sasl_oauthbearer_expected_audience</code>, type <code>string</code>: The (optional)   comma-delimited setting for the broker to use to verify that the JWT was issued for one of the   expected audiences</li> <li>Add <code>Kafka</code> field <code>userConfig.kafka.sasl_oauthbearer_expected_issuer</code>, type <code>string</code>: Optional setting   for the broker to use to verify that the JWT was created by the expected issuer</li> <li>Add <code>Kafka</code> field <code>userConfig.kafka.sasl_oauthbearer_jwks_endpoint_url</code>, type <code>string</code>: OIDC JWKS endpoint   URL. By setting this the SASL SSL OAuth2/OIDC authentication is enabled</li> <li>Add <code>Kafka</code> field <code>userConfig.kafka.sasl_oauthbearer_sub_claim_name</code>, type <code>string</code>: Name of the scope   from which to extract the subject claim from the JWT. Defaults to sub</li> <li>Change <code>Kafka</code> field <code>userConfig.kafka_version</code>: enum <code>[3.1, 3.3, 3.4, 3.5]</code> \u2192 <code>[3.1, 3.3, 3.4,   3.5, 3.6]</code></li> <li>Change <code>Kafka</code> field <code>userConfig.tiered_storage.local_cache.size</code>: deprecated</li> <li>Add <code>OpenSearch</code> field <code>userConfig.opensearch.indices_memory_max_index_buffer_size</code>, type <code>integer</code>:   Absolute value. Default is unbound. Doesn't work without indices.memory.index_buffer_size</li> <li>Add <code>OpenSearch</code> field <code>userConfig.opensearch.indices_memory_min_index_buffer_size</code>, type <code>integer</code>:   Absolute value. Default is 48mb. Doesn't work without indices.memory.index_buffer_size</li> <li>Change <code>OpenSearch</code> field <code>userConfig.opensearch.auth_failure_listeners.internal_authentication_backend_limiting.authentication_backend</code>:   enum <code>[internal]</code></li> <li>Change <code>OpenSearch</code> field <code>userConfig.opensearch.auth_failure_listeners.internal_authentication_backend_limiting.type</code>:   enum <code>[username]</code></li> <li>Change <code>OpenSearch</code> field <code>userConfig.opensearch.auth_failure_listeners.ip_rate_limiting.type</code>: enum <code>[ip]</code></li> <li>Change <code>OpenSearch</code> field <code>userConfig.opensearch.search_max_buckets</code>: maximum <code>65536</code> \u2192 <code>1000000</code></li> <li>Change <code>ServiceIntegration</code> field <code>kafkaMirrormaker.kafka_mirrormaker.producer_max_request_size</code>: maximum   <code>67108864</code> \u2192 <code>268435456</code></li> </ul>"},{"location":"changelog.html#v0140-2023-09-21","title":"v0.14.0 - 2023-09-21","text":"<ul> <li>Make <code>projectVpcId</code> and <code>projectVPCRef</code> mutable</li> <li>Fix panic on <code>nil</code> user config conversion</li> <li>Use aiven-go-client with context support</li> <li>Deprecate <code>Cassandra</code> kind option <code>additional_backup_regions</code></li> <li>Add <code>Grafana</code> kind option <code>auto_login</code></li> <li>Add <code>Kafka</code> kind properties <code>log_local_retention_bytes</code>, <code>log_local_retention_ms</code></li> <li>Remove <code>Kafka</code> kind option <code>remote_log_storage_system_enable</code></li> <li>Add <code>OpenSearch</code> kind option <code>auth_failure_listeners</code></li> <li>Add <code>OpenSearch</code> kind Index State Management options</li> </ul>"},{"location":"changelog.html#v0130-2023-08-18","title":"v0.13.0 - 2023-08-18","text":"<ul> <li>Add TieredStorage support to <code>Kafka</code></li> <li>Add <code>Kafka</code> version <code>3.5</code></li> <li>Add <code>Kafka</code> spec property <code>scheduled_rebalance_max_delay_ms</code></li> <li>Mark deprecated <code>Kafka</code> spec property <code>remote_log_storage_system_enable</code></li> <li>Add <code>KafkaConnect</code> spec property <code>scheduled_rebalance_max_delay_ms</code></li> <li>Add <code>OpenSearch</code> spec property <code>openid</code> </li> <li>Use updated go client with enhanced retries</li> </ul>"},{"location":"changelog.html#v0123-2023-07-13","title":"v0.12.3 - 2023-07-13","text":"<ul> <li>Expose <code>KAFKA_SCHEMA_REGISTRY_HOST</code> and <code>KAFKA_SCHEMA_REGISTRY_PORT</code> for <code>Kafka</code></li> <li>Expose <code>KAFKA_CONNECT_HOST</code>, <code>KAFKA_CONNECT_PORT</code>, <code>KAFKA_REST_HOST</code> and <code>KAFKA_REST_PORT</code> for <code>Kafka</code>. Thanks to @Dariusch</li> </ul>"},{"location":"changelog.html#v0122-2023-06-20","title":"v0.12.2 - 2023-06-20","text":"<ul> <li>Make conditions and state optional attributes of service status. Thanks to @mortenlj</li> <li>Remove deprecated <code>unclean_leader_election_enable</code> from <code>KafkaTopic</code> kind config</li> <li>Expose <code>KAFKA_SASL_PORT</code> for <code>Kafka</code> kind if <code>SASL</code> authentication method is enabled</li> <li>Add <code>redis</code> options to datadog <code>ServiceIntegration</code></li> <li>Add <code>Cassandra</code> version <code>3</code></li> <li>Add <code>Kafka</code> versions <code>3.1</code> and <code>3.4</code></li> <li>Add <code>kafka_rest_config.producer_max_request_size</code> option</li> <li>Add <code>kafka_mirrormaker.producer_compression_type</code> option</li> </ul>"},{"location":"changelog.html#v0120-2023-05-10","title":"v0.12.0 - 2023-05-10","text":"<ul> <li>Fix service tags create/update. Thanks to @mortenlj</li> <li>Add prefix name option for secrets. Thanks to @jordiclariana</li> <li>Add <code>clusterRole.create</code> option to Helm chart. Thanks to @ryaneorth</li> <li>Use kind name as default prefix for secrets to avoid collisions. Please migrate your applications before legacy names removed</li> <li>Fix secrets creation on openshift</li> <li>Add <code>OpenSearch.spec.userConfig.idp_pemtrustedcas_content</code> option.   Specifies the PEM-encoded root certificate authority (CA) content for the SAML identity provider (IdP) server verification.</li> </ul>"},{"location":"changelog.html#v0110-2023-04-25","title":"v0.11.0 - 2023-04-25","text":"<ul> <li>Add <code>ServiceIntegration</code> kind <code>SourceProjectName</code> and <code>DestinationProjectName</code> fields</li> <li>Add <code>ServiceIntegration</code> fields <code>MaxLength</code> validation</li> <li>Add <code>ServiceIntegration</code> validation: multiple user configs cannot be set</li> <li>Fix <code>ServiceIntegration</code>, should not require <code>destinationServiceName</code> or <code>sourceEndpointID</code> field</li> <li>Fix <code>ServiceIntegration</code>, add missing <code>external_aws_cloudwatch_metrics</code> type config serialization</li> <li>Update <code>ServiceIntegration</code> integration type list</li> <li>Add <code>annotations</code> and <code>labels</code> fields to <code>connInfoSecretTarget</code></li> <li>Allow to disable capabilities check to install webhooks. Thanks to @amstee</li> <li>Set <code>OpenSearch.spec.userConfig.opensearch.search_max_buckets</code> maximum to <code>65536</code></li> </ul>"},{"location":"changelog.html#v0100-2023-04-17","title":"v0.10.0 - 2023-04-17","text":"<ul> <li>Mark service <code>plan</code> as a required field</li> <li>Add <code>minumim</code>, <code>maximum</code> validations for <code>number</code> type</li> <li>Move helm charts to the operator repository</li> <li>Add helm charts generator</li> <li>Remove <code>ip_filter</code> backward compatability</li> <li>Fix deletion errors omitted</li> <li>Add service integration <code>clickhouseKafka.tables.data_format-property</code> enum <code>RawBLOB</code> value</li> <li>Update OpenSearch <code>userConfig.opensearch.email_sender_username</code> validation pattern</li> <li>Add Kafka <code>log_cleaner_min_cleanable_ratio</code> minimum and maximum validation rules</li> <li>Remove Kafka version <code>3.2</code>, reached EOL</li> <li>Remove PostgreSQL version <code>10</code>, reached EOL</li> <li>Explicitly delete <code>ProjectVPC</code> by <code>ID</code> to avoid conflicts </li> <li>Speed up <code>ProjectVPC</code> deletion by exiting on <code>DELETING</code> status</li> <li>Fix missing RBAC permissions to update finalizers for various controllers </li> <li>Refactor <code>ClickhouseUser</code> controller</li> <li>Mark <code>ClickhouseUser.spec.project</code> and <code>ClickhouseUser.spec.serviceName</code> as immutable</li> <li>Remove deprecated service integration type <code>signalfx</code></li> <li>Add build version to the Aiven client user-agent</li> </ul>"},{"location":"changelog.html#v090-2023-03-03","title":"v0.9.0 - 2023-03-03","text":"<ul> <li><code>AuthSecretRef</code> fields marked as required</li> <li>Generate user configs for existing service integrations: <code>datadog</code>, <code>kafka_connect</code>, <code>kafka_logs</code>, <code>metrics</code></li> <li>Add new service integrations: <code>clickhouse_postgresql</code>, <code>clickhouse_kafka</code>, <code>clickhouse_kafka</code>, <code>logs</code>, <code>external_aws_cloudwatch_metrics</code></li> <li>Add <code>KafkaTopic.Spec.topicName</code> field. Unlike the <code>metadata.name</code>, supports additional characters and has a longer length.   <code>KafkaTopic.Spec.topicName</code> replaces <code>metadata.name</code> in future releases and will be marked as required.</li> <li>Accept <code>false</code> value for <code>termination_protection</code> property</li> <li>Fix <code>min_cleanable_dirty_ratio</code>. Thanks to @TV2rd</li> </ul>"},{"location":"changelog.html#v080-2023-02-15","title":"v0.8.0 - 2023-02-15","text":"<p>Important: This release brings breaking changes to the <code>userConfig</code> property. After new charts are installed, update your existing instances manually using the <code>kubectl edit</code> command according to the API reference.</p> <p>Note: It is now recommended to disable webhooks for Kubernetes version 1.25 and higher, as native CRD validation rules are used.</p> <ul> <li>Breaking change: <code>ip_filter</code> field is now of <code>object</code> type</li> <li>Breaking change: Update user configs for following kinds: PostgreSQL, Kafka, KafkaConnect, Redis, Clickhouse, OpenSearch</li> <li>Add CRD validation rules for immutable fields</li> <li>Add user config field validations (enum, minimum, maximum, minLength, and others)</li> <li>Add <code>serviceIntegrations</code> on service types. Only the <code>read_replica</code> type is available.</li> <li>Add KafkaTopic <code>min_cleanable_dirty_ratio</code> config field support</li> <li>Add Clickhouse <code>spec.disk_space</code> property</li> <li>Use updated aiven-go-client with retries</li> <li>Add <code>linux/amd64</code> build. Thanks to @christoffer-eide</li> </ul>"},{"location":"changelog.html#v071-2023-01-24","title":"v0.7.1 - 2023-01-24","text":"<ul> <li>Add Cassandra Kind</li> <li>Add Grafana Kind</li> <li>Recreate Kafka ACL if modified.    Note: Modification of ACL created prior to v0.5.1 won't delete existing instance at Aiven.   It must be deleted manually.</li> <li>Fix MySQL webhook</li> </ul>"},{"location":"changelog.html#v060-2023-01-16","title":"v0.6.0 - 2023-01-16","text":"<ul> <li>Remove <code>never</code> from choices of maintenance dow</li> <li>Add <code>development</code> flag to configure logger's behavior</li> <li>Add user config generator (see <code>make generate-user-configs</code>)</li> <li>Add <code>genericServiceHandler</code> to generalize service management </li> <li>Add MySQL Kind</li> </ul>"},{"location":"changelog.html#v052-2022-12-09","title":"v0.5.2 - 2022-12-09","text":"<ul> <li>Fix deployment release manifest generation</li> </ul>"},{"location":"changelog.html#v051-2022-11-28","title":"v0.5.1 - 2022-11-28","text":"<ul> <li>Fix <code>KafkaACL</code> deletion</li> </ul>"},{"location":"changelog.html#v050-2022-11-27","title":"v0.5.0 - 2022-11-27","text":"<ul> <li>Add ability to link resources through the references</li> <li>Add <code>ProjectVPCRef</code> property to <code>Kafka</code>, <code>OpenSearch</code>, <code>Clickhouse</code> and <code>Redis</code> kinds   to get <code>ProjectVPC</code> ID when resource is ready</li> <li>Improve <code>ProjectVPC</code> deletion, deletes by ID first if possible, then tries by name</li> <li>Fix <code>client.Object</code> storage update data loss</li> </ul>"},{"location":"changelog.html#v040-2022-08-04","title":"v0.4.0 - 2022-08-04","text":"<ul> <li>Upgrade to Go 1.18</li> <li>Add support for connection pull incoming user</li> <li>Fix typo on config/samples/kafka disk_space</li> <li>Add tags support for project and service resources</li> <li>Enable termination protection</li> </ul>"},{"location":"changelog.html#v020-2021-11-17","title":"v0.2.0 - 2021-11-17","text":"<p>features: * add Redis CRD</p> <p>improvements: * watch CRDs to reconcile token secrets</p> <p>fixes: * fix RBACs of KafkaACL CRD</p>"},{"location":"changelog.html#v011-2021-09-13","title":"v0.1.1 - 2021-09-13","text":"<p>improvements: * update helm installation docs</p> <p>fixes: * fix typo in a kafka-connector kuttl test</p>"},{"location":"changelog.html#v010-2021-09-10","title":"v0.1.0 - 2021-09-10","text":"<p>features: * initial release</p>"},{"location":"troubleshooting.html","title":"Troubleshooting","text":""},{"location":"troubleshooting.html#verifying-operator-status","title":"Verifying operator status","text":"<p>Use the following checks to help you troubleshoot the Aiven Operator for Kubernetes.</p>"},{"location":"troubleshooting.html#checking-the-pods","title":"Checking the Pods","text":"<p>Verify that all the operator Pods are <code>READY</code>, and the <code>STATUS</code> is <code>Running</code>.</p> <pre><code>kubectl get pod -n aiven-operator-system\n</code></pre> <p>The output is similar to the following:</p> <pre><code>NAME                                                            READY   STATUS    RESTARTS   AGE\naiven-operator-controller-manager-576d944499-ggttj   1/1     Running   0          12m\n</code></pre> <p>Verify that the <code>cert-manager</code> Pods are also running.</p> <pre><code>kubectl get pod -n cert-manager\n</code></pre> <p>The output has the status:</p> <pre><code>NAME                                       READY   STATUS    RESTARTS   AGE\ncert-manager-7dd5854bb4-85cpv              1/1     Running   0          76s\ncert-manager-cainjector-64c949654c-n2z8l   1/1     Running   0          77s\ncert-manager-webhook-6bdffc7c9d-47w6z      1/1     Running   0          76s\n</code></pre>"},{"location":"troubleshooting.html#visualizing-the-operator-logs","title":"Visualizing the operator logs","text":"<p>Use the following command to visualize all the logs from the operator.</p> <pre><code>kubectl logs -n aiven-operator-system -l control-plane=controller-manager\n</code></pre>"},{"location":"troubleshooting.html#verifing-the-operator-version","title":"Verifing the operator version","text":"<pre><code>kubectl get pod -n aiven-operator-system -l control-plane=controller-manager -o jsonpath=\"{.items[0].spec.containers[0].image}\"\n</code></pre>"},{"location":"troubleshooting.html#known-issues-and-limitations","title":"Known issues and limitations","text":"<p>We're always working to resolve problems that pop up in Aiven products. If your problem is listed below, we know about it and are working to fix it. If your problem isn't listed below, report it as an issue.</p>"},{"location":"troubleshooting.html#cert-manager","title":"cert-manager","text":""},{"location":"troubleshooting.html#issue","title":"Issue","text":"<p>The following event appears on the operator Pod:</p> <pre><code>MountVolume.SetUp failed for volume \"cert\" : secret \"webhook-server-cert\" not found\n</code></pre>"},{"location":"troubleshooting.html#impact","title":"Impact","text":"<p>You cannot run the operator.</p>"},{"location":"troubleshooting.html#solution","title":"Solution","text":"<p>Make sure that cert-manager is up and running.</p> <pre><code>kubectl get pod -n cert-manager\n</code></pre> <p>The output shows the status of each cert-manager:</p> <pre><code>NAME                                       READY   STATUS    RESTARTS   AGE\ncert-manager-7dd5854bb4-85cpv              1/1     Running   0          76s\ncert-manager-cainjector-64c949654c-n2z8l   1/1     Running   0          77s\ncert-manager-webhook-6bdffc7c9d-47w6z      1/1     Running   0          76s\n</code></pre>"},{"location":"api-reference/index.html","title":"aiven.io/v1alpha1","text":"<p>Autogenerated from CRD files.</p>"},{"location":"api-reference/cassandra.html","title":"Cassandra","text":""},{"location":"api-reference/cassandra.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: Cassandra\nmetadata:\n  name: my-cassandra\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: cassandra-secret\n    prefix: MY_SECRET_PREFIX_\n    annotations:\n      foo: bar\n    labels:\n      baz: egg\n\n  project: aiven-project-name\n  cloudName: google-europe-west1\n  plan: startup-4\n\n  maintenanceWindowDow: sunday\n  maintenanceWindowTime: 11:00:00\n\n  userConfig:\n    migrate_sstableloader: true\n    public_access:\n      prometheus: true\n    ip_filter:\n      - network: 0.0.0.0\n        description: whatever\n      - network: 10.20.0.0/16\n</code></pre>"},{"location":"api-reference/cassandra.html#Cassandra","title":"Cassandra","text":"<p>Cassandra is the Schema for the cassandras API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>Cassandra</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). CassandraSpec defines the desired state of Cassandra. See below for nested schema.</li> </ul>"},{"location":"api-reference/cassandra.html#spec","title":"spec","text":"<p>Appears on <code>Cassandra</code>.</p> <p>CassandraSpec defines the desired state of Cassandra.</p> <p>Required</p> <ul> <li><code>plan</code> (string, MaxLength: 128). Subscription plan.</li> <li><code>project</code> (string, Immutable, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Target project.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>cloudName</code> (string, MaxLength: 256). Cloud the service runs in.</li> <li><code>connInfoSecretTarget</code> (object). Information regarding secret creation. Exposed keys: <code>CASSANDRA_HOST</code>, <code>CASSANDRA_PORT</code>, <code>CASSANDRA_USER</code>, <code>CASSANDRA_PASSWORD</code>, <code>CASSANDRA_URI</code>, <code>CASSANDRA_HOSTS</code>. See below for nested schema.</li> <li><code>disk_space</code> (string, Format: <code>^[1-9][0-9]*(GiB|G)*</code>). The disk space of the service, possible values depend on the service type, the cloud provider and the project. Reducing will result in the service re-balancing.</li> <li><code>maintenanceWindowDow</code> (string, Enum: <code>monday</code>, <code>tuesday</code>, <code>wednesday</code>, <code>thursday</code>, <code>friday</code>, <code>saturday</code>, <code>sunday</code>). Day of week when maintenance operations should be performed. One monday, tuesday, wednesday, etc.</li> <li><code>maintenanceWindowTime</code> (string, MaxLength: 8). Time of day when maintenance operations should be performed. UTC time in HH:mm:ss format.</li> <li><code>projectVPCRef</code> (object). ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically. See below for nested schema.</li> <li><code>projectVpcId</code> (string, MaxLength: 36). Identifier of the VPC the service should be in, if any.</li> <li><code>serviceIntegrations</code> (array of objects, Immutable, MaxItems: 1). Service integrations to specify when creating a service. Not applied after initial service creation. See below for nested schema.</li> <li><code>tags</code> (object, AdditionalProperties: string). Tags are key-value pairs that allow you to categorize services.</li> <li><code>terminationProtection</code> (boolean). Prevent service from being deleted. It is recommended to have this enabled for all services.</li> <li><code>userConfig</code> (object). Cassandra specific user configuration options. See below for nested schema.</li> </ul>"},{"location":"api-reference/cassandra.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/cassandra.html#spec.connInfoSecretTarget","title":"connInfoSecretTarget","text":"<p>Appears on <code>spec</code>.</p> <p>Information regarding secret creation. Exposed keys: <code>CASSANDRA_HOST</code>, <code>CASSANDRA_PORT</code>, <code>CASSANDRA_USER</code>, <code>CASSANDRA_PASSWORD</code>, <code>CASSANDRA_URI</code>, <code>CASSANDRA_HOSTS</code>.</p> <p>Required</p> <ul> <li><code>name</code> (string). Name of the secret resource to be created. By default, is equal to the resource name.</li> </ul> <p>Optional</p> <ul> <li><code>annotations</code> (object, AdditionalProperties: string). Annotations added to the secret.</li> <li><code>labels</code> (object, AdditionalProperties: string). Labels added to the secret.</li> <li><code>prefix</code> (string). Prefix for the secret's keys. Added \"as is\" without any transformations. By default, is equal to the kind name in uppercase + underscore, e.g. <code>KAFKA_</code>, <code>REDIS_</code>, etc.</li> </ul>"},{"location":"api-reference/cassandra.html#spec.projectVPCRef","title":"projectVPCRef","text":"<p>Appears on <code>spec</code>.</p> <p>ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically.</p> <p>Required</p> <ul> <li><code>name</code> (string, MinLength: 1). </li> </ul> <p>Optional</p> <ul> <li><code>namespace</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/cassandra.html#spec.serviceIntegrations","title":"serviceIntegrations","text":"<p>Appears on <code>spec</code>.</p> <p>Service integrations to specify when creating a service. Not applied after initial service creation.</p> <p>Required</p> <ul> <li><code>integrationType</code> (string, Enum: <code>read_replica</code>). </li> <li><code>sourceServiceName</code> (string, MinLength: 1, MaxLength: 64). </li> </ul>"},{"location":"api-reference/cassandra.html#spec.userConfig","title":"userConfig","text":"<p>Appears on <code>spec</code>.</p> <p>Cassandra specific user configuration options.</p> <p>Optional</p> <ul> <li><code>additional_backup_regions</code> (array of strings, MaxItems: 1). Deprecated. Additional Cloud Regions for Backup Replication.</li> <li><code>backup_hour</code> (integer, Minimum: 0, Maximum: 23). The hour of day (in UTC) when backup for the service is started. New backup is only started if previous backup has already completed.</li> <li><code>backup_minute</code> (integer, Minimum: 0, Maximum: 59). The minute of an hour when backup for the service is started. New backup is only started if previous backup has already completed.</li> <li><code>cassandra</code> (object). cassandra configuration values. See below for nested schema.</li> <li><code>cassandra_version</code> (string, Enum: <code>4</code>, <code>3</code>). Cassandra major version.</li> <li><code>ip_filter</code> (array of objects, MaxItems: 1024). Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>. See below for nested schema.</li> <li><code>migrate_sstableloader</code> (boolean). Sets the service into migration mode enabling the sstableloader utility to be used to upload Cassandra data files. Available only on service create.</li> <li><code>private_access</code> (object). Allow access to selected service ports from private networks. See below for nested schema.</li> <li><code>project_to_fork_from</code> (string, Immutable, MaxLength: 63). Name of another project to fork a service from. This has effect only when a new service is being created.</li> <li><code>public_access</code> (object). Allow access to selected service ports from the public Internet. See below for nested schema.</li> <li><code>service_to_fork_from</code> (string, Immutable, MaxLength: 64). Name of another service to fork from. This has effect only when a new service is being created.</li> <li><code>service_to_join_with</code> (string, MaxLength: 64). When bootstrapping, instead of creating a new Cassandra cluster try to join an existing one from another service. Can only be set on service creation.</li> <li><code>static_ips</code> (boolean). Use static public IP addresses.</li> </ul>"},{"location":"api-reference/cassandra.html#spec.userConfig.cassandra","title":"cassandra","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>cassandra configuration values.</p> <p>Optional</p> <ul> <li><code>batch_size_fail_threshold_in_kb</code> (integer, Minimum: 1, Maximum: 1000000). Fail any multiple-partition batch exceeding this value. 50kb (10x warn threshold) by default.</li> <li><code>batch_size_warn_threshold_in_kb</code> (integer, Minimum: 1, Maximum: 1000000). Log a warning message on any multiple-partition batch size exceeding this value.5kb per batch by default.Caution should be taken on increasing the size of this thresholdas it can lead to node instability.</li> <li><code>datacenter</code> (string, MaxLength: 128). Name of the datacenter to which nodes of this service belong. Can be set only when creating the service.</li> </ul>"},{"location":"api-reference/cassandra.html#spec.userConfig.ip_filter","title":"ip_filter","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>.</p> <p>Required</p> <ul> <li><code>network</code> (string, MaxLength: 43). CIDR address block.</li> </ul> <p>Optional</p> <ul> <li><code>description</code> (string, MaxLength: 1024). Description for IP filter list entry.</li> </ul>"},{"location":"api-reference/cassandra.html#spec.userConfig.private_access","title":"private_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from private networks.</p> <p>Required</p> <ul> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> </ul>"},{"location":"api-reference/cassandra.html#spec.userConfig.public_access","title":"public_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from the public Internet.</p> <p>Required</p> <ul> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus from the public internet for service nodes that are in a project VPC or another type of private network.</li> </ul>"},{"location":"api-reference/clickhouse.html","title":"Clickhouse","text":""},{"location":"api-reference/clickhouse.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: Clickhouse\nmetadata:\n  name: my-clickhouse\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: clickhouse-secret\n    prefix: MY_SECRET_PREFIX_\n    annotations:\n      foo: bar\n    labels:\n      baz: egg\n\n  project: my-aiven-project\n  cloudName: google-europe-west1\n  plan: startup-16\n\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n</code></pre>"},{"location":"api-reference/clickhouse.html#Clickhouse","title":"Clickhouse","text":"<p>Clickhouse is the Schema for the clickhouses API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>Clickhouse</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). ClickhouseSpec defines the desired state of Clickhouse. See below for nested schema.</li> </ul>"},{"location":"api-reference/clickhouse.html#spec","title":"spec","text":"<p>Appears on <code>Clickhouse</code>.</p> <p>ClickhouseSpec defines the desired state of Clickhouse.</p> <p>Required</p> <ul> <li><code>plan</code> (string, MaxLength: 128). Subscription plan.</li> <li><code>project</code> (string, Immutable, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Target project.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>cloudName</code> (string, MaxLength: 256). Cloud the service runs in.</li> <li><code>connInfoSecretTarget</code> (object). Information regarding secret creation. Exposed keys: <code>CLICKHOUSE_HOST</code>, <code>CLICKHOUSE_PORT</code>, <code>CLICKHOUSE_USER</code>, <code>CLICKHOUSE_PASSWORD</code>. See below for nested schema.</li> <li><code>disk_space</code> (string, Format: <code>^[1-9][0-9]*(GiB|G)*</code>). The disk space of the service, possible values depend on the service type, the cloud provider and the project. Reducing will result in the service re-balancing.</li> <li><code>maintenanceWindowDow</code> (string, Enum: <code>monday</code>, <code>tuesday</code>, <code>wednesday</code>, <code>thursday</code>, <code>friday</code>, <code>saturday</code>, <code>sunday</code>). Day of week when maintenance operations should be performed. One monday, tuesday, wednesday, etc.</li> <li><code>maintenanceWindowTime</code> (string, MaxLength: 8). Time of day when maintenance operations should be performed. UTC time in HH:mm:ss format.</li> <li><code>projectVPCRef</code> (object). ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically. See below for nested schema.</li> <li><code>projectVpcId</code> (string, MaxLength: 36). Identifier of the VPC the service should be in, if any.</li> <li><code>serviceIntegrations</code> (array of objects, Immutable, MaxItems: 1). Service integrations to specify when creating a service. Not applied after initial service creation. See below for nested schema.</li> <li><code>tags</code> (object, AdditionalProperties: string). Tags are key-value pairs that allow you to categorize services.</li> <li><code>terminationProtection</code> (boolean). Prevent service from being deleted. It is recommended to have this enabled for all services.</li> <li><code>userConfig</code> (object). OpenSearch specific user configuration options. See below for nested schema.</li> </ul>"},{"location":"api-reference/clickhouse.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/clickhouse.html#spec.connInfoSecretTarget","title":"connInfoSecretTarget","text":"<p>Appears on <code>spec</code>.</p> <p>Information regarding secret creation. Exposed keys: <code>CLICKHOUSE_HOST</code>, <code>CLICKHOUSE_PORT</code>, <code>CLICKHOUSE_USER</code>, <code>CLICKHOUSE_PASSWORD</code>.</p> <p>Required</p> <ul> <li><code>name</code> (string). Name of the secret resource to be created. By default, is equal to the resource name.</li> </ul> <p>Optional</p> <ul> <li><code>annotations</code> (object, AdditionalProperties: string). Annotations added to the secret.</li> <li><code>labels</code> (object, AdditionalProperties: string). Labels added to the secret.</li> <li><code>prefix</code> (string). Prefix for the secret's keys. Added \"as is\" without any transformations. By default, is equal to the kind name in uppercase + underscore, e.g. <code>KAFKA_</code>, <code>REDIS_</code>, etc.</li> </ul>"},{"location":"api-reference/clickhouse.html#spec.projectVPCRef","title":"projectVPCRef","text":"<p>Appears on <code>spec</code>.</p> <p>ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically.</p> <p>Required</p> <ul> <li><code>name</code> (string, MinLength: 1). </li> </ul> <p>Optional</p> <ul> <li><code>namespace</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/clickhouse.html#spec.serviceIntegrations","title":"serviceIntegrations","text":"<p>Appears on <code>spec</code>.</p> <p>Service integrations to specify when creating a service. Not applied after initial service creation.</p> <p>Required</p> <ul> <li><code>integrationType</code> (string, Enum: <code>read_replica</code>). </li> <li><code>sourceServiceName</code> (string, MinLength: 1, MaxLength: 64). </li> </ul>"},{"location":"api-reference/clickhouse.html#spec.userConfig","title":"userConfig","text":"<p>Appears on <code>spec</code>.</p> <p>OpenSearch specific user configuration options.</p> <p>Optional</p> <ul> <li><code>additional_backup_regions</code> (array of strings, MaxItems: 1). Additional Cloud Regions for Backup Replication.</li> <li><code>ip_filter</code> (array of objects, MaxItems: 1024). Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>. See below for nested schema.</li> <li><code>private_access</code> (object). Allow access to selected service ports from private networks. See below for nested schema.</li> <li><code>privatelink_access</code> (object). Allow access to selected service components through Privatelink. See below for nested schema.</li> <li><code>project_to_fork_from</code> (string, Immutable, MaxLength: 63). Name of another project to fork a service from. This has effect only when a new service is being created.</li> <li><code>public_access</code> (object). Allow access to selected service ports from the public Internet. See below for nested schema.</li> <li><code>service_to_fork_from</code> (string, Immutable, MaxLength: 64). Name of another service to fork from. This has effect only when a new service is being created.</li> <li><code>static_ips</code> (boolean). Use static public IP addresses.</li> </ul>"},{"location":"api-reference/clickhouse.html#spec.userConfig.ip_filter","title":"ip_filter","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>.</p> <p>Required</p> <ul> <li><code>network</code> (string, MaxLength: 43). CIDR address block.</li> </ul> <p>Optional</p> <ul> <li><code>description</code> (string, MaxLength: 1024). Description for IP filter list entry.</li> </ul>"},{"location":"api-reference/clickhouse.html#spec.userConfig.private_access","title":"private_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from private networks.</p> <p>Optional</p> <ul> <li><code>clickhouse</code> (boolean). Allow clients to connect to clickhouse with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> <li><code>clickhouse_https</code> (boolean). Allow clients to connect to clickhouse_https with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> <li><code>clickhouse_mysql</code> (boolean). Allow clients to connect to clickhouse_mysql with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> </ul>"},{"location":"api-reference/clickhouse.html#spec.userConfig.privatelink_access","title":"privatelink_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service components through Privatelink.</p> <p>Optional</p> <ul> <li><code>clickhouse</code> (boolean). Enable clickhouse.</li> <li><code>clickhouse_https</code> (boolean). Enable clickhouse_https.</li> <li><code>clickhouse_mysql</code> (boolean). Enable clickhouse_mysql.</li> <li><code>prometheus</code> (boolean). Enable prometheus.</li> </ul>"},{"location":"api-reference/clickhouse.html#spec.userConfig.public_access","title":"public_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from the public Internet.</p> <p>Optional</p> <ul> <li><code>clickhouse</code> (boolean). Allow clients to connect to clickhouse from the public internet for service nodes that are in a project VPC or another type of private network.</li> <li><code>clickhouse_https</code> (boolean). Allow clients to connect to clickhouse_https from the public internet for service nodes that are in a project VPC or another type of private network.</li> <li><code>clickhouse_mysql</code> (boolean). Allow clients to connect to clickhouse_mysql from the public internet for service nodes that are in a project VPC or another type of private network.</li> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus from the public internet for service nodes that are in a project VPC or another type of private network.</li> </ul>"},{"location":"api-reference/clickhouseuser.html","title":"ClickhouseUser","text":""},{"location":"api-reference/clickhouseuser.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: ClickhouseUser\nmetadata:\n  name: my-clickhouse-user\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: clickhouse-user-secret\n    prefix: MY_SECRET_PREFIX_\n    annotations:\n      foo: bar\n    labels:\n      baz: egg\n\n  project: my-aiven-project\n  serviceName: my-clickhouse\n</code></pre>"},{"location":"api-reference/clickhouseuser.html#ClickhouseUser","title":"ClickhouseUser","text":"<p>ClickhouseUser is the Schema for the clickhouseusers API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>ClickhouseUser</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). ClickhouseUserSpec defines the desired state of ClickhouseUser. See below for nested schema.</li> </ul>"},{"location":"api-reference/clickhouseuser.html#spec","title":"spec","text":"<p>Appears on <code>ClickhouseUser</code>.</p> <p>ClickhouseUserSpec defines the desired state of ClickhouseUser.</p> <p>Required</p> <ul> <li><code>project</code> (string, Immutable, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Project to link the user to.</li> <li><code>serviceName</code> (string, Immutable, MaxLength: 63). Service to link the user to.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>connInfoSecretTarget</code> (object). Information regarding secret creation. Exposed keys: <code>CLICKHOUSEUSER_HOST</code>, <code>CLICKHOUSEUSER_PORT</code>, <code>CLICKHOUSEUSER_USER</code>, <code>CLICKHOUSEUSER_PASSWORD</code>. See below for nested schema.</li> </ul>"},{"location":"api-reference/clickhouseuser.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/clickhouseuser.html#spec.connInfoSecretTarget","title":"connInfoSecretTarget","text":"<p>Appears on <code>spec</code>.</p> <p>Information regarding secret creation. Exposed keys: <code>CLICKHOUSEUSER_HOST</code>, <code>CLICKHOUSEUSER_PORT</code>, <code>CLICKHOUSEUSER_USER</code>, <code>CLICKHOUSEUSER_PASSWORD</code>.</p> <p>Required</p> <ul> <li><code>name</code> (string). Name of the secret resource to be created. By default, is equal to the resource name.</li> </ul> <p>Optional</p> <ul> <li><code>annotations</code> (object, AdditionalProperties: string). Annotations added to the secret.</li> <li><code>labels</code> (object, AdditionalProperties: string). Labels added to the secret.</li> <li><code>prefix</code> (string). Prefix for the secret's keys. Added \"as is\" without any transformations. By default, is equal to the kind name in uppercase + underscore, e.g. <code>KAFKA_</code>, <code>REDIS_</code>, etc.</li> </ul>"},{"location":"api-reference/connectionpool.html","title":"ConnectionPool","text":""},{"location":"api-reference/connectionpool.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: ConnectionPool\nmetadata:\n  name: my-connection-pool\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: connection-pool-secret\n    prefix: MY_SECRET_PREFIX_\n    annotations:\n      foo: bar\n    labels:\n      baz: egg\n\n  project: aiven-project-name\n  serviceName: google-europe-west1\n  databaseName: my-db\n  username: my-user\n  poolMode: transaction\n  poolSize: 25\n</code></pre>"},{"location":"api-reference/connectionpool.html#ConnectionPool","title":"ConnectionPool","text":"<p>ConnectionPool is the Schema for the connectionpools API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>ConnectionPool</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). ConnectionPoolSpec defines the desired state of ConnectionPool. See below for nested schema.</li> </ul>"},{"location":"api-reference/connectionpool.html#spec","title":"spec","text":"<p>Appears on <code>ConnectionPool</code>.</p> <p>ConnectionPoolSpec defines the desired state of ConnectionPool.</p> <p>Required</p> <ul> <li><code>databaseName</code> (string, MaxLength: 40). Name of the database the pool connects to.</li> <li><code>project</code> (string, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Target project.</li> <li><code>serviceName</code> (string, MaxLength: 63). Service name.</li> <li><code>username</code> (string, MaxLength: 64). Name of the service user used to connect to the database.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>connInfoSecretTarget</code> (object). Information regarding secret creation. Exposed keys: <code>CONNECTIONPOOL_HOST</code>, <code>CONNECTIONPOOL_PORT</code>, <code>CONNECTIONPOOL_DATABASE</code>, <code>CONNECTIONPOOL_USER</code>, <code>CONNECTIONPOOL_PASSWORD</code>, <code>CONNECTIONPOOL_SSLMODE</code>, <code>CONNECTIONPOOL_DATABASE_URI</code>. See below for nested schema.</li> <li><code>poolMode</code> (string, Enum: <code>session</code>, <code>transaction</code>, <code>statement</code>). Mode the pool operates in (session, transaction, statement).</li> <li><code>poolSize</code> (integer). Number of connections the pool may create towards the backend server.</li> </ul>"},{"location":"api-reference/connectionpool.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/connectionpool.html#spec.connInfoSecretTarget","title":"connInfoSecretTarget","text":"<p>Appears on <code>spec</code>.</p> <p>Information regarding secret creation. Exposed keys: <code>CONNECTIONPOOL_HOST</code>, <code>CONNECTIONPOOL_PORT</code>, <code>CONNECTIONPOOL_DATABASE</code>, <code>CONNECTIONPOOL_USER</code>, <code>CONNECTIONPOOL_PASSWORD</code>, <code>CONNECTIONPOOL_SSLMODE</code>, <code>CONNECTIONPOOL_DATABASE_URI</code>.</p> <p>Required</p> <ul> <li><code>name</code> (string). Name of the secret resource to be created. By default, is equal to the resource name.</li> </ul> <p>Optional</p> <ul> <li><code>annotations</code> (object, AdditionalProperties: string). Annotations added to the secret.</li> <li><code>labels</code> (object, AdditionalProperties: string). Labels added to the secret.</li> <li><code>prefix</code> (string). Prefix for the secret's keys. Added \"as is\" without any transformations. By default, is equal to the kind name in uppercase + underscore, e.g. <code>KAFKA_</code>, <code>REDIS_</code>, etc.</li> </ul>"},{"location":"api-reference/database.html","title":"Database","text":""},{"location":"api-reference/database.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: Database\nmetadata:\n  name: my-db\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: aiven-project-name\n  serviceName: google-europe-west1\n\n  lcCtype: en_US.UTF-8\n  lcCollate: en_US.UTF-8\n</code></pre>"},{"location":"api-reference/database.html#Database","title":"Database","text":"<p>Database is the Schema for the databases API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>Database</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). DatabaseSpec defines the desired state of Database. See below for nested schema.</li> </ul>"},{"location":"api-reference/database.html#spec","title":"spec","text":"<p>Appears on <code>Database</code>.</p> <p>DatabaseSpec defines the desired state of Database.</p> <p>Required</p> <ul> <li><code>project</code> (string, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Project to link the database to.</li> <li><code>serviceName</code> (string, MaxLength: 63). PostgreSQL service to link the database to.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>lcCollate</code> (string, MaxLength: 128). Default string sort order (LC_COLLATE) of the database. Default value: en_US.UTF-8.</li> <li><code>lcCtype</code> (string, MaxLength: 128). Default character classification (LC_CTYPE) of the database. Default value: en_US.UTF-8.</li> <li><code>terminationProtection</code> (boolean). It is a Kubernetes side deletion protections, which prevents the database from being deleted by Kubernetes. It is recommended to enable this for any production databases containing critical data.</li> </ul>"},{"location":"api-reference/database.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/grafana.html","title":"Grafana","text":""},{"location":"api-reference/grafana.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: Grafana\nmetadata:\n  name: my-grafana\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: grafana-secret\n    prefix: MY_SECRET_PREFIX_\n    annotations:\n      foo: bar\n    labels:\n      baz: egg\n\n  project: my-aiven-project\n  cloudName: google-europe-west1\n  plan: startup-1\n\n  maintenanceWindowDow: sunday\n  maintenanceWindowTime: 11:00:00\n\n  userConfig:\n    public_access:\n      grafana: true\n    ip_filter:\n      - network: 0.0.0.0\n        description: whatever\n      - network: 10.20.0.0/16\n</code></pre>"},{"location":"api-reference/grafana.html#Grafana","title":"Grafana","text":"<p>Grafana is the Schema for the grafanas API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>Grafana</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). GrafanaSpec defines the desired state of Grafana. See below for nested schema.</li> </ul>"},{"location":"api-reference/grafana.html#spec","title":"spec","text":"<p>Appears on <code>Grafana</code>.</p> <p>GrafanaSpec defines the desired state of Grafana.</p> <p>Required</p> <ul> <li><code>plan</code> (string, MaxLength: 128). Subscription plan.</li> <li><code>project</code> (string, Immutable, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Target project.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>cloudName</code> (string, MaxLength: 256). Cloud the service runs in.</li> <li><code>connInfoSecretTarget</code> (object). Information regarding secret creation. Exposed keys: <code>GRAFANA_HOST</code>, <code>GRAFANA_PORT</code>, <code>GRAFANA_USER</code>, <code>GRAFANA_PASSWORD</code>, <code>GRAFANA_URI</code>, <code>GRAFANA_HOSTS</code>. See below for nested schema.</li> <li><code>disk_space</code> (string, Format: <code>^[1-9][0-9]*(GiB|G)*</code>). The disk space of the service, possible values depend on the service type, the cloud provider and the project. Reducing will result in the service re-balancing.</li> <li><code>maintenanceWindowDow</code> (string, Enum: <code>monday</code>, <code>tuesday</code>, <code>wednesday</code>, <code>thursday</code>, <code>friday</code>, <code>saturday</code>, <code>sunday</code>). Day of week when maintenance operations should be performed. One monday, tuesday, wednesday, etc.</li> <li><code>maintenanceWindowTime</code> (string, MaxLength: 8). Time of day when maintenance operations should be performed. UTC time in HH:mm:ss format.</li> <li><code>projectVPCRef</code> (object). ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically. See below for nested schema.</li> <li><code>projectVpcId</code> (string, MaxLength: 36). Identifier of the VPC the service should be in, if any.</li> <li><code>serviceIntegrations</code> (array of objects, Immutable, MaxItems: 1). Service integrations to specify when creating a service. Not applied after initial service creation. See below for nested schema.</li> <li><code>tags</code> (object, AdditionalProperties: string). Tags are key-value pairs that allow you to categorize services.</li> <li><code>terminationProtection</code> (boolean). Prevent service from being deleted. It is recommended to have this enabled for all services.</li> <li><code>userConfig</code> (object). Cassandra specific user configuration options. See below for nested schema.</li> </ul>"},{"location":"api-reference/grafana.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/grafana.html#spec.connInfoSecretTarget","title":"connInfoSecretTarget","text":"<p>Appears on <code>spec</code>.</p> <p>Information regarding secret creation. Exposed keys: <code>GRAFANA_HOST</code>, <code>GRAFANA_PORT</code>, <code>GRAFANA_USER</code>, <code>GRAFANA_PASSWORD</code>, <code>GRAFANA_URI</code>, <code>GRAFANA_HOSTS</code>.</p> <p>Required</p> <ul> <li><code>name</code> (string). Name of the secret resource to be created. By default, is equal to the resource name.</li> </ul> <p>Optional</p> <ul> <li><code>annotations</code> (object, AdditionalProperties: string). Annotations added to the secret.</li> <li><code>labels</code> (object, AdditionalProperties: string). Labels added to the secret.</li> <li><code>prefix</code> (string). Prefix for the secret's keys. Added \"as is\" without any transformations. By default, is equal to the kind name in uppercase + underscore, e.g. <code>KAFKA_</code>, <code>REDIS_</code>, etc.</li> </ul>"},{"location":"api-reference/grafana.html#spec.projectVPCRef","title":"projectVPCRef","text":"<p>Appears on <code>spec</code>.</p> <p>ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically.</p> <p>Required</p> <ul> <li><code>name</code> (string, MinLength: 1). </li> </ul> <p>Optional</p> <ul> <li><code>namespace</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/grafana.html#spec.serviceIntegrations","title":"serviceIntegrations","text":"<p>Appears on <code>spec</code>.</p> <p>Service integrations to specify when creating a service. Not applied after initial service creation.</p> <p>Required</p> <ul> <li><code>integrationType</code> (string, Enum: <code>read_replica</code>). </li> <li><code>sourceServiceName</code> (string, MinLength: 1, MaxLength: 64). </li> </ul>"},{"location":"api-reference/grafana.html#spec.userConfig","title":"userConfig","text":"<p>Appears on <code>spec</code>.</p> <p>Cassandra specific user configuration options.</p> <p>Optional</p> <ul> <li><code>additional_backup_regions</code> (array of strings, MaxItems: 1). Additional Cloud Regions for Backup Replication.</li> <li><code>alerting_enabled</code> (boolean). Enable or disable Grafana legacy alerting functionality. This should not be enabled with unified_alerting_enabled.</li> <li><code>alerting_error_or_timeout</code> (string, Enum: <code>alerting</code>, <code>keep_state</code>). Default error or timeout setting for new alerting rules.</li> <li><code>alerting_max_annotations_to_keep</code> (integer, Minimum: 0, Maximum: 1000000). Max number of alert annotations that Grafana stores. 0 (default) keeps all alert annotations.</li> <li><code>alerting_nodata_or_nullvalues</code> (string, Enum: <code>alerting</code>, <code>no_data</code>, <code>keep_state</code>, <code>ok</code>). Default value for 'no data or null values' for new alerting rules.</li> <li><code>allow_embedding</code> (boolean). Allow embedding Grafana dashboards with iframe/frame/object/embed tags. Disabled by default to limit impact of clickjacking.</li> <li><code>auth_azuread</code> (object). Azure AD OAuth integration. See below for nested schema.</li> <li><code>auth_basic_enabled</code> (boolean). Enable or disable basic authentication form, used by Grafana built-in login.</li> <li><code>auth_generic_oauth</code> (object). Generic OAuth integration. See below for nested schema.</li> <li><code>auth_github</code> (object). Github Auth integration. See below for nested schema.</li> <li><code>auth_gitlab</code> (object). GitLab Auth integration. See below for nested schema.</li> <li><code>auth_google</code> (object). Google Auth integration. See below for nested schema.</li> <li><code>cookie_samesite</code> (string, Enum: <code>lax</code>, <code>strict</code>, <code>none</code>). Cookie SameSite attribute: <code>strict</code> prevents sending cookie for cross-site requests, effectively disabling direct linking from other sites to Grafana. <code>lax</code> is the default value.</li> <li><code>custom_domain</code> (string, MaxLength: 255). Serve the web frontend using a custom CNAME pointing to the Aiven DNS name.</li> <li><code>dashboard_previews_enabled</code> (boolean). This feature is new in Grafana 9 and is quite resource intensive. It may cause low-end plans to work more slowly while the dashboard previews are rendering.</li> <li><code>dashboards_min_refresh_interval</code> (string, Pattern: <code>^[0-9]+(ms|s|m|h|d)$</code>, MaxLength: 16). Signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s, 1h.</li> <li><code>dashboards_versions_to_keep</code> (integer, Minimum: 1, Maximum: 100). Dashboard versions to keep per dashboard.</li> <li><code>dataproxy_send_user_header</code> (boolean). Send <code>X-Grafana-User</code> header to data source.</li> <li><code>dataproxy_timeout</code> (integer, Minimum: 15, Maximum: 90). Timeout for data proxy requests in seconds.</li> <li><code>date_formats</code> (object). Grafana date format specifications. See below for nested schema.</li> <li><code>disable_gravatar</code> (boolean). Set to true to disable gravatar. Defaults to false (gravatar is enabled).</li> <li><code>editors_can_admin</code> (boolean). Editors can manage folders, teams and dashboards created by them.</li> <li><code>external_image_storage</code> (object). External image store settings. See below for nested schema.</li> <li><code>google_analytics_ua_id</code> (string, Pattern: <code>^(G|UA|YT|MO)-[a-zA-Z0-9-]+$</code>, MaxLength: 64). Google Analytics ID.</li> <li><code>ip_filter</code> (array of objects, MaxItems: 1024). Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>. See below for nested schema.</li> <li><code>metrics_enabled</code> (boolean). Enable Grafana /metrics endpoint.</li> <li><code>oauth_allow_insecure_email_lookup</code> (boolean). Enforce user lookup based on email instead of the unique ID provided by the IdP.</li> <li><code>private_access</code> (object). Allow access to selected service ports from private networks. See below for nested schema.</li> <li><code>privatelink_access</code> (object). Allow access to selected service components through Privatelink. See below for nested schema.</li> <li><code>project_to_fork_from</code> (string, Immutable, MaxLength: 63). Name of another project to fork a service from. This has effect only when a new service is being created.</li> <li><code>public_access</code> (object). Allow access to selected service ports from the public Internet. See below for nested schema.</li> <li><code>recovery_basebackup_name</code> (string, Pattern: <code>^[a-zA-Z0-9-_:.]+$</code>, MaxLength: 128). Name of the basebackup to restore in forked service.</li> <li><code>service_to_fork_from</code> (string, Immutable, MaxLength: 64). Name of another service to fork from. This has effect only when a new service is being created.</li> <li><code>smtp_server</code> (object). SMTP server settings. See below for nested schema.</li> <li><code>static_ips</code> (boolean). Use static public IP addresses.</li> <li><code>unified_alerting_enabled</code> (boolean). Enable or disable Grafana unified alerting functionality. By default this is enabled and any legacy alerts will be migrated on upgrade to Grafana 9+. To stay on legacy alerting, set unified_alerting_enabled to false and alerting_enabled to true. See https://grafana.com/docs/grafana/latest/alerting/set-up/migrating-alerts/ for more details.</li> <li><code>user_auto_assign_org</code> (boolean). Auto-assign new users on signup to main organization. Defaults to false.</li> <li><code>user_auto_assign_org_role</code> (string, Enum: <code>Viewer</code>, <code>Admin</code>, <code>Editor</code>). Set role for new signups. Defaults to Viewer.</li> <li><code>viewers_can_edit</code> (boolean). Users with view-only permission can edit but not save dashboards.</li> </ul>"},{"location":"api-reference/grafana.html#spec.userConfig.auth_azuread","title":"auth_azuread","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Azure AD OAuth integration.</p> <p>Required</p> <ul> <li><code>auth_url</code> (string, MaxLength: 2048). Authorization URL.</li> <li><code>client_id</code> (string, Pattern: <code>^[\\040-\\176]+$</code>, MaxLength: 1024). Client ID from provider.</li> <li><code>client_secret</code> (string, Pattern: <code>^[\\040-\\176]+$</code>, MaxLength: 1024). Client secret from provider.</li> <li><code>token_url</code> (string, MaxLength: 2048). Token URL.</li> </ul> <p>Optional</p> <ul> <li><code>allow_sign_up</code> (boolean). Automatically sign-up users on successful sign-in.</li> <li><code>allowed_domains</code> (array of strings, MaxItems: 50). Allowed domains.</li> <li><code>allowed_groups</code> (array of strings, MaxItems: 50). Require users to belong to one of given groups.</li> </ul>"},{"location":"api-reference/grafana.html#spec.userConfig.auth_generic_oauth","title":"auth_generic_oauth","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Generic OAuth integration.</p> <p>Required</p> <ul> <li><code>api_url</code> (string, MaxLength: 2048). API URL.</li> <li><code>auth_url</code> (string, MaxLength: 2048). Authorization URL.</li> <li><code>client_id</code> (string, Pattern: <code>^[\\040-\\176]+$</code>, MaxLength: 1024). Client ID from provider.</li> <li><code>client_secret</code> (string, Pattern: <code>^[\\040-\\176]+$</code>, MaxLength: 1024). Client secret from provider.</li> <li><code>token_url</code> (string, MaxLength: 2048). Token URL.</li> </ul> <p>Optional</p> <ul> <li><code>allow_sign_up</code> (boolean). Automatically sign-up users on successful sign-in.</li> <li><code>allowed_domains</code> (array of strings, MaxItems: 50). Allowed domains.</li> <li><code>allowed_organizations</code> (array of strings, MaxItems: 50). Require user to be member of one of the listed organizations.</li> <li><code>auto_login</code> (boolean). Allow users to bypass the login screen and automatically log in.</li> <li><code>name</code> (string, Pattern: <code>^[a-zA-Z0-9_\\- ]+$</code>, MaxLength: 128). Name of the OAuth integration.</li> <li><code>scopes</code> (array of strings, MaxItems: 50). OAuth scopes.</li> </ul>"},{"location":"api-reference/grafana.html#spec.userConfig.auth_github","title":"auth_github","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Github Auth integration.</p> <p>Required</p> <ul> <li><code>client_id</code> (string, Pattern: <code>^[\\040-\\176]+$</code>, MaxLength: 1024). Client ID from provider.</li> <li><code>client_secret</code> (string, Pattern: <code>^[\\040-\\176]+$</code>, MaxLength: 1024). Client secret from provider.</li> </ul> <p>Optional</p> <ul> <li><code>allow_sign_up</code> (boolean). Automatically sign-up users on successful sign-in.</li> <li><code>allowed_organizations</code> (array of strings, MaxItems: 50). Require users to belong to one of given organizations.</li> <li><code>team_ids</code> (array of integers, MaxItems: 50). Require users to belong to one of given team IDs.</li> </ul>"},{"location":"api-reference/grafana.html#spec.userConfig.auth_gitlab","title":"auth_gitlab","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>GitLab Auth integration.</p> <p>Required</p> <ul> <li><code>allowed_groups</code> (array of strings, MaxItems: 50). Require users to belong to one of given groups.</li> <li><code>client_id</code> (string, Pattern: <code>^[\\040-\\176]+$</code>, MaxLength: 1024). Client ID from provider.</li> <li><code>client_secret</code> (string, Pattern: <code>^[\\040-\\176]+$</code>, MaxLength: 1024). Client secret from provider.</li> </ul> <p>Optional</p> <ul> <li><code>allow_sign_up</code> (boolean). Automatically sign-up users on successful sign-in.</li> <li><code>api_url</code> (string, MaxLength: 2048). API URL. This only needs to be set when using self hosted GitLab.</li> <li><code>auth_url</code> (string, MaxLength: 2048). Authorization URL. This only needs to be set when using self hosted GitLab.</li> <li><code>token_url</code> (string, MaxLength: 2048). Token URL. This only needs to be set when using self hosted GitLab.</li> </ul>"},{"location":"api-reference/grafana.html#spec.userConfig.auth_google","title":"auth_google","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Google Auth integration.</p> <p>Required</p> <ul> <li><code>allowed_domains</code> (array of strings, MaxItems: 64). Domains allowed to sign-in to this Grafana.</li> <li><code>client_id</code> (string, Pattern: <code>^[\\040-\\176]+$</code>, MaxLength: 1024). Client ID from provider.</li> <li><code>client_secret</code> (string, Pattern: <code>^[\\040-\\176]+$</code>, MaxLength: 1024). Client secret from provider.</li> </ul> <p>Optional</p> <ul> <li><code>allow_sign_up</code> (boolean). Automatically sign-up users on successful sign-in.</li> </ul>"},{"location":"api-reference/grafana.html#spec.userConfig.date_formats","title":"date_formats","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Grafana date format specifications.</p> <p>Optional</p> <ul> <li><code>default_timezone</code> (string, MaxLength: 64). Default time zone for user preferences. Value <code>browser</code> uses browser local time zone.</li> <li><code>full_date</code> (string, MaxLength: 128). Moment.js style format string for cases where full date is shown.</li> <li><code>interval_day</code> (string, MaxLength: 128). Moment.js style format string used when a time requiring day accuracy is shown.</li> <li><code>interval_hour</code> (string, MaxLength: 128). Moment.js style format string used when a time requiring hour accuracy is shown.</li> <li><code>interval_minute</code> (string, MaxLength: 128). Moment.js style format string used when a time requiring minute accuracy is shown.</li> <li><code>interval_month</code> (string, MaxLength: 128). Moment.js style format string used when a time requiring month accuracy is shown.</li> <li><code>interval_second</code> (string, MaxLength: 128). Moment.js style format string used when a time requiring second accuracy is shown.</li> <li><code>interval_year</code> (string, MaxLength: 128). Moment.js style format string used when a time requiring year accuracy is shown.</li> </ul>"},{"location":"api-reference/grafana.html#spec.userConfig.external_image_storage","title":"external_image_storage","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>External image store settings.</p> <p>Required</p> <ul> <li><code>access_key</code> (string, Pattern: <code>^[A-Z0-9]+$</code>, MaxLength: 4096). S3 access key. Requires permissions to the S3 bucket for the s3:PutObject and s3:PutObjectAcl actions.</li> <li><code>bucket_url</code> (string, MaxLength: 2048). Bucket URL for S3.</li> <li><code>provider</code> (string, Enum: <code>s3</code>). Provider type.</li> <li><code>secret_key</code> (string, Pattern: <code>^[A-Za-z0-9/+=]+$</code>, MaxLength: 4096). S3 secret key.</li> </ul>"},{"location":"api-reference/grafana.html#spec.userConfig.ip_filter","title":"ip_filter","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>.</p> <p>Required</p> <ul> <li><code>network</code> (string, MaxLength: 43). CIDR address block.</li> </ul> <p>Optional</p> <ul> <li><code>description</code> (string, MaxLength: 1024). Description for IP filter list entry.</li> </ul>"},{"location":"api-reference/grafana.html#spec.userConfig.private_access","title":"private_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from private networks.</p> <p>Required</p> <ul> <li><code>grafana</code> (boolean). Allow clients to connect to grafana with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> </ul>"},{"location":"api-reference/grafana.html#spec.userConfig.privatelink_access","title":"privatelink_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service components through Privatelink.</p> <p>Required</p> <ul> <li><code>grafana</code> (boolean). Enable grafana.</li> </ul>"},{"location":"api-reference/grafana.html#spec.userConfig.public_access","title":"public_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from the public Internet.</p> <p>Required</p> <ul> <li><code>grafana</code> (boolean). Allow clients to connect to grafana from the public internet for service nodes that are in a project VPC or another type of private network.</li> </ul>"},{"location":"api-reference/grafana.html#spec.userConfig.smtp_server","title":"smtp_server","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>SMTP server settings.</p> <p>Required</p> <ul> <li><code>from_address</code> (string, MaxLength: 319). Address used for sending emails.</li> <li><code>host</code> (string, MaxLength: 255). Server hostname or IP.</li> <li><code>port</code> (integer, Minimum: 1, Maximum: 65535). SMTP server port.</li> </ul> <p>Optional</p> <ul> <li><code>from_name</code> (string, Pattern: <code>^[^\\x00-\\x1F]+$</code>, MaxLength: 128). Name used in outgoing emails, defaults to Grafana.</li> <li><code>password</code> (string, Pattern: <code>^[^\\x00-\\x1F]+$</code>, MaxLength: 255). Password for SMTP authentication.</li> <li><code>skip_verify</code> (boolean). Skip verifying server certificate. Defaults to false.</li> <li><code>starttls_policy</code> (string, Enum: <code>OpportunisticStartTLS</code>, <code>MandatoryStartTLS</code>, <code>NoStartTLS</code>). Either OpportunisticStartTLS, MandatoryStartTLS or NoStartTLS. Default is OpportunisticStartTLS.</li> <li><code>username</code> (string, Pattern: <code>^[^\\x00-\\x1F]+$</code>, MaxLength: 255). Username for SMTP authentication.</li> </ul>"},{"location":"api-reference/kafka.html","title":"Kafka","text":""},{"location":"api-reference/kafka.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: Kafka\nmetadata:\n  name: my-kafka\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: kafka-secret\n    prefix: MY_SECRET_PREFIX_\n    annotations:\n      foo: bar\n    labels:\n      baz: egg\n\n  project: my-aiven-project\n  cloudName: google-europe-west1\n  plan: startup-2\n\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n</code></pre>"},{"location":"api-reference/kafka.html#Kafka","title":"Kafka","text":"<p>Kafka is the Schema for the kafkas API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>Kafka</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). KafkaSpec defines the desired state of Kafka. See below for nested schema.</li> </ul>"},{"location":"api-reference/kafka.html#spec","title":"spec","text":"<p>Appears on <code>Kafka</code>.</p> <p>KafkaSpec defines the desired state of Kafka.</p> <p>Required</p> <ul> <li><code>plan</code> (string, MaxLength: 128). Subscription plan.</li> <li><code>project</code> (string, Immutable, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Target project.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>cloudName</code> (string, MaxLength: 256). Cloud the service runs in.</li> <li><code>connInfoSecretTarget</code> (object). Information regarding secret creation. Exposed keys: <code>KAFKA_HOST</code>, <code>KAFKA_PORT</code>, <code>KAFKA_USERNAME</code>, <code>KAFKA_PASSWORD</code>, <code>KAFKA_ACCESS_CERT</code>, <code>KAFKA_ACCESS_KEY</code>, <code>KAFKA_SASL_HOST</code>, <code>KAFKA_SASL_PORT</code>, <code>KAFKA_SCHEMA_REGISTRY_HOST</code>, <code>KAFKA_SCHEMA_REGISTRY_PORT</code>, <code>KAFKA_CONNECT_HOST</code>, <code>KAFKA_CONNECT_PORT</code>, <code>KAFKA_REST_HOST</code>, <code>KAFKA_REST_PORT</code>. See below for nested schema.</li> <li><code>disk_space</code> (string, Format: <code>^[1-9][0-9]*(GiB|G)*</code>). The disk space of the service, possible values depend on the service type, the cloud provider and the project. Reducing will result in the service re-balancing.</li> <li><code>karapace</code> (boolean). Switch the service to use Karapace for schema registry and REST proxy.</li> <li><code>maintenanceWindowDow</code> (string, Enum: <code>monday</code>, <code>tuesday</code>, <code>wednesday</code>, <code>thursday</code>, <code>friday</code>, <code>saturday</code>, <code>sunday</code>). Day of week when maintenance operations should be performed. One monday, tuesday, wednesday, etc.</li> <li><code>maintenanceWindowTime</code> (string, MaxLength: 8). Time of day when maintenance operations should be performed. UTC time in HH:mm:ss format.</li> <li><code>projectVPCRef</code> (object). ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically. See below for nested schema.</li> <li><code>projectVpcId</code> (string, MaxLength: 36). Identifier of the VPC the service should be in, if any.</li> <li><code>serviceIntegrations</code> (array of objects, Immutable, MaxItems: 1). Service integrations to specify when creating a service. Not applied after initial service creation. See below for nested schema.</li> <li><code>tags</code> (object, AdditionalProperties: string). Tags are key-value pairs that allow you to categorize services.</li> <li><code>terminationProtection</code> (boolean). Prevent service from being deleted. It is recommended to have this enabled for all services.</li> <li><code>userConfig</code> (object). Kafka specific user configuration options. See below for nested schema.</li> </ul>"},{"location":"api-reference/kafka.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/kafka.html#spec.connInfoSecretTarget","title":"connInfoSecretTarget","text":"<p>Appears on <code>spec</code>.</p> <p>Information regarding secret creation. Exposed keys: <code>KAFKA_HOST</code>, <code>KAFKA_PORT</code>, <code>KAFKA_USERNAME</code>, <code>KAFKA_PASSWORD</code>, <code>KAFKA_ACCESS_CERT</code>, <code>KAFKA_ACCESS_KEY</code>, <code>KAFKA_SASL_HOST</code>, <code>KAFKA_SASL_PORT</code>, <code>KAFKA_SCHEMA_REGISTRY_HOST</code>, <code>KAFKA_SCHEMA_REGISTRY_PORT</code>, <code>KAFKA_CONNECT_HOST</code>, <code>KAFKA_CONNECT_PORT</code>, <code>KAFKA_REST_HOST</code>, <code>KAFKA_REST_PORT</code>.</p> <p>Required</p> <ul> <li><code>name</code> (string). Name of the secret resource to be created. By default, is equal to the resource name.</li> </ul> <p>Optional</p> <ul> <li><code>annotations</code> (object, AdditionalProperties: string). Annotations added to the secret.</li> <li><code>labels</code> (object, AdditionalProperties: string). Labels added to the secret.</li> <li><code>prefix</code> (string). Prefix for the secret's keys. Added \"as is\" without any transformations. By default, is equal to the kind name in uppercase + underscore, e.g. <code>KAFKA_</code>, <code>REDIS_</code>, etc.</li> </ul>"},{"location":"api-reference/kafka.html#spec.projectVPCRef","title":"projectVPCRef","text":"<p>Appears on <code>spec</code>.</p> <p>ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically.</p> <p>Required</p> <ul> <li><code>name</code> (string, MinLength: 1). </li> </ul> <p>Optional</p> <ul> <li><code>namespace</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/kafka.html#spec.serviceIntegrations","title":"serviceIntegrations","text":"<p>Appears on <code>spec</code>.</p> <p>Service integrations to specify when creating a service. Not applied after initial service creation.</p> <p>Required</p> <ul> <li><code>integrationType</code> (string, Enum: <code>read_replica</code>). </li> <li><code>sourceServiceName</code> (string, MinLength: 1, MaxLength: 64). </li> </ul>"},{"location":"api-reference/kafka.html#spec.userConfig","title":"userConfig","text":"<p>Appears on <code>spec</code>.</p> <p>Kafka specific user configuration options.</p> <p>Optional</p> <ul> <li><code>additional_backup_regions</code> (array of strings, MaxItems: 1). Additional Cloud Regions for Backup Replication.</li> <li><code>aiven_kafka_topic_messages</code> (boolean). Allow access to read Kafka topic messages in the Aiven Console and REST API.</li> <li><code>custom_domain</code> (string, MaxLength: 255). Serve the web frontend using a custom CNAME pointing to the Aiven DNS name.</li> <li><code>ip_filter</code> (array of objects, MaxItems: 1024). Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>. See below for nested schema.</li> <li><code>kafka</code> (object). Kafka broker configuration values. See below for nested schema.</li> <li><code>kafka_authentication_methods</code> (object). Kafka authentication methods. See below for nested schema.</li> <li><code>kafka_connect</code> (boolean). Enable Kafka Connect service.</li> <li><code>kafka_connect_config</code> (object). Kafka Connect configuration values. See below for nested schema.</li> <li><code>kafka_rest</code> (boolean). Enable Kafka-REST service.</li> <li><code>kafka_rest_authorization</code> (boolean). Enable authorization in Kafka-REST service.</li> <li><code>kafka_rest_config</code> (object). Kafka REST configuration. See below for nested schema.</li> <li><code>kafka_version</code> (string, Enum: <code>3.3</code>, <code>3.1</code>, <code>3.4</code>, <code>3.5</code>, <code>3.6</code>). Kafka major version.</li> <li><code>private_access</code> (object). Allow access to selected service ports from private networks. See below for nested schema.</li> <li><code>privatelink_access</code> (object). Allow access to selected service components through Privatelink. See below for nested schema.</li> <li><code>public_access</code> (object). Allow access to selected service ports from the public Internet. See below for nested schema.</li> <li><code>schema_registry</code> (boolean). Enable Schema-Registry service.</li> <li><code>schema_registry_config</code> (object). Schema Registry configuration. See below for nested schema.</li> <li><code>static_ips</code> (boolean). Use static public IP addresses.</li> <li><code>tiered_storage</code> (object). Tiered storage configuration. See below for nested schema.</li> </ul>"},{"location":"api-reference/kafka.html#spec.userConfig.ip_filter","title":"ip_filter","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>.</p> <p>Required</p> <ul> <li><code>network</code> (string, MaxLength: 43). CIDR address block.</li> </ul> <p>Optional</p> <ul> <li><code>description</code> (string, MaxLength: 1024). Description for IP filter list entry.</li> </ul>"},{"location":"api-reference/kafka.html#spec.userConfig.kafka","title":"kafka","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Kafka broker configuration values.</p> <p>Optional</p> <ul> <li><code>auto_create_topics_enable</code> (boolean). Enable auto creation of topics.</li> <li><code>compression_type</code> (string, Enum: <code>gzip</code>, <code>snappy</code>, <code>lz4</code>, <code>zstd</code>, <code>uncompressed</code>, <code>producer</code>). Specify the final compression type for a given topic. This configuration accepts the standard compression codecs (<code>gzip</code>, <code>snappy</code>, <code>lz4</code>, <code>zstd</code>). It additionally accepts <code>uncompressed</code> which is equivalent to no compression; and <code>producer</code> which means retain the original compression codec set by the producer.</li> <li><code>connections_max_idle_ms</code> (integer, Minimum: 1000, Maximum: 3600000). Idle connections timeout: the server socket processor threads close the connections that idle for longer than this.</li> <li><code>default_replication_factor</code> (integer, Minimum: 1, Maximum: 10). Replication factor for autocreated topics.</li> <li><code>group_initial_rebalance_delay_ms</code> (integer, Minimum: 0, Maximum: 300000). The amount of time, in milliseconds, the group coordinator will wait for more consumers to join a new group before performing the first rebalance. A longer delay means potentially fewer rebalances, but increases the time until processing begins. The default value for this is 3 seconds. During development and testing it might be desirable to set this to 0 in order to not delay test execution time.</li> <li><code>group_max_session_timeout_ms</code> (integer, Minimum: 0, Maximum: 1800000). The maximum allowed session timeout for registered consumers. Longer timeouts give consumers more time to process messages in between heartbeats at the cost of a longer time to detect failures.</li> <li><code>group_min_session_timeout_ms</code> (integer, Minimum: 0, Maximum: 60000). The minimum allowed session timeout for registered consumers. Longer timeouts give consumers more time to process messages in between heartbeats at the cost of a longer time to detect failures.</li> <li><code>log_cleaner_delete_retention_ms</code> (integer, Minimum: 0, Maximum: 315569260000). How long are delete records retained?.</li> <li><code>log_cleaner_max_compaction_lag_ms</code> (integer, Minimum: 30000). The maximum amount of time message will remain uncompacted. Only applicable for logs that are being compacted.</li> <li><code>log_cleaner_min_cleanable_ratio</code> (number, Minimum: 0.2, Maximum: 0.9). Controls log compactor frequency. Larger value means more frequent compactions but also more space wasted for logs. Consider setting log.cleaner.max.compaction.lag.ms to enforce compactions sooner, instead of setting a very high value for this option.</li> <li><code>log_cleaner_min_compaction_lag_ms</code> (integer, Minimum: 0). The minimum time a message will remain uncompacted in the log. Only applicable for logs that are being compacted.</li> <li><code>log_cleanup_policy</code> (string, Enum: <code>delete</code>, <code>compact</code>, <code>compact,delete</code>). The default cleanup policy for segments beyond the retention window.</li> <li><code>log_flush_interval_messages</code> (integer, Minimum: 1). The number of messages accumulated on a log partition before messages are flushed to disk.</li> <li><code>log_flush_interval_ms</code> (integer, Minimum: 0). The maximum time in ms that a message in any topic is kept in memory before flushed to disk. If not set, the value in log.flush.scheduler.interval.ms is used.</li> <li><code>log_index_interval_bytes</code> (integer, Minimum: 0, Maximum: 104857600). The interval with which Kafka adds an entry to the offset index.</li> <li><code>log_index_size_max_bytes</code> (integer, Minimum: 1048576, Maximum: 104857600). The maximum size in bytes of the offset index.</li> <li><code>log_local_retention_bytes</code> (integer, Minimum: -2). The maximum size of local log segments that can grow for a partition before it gets eligible for deletion. If set to -2, the value of log.retention.bytes is used. The effective value should always be less than or equal to log.retention.bytes value.</li> <li><code>log_local_retention_ms</code> (integer, Minimum: -2). The number of milliseconds to keep the local log segments before it gets eligible for deletion. If set to -2, the value of log.retention.ms is used. The effective value should always be less than or equal to log.retention.ms value.</li> <li><code>log_message_downconversion_enable</code> (boolean). This configuration controls whether down-conversion of message formats is enabled to satisfy consume requests.</li> <li><code>log_message_timestamp_difference_max_ms</code> (integer, Minimum: 0). The maximum difference allowed between the timestamp when a broker receives a message and the timestamp specified in the message.</li> <li><code>log_message_timestamp_type</code> (string, Enum: <code>CreateTime</code>, <code>LogAppendTime</code>). Define whether the timestamp in the message is message create time or log append time.</li> <li><code>log_preallocate</code> (boolean). Should pre allocate file when create new segment?.</li> <li><code>log_retention_bytes</code> (integer, Minimum: -1). The maximum size of the log before deleting messages.</li> <li><code>log_retention_hours</code> (integer, Minimum: -1, Maximum: 2147483647). The number of hours to keep a log file before deleting it.</li> <li><code>log_retention_ms</code> (integer, Minimum: -1). The number of milliseconds to keep a log file before deleting it (in milliseconds), If not set, the value in log.retention.minutes is used. If set to -1, no time limit is applied.</li> <li><code>log_roll_jitter_ms</code> (integer, Minimum: 0). The maximum jitter to subtract from logRollTimeMillis (in milliseconds). If not set, the value in log.roll.jitter.hours is used.</li> <li><code>log_roll_ms</code> (integer, Minimum: 1). The maximum time before a new log segment is rolled out (in milliseconds).</li> <li><code>log_segment_bytes</code> (integer, Minimum: 10485760, Maximum: 1073741824). The maximum size of a single log file.</li> <li><code>log_segment_delete_delay_ms</code> (integer, Minimum: 0, Maximum: 3600000). The amount of time to wait before deleting a file from the filesystem.</li> <li><code>max_connections_per_ip</code> (integer, Minimum: 256, Maximum: 2147483647). The maximum number of connections allowed from each ip address (defaults to 2147483647).</li> <li><code>max_incremental_fetch_session_cache_slots</code> (integer, Minimum: 1000, Maximum: 10000). The maximum number of incremental fetch sessions that the broker will maintain.</li> <li><code>message_max_bytes</code> (integer, Minimum: 0, Maximum: 100001200). The maximum size of message that the server can receive.</li> <li><code>min_insync_replicas</code> (integer, Minimum: 1, Maximum: 7). When a producer sets acks to <code>all</code> (or <code>-1</code>), min.insync.replicas specifies the minimum number of replicas that must acknowledge a write for the write to be considered successful.</li> <li><code>num_partitions</code> (integer, Minimum: 1, Maximum: 1000). Number of partitions for autocreated topics.</li> <li><code>offsets_retention_minutes</code> (integer, Minimum: 1, Maximum: 2147483647). Log retention window in minutes for offsets topic.</li> <li><code>producer_purgatory_purge_interval_requests</code> (integer, Minimum: 10, Maximum: 10000). The purge interval (in number of requests) of the producer request purgatory(defaults to 1000).</li> <li><code>replica_fetch_max_bytes</code> (integer, Minimum: 1048576, Maximum: 104857600). The number of bytes of messages to attempt to fetch for each partition (defaults to 1048576). This is not an absolute maximum, if the first record batch in the first non-empty partition of the fetch is larger than this value, the record batch will still be returned to ensure that progress can be made.</li> <li><code>replica_fetch_response_max_bytes</code> (integer, Minimum: 10485760, Maximum: 1048576000). Maximum bytes expected for the entire fetch response (defaults to 10485760). Records are fetched in batches, and if the first record batch in the first non-empty partition of the fetch is larger than this value, the record batch will still be returned to ensure that progress can be made. As such, this is not an absolute maximum.</li> <li><code>sasl_oauthbearer_expected_audience</code> (string, MaxLength: 128). The (optional) comma-delimited setting for the broker to use to verify that the JWT was issued for one of the expected audiences.</li> <li><code>sasl_oauthbearer_expected_issuer</code> (string, MaxLength: 128). Optional setting for the broker to use to verify that the JWT was created by the expected issuer.</li> <li><code>sasl_oauthbearer_jwks_endpoint_url</code> (string, MaxLength: 2048). OIDC JWKS endpoint URL. By setting this the SASL SSL OAuth2/OIDC authentication is enabled. See also other options for SASL OAuth2/OIDC.</li> <li><code>sasl_oauthbearer_sub_claim_name</code> (string, MaxLength: 128). Name of the scope from which to extract the subject claim from the JWT. Defaults to sub.</li> <li><code>socket_request_max_bytes</code> (integer, Minimum: 10485760, Maximum: 209715200). The maximum number of bytes in a socket request (defaults to 104857600).</li> <li><code>transaction_partition_verification_enable</code> (boolean). Enable verification that checks that the partition has been added to the transaction before writing transactional records to the partition.</li> <li><code>transaction_remove_expired_transaction_cleanup_interval_ms</code> (integer, Minimum: 600000, Maximum: 3600000). The interval at which to remove transactions that have expired due to transactional.id.expiration.ms passing (defaults to 3600000 (1 hour)).</li> <li><code>transaction_state_log_segment_bytes</code> (integer, Minimum: 1048576, Maximum: 2147483647). The transaction topic segment bytes should be kept relatively small in order to facilitate faster log compaction and cache loads (defaults to 104857600 (100 mebibytes)).</li> </ul>"},{"location":"api-reference/kafka.html#spec.userConfig.kafka_authentication_methods","title":"kafka_authentication_methods","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Kafka authentication methods.</p> <p>Optional</p> <ul> <li><code>certificate</code> (boolean). Enable certificate/SSL authentication.</li> <li><code>sasl</code> (boolean). Enable SASL authentication.</li> </ul>"},{"location":"api-reference/kafka.html#spec.userConfig.kafka_connect_config","title":"kafka_connect_config","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Kafka Connect configuration values.</p> <p>Optional</p> <ul> <li><code>connector_client_config_override_policy</code> (string, Enum: <code>None</code>, <code>All</code>). Defines what client configurations can be overridden by the connector. Default is None.</li> <li><code>consumer_auto_offset_reset</code> (string, Enum: <code>earliest</code>, <code>latest</code>). What to do when there is no initial offset in Kafka or if the current offset does not exist any more on the server. Default is earliest.</li> <li><code>consumer_fetch_max_bytes</code> (integer, Minimum: 1048576, Maximum: 104857600). Records are fetched in batches by the consumer, and if the first record batch in the first non-empty partition of the fetch is larger than this value, the record batch will still be returned to ensure that the consumer can make progress. As such, this is not a absolute maximum.</li> <li><code>consumer_isolation_level</code> (string, Enum: <code>read_uncommitted</code>, <code>read_committed</code>). Transaction read isolation level. read_uncommitted is the default, but read_committed can be used if consume-exactly-once behavior is desired.</li> <li><code>consumer_max_partition_fetch_bytes</code> (integer, Minimum: 1048576, Maximum: 104857600). Records are fetched in batches by the consumer.If the first record batch in the first non-empty partition of the fetch is larger than this limit, the batch will still be returned to ensure that the consumer can make progress.</li> <li><code>consumer_max_poll_interval_ms</code> (integer, Minimum: 1, Maximum: 2147483647). The maximum delay in milliseconds between invocations of poll() when using consumer group management (defaults to 300000).</li> <li><code>consumer_max_poll_records</code> (integer, Minimum: 1, Maximum: 10000). The maximum number of records returned in a single call to poll() (defaults to 500).</li> <li><code>offset_flush_interval_ms</code> (integer, Minimum: 1, Maximum: 100000000). The interval at which to try committing offsets for tasks (defaults to 60000).</li> <li><code>offset_flush_timeout_ms</code> (integer, Minimum: 1, Maximum: 2147483647). Maximum number of milliseconds to wait for records to flush and partition offset data to be committed to offset storage before cancelling the process and restoring the offset data to be committed in a future attempt (defaults to 5000).</li> <li><code>producer_batch_size</code> (integer, Minimum: 0, Maximum: 5242880). This setting gives the upper bound of the batch size to be sent. If there are fewer than this many bytes accumulated for this partition, the producer will <code>linger</code> for the linger.ms time waiting for more records to show up. A batch size of zero will disable batching entirely (defaults to 16384).</li> <li><code>producer_buffer_memory</code> (integer, Minimum: 5242880, Maximum: 134217728). The total bytes of memory the producer can use to buffer records waiting to be sent to the broker (defaults to 33554432).</li> <li><code>producer_compression_type</code> (string, Enum: <code>gzip</code>, <code>snappy</code>, <code>lz4</code>, <code>zstd</code>, <code>none</code>). Specify the default compression type for producers. This configuration accepts the standard compression codecs (<code>gzip</code>, <code>snappy</code>, <code>lz4</code>, <code>zstd</code>). It additionally accepts <code>none</code> which is the default and equivalent to no compression.</li> <li><code>producer_linger_ms</code> (integer, Minimum: 0, Maximum: 5000). This setting gives the upper bound on the delay for batching: once there is batch.size worth of records for a partition it will be sent immediately regardless of this setting, however if there are fewer than this many bytes accumulated for this partition the producer will <code>linger</code> for the specified time waiting for more records to show up. Defaults to 0.</li> <li><code>producer_max_request_size</code> (integer, Minimum: 131072, Maximum: 67108864). This setting will limit the number of record batches the producer will send in a single request to avoid sending huge requests.</li> <li><code>scheduled_rebalance_max_delay_ms</code> (integer, Minimum: 0, Maximum: 600000). The maximum delay that is scheduled in order to wait for the return of one or more departed workers before rebalancing and reassigning their connectors and tasks to the group. During this period the connectors and tasks of the departed workers remain unassigned.  Defaults to 5 minutes.</li> <li><code>session_timeout_ms</code> (integer, Minimum: 1, Maximum: 2147483647). The timeout in milliseconds used to detect failures when using Kafka\u2019s group management facilities (defaults to 10000).</li> </ul>"},{"location":"api-reference/kafka.html#spec.userConfig.kafka_rest_config","title":"kafka_rest_config","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Kafka REST configuration.</p> <p>Optional</p> <ul> <li><code>consumer_enable_auto_commit</code> (boolean). If true the consumer's offset will be periodically committed to Kafka in the background.</li> <li><code>consumer_request_max_bytes</code> (integer, Minimum: 0, Maximum: 671088640). Maximum number of bytes in unencoded message keys and values by a single request.</li> <li><code>consumer_request_timeout_ms</code> (integer, Enum: <code>1000</code>, <code>15000</code>, <code>30000</code>, Minimum: 1000, Maximum: 30000). The maximum total time to wait for messages for a request if the maximum number of messages has not yet been reached.</li> <li><code>producer_acks</code> (string, Enum: <code>all</code>, <code>-1</code>, <code>0</code>, <code>1</code>). The number of acknowledgments the producer requires the leader to have received before considering a request complete. If set to <code>all</code> or <code>-1</code>, the leader will wait for the full set of in-sync replicas to acknowledge the record.</li> <li><code>producer_compression_type</code> (string, Enum: <code>gzip</code>, <code>snappy</code>, <code>lz4</code>, <code>zstd</code>, <code>none</code>). Specify the default compression type for producers. This configuration accepts the standard compression codecs (<code>gzip</code>, <code>snappy</code>, <code>lz4</code>, <code>zstd</code>). It additionally accepts <code>none</code> which is the default and equivalent to no compression.</li> <li><code>producer_linger_ms</code> (integer, Minimum: 0, Maximum: 5000). Wait for up to the given delay to allow batching records together.</li> <li><code>producer_max_request_size</code> (integer, Minimum: 0, Maximum: 2147483647). The maximum size of a request in bytes. Note that Kafka broker can also cap the record batch size.</li> <li><code>simpleconsumer_pool_size_max</code> (integer, Minimum: 10, Maximum: 250). Maximum number of SimpleConsumers that can be instantiated per broker.</li> </ul>"},{"location":"api-reference/kafka.html#spec.userConfig.private_access","title":"private_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from private networks.</p> <p>Optional</p> <ul> <li><code>kafka</code> (boolean). Allow clients to connect to kafka with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> <li><code>kafka_connect</code> (boolean). Allow clients to connect to kafka_connect with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> <li><code>kafka_rest</code> (boolean). Allow clients to connect to kafka_rest with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> <li><code>schema_registry</code> (boolean). Allow clients to connect to schema_registry with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> </ul>"},{"location":"api-reference/kafka.html#spec.userConfig.privatelink_access","title":"privatelink_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service components through Privatelink.</p> <p>Optional</p> <ul> <li><code>jolokia</code> (boolean). Enable jolokia.</li> <li><code>kafka</code> (boolean). Enable kafka.</li> <li><code>kafka_connect</code> (boolean). Enable kafka_connect.</li> <li><code>kafka_rest</code> (boolean). Enable kafka_rest.</li> <li><code>prometheus</code> (boolean). Enable prometheus.</li> <li><code>schema_registry</code> (boolean). Enable schema_registry.</li> </ul>"},{"location":"api-reference/kafka.html#spec.userConfig.public_access","title":"public_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from the public Internet.</p> <p>Optional</p> <ul> <li><code>kafka</code> (boolean). Allow clients to connect to kafka from the public internet for service nodes that are in a project VPC or another type of private network.</li> <li><code>kafka_connect</code> (boolean). Allow clients to connect to kafka_connect from the public internet for service nodes that are in a project VPC or another type of private network.</li> <li><code>kafka_rest</code> (boolean). Allow clients to connect to kafka_rest from the public internet for service nodes that are in a project VPC or another type of private network.</li> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus from the public internet for service nodes that are in a project VPC or another type of private network.</li> <li><code>schema_registry</code> (boolean). Allow clients to connect to schema_registry from the public internet for service nodes that are in a project VPC or another type of private network.</li> </ul>"},{"location":"api-reference/kafka.html#spec.userConfig.schema_registry_config","title":"schema_registry_config","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Schema Registry configuration.</p> <p>Optional</p> <ul> <li><code>leader_eligibility</code> (boolean). If true, Karapace / Schema Registry on the service nodes can participate in leader election. It might be needed to disable this when the schemas topic is replicated to a secondary cluster and Karapace / Schema Registry there must not participate in leader election. Defaults to <code>true</code>.</li> <li><code>topic_name</code> (string, MinLength: 1, MaxLength: 249). The durable single partition topic that acts as the durable log for the data. This topic must be compacted to avoid losing data due to retention policy. Please note that changing this configuration in an existing Schema Registry / Karapace setup leads to previous schemas being inaccessible, data encoded with them potentially unreadable and schema ID sequence put out of order. It's only possible to do the switch while Schema Registry / Karapace is disabled. Defaults to <code>_schemas</code>.</li> </ul>"},{"location":"api-reference/kafka.html#spec.userConfig.tiered_storage","title":"tiered_storage","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Tiered storage configuration.</p> <p>Optional</p> <ul> <li><code>enabled</code> (boolean). Whether to enable the tiered storage functionality.</li> <li><code>local_cache</code> (object). Deprecated. Local cache configuration. See below for nested schema.</li> </ul>"},{"location":"api-reference/kafka.html#spec.userConfig.tiered_storage.local_cache","title":"local_cache","text":"<p>Appears on <code>spec.userConfig.tiered_storage</code>.</p> <p>Deprecated. Local cache configuration.</p> <p>Required</p> <ul> <li><code>size</code> (integer, Minimum: 1, Maximum: 107374182400). Deprecated. Local cache size in bytes.</li> </ul>"},{"location":"api-reference/kafkaacl.html","title":"KafkaACL","text":""},{"location":"api-reference/kafkaacl.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: KafkaACL\nmetadata:\n  name: my-kafka-acl\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: my-aiven-project\n  serviceName: my-kafka\n  topic: my-topic\n  username: my-user\n  permission: admin\n</code></pre>"},{"location":"api-reference/kafkaacl.html#KafkaACL","title":"KafkaACL","text":"<p>KafkaACL is the Schema for the kafkaacls API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>KafkaACL</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). KafkaACLSpec defines the desired state of KafkaACL. See below for nested schema.</li> </ul>"},{"location":"api-reference/kafkaacl.html#spec","title":"spec","text":"<p>Appears on <code>KafkaACL</code>.</p> <p>KafkaACLSpec defines the desired state of KafkaACL.</p> <p>Required</p> <ul> <li><code>permission</code> (string, Enum: <code>admin</code>, <code>read</code>, <code>readwrite</code>, <code>write</code>). Kafka permission to grant (admin, read, readwrite, write).</li> <li><code>project</code> (string, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Project to link the Kafka ACL to.</li> <li><code>serviceName</code> (string, MaxLength: 63). Service to link the Kafka ACL to.</li> <li><code>topic</code> (string). Topic name pattern for the ACL entry.</li> <li><code>username</code> (string). Username pattern for the ACL entry.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> </ul>"},{"location":"api-reference/kafkaacl.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/kafkaconnect.html","title":"KafkaConnect","text":""},{"location":"api-reference/kafkaconnect.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: KafkaConnect\nmetadata:\n  name: my-kafka-connect\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: my-aiven-project\n  cloudName: google-europe-west1\n  plan: business-4\n\n  userConfig:\n    kafka_connect:\n      consumer_isolation_level: read_committed\n    public_access:\n      kafka_connect: true\n</code></pre>"},{"location":"api-reference/kafkaconnect.html#KafkaConnect","title":"KafkaConnect","text":"<p>KafkaConnect is the Schema for the kafkaconnects API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>KafkaConnect</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). KafkaConnectSpec defines the desired state of KafkaConnect. See below for nested schema.</li> </ul>"},{"location":"api-reference/kafkaconnect.html#spec","title":"spec","text":"<p>Appears on <code>KafkaConnect</code>.</p> <p>KafkaConnectSpec defines the desired state of KafkaConnect.</p> <p>Required</p> <ul> <li><code>plan</code> (string, MaxLength: 128). Subscription plan.</li> <li><code>project</code> (string, Immutable, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Target project.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>cloudName</code> (string, MaxLength: 256). Cloud the service runs in.</li> <li><code>maintenanceWindowDow</code> (string, Enum: <code>monday</code>, <code>tuesday</code>, <code>wednesday</code>, <code>thursday</code>, <code>friday</code>, <code>saturday</code>, <code>sunday</code>). Day of week when maintenance operations should be performed. One monday, tuesday, wednesday, etc.</li> <li><code>maintenanceWindowTime</code> (string, MaxLength: 8). Time of day when maintenance operations should be performed. UTC time in HH:mm:ss format.</li> <li><code>projectVPCRef</code> (object). ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically. See below for nested schema.</li> <li><code>projectVpcId</code> (string, MaxLength: 36). Identifier of the VPC the service should be in, if any.</li> <li><code>serviceIntegrations</code> (array of objects, Immutable, MaxItems: 1). Service integrations to specify when creating a service. Not applied after initial service creation. See below for nested schema.</li> <li><code>tags</code> (object, AdditionalProperties: string). Tags are key-value pairs that allow you to categorize services.</li> <li><code>terminationProtection</code> (boolean). Prevent service from being deleted. It is recommended to have this enabled for all services.</li> <li><code>userConfig</code> (object). KafkaConnect specific user configuration options. See below for nested schema.</li> </ul>"},{"location":"api-reference/kafkaconnect.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/kafkaconnect.html#spec.projectVPCRef","title":"projectVPCRef","text":"<p>Appears on <code>spec</code>.</p> <p>ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically.</p> <p>Required</p> <ul> <li><code>name</code> (string, MinLength: 1). </li> </ul> <p>Optional</p> <ul> <li><code>namespace</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/kafkaconnect.html#spec.serviceIntegrations","title":"serviceIntegrations","text":"<p>Appears on <code>spec</code>.</p> <p>Service integrations to specify when creating a service. Not applied after initial service creation.</p> <p>Required</p> <ul> <li><code>integrationType</code> (string, Enum: <code>read_replica</code>). </li> <li><code>sourceServiceName</code> (string, MinLength: 1, MaxLength: 64). </li> </ul>"},{"location":"api-reference/kafkaconnect.html#spec.userConfig","title":"userConfig","text":"<p>Appears on <code>spec</code>.</p> <p>KafkaConnect specific user configuration options.</p> <p>Optional</p> <ul> <li><code>additional_backup_regions</code> (array of strings, MaxItems: 1). Additional Cloud Regions for Backup Replication.</li> <li><code>ip_filter</code> (array of objects, MaxItems: 1024). Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>. See below for nested schema.</li> <li><code>kafka_connect</code> (object). Kafka Connect configuration values. See below for nested schema.</li> <li><code>private_access</code> (object). Allow access to selected service ports from private networks. See below for nested schema.</li> <li><code>privatelink_access</code> (object). Allow access to selected service components through Privatelink. See below for nested schema.</li> <li><code>public_access</code> (object). Allow access to selected service ports from the public Internet. See below for nested schema.</li> <li><code>static_ips</code> (boolean). Use static public IP addresses.</li> </ul>"},{"location":"api-reference/kafkaconnect.html#spec.userConfig.ip_filter","title":"ip_filter","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>.</p> <p>Required</p> <ul> <li><code>network</code> (string, MaxLength: 43). CIDR address block.</li> </ul> <p>Optional</p> <ul> <li><code>description</code> (string, MaxLength: 1024). Description for IP filter list entry.</li> </ul>"},{"location":"api-reference/kafkaconnect.html#spec.userConfig.kafka_connect","title":"kafka_connect","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Kafka Connect configuration values.</p> <p>Optional</p> <ul> <li><code>connector_client_config_override_policy</code> (string, Enum: <code>None</code>, <code>All</code>). Defines what client configurations can be overridden by the connector. Default is None.</li> <li><code>consumer_auto_offset_reset</code> (string, Enum: <code>earliest</code>, <code>latest</code>). What to do when there is no initial offset in Kafka or if the current offset does not exist any more on the server. Default is earliest.</li> <li><code>consumer_fetch_max_bytes</code> (integer, Minimum: 1048576, Maximum: 104857600). Records are fetched in batches by the consumer, and if the first record batch in the first non-empty partition of the fetch is larger than this value, the record batch will still be returned to ensure that the consumer can make progress. As such, this is not a absolute maximum.</li> <li><code>consumer_isolation_level</code> (string, Enum: <code>read_uncommitted</code>, <code>read_committed</code>). Transaction read isolation level. read_uncommitted is the default, but read_committed can be used if consume-exactly-once behavior is desired.</li> <li><code>consumer_max_partition_fetch_bytes</code> (integer, Minimum: 1048576, Maximum: 104857600). Records are fetched in batches by the consumer.If the first record batch in the first non-empty partition of the fetch is larger than this limit, the batch will still be returned to ensure that the consumer can make progress.</li> <li><code>consumer_max_poll_interval_ms</code> (integer, Minimum: 1, Maximum: 2147483647). The maximum delay in milliseconds between invocations of poll() when using consumer group management (defaults to 300000).</li> <li><code>consumer_max_poll_records</code> (integer, Minimum: 1, Maximum: 10000). The maximum number of records returned in a single call to poll() (defaults to 500).</li> <li><code>offset_flush_interval_ms</code> (integer, Minimum: 1, Maximum: 100000000). The interval at which to try committing offsets for tasks (defaults to 60000).</li> <li><code>offset_flush_timeout_ms</code> (integer, Minimum: 1, Maximum: 2147483647). Maximum number of milliseconds to wait for records to flush and partition offset data to be committed to offset storage before cancelling the process and restoring the offset data to be committed in a future attempt (defaults to 5000).</li> <li><code>producer_batch_size</code> (integer, Minimum: 0, Maximum: 5242880). This setting gives the upper bound of the batch size to be sent. If there are fewer than this many bytes accumulated for this partition, the producer will <code>linger</code> for the linger.ms time waiting for more records to show up. A batch size of zero will disable batching entirely (defaults to 16384).</li> <li><code>producer_buffer_memory</code> (integer, Minimum: 5242880, Maximum: 134217728). The total bytes of memory the producer can use to buffer records waiting to be sent to the broker (defaults to 33554432).</li> <li><code>producer_compression_type</code> (string, Enum: <code>gzip</code>, <code>snappy</code>, <code>lz4</code>, <code>zstd</code>, <code>none</code>). Specify the default compression type for producers. This configuration accepts the standard compression codecs (<code>gzip</code>, <code>snappy</code>, <code>lz4</code>, <code>zstd</code>). It additionally accepts <code>none</code> which is the default and equivalent to no compression.</li> <li><code>producer_linger_ms</code> (integer, Minimum: 0, Maximum: 5000). This setting gives the upper bound on the delay for batching: once there is batch.size worth of records for a partition it will be sent immediately regardless of this setting, however if there are fewer than this many bytes accumulated for this partition the producer will <code>linger</code> for the specified time waiting for more records to show up. Defaults to 0.</li> <li><code>producer_max_request_size</code> (integer, Minimum: 131072, Maximum: 67108864). This setting will limit the number of record batches the producer will send in a single request to avoid sending huge requests.</li> <li><code>scheduled_rebalance_max_delay_ms</code> (integer, Minimum: 0, Maximum: 600000). The maximum delay that is scheduled in order to wait for the return of one or more departed workers before rebalancing and reassigning their connectors and tasks to the group. During this period the connectors and tasks of the departed workers remain unassigned.  Defaults to 5 minutes.</li> <li><code>session_timeout_ms</code> (integer, Minimum: 1, Maximum: 2147483647). The timeout in milliseconds used to detect failures when using Kafka\u2019s group management facilities (defaults to 10000).</li> </ul>"},{"location":"api-reference/kafkaconnect.html#spec.userConfig.private_access","title":"private_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from private networks.</p> <p>Optional</p> <ul> <li><code>kafka_connect</code> (boolean). Allow clients to connect to kafka_connect with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> </ul>"},{"location":"api-reference/kafkaconnect.html#spec.userConfig.privatelink_access","title":"privatelink_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service components through Privatelink.</p> <p>Optional</p> <ul> <li><code>jolokia</code> (boolean). Enable jolokia.</li> <li><code>kafka_connect</code> (boolean). Enable kafka_connect.</li> <li><code>prometheus</code> (boolean). Enable prometheus.</li> </ul>"},{"location":"api-reference/kafkaconnect.html#spec.userConfig.public_access","title":"public_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from the public Internet.</p> <p>Optional</p> <ul> <li><code>kafka_connect</code> (boolean). Allow clients to connect to kafka_connect from the public internet for service nodes that are in a project VPC or another type of private network.</li> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus from the public internet for service nodes that are in a project VPC or another type of private network.</li> </ul>"},{"location":"api-reference/kafkaconnector.html","title":"KafkaConnector","text":""},{"location":"api-reference/kafkaconnector.html#KafkaConnector","title":"KafkaConnector","text":"<p>KafkaConnector is the Schema for the kafkaconnectors API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>KafkaConnector</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). KafkaConnectorSpec defines the desired state of KafkaConnector. See below for nested schema.</li> </ul>"},{"location":"api-reference/kafkaconnector.html#spec","title":"spec","text":"<p>Appears on <code>KafkaConnector</code>.</p> <p>KafkaConnectorSpec defines the desired state of KafkaConnector.</p> <p>Required</p> <ul> <li><code>connectorClass</code> (string, MaxLength: 1024). The Java class of the connector.</li> <li><code>project</code> (string, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Target project.</li> <li><code>serviceName</code> (string, MaxLength: 63). Service name.</li> <li><code>userConfig</code> (object, AdditionalProperties: string). The connector specific configuration To build config values from secret the template function <code>{{ fromSecret \"name\" \"key\" }}</code> is provided when interpreting the keys.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> </ul>"},{"location":"api-reference/kafkaconnector.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/kafkaschema.html","title":"KafkaSchema","text":""},{"location":"api-reference/kafkaschema.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: KafkaSchema\nmetadata:\n  name: my-schema\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: my-aiven-project\n  serviceName: my-kafka\n  subjectName: mny-subject\n  compatibilityLevel: BACKWARD\n  schema: |\n    {\n        \"doc\": \"example_doc\",\n        \"fields\": [{\n            \"default\": 5,\n            \"doc\": \"field_doc\",\n            \"name\": \"field_name\",\n            \"namespace\": \"field_namespace\",\n            \"type\": \"int\"\n        }],\n        \"name\": \"example_name\",\n        \"namespace\": \"example_namespace\",\n        \"type\": \"record\"\n    }\n</code></pre>"},{"location":"api-reference/kafkaschema.html#KafkaSchema","title":"KafkaSchema","text":"<p>KafkaSchema is the Schema for the kafkaschemas API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>KafkaSchema</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). KafkaSchemaSpec defines the desired state of KafkaSchema. See below for nested schema.</li> </ul>"},{"location":"api-reference/kafkaschema.html#spec","title":"spec","text":"<p>Appears on <code>KafkaSchema</code>.</p> <p>KafkaSchemaSpec defines the desired state of KafkaSchema.</p> <p>Required</p> <ul> <li><code>project</code> (string, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Project to link the Kafka Schema to.</li> <li><code>schema</code> (string). Kafka Schema configuration should be a valid Avro Schema JSON format.</li> <li><code>serviceName</code> (string, MaxLength: 63). Service to link the Kafka Schema to.</li> <li><code>subjectName</code> (string, MaxLength: 63). Kafka Schema Subject name.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>compatibilityLevel</code> (string, Enum: <code>BACKWARD</code>, <code>BACKWARD_TRANSITIVE</code>, <code>FORWARD</code>, <code>FORWARD_TRANSITIVE</code>, <code>FULL</code>, <code>FULL_TRANSITIVE</code>, <code>NONE</code>). Kafka Schemas compatibility level.</li> </ul>"},{"location":"api-reference/kafkaschema.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/kafkatopic.html","title":"KafkaTopic","text":""},{"location":"api-reference/kafkatopic.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: KafkaTopic\nmetadata:\n  name: kafka-topic\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: my-aiven-project\n  serviceName: my-kafka\n  topicName: my-kafka-topic\n\n  replication: 2\n  partitions: 1\n\n  config:\n    min_cleanable_dirty_ratio: 0.2\n</code></pre>"},{"location":"api-reference/kafkatopic.html#KafkaTopic","title":"KafkaTopic","text":"<p>KafkaTopic is the Schema for the kafkatopics API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>KafkaTopic</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). KafkaTopicSpec defines the desired state of KafkaTopic. See below for nested schema.</li> </ul>"},{"location":"api-reference/kafkatopic.html#spec","title":"spec","text":"<p>Appears on <code>KafkaTopic</code>.</p> <p>KafkaTopicSpec defines the desired state of KafkaTopic.</p> <p>Required</p> <ul> <li><code>partitions</code> (integer, Minimum: 1, Maximum: 1000000). Number of partitions to create in the topic.</li> <li><code>project</code> (string, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Target project.</li> <li><code>replication</code> (integer, Minimum: 2). Replication factor for the topic.</li> <li><code>serviceName</code> (string, MaxLength: 63). Service name.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>config</code> (object). Kafka topic configuration. See below for nested schema.</li> <li><code>tags</code> (array of objects). Kafka topic tags. See below for nested schema.</li> <li><code>termination_protection</code> (boolean). It is a Kubernetes side deletion protections, which prevents the kafka topic from being deleted by Kubernetes. It is recommended to enable this for any production databases containing critical data.</li> <li><code>topicName</code> (string, Immutable, MinLength: 1, MaxLength: 249). Topic name. If provided, is used instead of metadata.name. This field supports additional characters, has a longer length, and will replace metadata.name in future releases.</li> </ul>"},{"location":"api-reference/kafkatopic.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/kafkatopic.html#spec.config","title":"config","text":"<p>Appears on <code>spec</code>.</p> <p>Kafka topic configuration.</p> <p>Optional</p> <ul> <li><code>cleanup_policy</code> (string). cleanup.policy value.</li> <li><code>compression_type</code> (string). compression.type value.</li> <li><code>delete_retention_ms</code> (integer). delete.retention.ms value.</li> <li><code>file_delete_delay_ms</code> (integer). file.delete.delay.ms value.</li> <li><code>flush_messages</code> (integer). flush.messages value.</li> <li><code>flush_ms</code> (integer). flush.ms value.</li> <li><code>index_interval_bytes</code> (integer). index.interval.bytes value.</li> <li><code>max_compaction_lag_ms</code> (integer). max.compaction.lag.ms value.</li> <li><code>max_message_bytes</code> (integer). max.message.bytes value.</li> <li><code>message_downconversion_enable</code> (boolean). message.downconversion.enable value.</li> <li><code>message_format_version</code> (string). message.format.version value.</li> <li><code>message_timestamp_difference_max_ms</code> (integer). message.timestamp.difference.max.ms value.</li> <li><code>message_timestamp_type</code> (string). message.timestamp.type value.</li> <li><code>min_cleanable_dirty_ratio</code> (number). min.cleanable.dirty.ratio value.</li> <li><code>min_compaction_lag_ms</code> (integer). min.compaction.lag.ms value.</li> <li><code>min_insync_replicas</code> (integer). min.insync.replicas value.</li> <li><code>preallocate</code> (boolean). preallocate value.</li> <li><code>retention_bytes</code> (integer). retention.bytes value.</li> <li><code>retention_ms</code> (integer). retention.ms value.</li> <li><code>segment_bytes</code> (integer). segment.bytes value.</li> <li><code>segment_index_bytes</code> (integer). segment.index.bytes value.</li> <li><code>segment_jitter_ms</code> (integer). segment.jitter.ms value.</li> <li><code>segment_ms</code> (integer). segment.ms value.</li> </ul>"},{"location":"api-reference/kafkatopic.html#spec.tags","title":"tags","text":"<p>Appears on <code>spec</code>.</p> <p>Kafka topic tags.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1, MaxLength: 64, Format: <code>^[a-zA-Z0-9_-]*$</code>). </li> </ul> <p>Optional</p> <ul> <li><code>value</code> (string, MaxLength: 256, Format: <code>^[a-zA-Z0-9_-]*$</code>). </li> </ul>"},{"location":"api-reference/mysql.html","title":"MySQL","text":""},{"location":"api-reference/mysql.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: MySQL\nmetadata:\n  name: my-mysql\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: mysql-secret\n    prefix: MY_SECRET_PREFIX_\n    annotations:\n      foo: bar\n    labels:\n      baz: egg\n\n  project: my-aiven-project\n  cloudName: google-europe-west1\n  plan: business-4\n\n  maintenanceWindowDow: sunday\n  maintenanceWindowTime: 11:00:00\n\n  userConfig:\n    backup_hour: 17\n    backup_minute: 11\n    ip_filter:\n      - network: 0.0.0.0\n        description: whatever\n      - network: 10.20.0.0/16\n</code></pre>"},{"location":"api-reference/mysql.html#MySQL","title":"MySQL","text":"<p>MySQL is the Schema for the mysqls API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>MySQL</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). MySQLSpec defines the desired state of MySQL. See below for nested schema.</li> </ul>"},{"location":"api-reference/mysql.html#spec","title":"spec","text":"<p>Appears on <code>MySQL</code>.</p> <p>MySQLSpec defines the desired state of MySQL.</p> <p>Required</p> <ul> <li><code>plan</code> (string, MaxLength: 128). Subscription plan.</li> <li><code>project</code> (string, Immutable, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Target project.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>cloudName</code> (string, MaxLength: 256). Cloud the service runs in.</li> <li><code>connInfoSecretTarget</code> (object). Information regarding secret creation. Exposed keys: <code>MYSQL_HOST</code>, <code>MYSQL_PORT</code>, <code>MYSQL_DATABASE</code>, <code>MYSQL_USER</code>, <code>MYSQL_PASSWORD</code>, <code>MYSQL_SSL_MODE</code>, <code>MYSQL_URI</code>, <code>MYSQL_REPLICA_URI</code>. See below for nested schema.</li> <li><code>disk_space</code> (string, Format: <code>^[1-9][0-9]*(GiB|G)*</code>). The disk space of the service, possible values depend on the service type, the cloud provider and the project. Reducing will result in the service re-balancing.</li> <li><code>maintenanceWindowDow</code> (string, Enum: <code>monday</code>, <code>tuesday</code>, <code>wednesday</code>, <code>thursday</code>, <code>friday</code>, <code>saturday</code>, <code>sunday</code>). Day of week when maintenance operations should be performed. One monday, tuesday, wednesday, etc.</li> <li><code>maintenanceWindowTime</code> (string, MaxLength: 8). Time of day when maintenance operations should be performed. UTC time in HH:mm:ss format.</li> <li><code>projectVPCRef</code> (object). ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically. See below for nested schema.</li> <li><code>projectVpcId</code> (string, MaxLength: 36). Identifier of the VPC the service should be in, if any.</li> <li><code>serviceIntegrations</code> (array of objects, Immutable, MaxItems: 1). Service integrations to specify when creating a service. Not applied after initial service creation. See below for nested schema.</li> <li><code>tags</code> (object, AdditionalProperties: string). Tags are key-value pairs that allow you to categorize services.</li> <li><code>terminationProtection</code> (boolean). Prevent service from being deleted. It is recommended to have this enabled for all services.</li> <li><code>userConfig</code> (object). MySQL specific user configuration options. See below for nested schema.</li> </ul>"},{"location":"api-reference/mysql.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/mysql.html#spec.connInfoSecretTarget","title":"connInfoSecretTarget","text":"<p>Appears on <code>spec</code>.</p> <p>Information regarding secret creation. Exposed keys: <code>MYSQL_HOST</code>, <code>MYSQL_PORT</code>, <code>MYSQL_DATABASE</code>, <code>MYSQL_USER</code>, <code>MYSQL_PASSWORD</code>, <code>MYSQL_SSL_MODE</code>, <code>MYSQL_URI</code>, <code>MYSQL_REPLICA_URI</code>.</p> <p>Required</p> <ul> <li><code>name</code> (string). Name of the secret resource to be created. By default, is equal to the resource name.</li> </ul> <p>Optional</p> <ul> <li><code>annotations</code> (object, AdditionalProperties: string). Annotations added to the secret.</li> <li><code>labels</code> (object, AdditionalProperties: string). Labels added to the secret.</li> <li><code>prefix</code> (string). Prefix for the secret's keys. Added \"as is\" without any transformations. By default, is equal to the kind name in uppercase + underscore, e.g. <code>KAFKA_</code>, <code>REDIS_</code>, etc.</li> </ul>"},{"location":"api-reference/mysql.html#spec.projectVPCRef","title":"projectVPCRef","text":"<p>Appears on <code>spec</code>.</p> <p>ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically.</p> <p>Required</p> <ul> <li><code>name</code> (string, MinLength: 1). </li> </ul> <p>Optional</p> <ul> <li><code>namespace</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/mysql.html#spec.serviceIntegrations","title":"serviceIntegrations","text":"<p>Appears on <code>spec</code>.</p> <p>Service integrations to specify when creating a service. Not applied after initial service creation.</p> <p>Required</p> <ul> <li><code>integrationType</code> (string, Enum: <code>read_replica</code>). </li> <li><code>sourceServiceName</code> (string, MinLength: 1, MaxLength: 64). </li> </ul>"},{"location":"api-reference/mysql.html#spec.userConfig","title":"userConfig","text":"<p>Appears on <code>spec</code>.</p> <p>MySQL specific user configuration options.</p> <p>Optional</p> <ul> <li><code>additional_backup_regions</code> (array of strings, MaxItems: 1). Additional Cloud Regions for Backup Replication.</li> <li><code>admin_password</code> (string, Immutable, Pattern: <code>^[a-zA-Z0-9-_]+$</code>, MinLength: 8, MaxLength: 256). Custom password for admin user. Defaults to random string. This must be set only when a new service is being created.</li> <li><code>admin_username</code> (string, Immutable, Pattern: <code>^[_A-Za-z0-9][-._A-Za-z0-9]{0,63}$</code>, MaxLength: 64). Custom username for admin user. This must be set only when a new service is being created.</li> <li><code>backup_hour</code> (integer, Minimum: 0, Maximum: 23). The hour of day (in UTC) when backup for the service is started. New backup is only started if previous backup has already completed.</li> <li><code>backup_minute</code> (integer, Minimum: 0, Maximum: 59). The minute of an hour when backup for the service is started. New backup is only started if previous backup has already completed.</li> <li><code>binlog_retention_period</code> (integer, Minimum: 600, Maximum: 86400). The minimum amount of time in seconds to keep binlog entries before deletion. This may be extended for services that require binlog entries for longer than the default for example if using the MySQL Debezium Kafka connector.</li> <li><code>ip_filter</code> (array of objects, MaxItems: 1024). Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>. See below for nested schema.</li> <li><code>migration</code> (object). Migrate data from existing server. See below for nested schema.</li> <li><code>mysql</code> (object). mysql.conf configuration values. See below for nested schema.</li> <li><code>mysql_version</code> (string, Enum: <code>8</code>). MySQL major version.</li> <li><code>private_access</code> (object). Allow access to selected service ports from private networks. See below for nested schema.</li> <li><code>privatelink_access</code> (object). Allow access to selected service components through Privatelink. See below for nested schema.</li> <li><code>project_to_fork_from</code> (string, Immutable, MaxLength: 63). Name of another project to fork a service from. This has effect only when a new service is being created.</li> <li><code>public_access</code> (object). Allow access to selected service ports from the public Internet. See below for nested schema.</li> <li><code>recovery_target_time</code> (string, Immutable, MaxLength: 32). Recovery target time when forking a service. This has effect only when a new service is being created.</li> <li><code>service_to_fork_from</code> (string, Immutable, MaxLength: 64). Name of another service to fork from. This has effect only when a new service is being created.</li> <li><code>static_ips</code> (boolean). Use static public IP addresses.</li> </ul>"},{"location":"api-reference/mysql.html#spec.userConfig.ip_filter","title":"ip_filter","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>.</p> <p>Required</p> <ul> <li><code>network</code> (string, MaxLength: 43). CIDR address block.</li> </ul> <p>Optional</p> <ul> <li><code>description</code> (string, MaxLength: 1024). Description for IP filter list entry.</li> </ul>"},{"location":"api-reference/mysql.html#spec.userConfig.migration","title":"migration","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Migrate data from existing server.</p> <p>Required</p> <ul> <li><code>host</code> (string, MaxLength: 255). Hostname or IP address of the server where to migrate data from.</li> <li><code>port</code> (integer, Minimum: 1, Maximum: 65535). Port number of the server where to migrate data from.</li> </ul> <p>Optional</p> <ul> <li><code>dbname</code> (string, MaxLength: 63). Database name for bootstrapping the initial connection.</li> <li><code>ignore_dbs</code> (string, MaxLength: 2048). Comma-separated list of databases, which should be ignored during migration (supported by MySQL and PostgreSQL only at the moment).</li> <li><code>method</code> (string, Enum: <code>dump</code>, <code>replication</code>). The migration method to be used (currently supported only by Redis, Dragonfly, MySQL and PostgreSQL service types).</li> <li><code>password</code> (string, MaxLength: 256). Password for authentication with the server where to migrate data from.</li> <li><code>ssl</code> (boolean). The server where to migrate data from is secured with SSL.</li> <li><code>username</code> (string, MaxLength: 256). User name for authentication with the server where to migrate data from.</li> </ul>"},{"location":"api-reference/mysql.html#spec.userConfig.mysql","title":"mysql","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>mysql.conf configuration values.</p> <p>Optional</p> <ul> <li><code>connect_timeout</code> (integer, Minimum: 2, Maximum: 3600). The number of seconds that the mysqld server waits for a connect packet before responding with Bad handshake.</li> <li><code>default_time_zone</code> (string, MinLength: 2, MaxLength: 100). Default server time zone as an offset from UTC (from -12:00 to +12:00), a time zone name, or <code>SYSTEM</code> to use the MySQL server default.</li> <li><code>group_concat_max_len</code> (integer, Minimum: 4). The maximum permitted result length in bytes for the GROUP_CONCAT() function.</li> <li><code>information_schema_stats_expiry</code> (integer, Minimum: 900, Maximum: 31536000). The time, in seconds, before cached statistics expire.</li> <li><code>innodb_change_buffer_max_size</code> (integer, Minimum: 0, Maximum: 50). Maximum size for the InnoDB change buffer, as a percentage of the total size of the buffer pool. Default is 25.</li> <li><code>innodb_flush_neighbors</code> (integer, Minimum: 0, Maximum: 2). Specifies whether flushing a page from the InnoDB buffer pool also flushes other dirty pages in the same extent (default is 1): 0 - dirty pages in the same extent are not flushed,  1 - flush contiguous dirty pages in the same extent,  2 - flush dirty pages in the same extent.</li> <li><code>innodb_ft_min_token_size</code> (integer, Minimum: 0, Maximum: 16). Minimum length of words that are stored in an InnoDB FULLTEXT index. Changing this parameter will lead to a restart of the MySQL service.</li> <li><code>innodb_ft_server_stopword_table</code> (string, Pattern: <code>^.+/.+$</code>, MaxLength: 1024). This option is used to specify your own InnoDB FULLTEXT index stopword list for all InnoDB tables.</li> <li><code>innodb_lock_wait_timeout</code> (integer, Minimum: 1, Maximum: 3600). The length of time in seconds an InnoDB transaction waits for a row lock before giving up. Default is 120.</li> <li><code>innodb_log_buffer_size</code> (integer, Minimum: 1048576, Maximum: 4294967295). The size in bytes of the buffer that InnoDB uses to write to the log files on disk.</li> <li><code>innodb_online_alter_log_max_size</code> (integer, Minimum: 65536, Maximum: 1099511627776). The upper limit in bytes on the size of the temporary log files used during online DDL operations for InnoDB tables.</li> <li><code>innodb_print_all_deadlocks</code> (boolean). When enabled, information about all deadlocks in InnoDB user transactions is recorded in the error log. Disabled by default.</li> <li><code>innodb_read_io_threads</code> (integer, Minimum: 1, Maximum: 64). The number of I/O threads for read operations in InnoDB. Default is 4. Changing this parameter will lead to a restart of the MySQL service.</li> <li><code>innodb_rollback_on_timeout</code> (boolean). When enabled a transaction timeout causes InnoDB to abort and roll back the entire transaction. Changing this parameter will lead to a restart of the MySQL service.</li> <li><code>innodb_thread_concurrency</code> (integer, Minimum: 0, Maximum: 1000). Defines the maximum number of threads permitted inside of InnoDB. Default is 0 (infinite concurrency - no limit).</li> <li><code>innodb_write_io_threads</code> (integer, Minimum: 1, Maximum: 64). The number of I/O threads for write operations in InnoDB. Default is 4. Changing this parameter will lead to a restart of the MySQL service.</li> <li><code>interactive_timeout</code> (integer, Minimum: 30, Maximum: 604800). The number of seconds the server waits for activity on an interactive connection before closing it.</li> <li><code>internal_tmp_mem_storage_engine</code> (string, Enum: <code>TempTable</code>, <code>MEMORY</code>). The storage engine for in-memory internal temporary tables.</li> <li><code>long_query_time</code> (number, Minimum: 0, Maximum: 3600). The slow_query_logs work as SQL statements that take more than long_query_time seconds to execute. Default is 10s.</li> <li><code>max_allowed_packet</code> (integer, Minimum: 102400, Maximum: 1073741824). Size of the largest message in bytes that can be received by the server. Default is 67108864 (64M).</li> <li><code>max_heap_table_size</code> (integer, Minimum: 1048576, Maximum: 1073741824). Limits the size of internal in-memory tables. Also set tmp_table_size. Default is 16777216 (16M).</li> <li><code>net_buffer_length</code> (integer, Minimum: 1024, Maximum: 1048576). Start sizes of connection buffer and result buffer. Default is 16384 (16K). Changing this parameter will lead to a restart of the MySQL service.</li> <li><code>net_read_timeout</code> (integer, Minimum: 1, Maximum: 3600). The number of seconds to wait for more data from a connection before aborting the read.</li> <li><code>net_write_timeout</code> (integer, Minimum: 1, Maximum: 3600). The number of seconds to wait for a block to be written to a connection before aborting the write.</li> <li><code>slow_query_log</code> (boolean). Slow query log enables capturing of slow queries. Setting slow_query_log to false also truncates the mysql.slow_log table. Default is off.</li> <li><code>sort_buffer_size</code> (integer, Minimum: 32768, Maximum: 1073741824). Sort buffer size in bytes for ORDER BY optimization. Default is 262144 (256K).</li> <li><code>sql_mode</code> (string, Pattern: <code>^[A-Z_]*(,[A-Z_]+)*$</code>, MaxLength: 1024). Global SQL mode. Set to empty to use MySQL server defaults. When creating a new service and not setting this field Aiven default SQL mode (strict, SQL standard compliant) will be assigned.</li> <li><code>sql_require_primary_key</code> (boolean). Require primary key to be defined for new tables or old tables modified with ALTER TABLE and fail if missing. It is recommended to always have primary keys because various functionality may break if any large table is missing them.</li> <li><code>tmp_table_size</code> (integer, Minimum: 1048576, Maximum: 1073741824). Limits the size of internal in-memory tables. Also set max_heap_table_size. Default is 16777216 (16M).</li> <li><code>wait_timeout</code> (integer, Minimum: 1, Maximum: 2147483). The number of seconds the server waits for activity on a noninteractive connection before closing it.</li> </ul>"},{"location":"api-reference/mysql.html#spec.userConfig.private_access","title":"private_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from private networks.</p> <p>Optional</p> <ul> <li><code>mysql</code> (boolean). Allow clients to connect to mysql with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> <li><code>mysqlx</code> (boolean). Allow clients to connect to mysqlx with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> </ul>"},{"location":"api-reference/mysql.html#spec.userConfig.privatelink_access","title":"privatelink_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service components through Privatelink.</p> <p>Optional</p> <ul> <li><code>mysql</code> (boolean). Enable mysql.</li> <li><code>mysqlx</code> (boolean). Enable mysqlx.</li> <li><code>prometheus</code> (boolean). Enable prometheus.</li> </ul>"},{"location":"api-reference/mysql.html#spec.userConfig.public_access","title":"public_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from the public Internet.</p> <p>Optional</p> <ul> <li><code>mysql</code> (boolean). Allow clients to connect to mysql from the public internet for service nodes that are in a project VPC or another type of private network.</li> <li><code>mysqlx</code> (boolean). Allow clients to connect to mysqlx from the public internet for service nodes that are in a project VPC or another type of private network.</li> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus from the public internet for service nodes that are in a project VPC or another type of private network.</li> </ul>"},{"location":"api-reference/opensearch.html","title":"OpenSearch","text":""},{"location":"api-reference/opensearch.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: OpenSearch\nmetadata:\n  name: my-os\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: os-secret\n    prefix: MY_SECRET_PREFIX_\n    annotations:\n      foo: bar\n    labels:\n      baz: egg\n\n  project: my-aiven-project\n  cloudName: google-europe-west1\n  plan: startup-4\n  disk_space: 80Gib\n\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n</code></pre>"},{"location":"api-reference/opensearch.html#OpenSearch","title":"OpenSearch","text":"<p>OpenSearch is the Schema for the opensearches API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>OpenSearch</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). OpenSearchSpec defines the desired state of OpenSearch. See below for nested schema.</li> </ul>"},{"location":"api-reference/opensearch.html#spec","title":"spec","text":"<p>Appears on <code>OpenSearch</code>.</p> <p>OpenSearchSpec defines the desired state of OpenSearch.</p> <p>Required</p> <ul> <li><code>plan</code> (string, MaxLength: 128). Subscription plan.</li> <li><code>project</code> (string, Immutable, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Target project.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>cloudName</code> (string, MaxLength: 256). Cloud the service runs in.</li> <li><code>connInfoSecretTarget</code> (object). Information regarding secret creation. Exposed keys: <code>OPENSEARCH_HOST</code>, <code>OPENSEARCH_PORT</code>, <code>OPENSEARCH_USER</code>, <code>OPENSEARCH_PASSWORD</code>. See below for nested schema.</li> <li><code>disk_space</code> (string, Format: <code>^[1-9][0-9]*(GiB|G)*</code>). The disk space of the service, possible values depend on the service type, the cloud provider and the project. Reducing will result in the service re-balancing.</li> <li><code>maintenanceWindowDow</code> (string, Enum: <code>monday</code>, <code>tuesday</code>, <code>wednesday</code>, <code>thursday</code>, <code>friday</code>, <code>saturday</code>, <code>sunday</code>). Day of week when maintenance operations should be performed. One monday, tuesday, wednesday, etc.</li> <li><code>maintenanceWindowTime</code> (string, MaxLength: 8). Time of day when maintenance operations should be performed. UTC time in HH:mm:ss format.</li> <li><code>projectVPCRef</code> (object). ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically. See below for nested schema.</li> <li><code>projectVpcId</code> (string, MaxLength: 36). Identifier of the VPC the service should be in, if any.</li> <li><code>serviceIntegrations</code> (array of objects, Immutable, MaxItems: 1). Service integrations to specify when creating a service. Not applied after initial service creation. See below for nested schema.</li> <li><code>tags</code> (object, AdditionalProperties: string). Tags are key-value pairs that allow you to categorize services.</li> <li><code>terminationProtection</code> (boolean). Prevent service from being deleted. It is recommended to have this enabled for all services.</li> <li><code>userConfig</code> (object). OpenSearch specific user configuration options. See below for nested schema.</li> </ul>"},{"location":"api-reference/opensearch.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/opensearch.html#spec.connInfoSecretTarget","title":"connInfoSecretTarget","text":"<p>Appears on <code>spec</code>.</p> <p>Information regarding secret creation. Exposed keys: <code>OPENSEARCH_HOST</code>, <code>OPENSEARCH_PORT</code>, <code>OPENSEARCH_USER</code>, <code>OPENSEARCH_PASSWORD</code>.</p> <p>Required</p> <ul> <li><code>name</code> (string). Name of the secret resource to be created. By default, is equal to the resource name.</li> </ul> <p>Optional</p> <ul> <li><code>annotations</code> (object, AdditionalProperties: string). Annotations added to the secret.</li> <li><code>labels</code> (object, AdditionalProperties: string). Labels added to the secret.</li> <li><code>prefix</code> (string). Prefix for the secret's keys. Added \"as is\" without any transformations. By default, is equal to the kind name in uppercase + underscore, e.g. <code>KAFKA_</code>, <code>REDIS_</code>, etc.</li> </ul>"},{"location":"api-reference/opensearch.html#spec.projectVPCRef","title":"projectVPCRef","text":"<p>Appears on <code>spec</code>.</p> <p>ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically.</p> <p>Required</p> <ul> <li><code>name</code> (string, MinLength: 1). </li> </ul> <p>Optional</p> <ul> <li><code>namespace</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/opensearch.html#spec.serviceIntegrations","title":"serviceIntegrations","text":"<p>Appears on <code>spec</code>.</p> <p>Service integrations to specify when creating a service. Not applied after initial service creation.</p> <p>Required</p> <ul> <li><code>integrationType</code> (string, Enum: <code>read_replica</code>). </li> <li><code>sourceServiceName</code> (string, MinLength: 1, MaxLength: 64). </li> </ul>"},{"location":"api-reference/opensearch.html#spec.userConfig","title":"userConfig","text":"<p>Appears on <code>spec</code>.</p> <p>OpenSearch specific user configuration options.</p> <p>Optional</p> <ul> <li><code>additional_backup_regions</code> (array of strings, MaxItems: 1). Additional Cloud Regions for Backup Replication.</li> <li><code>custom_domain</code> (string, MaxLength: 255). Serve the web frontend using a custom CNAME pointing to the Aiven DNS name.</li> <li><code>disable_replication_factor_adjustment</code> (boolean). DEPRECATED: Disable automatic replication factor adjustment for multi-node services. By default, Aiven ensures all indexes are replicated at least to two nodes. Note: Due to potential data loss in case of losing a service node, this setting can no longer be activated.</li> <li><code>index_patterns</code> (array of objects, MaxItems: 512). Index patterns. See below for nested schema.</li> <li><code>index_template</code> (object). Template settings for all new indexes. See below for nested schema.</li> <li><code>ip_filter</code> (array of objects, MaxItems: 1024). Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>. See below for nested schema.</li> <li><code>keep_index_refresh_interval</code> (boolean). Aiven automation resets index.refresh_interval to default value for every index to be sure that indices are always visible to search. If it doesn't fit your case, you can disable this by setting up this flag to true.</li> <li><code>max_index_count</code> (integer, Minimum: 0). DEPRECATED: use index_patterns instead.</li> <li><code>openid</code> (object). OpenSearch OpenID Connect Configuration. See below for nested schema.</li> <li><code>opensearch</code> (object). OpenSearch settings. See below for nested schema.</li> <li><code>opensearch_dashboards</code> (object). OpenSearch Dashboards settings. See below for nested schema.</li> <li><code>opensearch_version</code> (string, Enum: <code>1</code>, <code>2</code>). OpenSearch major version.</li> <li><code>private_access</code> (object). Allow access to selected service ports from private networks. See below for nested schema.</li> <li><code>privatelink_access</code> (object). Allow access to selected service components through Privatelink. See below for nested schema.</li> <li><code>project_to_fork_from</code> (string, Immutable, MaxLength: 63). Name of another project to fork a service from. This has effect only when a new service is being created.</li> <li><code>public_access</code> (object). Allow access to selected service ports from the public Internet. See below for nested schema.</li> <li><code>recovery_basebackup_name</code> (string, Pattern: <code>^[a-zA-Z0-9-_:.]+$</code>, MaxLength: 128). Name of the basebackup to restore in forked service.</li> <li><code>saml</code> (object). OpenSearch SAML configuration. See below for nested schema.</li> <li><code>service_to_fork_from</code> (string, Immutable, MaxLength: 64). Name of another service to fork from. This has effect only when a new service is being created.</li> <li><code>static_ips</code> (boolean). Use static public IP addresses.</li> </ul>"},{"location":"api-reference/opensearch.html#spec.userConfig.index_patterns","title":"index_patterns","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Index patterns.</p> <p>Required</p> <ul> <li><code>max_index_count</code> (integer, Minimum: 0). Maximum number of indexes to keep.</li> <li><code>pattern</code> (string, Pattern: <code>^[A-Za-z0-9-_.*?]+$</code>, MaxLength: 1024). fnmatch pattern.</li> </ul> <p>Optional</p> <ul> <li><code>sorting_algorithm</code> (string, Enum: <code>alphabetical</code>, <code>creation_date</code>). Deletion sorting algorithm.</li> </ul>"},{"location":"api-reference/opensearch.html#spec.userConfig.index_template","title":"index_template","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Template settings for all new indexes.</p> <p>Optional</p> <ul> <li><code>mapping_nested_objects_limit</code> (integer, Minimum: 0, Maximum: 100000). The maximum number of nested JSON objects that a single document can contain across all nested types. This limit helps to prevent out of memory errors when a document contains too many nested objects. Default is 10000.</li> <li><code>number_of_replicas</code> (integer, Minimum: 0, Maximum: 29). The number of replicas each primary shard has.</li> <li><code>number_of_shards</code> (integer, Minimum: 1, Maximum: 1024). The number of primary shards that an index should have.</li> </ul>"},{"location":"api-reference/opensearch.html#spec.userConfig.ip_filter","title":"ip_filter","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>.</p> <p>Required</p> <ul> <li><code>network</code> (string, MaxLength: 43). CIDR address block.</li> </ul> <p>Optional</p> <ul> <li><code>description</code> (string, MaxLength: 1024). Description for IP filter list entry.</li> </ul>"},{"location":"api-reference/opensearch.html#spec.userConfig.openid","title":"openid","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>OpenSearch OpenID Connect Configuration.</p> <p>Required</p> <ul> <li><code>client_id</code> (string, MinLength: 1, MaxLength: 1024). The ID of the OpenID Connect client configured in your IdP. Required.</li> <li><code>client_secret</code> (string, MinLength: 1, MaxLength: 1024). The client secret of the OpenID Connect client configured in your IdP. Required.</li> <li><code>connect_url</code> (string, MaxLength: 2048). The URL of your IdP where the Security plugin can find the OpenID Connect metadata/configuration settings.</li> </ul> <p>Optional</p> <ul> <li><code>enabled</code> (boolean). Enables or disables OpenID Connect authentication for OpenSearch. When enabled, users can authenticate using OpenID Connect with an Identity Provider.</li> <li><code>header</code> (string, MinLength: 1, MaxLength: 1024). HTTP header name of the JWT token. Optional. Default is Authorization.</li> <li><code>jwt_header</code> (string, MinLength: 1, MaxLength: 1024). The HTTP header that stores the token. Typically the Authorization header with the Bearer schema: Authorization: Bearer . Optional. Default is Authorization. <li><code>jwt_url_parameter</code> (string, MinLength: 1, MaxLength: 1024). If the token is not transmitted in the HTTP header, but as an URL parameter, define the name of the parameter here. Optional.</li> <li><code>refresh_rate_limit_count</code> (integer, Minimum: 10). The maximum number of unknown key IDs in the time frame. Default is 10. Optional.</li> <li><code>refresh_rate_limit_time_window_ms</code> (integer, Minimum: 10000). The time frame to use when checking the maximum number of unknown key IDs, in milliseconds. Optional.Default is 10000 (10 seconds).</li> <li><code>roles_key</code> (string, MinLength: 1, MaxLength: 1024). The key in the JSON payload that stores the user\u2019s roles. The value of this key must be a comma-separated list of roles. Required only if you want to use roles in the JWT.</li> <li><code>scope</code> (string, MinLength: 1, MaxLength: 1024). The scope of the identity token issued by the IdP. Optional. Default is openid profile email address phone.</li> <li><code>subject_key</code> (string, MinLength: 1, MaxLength: 1024). The key in the JSON payload that stores the user\u2019s name. If not defined, the subject registered claim is used. Most IdP providers use the preferred_username claim. Optional.</li>"},{"location":"api-reference/opensearch.html#spec.userConfig.opensearch","title":"opensearch","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>OpenSearch settings.</p> <p>Optional</p> <ul> <li><code>action_auto_create_index_enabled</code> (boolean). Explicitly allow or block automatic creation of indices. Defaults to true.</li> <li><code>action_destructive_requires_name</code> (boolean). Require explicit index names when deleting.</li> <li><code>auth_failure_listeners</code> (object). Opensearch Security Plugin Settings. See below for nested schema.</li> <li><code>cluster_max_shards_per_node</code> (integer, Minimum: 100, Maximum: 10000). Controls the number of shards allowed in the cluster per data node.</li> <li><code>cluster_routing_allocation_node_concurrent_recoveries</code> (integer, Minimum: 2, Maximum: 16). How many concurrent incoming/outgoing shard recoveries (normally replicas) are allowed to happen on a node. Defaults to 2.</li> <li><code>email_sender_name</code> (string, Pattern: <code>^[a-zA-Z0-9-_]+$</code>, MaxLength: 40). Sender name placeholder to be used in Opensearch Dashboards and Opensearch keystore.</li> <li><code>email_sender_password</code> (string, Pattern: <code>^[^\\x00-\\x1F]+$</code>, MaxLength: 1024). Sender password for Opensearch alerts to authenticate with SMTP server.</li> <li><code>email_sender_username</code> (string, Pattern: <code>^[^\\x00-\\x1F]+$</code>, MaxLength: 320). Sender username for Opensearch alerts.</li> <li><code>http_max_content_length</code> (integer, Minimum: 1, Maximum: 2147483647). Maximum content length for HTTP requests to the OpenSearch HTTP API, in bytes.</li> <li><code>http_max_header_size</code> (integer, Minimum: 1024, Maximum: 262144). The max size of allowed headers, in bytes.</li> <li><code>http_max_initial_line_length</code> (integer, Minimum: 1024, Maximum: 65536). The max length of an HTTP URL, in bytes.</li> <li><code>indices_fielddata_cache_size</code> (integer, Minimum: 3, Maximum: 100). Relative amount. Maximum amount of heap memory used for field data cache. This is an expert setting; decreasing the value too much will increase overhead of loading field data; too much memory used for field data cache will decrease amount of heap available for other operations.</li> <li><code>indices_memory_index_buffer_size</code> (integer, Minimum: 3, Maximum: 40). Percentage value. Default is 10%. Total amount of heap used for indexing buffer, before writing segments to disk. This is an expert setting. Too low value will slow down indexing; too high value will increase indexing performance but causes performance issues for query performance.</li> <li><code>indices_memory_max_index_buffer_size</code> (integer, Minimum: 3, Maximum: 2048). Absolute value. Default is unbound. Doesn't work without indices.memory.index_buffer_size. Maximum amount of heap used for query cache, an absolute indices.memory.index_buffer_size maximum hard limit.</li> <li><code>indices_memory_min_index_buffer_size</code> (integer, Minimum: 3, Maximum: 2048). Absolute value. Default is 48mb. Doesn't work without indices.memory.index_buffer_size. Minimum amount of heap used for query cache, an absolute indices.memory.index_buffer_size minimal hard limit.</li> <li><code>indices_queries_cache_size</code> (integer, Minimum: 3, Maximum: 40). Percentage value. Default is 10%. Maximum amount of heap used for query cache. This is an expert setting. Too low value will decrease query performance and increase performance for other operations; too high value will cause issues with other OpenSearch functionality.</li> <li><code>indices_query_bool_max_clause_count</code> (integer, Minimum: 64, Maximum: 4096). Maximum number of clauses Lucene BooleanQuery can have. The default value (1024) is relatively high, and increasing it may cause performance issues. Investigate other approaches first before increasing this value.</li> <li><code>indices_recovery_max_bytes_per_sec</code> (integer, Minimum: 40, Maximum: 400). Limits total inbound and outbound recovery traffic for each node. Applies to both peer recoveries as well as snapshot recoveries (i.e., restores from a snapshot). Defaults to 40mb.</li> <li><code>indices_recovery_max_concurrent_file_chunks</code> (integer, Minimum: 2, Maximum: 5). Number of file chunks sent in parallel for each recovery. Defaults to 2.</li> <li><code>ism_enabled</code> (boolean). Specifies whether ISM is enabled or not.</li> <li><code>ism_history_enabled</code> (boolean). Specifies whether audit history is enabled or not. The logs from ISM are automatically indexed to a logs document.</li> <li><code>ism_history_max_age</code> (integer, Minimum: 1, Maximum: 2147483647). The maximum age before rolling over the audit history index in hours.</li> <li><code>ism_history_max_docs</code> (integer, Minimum: 1). The maximum number of documents before rolling over the audit history index.</li> <li><code>ism_history_rollover_check_period</code> (integer, Minimum: 1, Maximum: 2147483647). The time between rollover checks for the audit history index in hours.</li> <li><code>ism_history_rollover_retention_period</code> (integer, Minimum: 1, Maximum: 2147483647). How long audit history indices are kept in days.</li> <li><code>override_main_response_version</code> (boolean). Compatibility mode sets OpenSearch to report its version as 7.10 so clients continue to work. Default is false.</li> <li><code>reindex_remote_whitelist</code> (array of strings, MaxItems: 32). Whitelisted addresses for reindexing. Changing this value will cause all OpenSearch instances to restart.</li> <li><code>script_max_compilations_rate</code> (string, MaxLength: 1024). Script compilation circuit breaker limits the number of inline script compilations within a period of time. Default is use-context.</li> <li><code>search_max_buckets</code> (integer, Minimum: 1, Maximum: 1000000). Maximum number of aggregation buckets allowed in a single response. OpenSearch default value is used when this is not defined.</li> <li><code>thread_pool_analyze_queue_size</code> (integer, Minimum: 10, Maximum: 2000). Size for the thread pool queue. See documentation for exact details.</li> <li><code>thread_pool_analyze_size</code> (integer, Minimum: 1, Maximum: 128). Size for the thread pool. See documentation for exact details. Do note this may have maximum value depending on CPU count - value is automatically lowered if set to higher than maximum value.</li> <li><code>thread_pool_force_merge_size</code> (integer, Minimum: 1, Maximum: 128). Size for the thread pool. See documentation for exact details. Do note this may have maximum value depending on CPU count - value is automatically lowered if set to higher than maximum value.</li> <li><code>thread_pool_get_queue_size</code> (integer, Minimum: 10, Maximum: 2000). Size for the thread pool queue. See documentation for exact details.</li> <li><code>thread_pool_get_size</code> (integer, Minimum: 1, Maximum: 128). Size for the thread pool. See documentation for exact details. Do note this may have maximum value depending on CPU count - value is automatically lowered if set to higher than maximum value.</li> <li><code>thread_pool_search_queue_size</code> (integer, Minimum: 10, Maximum: 2000). Size for the thread pool queue. See documentation for exact details.</li> <li><code>thread_pool_search_size</code> (integer, Minimum: 1, Maximum: 128). Size for the thread pool. See documentation for exact details. Do note this may have maximum value depending on CPU count - value is automatically lowered if set to higher than maximum value.</li> <li><code>thread_pool_search_throttled_queue_size</code> (integer, Minimum: 10, Maximum: 2000). Size for the thread pool queue. See documentation for exact details.</li> <li><code>thread_pool_search_throttled_size</code> (integer, Minimum: 1, Maximum: 128). Size for the thread pool. See documentation for exact details. Do note this may have maximum value depending on CPU count - value is automatically lowered if set to higher than maximum value.</li> <li><code>thread_pool_write_queue_size</code> (integer, Minimum: 10, Maximum: 2000). Size for the thread pool queue. See documentation for exact details.</li> <li><code>thread_pool_write_size</code> (integer, Minimum: 1, Maximum: 128). Size for the thread pool. See documentation for exact details. Do note this may have maximum value depending on CPU count - value is automatically lowered if set to higher than maximum value.</li> </ul>"},{"location":"api-reference/opensearch.html#spec.userConfig.opensearch.auth_failure_listeners","title":"auth_failure_listeners","text":"<p>Appears on <code>spec.userConfig.opensearch</code>.</p> <p>Opensearch Security Plugin Settings.</p> <p>Optional</p> <ul> <li><code>internal_authentication_backend_limiting</code> (object).  See below for nested schema.</li> <li><code>ip_rate_limiting</code> (object). IP address rate limiting settings. See below for nested schema.</li> </ul>"},{"location":"api-reference/opensearch.html#spec.userConfig.opensearch.auth_failure_listeners.internal_authentication_backend_limiting","title":"internal_authentication_backend_limiting","text":"<p>Appears on <code>spec.userConfig.opensearch.auth_failure_listeners</code>.</p> <p>Optional</p> <ul> <li><code>allowed_tries</code> (integer, Minimum: 0, Maximum: 2147483647). The number of login attempts allowed before login is blocked.</li> <li><code>authentication_backend</code> (string, Enum: <code>internal</code>, MaxLength: 1024). internal_authentication_backend_limiting.authentication_backend.</li> <li><code>block_expiry_seconds</code> (integer, Minimum: 0, Maximum: 2147483647). The duration of time that login remains blocked after a failed login.</li> <li><code>max_blocked_clients</code> (integer, Minimum: 0, Maximum: 2147483647). internal_authentication_backend_limiting.max_blocked_clients.</li> <li><code>max_tracked_clients</code> (integer, Minimum: 0, Maximum: 2147483647). The maximum number of tracked IP addresses that have failed login.</li> <li><code>time_window_seconds</code> (integer, Minimum: 0, Maximum: 2147483647). The window of time in which the value for <code>allowed_tries</code> is enforced.</li> <li><code>type</code> (string, Enum: <code>username</code>, MaxLength: 1024). internal_authentication_backend_limiting.type.</li> </ul>"},{"location":"api-reference/opensearch.html#spec.userConfig.opensearch.auth_failure_listeners.ip_rate_limiting","title":"ip_rate_limiting","text":"<p>Appears on <code>spec.userConfig.opensearch.auth_failure_listeners</code>.</p> <p>IP address rate limiting settings.</p> <p>Optional</p> <ul> <li><code>allowed_tries</code> (integer, Minimum: 1, Maximum: 2147483647). The number of login attempts allowed before login is blocked.</li> <li><code>block_expiry_seconds</code> (integer, Minimum: 1, Maximum: 36000). The duration of time that login remains blocked after a failed login.</li> <li><code>max_blocked_clients</code> (integer, Minimum: 0, Maximum: 2147483647). The maximum number of blocked IP addresses.</li> <li><code>max_tracked_clients</code> (integer, Minimum: 0, Maximum: 2147483647). The maximum number of tracked IP addresses that have failed login.</li> <li><code>time_window_seconds</code> (integer, Minimum: 1, Maximum: 36000). The window of time in which the value for <code>allowed_tries</code> is enforced.</li> <li><code>type</code> (string, Enum: <code>ip</code>, MaxLength: 1024). The type of rate limiting.</li> </ul>"},{"location":"api-reference/opensearch.html#spec.userConfig.opensearch_dashboards","title":"opensearch_dashboards","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>OpenSearch Dashboards settings.</p> <p>Optional</p> <ul> <li><code>enabled</code> (boolean). Enable or disable OpenSearch Dashboards.</li> <li><code>max_old_space_size</code> (integer, Minimum: 64, Maximum: 2048). Limits the maximum amount of memory (in MiB) the OpenSearch Dashboards process can use. This sets the max_old_space_size option of the nodejs running the OpenSearch Dashboards. Note: the memory reserved by OpenSearch Dashboards is not available for OpenSearch.</li> <li><code>opensearch_request_timeout</code> (integer, Minimum: 5000, Maximum: 120000). Timeout in milliseconds for requests made by OpenSearch Dashboards towards OpenSearch.</li> </ul>"},{"location":"api-reference/opensearch.html#spec.userConfig.private_access","title":"private_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from private networks.</p> <p>Optional</p> <ul> <li><code>opensearch</code> (boolean). Allow clients to connect to opensearch with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> <li><code>opensearch_dashboards</code> (boolean). Allow clients to connect to opensearch_dashboards with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> </ul>"},{"location":"api-reference/opensearch.html#spec.userConfig.privatelink_access","title":"privatelink_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service components through Privatelink.</p> <p>Optional</p> <ul> <li><code>opensearch</code> (boolean). Enable opensearch.</li> <li><code>opensearch_dashboards</code> (boolean). Enable opensearch_dashboards.</li> <li><code>prometheus</code> (boolean). Enable prometheus.</li> </ul>"},{"location":"api-reference/opensearch.html#spec.userConfig.public_access","title":"public_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from the public Internet.</p> <p>Optional</p> <ul> <li><code>opensearch</code> (boolean). Allow clients to connect to opensearch from the public internet for service nodes that are in a project VPC or another type of private network.</li> <li><code>opensearch_dashboards</code> (boolean). Allow clients to connect to opensearch_dashboards from the public internet for service nodes that are in a project VPC or another type of private network.</li> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus from the public internet for service nodes that are in a project VPC or another type of private network.</li> </ul>"},{"location":"api-reference/opensearch.html#spec.userConfig.saml","title":"saml","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>OpenSearch SAML configuration.</p> <p>Required</p> <ul> <li><code>enabled</code> (boolean). Enables or disables SAML-based authentication for OpenSearch. When enabled, users can authenticate using SAML with an Identity Provider.</li> <li><code>idp_entity_id</code> (string, MinLength: 1, MaxLength: 1024). The unique identifier for the Identity Provider (IdP) entity that is used for SAML authentication. This value is typically provided by the IdP.</li> <li><code>idp_metadata_url</code> (string, MinLength: 1, MaxLength: 2048). The URL of the SAML metadata for the Identity Provider (IdP). This is used to configure SAML-based authentication with the IdP.</li> <li><code>sp_entity_id</code> (string, MinLength: 1, MaxLength: 1024). The unique identifier for the Service Provider (SP) entity that is used for SAML authentication. This value is typically provided by the SP.</li> </ul> <p>Optional</p> <ul> <li><code>idp_pemtrustedcas_content</code> (string, MaxLength: 16384). This parameter specifies the PEM-encoded root certificate authority (CA) content for the SAML identity provider (IdP) server verification. The root CA content is used to verify the SSL/TLS certificate presented by the server.</li> <li><code>roles_key</code> (string, MinLength: 1, MaxLength: 256). Optional. Specifies the attribute in the SAML response where role information is stored, if available. Role attributes are not required for SAML authentication, but can be included in SAML assertions by most Identity Providers (IdPs) to determine user access levels or permissions.</li> <li><code>subject_key</code> (string, MinLength: 1, MaxLength: 256). Optional. Specifies the attribute in the SAML response where the subject identifier is stored. If not configured, the NameID attribute is used by default.</li> </ul>"},{"location":"api-reference/postgresql.html","title":"PostgreSQL","text":""},{"location":"api-reference/postgresql.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: PostgreSQL\nmetadata:\n  name: my-postgresql\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: postgresql-secret\n    prefix: MY_SECRET_PREFIX_\n    annotations:\n      foo: bar\n    labels:\n      baz: egg\n\n  project: aiven-project-name\n  cloudName: google-europe-west1\n  plan: startup-4\n\n  maintenanceWindowDow: sunday\n  maintenanceWindowTime: 11:00:00\n\n  userConfig:\n    pg_version: \"15\"\n</code></pre>"},{"location":"api-reference/postgresql.html#PostgreSQL","title":"PostgreSQL","text":"<p>PostgreSQL is the Schema for the postgresql API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>PostgreSQL</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). PostgreSQLSpec defines the desired state of postgres instance. See below for nested schema.</li> </ul>"},{"location":"api-reference/postgresql.html#spec","title":"spec","text":"<p>Appears on <code>PostgreSQL</code>.</p> <p>PostgreSQLSpec defines the desired state of postgres instance.</p> <p>Required</p> <ul> <li><code>plan</code> (string, MaxLength: 128). Subscription plan.</li> <li><code>project</code> (string, Immutable, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Target project.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>cloudName</code> (string, MaxLength: 256). Cloud the service runs in.</li> <li><code>connInfoSecretTarget</code> (object). Information regarding secret creation. Exposed keys: <code>POSTGRESQL_HOST</code>, <code>POSTGRESQL_PORT</code>, <code>POSTGRESQL_DATABASE</code>, <code>POSTGRESQL_USER</code>, <code>POSTGRESQL_PASSWORD</code>, <code>POSTGRESQL_SSLMODE</code>, <code>POSTGRESQL_DATABASE_URI</code>. See below for nested schema.</li> <li><code>disk_space</code> (string, Format: <code>^[1-9][0-9]*(GiB|G)*</code>). The disk space of the service, possible values depend on the service type, the cloud provider and the project. Reducing will result in the service re-balancing.</li> <li><code>maintenanceWindowDow</code> (string, Enum: <code>monday</code>, <code>tuesday</code>, <code>wednesday</code>, <code>thursday</code>, <code>friday</code>, <code>saturday</code>, <code>sunday</code>). Day of week when maintenance operations should be performed. One monday, tuesday, wednesday, etc.</li> <li><code>maintenanceWindowTime</code> (string, MaxLength: 8). Time of day when maintenance operations should be performed. UTC time in HH:mm:ss format.</li> <li><code>projectVPCRef</code> (object). ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically. See below for nested schema.</li> <li><code>projectVpcId</code> (string, MaxLength: 36). Identifier of the VPC the service should be in, if any.</li> <li><code>serviceIntegrations</code> (array of objects, Immutable, MaxItems: 1). Service integrations to specify when creating a service. Not applied after initial service creation. See below for nested schema.</li> <li><code>tags</code> (object, AdditionalProperties: string). Tags are key-value pairs that allow you to categorize services.</li> <li><code>terminationProtection</code> (boolean). Prevent service from being deleted. It is recommended to have this enabled for all services.</li> <li><code>userConfig</code> (object). PostgreSQL specific user configuration options. See below for nested schema.</li> </ul>"},{"location":"api-reference/postgresql.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/postgresql.html#spec.connInfoSecretTarget","title":"connInfoSecretTarget","text":"<p>Appears on <code>spec</code>.</p> <p>Information regarding secret creation. Exposed keys: <code>POSTGRESQL_HOST</code>, <code>POSTGRESQL_PORT</code>, <code>POSTGRESQL_DATABASE</code>, <code>POSTGRESQL_USER</code>, <code>POSTGRESQL_PASSWORD</code>, <code>POSTGRESQL_SSLMODE</code>, <code>POSTGRESQL_DATABASE_URI</code>.</p> <p>Required</p> <ul> <li><code>name</code> (string). Name of the secret resource to be created. By default, is equal to the resource name.</li> </ul> <p>Optional</p> <ul> <li><code>annotations</code> (object, AdditionalProperties: string). Annotations added to the secret.</li> <li><code>labels</code> (object, AdditionalProperties: string). Labels added to the secret.</li> <li><code>prefix</code> (string). Prefix for the secret's keys. Added \"as is\" without any transformations. By default, is equal to the kind name in uppercase + underscore, e.g. <code>KAFKA_</code>, <code>REDIS_</code>, etc.</li> </ul>"},{"location":"api-reference/postgresql.html#spec.projectVPCRef","title":"projectVPCRef","text":"<p>Appears on <code>spec</code>.</p> <p>ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically.</p> <p>Required</p> <ul> <li><code>name</code> (string, MinLength: 1). </li> </ul> <p>Optional</p> <ul> <li><code>namespace</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/postgresql.html#spec.serviceIntegrations","title":"serviceIntegrations","text":"<p>Appears on <code>spec</code>.</p> <p>Service integrations to specify when creating a service. Not applied after initial service creation.</p> <p>Required</p> <ul> <li><code>integrationType</code> (string, Enum: <code>read_replica</code>). </li> <li><code>sourceServiceName</code> (string, MinLength: 1, MaxLength: 64). </li> </ul>"},{"location":"api-reference/postgresql.html#spec.userConfig","title":"userConfig","text":"<p>Appears on <code>spec</code>.</p> <p>PostgreSQL specific user configuration options.</p> <p>Optional</p> <ul> <li><code>additional_backup_regions</code> (array of strings, MaxItems: 1). Additional Cloud Regions for Backup Replication.</li> <li><code>admin_password</code> (string, Immutable, Pattern: <code>^[a-zA-Z0-9-_]+$</code>, MinLength: 8, MaxLength: 256). Custom password for admin user. Defaults to random string. This must be set only when a new service is being created.</li> <li><code>admin_username</code> (string, Immutable, Pattern: <code>^[_A-Za-z0-9][-._A-Za-z0-9]{0,63}$</code>, MaxLength: 64). Custom username for admin user. This must be set only when a new service is being created.</li> <li><code>backup_hour</code> (integer, Minimum: 0, Maximum: 23). The hour of day (in UTC) when backup for the service is started. New backup is only started if previous backup has already completed.</li> <li><code>backup_minute</code> (integer, Minimum: 0, Maximum: 59). The minute of an hour when backup for the service is started. New backup is only started if previous backup has already completed.</li> <li><code>enable_ipv6</code> (boolean). Register AAAA DNS records for the service, and allow IPv6 packets to service ports.</li> <li><code>ip_filter</code> (array of objects, MaxItems: 1024). Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>. See below for nested schema.</li> <li><code>migration</code> (object). Migrate data from existing server. See below for nested schema.</li> <li><code>pg</code> (object). postgresql.conf configuration values. See below for nested schema.</li> <li><code>pg_read_replica</code> (boolean). Should the service which is being forked be a read replica (deprecated, use read_replica service integration instead).</li> <li><code>pg_service_to_fork_from</code> (string, Immutable, MaxLength: 64). Name of the PG Service from which to fork (deprecated, use service_to_fork_from). This has effect only when a new service is being created.</li> <li><code>pg_stat_monitor_enable</code> (boolean). Enable the pg_stat_monitor extension. Enabling this extension will cause the cluster to be restarted.When this extension is enabled, pg_stat_statements results for utility commands are unreliable.</li> <li><code>pg_version</code> (string, Enum: <code>11</code>, <code>12</code>, <code>13</code>, <code>14</code>, <code>15</code>). PostgreSQL major version.</li> <li><code>pgbouncer</code> (object). PGBouncer connection pooling settings. See below for nested schema.</li> <li><code>pglookout</code> (object). PGLookout settings. See below for nested schema.</li> <li><code>private_access</code> (object). Allow access to selected service ports from private networks. See below for nested schema.</li> <li><code>privatelink_access</code> (object). Allow access to selected service components through Privatelink. See below for nested schema.</li> <li><code>project_to_fork_from</code> (string, Immutable, MaxLength: 63). Name of another project to fork a service from. This has effect only when a new service is being created.</li> <li><code>public_access</code> (object). Allow access to selected service ports from the public Internet. See below for nested schema.</li> <li><code>recovery_target_time</code> (string, Immutable, MaxLength: 32). Recovery target time when forking a service. This has effect only when a new service is being created.</li> <li><code>service_to_fork_from</code> (string, Immutable, MaxLength: 64). Name of another service to fork from. This has effect only when a new service is being created.</li> <li><code>shared_buffers_percentage</code> (number, Minimum: 20, Maximum: 60). Percentage of total RAM that the database server uses for shared memory buffers. Valid range is 20-60 (float), which corresponds to 20% - 60%. This setting adjusts the shared_buffers configuration value.</li> <li><code>static_ips</code> (boolean). Use static public IP addresses.</li> <li><code>synchronous_replication</code> (string, Enum: <code>quorum</code>, <code>off</code>). Synchronous replication type. Note that the service plan also needs to support synchronous replication.</li> <li><code>timescaledb</code> (object). TimescaleDB extension configuration values. See below for nested schema.</li> <li><code>variant</code> (string, Enum: <code>aiven</code>, <code>timescale</code>). Variant of the PostgreSQL service, may affect the features that are exposed by default.</li> <li><code>work_mem</code> (integer, Minimum: 1, Maximum: 1024). Sets the maximum amount of memory to be used by a query operation (such as a sort or hash table) before writing to temporary disk files, in MB. Default is 1MB + 0.075% of total RAM (up to 32MB).</li> </ul>"},{"location":"api-reference/postgresql.html#spec.userConfig.ip_filter","title":"ip_filter","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>.</p> <p>Required</p> <ul> <li><code>network</code> (string, MaxLength: 43). CIDR address block.</li> </ul> <p>Optional</p> <ul> <li><code>description</code> (string, MaxLength: 1024). Description for IP filter list entry.</li> </ul>"},{"location":"api-reference/postgresql.html#spec.userConfig.migration","title":"migration","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Migrate data from existing server.</p> <p>Required</p> <ul> <li><code>host</code> (string, MaxLength: 255). Hostname or IP address of the server where to migrate data from.</li> <li><code>port</code> (integer, Minimum: 1, Maximum: 65535). Port number of the server where to migrate data from.</li> </ul> <p>Optional</p> <ul> <li><code>dbname</code> (string, MaxLength: 63). Database name for bootstrapping the initial connection.</li> <li><code>ignore_dbs</code> (string, MaxLength: 2048). Comma-separated list of databases, which should be ignored during migration (supported by MySQL and PostgreSQL only at the moment).</li> <li><code>method</code> (string, Enum: <code>dump</code>, <code>replication</code>). The migration method to be used (currently supported only by Redis, Dragonfly, MySQL and PostgreSQL service types).</li> <li><code>password</code> (string, MaxLength: 256). Password for authentication with the server where to migrate data from.</li> <li><code>ssl</code> (boolean). The server where to migrate data from is secured with SSL.</li> <li><code>username</code> (string, MaxLength: 256). User name for authentication with the server where to migrate data from.</li> </ul>"},{"location":"api-reference/postgresql.html#spec.userConfig.pg","title":"pg","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>postgresql.conf configuration values.</p> <p>Optional</p> <ul> <li><code>autovacuum_analyze_scale_factor</code> (number, Minimum: 0, Maximum: 1). Specifies a fraction of the table size to add to autovacuum_analyze_threshold when deciding whether to trigger an ANALYZE. The default is 0.2 (20% of table size).</li> <li><code>autovacuum_analyze_threshold</code> (integer, Minimum: 0, Maximum: 2147483647). Specifies the minimum number of inserted, updated or deleted tuples needed to trigger an  ANALYZE in any one table. The default is 50 tuples.</li> <li><code>autovacuum_freeze_max_age</code> (integer, Minimum: 200000000, Maximum: 1500000000). Specifies the maximum age (in transactions) that a table's pg_class.relfrozenxid field can attain before a VACUUM operation is forced to prevent transaction ID wraparound within the table. Note that the system will launch autovacuum processes to prevent wraparound even when autovacuum is otherwise disabled. This parameter will cause the server to be restarted.</li> <li><code>autovacuum_max_workers</code> (integer, Minimum: 1, Maximum: 20). Specifies the maximum number of autovacuum processes (other than the autovacuum launcher) that may be running at any one time. The default is three. This parameter can only be set at server start.</li> <li><code>autovacuum_naptime</code> (integer, Minimum: 1, Maximum: 86400). Specifies the minimum delay between autovacuum runs on any given database. The delay is measured in seconds, and the default is one minute.</li> <li><code>autovacuum_vacuum_cost_delay</code> (integer, Minimum: -1, Maximum: 100). Specifies the cost delay value that will be used in automatic VACUUM operations. If -1 is specified, the regular vacuum_cost_delay value will be used. The default value is 20 milliseconds.</li> <li><code>autovacuum_vacuum_cost_limit</code> (integer, Minimum: -1, Maximum: 10000). Specifies the cost limit value that will be used in automatic VACUUM operations. If -1 is specified (which is the default), the regular vacuum_cost_limit value will be used.</li> <li><code>autovacuum_vacuum_scale_factor</code> (number, Minimum: 0, Maximum: 1). Specifies a fraction of the table size to add to autovacuum_vacuum_threshold when deciding whether to trigger a VACUUM. The default is 0.2 (20% of table size).</li> <li><code>autovacuum_vacuum_threshold</code> (integer, Minimum: 0, Maximum: 2147483647). Specifies the minimum number of updated or deleted tuples needed to trigger a VACUUM in any one table. The default is 50 tuples.</li> <li><code>bgwriter_delay</code> (integer, Minimum: 10, Maximum: 10000). Specifies the delay between activity rounds for the background writer in milliseconds. Default is 200.</li> <li><code>bgwriter_flush_after</code> (integer, Minimum: 0, Maximum: 2048). Whenever more than bgwriter_flush_after bytes have been written by the background writer, attempt to force the OS to issue these writes to the underlying storage. Specified in kilobytes, default is 512. Setting of 0 disables forced writeback.</li> <li><code>bgwriter_lru_maxpages</code> (integer, Minimum: 0, Maximum: 1073741823). In each round, no more than this many buffers will be written by the background writer. Setting this to zero disables background writing. Default is 100.</li> <li><code>bgwriter_lru_multiplier</code> (number, Minimum: 0, Maximum: 10). The average recent need for new buffers is multiplied by bgwriter_lru_multiplier to arrive at an estimate of the number that will be needed during the next round, (up to bgwriter_lru_maxpages). 1.0 represents a \u201cjust in time\u201d policy of writing exactly the number of buffers predicted to be needed. Larger values provide some cushion against spikes in demand, while smaller values intentionally leave writes to be done by server processes. The default is 2.0.</li> <li><code>deadlock_timeout</code> (integer, Minimum: 500, Maximum: 1800000). This is the amount of time, in milliseconds, to wait on a lock before checking to see if there is a deadlock condition.</li> <li><code>default_toast_compression</code> (string, Enum: <code>lz4</code>, <code>pglz</code>). Specifies the default TOAST compression method for values of compressible columns (the default is lz4).</li> <li><code>idle_in_transaction_session_timeout</code> (integer, Minimum: 0, Maximum: 604800000). Time out sessions with open transactions after this number of milliseconds.</li> <li><code>jit</code> (boolean). Controls system-wide use of Just-in-Time Compilation (JIT).</li> <li><code>log_autovacuum_min_duration</code> (integer, Minimum: -1, Maximum: 2147483647). Causes each action executed by autovacuum to be logged if it ran for at least the specified number of milliseconds. Setting this to zero logs all autovacuum actions. Minus-one (the default) disables logging autovacuum actions.</li> <li><code>log_error_verbosity</code> (string, Enum: <code>TERSE</code>, <code>DEFAULT</code>, <code>VERBOSE</code>). Controls the amount of detail written in the server log for each message that is logged.</li> <li><code>log_line_prefix</code> (string, Enum: <code>'pid=%p,user=%u,db=%d,app=%a,client=%h '</code>, <code>'%t [%p]: [%l-1] user=%u,db=%d,app=%a,client=%h '</code>, <code>'%m [%p] %q[user=%u,db=%d,app=%a] '</code>). Choose from one of the available log-formats. These can support popular log analyzers like pgbadger, pganalyze etc.</li> <li><code>log_min_duration_statement</code> (integer, Minimum: -1, Maximum: 86400000). Log statements that take more than this number of milliseconds to run, -1 disables.</li> <li><code>log_temp_files</code> (integer, Minimum: -1, Maximum: 2147483647). Log statements for each temporary file created larger than this number of kilobytes, -1 disables.</li> <li><code>max_files_per_process</code> (integer, Minimum: 1000, Maximum: 4096). PostgreSQL maximum number of files that can be open per process.</li> <li><code>max_locks_per_transaction</code> (integer, Minimum: 64, Maximum: 6400). PostgreSQL maximum locks per transaction.</li> <li><code>max_logical_replication_workers</code> (integer, Minimum: 4, Maximum: 64). PostgreSQL maximum logical replication workers (taken from the pool of max_parallel_workers).</li> <li><code>max_parallel_workers</code> (integer, Minimum: 0, Maximum: 96). Sets the maximum number of workers that the system can support for parallel queries.</li> <li><code>max_parallel_workers_per_gather</code> (integer, Minimum: 0, Maximum: 96). Sets the maximum number of workers that can be started by a single Gather or Gather Merge node.</li> <li><code>max_pred_locks_per_transaction</code> (integer, Minimum: 64, Maximum: 5120). PostgreSQL maximum predicate locks per transaction.</li> <li><code>max_prepared_transactions</code> (integer, Minimum: 0, Maximum: 10000). PostgreSQL maximum prepared transactions.</li> <li><code>max_replication_slots</code> (integer, Minimum: 8, Maximum: 64). PostgreSQL maximum replication slots.</li> <li><code>max_slot_wal_keep_size</code> (integer, Minimum: -1, Maximum: 2147483647). PostgreSQL maximum WAL size (MB) reserved for replication slots. Default is -1 (unlimited). wal_keep_size minimum WAL size setting takes precedence over this.</li> <li><code>max_stack_depth</code> (integer, Minimum: 2097152, Maximum: 6291456). Maximum depth of the stack in bytes.</li> <li><code>max_standby_archive_delay</code> (integer, Minimum: 1, Maximum: 43200000). Max standby archive delay in milliseconds.</li> <li><code>max_standby_streaming_delay</code> (integer, Minimum: 1, Maximum: 43200000). Max standby streaming delay in milliseconds.</li> <li><code>max_wal_senders</code> (integer, Minimum: 20, Maximum: 64). PostgreSQL maximum WAL senders.</li> <li><code>max_worker_processes</code> (integer, Minimum: 8, Maximum: 96). Sets the maximum number of background processes that the system can support.</li> <li><code>pg_partman_bgw.interval</code> (integer, Minimum: 3600, Maximum: 604800). Sets the time interval to run pg_partman's scheduled tasks.</li> <li><code>pg_partman_bgw.role</code> (string, Pattern: <code>^[_A-Za-z0-9][-._A-Za-z0-9]{0,63}$</code>, MaxLength: 64). Controls which role to use for pg_partman's scheduled background tasks.</li> <li><code>pg_stat_monitor.pgsm_enable_query_plan</code> (boolean). Enables or disables query plan monitoring.</li> <li><code>pg_stat_monitor.pgsm_max_buckets</code> (integer, Minimum: 1, Maximum: 10). Sets the maximum number of buckets.</li> <li><code>pg_stat_statements.track</code> (string, Enum: <code>all</code>, <code>top</code>, <code>none</code>). Controls which statements are counted. Specify top to track top-level statements (those issued directly by clients), all to also track nested statements (such as statements invoked within functions), or none to disable statement statistics collection. The default value is top.</li> <li><code>temp_file_limit</code> (integer, Minimum: -1, Maximum: 2147483647). PostgreSQL temporary file limit in KiB, -1 for unlimited.</li> <li><code>timezone</code> (string, MaxLength: 64). PostgreSQL service timezone.</li> <li><code>track_activity_query_size</code> (integer, Minimum: 1024, Maximum: 10240). Specifies the number of bytes reserved to track the currently executing command for each active session.</li> <li><code>track_commit_timestamp</code> (string, Enum: <code>off</code>, <code>on</code>). Record commit time of transactions.</li> <li><code>track_functions</code> (string, Enum: <code>all</code>, <code>pl</code>, <code>none</code>). Enables tracking of function call counts and time used.</li> <li><code>track_io_timing</code> (string, Enum: <code>off</code>, <code>on</code>). Enables timing of database I/O calls. This parameter is off by default, because it will repeatedly query the operating system for the current time, which may cause significant overhead on some platforms.</li> <li><code>wal_sender_timeout</code> (integer). Terminate replication connections that are inactive for longer than this amount of time, in milliseconds. Setting this value to zero disables the timeout.</li> <li><code>wal_writer_delay</code> (integer, Minimum: 10, Maximum: 200). WAL flush interval in milliseconds. Note that setting this value to lower than the default 200ms may negatively impact performance.</li> </ul>"},{"location":"api-reference/postgresql.html#spec.userConfig.pgbouncer","title":"pgbouncer","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>PGBouncer connection pooling settings.</p> <p>Optional</p> <ul> <li><code>autodb_idle_timeout</code> (integer, Minimum: 0, Maximum: 86400). If the automatically created database pools have been unused this many seconds, they are freed. If 0 then timeout is disabled. [seconds].</li> <li><code>autodb_max_db_connections</code> (integer, Minimum: 0, Maximum: 2147483647). Do not allow more than this many server connections per database (regardless of user). Setting it to 0 means unlimited.</li> <li><code>autodb_pool_mode</code> (string, Enum: <code>session</code>, <code>transaction</code>, <code>statement</code>). PGBouncer pool mode.</li> <li><code>autodb_pool_size</code> (integer, Minimum: 0, Maximum: 10000). If non-zero then create automatically a pool of that size per user when a pool doesn't exist.</li> <li><code>ignore_startup_parameters</code> (array of strings, MaxItems: 32). List of parameters to ignore when given in startup packet.</li> <li><code>min_pool_size</code> (integer, Minimum: 0, Maximum: 10000). Add more server connections to pool if below this number. Improves behavior when usual load comes suddenly back after period of total inactivity. The value is effectively capped at the pool size.</li> <li><code>server_idle_timeout</code> (integer, Minimum: 0, Maximum: 86400). If a server connection has been idle more than this many seconds it will be dropped. If 0 then timeout is disabled. [seconds].</li> <li><code>server_lifetime</code> (integer, Minimum: 60, Maximum: 86400). The pooler will close an unused server connection that has been connected longer than this. [seconds].</li> <li><code>server_reset_query_always</code> (boolean). Run server_reset_query (DISCARD ALL) in all pooling modes.</li> </ul>"},{"location":"api-reference/postgresql.html#spec.userConfig.pglookout","title":"pglookout","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>PGLookout settings.</p> <p>Required</p> <ul> <li><code>max_failover_replication_time_lag</code> (integer, Minimum: 10). Number of seconds of master unavailability before triggering database failover to standby.</li> </ul>"},{"location":"api-reference/postgresql.html#spec.userConfig.private_access","title":"private_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from private networks.</p> <p>Optional</p> <ul> <li><code>pg</code> (boolean). Allow clients to connect to pg with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> <li><code>pgbouncer</code> (boolean). Allow clients to connect to pgbouncer with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> </ul>"},{"location":"api-reference/postgresql.html#spec.userConfig.privatelink_access","title":"privatelink_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service components through Privatelink.</p> <p>Optional</p> <ul> <li><code>pg</code> (boolean). Enable pg.</li> <li><code>pgbouncer</code> (boolean). Enable pgbouncer.</li> <li><code>prometheus</code> (boolean). Enable prometheus.</li> </ul>"},{"location":"api-reference/postgresql.html#spec.userConfig.public_access","title":"public_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from the public Internet.</p> <p>Optional</p> <ul> <li><code>pg</code> (boolean). Allow clients to connect to pg from the public internet for service nodes that are in a project VPC or another type of private network.</li> <li><code>pgbouncer</code> (boolean). Allow clients to connect to pgbouncer from the public internet for service nodes that are in a project VPC or another type of private network.</li> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus from the public internet for service nodes that are in a project VPC or another type of private network.</li> </ul>"},{"location":"api-reference/postgresql.html#spec.userConfig.timescaledb","title":"timescaledb","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>TimescaleDB extension configuration values.</p> <p>Required</p> <ul> <li><code>max_background_workers</code> (integer, Minimum: 1, Maximum: 4096). The number of background workers for timescaledb operations. You should configure this setting to the sum of your number of databases and the total number of concurrent background workers you want running at any given point in time.</li> </ul>"},{"location":"api-reference/project.html","title":"Project","text":""},{"location":"api-reference/project.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: Project\nmetadata:\n  name: my-project\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: project-secret\n    prefix: MY_SECRET_PREFIX_\n    annotations:\n      foo: bar\n    labels:\n      baz: egg\n\n  tags:\n    env: prod\n\n  billingAddress: NYC\n  cloud: aws-eu-west-1\n</code></pre>"},{"location":"api-reference/project.html#Project","title":"Project","text":"<p>Project is the Schema for the projects API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>Project</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). ProjectSpec defines the desired state of Project. See below for nested schema.</li> </ul>"},{"location":"api-reference/project.html#spec","title":"spec","text":"<p>Appears on <code>Project</code>.</p> <p>ProjectSpec defines the desired state of Project.</p> <p>Optional</p> <ul> <li><code>accountId</code> (string, MaxLength: 32). Account ID.</li> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>billingAddress</code> (string, MaxLength: 1000). Billing name and address of the project.</li> <li><code>billingCurrency</code> (string, Enum: <code>AUD</code>, <code>CAD</code>, <code>CHF</code>, <code>DKK</code>, <code>EUR</code>, <code>GBP</code>, <code>NOK</code>, <code>SEK</code>, <code>USD</code>). Billing currency.</li> <li><code>billingEmails</code> (array of strings, MaxItems: 10). Billing contact emails of the project.</li> <li><code>billingExtraText</code> (string, MaxLength: 1000). Extra text to be included in all project invoices, e.g. purchase order or cost center number.</li> <li><code>billingGroupId</code> (string, MinLength: 36, MaxLength: 36). BillingGroup ID.</li> <li><code>cardId</code> (string, MaxLength: 64). Credit card ID; The ID may be either last 4 digits of the card or the actual ID.</li> <li><code>cloud</code> (string, MaxLength: 256). Target cloud, example: aws-eu-central-1.</li> <li><code>connInfoSecretTarget</code> (object). Information regarding secret creation. Exposed keys: <code>PROJECT_CA_CERT</code>. See below for nested schema.</li> <li><code>copyFromProject</code> (string, MaxLength: 63). Project name from which to copy settings to the new project.</li> <li><code>countryCode</code> (string, MinLength: 2, MaxLength: 2). Billing country code of the project.</li> <li><code>tags</code> (object, AdditionalProperties: string). Tags are key-value pairs that allow you to categorize projects.</li> <li><code>technicalEmails</code> (array of strings, MaxItems: 10). Technical contact emails of the project.</li> </ul>"},{"location":"api-reference/project.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/project.html#spec.connInfoSecretTarget","title":"connInfoSecretTarget","text":"<p>Appears on <code>spec</code>.</p> <p>Information regarding secret creation. Exposed keys: <code>PROJECT_CA_CERT</code>.</p> <p>Required</p> <ul> <li><code>name</code> (string). Name of the secret resource to be created. By default, is equal to the resource name.</li> </ul> <p>Optional</p> <ul> <li><code>annotations</code> (object, AdditionalProperties: string). Annotations added to the secret.</li> <li><code>labels</code> (object, AdditionalProperties: string). Labels added to the secret.</li> <li><code>prefix</code> (string). Prefix for the secret's keys. Added \"as is\" without any transformations. By default, is equal to the kind name in uppercase + underscore, e.g. <code>KAFKA_</code>, <code>REDIS_</code>, etc.</li> </ul>"},{"location":"api-reference/projectvpc.html","title":"ProjectVPC","text":""},{"location":"api-reference/projectvpc.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: ProjectVPC\nmetadata:\n  name: my-project-vpc\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: aiven-project-name\n  cloudName: google-europe-west1\n  networkCidr: 10.0.0.0/24\n</code></pre>"},{"location":"api-reference/projectvpc.html#ProjectVPC","title":"ProjectVPC","text":"<p>ProjectVPC is the Schema for the projectvpcs API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>ProjectVPC</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). ProjectVPCSpec defines the desired state of ProjectVPC. See below for nested schema.</li> </ul>"},{"location":"api-reference/projectvpc.html#spec","title":"spec","text":"<p>Appears on <code>ProjectVPC</code>.</p> <p>ProjectVPCSpec defines the desired state of ProjectVPC.</p> <p>Required</p> <ul> <li><code>cloudName</code> (string, Immutable, MaxLength: 256). Cloud the VPC is in.</li> <li><code>networkCidr</code> (string, Immutable, MaxLength: 36). Network address range used by the VPC like 192.168.0.0/24.</li> <li><code>project</code> (string, Immutable, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). The project the VPC belongs to.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> </ul>"},{"location":"api-reference/projectvpc.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/redis.html","title":"Redis","text":""},{"location":"api-reference/redis.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: Redis\nmetadata:\n  name: k8s-redis\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: redis-token\n    prefix: MY_SECRET_PREFIX_\n    annotations:\n      foo: bar\n    labels:\n      baz: egg\n\n  project: my-aiven-project\n  cloudName: google-europe-west1\n  plan: startup-4\n\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n\n  userConfig:\n    redis_maxmemory_policy: \"allkeys-random\"\n</code></pre>"},{"location":"api-reference/redis.html#Redis","title":"Redis","text":"<p>Redis is the Schema for the redis API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>Redis</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). RedisSpec defines the desired state of Redis. See below for nested schema.</li> </ul>"},{"location":"api-reference/redis.html#spec","title":"spec","text":"<p>Appears on <code>Redis</code>.</p> <p>RedisSpec defines the desired state of Redis.</p> <p>Required</p> <ul> <li><code>plan</code> (string, MaxLength: 128). Subscription plan.</li> <li><code>project</code> (string, Immutable, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Target project.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>cloudName</code> (string, MaxLength: 256). Cloud the service runs in.</li> <li><code>connInfoSecretTarget</code> (object). Information regarding secret creation. Exposed keys: <code>REDIS_HOST</code>, <code>REDIS_PORT</code>, <code>REDIS_USER</code>, <code>REDIS_PASSWORD</code>. See below for nested schema.</li> <li><code>disk_space</code> (string, Format: <code>^[1-9][0-9]*(GiB|G)*</code>). The disk space of the service, possible values depend on the service type, the cloud provider and the project. Reducing will result in the service re-balancing.</li> <li><code>maintenanceWindowDow</code> (string, Enum: <code>monday</code>, <code>tuesday</code>, <code>wednesday</code>, <code>thursday</code>, <code>friday</code>, <code>saturday</code>, <code>sunday</code>). Day of week when maintenance operations should be performed. One monday, tuesday, wednesday, etc.</li> <li><code>maintenanceWindowTime</code> (string, MaxLength: 8). Time of day when maintenance operations should be performed. UTC time in HH:mm:ss format.</li> <li><code>projectVPCRef</code> (object). ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically. See below for nested schema.</li> <li><code>projectVpcId</code> (string, MaxLength: 36). Identifier of the VPC the service should be in, if any.</li> <li><code>serviceIntegrations</code> (array of objects, Immutable, MaxItems: 1). Service integrations to specify when creating a service. Not applied after initial service creation. See below for nested schema.</li> <li><code>tags</code> (object, AdditionalProperties: string). Tags are key-value pairs that allow you to categorize services.</li> <li><code>terminationProtection</code> (boolean). Prevent service from being deleted. It is recommended to have this enabled for all services.</li> <li><code>userConfig</code> (object). Redis specific user configuration options. See below for nested schema.</li> </ul>"},{"location":"api-reference/redis.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/redis.html#spec.connInfoSecretTarget","title":"connInfoSecretTarget","text":"<p>Appears on <code>spec</code>.</p> <p>Information regarding secret creation. Exposed keys: <code>REDIS_HOST</code>, <code>REDIS_PORT</code>, <code>REDIS_USER</code>, <code>REDIS_PASSWORD</code>.</p> <p>Required</p> <ul> <li><code>name</code> (string). Name of the secret resource to be created. By default, is equal to the resource name.</li> </ul> <p>Optional</p> <ul> <li><code>annotations</code> (object, AdditionalProperties: string). Annotations added to the secret.</li> <li><code>labels</code> (object, AdditionalProperties: string). Labels added to the secret.</li> <li><code>prefix</code> (string). Prefix for the secret's keys. Added \"as is\" without any transformations. By default, is equal to the kind name in uppercase + underscore, e.g. <code>KAFKA_</code>, <code>REDIS_</code>, etc.</li> </ul>"},{"location":"api-reference/redis.html#spec.projectVPCRef","title":"projectVPCRef","text":"<p>Appears on <code>spec</code>.</p> <p>ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically.</p> <p>Required</p> <ul> <li><code>name</code> (string, MinLength: 1). </li> </ul> <p>Optional</p> <ul> <li><code>namespace</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/redis.html#spec.serviceIntegrations","title":"serviceIntegrations","text":"<p>Appears on <code>spec</code>.</p> <p>Service integrations to specify when creating a service. Not applied after initial service creation.</p> <p>Required</p> <ul> <li><code>integrationType</code> (string, Enum: <code>read_replica</code>). </li> <li><code>sourceServiceName</code> (string, MinLength: 1, MaxLength: 64). </li> </ul>"},{"location":"api-reference/redis.html#spec.userConfig","title":"userConfig","text":"<p>Appears on <code>spec</code>.</p> <p>Redis specific user configuration options.</p> <p>Optional</p> <ul> <li><code>additional_backup_regions</code> (array of strings, MaxItems: 1). Additional Cloud Regions for Backup Replication.</li> <li><code>ip_filter</code> (array of objects, MaxItems: 1024). Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>. See below for nested schema.</li> <li><code>migration</code> (object). Migrate data from existing server. See below for nested schema.</li> <li><code>private_access</code> (object). Allow access to selected service ports from private networks. See below for nested schema.</li> <li><code>privatelink_access</code> (object). Allow access to selected service components through Privatelink. See below for nested schema.</li> <li><code>project_to_fork_from</code> (string, Immutable, MaxLength: 63). Name of another project to fork a service from. This has effect only when a new service is being created.</li> <li><code>public_access</code> (object). Allow access to selected service ports from the public Internet. See below for nested schema.</li> <li><code>recovery_basebackup_name</code> (string, Pattern: <code>^[a-zA-Z0-9-_:.]+$</code>, MaxLength: 128). Name of the basebackup to restore in forked service.</li> <li><code>redis_acl_channels_default</code> (string, Enum: <code>allchannels</code>, <code>resetchannels</code>). Determines default pub/sub channels' ACL for new users if ACL is not supplied. When this option is not defined, all_channels is assumed to keep backward compatibility. This option doesn't affect Redis configuration acl-pubsub-default.</li> <li><code>redis_io_threads</code> (integer, Minimum: 1, Maximum: 32). Set Redis IO thread count. Changing this will cause a restart of the Redis service.</li> <li><code>redis_lfu_decay_time</code> (integer, Minimum: 1, Maximum: 120). LFU maxmemory-policy counter decay time in minutes.</li> <li><code>redis_lfu_log_factor</code> (integer, Minimum: 0, Maximum: 100). Counter logarithm factor for volatile-lfu and allkeys-lfu maxmemory-policies.</li> <li><code>redis_maxmemory_policy</code> (string, Enum: <code>noeviction</code>, <code>allkeys-lru</code>, <code>volatile-lru</code>, <code>allkeys-random</code>, <code>volatile-random</code>, <code>volatile-ttl</code>, <code>volatile-lfu</code>, <code>allkeys-lfu</code>). Redis maxmemory-policy.</li> <li><code>redis_notify_keyspace_events</code> (string, Pattern: <code>^[KEg\\$lshzxeA]*$</code>, MaxLength: 32). Set notify-keyspace-events option.</li> <li><code>redis_number_of_databases</code> (integer, Minimum: 1, Maximum: 128). Set number of Redis databases. Changing this will cause a restart of the Redis service.</li> <li><code>redis_persistence</code> (string, Enum: <code>off</code>, <code>rdb</code>). When persistence is <code>rdb</code>, Redis does RDB dumps each 10 minutes if any key is changed. Also RDB dumps are done according to backup schedule for backup purposes. When persistence is <code>off</code>, no RDB dumps and backups are done, so data can be lost at any moment if service is restarted for any reason, or if service is powered off. Also service can't be forked.</li> <li><code>redis_pubsub_client_output_buffer_limit</code> (integer, Minimum: 32, Maximum: 512). Set output buffer limit for pub / sub clients in MB. The value is the hard limit, the soft limit is 1/4 of the hard limit. When setting the limit, be mindful of the available memory in the selected service plan.</li> <li><code>redis_ssl</code> (boolean). Require SSL to access Redis.</li> <li><code>redis_timeout</code> (integer, Minimum: 0, Maximum: 31536000). Redis idle connection timeout in seconds.</li> <li><code>service_to_fork_from</code> (string, Immutable, MaxLength: 64). Name of another service to fork from. This has effect only when a new service is being created.</li> <li><code>static_ips</code> (boolean). Use static public IP addresses.</li> </ul>"},{"location":"api-reference/redis.html#spec.userConfig.ip_filter","title":"ip_filter","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>.</p> <p>Required</p> <ul> <li><code>network</code> (string, MaxLength: 43). CIDR address block.</li> </ul> <p>Optional</p> <ul> <li><code>description</code> (string, MaxLength: 1024). Description for IP filter list entry.</li> </ul>"},{"location":"api-reference/redis.html#spec.userConfig.migration","title":"migration","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Migrate data from existing server.</p> <p>Required</p> <ul> <li><code>host</code> (string, MaxLength: 255). Hostname or IP address of the server where to migrate data from.</li> <li><code>port</code> (integer, Minimum: 1, Maximum: 65535). Port number of the server where to migrate data from.</li> </ul> <p>Optional</p> <ul> <li><code>dbname</code> (string, MaxLength: 63). Database name for bootstrapping the initial connection.</li> <li><code>ignore_dbs</code> (string, MaxLength: 2048). Comma-separated list of databases, which should be ignored during migration (supported by MySQL and PostgreSQL only at the moment).</li> <li><code>method</code> (string, Enum: <code>dump</code>, <code>replication</code>). The migration method to be used (currently supported only by Redis, Dragonfly, MySQL and PostgreSQL service types).</li> <li><code>password</code> (string, MaxLength: 256). Password for authentication with the server where to migrate data from.</li> <li><code>ssl</code> (boolean). The server where to migrate data from is secured with SSL.</li> <li><code>username</code> (string, MaxLength: 256). User name for authentication with the server where to migrate data from.</li> </ul>"},{"location":"api-reference/redis.html#spec.userConfig.private_access","title":"private_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from private networks.</p> <p>Optional</p> <ul> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> <li><code>redis</code> (boolean). Allow clients to connect to redis with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> </ul>"},{"location":"api-reference/redis.html#spec.userConfig.privatelink_access","title":"privatelink_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service components through Privatelink.</p> <p>Optional</p> <ul> <li><code>prometheus</code> (boolean). Enable prometheus.</li> <li><code>redis</code> (boolean). Enable redis.</li> </ul>"},{"location":"api-reference/redis.html#spec.userConfig.public_access","title":"public_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from the public Internet.</p> <p>Optional</p> <ul> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus from the public internet for service nodes that are in a project VPC or another type of private network.</li> <li><code>redis</code> (boolean). Allow clients to connect to redis from the public internet for service nodes that are in a project VPC or another type of private network.</li> </ul>"},{"location":"api-reference/serviceintegration.html","title":"ServiceIntegration","text":""},{"location":"api-reference/serviceintegration.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: ServiceIntegration\nmetadata:\n  name: my-service-integration\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: aiven-project-name\n\n  integrationType: kafka_logs\n  sourceServiceName: my-source-service-name\n  destinationServiceName: my-destination-service-name\n\n  kafkaLogs:\n    kafka_topic: my-kafka-topic\n</code></pre>"},{"location":"api-reference/serviceintegration.html#ServiceIntegration","title":"ServiceIntegration","text":"<p>ServiceIntegration is the Schema for the serviceintegrations API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>ServiceIntegration</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). ServiceIntegrationSpec defines the desired state of ServiceIntegration. See below for nested schema.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec","title":"spec","text":"<p>Appears on <code>ServiceIntegration</code>.</p> <p>ServiceIntegrationSpec defines the desired state of ServiceIntegration.</p> <p>Required</p> <ul> <li><code>integrationType</code> (string, Enum: <code>alertmanager</code>, <code>autoscaler</code>, <code>caching</code>, <code>cassandra_cross_service_cluster</code>, <code>clickhouse_kafka</code>, <code>clickhouse_postgresql</code>, <code>dashboard</code>, <code>datadog</code>, <code>datasource</code>, <code>external_aws_cloudwatch_logs</code>, <code>external_aws_cloudwatch_metrics</code>, <code>external_elasticsearch_logs</code>, <code>external_google_cloud_logging</code>, <code>external_opensearch_logs</code>, <code>flink</code>, <code>flink_external_kafka</code>, <code>internal_connectivity</code>, <code>jolokia</code>, <code>kafka_connect</code>, <code>kafka_logs</code>, <code>kafka_mirrormaker</code>, <code>logs</code>, <code>m3aggregator</code>, <code>m3coordinator</code>, <code>metrics</code>, <code>opensearch_cross_cluster_replication</code>, <code>opensearch_cross_cluster_search</code>, <code>prometheus</code>, <code>read_replica</code>, <code>rsyslog</code>, <code>schema_registry_proxy</code>, <code>stresstester</code>, <code>thanosquery</code>, <code>thanosstore</code>, <code>vmalert</code>, Immutable). Type of the service integration accepted by Aiven API. Some values may not be supported by the operator.</li> <li><code>project</code> (string, Immutable, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Project the integration belongs to.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>clickhouseKafka</code> (object). Clickhouse Kafka configuration values. See below for nested schema.</li> <li><code>clickhousePostgresql</code> (object). Clickhouse PostgreSQL configuration values. See below for nested schema.</li> <li><code>datadog</code> (object). Datadog specific user configuration options. See below for nested schema.</li> <li><code>destinationEndpointId</code> (string, Immutable, MaxLength: 36). Destination endpoint for the integration (if any).</li> <li><code>destinationProjectName</code> (string, Immutable, MaxLength: 63). Destination project for the integration (if any).</li> <li><code>destinationServiceName</code> (string, Immutable, MaxLength: 64). Destination service for the integration (if any).</li> <li><code>externalAWSCloudwatchMetrics</code> (object). External AWS CloudWatch Metrics integration Logs configuration values. See below for nested schema.</li> <li><code>kafkaConnect</code> (object). Kafka Connect service configuration values. See below for nested schema.</li> <li><code>kafkaLogs</code> (object). Kafka logs configuration values. See below for nested schema.</li> <li><code>kafkaMirrormaker</code> (object). Kafka MirrorMaker configuration values. See below for nested schema.</li> <li><code>logs</code> (object). Logs configuration values. See below for nested schema.</li> <li><code>metrics</code> (object). Metrics configuration values. See below for nested schema.</li> <li><code>sourceEndpointID</code> (string, Immutable, MaxLength: 36). Source endpoint for the integration (if any).</li> <li><code>sourceProjectName</code> (string, Immutable, MaxLength: 63). Source project for the integration (if any).</li> <li><code>sourceServiceName</code> (string, Immutable, MaxLength: 64). Source service for the integration (if any).</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.clickhouseKafka","title":"clickhouseKafka","text":"<p>Appears on <code>spec</code>.</p> <p>Clickhouse Kafka configuration values.</p> <p>Required</p> <ul> <li><code>tables</code> (array of objects, MaxItems: 100). Tables to create. See below for nested schema.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.clickhouseKafka.tables","title":"tables","text":"<p>Appears on <code>spec.clickhouseKafka</code>.</p> <p>Tables to create.</p> <p>Required</p> <ul> <li><code>columns</code> (array of objects, MaxItems: 100). Table columns. See below for nested schema.</li> <li><code>data_format</code> (string, Enum: <code>Avro</code>, <code>CSV</code>, <code>JSONAsString</code>, <code>JSONCompactEachRow</code>, <code>JSONCompactStringsEachRow</code>, <code>JSONEachRow</code>, <code>JSONStringsEachRow</code>, <code>MsgPack</code>, <code>TSKV</code>, <code>TSV</code>, <code>TabSeparated</code>, <code>RawBLOB</code>, <code>AvroConfluent</code>). Message data format.</li> <li><code>group_name</code> (string, MinLength: 1, MaxLength: 249). Kafka consumers group.</li> <li><code>name</code> (string, MinLength: 1, MaxLength: 40). Name of the table.</li> <li><code>topics</code> (array of objects, MaxItems: 100). Kafka topics. See below for nested schema.</li> </ul> <p>Optional</p> <ul> <li><code>auto_offset_reset</code> (string, Enum: <code>smallest</code>, <code>earliest</code>, <code>beginning</code>, <code>largest</code>, <code>latest</code>, <code>end</code>). Action to take when there is no initial offset in offset store or the desired offset is out of range.</li> <li><code>date_time_input_format</code> (string, Enum: <code>basic</code>, <code>best_effort</code>, <code>best_effort_us</code>). Method to read DateTime from text input formats.</li> <li><code>handle_error_mode</code> (string, Enum: <code>default</code>, <code>stream</code>). How to handle errors for Kafka engine.</li> <li><code>max_block_size</code> (integer, Minimum: 0, Maximum: 1000000000). Number of row collected by poll(s) for flushing data from Kafka.</li> <li><code>max_rows_per_message</code> (integer, Minimum: 1, Maximum: 1000000000). The maximum number of rows produced in one kafka message for row-based formats.</li> <li><code>num_consumers</code> (integer, Minimum: 1, Maximum: 10). The number of consumers per table per replica.</li> <li><code>poll_max_batch_size</code> (integer, Minimum: 0, Maximum: 1000000000). Maximum amount of messages to be polled in a single Kafka poll.</li> <li><code>skip_broken_messages</code> (integer, Minimum: 0, Maximum: 1000000000). Skip at least this number of broken messages from Kafka topic per block.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.clickhouseKafka.tables.columns","title":"columns","text":"<p>Appears on <code>spec.clickhouseKafka.tables</code>.</p> <p>Table columns.</p> <p>Required</p> <ul> <li><code>name</code> (string, MinLength: 1, MaxLength: 40). Column name.</li> <li><code>type</code> (string, MinLength: 1, MaxLength: 1000). Column type.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.clickhouseKafka.tables.topics","title":"topics","text":"<p>Appears on <code>spec.clickhouseKafka.tables</code>.</p> <p>Kafka topics.</p> <p>Required</p> <ul> <li><code>name</code> (string, MinLength: 1, MaxLength: 249). Name of the topic.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.clickhousePostgresql","title":"clickhousePostgresql","text":"<p>Appears on <code>spec</code>.</p> <p>Clickhouse PostgreSQL configuration values.</p> <p>Required</p> <ul> <li><code>databases</code> (array of objects, MaxItems: 10). Databases to expose. See below for nested schema.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.clickhousePostgresql.databases","title":"databases","text":"<p>Appears on <code>spec.clickhousePostgresql</code>.</p> <p>Databases to expose.</p> <p>Optional</p> <ul> <li><code>database</code> (string, MinLength: 1, MaxLength: 63). PostgreSQL database to expose.</li> <li><code>schema</code> (string, MinLength: 1, MaxLength: 63). PostgreSQL schema to expose.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.datadog","title":"datadog","text":"<p>Appears on <code>spec</code>.</p> <p>Datadog specific user configuration options.</p> <p>Optional</p> <ul> <li><code>datadog_dbm_enabled</code> (boolean). Enable Datadog Database Monitoring.</li> <li><code>datadog_tags</code> (array of objects, MaxItems: 32). Custom tags provided by user. See below for nested schema.</li> <li><code>exclude_consumer_groups</code> (array of strings, MaxItems: 1024). List of custom metrics.</li> <li><code>exclude_topics</code> (array of strings, MaxItems: 1024). List of topics to exclude.</li> <li><code>include_consumer_groups</code> (array of strings, MaxItems: 1024). List of custom metrics.</li> <li><code>include_topics</code> (array of strings, MaxItems: 1024). List of topics to include.</li> <li><code>kafka_custom_metrics</code> (array of strings, MaxItems: 1024). List of custom metrics.</li> <li><code>max_jmx_metrics</code> (integer, Minimum: 10, Maximum: 100000). Maximum number of JMX metrics to send.</li> <li><code>opensearch</code> (object). Datadog Opensearch Options. See below for nested schema.</li> <li><code>redis</code> (object). Datadog Redis Options. See below for nested schema.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.datadog.datadog_tags","title":"datadog_tags","text":"<p>Appears on <code>spec.datadog</code>.</p> <p>Custom tags provided by user.</p> <p>Required</p> <ul> <li><code>tag</code> (string, MinLength: 1, MaxLength: 200). Tag format and usage are described here: https://docs.datadoghq.com/getting_started/tagging. Tags with prefix <code>aiven-</code> are reserved for Aiven.</li> </ul> <p>Optional</p> <ul> <li><code>comment</code> (string, MaxLength: 1024). Optional tag explanation.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.datadog.opensearch","title":"opensearch","text":"<p>Appears on <code>spec.datadog</code>.</p> <p>Datadog Opensearch Options.</p> <p>Optional</p> <ul> <li><code>index_stats_enabled</code> (boolean). Enable Datadog Opensearch Index Monitoring.</li> <li><code>pending_task_stats_enabled</code> (boolean). Enable Datadog Opensearch Pending Task Monitoring.</li> <li><code>pshard_stats_enabled</code> (boolean). Enable Datadog Opensearch Primary Shard Monitoring.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.datadog.redis","title":"redis","text":"<p>Appears on <code>spec.datadog</code>.</p> <p>Datadog Redis Options.</p> <p>Required</p> <ul> <li><code>command_stats_enabled</code> (boolean). Enable command_stats option in the agent's configuration.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.externalAWSCloudwatchMetrics","title":"externalAWSCloudwatchMetrics","text":"<p>Appears on <code>spec</code>.</p> <p>External AWS CloudWatch Metrics integration Logs configuration values.</p> <p>Optional</p> <ul> <li><code>dropped_metrics</code> (array of objects, MaxItems: 1024). Metrics to not send to AWS CloudWatch (takes precedence over extra_metrics). See below for nested schema.</li> <li><code>extra_metrics</code> (array of objects, MaxItems: 1024). Metrics to allow through to AWS CloudWatch (in addition to default metrics). See below for nested schema.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.externalAWSCloudwatchMetrics.dropped_metrics","title":"dropped_metrics","text":"<p>Appears on <code>spec.externalAWSCloudwatchMetrics</code>.</p> <p>Metrics to not send to AWS CloudWatch (takes precedence over extra_metrics).</p> <p>Required</p> <ul> <li><code>field</code> (string, MaxLength: 1000). Identifier of a value in the metric.</li> <li><code>metric</code> (string, MaxLength: 1000). Identifier of the metric.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.externalAWSCloudwatchMetrics.extra_metrics","title":"extra_metrics","text":"<p>Appears on <code>spec.externalAWSCloudwatchMetrics</code>.</p> <p>Metrics to allow through to AWS CloudWatch (in addition to default metrics).</p> <p>Required</p> <ul> <li><code>field</code> (string, MaxLength: 1000). Identifier of a value in the metric.</li> <li><code>metric</code> (string, MaxLength: 1000). Identifier of the metric.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.kafkaConnect","title":"kafkaConnect","text":"<p>Appears on <code>spec</code>.</p> <p>Kafka Connect service configuration values.</p> <p>Required</p> <ul> <li><code>kafka_connect</code> (object). Kafka Connect service configuration values. See below for nested schema.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.kafkaConnect.kafka_connect","title":"kafka_connect","text":"<p>Appears on <code>spec.kafkaConnect</code>.</p> <p>Kafka Connect service configuration values.</p> <p>Optional</p> <ul> <li><code>config_storage_topic</code> (string, MaxLength: 249). The name of the topic where connector and task configuration data are stored.This must be the same for all workers with the same group_id.</li> <li><code>group_id</code> (string, MaxLength: 249). A unique string that identifies the Connect cluster group this worker belongs to.</li> <li><code>offset_storage_topic</code> (string, MaxLength: 249). The name of the topic where connector and task configuration offsets are stored.This must be the same for all workers with the same group_id.</li> <li><code>status_storage_topic</code> (string, MaxLength: 249). The name of the topic where connector and task configuration status updates are stored.This must be the same for all workers with the same group_id.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.kafkaLogs","title":"kafkaLogs","text":"<p>Appears on <code>spec</code>.</p> <p>Kafka logs configuration values.</p> <p>Required</p> <ul> <li><code>kafka_topic</code> (string, MinLength: 1, MaxLength: 249). Topic name.</li> </ul> <p>Optional</p> <ul> <li><code>selected_log_fields</code> (array of strings, MaxItems: 5). The list of logging fields that will be sent to the integration logging service. The MESSAGE and timestamp fields are always sent.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.kafkaMirrormaker","title":"kafkaMirrormaker","text":"<p>Appears on <code>spec</code>.</p> <p>Kafka MirrorMaker configuration values.</p> <p>Optional</p> <ul> <li><code>cluster_alias</code> (string, Pattern: <code>^[a-zA-Z0-9_.-]+$</code>, MaxLength: 128). The alias under which the Kafka cluster is known to MirrorMaker. Can contain the following symbols: ASCII alphanumerics, <code>.</code>, <code>_</code>, and <code>-</code>.</li> <li><code>kafka_mirrormaker</code> (object). Kafka MirrorMaker configuration values. See below for nested schema.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.kafkaMirrormaker.kafka_mirrormaker","title":"kafka_mirrormaker","text":"<p>Appears on <code>spec.kafkaMirrormaker</code>.</p> <p>Kafka MirrorMaker configuration values.</p> <p>Optional</p> <ul> <li><code>consumer_fetch_min_bytes</code> (integer, Minimum: 1, Maximum: 5242880). The minimum amount of data the server should return for a fetch request.</li> <li><code>producer_batch_size</code> (integer, Minimum: 0, Maximum: 5242880). The batch size in bytes producer will attempt to collect before publishing to broker.</li> <li><code>producer_buffer_memory</code> (integer, Minimum: 5242880, Maximum: 134217728). The amount of bytes producer can use for buffering data before publishing to broker.</li> <li><code>producer_compression_type</code> (string, Enum: <code>gzip</code>, <code>snappy</code>, <code>lz4</code>, <code>zstd</code>, <code>none</code>). Specify the default compression type for producers. This configuration accepts the standard compression codecs (<code>gzip</code>, <code>snappy</code>, <code>lz4</code>, <code>zstd</code>). It additionally accepts <code>none</code> which is the default and equivalent to no compression.</li> <li><code>producer_linger_ms</code> (integer, Minimum: 0, Maximum: 5000). The linger time (ms) for waiting new data to arrive for publishing.</li> <li><code>producer_max_request_size</code> (integer, Minimum: 0, Maximum: 268435456). The maximum request size in bytes.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.logs","title":"logs","text":"<p>Appears on <code>spec</code>.</p> <p>Logs configuration values.</p> <p>Optional</p> <ul> <li><code>elasticsearch_index_days_max</code> (integer, Minimum: 1, Maximum: 10000). Elasticsearch index retention limit.</li> <li><code>elasticsearch_index_prefix</code> (string, MinLength: 1, MaxLength: 1024). Elasticsearch index prefix.</li> <li><code>selected_log_fields</code> (array of strings, MaxItems: 5). The list of logging fields that will be sent to the integration logging service. The MESSAGE and timestamp fields are always sent.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.metrics","title":"metrics","text":"<p>Appears on <code>spec</code>.</p> <p>Metrics configuration values.</p> <p>Optional</p> <ul> <li><code>database</code> (string, Pattern: <code>^[_A-Za-z0-9][-_A-Za-z0-9]{0,39}$</code>, MaxLength: 40). Name of the database where to store metric datapoints. Only affects PostgreSQL destinations. Defaults to <code>metrics</code>. Note that this must be the same for all metrics integrations that write data to the same PostgreSQL service.</li> <li><code>retention_days</code> (integer, Minimum: 0, Maximum: 10000). Number of days to keep old metrics. Only affects PostgreSQL destinations. Set to 0 for no automatic cleanup. Defaults to 30 days.</li> <li><code>ro_username</code> (string, Pattern: <code>^[_A-Za-z0-9][-._A-Za-z0-9]{0,39}$</code>, MaxLength: 40). Name of a user that can be used to read metrics. This will be used for Grafana integration (if enabled) to prevent Grafana users from making undesired changes. Only affects PostgreSQL destinations. Defaults to <code>metrics_reader</code>. Note that this must be the same for all metrics integrations that write data to the same PostgreSQL service.</li> <li><code>source_mysql</code> (object). Configuration options for metrics where source service is MySQL. See below for nested schema.</li> <li><code>username</code> (string, Pattern: <code>^[_A-Za-z0-9][-._A-Za-z0-9]{0,39}$</code>, MaxLength: 40). Name of the user used to write metrics. Only affects PostgreSQL destinations. Defaults to <code>metrics_writer</code>. Note that this must be the same for all metrics integrations that write data to the same PostgreSQL service.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.metrics.source_mysql","title":"source_mysql","text":"<p>Appears on <code>spec.metrics</code>.</p> <p>Configuration options for metrics where source service is MySQL.</p> <p>Required</p> <ul> <li><code>telegraf</code> (object). Configuration options for Telegraf MySQL input plugin. See below for nested schema.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.metrics.source_mysql.telegraf","title":"telegraf","text":"<p>Appears on <code>spec.metrics.source_mysql</code>.</p> <p>Configuration options for Telegraf MySQL input plugin.</p> <p>Optional</p> <ul> <li><code>gather_event_waits</code> (boolean). Gather metrics from PERFORMANCE_SCHEMA.EVENT_WAITS.</li> <li><code>gather_file_events_stats</code> (boolean). gather metrics from PERFORMANCE_SCHEMA.FILE_SUMMARY_BY_EVENT_NAME.</li> <li><code>gather_index_io_waits</code> (boolean). Gather metrics from PERFORMANCE_SCHEMA.TABLE_IO_WAITS_SUMMARY_BY_INDEX_USAGE.</li> <li><code>gather_info_schema_auto_inc</code> (boolean). Gather auto_increment columns and max values from information schema.</li> <li><code>gather_innodb_metrics</code> (boolean). Gather metrics from INFORMATION_SCHEMA.INNODB_METRICS.</li> <li><code>gather_perf_events_statements</code> (boolean). Gather metrics from PERFORMANCE_SCHEMA.EVENTS_STATEMENTS_SUMMARY_BY_DIGEST.</li> <li><code>gather_process_list</code> (boolean). Gather thread state counts from INFORMATION_SCHEMA.PROCESSLIST.</li> <li><code>gather_slave_status</code> (boolean). Gather metrics from SHOW SLAVE STATUS command output.</li> <li><code>gather_table_io_waits</code> (boolean). Gather metrics from PERFORMANCE_SCHEMA.TABLE_IO_WAITS_SUMMARY_BY_TABLE.</li> <li><code>gather_table_lock_waits</code> (boolean). Gather metrics from PERFORMANCE_SCHEMA.TABLE_LOCK_WAITS.</li> <li><code>gather_table_schema</code> (boolean). Gather metrics from INFORMATION_SCHEMA.TABLES.</li> <li><code>perf_events_statements_digest_text_limit</code> (integer, Minimum: 1, Maximum: 2048). Truncates digest text from perf_events_statements into this many characters.</li> <li><code>perf_events_statements_limit</code> (integer, Minimum: 1, Maximum: 4000). Limits metrics from perf_events_statements.</li> <li><code>perf_events_statements_time_limit</code> (integer, Minimum: 1, Maximum: 2592000). Only include perf_events_statements whose last seen is less than this many seconds.</li> </ul>"},{"location":"api-reference/serviceuser.html","title":"ServiceUser","text":""},{"location":"api-reference/serviceuser.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: ServiceUser\nmetadata:\n  name: my-service-user\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: service-user-secret\n    prefix: MY_SECRET_PREFIX_\n    annotations:\n      foo: bar\n    labels:\n      baz: egg\n\n  project: aiven-project-name\n  serviceName: my-service-name\n</code></pre>"},{"location":"api-reference/serviceuser.html#ServiceUser","title":"ServiceUser","text":"<p>ServiceUser is the Schema for the serviceusers API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>ServiceUser</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). ServiceUserSpec defines the desired state of ServiceUser. See below for nested schema.</li> </ul>"},{"location":"api-reference/serviceuser.html#spec","title":"spec","text":"<p>Appears on <code>ServiceUser</code>.</p> <p>ServiceUserSpec defines the desired state of ServiceUser.</p> <p>Required</p> <ul> <li><code>project</code> (string, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Project to link the user to.</li> <li><code>serviceName</code> (string, MaxLength: 63). Service to link the user to.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>authentication</code> (string, Enum: <code>caching_sha2_password</code>, <code>mysql_native_password</code>). Authentication details.</li> <li><code>connInfoSecretTarget</code> (object). Information regarding secret creation. Exposed keys: <code>SERVICEUSER_HOST</code>, <code>SERVICEUSER_PORT</code>, <code>SERVICEUSER_USERNAME</code>, <code>SERVICEUSER_PASSWORD</code>, <code>SERVICEUSER_CA_CERT</code>, <code>SERVICEUSER_ACCESS_CERT</code>, <code>SERVICEUSER_ACCESS_KEY</code>. See below for nested schema.</li> </ul>"},{"location":"api-reference/serviceuser.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/serviceuser.html#spec.connInfoSecretTarget","title":"connInfoSecretTarget","text":"<p>Appears on <code>spec</code>.</p> <p>Information regarding secret creation. Exposed keys: <code>SERVICEUSER_HOST</code>, <code>SERVICEUSER_PORT</code>, <code>SERVICEUSER_USERNAME</code>, <code>SERVICEUSER_PASSWORD</code>, <code>SERVICEUSER_CA_CERT</code>, <code>SERVICEUSER_ACCESS_CERT</code>, <code>SERVICEUSER_ACCESS_KEY</code>.</p> <p>Required</p> <ul> <li><code>name</code> (string). Name of the secret resource to be created. By default, is equal to the resource name.</li> </ul> <p>Optional</p> <ul> <li><code>annotations</code> (object, AdditionalProperties: string). Annotations added to the secret.</li> <li><code>labels</code> (object, AdditionalProperties: string). Labels added to the secret.</li> <li><code>prefix</code> (string). Prefix for the secret's keys. Added \"as is\" without any transformations. By default, is equal to the kind name in uppercase + underscore, e.g. <code>KAFKA_</code>, <code>REDIS_</code>, etc.</li> </ul>"},{"location":"contributing/index.html","title":"Contributing Guidelines","text":"<p>The Aiven Operator for Kubernetes project accepts contributions via GitHub pull requests. This document outlines the process to help get your contribution accepted.</p> <p>Please see also the Aiven Operator for Kubernetes Developer Guide.</p>"},{"location":"contributing/index.html#support-channels","title":"Support Channels","text":"<p>This project offers support through GitHub issues and can be filed here. Moreover, GitHub issues are used as the primary method for tracking anything to do with the Aiven Operator for Kubernetes project.</p>"},{"location":"contributing/index.html#pull-request-process","title":"Pull Request Process","text":"<ol> <li>Ensure any install or build dependencies are removed before the end of the layer when doing a build.</li> <li>Increase the version numbers in any examples files and the README.md and in corresponding file in he /docs folder to    the new version that this Pull Request would represent. The versioning scheme we use is SemVer.</li> <li>You may merge the Pull Request in once you have the sign-off of two other developers, or if you do not have    permission to do that, you may request the second reviewer to merge it for you.</li> </ol>"},{"location":"contributing/index.html#code-of-conduct","title":"Code of Conduct","text":""},{"location":"contributing/index.html#our-pledge","title":"Our Pledge","text":"<p>In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation.</p>"},{"location":"contributing/index.html#our-standards","title":"Our Standards","text":"<p>Examples of behavior that contributes to creating a positive environment include:</p> <ul> <li>Using welcoming and inclusive language</li> <li>Being respectful of differing viewpoints and experiences</li> <li>Gracefully accepting constructive criticism</li> <li>Focusing on what is best for the community</li> <li>Showing empathy towards other community members</li> </ul> <p>Examples of unacceptable behavior by participants include:</p> <ul> <li>The use of sexualized language or imagery and unwelcome sexual attention or advances</li> <li>Trolling, insulting/derogatory comments, and personal or political attacks</li> <li>Public or private harassment</li> <li>Publishing others' private information, such as a physical or electronic address, without explicit permission</li> <li>Other conduct which could reasonably be considered inappropriate in a professional setting</li> </ul>"},{"location":"contributing/index.html#commit-messages","title":"Commit Messages","text":"<p>This project adheres to the Conventional Commits specification. Please, make sure that your commit messages follow that specification.</p>"},{"location":"contributing/index.html#our-responsibilities","title":"Our Responsibilities","text":"<p>Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior.</p> <p>Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful.</p>"},{"location":"contributing/index.html#scope","title":"Scope","text":"<p>This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers.</p>"},{"location":"contributing/index.html#enforcement","title":"Enforcement","text":"<p>Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at opensource@aiven.io. All complaints will be reviewed and investigated and will result in a response that is deemed necessary and appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately.</p> <p>Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership.</p>"},{"location":"contributing/developer-guide.html","title":"Developer guide","text":""},{"location":"contributing/developer-guide.html#getting-started","title":"Getting Started","text":"<p>You must have a working Go environment and then clone the repository:</p> <pre><code>git clone git@github.com:aiven/aiven-operator.git\ncd aiven-operator\n</code></pre>"},{"location":"contributing/developer-guide.html#resource-generation","title":"Resource generation","text":"<p>Please see this page for more information.</p>"},{"location":"contributing/developer-guide.html#building","title":"Building","text":"<p>The project uses the <code>make</code> build system.</p> <p>Building the operator binary:</p> <pre><code>make build\n</code></pre>"},{"location":"contributing/developer-guide.html#testing","title":"Testing","text":"<p>As of now, we only support integration tests who interact directly with Aiven. To run the tests, you'll need an Aiven account and an Aiven authentication code.</p>"},{"location":"contributing/developer-guide.html#prerequisites","title":"Prerequisites","text":"<p>Please have installed first:</p> <ul> <li>docker/podman</li> <li>helm</li> <li>Aiven CLI (make sure you have logged in)</li> <li>jq</li> <li>kcat</li> <li>base64, note: MACOS version doesn't support <code>-w0</code> flag, some tests may not work properly</li> <li>kind, and existing cluster, e.g.     <pre><code> kind create cluster --image kindest/node:v1.24.0 --wait 5m\n</code></pre></li> </ul> <p>The following commands must be executed with these environment variables (keep them in secret!):</p> <ul> <li><code>AIVEN_TOKEN</code> \u2014 your authentication token </li> <li><code>AIVEN_PROJECT_NAME</code> \u2014 your Aiven project name to run services in</li> </ul> <p>Setup everything:</p> <pre><code>make e2e-setup-kind\n</code></pre> <p>Note</p> <p>Additionally, webhooks can be disabled,  if there are any problems with them.</p> <pre><code>WEBHOOKS_ENABLED=false make e2e-setup-kind\n</code></pre> <p>Run e2e tests (creates real services in <code>AIVEN_PROJECT_NAME</code>):</p> <pre><code>make test-e2e-preinstalled \n</code></pre> <p>When you're done, just drop the cluster:</p> <pre><code>kind delete cluster\n</code></pre>"},{"location":"contributing/developer-guide.html#documentation","title":"Documentation","text":"<p>The documentation is written in markdown and generated by mkdocs and mkdocs-material. </p> <p>To run the documentation live preview:</p> <pre><code>make serve-docs\n</code></pre> <p>And open the <code>http://localhost:8000/aiven-operator/</code> page in your web browser.</p> <p>The documentation API Reference section is generated automatically from the source code during the documentation deployment. To generate it locally, run the following command:</p> <pre><code>make docs\n</code></pre>"},{"location":"contributing/resource-generation.html","title":"Resource generation","text":"<p>Aiven Kubernetes Operator generates service configs code (also known as user configs) and documentation from public service types schema.</p>"},{"location":"contributing/resource-generation.html#flow-overview","title":"Flow overview","text":"<p>When a new schema is issued on the API, a cron job fetches it, parses, patches, and saves in a shared library \u2014 go-api-schemas.</p> <p>When the library is updated,  the GitHub dependabot creates PRs to the dependant repositories,  like Aiven Kubernetes Operator and Aiven Terraform Provider.</p> <p>Then the <code>make generate</code> command is called by GitHub action. And the PR is ready for review.</p> <pre><code>flowchart TB\n    API(Aiven API) &lt;-.-&gt;|polls schema updates| Schema([go-api-schemas])\n    Bot(dependabot) &lt;-.-&gt;|polls updates| Schema \n    Bot--&gt;|pull request|UpdateOP[/\"\u2728 $ make generate \u2728\"/]\n    UpdateOP--&gt;|review| OP([operator repository])</code></pre>"},{"location":"contributing/resource-generation.html#make-generate","title":"make generate","text":"<p>The command runs several generators in a certain sequence. First, the user config generator is called. Then controller-gen cli. Then API reference docs generator and charts generator.</p> <p>Here how it goes in the details:</p> <ol> <li>User config generator creates Go structs (k8s api compatible objects) with docstrings,     validation rules and constraints (immutable, maxLength, etc)</li> <li>controller-gen generates k8s methods,    generates CRDs for those objects,     creates charts for cluster roles and webhooks. </li> <li>Docs generator creates API reference out of CRDs:<ol> <li>it looks for an example file for the given CRD kind in <code>./&lt;api-reference-docs&gt;/example/</code>,    if it finds one, it validates that with the CRD.     Each CRD has an OpenAPI v3 schema as a part of it.     This is also used by Kubernetes itself to validate user input.</li> <li>generates full spec reference out of the schema</li> <li>creates a markdown file with spec and example (if exists)</li> </ol> </li> <li>Charts generator     updates CRDs, webhooks and cluster roles charts,    adds all changes to the changelog </li> </ol> <pre><code>flowchart TB\n    Make[/$ make generate/]--&gt;Generator(userconfig generator&lt;br&gt; creates/updates structs using updated spec)\n    Generator--&gt;|go: KafkaUserConfig struct| K8S(controller-gen&lt;br&gt; adds k8s methods to structs)\n    K8S--&gt;|go files| CRD(controller-gen&lt;br&gt; creates CRDs out of structs)\n    CRD--&gt;|CRD: aiven.io_kafkas.yaml| Docs(docs generator)\n    subgraph API reference generation\n        Docs--&gt;|aiven.io_kafkas.yaml|Reference(creates reference&lt;br&gt; out of CRD)\n        Docs--&gt;|examples/kafka.yaml,&lt;br&gt; aiven.io_kafkas.yaml|Examples(validates example&lt;br&gt; using CRD)\n        Examples--&gt; Markdown(creates docs out of CRDs, adds examples)\n        Reference--&gt;Markdown(kafka.md)\n    end\n    CRD--&gt;|yaml files|Charts(charts generator&lt;br&gt; updates helm charts&lt;br&gt; and the changelog)\n    Charts--&gt;ToRelease(\"Ready to release \ud83c\udf89\")\n    Markdown--&gt;ToRelease</code></pre>"},{"location":"contributing/resource-generation.html#charts-version-bump","title":"Charts version bump","text":"<p>By default, charts generator keeps the current helm chart's version, because it doesn't know semver. You need it to do manually.</p> <p>To do so run the following command with the version of your choice:</p> <pre><code>make version=v1.0.0 charts\n</code></pre>"},{"location":"installation/helm.html","title":"Installing with Helm (recommended)","text":""},{"location":"installation/helm.html#installing","title":"Installing","text":"<p>The Aiven Operator for Kubernetes can be installed via Helm. </p> <p>Before you start, make sure you have the prerequisites.</p> <p>First add the Aiven Helm repository:</p> <pre><code>helm repo add aiven https://aiven.github.io/aiven-charts &amp;&amp; helm repo update\n</code></pre>"},{"location":"installation/helm.html#installing-custom-resource-definitions","title":"Installing Custom Resource Definitions","text":"<pre><code>helm install aiven-operator-crds aiven/aiven-operator-crds\n</code></pre> <p>Verify the installation: <pre><code>kubectl api-resources --api-group=aiven.io\n</code></pre> The output is similar to the following:</p> <pre><code>NAME                  SHORTNAMES   APIVERSION          NAMESPACED   KIND\nconnectionpools                    aiven.io/v1alpha1   true         ConnectionPool\ndatabases                          aiven.io/v1alpha1   true         Database\n... &lt; several omitted lines &gt;\n</code></pre>"},{"location":"installation/helm.html#installing-the-operator","title":"Installing the Operator","text":"<pre><code>helm install aiven-operator aiven/aiven-operator\n</code></pre> <p>Note</p> <p>Installation will fail if webhooks are enabled and the CRDs for the cert-manager are not installed.</p> <p>Verify the installation:  <pre><code>helm status aiven-operator\n</code></pre></p> <p>The output is similar to the following:</p> <pre><code>NAME: aiven-operator\nLAST DEPLOYED: Fri Sep 10 15:23:26 2021\nNAMESPACE: default\nSTATUS: deployed\nREVISION: 1\nTEST SUITE: None\n</code></pre> <p>It is also possible to install the operator without webhooks enabled: <pre><code>helm install aiven-operator aiven/aiven-operator --set webhooks.enabled=false\n</code></pre></p>"},{"location":"installation/helm.html#configuration-options","title":"Configuration Options","text":"<p>Please refer to the values.yaml of the chart.</p>"},{"location":"installation/helm.html#installing-without-full-cluster-administrator-access","title":"Installing without full cluster administrator access","text":"<p>There can be some scenarios where the individual installing the Helm chart does not have the ability to provision cluster-wide resources (e.g. ClusterRoles/ClusterRoleBindings). In this scenario, you can have a cluster administrator manually install the ClusterRole and ClusterRoleBinding the operator requires prior to installing the Helm chart specifying <code>false</code> for the <code>clusterRole.create</code> attribute. </p>"},{"location":"installation/helm.html#uninstalling","title":"Uninstalling","text":"<p>Important</p> <p>Please see this page for more information.</p> <p>Find out the name of your deployment:</p> <pre><code>helm list\n</code></pre> <p>The output has the name of each deployment similar to the following: </p> <pre><code>NAME                NAMESPACE   REVISION    UPDATED                                     STATUS      CHART                       APP VERSION\naiven-operator      default     1           2021-09-09 10:56:14.623700249 +0200 CEST    deployed    aiven-operator-v0.1.0       v0.1.0     \naiven-operator-crds default     1           2021-09-09 10:56:05.736411868 +0200 CEST    deployed    aiven-operator-crds-v0.1.0  v0.1.0\n</code></pre> <p>Remove the CRDs:</p> <pre><code>helm uninstall aiven-operator-crds\n</code></pre> <p>The confirmation message is similar to the following:</p> <pre><code>release \"aiven-operator-crds\" uninstalled\n</code></pre> <p>Remove the operator:</p> <pre><code>helm uninstall aiven-operator\n</code></pre> <p>The confirmation message is similar to the following:</p> <pre><code>release \"aiven-operator\" uninstalled\n</code></pre>"},{"location":"installation/kubectl.html","title":"Installing with kubectl","text":""},{"location":"installation/kubectl.html#installing","title":"Installing","text":"<p>Before you start, make sure you have the prerequisites.</p> <p>All Aiven Operator for Kubernetes components can be installed from one YAML file that is uploaded for every release:</p> <pre><code>kubectl apply -f https://github.com/aiven/aiven-operator/releases/latest/download/deployment.yaml\n</code></pre> <p>By default the Deployment is installed into the <code>aiven-operator-system</code> namespace.</p>"},{"location":"installation/kubectl.html#uninstalling","title":"Uninstalling","text":"<p>Assuming you installed version <code>vX.Y.Z</code> of the operator it can be uninstalled via</p> <pre><code>kubectl delete -f https://github.com/aiven/aiven-operator/releases/download/vX.Y.Z/deployment.yaml\n</code></pre>"},{"location":"installation/prerequisites.html","title":"Prerequisites","text":"<p>The Aiven Operator for Kubernetes supports all major Kubernetes distributions, both locally and in the cloud.</p> <p>Make sure you have the following:</p> <ul> <li>To use the operator, you need admin access to a Kubernetes cluster.</li> <li>For playground usage you can use kind for example.</li> <li>For productive usage Helm is recommended.</li> </ul>"},{"location":"installation/prerequisites.html#cert-manager","title":"Cert Manager","text":"<p>The Aiven Operator for Kubernetes uses <code>cert-manager</code> to configure the service reference of our webhooks.</p> <p>Please follow the installation instructions on their website.</p> <p>Note</p> <p>This is not required in the Helm installation if you select to disable webhooks,  but that is not recommended outside of playground use.  The Aiven Operator for Kubernetes uses webhooks for setting defaults  and enforcing invariants that are expected by the aiven API and will lead to errors if ignored.  In the future webhooks will also be used for conversion and supporting multiple CRD versions.</p>"},{"location":"installation/uninstalling.html","title":"Uninstalling","text":"<p>Danger</p> <p>Uninstalling the Aiven Operator for Kubernetes can remove the resources created in Aiven, possibly resulting in data loss.</p> <p>Depending on your installation, please follow one of:</p> <ul> <li>Helm</li> <li>kubectl</li> </ul>"},{"location":"installation/uninstalling.html#dealing-with-expired-tokens","title":"Dealing with expired tokens","text":"<p>Aiven resources need to have an accompanying secret that contains the token that is used to authorize the manipulation of that resource. If that token expired then you will not be able to delete the custom resource and deletion will also hang until the situation is resolved. The recommended approach to deal with that situation is to patch a valid token into the secret again so that proper cleanup of aiven resources can take place.</p>"},{"location":"installation/uninstalling.html#hanging-deletions","title":"Hanging deletions","text":"<p>To protect the secrets that the operator is using from deletion, it adds the finalizer <code>finalizers.aiven.io/needed-to-delete-services</code> to the secret. This solves a race condition that happens when deleting a namespace, where there is a possibility of the secret getting deleted before the resource that uses it. When the controller is deleted it may not cleanup the finalizers from all secrets. If there is a secret with this finalizer blocking deletion of a namespace, for now please do</p> <pre><code>kubectl patch secret &lt;offending-secret&gt; -p '{\"metadata\":{\"finalizers\":null}}' --type=merge\n</code></pre> <p>to remove the finalizer.</p>"},{"location":"resources/cassandra.html","title":"Cassandra","text":"<p>Aiven for Apache Cassandra\u00ae is a distributed database designed to handle large volumes of writes.</p> <p>Note</p> <p>Before going through this guide, make sure you have a Kubernetes cluster with the operator installed and a Kubernetes Secret with an Aiven authentication token.</p>"},{"location":"resources/cassandra.html#creating-a-cassandra-instance","title":"Creating a Cassandra instance","text":"<p>1. Create a file named <code>cassandra-sample.yaml</code>, and add the following content: </p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: Cassandra\nmetadata:\n  name: cassandra-sample\nspec:\n  # gets the authentication token from the `aiven-token` Secret\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  # outputs the Cassandra connection on the `cassandra-secret` Secret\n  connInfoSecretTarget:\n    name: cassandra-secret\n\n  # add your Project name here\n  project: &lt;your-project-name&gt;\n\n  # cloud provider and plan of your choice\n  # you can check all of the possibilities here https://aiven.io/pricing\n  cloudName: google-europe-west1\n  plan: startup-4\n\n  # general Aiven configuration\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n</code></pre> <p>2. Create the service by applying the configuration:</p> <pre><code>kubectl apply -f cassandra-sample.yaml \n</code></pre> <p>The output is:</p> <pre><code>cassandra.aiven.io/cassandra-sample created\n</code></pre> <p>3. Review the resource you created with this command:</p> <pre><code>kubectl describe cassandra.aiven.io cassandra-sample\n</code></pre> <p>The output is similar to the following:</p> <pre><code>...\nStatus:\n  Conditions:\n    Last Transition Time:  2023-01-31T10:17:25Z\n    Message:               Instance was created or update on Aiven side\n    Reason:                Created\n    Status:                True\n    Type:                  Initialized\n    Last Transition Time:  2023-01-31T10:24:00Z\n    Message:               Instance is running on Aiven side\n    Reason:                CheckRunning\n    Status:                True\n    Type:                  Running\n  State:                   RUNNING\n...\n</code></pre> <p>The resource can be in the <code>REBUILDING</code> state for a few minutes. Once the state changes to <code>RUNNING</code>, you can access the resource.</p>"},{"location":"resources/cassandra.html#using-the-connection-secret","title":"Using the connection Secret","text":"<p>For your convenience, the operator automatically stores the Cassandra connection information in a Secret created with the name specified on the <code>connInfoSecretTarget</code> field.</p> <p>To view the details of the Secret, use the following command:</p> <pre><code>kubectl describe secret cassandra-secret \n</code></pre> <p>The output is similar to the following:</p> <pre><code>Name:         cassandra-secret\nNamespace:    default\nLabels:       &lt;none&gt;\nAnnotations:  &lt;none&gt;\n\nType:  Opaque\n\nData\n====\nCASSANDRA_HOSTS:     59 bytes\nCASSANDRA_PASSWORD:  24 bytes\nCASSANDRA_PORT:      5 bytes\nCASSANDRA_URI:       66 bytes\nCASSANDRA_USER:      8 bytes\nCASSANDRA_HOST:      60 bytes\n</code></pre> <p>You can use the jq to quickly decode the Secret:</p> <pre><code>kubectl get secret cassandra-secret -o json | jq '.data | map_values(@base64d)'\n</code></pre> <p>The output is similar to the following:</p> <pre><code>{\n  \"CASSANDRA_HOST\": \"&lt;secret&gt;\",\n  \"CASSANDRA_HOSTS\": \"&lt;secret&gt;\",\n  \"CASSANDRA_PASSWORD\": \"&lt;secret&gt;\",\n  \"CASSANDRA_PORT\": \"14609\",\n  \"CASSANDRA_URI\": \"&lt;secret&gt;\",\n  \"CASSANDRA_USER\": \"avnadmin\"\n}\n</code></pre>"},{"location":"resources/cassandra.html#creating-a-cassandra-user","title":"Creating a Cassandra user","text":"<p>You can create service users for your instance of Aiven for Apache Cassandra. Service users are unique to this instance and are not shared with any other services.</p> <p>1. Create a file named cassandra-service-user.yaml:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: ServiceUser\nmetadata:\n  name: cassandra-service-user\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: cassandra-service-user-secret\n\n  project: &lt;your-project-name&gt;\n  serviceName: cassandra-sample\n</code></pre> <p>2. Create the user by applying the configuration:</p> <pre><code>kubectl apply -f cassandra-service-user.yaml\n</code></pre> <p>The <code>ServiceUser</code> resource generates a Secret with connection information. </p> <p>3. View the details of the Secret using the following command:</p> <pre><code>kubectl get secret cassandra-service-user-secret -o json | jq '.data | map_values(@base64d)'\n</code></pre> <p>The output is similar to the following:</p> <pre><code>{\n  \"ACCESS_CERT\": \"&lt;secret&gt;\",\n  \"ACCESS_KEY\": \"&lt;secret&gt;\",\n  \"CA_CERT\": \"&lt;secret&gt;\",\n  \"HOST\": \"&lt;secret&gt;\",\n  \"PASSWORD\": \"&lt;secret&gt;\",\n  \"PORT\": \"14609\",\n  \"USERNAME\": \"cassandra-service-user\"\n}\n</code></pre> <p>You can connect to the Cassandra instance using these credentials and the host information from the <code>cassandra-secret</code> Secret.</p>"},{"location":"resources/mysql.html","title":"MySQL","text":"<p>Aiven for MySQL is a fully managed relational database service, deployable in the cloud of your choice. </p> <p>Before going through this guide, make sure you have a Kubernetes cluster with the operator installed and a Kubernetes Secret with an Aiven authentication token.</p>"},{"location":"resources/mysql.html#creating-a-mysql-instance","title":"Creating a MySQL instance","text":"<p>1. Create a file named <code>mysql-sample.yaml</code>, and add the following content: </p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: MySQL\nmetadata:\n  name: mysql-sample\nspec:\n  # gets the authentication token from the `aiven-token` Secret\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  # outputs the MySQL connection on the `mysql-secret` Secret\n  connInfoSecretTarget:\n    name: mysql-secret\n\n  # add your Project name here\n  project: &lt;your-project-name&gt;\n\n  # cloud provider and plan of your choice\n  # you can check all of the possibilities here https://aiven.io/pricing\n  cloudName: google-europe-west1\n  plan: startup-4\n\n  # general Aiven configuration\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n</code></pre> <p>2. Create the service by applying the configuration:</p> <pre><code>kubectl apply -f mysql-sample.yaml \n</code></pre> <p>3. Review the resource you created with this command:</p> <pre><code>kubectl describe mysql.aiven.io mysql-sample\n</code></pre> <p>The output is similar to the following:</p> <pre><code>...\nStatus:\n  Conditions:\n    Last Transition Time:  2023-02-22T15:43:44Z\n    Message:               Instance was created or update on Aiven side\n    Reason:                Created\n    Status:                True\n    Type:                  Initialized\n    Last Transition Time:  2023-02-22T15:43:44Z\n    Message:               Instance was created or update on Aiven side, status remains unknown\n    Reason:                Created\n    Status:                Unknown\n    Type:                  Running\n  State:                   REBUILDING\n...\n</code></pre> <p>The resource will be in the <code>REBUILDING</code> state for a few minutes. Once the state changes to <code>RUNNING</code>, you can access the resource.</p>"},{"location":"resources/mysql.html#using-the-connection-secret","title":"Using the connection Secret","text":"<p>For your convenience, the operator automatically stores the MySQL connection information in a Secret created with the name specified on the <code>connInfoSecretTarget</code> field.</p> <p>To view the details of the Secret, use the following command:</p> <pre><code>kubectl describe secret mysql-secret \n</code></pre> <p>The output is similar to the following:</p> <pre><code>Name:         mysql-secret\nNamespace:    default\nLabels:       &lt;none&gt;\nAnnotations:  &lt;none&gt;\n\nType:  Opaque\n\nData\n====\nMYSQL_PORT:      5 bytes\nMYSQL_SSL_MODE:  8 bytes\nMYSQL_URI:       115 bytes\nMYSQL_USER:      8 bytes\nMYSQL_DATABASE:  9 bytes\nMYSQL_HOST:      39 bytes\nMYSQL_PASSWORD:  24 bytes\n</code></pre> <p>You can use jq to quickly decode the Secret:</p> <pre><code>kubectl get secret mysql-secret -o json | jq '.data | map_values(@base64d)'\n</code></pre> <p>The output is similar to the following:</p> <pre><code>{\n  \"MYSQL_DATABASE\": \"defaultdb\",\n  \"MYSQL_HOST\": \"&lt;secret&gt;\",\n  \"MYSQL_PASSWORD\": \"&lt;secret&gt;\",\n  \"MYSQL_PORT\": \"12691\",\n  \"MYSQL_SSL_MODE\": \"REQUIRED\",\n  \"MYSQL_URI\": \"&lt;secret&gt;\",\n  \"MYSQL_USER\": \"avnadmin\"\n}\n</code></pre>"},{"location":"resources/mysql.html#creating-a-mysql-user","title":"Creating a MySQL user","text":"<p>You can create service users for your instance of Aiven for MySQL. Service users are unique to this instance and are not shared with any other services.</p> <p>1. Create a file named mysql-service-user.yaml:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: ServiceUser\nmetadata:\n  name: mysql-service-user\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: mysql-service-user-secret\n\n  project: &lt;your-project-name&gt;\n  serviceName: mysql-sample\n</code></pre> <p>2. Create the user by applying the configuration:</p> <pre><code>kubectl apply -f mysql-service-user.yaml\n</code></pre> <p>The <code>ServiceUser</code> resource generates a Secret with connection information. </p> <p>3. View the details of the Secret using jq:</p> <pre><code>kubectl get secret mysql-service-user-secret -o json | jq '.data | map_values(@base64d)'\n</code></pre> <p>The output is similar to the following:</p> <pre><code>{\n  \"ACCESS_CERT\": \"&lt;secret&gt;\",\n  \"ACCESS_KEY\": \"&lt;secret&gt;\",\n  \"CA_CERT\": \"&lt;secret&gt;\",\n  \"HOST\": \"&lt;secret&gt;\",\n  \"PASSWORD\": \"&lt;secret&gt;\",\n  \"PORT\": \"14609\",\n  \"USERNAME\": \"mysql-service-user\"\n}\n</code></pre> <p>You can connect to the MySQL instance using these credentials and the host information from the <code>mysql-secret</code> Secret.</p>"},{"location":"resources/opensearch.html","title":"OpenSearch","text":"<p>OpenSearch\u00ae is an open source search and analytics suite including search engine, NoSQL document database, and visualization interface. OpenSearch offers a distributed, full-text search engine based on Apache Lucene\u00ae with a RESTful API interface and support for JSON documents.</p> <p>Note</p> <p>Before going through this guide, make sure you have a Kubernetes cluster with the operator installed  and a Kubernetes Secret with an Aiven authentication token.</p>"},{"location":"resources/opensearch.html#creating-an-opensearch-instance","title":"Creating an OpenSearch instance","text":"<p>1. Create a file named <code>os-sample.yaml</code>, and add the following content: </p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: OpenSearch\nmetadata:\n  name: os-sample\nspec:\n  # gets the authentication token from the `aiven-token` Secret\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  # outputs the OpenSearch connection on the `os-secret` Secret\n  connInfoSecretTarget:\n    name: os-secret\n\n  # add your Project name here\n  project: &lt;your-project-name&gt;\n\n  # cloud provider and plan of your choice\n  # you can check all of the possibilities here https://aiven.io/pricing\n  cloudName: google-europe-west1\n  plan: startup-4\n\n  # general Aiven configuration\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n</code></pre> <p>2. Create the service by applying the configuration:</p> <pre><code>kubectl apply -f os-sample.yaml \n</code></pre> <p>3. Review the resource you created with this command:</p> <pre><code>kubectl describe opensearch.aiven.io os-sample\n</code></pre> <p>The output is similar to the following:</p> <pre><code>...\nStatus:\n  Conditions:\n    Last Transition Time:  2023-01-19T14:41:43Z\n    Message:               Instance was created or update on Aiven side\n    Reason:                Created\n    Status:                True\n    Type:                  Initialized\n    Last Transition Time:  2023-01-19T14:41:43Z\n    Message:               Instance was created or update on Aiven side, status remains unknown\n    Reason:                Created\n    Status:                Unknown\n    Type:                  Running\n  State:                   REBUILDING\n...\n</code></pre> <p>The resource will be in the <code>REBUILDING</code> state for a few minutes. Once the state changes to <code>RUNNING</code>, you can access the resource.</p>"},{"location":"resources/opensearch.html#using-the-connection-secret","title":"Using the connection Secret","text":"<p>For your convenience, the operator automatically stores the OpenSearch connection information in a Secret created with the name specified on the <code>connInfoSecretTarget</code> field.</p> <p>To view the details of the Secret, use the following command:</p> <pre><code>kubectl describe secret os-secret \n</code></pre> <p>The output is similar to the following:</p> <pre><code>Name:         os-secret\nNamespace:    default\nLabels:       &lt;none&gt;\nAnnotations:  &lt;none&gt;\n\nType:  Opaque\n\nData\n====\nHOST:      61 bytes\nPASSWORD:  24 bytes\nPORT:      5 bytes\nUSER:      8 bytes\n</code></pre> <p>You can use the jq to quickly decode the Secret:</p> <pre><code>kubectl get secret os-secret -o json | jq '.data | map_values(@base64d)'\n</code></pre> <p>The output is similar to the following:</p> <pre><code>{\n  \"HOST\": \"os-sample-your-project.aivencloud.com\",\n  \"PASSWORD\": \"&lt;secret&gt;\",\n  \"PORT\": \"13041\",\n  \"USER\": \"avnadmin\"\n}\n</code></pre>"},{"location":"resources/opensearch.html#creating-an-opensearch-user","title":"Creating an OpenSearch user","text":"<p>You can create service users for your instance of Aiven for OpenSearch. Service users are unique to this instance and are not shared with any other services.</p> <p>1. Create a file named os-service-user.yaml:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: ServiceUser\nmetadata:\n  name: os-service-user\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: os-service-user-secret\n\n  project: &lt;your-project-name&gt;\n  serviceName: os-sample\n</code></pre> <p>2. Create the user by applying the configuration:</p> <pre><code>kubectl apply -f os-service-user.yaml\n</code></pre> <p>The <code>ServiceUser</code> resource generates a Secret with connection information.</p> <p>3. View the details of the Secret using the following command:</p> <pre><code>kubectl get secret os-service-user-secret -o json | jq '.data | map_values(@base64d)'\n</code></pre> <p>The output is similar to the following:</p> <pre><code>{\n  \"ACCESS_CERT\": \"&lt;secret&gt;\",\n  \"ACCESS_KEY\": \"&lt;secret&gt;\",\n  \"CA_CERT\": \"&lt;secret&gt;\",\n  \"HOST\": \"os-sample-your-project.aivencloud.com\",\n  \"PASSWORD\": \"&lt;secret&gt;\",\n  \"PORT\": \"14609\",\n  \"USERNAME\": \"os-service-user\"\n}\n</code></pre> <p>You can connect to the OpenSearch instance using these credentials and the host information from the <code>os-secret</code> Secret.</p>"},{"location":"resources/postgresql.html","title":"PostgreSQL","text":"<p>PostgreSQL is an open source, relational database. It's ideal for organisations that need a well organised tabular datastore. On top of the strict table and columns formats, PostgreSQL also offers solutions for nested datasets with the native <code>jsonb</code> format and advanced set of extensions including PostGIS, a spatial database extender for location queries. Aiven for PostgreSQL is the perfect fit for your relational data.</p> <p>With Aiven Kubernetes Operator, you can manage Aiven for PostgreSQL through the well defined Kubernetes API.</p> <p>Note</p> <p>Before going through this guide, make sure you have a Kubernetes cluster with the operator installed,  and a Kubernetes Secret with an Aiven authentication token.</p>"},{"location":"resources/postgresql.html#creating-a-postgresql-instance","title":"Creating a PostgreSQL instance","text":"<p>1. Create a file named <code>pg-sample.yaml</code> with the following content:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: PostgreSQL\nmetadata:\n  name: pg-sample\nspec:\n\n  # gets the authentication token from the `aiven-token` Secret\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  # outputs the PostgreSQL connection on the `pg-connection` Secret\n  connInfoSecretTarget:\n    name: pg-connection\n\n  # add your Project name here\n  project: &lt;your-project-name&gt;\n\n  # cloud provider and plan of your choice\n  # you can check all of the possibilities here https://aiven.io/pricing\n  cloudName: google-europe-west1\n  plan: startup-4\n\n  # general Aiven configuration\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n\n  # specific PostgreSQL configuration\n  userConfig:\n    pg_version: '11'\n</code></pre> <p>2. Create the service by applying the configuration:</p> <pre><code>kubectl apply -f pg-sample.yaml\n</code></pre> <p>3. Review the resource you created with the following command:</p> <pre><code>kubectl get postgresqls.aiven.io pg-sample\n</code></pre> <p>The output is similar to the following:</p> <pre><code>NAME        PROJECT        REGION                PLAN        STATE\npg-sample   your-project   google-europe-west1   startup-4   RUNNING\n</code></pre> <p>The resource can stay in the <code>BUILDING</code> state for a couple of minutes. Once the state changes to <code>RUNNING</code>, you are ready to access it.</p>"},{"location":"resources/postgresql.html#using-the-connection-secret","title":"Using the connection Secret","text":"<p>For your convenience, the operator automatically stores the PostgreSQL connection information in a Secret created with the name specified on the <code>connInfoSecretTarget</code> field.</p> <pre><code>kubectl describe secret pg-connection\n</code></pre> <p>The output is similar to the following:</p> <pre><code>Name:         pg-connection\nNamespace:    default\nAnnotations:  &lt;none&gt;\n\nType:  Opaque\n\nData\n====\nDATABASE_URI:  107 bytes\nPGDATABASE:    9 bytes\nPGHOST:        38 bytes\nPGPASSWORD:    16 bytes\nPGPORT:        5 bytes\nPGSSLMODE:     7 bytes\nPGUSER:        8 bytes\n</code></pre> <p>You can use the jq to quickly decode the Secret:</p> <pre><code>kubectl get secret pg-connection -o json | jq '.data | map_values(@base64d)'\n</code></pre> <p>The output is similar to the following:</p> <pre><code>{\n  \"DATABASE_URI\": \"postgres://avnadmin:&lt;secret-password&gt;@pg-sample-your-project.aivencloud.com:13039/defaultdb?sslmode=require\",\n  \"PGDATABASE\": \"defaultdb\",\n  \"PGHOST\": \"pg-sample-your-project.aivencloud.com\",\n  \"PGPASSWORD\": \"&lt;secret-password&gt;\",\n  \"PGPORT\": \"13039\",\n  \"PGSSLMODE\": \"require\",\n  \"PGUSER\": \"avnadmin\"\n}\n</code></pre>"},{"location":"resources/postgresql.html#testing-the-connection","title":"Testing the connection","text":"<p>You can verify your PostgreSQL connection from a Kubernetes workload by deploying a Pod that runs the <code>psql</code> command.</p> <p>1. Create a file named <code>pod-psql.yaml</code></p> <pre><code>apiVersion: v1\nkind: Pod\nmetadata:\n  name: psql-test-connection\nspec:\n  restartPolicy: Never\n  containers:\n    - image: postgres:11-alpine\n      name: postgres\n      command: [ 'psql', '$(DATABASE_URI)', '-c', 'SELECT version();' ]\n\n      # the pg-connection Secret becomes environment variables \n      envFrom:\n        - secretRef:\n            name: pg-connection\n</code></pre> <p>It runs once and stops, due to the <code>restartPolicy: Never</code> flag.</p> <p>2. Inspect the log:</p> <pre><code>kubectl logs psql-test-connection\n</code></pre> <p>The output is similar to the following: <pre><code>                                           version                                           \n---------------------------------------------------------------------------------------------\n PostgreSQL 11.12 on x86_64-pc-linux-gnu, compiled by gcc, a 68c5366192 p 6b9244f01a, 64-bit\n(1 row)\n</code></pre></p> <p>You have now connected to the PostgreSQL, and executed the <code>SELECT version();</code> query.</p>"},{"location":"resources/postgresql.html#creating-a-postgresql-database","title":"Creating a PostgreSQL database","text":"<p>The <code>Database</code> Kubernetes resource allows you to create a logical database within the PostgreSQL instance.</p> <p>Create the <code>pg-database-sample.yaml</code> file with the following content:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: Database\nmetadata:\n  name: pg-database-sample\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  # the name of the previously created PostgreSQL instance\n  serviceName: pg-sample\n\n  project: &lt;your-project-name&gt;\n  lcCollate: en_US.UTF-8\n  lcCtype: en_US.UTF-8\n</code></pre> <p>You can now connect to the <code>pg-database-sample</code> using the credentials stored in the <code>pg-connection</code> Secret.</p>"},{"location":"resources/postgresql.html#creating-a-postgresql-user","title":"Creating a PostgreSQL user","text":"<p>Aiven uses the concept of service user that allows you to create users for different services. You can create one for the PostgreSQL instance.</p> <p>1. Create a file named <code>pg-service-user.yaml</code>.</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: ServiceUser\nmetadata:\n  name: pg-service-user\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: pg-service-user-connection\n\n  project: &lt;your-project-name&gt;\n  serviceName: pg-sample\n</code></pre> <p>2. Apply the configuration with the following command.</p> <pre><code>kubectl apply -f pg-service-user.yaml\n</code></pre> <p>The <code>ServiceUser</code> resource generates a Secret with connection information, in this case named <code>pg-service-user-connection</code>:</p> <pre><code>kubectl get secret pg-service-user-connection -o json | jq '.data | map_values(@base64d)'\n</code></pre> <p>The output has the password and username: <pre><code>{\n  \"PASSWORD\": \"&lt;secret-password&gt;\",\n  \"USERNAME\": \"pg-service-user\"\n}\n</code></pre></p> <p>You can now connect to the PostgreSQL instance using the credentials generated above, and the host information from the <code>pg-connection</code> Secret.</p>"},{"location":"resources/postgresql.html#creating-a-postgresql-connection-pool","title":"Creating a PostgreSQL connection pool","text":"<p>Connection pooling allows you to maintain very large numbers of connections to a database while minimizing the consumption of server resources. For more information, refer to the connection pooling article in Aiven Docs. Aiven for PostgreSQL uses PGBouncer for connection pooling.</p> <p>You can create a connection pool with the <code>ConnectionPool</code> resource using the previously created <code>Database</code> and <code>ServiceUser</code>:</p> <p>Create a new file named <code>pg-connection-pool.yaml</code> with the following content:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: ConnectionPool\nmetadata:\n  name: pg-connection-pool\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: pg-connection-pool-connection\n\n  project: &lt;your-project-name&gt;\n  serviceName: pg-sample\n  databaseName: pg-database-sample\n  username: pg-service-user\n  poolSize: 10\n  poolMode: transaction\n</code></pre> <p>The <code>ConnectionPool</code> generates a Secret with the connection info using the name from the <code>connInfoSecretTarget.Name</code> field:</p> <p><pre><code>kubectl get secret pg-connection-pool-connection -o json | jq '.data | map_values(@base64d)' \n</code></pre> The output is similar to the following: </p> <pre><code>{\n  \"DATABASE_URI\": \"postgres://pg-service-user:&lt;secret-password&gt;@pg-sample-you-project.aivencloud.com:13040/pg-connection-pool?sslmode=require\",\n  \"PGDATABASE\": \"pg-database-sample\",\n  \"PGHOST\": \"pg-sample-your-project.aivencloud.com\",\n  \"PGPASSWORD\": \"&lt;secret-password&gt;\",\n  \"PGPORT\": \"13040\",\n  \"PGSSLMODE\": \"require\",\n  \"PGUSER\": \"pg-service-user\"\n}\n</code></pre>"},{"location":"resources/postgresql.html#creating-a-postgresql-read-only-replica","title":"Creating a PostgreSQL read-only replica","text":"<p>Read-only replicas can be used to reduce the load on the primary service by making read-only queries against the replica service. </p> <p>To create a read-only replica for a PostgreSQL service, you create a second PostgreSQL service and use serviceIntegrations to replicate data from your primary service.</p> <p>The example that follows creates a primary service and a read-only replica.</p> <p>1. Create a new file named <code>pg-read-replica.yaml</code> with the following:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: PostgreSQL\nmetadata:\n  name: primary-pg-service\nspec:\n  # gets the authentication token from the `aiven-token` Secret\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  # add your project's name here\n  project: &lt;your-project-name&gt;\n\n  # add the cloud provider and plan of your choice\n  # you can see all of the options at https://aiven.io/pricing\n  cloudName: google-europe-west1\n  plan: startup-4\n\n  # general Aiven configuration\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n  userConfig:\n    pg_version: '15'\n\n---\n\napiVersion: aiven.io/v1alpha1\nkind: PostgreSQL\nmetadata:\n  name: read-replica-pg\nspec:\n  # gets the authentication token from the `aiven-token` Secret\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  # add your project's name here\n  project: &lt;your-project-name&gt;\n\n  # add the cloud provider and plan of your choice\n  # you can see all of the options at https://aiven.io/pricing\n  cloudName: google-europe-west1\n  plan: startup-4\n\n  # general Aiven configuration\n  maintenanceWindowDow: saturday\n  maintenanceWindowTime: 23:00:00\n  userConfig:\n    pg_version: '15'\n\n  # use the read_replica integration and point it to your primary service\n  serviceIntegrations:\n  -  integrationType: read_replica\n     sourceServiceName: primary-pg-service\n</code></pre> <p>Note</p> <p>You can create the replica service in a different region or on a different cloud provider.</p> <p>2. Apply the configuration with the following command:</p> <pre><code>kubectl apply -f pg-read-replica.yaml\n</code></pre> <p>The output is similar to the following:</p> <pre><code>postgresql.aiven.io/primary-pg-service created\npostgresql.aiven.io/read-replica-pg created\n</code></pre> <p>3. Check the status of the primary service with the following command:</p> <pre><code>kubectl get postgresqls.aiven.io primary-pg-service\n</code></pre> <p>The output is similar to the following:</p> <pre><code>NAME                    PROJECT                 REGION                PLAN        STATE\nprimary-pg-service      &lt;your-project-name&gt;     google-europe-west1   startup-4   RUNNING\n</code></pre> <p>The resource can be in the <code>BUILDING</code> state for a few minutes. After the state of the primary service changes to <code>RUNNING</code>, the read-only replica is created. You can check the status of the replica using the same command with the name of the replica:</p> <pre><code>kubectl get postgresqls.aiven.io read-replica-pg\n</code></pre>"},{"location":"resources/project-vpc.html","title":"Aiven Project VPC","text":"<p>Virtual Private Cloud (VPC) peering is a method of connecting separate AWS, Google Cloud or Microsoft Azure private networks to each other. It makes it possible for the virtual machines in the different VPCs to talk to each other directly without going through the public internet.</p> <p>Within the Aiven Kubernetes Operator, you can create a <code>ProjectVPC</code> on Aiven's side to connect to your cloud provider.</p> <p>Note</p> <p>Before going through this guide, make sure you have a Kubernetes cluster with the operator installed,  and a Kubernetes Secret with an Aiven authentication token.</p>"},{"location":"resources/project-vpc.html#creating-an-aiven-vpc","title":"Creating an Aiven VPC","text":"<p>1. Create a file named <code>vpc-sample.yaml</code> with the following content:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: ProjectVPC\nmetadata:\n  name: vpc-sample\nspec:\n  # gets the authentication token from the `aiven-token` Secret\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: &lt;your-project-name&gt;\n\n  # creates a VPC to link an AWS account on the South Africa region\n  cloudName: aws-af-south-1\n\n  # the network range used by the VPC\n  networkCidr: 192.168.0.0/24\n</code></pre> <p>2. Create the Project by applying the configuration:</p> <pre><code>kubectl apply -f vpc-sample.yaml\n</code></pre> <p>3. Review the resource you created with the following command:</p> <pre><code>kubectl get projects.aiven.io vpc-sample\n</code></pre> <p>The output is similar to the following:</p> <pre><code>NAME         PROJECT          CLOUD            NETWORK CIDR\nvpc-sample   &lt;your-project&gt;   aws-af-south-1   192.168.0.0/24\n</code></pre>"},{"location":"resources/project-vpc.html#using-the-aiven-vpc","title":"Using the Aiven VPC","text":"<p>Follow the official VPC documentation to complete the VPC peering on your cloud of choice.</p>"},{"location":"resources/project.html","title":"Aiven Project","text":"<p>Note</p> <p>Before going through this guide, make sure you have a Kubernetes cluster with the operator installed  and a Kubernetes Secret with an Aiven authentication token.</p> <p>The <code>Project</code> CRD allows you to create Aiven Projects, where your resources can be located.</p> <p>To create a fully working Aiven Project with the Aiven Operator you need a source Aiven Project already created with a working billing configuration, like a credit card.</p> <p>Create a file named <code>project-sample.yaml</code> with the following content: <pre><code>apiVersion: aiven.io/v1alpha1\nkind: Project\nmetadata:\n  name: project-sample\nspec:\n  # the source Project to copy the billing information from\n  copyFromProject: &lt;your-source-project&gt;\n\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: project-sample\n</code></pre></p> <p>Apply the resource with: <pre><code>kubectl apply -f project-sample.yaml\n</code></pre></p> <p>Verify the newly created Project:</p> <pre><code>kubectl get projects.aiven.io project-sample\n</code></pre> <p>The output is similar to the following:</p> <pre><code>NAME             AGE\nproject-sample   22s\n</code></pre>"},{"location":"resources/redis.html","title":"Redis","text":"<p>Aiven for Redis\u00ae* is a fully managed in-memory NoSQL database that you can deploy in the cloud of your choice to store and access data quickly and efficiently.</p> <p>Note</p> <p>Before going through this guide, make sure you have a Kubernetes cluster with the operator installed  and a Kubernetes Secret with an Aiven authentication token.</p>"},{"location":"resources/redis.html#creating-a-redis-instance","title":"Creating a Redis instance","text":"<p>1. Create a file named <code>redis-sample.yaml</code>, and add the following content: </p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: Redis\nmetadata:\n  name: redis-sample\nspec:\n  # gets the authentication token from the `aiven-token` Secret\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  # outputs the Redis connection on the `redis-secret` Secret\n  connInfoSecretTarget:\n    name: redis-secret\n\n  # add your Project name here\n  project: &lt;your-project-name&gt;\n\n  # cloud provider and plan of your choice\n  # you can check all of the possibilities here https://aiven.io/pricing\n  cloudName: google-europe-west1\n  plan: startup-4\n\n  # general Aiven configuration\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n\n  # specific Redis configuration\n  userConfig:\n    redis_maxmemory_policy: \"allkeys-random\"\n</code></pre> <p>2. Create the service by applying the configuration:</p> <pre><code>kubectl apply -f redis-sample.yaml \n</code></pre> <p>3. Review the resource you created with this command:</p> <pre><code>kubectl describe redis.aiven.io redis-sample\n</code></pre> <p>The output is similar to the following:</p> <pre><code>...\nStatus:\n  Conditions:\n    Last Transition Time:  2023-01-19T14:48:59Z\n    Message:               Instance was created or update on Aiven side\n    Reason:                Created\n    Status:                True\n    Type:                  Initialized\n    Last Transition Time:  2023-01-19T14:48:59Z\n    Message:               Instance was created or update on Aiven side, status remains unknown\n    Reason:                Created\n    Status:                Unknown\n    Type:                  Running\n  State:                   REBUILDING\n...\n</code></pre> <p>The resource will be in the <code>REBUILDING</code> state for a few minutes. Once the state changes to <code>RUNNING</code>, you can access the resource.</p>"},{"location":"resources/redis.html#using-the-connection-secret","title":"Using the connection Secret","text":"<p>For your convenience, the operator automatically stores the Redis connection information in a Secret created with the name specified on the <code>connInfoSecretTarget</code> field.</p> <p>To view the details of the Secret, use the following command:</p> <pre><code>kubectl describe secret redis-secret \n</code></pre> <p>The output is similar to the following:</p> <pre><code>Name:         redis-secret\nNamespace:    default\nLabels:       &lt;none&gt;\nAnnotations:  &lt;none&gt;\n\nType:  Opaque\n\nData\n====\nSSL:       8 bytes\nUSER:      7 bytes\nHOST:      60 bytes\nPASSWORD:  24 bytes\nPORT:      5 bytes\n</code></pre> <p>You can use the jq to quickly decode the Secret:</p> <pre><code>kubectl get secret redis-secret -o json | jq '.data | map_values(@base64d)'\n</code></pre> <p>The output is similar to the following:</p> <pre><code>{\n  \"HOST\": \"redis-sample-your-project.aivencloud.com\",\n  \"PASSWORD\": \"&lt;secret-password&gt;\",\n  \"PORT\": \"14610\",\n  \"SSL\": \"required\",\n  \"USER\": \"default\"\n}\n</code></pre>"},{"location":"resources/service-integrations.html","title":"Service Integrations","text":"<p>Service Integrations provide additional functionality and features by connecting different Aiven services together.</p> <p>See our Getting Started with Service Integrations guide for more information.</p> <p>Note</p> <p>Before going through this guide, make sure you have a Kubernetes cluster with the operator installed,  and a Kubernetes Secret with an Aiven authentication token.</p>"},{"location":"resources/service-integrations.html#send-kafka-logs-to-a-kafka-topic","title":"Send Kafka logs to a Kafka Topic","text":"<p>This integration allows you to send Kafka service logs to a specific Kafka Topic.</p> <p>First, let's create a Kafka service and a topic.</p> <p>1. Create a new file named <code>kafka-sample-topic.yaml</code> with the following content:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: Kafka\nmetadata:\n  name: kafka-sample\nspec:\n  # gets the authentication token from the `aiven-token` Secret\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  # outputs the Kafka connection on the `kafka-connection` Secret\n  connInfoSecretTarget:\n    name: kafka-auth\n\n  # add your Project name here\n  project: &lt;your-project-name&gt;\n\n  # cloud provider and plan of your choice\n  # you can check all of the possibilities here https://aiven.io/pricing\n  cloudName: google-europe-west1\n  plan: startup-2\n\n  # general Aiven configuration\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n\n  # specific Kafka configuration\n  userConfig:\n    kafka_version: '2.7'\n\n---\n\napiVersion: aiven.io/v1alpha1\nkind: KafkaTopic\nmetadata:\n  name: logs\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: &lt;your-project-name&gt;\n  serviceName: kafka-sample\n\n  # here we can specify how many partitions the topic should have\n  partitions: 3\n  # and the topic replication factor\n  replication: 2\n\n  # we also support various topic-specific configurations\n  config:\n    flush_ms: 100\n</code></pre> <p>2. Create the resource on Kubernetes:</p> <pre><code>kubectl apply -f kafka-sample-topic.yaml \n</code></pre> <p>3. Now, create a <code>ServiceIntegration</code> resource to send the Kafka logs to the created topic. In the same file, add the    following YAML:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: ServiceIntegration\nmetadata:\n  name: service-integration-kafka-logs\nspec:\n\n  # gets the authentication token from the `aiven-token` Secret\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: &lt;your-project-name&gt;\n\n  # indicates the type of the integration\n  integrationType: kafka_logs\n\n  # we will send the logs to the same kafka-sample instance\n  # the source and destination are the same\n  sourceServiceName: kafka-sample\n  destinationServiceName: kafka-sample\n\n  # the topic name we will send to\n  kafkaLogs:\n    kafka_topic: logs\n</code></pre> <p>4. Reapply the resource on Kubernetes:</p> <pre><code>kubectl apply -f kafka-sample-topic.yaml \n</code></pre> <p>5. Let's check the created service integration:</p> <pre><code>kubectl get serviceintegrations.aiven.io service-integration-kafka-logs\n</code></pre> <p>The output is similar to the following:</p> <pre><code>NAME                             PROJECT        TYPE         SOURCE SERVICE NAME   DESTINATION SERVICE NAME   SOURCE ENDPOINT ID   DESTINATION ENDPOINT ID\nservice-integration-kafka-logs   your-project   kafka_logs   kafka-sample          kafka-sample                                    \n</code></pre> <p>Your Kafka service logs are now being streamed to the <code>logs</code> Kafka topic.</p>"},{"location":"resources/kafka/index.html","title":"Kafka","text":"<p>Aiven for Apache Kafka is an excellent option if you need to run Apache Kafka at scale. With Aiven Kubernetes Operator you can get up and running with a suitably sized Apache Kafka service in a few minutes.</p> <p>Note</p> <p>Before going through this guide, make sure you have a Kubernetes cluster with the operator installed  and a Kubernetes Secret with an Aiven authentication token.</p>"},{"location":"resources/kafka/index.html#creating-a-kafka-instance","title":"Creating a Kafka instance","text":"<p>1. Create a file named <code>kafka-sample.yaml</code>, and add the following content:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: Kafka\nmetadata:\n  name: kafka-sample\nspec:\n  # gets the authentication token from the `aiven-token` Secret\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  # outputs the Kafka connection on the `kafka-connection` Secret\n  connInfoSecretTarget:\n    name: kafka-auth\n\n  # add your Project name here\n  project: &lt;your-project-name&gt;\n\n  # cloud provider and plan of your choice\n  # you can check all of the possibilities here https://aiven.io/pricing\n  cloudName: google-europe-west1\n  plan: startup-2\n\n  # general Aiven configuration\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n\n  # specific Kafka configuration\n  userConfig:\n    kafka_version: '2.7'\n</code></pre> <p>2. Create the following resource on Kubernetes:</p> <pre><code>kubectl apply -f kafka-sample.yaml \n</code></pre> <p>3. Inspect the service created using the command below. </p> <pre><code>kubectl get kafka.aiven.io kafka-sample\n</code></pre> <p>The output has the project name and state, similar to the following:</p> <pre><code>NAME           PROJECT          REGION                PLAN        STATE\nkafka-sample   &lt;your-project&gt;   google-europe-west1   startup-2   RUNNING\n</code></pre> <p>After a couple of minutes, the <code>STATE</code> field is changed to <code>RUNNING</code>, and is ready to be used.</p>"},{"location":"resources/kafka/index.html#using-the-connection-secret","title":"Using the connection Secret","text":"<p>For your convenience, the operator automatically stores the Kafka connection information in a Secret created with the name specified on the <code>connInfoSecretTarget</code> field.</p> <pre><code>kubectl describe secret kafka-auth \n</code></pre> <p>The output is similar to the following:</p> <pre><code>Name:         kafka-auth\nNamespace:    default\nAnnotations:  &lt;none&gt;\n\nType:  Opaque\n\nData\n====\nCA_CERT:      1537 bytes\nHOST:         41 bytes\nPASSWORD:     16 bytes\nPORT:         5 bytes\nUSERNAME:     8 bytes\nACCESS_CERT:  1533 bytes\nACCESS_KEY:   2484 bytes\n</code></pre> <p>You can use the jq to quickly decode the Secret:</p> <pre><code>kubectl get secret kafka-auth -o json | jq '.data | map_values(@base64d)'\n</code></pre> <p>The output is similar to the following:</p> <pre><code>{\n  \"CA_CERT\": \"&lt;secret-ca-cert&gt;\",\n  \"ACCESS_CERT\": \"&lt;secret-cert&gt;\",\n  \"ACCESS_KEY\": \"&lt;secret-access-key&gt;\",\n  \"HOST\": \"kafka-sample-your-project.aivencloud.com\",\n  \"PASSWORD\": \"&lt;secret-password&gt;\",\n  \"PORT\": \"13041\",\n  \"USERNAME\": \"avnadmin\"\n}\n</code></pre>"},{"location":"resources/kafka/index.html#testing-the-connection","title":"Testing the connection","text":"<p>You can verify your access to the Kafka cluster from a Pod using the authentication data from the <code>kafka-auth</code> Secret. kcat is used for our examples below.</p> <p>1. Create a file named <code>kafka-test-connection.yaml</code>, and add the following content:</p> <pre><code>apiVersion: v1\nkind: Pod\nmetadata:\n  name: kafka-test-connection\nspec:\n  restartPolicy: Never\n  containers:\n    - image: edenhill/kcat:1.7.0\n      name: kcat\n\n      # the command below will connect to the Kafka cluster\n      # and output its metadata\n      command: [\n          'kcat', '-b', '$(HOST):$(PORT)',\n          '-X', 'security.protocol=SSL',\n          '-X', 'ssl.key.location=/kafka-auth/ACCESS_KEY',\n          '-X', 'ssl.key.password=$(PASSWORD)',\n          '-X', 'ssl.certificate.location=/kafka-auth/ACCESS_CERT',\n          '-X', 'ssl.ca.location=/kafka-auth/CA_CERT',\n          '-L'\n      ]\n\n      # loading the data from the Secret as environment variables\n      # useful to access the Kafka information, like hostname and port\n      envFrom:\n        - secretRef:\n            name: kafka-auth\n\n      volumeMounts:\n        - name: kafka-auth\n          mountPath: \"/kafka-auth\"\n\n  # loading the data from the Secret as files in a volume\n  # useful to access the Kafka certificates \n  volumes:\n    - name: kafka-auth\n      secret:\n        secretName: kafka-auth\n</code></pre> <p>2. Apply the file.</p> <pre><code>kubectl apply -f kafka-test-connection.yaml\n</code></pre> <p>Once successfully applied, you have a log with the metadata information about the Kafka cluster.</p> <pre><code>kubectl logs kafka-test-connection \n</code></pre> <p>The output is similar to the following:</p> <pre><code>Metadata for all topics (from broker -1: ssl://kafka-sample-your-project.aivencloud.com:13041/bootstrap):\n 3 brokers:\n  broker 2 at 35.205.234.70:13041\n  broker 3 at 34.77.127.70:13041 (controller)\n  broker 1 at 34.78.146.156:13041\n 0 topics:\n</code></pre>"},{"location":"resources/kafka/index.html#creating-a-kafkatopic-and-kafkaacl","title":"Creating a <code>KafkaTopic</code> and <code>KafkaACL</code>","text":"<p>To properly produce and consume content on Kafka, you need topics and ACLs. The operator supports both with the <code>KafkaTopic</code> and <code>KafkaACL</code> resources.</p> <p>Below, here is how to create a Kafka topic named <code>random-strings</code> where random string messages will be sent.</p> <p>1. Create a file named <code>kafka-topic-random-strings.yaml</code> with the content below:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: KafkaTopic\nmetadata:\n  name: random-strings\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: &lt;your-project-name&gt;\n  serviceName: kafka-sample\n\n  # here we can specify how many partitions the topic should have\n  partitions: 3\n  # and the topic replication factor\n  replication: 2\n\n  # we also support various topic-specific configurations\n  config:\n    flush_ms: 100\n</code></pre> <p>2. Create the resource on Kubernetes:</p> <pre><code>kubectl apply -f kafka-topic-random-strings.yaml\n</code></pre> <p>3. Create a user and an ACL. To use the Kafka topic, create a new user with the <code>ServiceUser</code> resource (in order to    avoid using the <code>avnadmin</code> superuser), and the <code>KafkaACL</code> to allow the user access to the topic.</p> <p>In a file named <code>kafka-acl-user-crab.yaml</code>, add the following two resources:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: ServiceUser\nmetadata:\n  # the name of our user \ud83e\udd80\n  name: crab\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  # the Secret name we will store the users' connection information\n  # looks exactly the same as the Secret generated when creating the Kafka cluster\n  # we will use this Secret to produce and consume events later!\n  connInfoSecretTarget:\n    name: kafka-crab-connection\n\n  # the Aiven project the user is related to\n  project: &lt;your-project-name&gt;\n\n  # the name of our Kafka Service\n  serviceName: kafka-sample\n\n---\n\napiVersion: aiven.io/v1alpha1\nkind: KafkaACL\nmetadata:\n  name: crab\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: &lt;your-project-name&gt;\n  serviceName: kafka-sample\n\n  # the username from the ServiceUser above\n  username: crab\n\n  # the ACL allows to produce and consume on the topic\n  permission: readwrite\n\n  # specify the topic we created before\n  topic: random-strings\n</code></pre> <p>To create the <code>crab</code> user and its permissions, execute the following command:</p> <pre><code>kubectl apply -f kafka-acl-user-crab.yaml\n</code></pre>"},{"location":"resources/kafka/index.html#producing-and-consuming-events","title":"Producing and consuming events","text":"<p>Using the previously created <code>KafkaTopic</code>, <code>ServiceUser</code>, <code>KafkaACL</code>, you can produce and consume events.</p> <p>You can use kcat to produce a message into Kafka, and the <code>-t random-strings</code> argument to select the desired topic, and use the content of the <code>/etc/issue</code> file as the message's body.</p> <p>1. Create a <code>kafka-crab-produce.yaml</code> file with the content below:</p> <pre><code>apiVersion: v1\nkind: Pod\nmetadata:\n  name: kafka-crab-produce\nspec:\n  restartPolicy: Never\n  containers:\n    - image: edenhill/kcat:1.7.0\n      name: kcat\n\n      # the command below will produce a message with the /etc/issue file content\n      command: [\n          'kcat', '-b', '$(HOST):$(PORT)',\n          '-X', 'security.protocol=SSL',\n          '-X', 'ssl.key.location=/crab-auth/ACCESS_KEY',\n          '-X', 'ssl.key.password=$(PASSWORD)',\n          '-X', 'ssl.certificate.location=/crab-auth/ACCESS_CERT',\n          '-X', 'ssl.ca.location=/crab-auth/CA_CERT',\n          '-P', '-t', 'random-strings', '/etc/issue',\n      ]\n\n      # loading the crab user data from the Secret as environment variables\n      # useful to access the Kafka information, like hostname and port\n      envFrom:\n        - secretRef:\n            name: kafka-crab-connection\n\n      volumeMounts:\n        - name: crab-auth\n          mountPath: \"/crab-auth\"\n\n  # loading the crab user information from the Secret as files in a volume\n  # useful to access the Kafka certificates \n  volumes:\n    - name: crab-auth\n      secret:\n        secretName: kafka-crab-connection\n</code></pre> <p>2. Create the Pod with the following content:</p> <pre><code>kubectl apply -f kafka-crab-produce.yaml\n</code></pre> <p>Now your event is stored in Kafka.</p> <p>To consume a message, you can use a graphical interface called Kowl. It allows you to explore information about our Kafka cluster, such as brokers, topics, or consumer groups.</p> <p>1. Create a Kubernetes Pod and service to deploy and access Kowl. Create a file named <code>kafka-crab-consume.yaml</code> with the    content below:</p> <pre><code>apiVersion: v1\nkind: Pod\nmetadata:\n  name: kafka-crab-consume\n  labels:\n    app: kafka-crab-consume\nspec:\n  containers:\n    - image: quay.io/cloudhut/kowl:v1.4.0\n      name: kowl\n\n      # kowl configuration values\n      env:\n        - name: KAFKA_TLS_ENABLED\n          value: 'true'\n\n        - name: KAFKA_BROKERS\n          value: $(HOST):$(PORT)\n        - name: KAFKA_TLS_PASSPHRASE\n          value: $(PASSWORD)\n\n        - name: KAFKA_TLS_CAFILEPATH\n          value: /crab-auth/CA_CERT\n        - name: KAFKA_TLS_CERTFILEPATH\n          value: /crab-auth/ACCESS_CERT\n        - name: KAFKA_TLS_KEYFILEPATH\n          value: /crab-auth/ACCESS_KEY\n\n      # inject all connection information as environment variables\n      envFrom:\n        - secretRef:\n            name: kafka-crab-connection\n\n      volumeMounts:\n        - name: crab-auth\n          mountPath: /crab-auth\n\n  # loading the crab user information from the Secret as files in a volume\n  # useful to access the Kafka certificates \n  volumes:\n    - name: crab-auth\n      secret:\n        secretName: kafka-crab-connection\n\n---\n\n# we will be using a simple service to access Kowl on port 8080\napiVersion: v1\nkind: Service\nmetadata:\n  name: kafka-crab-consume\nspec:\n  selector:\n    app: kafka-crab-consume\n  ports:\n    - port: 8080\n      targetPort: 8080\n</code></pre> <p>2. Create the resources with:</p> <pre><code>kubectl apply -f kafka-crab-consume.yaml\n</code></pre> <p>3. In another terminal create a port-forward tunnel to your Pod:</p> <pre><code>kubectl port-forward kafka-crab-consume 8080:8080\n</code></pre> <p>4. In the browser of your choice, access the http://localhost:8080 address. You now see a page with    the <code>random-strings</code> topic listed:    </p> <p>5. Click the topic name to see the message.    </p> <p>You have now consumed the message.</p>"},{"location":"resources/kafka/connect.html","title":"Kafka Connect","text":"<p>Aiven for Apache Kafka Connect is a framework and a runtime for integrating Kafka with other systems. Kafka connectors can either be a source (for pulling data from other systems into Kafka) or sink (for pushing data into other systems from Kafka).</p> <p>This section involves a few different Kubernetes CRDs: 1. A <code>KafkaService</code> service with a <code>KafkaTopic</code> 2. A <code>KafkaConnect</code> service 3. A <code>ServiceIntegration</code> to integrate the <code>Kafka</code> and <code>KafkaConnect</code> services 4. A <code>PostgreSQL</code> used as a sink to receive messages from <code>Kafka</code> 5. A <code>KafkaConnector</code> to finally connect the <code>Kafka</code> with the <code>PostgreSQL</code></p>"},{"location":"resources/kafka/connect.html#creating-the-resources","title":"Creating the resources","text":"<p>Create a file named <code>kafka-sample-connect.yaml</code> with the following content:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: Kafka\nmetadata:\n  name: kafka-sample-connect\nspec:\n  # gets the authentication token from the `aiven-token` Secret\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  # outputs the Kafka connection on the `kafka-connection` Secret\n  connInfoSecretTarget:\n    name: kafka-auth\n\n  # add your Project name here\n  project: &lt;your-project-name&gt;\n\n  # cloud provider and plan of your choice\n  # you can check all of the possibilities here https://aiven.io/pricing\n  cloudName: google-europe-west1\n  plan: business-4\n\n  # general Aiven configuration\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n\n  # specific Kafka configuration\n  userConfig:\n    kafka_version: '2.7'\n    kafka_connect: true\n\n---\n\napiVersion: aiven.io/v1alpha1\nkind: KafkaTopic\nmetadata:\n  name: kafka-topic-connect\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: &lt;your-project-name&gt;\n  serviceName: kafka-sample-connect\n\n  replication: 2\n  partitions: 1\n</code></pre> <p>Next, create a file named <code>kafka-connect.yaml</code> and add the following <code>KafkaConnect</code> resource:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: KafkaConnect\nmetadata:\n  name: kafka-connect\nspec:\n  # gets the authentication token from the `aiven-token` Secret\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  # add your Project name here\n  project: &lt;your-project-name&gt;\n\n  # cloud provider and plan of your choice\n  # you can check all of the possibilities here https://aiven.io/pricing\n  cloudName: google-europe-west1\n  plan: startup-4\n\n  # general Aiven configuration\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n</code></pre> <p>Now let's create a <code>ServiceIntegration</code>. It will use the fields <code>sourceServiceName</code> and <code>destinationServiceName</code> to integrate the previously created <code>kafka-sample-connect</code> and <code>kafka-connect</code>. Open a new file named <code>service-integration-connect.yaml</code> and add the content below:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: ServiceIntegration\nmetadata:\n  name: service-integration-kafka-connect\nspec:\n\n  # gets the authentication token from the `aiven-token` Secret\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: &lt;your-project-name&gt;\n\n  # indicates the type of the integration\n  integrationType: kafka_connect\n\n  # we will send messages from the `kafka-sample-connect` to `kafka-connect`\n  sourceServiceName: kafka-sample-connect\n  destinationServiceName: kafka-connect\n</code></pre> <p>Let's add an Aiven for PostgreSQL service. It will be the service used as a sink, receiving messages from the <code>kafka-sample-connect</code> cluster. Create a file named <code>pg-sample-connect.yaml</code> with the content below:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: PostgreSQL\nmetadata:\n  name: pg-connect\nspec:\n\n  # gets the authentication token from the `aiven-token` Secret\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  # outputs the PostgreSQL connection on the `pg-connection` Secret\n  connInfoSecretTarget:\n    name: pg-connection\n\n  # add your Project name here\n  project: &lt;your-project-name&gt;\n\n  # cloud provider and plan of your choice\n  # you can check all of the possibilities here https://aiven.io/pricing\n  cloudName: google-europe-west1\n  plan: startup-4\n\n  # general Aiven configuration\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n</code></pre> <p>Finally, let's add the glue of everything: a <code>KafkaConnector</code>. As described in the specification, it will send receive messages from the <code>kafka-sample-connect</code> and send them to the <code>pg-connect</code> service. Check our official documentation for more connectors.</p> <p>Create a file named <code>kafka-connector-connect.yaml</code> and with the content below:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: KafkaConnector\nmetadata:\n  name: kafka-connector\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: &lt;your-project-name&gt;\n\n  # the Kafka cluster name\n  serviceName: kafka-sample-connect\n\n  # the connector we will be using\n  connectorClass: io.aiven.connect.jdbc.JdbcSinkConnector\n\n  userConfig:\n    auto.create: \"true\"\n\n    # constructs the pg-connect connection information\n    connection.url: 'jdbc:postgresql://{{ fromSecret \"pg-connection\" \"PGHOST\"}}:{{ fromSecret \"pg-connection\" \"PGPORT\" }}/{{ fromSecret \"pg-connection\" \"PGDATABASE\" }}'\n    connection.user: '{{ fromSecret \"pg-connection\" \"PGUSER\" }}'\n    connection.password: '{{ fromSecret \"pg-connection\" \"PGPASSWORD\" }}'\n\n    # specify which topics it will watch\n    topics: kafka-topic-connect\n\n    key.converter: org.apache.kafka.connect.json.JsonConverter\n    value.converter: org.apache.kafka.connect.json.JsonConverter\n    value.converter.schemas.enable: \"true\"\n</code></pre> <p>With all the files created, apply the new Kubernetes resources:</p> <pre><code>kubectl apply \\\n  -f kafka-sample-connect.yaml \\\n  -f kafka-connect.yaml \\\n  -f service-integration-connect.yaml \\\n  -f pg-sample-connect.yaml \\\n  -f kafka-connector-connect.yaml\n</code></pre> <p>It will take some time for all the services to be up and running. You can check their status with the following command:</p> <pre><code>kubectl get \\\n    kafkas.aiven.io/kafka-sample-connect \\\n    kafkaconnects.aiven.io/kafka-connect \\\n    postgresqls.aiven.io/pg-connect \\\n    kafkaconnectors.aiven.io/kafka-connector\n</code></pre> <p>The output is similar to the following:</p> <p><pre><code>NAME                                  PROJECT        REGION                PLAN         STATE\nkafka.aiven.io/kafka-sample-connect   your-project   google-europe-west1   business-4   RUNNING\n\nNAME                                  STATE\nkafkaconnect.aiven.io/kafka-connect   RUNNING\n\nNAME                             PROJECT        REGION                PLAN        STATE\npostgresql.aiven.io/pg-connect   your-project   google-europe-west1   startup-4   RUNNING\n\nNAME                                      SERVICE NAME           PROJECT        CONNECTOR CLASS                           STATE     TASKS TOTAL   TASKS RUNNING\nkafkaconnector.aiven.io/kafka-connector   kafka-sample-connect   your-project   io.aiven.connect.jdbc.JdbcSinkConnector   RUNNING   1             1\n</code></pre> The deployment is finished when all services have the state <code>RUNNING</code>.</p>"},{"location":"resources/kafka/connect.html#testing","title":"Testing","text":"<p>To test the connection integration, let's produce a Kafka message using kcat from within the Kubernetes cluster. We will deploy a Pod responsible for crafting a message and sending to the Kafka cluster, using the <code>kafka-auth</code> secret generate by the <code>Kafka</code> CRD.</p> <p>Create a new file named <code>kcat-connect.yaml</code> and add the content below:</p> <pre><code>apiVersion: v1\nkind: Pod\nmetadata:\n  name: kafka-message\nspec:\n  containers:\n\n  restartPolicy: Never\n    - image: edenhill/kcat:1.7.0\n      name: kcat\n\n      command: ['/bin/sh']\n      args: [\n        '-c',\n        'echo {\\\"schema\\\":{\\\"type\\\":\\\"struct\\\",\\\"fields\\\":[{ \\\"field\\\": \\\"text\\\", \\\"type\\\": \\\"string\\\", \\\"optional\\\": false } ] }, \\\"payload\\\": { \\\"text\\\": \\\"Hello World\\\" } } &gt; /tmp/msg;\n\n        kcat\n          -b $(HOST):$(PORT)\n          -X security.protocol=SSL\n          -X ssl.key.location=/kafka-auth/ACCESS_KEY\n          -X ssl.key.password=$(PASSWORD)\n          -X ssl.certificate.location=/kafka-auth/ACCESS_CERT\n          -X ssl.ca.location=/kafka-auth/CA_CERT\n          -P -t kafka-topic-connect /tmp/msg'\n      ]\n\n      envFrom:\n      - secretRef:\n          name: kafka-auth\n\n      volumeMounts:\n      - name: kafka-auth\n        mountPath: \"/kafka-auth\"\n\n  volumes:\n  - name: kafka-auth\n    secret:\n      secretName: kafka-auth\n</code></pre> <p>Apply the file with:</p> <pre><code>kubectl apply -f kcat-connect.yaml\n</code></pre> <p>The Pod will execute the commands and finish. You can confirm its <code>Completed</code> state with:</p> <pre><code>kubectl get pod kafka-message\n</code></pre> <p>The output is similar to the following:</p> <pre><code>NAME            READY   STATUS      RESTARTS   AGE\nkafka-message   0/1     Completed   0          5m35s\n</code></pre> <p>If everything went smoothly, we should have our produced message in the PostgreSQL service. Let's check that out.</p> <p>Create a file named <code>psql-connect.yaml</code> with the content below:</p> <pre><code>apiVersion: v1\nkind: Pod\nmetadata:\n  name: psql-connect\nspec:\n  restartPolicy: Never\n  containers:\n    - image: postgres:13\n      name: postgres\n      # \"kafka-topic-connect\" is the table automatically created by KafkaConnect\n      command: ['psql', '$(DATABASE_URI)', '-c', 'SELECT * from \"kafka-topic-connect\";']\n\n      envFrom:\n      - secretRef:\n          name: pg-connection\n</code></pre> <p>Apply the file with:</p> <pre><code>kubectl apply -f psql-connect.yaml\n</code></pre> <p>After a couple of seconds, inspect its log with this command: </p> <pre><code>kubectl logs psql-connect \n</code></pre> <p>The output is similar to the following: </p> <pre><code>    text     \n-------------\n Hello World\n(1 row)\n</code></pre>"},{"location":"resources/kafka/connect.html#clean-up","title":"Clean up","text":"<p>To clean up all the created resources, use the following command:</p> <pre><code>kubectl delete \\\n  -f kafka-sample-connect.yaml \\\n  -f kafka-connect.yaml \\\n  -f service-integration-connect.yaml \\\n  -f pg-sample-connect.yaml \\\n  -f kafka-connector-connect.yaml \\\n  -f kcat-connect.yaml \\\n  -f psql-connect.yaml\n</code></pre>"},{"location":"resources/kafka/schema.html","title":"Kafka Schema","text":""},{"location":"resources/kafka/schema.html#creating-a-kafkaschema","title":"Creating a <code>KafkaSchema</code>","text":"<p>Aiven develops and maintain Karapace, an open source implementation of Kafka REST and schema registry. Is available out of the box for our managed Kafka service.</p> <p>The schema registry address and authentication is the same as the Kafka broker, the only different is the usage of the port 13044.</p> <p>First, let's create an Aiven for Apache Kafka service.</p> <p>1. Create a file named <code>kafka-sample-schema.yaml</code> and add the content below:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: Kafka\nmetadata:\n  name: kafka-sample-schema\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: kafka-auth\n\n  project: &lt;your-project-name&gt;\n  cloudName: google-europe-west1\n  plan: startup-2\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n\n  userConfig:\n    kafka_version: '2.7'\n\n    # this flag enables the Schema registry\n    schema_registry: true\n</code></pre> <p>2. Apply the changes with the following command:</p> <pre><code>kubectl apply -f kafka-schema.yaml \n</code></pre> <p>Now, let's create the schema itself.</p> <p>1. Create a new file named <code>kafka-sample-schema.yaml</code> and add the YAML content below:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: KafkaSchema\nmetadata:\n  name: kafka-schema\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: &lt;your-project-name&gt;\n  serviceName: kafka-sample-schema\n\n  # the name of the Schema\n  subjectName: MySchema\n\n  # the schema itself, in JSON format\n  schema: |\n    {\n      \"type\": \"record\",\n      \"name\": \"MySchema\",\n      \"fields\": [\n        {\n          \"name\": \"field\",\n          \"type\": \"string\"\n        }\n      ]\n    }\n\n  # sets the schema compatibility level \n  compatibilityLevel: BACKWARD\n</code></pre> <p>2. Create the schema with the command:</p> <pre><code>kubectl apply -f kafka-schema.yaml\n</code></pre> <p>3. Review the resource you created with the following command:</p> <pre><code>kubectl get kafkaschemas.aiven.io kafka-schema\n</code></pre> <p>The output is similar to the following:</p> <pre><code>NAME           SERVICE NAME   PROJECT          SUBJECT    COMPATIBILITY LEVEL   VERSION\nkafka-schema   kafka-sample   &lt;your-project&gt;   MySchema   BACKWARD              1\n</code></pre> <p>Now you can follow the instructions to use a schema registry in Java on how to use the schema created.</p>"}]}
\ No newline at end of file
+var __index = {"config":{"lang":["en"],"separator":"[\\s\\-]+","pipeline":["stopWordFilter"]},"docs":[{"location":"index.html","title":"Welcome to Aiven Operator for Kubernetes","text":"<p>Provision and manage Aiven services from your Kubernetes cluster.</p>"},{"location":"index.html#what-is-aiven","title":"What is Aiven?","text":"<p>Aiven offers managed services for the best open source data technologies, on a cloud of your choice.</p> <p>We offer multiple cloud options because we believe that everyone should have access to great data platforms wherever they host their applications. Our customers tell us they love it because they know that they aren\u2019t locked in to one particular cloud platform for all their data needs.</p>"},{"location":"index.html#contributing","title":"Contributing","text":"<p>The contribution guide covers everything you need to know about how you can contribute to Aiven Operator for Kubernetes. The developer guide will help you onboard as a developer.</p>"},{"location":"authentication.html","title":"Authenticating","text":"<p>To get authenticated and authorized, set up the communication between the Aiven Operator for Kubernetes and Aiven by using a token stored in a Kubernetes secret. You can then refer to the secret name on every custom resource in the <code>authSecretRef</code> field.</p> <p>If you don't have an Aiven account yet, sign up here for a free trial. \ud83e\udd80</p> <p>1. Generate an authentication token</p> <p>Refer to our documentation article to generate your authentication token.</p> <p>2. Create the Kubernetes Secret</p> <p>The following command creates a secret named <code>aiven-token</code> with a <code>token</code> field containing the authentication token:</p> <pre><code>kubectl create secret generic aiven-token --from-literal=token=\"&lt;your-token-here&gt;\"\n</code></pre> <p>When managing your Aiven resources, we will be using the created Secret in the <code>authSecretRef</code> field. It will look like the example below:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: PostgreSQL\nmetadata:\n  name: pg-sample\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n  [ ... ]\n</code></pre> <p>Also, note that within Aiven, all resources are conceptually inside a Project. By default, a random project name is generated when you signup, but you can also create new projects.</p> <p>The Project name is required in most of the resources. It will look like the example below:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: PostgreSQL\nmetadata:\n  name: pg-sample\nspec:\n  project: &lt;your-project-name-here&gt;\n  [ ... ]\n</code></pre>"},{"location":"changelog.html","title":"Changelog","text":""},{"location":"changelog.html#v0160-2023-12-07","title":"v0.16.0 - 2023-12-07","text":"<ul> <li>Set conditions on errors: <code>Preconditions</code>, <code>CreateOrUpdate</code>, <code>Delete</code>. Thanks to @atarax</li> <li>Fix object updates lost when reconciler exits before the object is committed  </li> <li>Add <code>Kafka</code> field <code>userConfig.kafka.transaction_partition_verification_enable</code>, type <code>boolean</code>: Enable   verification that checks that the partition has been added to the transaction before writing transactional   records to the partition</li> <li>Add <code>Cassandra</code> field <code>userConfig.service_log</code>, type <code>boolean</code>: Store logs for the service so that   they are available in the HTTP API and console</li> <li>Add <code>Clickhouse</code> field <code>userConfig.service_log</code>, type <code>boolean</code>: Store logs for the service so that   they are available in the HTTP API and console</li> <li>Add <code>Grafana</code> field <code>userConfig.service_log</code>, type <code>boolean</code>: Store logs for the service so that they   are available in the HTTP API and console</li> <li>Add <code>KafkaConnect</code> field <code>userConfig.service_log</code>, type <code>boolean</code>: Store logs for the service so that   they are available in the HTTP API and console</li> <li>Add <code>Kafka</code> field <code>userConfig.kafka_rest_config.name_strategy_validation</code>, type <code>boolean</code>: If true,   validate that given schema is registered under expected subject name by the used name strategy when   producing messages</li> <li>Add <code>Kafka</code> field <code>userConfig.service_log</code>, type <code>boolean</code>: Store logs for the service so that they   are available in the HTTP API and console</li> <li>Add <code>MySQL</code> field <code>userConfig.service_log</code>, type <code>boolean</code>: Store logs for the service so that they   are available in the HTTP API and console</li> <li>Add <code>OpenSearch</code> field <code>userConfig.service_log</code>, type <code>boolean</code>: Store logs for the service so that   they are available in the HTTP API and console</li> <li>Add <code>PostgreSQL</code> field <code>userConfig.pg_qualstats</code>, type <code>object</code>: System-wide settings for the pg_qualstats   extension</li> <li>Add <code>PostgreSQL</code> field <code>userConfig.service_log</code>, type <code>boolean</code>: Store logs for the service so that   they are available in the HTTP API and console</li> <li>Add <code>Redis</code> field <code>userConfig.service_log</code>, type <code>boolean</code>: Store logs for the service so that they   are available in the HTTP API and console</li> </ul>"},{"location":"changelog.html#v0150-2023-11-17","title":"v0.15.0 - 2023-11-17","text":"<ul> <li>Upgrade to Go 1.21</li> <li>Add option to orphan resources. Thanks to @atarax</li> <li>Fix <code>ServiceIntegration</code>: do not send empty user config to the API </li> <li>Add a format for <code>string</code> type fields to the documentation</li> <li>Generate CRDs changelog</li> <li>Add <code>Clickhouse</code> field <code>userConfig.private_access.clickhouse_mysql</code>, type <code>boolean</code>: Allow clients   to connect to clickhouse_mysql with a DNS name that always resolves to the service's private IP addresses</li> <li>Add <code>Clickhouse</code> field <code>userConfig.privatelink_access.clickhouse_mysql</code>, type <code>boolean</code>: Enable clickhouse_mysql</li> <li>Add <code>Clickhouse</code> field <code>userConfig.public_access.clickhouse_mysql</code>, type <code>boolean</code>: Allow clients to   connect to clickhouse_mysql from the public internet for service nodes that are in a project VPC   or another type of private network</li> <li>Add <code>Grafana</code> field <code>userConfig.unified_alerting_enabled</code>, type <code>boolean</code>: Enable or disable Grafana   unified alerting functionality</li> <li>Add <code>Kafka</code> field <code>userConfig.aiven_kafka_topic_messages</code>, type <code>boolean</code>: Allow access to read Kafka   topic messages in the Aiven Console and REST API</li> <li>Add <code>Kafka</code> field <code>userConfig.kafka.sasl_oauthbearer_expected_audience</code>, type <code>string</code>: The (optional)   comma-delimited setting for the broker to use to verify that the JWT was issued for one of the   expected audiences</li> <li>Add <code>Kafka</code> field <code>userConfig.kafka.sasl_oauthbearer_expected_issuer</code>, type <code>string</code>: Optional setting   for the broker to use to verify that the JWT was created by the expected issuer</li> <li>Add <code>Kafka</code> field <code>userConfig.kafka.sasl_oauthbearer_jwks_endpoint_url</code>, type <code>string</code>: OIDC JWKS endpoint   URL. By setting this the SASL SSL OAuth2/OIDC authentication is enabled</li> <li>Add <code>Kafka</code> field <code>userConfig.kafka.sasl_oauthbearer_sub_claim_name</code>, type <code>string</code>: Name of the scope   from which to extract the subject claim from the JWT. Defaults to sub</li> <li>Change <code>Kafka</code> field <code>userConfig.kafka_version</code>: enum <code>[3.1, 3.3, 3.4, 3.5]</code> \u2192 <code>[3.1, 3.3, 3.4,   3.5, 3.6]</code></li> <li>Change <code>Kafka</code> field <code>userConfig.tiered_storage.local_cache.size</code>: deprecated</li> <li>Add <code>OpenSearch</code> field <code>userConfig.opensearch.indices_memory_max_index_buffer_size</code>, type <code>integer</code>:   Absolute value. Default is unbound. Doesn't work without indices.memory.index_buffer_size</li> <li>Add <code>OpenSearch</code> field <code>userConfig.opensearch.indices_memory_min_index_buffer_size</code>, type <code>integer</code>:   Absolute value. Default is 48mb. Doesn't work without indices.memory.index_buffer_size</li> <li>Change <code>OpenSearch</code> field <code>userConfig.opensearch.auth_failure_listeners.internal_authentication_backend_limiting.authentication_backend</code>:   enum <code>[internal]</code></li> <li>Change <code>OpenSearch</code> field <code>userConfig.opensearch.auth_failure_listeners.internal_authentication_backend_limiting.type</code>:   enum <code>[username]</code></li> <li>Change <code>OpenSearch</code> field <code>userConfig.opensearch.auth_failure_listeners.ip_rate_limiting.type</code>: enum <code>[ip]</code></li> <li>Change <code>OpenSearch</code> field <code>userConfig.opensearch.search_max_buckets</code>: maximum <code>65536</code> \u2192 <code>1000000</code></li> <li>Change <code>ServiceIntegration</code> field <code>kafkaMirrormaker.kafka_mirrormaker.producer_max_request_size</code>: maximum   <code>67108864</code> \u2192 <code>268435456</code></li> </ul>"},{"location":"changelog.html#v0140-2023-09-21","title":"v0.14.0 - 2023-09-21","text":"<ul> <li>Make <code>projectVpcId</code> and <code>projectVPCRef</code> mutable</li> <li>Fix panic on <code>nil</code> user config conversion</li> <li>Use aiven-go-client with context support</li> <li>Deprecate <code>Cassandra</code> kind option <code>additional_backup_regions</code></li> <li>Add <code>Grafana</code> kind option <code>auto_login</code></li> <li>Add <code>Kafka</code> kind properties <code>log_local_retention_bytes</code>, <code>log_local_retention_ms</code></li> <li>Remove <code>Kafka</code> kind option <code>remote_log_storage_system_enable</code></li> <li>Add <code>OpenSearch</code> kind option <code>auth_failure_listeners</code></li> <li>Add <code>OpenSearch</code> kind Index State Management options</li> </ul>"},{"location":"changelog.html#v0130-2023-08-18","title":"v0.13.0 - 2023-08-18","text":"<ul> <li>Add TieredStorage support to <code>Kafka</code></li> <li>Add <code>Kafka</code> version <code>3.5</code></li> <li>Add <code>Kafka</code> spec property <code>scheduled_rebalance_max_delay_ms</code></li> <li>Mark deprecated <code>Kafka</code> spec property <code>remote_log_storage_system_enable</code></li> <li>Add <code>KafkaConnect</code> spec property <code>scheduled_rebalance_max_delay_ms</code></li> <li>Add <code>OpenSearch</code> spec property <code>openid</code> </li> <li>Use updated go client with enhanced retries</li> </ul>"},{"location":"changelog.html#v0123-2023-07-13","title":"v0.12.3 - 2023-07-13","text":"<ul> <li>Expose <code>KAFKA_SCHEMA_REGISTRY_HOST</code> and <code>KAFKA_SCHEMA_REGISTRY_PORT</code> for <code>Kafka</code></li> <li>Expose <code>KAFKA_CONNECT_HOST</code>, <code>KAFKA_CONNECT_PORT</code>, <code>KAFKA_REST_HOST</code> and <code>KAFKA_REST_PORT</code> for <code>Kafka</code>. Thanks to @Dariusch</li> </ul>"},{"location":"changelog.html#v0122-2023-06-20","title":"v0.12.2 - 2023-06-20","text":"<ul> <li>Make conditions and state optional attributes of service status. Thanks to @mortenlj</li> <li>Remove deprecated <code>unclean_leader_election_enable</code> from <code>KafkaTopic</code> kind config</li> <li>Expose <code>KAFKA_SASL_PORT</code> for <code>Kafka</code> kind if <code>SASL</code> authentication method is enabled</li> <li>Add <code>redis</code> options to datadog <code>ServiceIntegration</code></li> <li>Add <code>Cassandra</code> version <code>3</code></li> <li>Add <code>Kafka</code> versions <code>3.1</code> and <code>3.4</code></li> <li>Add <code>kafka_rest_config.producer_max_request_size</code> option</li> <li>Add <code>kafka_mirrormaker.producer_compression_type</code> option</li> </ul>"},{"location":"changelog.html#v0120-2023-05-10","title":"v0.12.0 - 2023-05-10","text":"<ul> <li>Fix service tags create/update. Thanks to @mortenlj</li> <li>Add prefix name option for secrets. Thanks to @jordiclariana</li> <li>Add <code>clusterRole.create</code> option to Helm chart. Thanks to @ryaneorth</li> <li>Use kind name as default prefix for secrets to avoid collisions. Please migrate your applications before legacy names removed</li> <li>Fix secrets creation on openshift</li> <li>Add <code>OpenSearch.spec.userConfig.idp_pemtrustedcas_content</code> option.   Specifies the PEM-encoded root certificate authority (CA) content for the SAML identity provider (IdP) server verification.</li> </ul>"},{"location":"changelog.html#v0110-2023-04-25","title":"v0.11.0 - 2023-04-25","text":"<ul> <li>Add <code>ServiceIntegration</code> kind <code>SourceProjectName</code> and <code>DestinationProjectName</code> fields</li> <li>Add <code>ServiceIntegration</code> fields <code>MaxLength</code> validation</li> <li>Add <code>ServiceIntegration</code> validation: multiple user configs cannot be set</li> <li>Fix <code>ServiceIntegration</code>, should not require <code>destinationServiceName</code> or <code>sourceEndpointID</code> field</li> <li>Fix <code>ServiceIntegration</code>, add missing <code>external_aws_cloudwatch_metrics</code> type config serialization</li> <li>Update <code>ServiceIntegration</code> integration type list</li> <li>Add <code>annotations</code> and <code>labels</code> fields to <code>connInfoSecretTarget</code></li> <li>Allow to disable capabilities check to install webhooks. Thanks to @amstee</li> <li>Set <code>OpenSearch.spec.userConfig.opensearch.search_max_buckets</code> maximum to <code>65536</code></li> </ul>"},{"location":"changelog.html#v0100-2023-04-17","title":"v0.10.0 - 2023-04-17","text":"<ul> <li>Mark service <code>plan</code> as a required field</li> <li>Add <code>minumim</code>, <code>maximum</code> validations for <code>number</code> type</li> <li>Move helm charts to the operator repository</li> <li>Add helm charts generator</li> <li>Remove <code>ip_filter</code> backward compatability</li> <li>Fix deletion errors omitted</li> <li>Add service integration <code>clickhouseKafka.tables.data_format-property</code> enum <code>RawBLOB</code> value</li> <li>Update OpenSearch <code>userConfig.opensearch.email_sender_username</code> validation pattern</li> <li>Add Kafka <code>log_cleaner_min_cleanable_ratio</code> minimum and maximum validation rules</li> <li>Remove Kafka version <code>3.2</code>, reached EOL</li> <li>Remove PostgreSQL version <code>10</code>, reached EOL</li> <li>Explicitly delete <code>ProjectVPC</code> by <code>ID</code> to avoid conflicts </li> <li>Speed up <code>ProjectVPC</code> deletion by exiting on <code>DELETING</code> status</li> <li>Fix missing RBAC permissions to update finalizers for various controllers </li> <li>Refactor <code>ClickhouseUser</code> controller</li> <li>Mark <code>ClickhouseUser.spec.project</code> and <code>ClickhouseUser.spec.serviceName</code> as immutable</li> <li>Remove deprecated service integration type <code>signalfx</code></li> <li>Add build version to the Aiven client user-agent</li> </ul>"},{"location":"changelog.html#v090-2023-03-03","title":"v0.9.0 - 2023-03-03","text":"<ul> <li><code>AuthSecretRef</code> fields marked as required</li> <li>Generate user configs for existing service integrations: <code>datadog</code>, <code>kafka_connect</code>, <code>kafka_logs</code>, <code>metrics</code></li> <li>Add new service integrations: <code>clickhouse_postgresql</code>, <code>clickhouse_kafka</code>, <code>clickhouse_kafka</code>, <code>logs</code>, <code>external_aws_cloudwatch_metrics</code></li> <li>Add <code>KafkaTopic.Spec.topicName</code> field. Unlike the <code>metadata.name</code>, supports additional characters and has a longer length.   <code>KafkaTopic.Spec.topicName</code> replaces <code>metadata.name</code> in future releases and will be marked as required.</li> <li>Accept <code>false</code> value for <code>termination_protection</code> property</li> <li>Fix <code>min_cleanable_dirty_ratio</code>. Thanks to @TV2rd</li> </ul>"},{"location":"changelog.html#v080-2023-02-15","title":"v0.8.0 - 2023-02-15","text":"<p>Important: This release brings breaking changes to the <code>userConfig</code> property. After new charts are installed, update your existing instances manually using the <code>kubectl edit</code> command according to the API reference.</p> <p>Note: It is now recommended to disable webhooks for Kubernetes version 1.25 and higher, as native CRD validation rules are used.</p> <ul> <li>Breaking change: <code>ip_filter</code> field is now of <code>object</code> type</li> <li>Breaking change: Update user configs for following kinds: PostgreSQL, Kafka, KafkaConnect, Redis, Clickhouse, OpenSearch</li> <li>Add CRD validation rules for immutable fields</li> <li>Add user config field validations (enum, minimum, maximum, minLength, and others)</li> <li>Add <code>serviceIntegrations</code> on service types. Only the <code>read_replica</code> type is available.</li> <li>Add KafkaTopic <code>min_cleanable_dirty_ratio</code> config field support</li> <li>Add Clickhouse <code>spec.disk_space</code> property</li> <li>Use updated aiven-go-client with retries</li> <li>Add <code>linux/amd64</code> build. Thanks to @christoffer-eide</li> </ul>"},{"location":"changelog.html#v071-2023-01-24","title":"v0.7.1 - 2023-01-24","text":"<ul> <li>Add Cassandra Kind</li> <li>Add Grafana Kind</li> <li>Recreate Kafka ACL if modified.    Note: Modification of ACL created prior to v0.5.1 won't delete existing instance at Aiven.   It must be deleted manually.</li> <li>Fix MySQL webhook</li> </ul>"},{"location":"changelog.html#v060-2023-01-16","title":"v0.6.0 - 2023-01-16","text":"<ul> <li>Remove <code>never</code> from choices of maintenance dow</li> <li>Add <code>development</code> flag to configure logger's behavior</li> <li>Add user config generator (see <code>make generate-user-configs</code>)</li> <li>Add <code>genericServiceHandler</code> to generalize service management </li> <li>Add MySQL Kind</li> </ul>"},{"location":"changelog.html#v052-2022-12-09","title":"v0.5.2 - 2022-12-09","text":"<ul> <li>Fix deployment release manifest generation</li> </ul>"},{"location":"changelog.html#v051-2022-11-28","title":"v0.5.1 - 2022-11-28","text":"<ul> <li>Fix <code>KafkaACL</code> deletion</li> </ul>"},{"location":"changelog.html#v050-2022-11-27","title":"v0.5.0 - 2022-11-27","text":"<ul> <li>Add ability to link resources through the references</li> <li>Add <code>ProjectVPCRef</code> property to <code>Kafka</code>, <code>OpenSearch</code>, <code>Clickhouse</code> and <code>Redis</code> kinds   to get <code>ProjectVPC</code> ID when resource is ready</li> <li>Improve <code>ProjectVPC</code> deletion, deletes by ID first if possible, then tries by name</li> <li>Fix <code>client.Object</code> storage update data loss</li> </ul>"},{"location":"changelog.html#v040-2022-08-04","title":"v0.4.0 - 2022-08-04","text":"<ul> <li>Upgrade to Go 1.18</li> <li>Add support for connection pull incoming user</li> <li>Fix typo on config/samples/kafka disk_space</li> <li>Add tags support for project and service resources</li> <li>Enable termination protection</li> </ul>"},{"location":"changelog.html#v020-2021-11-17","title":"v0.2.0 - 2021-11-17","text":"<p>features: * add Redis CRD</p> <p>improvements: * watch CRDs to reconcile token secrets</p> <p>fixes: * fix RBACs of KafkaACL CRD</p>"},{"location":"changelog.html#v011-2021-09-13","title":"v0.1.1 - 2021-09-13","text":"<p>improvements: * update helm installation docs</p> <p>fixes: * fix typo in a kafka-connector kuttl test</p>"},{"location":"changelog.html#v010-2021-09-10","title":"v0.1.0 - 2021-09-10","text":"<p>features: * initial release</p>"},{"location":"troubleshooting.html","title":"Troubleshooting","text":""},{"location":"troubleshooting.html#verifying-operator-status","title":"Verifying operator status","text":"<p>Use the following checks to help you troubleshoot the Aiven Operator for Kubernetes.</p>"},{"location":"troubleshooting.html#checking-the-pods","title":"Checking the Pods","text":"<p>Verify that all the operator Pods are <code>READY</code>, and the <code>STATUS</code> is <code>Running</code>.</p> <pre><code>kubectl get pod -n aiven-operator-system\n</code></pre> <p>The output is similar to the following:</p> <pre><code>NAME                                                            READY   STATUS    RESTARTS   AGE\naiven-operator-controller-manager-576d944499-ggttj   1/1     Running   0          12m\n</code></pre> <p>Verify that the <code>cert-manager</code> Pods are also running.</p> <pre><code>kubectl get pod -n cert-manager\n</code></pre> <p>The output has the status:</p> <pre><code>NAME                                       READY   STATUS    RESTARTS   AGE\ncert-manager-7dd5854bb4-85cpv              1/1     Running   0          76s\ncert-manager-cainjector-64c949654c-n2z8l   1/1     Running   0          77s\ncert-manager-webhook-6bdffc7c9d-47w6z      1/1     Running   0          76s\n</code></pre>"},{"location":"troubleshooting.html#visualizing-the-operator-logs","title":"Visualizing the operator logs","text":"<p>Use the following command to visualize all the logs from the operator.</p> <pre><code>kubectl logs -n aiven-operator-system -l control-plane=controller-manager\n</code></pre>"},{"location":"troubleshooting.html#verifing-the-operator-version","title":"Verifing the operator version","text":"<pre><code>kubectl get pod -n aiven-operator-system -l control-plane=controller-manager -o jsonpath=\"{.items[0].spec.containers[0].image}\"\n</code></pre>"},{"location":"troubleshooting.html#known-issues-and-limitations","title":"Known issues and limitations","text":"<p>We're always working to resolve problems that pop up in Aiven products. If your problem is listed below, we know about it and are working to fix it. If your problem isn't listed below, report it as an issue.</p>"},{"location":"troubleshooting.html#cert-manager","title":"cert-manager","text":""},{"location":"troubleshooting.html#issue","title":"Issue","text":"<p>The following event appears on the operator Pod:</p> <pre><code>MountVolume.SetUp failed for volume \"cert\" : secret \"webhook-server-cert\" not found\n</code></pre>"},{"location":"troubleshooting.html#impact","title":"Impact","text":"<p>You cannot run the operator.</p>"},{"location":"troubleshooting.html#solution","title":"Solution","text":"<p>Make sure that cert-manager is up and running.</p> <pre><code>kubectl get pod -n cert-manager\n</code></pre> <p>The output shows the status of each cert-manager:</p> <pre><code>NAME                                       READY   STATUS    RESTARTS   AGE\ncert-manager-7dd5854bb4-85cpv              1/1     Running   0          76s\ncert-manager-cainjector-64c949654c-n2z8l   1/1     Running   0          77s\ncert-manager-webhook-6bdffc7c9d-47w6z      1/1     Running   0          76s\n</code></pre>"},{"location":"api-reference/index.html","title":"aiven.io/v1alpha1","text":"<p>Autogenerated from CRD files.</p>"},{"location":"api-reference/cassandra.html","title":"Cassandra","text":""},{"location":"api-reference/cassandra.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: Cassandra\nmetadata:\n  name: my-cassandra\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: cassandra-secret\n    prefix: MY_SECRET_PREFIX_\n    annotations:\n      foo: bar\n    labels:\n      baz: egg\n\n  project: aiven-project-name\n  cloudName: google-europe-west1\n  plan: startup-4\n\n  maintenanceWindowDow: sunday\n  maintenanceWindowTime: 11:00:00\n\n  userConfig:\n    migrate_sstableloader: true\n    public_access:\n      prometheus: true\n    ip_filter:\n      - network: 0.0.0.0\n        description: whatever\n      - network: 10.20.0.0/16\n</code></pre>"},{"location":"api-reference/cassandra.html#Cassandra","title":"Cassandra","text":"<p>Cassandra is the Schema for the cassandras API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>Cassandra</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). CassandraSpec defines the desired state of Cassandra. See below for nested schema.</li> </ul>"},{"location":"api-reference/cassandra.html#spec","title":"spec","text":"<p>Appears on <code>Cassandra</code>.</p> <p>CassandraSpec defines the desired state of Cassandra.</p> <p>Required</p> <ul> <li><code>plan</code> (string, MaxLength: 128). Subscription plan.</li> <li><code>project</code> (string, Immutable, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Target project.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>cloudName</code> (string, MaxLength: 256). Cloud the service runs in.</li> <li><code>connInfoSecretTarget</code> (object). Information regarding secret creation. Exposed keys: <code>CASSANDRA_HOST</code>, <code>CASSANDRA_PORT</code>, <code>CASSANDRA_USER</code>, <code>CASSANDRA_PASSWORD</code>, <code>CASSANDRA_URI</code>, <code>CASSANDRA_HOSTS</code>. See below for nested schema.</li> <li><code>disk_space</code> (string, Format: <code>^[1-9][0-9]*(GiB|G)*</code>). The disk space of the service, possible values depend on the service type, the cloud provider and the project. Reducing will result in the service re-balancing.</li> <li><code>maintenanceWindowDow</code> (string, Enum: <code>monday</code>, <code>tuesday</code>, <code>wednesday</code>, <code>thursday</code>, <code>friday</code>, <code>saturday</code>, <code>sunday</code>). Day of week when maintenance operations should be performed. One monday, tuesday, wednesday, etc.</li> <li><code>maintenanceWindowTime</code> (string, MaxLength: 8). Time of day when maintenance operations should be performed. UTC time in HH:mm:ss format.</li> <li><code>projectVPCRef</code> (object). ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically. See below for nested schema.</li> <li><code>projectVpcId</code> (string, MaxLength: 36). Identifier of the VPC the service should be in, if any.</li> <li><code>serviceIntegrations</code> (array of objects, Immutable, MaxItems: 1). Service integrations to specify when creating a service. Not applied after initial service creation. See below for nested schema.</li> <li><code>tags</code> (object, AdditionalProperties: string). Tags are key-value pairs that allow you to categorize services.</li> <li><code>terminationProtection</code> (boolean). Prevent service from being deleted. It is recommended to have this enabled for all services.</li> <li><code>userConfig</code> (object). Cassandra specific user configuration options. See below for nested schema.</li> </ul>"},{"location":"api-reference/cassandra.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/cassandra.html#spec.connInfoSecretTarget","title":"connInfoSecretTarget","text":"<p>Appears on <code>spec</code>.</p> <p>Information regarding secret creation. Exposed keys: <code>CASSANDRA_HOST</code>, <code>CASSANDRA_PORT</code>, <code>CASSANDRA_USER</code>, <code>CASSANDRA_PASSWORD</code>, <code>CASSANDRA_URI</code>, <code>CASSANDRA_HOSTS</code>.</p> <p>Required</p> <ul> <li><code>name</code> (string). Name of the secret resource to be created. By default, is equal to the resource name.</li> </ul> <p>Optional</p> <ul> <li><code>annotations</code> (object, AdditionalProperties: string). Annotations added to the secret.</li> <li><code>labels</code> (object, AdditionalProperties: string). Labels added to the secret.</li> <li><code>prefix</code> (string). Prefix for the secret's keys. Added \"as is\" without any transformations. By default, is equal to the kind name in uppercase + underscore, e.g. <code>KAFKA_</code>, <code>REDIS_</code>, etc.</li> </ul>"},{"location":"api-reference/cassandra.html#spec.projectVPCRef","title":"projectVPCRef","text":"<p>Appears on <code>spec</code>.</p> <p>ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically.</p> <p>Required</p> <ul> <li><code>name</code> (string, MinLength: 1). </li> </ul> <p>Optional</p> <ul> <li><code>namespace</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/cassandra.html#spec.serviceIntegrations","title":"serviceIntegrations","text":"<p>Appears on <code>spec</code>.</p> <p>Service integrations to specify when creating a service. Not applied after initial service creation.</p> <p>Required</p> <ul> <li><code>integrationType</code> (string, Enum: <code>read_replica</code>). </li> <li><code>sourceServiceName</code> (string, MinLength: 1, MaxLength: 64). </li> </ul>"},{"location":"api-reference/cassandra.html#spec.userConfig","title":"userConfig","text":"<p>Appears on <code>spec</code>.</p> <p>Cassandra specific user configuration options.</p> <p>Optional</p> <ul> <li><code>additional_backup_regions</code> (array of strings, MaxItems: 1). Deprecated. Additional Cloud Regions for Backup Replication.</li> <li><code>backup_hour</code> (integer, Minimum: 0, Maximum: 23). The hour of day (in UTC) when backup for the service is started. New backup is only started if previous backup has already completed.</li> <li><code>backup_minute</code> (integer, Minimum: 0, Maximum: 59). The minute of an hour when backup for the service is started. New backup is only started if previous backup has already completed.</li> <li><code>cassandra</code> (object). cassandra configuration values. See below for nested schema.</li> <li><code>cassandra_version</code> (string, Enum: <code>4</code>, <code>3</code>). Cassandra major version.</li> <li><code>ip_filter</code> (array of objects, MaxItems: 1024). Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>. See below for nested schema.</li> <li><code>migrate_sstableloader</code> (boolean). Sets the service into migration mode enabling the sstableloader utility to be used to upload Cassandra data files. Available only on service create.</li> <li><code>private_access</code> (object). Allow access to selected service ports from private networks. See below for nested schema.</li> <li><code>project_to_fork_from</code> (string, Immutable, MaxLength: 63). Name of another project to fork a service from. This has effect only when a new service is being created.</li> <li><code>public_access</code> (object). Allow access to selected service ports from the public Internet. See below for nested schema.</li> <li><code>service_log</code> (boolean). Store logs for the service so that they are available in the HTTP API and console.</li> <li><code>service_to_fork_from</code> (string, Immutable, MaxLength: 64). Name of another service to fork from. This has effect only when a new service is being created.</li> <li><code>service_to_join_with</code> (string, MaxLength: 64). When bootstrapping, instead of creating a new Cassandra cluster try to join an existing one from another service. Can only be set on service creation.</li> <li><code>static_ips</code> (boolean). Use static public IP addresses.</li> </ul>"},{"location":"api-reference/cassandra.html#spec.userConfig.cassandra","title":"cassandra","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>cassandra configuration values.</p> <p>Optional</p> <ul> <li><code>batch_size_fail_threshold_in_kb</code> (integer, Minimum: 1, Maximum: 1000000). Fail any multiple-partition batch exceeding this value. 50kb (10x warn threshold) by default.</li> <li><code>batch_size_warn_threshold_in_kb</code> (integer, Minimum: 1, Maximum: 1000000). Log a warning message on any multiple-partition batch size exceeding this value.5kb per batch by default.Caution should be taken on increasing the size of this thresholdas it can lead to node instability.</li> <li><code>datacenter</code> (string, MaxLength: 128). Name of the datacenter to which nodes of this service belong. Can be set only when creating the service.</li> </ul>"},{"location":"api-reference/cassandra.html#spec.userConfig.ip_filter","title":"ip_filter","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>.</p> <p>Required</p> <ul> <li><code>network</code> (string, MaxLength: 43). CIDR address block.</li> </ul> <p>Optional</p> <ul> <li><code>description</code> (string, MaxLength: 1024). Description for IP filter list entry.</li> </ul>"},{"location":"api-reference/cassandra.html#spec.userConfig.private_access","title":"private_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from private networks.</p> <p>Required</p> <ul> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> </ul>"},{"location":"api-reference/cassandra.html#spec.userConfig.public_access","title":"public_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from the public Internet.</p> <p>Required</p> <ul> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus from the public internet for service nodes that are in a project VPC or another type of private network.</li> </ul>"},{"location":"api-reference/clickhouse.html","title":"Clickhouse","text":""},{"location":"api-reference/clickhouse.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: Clickhouse\nmetadata:\n  name: my-clickhouse\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: clickhouse-secret\n    prefix: MY_SECRET_PREFIX_\n    annotations:\n      foo: bar\n    labels:\n      baz: egg\n\n  project: my-aiven-project\n  cloudName: google-europe-west1\n  plan: startup-16\n\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n</code></pre>"},{"location":"api-reference/clickhouse.html#Clickhouse","title":"Clickhouse","text":"<p>Clickhouse is the Schema for the clickhouses API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>Clickhouse</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). ClickhouseSpec defines the desired state of Clickhouse. See below for nested schema.</li> </ul>"},{"location":"api-reference/clickhouse.html#spec","title":"spec","text":"<p>Appears on <code>Clickhouse</code>.</p> <p>ClickhouseSpec defines the desired state of Clickhouse.</p> <p>Required</p> <ul> <li><code>plan</code> (string, MaxLength: 128). Subscription plan.</li> <li><code>project</code> (string, Immutable, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Target project.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>cloudName</code> (string, MaxLength: 256). Cloud the service runs in.</li> <li><code>connInfoSecretTarget</code> (object). Information regarding secret creation. Exposed keys: <code>CLICKHOUSE_HOST</code>, <code>CLICKHOUSE_PORT</code>, <code>CLICKHOUSE_USER</code>, <code>CLICKHOUSE_PASSWORD</code>. See below for nested schema.</li> <li><code>disk_space</code> (string, Format: <code>^[1-9][0-9]*(GiB|G)*</code>). The disk space of the service, possible values depend on the service type, the cloud provider and the project. Reducing will result in the service re-balancing.</li> <li><code>maintenanceWindowDow</code> (string, Enum: <code>monday</code>, <code>tuesday</code>, <code>wednesday</code>, <code>thursday</code>, <code>friday</code>, <code>saturday</code>, <code>sunday</code>). Day of week when maintenance operations should be performed. One monday, tuesday, wednesday, etc.</li> <li><code>maintenanceWindowTime</code> (string, MaxLength: 8). Time of day when maintenance operations should be performed. UTC time in HH:mm:ss format.</li> <li><code>projectVPCRef</code> (object). ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically. See below for nested schema.</li> <li><code>projectVpcId</code> (string, MaxLength: 36). Identifier of the VPC the service should be in, if any.</li> <li><code>serviceIntegrations</code> (array of objects, Immutable, MaxItems: 1). Service integrations to specify when creating a service. Not applied after initial service creation. See below for nested schema.</li> <li><code>tags</code> (object, AdditionalProperties: string). Tags are key-value pairs that allow you to categorize services.</li> <li><code>terminationProtection</code> (boolean). Prevent service from being deleted. It is recommended to have this enabled for all services.</li> <li><code>userConfig</code> (object). OpenSearch specific user configuration options. See below for nested schema.</li> </ul>"},{"location":"api-reference/clickhouse.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/clickhouse.html#spec.connInfoSecretTarget","title":"connInfoSecretTarget","text":"<p>Appears on <code>spec</code>.</p> <p>Information regarding secret creation. Exposed keys: <code>CLICKHOUSE_HOST</code>, <code>CLICKHOUSE_PORT</code>, <code>CLICKHOUSE_USER</code>, <code>CLICKHOUSE_PASSWORD</code>.</p> <p>Required</p> <ul> <li><code>name</code> (string). Name of the secret resource to be created. By default, is equal to the resource name.</li> </ul> <p>Optional</p> <ul> <li><code>annotations</code> (object, AdditionalProperties: string). Annotations added to the secret.</li> <li><code>labels</code> (object, AdditionalProperties: string). Labels added to the secret.</li> <li><code>prefix</code> (string). Prefix for the secret's keys. Added \"as is\" without any transformations. By default, is equal to the kind name in uppercase + underscore, e.g. <code>KAFKA_</code>, <code>REDIS_</code>, etc.</li> </ul>"},{"location":"api-reference/clickhouse.html#spec.projectVPCRef","title":"projectVPCRef","text":"<p>Appears on <code>spec</code>.</p> <p>ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically.</p> <p>Required</p> <ul> <li><code>name</code> (string, MinLength: 1). </li> </ul> <p>Optional</p> <ul> <li><code>namespace</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/clickhouse.html#spec.serviceIntegrations","title":"serviceIntegrations","text":"<p>Appears on <code>spec</code>.</p> <p>Service integrations to specify when creating a service. Not applied after initial service creation.</p> <p>Required</p> <ul> <li><code>integrationType</code> (string, Enum: <code>read_replica</code>). </li> <li><code>sourceServiceName</code> (string, MinLength: 1, MaxLength: 64). </li> </ul>"},{"location":"api-reference/clickhouse.html#spec.userConfig","title":"userConfig","text":"<p>Appears on <code>spec</code>.</p> <p>OpenSearch specific user configuration options.</p> <p>Optional</p> <ul> <li><code>additional_backup_regions</code> (array of strings, MaxItems: 1). Additional Cloud Regions for Backup Replication.</li> <li><code>ip_filter</code> (array of objects, MaxItems: 1024). Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>. See below for nested schema.</li> <li><code>private_access</code> (object). Allow access to selected service ports from private networks. See below for nested schema.</li> <li><code>privatelink_access</code> (object). Allow access to selected service components through Privatelink. See below for nested schema.</li> <li><code>project_to_fork_from</code> (string, Immutable, MaxLength: 63). Name of another project to fork a service from. This has effect only when a new service is being created.</li> <li><code>public_access</code> (object). Allow access to selected service ports from the public Internet. See below for nested schema.</li> <li><code>service_log</code> (boolean). Store logs for the service so that they are available in the HTTP API and console.</li> <li><code>service_to_fork_from</code> (string, Immutable, MaxLength: 64). Name of another service to fork from. This has effect only when a new service is being created.</li> <li><code>static_ips</code> (boolean). Use static public IP addresses.</li> </ul>"},{"location":"api-reference/clickhouse.html#spec.userConfig.ip_filter","title":"ip_filter","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>.</p> <p>Required</p> <ul> <li><code>network</code> (string, MaxLength: 43). CIDR address block.</li> </ul> <p>Optional</p> <ul> <li><code>description</code> (string, MaxLength: 1024). Description for IP filter list entry.</li> </ul>"},{"location":"api-reference/clickhouse.html#spec.userConfig.private_access","title":"private_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from private networks.</p> <p>Optional</p> <ul> <li><code>clickhouse</code> (boolean). Allow clients to connect to clickhouse with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> <li><code>clickhouse_https</code> (boolean). Allow clients to connect to clickhouse_https with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> <li><code>clickhouse_mysql</code> (boolean). Allow clients to connect to clickhouse_mysql with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> </ul>"},{"location":"api-reference/clickhouse.html#spec.userConfig.privatelink_access","title":"privatelink_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service components through Privatelink.</p> <p>Optional</p> <ul> <li><code>clickhouse</code> (boolean). Enable clickhouse.</li> <li><code>clickhouse_https</code> (boolean). Enable clickhouse_https.</li> <li><code>clickhouse_mysql</code> (boolean). Enable clickhouse_mysql.</li> <li><code>prometheus</code> (boolean). Enable prometheus.</li> </ul>"},{"location":"api-reference/clickhouse.html#spec.userConfig.public_access","title":"public_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from the public Internet.</p> <p>Optional</p> <ul> <li><code>clickhouse</code> (boolean). Allow clients to connect to clickhouse from the public internet for service nodes that are in a project VPC or another type of private network.</li> <li><code>clickhouse_https</code> (boolean). Allow clients to connect to clickhouse_https from the public internet for service nodes that are in a project VPC or another type of private network.</li> <li><code>clickhouse_mysql</code> (boolean). Allow clients to connect to clickhouse_mysql from the public internet for service nodes that are in a project VPC or another type of private network.</li> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus from the public internet for service nodes that are in a project VPC or another type of private network.</li> </ul>"},{"location":"api-reference/clickhouseuser.html","title":"ClickhouseUser","text":""},{"location":"api-reference/clickhouseuser.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: ClickhouseUser\nmetadata:\n  name: my-clickhouse-user\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: clickhouse-user-secret\n    prefix: MY_SECRET_PREFIX_\n    annotations:\n      foo: bar\n    labels:\n      baz: egg\n\n  project: my-aiven-project\n  serviceName: my-clickhouse\n</code></pre>"},{"location":"api-reference/clickhouseuser.html#ClickhouseUser","title":"ClickhouseUser","text":"<p>ClickhouseUser is the Schema for the clickhouseusers API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>ClickhouseUser</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). ClickhouseUserSpec defines the desired state of ClickhouseUser. See below for nested schema.</li> </ul>"},{"location":"api-reference/clickhouseuser.html#spec","title":"spec","text":"<p>Appears on <code>ClickhouseUser</code>.</p> <p>ClickhouseUserSpec defines the desired state of ClickhouseUser.</p> <p>Required</p> <ul> <li><code>project</code> (string, Immutable, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Project to link the user to.</li> <li><code>serviceName</code> (string, Immutable, MaxLength: 63). Service to link the user to.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>connInfoSecretTarget</code> (object). Information regarding secret creation. Exposed keys: <code>CLICKHOUSEUSER_HOST</code>, <code>CLICKHOUSEUSER_PORT</code>, <code>CLICKHOUSEUSER_USER</code>, <code>CLICKHOUSEUSER_PASSWORD</code>. See below for nested schema.</li> </ul>"},{"location":"api-reference/clickhouseuser.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/clickhouseuser.html#spec.connInfoSecretTarget","title":"connInfoSecretTarget","text":"<p>Appears on <code>spec</code>.</p> <p>Information regarding secret creation. Exposed keys: <code>CLICKHOUSEUSER_HOST</code>, <code>CLICKHOUSEUSER_PORT</code>, <code>CLICKHOUSEUSER_USER</code>, <code>CLICKHOUSEUSER_PASSWORD</code>.</p> <p>Required</p> <ul> <li><code>name</code> (string). Name of the secret resource to be created. By default, is equal to the resource name.</li> </ul> <p>Optional</p> <ul> <li><code>annotations</code> (object, AdditionalProperties: string). Annotations added to the secret.</li> <li><code>labels</code> (object, AdditionalProperties: string). Labels added to the secret.</li> <li><code>prefix</code> (string). Prefix for the secret's keys. Added \"as is\" without any transformations. By default, is equal to the kind name in uppercase + underscore, e.g. <code>KAFKA_</code>, <code>REDIS_</code>, etc.</li> </ul>"},{"location":"api-reference/connectionpool.html","title":"ConnectionPool","text":""},{"location":"api-reference/connectionpool.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: ConnectionPool\nmetadata:\n  name: my-connection-pool\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: connection-pool-secret\n    prefix: MY_SECRET_PREFIX_\n    annotations:\n      foo: bar\n    labels:\n      baz: egg\n\n  project: aiven-project-name\n  serviceName: google-europe-west1\n  databaseName: my-db\n  username: my-user\n  poolMode: transaction\n  poolSize: 25\n</code></pre>"},{"location":"api-reference/connectionpool.html#ConnectionPool","title":"ConnectionPool","text":"<p>ConnectionPool is the Schema for the connectionpools API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>ConnectionPool</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). ConnectionPoolSpec defines the desired state of ConnectionPool. See below for nested schema.</li> </ul>"},{"location":"api-reference/connectionpool.html#spec","title":"spec","text":"<p>Appears on <code>ConnectionPool</code>.</p> <p>ConnectionPoolSpec defines the desired state of ConnectionPool.</p> <p>Required</p> <ul> <li><code>databaseName</code> (string, MaxLength: 40). Name of the database the pool connects to.</li> <li><code>project</code> (string, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Target project.</li> <li><code>serviceName</code> (string, MaxLength: 63). Service name.</li> <li><code>username</code> (string, MaxLength: 64). Name of the service user used to connect to the database.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>connInfoSecretTarget</code> (object). Information regarding secret creation. Exposed keys: <code>CONNECTIONPOOL_HOST</code>, <code>CONNECTIONPOOL_PORT</code>, <code>CONNECTIONPOOL_DATABASE</code>, <code>CONNECTIONPOOL_USER</code>, <code>CONNECTIONPOOL_PASSWORD</code>, <code>CONNECTIONPOOL_SSLMODE</code>, <code>CONNECTIONPOOL_DATABASE_URI</code>. See below for nested schema.</li> <li><code>poolMode</code> (string, Enum: <code>session</code>, <code>transaction</code>, <code>statement</code>). Mode the pool operates in (session, transaction, statement).</li> <li><code>poolSize</code> (integer). Number of connections the pool may create towards the backend server.</li> </ul>"},{"location":"api-reference/connectionpool.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/connectionpool.html#spec.connInfoSecretTarget","title":"connInfoSecretTarget","text":"<p>Appears on <code>spec</code>.</p> <p>Information regarding secret creation. Exposed keys: <code>CONNECTIONPOOL_HOST</code>, <code>CONNECTIONPOOL_PORT</code>, <code>CONNECTIONPOOL_DATABASE</code>, <code>CONNECTIONPOOL_USER</code>, <code>CONNECTIONPOOL_PASSWORD</code>, <code>CONNECTIONPOOL_SSLMODE</code>, <code>CONNECTIONPOOL_DATABASE_URI</code>.</p> <p>Required</p> <ul> <li><code>name</code> (string). Name of the secret resource to be created. By default, is equal to the resource name.</li> </ul> <p>Optional</p> <ul> <li><code>annotations</code> (object, AdditionalProperties: string). Annotations added to the secret.</li> <li><code>labels</code> (object, AdditionalProperties: string). Labels added to the secret.</li> <li><code>prefix</code> (string). Prefix for the secret's keys. Added \"as is\" without any transformations. By default, is equal to the kind name in uppercase + underscore, e.g. <code>KAFKA_</code>, <code>REDIS_</code>, etc.</li> </ul>"},{"location":"api-reference/database.html","title":"Database","text":""},{"location":"api-reference/database.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: Database\nmetadata:\n  name: my-db\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: aiven-project-name\n  serviceName: google-europe-west1\n\n  lcCtype: en_US.UTF-8\n  lcCollate: en_US.UTF-8\n</code></pre>"},{"location":"api-reference/database.html#Database","title":"Database","text":"<p>Database is the Schema for the databases API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>Database</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). DatabaseSpec defines the desired state of Database. See below for nested schema.</li> </ul>"},{"location":"api-reference/database.html#spec","title":"spec","text":"<p>Appears on <code>Database</code>.</p> <p>DatabaseSpec defines the desired state of Database.</p> <p>Required</p> <ul> <li><code>project</code> (string, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Project to link the database to.</li> <li><code>serviceName</code> (string, MaxLength: 63). PostgreSQL service to link the database to.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>lcCollate</code> (string, MaxLength: 128). Default string sort order (LC_COLLATE) of the database. Default value: en_US.UTF-8.</li> <li><code>lcCtype</code> (string, MaxLength: 128). Default character classification (LC_CTYPE) of the database. Default value: en_US.UTF-8.</li> <li><code>terminationProtection</code> (boolean). It is a Kubernetes side deletion protections, which prevents the database from being deleted by Kubernetes. It is recommended to enable this for any production databases containing critical data.</li> </ul>"},{"location":"api-reference/database.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/grafana.html","title":"Grafana","text":""},{"location":"api-reference/grafana.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: Grafana\nmetadata:\n  name: my-grafana\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: grafana-secret\n    prefix: MY_SECRET_PREFIX_\n    annotations:\n      foo: bar\n    labels:\n      baz: egg\n\n  project: my-aiven-project\n  cloudName: google-europe-west1\n  plan: startup-1\n\n  maintenanceWindowDow: sunday\n  maintenanceWindowTime: 11:00:00\n\n  userConfig:\n    public_access:\n      grafana: true\n    ip_filter:\n      - network: 0.0.0.0\n        description: whatever\n      - network: 10.20.0.0/16\n</code></pre>"},{"location":"api-reference/grafana.html#Grafana","title":"Grafana","text":"<p>Grafana is the Schema for the grafanas API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>Grafana</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). GrafanaSpec defines the desired state of Grafana. See below for nested schema.</li> </ul>"},{"location":"api-reference/grafana.html#spec","title":"spec","text":"<p>Appears on <code>Grafana</code>.</p> <p>GrafanaSpec defines the desired state of Grafana.</p> <p>Required</p> <ul> <li><code>plan</code> (string, MaxLength: 128). Subscription plan.</li> <li><code>project</code> (string, Immutable, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Target project.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>cloudName</code> (string, MaxLength: 256). Cloud the service runs in.</li> <li><code>connInfoSecretTarget</code> (object). Information regarding secret creation. Exposed keys: <code>GRAFANA_HOST</code>, <code>GRAFANA_PORT</code>, <code>GRAFANA_USER</code>, <code>GRAFANA_PASSWORD</code>, <code>GRAFANA_URI</code>, <code>GRAFANA_HOSTS</code>. See below for nested schema.</li> <li><code>disk_space</code> (string, Format: <code>^[1-9][0-9]*(GiB|G)*</code>). The disk space of the service, possible values depend on the service type, the cloud provider and the project. Reducing will result in the service re-balancing.</li> <li><code>maintenanceWindowDow</code> (string, Enum: <code>monday</code>, <code>tuesday</code>, <code>wednesday</code>, <code>thursday</code>, <code>friday</code>, <code>saturday</code>, <code>sunday</code>). Day of week when maintenance operations should be performed. One monday, tuesday, wednesday, etc.</li> <li><code>maintenanceWindowTime</code> (string, MaxLength: 8). Time of day when maintenance operations should be performed. UTC time in HH:mm:ss format.</li> <li><code>projectVPCRef</code> (object). ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically. See below for nested schema.</li> <li><code>projectVpcId</code> (string, MaxLength: 36). Identifier of the VPC the service should be in, if any.</li> <li><code>serviceIntegrations</code> (array of objects, Immutable, MaxItems: 1). Service integrations to specify when creating a service. Not applied after initial service creation. See below for nested schema.</li> <li><code>tags</code> (object, AdditionalProperties: string). Tags are key-value pairs that allow you to categorize services.</li> <li><code>terminationProtection</code> (boolean). Prevent service from being deleted. It is recommended to have this enabled for all services.</li> <li><code>userConfig</code> (object). Cassandra specific user configuration options. See below for nested schema.</li> </ul>"},{"location":"api-reference/grafana.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/grafana.html#spec.connInfoSecretTarget","title":"connInfoSecretTarget","text":"<p>Appears on <code>spec</code>.</p> <p>Information regarding secret creation. Exposed keys: <code>GRAFANA_HOST</code>, <code>GRAFANA_PORT</code>, <code>GRAFANA_USER</code>, <code>GRAFANA_PASSWORD</code>, <code>GRAFANA_URI</code>, <code>GRAFANA_HOSTS</code>.</p> <p>Required</p> <ul> <li><code>name</code> (string). Name of the secret resource to be created. By default, is equal to the resource name.</li> </ul> <p>Optional</p> <ul> <li><code>annotations</code> (object, AdditionalProperties: string). Annotations added to the secret.</li> <li><code>labels</code> (object, AdditionalProperties: string). Labels added to the secret.</li> <li><code>prefix</code> (string). Prefix for the secret's keys. Added \"as is\" without any transformations. By default, is equal to the kind name in uppercase + underscore, e.g. <code>KAFKA_</code>, <code>REDIS_</code>, etc.</li> </ul>"},{"location":"api-reference/grafana.html#spec.projectVPCRef","title":"projectVPCRef","text":"<p>Appears on <code>spec</code>.</p> <p>ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically.</p> <p>Required</p> <ul> <li><code>name</code> (string, MinLength: 1). </li> </ul> <p>Optional</p> <ul> <li><code>namespace</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/grafana.html#spec.serviceIntegrations","title":"serviceIntegrations","text":"<p>Appears on <code>spec</code>.</p> <p>Service integrations to specify when creating a service. Not applied after initial service creation.</p> <p>Required</p> <ul> <li><code>integrationType</code> (string, Enum: <code>read_replica</code>). </li> <li><code>sourceServiceName</code> (string, MinLength: 1, MaxLength: 64). </li> </ul>"},{"location":"api-reference/grafana.html#spec.userConfig","title":"userConfig","text":"<p>Appears on <code>spec</code>.</p> <p>Cassandra specific user configuration options.</p> <p>Optional</p> <ul> <li><code>additional_backup_regions</code> (array of strings, MaxItems: 1). Additional Cloud Regions for Backup Replication.</li> <li><code>alerting_enabled</code> (boolean). Enable or disable Grafana legacy alerting functionality. This should not be enabled with unified_alerting_enabled.</li> <li><code>alerting_error_or_timeout</code> (string, Enum: <code>alerting</code>, <code>keep_state</code>). Default error or timeout setting for new alerting rules.</li> <li><code>alerting_max_annotations_to_keep</code> (integer, Minimum: 0, Maximum: 1000000). Max number of alert annotations that Grafana stores. 0 (default) keeps all alert annotations.</li> <li><code>alerting_nodata_or_nullvalues</code> (string, Enum: <code>alerting</code>, <code>no_data</code>, <code>keep_state</code>, <code>ok</code>). Default value for 'no data or null values' for new alerting rules.</li> <li><code>allow_embedding</code> (boolean). Allow embedding Grafana dashboards with iframe/frame/object/embed tags. Disabled by default to limit impact of clickjacking.</li> <li><code>auth_azuread</code> (object). Azure AD OAuth integration. See below for nested schema.</li> <li><code>auth_basic_enabled</code> (boolean). Enable or disable basic authentication form, used by Grafana built-in login.</li> <li><code>auth_generic_oauth</code> (object). Generic OAuth integration. See below for nested schema.</li> <li><code>auth_github</code> (object). Github Auth integration. See below for nested schema.</li> <li><code>auth_gitlab</code> (object). GitLab Auth integration. See below for nested schema.</li> <li><code>auth_google</code> (object). Google Auth integration. See below for nested schema.</li> <li><code>cookie_samesite</code> (string, Enum: <code>lax</code>, <code>strict</code>, <code>none</code>). Cookie SameSite attribute: <code>strict</code> prevents sending cookie for cross-site requests, effectively disabling direct linking from other sites to Grafana. <code>lax</code> is the default value.</li> <li><code>custom_domain</code> (string, MaxLength: 255). Serve the web frontend using a custom CNAME pointing to the Aiven DNS name.</li> <li><code>dashboard_previews_enabled</code> (boolean). This feature is new in Grafana 9 and is quite resource intensive. It may cause low-end plans to work more slowly while the dashboard previews are rendering.</li> <li><code>dashboards_min_refresh_interval</code> (string, Pattern: <code>^[0-9]+(ms|s|m|h|d)$</code>, MaxLength: 16). Signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s, 1h.</li> <li><code>dashboards_versions_to_keep</code> (integer, Minimum: 1, Maximum: 100). Dashboard versions to keep per dashboard.</li> <li><code>dataproxy_send_user_header</code> (boolean). Send <code>X-Grafana-User</code> header to data source.</li> <li><code>dataproxy_timeout</code> (integer, Minimum: 15, Maximum: 90). Timeout for data proxy requests in seconds.</li> <li><code>date_formats</code> (object). Grafana date format specifications. See below for nested schema.</li> <li><code>disable_gravatar</code> (boolean). Set to true to disable gravatar. Defaults to false (gravatar is enabled).</li> <li><code>editors_can_admin</code> (boolean). Editors can manage folders, teams and dashboards created by them.</li> <li><code>external_image_storage</code> (object). External image store settings. See below for nested schema.</li> <li><code>google_analytics_ua_id</code> (string, Pattern: <code>^(G|UA|YT|MO)-[a-zA-Z0-9-]+$</code>, MaxLength: 64). Google Analytics ID.</li> <li><code>ip_filter</code> (array of objects, MaxItems: 1024). Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>. See below for nested schema.</li> <li><code>metrics_enabled</code> (boolean). Enable Grafana /metrics endpoint.</li> <li><code>oauth_allow_insecure_email_lookup</code> (boolean). Enforce user lookup based on email instead of the unique ID provided by the IdP.</li> <li><code>private_access</code> (object). Allow access to selected service ports from private networks. See below for nested schema.</li> <li><code>privatelink_access</code> (object). Allow access to selected service components through Privatelink. See below for nested schema.</li> <li><code>project_to_fork_from</code> (string, Immutable, MaxLength: 63). Name of another project to fork a service from. This has effect only when a new service is being created.</li> <li><code>public_access</code> (object). Allow access to selected service ports from the public Internet. See below for nested schema.</li> <li><code>recovery_basebackup_name</code> (string, Pattern: <code>^[a-zA-Z0-9-_:.]+$</code>, MaxLength: 128). Name of the basebackup to restore in forked service.</li> <li><code>service_log</code> (boolean). Store logs for the service so that they are available in the HTTP API and console.</li> <li><code>service_to_fork_from</code> (string, Immutable, MaxLength: 64). Name of another service to fork from. This has effect only when a new service is being created.</li> <li><code>smtp_server</code> (object). SMTP server settings. See below for nested schema.</li> <li><code>static_ips</code> (boolean). Use static public IP addresses.</li> <li><code>unified_alerting_enabled</code> (boolean). Enable or disable Grafana unified alerting functionality. By default this is enabled and any legacy alerts will be migrated on upgrade to Grafana 9+. To stay on legacy alerting, set unified_alerting_enabled to false and alerting_enabled to true. See https://grafana.com/docs/grafana/latest/alerting/set-up/migrating-alerts/ for more details.</li> <li><code>user_auto_assign_org</code> (boolean). Auto-assign new users on signup to main organization. Defaults to false.</li> <li><code>user_auto_assign_org_role</code> (string, Enum: <code>Viewer</code>, <code>Admin</code>, <code>Editor</code>). Set role for new signups. Defaults to Viewer.</li> <li><code>viewers_can_edit</code> (boolean). Users with view-only permission can edit but not save dashboards.</li> </ul>"},{"location":"api-reference/grafana.html#spec.userConfig.auth_azuread","title":"auth_azuread","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Azure AD OAuth integration.</p> <p>Required</p> <ul> <li><code>auth_url</code> (string, MaxLength: 2048). Authorization URL.</li> <li><code>client_id</code> (string, Pattern: <code>^[\\040-\\176]+$</code>, MaxLength: 1024). Client ID from provider.</li> <li><code>client_secret</code> (string, Pattern: <code>^[\\040-\\176]+$</code>, MaxLength: 1024). Client secret from provider.</li> <li><code>token_url</code> (string, MaxLength: 2048). Token URL.</li> </ul> <p>Optional</p> <ul> <li><code>allow_sign_up</code> (boolean). Automatically sign-up users on successful sign-in.</li> <li><code>allowed_domains</code> (array of strings, MaxItems: 50). Allowed domains.</li> <li><code>allowed_groups</code> (array of strings, MaxItems: 50). Require users to belong to one of given groups.</li> </ul>"},{"location":"api-reference/grafana.html#spec.userConfig.auth_generic_oauth","title":"auth_generic_oauth","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Generic OAuth integration.</p> <p>Required</p> <ul> <li><code>api_url</code> (string, MaxLength: 2048). API URL.</li> <li><code>auth_url</code> (string, MaxLength: 2048). Authorization URL.</li> <li><code>client_id</code> (string, Pattern: <code>^[\\040-\\176]+$</code>, MaxLength: 1024). Client ID from provider.</li> <li><code>client_secret</code> (string, Pattern: <code>^[\\040-\\176]+$</code>, MaxLength: 1024). Client secret from provider.</li> <li><code>token_url</code> (string, MaxLength: 2048). Token URL.</li> </ul> <p>Optional</p> <ul> <li><code>allow_sign_up</code> (boolean). Automatically sign-up users on successful sign-in.</li> <li><code>allowed_domains</code> (array of strings, MaxItems: 50). Allowed domains.</li> <li><code>allowed_organizations</code> (array of strings, MaxItems: 50). Require user to be member of one of the listed organizations.</li> <li><code>auto_login</code> (boolean). Allow users to bypass the login screen and automatically log in.</li> <li><code>name</code> (string, Pattern: <code>^[a-zA-Z0-9_\\- ]+$</code>, MaxLength: 128). Name of the OAuth integration.</li> <li><code>scopes</code> (array of strings, MaxItems: 50). OAuth scopes.</li> </ul>"},{"location":"api-reference/grafana.html#spec.userConfig.auth_github","title":"auth_github","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Github Auth integration.</p> <p>Required</p> <ul> <li><code>client_id</code> (string, Pattern: <code>^[\\040-\\176]+$</code>, MaxLength: 1024). Client ID from provider.</li> <li><code>client_secret</code> (string, Pattern: <code>^[\\040-\\176]+$</code>, MaxLength: 1024). Client secret from provider.</li> </ul> <p>Optional</p> <ul> <li><code>allow_sign_up</code> (boolean). Automatically sign-up users on successful sign-in.</li> <li><code>allowed_organizations</code> (array of strings, MaxItems: 50). Require users to belong to one of given organizations.</li> <li><code>team_ids</code> (array of integers, MaxItems: 50). Require users to belong to one of given team IDs.</li> </ul>"},{"location":"api-reference/grafana.html#spec.userConfig.auth_gitlab","title":"auth_gitlab","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>GitLab Auth integration.</p> <p>Required</p> <ul> <li><code>allowed_groups</code> (array of strings, MaxItems: 50). Require users to belong to one of given groups.</li> <li><code>client_id</code> (string, Pattern: <code>^[\\040-\\176]+$</code>, MaxLength: 1024). Client ID from provider.</li> <li><code>client_secret</code> (string, Pattern: <code>^[\\040-\\176]+$</code>, MaxLength: 1024). Client secret from provider.</li> </ul> <p>Optional</p> <ul> <li><code>allow_sign_up</code> (boolean). Automatically sign-up users on successful sign-in.</li> <li><code>api_url</code> (string, MaxLength: 2048). API URL. This only needs to be set when using self hosted GitLab.</li> <li><code>auth_url</code> (string, MaxLength: 2048). Authorization URL. This only needs to be set when using self hosted GitLab.</li> <li><code>token_url</code> (string, MaxLength: 2048). Token URL. This only needs to be set when using self hosted GitLab.</li> </ul>"},{"location":"api-reference/grafana.html#spec.userConfig.auth_google","title":"auth_google","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Google Auth integration.</p> <p>Required</p> <ul> <li><code>allowed_domains</code> (array of strings, MaxItems: 64). Domains allowed to sign-in to this Grafana.</li> <li><code>client_id</code> (string, Pattern: <code>^[\\040-\\176]+$</code>, MaxLength: 1024). Client ID from provider.</li> <li><code>client_secret</code> (string, Pattern: <code>^[\\040-\\176]+$</code>, MaxLength: 1024). Client secret from provider.</li> </ul> <p>Optional</p> <ul> <li><code>allow_sign_up</code> (boolean). Automatically sign-up users on successful sign-in.</li> </ul>"},{"location":"api-reference/grafana.html#spec.userConfig.date_formats","title":"date_formats","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Grafana date format specifications.</p> <p>Optional</p> <ul> <li><code>default_timezone</code> (string, MaxLength: 64). Default time zone for user preferences. Value <code>browser</code> uses browser local time zone.</li> <li><code>full_date</code> (string, MaxLength: 128). Moment.js style format string for cases where full date is shown.</li> <li><code>interval_day</code> (string, MaxLength: 128). Moment.js style format string used when a time requiring day accuracy is shown.</li> <li><code>interval_hour</code> (string, MaxLength: 128). Moment.js style format string used when a time requiring hour accuracy is shown.</li> <li><code>interval_minute</code> (string, MaxLength: 128). Moment.js style format string used when a time requiring minute accuracy is shown.</li> <li><code>interval_month</code> (string, MaxLength: 128). Moment.js style format string used when a time requiring month accuracy is shown.</li> <li><code>interval_second</code> (string, MaxLength: 128). Moment.js style format string used when a time requiring second accuracy is shown.</li> <li><code>interval_year</code> (string, MaxLength: 128). Moment.js style format string used when a time requiring year accuracy is shown.</li> </ul>"},{"location":"api-reference/grafana.html#spec.userConfig.external_image_storage","title":"external_image_storage","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>External image store settings.</p> <p>Required</p> <ul> <li><code>access_key</code> (string, Pattern: <code>^[A-Z0-9]+$</code>, MaxLength: 4096). S3 access key. Requires permissions to the S3 bucket for the s3:PutObject and s3:PutObjectAcl actions.</li> <li><code>bucket_url</code> (string, MaxLength: 2048). Bucket URL for S3.</li> <li><code>provider</code> (string, Enum: <code>s3</code>). Provider type.</li> <li><code>secret_key</code> (string, Pattern: <code>^[A-Za-z0-9/+=]+$</code>, MaxLength: 4096). S3 secret key.</li> </ul>"},{"location":"api-reference/grafana.html#spec.userConfig.ip_filter","title":"ip_filter","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>.</p> <p>Required</p> <ul> <li><code>network</code> (string, MaxLength: 43). CIDR address block.</li> </ul> <p>Optional</p> <ul> <li><code>description</code> (string, MaxLength: 1024). Description for IP filter list entry.</li> </ul>"},{"location":"api-reference/grafana.html#spec.userConfig.private_access","title":"private_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from private networks.</p> <p>Required</p> <ul> <li><code>grafana</code> (boolean). Allow clients to connect to grafana with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> </ul>"},{"location":"api-reference/grafana.html#spec.userConfig.privatelink_access","title":"privatelink_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service components through Privatelink.</p> <p>Required</p> <ul> <li><code>grafana</code> (boolean). Enable grafana.</li> </ul>"},{"location":"api-reference/grafana.html#spec.userConfig.public_access","title":"public_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from the public Internet.</p> <p>Required</p> <ul> <li><code>grafana</code> (boolean). Allow clients to connect to grafana from the public internet for service nodes that are in a project VPC or another type of private network.</li> </ul>"},{"location":"api-reference/grafana.html#spec.userConfig.smtp_server","title":"smtp_server","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>SMTP server settings.</p> <p>Required</p> <ul> <li><code>from_address</code> (string, MaxLength: 319). Address used for sending emails.</li> <li><code>host</code> (string, MaxLength: 255). Server hostname or IP.</li> <li><code>port</code> (integer, Minimum: 1, Maximum: 65535). SMTP server port.</li> </ul> <p>Optional</p> <ul> <li><code>from_name</code> (string, Pattern: <code>^[^\\x00-\\x1F]+$</code>, MaxLength: 128). Name used in outgoing emails, defaults to Grafana.</li> <li><code>password</code> (string, Pattern: <code>^[^\\x00-\\x1F]+$</code>, MaxLength: 255). Password for SMTP authentication.</li> <li><code>skip_verify</code> (boolean). Skip verifying server certificate. Defaults to false.</li> <li><code>starttls_policy</code> (string, Enum: <code>OpportunisticStartTLS</code>, <code>MandatoryStartTLS</code>, <code>NoStartTLS</code>). Either OpportunisticStartTLS, MandatoryStartTLS or NoStartTLS. Default is OpportunisticStartTLS.</li> <li><code>username</code> (string, Pattern: <code>^[^\\x00-\\x1F]+$</code>, MaxLength: 255). Username for SMTP authentication.</li> </ul>"},{"location":"api-reference/kafka.html","title":"Kafka","text":""},{"location":"api-reference/kafka.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: Kafka\nmetadata:\n  name: my-kafka\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: kafka-secret\n    prefix: MY_SECRET_PREFIX_\n    annotations:\n      foo: bar\n    labels:\n      baz: egg\n\n  project: my-aiven-project\n  cloudName: google-europe-west1\n  plan: startup-2\n\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n</code></pre>"},{"location":"api-reference/kafka.html#Kafka","title":"Kafka","text":"<p>Kafka is the Schema for the kafkas API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>Kafka</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). KafkaSpec defines the desired state of Kafka. See below for nested schema.</li> </ul>"},{"location":"api-reference/kafka.html#spec","title":"spec","text":"<p>Appears on <code>Kafka</code>.</p> <p>KafkaSpec defines the desired state of Kafka.</p> <p>Required</p> <ul> <li><code>plan</code> (string, MaxLength: 128). Subscription plan.</li> <li><code>project</code> (string, Immutable, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Target project.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>cloudName</code> (string, MaxLength: 256). Cloud the service runs in.</li> <li><code>connInfoSecretTarget</code> (object). Information regarding secret creation. Exposed keys: <code>KAFKA_HOST</code>, <code>KAFKA_PORT</code>, <code>KAFKA_USERNAME</code>, <code>KAFKA_PASSWORD</code>, <code>KAFKA_ACCESS_CERT</code>, <code>KAFKA_ACCESS_KEY</code>, <code>KAFKA_SASL_HOST</code>, <code>KAFKA_SASL_PORT</code>, <code>KAFKA_SCHEMA_REGISTRY_HOST</code>, <code>KAFKA_SCHEMA_REGISTRY_PORT</code>, <code>KAFKA_CONNECT_HOST</code>, <code>KAFKA_CONNECT_PORT</code>, <code>KAFKA_REST_HOST</code>, <code>KAFKA_REST_PORT</code>. See below for nested schema.</li> <li><code>disk_space</code> (string, Format: <code>^[1-9][0-9]*(GiB|G)*</code>). The disk space of the service, possible values depend on the service type, the cloud provider and the project. Reducing will result in the service re-balancing.</li> <li><code>karapace</code> (boolean). Switch the service to use Karapace for schema registry and REST proxy.</li> <li><code>maintenanceWindowDow</code> (string, Enum: <code>monday</code>, <code>tuesday</code>, <code>wednesday</code>, <code>thursday</code>, <code>friday</code>, <code>saturday</code>, <code>sunday</code>). Day of week when maintenance operations should be performed. One monday, tuesday, wednesday, etc.</li> <li><code>maintenanceWindowTime</code> (string, MaxLength: 8). Time of day when maintenance operations should be performed. UTC time in HH:mm:ss format.</li> <li><code>projectVPCRef</code> (object). ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically. See below for nested schema.</li> <li><code>projectVpcId</code> (string, MaxLength: 36). Identifier of the VPC the service should be in, if any.</li> <li><code>serviceIntegrations</code> (array of objects, Immutable, MaxItems: 1). Service integrations to specify when creating a service. Not applied after initial service creation. See below for nested schema.</li> <li><code>tags</code> (object, AdditionalProperties: string). Tags are key-value pairs that allow you to categorize services.</li> <li><code>terminationProtection</code> (boolean). Prevent service from being deleted. It is recommended to have this enabled for all services.</li> <li><code>userConfig</code> (object). Kafka specific user configuration options. See below for nested schema.</li> </ul>"},{"location":"api-reference/kafka.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/kafka.html#spec.connInfoSecretTarget","title":"connInfoSecretTarget","text":"<p>Appears on <code>spec</code>.</p> <p>Information regarding secret creation. Exposed keys: <code>KAFKA_HOST</code>, <code>KAFKA_PORT</code>, <code>KAFKA_USERNAME</code>, <code>KAFKA_PASSWORD</code>, <code>KAFKA_ACCESS_CERT</code>, <code>KAFKA_ACCESS_KEY</code>, <code>KAFKA_SASL_HOST</code>, <code>KAFKA_SASL_PORT</code>, <code>KAFKA_SCHEMA_REGISTRY_HOST</code>, <code>KAFKA_SCHEMA_REGISTRY_PORT</code>, <code>KAFKA_CONNECT_HOST</code>, <code>KAFKA_CONNECT_PORT</code>, <code>KAFKA_REST_HOST</code>, <code>KAFKA_REST_PORT</code>.</p> <p>Required</p> <ul> <li><code>name</code> (string). Name of the secret resource to be created. By default, is equal to the resource name.</li> </ul> <p>Optional</p> <ul> <li><code>annotations</code> (object, AdditionalProperties: string). Annotations added to the secret.</li> <li><code>labels</code> (object, AdditionalProperties: string). Labels added to the secret.</li> <li><code>prefix</code> (string). Prefix for the secret's keys. Added \"as is\" without any transformations. By default, is equal to the kind name in uppercase + underscore, e.g. <code>KAFKA_</code>, <code>REDIS_</code>, etc.</li> </ul>"},{"location":"api-reference/kafka.html#spec.projectVPCRef","title":"projectVPCRef","text":"<p>Appears on <code>spec</code>.</p> <p>ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically.</p> <p>Required</p> <ul> <li><code>name</code> (string, MinLength: 1). </li> </ul> <p>Optional</p> <ul> <li><code>namespace</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/kafka.html#spec.serviceIntegrations","title":"serviceIntegrations","text":"<p>Appears on <code>spec</code>.</p> <p>Service integrations to specify when creating a service. Not applied after initial service creation.</p> <p>Required</p> <ul> <li><code>integrationType</code> (string, Enum: <code>read_replica</code>). </li> <li><code>sourceServiceName</code> (string, MinLength: 1, MaxLength: 64). </li> </ul>"},{"location":"api-reference/kafka.html#spec.userConfig","title":"userConfig","text":"<p>Appears on <code>spec</code>.</p> <p>Kafka specific user configuration options.</p> <p>Optional</p> <ul> <li><code>additional_backup_regions</code> (array of strings, MaxItems: 1). Additional Cloud Regions for Backup Replication.</li> <li><code>aiven_kafka_topic_messages</code> (boolean). Allow access to read Kafka topic messages in the Aiven Console and REST API.</li> <li><code>custom_domain</code> (string, MaxLength: 255). Serve the web frontend using a custom CNAME pointing to the Aiven DNS name.</li> <li><code>ip_filter</code> (array of objects, MaxItems: 1024). Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>. See below for nested schema.</li> <li><code>kafka</code> (object). Kafka broker configuration values. See below for nested schema.</li> <li><code>kafka_authentication_methods</code> (object). Kafka authentication methods. See below for nested schema.</li> <li><code>kafka_connect</code> (boolean). Enable Kafka Connect service.</li> <li><code>kafka_connect_config</code> (object). Kafka Connect configuration values. See below for nested schema.</li> <li><code>kafka_rest</code> (boolean). Enable Kafka-REST service.</li> <li><code>kafka_rest_authorization</code> (boolean). Enable authorization in Kafka-REST service.</li> <li><code>kafka_rest_config</code> (object). Kafka REST configuration. See below for nested schema.</li> <li><code>kafka_version</code> (string, Enum: <code>3.3</code>, <code>3.1</code>, <code>3.4</code>, <code>3.5</code>, <code>3.6</code>). Kafka major version.</li> <li><code>private_access</code> (object). Allow access to selected service ports from private networks. See below for nested schema.</li> <li><code>privatelink_access</code> (object). Allow access to selected service components through Privatelink. See below for nested schema.</li> <li><code>public_access</code> (object). Allow access to selected service ports from the public Internet. See below for nested schema.</li> <li><code>schema_registry</code> (boolean). Enable Schema-Registry service.</li> <li><code>schema_registry_config</code> (object). Schema Registry configuration. See below for nested schema.</li> <li><code>service_log</code> (boolean). Store logs for the service so that they are available in the HTTP API and console.</li> <li><code>static_ips</code> (boolean). Use static public IP addresses.</li> <li><code>tiered_storage</code> (object). Tiered storage configuration. See below for nested schema.</li> </ul>"},{"location":"api-reference/kafka.html#spec.userConfig.ip_filter","title":"ip_filter","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>.</p> <p>Required</p> <ul> <li><code>network</code> (string, MaxLength: 43). CIDR address block.</li> </ul> <p>Optional</p> <ul> <li><code>description</code> (string, MaxLength: 1024). Description for IP filter list entry.</li> </ul>"},{"location":"api-reference/kafka.html#spec.userConfig.kafka","title":"kafka","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Kafka broker configuration values.</p> <p>Optional</p> <ul> <li><code>auto_create_topics_enable</code> (boolean). Enable auto creation of topics.</li> <li><code>compression_type</code> (string, Enum: <code>gzip</code>, <code>snappy</code>, <code>lz4</code>, <code>zstd</code>, <code>uncompressed</code>, <code>producer</code>). Specify the final compression type for a given topic. This configuration accepts the standard compression codecs (<code>gzip</code>, <code>snappy</code>, <code>lz4</code>, <code>zstd</code>). It additionally accepts <code>uncompressed</code> which is equivalent to no compression; and <code>producer</code> which means retain the original compression codec set by the producer.</li> <li><code>connections_max_idle_ms</code> (integer, Minimum: 1000, Maximum: 3600000). Idle connections timeout: the server socket processor threads close the connections that idle for longer than this.</li> <li><code>default_replication_factor</code> (integer, Minimum: 1, Maximum: 10). Replication factor for autocreated topics.</li> <li><code>group_initial_rebalance_delay_ms</code> (integer, Minimum: 0, Maximum: 300000). The amount of time, in milliseconds, the group coordinator will wait for more consumers to join a new group before performing the first rebalance. A longer delay means potentially fewer rebalances, but increases the time until processing begins. The default value for this is 3 seconds. During development and testing it might be desirable to set this to 0 in order to not delay test execution time.</li> <li><code>group_max_session_timeout_ms</code> (integer, Minimum: 0, Maximum: 1800000). The maximum allowed session timeout for registered consumers. Longer timeouts give consumers more time to process messages in between heartbeats at the cost of a longer time to detect failures.</li> <li><code>group_min_session_timeout_ms</code> (integer, Minimum: 0, Maximum: 60000). The minimum allowed session timeout for registered consumers. Longer timeouts give consumers more time to process messages in between heartbeats at the cost of a longer time to detect failures.</li> <li><code>log_cleaner_delete_retention_ms</code> (integer, Minimum: 0, Maximum: 315569260000). How long are delete records retained?.</li> <li><code>log_cleaner_max_compaction_lag_ms</code> (integer, Minimum: 30000). The maximum amount of time message will remain uncompacted. Only applicable for logs that are being compacted.</li> <li><code>log_cleaner_min_cleanable_ratio</code> (number, Minimum: 0.2, Maximum: 0.9). Controls log compactor frequency. Larger value means more frequent compactions but also more space wasted for logs. Consider setting log.cleaner.max.compaction.lag.ms to enforce compactions sooner, instead of setting a very high value for this option.</li> <li><code>log_cleaner_min_compaction_lag_ms</code> (integer, Minimum: 0). The minimum time a message will remain uncompacted in the log. Only applicable for logs that are being compacted.</li> <li><code>log_cleanup_policy</code> (string, Enum: <code>delete</code>, <code>compact</code>, <code>compact,delete</code>). The default cleanup policy for segments beyond the retention window.</li> <li><code>log_flush_interval_messages</code> (integer, Minimum: 1). The number of messages accumulated on a log partition before messages are flushed to disk.</li> <li><code>log_flush_interval_ms</code> (integer, Minimum: 0). The maximum time in ms that a message in any topic is kept in memory before flushed to disk. If not set, the value in log.flush.scheduler.interval.ms is used.</li> <li><code>log_index_interval_bytes</code> (integer, Minimum: 0, Maximum: 104857600). The interval with which Kafka adds an entry to the offset index.</li> <li><code>log_index_size_max_bytes</code> (integer, Minimum: 1048576, Maximum: 104857600). The maximum size in bytes of the offset index.</li> <li><code>log_local_retention_bytes</code> (integer, Minimum: -2). The maximum size of local log segments that can grow for a partition before it gets eligible for deletion. If set to -2, the value of log.retention.bytes is used. The effective value should always be less than or equal to log.retention.bytes value.</li> <li><code>log_local_retention_ms</code> (integer, Minimum: -2). The number of milliseconds to keep the local log segments before it gets eligible for deletion. If set to -2, the value of log.retention.ms is used. The effective value should always be less than or equal to log.retention.ms value.</li> <li><code>log_message_downconversion_enable</code> (boolean). This configuration controls whether down-conversion of message formats is enabled to satisfy consume requests.</li> <li><code>log_message_timestamp_difference_max_ms</code> (integer, Minimum: 0). The maximum difference allowed between the timestamp when a broker receives a message and the timestamp specified in the message.</li> <li><code>log_message_timestamp_type</code> (string, Enum: <code>CreateTime</code>, <code>LogAppendTime</code>). Define whether the timestamp in the message is message create time or log append time.</li> <li><code>log_preallocate</code> (boolean). Should pre allocate file when create new segment?.</li> <li><code>log_retention_bytes</code> (integer, Minimum: -1). The maximum size of the log before deleting messages.</li> <li><code>log_retention_hours</code> (integer, Minimum: -1, Maximum: 2147483647). The number of hours to keep a log file before deleting it.</li> <li><code>log_retention_ms</code> (integer, Minimum: -1). The number of milliseconds to keep a log file before deleting it (in milliseconds), If not set, the value in log.retention.minutes is used. If set to -1, no time limit is applied.</li> <li><code>log_roll_jitter_ms</code> (integer, Minimum: 0). The maximum jitter to subtract from logRollTimeMillis (in milliseconds). If not set, the value in log.roll.jitter.hours is used.</li> <li><code>log_roll_ms</code> (integer, Minimum: 1). The maximum time before a new log segment is rolled out (in milliseconds).</li> <li><code>log_segment_bytes</code> (integer, Minimum: 10485760, Maximum: 1073741824). The maximum size of a single log file.</li> <li><code>log_segment_delete_delay_ms</code> (integer, Minimum: 0, Maximum: 3600000). The amount of time to wait before deleting a file from the filesystem.</li> <li><code>max_connections_per_ip</code> (integer, Minimum: 256, Maximum: 2147483647). The maximum number of connections allowed from each ip address (defaults to 2147483647).</li> <li><code>max_incremental_fetch_session_cache_slots</code> (integer, Minimum: 1000, Maximum: 10000). The maximum number of incremental fetch sessions that the broker will maintain.</li> <li><code>message_max_bytes</code> (integer, Minimum: 0, Maximum: 100001200). The maximum size of message that the server can receive.</li> <li><code>min_insync_replicas</code> (integer, Minimum: 1, Maximum: 7). When a producer sets acks to <code>all</code> (or <code>-1</code>), min.insync.replicas specifies the minimum number of replicas that must acknowledge a write for the write to be considered successful.</li> <li><code>num_partitions</code> (integer, Minimum: 1, Maximum: 1000). Number of partitions for autocreated topics.</li> <li><code>offsets_retention_minutes</code> (integer, Minimum: 1, Maximum: 2147483647). Log retention window in minutes for offsets topic.</li> <li><code>producer_purgatory_purge_interval_requests</code> (integer, Minimum: 10, Maximum: 10000). The purge interval (in number of requests) of the producer request purgatory(defaults to 1000).</li> <li><code>replica_fetch_max_bytes</code> (integer, Minimum: 1048576, Maximum: 104857600). The number of bytes of messages to attempt to fetch for each partition (defaults to 1048576). This is not an absolute maximum, if the first record batch in the first non-empty partition of the fetch is larger than this value, the record batch will still be returned to ensure that progress can be made.</li> <li><code>replica_fetch_response_max_bytes</code> (integer, Minimum: 10485760, Maximum: 1048576000). Maximum bytes expected for the entire fetch response (defaults to 10485760). Records are fetched in batches, and if the first record batch in the first non-empty partition of the fetch is larger than this value, the record batch will still be returned to ensure that progress can be made. As such, this is not an absolute maximum.</li> <li><code>sasl_oauthbearer_expected_audience</code> (string, MaxLength: 128). The (optional) comma-delimited setting for the broker to use to verify that the JWT was issued for one of the expected audiences.</li> <li><code>sasl_oauthbearer_expected_issuer</code> (string, MaxLength: 128). Optional setting for the broker to use to verify that the JWT was created by the expected issuer.</li> <li><code>sasl_oauthbearer_jwks_endpoint_url</code> (string, MaxLength: 2048). OIDC JWKS endpoint URL. By setting this the SASL SSL OAuth2/OIDC authentication is enabled. See also other options for SASL OAuth2/OIDC.</li> <li><code>sasl_oauthbearer_sub_claim_name</code> (string, MaxLength: 128). Name of the scope from which to extract the subject claim from the JWT. Defaults to sub.</li> <li><code>socket_request_max_bytes</code> (integer, Minimum: 10485760, Maximum: 209715200). The maximum number of bytes in a socket request (defaults to 104857600).</li> <li><code>transaction_partition_verification_enable</code> (boolean). Enable verification that checks that the partition has been added to the transaction before writing transactional records to the partition.</li> <li><code>transaction_remove_expired_transaction_cleanup_interval_ms</code> (integer, Minimum: 600000, Maximum: 3600000). The interval at which to remove transactions that have expired due to transactional.id.expiration.ms passing (defaults to 3600000 (1 hour)).</li> <li><code>transaction_state_log_segment_bytes</code> (integer, Minimum: 1048576, Maximum: 2147483647). The transaction topic segment bytes should be kept relatively small in order to facilitate faster log compaction and cache loads (defaults to 104857600 (100 mebibytes)).</li> </ul>"},{"location":"api-reference/kafka.html#spec.userConfig.kafka_authentication_methods","title":"kafka_authentication_methods","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Kafka authentication methods.</p> <p>Optional</p> <ul> <li><code>certificate</code> (boolean). Enable certificate/SSL authentication.</li> <li><code>sasl</code> (boolean). Enable SASL authentication.</li> </ul>"},{"location":"api-reference/kafka.html#spec.userConfig.kafka_connect_config","title":"kafka_connect_config","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Kafka Connect configuration values.</p> <p>Optional</p> <ul> <li><code>connector_client_config_override_policy</code> (string, Enum: <code>None</code>, <code>All</code>). Defines what client configurations can be overridden by the connector. Default is None.</li> <li><code>consumer_auto_offset_reset</code> (string, Enum: <code>earliest</code>, <code>latest</code>). What to do when there is no initial offset in Kafka or if the current offset does not exist any more on the server. Default is earliest.</li> <li><code>consumer_fetch_max_bytes</code> (integer, Minimum: 1048576, Maximum: 104857600). Records are fetched in batches by the consumer, and if the first record batch in the first non-empty partition of the fetch is larger than this value, the record batch will still be returned to ensure that the consumer can make progress. As such, this is not a absolute maximum.</li> <li><code>consumer_isolation_level</code> (string, Enum: <code>read_uncommitted</code>, <code>read_committed</code>). Transaction read isolation level. read_uncommitted is the default, but read_committed can be used if consume-exactly-once behavior is desired.</li> <li><code>consumer_max_partition_fetch_bytes</code> (integer, Minimum: 1048576, Maximum: 104857600). Records are fetched in batches by the consumer.If the first record batch in the first non-empty partition of the fetch is larger than this limit, the batch will still be returned to ensure that the consumer can make progress.</li> <li><code>consumer_max_poll_interval_ms</code> (integer, Minimum: 1, Maximum: 2147483647). The maximum delay in milliseconds between invocations of poll() when using consumer group management (defaults to 300000).</li> <li><code>consumer_max_poll_records</code> (integer, Minimum: 1, Maximum: 10000). The maximum number of records returned in a single call to poll() (defaults to 500).</li> <li><code>offset_flush_interval_ms</code> (integer, Minimum: 1, Maximum: 100000000). The interval at which to try committing offsets for tasks (defaults to 60000).</li> <li><code>offset_flush_timeout_ms</code> (integer, Minimum: 1, Maximum: 2147483647). Maximum number of milliseconds to wait for records to flush and partition offset data to be committed to offset storage before cancelling the process and restoring the offset data to be committed in a future attempt (defaults to 5000).</li> <li><code>producer_batch_size</code> (integer, Minimum: 0, Maximum: 5242880). This setting gives the upper bound of the batch size to be sent. If there are fewer than this many bytes accumulated for this partition, the producer will <code>linger</code> for the linger.ms time waiting for more records to show up. A batch size of zero will disable batching entirely (defaults to 16384).</li> <li><code>producer_buffer_memory</code> (integer, Minimum: 5242880, Maximum: 134217728). The total bytes of memory the producer can use to buffer records waiting to be sent to the broker (defaults to 33554432).</li> <li><code>producer_compression_type</code> (string, Enum: <code>gzip</code>, <code>snappy</code>, <code>lz4</code>, <code>zstd</code>, <code>none</code>). Specify the default compression type for producers. This configuration accepts the standard compression codecs (<code>gzip</code>, <code>snappy</code>, <code>lz4</code>, <code>zstd</code>). It additionally accepts <code>none</code> which is the default and equivalent to no compression.</li> <li><code>producer_linger_ms</code> (integer, Minimum: 0, Maximum: 5000). This setting gives the upper bound on the delay for batching: once there is batch.size worth of records for a partition it will be sent immediately regardless of this setting, however if there are fewer than this many bytes accumulated for this partition the producer will <code>linger</code> for the specified time waiting for more records to show up. Defaults to 0.</li> <li><code>producer_max_request_size</code> (integer, Minimum: 131072, Maximum: 67108864). This setting will limit the number of record batches the producer will send in a single request to avoid sending huge requests.</li> <li><code>scheduled_rebalance_max_delay_ms</code> (integer, Minimum: 0, Maximum: 600000). The maximum delay that is scheduled in order to wait for the return of one or more departed workers before rebalancing and reassigning their connectors and tasks to the group. During this period the connectors and tasks of the departed workers remain unassigned.  Defaults to 5 minutes.</li> <li><code>session_timeout_ms</code> (integer, Minimum: 1, Maximum: 2147483647). The timeout in milliseconds used to detect failures when using Kafka\u2019s group management facilities (defaults to 10000).</li> </ul>"},{"location":"api-reference/kafka.html#spec.userConfig.kafka_rest_config","title":"kafka_rest_config","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Kafka REST configuration.</p> <p>Optional</p> <ul> <li><code>consumer_enable_auto_commit</code> (boolean). If true the consumer's offset will be periodically committed to Kafka in the background.</li> <li><code>consumer_request_max_bytes</code> (integer, Minimum: 0, Maximum: 671088640). Maximum number of bytes in unencoded message keys and values by a single request.</li> <li><code>consumer_request_timeout_ms</code> (integer, Enum: <code>1000</code>, <code>15000</code>, <code>30000</code>, Minimum: 1000, Maximum: 30000). The maximum total time to wait for messages for a request if the maximum number of messages has not yet been reached.</li> <li><code>name_strategy_validation</code> (boolean). If true, validate that given schema is registered under expected subject name by the used name strategy when producing messages.</li> <li><code>producer_acks</code> (string, Enum: <code>all</code>, <code>-1</code>, <code>0</code>, <code>1</code>). The number of acknowledgments the producer requires the leader to have received before considering a request complete. If set to <code>all</code> or <code>-1</code>, the leader will wait for the full set of in-sync replicas to acknowledge the record.</li> <li><code>producer_compression_type</code> (string, Enum: <code>gzip</code>, <code>snappy</code>, <code>lz4</code>, <code>zstd</code>, <code>none</code>). Specify the default compression type for producers. This configuration accepts the standard compression codecs (<code>gzip</code>, <code>snappy</code>, <code>lz4</code>, <code>zstd</code>). It additionally accepts <code>none</code> which is the default and equivalent to no compression.</li> <li><code>producer_linger_ms</code> (integer, Minimum: 0, Maximum: 5000). Wait for up to the given delay to allow batching records together.</li> <li><code>producer_max_request_size</code> (integer, Minimum: 0, Maximum: 2147483647). The maximum size of a request in bytes. Note that Kafka broker can also cap the record batch size.</li> <li><code>simpleconsumer_pool_size_max</code> (integer, Minimum: 10, Maximum: 250). Maximum number of SimpleConsumers that can be instantiated per broker.</li> </ul>"},{"location":"api-reference/kafka.html#spec.userConfig.private_access","title":"private_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from private networks.</p> <p>Optional</p> <ul> <li><code>kafka</code> (boolean). Allow clients to connect to kafka with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> <li><code>kafka_connect</code> (boolean). Allow clients to connect to kafka_connect with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> <li><code>kafka_rest</code> (boolean). Allow clients to connect to kafka_rest with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> <li><code>schema_registry</code> (boolean). Allow clients to connect to schema_registry with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> </ul>"},{"location":"api-reference/kafka.html#spec.userConfig.privatelink_access","title":"privatelink_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service components through Privatelink.</p> <p>Optional</p> <ul> <li><code>jolokia</code> (boolean). Enable jolokia.</li> <li><code>kafka</code> (boolean). Enable kafka.</li> <li><code>kafka_connect</code> (boolean). Enable kafka_connect.</li> <li><code>kafka_rest</code> (boolean). Enable kafka_rest.</li> <li><code>prometheus</code> (boolean). Enable prometheus.</li> <li><code>schema_registry</code> (boolean). Enable schema_registry.</li> </ul>"},{"location":"api-reference/kafka.html#spec.userConfig.public_access","title":"public_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from the public Internet.</p> <p>Optional</p> <ul> <li><code>kafka</code> (boolean). Allow clients to connect to kafka from the public internet for service nodes that are in a project VPC or another type of private network.</li> <li><code>kafka_connect</code> (boolean). Allow clients to connect to kafka_connect from the public internet for service nodes that are in a project VPC or another type of private network.</li> <li><code>kafka_rest</code> (boolean). Allow clients to connect to kafka_rest from the public internet for service nodes that are in a project VPC or another type of private network.</li> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus from the public internet for service nodes that are in a project VPC or another type of private network.</li> <li><code>schema_registry</code> (boolean). Allow clients to connect to schema_registry from the public internet for service nodes that are in a project VPC or another type of private network.</li> </ul>"},{"location":"api-reference/kafka.html#spec.userConfig.schema_registry_config","title":"schema_registry_config","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Schema Registry configuration.</p> <p>Optional</p> <ul> <li><code>leader_eligibility</code> (boolean). If true, Karapace / Schema Registry on the service nodes can participate in leader election. It might be needed to disable this when the schemas topic is replicated to a secondary cluster and Karapace / Schema Registry there must not participate in leader election. Defaults to <code>true</code>.</li> <li><code>topic_name</code> (string, MinLength: 1, MaxLength: 249). The durable single partition topic that acts as the durable log for the data. This topic must be compacted to avoid losing data due to retention policy. Please note that changing this configuration in an existing Schema Registry / Karapace setup leads to previous schemas being inaccessible, data encoded with them potentially unreadable and schema ID sequence put out of order. It's only possible to do the switch while Schema Registry / Karapace is disabled. Defaults to <code>_schemas</code>.</li> </ul>"},{"location":"api-reference/kafka.html#spec.userConfig.tiered_storage","title":"tiered_storage","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Tiered storage configuration.</p> <p>Optional</p> <ul> <li><code>enabled</code> (boolean). Whether to enable the tiered storage functionality.</li> <li><code>local_cache</code> (object). Deprecated. Local cache configuration. See below for nested schema.</li> </ul>"},{"location":"api-reference/kafka.html#spec.userConfig.tiered_storage.local_cache","title":"local_cache","text":"<p>Appears on <code>spec.userConfig.tiered_storage</code>.</p> <p>Deprecated. Local cache configuration.</p> <p>Required</p> <ul> <li><code>size</code> (integer, Minimum: 1, Maximum: 107374182400). Deprecated. Local cache size in bytes.</li> </ul>"},{"location":"api-reference/kafkaacl.html","title":"KafkaACL","text":""},{"location":"api-reference/kafkaacl.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: KafkaACL\nmetadata:\n  name: my-kafka-acl\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: my-aiven-project\n  serviceName: my-kafka\n  topic: my-topic\n  username: my-user\n  permission: admin\n</code></pre>"},{"location":"api-reference/kafkaacl.html#KafkaACL","title":"KafkaACL","text":"<p>KafkaACL is the Schema for the kafkaacls API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>KafkaACL</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). KafkaACLSpec defines the desired state of KafkaACL. See below for nested schema.</li> </ul>"},{"location":"api-reference/kafkaacl.html#spec","title":"spec","text":"<p>Appears on <code>KafkaACL</code>.</p> <p>KafkaACLSpec defines the desired state of KafkaACL.</p> <p>Required</p> <ul> <li><code>permission</code> (string, Enum: <code>admin</code>, <code>read</code>, <code>readwrite</code>, <code>write</code>). Kafka permission to grant (admin, read, readwrite, write).</li> <li><code>project</code> (string, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Project to link the Kafka ACL to.</li> <li><code>serviceName</code> (string, MaxLength: 63). Service to link the Kafka ACL to.</li> <li><code>topic</code> (string). Topic name pattern for the ACL entry.</li> <li><code>username</code> (string). Username pattern for the ACL entry.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> </ul>"},{"location":"api-reference/kafkaacl.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/kafkaconnect.html","title":"KafkaConnect","text":""},{"location":"api-reference/kafkaconnect.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: KafkaConnect\nmetadata:\n  name: my-kafka-connect\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: my-aiven-project\n  cloudName: google-europe-west1\n  plan: business-4\n\n  userConfig:\n    kafka_connect:\n      consumer_isolation_level: read_committed\n    public_access:\n      kafka_connect: true\n</code></pre>"},{"location":"api-reference/kafkaconnect.html#KafkaConnect","title":"KafkaConnect","text":"<p>KafkaConnect is the Schema for the kafkaconnects API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>KafkaConnect</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). KafkaConnectSpec defines the desired state of KafkaConnect. See below for nested schema.</li> </ul>"},{"location":"api-reference/kafkaconnect.html#spec","title":"spec","text":"<p>Appears on <code>KafkaConnect</code>.</p> <p>KafkaConnectSpec defines the desired state of KafkaConnect.</p> <p>Required</p> <ul> <li><code>plan</code> (string, MaxLength: 128). Subscription plan.</li> <li><code>project</code> (string, Immutable, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Target project.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>cloudName</code> (string, MaxLength: 256). Cloud the service runs in.</li> <li><code>maintenanceWindowDow</code> (string, Enum: <code>monday</code>, <code>tuesday</code>, <code>wednesday</code>, <code>thursday</code>, <code>friday</code>, <code>saturday</code>, <code>sunday</code>). Day of week when maintenance operations should be performed. One monday, tuesday, wednesday, etc.</li> <li><code>maintenanceWindowTime</code> (string, MaxLength: 8). Time of day when maintenance operations should be performed. UTC time in HH:mm:ss format.</li> <li><code>projectVPCRef</code> (object). ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically. See below for nested schema.</li> <li><code>projectVpcId</code> (string, MaxLength: 36). Identifier of the VPC the service should be in, if any.</li> <li><code>serviceIntegrations</code> (array of objects, Immutable, MaxItems: 1). Service integrations to specify when creating a service. Not applied after initial service creation. See below for nested schema.</li> <li><code>tags</code> (object, AdditionalProperties: string). Tags are key-value pairs that allow you to categorize services.</li> <li><code>terminationProtection</code> (boolean). Prevent service from being deleted. It is recommended to have this enabled for all services.</li> <li><code>userConfig</code> (object). KafkaConnect specific user configuration options. See below for nested schema.</li> </ul>"},{"location":"api-reference/kafkaconnect.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/kafkaconnect.html#spec.projectVPCRef","title":"projectVPCRef","text":"<p>Appears on <code>spec</code>.</p> <p>ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically.</p> <p>Required</p> <ul> <li><code>name</code> (string, MinLength: 1). </li> </ul> <p>Optional</p> <ul> <li><code>namespace</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/kafkaconnect.html#spec.serviceIntegrations","title":"serviceIntegrations","text":"<p>Appears on <code>spec</code>.</p> <p>Service integrations to specify when creating a service. Not applied after initial service creation.</p> <p>Required</p> <ul> <li><code>integrationType</code> (string, Enum: <code>read_replica</code>). </li> <li><code>sourceServiceName</code> (string, MinLength: 1, MaxLength: 64). </li> </ul>"},{"location":"api-reference/kafkaconnect.html#spec.userConfig","title":"userConfig","text":"<p>Appears on <code>spec</code>.</p> <p>KafkaConnect specific user configuration options.</p> <p>Optional</p> <ul> <li><code>additional_backup_regions</code> (array of strings, MaxItems: 1). Additional Cloud Regions for Backup Replication.</li> <li><code>ip_filter</code> (array of objects, MaxItems: 1024). Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>. See below for nested schema.</li> <li><code>kafka_connect</code> (object). Kafka Connect configuration values. See below for nested schema.</li> <li><code>private_access</code> (object). Allow access to selected service ports from private networks. See below for nested schema.</li> <li><code>privatelink_access</code> (object). Allow access to selected service components through Privatelink. See below for nested schema.</li> <li><code>public_access</code> (object). Allow access to selected service ports from the public Internet. See below for nested schema.</li> <li><code>service_log</code> (boolean). Store logs for the service so that they are available in the HTTP API and console.</li> <li><code>static_ips</code> (boolean). Use static public IP addresses.</li> </ul>"},{"location":"api-reference/kafkaconnect.html#spec.userConfig.ip_filter","title":"ip_filter","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>.</p> <p>Required</p> <ul> <li><code>network</code> (string, MaxLength: 43). CIDR address block.</li> </ul> <p>Optional</p> <ul> <li><code>description</code> (string, MaxLength: 1024). Description for IP filter list entry.</li> </ul>"},{"location":"api-reference/kafkaconnect.html#spec.userConfig.kafka_connect","title":"kafka_connect","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Kafka Connect configuration values.</p> <p>Optional</p> <ul> <li><code>connector_client_config_override_policy</code> (string, Enum: <code>None</code>, <code>All</code>). Defines what client configurations can be overridden by the connector. Default is None.</li> <li><code>consumer_auto_offset_reset</code> (string, Enum: <code>earliest</code>, <code>latest</code>). What to do when there is no initial offset in Kafka or if the current offset does not exist any more on the server. Default is earliest.</li> <li><code>consumer_fetch_max_bytes</code> (integer, Minimum: 1048576, Maximum: 104857600). Records are fetched in batches by the consumer, and if the first record batch in the first non-empty partition of the fetch is larger than this value, the record batch will still be returned to ensure that the consumer can make progress. As such, this is not a absolute maximum.</li> <li><code>consumer_isolation_level</code> (string, Enum: <code>read_uncommitted</code>, <code>read_committed</code>). Transaction read isolation level. read_uncommitted is the default, but read_committed can be used if consume-exactly-once behavior is desired.</li> <li><code>consumer_max_partition_fetch_bytes</code> (integer, Minimum: 1048576, Maximum: 104857600). Records are fetched in batches by the consumer.If the first record batch in the first non-empty partition of the fetch is larger than this limit, the batch will still be returned to ensure that the consumer can make progress.</li> <li><code>consumer_max_poll_interval_ms</code> (integer, Minimum: 1, Maximum: 2147483647). The maximum delay in milliseconds between invocations of poll() when using consumer group management (defaults to 300000).</li> <li><code>consumer_max_poll_records</code> (integer, Minimum: 1, Maximum: 10000). The maximum number of records returned in a single call to poll() (defaults to 500).</li> <li><code>offset_flush_interval_ms</code> (integer, Minimum: 1, Maximum: 100000000). The interval at which to try committing offsets for tasks (defaults to 60000).</li> <li><code>offset_flush_timeout_ms</code> (integer, Minimum: 1, Maximum: 2147483647). Maximum number of milliseconds to wait for records to flush and partition offset data to be committed to offset storage before cancelling the process and restoring the offset data to be committed in a future attempt (defaults to 5000).</li> <li><code>producer_batch_size</code> (integer, Minimum: 0, Maximum: 5242880). This setting gives the upper bound of the batch size to be sent. If there are fewer than this many bytes accumulated for this partition, the producer will <code>linger</code> for the linger.ms time waiting for more records to show up. A batch size of zero will disable batching entirely (defaults to 16384).</li> <li><code>producer_buffer_memory</code> (integer, Minimum: 5242880, Maximum: 134217728). The total bytes of memory the producer can use to buffer records waiting to be sent to the broker (defaults to 33554432).</li> <li><code>producer_compression_type</code> (string, Enum: <code>gzip</code>, <code>snappy</code>, <code>lz4</code>, <code>zstd</code>, <code>none</code>). Specify the default compression type for producers. This configuration accepts the standard compression codecs (<code>gzip</code>, <code>snappy</code>, <code>lz4</code>, <code>zstd</code>). It additionally accepts <code>none</code> which is the default and equivalent to no compression.</li> <li><code>producer_linger_ms</code> (integer, Minimum: 0, Maximum: 5000). This setting gives the upper bound on the delay for batching: once there is batch.size worth of records for a partition it will be sent immediately regardless of this setting, however if there are fewer than this many bytes accumulated for this partition the producer will <code>linger</code> for the specified time waiting for more records to show up. Defaults to 0.</li> <li><code>producer_max_request_size</code> (integer, Minimum: 131072, Maximum: 67108864). This setting will limit the number of record batches the producer will send in a single request to avoid sending huge requests.</li> <li><code>scheduled_rebalance_max_delay_ms</code> (integer, Minimum: 0, Maximum: 600000). The maximum delay that is scheduled in order to wait for the return of one or more departed workers before rebalancing and reassigning their connectors and tasks to the group. During this period the connectors and tasks of the departed workers remain unassigned.  Defaults to 5 minutes.</li> <li><code>session_timeout_ms</code> (integer, Minimum: 1, Maximum: 2147483647). The timeout in milliseconds used to detect failures when using Kafka\u2019s group management facilities (defaults to 10000).</li> </ul>"},{"location":"api-reference/kafkaconnect.html#spec.userConfig.private_access","title":"private_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from private networks.</p> <p>Optional</p> <ul> <li><code>kafka_connect</code> (boolean). Allow clients to connect to kafka_connect with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> </ul>"},{"location":"api-reference/kafkaconnect.html#spec.userConfig.privatelink_access","title":"privatelink_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service components through Privatelink.</p> <p>Optional</p> <ul> <li><code>jolokia</code> (boolean). Enable jolokia.</li> <li><code>kafka_connect</code> (boolean). Enable kafka_connect.</li> <li><code>prometheus</code> (boolean). Enable prometheus.</li> </ul>"},{"location":"api-reference/kafkaconnect.html#spec.userConfig.public_access","title":"public_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from the public Internet.</p> <p>Optional</p> <ul> <li><code>kafka_connect</code> (boolean). Allow clients to connect to kafka_connect from the public internet for service nodes that are in a project VPC or another type of private network.</li> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus from the public internet for service nodes that are in a project VPC or another type of private network.</li> </ul>"},{"location":"api-reference/kafkaconnector.html","title":"KafkaConnector","text":""},{"location":"api-reference/kafkaconnector.html#KafkaConnector","title":"KafkaConnector","text":"<p>KafkaConnector is the Schema for the kafkaconnectors API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>KafkaConnector</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). KafkaConnectorSpec defines the desired state of KafkaConnector. See below for nested schema.</li> </ul>"},{"location":"api-reference/kafkaconnector.html#spec","title":"spec","text":"<p>Appears on <code>KafkaConnector</code>.</p> <p>KafkaConnectorSpec defines the desired state of KafkaConnector.</p> <p>Required</p> <ul> <li><code>connectorClass</code> (string, MaxLength: 1024). The Java class of the connector.</li> <li><code>project</code> (string, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Target project.</li> <li><code>serviceName</code> (string, MaxLength: 63). Service name.</li> <li><code>userConfig</code> (object, AdditionalProperties: string). The connector specific configuration To build config values from secret the template function <code>{{ fromSecret \"name\" \"key\" }}</code> is provided when interpreting the keys.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> </ul>"},{"location":"api-reference/kafkaconnector.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/kafkaschema.html","title":"KafkaSchema","text":""},{"location":"api-reference/kafkaschema.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: KafkaSchema\nmetadata:\n  name: my-schema\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: my-aiven-project\n  serviceName: my-kafka\n  subjectName: mny-subject\n  compatibilityLevel: BACKWARD\n  schema: |\n    {\n        \"doc\": \"example_doc\",\n        \"fields\": [{\n            \"default\": 5,\n            \"doc\": \"field_doc\",\n            \"name\": \"field_name\",\n            \"namespace\": \"field_namespace\",\n            \"type\": \"int\"\n        }],\n        \"name\": \"example_name\",\n        \"namespace\": \"example_namespace\",\n        \"type\": \"record\"\n    }\n</code></pre>"},{"location":"api-reference/kafkaschema.html#KafkaSchema","title":"KafkaSchema","text":"<p>KafkaSchema is the Schema for the kafkaschemas API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>KafkaSchema</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). KafkaSchemaSpec defines the desired state of KafkaSchema. See below for nested schema.</li> </ul>"},{"location":"api-reference/kafkaschema.html#spec","title":"spec","text":"<p>Appears on <code>KafkaSchema</code>.</p> <p>KafkaSchemaSpec defines the desired state of KafkaSchema.</p> <p>Required</p> <ul> <li><code>project</code> (string, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Project to link the Kafka Schema to.</li> <li><code>schema</code> (string). Kafka Schema configuration should be a valid Avro Schema JSON format.</li> <li><code>serviceName</code> (string, MaxLength: 63). Service to link the Kafka Schema to.</li> <li><code>subjectName</code> (string, MaxLength: 63). Kafka Schema Subject name.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>compatibilityLevel</code> (string, Enum: <code>BACKWARD</code>, <code>BACKWARD_TRANSITIVE</code>, <code>FORWARD</code>, <code>FORWARD_TRANSITIVE</code>, <code>FULL</code>, <code>FULL_TRANSITIVE</code>, <code>NONE</code>). Kafka Schemas compatibility level.</li> </ul>"},{"location":"api-reference/kafkaschema.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/kafkatopic.html","title":"KafkaTopic","text":""},{"location":"api-reference/kafkatopic.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: KafkaTopic\nmetadata:\n  name: kafka-topic\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: my-aiven-project\n  serviceName: my-kafka\n  topicName: my-kafka-topic\n\n  replication: 2\n  partitions: 1\n\n  config:\n    min_cleanable_dirty_ratio: 0.2\n</code></pre>"},{"location":"api-reference/kafkatopic.html#KafkaTopic","title":"KafkaTopic","text":"<p>KafkaTopic is the Schema for the kafkatopics API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>KafkaTopic</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). KafkaTopicSpec defines the desired state of KafkaTopic. See below for nested schema.</li> </ul>"},{"location":"api-reference/kafkatopic.html#spec","title":"spec","text":"<p>Appears on <code>KafkaTopic</code>.</p> <p>KafkaTopicSpec defines the desired state of KafkaTopic.</p> <p>Required</p> <ul> <li><code>partitions</code> (integer, Minimum: 1, Maximum: 1000000). Number of partitions to create in the topic.</li> <li><code>project</code> (string, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Target project.</li> <li><code>replication</code> (integer, Minimum: 2). Replication factor for the topic.</li> <li><code>serviceName</code> (string, MaxLength: 63). Service name.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>config</code> (object). Kafka topic configuration. See below for nested schema.</li> <li><code>tags</code> (array of objects). Kafka topic tags. See below for nested schema.</li> <li><code>termination_protection</code> (boolean). It is a Kubernetes side deletion protections, which prevents the kafka topic from being deleted by Kubernetes. It is recommended to enable this for any production databases containing critical data.</li> <li><code>topicName</code> (string, Immutable, MinLength: 1, MaxLength: 249). Topic name. If provided, is used instead of metadata.name. This field supports additional characters, has a longer length, and will replace metadata.name in future releases.</li> </ul>"},{"location":"api-reference/kafkatopic.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/kafkatopic.html#spec.config","title":"config","text":"<p>Appears on <code>spec</code>.</p> <p>Kafka topic configuration.</p> <p>Optional</p> <ul> <li><code>cleanup_policy</code> (string). cleanup.policy value.</li> <li><code>compression_type</code> (string). compression.type value.</li> <li><code>delete_retention_ms</code> (integer). delete.retention.ms value.</li> <li><code>file_delete_delay_ms</code> (integer). file.delete.delay.ms value.</li> <li><code>flush_messages</code> (integer). flush.messages value.</li> <li><code>flush_ms</code> (integer). flush.ms value.</li> <li><code>index_interval_bytes</code> (integer). index.interval.bytes value.</li> <li><code>max_compaction_lag_ms</code> (integer). max.compaction.lag.ms value.</li> <li><code>max_message_bytes</code> (integer). max.message.bytes value.</li> <li><code>message_downconversion_enable</code> (boolean). message.downconversion.enable value.</li> <li><code>message_format_version</code> (string). message.format.version value.</li> <li><code>message_timestamp_difference_max_ms</code> (integer). message.timestamp.difference.max.ms value.</li> <li><code>message_timestamp_type</code> (string). message.timestamp.type value.</li> <li><code>min_cleanable_dirty_ratio</code> (number). min.cleanable.dirty.ratio value.</li> <li><code>min_compaction_lag_ms</code> (integer). min.compaction.lag.ms value.</li> <li><code>min_insync_replicas</code> (integer). min.insync.replicas value.</li> <li><code>preallocate</code> (boolean). preallocate value.</li> <li><code>retention_bytes</code> (integer). retention.bytes value.</li> <li><code>retention_ms</code> (integer). retention.ms value.</li> <li><code>segment_bytes</code> (integer). segment.bytes value.</li> <li><code>segment_index_bytes</code> (integer). segment.index.bytes value.</li> <li><code>segment_jitter_ms</code> (integer). segment.jitter.ms value.</li> <li><code>segment_ms</code> (integer). segment.ms value.</li> </ul>"},{"location":"api-reference/kafkatopic.html#spec.tags","title":"tags","text":"<p>Appears on <code>spec</code>.</p> <p>Kafka topic tags.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1, MaxLength: 64, Format: <code>^[a-zA-Z0-9_-]*$</code>). </li> </ul> <p>Optional</p> <ul> <li><code>value</code> (string, MaxLength: 256, Format: <code>^[a-zA-Z0-9_-]*$</code>). </li> </ul>"},{"location":"api-reference/mysql.html","title":"MySQL","text":""},{"location":"api-reference/mysql.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: MySQL\nmetadata:\n  name: my-mysql\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: mysql-secret\n    prefix: MY_SECRET_PREFIX_\n    annotations:\n      foo: bar\n    labels:\n      baz: egg\n\n  project: my-aiven-project\n  cloudName: google-europe-west1\n  plan: business-4\n\n  maintenanceWindowDow: sunday\n  maintenanceWindowTime: 11:00:00\n\n  userConfig:\n    backup_hour: 17\n    backup_minute: 11\n    ip_filter:\n      - network: 0.0.0.0\n        description: whatever\n      - network: 10.20.0.0/16\n</code></pre>"},{"location":"api-reference/mysql.html#MySQL","title":"MySQL","text":"<p>MySQL is the Schema for the mysqls API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>MySQL</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). MySQLSpec defines the desired state of MySQL. See below for nested schema.</li> </ul>"},{"location":"api-reference/mysql.html#spec","title":"spec","text":"<p>Appears on <code>MySQL</code>.</p> <p>MySQLSpec defines the desired state of MySQL.</p> <p>Required</p> <ul> <li><code>plan</code> (string, MaxLength: 128). Subscription plan.</li> <li><code>project</code> (string, Immutable, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Target project.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>cloudName</code> (string, MaxLength: 256). Cloud the service runs in.</li> <li><code>connInfoSecretTarget</code> (object). Information regarding secret creation. Exposed keys: <code>MYSQL_HOST</code>, <code>MYSQL_PORT</code>, <code>MYSQL_DATABASE</code>, <code>MYSQL_USER</code>, <code>MYSQL_PASSWORD</code>, <code>MYSQL_SSL_MODE</code>, <code>MYSQL_URI</code>, <code>MYSQL_REPLICA_URI</code>. See below for nested schema.</li> <li><code>disk_space</code> (string, Format: <code>^[1-9][0-9]*(GiB|G)*</code>). The disk space of the service, possible values depend on the service type, the cloud provider and the project. Reducing will result in the service re-balancing.</li> <li><code>maintenanceWindowDow</code> (string, Enum: <code>monday</code>, <code>tuesday</code>, <code>wednesday</code>, <code>thursday</code>, <code>friday</code>, <code>saturday</code>, <code>sunday</code>). Day of week when maintenance operations should be performed. One monday, tuesday, wednesday, etc.</li> <li><code>maintenanceWindowTime</code> (string, MaxLength: 8). Time of day when maintenance operations should be performed. UTC time in HH:mm:ss format.</li> <li><code>projectVPCRef</code> (object). ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically. See below for nested schema.</li> <li><code>projectVpcId</code> (string, MaxLength: 36). Identifier of the VPC the service should be in, if any.</li> <li><code>serviceIntegrations</code> (array of objects, Immutable, MaxItems: 1). Service integrations to specify when creating a service. Not applied after initial service creation. See below for nested schema.</li> <li><code>tags</code> (object, AdditionalProperties: string). Tags are key-value pairs that allow you to categorize services.</li> <li><code>terminationProtection</code> (boolean). Prevent service from being deleted. It is recommended to have this enabled for all services.</li> <li><code>userConfig</code> (object). MySQL specific user configuration options. See below for nested schema.</li> </ul>"},{"location":"api-reference/mysql.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/mysql.html#spec.connInfoSecretTarget","title":"connInfoSecretTarget","text":"<p>Appears on <code>spec</code>.</p> <p>Information regarding secret creation. Exposed keys: <code>MYSQL_HOST</code>, <code>MYSQL_PORT</code>, <code>MYSQL_DATABASE</code>, <code>MYSQL_USER</code>, <code>MYSQL_PASSWORD</code>, <code>MYSQL_SSL_MODE</code>, <code>MYSQL_URI</code>, <code>MYSQL_REPLICA_URI</code>.</p> <p>Required</p> <ul> <li><code>name</code> (string). Name of the secret resource to be created. By default, is equal to the resource name.</li> </ul> <p>Optional</p> <ul> <li><code>annotations</code> (object, AdditionalProperties: string). Annotations added to the secret.</li> <li><code>labels</code> (object, AdditionalProperties: string). Labels added to the secret.</li> <li><code>prefix</code> (string). Prefix for the secret's keys. Added \"as is\" without any transformations. By default, is equal to the kind name in uppercase + underscore, e.g. <code>KAFKA_</code>, <code>REDIS_</code>, etc.</li> </ul>"},{"location":"api-reference/mysql.html#spec.projectVPCRef","title":"projectVPCRef","text":"<p>Appears on <code>spec</code>.</p> <p>ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically.</p> <p>Required</p> <ul> <li><code>name</code> (string, MinLength: 1). </li> </ul> <p>Optional</p> <ul> <li><code>namespace</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/mysql.html#spec.serviceIntegrations","title":"serviceIntegrations","text":"<p>Appears on <code>spec</code>.</p> <p>Service integrations to specify when creating a service. Not applied after initial service creation.</p> <p>Required</p> <ul> <li><code>integrationType</code> (string, Enum: <code>read_replica</code>). </li> <li><code>sourceServiceName</code> (string, MinLength: 1, MaxLength: 64). </li> </ul>"},{"location":"api-reference/mysql.html#spec.userConfig","title":"userConfig","text":"<p>Appears on <code>spec</code>.</p> <p>MySQL specific user configuration options.</p> <p>Optional</p> <ul> <li><code>additional_backup_regions</code> (array of strings, MaxItems: 1). Additional Cloud Regions for Backup Replication.</li> <li><code>admin_password</code> (string, Immutable, Pattern: <code>^[a-zA-Z0-9-_]+$</code>, MinLength: 8, MaxLength: 256). Custom password for admin user. Defaults to random string. This must be set only when a new service is being created.</li> <li><code>admin_username</code> (string, Immutable, Pattern: <code>^[_A-Za-z0-9][-._A-Za-z0-9]{0,63}$</code>, MaxLength: 64). Custom username for admin user. This must be set only when a new service is being created.</li> <li><code>backup_hour</code> (integer, Minimum: 0, Maximum: 23). The hour of day (in UTC) when backup for the service is started. New backup is only started if previous backup has already completed.</li> <li><code>backup_minute</code> (integer, Minimum: 0, Maximum: 59). The minute of an hour when backup for the service is started. New backup is only started if previous backup has already completed.</li> <li><code>binlog_retention_period</code> (integer, Minimum: 600, Maximum: 86400). The minimum amount of time in seconds to keep binlog entries before deletion. This may be extended for services that require binlog entries for longer than the default for example if using the MySQL Debezium Kafka connector.</li> <li><code>ip_filter</code> (array of objects, MaxItems: 1024). Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>. See below for nested schema.</li> <li><code>migration</code> (object). Migrate data from existing server. See below for nested schema.</li> <li><code>mysql</code> (object). mysql.conf configuration values. See below for nested schema.</li> <li><code>mysql_version</code> (string, Enum: <code>8</code>). MySQL major version.</li> <li><code>private_access</code> (object). Allow access to selected service ports from private networks. See below for nested schema.</li> <li><code>privatelink_access</code> (object). Allow access to selected service components through Privatelink. See below for nested schema.</li> <li><code>project_to_fork_from</code> (string, Immutable, MaxLength: 63). Name of another project to fork a service from. This has effect only when a new service is being created.</li> <li><code>public_access</code> (object). Allow access to selected service ports from the public Internet. See below for nested schema.</li> <li><code>recovery_target_time</code> (string, Immutable, MaxLength: 32). Recovery target time when forking a service. This has effect only when a new service is being created.</li> <li><code>service_log</code> (boolean). Store logs for the service so that they are available in the HTTP API and console.</li> <li><code>service_to_fork_from</code> (string, Immutable, MaxLength: 64). Name of another service to fork from. This has effect only when a new service is being created.</li> <li><code>static_ips</code> (boolean). Use static public IP addresses.</li> </ul>"},{"location":"api-reference/mysql.html#spec.userConfig.ip_filter","title":"ip_filter","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>.</p> <p>Required</p> <ul> <li><code>network</code> (string, MaxLength: 43). CIDR address block.</li> </ul> <p>Optional</p> <ul> <li><code>description</code> (string, MaxLength: 1024). Description for IP filter list entry.</li> </ul>"},{"location":"api-reference/mysql.html#spec.userConfig.migration","title":"migration","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Migrate data from existing server.</p> <p>Required</p> <ul> <li><code>host</code> (string, MaxLength: 255). Hostname or IP address of the server where to migrate data from.</li> <li><code>port</code> (integer, Minimum: 1, Maximum: 65535). Port number of the server where to migrate data from.</li> </ul> <p>Optional</p> <ul> <li><code>dbname</code> (string, MaxLength: 63). Database name for bootstrapping the initial connection.</li> <li><code>ignore_dbs</code> (string, MaxLength: 2048). Comma-separated list of databases, which should be ignored during migration (supported by MySQL and PostgreSQL only at the moment).</li> <li><code>method</code> (string, Enum: <code>dump</code>, <code>replication</code>). The migration method to be used (currently supported only by Redis, Dragonfly, MySQL and PostgreSQL service types).</li> <li><code>password</code> (string, MaxLength: 256). Password for authentication with the server where to migrate data from.</li> <li><code>ssl</code> (boolean). The server where to migrate data from is secured with SSL.</li> <li><code>username</code> (string, MaxLength: 256). User name for authentication with the server where to migrate data from.</li> </ul>"},{"location":"api-reference/mysql.html#spec.userConfig.mysql","title":"mysql","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>mysql.conf configuration values.</p> <p>Optional</p> <ul> <li><code>connect_timeout</code> (integer, Minimum: 2, Maximum: 3600). The number of seconds that the mysqld server waits for a connect packet before responding with Bad handshake.</li> <li><code>default_time_zone</code> (string, MinLength: 2, MaxLength: 100). Default server time zone as an offset from UTC (from -12:00 to +12:00), a time zone name, or <code>SYSTEM</code> to use the MySQL server default.</li> <li><code>group_concat_max_len</code> (integer, Minimum: 4). The maximum permitted result length in bytes for the GROUP_CONCAT() function.</li> <li><code>information_schema_stats_expiry</code> (integer, Minimum: 900, Maximum: 31536000). The time, in seconds, before cached statistics expire.</li> <li><code>innodb_change_buffer_max_size</code> (integer, Minimum: 0, Maximum: 50). Maximum size for the InnoDB change buffer, as a percentage of the total size of the buffer pool. Default is 25.</li> <li><code>innodb_flush_neighbors</code> (integer, Minimum: 0, Maximum: 2). Specifies whether flushing a page from the InnoDB buffer pool also flushes other dirty pages in the same extent (default is 1): 0 - dirty pages in the same extent are not flushed,  1 - flush contiguous dirty pages in the same extent,  2 - flush dirty pages in the same extent.</li> <li><code>innodb_ft_min_token_size</code> (integer, Minimum: 0, Maximum: 16). Minimum length of words that are stored in an InnoDB FULLTEXT index. Changing this parameter will lead to a restart of the MySQL service.</li> <li><code>innodb_ft_server_stopword_table</code> (string, Pattern: <code>^.+/.+$</code>, MaxLength: 1024). This option is used to specify your own InnoDB FULLTEXT index stopword list for all InnoDB tables.</li> <li><code>innodb_lock_wait_timeout</code> (integer, Minimum: 1, Maximum: 3600). The length of time in seconds an InnoDB transaction waits for a row lock before giving up. Default is 120.</li> <li><code>innodb_log_buffer_size</code> (integer, Minimum: 1048576, Maximum: 4294967295). The size in bytes of the buffer that InnoDB uses to write to the log files on disk.</li> <li><code>innodb_online_alter_log_max_size</code> (integer, Minimum: 65536, Maximum: 1099511627776). The upper limit in bytes on the size of the temporary log files used during online DDL operations for InnoDB tables.</li> <li><code>innodb_print_all_deadlocks</code> (boolean). When enabled, information about all deadlocks in InnoDB user transactions is recorded in the error log. Disabled by default.</li> <li><code>innodb_read_io_threads</code> (integer, Minimum: 1, Maximum: 64). The number of I/O threads for read operations in InnoDB. Default is 4. Changing this parameter will lead to a restart of the MySQL service.</li> <li><code>innodb_rollback_on_timeout</code> (boolean). When enabled a transaction timeout causes InnoDB to abort and roll back the entire transaction. Changing this parameter will lead to a restart of the MySQL service.</li> <li><code>innodb_thread_concurrency</code> (integer, Minimum: 0, Maximum: 1000). Defines the maximum number of threads permitted inside of InnoDB. Default is 0 (infinite concurrency - no limit).</li> <li><code>innodb_write_io_threads</code> (integer, Minimum: 1, Maximum: 64). The number of I/O threads for write operations in InnoDB. Default is 4. Changing this parameter will lead to a restart of the MySQL service.</li> <li><code>interactive_timeout</code> (integer, Minimum: 30, Maximum: 604800). The number of seconds the server waits for activity on an interactive connection before closing it.</li> <li><code>internal_tmp_mem_storage_engine</code> (string, Enum: <code>TempTable</code>, <code>MEMORY</code>). The storage engine for in-memory internal temporary tables.</li> <li><code>long_query_time</code> (number, Minimum: 0, Maximum: 3600). The slow_query_logs work as SQL statements that take more than long_query_time seconds to execute. Default is 10s.</li> <li><code>max_allowed_packet</code> (integer, Minimum: 102400, Maximum: 1073741824). Size of the largest message in bytes that can be received by the server. Default is 67108864 (64M).</li> <li><code>max_heap_table_size</code> (integer, Minimum: 1048576, Maximum: 1073741824). Limits the size of internal in-memory tables. Also set tmp_table_size. Default is 16777216 (16M).</li> <li><code>net_buffer_length</code> (integer, Minimum: 1024, Maximum: 1048576). Start sizes of connection buffer and result buffer. Default is 16384 (16K). Changing this parameter will lead to a restart of the MySQL service.</li> <li><code>net_read_timeout</code> (integer, Minimum: 1, Maximum: 3600). The number of seconds to wait for more data from a connection before aborting the read.</li> <li><code>net_write_timeout</code> (integer, Minimum: 1, Maximum: 3600). The number of seconds to wait for a block to be written to a connection before aborting the write.</li> <li><code>slow_query_log</code> (boolean). Slow query log enables capturing of slow queries. Setting slow_query_log to false also truncates the mysql.slow_log table. Default is off.</li> <li><code>sort_buffer_size</code> (integer, Minimum: 32768, Maximum: 1073741824). Sort buffer size in bytes for ORDER BY optimization. Default is 262144 (256K).</li> <li><code>sql_mode</code> (string, Pattern: <code>^[A-Z_]*(,[A-Z_]+)*$</code>, MaxLength: 1024). Global SQL mode. Set to empty to use MySQL server defaults. When creating a new service and not setting this field Aiven default SQL mode (strict, SQL standard compliant) will be assigned.</li> <li><code>sql_require_primary_key</code> (boolean). Require primary key to be defined for new tables or old tables modified with ALTER TABLE and fail if missing. It is recommended to always have primary keys because various functionality may break if any large table is missing them.</li> <li><code>tmp_table_size</code> (integer, Minimum: 1048576, Maximum: 1073741824). Limits the size of internal in-memory tables. Also set max_heap_table_size. Default is 16777216 (16M).</li> <li><code>wait_timeout</code> (integer, Minimum: 1, Maximum: 2147483). The number of seconds the server waits for activity on a noninteractive connection before closing it.</li> </ul>"},{"location":"api-reference/mysql.html#spec.userConfig.private_access","title":"private_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from private networks.</p> <p>Optional</p> <ul> <li><code>mysql</code> (boolean). Allow clients to connect to mysql with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> <li><code>mysqlx</code> (boolean). Allow clients to connect to mysqlx with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> </ul>"},{"location":"api-reference/mysql.html#spec.userConfig.privatelink_access","title":"privatelink_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service components through Privatelink.</p> <p>Optional</p> <ul> <li><code>mysql</code> (boolean). Enable mysql.</li> <li><code>mysqlx</code> (boolean). Enable mysqlx.</li> <li><code>prometheus</code> (boolean). Enable prometheus.</li> </ul>"},{"location":"api-reference/mysql.html#spec.userConfig.public_access","title":"public_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from the public Internet.</p> <p>Optional</p> <ul> <li><code>mysql</code> (boolean). Allow clients to connect to mysql from the public internet for service nodes that are in a project VPC or another type of private network.</li> <li><code>mysqlx</code> (boolean). Allow clients to connect to mysqlx from the public internet for service nodes that are in a project VPC or another type of private network.</li> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus from the public internet for service nodes that are in a project VPC or another type of private network.</li> </ul>"},{"location":"api-reference/opensearch.html","title":"OpenSearch","text":""},{"location":"api-reference/opensearch.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: OpenSearch\nmetadata:\n  name: my-os\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: os-secret\n    prefix: MY_SECRET_PREFIX_\n    annotations:\n      foo: bar\n    labels:\n      baz: egg\n\n  project: my-aiven-project\n  cloudName: google-europe-west1\n  plan: startup-4\n  disk_space: 80Gib\n\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n</code></pre>"},{"location":"api-reference/opensearch.html#OpenSearch","title":"OpenSearch","text":"<p>OpenSearch is the Schema for the opensearches API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>OpenSearch</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). OpenSearchSpec defines the desired state of OpenSearch. See below for nested schema.</li> </ul>"},{"location":"api-reference/opensearch.html#spec","title":"spec","text":"<p>Appears on <code>OpenSearch</code>.</p> <p>OpenSearchSpec defines the desired state of OpenSearch.</p> <p>Required</p> <ul> <li><code>plan</code> (string, MaxLength: 128). Subscription plan.</li> <li><code>project</code> (string, Immutable, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Target project.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>cloudName</code> (string, MaxLength: 256). Cloud the service runs in.</li> <li><code>connInfoSecretTarget</code> (object). Information regarding secret creation. Exposed keys: <code>OPENSEARCH_HOST</code>, <code>OPENSEARCH_PORT</code>, <code>OPENSEARCH_USER</code>, <code>OPENSEARCH_PASSWORD</code>. See below for nested schema.</li> <li><code>disk_space</code> (string, Format: <code>^[1-9][0-9]*(GiB|G)*</code>). The disk space of the service, possible values depend on the service type, the cloud provider and the project. Reducing will result in the service re-balancing.</li> <li><code>maintenanceWindowDow</code> (string, Enum: <code>monday</code>, <code>tuesday</code>, <code>wednesday</code>, <code>thursday</code>, <code>friday</code>, <code>saturday</code>, <code>sunday</code>). Day of week when maintenance operations should be performed. One monday, tuesday, wednesday, etc.</li> <li><code>maintenanceWindowTime</code> (string, MaxLength: 8). Time of day when maintenance operations should be performed. UTC time in HH:mm:ss format.</li> <li><code>projectVPCRef</code> (object). ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically. See below for nested schema.</li> <li><code>projectVpcId</code> (string, MaxLength: 36). Identifier of the VPC the service should be in, if any.</li> <li><code>serviceIntegrations</code> (array of objects, Immutable, MaxItems: 1). Service integrations to specify when creating a service. Not applied after initial service creation. See below for nested schema.</li> <li><code>tags</code> (object, AdditionalProperties: string). Tags are key-value pairs that allow you to categorize services.</li> <li><code>terminationProtection</code> (boolean). Prevent service from being deleted. It is recommended to have this enabled for all services.</li> <li><code>userConfig</code> (object). OpenSearch specific user configuration options. See below for nested schema.</li> </ul>"},{"location":"api-reference/opensearch.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/opensearch.html#spec.connInfoSecretTarget","title":"connInfoSecretTarget","text":"<p>Appears on <code>spec</code>.</p> <p>Information regarding secret creation. Exposed keys: <code>OPENSEARCH_HOST</code>, <code>OPENSEARCH_PORT</code>, <code>OPENSEARCH_USER</code>, <code>OPENSEARCH_PASSWORD</code>.</p> <p>Required</p> <ul> <li><code>name</code> (string). Name of the secret resource to be created. By default, is equal to the resource name.</li> </ul> <p>Optional</p> <ul> <li><code>annotations</code> (object, AdditionalProperties: string). Annotations added to the secret.</li> <li><code>labels</code> (object, AdditionalProperties: string). Labels added to the secret.</li> <li><code>prefix</code> (string). Prefix for the secret's keys. Added \"as is\" without any transformations. By default, is equal to the kind name in uppercase + underscore, e.g. <code>KAFKA_</code>, <code>REDIS_</code>, etc.</li> </ul>"},{"location":"api-reference/opensearch.html#spec.projectVPCRef","title":"projectVPCRef","text":"<p>Appears on <code>spec</code>.</p> <p>ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically.</p> <p>Required</p> <ul> <li><code>name</code> (string, MinLength: 1). </li> </ul> <p>Optional</p> <ul> <li><code>namespace</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/opensearch.html#spec.serviceIntegrations","title":"serviceIntegrations","text":"<p>Appears on <code>spec</code>.</p> <p>Service integrations to specify when creating a service. Not applied after initial service creation.</p> <p>Required</p> <ul> <li><code>integrationType</code> (string, Enum: <code>read_replica</code>). </li> <li><code>sourceServiceName</code> (string, MinLength: 1, MaxLength: 64). </li> </ul>"},{"location":"api-reference/opensearch.html#spec.userConfig","title":"userConfig","text":"<p>Appears on <code>spec</code>.</p> <p>OpenSearch specific user configuration options.</p> <p>Optional</p> <ul> <li><code>additional_backup_regions</code> (array of strings, MaxItems: 1). Additional Cloud Regions for Backup Replication.</li> <li><code>custom_domain</code> (string, MaxLength: 255). Serve the web frontend using a custom CNAME pointing to the Aiven DNS name.</li> <li><code>disable_replication_factor_adjustment</code> (boolean). DEPRECATED: Disable automatic replication factor adjustment for multi-node services. By default, Aiven ensures all indexes are replicated at least to two nodes. Note: Due to potential data loss in case of losing a service node, this setting can no longer be activated.</li> <li><code>index_patterns</code> (array of objects, MaxItems: 512). Index patterns. See below for nested schema.</li> <li><code>index_template</code> (object). Template settings for all new indexes. See below for nested schema.</li> <li><code>ip_filter</code> (array of objects, MaxItems: 1024). Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>. See below for nested schema.</li> <li><code>keep_index_refresh_interval</code> (boolean). Aiven automation resets index.refresh_interval to default value for every index to be sure that indices are always visible to search. If it doesn't fit your case, you can disable this by setting up this flag to true.</li> <li><code>max_index_count</code> (integer, Minimum: 0). DEPRECATED: use index_patterns instead.</li> <li><code>openid</code> (object). OpenSearch OpenID Connect Configuration. See below for nested schema.</li> <li><code>opensearch</code> (object). OpenSearch settings. See below for nested schema.</li> <li><code>opensearch_dashboards</code> (object). OpenSearch Dashboards settings. See below for nested schema.</li> <li><code>opensearch_version</code> (string, Enum: <code>1</code>, <code>2</code>). OpenSearch major version.</li> <li><code>private_access</code> (object). Allow access to selected service ports from private networks. See below for nested schema.</li> <li><code>privatelink_access</code> (object). Allow access to selected service components through Privatelink. See below for nested schema.</li> <li><code>project_to_fork_from</code> (string, Immutable, MaxLength: 63). Name of another project to fork a service from. This has effect only when a new service is being created.</li> <li><code>public_access</code> (object). Allow access to selected service ports from the public Internet. See below for nested schema.</li> <li><code>recovery_basebackup_name</code> (string, Pattern: <code>^[a-zA-Z0-9-_:.]+$</code>, MaxLength: 128). Name of the basebackup to restore in forked service.</li> <li><code>saml</code> (object). OpenSearch SAML configuration. See below for nested schema.</li> <li><code>service_log</code> (boolean). Store logs for the service so that they are available in the HTTP API and console.</li> <li><code>service_to_fork_from</code> (string, Immutable, MaxLength: 64). Name of another service to fork from. This has effect only when a new service is being created.</li> <li><code>static_ips</code> (boolean). Use static public IP addresses.</li> </ul>"},{"location":"api-reference/opensearch.html#spec.userConfig.index_patterns","title":"index_patterns","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Index patterns.</p> <p>Required</p> <ul> <li><code>max_index_count</code> (integer, Minimum: 0). Maximum number of indexes to keep.</li> <li><code>pattern</code> (string, Pattern: <code>^[A-Za-z0-9-_.*?]+$</code>, MaxLength: 1024). fnmatch pattern.</li> </ul> <p>Optional</p> <ul> <li><code>sorting_algorithm</code> (string, Enum: <code>alphabetical</code>, <code>creation_date</code>). Deletion sorting algorithm.</li> </ul>"},{"location":"api-reference/opensearch.html#spec.userConfig.index_template","title":"index_template","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Template settings for all new indexes.</p> <p>Optional</p> <ul> <li><code>mapping_nested_objects_limit</code> (integer, Minimum: 0, Maximum: 100000). The maximum number of nested JSON objects that a single document can contain across all nested types. This limit helps to prevent out of memory errors when a document contains too many nested objects. Default is 10000.</li> <li><code>number_of_replicas</code> (integer, Minimum: 0, Maximum: 29). The number of replicas each primary shard has.</li> <li><code>number_of_shards</code> (integer, Minimum: 1, Maximum: 1024). The number of primary shards that an index should have.</li> </ul>"},{"location":"api-reference/opensearch.html#spec.userConfig.ip_filter","title":"ip_filter","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>.</p> <p>Required</p> <ul> <li><code>network</code> (string, MaxLength: 43). CIDR address block.</li> </ul> <p>Optional</p> <ul> <li><code>description</code> (string, MaxLength: 1024). Description for IP filter list entry.</li> </ul>"},{"location":"api-reference/opensearch.html#spec.userConfig.openid","title":"openid","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>OpenSearch OpenID Connect Configuration.</p> <p>Required</p> <ul> <li><code>client_id</code> (string, MinLength: 1, MaxLength: 1024). The ID of the OpenID Connect client configured in your IdP. Required.</li> <li><code>client_secret</code> (string, MinLength: 1, MaxLength: 1024). The client secret of the OpenID Connect client configured in your IdP. Required.</li> <li><code>connect_url</code> (string, MaxLength: 2048). The URL of your IdP where the Security plugin can find the OpenID Connect metadata/configuration settings.</li> </ul> <p>Optional</p> <ul> <li><code>enabled</code> (boolean). Enables or disables OpenID Connect authentication for OpenSearch. When enabled, users can authenticate using OpenID Connect with an Identity Provider.</li> <li><code>header</code> (string, MinLength: 1, MaxLength: 1024). HTTP header name of the JWT token. Optional. Default is Authorization.</li> <li><code>jwt_header</code> (string, MinLength: 1, MaxLength: 1024). The HTTP header that stores the token. Typically the Authorization header with the Bearer schema: Authorization: Bearer . Optional. Default is Authorization. <li><code>jwt_url_parameter</code> (string, MinLength: 1, MaxLength: 1024). If the token is not transmitted in the HTTP header, but as an URL parameter, define the name of the parameter here. Optional.</li> <li><code>refresh_rate_limit_count</code> (integer, Minimum: 10). The maximum number of unknown key IDs in the time frame. Default is 10. Optional.</li> <li><code>refresh_rate_limit_time_window_ms</code> (integer, Minimum: 10000). The time frame to use when checking the maximum number of unknown key IDs, in milliseconds. Optional.Default is 10000 (10 seconds).</li> <li><code>roles_key</code> (string, MinLength: 1, MaxLength: 1024). The key in the JSON payload that stores the user\u2019s roles. The value of this key must be a comma-separated list of roles. Required only if you want to use roles in the JWT.</li> <li><code>scope</code> (string, MinLength: 1, MaxLength: 1024). The scope of the identity token issued by the IdP. Optional. Default is openid profile email address phone.</li> <li><code>subject_key</code> (string, MinLength: 1, MaxLength: 1024). The key in the JSON payload that stores the user\u2019s name. If not defined, the subject registered claim is used. Most IdP providers use the preferred_username claim. Optional.</li>"},{"location":"api-reference/opensearch.html#spec.userConfig.opensearch","title":"opensearch","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>OpenSearch settings.</p> <p>Optional</p> <ul> <li><code>action_auto_create_index_enabled</code> (boolean). Explicitly allow or block automatic creation of indices. Defaults to true.</li> <li><code>action_destructive_requires_name</code> (boolean). Require explicit index names when deleting.</li> <li><code>auth_failure_listeners</code> (object). Opensearch Security Plugin Settings. See below for nested schema.</li> <li><code>cluster_max_shards_per_node</code> (integer, Minimum: 100, Maximum: 10000). Controls the number of shards allowed in the cluster per data node.</li> <li><code>cluster_routing_allocation_node_concurrent_recoveries</code> (integer, Minimum: 2, Maximum: 16). How many concurrent incoming/outgoing shard recoveries (normally replicas) are allowed to happen on a node. Defaults to 2.</li> <li><code>email_sender_name</code> (string, Pattern: <code>^[a-zA-Z0-9-_]+$</code>, MaxLength: 40). Sender name placeholder to be used in Opensearch Dashboards and Opensearch keystore.</li> <li><code>email_sender_password</code> (string, Pattern: <code>^[^\\x00-\\x1F]+$</code>, MaxLength: 1024). Sender password for Opensearch alerts to authenticate with SMTP server.</li> <li><code>email_sender_username</code> (string, Pattern: <code>^[^\\x00-\\x1F]+$</code>, MaxLength: 320). Sender username for Opensearch alerts.</li> <li><code>http_max_content_length</code> (integer, Minimum: 1, Maximum: 2147483647). Maximum content length for HTTP requests to the OpenSearch HTTP API, in bytes.</li> <li><code>http_max_header_size</code> (integer, Minimum: 1024, Maximum: 262144). The max size of allowed headers, in bytes.</li> <li><code>http_max_initial_line_length</code> (integer, Minimum: 1024, Maximum: 65536). The max length of an HTTP URL, in bytes.</li> <li><code>indices_fielddata_cache_size</code> (integer, Minimum: 3, Maximum: 100). Relative amount. Maximum amount of heap memory used for field data cache. This is an expert setting; decreasing the value too much will increase overhead of loading field data; too much memory used for field data cache will decrease amount of heap available for other operations.</li> <li><code>indices_memory_index_buffer_size</code> (integer, Minimum: 3, Maximum: 40). Percentage value. Default is 10%. Total amount of heap used for indexing buffer, before writing segments to disk. This is an expert setting. Too low value will slow down indexing; too high value will increase indexing performance but causes performance issues for query performance.</li> <li><code>indices_memory_max_index_buffer_size</code> (integer, Minimum: 3, Maximum: 2048). Absolute value. Default is unbound. Doesn't work without indices.memory.index_buffer_size. Maximum amount of heap used for query cache, an absolute indices.memory.index_buffer_size maximum hard limit.</li> <li><code>indices_memory_min_index_buffer_size</code> (integer, Minimum: 3, Maximum: 2048). Absolute value. Default is 48mb. Doesn't work without indices.memory.index_buffer_size. Minimum amount of heap used for query cache, an absolute indices.memory.index_buffer_size minimal hard limit.</li> <li><code>indices_queries_cache_size</code> (integer, Minimum: 3, Maximum: 40). Percentage value. Default is 10%. Maximum amount of heap used for query cache. This is an expert setting. Too low value will decrease query performance and increase performance for other operations; too high value will cause issues with other OpenSearch functionality.</li> <li><code>indices_query_bool_max_clause_count</code> (integer, Minimum: 64, Maximum: 4096). Maximum number of clauses Lucene BooleanQuery can have. The default value (1024) is relatively high, and increasing it may cause performance issues. Investigate other approaches first before increasing this value.</li> <li><code>indices_recovery_max_bytes_per_sec</code> (integer, Minimum: 40, Maximum: 400). Limits total inbound and outbound recovery traffic for each node. Applies to both peer recoveries as well as snapshot recoveries (i.e., restores from a snapshot). Defaults to 40mb.</li> <li><code>indices_recovery_max_concurrent_file_chunks</code> (integer, Minimum: 2, Maximum: 5). Number of file chunks sent in parallel for each recovery. Defaults to 2.</li> <li><code>ism_enabled</code> (boolean). Specifies whether ISM is enabled or not.</li> <li><code>ism_history_enabled</code> (boolean). Specifies whether audit history is enabled or not. The logs from ISM are automatically indexed to a logs document.</li> <li><code>ism_history_max_age</code> (integer, Minimum: 1, Maximum: 2147483647). The maximum age before rolling over the audit history index in hours.</li> <li><code>ism_history_max_docs</code> (integer, Minimum: 1). The maximum number of documents before rolling over the audit history index.</li> <li><code>ism_history_rollover_check_period</code> (integer, Minimum: 1, Maximum: 2147483647). The time between rollover checks for the audit history index in hours.</li> <li><code>ism_history_rollover_retention_period</code> (integer, Minimum: 1, Maximum: 2147483647). How long audit history indices are kept in days.</li> <li><code>override_main_response_version</code> (boolean). Compatibility mode sets OpenSearch to report its version as 7.10 so clients continue to work. Default is false.</li> <li><code>reindex_remote_whitelist</code> (array of strings, MaxItems: 32). Whitelisted addresses for reindexing. Changing this value will cause all OpenSearch instances to restart.</li> <li><code>script_max_compilations_rate</code> (string, MaxLength: 1024). Script compilation circuit breaker limits the number of inline script compilations within a period of time. Default is use-context.</li> <li><code>search_max_buckets</code> (integer, Minimum: 1, Maximum: 1000000). Maximum number of aggregation buckets allowed in a single response. OpenSearch default value is used when this is not defined.</li> <li><code>thread_pool_analyze_queue_size</code> (integer, Minimum: 10, Maximum: 2000). Size for the thread pool queue. See documentation for exact details.</li> <li><code>thread_pool_analyze_size</code> (integer, Minimum: 1, Maximum: 128). Size for the thread pool. See documentation for exact details. Do note this may have maximum value depending on CPU count - value is automatically lowered if set to higher than maximum value.</li> <li><code>thread_pool_force_merge_size</code> (integer, Minimum: 1, Maximum: 128). Size for the thread pool. See documentation for exact details. Do note this may have maximum value depending on CPU count - value is automatically lowered if set to higher than maximum value.</li> <li><code>thread_pool_get_queue_size</code> (integer, Minimum: 10, Maximum: 2000). Size for the thread pool queue. See documentation for exact details.</li> <li><code>thread_pool_get_size</code> (integer, Minimum: 1, Maximum: 128). Size for the thread pool. See documentation for exact details. Do note this may have maximum value depending on CPU count - value is automatically lowered if set to higher than maximum value.</li> <li><code>thread_pool_search_queue_size</code> (integer, Minimum: 10, Maximum: 2000). Size for the thread pool queue. See documentation for exact details.</li> <li><code>thread_pool_search_size</code> (integer, Minimum: 1, Maximum: 128). Size for the thread pool. See documentation for exact details. Do note this may have maximum value depending on CPU count - value is automatically lowered if set to higher than maximum value.</li> <li><code>thread_pool_search_throttled_queue_size</code> (integer, Minimum: 10, Maximum: 2000). Size for the thread pool queue. See documentation for exact details.</li> <li><code>thread_pool_search_throttled_size</code> (integer, Minimum: 1, Maximum: 128). Size for the thread pool. See documentation for exact details. Do note this may have maximum value depending on CPU count - value is automatically lowered if set to higher than maximum value.</li> <li><code>thread_pool_write_queue_size</code> (integer, Minimum: 10, Maximum: 2000). Size for the thread pool queue. See documentation for exact details.</li> <li><code>thread_pool_write_size</code> (integer, Minimum: 1, Maximum: 128). Size for the thread pool. See documentation for exact details. Do note this may have maximum value depending on CPU count - value is automatically lowered if set to higher than maximum value.</li> </ul>"},{"location":"api-reference/opensearch.html#spec.userConfig.opensearch.auth_failure_listeners","title":"auth_failure_listeners","text":"<p>Appears on <code>spec.userConfig.opensearch</code>.</p> <p>Opensearch Security Plugin Settings.</p> <p>Optional</p> <ul> <li><code>internal_authentication_backend_limiting</code> (object).  See below for nested schema.</li> <li><code>ip_rate_limiting</code> (object). IP address rate limiting settings. See below for nested schema.</li> </ul>"},{"location":"api-reference/opensearch.html#spec.userConfig.opensearch.auth_failure_listeners.internal_authentication_backend_limiting","title":"internal_authentication_backend_limiting","text":"<p>Appears on <code>spec.userConfig.opensearch.auth_failure_listeners</code>.</p> <p>Optional</p> <ul> <li><code>allowed_tries</code> (integer, Minimum: 0, Maximum: 2147483647). The number of login attempts allowed before login is blocked.</li> <li><code>authentication_backend</code> (string, Enum: <code>internal</code>, MaxLength: 1024). internal_authentication_backend_limiting.authentication_backend.</li> <li><code>block_expiry_seconds</code> (integer, Minimum: 0, Maximum: 2147483647). The duration of time that login remains blocked after a failed login.</li> <li><code>max_blocked_clients</code> (integer, Minimum: 0, Maximum: 2147483647). internal_authentication_backend_limiting.max_blocked_clients.</li> <li><code>max_tracked_clients</code> (integer, Minimum: 0, Maximum: 2147483647). The maximum number of tracked IP addresses that have failed login.</li> <li><code>time_window_seconds</code> (integer, Minimum: 0, Maximum: 2147483647). The window of time in which the value for <code>allowed_tries</code> is enforced.</li> <li><code>type</code> (string, Enum: <code>username</code>, MaxLength: 1024). internal_authentication_backend_limiting.type.</li> </ul>"},{"location":"api-reference/opensearch.html#spec.userConfig.opensearch.auth_failure_listeners.ip_rate_limiting","title":"ip_rate_limiting","text":"<p>Appears on <code>spec.userConfig.opensearch.auth_failure_listeners</code>.</p> <p>IP address rate limiting settings.</p> <p>Optional</p> <ul> <li><code>allowed_tries</code> (integer, Minimum: 1, Maximum: 2147483647). The number of login attempts allowed before login is blocked.</li> <li><code>block_expiry_seconds</code> (integer, Minimum: 1, Maximum: 36000). The duration of time that login remains blocked after a failed login.</li> <li><code>max_blocked_clients</code> (integer, Minimum: 0, Maximum: 2147483647). The maximum number of blocked IP addresses.</li> <li><code>max_tracked_clients</code> (integer, Minimum: 0, Maximum: 2147483647). The maximum number of tracked IP addresses that have failed login.</li> <li><code>time_window_seconds</code> (integer, Minimum: 1, Maximum: 36000). The window of time in which the value for <code>allowed_tries</code> is enforced.</li> <li><code>type</code> (string, Enum: <code>ip</code>, MaxLength: 1024). The type of rate limiting.</li> </ul>"},{"location":"api-reference/opensearch.html#spec.userConfig.opensearch_dashboards","title":"opensearch_dashboards","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>OpenSearch Dashboards settings.</p> <p>Optional</p> <ul> <li><code>enabled</code> (boolean). Enable or disable OpenSearch Dashboards.</li> <li><code>max_old_space_size</code> (integer, Minimum: 64, Maximum: 2048). Limits the maximum amount of memory (in MiB) the OpenSearch Dashboards process can use. This sets the max_old_space_size option of the nodejs running the OpenSearch Dashboards. Note: the memory reserved by OpenSearch Dashboards is not available for OpenSearch.</li> <li><code>opensearch_request_timeout</code> (integer, Minimum: 5000, Maximum: 120000). Timeout in milliseconds for requests made by OpenSearch Dashboards towards OpenSearch.</li> </ul>"},{"location":"api-reference/opensearch.html#spec.userConfig.private_access","title":"private_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from private networks.</p> <p>Optional</p> <ul> <li><code>opensearch</code> (boolean). Allow clients to connect to opensearch with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> <li><code>opensearch_dashboards</code> (boolean). Allow clients to connect to opensearch_dashboards with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> </ul>"},{"location":"api-reference/opensearch.html#spec.userConfig.privatelink_access","title":"privatelink_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service components through Privatelink.</p> <p>Optional</p> <ul> <li><code>opensearch</code> (boolean). Enable opensearch.</li> <li><code>opensearch_dashboards</code> (boolean). Enable opensearch_dashboards.</li> <li><code>prometheus</code> (boolean). Enable prometheus.</li> </ul>"},{"location":"api-reference/opensearch.html#spec.userConfig.public_access","title":"public_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from the public Internet.</p> <p>Optional</p> <ul> <li><code>opensearch</code> (boolean). Allow clients to connect to opensearch from the public internet for service nodes that are in a project VPC or another type of private network.</li> <li><code>opensearch_dashboards</code> (boolean). Allow clients to connect to opensearch_dashboards from the public internet for service nodes that are in a project VPC or another type of private network.</li> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus from the public internet for service nodes that are in a project VPC or another type of private network.</li> </ul>"},{"location":"api-reference/opensearch.html#spec.userConfig.saml","title":"saml","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>OpenSearch SAML configuration.</p> <p>Required</p> <ul> <li><code>enabled</code> (boolean). Enables or disables SAML-based authentication for OpenSearch. When enabled, users can authenticate using SAML with an Identity Provider.</li> <li><code>idp_entity_id</code> (string, MinLength: 1, MaxLength: 1024). The unique identifier for the Identity Provider (IdP) entity that is used for SAML authentication. This value is typically provided by the IdP.</li> <li><code>idp_metadata_url</code> (string, MinLength: 1, MaxLength: 2048). The URL of the SAML metadata for the Identity Provider (IdP). This is used to configure SAML-based authentication with the IdP.</li> <li><code>sp_entity_id</code> (string, MinLength: 1, MaxLength: 1024). The unique identifier for the Service Provider (SP) entity that is used for SAML authentication. This value is typically provided by the SP.</li> </ul> <p>Optional</p> <ul> <li><code>idp_pemtrustedcas_content</code> (string, MaxLength: 16384). This parameter specifies the PEM-encoded root certificate authority (CA) content for the SAML identity provider (IdP) server verification. The root CA content is used to verify the SSL/TLS certificate presented by the server.</li> <li><code>roles_key</code> (string, MinLength: 1, MaxLength: 256). Optional. Specifies the attribute in the SAML response where role information is stored, if available. Role attributes are not required for SAML authentication, but can be included in SAML assertions by most Identity Providers (IdPs) to determine user access levels or permissions.</li> <li><code>subject_key</code> (string, MinLength: 1, MaxLength: 256). Optional. Specifies the attribute in the SAML response where the subject identifier is stored. If not configured, the NameID attribute is used by default.</li> </ul>"},{"location":"api-reference/postgresql.html","title":"PostgreSQL","text":""},{"location":"api-reference/postgresql.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: PostgreSQL\nmetadata:\n  name: my-postgresql\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: postgresql-secret\n    prefix: MY_SECRET_PREFIX_\n    annotations:\n      foo: bar\n    labels:\n      baz: egg\n\n  project: aiven-project-name\n  cloudName: google-europe-west1\n  plan: startup-4\n\n  maintenanceWindowDow: sunday\n  maintenanceWindowTime: 11:00:00\n\n  userConfig:\n    pg_version: \"15\"\n</code></pre>"},{"location":"api-reference/postgresql.html#PostgreSQL","title":"PostgreSQL","text":"<p>PostgreSQL is the Schema for the postgresql API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>PostgreSQL</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). PostgreSQLSpec defines the desired state of postgres instance. See below for nested schema.</li> </ul>"},{"location":"api-reference/postgresql.html#spec","title":"spec","text":"<p>Appears on <code>PostgreSQL</code>.</p> <p>PostgreSQLSpec defines the desired state of postgres instance.</p> <p>Required</p> <ul> <li><code>plan</code> (string, MaxLength: 128). Subscription plan.</li> <li><code>project</code> (string, Immutable, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Target project.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>cloudName</code> (string, MaxLength: 256). Cloud the service runs in.</li> <li><code>connInfoSecretTarget</code> (object). Information regarding secret creation. Exposed keys: <code>POSTGRESQL_HOST</code>, <code>POSTGRESQL_PORT</code>, <code>POSTGRESQL_DATABASE</code>, <code>POSTGRESQL_USER</code>, <code>POSTGRESQL_PASSWORD</code>, <code>POSTGRESQL_SSLMODE</code>, <code>POSTGRESQL_DATABASE_URI</code>. See below for nested schema.</li> <li><code>disk_space</code> (string, Format: <code>^[1-9][0-9]*(GiB|G)*</code>). The disk space of the service, possible values depend on the service type, the cloud provider and the project. Reducing will result in the service re-balancing.</li> <li><code>maintenanceWindowDow</code> (string, Enum: <code>monday</code>, <code>tuesday</code>, <code>wednesday</code>, <code>thursday</code>, <code>friday</code>, <code>saturday</code>, <code>sunday</code>). Day of week when maintenance operations should be performed. One monday, tuesday, wednesday, etc.</li> <li><code>maintenanceWindowTime</code> (string, MaxLength: 8). Time of day when maintenance operations should be performed. UTC time in HH:mm:ss format.</li> <li><code>projectVPCRef</code> (object). ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically. See below for nested schema.</li> <li><code>projectVpcId</code> (string, MaxLength: 36). Identifier of the VPC the service should be in, if any.</li> <li><code>serviceIntegrations</code> (array of objects, Immutable, MaxItems: 1). Service integrations to specify when creating a service. Not applied after initial service creation. See below for nested schema.</li> <li><code>tags</code> (object, AdditionalProperties: string). Tags are key-value pairs that allow you to categorize services.</li> <li><code>terminationProtection</code> (boolean). Prevent service from being deleted. It is recommended to have this enabled for all services.</li> <li><code>userConfig</code> (object). PostgreSQL specific user configuration options. See below for nested schema.</li> </ul>"},{"location":"api-reference/postgresql.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/postgresql.html#spec.connInfoSecretTarget","title":"connInfoSecretTarget","text":"<p>Appears on <code>spec</code>.</p> <p>Information regarding secret creation. Exposed keys: <code>POSTGRESQL_HOST</code>, <code>POSTGRESQL_PORT</code>, <code>POSTGRESQL_DATABASE</code>, <code>POSTGRESQL_USER</code>, <code>POSTGRESQL_PASSWORD</code>, <code>POSTGRESQL_SSLMODE</code>, <code>POSTGRESQL_DATABASE_URI</code>.</p> <p>Required</p> <ul> <li><code>name</code> (string). Name of the secret resource to be created. By default, is equal to the resource name.</li> </ul> <p>Optional</p> <ul> <li><code>annotations</code> (object, AdditionalProperties: string). Annotations added to the secret.</li> <li><code>labels</code> (object, AdditionalProperties: string). Labels added to the secret.</li> <li><code>prefix</code> (string). Prefix for the secret's keys. Added \"as is\" without any transformations. By default, is equal to the kind name in uppercase + underscore, e.g. <code>KAFKA_</code>, <code>REDIS_</code>, etc.</li> </ul>"},{"location":"api-reference/postgresql.html#spec.projectVPCRef","title":"projectVPCRef","text":"<p>Appears on <code>spec</code>.</p> <p>ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically.</p> <p>Required</p> <ul> <li><code>name</code> (string, MinLength: 1). </li> </ul> <p>Optional</p> <ul> <li><code>namespace</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/postgresql.html#spec.serviceIntegrations","title":"serviceIntegrations","text":"<p>Appears on <code>spec</code>.</p> <p>Service integrations to specify when creating a service. Not applied after initial service creation.</p> <p>Required</p> <ul> <li><code>integrationType</code> (string, Enum: <code>read_replica</code>). </li> <li><code>sourceServiceName</code> (string, MinLength: 1, MaxLength: 64). </li> </ul>"},{"location":"api-reference/postgresql.html#spec.userConfig","title":"userConfig","text":"<p>Appears on <code>spec</code>.</p> <p>PostgreSQL specific user configuration options.</p> <p>Optional</p> <ul> <li><code>additional_backup_regions</code> (array of strings, MaxItems: 1). Additional Cloud Regions for Backup Replication.</li> <li><code>admin_password</code> (string, Immutable, Pattern: <code>^[a-zA-Z0-9-_]+$</code>, MinLength: 8, MaxLength: 256). Custom password for admin user. Defaults to random string. This must be set only when a new service is being created.</li> <li><code>admin_username</code> (string, Immutable, Pattern: <code>^[_A-Za-z0-9][-._A-Za-z0-9]{0,63}$</code>, MaxLength: 64). Custom username for admin user. This must be set only when a new service is being created.</li> <li><code>backup_hour</code> (integer, Minimum: 0, Maximum: 23). The hour of day (in UTC) when backup for the service is started. New backup is only started if previous backup has already completed.</li> <li><code>backup_minute</code> (integer, Minimum: 0, Maximum: 59). The minute of an hour when backup for the service is started. New backup is only started if previous backup has already completed.</li> <li><code>enable_ipv6</code> (boolean). Register AAAA DNS records for the service, and allow IPv6 packets to service ports.</li> <li><code>ip_filter</code> (array of objects, MaxItems: 1024). Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>. See below for nested schema.</li> <li><code>migration</code> (object). Migrate data from existing server. See below for nested schema.</li> <li><code>pg</code> (object). postgresql.conf configuration values. See below for nested schema.</li> <li><code>pg_qualstats</code> (object). System-wide settings for the pg_qualstats extension. See below for nested schema.</li> <li><code>pg_read_replica</code> (boolean). Should the service which is being forked be a read replica (deprecated, use read_replica service integration instead).</li> <li><code>pg_service_to_fork_from</code> (string, Immutable, MaxLength: 64). Name of the PG Service from which to fork (deprecated, use service_to_fork_from). This has effect only when a new service is being created.</li> <li><code>pg_stat_monitor_enable</code> (boolean). Enable the pg_stat_monitor extension. Enabling this extension will cause the cluster to be restarted.When this extension is enabled, pg_stat_statements results for utility commands are unreliable.</li> <li><code>pg_version</code> (string, Enum: <code>11</code>, <code>12</code>, <code>13</code>, <code>14</code>, <code>15</code>). PostgreSQL major version.</li> <li><code>pgbouncer</code> (object). PGBouncer connection pooling settings. See below for nested schema.</li> <li><code>pglookout</code> (object). System-wide settings for pglookout. See below for nested schema.</li> <li><code>private_access</code> (object). Allow access to selected service ports from private networks. See below for nested schema.</li> <li><code>privatelink_access</code> (object). Allow access to selected service components through Privatelink. See below for nested schema.</li> <li><code>project_to_fork_from</code> (string, Immutable, MaxLength: 63). Name of another project to fork a service from. This has effect only when a new service is being created.</li> <li><code>public_access</code> (object). Allow access to selected service ports from the public Internet. See below for nested schema.</li> <li><code>recovery_target_time</code> (string, Immutable, MaxLength: 32). Recovery target time when forking a service. This has effect only when a new service is being created.</li> <li><code>service_log</code> (boolean). Store logs for the service so that they are available in the HTTP API and console.</li> <li><code>service_to_fork_from</code> (string, Immutable, MaxLength: 64). Name of another service to fork from. This has effect only when a new service is being created.</li> <li><code>shared_buffers_percentage</code> (number, Minimum: 20, Maximum: 60). Percentage of total RAM that the database server uses for shared memory buffers. Valid range is 20-60 (float), which corresponds to 20% - 60%. This setting adjusts the shared_buffers configuration value.</li> <li><code>static_ips</code> (boolean). Use static public IP addresses.</li> <li><code>synchronous_replication</code> (string, Enum: <code>quorum</code>, <code>off</code>). Synchronous replication type. Note that the service plan also needs to support synchronous replication.</li> <li><code>timescaledb</code> (object). System-wide settings for the timescaledb extension. See below for nested schema.</li> <li><code>variant</code> (string, Enum: <code>aiven</code>, <code>timescale</code>). Variant of the PostgreSQL service, may affect the features that are exposed by default.</li> <li><code>work_mem</code> (integer, Minimum: 1, Maximum: 1024). Sets the maximum amount of memory to be used by a query operation (such as a sort or hash table) before writing to temporary disk files, in MB. Default is 1MB + 0.075% of total RAM (up to 32MB).</li> </ul>"},{"location":"api-reference/postgresql.html#spec.userConfig.ip_filter","title":"ip_filter","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>.</p> <p>Required</p> <ul> <li><code>network</code> (string, MaxLength: 43). CIDR address block.</li> </ul> <p>Optional</p> <ul> <li><code>description</code> (string, MaxLength: 1024). Description for IP filter list entry.</li> </ul>"},{"location":"api-reference/postgresql.html#spec.userConfig.migration","title":"migration","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Migrate data from existing server.</p> <p>Required</p> <ul> <li><code>host</code> (string, MaxLength: 255). Hostname or IP address of the server where to migrate data from.</li> <li><code>port</code> (integer, Minimum: 1, Maximum: 65535). Port number of the server where to migrate data from.</li> </ul> <p>Optional</p> <ul> <li><code>dbname</code> (string, MaxLength: 63). Database name for bootstrapping the initial connection.</li> <li><code>ignore_dbs</code> (string, MaxLength: 2048). Comma-separated list of databases, which should be ignored during migration (supported by MySQL and PostgreSQL only at the moment).</li> <li><code>method</code> (string, Enum: <code>dump</code>, <code>replication</code>). The migration method to be used (currently supported only by Redis, Dragonfly, MySQL and PostgreSQL service types).</li> <li><code>password</code> (string, MaxLength: 256). Password for authentication with the server where to migrate data from.</li> <li><code>ssl</code> (boolean). The server where to migrate data from is secured with SSL.</li> <li><code>username</code> (string, MaxLength: 256). User name for authentication with the server where to migrate data from.</li> </ul>"},{"location":"api-reference/postgresql.html#spec.userConfig.pg","title":"pg","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>postgresql.conf configuration values.</p> <p>Optional</p> <ul> <li><code>autovacuum_analyze_scale_factor</code> (number, Minimum: 0, Maximum: 1). Specifies a fraction of the table size to add to autovacuum_analyze_threshold when deciding whether to trigger an ANALYZE. The default is 0.2 (20% of table size).</li> <li><code>autovacuum_analyze_threshold</code> (integer, Minimum: 0, Maximum: 2147483647). Specifies the minimum number of inserted, updated or deleted tuples needed to trigger an  ANALYZE in any one table. The default is 50 tuples.</li> <li><code>autovacuum_freeze_max_age</code> (integer, Minimum: 200000000, Maximum: 1500000000). Specifies the maximum age (in transactions) that a table's pg_class.relfrozenxid field can attain before a VACUUM operation is forced to prevent transaction ID wraparound within the table. Note that the system will launch autovacuum processes to prevent wraparound even when autovacuum is otherwise disabled. This parameter will cause the server to be restarted.</li> <li><code>autovacuum_max_workers</code> (integer, Minimum: 1, Maximum: 20). Specifies the maximum number of autovacuum processes (other than the autovacuum launcher) that may be running at any one time. The default is three. This parameter can only be set at server start.</li> <li><code>autovacuum_naptime</code> (integer, Minimum: 1, Maximum: 86400). Specifies the minimum delay between autovacuum runs on any given database. The delay is measured in seconds, and the default is one minute.</li> <li><code>autovacuum_vacuum_cost_delay</code> (integer, Minimum: -1, Maximum: 100). Specifies the cost delay value that will be used in automatic VACUUM operations. If -1 is specified, the regular vacuum_cost_delay value will be used. The default value is 20 milliseconds.</li> <li><code>autovacuum_vacuum_cost_limit</code> (integer, Minimum: -1, Maximum: 10000). Specifies the cost limit value that will be used in automatic VACUUM operations. If -1 is specified (which is the default), the regular vacuum_cost_limit value will be used.</li> <li><code>autovacuum_vacuum_scale_factor</code> (number, Minimum: 0, Maximum: 1). Specifies a fraction of the table size to add to autovacuum_vacuum_threshold when deciding whether to trigger a VACUUM. The default is 0.2 (20% of table size).</li> <li><code>autovacuum_vacuum_threshold</code> (integer, Minimum: 0, Maximum: 2147483647). Specifies the minimum number of updated or deleted tuples needed to trigger a VACUUM in any one table. The default is 50 tuples.</li> <li><code>bgwriter_delay</code> (integer, Minimum: 10, Maximum: 10000). Specifies the delay between activity rounds for the background writer in milliseconds. Default is 200.</li> <li><code>bgwriter_flush_after</code> (integer, Minimum: 0, Maximum: 2048). Whenever more than bgwriter_flush_after bytes have been written by the background writer, attempt to force the OS to issue these writes to the underlying storage. Specified in kilobytes, default is 512. Setting of 0 disables forced writeback.</li> <li><code>bgwriter_lru_maxpages</code> (integer, Minimum: 0, Maximum: 1073741823). In each round, no more than this many buffers will be written by the background writer. Setting this to zero disables background writing. Default is 100.</li> <li><code>bgwriter_lru_multiplier</code> (number, Minimum: 0, Maximum: 10). The average recent need for new buffers is multiplied by bgwriter_lru_multiplier to arrive at an estimate of the number that will be needed during the next round, (up to bgwriter_lru_maxpages). 1.0 represents a \u201cjust in time\u201d policy of writing exactly the number of buffers predicted to be needed. Larger values provide some cushion against spikes in demand, while smaller values intentionally leave writes to be done by server processes. The default is 2.0.</li> <li><code>deadlock_timeout</code> (integer, Minimum: 500, Maximum: 1800000). This is the amount of time, in milliseconds, to wait on a lock before checking to see if there is a deadlock condition.</li> <li><code>default_toast_compression</code> (string, Enum: <code>lz4</code>, <code>pglz</code>). Specifies the default TOAST compression method for values of compressible columns (the default is lz4).</li> <li><code>idle_in_transaction_session_timeout</code> (integer, Minimum: 0, Maximum: 604800000). Time out sessions with open transactions after this number of milliseconds.</li> <li><code>jit</code> (boolean). Controls system-wide use of Just-in-Time Compilation (JIT).</li> <li><code>log_autovacuum_min_duration</code> (integer, Minimum: -1, Maximum: 2147483647). Causes each action executed by autovacuum to be logged if it ran for at least the specified number of milliseconds. Setting this to zero logs all autovacuum actions. Minus-one (the default) disables logging autovacuum actions.</li> <li><code>log_error_verbosity</code> (string, Enum: <code>TERSE</code>, <code>DEFAULT</code>, <code>VERBOSE</code>). Controls the amount of detail written in the server log for each message that is logged.</li> <li><code>log_line_prefix</code> (string, Enum: <code>'pid=%p,user=%u,db=%d,app=%a,client=%h '</code>, <code>'%t [%p]: [%l-1] user=%u,db=%d,app=%a,client=%h '</code>, <code>'%m [%p] %q[user=%u,db=%d,app=%a] '</code>). Choose from one of the available log-formats. These can support popular log analyzers like pgbadger, pganalyze etc.</li> <li><code>log_min_duration_statement</code> (integer, Minimum: -1, Maximum: 86400000). Log statements that take more than this number of milliseconds to run, -1 disables.</li> <li><code>log_temp_files</code> (integer, Minimum: -1, Maximum: 2147483647). Log statements for each temporary file created larger than this number of kilobytes, -1 disables.</li> <li><code>max_files_per_process</code> (integer, Minimum: 1000, Maximum: 4096). PostgreSQL maximum number of files that can be open per process.</li> <li><code>max_locks_per_transaction</code> (integer, Minimum: 64, Maximum: 6400). PostgreSQL maximum locks per transaction.</li> <li><code>max_logical_replication_workers</code> (integer, Minimum: 4, Maximum: 64). PostgreSQL maximum logical replication workers (taken from the pool of max_parallel_workers).</li> <li><code>max_parallel_workers</code> (integer, Minimum: 0, Maximum: 96). Sets the maximum number of workers that the system can support for parallel queries.</li> <li><code>max_parallel_workers_per_gather</code> (integer, Minimum: 0, Maximum: 96). Sets the maximum number of workers that can be started by a single Gather or Gather Merge node.</li> <li><code>max_pred_locks_per_transaction</code> (integer, Minimum: 64, Maximum: 5120). PostgreSQL maximum predicate locks per transaction.</li> <li><code>max_prepared_transactions</code> (integer, Minimum: 0, Maximum: 10000). PostgreSQL maximum prepared transactions.</li> <li><code>max_replication_slots</code> (integer, Minimum: 8, Maximum: 64). PostgreSQL maximum replication slots.</li> <li><code>max_slot_wal_keep_size</code> (integer, Minimum: -1, Maximum: 2147483647). PostgreSQL maximum WAL size (MB) reserved for replication slots. Default is -1 (unlimited). wal_keep_size minimum WAL size setting takes precedence over this.</li> <li><code>max_stack_depth</code> (integer, Minimum: 2097152, Maximum: 6291456). Maximum depth of the stack in bytes.</li> <li><code>max_standby_archive_delay</code> (integer, Minimum: 1, Maximum: 43200000). Max standby archive delay in milliseconds.</li> <li><code>max_standby_streaming_delay</code> (integer, Minimum: 1, Maximum: 43200000). Max standby streaming delay in milliseconds.</li> <li><code>max_wal_senders</code> (integer, Minimum: 20, Maximum: 64). PostgreSQL maximum WAL senders.</li> <li><code>max_worker_processes</code> (integer, Minimum: 8, Maximum: 96). Sets the maximum number of background processes that the system can support.</li> <li><code>pg_partman_bgw.interval</code> (integer, Minimum: 3600, Maximum: 604800). Sets the time interval to run pg_partman's scheduled tasks.</li> <li><code>pg_partman_bgw.role</code> (string, Pattern: <code>^[_A-Za-z0-9][-._A-Za-z0-9]{0,63}$</code>, MaxLength: 64). Controls which role to use for pg_partman's scheduled background tasks.</li> <li><code>pg_stat_monitor.pgsm_enable_query_plan</code> (boolean). Enables or disables query plan monitoring.</li> <li><code>pg_stat_monitor.pgsm_max_buckets</code> (integer, Minimum: 1, Maximum: 10). Sets the maximum number of buckets.</li> <li><code>pg_stat_statements.track</code> (string, Enum: <code>all</code>, <code>top</code>, <code>none</code>). Controls which statements are counted. Specify top to track top-level statements (those issued directly by clients), all to also track nested statements (such as statements invoked within functions), or none to disable statement statistics collection. The default value is top.</li> <li><code>temp_file_limit</code> (integer, Minimum: -1, Maximum: 2147483647). PostgreSQL temporary file limit in KiB, -1 for unlimited.</li> <li><code>timezone</code> (string, MaxLength: 64). PostgreSQL service timezone.</li> <li><code>track_activity_query_size</code> (integer, Minimum: 1024, Maximum: 10240). Specifies the number of bytes reserved to track the currently executing command for each active session.</li> <li><code>track_commit_timestamp</code> (string, Enum: <code>off</code>, <code>on</code>). Record commit time of transactions.</li> <li><code>track_functions</code> (string, Enum: <code>all</code>, <code>pl</code>, <code>none</code>). Enables tracking of function call counts and time used.</li> <li><code>track_io_timing</code> (string, Enum: <code>off</code>, <code>on</code>). Enables timing of database I/O calls. This parameter is off by default, because it will repeatedly query the operating system for the current time, which may cause significant overhead on some platforms.</li> <li><code>wal_sender_timeout</code> (integer). Terminate replication connections that are inactive for longer than this amount of time, in milliseconds. Setting this value to zero disables the timeout.</li> <li><code>wal_writer_delay</code> (integer, Minimum: 10, Maximum: 200). WAL flush interval in milliseconds. Note that setting this value to lower than the default 200ms may negatively impact performance.</li> </ul>"},{"location":"api-reference/postgresql.html#spec.userConfig.pg_qualstats","title":"pg_qualstats","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>System-wide settings for the pg_qualstats extension.</p> <p>Optional</p> <ul> <li><code>enabled</code> (boolean). Enable / Disable pg_qualstats.</li> <li><code>min_err_estimate_num</code> (integer, Minimum: 0). Error estimation num threshold to save quals.</li> <li><code>min_err_estimate_ratio</code> (integer, Minimum: 0). Error estimation ratio threshold to save quals.</li> <li><code>track_constants</code> (boolean). Enable / Disable pg_qualstats constants tracking.</li> <li><code>track_pg_catalog</code> (boolean). Track quals on system catalogs too.</li> </ul>"},{"location":"api-reference/postgresql.html#spec.userConfig.pgbouncer","title":"pgbouncer","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>PGBouncer connection pooling settings.</p> <p>Optional</p> <ul> <li><code>autodb_idle_timeout</code> (integer, Minimum: 0, Maximum: 86400). If the automatically created database pools have been unused this many seconds, they are freed. If 0 then timeout is disabled. [seconds].</li> <li><code>autodb_max_db_connections</code> (integer, Minimum: 0, Maximum: 2147483647). Do not allow more than this many server connections per database (regardless of user). Setting it to 0 means unlimited.</li> <li><code>autodb_pool_mode</code> (string, Enum: <code>session</code>, <code>transaction</code>, <code>statement</code>). PGBouncer pool mode.</li> <li><code>autodb_pool_size</code> (integer, Minimum: 0, Maximum: 10000). If non-zero then create automatically a pool of that size per user when a pool doesn't exist.</li> <li><code>ignore_startup_parameters</code> (array of strings, MaxItems: 32). List of parameters to ignore when given in startup packet.</li> <li><code>min_pool_size</code> (integer, Minimum: 0, Maximum: 10000). Add more server connections to pool if below this number. Improves behavior when usual load comes suddenly back after period of total inactivity. The value is effectively capped at the pool size.</li> <li><code>server_idle_timeout</code> (integer, Minimum: 0, Maximum: 86400). If a server connection has been idle more than this many seconds it will be dropped. If 0 then timeout is disabled. [seconds].</li> <li><code>server_lifetime</code> (integer, Minimum: 60, Maximum: 86400). The pooler will close an unused server connection that has been connected longer than this. [seconds].</li> <li><code>server_reset_query_always</code> (boolean). Run server_reset_query (DISCARD ALL) in all pooling modes.</li> </ul>"},{"location":"api-reference/postgresql.html#spec.userConfig.pglookout","title":"pglookout","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>System-wide settings for pglookout.</p> <p>Required</p> <ul> <li><code>max_failover_replication_time_lag</code> (integer, Minimum: 10). Number of seconds of master unavailability before triggering database failover to standby.</li> </ul>"},{"location":"api-reference/postgresql.html#spec.userConfig.private_access","title":"private_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from private networks.</p> <p>Optional</p> <ul> <li><code>pg</code> (boolean). Allow clients to connect to pg with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> <li><code>pgbouncer</code> (boolean). Allow clients to connect to pgbouncer with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> </ul>"},{"location":"api-reference/postgresql.html#spec.userConfig.privatelink_access","title":"privatelink_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service components through Privatelink.</p> <p>Optional</p> <ul> <li><code>pg</code> (boolean). Enable pg.</li> <li><code>pgbouncer</code> (boolean). Enable pgbouncer.</li> <li><code>prometheus</code> (boolean). Enable prometheus.</li> </ul>"},{"location":"api-reference/postgresql.html#spec.userConfig.public_access","title":"public_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from the public Internet.</p> <p>Optional</p> <ul> <li><code>pg</code> (boolean). Allow clients to connect to pg from the public internet for service nodes that are in a project VPC or another type of private network.</li> <li><code>pgbouncer</code> (boolean). Allow clients to connect to pgbouncer from the public internet for service nodes that are in a project VPC or another type of private network.</li> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus from the public internet for service nodes that are in a project VPC or another type of private network.</li> </ul>"},{"location":"api-reference/postgresql.html#spec.userConfig.timescaledb","title":"timescaledb","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>System-wide settings for the timescaledb extension.</p> <p>Required</p> <ul> <li><code>max_background_workers</code> (integer, Minimum: 1, Maximum: 4096). The number of background workers for timescaledb operations. You should configure this setting to the sum of your number of databases and the total number of concurrent background workers you want running at any given point in time.</li> </ul>"},{"location":"api-reference/project.html","title":"Project","text":""},{"location":"api-reference/project.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: Project\nmetadata:\n  name: my-project\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: project-secret\n    prefix: MY_SECRET_PREFIX_\n    annotations:\n      foo: bar\n    labels:\n      baz: egg\n\n  tags:\n    env: prod\n\n  billingAddress: NYC\n  cloud: aws-eu-west-1\n</code></pre>"},{"location":"api-reference/project.html#Project","title":"Project","text":"<p>Project is the Schema for the projects API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>Project</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). ProjectSpec defines the desired state of Project. See below for nested schema.</li> </ul>"},{"location":"api-reference/project.html#spec","title":"spec","text":"<p>Appears on <code>Project</code>.</p> <p>ProjectSpec defines the desired state of Project.</p> <p>Optional</p> <ul> <li><code>accountId</code> (string, MaxLength: 32). Account ID.</li> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>billingAddress</code> (string, MaxLength: 1000). Billing name and address of the project.</li> <li><code>billingCurrency</code> (string, Enum: <code>AUD</code>, <code>CAD</code>, <code>CHF</code>, <code>DKK</code>, <code>EUR</code>, <code>GBP</code>, <code>NOK</code>, <code>SEK</code>, <code>USD</code>). Billing currency.</li> <li><code>billingEmails</code> (array of strings, MaxItems: 10). Billing contact emails of the project.</li> <li><code>billingExtraText</code> (string, MaxLength: 1000). Extra text to be included in all project invoices, e.g. purchase order or cost center number.</li> <li><code>billingGroupId</code> (string, MinLength: 36, MaxLength: 36). BillingGroup ID.</li> <li><code>cardId</code> (string, MaxLength: 64). Credit card ID; The ID may be either last 4 digits of the card or the actual ID.</li> <li><code>cloud</code> (string, MaxLength: 256). Target cloud, example: aws-eu-central-1.</li> <li><code>connInfoSecretTarget</code> (object). Information regarding secret creation. Exposed keys: <code>PROJECT_CA_CERT</code>. See below for nested schema.</li> <li><code>copyFromProject</code> (string, MaxLength: 63). Project name from which to copy settings to the new project.</li> <li><code>countryCode</code> (string, MinLength: 2, MaxLength: 2). Billing country code of the project.</li> <li><code>tags</code> (object, AdditionalProperties: string). Tags are key-value pairs that allow you to categorize projects.</li> <li><code>technicalEmails</code> (array of strings, MaxItems: 10). Technical contact emails of the project.</li> </ul>"},{"location":"api-reference/project.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/project.html#spec.connInfoSecretTarget","title":"connInfoSecretTarget","text":"<p>Appears on <code>spec</code>.</p> <p>Information regarding secret creation. Exposed keys: <code>PROJECT_CA_CERT</code>.</p> <p>Required</p> <ul> <li><code>name</code> (string). Name of the secret resource to be created. By default, is equal to the resource name.</li> </ul> <p>Optional</p> <ul> <li><code>annotations</code> (object, AdditionalProperties: string). Annotations added to the secret.</li> <li><code>labels</code> (object, AdditionalProperties: string). Labels added to the secret.</li> <li><code>prefix</code> (string). Prefix for the secret's keys. Added \"as is\" without any transformations. By default, is equal to the kind name in uppercase + underscore, e.g. <code>KAFKA_</code>, <code>REDIS_</code>, etc.</li> </ul>"},{"location":"api-reference/projectvpc.html","title":"ProjectVPC","text":""},{"location":"api-reference/projectvpc.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: ProjectVPC\nmetadata:\n  name: my-project-vpc\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: aiven-project-name\n  cloudName: google-europe-west1\n  networkCidr: 10.0.0.0/24\n</code></pre>"},{"location":"api-reference/projectvpc.html#ProjectVPC","title":"ProjectVPC","text":"<p>ProjectVPC is the Schema for the projectvpcs API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>ProjectVPC</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). ProjectVPCSpec defines the desired state of ProjectVPC. See below for nested schema.</li> </ul>"},{"location":"api-reference/projectvpc.html#spec","title":"spec","text":"<p>Appears on <code>ProjectVPC</code>.</p> <p>ProjectVPCSpec defines the desired state of ProjectVPC.</p> <p>Required</p> <ul> <li><code>cloudName</code> (string, Immutable, MaxLength: 256). Cloud the VPC is in.</li> <li><code>networkCidr</code> (string, Immutable, MaxLength: 36). Network address range used by the VPC like 192.168.0.0/24.</li> <li><code>project</code> (string, Immutable, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). The project the VPC belongs to.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> </ul>"},{"location":"api-reference/projectvpc.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/redis.html","title":"Redis","text":""},{"location":"api-reference/redis.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: Redis\nmetadata:\n  name: k8s-redis\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: redis-token\n    prefix: MY_SECRET_PREFIX_\n    annotations:\n      foo: bar\n    labels:\n      baz: egg\n\n  project: my-aiven-project\n  cloudName: google-europe-west1\n  plan: startup-4\n\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n\n  userConfig:\n    redis_maxmemory_policy: \"allkeys-random\"\n</code></pre>"},{"location":"api-reference/redis.html#Redis","title":"Redis","text":"<p>Redis is the Schema for the redis API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>Redis</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). RedisSpec defines the desired state of Redis. See below for nested schema.</li> </ul>"},{"location":"api-reference/redis.html#spec","title":"spec","text":"<p>Appears on <code>Redis</code>.</p> <p>RedisSpec defines the desired state of Redis.</p> <p>Required</p> <ul> <li><code>plan</code> (string, MaxLength: 128). Subscription plan.</li> <li><code>project</code> (string, Immutable, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Target project.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>cloudName</code> (string, MaxLength: 256). Cloud the service runs in.</li> <li><code>connInfoSecretTarget</code> (object). Information regarding secret creation. Exposed keys: <code>REDIS_HOST</code>, <code>REDIS_PORT</code>, <code>REDIS_USER</code>, <code>REDIS_PASSWORD</code>. See below for nested schema.</li> <li><code>disk_space</code> (string, Format: <code>^[1-9][0-9]*(GiB|G)*</code>). The disk space of the service, possible values depend on the service type, the cloud provider and the project. Reducing will result in the service re-balancing.</li> <li><code>maintenanceWindowDow</code> (string, Enum: <code>monday</code>, <code>tuesday</code>, <code>wednesday</code>, <code>thursday</code>, <code>friday</code>, <code>saturday</code>, <code>sunday</code>). Day of week when maintenance operations should be performed. One monday, tuesday, wednesday, etc.</li> <li><code>maintenanceWindowTime</code> (string, MaxLength: 8). Time of day when maintenance operations should be performed. UTC time in HH:mm:ss format.</li> <li><code>projectVPCRef</code> (object). ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically. See below for nested schema.</li> <li><code>projectVpcId</code> (string, MaxLength: 36). Identifier of the VPC the service should be in, if any.</li> <li><code>serviceIntegrations</code> (array of objects, Immutable, MaxItems: 1). Service integrations to specify when creating a service. Not applied after initial service creation. See below for nested schema.</li> <li><code>tags</code> (object, AdditionalProperties: string). Tags are key-value pairs that allow you to categorize services.</li> <li><code>terminationProtection</code> (boolean). Prevent service from being deleted. It is recommended to have this enabled for all services.</li> <li><code>userConfig</code> (object). Redis specific user configuration options. See below for nested schema.</li> </ul>"},{"location":"api-reference/redis.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/redis.html#spec.connInfoSecretTarget","title":"connInfoSecretTarget","text":"<p>Appears on <code>spec</code>.</p> <p>Information regarding secret creation. Exposed keys: <code>REDIS_HOST</code>, <code>REDIS_PORT</code>, <code>REDIS_USER</code>, <code>REDIS_PASSWORD</code>.</p> <p>Required</p> <ul> <li><code>name</code> (string). Name of the secret resource to be created. By default, is equal to the resource name.</li> </ul> <p>Optional</p> <ul> <li><code>annotations</code> (object, AdditionalProperties: string). Annotations added to the secret.</li> <li><code>labels</code> (object, AdditionalProperties: string). Labels added to the secret.</li> <li><code>prefix</code> (string). Prefix for the secret's keys. Added \"as is\" without any transformations. By default, is equal to the kind name in uppercase + underscore, e.g. <code>KAFKA_</code>, <code>REDIS_</code>, etc.</li> </ul>"},{"location":"api-reference/redis.html#spec.projectVPCRef","title":"projectVPCRef","text":"<p>Appears on <code>spec</code>.</p> <p>ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically.</p> <p>Required</p> <ul> <li><code>name</code> (string, MinLength: 1). </li> </ul> <p>Optional</p> <ul> <li><code>namespace</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/redis.html#spec.serviceIntegrations","title":"serviceIntegrations","text":"<p>Appears on <code>spec</code>.</p> <p>Service integrations to specify when creating a service. Not applied after initial service creation.</p> <p>Required</p> <ul> <li><code>integrationType</code> (string, Enum: <code>read_replica</code>). </li> <li><code>sourceServiceName</code> (string, MinLength: 1, MaxLength: 64). </li> </ul>"},{"location":"api-reference/redis.html#spec.userConfig","title":"userConfig","text":"<p>Appears on <code>spec</code>.</p> <p>Redis specific user configuration options.</p> <p>Optional</p> <ul> <li><code>additional_backup_regions</code> (array of strings, MaxItems: 1). Additional Cloud Regions for Backup Replication.</li> <li><code>ip_filter</code> (array of objects, MaxItems: 1024). Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>. See below for nested schema.</li> <li><code>migration</code> (object). Migrate data from existing server. See below for nested schema.</li> <li><code>private_access</code> (object). Allow access to selected service ports from private networks. See below for nested schema.</li> <li><code>privatelink_access</code> (object). Allow access to selected service components through Privatelink. See below for nested schema.</li> <li><code>project_to_fork_from</code> (string, Immutable, MaxLength: 63). Name of another project to fork a service from. This has effect only when a new service is being created.</li> <li><code>public_access</code> (object). Allow access to selected service ports from the public Internet. See below for nested schema.</li> <li><code>recovery_basebackup_name</code> (string, Pattern: <code>^[a-zA-Z0-9-_:.]+$</code>, MaxLength: 128). Name of the basebackup to restore in forked service.</li> <li><code>redis_acl_channels_default</code> (string, Enum: <code>allchannels</code>, <code>resetchannels</code>). Determines default pub/sub channels' ACL for new users if ACL is not supplied. When this option is not defined, all_channels is assumed to keep backward compatibility. This option doesn't affect Redis configuration acl-pubsub-default.</li> <li><code>redis_io_threads</code> (integer, Minimum: 1, Maximum: 32). Set Redis IO thread count. Changing this will cause a restart of the Redis service.</li> <li><code>redis_lfu_decay_time</code> (integer, Minimum: 1, Maximum: 120). LFU maxmemory-policy counter decay time in minutes.</li> <li><code>redis_lfu_log_factor</code> (integer, Minimum: 0, Maximum: 100). Counter logarithm factor for volatile-lfu and allkeys-lfu maxmemory-policies.</li> <li><code>redis_maxmemory_policy</code> (string, Enum: <code>noeviction</code>, <code>allkeys-lru</code>, <code>volatile-lru</code>, <code>allkeys-random</code>, <code>volatile-random</code>, <code>volatile-ttl</code>, <code>volatile-lfu</code>, <code>allkeys-lfu</code>). Redis maxmemory-policy.</li> <li><code>redis_notify_keyspace_events</code> (string, Pattern: <code>^[KEg\\$lshzxeA]*$</code>, MaxLength: 32). Set notify-keyspace-events option.</li> <li><code>redis_number_of_databases</code> (integer, Minimum: 1, Maximum: 128). Set number of Redis databases. Changing this will cause a restart of the Redis service.</li> <li><code>redis_persistence</code> (string, Enum: <code>off</code>, <code>rdb</code>). When persistence is <code>rdb</code>, Redis does RDB dumps each 10 minutes if any key is changed. Also RDB dumps are done according to backup schedule for backup purposes. When persistence is <code>off</code>, no RDB dumps and backups are done, so data can be lost at any moment if service is restarted for any reason, or if service is powered off. Also service can't be forked.</li> <li><code>redis_pubsub_client_output_buffer_limit</code> (integer, Minimum: 32, Maximum: 512). Set output buffer limit for pub / sub clients in MB. The value is the hard limit, the soft limit is 1/4 of the hard limit. When setting the limit, be mindful of the available memory in the selected service plan.</li> <li><code>redis_ssl</code> (boolean). Require SSL to access Redis.</li> <li><code>redis_timeout</code> (integer, Minimum: 0, Maximum: 31536000). Redis idle connection timeout in seconds.</li> <li><code>service_log</code> (boolean). Store logs for the service so that they are available in the HTTP API and console.</li> <li><code>service_to_fork_from</code> (string, Immutable, MaxLength: 64). Name of another service to fork from. This has effect only when a new service is being created.</li> <li><code>static_ips</code> (boolean). Use static public IP addresses.</li> </ul>"},{"location":"api-reference/redis.html#spec.userConfig.ip_filter","title":"ip_filter","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>.</p> <p>Required</p> <ul> <li><code>network</code> (string, MaxLength: 43). CIDR address block.</li> </ul> <p>Optional</p> <ul> <li><code>description</code> (string, MaxLength: 1024). Description for IP filter list entry.</li> </ul>"},{"location":"api-reference/redis.html#spec.userConfig.migration","title":"migration","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Migrate data from existing server.</p> <p>Required</p> <ul> <li><code>host</code> (string, MaxLength: 255). Hostname or IP address of the server where to migrate data from.</li> <li><code>port</code> (integer, Minimum: 1, Maximum: 65535). Port number of the server where to migrate data from.</li> </ul> <p>Optional</p> <ul> <li><code>dbname</code> (string, MaxLength: 63). Database name for bootstrapping the initial connection.</li> <li><code>ignore_dbs</code> (string, MaxLength: 2048). Comma-separated list of databases, which should be ignored during migration (supported by MySQL and PostgreSQL only at the moment).</li> <li><code>method</code> (string, Enum: <code>dump</code>, <code>replication</code>). The migration method to be used (currently supported only by Redis, Dragonfly, MySQL and PostgreSQL service types).</li> <li><code>password</code> (string, MaxLength: 256). Password for authentication with the server where to migrate data from.</li> <li><code>ssl</code> (boolean). The server where to migrate data from is secured with SSL.</li> <li><code>username</code> (string, MaxLength: 256). User name for authentication with the server where to migrate data from.</li> </ul>"},{"location":"api-reference/redis.html#spec.userConfig.private_access","title":"private_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from private networks.</p> <p>Optional</p> <ul> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> <li><code>redis</code> (boolean). Allow clients to connect to redis with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> </ul>"},{"location":"api-reference/redis.html#spec.userConfig.privatelink_access","title":"privatelink_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service components through Privatelink.</p> <p>Optional</p> <ul> <li><code>prometheus</code> (boolean). Enable prometheus.</li> <li><code>redis</code> (boolean). Enable redis.</li> </ul>"},{"location":"api-reference/redis.html#spec.userConfig.public_access","title":"public_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from the public Internet.</p> <p>Optional</p> <ul> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus from the public internet for service nodes that are in a project VPC or another type of private network.</li> <li><code>redis</code> (boolean). Allow clients to connect to redis from the public internet for service nodes that are in a project VPC or another type of private network.</li> </ul>"},{"location":"api-reference/serviceintegration.html","title":"ServiceIntegration","text":""},{"location":"api-reference/serviceintegration.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: ServiceIntegration\nmetadata:\n  name: my-service-integration\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: aiven-project-name\n\n  integrationType: kafka_logs\n  sourceServiceName: my-source-service-name\n  destinationServiceName: my-destination-service-name\n\n  kafkaLogs:\n    kafka_topic: my-kafka-topic\n</code></pre>"},{"location":"api-reference/serviceintegration.html#ServiceIntegration","title":"ServiceIntegration","text":"<p>ServiceIntegration is the Schema for the serviceintegrations API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>ServiceIntegration</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). ServiceIntegrationSpec defines the desired state of ServiceIntegration. See below for nested schema.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec","title":"spec","text":"<p>Appears on <code>ServiceIntegration</code>.</p> <p>ServiceIntegrationSpec defines the desired state of ServiceIntegration.</p> <p>Required</p> <ul> <li><code>integrationType</code> (string, Enum: <code>alertmanager</code>, <code>autoscaler</code>, <code>caching</code>, <code>cassandra_cross_service_cluster</code>, <code>clickhouse_kafka</code>, <code>clickhouse_postgresql</code>, <code>dashboard</code>, <code>datadog</code>, <code>datasource</code>, <code>external_aws_cloudwatch_logs</code>, <code>external_aws_cloudwatch_metrics</code>, <code>external_elasticsearch_logs</code>, <code>external_google_cloud_logging</code>, <code>external_opensearch_logs</code>, <code>flink</code>, <code>flink_external_kafka</code>, <code>internal_connectivity</code>, <code>jolokia</code>, <code>kafka_connect</code>, <code>kafka_logs</code>, <code>kafka_mirrormaker</code>, <code>logs</code>, <code>m3aggregator</code>, <code>m3coordinator</code>, <code>metrics</code>, <code>opensearch_cross_cluster_replication</code>, <code>opensearch_cross_cluster_search</code>, <code>prometheus</code>, <code>read_replica</code>, <code>rsyslog</code>, <code>schema_registry_proxy</code>, <code>stresstester</code>, <code>thanosquery</code>, <code>thanosstore</code>, <code>vmalert</code>, Immutable). Type of the service integration accepted by Aiven API. Some values may not be supported by the operator.</li> <li><code>project</code> (string, Immutable, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Project the integration belongs to.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>clickhouseKafka</code> (object). Clickhouse Kafka configuration values. See below for nested schema.</li> <li><code>clickhousePostgresql</code> (object). Clickhouse PostgreSQL configuration values. See below for nested schema.</li> <li><code>datadog</code> (object). Datadog specific user configuration options. See below for nested schema.</li> <li><code>destinationEndpointId</code> (string, Immutable, MaxLength: 36). Destination endpoint for the integration (if any).</li> <li><code>destinationProjectName</code> (string, Immutable, MaxLength: 63). Destination project for the integration (if any).</li> <li><code>destinationServiceName</code> (string, Immutable, MaxLength: 64). Destination service for the integration (if any).</li> <li><code>externalAWSCloudwatchMetrics</code> (object). External AWS CloudWatch Metrics integration Logs configuration values. See below for nested schema.</li> <li><code>kafkaConnect</code> (object). Kafka Connect service configuration values. See below for nested schema.</li> <li><code>kafkaLogs</code> (object). Kafka logs configuration values. See below for nested schema.</li> <li><code>kafkaMirrormaker</code> (object). Kafka MirrorMaker configuration values. See below for nested schema.</li> <li><code>logs</code> (object). Logs configuration values. See below for nested schema.</li> <li><code>metrics</code> (object). Metrics configuration values. See below for nested schema.</li> <li><code>sourceEndpointID</code> (string, Immutable, MaxLength: 36). Source endpoint for the integration (if any).</li> <li><code>sourceProjectName</code> (string, Immutable, MaxLength: 63). Source project for the integration (if any).</li> <li><code>sourceServiceName</code> (string, Immutable, MaxLength: 64). Source service for the integration (if any).</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.clickhouseKafka","title":"clickhouseKafka","text":"<p>Appears on <code>spec</code>.</p> <p>Clickhouse Kafka configuration values.</p> <p>Required</p> <ul> <li><code>tables</code> (array of objects, MaxItems: 100). Tables to create. See below for nested schema.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.clickhouseKafka.tables","title":"tables","text":"<p>Appears on <code>spec.clickhouseKafka</code>.</p> <p>Tables to create.</p> <p>Required</p> <ul> <li><code>columns</code> (array of objects, MaxItems: 100). Table columns. See below for nested schema.</li> <li><code>data_format</code> (string, Enum: <code>Avro</code>, <code>CSV</code>, <code>JSONAsString</code>, <code>JSONCompactEachRow</code>, <code>JSONCompactStringsEachRow</code>, <code>JSONEachRow</code>, <code>JSONStringsEachRow</code>, <code>MsgPack</code>, <code>TSKV</code>, <code>TSV</code>, <code>TabSeparated</code>, <code>RawBLOB</code>, <code>AvroConfluent</code>). Message data format.</li> <li><code>group_name</code> (string, MinLength: 1, MaxLength: 249). Kafka consumers group.</li> <li><code>name</code> (string, MinLength: 1, MaxLength: 40). Name of the table.</li> <li><code>topics</code> (array of objects, MaxItems: 100). Kafka topics. See below for nested schema.</li> </ul> <p>Optional</p> <ul> <li><code>auto_offset_reset</code> (string, Enum: <code>smallest</code>, <code>earliest</code>, <code>beginning</code>, <code>largest</code>, <code>latest</code>, <code>end</code>). Action to take when there is no initial offset in offset store or the desired offset is out of range.</li> <li><code>date_time_input_format</code> (string, Enum: <code>basic</code>, <code>best_effort</code>, <code>best_effort_us</code>). Method to read DateTime from text input formats.</li> <li><code>handle_error_mode</code> (string, Enum: <code>default</code>, <code>stream</code>). How to handle errors for Kafka engine.</li> <li><code>max_block_size</code> (integer, Minimum: 0, Maximum: 1000000000). Number of row collected by poll(s) for flushing data from Kafka.</li> <li><code>max_rows_per_message</code> (integer, Minimum: 1, Maximum: 1000000000). The maximum number of rows produced in one kafka message for row-based formats.</li> <li><code>num_consumers</code> (integer, Minimum: 1, Maximum: 10). The number of consumers per table per replica.</li> <li><code>poll_max_batch_size</code> (integer, Minimum: 0, Maximum: 1000000000). Maximum amount of messages to be polled in a single Kafka poll.</li> <li><code>skip_broken_messages</code> (integer, Minimum: 0, Maximum: 1000000000). Skip at least this number of broken messages from Kafka topic per block.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.clickhouseKafka.tables.columns","title":"columns","text":"<p>Appears on <code>spec.clickhouseKafka.tables</code>.</p> <p>Table columns.</p> <p>Required</p> <ul> <li><code>name</code> (string, MinLength: 1, MaxLength: 40). Column name.</li> <li><code>type</code> (string, MinLength: 1, MaxLength: 1000). Column type.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.clickhouseKafka.tables.topics","title":"topics","text":"<p>Appears on <code>spec.clickhouseKafka.tables</code>.</p> <p>Kafka topics.</p> <p>Required</p> <ul> <li><code>name</code> (string, MinLength: 1, MaxLength: 249). Name of the topic.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.clickhousePostgresql","title":"clickhousePostgresql","text":"<p>Appears on <code>spec</code>.</p> <p>Clickhouse PostgreSQL configuration values.</p> <p>Required</p> <ul> <li><code>databases</code> (array of objects, MaxItems: 10). Databases to expose. See below for nested schema.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.clickhousePostgresql.databases","title":"databases","text":"<p>Appears on <code>spec.clickhousePostgresql</code>.</p> <p>Databases to expose.</p> <p>Optional</p> <ul> <li><code>database</code> (string, MinLength: 1, MaxLength: 63). PostgreSQL database to expose.</li> <li><code>schema</code> (string, MinLength: 1, MaxLength: 63). PostgreSQL schema to expose.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.datadog","title":"datadog","text":"<p>Appears on <code>spec</code>.</p> <p>Datadog specific user configuration options.</p> <p>Optional</p> <ul> <li><code>datadog_dbm_enabled</code> (boolean). Enable Datadog Database Monitoring.</li> <li><code>datadog_tags</code> (array of objects, MaxItems: 32). Custom tags provided by user. See below for nested schema.</li> <li><code>exclude_consumer_groups</code> (array of strings, MaxItems: 1024). List of custom metrics.</li> <li><code>exclude_topics</code> (array of strings, MaxItems: 1024). List of topics to exclude.</li> <li><code>include_consumer_groups</code> (array of strings, MaxItems: 1024). List of custom metrics.</li> <li><code>include_topics</code> (array of strings, MaxItems: 1024). List of topics to include.</li> <li><code>kafka_custom_metrics</code> (array of strings, MaxItems: 1024). List of custom metrics.</li> <li><code>max_jmx_metrics</code> (integer, Minimum: 10, Maximum: 100000). Maximum number of JMX metrics to send.</li> <li><code>opensearch</code> (object). Datadog Opensearch Options. See below for nested schema.</li> <li><code>redis</code> (object). Datadog Redis Options. See below for nested schema.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.datadog.datadog_tags","title":"datadog_tags","text":"<p>Appears on <code>spec.datadog</code>.</p> <p>Custom tags provided by user.</p> <p>Required</p> <ul> <li><code>tag</code> (string, MinLength: 1, MaxLength: 200). Tag format and usage are described here: https://docs.datadoghq.com/getting_started/tagging. Tags with prefix <code>aiven-</code> are reserved for Aiven.</li> </ul> <p>Optional</p> <ul> <li><code>comment</code> (string, MaxLength: 1024). Optional tag explanation.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.datadog.opensearch","title":"opensearch","text":"<p>Appears on <code>spec.datadog</code>.</p> <p>Datadog Opensearch Options.</p> <p>Optional</p> <ul> <li><code>index_stats_enabled</code> (boolean). Enable Datadog Opensearch Index Monitoring.</li> <li><code>pending_task_stats_enabled</code> (boolean). Enable Datadog Opensearch Pending Task Monitoring.</li> <li><code>pshard_stats_enabled</code> (boolean). Enable Datadog Opensearch Primary Shard Monitoring.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.datadog.redis","title":"redis","text":"<p>Appears on <code>spec.datadog</code>.</p> <p>Datadog Redis Options.</p> <p>Required</p> <ul> <li><code>command_stats_enabled</code> (boolean). Enable command_stats option in the agent's configuration.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.externalAWSCloudwatchMetrics","title":"externalAWSCloudwatchMetrics","text":"<p>Appears on <code>spec</code>.</p> <p>External AWS CloudWatch Metrics integration Logs configuration values.</p> <p>Optional</p> <ul> <li><code>dropped_metrics</code> (array of objects, MaxItems: 1024). Metrics to not send to AWS CloudWatch (takes precedence over extra_metrics). See below for nested schema.</li> <li><code>extra_metrics</code> (array of objects, MaxItems: 1024). Metrics to allow through to AWS CloudWatch (in addition to default metrics). See below for nested schema.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.externalAWSCloudwatchMetrics.dropped_metrics","title":"dropped_metrics","text":"<p>Appears on <code>spec.externalAWSCloudwatchMetrics</code>.</p> <p>Metrics to not send to AWS CloudWatch (takes precedence over extra_metrics).</p> <p>Required</p> <ul> <li><code>field</code> (string, MaxLength: 1000). Identifier of a value in the metric.</li> <li><code>metric</code> (string, MaxLength: 1000). Identifier of the metric.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.externalAWSCloudwatchMetrics.extra_metrics","title":"extra_metrics","text":"<p>Appears on <code>spec.externalAWSCloudwatchMetrics</code>.</p> <p>Metrics to allow through to AWS CloudWatch (in addition to default metrics).</p> <p>Required</p> <ul> <li><code>field</code> (string, MaxLength: 1000). Identifier of a value in the metric.</li> <li><code>metric</code> (string, MaxLength: 1000). Identifier of the metric.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.kafkaConnect","title":"kafkaConnect","text":"<p>Appears on <code>spec</code>.</p> <p>Kafka Connect service configuration values.</p> <p>Required</p> <ul> <li><code>kafka_connect</code> (object). Kafka Connect service configuration values. See below for nested schema.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.kafkaConnect.kafka_connect","title":"kafka_connect","text":"<p>Appears on <code>spec.kafkaConnect</code>.</p> <p>Kafka Connect service configuration values.</p> <p>Optional</p> <ul> <li><code>config_storage_topic</code> (string, MaxLength: 249). The name of the topic where connector and task configuration data are stored.This must be the same for all workers with the same group_id.</li> <li><code>group_id</code> (string, MaxLength: 249). A unique string that identifies the Connect cluster group this worker belongs to.</li> <li><code>offset_storage_topic</code> (string, MaxLength: 249). The name of the topic where connector and task configuration offsets are stored.This must be the same for all workers with the same group_id.</li> <li><code>status_storage_topic</code> (string, MaxLength: 249). The name of the topic where connector and task configuration status updates are stored.This must be the same for all workers with the same group_id.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.kafkaLogs","title":"kafkaLogs","text":"<p>Appears on <code>spec</code>.</p> <p>Kafka logs configuration values.</p> <p>Required</p> <ul> <li><code>kafka_topic</code> (string, MinLength: 1, MaxLength: 249). Topic name.</li> </ul> <p>Optional</p> <ul> <li><code>selected_log_fields</code> (array of strings, MaxItems: 5). The list of logging fields that will be sent to the integration logging service. The MESSAGE and timestamp fields are always sent.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.kafkaMirrormaker","title":"kafkaMirrormaker","text":"<p>Appears on <code>spec</code>.</p> <p>Kafka MirrorMaker configuration values.</p> <p>Optional</p> <ul> <li><code>cluster_alias</code> (string, Pattern: <code>^[a-zA-Z0-9_.-]+$</code>, MaxLength: 128). The alias under which the Kafka cluster is known to MirrorMaker. Can contain the following symbols: ASCII alphanumerics, <code>.</code>, <code>_</code>, and <code>-</code>.</li> <li><code>kafka_mirrormaker</code> (object). Kafka MirrorMaker configuration values. See below for nested schema.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.kafkaMirrormaker.kafka_mirrormaker","title":"kafka_mirrormaker","text":"<p>Appears on <code>spec.kafkaMirrormaker</code>.</p> <p>Kafka MirrorMaker configuration values.</p> <p>Optional</p> <ul> <li><code>consumer_fetch_min_bytes</code> (integer, Minimum: 1, Maximum: 5242880). The minimum amount of data the server should return for a fetch request.</li> <li><code>producer_batch_size</code> (integer, Minimum: 0, Maximum: 5242880). The batch size in bytes producer will attempt to collect before publishing to broker.</li> <li><code>producer_buffer_memory</code> (integer, Minimum: 5242880, Maximum: 134217728). The amount of bytes producer can use for buffering data before publishing to broker.</li> <li><code>producer_compression_type</code> (string, Enum: <code>gzip</code>, <code>snappy</code>, <code>lz4</code>, <code>zstd</code>, <code>none</code>). Specify the default compression type for producers. This configuration accepts the standard compression codecs (<code>gzip</code>, <code>snappy</code>, <code>lz4</code>, <code>zstd</code>). It additionally accepts <code>none</code> which is the default and equivalent to no compression.</li> <li><code>producer_linger_ms</code> (integer, Minimum: 0, Maximum: 5000). The linger time (ms) for waiting new data to arrive for publishing.</li> <li><code>producer_max_request_size</code> (integer, Minimum: 0, Maximum: 268435456). The maximum request size in bytes.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.logs","title":"logs","text":"<p>Appears on <code>spec</code>.</p> <p>Logs configuration values.</p> <p>Optional</p> <ul> <li><code>elasticsearch_index_days_max</code> (integer, Minimum: 1, Maximum: 10000). Elasticsearch index retention limit.</li> <li><code>elasticsearch_index_prefix</code> (string, MinLength: 1, MaxLength: 1024). Elasticsearch index prefix.</li> <li><code>selected_log_fields</code> (array of strings, MaxItems: 5). The list of logging fields that will be sent to the integration logging service. The MESSAGE and timestamp fields are always sent.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.metrics","title":"metrics","text":"<p>Appears on <code>spec</code>.</p> <p>Metrics configuration values.</p> <p>Optional</p> <ul> <li><code>database</code> (string, Pattern: <code>^[_A-Za-z0-9][-_A-Za-z0-9]{0,39}$</code>, MaxLength: 40). Name of the database where to store metric datapoints. Only affects PostgreSQL destinations. Defaults to <code>metrics</code>. Note that this must be the same for all metrics integrations that write data to the same PostgreSQL service.</li> <li><code>retention_days</code> (integer, Minimum: 0, Maximum: 10000). Number of days to keep old metrics. Only affects PostgreSQL destinations. Set to 0 for no automatic cleanup. Defaults to 30 days.</li> <li><code>ro_username</code> (string, Pattern: <code>^[_A-Za-z0-9][-._A-Za-z0-9]{0,39}$</code>, MaxLength: 40). Name of a user that can be used to read metrics. This will be used for Grafana integration (if enabled) to prevent Grafana users from making undesired changes. Only affects PostgreSQL destinations. Defaults to <code>metrics_reader</code>. Note that this must be the same for all metrics integrations that write data to the same PostgreSQL service.</li> <li><code>source_mysql</code> (object). Configuration options for metrics where source service is MySQL. See below for nested schema.</li> <li><code>username</code> (string, Pattern: <code>^[_A-Za-z0-9][-._A-Za-z0-9]{0,39}$</code>, MaxLength: 40). Name of the user used to write metrics. Only affects PostgreSQL destinations. Defaults to <code>metrics_writer</code>. Note that this must be the same for all metrics integrations that write data to the same PostgreSQL service.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.metrics.source_mysql","title":"source_mysql","text":"<p>Appears on <code>spec.metrics</code>.</p> <p>Configuration options for metrics where source service is MySQL.</p> <p>Required</p> <ul> <li><code>telegraf</code> (object). Configuration options for Telegraf MySQL input plugin. See below for nested schema.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.metrics.source_mysql.telegraf","title":"telegraf","text":"<p>Appears on <code>spec.metrics.source_mysql</code>.</p> <p>Configuration options for Telegraf MySQL input plugin.</p> <p>Optional</p> <ul> <li><code>gather_event_waits</code> (boolean). Gather metrics from PERFORMANCE_SCHEMA.EVENT_WAITS.</li> <li><code>gather_file_events_stats</code> (boolean). gather metrics from PERFORMANCE_SCHEMA.FILE_SUMMARY_BY_EVENT_NAME.</li> <li><code>gather_index_io_waits</code> (boolean). Gather metrics from PERFORMANCE_SCHEMA.TABLE_IO_WAITS_SUMMARY_BY_INDEX_USAGE.</li> <li><code>gather_info_schema_auto_inc</code> (boolean). Gather auto_increment columns and max values from information schema.</li> <li><code>gather_innodb_metrics</code> (boolean). Gather metrics from INFORMATION_SCHEMA.INNODB_METRICS.</li> <li><code>gather_perf_events_statements</code> (boolean). Gather metrics from PERFORMANCE_SCHEMA.EVENTS_STATEMENTS_SUMMARY_BY_DIGEST.</li> <li><code>gather_process_list</code> (boolean). Gather thread state counts from INFORMATION_SCHEMA.PROCESSLIST.</li> <li><code>gather_slave_status</code> (boolean). Gather metrics from SHOW SLAVE STATUS command output.</li> <li><code>gather_table_io_waits</code> (boolean). Gather metrics from PERFORMANCE_SCHEMA.TABLE_IO_WAITS_SUMMARY_BY_TABLE.</li> <li><code>gather_table_lock_waits</code> (boolean). Gather metrics from PERFORMANCE_SCHEMA.TABLE_LOCK_WAITS.</li> <li><code>gather_table_schema</code> (boolean). Gather metrics from INFORMATION_SCHEMA.TABLES.</li> <li><code>perf_events_statements_digest_text_limit</code> (integer, Minimum: 1, Maximum: 2048). Truncates digest text from perf_events_statements into this many characters.</li> <li><code>perf_events_statements_limit</code> (integer, Minimum: 1, Maximum: 4000). Limits metrics from perf_events_statements.</li> <li><code>perf_events_statements_time_limit</code> (integer, Minimum: 1, Maximum: 2592000). Only include perf_events_statements whose last seen is less than this many seconds.</li> </ul>"},{"location":"api-reference/serviceuser.html","title":"ServiceUser","text":""},{"location":"api-reference/serviceuser.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: ServiceUser\nmetadata:\n  name: my-service-user\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: service-user-secret\n    prefix: MY_SECRET_PREFIX_\n    annotations:\n      foo: bar\n    labels:\n      baz: egg\n\n  project: aiven-project-name\n  serviceName: my-service-name\n</code></pre>"},{"location":"api-reference/serviceuser.html#ServiceUser","title":"ServiceUser","text":"<p>ServiceUser is the Schema for the serviceusers API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>ServiceUser</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). ServiceUserSpec defines the desired state of ServiceUser. See below for nested schema.</li> </ul>"},{"location":"api-reference/serviceuser.html#spec","title":"spec","text":"<p>Appears on <code>ServiceUser</code>.</p> <p>ServiceUserSpec defines the desired state of ServiceUser.</p> <p>Required</p> <ul> <li><code>project</code> (string, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Project to link the user to.</li> <li><code>serviceName</code> (string, MaxLength: 63). Service to link the user to.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>authentication</code> (string, Enum: <code>caching_sha2_password</code>, <code>mysql_native_password</code>). Authentication details.</li> <li><code>connInfoSecretTarget</code> (object). Information regarding secret creation. Exposed keys: <code>SERVICEUSER_HOST</code>, <code>SERVICEUSER_PORT</code>, <code>SERVICEUSER_USERNAME</code>, <code>SERVICEUSER_PASSWORD</code>, <code>SERVICEUSER_CA_CERT</code>, <code>SERVICEUSER_ACCESS_CERT</code>, <code>SERVICEUSER_ACCESS_KEY</code>. See below for nested schema.</li> </ul>"},{"location":"api-reference/serviceuser.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/serviceuser.html#spec.connInfoSecretTarget","title":"connInfoSecretTarget","text":"<p>Appears on <code>spec</code>.</p> <p>Information regarding secret creation. Exposed keys: <code>SERVICEUSER_HOST</code>, <code>SERVICEUSER_PORT</code>, <code>SERVICEUSER_USERNAME</code>, <code>SERVICEUSER_PASSWORD</code>, <code>SERVICEUSER_CA_CERT</code>, <code>SERVICEUSER_ACCESS_CERT</code>, <code>SERVICEUSER_ACCESS_KEY</code>.</p> <p>Required</p> <ul> <li><code>name</code> (string). Name of the secret resource to be created. By default, is equal to the resource name.</li> </ul> <p>Optional</p> <ul> <li><code>annotations</code> (object, AdditionalProperties: string). Annotations added to the secret.</li> <li><code>labels</code> (object, AdditionalProperties: string). Labels added to the secret.</li> <li><code>prefix</code> (string). Prefix for the secret's keys. Added \"as is\" without any transformations. By default, is equal to the kind name in uppercase + underscore, e.g. <code>KAFKA_</code>, <code>REDIS_</code>, etc.</li> </ul>"},{"location":"contributing/index.html","title":"Contributing Guidelines","text":"<p>The Aiven Operator for Kubernetes project accepts contributions via GitHub pull requests. This document outlines the process to help get your contribution accepted.</p> <p>Please see also the Aiven Operator for Kubernetes Developer Guide.</p>"},{"location":"contributing/index.html#support-channels","title":"Support Channels","text":"<p>This project offers support through GitHub issues and can be filed here. Moreover, GitHub issues are used as the primary method for tracking anything to do with the Aiven Operator for Kubernetes project.</p>"},{"location":"contributing/index.html#pull-request-process","title":"Pull Request Process","text":"<ol> <li>Ensure any install or build dependencies are removed before the end of the layer when doing a build.</li> <li>Increase the version numbers in any examples files and the README.md and in corresponding file in he /docs folder to    the new version that this Pull Request would represent. The versioning scheme we use is SemVer.</li> <li>You may merge the Pull Request in once you have the sign-off of two other developers, or if you do not have    permission to do that, you may request the second reviewer to merge it for you.</li> </ol>"},{"location":"contributing/index.html#code-of-conduct","title":"Code of Conduct","text":""},{"location":"contributing/index.html#our-pledge","title":"Our Pledge","text":"<p>In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation.</p>"},{"location":"contributing/index.html#our-standards","title":"Our Standards","text":"<p>Examples of behavior that contributes to creating a positive environment include:</p> <ul> <li>Using welcoming and inclusive language</li> <li>Being respectful of differing viewpoints and experiences</li> <li>Gracefully accepting constructive criticism</li> <li>Focusing on what is best for the community</li> <li>Showing empathy towards other community members</li> </ul> <p>Examples of unacceptable behavior by participants include:</p> <ul> <li>The use of sexualized language or imagery and unwelcome sexual attention or advances</li> <li>Trolling, insulting/derogatory comments, and personal or political attacks</li> <li>Public or private harassment</li> <li>Publishing others' private information, such as a physical or electronic address, without explicit permission</li> <li>Other conduct which could reasonably be considered inappropriate in a professional setting</li> </ul>"},{"location":"contributing/index.html#commit-messages","title":"Commit Messages","text":"<p>This project adheres to the Conventional Commits specification. Please, make sure that your commit messages follow that specification.</p>"},{"location":"contributing/index.html#our-responsibilities","title":"Our Responsibilities","text":"<p>Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior.</p> <p>Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful.</p>"},{"location":"contributing/index.html#scope","title":"Scope","text":"<p>This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers.</p>"},{"location":"contributing/index.html#enforcement","title":"Enforcement","text":"<p>Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at opensource@aiven.io. All complaints will be reviewed and investigated and will result in a response that is deemed necessary and appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately.</p> <p>Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership.</p>"},{"location":"contributing/developer-guide.html","title":"Developer guide","text":""},{"location":"contributing/developer-guide.html#getting-started","title":"Getting Started","text":"<p>You must have a working Go environment and then clone the repository:</p> <pre><code>git clone git@github.com:aiven/aiven-operator.git\ncd aiven-operator\n</code></pre>"},{"location":"contributing/developer-guide.html#resource-generation","title":"Resource generation","text":"<p>Please see this page for more information.</p>"},{"location":"contributing/developer-guide.html#building","title":"Building","text":"<p>The project uses the <code>make</code> build system.</p> <p>Building the operator binary:</p> <pre><code>make build\n</code></pre>"},{"location":"contributing/developer-guide.html#testing","title":"Testing","text":"<p>As of now, we only support integration tests who interact directly with Aiven. To run the tests, you'll need an Aiven account and an Aiven authentication code.</p>"},{"location":"contributing/developer-guide.html#prerequisites","title":"Prerequisites","text":"<p>Please have installed first:</p> <ul> <li>docker/podman</li> <li>helm</li> <li>Aiven CLI (make sure you have logged in)</li> <li>jq</li> <li>kcat</li> <li>base64, note: MACOS version doesn't support <code>-w0</code> flag, some tests may not work properly</li> <li>kind, and existing cluster, e.g.     <pre><code> kind create cluster --image kindest/node:v1.24.0 --wait 5m\n</code></pre></li> </ul> <p>The following commands must be executed with these environment variables (keep them in secret!):</p> <ul> <li><code>AIVEN_TOKEN</code> \u2014 your authentication token </li> <li><code>AIVEN_PROJECT_NAME</code> \u2014 your Aiven project name to run services in</li> </ul> <p>Setup everything:</p> <pre><code>make e2e-setup-kind\n</code></pre> <p>Note</p> <p>Additionally, webhooks can be disabled,  if there are any problems with them.</p> <pre><code>WEBHOOKS_ENABLED=false make e2e-setup-kind\n</code></pre> <p>Run e2e tests (creates real services in <code>AIVEN_PROJECT_NAME</code>):</p> <pre><code>make test-e2e-preinstalled \n</code></pre> <p>When you're done, just drop the cluster:</p> <pre><code>kind delete cluster\n</code></pre>"},{"location":"contributing/developer-guide.html#documentation","title":"Documentation","text":"<p>The documentation is written in markdown and generated by mkdocs and mkdocs-material. </p> <p>To run the documentation live preview:</p> <pre><code>make serve-docs\n</code></pre> <p>And open the <code>http://localhost:8000/aiven-operator/</code> page in your web browser.</p> <p>The documentation API Reference section is generated automatically from the source code during the documentation deployment. To generate it locally, run the following command:</p> <pre><code>make docs\n</code></pre>"},{"location":"contributing/resource-generation.html","title":"Resource generation","text":"<p>Aiven Kubernetes Operator generates service configs code (also known as user configs) and documentation from public service types schema.</p>"},{"location":"contributing/resource-generation.html#flow-overview","title":"Flow overview","text":"<p>When a new schema is issued on the API, a cron job fetches it, parses, patches, and saves in a shared library \u2014 go-api-schemas.</p> <p>When the library is updated,  the GitHub dependabot creates PRs to the dependant repositories,  like Aiven Kubernetes Operator and Aiven Terraform Provider.</p> <p>Then the <code>make generate</code> command is called by GitHub action. And the PR is ready for review.</p> <pre><code>flowchart TB\n    API(Aiven API) &lt;-.-&gt;|polls schema updates| Schema([go-api-schemas])\n    Bot(dependabot) &lt;-.-&gt;|polls updates| Schema \n    Bot--&gt;|pull request|UpdateOP[/\"\u2728 $ make generate \u2728\"/]\n    UpdateOP--&gt;|review| OP([operator repository])</code></pre>"},{"location":"contributing/resource-generation.html#make-generate","title":"make generate","text":"<p>The command runs several generators in a certain sequence. First, the user config generator is called. Then controller-gen cli. Then API reference docs generator and charts generator.</p> <p>Here how it goes in the details:</p> <ol> <li>User config generator creates Go structs (k8s api compatible objects) with docstrings,     validation rules and constraints (immutable, maxLength, etc)</li> <li>controller-gen generates k8s methods,    generates CRDs for those objects,     creates charts for cluster roles and webhooks. </li> <li>Docs generator creates API reference out of CRDs:<ol> <li>it looks for an example file for the given CRD kind in <code>./&lt;api-reference-docs&gt;/example/</code>,    if it finds one, it validates that with the CRD.     Each CRD has an OpenAPI v3 schema as a part of it.     This is also used by Kubernetes itself to validate user input.</li> <li>generates full spec reference out of the schema</li> <li>creates a markdown file with spec and example (if exists)</li> </ol> </li> <li>Charts generator     updates CRDs, webhooks and cluster roles charts,    adds all changes to the changelog </li> </ol> <pre><code>flowchart TB\n    Make[/$ make generate/]--&gt;Generator(userconfig generator&lt;br&gt; creates/updates structs using updated spec)\n    Generator--&gt;|go: KafkaUserConfig struct| K8S(controller-gen&lt;br&gt; adds k8s methods to structs)\n    K8S--&gt;|go files| CRD(controller-gen&lt;br&gt; creates CRDs out of structs)\n    CRD--&gt;|CRD: aiven.io_kafkas.yaml| Docs(docs generator)\n    subgraph API reference generation\n        Docs--&gt;|aiven.io_kafkas.yaml|Reference(creates reference&lt;br&gt; out of CRD)\n        Docs--&gt;|examples/kafka.yaml,&lt;br&gt; aiven.io_kafkas.yaml|Examples(validates example&lt;br&gt; using CRD)\n        Examples--&gt; Markdown(creates docs out of CRDs, adds examples)\n        Reference--&gt;Markdown(kafka.md)\n    end\n    CRD--&gt;|yaml files|Charts(charts generator&lt;br&gt; updates helm charts&lt;br&gt; and the changelog)\n    Charts--&gt;ToRelease(\"Ready to release \ud83c\udf89\")\n    Markdown--&gt;ToRelease</code></pre>"},{"location":"contributing/resource-generation.html#charts-version-bump","title":"Charts version bump","text":"<p>By default, charts generator keeps the current helm chart's version, because it doesn't know semver. You need it to do manually.</p> <p>To do so run the following command with the version of your choice:</p> <pre><code>make version=v1.0.0 charts\n</code></pre>"},{"location":"installation/helm.html","title":"Installing with Helm (recommended)","text":""},{"location":"installation/helm.html#installing","title":"Installing","text":"<p>The Aiven Operator for Kubernetes can be installed via Helm. </p> <p>Before you start, make sure you have the prerequisites.</p> <p>First add the Aiven Helm repository:</p> <pre><code>helm repo add aiven https://aiven.github.io/aiven-charts &amp;&amp; helm repo update\n</code></pre>"},{"location":"installation/helm.html#installing-custom-resource-definitions","title":"Installing Custom Resource Definitions","text":"<pre><code>helm install aiven-operator-crds aiven/aiven-operator-crds\n</code></pre> <p>Verify the installation: <pre><code>kubectl api-resources --api-group=aiven.io\n</code></pre> The output is similar to the following:</p> <pre><code>NAME                  SHORTNAMES   APIVERSION          NAMESPACED   KIND\nconnectionpools                    aiven.io/v1alpha1   true         ConnectionPool\ndatabases                          aiven.io/v1alpha1   true         Database\n... &lt; several omitted lines &gt;\n</code></pre>"},{"location":"installation/helm.html#installing-the-operator","title":"Installing the Operator","text":"<pre><code>helm install aiven-operator aiven/aiven-operator\n</code></pre> <p>Note</p> <p>Installation will fail if webhooks are enabled and the CRDs for the cert-manager are not installed.</p> <p>Verify the installation:  <pre><code>helm status aiven-operator\n</code></pre></p> <p>The output is similar to the following:</p> <pre><code>NAME: aiven-operator\nLAST DEPLOYED: Fri Sep 10 15:23:26 2021\nNAMESPACE: default\nSTATUS: deployed\nREVISION: 1\nTEST SUITE: None\n</code></pre> <p>It is also possible to install the operator without webhooks enabled: <pre><code>helm install aiven-operator aiven/aiven-operator --set webhooks.enabled=false\n</code></pre></p>"},{"location":"installation/helm.html#configuration-options","title":"Configuration Options","text":"<p>Please refer to the values.yaml of the chart.</p>"},{"location":"installation/helm.html#installing-without-full-cluster-administrator-access","title":"Installing without full cluster administrator access","text":"<p>There can be some scenarios where the individual installing the Helm chart does not have the ability to provision cluster-wide resources (e.g. ClusterRoles/ClusterRoleBindings). In this scenario, you can have a cluster administrator manually install the ClusterRole and ClusterRoleBinding the operator requires prior to installing the Helm chart specifying <code>false</code> for the <code>clusterRole.create</code> attribute. </p>"},{"location":"installation/helm.html#uninstalling","title":"Uninstalling","text":"<p>Important</p> <p>Please see this page for more information.</p> <p>Find out the name of your deployment:</p> <pre><code>helm list\n</code></pre> <p>The output has the name of each deployment similar to the following: </p> <pre><code>NAME                NAMESPACE   REVISION    UPDATED                                     STATUS      CHART                       APP VERSION\naiven-operator      default     1           2021-09-09 10:56:14.623700249 +0200 CEST    deployed    aiven-operator-v0.1.0       v0.1.0     \naiven-operator-crds default     1           2021-09-09 10:56:05.736411868 +0200 CEST    deployed    aiven-operator-crds-v0.1.0  v0.1.0\n</code></pre> <p>Remove the CRDs:</p> <pre><code>helm uninstall aiven-operator-crds\n</code></pre> <p>The confirmation message is similar to the following:</p> <pre><code>release \"aiven-operator-crds\" uninstalled\n</code></pre> <p>Remove the operator:</p> <pre><code>helm uninstall aiven-operator\n</code></pre> <p>The confirmation message is similar to the following:</p> <pre><code>release \"aiven-operator\" uninstalled\n</code></pre>"},{"location":"installation/kubectl.html","title":"Installing with kubectl","text":""},{"location":"installation/kubectl.html#installing","title":"Installing","text":"<p>Before you start, make sure you have the prerequisites.</p> <p>All Aiven Operator for Kubernetes components can be installed from one YAML file that is uploaded for every release:</p> <pre><code>kubectl apply -f https://github.com/aiven/aiven-operator/releases/latest/download/deployment.yaml\n</code></pre> <p>By default the Deployment is installed into the <code>aiven-operator-system</code> namespace.</p>"},{"location":"installation/kubectl.html#uninstalling","title":"Uninstalling","text":"<p>Assuming you installed version <code>vX.Y.Z</code> of the operator it can be uninstalled via</p> <pre><code>kubectl delete -f https://github.com/aiven/aiven-operator/releases/download/vX.Y.Z/deployment.yaml\n</code></pre>"},{"location":"installation/prerequisites.html","title":"Prerequisites","text":"<p>The Aiven Operator for Kubernetes supports all major Kubernetes distributions, both locally and in the cloud.</p> <p>Make sure you have the following:</p> <ul> <li>To use the operator, you need admin access to a Kubernetes cluster.</li> <li>For playground usage you can use kind for example.</li> <li>For productive usage Helm is recommended.</li> </ul>"},{"location":"installation/prerequisites.html#cert-manager","title":"Cert Manager","text":"<p>The Aiven Operator for Kubernetes uses <code>cert-manager</code> to configure the service reference of our webhooks.</p> <p>Please follow the installation instructions on their website.</p> <p>Note</p> <p>This is not required in the Helm installation if you select to disable webhooks,  but that is not recommended outside of playground use.  The Aiven Operator for Kubernetes uses webhooks for setting defaults  and enforcing invariants that are expected by the aiven API and will lead to errors if ignored.  In the future webhooks will also be used for conversion and supporting multiple CRD versions.</p>"},{"location":"installation/uninstalling.html","title":"Uninstalling","text":"<p>Danger</p> <p>Uninstalling the Aiven Operator for Kubernetes can remove the resources created in Aiven, possibly resulting in data loss.</p> <p>Depending on your installation, please follow one of:</p> <ul> <li>Helm</li> <li>kubectl</li> </ul>"},{"location":"installation/uninstalling.html#dealing-with-expired-tokens","title":"Dealing with expired tokens","text":"<p>Aiven resources need to have an accompanying secret that contains the token that is used to authorize the manipulation of that resource. If that token expired then you will not be able to delete the custom resource and deletion will also hang until the situation is resolved. The recommended approach to deal with that situation is to patch a valid token into the secret again so that proper cleanup of aiven resources can take place.</p>"},{"location":"installation/uninstalling.html#hanging-deletions","title":"Hanging deletions","text":"<p>To protect the secrets that the operator is using from deletion, it adds the finalizer <code>finalizers.aiven.io/needed-to-delete-services</code> to the secret. This solves a race condition that happens when deleting a namespace, where there is a possibility of the secret getting deleted before the resource that uses it. When the controller is deleted it may not cleanup the finalizers from all secrets. If there is a secret with this finalizer blocking deletion of a namespace, for now please do</p> <pre><code>kubectl patch secret &lt;offending-secret&gt; -p '{\"metadata\":{\"finalizers\":null}}' --type=merge\n</code></pre> <p>to remove the finalizer.</p>"},{"location":"resources/cassandra.html","title":"Cassandra","text":"<p>Aiven for Apache Cassandra\u00ae is a distributed database designed to handle large volumes of writes.</p> <p>Note</p> <p>Before going through this guide, make sure you have a Kubernetes cluster with the operator installed and a Kubernetes Secret with an Aiven authentication token.</p>"},{"location":"resources/cassandra.html#creating-a-cassandra-instance","title":"Creating a Cassandra instance","text":"<p>1. Create a file named <code>cassandra-sample.yaml</code>, and add the following content: </p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: Cassandra\nmetadata:\n  name: cassandra-sample\nspec:\n  # gets the authentication token from the `aiven-token` Secret\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  # outputs the Cassandra connection on the `cassandra-secret` Secret\n  connInfoSecretTarget:\n    name: cassandra-secret\n\n  # add your Project name here\n  project: &lt;your-project-name&gt;\n\n  # cloud provider and plan of your choice\n  # you can check all of the possibilities here https://aiven.io/pricing\n  cloudName: google-europe-west1\n  plan: startup-4\n\n  # general Aiven configuration\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n</code></pre> <p>2. Create the service by applying the configuration:</p> <pre><code>kubectl apply -f cassandra-sample.yaml \n</code></pre> <p>The output is:</p> <pre><code>cassandra.aiven.io/cassandra-sample created\n</code></pre> <p>3. Review the resource you created with this command:</p> <pre><code>kubectl describe cassandra.aiven.io cassandra-sample\n</code></pre> <p>The output is similar to the following:</p> <pre><code>...\nStatus:\n  Conditions:\n    Last Transition Time:  2023-01-31T10:17:25Z\n    Message:               Instance was created or update on Aiven side\n    Reason:                Created\n    Status:                True\n    Type:                  Initialized\n    Last Transition Time:  2023-01-31T10:24:00Z\n    Message:               Instance is running on Aiven side\n    Reason:                CheckRunning\n    Status:                True\n    Type:                  Running\n  State:                   RUNNING\n...\n</code></pre> <p>The resource can be in the <code>REBUILDING</code> state for a few minutes. Once the state changes to <code>RUNNING</code>, you can access the resource.</p>"},{"location":"resources/cassandra.html#using-the-connection-secret","title":"Using the connection Secret","text":"<p>For your convenience, the operator automatically stores the Cassandra connection information in a Secret created with the name specified on the <code>connInfoSecretTarget</code> field.</p> <p>To view the details of the Secret, use the following command:</p> <pre><code>kubectl describe secret cassandra-secret \n</code></pre> <p>The output is similar to the following:</p> <pre><code>Name:         cassandra-secret\nNamespace:    default\nLabels:       &lt;none&gt;\nAnnotations:  &lt;none&gt;\n\nType:  Opaque\n\nData\n====\nCASSANDRA_HOSTS:     59 bytes\nCASSANDRA_PASSWORD:  24 bytes\nCASSANDRA_PORT:      5 bytes\nCASSANDRA_URI:       66 bytes\nCASSANDRA_USER:      8 bytes\nCASSANDRA_HOST:      60 bytes\n</code></pre> <p>You can use the jq to quickly decode the Secret:</p> <pre><code>kubectl get secret cassandra-secret -o json | jq '.data | map_values(@base64d)'\n</code></pre> <p>The output is similar to the following:</p> <pre><code>{\n  \"CASSANDRA_HOST\": \"&lt;secret&gt;\",\n  \"CASSANDRA_HOSTS\": \"&lt;secret&gt;\",\n  \"CASSANDRA_PASSWORD\": \"&lt;secret&gt;\",\n  \"CASSANDRA_PORT\": \"14609\",\n  \"CASSANDRA_URI\": \"&lt;secret&gt;\",\n  \"CASSANDRA_USER\": \"avnadmin\"\n}\n</code></pre>"},{"location":"resources/cassandra.html#creating-a-cassandra-user","title":"Creating a Cassandra user","text":"<p>You can create service users for your instance of Aiven for Apache Cassandra. Service users are unique to this instance and are not shared with any other services.</p> <p>1. Create a file named cassandra-service-user.yaml:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: ServiceUser\nmetadata:\n  name: cassandra-service-user\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: cassandra-service-user-secret\n\n  project: &lt;your-project-name&gt;\n  serviceName: cassandra-sample\n</code></pre> <p>2. Create the user by applying the configuration:</p> <pre><code>kubectl apply -f cassandra-service-user.yaml\n</code></pre> <p>The <code>ServiceUser</code> resource generates a Secret with connection information. </p> <p>3. View the details of the Secret using the following command:</p> <pre><code>kubectl get secret cassandra-service-user-secret -o json | jq '.data | map_values(@base64d)'\n</code></pre> <p>The output is similar to the following:</p> <pre><code>{\n  \"ACCESS_CERT\": \"&lt;secret&gt;\",\n  \"ACCESS_KEY\": \"&lt;secret&gt;\",\n  \"CA_CERT\": \"&lt;secret&gt;\",\n  \"HOST\": \"&lt;secret&gt;\",\n  \"PASSWORD\": \"&lt;secret&gt;\",\n  \"PORT\": \"14609\",\n  \"USERNAME\": \"cassandra-service-user\"\n}\n</code></pre> <p>You can connect to the Cassandra instance using these credentials and the host information from the <code>cassandra-secret</code> Secret.</p>"},{"location":"resources/mysql.html","title":"MySQL","text":"<p>Aiven for MySQL is a fully managed relational database service, deployable in the cloud of your choice. </p> <p>Before going through this guide, make sure you have a Kubernetes cluster with the operator installed and a Kubernetes Secret with an Aiven authentication token.</p>"},{"location":"resources/mysql.html#creating-a-mysql-instance","title":"Creating a MySQL instance","text":"<p>1. Create a file named <code>mysql-sample.yaml</code>, and add the following content: </p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: MySQL\nmetadata:\n  name: mysql-sample\nspec:\n  # gets the authentication token from the `aiven-token` Secret\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  # outputs the MySQL connection on the `mysql-secret` Secret\n  connInfoSecretTarget:\n    name: mysql-secret\n\n  # add your Project name here\n  project: &lt;your-project-name&gt;\n\n  # cloud provider and plan of your choice\n  # you can check all of the possibilities here https://aiven.io/pricing\n  cloudName: google-europe-west1\n  plan: startup-4\n\n  # general Aiven configuration\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n</code></pre> <p>2. Create the service by applying the configuration:</p> <pre><code>kubectl apply -f mysql-sample.yaml \n</code></pre> <p>3. Review the resource you created with this command:</p> <pre><code>kubectl describe mysql.aiven.io mysql-sample\n</code></pre> <p>The output is similar to the following:</p> <pre><code>...\nStatus:\n  Conditions:\n    Last Transition Time:  2023-02-22T15:43:44Z\n    Message:               Instance was created or update on Aiven side\n    Reason:                Created\n    Status:                True\n    Type:                  Initialized\n    Last Transition Time:  2023-02-22T15:43:44Z\n    Message:               Instance was created or update on Aiven side, status remains unknown\n    Reason:                Created\n    Status:                Unknown\n    Type:                  Running\n  State:                   REBUILDING\n...\n</code></pre> <p>The resource will be in the <code>REBUILDING</code> state for a few minutes. Once the state changes to <code>RUNNING</code>, you can access the resource.</p>"},{"location":"resources/mysql.html#using-the-connection-secret","title":"Using the connection Secret","text":"<p>For your convenience, the operator automatically stores the MySQL connection information in a Secret created with the name specified on the <code>connInfoSecretTarget</code> field.</p> <p>To view the details of the Secret, use the following command:</p> <pre><code>kubectl describe secret mysql-secret \n</code></pre> <p>The output is similar to the following:</p> <pre><code>Name:         mysql-secret\nNamespace:    default\nLabels:       &lt;none&gt;\nAnnotations:  &lt;none&gt;\n\nType:  Opaque\n\nData\n====\nMYSQL_PORT:      5 bytes\nMYSQL_SSL_MODE:  8 bytes\nMYSQL_URI:       115 bytes\nMYSQL_USER:      8 bytes\nMYSQL_DATABASE:  9 bytes\nMYSQL_HOST:      39 bytes\nMYSQL_PASSWORD:  24 bytes\n</code></pre> <p>You can use jq to quickly decode the Secret:</p> <pre><code>kubectl get secret mysql-secret -o json | jq '.data | map_values(@base64d)'\n</code></pre> <p>The output is similar to the following:</p> <pre><code>{\n  \"MYSQL_DATABASE\": \"defaultdb\",\n  \"MYSQL_HOST\": \"&lt;secret&gt;\",\n  \"MYSQL_PASSWORD\": \"&lt;secret&gt;\",\n  \"MYSQL_PORT\": \"12691\",\n  \"MYSQL_SSL_MODE\": \"REQUIRED\",\n  \"MYSQL_URI\": \"&lt;secret&gt;\",\n  \"MYSQL_USER\": \"avnadmin\"\n}\n</code></pre>"},{"location":"resources/mysql.html#creating-a-mysql-user","title":"Creating a MySQL user","text":"<p>You can create service users for your instance of Aiven for MySQL. Service users are unique to this instance and are not shared with any other services.</p> <p>1. Create a file named mysql-service-user.yaml:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: ServiceUser\nmetadata:\n  name: mysql-service-user\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: mysql-service-user-secret\n\n  project: &lt;your-project-name&gt;\n  serviceName: mysql-sample\n</code></pre> <p>2. Create the user by applying the configuration:</p> <pre><code>kubectl apply -f mysql-service-user.yaml\n</code></pre> <p>The <code>ServiceUser</code> resource generates a Secret with connection information. </p> <p>3. View the details of the Secret using jq:</p> <pre><code>kubectl get secret mysql-service-user-secret -o json | jq '.data | map_values(@base64d)'\n</code></pre> <p>The output is similar to the following:</p> <pre><code>{\n  \"ACCESS_CERT\": \"&lt;secret&gt;\",\n  \"ACCESS_KEY\": \"&lt;secret&gt;\",\n  \"CA_CERT\": \"&lt;secret&gt;\",\n  \"HOST\": \"&lt;secret&gt;\",\n  \"PASSWORD\": \"&lt;secret&gt;\",\n  \"PORT\": \"14609\",\n  \"USERNAME\": \"mysql-service-user\"\n}\n</code></pre> <p>You can connect to the MySQL instance using these credentials and the host information from the <code>mysql-secret</code> Secret.</p>"},{"location":"resources/opensearch.html","title":"OpenSearch","text":"<p>OpenSearch\u00ae is an open source search and analytics suite including search engine, NoSQL document database, and visualization interface. OpenSearch offers a distributed, full-text search engine based on Apache Lucene\u00ae with a RESTful API interface and support for JSON documents.</p> <p>Note</p> <p>Before going through this guide, make sure you have a Kubernetes cluster with the operator installed  and a Kubernetes Secret with an Aiven authentication token.</p>"},{"location":"resources/opensearch.html#creating-an-opensearch-instance","title":"Creating an OpenSearch instance","text":"<p>1. Create a file named <code>os-sample.yaml</code>, and add the following content: </p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: OpenSearch\nmetadata:\n  name: os-sample\nspec:\n  # gets the authentication token from the `aiven-token` Secret\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  # outputs the OpenSearch connection on the `os-secret` Secret\n  connInfoSecretTarget:\n    name: os-secret\n\n  # add your Project name here\n  project: &lt;your-project-name&gt;\n\n  # cloud provider and plan of your choice\n  # you can check all of the possibilities here https://aiven.io/pricing\n  cloudName: google-europe-west1\n  plan: startup-4\n\n  # general Aiven configuration\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n</code></pre> <p>2. Create the service by applying the configuration:</p> <pre><code>kubectl apply -f os-sample.yaml \n</code></pre> <p>3. Review the resource you created with this command:</p> <pre><code>kubectl describe opensearch.aiven.io os-sample\n</code></pre> <p>The output is similar to the following:</p> <pre><code>...\nStatus:\n  Conditions:\n    Last Transition Time:  2023-01-19T14:41:43Z\n    Message:               Instance was created or update on Aiven side\n    Reason:                Created\n    Status:                True\n    Type:                  Initialized\n    Last Transition Time:  2023-01-19T14:41:43Z\n    Message:               Instance was created or update on Aiven side, status remains unknown\n    Reason:                Created\n    Status:                Unknown\n    Type:                  Running\n  State:                   REBUILDING\n...\n</code></pre> <p>The resource will be in the <code>REBUILDING</code> state for a few minutes. Once the state changes to <code>RUNNING</code>, you can access the resource.</p>"},{"location":"resources/opensearch.html#using-the-connection-secret","title":"Using the connection Secret","text":"<p>For your convenience, the operator automatically stores the OpenSearch connection information in a Secret created with the name specified on the <code>connInfoSecretTarget</code> field.</p> <p>To view the details of the Secret, use the following command:</p> <pre><code>kubectl describe secret os-secret \n</code></pre> <p>The output is similar to the following:</p> <pre><code>Name:         os-secret\nNamespace:    default\nLabels:       &lt;none&gt;\nAnnotations:  &lt;none&gt;\n\nType:  Opaque\n\nData\n====\nHOST:      61 bytes\nPASSWORD:  24 bytes\nPORT:      5 bytes\nUSER:      8 bytes\n</code></pre> <p>You can use the jq to quickly decode the Secret:</p> <pre><code>kubectl get secret os-secret -o json | jq '.data | map_values(@base64d)'\n</code></pre> <p>The output is similar to the following:</p> <pre><code>{\n  \"HOST\": \"os-sample-your-project.aivencloud.com\",\n  \"PASSWORD\": \"&lt;secret&gt;\",\n  \"PORT\": \"13041\",\n  \"USER\": \"avnadmin\"\n}\n</code></pre>"},{"location":"resources/opensearch.html#creating-an-opensearch-user","title":"Creating an OpenSearch user","text":"<p>You can create service users for your instance of Aiven for OpenSearch. Service users are unique to this instance and are not shared with any other services.</p> <p>1. Create a file named os-service-user.yaml:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: ServiceUser\nmetadata:\n  name: os-service-user\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: os-service-user-secret\n\n  project: &lt;your-project-name&gt;\n  serviceName: os-sample\n</code></pre> <p>2. Create the user by applying the configuration:</p> <pre><code>kubectl apply -f os-service-user.yaml\n</code></pre> <p>The <code>ServiceUser</code> resource generates a Secret with connection information.</p> <p>3. View the details of the Secret using the following command:</p> <pre><code>kubectl get secret os-service-user-secret -o json | jq '.data | map_values(@base64d)'\n</code></pre> <p>The output is similar to the following:</p> <pre><code>{\n  \"ACCESS_CERT\": \"&lt;secret&gt;\",\n  \"ACCESS_KEY\": \"&lt;secret&gt;\",\n  \"CA_CERT\": \"&lt;secret&gt;\",\n  \"HOST\": \"os-sample-your-project.aivencloud.com\",\n  \"PASSWORD\": \"&lt;secret&gt;\",\n  \"PORT\": \"14609\",\n  \"USERNAME\": \"os-service-user\"\n}\n</code></pre> <p>You can connect to the OpenSearch instance using these credentials and the host information from the <code>os-secret</code> Secret.</p>"},{"location":"resources/postgresql.html","title":"PostgreSQL","text":"<p>PostgreSQL is an open source, relational database. It's ideal for organisations that need a well organised tabular datastore. On top of the strict table and columns formats, PostgreSQL also offers solutions for nested datasets with the native <code>jsonb</code> format and advanced set of extensions including PostGIS, a spatial database extender for location queries. Aiven for PostgreSQL is the perfect fit for your relational data.</p> <p>With Aiven Kubernetes Operator, you can manage Aiven for PostgreSQL through the well defined Kubernetes API.</p> <p>Note</p> <p>Before going through this guide, make sure you have a Kubernetes cluster with the operator installed,  and a Kubernetes Secret with an Aiven authentication token.</p>"},{"location":"resources/postgresql.html#creating-a-postgresql-instance","title":"Creating a PostgreSQL instance","text":"<p>1. Create a file named <code>pg-sample.yaml</code> with the following content:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: PostgreSQL\nmetadata:\n  name: pg-sample\nspec:\n\n  # gets the authentication token from the `aiven-token` Secret\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  # outputs the PostgreSQL connection on the `pg-connection` Secret\n  connInfoSecretTarget:\n    name: pg-connection\n\n  # add your Project name here\n  project: &lt;your-project-name&gt;\n\n  # cloud provider and plan of your choice\n  # you can check all of the possibilities here https://aiven.io/pricing\n  cloudName: google-europe-west1\n  plan: startup-4\n\n  # general Aiven configuration\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n\n  # specific PostgreSQL configuration\n  userConfig:\n    pg_version: '11'\n</code></pre> <p>2. Create the service by applying the configuration:</p> <pre><code>kubectl apply -f pg-sample.yaml\n</code></pre> <p>3. Review the resource you created with the following command:</p> <pre><code>kubectl get postgresqls.aiven.io pg-sample\n</code></pre> <p>The output is similar to the following:</p> <pre><code>NAME        PROJECT        REGION                PLAN        STATE\npg-sample   your-project   google-europe-west1   startup-4   RUNNING\n</code></pre> <p>The resource can stay in the <code>BUILDING</code> state for a couple of minutes. Once the state changes to <code>RUNNING</code>, you are ready to access it.</p>"},{"location":"resources/postgresql.html#using-the-connection-secret","title":"Using the connection Secret","text":"<p>For your convenience, the operator automatically stores the PostgreSQL connection information in a Secret created with the name specified on the <code>connInfoSecretTarget</code> field.</p> <pre><code>kubectl describe secret pg-connection\n</code></pre> <p>The output is similar to the following:</p> <pre><code>Name:         pg-connection\nNamespace:    default\nAnnotations:  &lt;none&gt;\n\nType:  Opaque\n\nData\n====\nDATABASE_URI:  107 bytes\nPGDATABASE:    9 bytes\nPGHOST:        38 bytes\nPGPASSWORD:    16 bytes\nPGPORT:        5 bytes\nPGSSLMODE:     7 bytes\nPGUSER:        8 bytes\n</code></pre> <p>You can use the jq to quickly decode the Secret:</p> <pre><code>kubectl get secret pg-connection -o json | jq '.data | map_values(@base64d)'\n</code></pre> <p>The output is similar to the following:</p> <pre><code>{\n  \"DATABASE_URI\": \"postgres://avnadmin:&lt;secret-password&gt;@pg-sample-your-project.aivencloud.com:13039/defaultdb?sslmode=require\",\n  \"PGDATABASE\": \"defaultdb\",\n  \"PGHOST\": \"pg-sample-your-project.aivencloud.com\",\n  \"PGPASSWORD\": \"&lt;secret-password&gt;\",\n  \"PGPORT\": \"13039\",\n  \"PGSSLMODE\": \"require\",\n  \"PGUSER\": \"avnadmin\"\n}\n</code></pre>"},{"location":"resources/postgresql.html#testing-the-connection","title":"Testing the connection","text":"<p>You can verify your PostgreSQL connection from a Kubernetes workload by deploying a Pod that runs the <code>psql</code> command.</p> <p>1. Create a file named <code>pod-psql.yaml</code></p> <pre><code>apiVersion: v1\nkind: Pod\nmetadata:\n  name: psql-test-connection\nspec:\n  restartPolicy: Never\n  containers:\n    - image: postgres:11-alpine\n      name: postgres\n      command: [ 'psql', '$(DATABASE_URI)', '-c', 'SELECT version();' ]\n\n      # the pg-connection Secret becomes environment variables \n      envFrom:\n        - secretRef:\n            name: pg-connection\n</code></pre> <p>It runs once and stops, due to the <code>restartPolicy: Never</code> flag.</p> <p>2. Inspect the log:</p> <pre><code>kubectl logs psql-test-connection\n</code></pre> <p>The output is similar to the following: <pre><code>                                           version                                           \n---------------------------------------------------------------------------------------------\n PostgreSQL 11.12 on x86_64-pc-linux-gnu, compiled by gcc, a 68c5366192 p 6b9244f01a, 64-bit\n(1 row)\n</code></pre></p> <p>You have now connected to the PostgreSQL, and executed the <code>SELECT version();</code> query.</p>"},{"location":"resources/postgresql.html#creating-a-postgresql-database","title":"Creating a PostgreSQL database","text":"<p>The <code>Database</code> Kubernetes resource allows you to create a logical database within the PostgreSQL instance.</p> <p>Create the <code>pg-database-sample.yaml</code> file with the following content:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: Database\nmetadata:\n  name: pg-database-sample\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  # the name of the previously created PostgreSQL instance\n  serviceName: pg-sample\n\n  project: &lt;your-project-name&gt;\n  lcCollate: en_US.UTF-8\n  lcCtype: en_US.UTF-8\n</code></pre> <p>You can now connect to the <code>pg-database-sample</code> using the credentials stored in the <code>pg-connection</code> Secret.</p>"},{"location":"resources/postgresql.html#creating-a-postgresql-user","title":"Creating a PostgreSQL user","text":"<p>Aiven uses the concept of service user that allows you to create users for different services. You can create one for the PostgreSQL instance.</p> <p>1. Create a file named <code>pg-service-user.yaml</code>.</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: ServiceUser\nmetadata:\n  name: pg-service-user\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: pg-service-user-connection\n\n  project: &lt;your-project-name&gt;\n  serviceName: pg-sample\n</code></pre> <p>2. Apply the configuration with the following command.</p> <pre><code>kubectl apply -f pg-service-user.yaml\n</code></pre> <p>The <code>ServiceUser</code> resource generates a Secret with connection information, in this case named <code>pg-service-user-connection</code>:</p> <pre><code>kubectl get secret pg-service-user-connection -o json | jq '.data | map_values(@base64d)'\n</code></pre> <p>The output has the password and username: <pre><code>{\n  \"PASSWORD\": \"&lt;secret-password&gt;\",\n  \"USERNAME\": \"pg-service-user\"\n}\n</code></pre></p> <p>You can now connect to the PostgreSQL instance using the credentials generated above, and the host information from the <code>pg-connection</code> Secret.</p>"},{"location":"resources/postgresql.html#creating-a-postgresql-connection-pool","title":"Creating a PostgreSQL connection pool","text":"<p>Connection pooling allows you to maintain very large numbers of connections to a database while minimizing the consumption of server resources. For more information, refer to the connection pooling article in Aiven Docs. Aiven for PostgreSQL uses PGBouncer for connection pooling.</p> <p>You can create a connection pool with the <code>ConnectionPool</code> resource using the previously created <code>Database</code> and <code>ServiceUser</code>:</p> <p>Create a new file named <code>pg-connection-pool.yaml</code> with the following content:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: ConnectionPool\nmetadata:\n  name: pg-connection-pool\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: pg-connection-pool-connection\n\n  project: &lt;your-project-name&gt;\n  serviceName: pg-sample\n  databaseName: pg-database-sample\n  username: pg-service-user\n  poolSize: 10\n  poolMode: transaction\n</code></pre> <p>The <code>ConnectionPool</code> generates a Secret with the connection info using the name from the <code>connInfoSecretTarget.Name</code> field:</p> <p><pre><code>kubectl get secret pg-connection-pool-connection -o json | jq '.data | map_values(@base64d)' \n</code></pre> The output is similar to the following: </p> <pre><code>{\n  \"DATABASE_URI\": \"postgres://pg-service-user:&lt;secret-password&gt;@pg-sample-you-project.aivencloud.com:13040/pg-connection-pool?sslmode=require\",\n  \"PGDATABASE\": \"pg-database-sample\",\n  \"PGHOST\": \"pg-sample-your-project.aivencloud.com\",\n  \"PGPASSWORD\": \"&lt;secret-password&gt;\",\n  \"PGPORT\": \"13040\",\n  \"PGSSLMODE\": \"require\",\n  \"PGUSER\": \"pg-service-user\"\n}\n</code></pre>"},{"location":"resources/postgresql.html#creating-a-postgresql-read-only-replica","title":"Creating a PostgreSQL read-only replica","text":"<p>Read-only replicas can be used to reduce the load on the primary service by making read-only queries against the replica service. </p> <p>To create a read-only replica for a PostgreSQL service, you create a second PostgreSQL service and use serviceIntegrations to replicate data from your primary service.</p> <p>The example that follows creates a primary service and a read-only replica.</p> <p>1. Create a new file named <code>pg-read-replica.yaml</code> with the following:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: PostgreSQL\nmetadata:\n  name: primary-pg-service\nspec:\n  # gets the authentication token from the `aiven-token` Secret\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  # add your project's name here\n  project: &lt;your-project-name&gt;\n\n  # add the cloud provider and plan of your choice\n  # you can see all of the options at https://aiven.io/pricing\n  cloudName: google-europe-west1\n  plan: startup-4\n\n  # general Aiven configuration\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n  userConfig:\n    pg_version: '15'\n\n---\n\napiVersion: aiven.io/v1alpha1\nkind: PostgreSQL\nmetadata:\n  name: read-replica-pg\nspec:\n  # gets the authentication token from the `aiven-token` Secret\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  # add your project's name here\n  project: &lt;your-project-name&gt;\n\n  # add the cloud provider and plan of your choice\n  # you can see all of the options at https://aiven.io/pricing\n  cloudName: google-europe-west1\n  plan: startup-4\n\n  # general Aiven configuration\n  maintenanceWindowDow: saturday\n  maintenanceWindowTime: 23:00:00\n  userConfig:\n    pg_version: '15'\n\n  # use the read_replica integration and point it to your primary service\n  serviceIntegrations:\n  -  integrationType: read_replica\n     sourceServiceName: primary-pg-service\n</code></pre> <p>Note</p> <p>You can create the replica service in a different region or on a different cloud provider.</p> <p>2. Apply the configuration with the following command:</p> <pre><code>kubectl apply -f pg-read-replica.yaml\n</code></pre> <p>The output is similar to the following:</p> <pre><code>postgresql.aiven.io/primary-pg-service created\npostgresql.aiven.io/read-replica-pg created\n</code></pre> <p>3. Check the status of the primary service with the following command:</p> <pre><code>kubectl get postgresqls.aiven.io primary-pg-service\n</code></pre> <p>The output is similar to the following:</p> <pre><code>NAME                    PROJECT                 REGION                PLAN        STATE\nprimary-pg-service      &lt;your-project-name&gt;     google-europe-west1   startup-4   RUNNING\n</code></pre> <p>The resource can be in the <code>BUILDING</code> state for a few minutes. After the state of the primary service changes to <code>RUNNING</code>, the read-only replica is created. You can check the status of the replica using the same command with the name of the replica:</p> <pre><code>kubectl get postgresqls.aiven.io read-replica-pg\n</code></pre>"},{"location":"resources/project-vpc.html","title":"Aiven Project VPC","text":"<p>Virtual Private Cloud (VPC) peering is a method of connecting separate AWS, Google Cloud or Microsoft Azure private networks to each other. It makes it possible for the virtual machines in the different VPCs to talk to each other directly without going through the public internet.</p> <p>Within the Aiven Kubernetes Operator, you can create a <code>ProjectVPC</code> on Aiven's side to connect to your cloud provider.</p> <p>Note</p> <p>Before going through this guide, make sure you have a Kubernetes cluster with the operator installed,  and a Kubernetes Secret with an Aiven authentication token.</p>"},{"location":"resources/project-vpc.html#creating-an-aiven-vpc","title":"Creating an Aiven VPC","text":"<p>1. Create a file named <code>vpc-sample.yaml</code> with the following content:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: ProjectVPC\nmetadata:\n  name: vpc-sample\nspec:\n  # gets the authentication token from the `aiven-token` Secret\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: &lt;your-project-name&gt;\n\n  # creates a VPC to link an AWS account on the South Africa region\n  cloudName: aws-af-south-1\n\n  # the network range used by the VPC\n  networkCidr: 192.168.0.0/24\n</code></pre> <p>2. Create the Project by applying the configuration:</p> <pre><code>kubectl apply -f vpc-sample.yaml\n</code></pre> <p>3. Review the resource you created with the following command:</p> <pre><code>kubectl get projects.aiven.io vpc-sample\n</code></pre> <p>The output is similar to the following:</p> <pre><code>NAME         PROJECT          CLOUD            NETWORK CIDR\nvpc-sample   &lt;your-project&gt;   aws-af-south-1   192.168.0.0/24\n</code></pre>"},{"location":"resources/project-vpc.html#using-the-aiven-vpc","title":"Using the Aiven VPC","text":"<p>Follow the official VPC documentation to complete the VPC peering on your cloud of choice.</p>"},{"location":"resources/project.html","title":"Aiven Project","text":"<p>Note</p> <p>Before going through this guide, make sure you have a Kubernetes cluster with the operator installed  and a Kubernetes Secret with an Aiven authentication token.</p> <p>The <code>Project</code> CRD allows you to create Aiven Projects, where your resources can be located.</p> <p>To create a fully working Aiven Project with the Aiven Operator you need a source Aiven Project already created with a working billing configuration, like a credit card.</p> <p>Create a file named <code>project-sample.yaml</code> with the following content: <pre><code>apiVersion: aiven.io/v1alpha1\nkind: Project\nmetadata:\n  name: project-sample\nspec:\n  # the source Project to copy the billing information from\n  copyFromProject: &lt;your-source-project&gt;\n\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: project-sample\n</code></pre></p> <p>Apply the resource with: <pre><code>kubectl apply -f project-sample.yaml\n</code></pre></p> <p>Verify the newly created Project:</p> <pre><code>kubectl get projects.aiven.io project-sample\n</code></pre> <p>The output is similar to the following:</p> <pre><code>NAME             AGE\nproject-sample   22s\n</code></pre>"},{"location":"resources/redis.html","title":"Redis","text":"<p>Aiven for Redis\u00ae* is a fully managed in-memory NoSQL database that you can deploy in the cloud of your choice to store and access data quickly and efficiently.</p> <p>Note</p> <p>Before going through this guide, make sure you have a Kubernetes cluster with the operator installed  and a Kubernetes Secret with an Aiven authentication token.</p>"},{"location":"resources/redis.html#creating-a-redis-instance","title":"Creating a Redis instance","text":"<p>1. Create a file named <code>redis-sample.yaml</code>, and add the following content: </p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: Redis\nmetadata:\n  name: redis-sample\nspec:\n  # gets the authentication token from the `aiven-token` Secret\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  # outputs the Redis connection on the `redis-secret` Secret\n  connInfoSecretTarget:\n    name: redis-secret\n\n  # add your Project name here\n  project: &lt;your-project-name&gt;\n\n  # cloud provider and plan of your choice\n  # you can check all of the possibilities here https://aiven.io/pricing\n  cloudName: google-europe-west1\n  plan: startup-4\n\n  # general Aiven configuration\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n\n  # specific Redis configuration\n  userConfig:\n    redis_maxmemory_policy: \"allkeys-random\"\n</code></pre> <p>2. Create the service by applying the configuration:</p> <pre><code>kubectl apply -f redis-sample.yaml \n</code></pre> <p>3. Review the resource you created with this command:</p> <pre><code>kubectl describe redis.aiven.io redis-sample\n</code></pre> <p>The output is similar to the following:</p> <pre><code>...\nStatus:\n  Conditions:\n    Last Transition Time:  2023-01-19T14:48:59Z\n    Message:               Instance was created or update on Aiven side\n    Reason:                Created\n    Status:                True\n    Type:                  Initialized\n    Last Transition Time:  2023-01-19T14:48:59Z\n    Message:               Instance was created or update on Aiven side, status remains unknown\n    Reason:                Created\n    Status:                Unknown\n    Type:                  Running\n  State:                   REBUILDING\n...\n</code></pre> <p>The resource will be in the <code>REBUILDING</code> state for a few minutes. Once the state changes to <code>RUNNING</code>, you can access the resource.</p>"},{"location":"resources/redis.html#using-the-connection-secret","title":"Using the connection Secret","text":"<p>For your convenience, the operator automatically stores the Redis connection information in a Secret created with the name specified on the <code>connInfoSecretTarget</code> field.</p> <p>To view the details of the Secret, use the following command:</p> <pre><code>kubectl describe secret redis-secret \n</code></pre> <p>The output is similar to the following:</p> <pre><code>Name:         redis-secret\nNamespace:    default\nLabels:       &lt;none&gt;\nAnnotations:  &lt;none&gt;\n\nType:  Opaque\n\nData\n====\nSSL:       8 bytes\nUSER:      7 bytes\nHOST:      60 bytes\nPASSWORD:  24 bytes\nPORT:      5 bytes\n</code></pre> <p>You can use the jq to quickly decode the Secret:</p> <pre><code>kubectl get secret redis-secret -o json | jq '.data | map_values(@base64d)'\n</code></pre> <p>The output is similar to the following:</p> <pre><code>{\n  \"HOST\": \"redis-sample-your-project.aivencloud.com\",\n  \"PASSWORD\": \"&lt;secret-password&gt;\",\n  \"PORT\": \"14610\",\n  \"SSL\": \"required\",\n  \"USER\": \"default\"\n}\n</code></pre>"},{"location":"resources/service-integrations.html","title":"Service Integrations","text":"<p>Service Integrations provide additional functionality and features by connecting different Aiven services together.</p> <p>See our Getting Started with Service Integrations guide for more information.</p> <p>Note</p> <p>Before going through this guide, make sure you have a Kubernetes cluster with the operator installed,  and a Kubernetes Secret with an Aiven authentication token.</p>"},{"location":"resources/service-integrations.html#send-kafka-logs-to-a-kafka-topic","title":"Send Kafka logs to a Kafka Topic","text":"<p>This integration allows you to send Kafka service logs to a specific Kafka Topic.</p> <p>First, let's create a Kafka service and a topic.</p> <p>1. Create a new file named <code>kafka-sample-topic.yaml</code> with the following content:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: Kafka\nmetadata:\n  name: kafka-sample\nspec:\n  # gets the authentication token from the `aiven-token` Secret\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  # outputs the Kafka connection on the `kafka-connection` Secret\n  connInfoSecretTarget:\n    name: kafka-auth\n\n  # add your Project name here\n  project: &lt;your-project-name&gt;\n\n  # cloud provider and plan of your choice\n  # you can check all of the possibilities here https://aiven.io/pricing\n  cloudName: google-europe-west1\n  plan: startup-2\n\n  # general Aiven configuration\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n\n  # specific Kafka configuration\n  userConfig:\n    kafka_version: '2.7'\n\n---\n\napiVersion: aiven.io/v1alpha1\nkind: KafkaTopic\nmetadata:\n  name: logs\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: &lt;your-project-name&gt;\n  serviceName: kafka-sample\n\n  # here we can specify how many partitions the topic should have\n  partitions: 3\n  # and the topic replication factor\n  replication: 2\n\n  # we also support various topic-specific configurations\n  config:\n    flush_ms: 100\n</code></pre> <p>2. Create the resource on Kubernetes:</p> <pre><code>kubectl apply -f kafka-sample-topic.yaml \n</code></pre> <p>3. Now, create a <code>ServiceIntegration</code> resource to send the Kafka logs to the created topic. In the same file, add the    following YAML:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: ServiceIntegration\nmetadata:\n  name: service-integration-kafka-logs\nspec:\n\n  # gets the authentication token from the `aiven-token` Secret\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: &lt;your-project-name&gt;\n\n  # indicates the type of the integration\n  integrationType: kafka_logs\n\n  # we will send the logs to the same kafka-sample instance\n  # the source and destination are the same\n  sourceServiceName: kafka-sample\n  destinationServiceName: kafka-sample\n\n  # the topic name we will send to\n  kafkaLogs:\n    kafka_topic: logs\n</code></pre> <p>4. Reapply the resource on Kubernetes:</p> <pre><code>kubectl apply -f kafka-sample-topic.yaml \n</code></pre> <p>5. Let's check the created service integration:</p> <pre><code>kubectl get serviceintegrations.aiven.io service-integration-kafka-logs\n</code></pre> <p>The output is similar to the following:</p> <pre><code>NAME                             PROJECT        TYPE         SOURCE SERVICE NAME   DESTINATION SERVICE NAME   SOURCE ENDPOINT ID   DESTINATION ENDPOINT ID\nservice-integration-kafka-logs   your-project   kafka_logs   kafka-sample          kafka-sample                                    \n</code></pre> <p>Your Kafka service logs are now being streamed to the <code>logs</code> Kafka topic.</p>"},{"location":"resources/kafka/index.html","title":"Kafka","text":"<p>Aiven for Apache Kafka is an excellent option if you need to run Apache Kafka at scale. With Aiven Kubernetes Operator you can get up and running with a suitably sized Apache Kafka service in a few minutes.</p> <p>Note</p> <p>Before going through this guide, make sure you have a Kubernetes cluster with the operator installed  and a Kubernetes Secret with an Aiven authentication token.</p>"},{"location":"resources/kafka/index.html#creating-a-kafka-instance","title":"Creating a Kafka instance","text":"<p>1. Create a file named <code>kafka-sample.yaml</code>, and add the following content:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: Kafka\nmetadata:\n  name: kafka-sample\nspec:\n  # gets the authentication token from the `aiven-token` Secret\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  # outputs the Kafka connection on the `kafka-connection` Secret\n  connInfoSecretTarget:\n    name: kafka-auth\n\n  # add your Project name here\n  project: &lt;your-project-name&gt;\n\n  # cloud provider and plan of your choice\n  # you can check all of the possibilities here https://aiven.io/pricing\n  cloudName: google-europe-west1\n  plan: startup-2\n\n  # general Aiven configuration\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n\n  # specific Kafka configuration\n  userConfig:\n    kafka_version: '2.7'\n</code></pre> <p>2. Create the following resource on Kubernetes:</p> <pre><code>kubectl apply -f kafka-sample.yaml \n</code></pre> <p>3. Inspect the service created using the command below. </p> <pre><code>kubectl get kafka.aiven.io kafka-sample\n</code></pre> <p>The output has the project name and state, similar to the following:</p> <pre><code>NAME           PROJECT          REGION                PLAN        STATE\nkafka-sample   &lt;your-project&gt;   google-europe-west1   startup-2   RUNNING\n</code></pre> <p>After a couple of minutes, the <code>STATE</code> field is changed to <code>RUNNING</code>, and is ready to be used.</p>"},{"location":"resources/kafka/index.html#using-the-connection-secret","title":"Using the connection Secret","text":"<p>For your convenience, the operator automatically stores the Kafka connection information in a Secret created with the name specified on the <code>connInfoSecretTarget</code> field.</p> <pre><code>kubectl describe secret kafka-auth \n</code></pre> <p>The output is similar to the following:</p> <pre><code>Name:         kafka-auth\nNamespace:    default\nAnnotations:  &lt;none&gt;\n\nType:  Opaque\n\nData\n====\nCA_CERT:      1537 bytes\nHOST:         41 bytes\nPASSWORD:     16 bytes\nPORT:         5 bytes\nUSERNAME:     8 bytes\nACCESS_CERT:  1533 bytes\nACCESS_KEY:   2484 bytes\n</code></pre> <p>You can use the jq to quickly decode the Secret:</p> <pre><code>kubectl get secret kafka-auth -o json | jq '.data | map_values(@base64d)'\n</code></pre> <p>The output is similar to the following:</p> <pre><code>{\n  \"CA_CERT\": \"&lt;secret-ca-cert&gt;\",\n  \"ACCESS_CERT\": \"&lt;secret-cert&gt;\",\n  \"ACCESS_KEY\": \"&lt;secret-access-key&gt;\",\n  \"HOST\": \"kafka-sample-your-project.aivencloud.com\",\n  \"PASSWORD\": \"&lt;secret-password&gt;\",\n  \"PORT\": \"13041\",\n  \"USERNAME\": \"avnadmin\"\n}\n</code></pre>"},{"location":"resources/kafka/index.html#testing-the-connection","title":"Testing the connection","text":"<p>You can verify your access to the Kafka cluster from a Pod using the authentication data from the <code>kafka-auth</code> Secret. kcat is used for our examples below.</p> <p>1. Create a file named <code>kafka-test-connection.yaml</code>, and add the following content:</p> <pre><code>apiVersion: v1\nkind: Pod\nmetadata:\n  name: kafka-test-connection\nspec:\n  restartPolicy: Never\n  containers:\n    - image: edenhill/kcat:1.7.0\n      name: kcat\n\n      # the command below will connect to the Kafka cluster\n      # and output its metadata\n      command: [\n          'kcat', '-b', '$(HOST):$(PORT)',\n          '-X', 'security.protocol=SSL',\n          '-X', 'ssl.key.location=/kafka-auth/ACCESS_KEY',\n          '-X', 'ssl.key.password=$(PASSWORD)',\n          '-X', 'ssl.certificate.location=/kafka-auth/ACCESS_CERT',\n          '-X', 'ssl.ca.location=/kafka-auth/CA_CERT',\n          '-L'\n      ]\n\n      # loading the data from the Secret as environment variables\n      # useful to access the Kafka information, like hostname and port\n      envFrom:\n        - secretRef:\n            name: kafka-auth\n\n      volumeMounts:\n        - name: kafka-auth\n          mountPath: \"/kafka-auth\"\n\n  # loading the data from the Secret as files in a volume\n  # useful to access the Kafka certificates \n  volumes:\n    - name: kafka-auth\n      secret:\n        secretName: kafka-auth\n</code></pre> <p>2. Apply the file.</p> <pre><code>kubectl apply -f kafka-test-connection.yaml\n</code></pre> <p>Once successfully applied, you have a log with the metadata information about the Kafka cluster.</p> <pre><code>kubectl logs kafka-test-connection \n</code></pre> <p>The output is similar to the following:</p> <pre><code>Metadata for all topics (from broker -1: ssl://kafka-sample-your-project.aivencloud.com:13041/bootstrap):\n 3 brokers:\n  broker 2 at 35.205.234.70:13041\n  broker 3 at 34.77.127.70:13041 (controller)\n  broker 1 at 34.78.146.156:13041\n 0 topics:\n</code></pre>"},{"location":"resources/kafka/index.html#creating-a-kafkatopic-and-kafkaacl","title":"Creating a <code>KafkaTopic</code> and <code>KafkaACL</code>","text":"<p>To properly produce and consume content on Kafka, you need topics and ACLs. The operator supports both with the <code>KafkaTopic</code> and <code>KafkaACL</code> resources.</p> <p>Below, here is how to create a Kafka topic named <code>random-strings</code> where random string messages will be sent.</p> <p>1. Create a file named <code>kafka-topic-random-strings.yaml</code> with the content below:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: KafkaTopic\nmetadata:\n  name: random-strings\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: &lt;your-project-name&gt;\n  serviceName: kafka-sample\n\n  # here we can specify how many partitions the topic should have\n  partitions: 3\n  # and the topic replication factor\n  replication: 2\n\n  # we also support various topic-specific configurations\n  config:\n    flush_ms: 100\n</code></pre> <p>2. Create the resource on Kubernetes:</p> <pre><code>kubectl apply -f kafka-topic-random-strings.yaml\n</code></pre> <p>3. Create a user and an ACL. To use the Kafka topic, create a new user with the <code>ServiceUser</code> resource (in order to    avoid using the <code>avnadmin</code> superuser), and the <code>KafkaACL</code> to allow the user access to the topic.</p> <p>In a file named <code>kafka-acl-user-crab.yaml</code>, add the following two resources:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: ServiceUser\nmetadata:\n  # the name of our user \ud83e\udd80\n  name: crab\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  # the Secret name we will store the users' connection information\n  # looks exactly the same as the Secret generated when creating the Kafka cluster\n  # we will use this Secret to produce and consume events later!\n  connInfoSecretTarget:\n    name: kafka-crab-connection\n\n  # the Aiven project the user is related to\n  project: &lt;your-project-name&gt;\n\n  # the name of our Kafka Service\n  serviceName: kafka-sample\n\n---\n\napiVersion: aiven.io/v1alpha1\nkind: KafkaACL\nmetadata:\n  name: crab\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: &lt;your-project-name&gt;\n  serviceName: kafka-sample\n\n  # the username from the ServiceUser above\n  username: crab\n\n  # the ACL allows to produce and consume on the topic\n  permission: readwrite\n\n  # specify the topic we created before\n  topic: random-strings\n</code></pre> <p>To create the <code>crab</code> user and its permissions, execute the following command:</p> <pre><code>kubectl apply -f kafka-acl-user-crab.yaml\n</code></pre>"},{"location":"resources/kafka/index.html#producing-and-consuming-events","title":"Producing and consuming events","text":"<p>Using the previously created <code>KafkaTopic</code>, <code>ServiceUser</code>, <code>KafkaACL</code>, you can produce and consume events.</p> <p>You can use kcat to produce a message into Kafka, and the <code>-t random-strings</code> argument to select the desired topic, and use the content of the <code>/etc/issue</code> file as the message's body.</p> <p>1. Create a <code>kafka-crab-produce.yaml</code> file with the content below:</p> <pre><code>apiVersion: v1\nkind: Pod\nmetadata:\n  name: kafka-crab-produce\nspec:\n  restartPolicy: Never\n  containers:\n    - image: edenhill/kcat:1.7.0\n      name: kcat\n\n      # the command below will produce a message with the /etc/issue file content\n      command: [\n          'kcat', '-b', '$(HOST):$(PORT)',\n          '-X', 'security.protocol=SSL',\n          '-X', 'ssl.key.location=/crab-auth/ACCESS_KEY',\n          '-X', 'ssl.key.password=$(PASSWORD)',\n          '-X', 'ssl.certificate.location=/crab-auth/ACCESS_CERT',\n          '-X', 'ssl.ca.location=/crab-auth/CA_CERT',\n          '-P', '-t', 'random-strings', '/etc/issue',\n      ]\n\n      # loading the crab user data from the Secret as environment variables\n      # useful to access the Kafka information, like hostname and port\n      envFrom:\n        - secretRef:\n            name: kafka-crab-connection\n\n      volumeMounts:\n        - name: crab-auth\n          mountPath: \"/crab-auth\"\n\n  # loading the crab user information from the Secret as files in a volume\n  # useful to access the Kafka certificates \n  volumes:\n    - name: crab-auth\n      secret:\n        secretName: kafka-crab-connection\n</code></pre> <p>2. Create the Pod with the following content:</p> <pre><code>kubectl apply -f kafka-crab-produce.yaml\n</code></pre> <p>Now your event is stored in Kafka.</p> <p>To consume a message, you can use a graphical interface called Kowl. It allows you to explore information about our Kafka cluster, such as brokers, topics, or consumer groups.</p> <p>1. Create a Kubernetes Pod and service to deploy and access Kowl. Create a file named <code>kafka-crab-consume.yaml</code> with the    content below:</p> <pre><code>apiVersion: v1\nkind: Pod\nmetadata:\n  name: kafka-crab-consume\n  labels:\n    app: kafka-crab-consume\nspec:\n  containers:\n    - image: quay.io/cloudhut/kowl:v1.4.0\n      name: kowl\n\n      # kowl configuration values\n      env:\n        - name: KAFKA_TLS_ENABLED\n          value: 'true'\n\n        - name: KAFKA_BROKERS\n          value: $(HOST):$(PORT)\n        - name: KAFKA_TLS_PASSPHRASE\n          value: $(PASSWORD)\n\n        - name: KAFKA_TLS_CAFILEPATH\n          value: /crab-auth/CA_CERT\n        - name: KAFKA_TLS_CERTFILEPATH\n          value: /crab-auth/ACCESS_CERT\n        - name: KAFKA_TLS_KEYFILEPATH\n          value: /crab-auth/ACCESS_KEY\n\n      # inject all connection information as environment variables\n      envFrom:\n        - secretRef:\n            name: kafka-crab-connection\n\n      volumeMounts:\n        - name: crab-auth\n          mountPath: /crab-auth\n\n  # loading the crab user information from the Secret as files in a volume\n  # useful to access the Kafka certificates \n  volumes:\n    - name: crab-auth\n      secret:\n        secretName: kafka-crab-connection\n\n---\n\n# we will be using a simple service to access Kowl on port 8080\napiVersion: v1\nkind: Service\nmetadata:\n  name: kafka-crab-consume\nspec:\n  selector:\n    app: kafka-crab-consume\n  ports:\n    - port: 8080\n      targetPort: 8080\n</code></pre> <p>2. Create the resources with:</p> <pre><code>kubectl apply -f kafka-crab-consume.yaml\n</code></pre> <p>3. In another terminal create a port-forward tunnel to your Pod:</p> <pre><code>kubectl port-forward kafka-crab-consume 8080:8080\n</code></pre> <p>4. In the browser of your choice, access the http://localhost:8080 address. You now see a page with    the <code>random-strings</code> topic listed:    </p> <p>5. Click the topic name to see the message.    </p> <p>You have now consumed the message.</p>"},{"location":"resources/kafka/connect.html","title":"Kafka Connect","text":"<p>Aiven for Apache Kafka Connect is a framework and a runtime for integrating Kafka with other systems. Kafka connectors can either be a source (for pulling data from other systems into Kafka) or sink (for pushing data into other systems from Kafka).</p> <p>This section involves a few different Kubernetes CRDs: 1. A <code>KafkaService</code> service with a <code>KafkaTopic</code> 2. A <code>KafkaConnect</code> service 3. A <code>ServiceIntegration</code> to integrate the <code>Kafka</code> and <code>KafkaConnect</code> services 4. A <code>PostgreSQL</code> used as a sink to receive messages from <code>Kafka</code> 5. A <code>KafkaConnector</code> to finally connect the <code>Kafka</code> with the <code>PostgreSQL</code></p>"},{"location":"resources/kafka/connect.html#creating-the-resources","title":"Creating the resources","text":"<p>Create a file named <code>kafka-sample-connect.yaml</code> with the following content:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: Kafka\nmetadata:\n  name: kafka-sample-connect\nspec:\n  # gets the authentication token from the `aiven-token` Secret\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  # outputs the Kafka connection on the `kafka-connection` Secret\n  connInfoSecretTarget:\n    name: kafka-auth\n\n  # add your Project name here\n  project: &lt;your-project-name&gt;\n\n  # cloud provider and plan of your choice\n  # you can check all of the possibilities here https://aiven.io/pricing\n  cloudName: google-europe-west1\n  plan: business-4\n\n  # general Aiven configuration\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n\n  # specific Kafka configuration\n  userConfig:\n    kafka_version: '2.7'\n    kafka_connect: true\n\n---\n\napiVersion: aiven.io/v1alpha1\nkind: KafkaTopic\nmetadata:\n  name: kafka-topic-connect\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: &lt;your-project-name&gt;\n  serviceName: kafka-sample-connect\n\n  replication: 2\n  partitions: 1\n</code></pre> <p>Next, create a file named <code>kafka-connect.yaml</code> and add the following <code>KafkaConnect</code> resource:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: KafkaConnect\nmetadata:\n  name: kafka-connect\nspec:\n  # gets the authentication token from the `aiven-token` Secret\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  # add your Project name here\n  project: &lt;your-project-name&gt;\n\n  # cloud provider and plan of your choice\n  # you can check all of the possibilities here https://aiven.io/pricing\n  cloudName: google-europe-west1\n  plan: startup-4\n\n  # general Aiven configuration\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n</code></pre> <p>Now let's create a <code>ServiceIntegration</code>. It will use the fields <code>sourceServiceName</code> and <code>destinationServiceName</code> to integrate the previously created <code>kafka-sample-connect</code> and <code>kafka-connect</code>. Open a new file named <code>service-integration-connect.yaml</code> and add the content below:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: ServiceIntegration\nmetadata:\n  name: service-integration-kafka-connect\nspec:\n\n  # gets the authentication token from the `aiven-token` Secret\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: &lt;your-project-name&gt;\n\n  # indicates the type of the integration\n  integrationType: kafka_connect\n\n  # we will send messages from the `kafka-sample-connect` to `kafka-connect`\n  sourceServiceName: kafka-sample-connect\n  destinationServiceName: kafka-connect\n</code></pre> <p>Let's add an Aiven for PostgreSQL service. It will be the service used as a sink, receiving messages from the <code>kafka-sample-connect</code> cluster. Create a file named <code>pg-sample-connect.yaml</code> with the content below:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: PostgreSQL\nmetadata:\n  name: pg-connect\nspec:\n\n  # gets the authentication token from the `aiven-token` Secret\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  # outputs the PostgreSQL connection on the `pg-connection` Secret\n  connInfoSecretTarget:\n    name: pg-connection\n\n  # add your Project name here\n  project: &lt;your-project-name&gt;\n\n  # cloud provider and plan of your choice\n  # you can check all of the possibilities here https://aiven.io/pricing\n  cloudName: google-europe-west1\n  plan: startup-4\n\n  # general Aiven configuration\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n</code></pre> <p>Finally, let's add the glue of everything: a <code>KafkaConnector</code>. As described in the specification, it will send receive messages from the <code>kafka-sample-connect</code> and send them to the <code>pg-connect</code> service. Check our official documentation for more connectors.</p> <p>Create a file named <code>kafka-connector-connect.yaml</code> and with the content below:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: KafkaConnector\nmetadata:\n  name: kafka-connector\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: &lt;your-project-name&gt;\n\n  # the Kafka cluster name\n  serviceName: kafka-sample-connect\n\n  # the connector we will be using\n  connectorClass: io.aiven.connect.jdbc.JdbcSinkConnector\n\n  userConfig:\n    auto.create: \"true\"\n\n    # constructs the pg-connect connection information\n    connection.url: 'jdbc:postgresql://{{ fromSecret \"pg-connection\" \"PGHOST\"}}:{{ fromSecret \"pg-connection\" \"PGPORT\" }}/{{ fromSecret \"pg-connection\" \"PGDATABASE\" }}'\n    connection.user: '{{ fromSecret \"pg-connection\" \"PGUSER\" }}'\n    connection.password: '{{ fromSecret \"pg-connection\" \"PGPASSWORD\" }}'\n\n    # specify which topics it will watch\n    topics: kafka-topic-connect\n\n    key.converter: org.apache.kafka.connect.json.JsonConverter\n    value.converter: org.apache.kafka.connect.json.JsonConverter\n    value.converter.schemas.enable: \"true\"\n</code></pre> <p>With all the files created, apply the new Kubernetes resources:</p> <pre><code>kubectl apply \\\n  -f kafka-sample-connect.yaml \\\n  -f kafka-connect.yaml \\\n  -f service-integration-connect.yaml \\\n  -f pg-sample-connect.yaml \\\n  -f kafka-connector-connect.yaml\n</code></pre> <p>It will take some time for all the services to be up and running. You can check their status with the following command:</p> <pre><code>kubectl get \\\n    kafkas.aiven.io/kafka-sample-connect \\\n    kafkaconnects.aiven.io/kafka-connect \\\n    postgresqls.aiven.io/pg-connect \\\n    kafkaconnectors.aiven.io/kafka-connector\n</code></pre> <p>The output is similar to the following:</p> <p><pre><code>NAME                                  PROJECT        REGION                PLAN         STATE\nkafka.aiven.io/kafka-sample-connect   your-project   google-europe-west1   business-4   RUNNING\n\nNAME                                  STATE\nkafkaconnect.aiven.io/kafka-connect   RUNNING\n\nNAME                             PROJECT        REGION                PLAN        STATE\npostgresql.aiven.io/pg-connect   your-project   google-europe-west1   startup-4   RUNNING\n\nNAME                                      SERVICE NAME           PROJECT        CONNECTOR CLASS                           STATE     TASKS TOTAL   TASKS RUNNING\nkafkaconnector.aiven.io/kafka-connector   kafka-sample-connect   your-project   io.aiven.connect.jdbc.JdbcSinkConnector   RUNNING   1             1\n</code></pre> The deployment is finished when all services have the state <code>RUNNING</code>.</p>"},{"location":"resources/kafka/connect.html#testing","title":"Testing","text":"<p>To test the connection integration, let's produce a Kafka message using kcat from within the Kubernetes cluster. We will deploy a Pod responsible for crafting a message and sending to the Kafka cluster, using the <code>kafka-auth</code> secret generate by the <code>Kafka</code> CRD.</p> <p>Create a new file named <code>kcat-connect.yaml</code> and add the content below:</p> <pre><code>apiVersion: v1\nkind: Pod\nmetadata:\n  name: kafka-message\nspec:\n  containers:\n\n  restartPolicy: Never\n    - image: edenhill/kcat:1.7.0\n      name: kcat\n\n      command: ['/bin/sh']\n      args: [\n        '-c',\n        'echo {\\\"schema\\\":{\\\"type\\\":\\\"struct\\\",\\\"fields\\\":[{ \\\"field\\\": \\\"text\\\", \\\"type\\\": \\\"string\\\", \\\"optional\\\": false } ] }, \\\"payload\\\": { \\\"text\\\": \\\"Hello World\\\" } } &gt; /tmp/msg;\n\n        kcat\n          -b $(HOST):$(PORT)\n          -X security.protocol=SSL\n          -X ssl.key.location=/kafka-auth/ACCESS_KEY\n          -X ssl.key.password=$(PASSWORD)\n          -X ssl.certificate.location=/kafka-auth/ACCESS_CERT\n          -X ssl.ca.location=/kafka-auth/CA_CERT\n          -P -t kafka-topic-connect /tmp/msg'\n      ]\n\n      envFrom:\n      - secretRef:\n          name: kafka-auth\n\n      volumeMounts:\n      - name: kafka-auth\n        mountPath: \"/kafka-auth\"\n\n  volumes:\n  - name: kafka-auth\n    secret:\n      secretName: kafka-auth\n</code></pre> <p>Apply the file with:</p> <pre><code>kubectl apply -f kcat-connect.yaml\n</code></pre> <p>The Pod will execute the commands and finish. You can confirm its <code>Completed</code> state with:</p> <pre><code>kubectl get pod kafka-message\n</code></pre> <p>The output is similar to the following:</p> <pre><code>NAME            READY   STATUS      RESTARTS   AGE\nkafka-message   0/1     Completed   0          5m35s\n</code></pre> <p>If everything went smoothly, we should have our produced message in the PostgreSQL service. Let's check that out.</p> <p>Create a file named <code>psql-connect.yaml</code> with the content below:</p> <pre><code>apiVersion: v1\nkind: Pod\nmetadata:\n  name: psql-connect\nspec:\n  restartPolicy: Never\n  containers:\n    - image: postgres:13\n      name: postgres\n      # \"kafka-topic-connect\" is the table automatically created by KafkaConnect\n      command: ['psql', '$(DATABASE_URI)', '-c', 'SELECT * from \"kafka-topic-connect\";']\n\n      envFrom:\n      - secretRef:\n          name: pg-connection\n</code></pre> <p>Apply the file with:</p> <pre><code>kubectl apply -f psql-connect.yaml\n</code></pre> <p>After a couple of seconds, inspect its log with this command: </p> <pre><code>kubectl logs psql-connect \n</code></pre> <p>The output is similar to the following: </p> <pre><code>    text     \n-------------\n Hello World\n(1 row)\n</code></pre>"},{"location":"resources/kafka/connect.html#clean-up","title":"Clean up","text":"<p>To clean up all the created resources, use the following command:</p> <pre><code>kubectl delete \\\n  -f kafka-sample-connect.yaml \\\n  -f kafka-connect.yaml \\\n  -f service-integration-connect.yaml \\\n  -f pg-sample-connect.yaml \\\n  -f kafka-connector-connect.yaml \\\n  -f kcat-connect.yaml \\\n  -f psql-connect.yaml\n</code></pre>"},{"location":"resources/kafka/schema.html","title":"Kafka Schema","text":""},{"location":"resources/kafka/schema.html#creating-a-kafkaschema","title":"Creating a <code>KafkaSchema</code>","text":"<p>Aiven develops and maintain Karapace, an open source implementation of Kafka REST and schema registry. Is available out of the box for our managed Kafka service.</p> <p>The schema registry address and authentication is the same as the Kafka broker, the only different is the usage of the port 13044.</p> <p>First, let's create an Aiven for Apache Kafka service.</p> <p>1. Create a file named <code>kafka-sample-schema.yaml</code> and add the content below:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: Kafka\nmetadata:\n  name: kafka-sample-schema\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: kafka-auth\n\n  project: &lt;your-project-name&gt;\n  cloudName: google-europe-west1\n  plan: startup-2\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n\n  userConfig:\n    kafka_version: '2.7'\n\n    # this flag enables the Schema registry\n    schema_registry: true\n</code></pre> <p>2. Apply the changes with the following command:</p> <pre><code>kubectl apply -f kafka-schema.yaml \n</code></pre> <p>Now, let's create the schema itself.</p> <p>1. Create a new file named <code>kafka-sample-schema.yaml</code> and add the YAML content below:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: KafkaSchema\nmetadata:\n  name: kafka-schema\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: &lt;your-project-name&gt;\n  serviceName: kafka-sample-schema\n\n  # the name of the Schema\n  subjectName: MySchema\n\n  # the schema itself, in JSON format\n  schema: |\n    {\n      \"type\": \"record\",\n      \"name\": \"MySchema\",\n      \"fields\": [\n        {\n          \"name\": \"field\",\n          \"type\": \"string\"\n        }\n      ]\n    }\n\n  # sets the schema compatibility level \n  compatibilityLevel: BACKWARD\n</code></pre> <p>2. Create the schema with the command:</p> <pre><code>kubectl apply -f kafka-schema.yaml\n</code></pre> <p>3. Review the resource you created with the following command:</p> <pre><code>kubectl get kafkaschemas.aiven.io kafka-schema\n</code></pre> <p>The output is similar to the following:</p> <pre><code>NAME           SERVICE NAME   PROJECT          SUBJECT    COMPATIBILITY LEVEL   VERSION\nkafka-schema   kafka-sample   &lt;your-project&gt;   MySchema   BACKWARD              1\n</code></pre> <p>Now you can follow the instructions to use a schema registry in Java on how to use the schema created.</p>"}]}
\ No newline at end of file
diff --git a/search/search_index.json b/search/search_index.json
index d8ba4a9c..8e444079 100644
--- a/search/search_index.json
+++ b/search/search_index.json
@@ -1 +1 @@
-{"config":{"lang":["en"],"separator":"[\\s\\-]+","pipeline":["stopWordFilter"]},"docs":[{"location":"index.html","title":"Welcome to Aiven Operator for Kubernetes","text":"<p>Provision and manage Aiven services from your Kubernetes cluster.</p>"},{"location":"index.html#what-is-aiven","title":"What is Aiven?","text":"<p>Aiven offers managed services for the best open source data technologies, on a cloud of your choice.</p> <p>We offer multiple cloud options because we believe that everyone should have access to great data platforms wherever they host their applications. Our customers tell us they love it because they know that they aren\u2019t locked in to one particular cloud platform for all their data needs.</p>"},{"location":"index.html#contributing","title":"Contributing","text":"<p>The contribution guide covers everything you need to know about how you can contribute to Aiven Operator for Kubernetes. The developer guide will help you onboard as a developer.</p>"},{"location":"authentication.html","title":"Authenticating","text":"<p>To get authenticated and authorized, set up the communication between the Aiven Operator for Kubernetes and Aiven by using a token stored in a Kubernetes secret. You can then refer to the secret name on every custom resource in the <code>authSecretRef</code> field.</p> <p>If you don't have an Aiven account yet, sign up here for a free trial. \ud83e\udd80</p> <p>1. Generate an authentication token</p> <p>Refer to our documentation article to generate your authentication token.</p> <p>2. Create the Kubernetes Secret</p> <p>The following command creates a secret named <code>aiven-token</code> with a <code>token</code> field containing the authentication token:</p> <pre><code>kubectl create secret generic aiven-token --from-literal=token=\"&lt;your-token-here&gt;\"\n</code></pre> <p>When managing your Aiven resources, we will be using the created Secret in the <code>authSecretRef</code> field. It will look like the example below:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: PostgreSQL\nmetadata:\n  name: pg-sample\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n  [ ... ]\n</code></pre> <p>Also, note that within Aiven, all resources are conceptually inside a Project. By default, a random project name is generated when you signup, but you can also create new projects.</p> <p>The Project name is required in most of the resources. It will look like the example below:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: PostgreSQL\nmetadata:\n  name: pg-sample\nspec:\n  project: &lt;your-project-name-here&gt;\n  [ ... ]\n</code></pre>"},{"location":"changelog.html","title":"Changelog","text":""},{"location":"changelog.html#v0150-2023-11-17","title":"v0.15.0 - 2023-11-17","text":"<ul> <li>Upgrade to Go 1.21</li> <li>Add option to orphan resources. Thanks to @atarax</li> <li>Fix <code>ServiceIntegration</code>: do not send empty user config to the API </li> <li>Add a format for <code>string</code> type fields to the documentation</li> <li>Generate CRDs changelog</li> <li>Add <code>Clickhouse</code> field <code>userConfig.private_access.clickhouse_mysql</code>, type <code>boolean</code>: Allow clients   to connect to clickhouse_mysql with a DNS name that always resolves to the service's private IP addresses</li> <li>Add <code>Clickhouse</code> field <code>userConfig.privatelink_access.clickhouse_mysql</code>, type <code>boolean</code>: Enable clickhouse_mysql</li> <li>Add <code>Clickhouse</code> field <code>userConfig.public_access.clickhouse_mysql</code>, type <code>boolean</code>: Allow clients to   connect to clickhouse_mysql from the public internet for service nodes that are in a project VPC   or another type of private network</li> <li>Add <code>Grafana</code> field <code>userConfig.unified_alerting_enabled</code>, type <code>boolean</code>: Enable or disable Grafana   unified alerting functionality</li> <li>Add <code>Kafka</code> field <code>userConfig.aiven_kafka_topic_messages</code>, type <code>boolean</code>: Allow access to read Kafka   topic messages in the Aiven Console and REST API</li> <li>Add <code>Kafka</code> field <code>userConfig.kafka.sasl_oauthbearer_expected_audience</code>, type <code>string</code>: The (optional)   comma-delimited setting for the broker to use to verify that the JWT was issued for one of the   expected audiences</li> <li>Add <code>Kafka</code> field <code>userConfig.kafka.sasl_oauthbearer_expected_issuer</code>, type <code>string</code>: Optional setting   for the broker to use to verify that the JWT was created by the expected issuer</li> <li>Add <code>Kafka</code> field <code>userConfig.kafka.sasl_oauthbearer_jwks_endpoint_url</code>, type <code>string</code>: OIDC JWKS endpoint   URL. By setting this the SASL SSL OAuth2/OIDC authentication is enabled</li> <li>Add <code>Kafka</code> field <code>userConfig.kafka.sasl_oauthbearer_sub_claim_name</code>, type <code>string</code>: Name of the scope   from which to extract the subject claim from the JWT. Defaults to sub</li> <li>Change <code>Kafka</code> field <code>userConfig.kafka_version</code>: enum <code>[3.1, 3.3, 3.4, 3.5]</code> \u2192 <code>[3.1, 3.3, 3.4,   3.5, 3.6]</code></li> <li>Change <code>Kafka</code> field <code>userConfig.tiered_storage.local_cache.size</code>: deprecated</li> <li>Add <code>OpenSearch</code> field <code>userConfig.opensearch.indices_memory_max_index_buffer_size</code>, type <code>integer</code>:   Absolute value. Default is unbound. Doesn't work without indices.memory.index_buffer_size</li> <li>Add <code>OpenSearch</code> field <code>userConfig.opensearch.indices_memory_min_index_buffer_size</code>, type <code>integer</code>:   Absolute value. Default is 48mb. Doesn't work without indices.memory.index_buffer_size</li> <li>Change <code>OpenSearch</code> field <code>userConfig.opensearch.auth_failure_listeners.internal_authentication_backend_limiting.authentication_backend</code>:   enum <code>[internal]</code></li> <li>Change <code>OpenSearch</code> field <code>userConfig.opensearch.auth_failure_listeners.internal_authentication_backend_limiting.type</code>:   enum <code>[username]</code></li> <li>Change <code>OpenSearch</code> field <code>userConfig.opensearch.auth_failure_listeners.ip_rate_limiting.type</code>: enum <code>[ip]</code></li> <li>Change <code>OpenSearch</code> field <code>userConfig.opensearch.search_max_buckets</code>: maximum <code>65536</code> \u2192 <code>1000000</code></li> <li>Change <code>ServiceIntegration</code> field <code>kafkaMirrormaker.kafka_mirrormaker.producer_max_request_size</code>: maximum   <code>67108864</code> \u2192 <code>268435456</code></li> </ul>"},{"location":"changelog.html#v0140-2023-09-21","title":"v0.14.0 - 2023-09-21","text":"<ul> <li>Make <code>projectVpcId</code> and <code>projectVPCRef</code> mutable</li> <li>Fix panic on <code>nil</code> user config conversion</li> <li>Use aiven-go-client with context support</li> <li>Deprecate <code>Cassandra</code> kind option <code>additional_backup_regions</code></li> <li>Add <code>Grafana</code> kind option <code>auto_login</code></li> <li>Add <code>Kafka</code> kind properties <code>log_local_retention_bytes</code>, <code>log_local_retention_ms</code></li> <li>Remove <code>Kafka</code> kind option <code>remote_log_storage_system_enable</code></li> <li>Add <code>OpenSearch</code> kind option <code>auth_failure_listeners</code></li> <li>Add <code>OpenSearch</code> kind Index State Management options</li> </ul>"},{"location":"changelog.html#v0130-2023-08-18","title":"v0.13.0 - 2023-08-18","text":"<ul> <li>Add TieredStorage support to <code>Kafka</code></li> <li>Add <code>Kafka</code> version <code>3.5</code></li> <li>Add <code>Kafka</code> spec property <code>scheduled_rebalance_max_delay_ms</code></li> <li>Mark deprecated <code>Kafka</code> spec property <code>remote_log_storage_system_enable</code></li> <li>Add <code>KafkaConnect</code> spec property <code>scheduled_rebalance_max_delay_ms</code></li> <li>Add <code>OpenSearch</code> spec property <code>openid</code> </li> <li>Use updated go client with enhanced retries</li> </ul>"},{"location":"changelog.html#v0123-2023-07-13","title":"v0.12.3 - 2023-07-13","text":"<ul> <li>Expose <code>KAFKA_SCHEMA_REGISTRY_HOST</code> and <code>KAFKA_SCHEMA_REGISTRY_PORT</code> for <code>Kafka</code></li> <li>Expose <code>KAFKA_CONNECT_HOST</code>, <code>KAFKA_CONNECT_PORT</code>, <code>KAFKA_REST_HOST</code> and <code>KAFKA_REST_PORT</code> for <code>Kafka</code>. Thanks to @Dariusch</li> </ul>"},{"location":"changelog.html#v0122-2023-06-20","title":"v0.12.2 - 2023-06-20","text":"<ul> <li>Make conditions and state optional attributes of service status. Thanks to @mortenlj</li> <li>Remove deprecated <code>unclean_leader_election_enable</code> from <code>KafkaTopic</code> kind config</li> <li>Expose <code>KAFKA_SASL_PORT</code> for <code>Kafka</code> kind if <code>SASL</code> authentication method is enabled</li> <li>Add <code>redis</code> options to datadog <code>ServiceIntegration</code></li> <li>Add <code>Cassandra</code> version <code>3</code></li> <li>Add <code>Kafka</code> versions <code>3.1</code> and <code>3.4</code></li> <li>Add <code>kafka_rest_config.producer_max_request_size</code> option</li> <li>Add <code>kafka_mirrormaker.producer_compression_type</code> option</li> </ul>"},{"location":"changelog.html#v0120-2023-05-10","title":"v0.12.0 - 2023-05-10","text":"<ul> <li>Fix service tags create/update. Thanks to @mortenlj</li> <li>Add prefix name option for secrets. Thanks to @jordiclariana</li> <li>Add <code>clusterRole.create</code> option to Helm chart. Thanks to @ryaneorth</li> <li>Use kind name as default prefix for secrets to avoid collisions. Please migrate your applications before legacy names removed</li> <li>Fix secrets creation on openshift</li> <li>Add <code>OpenSearch.spec.userConfig.idp_pemtrustedcas_content</code> option.   Specifies the PEM-encoded root certificate authority (CA) content for the SAML identity provider (IdP) server verification.</li> </ul>"},{"location":"changelog.html#v0110-2023-04-25","title":"v0.11.0 - 2023-04-25","text":"<ul> <li>Add <code>ServiceIntegration</code> kind <code>SourceProjectName</code> and <code>DestinationProjectName</code> fields</li> <li>Add <code>ServiceIntegration</code> fields <code>MaxLength</code> validation</li> <li>Add <code>ServiceIntegration</code> validation: multiple user configs cannot be set</li> <li>Fix <code>ServiceIntegration</code>, should not require <code>destinationServiceName</code> or <code>sourceEndpointID</code> field</li> <li>Fix <code>ServiceIntegration</code>, add missing <code>external_aws_cloudwatch_metrics</code> type config serialization</li> <li>Update <code>ServiceIntegration</code> integration type list</li> <li>Add <code>annotations</code> and <code>labels</code> fields to <code>connInfoSecretTarget</code></li> <li>Allow to disable capabilities check to install webhooks. Thanks to @amstee</li> <li>Set <code>OpenSearch.spec.userConfig.opensearch.search_max_buckets</code> maximum to <code>65536</code></li> </ul>"},{"location":"changelog.html#v0100-2023-04-17","title":"v0.10.0 - 2023-04-17","text":"<ul> <li>Mark service <code>plan</code> as a required field</li> <li>Add <code>minumim</code>, <code>maximum</code> validations for <code>number</code> type</li> <li>Move helm charts to the operator repository</li> <li>Add helm charts generator</li> <li>Remove <code>ip_filter</code> backward compatability</li> <li>Fix deletion errors omitted</li> <li>Add service integration <code>clickhouseKafka.tables.data_format-property</code> enum <code>RawBLOB</code> value</li> <li>Update OpenSearch <code>userConfig.opensearch.email_sender_username</code> validation pattern</li> <li>Add Kafka <code>log_cleaner_min_cleanable_ratio</code> minimum and maximum validation rules</li> <li>Remove Kafka version <code>3.2</code>, reached EOL</li> <li>Remove PostgreSQL version <code>10</code>, reached EOL</li> <li>Explicitly delete <code>ProjectVPC</code> by <code>ID</code> to avoid conflicts </li> <li>Speed up <code>ProjectVPC</code> deletion by exiting on <code>DELETING</code> status</li> <li>Fix missing RBAC permissions to update finalizers for various controllers </li> <li>Refactor <code>ClickhouseUser</code> controller</li> <li>Mark <code>ClickhouseUser.spec.project</code> and <code>ClickhouseUser.spec.serviceName</code> as immutable</li> <li>Remove deprecated service integration type <code>signalfx</code></li> <li>Add build version to the Aiven client user-agent</li> </ul>"},{"location":"changelog.html#v090-2023-03-03","title":"v0.9.0 - 2023-03-03","text":"<ul> <li><code>AuthSecretRef</code> fields marked as required</li> <li>Generate user configs for existing service integrations: <code>datadog</code>, <code>kafka_connect</code>, <code>kafka_logs</code>, <code>metrics</code></li> <li>Add new service integrations: <code>clickhouse_postgresql</code>, <code>clickhouse_kafka</code>, <code>clickhouse_kafka</code>, <code>logs</code>, <code>external_aws_cloudwatch_metrics</code></li> <li>Add <code>KafkaTopic.Spec.topicName</code> field. Unlike the <code>metadata.name</code>, supports additional characters and has a longer length.   <code>KafkaTopic.Spec.topicName</code> replaces <code>metadata.name</code> in future releases and will be marked as required.</li> <li>Accept <code>false</code> value for <code>termination_protection</code> property</li> <li>Fix <code>min_cleanable_dirty_ratio</code>. Thanks to @TV2rd</li> </ul>"},{"location":"changelog.html#v080-2023-02-15","title":"v0.8.0 - 2023-02-15","text":"<p>Important: This release brings breaking changes to the <code>userConfig</code> property. After new charts are installed, update your existing instances manually using the <code>kubectl edit</code> command according to the API reference.</p> <p>Note: It is now recommended to disable webhooks for Kubernetes version 1.25 and higher, as native CRD validation rules are used.</p> <ul> <li>Breaking change: <code>ip_filter</code> field is now of <code>object</code> type</li> <li>Breaking change: Update user configs for following kinds: PostgreSQL, Kafka, KafkaConnect, Redis, Clickhouse, OpenSearch</li> <li>Add CRD validation rules for immutable fields</li> <li>Add user config field validations (enum, minimum, maximum, minLength, and others)</li> <li>Add <code>serviceIntegrations</code> on service types. Only the <code>read_replica</code> type is available.</li> <li>Add KafkaTopic <code>min_cleanable_dirty_ratio</code> config field support</li> <li>Add Clickhouse <code>spec.disk_space</code> property</li> <li>Use updated aiven-go-client with retries</li> <li>Add <code>linux/amd64</code> build. Thanks to @christoffer-eide</li> </ul>"},{"location":"changelog.html#v071-2023-01-24","title":"v0.7.1 - 2023-01-24","text":"<ul> <li>Add Cassandra Kind</li> <li>Add Grafana Kind</li> <li>Recreate Kafka ACL if modified.    Note: Modification of ACL created prior to v0.5.1 won't delete existing instance at Aiven.   It must be deleted manually.</li> <li>Fix MySQL webhook</li> </ul>"},{"location":"changelog.html#v060-2023-01-16","title":"v0.6.0 - 2023-01-16","text":"<ul> <li>Remove <code>never</code> from choices of maintenance dow</li> <li>Add <code>development</code> flag to configure logger's behavior</li> <li>Add user config generator (see <code>make generate-user-configs</code>)</li> <li>Add <code>genericServiceHandler</code> to generalize service management </li> <li>Add MySQL Kind</li> </ul>"},{"location":"changelog.html#v052-2022-12-09","title":"v0.5.2 - 2022-12-09","text":"<ul> <li>Fix deployment release manifest generation</li> </ul>"},{"location":"changelog.html#v051-2022-11-28","title":"v0.5.1 - 2022-11-28","text":"<ul> <li>Fix <code>KafkaACL</code> deletion</li> </ul>"},{"location":"changelog.html#v050-2022-11-27","title":"v0.5.0 - 2022-11-27","text":"<ul> <li>Add ability to link resources through the references</li> <li>Add <code>ProjectVPCRef</code> property to <code>Kafka</code>, <code>OpenSearch</code>, <code>Clickhouse</code> and <code>Redis</code> kinds   to get <code>ProjectVPC</code> ID when resource is ready</li> <li>Improve <code>ProjectVPC</code> deletion, deletes by ID first if possible, then tries by name</li> <li>Fix <code>client.Object</code> storage update data loss</li> </ul>"},{"location":"changelog.html#v040-2022-08-04","title":"v0.4.0 - 2022-08-04","text":"<ul> <li>Upgrade to Go 1.18</li> <li>Add support for connection pull incoming user</li> <li>Fix typo on config/samples/kafka disk_space</li> <li>Add tags support for project and service resources</li> <li>Enable termination protection</li> </ul>"},{"location":"changelog.html#v020-2021-11-17","title":"v0.2.0 - 2021-11-17","text":"<p>features: * add Redis CRD</p> <p>improvements: * watch CRDs to reconcile token secrets</p> <p>fixes: * fix RBACs of KafkaACL CRD</p>"},{"location":"changelog.html#v011-2021-09-13","title":"v0.1.1 - 2021-09-13","text":"<p>improvements: * update helm installation docs</p> <p>fixes: * fix typo in a kafka-connector kuttl test</p>"},{"location":"changelog.html#v010-2021-09-10","title":"v0.1.0 - 2021-09-10","text":"<p>features: * initial release</p>"},{"location":"troubleshooting.html","title":"Troubleshooting","text":""},{"location":"troubleshooting.html#verifying-operator-status","title":"Verifying operator status","text":"<p>Use the following checks to help you troubleshoot the Aiven Operator for Kubernetes.</p>"},{"location":"troubleshooting.html#checking-the-pods","title":"Checking the Pods","text":"<p>Verify that all the operator Pods are <code>READY</code>, and the <code>STATUS</code> is <code>Running</code>.</p> <pre><code>kubectl get pod -n aiven-operator-system\n</code></pre> <p>The output is similar to the following:</p> <pre><code>NAME                                                            READY   STATUS    RESTARTS   AGE\naiven-operator-controller-manager-576d944499-ggttj   1/1     Running   0          12m\n</code></pre> <p>Verify that the <code>cert-manager</code> Pods are also running.</p> <pre><code>kubectl get pod -n cert-manager\n</code></pre> <p>The output has the status:</p> <pre><code>NAME                                       READY   STATUS    RESTARTS   AGE\ncert-manager-7dd5854bb4-85cpv              1/1     Running   0          76s\ncert-manager-cainjector-64c949654c-n2z8l   1/1     Running   0          77s\ncert-manager-webhook-6bdffc7c9d-47w6z      1/1     Running   0          76s\n</code></pre>"},{"location":"troubleshooting.html#visualizing-the-operator-logs","title":"Visualizing the operator logs","text":"<p>Use the following command to visualize all the logs from the operator.</p> <pre><code>kubectl logs -n aiven-operator-system -l control-plane=controller-manager\n</code></pre>"},{"location":"troubleshooting.html#verifing-the-operator-version","title":"Verifing the operator version","text":"<pre><code>kubectl get pod -n aiven-operator-system -l control-plane=controller-manager -o jsonpath=\"{.items[0].spec.containers[0].image}\"\n</code></pre>"},{"location":"troubleshooting.html#known-issues-and-limitations","title":"Known issues and limitations","text":"<p>We're always working to resolve problems that pop up in Aiven products. If your problem is listed below, we know about it and are working to fix it. If your problem isn't listed below, report it as an issue.</p>"},{"location":"troubleshooting.html#cert-manager","title":"cert-manager","text":""},{"location":"troubleshooting.html#issue","title":"Issue","text":"<p>The following event appears on the operator Pod:</p> <pre><code>MountVolume.SetUp failed for volume \"cert\" : secret \"webhook-server-cert\" not found\n</code></pre>"},{"location":"troubleshooting.html#impact","title":"Impact","text":"<p>You cannot run the operator.</p>"},{"location":"troubleshooting.html#solution","title":"Solution","text":"<p>Make sure that cert-manager is up and running.</p> <pre><code>kubectl get pod -n cert-manager\n</code></pre> <p>The output shows the status of each cert-manager:</p> <pre><code>NAME                                       READY   STATUS    RESTARTS   AGE\ncert-manager-7dd5854bb4-85cpv              1/1     Running   0          76s\ncert-manager-cainjector-64c949654c-n2z8l   1/1     Running   0          77s\ncert-manager-webhook-6bdffc7c9d-47w6z      1/1     Running   0          76s\n</code></pre>"},{"location":"api-reference/index.html","title":"aiven.io/v1alpha1","text":"<p>Autogenerated from CRD files.</p>"},{"location":"api-reference/cassandra.html","title":"Cassandra","text":""},{"location":"api-reference/cassandra.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: Cassandra\nmetadata:\n  name: my-cassandra\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: cassandra-secret\n    prefix: MY_SECRET_PREFIX_\n    annotations:\n      foo: bar\n    labels:\n      baz: egg\n\n  project: aiven-project-name\n  cloudName: google-europe-west1\n  plan: startup-4\n\n  maintenanceWindowDow: sunday\n  maintenanceWindowTime: 11:00:00\n\n  userConfig:\n    migrate_sstableloader: true\n    public_access:\n      prometheus: true\n    ip_filter:\n      - network: 0.0.0.0\n        description: whatever\n      - network: 10.20.0.0/16\n</code></pre>"},{"location":"api-reference/cassandra.html#Cassandra","title":"Cassandra","text":"<p>Cassandra is the Schema for the cassandras API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>Cassandra</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). CassandraSpec defines the desired state of Cassandra. See below for nested schema.</li> </ul>"},{"location":"api-reference/cassandra.html#spec","title":"spec","text":"<p>Appears on <code>Cassandra</code>.</p> <p>CassandraSpec defines the desired state of Cassandra.</p> <p>Required</p> <ul> <li><code>plan</code> (string, MaxLength: 128). Subscription plan.</li> <li><code>project</code> (string, Immutable, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Target project.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>cloudName</code> (string, MaxLength: 256). Cloud the service runs in.</li> <li><code>connInfoSecretTarget</code> (object). Information regarding secret creation. Exposed keys: <code>CASSANDRA_HOST</code>, <code>CASSANDRA_PORT</code>, <code>CASSANDRA_USER</code>, <code>CASSANDRA_PASSWORD</code>, <code>CASSANDRA_URI</code>, <code>CASSANDRA_HOSTS</code>. See below for nested schema.</li> <li><code>disk_space</code> (string, Format: <code>^[1-9][0-9]*(GiB|G)*</code>). The disk space of the service, possible values depend on the service type, the cloud provider and the project. Reducing will result in the service re-balancing.</li> <li><code>maintenanceWindowDow</code> (string, Enum: <code>monday</code>, <code>tuesday</code>, <code>wednesday</code>, <code>thursday</code>, <code>friday</code>, <code>saturday</code>, <code>sunday</code>). Day of week when maintenance operations should be performed. One monday, tuesday, wednesday, etc.</li> <li><code>maintenanceWindowTime</code> (string, MaxLength: 8). Time of day when maintenance operations should be performed. UTC time in HH:mm:ss format.</li> <li><code>projectVPCRef</code> (object). ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically. See below for nested schema.</li> <li><code>projectVpcId</code> (string, MaxLength: 36). Identifier of the VPC the service should be in, if any.</li> <li><code>serviceIntegrations</code> (array of objects, Immutable, MaxItems: 1). Service integrations to specify when creating a service. Not applied after initial service creation. See below for nested schema.</li> <li><code>tags</code> (object, AdditionalProperties: string). Tags are key-value pairs that allow you to categorize services.</li> <li><code>terminationProtection</code> (boolean). Prevent service from being deleted. It is recommended to have this enabled for all services.</li> <li><code>userConfig</code> (object). Cassandra specific user configuration options. See below for nested schema.</li> </ul>"},{"location":"api-reference/cassandra.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/cassandra.html#spec.connInfoSecretTarget","title":"connInfoSecretTarget","text":"<p>Appears on <code>spec</code>.</p> <p>Information regarding secret creation. Exposed keys: <code>CASSANDRA_HOST</code>, <code>CASSANDRA_PORT</code>, <code>CASSANDRA_USER</code>, <code>CASSANDRA_PASSWORD</code>, <code>CASSANDRA_URI</code>, <code>CASSANDRA_HOSTS</code>.</p> <p>Required</p> <ul> <li><code>name</code> (string). Name of the secret resource to be created. By default, is equal to the resource name.</li> </ul> <p>Optional</p> <ul> <li><code>annotations</code> (object, AdditionalProperties: string). Annotations added to the secret.</li> <li><code>labels</code> (object, AdditionalProperties: string). Labels added to the secret.</li> <li><code>prefix</code> (string). Prefix for the secret's keys. Added \"as is\" without any transformations. By default, is equal to the kind name in uppercase + underscore, e.g. <code>KAFKA_</code>, <code>REDIS_</code>, etc.</li> </ul>"},{"location":"api-reference/cassandra.html#spec.projectVPCRef","title":"projectVPCRef","text":"<p>Appears on <code>spec</code>.</p> <p>ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically.</p> <p>Required</p> <ul> <li><code>name</code> (string, MinLength: 1). </li> </ul> <p>Optional</p> <ul> <li><code>namespace</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/cassandra.html#spec.serviceIntegrations","title":"serviceIntegrations","text":"<p>Appears on <code>spec</code>.</p> <p>Service integrations to specify when creating a service. Not applied after initial service creation.</p> <p>Required</p> <ul> <li><code>integrationType</code> (string, Enum: <code>read_replica</code>). </li> <li><code>sourceServiceName</code> (string, MinLength: 1, MaxLength: 64). </li> </ul>"},{"location":"api-reference/cassandra.html#spec.userConfig","title":"userConfig","text":"<p>Appears on <code>spec</code>.</p> <p>Cassandra specific user configuration options.</p> <p>Optional</p> <ul> <li><code>additional_backup_regions</code> (array of strings, MaxItems: 1). Deprecated. Additional Cloud Regions for Backup Replication.</li> <li><code>backup_hour</code> (integer, Minimum: 0, Maximum: 23). The hour of day (in UTC) when backup for the service is started. New backup is only started if previous backup has already completed.</li> <li><code>backup_minute</code> (integer, Minimum: 0, Maximum: 59). The minute of an hour when backup for the service is started. New backup is only started if previous backup has already completed.</li> <li><code>cassandra</code> (object). cassandra configuration values. See below for nested schema.</li> <li><code>cassandra_version</code> (string, Enum: <code>4</code>, <code>3</code>). Cassandra major version.</li> <li><code>ip_filter</code> (array of objects, MaxItems: 1024). Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>. See below for nested schema.</li> <li><code>migrate_sstableloader</code> (boolean). Sets the service into migration mode enabling the sstableloader utility to be used to upload Cassandra data files. Available only on service create.</li> <li><code>private_access</code> (object). Allow access to selected service ports from private networks. See below for nested schema.</li> <li><code>project_to_fork_from</code> (string, Immutable, MaxLength: 63). Name of another project to fork a service from. This has effect only when a new service is being created.</li> <li><code>public_access</code> (object). Allow access to selected service ports from the public Internet. See below for nested schema.</li> <li><code>service_to_fork_from</code> (string, Immutable, MaxLength: 64). Name of another service to fork from. This has effect only when a new service is being created.</li> <li><code>service_to_join_with</code> (string, MaxLength: 64). When bootstrapping, instead of creating a new Cassandra cluster try to join an existing one from another service. Can only be set on service creation.</li> <li><code>static_ips</code> (boolean). Use static public IP addresses.</li> </ul>"},{"location":"api-reference/cassandra.html#spec.userConfig.cassandra","title":"cassandra","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>cassandra configuration values.</p> <p>Optional</p> <ul> <li><code>batch_size_fail_threshold_in_kb</code> (integer, Minimum: 1, Maximum: 1000000). Fail any multiple-partition batch exceeding this value. 50kb (10x warn threshold) by default.</li> <li><code>batch_size_warn_threshold_in_kb</code> (integer, Minimum: 1, Maximum: 1000000). Log a warning message on any multiple-partition batch size exceeding this value.5kb per batch by default.Caution should be taken on increasing the size of this thresholdas it can lead to node instability.</li> <li><code>datacenter</code> (string, MaxLength: 128). Name of the datacenter to which nodes of this service belong. Can be set only when creating the service.</li> </ul>"},{"location":"api-reference/cassandra.html#spec.userConfig.ip_filter","title":"ip_filter","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>.</p> <p>Required</p> <ul> <li><code>network</code> (string, MaxLength: 43). CIDR address block.</li> </ul> <p>Optional</p> <ul> <li><code>description</code> (string, MaxLength: 1024). Description for IP filter list entry.</li> </ul>"},{"location":"api-reference/cassandra.html#spec.userConfig.private_access","title":"private_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from private networks.</p> <p>Required</p> <ul> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> </ul>"},{"location":"api-reference/cassandra.html#spec.userConfig.public_access","title":"public_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from the public Internet.</p> <p>Required</p> <ul> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus from the public internet for service nodes that are in a project VPC or another type of private network.</li> </ul>"},{"location":"api-reference/clickhouse.html","title":"Clickhouse","text":""},{"location":"api-reference/clickhouse.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: Clickhouse\nmetadata:\n  name: my-clickhouse\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: clickhouse-secret\n    prefix: MY_SECRET_PREFIX_\n    annotations:\n      foo: bar\n    labels:\n      baz: egg\n\n  project: my-aiven-project\n  cloudName: google-europe-west1\n  plan: startup-16\n\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n</code></pre>"},{"location":"api-reference/clickhouse.html#Clickhouse","title":"Clickhouse","text":"<p>Clickhouse is the Schema for the clickhouses API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>Clickhouse</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). ClickhouseSpec defines the desired state of Clickhouse. See below for nested schema.</li> </ul>"},{"location":"api-reference/clickhouse.html#spec","title":"spec","text":"<p>Appears on <code>Clickhouse</code>.</p> <p>ClickhouseSpec defines the desired state of Clickhouse.</p> <p>Required</p> <ul> <li><code>plan</code> (string, MaxLength: 128). Subscription plan.</li> <li><code>project</code> (string, Immutable, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Target project.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>cloudName</code> (string, MaxLength: 256). Cloud the service runs in.</li> <li><code>connInfoSecretTarget</code> (object). Information regarding secret creation. Exposed keys: <code>CLICKHOUSE_HOST</code>, <code>CLICKHOUSE_PORT</code>, <code>CLICKHOUSE_USER</code>, <code>CLICKHOUSE_PASSWORD</code>. See below for nested schema.</li> <li><code>disk_space</code> (string, Format: <code>^[1-9][0-9]*(GiB|G)*</code>). The disk space of the service, possible values depend on the service type, the cloud provider and the project. Reducing will result in the service re-balancing.</li> <li><code>maintenanceWindowDow</code> (string, Enum: <code>monday</code>, <code>tuesday</code>, <code>wednesday</code>, <code>thursday</code>, <code>friday</code>, <code>saturday</code>, <code>sunday</code>). Day of week when maintenance operations should be performed. One monday, tuesday, wednesday, etc.</li> <li><code>maintenanceWindowTime</code> (string, MaxLength: 8). Time of day when maintenance operations should be performed. UTC time in HH:mm:ss format.</li> <li><code>projectVPCRef</code> (object). ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically. See below for nested schema.</li> <li><code>projectVpcId</code> (string, MaxLength: 36). Identifier of the VPC the service should be in, if any.</li> <li><code>serviceIntegrations</code> (array of objects, Immutable, MaxItems: 1). Service integrations to specify when creating a service. Not applied after initial service creation. See below for nested schema.</li> <li><code>tags</code> (object, AdditionalProperties: string). Tags are key-value pairs that allow you to categorize services.</li> <li><code>terminationProtection</code> (boolean). Prevent service from being deleted. It is recommended to have this enabled for all services.</li> <li><code>userConfig</code> (object). OpenSearch specific user configuration options. See below for nested schema.</li> </ul>"},{"location":"api-reference/clickhouse.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/clickhouse.html#spec.connInfoSecretTarget","title":"connInfoSecretTarget","text":"<p>Appears on <code>spec</code>.</p> <p>Information regarding secret creation. Exposed keys: <code>CLICKHOUSE_HOST</code>, <code>CLICKHOUSE_PORT</code>, <code>CLICKHOUSE_USER</code>, <code>CLICKHOUSE_PASSWORD</code>.</p> <p>Required</p> <ul> <li><code>name</code> (string). Name of the secret resource to be created. By default, is equal to the resource name.</li> </ul> <p>Optional</p> <ul> <li><code>annotations</code> (object, AdditionalProperties: string). Annotations added to the secret.</li> <li><code>labels</code> (object, AdditionalProperties: string). Labels added to the secret.</li> <li><code>prefix</code> (string). Prefix for the secret's keys. Added \"as is\" without any transformations. By default, is equal to the kind name in uppercase + underscore, e.g. <code>KAFKA_</code>, <code>REDIS_</code>, etc.</li> </ul>"},{"location":"api-reference/clickhouse.html#spec.projectVPCRef","title":"projectVPCRef","text":"<p>Appears on <code>spec</code>.</p> <p>ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically.</p> <p>Required</p> <ul> <li><code>name</code> (string, MinLength: 1). </li> </ul> <p>Optional</p> <ul> <li><code>namespace</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/clickhouse.html#spec.serviceIntegrations","title":"serviceIntegrations","text":"<p>Appears on <code>spec</code>.</p> <p>Service integrations to specify when creating a service. Not applied after initial service creation.</p> <p>Required</p> <ul> <li><code>integrationType</code> (string, Enum: <code>read_replica</code>). </li> <li><code>sourceServiceName</code> (string, MinLength: 1, MaxLength: 64). </li> </ul>"},{"location":"api-reference/clickhouse.html#spec.userConfig","title":"userConfig","text":"<p>Appears on <code>spec</code>.</p> <p>OpenSearch specific user configuration options.</p> <p>Optional</p> <ul> <li><code>additional_backup_regions</code> (array of strings, MaxItems: 1). Additional Cloud Regions for Backup Replication.</li> <li><code>ip_filter</code> (array of objects, MaxItems: 1024). Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>. See below for nested schema.</li> <li><code>private_access</code> (object). Allow access to selected service ports from private networks. See below for nested schema.</li> <li><code>privatelink_access</code> (object). Allow access to selected service components through Privatelink. See below for nested schema.</li> <li><code>project_to_fork_from</code> (string, Immutable, MaxLength: 63). Name of another project to fork a service from. This has effect only when a new service is being created.</li> <li><code>public_access</code> (object). Allow access to selected service ports from the public Internet. See below for nested schema.</li> <li><code>service_to_fork_from</code> (string, Immutable, MaxLength: 64). Name of another service to fork from. This has effect only when a new service is being created.</li> <li><code>static_ips</code> (boolean). Use static public IP addresses.</li> </ul>"},{"location":"api-reference/clickhouse.html#spec.userConfig.ip_filter","title":"ip_filter","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>.</p> <p>Required</p> <ul> <li><code>network</code> (string, MaxLength: 43). CIDR address block.</li> </ul> <p>Optional</p> <ul> <li><code>description</code> (string, MaxLength: 1024). Description for IP filter list entry.</li> </ul>"},{"location":"api-reference/clickhouse.html#spec.userConfig.private_access","title":"private_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from private networks.</p> <p>Optional</p> <ul> <li><code>clickhouse</code> (boolean). Allow clients to connect to clickhouse with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> <li><code>clickhouse_https</code> (boolean). Allow clients to connect to clickhouse_https with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> <li><code>clickhouse_mysql</code> (boolean). Allow clients to connect to clickhouse_mysql with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> </ul>"},{"location":"api-reference/clickhouse.html#spec.userConfig.privatelink_access","title":"privatelink_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service components through Privatelink.</p> <p>Optional</p> <ul> <li><code>clickhouse</code> (boolean). Enable clickhouse.</li> <li><code>clickhouse_https</code> (boolean). Enable clickhouse_https.</li> <li><code>clickhouse_mysql</code> (boolean). Enable clickhouse_mysql.</li> <li><code>prometheus</code> (boolean). Enable prometheus.</li> </ul>"},{"location":"api-reference/clickhouse.html#spec.userConfig.public_access","title":"public_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from the public Internet.</p> <p>Optional</p> <ul> <li><code>clickhouse</code> (boolean). Allow clients to connect to clickhouse from the public internet for service nodes that are in a project VPC or another type of private network.</li> <li><code>clickhouse_https</code> (boolean). Allow clients to connect to clickhouse_https from the public internet for service nodes that are in a project VPC or another type of private network.</li> <li><code>clickhouse_mysql</code> (boolean). Allow clients to connect to clickhouse_mysql from the public internet for service nodes that are in a project VPC or another type of private network.</li> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus from the public internet for service nodes that are in a project VPC or another type of private network.</li> </ul>"},{"location":"api-reference/clickhouseuser.html","title":"ClickhouseUser","text":""},{"location":"api-reference/clickhouseuser.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: ClickhouseUser\nmetadata:\n  name: my-clickhouse-user\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: clickhouse-user-secret\n    prefix: MY_SECRET_PREFIX_\n    annotations:\n      foo: bar\n    labels:\n      baz: egg\n\n  project: my-aiven-project\n  serviceName: my-clickhouse\n</code></pre>"},{"location":"api-reference/clickhouseuser.html#ClickhouseUser","title":"ClickhouseUser","text":"<p>ClickhouseUser is the Schema for the clickhouseusers API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>ClickhouseUser</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). ClickhouseUserSpec defines the desired state of ClickhouseUser. See below for nested schema.</li> </ul>"},{"location":"api-reference/clickhouseuser.html#spec","title":"spec","text":"<p>Appears on <code>ClickhouseUser</code>.</p> <p>ClickhouseUserSpec defines the desired state of ClickhouseUser.</p> <p>Required</p> <ul> <li><code>project</code> (string, Immutable, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Project to link the user to.</li> <li><code>serviceName</code> (string, Immutable, MaxLength: 63). Service to link the user to.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>connInfoSecretTarget</code> (object). Information regarding secret creation. Exposed keys: <code>CLICKHOUSEUSER_HOST</code>, <code>CLICKHOUSEUSER_PORT</code>, <code>CLICKHOUSEUSER_USER</code>, <code>CLICKHOUSEUSER_PASSWORD</code>. See below for nested schema.</li> </ul>"},{"location":"api-reference/clickhouseuser.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/clickhouseuser.html#spec.connInfoSecretTarget","title":"connInfoSecretTarget","text":"<p>Appears on <code>spec</code>.</p> <p>Information regarding secret creation. Exposed keys: <code>CLICKHOUSEUSER_HOST</code>, <code>CLICKHOUSEUSER_PORT</code>, <code>CLICKHOUSEUSER_USER</code>, <code>CLICKHOUSEUSER_PASSWORD</code>.</p> <p>Required</p> <ul> <li><code>name</code> (string). Name of the secret resource to be created. By default, is equal to the resource name.</li> </ul> <p>Optional</p> <ul> <li><code>annotations</code> (object, AdditionalProperties: string). Annotations added to the secret.</li> <li><code>labels</code> (object, AdditionalProperties: string). Labels added to the secret.</li> <li><code>prefix</code> (string). Prefix for the secret's keys. Added \"as is\" without any transformations. By default, is equal to the kind name in uppercase + underscore, e.g. <code>KAFKA_</code>, <code>REDIS_</code>, etc.</li> </ul>"},{"location":"api-reference/connectionpool.html","title":"ConnectionPool","text":""},{"location":"api-reference/connectionpool.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: ConnectionPool\nmetadata:\n  name: my-connection-pool\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: connection-pool-secret\n    prefix: MY_SECRET_PREFIX_\n    annotations:\n      foo: bar\n    labels:\n      baz: egg\n\n  project: aiven-project-name\n  serviceName: google-europe-west1\n  databaseName: my-db\n  username: my-user\n  poolMode: transaction\n  poolSize: 25\n</code></pre>"},{"location":"api-reference/connectionpool.html#ConnectionPool","title":"ConnectionPool","text":"<p>ConnectionPool is the Schema for the connectionpools API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>ConnectionPool</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). ConnectionPoolSpec defines the desired state of ConnectionPool. See below for nested schema.</li> </ul>"},{"location":"api-reference/connectionpool.html#spec","title":"spec","text":"<p>Appears on <code>ConnectionPool</code>.</p> <p>ConnectionPoolSpec defines the desired state of ConnectionPool.</p> <p>Required</p> <ul> <li><code>databaseName</code> (string, MaxLength: 40). Name of the database the pool connects to.</li> <li><code>project</code> (string, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Target project.</li> <li><code>serviceName</code> (string, MaxLength: 63). Service name.</li> <li><code>username</code> (string, MaxLength: 64). Name of the service user used to connect to the database.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>connInfoSecretTarget</code> (object). Information regarding secret creation. Exposed keys: <code>CONNECTIONPOOL_HOST</code>, <code>CONNECTIONPOOL_PORT</code>, <code>CONNECTIONPOOL_DATABASE</code>, <code>CONNECTIONPOOL_USER</code>, <code>CONNECTIONPOOL_PASSWORD</code>, <code>CONNECTIONPOOL_SSLMODE</code>, <code>CONNECTIONPOOL_DATABASE_URI</code>. See below for nested schema.</li> <li><code>poolMode</code> (string, Enum: <code>session</code>, <code>transaction</code>, <code>statement</code>). Mode the pool operates in (session, transaction, statement).</li> <li><code>poolSize</code> (integer). Number of connections the pool may create towards the backend server.</li> </ul>"},{"location":"api-reference/connectionpool.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/connectionpool.html#spec.connInfoSecretTarget","title":"connInfoSecretTarget","text":"<p>Appears on <code>spec</code>.</p> <p>Information regarding secret creation. Exposed keys: <code>CONNECTIONPOOL_HOST</code>, <code>CONNECTIONPOOL_PORT</code>, <code>CONNECTIONPOOL_DATABASE</code>, <code>CONNECTIONPOOL_USER</code>, <code>CONNECTIONPOOL_PASSWORD</code>, <code>CONNECTIONPOOL_SSLMODE</code>, <code>CONNECTIONPOOL_DATABASE_URI</code>.</p> <p>Required</p> <ul> <li><code>name</code> (string). Name of the secret resource to be created. By default, is equal to the resource name.</li> </ul> <p>Optional</p> <ul> <li><code>annotations</code> (object, AdditionalProperties: string). Annotations added to the secret.</li> <li><code>labels</code> (object, AdditionalProperties: string). Labels added to the secret.</li> <li><code>prefix</code> (string). Prefix for the secret's keys. Added \"as is\" without any transformations. By default, is equal to the kind name in uppercase + underscore, e.g. <code>KAFKA_</code>, <code>REDIS_</code>, etc.</li> </ul>"},{"location":"api-reference/database.html","title":"Database","text":""},{"location":"api-reference/database.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: Database\nmetadata:\n  name: my-db\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: aiven-project-name\n  serviceName: google-europe-west1\n\n  lcCtype: en_US.UTF-8\n  lcCollate: en_US.UTF-8\n</code></pre>"},{"location":"api-reference/database.html#Database","title":"Database","text":"<p>Database is the Schema for the databases API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>Database</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). DatabaseSpec defines the desired state of Database. See below for nested schema.</li> </ul>"},{"location":"api-reference/database.html#spec","title":"spec","text":"<p>Appears on <code>Database</code>.</p> <p>DatabaseSpec defines the desired state of Database.</p> <p>Required</p> <ul> <li><code>project</code> (string, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Project to link the database to.</li> <li><code>serviceName</code> (string, MaxLength: 63). PostgreSQL service to link the database to.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>lcCollate</code> (string, MaxLength: 128). Default string sort order (LC_COLLATE) of the database. Default value: en_US.UTF-8.</li> <li><code>lcCtype</code> (string, MaxLength: 128). Default character classification (LC_CTYPE) of the database. Default value: en_US.UTF-8.</li> <li><code>terminationProtection</code> (boolean). It is a Kubernetes side deletion protections, which prevents the database from being deleted by Kubernetes. It is recommended to enable this for any production databases containing critical data.</li> </ul>"},{"location":"api-reference/database.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/grafana.html","title":"Grafana","text":""},{"location":"api-reference/grafana.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: Grafana\nmetadata:\n  name: my-grafana\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: grafana-secret\n    prefix: MY_SECRET_PREFIX_\n    annotations:\n      foo: bar\n    labels:\n      baz: egg\n\n  project: my-aiven-project\n  cloudName: google-europe-west1\n  plan: startup-1\n\n  maintenanceWindowDow: sunday\n  maintenanceWindowTime: 11:00:00\n\n  userConfig:\n    public_access:\n      grafana: true\n    ip_filter:\n      - network: 0.0.0.0\n        description: whatever\n      - network: 10.20.0.0/16\n</code></pre>"},{"location":"api-reference/grafana.html#Grafana","title":"Grafana","text":"<p>Grafana is the Schema for the grafanas API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>Grafana</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). GrafanaSpec defines the desired state of Grafana. See below for nested schema.</li> </ul>"},{"location":"api-reference/grafana.html#spec","title":"spec","text":"<p>Appears on <code>Grafana</code>.</p> <p>GrafanaSpec defines the desired state of Grafana.</p> <p>Required</p> <ul> <li><code>plan</code> (string, MaxLength: 128). Subscription plan.</li> <li><code>project</code> (string, Immutable, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Target project.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>cloudName</code> (string, MaxLength: 256). Cloud the service runs in.</li> <li><code>connInfoSecretTarget</code> (object). Information regarding secret creation. Exposed keys: <code>GRAFANA_HOST</code>, <code>GRAFANA_PORT</code>, <code>GRAFANA_USER</code>, <code>GRAFANA_PASSWORD</code>, <code>GRAFANA_URI</code>, <code>GRAFANA_HOSTS</code>. See below for nested schema.</li> <li><code>disk_space</code> (string, Format: <code>^[1-9][0-9]*(GiB|G)*</code>). The disk space of the service, possible values depend on the service type, the cloud provider and the project. Reducing will result in the service re-balancing.</li> <li><code>maintenanceWindowDow</code> (string, Enum: <code>monday</code>, <code>tuesday</code>, <code>wednesday</code>, <code>thursday</code>, <code>friday</code>, <code>saturday</code>, <code>sunday</code>). Day of week when maintenance operations should be performed. One monday, tuesday, wednesday, etc.</li> <li><code>maintenanceWindowTime</code> (string, MaxLength: 8). Time of day when maintenance operations should be performed. UTC time in HH:mm:ss format.</li> <li><code>projectVPCRef</code> (object). ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically. See below for nested schema.</li> <li><code>projectVpcId</code> (string, MaxLength: 36). Identifier of the VPC the service should be in, if any.</li> <li><code>serviceIntegrations</code> (array of objects, Immutable, MaxItems: 1). Service integrations to specify when creating a service. Not applied after initial service creation. See below for nested schema.</li> <li><code>tags</code> (object, AdditionalProperties: string). Tags are key-value pairs that allow you to categorize services.</li> <li><code>terminationProtection</code> (boolean). Prevent service from being deleted. It is recommended to have this enabled for all services.</li> <li><code>userConfig</code> (object). Cassandra specific user configuration options. See below for nested schema.</li> </ul>"},{"location":"api-reference/grafana.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/grafana.html#spec.connInfoSecretTarget","title":"connInfoSecretTarget","text":"<p>Appears on <code>spec</code>.</p> <p>Information regarding secret creation. Exposed keys: <code>GRAFANA_HOST</code>, <code>GRAFANA_PORT</code>, <code>GRAFANA_USER</code>, <code>GRAFANA_PASSWORD</code>, <code>GRAFANA_URI</code>, <code>GRAFANA_HOSTS</code>.</p> <p>Required</p> <ul> <li><code>name</code> (string). Name of the secret resource to be created. By default, is equal to the resource name.</li> </ul> <p>Optional</p> <ul> <li><code>annotations</code> (object, AdditionalProperties: string). Annotations added to the secret.</li> <li><code>labels</code> (object, AdditionalProperties: string). Labels added to the secret.</li> <li><code>prefix</code> (string). Prefix for the secret's keys. Added \"as is\" without any transformations. By default, is equal to the kind name in uppercase + underscore, e.g. <code>KAFKA_</code>, <code>REDIS_</code>, etc.</li> </ul>"},{"location":"api-reference/grafana.html#spec.projectVPCRef","title":"projectVPCRef","text":"<p>Appears on <code>spec</code>.</p> <p>ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically.</p> <p>Required</p> <ul> <li><code>name</code> (string, MinLength: 1). </li> </ul> <p>Optional</p> <ul> <li><code>namespace</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/grafana.html#spec.serviceIntegrations","title":"serviceIntegrations","text":"<p>Appears on <code>spec</code>.</p> <p>Service integrations to specify when creating a service. Not applied after initial service creation.</p> <p>Required</p> <ul> <li><code>integrationType</code> (string, Enum: <code>read_replica</code>). </li> <li><code>sourceServiceName</code> (string, MinLength: 1, MaxLength: 64). </li> </ul>"},{"location":"api-reference/grafana.html#spec.userConfig","title":"userConfig","text":"<p>Appears on <code>spec</code>.</p> <p>Cassandra specific user configuration options.</p> <p>Optional</p> <ul> <li><code>additional_backup_regions</code> (array of strings, MaxItems: 1). Additional Cloud Regions for Backup Replication.</li> <li><code>alerting_enabled</code> (boolean). Enable or disable Grafana legacy alerting functionality. This should not be enabled with unified_alerting_enabled.</li> <li><code>alerting_error_or_timeout</code> (string, Enum: <code>alerting</code>, <code>keep_state</code>). Default error or timeout setting for new alerting rules.</li> <li><code>alerting_max_annotations_to_keep</code> (integer, Minimum: 0, Maximum: 1000000). Max number of alert annotations that Grafana stores. 0 (default) keeps all alert annotations.</li> <li><code>alerting_nodata_or_nullvalues</code> (string, Enum: <code>alerting</code>, <code>no_data</code>, <code>keep_state</code>, <code>ok</code>). Default value for 'no data or null values' for new alerting rules.</li> <li><code>allow_embedding</code> (boolean). Allow embedding Grafana dashboards with iframe/frame/object/embed tags. Disabled by default to limit impact of clickjacking.</li> <li><code>auth_azuread</code> (object). Azure AD OAuth integration. See below for nested schema.</li> <li><code>auth_basic_enabled</code> (boolean). Enable or disable basic authentication form, used by Grafana built-in login.</li> <li><code>auth_generic_oauth</code> (object). Generic OAuth integration. See below for nested schema.</li> <li><code>auth_github</code> (object). Github Auth integration. See below for nested schema.</li> <li><code>auth_gitlab</code> (object). GitLab Auth integration. See below for nested schema.</li> <li><code>auth_google</code> (object). Google Auth integration. See below for nested schema.</li> <li><code>cookie_samesite</code> (string, Enum: <code>lax</code>, <code>strict</code>, <code>none</code>). Cookie SameSite attribute: <code>strict</code> prevents sending cookie for cross-site requests, effectively disabling direct linking from other sites to Grafana. <code>lax</code> is the default value.</li> <li><code>custom_domain</code> (string, MaxLength: 255). Serve the web frontend using a custom CNAME pointing to the Aiven DNS name.</li> <li><code>dashboard_previews_enabled</code> (boolean). This feature is new in Grafana 9 and is quite resource intensive. It may cause low-end plans to work more slowly while the dashboard previews are rendering.</li> <li><code>dashboards_min_refresh_interval</code> (string, Pattern: <code>^[0-9]+(ms|s|m|h|d)$</code>, MaxLength: 16). Signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s, 1h.</li> <li><code>dashboards_versions_to_keep</code> (integer, Minimum: 1, Maximum: 100). Dashboard versions to keep per dashboard.</li> <li><code>dataproxy_send_user_header</code> (boolean). Send <code>X-Grafana-User</code> header to data source.</li> <li><code>dataproxy_timeout</code> (integer, Minimum: 15, Maximum: 90). Timeout for data proxy requests in seconds.</li> <li><code>date_formats</code> (object). Grafana date format specifications. See below for nested schema.</li> <li><code>disable_gravatar</code> (boolean). Set to true to disable gravatar. Defaults to false (gravatar is enabled).</li> <li><code>editors_can_admin</code> (boolean). Editors can manage folders, teams and dashboards created by them.</li> <li><code>external_image_storage</code> (object). External image store settings. See below for nested schema.</li> <li><code>google_analytics_ua_id</code> (string, Pattern: <code>^(G|UA|YT|MO)-[a-zA-Z0-9-]+$</code>, MaxLength: 64). Google Analytics ID.</li> <li><code>ip_filter</code> (array of objects, MaxItems: 1024). Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>. See below for nested schema.</li> <li><code>metrics_enabled</code> (boolean). Enable Grafana /metrics endpoint.</li> <li><code>oauth_allow_insecure_email_lookup</code> (boolean). Enforce user lookup based on email instead of the unique ID provided by the IdP.</li> <li><code>private_access</code> (object). Allow access to selected service ports from private networks. See below for nested schema.</li> <li><code>privatelink_access</code> (object). Allow access to selected service components through Privatelink. See below for nested schema.</li> <li><code>project_to_fork_from</code> (string, Immutable, MaxLength: 63). Name of another project to fork a service from. This has effect only when a new service is being created.</li> <li><code>public_access</code> (object). Allow access to selected service ports from the public Internet. See below for nested schema.</li> <li><code>recovery_basebackup_name</code> (string, Pattern: <code>^[a-zA-Z0-9-_:.]+$</code>, MaxLength: 128). Name of the basebackup to restore in forked service.</li> <li><code>service_to_fork_from</code> (string, Immutable, MaxLength: 64). Name of another service to fork from. This has effect only when a new service is being created.</li> <li><code>smtp_server</code> (object). SMTP server settings. See below for nested schema.</li> <li><code>static_ips</code> (boolean). Use static public IP addresses.</li> <li><code>unified_alerting_enabled</code> (boolean). Enable or disable Grafana unified alerting functionality. By default this is enabled and any legacy alerts will be migrated on upgrade to Grafana 9+. To stay on legacy alerting, set unified_alerting_enabled to false and alerting_enabled to true. See https://grafana.com/docs/grafana/latest/alerting/set-up/migrating-alerts/ for more details.</li> <li><code>user_auto_assign_org</code> (boolean). Auto-assign new users on signup to main organization. Defaults to false.</li> <li><code>user_auto_assign_org_role</code> (string, Enum: <code>Viewer</code>, <code>Admin</code>, <code>Editor</code>). Set role for new signups. Defaults to Viewer.</li> <li><code>viewers_can_edit</code> (boolean). Users with view-only permission can edit but not save dashboards.</li> </ul>"},{"location":"api-reference/grafana.html#spec.userConfig.auth_azuread","title":"auth_azuread","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Azure AD OAuth integration.</p> <p>Required</p> <ul> <li><code>auth_url</code> (string, MaxLength: 2048). Authorization URL.</li> <li><code>client_id</code> (string, Pattern: <code>^[\\040-\\176]+$</code>, MaxLength: 1024). Client ID from provider.</li> <li><code>client_secret</code> (string, Pattern: <code>^[\\040-\\176]+$</code>, MaxLength: 1024). Client secret from provider.</li> <li><code>token_url</code> (string, MaxLength: 2048). Token URL.</li> </ul> <p>Optional</p> <ul> <li><code>allow_sign_up</code> (boolean). Automatically sign-up users on successful sign-in.</li> <li><code>allowed_domains</code> (array of strings, MaxItems: 50). Allowed domains.</li> <li><code>allowed_groups</code> (array of strings, MaxItems: 50). Require users to belong to one of given groups.</li> </ul>"},{"location":"api-reference/grafana.html#spec.userConfig.auth_generic_oauth","title":"auth_generic_oauth","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Generic OAuth integration.</p> <p>Required</p> <ul> <li><code>api_url</code> (string, MaxLength: 2048). API URL.</li> <li><code>auth_url</code> (string, MaxLength: 2048). Authorization URL.</li> <li><code>client_id</code> (string, Pattern: <code>^[\\040-\\176]+$</code>, MaxLength: 1024). Client ID from provider.</li> <li><code>client_secret</code> (string, Pattern: <code>^[\\040-\\176]+$</code>, MaxLength: 1024). Client secret from provider.</li> <li><code>token_url</code> (string, MaxLength: 2048). Token URL.</li> </ul> <p>Optional</p> <ul> <li><code>allow_sign_up</code> (boolean). Automatically sign-up users on successful sign-in.</li> <li><code>allowed_domains</code> (array of strings, MaxItems: 50). Allowed domains.</li> <li><code>allowed_organizations</code> (array of strings, MaxItems: 50). Require user to be member of one of the listed organizations.</li> <li><code>auto_login</code> (boolean). Allow users to bypass the login screen and automatically log in.</li> <li><code>name</code> (string, Pattern: <code>^[a-zA-Z0-9_\\- ]+$</code>, MaxLength: 128). Name of the OAuth integration.</li> <li><code>scopes</code> (array of strings, MaxItems: 50). OAuth scopes.</li> </ul>"},{"location":"api-reference/grafana.html#spec.userConfig.auth_github","title":"auth_github","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Github Auth integration.</p> <p>Required</p> <ul> <li><code>client_id</code> (string, Pattern: <code>^[\\040-\\176]+$</code>, MaxLength: 1024). Client ID from provider.</li> <li><code>client_secret</code> (string, Pattern: <code>^[\\040-\\176]+$</code>, MaxLength: 1024). Client secret from provider.</li> </ul> <p>Optional</p> <ul> <li><code>allow_sign_up</code> (boolean). Automatically sign-up users on successful sign-in.</li> <li><code>allowed_organizations</code> (array of strings, MaxItems: 50). Require users to belong to one of given organizations.</li> <li><code>team_ids</code> (array of integers, MaxItems: 50). Require users to belong to one of given team IDs.</li> </ul>"},{"location":"api-reference/grafana.html#spec.userConfig.auth_gitlab","title":"auth_gitlab","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>GitLab Auth integration.</p> <p>Required</p> <ul> <li><code>allowed_groups</code> (array of strings, MaxItems: 50). Require users to belong to one of given groups.</li> <li><code>client_id</code> (string, Pattern: <code>^[\\040-\\176]+$</code>, MaxLength: 1024). Client ID from provider.</li> <li><code>client_secret</code> (string, Pattern: <code>^[\\040-\\176]+$</code>, MaxLength: 1024). Client secret from provider.</li> </ul> <p>Optional</p> <ul> <li><code>allow_sign_up</code> (boolean). Automatically sign-up users on successful sign-in.</li> <li><code>api_url</code> (string, MaxLength: 2048). API URL. This only needs to be set when using self hosted GitLab.</li> <li><code>auth_url</code> (string, MaxLength: 2048). Authorization URL. This only needs to be set when using self hosted GitLab.</li> <li><code>token_url</code> (string, MaxLength: 2048). Token URL. This only needs to be set when using self hosted GitLab.</li> </ul>"},{"location":"api-reference/grafana.html#spec.userConfig.auth_google","title":"auth_google","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Google Auth integration.</p> <p>Required</p> <ul> <li><code>allowed_domains</code> (array of strings, MaxItems: 64). Domains allowed to sign-in to this Grafana.</li> <li><code>client_id</code> (string, Pattern: <code>^[\\040-\\176]+$</code>, MaxLength: 1024). Client ID from provider.</li> <li><code>client_secret</code> (string, Pattern: <code>^[\\040-\\176]+$</code>, MaxLength: 1024). Client secret from provider.</li> </ul> <p>Optional</p> <ul> <li><code>allow_sign_up</code> (boolean). Automatically sign-up users on successful sign-in.</li> </ul>"},{"location":"api-reference/grafana.html#spec.userConfig.date_formats","title":"date_formats","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Grafana date format specifications.</p> <p>Optional</p> <ul> <li><code>default_timezone</code> (string, MaxLength: 64). Default time zone for user preferences. Value <code>browser</code> uses browser local time zone.</li> <li><code>full_date</code> (string, MaxLength: 128). Moment.js style format string for cases where full date is shown.</li> <li><code>interval_day</code> (string, MaxLength: 128). Moment.js style format string used when a time requiring day accuracy is shown.</li> <li><code>interval_hour</code> (string, MaxLength: 128). Moment.js style format string used when a time requiring hour accuracy is shown.</li> <li><code>interval_minute</code> (string, MaxLength: 128). Moment.js style format string used when a time requiring minute accuracy is shown.</li> <li><code>interval_month</code> (string, MaxLength: 128). Moment.js style format string used when a time requiring month accuracy is shown.</li> <li><code>interval_second</code> (string, MaxLength: 128). Moment.js style format string used when a time requiring second accuracy is shown.</li> <li><code>interval_year</code> (string, MaxLength: 128). Moment.js style format string used when a time requiring year accuracy is shown.</li> </ul>"},{"location":"api-reference/grafana.html#spec.userConfig.external_image_storage","title":"external_image_storage","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>External image store settings.</p> <p>Required</p> <ul> <li><code>access_key</code> (string, Pattern: <code>^[A-Z0-9]+$</code>, MaxLength: 4096). S3 access key. Requires permissions to the S3 bucket for the s3:PutObject and s3:PutObjectAcl actions.</li> <li><code>bucket_url</code> (string, MaxLength: 2048). Bucket URL for S3.</li> <li><code>provider</code> (string, Enum: <code>s3</code>). Provider type.</li> <li><code>secret_key</code> (string, Pattern: <code>^[A-Za-z0-9/+=]+$</code>, MaxLength: 4096). S3 secret key.</li> </ul>"},{"location":"api-reference/grafana.html#spec.userConfig.ip_filter","title":"ip_filter","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>.</p> <p>Required</p> <ul> <li><code>network</code> (string, MaxLength: 43). CIDR address block.</li> </ul> <p>Optional</p> <ul> <li><code>description</code> (string, MaxLength: 1024). Description for IP filter list entry.</li> </ul>"},{"location":"api-reference/grafana.html#spec.userConfig.private_access","title":"private_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from private networks.</p> <p>Required</p> <ul> <li><code>grafana</code> (boolean). Allow clients to connect to grafana with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> </ul>"},{"location":"api-reference/grafana.html#spec.userConfig.privatelink_access","title":"privatelink_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service components through Privatelink.</p> <p>Required</p> <ul> <li><code>grafana</code> (boolean). Enable grafana.</li> </ul>"},{"location":"api-reference/grafana.html#spec.userConfig.public_access","title":"public_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from the public Internet.</p> <p>Required</p> <ul> <li><code>grafana</code> (boolean). Allow clients to connect to grafana from the public internet for service nodes that are in a project VPC or another type of private network.</li> </ul>"},{"location":"api-reference/grafana.html#spec.userConfig.smtp_server","title":"smtp_server","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>SMTP server settings.</p> <p>Required</p> <ul> <li><code>from_address</code> (string, MaxLength: 319). Address used for sending emails.</li> <li><code>host</code> (string, MaxLength: 255). Server hostname or IP.</li> <li><code>port</code> (integer, Minimum: 1, Maximum: 65535). SMTP server port.</li> </ul> <p>Optional</p> <ul> <li><code>from_name</code> (string, Pattern: <code>^[^\\x00-\\x1F]+$</code>, MaxLength: 128). Name used in outgoing emails, defaults to Grafana.</li> <li><code>password</code> (string, Pattern: <code>^[^\\x00-\\x1F]+$</code>, MaxLength: 255). Password for SMTP authentication.</li> <li><code>skip_verify</code> (boolean). Skip verifying server certificate. Defaults to false.</li> <li><code>starttls_policy</code> (string, Enum: <code>OpportunisticStartTLS</code>, <code>MandatoryStartTLS</code>, <code>NoStartTLS</code>). Either OpportunisticStartTLS, MandatoryStartTLS or NoStartTLS. Default is OpportunisticStartTLS.</li> <li><code>username</code> (string, Pattern: <code>^[^\\x00-\\x1F]+$</code>, MaxLength: 255). Username for SMTP authentication.</li> </ul>"},{"location":"api-reference/kafka.html","title":"Kafka","text":""},{"location":"api-reference/kafka.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: Kafka\nmetadata:\n  name: my-kafka\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: kafka-secret\n    prefix: MY_SECRET_PREFIX_\n    annotations:\n      foo: bar\n    labels:\n      baz: egg\n\n  project: my-aiven-project\n  cloudName: google-europe-west1\n  plan: startup-2\n\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n</code></pre>"},{"location":"api-reference/kafka.html#Kafka","title":"Kafka","text":"<p>Kafka is the Schema for the kafkas API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>Kafka</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). KafkaSpec defines the desired state of Kafka. See below for nested schema.</li> </ul>"},{"location":"api-reference/kafka.html#spec","title":"spec","text":"<p>Appears on <code>Kafka</code>.</p> <p>KafkaSpec defines the desired state of Kafka.</p> <p>Required</p> <ul> <li><code>plan</code> (string, MaxLength: 128). Subscription plan.</li> <li><code>project</code> (string, Immutable, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Target project.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>cloudName</code> (string, MaxLength: 256). Cloud the service runs in.</li> <li><code>connInfoSecretTarget</code> (object). Information regarding secret creation. Exposed keys: <code>KAFKA_HOST</code>, <code>KAFKA_PORT</code>, <code>KAFKA_USERNAME</code>, <code>KAFKA_PASSWORD</code>, <code>KAFKA_ACCESS_CERT</code>, <code>KAFKA_ACCESS_KEY</code>, <code>KAFKA_SASL_HOST</code>, <code>KAFKA_SASL_PORT</code>, <code>KAFKA_SCHEMA_REGISTRY_HOST</code>, <code>KAFKA_SCHEMA_REGISTRY_PORT</code>, <code>KAFKA_CONNECT_HOST</code>, <code>KAFKA_CONNECT_PORT</code>, <code>KAFKA_REST_HOST</code>, <code>KAFKA_REST_PORT</code>. See below for nested schema.</li> <li><code>disk_space</code> (string, Format: <code>^[1-9][0-9]*(GiB|G)*</code>). The disk space of the service, possible values depend on the service type, the cloud provider and the project. Reducing will result in the service re-balancing.</li> <li><code>karapace</code> (boolean). Switch the service to use Karapace for schema registry and REST proxy.</li> <li><code>maintenanceWindowDow</code> (string, Enum: <code>monday</code>, <code>tuesday</code>, <code>wednesday</code>, <code>thursday</code>, <code>friday</code>, <code>saturday</code>, <code>sunday</code>). Day of week when maintenance operations should be performed. One monday, tuesday, wednesday, etc.</li> <li><code>maintenanceWindowTime</code> (string, MaxLength: 8). Time of day when maintenance operations should be performed. UTC time in HH:mm:ss format.</li> <li><code>projectVPCRef</code> (object). ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically. See below for nested schema.</li> <li><code>projectVpcId</code> (string, MaxLength: 36). Identifier of the VPC the service should be in, if any.</li> <li><code>serviceIntegrations</code> (array of objects, Immutable, MaxItems: 1). Service integrations to specify when creating a service. Not applied after initial service creation. See below for nested schema.</li> <li><code>tags</code> (object, AdditionalProperties: string). Tags are key-value pairs that allow you to categorize services.</li> <li><code>terminationProtection</code> (boolean). Prevent service from being deleted. It is recommended to have this enabled for all services.</li> <li><code>userConfig</code> (object). Kafka specific user configuration options. See below for nested schema.</li> </ul>"},{"location":"api-reference/kafka.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/kafka.html#spec.connInfoSecretTarget","title":"connInfoSecretTarget","text":"<p>Appears on <code>spec</code>.</p> <p>Information regarding secret creation. Exposed keys: <code>KAFKA_HOST</code>, <code>KAFKA_PORT</code>, <code>KAFKA_USERNAME</code>, <code>KAFKA_PASSWORD</code>, <code>KAFKA_ACCESS_CERT</code>, <code>KAFKA_ACCESS_KEY</code>, <code>KAFKA_SASL_HOST</code>, <code>KAFKA_SASL_PORT</code>, <code>KAFKA_SCHEMA_REGISTRY_HOST</code>, <code>KAFKA_SCHEMA_REGISTRY_PORT</code>, <code>KAFKA_CONNECT_HOST</code>, <code>KAFKA_CONNECT_PORT</code>, <code>KAFKA_REST_HOST</code>, <code>KAFKA_REST_PORT</code>.</p> <p>Required</p> <ul> <li><code>name</code> (string). Name of the secret resource to be created. By default, is equal to the resource name.</li> </ul> <p>Optional</p> <ul> <li><code>annotations</code> (object, AdditionalProperties: string). Annotations added to the secret.</li> <li><code>labels</code> (object, AdditionalProperties: string). Labels added to the secret.</li> <li><code>prefix</code> (string). Prefix for the secret's keys. Added \"as is\" without any transformations. By default, is equal to the kind name in uppercase + underscore, e.g. <code>KAFKA_</code>, <code>REDIS_</code>, etc.</li> </ul>"},{"location":"api-reference/kafka.html#spec.projectVPCRef","title":"projectVPCRef","text":"<p>Appears on <code>spec</code>.</p> <p>ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically.</p> <p>Required</p> <ul> <li><code>name</code> (string, MinLength: 1). </li> </ul> <p>Optional</p> <ul> <li><code>namespace</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/kafka.html#spec.serviceIntegrations","title":"serviceIntegrations","text":"<p>Appears on <code>spec</code>.</p> <p>Service integrations to specify when creating a service. Not applied after initial service creation.</p> <p>Required</p> <ul> <li><code>integrationType</code> (string, Enum: <code>read_replica</code>). </li> <li><code>sourceServiceName</code> (string, MinLength: 1, MaxLength: 64). </li> </ul>"},{"location":"api-reference/kafka.html#spec.userConfig","title":"userConfig","text":"<p>Appears on <code>spec</code>.</p> <p>Kafka specific user configuration options.</p> <p>Optional</p> <ul> <li><code>additional_backup_regions</code> (array of strings, MaxItems: 1). Additional Cloud Regions for Backup Replication.</li> <li><code>aiven_kafka_topic_messages</code> (boolean). Allow access to read Kafka topic messages in the Aiven Console and REST API.</li> <li><code>custom_domain</code> (string, MaxLength: 255). Serve the web frontend using a custom CNAME pointing to the Aiven DNS name.</li> <li><code>ip_filter</code> (array of objects, MaxItems: 1024). Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>. See below for nested schema.</li> <li><code>kafka</code> (object). Kafka broker configuration values. See below for nested schema.</li> <li><code>kafka_authentication_methods</code> (object). Kafka authentication methods. See below for nested schema.</li> <li><code>kafka_connect</code> (boolean). Enable Kafka Connect service.</li> <li><code>kafka_connect_config</code> (object). Kafka Connect configuration values. See below for nested schema.</li> <li><code>kafka_rest</code> (boolean). Enable Kafka-REST service.</li> <li><code>kafka_rest_authorization</code> (boolean). Enable authorization in Kafka-REST service.</li> <li><code>kafka_rest_config</code> (object). Kafka REST configuration. See below for nested schema.</li> <li><code>kafka_version</code> (string, Enum: <code>3.3</code>, <code>3.1</code>, <code>3.4</code>, <code>3.5</code>, <code>3.6</code>). Kafka major version.</li> <li><code>private_access</code> (object). Allow access to selected service ports from private networks. See below for nested schema.</li> <li><code>privatelink_access</code> (object). Allow access to selected service components through Privatelink. See below for nested schema.</li> <li><code>public_access</code> (object). Allow access to selected service ports from the public Internet. See below for nested schema.</li> <li><code>schema_registry</code> (boolean). Enable Schema-Registry service.</li> <li><code>schema_registry_config</code> (object). Schema Registry configuration. See below for nested schema.</li> <li><code>static_ips</code> (boolean). Use static public IP addresses.</li> <li><code>tiered_storage</code> (object). Tiered storage configuration. See below for nested schema.</li> </ul>"},{"location":"api-reference/kafka.html#spec.userConfig.ip_filter","title":"ip_filter","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>.</p> <p>Required</p> <ul> <li><code>network</code> (string, MaxLength: 43). CIDR address block.</li> </ul> <p>Optional</p> <ul> <li><code>description</code> (string, MaxLength: 1024). Description for IP filter list entry.</li> </ul>"},{"location":"api-reference/kafka.html#spec.userConfig.kafka","title":"kafka","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Kafka broker configuration values.</p> <p>Optional</p> <ul> <li><code>auto_create_topics_enable</code> (boolean). Enable auto creation of topics.</li> <li><code>compression_type</code> (string, Enum: <code>gzip</code>, <code>snappy</code>, <code>lz4</code>, <code>zstd</code>, <code>uncompressed</code>, <code>producer</code>). Specify the final compression type for a given topic. This configuration accepts the standard compression codecs (<code>gzip</code>, <code>snappy</code>, <code>lz4</code>, <code>zstd</code>). It additionally accepts <code>uncompressed</code> which is equivalent to no compression; and <code>producer</code> which means retain the original compression codec set by the producer.</li> <li><code>connections_max_idle_ms</code> (integer, Minimum: 1000, Maximum: 3600000). Idle connections timeout: the server socket processor threads close the connections that idle for longer than this.</li> <li><code>default_replication_factor</code> (integer, Minimum: 1, Maximum: 10). Replication factor for autocreated topics.</li> <li><code>group_initial_rebalance_delay_ms</code> (integer, Minimum: 0, Maximum: 300000). The amount of time, in milliseconds, the group coordinator will wait for more consumers to join a new group before performing the first rebalance. A longer delay means potentially fewer rebalances, but increases the time until processing begins. The default value for this is 3 seconds. During development and testing it might be desirable to set this to 0 in order to not delay test execution time.</li> <li><code>group_max_session_timeout_ms</code> (integer, Minimum: 0, Maximum: 1800000). The maximum allowed session timeout for registered consumers. Longer timeouts give consumers more time to process messages in between heartbeats at the cost of a longer time to detect failures.</li> <li><code>group_min_session_timeout_ms</code> (integer, Minimum: 0, Maximum: 60000). The minimum allowed session timeout for registered consumers. Longer timeouts give consumers more time to process messages in between heartbeats at the cost of a longer time to detect failures.</li> <li><code>log_cleaner_delete_retention_ms</code> (integer, Minimum: 0, Maximum: 315569260000). How long are delete records retained?.</li> <li><code>log_cleaner_max_compaction_lag_ms</code> (integer, Minimum: 30000). The maximum amount of time message will remain uncompacted. Only applicable for logs that are being compacted.</li> <li><code>log_cleaner_min_cleanable_ratio</code> (number, Minimum: 0.2, Maximum: 0.9). Controls log compactor frequency. Larger value means more frequent compactions but also more space wasted for logs. Consider setting log.cleaner.max.compaction.lag.ms to enforce compactions sooner, instead of setting a very high value for this option.</li> <li><code>log_cleaner_min_compaction_lag_ms</code> (integer, Minimum: 0). The minimum time a message will remain uncompacted in the log. Only applicable for logs that are being compacted.</li> <li><code>log_cleanup_policy</code> (string, Enum: <code>delete</code>, <code>compact</code>, <code>compact,delete</code>). The default cleanup policy for segments beyond the retention window.</li> <li><code>log_flush_interval_messages</code> (integer, Minimum: 1). The number of messages accumulated on a log partition before messages are flushed to disk.</li> <li><code>log_flush_interval_ms</code> (integer, Minimum: 0). The maximum time in ms that a message in any topic is kept in memory before flushed to disk. If not set, the value in log.flush.scheduler.interval.ms is used.</li> <li><code>log_index_interval_bytes</code> (integer, Minimum: 0, Maximum: 104857600). The interval with which Kafka adds an entry to the offset index.</li> <li><code>log_index_size_max_bytes</code> (integer, Minimum: 1048576, Maximum: 104857600). The maximum size in bytes of the offset index.</li> <li><code>log_local_retention_bytes</code> (integer, Minimum: -2). The maximum size of local log segments that can grow for a partition before it gets eligible for deletion. If set to -2, the value of log.retention.bytes is used. The effective value should always be less than or equal to log.retention.bytes value.</li> <li><code>log_local_retention_ms</code> (integer, Minimum: -2). The number of milliseconds to keep the local log segments before it gets eligible for deletion. If set to -2, the value of log.retention.ms is used. The effective value should always be less than or equal to log.retention.ms value.</li> <li><code>log_message_downconversion_enable</code> (boolean). This configuration controls whether down-conversion of message formats is enabled to satisfy consume requests.</li> <li><code>log_message_timestamp_difference_max_ms</code> (integer, Minimum: 0). The maximum difference allowed between the timestamp when a broker receives a message and the timestamp specified in the message.</li> <li><code>log_message_timestamp_type</code> (string, Enum: <code>CreateTime</code>, <code>LogAppendTime</code>). Define whether the timestamp in the message is message create time or log append time.</li> <li><code>log_preallocate</code> (boolean). Should pre allocate file when create new segment?.</li> <li><code>log_retention_bytes</code> (integer, Minimum: -1). The maximum size of the log before deleting messages.</li> <li><code>log_retention_hours</code> (integer, Minimum: -1, Maximum: 2147483647). The number of hours to keep a log file before deleting it.</li> <li><code>log_retention_ms</code> (integer, Minimum: -1). The number of milliseconds to keep a log file before deleting it (in milliseconds), If not set, the value in log.retention.minutes is used. If set to -1, no time limit is applied.</li> <li><code>log_roll_jitter_ms</code> (integer, Minimum: 0). The maximum jitter to subtract from logRollTimeMillis (in milliseconds). If not set, the value in log.roll.jitter.hours is used.</li> <li><code>log_roll_ms</code> (integer, Minimum: 1). The maximum time before a new log segment is rolled out (in milliseconds).</li> <li><code>log_segment_bytes</code> (integer, Minimum: 10485760, Maximum: 1073741824). The maximum size of a single log file.</li> <li><code>log_segment_delete_delay_ms</code> (integer, Minimum: 0, Maximum: 3600000). The amount of time to wait before deleting a file from the filesystem.</li> <li><code>max_connections_per_ip</code> (integer, Minimum: 256, Maximum: 2147483647). The maximum number of connections allowed from each ip address (defaults to 2147483647).</li> <li><code>max_incremental_fetch_session_cache_slots</code> (integer, Minimum: 1000, Maximum: 10000). The maximum number of incremental fetch sessions that the broker will maintain.</li> <li><code>message_max_bytes</code> (integer, Minimum: 0, Maximum: 100001200). The maximum size of message that the server can receive.</li> <li><code>min_insync_replicas</code> (integer, Minimum: 1, Maximum: 7). When a producer sets acks to <code>all</code> (or <code>-1</code>), min.insync.replicas specifies the minimum number of replicas that must acknowledge a write for the write to be considered successful.</li> <li><code>num_partitions</code> (integer, Minimum: 1, Maximum: 1000). Number of partitions for autocreated topics.</li> <li><code>offsets_retention_minutes</code> (integer, Minimum: 1, Maximum: 2147483647). Log retention window in minutes for offsets topic.</li> <li><code>producer_purgatory_purge_interval_requests</code> (integer, Minimum: 10, Maximum: 10000). The purge interval (in number of requests) of the producer request purgatory(defaults to 1000).</li> <li><code>replica_fetch_max_bytes</code> (integer, Minimum: 1048576, Maximum: 104857600). The number of bytes of messages to attempt to fetch for each partition (defaults to 1048576). This is not an absolute maximum, if the first record batch in the first non-empty partition of the fetch is larger than this value, the record batch will still be returned to ensure that progress can be made.</li> <li><code>replica_fetch_response_max_bytes</code> (integer, Minimum: 10485760, Maximum: 1048576000). Maximum bytes expected for the entire fetch response (defaults to 10485760). Records are fetched in batches, and if the first record batch in the first non-empty partition of the fetch is larger than this value, the record batch will still be returned to ensure that progress can be made. As such, this is not an absolute maximum.</li> <li><code>sasl_oauthbearer_expected_audience</code> (string, MaxLength: 128). The (optional) comma-delimited setting for the broker to use to verify that the JWT was issued for one of the expected audiences.</li> <li><code>sasl_oauthbearer_expected_issuer</code> (string, MaxLength: 128). Optional setting for the broker to use to verify that the JWT was created by the expected issuer.</li> <li><code>sasl_oauthbearer_jwks_endpoint_url</code> (string, MaxLength: 2048). OIDC JWKS endpoint URL. By setting this the SASL SSL OAuth2/OIDC authentication is enabled. See also other options for SASL OAuth2/OIDC.</li> <li><code>sasl_oauthbearer_sub_claim_name</code> (string, MaxLength: 128). Name of the scope from which to extract the subject claim from the JWT. Defaults to sub.</li> <li><code>socket_request_max_bytes</code> (integer, Minimum: 10485760, Maximum: 209715200). The maximum number of bytes in a socket request (defaults to 104857600).</li> <li><code>transaction_partition_verification_enable</code> (boolean). Enable verification that checks that the partition has been added to the transaction before writing transactional records to the partition.</li> <li><code>transaction_remove_expired_transaction_cleanup_interval_ms</code> (integer, Minimum: 600000, Maximum: 3600000). The interval at which to remove transactions that have expired due to transactional.id.expiration.ms passing (defaults to 3600000 (1 hour)).</li> <li><code>transaction_state_log_segment_bytes</code> (integer, Minimum: 1048576, Maximum: 2147483647). The transaction topic segment bytes should be kept relatively small in order to facilitate faster log compaction and cache loads (defaults to 104857600 (100 mebibytes)).</li> </ul>"},{"location":"api-reference/kafka.html#spec.userConfig.kafka_authentication_methods","title":"kafka_authentication_methods","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Kafka authentication methods.</p> <p>Optional</p> <ul> <li><code>certificate</code> (boolean). Enable certificate/SSL authentication.</li> <li><code>sasl</code> (boolean). Enable SASL authentication.</li> </ul>"},{"location":"api-reference/kafka.html#spec.userConfig.kafka_connect_config","title":"kafka_connect_config","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Kafka Connect configuration values.</p> <p>Optional</p> <ul> <li><code>connector_client_config_override_policy</code> (string, Enum: <code>None</code>, <code>All</code>). Defines what client configurations can be overridden by the connector. Default is None.</li> <li><code>consumer_auto_offset_reset</code> (string, Enum: <code>earliest</code>, <code>latest</code>). What to do when there is no initial offset in Kafka or if the current offset does not exist any more on the server. Default is earliest.</li> <li><code>consumer_fetch_max_bytes</code> (integer, Minimum: 1048576, Maximum: 104857600). Records are fetched in batches by the consumer, and if the first record batch in the first non-empty partition of the fetch is larger than this value, the record batch will still be returned to ensure that the consumer can make progress. As such, this is not a absolute maximum.</li> <li><code>consumer_isolation_level</code> (string, Enum: <code>read_uncommitted</code>, <code>read_committed</code>). Transaction read isolation level. read_uncommitted is the default, but read_committed can be used if consume-exactly-once behavior is desired.</li> <li><code>consumer_max_partition_fetch_bytes</code> (integer, Minimum: 1048576, Maximum: 104857600). Records are fetched in batches by the consumer.If the first record batch in the first non-empty partition of the fetch is larger than this limit, the batch will still be returned to ensure that the consumer can make progress.</li> <li><code>consumer_max_poll_interval_ms</code> (integer, Minimum: 1, Maximum: 2147483647). The maximum delay in milliseconds between invocations of poll() when using consumer group management (defaults to 300000).</li> <li><code>consumer_max_poll_records</code> (integer, Minimum: 1, Maximum: 10000). The maximum number of records returned in a single call to poll() (defaults to 500).</li> <li><code>offset_flush_interval_ms</code> (integer, Minimum: 1, Maximum: 100000000). The interval at which to try committing offsets for tasks (defaults to 60000).</li> <li><code>offset_flush_timeout_ms</code> (integer, Minimum: 1, Maximum: 2147483647). Maximum number of milliseconds to wait for records to flush and partition offset data to be committed to offset storage before cancelling the process and restoring the offset data to be committed in a future attempt (defaults to 5000).</li> <li><code>producer_batch_size</code> (integer, Minimum: 0, Maximum: 5242880). This setting gives the upper bound of the batch size to be sent. If there are fewer than this many bytes accumulated for this partition, the producer will <code>linger</code> for the linger.ms time waiting for more records to show up. A batch size of zero will disable batching entirely (defaults to 16384).</li> <li><code>producer_buffer_memory</code> (integer, Minimum: 5242880, Maximum: 134217728). The total bytes of memory the producer can use to buffer records waiting to be sent to the broker (defaults to 33554432).</li> <li><code>producer_compression_type</code> (string, Enum: <code>gzip</code>, <code>snappy</code>, <code>lz4</code>, <code>zstd</code>, <code>none</code>). Specify the default compression type for producers. This configuration accepts the standard compression codecs (<code>gzip</code>, <code>snappy</code>, <code>lz4</code>, <code>zstd</code>). It additionally accepts <code>none</code> which is the default and equivalent to no compression.</li> <li><code>producer_linger_ms</code> (integer, Minimum: 0, Maximum: 5000). This setting gives the upper bound on the delay for batching: once there is batch.size worth of records for a partition it will be sent immediately regardless of this setting, however if there are fewer than this many bytes accumulated for this partition the producer will <code>linger</code> for the specified time waiting for more records to show up. Defaults to 0.</li> <li><code>producer_max_request_size</code> (integer, Minimum: 131072, Maximum: 67108864). This setting will limit the number of record batches the producer will send in a single request to avoid sending huge requests.</li> <li><code>scheduled_rebalance_max_delay_ms</code> (integer, Minimum: 0, Maximum: 600000). The maximum delay that is scheduled in order to wait for the return of one or more departed workers before rebalancing and reassigning their connectors and tasks to the group. During this period the connectors and tasks of the departed workers remain unassigned.  Defaults to 5 minutes.</li> <li><code>session_timeout_ms</code> (integer, Minimum: 1, Maximum: 2147483647). The timeout in milliseconds used to detect failures when using Kafka\u2019s group management facilities (defaults to 10000).</li> </ul>"},{"location":"api-reference/kafka.html#spec.userConfig.kafka_rest_config","title":"kafka_rest_config","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Kafka REST configuration.</p> <p>Optional</p> <ul> <li><code>consumer_enable_auto_commit</code> (boolean). If true the consumer's offset will be periodically committed to Kafka in the background.</li> <li><code>consumer_request_max_bytes</code> (integer, Minimum: 0, Maximum: 671088640). Maximum number of bytes in unencoded message keys and values by a single request.</li> <li><code>consumer_request_timeout_ms</code> (integer, Enum: <code>1000</code>, <code>15000</code>, <code>30000</code>, Minimum: 1000, Maximum: 30000). The maximum total time to wait for messages for a request if the maximum number of messages has not yet been reached.</li> <li><code>producer_acks</code> (string, Enum: <code>all</code>, <code>-1</code>, <code>0</code>, <code>1</code>). The number of acknowledgments the producer requires the leader to have received before considering a request complete. If set to <code>all</code> or <code>-1</code>, the leader will wait for the full set of in-sync replicas to acknowledge the record.</li> <li><code>producer_compression_type</code> (string, Enum: <code>gzip</code>, <code>snappy</code>, <code>lz4</code>, <code>zstd</code>, <code>none</code>). Specify the default compression type for producers. This configuration accepts the standard compression codecs (<code>gzip</code>, <code>snappy</code>, <code>lz4</code>, <code>zstd</code>). It additionally accepts <code>none</code> which is the default and equivalent to no compression.</li> <li><code>producer_linger_ms</code> (integer, Minimum: 0, Maximum: 5000). Wait for up to the given delay to allow batching records together.</li> <li><code>producer_max_request_size</code> (integer, Minimum: 0, Maximum: 2147483647). The maximum size of a request in bytes. Note that Kafka broker can also cap the record batch size.</li> <li><code>simpleconsumer_pool_size_max</code> (integer, Minimum: 10, Maximum: 250). Maximum number of SimpleConsumers that can be instantiated per broker.</li> </ul>"},{"location":"api-reference/kafka.html#spec.userConfig.private_access","title":"private_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from private networks.</p> <p>Optional</p> <ul> <li><code>kafka</code> (boolean). Allow clients to connect to kafka with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> <li><code>kafka_connect</code> (boolean). Allow clients to connect to kafka_connect with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> <li><code>kafka_rest</code> (boolean). Allow clients to connect to kafka_rest with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> <li><code>schema_registry</code> (boolean). Allow clients to connect to schema_registry with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> </ul>"},{"location":"api-reference/kafka.html#spec.userConfig.privatelink_access","title":"privatelink_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service components through Privatelink.</p> <p>Optional</p> <ul> <li><code>jolokia</code> (boolean). Enable jolokia.</li> <li><code>kafka</code> (boolean). Enable kafka.</li> <li><code>kafka_connect</code> (boolean). Enable kafka_connect.</li> <li><code>kafka_rest</code> (boolean). Enable kafka_rest.</li> <li><code>prometheus</code> (boolean). Enable prometheus.</li> <li><code>schema_registry</code> (boolean). Enable schema_registry.</li> </ul>"},{"location":"api-reference/kafka.html#spec.userConfig.public_access","title":"public_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from the public Internet.</p> <p>Optional</p> <ul> <li><code>kafka</code> (boolean). Allow clients to connect to kafka from the public internet for service nodes that are in a project VPC or another type of private network.</li> <li><code>kafka_connect</code> (boolean). Allow clients to connect to kafka_connect from the public internet for service nodes that are in a project VPC or another type of private network.</li> <li><code>kafka_rest</code> (boolean). Allow clients to connect to kafka_rest from the public internet for service nodes that are in a project VPC or another type of private network.</li> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus from the public internet for service nodes that are in a project VPC or another type of private network.</li> <li><code>schema_registry</code> (boolean). Allow clients to connect to schema_registry from the public internet for service nodes that are in a project VPC or another type of private network.</li> </ul>"},{"location":"api-reference/kafka.html#spec.userConfig.schema_registry_config","title":"schema_registry_config","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Schema Registry configuration.</p> <p>Optional</p> <ul> <li><code>leader_eligibility</code> (boolean). If true, Karapace / Schema Registry on the service nodes can participate in leader election. It might be needed to disable this when the schemas topic is replicated to a secondary cluster and Karapace / Schema Registry there must not participate in leader election. Defaults to <code>true</code>.</li> <li><code>topic_name</code> (string, MinLength: 1, MaxLength: 249). The durable single partition topic that acts as the durable log for the data. This topic must be compacted to avoid losing data due to retention policy. Please note that changing this configuration in an existing Schema Registry / Karapace setup leads to previous schemas being inaccessible, data encoded with them potentially unreadable and schema ID sequence put out of order. It's only possible to do the switch while Schema Registry / Karapace is disabled. Defaults to <code>_schemas</code>.</li> </ul>"},{"location":"api-reference/kafka.html#spec.userConfig.tiered_storage","title":"tiered_storage","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Tiered storage configuration.</p> <p>Optional</p> <ul> <li><code>enabled</code> (boolean). Whether to enable the tiered storage functionality.</li> <li><code>local_cache</code> (object). Deprecated. Local cache configuration. See below for nested schema.</li> </ul>"},{"location":"api-reference/kafka.html#spec.userConfig.tiered_storage.local_cache","title":"local_cache","text":"<p>Appears on <code>spec.userConfig.tiered_storage</code>.</p> <p>Deprecated. Local cache configuration.</p> <p>Required</p> <ul> <li><code>size</code> (integer, Minimum: 1, Maximum: 107374182400). Deprecated. Local cache size in bytes.</li> </ul>"},{"location":"api-reference/kafkaacl.html","title":"KafkaACL","text":""},{"location":"api-reference/kafkaacl.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: KafkaACL\nmetadata:\n  name: my-kafka-acl\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: my-aiven-project\n  serviceName: my-kafka\n  topic: my-topic\n  username: my-user\n  permission: admin\n</code></pre>"},{"location":"api-reference/kafkaacl.html#KafkaACL","title":"KafkaACL","text":"<p>KafkaACL is the Schema for the kafkaacls API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>KafkaACL</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). KafkaACLSpec defines the desired state of KafkaACL. See below for nested schema.</li> </ul>"},{"location":"api-reference/kafkaacl.html#spec","title":"spec","text":"<p>Appears on <code>KafkaACL</code>.</p> <p>KafkaACLSpec defines the desired state of KafkaACL.</p> <p>Required</p> <ul> <li><code>permission</code> (string, Enum: <code>admin</code>, <code>read</code>, <code>readwrite</code>, <code>write</code>). Kafka permission to grant (admin, read, readwrite, write).</li> <li><code>project</code> (string, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Project to link the Kafka ACL to.</li> <li><code>serviceName</code> (string, MaxLength: 63). Service to link the Kafka ACL to.</li> <li><code>topic</code> (string). Topic name pattern for the ACL entry.</li> <li><code>username</code> (string). Username pattern for the ACL entry.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> </ul>"},{"location":"api-reference/kafkaacl.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/kafkaconnect.html","title":"KafkaConnect","text":""},{"location":"api-reference/kafkaconnect.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: KafkaConnect\nmetadata:\n  name: my-kafka-connect\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: my-aiven-project\n  cloudName: google-europe-west1\n  plan: business-4\n\n  userConfig:\n    kafka_connect:\n      consumer_isolation_level: read_committed\n    public_access:\n      kafka_connect: true\n</code></pre>"},{"location":"api-reference/kafkaconnect.html#KafkaConnect","title":"KafkaConnect","text":"<p>KafkaConnect is the Schema for the kafkaconnects API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>KafkaConnect</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). KafkaConnectSpec defines the desired state of KafkaConnect. See below for nested schema.</li> </ul>"},{"location":"api-reference/kafkaconnect.html#spec","title":"spec","text":"<p>Appears on <code>KafkaConnect</code>.</p> <p>KafkaConnectSpec defines the desired state of KafkaConnect.</p> <p>Required</p> <ul> <li><code>plan</code> (string, MaxLength: 128). Subscription plan.</li> <li><code>project</code> (string, Immutable, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Target project.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>cloudName</code> (string, MaxLength: 256). Cloud the service runs in.</li> <li><code>maintenanceWindowDow</code> (string, Enum: <code>monday</code>, <code>tuesday</code>, <code>wednesday</code>, <code>thursday</code>, <code>friday</code>, <code>saturday</code>, <code>sunday</code>). Day of week when maintenance operations should be performed. One monday, tuesday, wednesday, etc.</li> <li><code>maintenanceWindowTime</code> (string, MaxLength: 8). Time of day when maintenance operations should be performed. UTC time in HH:mm:ss format.</li> <li><code>projectVPCRef</code> (object). ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically. See below for nested schema.</li> <li><code>projectVpcId</code> (string, MaxLength: 36). Identifier of the VPC the service should be in, if any.</li> <li><code>serviceIntegrations</code> (array of objects, Immutable, MaxItems: 1). Service integrations to specify when creating a service. Not applied after initial service creation. See below for nested schema.</li> <li><code>tags</code> (object, AdditionalProperties: string). Tags are key-value pairs that allow you to categorize services.</li> <li><code>terminationProtection</code> (boolean). Prevent service from being deleted. It is recommended to have this enabled for all services.</li> <li><code>userConfig</code> (object). KafkaConnect specific user configuration options. See below for nested schema.</li> </ul>"},{"location":"api-reference/kafkaconnect.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/kafkaconnect.html#spec.projectVPCRef","title":"projectVPCRef","text":"<p>Appears on <code>spec</code>.</p> <p>ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically.</p> <p>Required</p> <ul> <li><code>name</code> (string, MinLength: 1). </li> </ul> <p>Optional</p> <ul> <li><code>namespace</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/kafkaconnect.html#spec.serviceIntegrations","title":"serviceIntegrations","text":"<p>Appears on <code>spec</code>.</p> <p>Service integrations to specify when creating a service. Not applied after initial service creation.</p> <p>Required</p> <ul> <li><code>integrationType</code> (string, Enum: <code>read_replica</code>). </li> <li><code>sourceServiceName</code> (string, MinLength: 1, MaxLength: 64). </li> </ul>"},{"location":"api-reference/kafkaconnect.html#spec.userConfig","title":"userConfig","text":"<p>Appears on <code>spec</code>.</p> <p>KafkaConnect specific user configuration options.</p> <p>Optional</p> <ul> <li><code>additional_backup_regions</code> (array of strings, MaxItems: 1). Additional Cloud Regions for Backup Replication.</li> <li><code>ip_filter</code> (array of objects, MaxItems: 1024). Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>. See below for nested schema.</li> <li><code>kafka_connect</code> (object). Kafka Connect configuration values. See below for nested schema.</li> <li><code>private_access</code> (object). Allow access to selected service ports from private networks. See below for nested schema.</li> <li><code>privatelink_access</code> (object). Allow access to selected service components through Privatelink. See below for nested schema.</li> <li><code>public_access</code> (object). Allow access to selected service ports from the public Internet. See below for nested schema.</li> <li><code>static_ips</code> (boolean). Use static public IP addresses.</li> </ul>"},{"location":"api-reference/kafkaconnect.html#spec.userConfig.ip_filter","title":"ip_filter","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>.</p> <p>Required</p> <ul> <li><code>network</code> (string, MaxLength: 43). CIDR address block.</li> </ul> <p>Optional</p> <ul> <li><code>description</code> (string, MaxLength: 1024). Description for IP filter list entry.</li> </ul>"},{"location":"api-reference/kafkaconnect.html#spec.userConfig.kafka_connect","title":"kafka_connect","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Kafka Connect configuration values.</p> <p>Optional</p> <ul> <li><code>connector_client_config_override_policy</code> (string, Enum: <code>None</code>, <code>All</code>). Defines what client configurations can be overridden by the connector. Default is None.</li> <li><code>consumer_auto_offset_reset</code> (string, Enum: <code>earliest</code>, <code>latest</code>). What to do when there is no initial offset in Kafka or if the current offset does not exist any more on the server. Default is earliest.</li> <li><code>consumer_fetch_max_bytes</code> (integer, Minimum: 1048576, Maximum: 104857600). Records are fetched in batches by the consumer, and if the first record batch in the first non-empty partition of the fetch is larger than this value, the record batch will still be returned to ensure that the consumer can make progress. As such, this is not a absolute maximum.</li> <li><code>consumer_isolation_level</code> (string, Enum: <code>read_uncommitted</code>, <code>read_committed</code>). Transaction read isolation level. read_uncommitted is the default, but read_committed can be used if consume-exactly-once behavior is desired.</li> <li><code>consumer_max_partition_fetch_bytes</code> (integer, Minimum: 1048576, Maximum: 104857600). Records are fetched in batches by the consumer.If the first record batch in the first non-empty partition of the fetch is larger than this limit, the batch will still be returned to ensure that the consumer can make progress.</li> <li><code>consumer_max_poll_interval_ms</code> (integer, Minimum: 1, Maximum: 2147483647). The maximum delay in milliseconds between invocations of poll() when using consumer group management (defaults to 300000).</li> <li><code>consumer_max_poll_records</code> (integer, Minimum: 1, Maximum: 10000). The maximum number of records returned in a single call to poll() (defaults to 500).</li> <li><code>offset_flush_interval_ms</code> (integer, Minimum: 1, Maximum: 100000000). The interval at which to try committing offsets for tasks (defaults to 60000).</li> <li><code>offset_flush_timeout_ms</code> (integer, Minimum: 1, Maximum: 2147483647). Maximum number of milliseconds to wait for records to flush and partition offset data to be committed to offset storage before cancelling the process and restoring the offset data to be committed in a future attempt (defaults to 5000).</li> <li><code>producer_batch_size</code> (integer, Minimum: 0, Maximum: 5242880). This setting gives the upper bound of the batch size to be sent. If there are fewer than this many bytes accumulated for this partition, the producer will <code>linger</code> for the linger.ms time waiting for more records to show up. A batch size of zero will disable batching entirely (defaults to 16384).</li> <li><code>producer_buffer_memory</code> (integer, Minimum: 5242880, Maximum: 134217728). The total bytes of memory the producer can use to buffer records waiting to be sent to the broker (defaults to 33554432).</li> <li><code>producer_compression_type</code> (string, Enum: <code>gzip</code>, <code>snappy</code>, <code>lz4</code>, <code>zstd</code>, <code>none</code>). Specify the default compression type for producers. This configuration accepts the standard compression codecs (<code>gzip</code>, <code>snappy</code>, <code>lz4</code>, <code>zstd</code>). It additionally accepts <code>none</code> which is the default and equivalent to no compression.</li> <li><code>producer_linger_ms</code> (integer, Minimum: 0, Maximum: 5000). This setting gives the upper bound on the delay for batching: once there is batch.size worth of records for a partition it will be sent immediately regardless of this setting, however if there are fewer than this many bytes accumulated for this partition the producer will <code>linger</code> for the specified time waiting for more records to show up. Defaults to 0.</li> <li><code>producer_max_request_size</code> (integer, Minimum: 131072, Maximum: 67108864). This setting will limit the number of record batches the producer will send in a single request to avoid sending huge requests.</li> <li><code>scheduled_rebalance_max_delay_ms</code> (integer, Minimum: 0, Maximum: 600000). The maximum delay that is scheduled in order to wait for the return of one or more departed workers before rebalancing and reassigning their connectors and tasks to the group. During this period the connectors and tasks of the departed workers remain unassigned.  Defaults to 5 minutes.</li> <li><code>session_timeout_ms</code> (integer, Minimum: 1, Maximum: 2147483647). The timeout in milliseconds used to detect failures when using Kafka\u2019s group management facilities (defaults to 10000).</li> </ul>"},{"location":"api-reference/kafkaconnect.html#spec.userConfig.private_access","title":"private_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from private networks.</p> <p>Optional</p> <ul> <li><code>kafka_connect</code> (boolean). Allow clients to connect to kafka_connect with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> </ul>"},{"location":"api-reference/kafkaconnect.html#spec.userConfig.privatelink_access","title":"privatelink_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service components through Privatelink.</p> <p>Optional</p> <ul> <li><code>jolokia</code> (boolean). Enable jolokia.</li> <li><code>kafka_connect</code> (boolean). Enable kafka_connect.</li> <li><code>prometheus</code> (boolean). Enable prometheus.</li> </ul>"},{"location":"api-reference/kafkaconnect.html#spec.userConfig.public_access","title":"public_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from the public Internet.</p> <p>Optional</p> <ul> <li><code>kafka_connect</code> (boolean). Allow clients to connect to kafka_connect from the public internet for service nodes that are in a project VPC or another type of private network.</li> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus from the public internet for service nodes that are in a project VPC or another type of private network.</li> </ul>"},{"location":"api-reference/kafkaconnector.html","title":"KafkaConnector","text":""},{"location":"api-reference/kafkaconnector.html#KafkaConnector","title":"KafkaConnector","text":"<p>KafkaConnector is the Schema for the kafkaconnectors API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>KafkaConnector</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). KafkaConnectorSpec defines the desired state of KafkaConnector. See below for nested schema.</li> </ul>"},{"location":"api-reference/kafkaconnector.html#spec","title":"spec","text":"<p>Appears on <code>KafkaConnector</code>.</p> <p>KafkaConnectorSpec defines the desired state of KafkaConnector.</p> <p>Required</p> <ul> <li><code>connectorClass</code> (string, MaxLength: 1024). The Java class of the connector.</li> <li><code>project</code> (string, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Target project.</li> <li><code>serviceName</code> (string, MaxLength: 63). Service name.</li> <li><code>userConfig</code> (object, AdditionalProperties: string). The connector specific configuration To build config values from secret the template function <code>{{ fromSecret \"name\" \"key\" }}</code> is provided when interpreting the keys.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> </ul>"},{"location":"api-reference/kafkaconnector.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/kafkaschema.html","title":"KafkaSchema","text":""},{"location":"api-reference/kafkaschema.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: KafkaSchema\nmetadata:\n  name: my-schema\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: my-aiven-project\n  serviceName: my-kafka\n  subjectName: mny-subject\n  compatibilityLevel: BACKWARD\n  schema: |\n    {\n        \"doc\": \"example_doc\",\n        \"fields\": [{\n            \"default\": 5,\n            \"doc\": \"field_doc\",\n            \"name\": \"field_name\",\n            \"namespace\": \"field_namespace\",\n            \"type\": \"int\"\n        }],\n        \"name\": \"example_name\",\n        \"namespace\": \"example_namespace\",\n        \"type\": \"record\"\n    }\n</code></pre>"},{"location":"api-reference/kafkaschema.html#KafkaSchema","title":"KafkaSchema","text":"<p>KafkaSchema is the Schema for the kafkaschemas API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>KafkaSchema</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). KafkaSchemaSpec defines the desired state of KafkaSchema. See below for nested schema.</li> </ul>"},{"location":"api-reference/kafkaschema.html#spec","title":"spec","text":"<p>Appears on <code>KafkaSchema</code>.</p> <p>KafkaSchemaSpec defines the desired state of KafkaSchema.</p> <p>Required</p> <ul> <li><code>project</code> (string, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Project to link the Kafka Schema to.</li> <li><code>schema</code> (string). Kafka Schema configuration should be a valid Avro Schema JSON format.</li> <li><code>serviceName</code> (string, MaxLength: 63). Service to link the Kafka Schema to.</li> <li><code>subjectName</code> (string, MaxLength: 63). Kafka Schema Subject name.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>compatibilityLevel</code> (string, Enum: <code>BACKWARD</code>, <code>BACKWARD_TRANSITIVE</code>, <code>FORWARD</code>, <code>FORWARD_TRANSITIVE</code>, <code>FULL</code>, <code>FULL_TRANSITIVE</code>, <code>NONE</code>). Kafka Schemas compatibility level.</li> </ul>"},{"location":"api-reference/kafkaschema.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/kafkatopic.html","title":"KafkaTopic","text":""},{"location":"api-reference/kafkatopic.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: KafkaTopic\nmetadata:\n  name: kafka-topic\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: my-aiven-project\n  serviceName: my-kafka\n  topicName: my-kafka-topic\n\n  replication: 2\n  partitions: 1\n\n  config:\n    min_cleanable_dirty_ratio: 0.2\n</code></pre>"},{"location":"api-reference/kafkatopic.html#KafkaTopic","title":"KafkaTopic","text":"<p>KafkaTopic is the Schema for the kafkatopics API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>KafkaTopic</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). KafkaTopicSpec defines the desired state of KafkaTopic. See below for nested schema.</li> </ul>"},{"location":"api-reference/kafkatopic.html#spec","title":"spec","text":"<p>Appears on <code>KafkaTopic</code>.</p> <p>KafkaTopicSpec defines the desired state of KafkaTopic.</p> <p>Required</p> <ul> <li><code>partitions</code> (integer, Minimum: 1, Maximum: 1000000). Number of partitions to create in the topic.</li> <li><code>project</code> (string, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Target project.</li> <li><code>replication</code> (integer, Minimum: 2). Replication factor for the topic.</li> <li><code>serviceName</code> (string, MaxLength: 63). Service name.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>config</code> (object). Kafka topic configuration. See below for nested schema.</li> <li><code>tags</code> (array of objects). Kafka topic tags. See below for nested schema.</li> <li><code>termination_protection</code> (boolean). It is a Kubernetes side deletion protections, which prevents the kafka topic from being deleted by Kubernetes. It is recommended to enable this for any production databases containing critical data.</li> <li><code>topicName</code> (string, Immutable, MinLength: 1, MaxLength: 249). Topic name. If provided, is used instead of metadata.name. This field supports additional characters, has a longer length, and will replace metadata.name in future releases.</li> </ul>"},{"location":"api-reference/kafkatopic.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/kafkatopic.html#spec.config","title":"config","text":"<p>Appears on <code>spec</code>.</p> <p>Kafka topic configuration.</p> <p>Optional</p> <ul> <li><code>cleanup_policy</code> (string). cleanup.policy value.</li> <li><code>compression_type</code> (string). compression.type value.</li> <li><code>delete_retention_ms</code> (integer). delete.retention.ms value.</li> <li><code>file_delete_delay_ms</code> (integer). file.delete.delay.ms value.</li> <li><code>flush_messages</code> (integer). flush.messages value.</li> <li><code>flush_ms</code> (integer). flush.ms value.</li> <li><code>index_interval_bytes</code> (integer). index.interval.bytes value.</li> <li><code>max_compaction_lag_ms</code> (integer). max.compaction.lag.ms value.</li> <li><code>max_message_bytes</code> (integer). max.message.bytes value.</li> <li><code>message_downconversion_enable</code> (boolean). message.downconversion.enable value.</li> <li><code>message_format_version</code> (string). message.format.version value.</li> <li><code>message_timestamp_difference_max_ms</code> (integer). message.timestamp.difference.max.ms value.</li> <li><code>message_timestamp_type</code> (string). message.timestamp.type value.</li> <li><code>min_cleanable_dirty_ratio</code> (number). min.cleanable.dirty.ratio value.</li> <li><code>min_compaction_lag_ms</code> (integer). min.compaction.lag.ms value.</li> <li><code>min_insync_replicas</code> (integer). min.insync.replicas value.</li> <li><code>preallocate</code> (boolean). preallocate value.</li> <li><code>retention_bytes</code> (integer). retention.bytes value.</li> <li><code>retention_ms</code> (integer). retention.ms value.</li> <li><code>segment_bytes</code> (integer). segment.bytes value.</li> <li><code>segment_index_bytes</code> (integer). segment.index.bytes value.</li> <li><code>segment_jitter_ms</code> (integer). segment.jitter.ms value.</li> <li><code>segment_ms</code> (integer). segment.ms value.</li> </ul>"},{"location":"api-reference/kafkatopic.html#spec.tags","title":"tags","text":"<p>Appears on <code>spec</code>.</p> <p>Kafka topic tags.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1, MaxLength: 64, Format: <code>^[a-zA-Z0-9_-]*$</code>). </li> </ul> <p>Optional</p> <ul> <li><code>value</code> (string, MaxLength: 256, Format: <code>^[a-zA-Z0-9_-]*$</code>). </li> </ul>"},{"location":"api-reference/mysql.html","title":"MySQL","text":""},{"location":"api-reference/mysql.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: MySQL\nmetadata:\n  name: my-mysql\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: mysql-secret\n    prefix: MY_SECRET_PREFIX_\n    annotations:\n      foo: bar\n    labels:\n      baz: egg\n\n  project: my-aiven-project\n  cloudName: google-europe-west1\n  plan: business-4\n\n  maintenanceWindowDow: sunday\n  maintenanceWindowTime: 11:00:00\n\n  userConfig:\n    backup_hour: 17\n    backup_minute: 11\n    ip_filter:\n      - network: 0.0.0.0\n        description: whatever\n      - network: 10.20.0.0/16\n</code></pre>"},{"location":"api-reference/mysql.html#MySQL","title":"MySQL","text":"<p>MySQL is the Schema for the mysqls API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>MySQL</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). MySQLSpec defines the desired state of MySQL. See below for nested schema.</li> </ul>"},{"location":"api-reference/mysql.html#spec","title":"spec","text":"<p>Appears on <code>MySQL</code>.</p> <p>MySQLSpec defines the desired state of MySQL.</p> <p>Required</p> <ul> <li><code>plan</code> (string, MaxLength: 128). Subscription plan.</li> <li><code>project</code> (string, Immutable, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Target project.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>cloudName</code> (string, MaxLength: 256). Cloud the service runs in.</li> <li><code>connInfoSecretTarget</code> (object). Information regarding secret creation. Exposed keys: <code>MYSQL_HOST</code>, <code>MYSQL_PORT</code>, <code>MYSQL_DATABASE</code>, <code>MYSQL_USER</code>, <code>MYSQL_PASSWORD</code>, <code>MYSQL_SSL_MODE</code>, <code>MYSQL_URI</code>, <code>MYSQL_REPLICA_URI</code>. See below for nested schema.</li> <li><code>disk_space</code> (string, Format: <code>^[1-9][0-9]*(GiB|G)*</code>). The disk space of the service, possible values depend on the service type, the cloud provider and the project. Reducing will result in the service re-balancing.</li> <li><code>maintenanceWindowDow</code> (string, Enum: <code>monday</code>, <code>tuesday</code>, <code>wednesday</code>, <code>thursday</code>, <code>friday</code>, <code>saturday</code>, <code>sunday</code>). Day of week when maintenance operations should be performed. One monday, tuesday, wednesday, etc.</li> <li><code>maintenanceWindowTime</code> (string, MaxLength: 8). Time of day when maintenance operations should be performed. UTC time in HH:mm:ss format.</li> <li><code>projectVPCRef</code> (object). ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically. See below for nested schema.</li> <li><code>projectVpcId</code> (string, MaxLength: 36). Identifier of the VPC the service should be in, if any.</li> <li><code>serviceIntegrations</code> (array of objects, Immutable, MaxItems: 1). Service integrations to specify when creating a service. Not applied after initial service creation. See below for nested schema.</li> <li><code>tags</code> (object, AdditionalProperties: string). Tags are key-value pairs that allow you to categorize services.</li> <li><code>terminationProtection</code> (boolean). Prevent service from being deleted. It is recommended to have this enabled for all services.</li> <li><code>userConfig</code> (object). MySQL specific user configuration options. See below for nested schema.</li> </ul>"},{"location":"api-reference/mysql.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/mysql.html#spec.connInfoSecretTarget","title":"connInfoSecretTarget","text":"<p>Appears on <code>spec</code>.</p> <p>Information regarding secret creation. Exposed keys: <code>MYSQL_HOST</code>, <code>MYSQL_PORT</code>, <code>MYSQL_DATABASE</code>, <code>MYSQL_USER</code>, <code>MYSQL_PASSWORD</code>, <code>MYSQL_SSL_MODE</code>, <code>MYSQL_URI</code>, <code>MYSQL_REPLICA_URI</code>.</p> <p>Required</p> <ul> <li><code>name</code> (string). Name of the secret resource to be created. By default, is equal to the resource name.</li> </ul> <p>Optional</p> <ul> <li><code>annotations</code> (object, AdditionalProperties: string). Annotations added to the secret.</li> <li><code>labels</code> (object, AdditionalProperties: string). Labels added to the secret.</li> <li><code>prefix</code> (string). Prefix for the secret's keys. Added \"as is\" without any transformations. By default, is equal to the kind name in uppercase + underscore, e.g. <code>KAFKA_</code>, <code>REDIS_</code>, etc.</li> </ul>"},{"location":"api-reference/mysql.html#spec.projectVPCRef","title":"projectVPCRef","text":"<p>Appears on <code>spec</code>.</p> <p>ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically.</p> <p>Required</p> <ul> <li><code>name</code> (string, MinLength: 1). </li> </ul> <p>Optional</p> <ul> <li><code>namespace</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/mysql.html#spec.serviceIntegrations","title":"serviceIntegrations","text":"<p>Appears on <code>spec</code>.</p> <p>Service integrations to specify when creating a service. Not applied after initial service creation.</p> <p>Required</p> <ul> <li><code>integrationType</code> (string, Enum: <code>read_replica</code>). </li> <li><code>sourceServiceName</code> (string, MinLength: 1, MaxLength: 64). </li> </ul>"},{"location":"api-reference/mysql.html#spec.userConfig","title":"userConfig","text":"<p>Appears on <code>spec</code>.</p> <p>MySQL specific user configuration options.</p> <p>Optional</p> <ul> <li><code>additional_backup_regions</code> (array of strings, MaxItems: 1). Additional Cloud Regions for Backup Replication.</li> <li><code>admin_password</code> (string, Immutable, Pattern: <code>^[a-zA-Z0-9-_]+$</code>, MinLength: 8, MaxLength: 256). Custom password for admin user. Defaults to random string. This must be set only when a new service is being created.</li> <li><code>admin_username</code> (string, Immutable, Pattern: <code>^[_A-Za-z0-9][-._A-Za-z0-9]{0,63}$</code>, MaxLength: 64). Custom username for admin user. This must be set only when a new service is being created.</li> <li><code>backup_hour</code> (integer, Minimum: 0, Maximum: 23). The hour of day (in UTC) when backup for the service is started. New backup is only started if previous backup has already completed.</li> <li><code>backup_minute</code> (integer, Minimum: 0, Maximum: 59). The minute of an hour when backup for the service is started. New backup is only started if previous backup has already completed.</li> <li><code>binlog_retention_period</code> (integer, Minimum: 600, Maximum: 86400). The minimum amount of time in seconds to keep binlog entries before deletion. This may be extended for services that require binlog entries for longer than the default for example if using the MySQL Debezium Kafka connector.</li> <li><code>ip_filter</code> (array of objects, MaxItems: 1024). Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>. See below for nested schema.</li> <li><code>migration</code> (object). Migrate data from existing server. See below for nested schema.</li> <li><code>mysql</code> (object). mysql.conf configuration values. See below for nested schema.</li> <li><code>mysql_version</code> (string, Enum: <code>8</code>). MySQL major version.</li> <li><code>private_access</code> (object). Allow access to selected service ports from private networks. See below for nested schema.</li> <li><code>privatelink_access</code> (object). Allow access to selected service components through Privatelink. See below for nested schema.</li> <li><code>project_to_fork_from</code> (string, Immutable, MaxLength: 63). Name of another project to fork a service from. This has effect only when a new service is being created.</li> <li><code>public_access</code> (object). Allow access to selected service ports from the public Internet. See below for nested schema.</li> <li><code>recovery_target_time</code> (string, Immutable, MaxLength: 32). Recovery target time when forking a service. This has effect only when a new service is being created.</li> <li><code>service_to_fork_from</code> (string, Immutable, MaxLength: 64). Name of another service to fork from. This has effect only when a new service is being created.</li> <li><code>static_ips</code> (boolean). Use static public IP addresses.</li> </ul>"},{"location":"api-reference/mysql.html#spec.userConfig.ip_filter","title":"ip_filter","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>.</p> <p>Required</p> <ul> <li><code>network</code> (string, MaxLength: 43). CIDR address block.</li> </ul> <p>Optional</p> <ul> <li><code>description</code> (string, MaxLength: 1024). Description for IP filter list entry.</li> </ul>"},{"location":"api-reference/mysql.html#spec.userConfig.migration","title":"migration","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Migrate data from existing server.</p> <p>Required</p> <ul> <li><code>host</code> (string, MaxLength: 255). Hostname or IP address of the server where to migrate data from.</li> <li><code>port</code> (integer, Minimum: 1, Maximum: 65535). Port number of the server where to migrate data from.</li> </ul> <p>Optional</p> <ul> <li><code>dbname</code> (string, MaxLength: 63). Database name for bootstrapping the initial connection.</li> <li><code>ignore_dbs</code> (string, MaxLength: 2048). Comma-separated list of databases, which should be ignored during migration (supported by MySQL and PostgreSQL only at the moment).</li> <li><code>method</code> (string, Enum: <code>dump</code>, <code>replication</code>). The migration method to be used (currently supported only by Redis, Dragonfly, MySQL and PostgreSQL service types).</li> <li><code>password</code> (string, MaxLength: 256). Password for authentication with the server where to migrate data from.</li> <li><code>ssl</code> (boolean). The server where to migrate data from is secured with SSL.</li> <li><code>username</code> (string, MaxLength: 256). User name for authentication with the server where to migrate data from.</li> </ul>"},{"location":"api-reference/mysql.html#spec.userConfig.mysql","title":"mysql","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>mysql.conf configuration values.</p> <p>Optional</p> <ul> <li><code>connect_timeout</code> (integer, Minimum: 2, Maximum: 3600). The number of seconds that the mysqld server waits for a connect packet before responding with Bad handshake.</li> <li><code>default_time_zone</code> (string, MinLength: 2, MaxLength: 100). Default server time zone as an offset from UTC (from -12:00 to +12:00), a time zone name, or <code>SYSTEM</code> to use the MySQL server default.</li> <li><code>group_concat_max_len</code> (integer, Minimum: 4). The maximum permitted result length in bytes for the GROUP_CONCAT() function.</li> <li><code>information_schema_stats_expiry</code> (integer, Minimum: 900, Maximum: 31536000). The time, in seconds, before cached statistics expire.</li> <li><code>innodb_change_buffer_max_size</code> (integer, Minimum: 0, Maximum: 50). Maximum size for the InnoDB change buffer, as a percentage of the total size of the buffer pool. Default is 25.</li> <li><code>innodb_flush_neighbors</code> (integer, Minimum: 0, Maximum: 2). Specifies whether flushing a page from the InnoDB buffer pool also flushes other dirty pages in the same extent (default is 1): 0 - dirty pages in the same extent are not flushed,  1 - flush contiguous dirty pages in the same extent,  2 - flush dirty pages in the same extent.</li> <li><code>innodb_ft_min_token_size</code> (integer, Minimum: 0, Maximum: 16). Minimum length of words that are stored in an InnoDB FULLTEXT index. Changing this parameter will lead to a restart of the MySQL service.</li> <li><code>innodb_ft_server_stopword_table</code> (string, Pattern: <code>^.+/.+$</code>, MaxLength: 1024). This option is used to specify your own InnoDB FULLTEXT index stopword list for all InnoDB tables.</li> <li><code>innodb_lock_wait_timeout</code> (integer, Minimum: 1, Maximum: 3600). The length of time in seconds an InnoDB transaction waits for a row lock before giving up. Default is 120.</li> <li><code>innodb_log_buffer_size</code> (integer, Minimum: 1048576, Maximum: 4294967295). The size in bytes of the buffer that InnoDB uses to write to the log files on disk.</li> <li><code>innodb_online_alter_log_max_size</code> (integer, Minimum: 65536, Maximum: 1099511627776). The upper limit in bytes on the size of the temporary log files used during online DDL operations for InnoDB tables.</li> <li><code>innodb_print_all_deadlocks</code> (boolean). When enabled, information about all deadlocks in InnoDB user transactions is recorded in the error log. Disabled by default.</li> <li><code>innodb_read_io_threads</code> (integer, Minimum: 1, Maximum: 64). The number of I/O threads for read operations in InnoDB. Default is 4. Changing this parameter will lead to a restart of the MySQL service.</li> <li><code>innodb_rollback_on_timeout</code> (boolean). When enabled a transaction timeout causes InnoDB to abort and roll back the entire transaction. Changing this parameter will lead to a restart of the MySQL service.</li> <li><code>innodb_thread_concurrency</code> (integer, Minimum: 0, Maximum: 1000). Defines the maximum number of threads permitted inside of InnoDB. Default is 0 (infinite concurrency - no limit).</li> <li><code>innodb_write_io_threads</code> (integer, Minimum: 1, Maximum: 64). The number of I/O threads for write operations in InnoDB. Default is 4. Changing this parameter will lead to a restart of the MySQL service.</li> <li><code>interactive_timeout</code> (integer, Minimum: 30, Maximum: 604800). The number of seconds the server waits for activity on an interactive connection before closing it.</li> <li><code>internal_tmp_mem_storage_engine</code> (string, Enum: <code>TempTable</code>, <code>MEMORY</code>). The storage engine for in-memory internal temporary tables.</li> <li><code>long_query_time</code> (number, Minimum: 0, Maximum: 3600). The slow_query_logs work as SQL statements that take more than long_query_time seconds to execute. Default is 10s.</li> <li><code>max_allowed_packet</code> (integer, Minimum: 102400, Maximum: 1073741824). Size of the largest message in bytes that can be received by the server. Default is 67108864 (64M).</li> <li><code>max_heap_table_size</code> (integer, Minimum: 1048576, Maximum: 1073741824). Limits the size of internal in-memory tables. Also set tmp_table_size. Default is 16777216 (16M).</li> <li><code>net_buffer_length</code> (integer, Minimum: 1024, Maximum: 1048576). Start sizes of connection buffer and result buffer. Default is 16384 (16K). Changing this parameter will lead to a restart of the MySQL service.</li> <li><code>net_read_timeout</code> (integer, Minimum: 1, Maximum: 3600). The number of seconds to wait for more data from a connection before aborting the read.</li> <li><code>net_write_timeout</code> (integer, Minimum: 1, Maximum: 3600). The number of seconds to wait for a block to be written to a connection before aborting the write.</li> <li><code>slow_query_log</code> (boolean). Slow query log enables capturing of slow queries. Setting slow_query_log to false also truncates the mysql.slow_log table. Default is off.</li> <li><code>sort_buffer_size</code> (integer, Minimum: 32768, Maximum: 1073741824). Sort buffer size in bytes for ORDER BY optimization. Default is 262144 (256K).</li> <li><code>sql_mode</code> (string, Pattern: <code>^[A-Z_]*(,[A-Z_]+)*$</code>, MaxLength: 1024). Global SQL mode. Set to empty to use MySQL server defaults. When creating a new service and not setting this field Aiven default SQL mode (strict, SQL standard compliant) will be assigned.</li> <li><code>sql_require_primary_key</code> (boolean). Require primary key to be defined for new tables or old tables modified with ALTER TABLE and fail if missing. It is recommended to always have primary keys because various functionality may break if any large table is missing them.</li> <li><code>tmp_table_size</code> (integer, Minimum: 1048576, Maximum: 1073741824). Limits the size of internal in-memory tables. Also set max_heap_table_size. Default is 16777216 (16M).</li> <li><code>wait_timeout</code> (integer, Minimum: 1, Maximum: 2147483). The number of seconds the server waits for activity on a noninteractive connection before closing it.</li> </ul>"},{"location":"api-reference/mysql.html#spec.userConfig.private_access","title":"private_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from private networks.</p> <p>Optional</p> <ul> <li><code>mysql</code> (boolean). Allow clients to connect to mysql with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> <li><code>mysqlx</code> (boolean). Allow clients to connect to mysqlx with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> </ul>"},{"location":"api-reference/mysql.html#spec.userConfig.privatelink_access","title":"privatelink_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service components through Privatelink.</p> <p>Optional</p> <ul> <li><code>mysql</code> (boolean). Enable mysql.</li> <li><code>mysqlx</code> (boolean). Enable mysqlx.</li> <li><code>prometheus</code> (boolean). Enable prometheus.</li> </ul>"},{"location":"api-reference/mysql.html#spec.userConfig.public_access","title":"public_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from the public Internet.</p> <p>Optional</p> <ul> <li><code>mysql</code> (boolean). Allow clients to connect to mysql from the public internet for service nodes that are in a project VPC or another type of private network.</li> <li><code>mysqlx</code> (boolean). Allow clients to connect to mysqlx from the public internet for service nodes that are in a project VPC or another type of private network.</li> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus from the public internet for service nodes that are in a project VPC or another type of private network.</li> </ul>"},{"location":"api-reference/opensearch.html","title":"OpenSearch","text":""},{"location":"api-reference/opensearch.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: OpenSearch\nmetadata:\n  name: my-os\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: os-secret\n    prefix: MY_SECRET_PREFIX_\n    annotations:\n      foo: bar\n    labels:\n      baz: egg\n\n  project: my-aiven-project\n  cloudName: google-europe-west1\n  plan: startup-4\n  disk_space: 80Gib\n\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n</code></pre>"},{"location":"api-reference/opensearch.html#OpenSearch","title":"OpenSearch","text":"<p>OpenSearch is the Schema for the opensearches API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>OpenSearch</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). OpenSearchSpec defines the desired state of OpenSearch. See below for nested schema.</li> </ul>"},{"location":"api-reference/opensearch.html#spec","title":"spec","text":"<p>Appears on <code>OpenSearch</code>.</p> <p>OpenSearchSpec defines the desired state of OpenSearch.</p> <p>Required</p> <ul> <li><code>plan</code> (string, MaxLength: 128). Subscription plan.</li> <li><code>project</code> (string, Immutable, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Target project.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>cloudName</code> (string, MaxLength: 256). Cloud the service runs in.</li> <li><code>connInfoSecretTarget</code> (object). Information regarding secret creation. Exposed keys: <code>OPENSEARCH_HOST</code>, <code>OPENSEARCH_PORT</code>, <code>OPENSEARCH_USER</code>, <code>OPENSEARCH_PASSWORD</code>. See below for nested schema.</li> <li><code>disk_space</code> (string, Format: <code>^[1-9][0-9]*(GiB|G)*</code>). The disk space of the service, possible values depend on the service type, the cloud provider and the project. Reducing will result in the service re-balancing.</li> <li><code>maintenanceWindowDow</code> (string, Enum: <code>monday</code>, <code>tuesday</code>, <code>wednesday</code>, <code>thursday</code>, <code>friday</code>, <code>saturday</code>, <code>sunday</code>). Day of week when maintenance operations should be performed. One monday, tuesday, wednesday, etc.</li> <li><code>maintenanceWindowTime</code> (string, MaxLength: 8). Time of day when maintenance operations should be performed. UTC time in HH:mm:ss format.</li> <li><code>projectVPCRef</code> (object). ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically. See below for nested schema.</li> <li><code>projectVpcId</code> (string, MaxLength: 36). Identifier of the VPC the service should be in, if any.</li> <li><code>serviceIntegrations</code> (array of objects, Immutable, MaxItems: 1). Service integrations to specify when creating a service. Not applied after initial service creation. See below for nested schema.</li> <li><code>tags</code> (object, AdditionalProperties: string). Tags are key-value pairs that allow you to categorize services.</li> <li><code>terminationProtection</code> (boolean). Prevent service from being deleted. It is recommended to have this enabled for all services.</li> <li><code>userConfig</code> (object). OpenSearch specific user configuration options. See below for nested schema.</li> </ul>"},{"location":"api-reference/opensearch.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/opensearch.html#spec.connInfoSecretTarget","title":"connInfoSecretTarget","text":"<p>Appears on <code>spec</code>.</p> <p>Information regarding secret creation. Exposed keys: <code>OPENSEARCH_HOST</code>, <code>OPENSEARCH_PORT</code>, <code>OPENSEARCH_USER</code>, <code>OPENSEARCH_PASSWORD</code>.</p> <p>Required</p> <ul> <li><code>name</code> (string). Name of the secret resource to be created. By default, is equal to the resource name.</li> </ul> <p>Optional</p> <ul> <li><code>annotations</code> (object, AdditionalProperties: string). Annotations added to the secret.</li> <li><code>labels</code> (object, AdditionalProperties: string). Labels added to the secret.</li> <li><code>prefix</code> (string). Prefix for the secret's keys. Added \"as is\" without any transformations. By default, is equal to the kind name in uppercase + underscore, e.g. <code>KAFKA_</code>, <code>REDIS_</code>, etc.</li> </ul>"},{"location":"api-reference/opensearch.html#spec.projectVPCRef","title":"projectVPCRef","text":"<p>Appears on <code>spec</code>.</p> <p>ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically.</p> <p>Required</p> <ul> <li><code>name</code> (string, MinLength: 1). </li> </ul> <p>Optional</p> <ul> <li><code>namespace</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/opensearch.html#spec.serviceIntegrations","title":"serviceIntegrations","text":"<p>Appears on <code>spec</code>.</p> <p>Service integrations to specify when creating a service. Not applied after initial service creation.</p> <p>Required</p> <ul> <li><code>integrationType</code> (string, Enum: <code>read_replica</code>). </li> <li><code>sourceServiceName</code> (string, MinLength: 1, MaxLength: 64). </li> </ul>"},{"location":"api-reference/opensearch.html#spec.userConfig","title":"userConfig","text":"<p>Appears on <code>spec</code>.</p> <p>OpenSearch specific user configuration options.</p> <p>Optional</p> <ul> <li><code>additional_backup_regions</code> (array of strings, MaxItems: 1). Additional Cloud Regions for Backup Replication.</li> <li><code>custom_domain</code> (string, MaxLength: 255). Serve the web frontend using a custom CNAME pointing to the Aiven DNS name.</li> <li><code>disable_replication_factor_adjustment</code> (boolean). DEPRECATED: Disable automatic replication factor adjustment for multi-node services. By default, Aiven ensures all indexes are replicated at least to two nodes. Note: Due to potential data loss in case of losing a service node, this setting can no longer be activated.</li> <li><code>index_patterns</code> (array of objects, MaxItems: 512). Index patterns. See below for nested schema.</li> <li><code>index_template</code> (object). Template settings for all new indexes. See below for nested schema.</li> <li><code>ip_filter</code> (array of objects, MaxItems: 1024). Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>. See below for nested schema.</li> <li><code>keep_index_refresh_interval</code> (boolean). Aiven automation resets index.refresh_interval to default value for every index to be sure that indices are always visible to search. If it doesn't fit your case, you can disable this by setting up this flag to true.</li> <li><code>max_index_count</code> (integer, Minimum: 0). DEPRECATED: use index_patterns instead.</li> <li><code>openid</code> (object). OpenSearch OpenID Connect Configuration. See below for nested schema.</li> <li><code>opensearch</code> (object). OpenSearch settings. See below for nested schema.</li> <li><code>opensearch_dashboards</code> (object). OpenSearch Dashboards settings. See below for nested schema.</li> <li><code>opensearch_version</code> (string, Enum: <code>1</code>, <code>2</code>). OpenSearch major version.</li> <li><code>private_access</code> (object). Allow access to selected service ports from private networks. See below for nested schema.</li> <li><code>privatelink_access</code> (object). Allow access to selected service components through Privatelink. See below for nested schema.</li> <li><code>project_to_fork_from</code> (string, Immutable, MaxLength: 63). Name of another project to fork a service from. This has effect only when a new service is being created.</li> <li><code>public_access</code> (object). Allow access to selected service ports from the public Internet. See below for nested schema.</li> <li><code>recovery_basebackup_name</code> (string, Pattern: <code>^[a-zA-Z0-9-_:.]+$</code>, MaxLength: 128). Name of the basebackup to restore in forked service.</li> <li><code>saml</code> (object). OpenSearch SAML configuration. See below for nested schema.</li> <li><code>service_to_fork_from</code> (string, Immutable, MaxLength: 64). Name of another service to fork from. This has effect only when a new service is being created.</li> <li><code>static_ips</code> (boolean). Use static public IP addresses.</li> </ul>"},{"location":"api-reference/opensearch.html#spec.userConfig.index_patterns","title":"index_patterns","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Index patterns.</p> <p>Required</p> <ul> <li><code>max_index_count</code> (integer, Minimum: 0). Maximum number of indexes to keep.</li> <li><code>pattern</code> (string, Pattern: <code>^[A-Za-z0-9-_.*?]+$</code>, MaxLength: 1024). fnmatch pattern.</li> </ul> <p>Optional</p> <ul> <li><code>sorting_algorithm</code> (string, Enum: <code>alphabetical</code>, <code>creation_date</code>). Deletion sorting algorithm.</li> </ul>"},{"location":"api-reference/opensearch.html#spec.userConfig.index_template","title":"index_template","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Template settings for all new indexes.</p> <p>Optional</p> <ul> <li><code>mapping_nested_objects_limit</code> (integer, Minimum: 0, Maximum: 100000). The maximum number of nested JSON objects that a single document can contain across all nested types. This limit helps to prevent out of memory errors when a document contains too many nested objects. Default is 10000.</li> <li><code>number_of_replicas</code> (integer, Minimum: 0, Maximum: 29). The number of replicas each primary shard has.</li> <li><code>number_of_shards</code> (integer, Minimum: 1, Maximum: 1024). The number of primary shards that an index should have.</li> </ul>"},{"location":"api-reference/opensearch.html#spec.userConfig.ip_filter","title":"ip_filter","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>.</p> <p>Required</p> <ul> <li><code>network</code> (string, MaxLength: 43). CIDR address block.</li> </ul> <p>Optional</p> <ul> <li><code>description</code> (string, MaxLength: 1024). Description for IP filter list entry.</li> </ul>"},{"location":"api-reference/opensearch.html#spec.userConfig.openid","title":"openid","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>OpenSearch OpenID Connect Configuration.</p> <p>Required</p> <ul> <li><code>client_id</code> (string, MinLength: 1, MaxLength: 1024). The ID of the OpenID Connect client configured in your IdP. Required.</li> <li><code>client_secret</code> (string, MinLength: 1, MaxLength: 1024). The client secret of the OpenID Connect client configured in your IdP. Required.</li> <li><code>connect_url</code> (string, MaxLength: 2048). The URL of your IdP where the Security plugin can find the OpenID Connect metadata/configuration settings.</li> </ul> <p>Optional</p> <ul> <li><code>enabled</code> (boolean). Enables or disables OpenID Connect authentication for OpenSearch. When enabled, users can authenticate using OpenID Connect with an Identity Provider.</li> <li><code>header</code> (string, MinLength: 1, MaxLength: 1024). HTTP header name of the JWT token. Optional. Default is Authorization.</li> <li><code>jwt_header</code> (string, MinLength: 1, MaxLength: 1024). The HTTP header that stores the token. Typically the Authorization header with the Bearer schema: Authorization: Bearer . Optional. Default is Authorization. <li><code>jwt_url_parameter</code> (string, MinLength: 1, MaxLength: 1024). If the token is not transmitted in the HTTP header, but as an URL parameter, define the name of the parameter here. Optional.</li> <li><code>refresh_rate_limit_count</code> (integer, Minimum: 10). The maximum number of unknown key IDs in the time frame. Default is 10. Optional.</li> <li><code>refresh_rate_limit_time_window_ms</code> (integer, Minimum: 10000). The time frame to use when checking the maximum number of unknown key IDs, in milliseconds. Optional.Default is 10000 (10 seconds).</li> <li><code>roles_key</code> (string, MinLength: 1, MaxLength: 1024). The key in the JSON payload that stores the user\u2019s roles. The value of this key must be a comma-separated list of roles. Required only if you want to use roles in the JWT.</li> <li><code>scope</code> (string, MinLength: 1, MaxLength: 1024). The scope of the identity token issued by the IdP. Optional. Default is openid profile email address phone.</li> <li><code>subject_key</code> (string, MinLength: 1, MaxLength: 1024). The key in the JSON payload that stores the user\u2019s name. If not defined, the subject registered claim is used. Most IdP providers use the preferred_username claim. Optional.</li>"},{"location":"api-reference/opensearch.html#spec.userConfig.opensearch","title":"opensearch","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>OpenSearch settings.</p> <p>Optional</p> <ul> <li><code>action_auto_create_index_enabled</code> (boolean). Explicitly allow or block automatic creation of indices. Defaults to true.</li> <li><code>action_destructive_requires_name</code> (boolean). Require explicit index names when deleting.</li> <li><code>auth_failure_listeners</code> (object). Opensearch Security Plugin Settings. See below for nested schema.</li> <li><code>cluster_max_shards_per_node</code> (integer, Minimum: 100, Maximum: 10000). Controls the number of shards allowed in the cluster per data node.</li> <li><code>cluster_routing_allocation_node_concurrent_recoveries</code> (integer, Minimum: 2, Maximum: 16). How many concurrent incoming/outgoing shard recoveries (normally replicas) are allowed to happen on a node. Defaults to 2.</li> <li><code>email_sender_name</code> (string, Pattern: <code>^[a-zA-Z0-9-_]+$</code>, MaxLength: 40). Sender name placeholder to be used in Opensearch Dashboards and Opensearch keystore.</li> <li><code>email_sender_password</code> (string, Pattern: <code>^[^\\x00-\\x1F]+$</code>, MaxLength: 1024). Sender password for Opensearch alerts to authenticate with SMTP server.</li> <li><code>email_sender_username</code> (string, Pattern: <code>^[^\\x00-\\x1F]+$</code>, MaxLength: 320). Sender username for Opensearch alerts.</li> <li><code>http_max_content_length</code> (integer, Minimum: 1, Maximum: 2147483647). Maximum content length for HTTP requests to the OpenSearch HTTP API, in bytes.</li> <li><code>http_max_header_size</code> (integer, Minimum: 1024, Maximum: 262144). The max size of allowed headers, in bytes.</li> <li><code>http_max_initial_line_length</code> (integer, Minimum: 1024, Maximum: 65536). The max length of an HTTP URL, in bytes.</li> <li><code>indices_fielddata_cache_size</code> (integer, Minimum: 3, Maximum: 100). Relative amount. Maximum amount of heap memory used for field data cache. This is an expert setting; decreasing the value too much will increase overhead of loading field data; too much memory used for field data cache will decrease amount of heap available for other operations.</li> <li><code>indices_memory_index_buffer_size</code> (integer, Minimum: 3, Maximum: 40). Percentage value. Default is 10%. Total amount of heap used for indexing buffer, before writing segments to disk. This is an expert setting. Too low value will slow down indexing; too high value will increase indexing performance but causes performance issues for query performance.</li> <li><code>indices_memory_max_index_buffer_size</code> (integer, Minimum: 3, Maximum: 2048). Absolute value. Default is unbound. Doesn't work without indices.memory.index_buffer_size. Maximum amount of heap used for query cache, an absolute indices.memory.index_buffer_size maximum hard limit.</li> <li><code>indices_memory_min_index_buffer_size</code> (integer, Minimum: 3, Maximum: 2048). Absolute value. Default is 48mb. Doesn't work without indices.memory.index_buffer_size. Minimum amount of heap used for query cache, an absolute indices.memory.index_buffer_size minimal hard limit.</li> <li><code>indices_queries_cache_size</code> (integer, Minimum: 3, Maximum: 40). Percentage value. Default is 10%. Maximum amount of heap used for query cache. This is an expert setting. Too low value will decrease query performance and increase performance for other operations; too high value will cause issues with other OpenSearch functionality.</li> <li><code>indices_query_bool_max_clause_count</code> (integer, Minimum: 64, Maximum: 4096). Maximum number of clauses Lucene BooleanQuery can have. The default value (1024) is relatively high, and increasing it may cause performance issues. Investigate other approaches first before increasing this value.</li> <li><code>indices_recovery_max_bytes_per_sec</code> (integer, Minimum: 40, Maximum: 400). Limits total inbound and outbound recovery traffic for each node. Applies to both peer recoveries as well as snapshot recoveries (i.e., restores from a snapshot). Defaults to 40mb.</li> <li><code>indices_recovery_max_concurrent_file_chunks</code> (integer, Minimum: 2, Maximum: 5). Number of file chunks sent in parallel for each recovery. Defaults to 2.</li> <li><code>ism_enabled</code> (boolean). Specifies whether ISM is enabled or not.</li> <li><code>ism_history_enabled</code> (boolean). Specifies whether audit history is enabled or not. The logs from ISM are automatically indexed to a logs document.</li> <li><code>ism_history_max_age</code> (integer, Minimum: 1, Maximum: 2147483647). The maximum age before rolling over the audit history index in hours.</li> <li><code>ism_history_max_docs</code> (integer, Minimum: 1). The maximum number of documents before rolling over the audit history index.</li> <li><code>ism_history_rollover_check_period</code> (integer, Minimum: 1, Maximum: 2147483647). The time between rollover checks for the audit history index in hours.</li> <li><code>ism_history_rollover_retention_period</code> (integer, Minimum: 1, Maximum: 2147483647). How long audit history indices are kept in days.</li> <li><code>override_main_response_version</code> (boolean). Compatibility mode sets OpenSearch to report its version as 7.10 so clients continue to work. Default is false.</li> <li><code>reindex_remote_whitelist</code> (array of strings, MaxItems: 32). Whitelisted addresses for reindexing. Changing this value will cause all OpenSearch instances to restart.</li> <li><code>script_max_compilations_rate</code> (string, MaxLength: 1024). Script compilation circuit breaker limits the number of inline script compilations within a period of time. Default is use-context.</li> <li><code>search_max_buckets</code> (integer, Minimum: 1, Maximum: 1000000). Maximum number of aggregation buckets allowed in a single response. OpenSearch default value is used when this is not defined.</li> <li><code>thread_pool_analyze_queue_size</code> (integer, Minimum: 10, Maximum: 2000). Size for the thread pool queue. See documentation for exact details.</li> <li><code>thread_pool_analyze_size</code> (integer, Minimum: 1, Maximum: 128). Size for the thread pool. See documentation for exact details. Do note this may have maximum value depending on CPU count - value is automatically lowered if set to higher than maximum value.</li> <li><code>thread_pool_force_merge_size</code> (integer, Minimum: 1, Maximum: 128). Size for the thread pool. See documentation for exact details. Do note this may have maximum value depending on CPU count - value is automatically lowered if set to higher than maximum value.</li> <li><code>thread_pool_get_queue_size</code> (integer, Minimum: 10, Maximum: 2000). Size for the thread pool queue. See documentation for exact details.</li> <li><code>thread_pool_get_size</code> (integer, Minimum: 1, Maximum: 128). Size for the thread pool. See documentation for exact details. Do note this may have maximum value depending on CPU count - value is automatically lowered if set to higher than maximum value.</li> <li><code>thread_pool_search_queue_size</code> (integer, Minimum: 10, Maximum: 2000). Size for the thread pool queue. See documentation for exact details.</li> <li><code>thread_pool_search_size</code> (integer, Minimum: 1, Maximum: 128). Size for the thread pool. See documentation for exact details. Do note this may have maximum value depending on CPU count - value is automatically lowered if set to higher than maximum value.</li> <li><code>thread_pool_search_throttled_queue_size</code> (integer, Minimum: 10, Maximum: 2000). Size for the thread pool queue. See documentation for exact details.</li> <li><code>thread_pool_search_throttled_size</code> (integer, Minimum: 1, Maximum: 128). Size for the thread pool. See documentation for exact details. Do note this may have maximum value depending on CPU count - value is automatically lowered if set to higher than maximum value.</li> <li><code>thread_pool_write_queue_size</code> (integer, Minimum: 10, Maximum: 2000). Size for the thread pool queue. See documentation for exact details.</li> <li><code>thread_pool_write_size</code> (integer, Minimum: 1, Maximum: 128). Size for the thread pool. See documentation for exact details. Do note this may have maximum value depending on CPU count - value is automatically lowered if set to higher than maximum value.</li> </ul>"},{"location":"api-reference/opensearch.html#spec.userConfig.opensearch.auth_failure_listeners","title":"auth_failure_listeners","text":"<p>Appears on <code>spec.userConfig.opensearch</code>.</p> <p>Opensearch Security Plugin Settings.</p> <p>Optional</p> <ul> <li><code>internal_authentication_backend_limiting</code> (object).  See below for nested schema.</li> <li><code>ip_rate_limiting</code> (object). IP address rate limiting settings. See below for nested schema.</li> </ul>"},{"location":"api-reference/opensearch.html#spec.userConfig.opensearch.auth_failure_listeners.internal_authentication_backend_limiting","title":"internal_authentication_backend_limiting","text":"<p>Appears on <code>spec.userConfig.opensearch.auth_failure_listeners</code>.</p> <p>Optional</p> <ul> <li><code>allowed_tries</code> (integer, Minimum: 0, Maximum: 2147483647). The number of login attempts allowed before login is blocked.</li> <li><code>authentication_backend</code> (string, Enum: <code>internal</code>, MaxLength: 1024). internal_authentication_backend_limiting.authentication_backend.</li> <li><code>block_expiry_seconds</code> (integer, Minimum: 0, Maximum: 2147483647). The duration of time that login remains blocked after a failed login.</li> <li><code>max_blocked_clients</code> (integer, Minimum: 0, Maximum: 2147483647). internal_authentication_backend_limiting.max_blocked_clients.</li> <li><code>max_tracked_clients</code> (integer, Minimum: 0, Maximum: 2147483647). The maximum number of tracked IP addresses that have failed login.</li> <li><code>time_window_seconds</code> (integer, Minimum: 0, Maximum: 2147483647). The window of time in which the value for <code>allowed_tries</code> is enforced.</li> <li><code>type</code> (string, Enum: <code>username</code>, MaxLength: 1024). internal_authentication_backend_limiting.type.</li> </ul>"},{"location":"api-reference/opensearch.html#spec.userConfig.opensearch.auth_failure_listeners.ip_rate_limiting","title":"ip_rate_limiting","text":"<p>Appears on <code>spec.userConfig.opensearch.auth_failure_listeners</code>.</p> <p>IP address rate limiting settings.</p> <p>Optional</p> <ul> <li><code>allowed_tries</code> (integer, Minimum: 1, Maximum: 2147483647). The number of login attempts allowed before login is blocked.</li> <li><code>block_expiry_seconds</code> (integer, Minimum: 1, Maximum: 36000). The duration of time that login remains blocked after a failed login.</li> <li><code>max_blocked_clients</code> (integer, Minimum: 0, Maximum: 2147483647). The maximum number of blocked IP addresses.</li> <li><code>max_tracked_clients</code> (integer, Minimum: 0, Maximum: 2147483647). The maximum number of tracked IP addresses that have failed login.</li> <li><code>time_window_seconds</code> (integer, Minimum: 1, Maximum: 36000). The window of time in which the value for <code>allowed_tries</code> is enforced.</li> <li><code>type</code> (string, Enum: <code>ip</code>, MaxLength: 1024). The type of rate limiting.</li> </ul>"},{"location":"api-reference/opensearch.html#spec.userConfig.opensearch_dashboards","title":"opensearch_dashboards","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>OpenSearch Dashboards settings.</p> <p>Optional</p> <ul> <li><code>enabled</code> (boolean). Enable or disable OpenSearch Dashboards.</li> <li><code>max_old_space_size</code> (integer, Minimum: 64, Maximum: 2048). Limits the maximum amount of memory (in MiB) the OpenSearch Dashboards process can use. This sets the max_old_space_size option of the nodejs running the OpenSearch Dashboards. Note: the memory reserved by OpenSearch Dashboards is not available for OpenSearch.</li> <li><code>opensearch_request_timeout</code> (integer, Minimum: 5000, Maximum: 120000). Timeout in milliseconds for requests made by OpenSearch Dashboards towards OpenSearch.</li> </ul>"},{"location":"api-reference/opensearch.html#spec.userConfig.private_access","title":"private_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from private networks.</p> <p>Optional</p> <ul> <li><code>opensearch</code> (boolean). Allow clients to connect to opensearch with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> <li><code>opensearch_dashboards</code> (boolean). Allow clients to connect to opensearch_dashboards with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> </ul>"},{"location":"api-reference/opensearch.html#spec.userConfig.privatelink_access","title":"privatelink_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service components through Privatelink.</p> <p>Optional</p> <ul> <li><code>opensearch</code> (boolean). Enable opensearch.</li> <li><code>opensearch_dashboards</code> (boolean). Enable opensearch_dashboards.</li> <li><code>prometheus</code> (boolean). Enable prometheus.</li> </ul>"},{"location":"api-reference/opensearch.html#spec.userConfig.public_access","title":"public_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from the public Internet.</p> <p>Optional</p> <ul> <li><code>opensearch</code> (boolean). Allow clients to connect to opensearch from the public internet for service nodes that are in a project VPC or another type of private network.</li> <li><code>opensearch_dashboards</code> (boolean). Allow clients to connect to opensearch_dashboards from the public internet for service nodes that are in a project VPC or another type of private network.</li> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus from the public internet for service nodes that are in a project VPC or another type of private network.</li> </ul>"},{"location":"api-reference/opensearch.html#spec.userConfig.saml","title":"saml","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>OpenSearch SAML configuration.</p> <p>Required</p> <ul> <li><code>enabled</code> (boolean). Enables or disables SAML-based authentication for OpenSearch. When enabled, users can authenticate using SAML with an Identity Provider.</li> <li><code>idp_entity_id</code> (string, MinLength: 1, MaxLength: 1024). The unique identifier for the Identity Provider (IdP) entity that is used for SAML authentication. This value is typically provided by the IdP.</li> <li><code>idp_metadata_url</code> (string, MinLength: 1, MaxLength: 2048). The URL of the SAML metadata for the Identity Provider (IdP). This is used to configure SAML-based authentication with the IdP.</li> <li><code>sp_entity_id</code> (string, MinLength: 1, MaxLength: 1024). The unique identifier for the Service Provider (SP) entity that is used for SAML authentication. This value is typically provided by the SP.</li> </ul> <p>Optional</p> <ul> <li><code>idp_pemtrustedcas_content</code> (string, MaxLength: 16384). This parameter specifies the PEM-encoded root certificate authority (CA) content for the SAML identity provider (IdP) server verification. The root CA content is used to verify the SSL/TLS certificate presented by the server.</li> <li><code>roles_key</code> (string, MinLength: 1, MaxLength: 256). Optional. Specifies the attribute in the SAML response where role information is stored, if available. Role attributes are not required for SAML authentication, but can be included in SAML assertions by most Identity Providers (IdPs) to determine user access levels or permissions.</li> <li><code>subject_key</code> (string, MinLength: 1, MaxLength: 256). Optional. Specifies the attribute in the SAML response where the subject identifier is stored. If not configured, the NameID attribute is used by default.</li> </ul>"},{"location":"api-reference/postgresql.html","title":"PostgreSQL","text":""},{"location":"api-reference/postgresql.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: PostgreSQL\nmetadata:\n  name: my-postgresql\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: postgresql-secret\n    prefix: MY_SECRET_PREFIX_\n    annotations:\n      foo: bar\n    labels:\n      baz: egg\n\n  project: aiven-project-name\n  cloudName: google-europe-west1\n  plan: startup-4\n\n  maintenanceWindowDow: sunday\n  maintenanceWindowTime: 11:00:00\n\n  userConfig:\n    pg_version: \"15\"\n</code></pre>"},{"location":"api-reference/postgresql.html#PostgreSQL","title":"PostgreSQL","text":"<p>PostgreSQL is the Schema for the postgresql API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>PostgreSQL</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). PostgreSQLSpec defines the desired state of postgres instance. See below for nested schema.</li> </ul>"},{"location":"api-reference/postgresql.html#spec","title":"spec","text":"<p>Appears on <code>PostgreSQL</code>.</p> <p>PostgreSQLSpec defines the desired state of postgres instance.</p> <p>Required</p> <ul> <li><code>plan</code> (string, MaxLength: 128). Subscription plan.</li> <li><code>project</code> (string, Immutable, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Target project.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>cloudName</code> (string, MaxLength: 256). Cloud the service runs in.</li> <li><code>connInfoSecretTarget</code> (object). Information regarding secret creation. Exposed keys: <code>POSTGRESQL_HOST</code>, <code>POSTGRESQL_PORT</code>, <code>POSTGRESQL_DATABASE</code>, <code>POSTGRESQL_USER</code>, <code>POSTGRESQL_PASSWORD</code>, <code>POSTGRESQL_SSLMODE</code>, <code>POSTGRESQL_DATABASE_URI</code>. See below for nested schema.</li> <li><code>disk_space</code> (string, Format: <code>^[1-9][0-9]*(GiB|G)*</code>). The disk space of the service, possible values depend on the service type, the cloud provider and the project. Reducing will result in the service re-balancing.</li> <li><code>maintenanceWindowDow</code> (string, Enum: <code>monday</code>, <code>tuesday</code>, <code>wednesday</code>, <code>thursday</code>, <code>friday</code>, <code>saturday</code>, <code>sunday</code>). Day of week when maintenance operations should be performed. One monday, tuesday, wednesday, etc.</li> <li><code>maintenanceWindowTime</code> (string, MaxLength: 8). Time of day when maintenance operations should be performed. UTC time in HH:mm:ss format.</li> <li><code>projectVPCRef</code> (object). ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically. See below for nested schema.</li> <li><code>projectVpcId</code> (string, MaxLength: 36). Identifier of the VPC the service should be in, if any.</li> <li><code>serviceIntegrations</code> (array of objects, Immutable, MaxItems: 1). Service integrations to specify when creating a service. Not applied after initial service creation. See below for nested schema.</li> <li><code>tags</code> (object, AdditionalProperties: string). Tags are key-value pairs that allow you to categorize services.</li> <li><code>terminationProtection</code> (boolean). Prevent service from being deleted. It is recommended to have this enabled for all services.</li> <li><code>userConfig</code> (object). PostgreSQL specific user configuration options. See below for nested schema.</li> </ul>"},{"location":"api-reference/postgresql.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/postgresql.html#spec.connInfoSecretTarget","title":"connInfoSecretTarget","text":"<p>Appears on <code>spec</code>.</p> <p>Information regarding secret creation. Exposed keys: <code>POSTGRESQL_HOST</code>, <code>POSTGRESQL_PORT</code>, <code>POSTGRESQL_DATABASE</code>, <code>POSTGRESQL_USER</code>, <code>POSTGRESQL_PASSWORD</code>, <code>POSTGRESQL_SSLMODE</code>, <code>POSTGRESQL_DATABASE_URI</code>.</p> <p>Required</p> <ul> <li><code>name</code> (string). Name of the secret resource to be created. By default, is equal to the resource name.</li> </ul> <p>Optional</p> <ul> <li><code>annotations</code> (object, AdditionalProperties: string). Annotations added to the secret.</li> <li><code>labels</code> (object, AdditionalProperties: string). Labels added to the secret.</li> <li><code>prefix</code> (string). Prefix for the secret's keys. Added \"as is\" without any transformations. By default, is equal to the kind name in uppercase + underscore, e.g. <code>KAFKA_</code>, <code>REDIS_</code>, etc.</li> </ul>"},{"location":"api-reference/postgresql.html#spec.projectVPCRef","title":"projectVPCRef","text":"<p>Appears on <code>spec</code>.</p> <p>ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically.</p> <p>Required</p> <ul> <li><code>name</code> (string, MinLength: 1). </li> </ul> <p>Optional</p> <ul> <li><code>namespace</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/postgresql.html#spec.serviceIntegrations","title":"serviceIntegrations","text":"<p>Appears on <code>spec</code>.</p> <p>Service integrations to specify when creating a service. Not applied after initial service creation.</p> <p>Required</p> <ul> <li><code>integrationType</code> (string, Enum: <code>read_replica</code>). </li> <li><code>sourceServiceName</code> (string, MinLength: 1, MaxLength: 64). </li> </ul>"},{"location":"api-reference/postgresql.html#spec.userConfig","title":"userConfig","text":"<p>Appears on <code>spec</code>.</p> <p>PostgreSQL specific user configuration options.</p> <p>Optional</p> <ul> <li><code>additional_backup_regions</code> (array of strings, MaxItems: 1). Additional Cloud Regions for Backup Replication.</li> <li><code>admin_password</code> (string, Immutable, Pattern: <code>^[a-zA-Z0-9-_]+$</code>, MinLength: 8, MaxLength: 256). Custom password for admin user. Defaults to random string. This must be set only when a new service is being created.</li> <li><code>admin_username</code> (string, Immutable, Pattern: <code>^[_A-Za-z0-9][-._A-Za-z0-9]{0,63}$</code>, MaxLength: 64). Custom username for admin user. This must be set only when a new service is being created.</li> <li><code>backup_hour</code> (integer, Minimum: 0, Maximum: 23). The hour of day (in UTC) when backup for the service is started. New backup is only started if previous backup has already completed.</li> <li><code>backup_minute</code> (integer, Minimum: 0, Maximum: 59). The minute of an hour when backup for the service is started. New backup is only started if previous backup has already completed.</li> <li><code>enable_ipv6</code> (boolean). Register AAAA DNS records for the service, and allow IPv6 packets to service ports.</li> <li><code>ip_filter</code> (array of objects, MaxItems: 1024). Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>. See below for nested schema.</li> <li><code>migration</code> (object). Migrate data from existing server. See below for nested schema.</li> <li><code>pg</code> (object). postgresql.conf configuration values. See below for nested schema.</li> <li><code>pg_read_replica</code> (boolean). Should the service which is being forked be a read replica (deprecated, use read_replica service integration instead).</li> <li><code>pg_service_to_fork_from</code> (string, Immutable, MaxLength: 64). Name of the PG Service from which to fork (deprecated, use service_to_fork_from). This has effect only when a new service is being created.</li> <li><code>pg_stat_monitor_enable</code> (boolean). Enable the pg_stat_monitor extension. Enabling this extension will cause the cluster to be restarted.When this extension is enabled, pg_stat_statements results for utility commands are unreliable.</li> <li><code>pg_version</code> (string, Enum: <code>11</code>, <code>12</code>, <code>13</code>, <code>14</code>, <code>15</code>). PostgreSQL major version.</li> <li><code>pgbouncer</code> (object). PGBouncer connection pooling settings. See below for nested schema.</li> <li><code>pglookout</code> (object). PGLookout settings. See below for nested schema.</li> <li><code>private_access</code> (object). Allow access to selected service ports from private networks. See below for nested schema.</li> <li><code>privatelink_access</code> (object). Allow access to selected service components through Privatelink. See below for nested schema.</li> <li><code>project_to_fork_from</code> (string, Immutable, MaxLength: 63). Name of another project to fork a service from. This has effect only when a new service is being created.</li> <li><code>public_access</code> (object). Allow access to selected service ports from the public Internet. See below for nested schema.</li> <li><code>recovery_target_time</code> (string, Immutable, MaxLength: 32). Recovery target time when forking a service. This has effect only when a new service is being created.</li> <li><code>service_to_fork_from</code> (string, Immutable, MaxLength: 64). Name of another service to fork from. This has effect only when a new service is being created.</li> <li><code>shared_buffers_percentage</code> (number, Minimum: 20, Maximum: 60). Percentage of total RAM that the database server uses for shared memory buffers. Valid range is 20-60 (float), which corresponds to 20% - 60%. This setting adjusts the shared_buffers configuration value.</li> <li><code>static_ips</code> (boolean). Use static public IP addresses.</li> <li><code>synchronous_replication</code> (string, Enum: <code>quorum</code>, <code>off</code>). Synchronous replication type. Note that the service plan also needs to support synchronous replication.</li> <li><code>timescaledb</code> (object). TimescaleDB extension configuration values. See below for nested schema.</li> <li><code>variant</code> (string, Enum: <code>aiven</code>, <code>timescale</code>). Variant of the PostgreSQL service, may affect the features that are exposed by default.</li> <li><code>work_mem</code> (integer, Minimum: 1, Maximum: 1024). Sets the maximum amount of memory to be used by a query operation (such as a sort or hash table) before writing to temporary disk files, in MB. Default is 1MB + 0.075% of total RAM (up to 32MB).</li> </ul>"},{"location":"api-reference/postgresql.html#spec.userConfig.ip_filter","title":"ip_filter","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>.</p> <p>Required</p> <ul> <li><code>network</code> (string, MaxLength: 43). CIDR address block.</li> </ul> <p>Optional</p> <ul> <li><code>description</code> (string, MaxLength: 1024). Description for IP filter list entry.</li> </ul>"},{"location":"api-reference/postgresql.html#spec.userConfig.migration","title":"migration","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Migrate data from existing server.</p> <p>Required</p> <ul> <li><code>host</code> (string, MaxLength: 255). Hostname or IP address of the server where to migrate data from.</li> <li><code>port</code> (integer, Minimum: 1, Maximum: 65535). Port number of the server where to migrate data from.</li> </ul> <p>Optional</p> <ul> <li><code>dbname</code> (string, MaxLength: 63). Database name for bootstrapping the initial connection.</li> <li><code>ignore_dbs</code> (string, MaxLength: 2048). Comma-separated list of databases, which should be ignored during migration (supported by MySQL and PostgreSQL only at the moment).</li> <li><code>method</code> (string, Enum: <code>dump</code>, <code>replication</code>). The migration method to be used (currently supported only by Redis, Dragonfly, MySQL and PostgreSQL service types).</li> <li><code>password</code> (string, MaxLength: 256). Password for authentication with the server where to migrate data from.</li> <li><code>ssl</code> (boolean). The server where to migrate data from is secured with SSL.</li> <li><code>username</code> (string, MaxLength: 256). User name for authentication with the server where to migrate data from.</li> </ul>"},{"location":"api-reference/postgresql.html#spec.userConfig.pg","title":"pg","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>postgresql.conf configuration values.</p> <p>Optional</p> <ul> <li><code>autovacuum_analyze_scale_factor</code> (number, Minimum: 0, Maximum: 1). Specifies a fraction of the table size to add to autovacuum_analyze_threshold when deciding whether to trigger an ANALYZE. The default is 0.2 (20% of table size).</li> <li><code>autovacuum_analyze_threshold</code> (integer, Minimum: 0, Maximum: 2147483647). Specifies the minimum number of inserted, updated or deleted tuples needed to trigger an  ANALYZE in any one table. The default is 50 tuples.</li> <li><code>autovacuum_freeze_max_age</code> (integer, Minimum: 200000000, Maximum: 1500000000). Specifies the maximum age (in transactions) that a table's pg_class.relfrozenxid field can attain before a VACUUM operation is forced to prevent transaction ID wraparound within the table. Note that the system will launch autovacuum processes to prevent wraparound even when autovacuum is otherwise disabled. This parameter will cause the server to be restarted.</li> <li><code>autovacuum_max_workers</code> (integer, Minimum: 1, Maximum: 20). Specifies the maximum number of autovacuum processes (other than the autovacuum launcher) that may be running at any one time. The default is three. This parameter can only be set at server start.</li> <li><code>autovacuum_naptime</code> (integer, Minimum: 1, Maximum: 86400). Specifies the minimum delay between autovacuum runs on any given database. The delay is measured in seconds, and the default is one minute.</li> <li><code>autovacuum_vacuum_cost_delay</code> (integer, Minimum: -1, Maximum: 100). Specifies the cost delay value that will be used in automatic VACUUM operations. If -1 is specified, the regular vacuum_cost_delay value will be used. The default value is 20 milliseconds.</li> <li><code>autovacuum_vacuum_cost_limit</code> (integer, Minimum: -1, Maximum: 10000). Specifies the cost limit value that will be used in automatic VACUUM operations. If -1 is specified (which is the default), the regular vacuum_cost_limit value will be used.</li> <li><code>autovacuum_vacuum_scale_factor</code> (number, Minimum: 0, Maximum: 1). Specifies a fraction of the table size to add to autovacuum_vacuum_threshold when deciding whether to trigger a VACUUM. The default is 0.2 (20% of table size).</li> <li><code>autovacuum_vacuum_threshold</code> (integer, Minimum: 0, Maximum: 2147483647). Specifies the minimum number of updated or deleted tuples needed to trigger a VACUUM in any one table. The default is 50 tuples.</li> <li><code>bgwriter_delay</code> (integer, Minimum: 10, Maximum: 10000). Specifies the delay between activity rounds for the background writer in milliseconds. Default is 200.</li> <li><code>bgwriter_flush_after</code> (integer, Minimum: 0, Maximum: 2048). Whenever more than bgwriter_flush_after bytes have been written by the background writer, attempt to force the OS to issue these writes to the underlying storage. Specified in kilobytes, default is 512. Setting of 0 disables forced writeback.</li> <li><code>bgwriter_lru_maxpages</code> (integer, Minimum: 0, Maximum: 1073741823). In each round, no more than this many buffers will be written by the background writer. Setting this to zero disables background writing. Default is 100.</li> <li><code>bgwriter_lru_multiplier</code> (number, Minimum: 0, Maximum: 10). The average recent need for new buffers is multiplied by bgwriter_lru_multiplier to arrive at an estimate of the number that will be needed during the next round, (up to bgwriter_lru_maxpages). 1.0 represents a \u201cjust in time\u201d policy of writing exactly the number of buffers predicted to be needed. Larger values provide some cushion against spikes in demand, while smaller values intentionally leave writes to be done by server processes. The default is 2.0.</li> <li><code>deadlock_timeout</code> (integer, Minimum: 500, Maximum: 1800000). This is the amount of time, in milliseconds, to wait on a lock before checking to see if there is a deadlock condition.</li> <li><code>default_toast_compression</code> (string, Enum: <code>lz4</code>, <code>pglz</code>). Specifies the default TOAST compression method for values of compressible columns (the default is lz4).</li> <li><code>idle_in_transaction_session_timeout</code> (integer, Minimum: 0, Maximum: 604800000). Time out sessions with open transactions after this number of milliseconds.</li> <li><code>jit</code> (boolean). Controls system-wide use of Just-in-Time Compilation (JIT).</li> <li><code>log_autovacuum_min_duration</code> (integer, Minimum: -1, Maximum: 2147483647). Causes each action executed by autovacuum to be logged if it ran for at least the specified number of milliseconds. Setting this to zero logs all autovacuum actions. Minus-one (the default) disables logging autovacuum actions.</li> <li><code>log_error_verbosity</code> (string, Enum: <code>TERSE</code>, <code>DEFAULT</code>, <code>VERBOSE</code>). Controls the amount of detail written in the server log for each message that is logged.</li> <li><code>log_line_prefix</code> (string, Enum: <code>'pid=%p,user=%u,db=%d,app=%a,client=%h '</code>, <code>'%t [%p]: [%l-1] user=%u,db=%d,app=%a,client=%h '</code>, <code>'%m [%p] %q[user=%u,db=%d,app=%a] '</code>). Choose from one of the available log-formats. These can support popular log analyzers like pgbadger, pganalyze etc.</li> <li><code>log_min_duration_statement</code> (integer, Minimum: -1, Maximum: 86400000). Log statements that take more than this number of milliseconds to run, -1 disables.</li> <li><code>log_temp_files</code> (integer, Minimum: -1, Maximum: 2147483647). Log statements for each temporary file created larger than this number of kilobytes, -1 disables.</li> <li><code>max_files_per_process</code> (integer, Minimum: 1000, Maximum: 4096). PostgreSQL maximum number of files that can be open per process.</li> <li><code>max_locks_per_transaction</code> (integer, Minimum: 64, Maximum: 6400). PostgreSQL maximum locks per transaction.</li> <li><code>max_logical_replication_workers</code> (integer, Minimum: 4, Maximum: 64). PostgreSQL maximum logical replication workers (taken from the pool of max_parallel_workers).</li> <li><code>max_parallel_workers</code> (integer, Minimum: 0, Maximum: 96). Sets the maximum number of workers that the system can support for parallel queries.</li> <li><code>max_parallel_workers_per_gather</code> (integer, Minimum: 0, Maximum: 96). Sets the maximum number of workers that can be started by a single Gather or Gather Merge node.</li> <li><code>max_pred_locks_per_transaction</code> (integer, Minimum: 64, Maximum: 5120). PostgreSQL maximum predicate locks per transaction.</li> <li><code>max_prepared_transactions</code> (integer, Minimum: 0, Maximum: 10000). PostgreSQL maximum prepared transactions.</li> <li><code>max_replication_slots</code> (integer, Minimum: 8, Maximum: 64). PostgreSQL maximum replication slots.</li> <li><code>max_slot_wal_keep_size</code> (integer, Minimum: -1, Maximum: 2147483647). PostgreSQL maximum WAL size (MB) reserved for replication slots. Default is -1 (unlimited). wal_keep_size minimum WAL size setting takes precedence over this.</li> <li><code>max_stack_depth</code> (integer, Minimum: 2097152, Maximum: 6291456). Maximum depth of the stack in bytes.</li> <li><code>max_standby_archive_delay</code> (integer, Minimum: 1, Maximum: 43200000). Max standby archive delay in milliseconds.</li> <li><code>max_standby_streaming_delay</code> (integer, Minimum: 1, Maximum: 43200000). Max standby streaming delay in milliseconds.</li> <li><code>max_wal_senders</code> (integer, Minimum: 20, Maximum: 64). PostgreSQL maximum WAL senders.</li> <li><code>max_worker_processes</code> (integer, Minimum: 8, Maximum: 96). Sets the maximum number of background processes that the system can support.</li> <li><code>pg_partman_bgw.interval</code> (integer, Minimum: 3600, Maximum: 604800). Sets the time interval to run pg_partman's scheduled tasks.</li> <li><code>pg_partman_bgw.role</code> (string, Pattern: <code>^[_A-Za-z0-9][-._A-Za-z0-9]{0,63}$</code>, MaxLength: 64). Controls which role to use for pg_partman's scheduled background tasks.</li> <li><code>pg_stat_monitor.pgsm_enable_query_plan</code> (boolean). Enables or disables query plan monitoring.</li> <li><code>pg_stat_monitor.pgsm_max_buckets</code> (integer, Minimum: 1, Maximum: 10). Sets the maximum number of buckets.</li> <li><code>pg_stat_statements.track</code> (string, Enum: <code>all</code>, <code>top</code>, <code>none</code>). Controls which statements are counted. Specify top to track top-level statements (those issued directly by clients), all to also track nested statements (such as statements invoked within functions), or none to disable statement statistics collection. The default value is top.</li> <li><code>temp_file_limit</code> (integer, Minimum: -1, Maximum: 2147483647). PostgreSQL temporary file limit in KiB, -1 for unlimited.</li> <li><code>timezone</code> (string, MaxLength: 64). PostgreSQL service timezone.</li> <li><code>track_activity_query_size</code> (integer, Minimum: 1024, Maximum: 10240). Specifies the number of bytes reserved to track the currently executing command for each active session.</li> <li><code>track_commit_timestamp</code> (string, Enum: <code>off</code>, <code>on</code>). Record commit time of transactions.</li> <li><code>track_functions</code> (string, Enum: <code>all</code>, <code>pl</code>, <code>none</code>). Enables tracking of function call counts and time used.</li> <li><code>track_io_timing</code> (string, Enum: <code>off</code>, <code>on</code>). Enables timing of database I/O calls. This parameter is off by default, because it will repeatedly query the operating system for the current time, which may cause significant overhead on some platforms.</li> <li><code>wal_sender_timeout</code> (integer). Terminate replication connections that are inactive for longer than this amount of time, in milliseconds. Setting this value to zero disables the timeout.</li> <li><code>wal_writer_delay</code> (integer, Minimum: 10, Maximum: 200). WAL flush interval in milliseconds. Note that setting this value to lower than the default 200ms may negatively impact performance.</li> </ul>"},{"location":"api-reference/postgresql.html#spec.userConfig.pgbouncer","title":"pgbouncer","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>PGBouncer connection pooling settings.</p> <p>Optional</p> <ul> <li><code>autodb_idle_timeout</code> (integer, Minimum: 0, Maximum: 86400). If the automatically created database pools have been unused this many seconds, they are freed. If 0 then timeout is disabled. [seconds].</li> <li><code>autodb_max_db_connections</code> (integer, Minimum: 0, Maximum: 2147483647). Do not allow more than this many server connections per database (regardless of user). Setting it to 0 means unlimited.</li> <li><code>autodb_pool_mode</code> (string, Enum: <code>session</code>, <code>transaction</code>, <code>statement</code>). PGBouncer pool mode.</li> <li><code>autodb_pool_size</code> (integer, Minimum: 0, Maximum: 10000). If non-zero then create automatically a pool of that size per user when a pool doesn't exist.</li> <li><code>ignore_startup_parameters</code> (array of strings, MaxItems: 32). List of parameters to ignore when given in startup packet.</li> <li><code>min_pool_size</code> (integer, Minimum: 0, Maximum: 10000). Add more server connections to pool if below this number. Improves behavior when usual load comes suddenly back after period of total inactivity. The value is effectively capped at the pool size.</li> <li><code>server_idle_timeout</code> (integer, Minimum: 0, Maximum: 86400). If a server connection has been idle more than this many seconds it will be dropped. If 0 then timeout is disabled. [seconds].</li> <li><code>server_lifetime</code> (integer, Minimum: 60, Maximum: 86400). The pooler will close an unused server connection that has been connected longer than this. [seconds].</li> <li><code>server_reset_query_always</code> (boolean). Run server_reset_query (DISCARD ALL) in all pooling modes.</li> </ul>"},{"location":"api-reference/postgresql.html#spec.userConfig.pglookout","title":"pglookout","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>PGLookout settings.</p> <p>Required</p> <ul> <li><code>max_failover_replication_time_lag</code> (integer, Minimum: 10). Number of seconds of master unavailability before triggering database failover to standby.</li> </ul>"},{"location":"api-reference/postgresql.html#spec.userConfig.private_access","title":"private_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from private networks.</p> <p>Optional</p> <ul> <li><code>pg</code> (boolean). Allow clients to connect to pg with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> <li><code>pgbouncer</code> (boolean). Allow clients to connect to pgbouncer with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> </ul>"},{"location":"api-reference/postgresql.html#spec.userConfig.privatelink_access","title":"privatelink_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service components through Privatelink.</p> <p>Optional</p> <ul> <li><code>pg</code> (boolean). Enable pg.</li> <li><code>pgbouncer</code> (boolean). Enable pgbouncer.</li> <li><code>prometheus</code> (boolean). Enable prometheus.</li> </ul>"},{"location":"api-reference/postgresql.html#spec.userConfig.public_access","title":"public_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from the public Internet.</p> <p>Optional</p> <ul> <li><code>pg</code> (boolean). Allow clients to connect to pg from the public internet for service nodes that are in a project VPC or another type of private network.</li> <li><code>pgbouncer</code> (boolean). Allow clients to connect to pgbouncer from the public internet for service nodes that are in a project VPC or another type of private network.</li> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus from the public internet for service nodes that are in a project VPC or another type of private network.</li> </ul>"},{"location":"api-reference/postgresql.html#spec.userConfig.timescaledb","title":"timescaledb","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>TimescaleDB extension configuration values.</p> <p>Required</p> <ul> <li><code>max_background_workers</code> (integer, Minimum: 1, Maximum: 4096). The number of background workers for timescaledb operations. You should configure this setting to the sum of your number of databases and the total number of concurrent background workers you want running at any given point in time.</li> </ul>"},{"location":"api-reference/project.html","title":"Project","text":""},{"location":"api-reference/project.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: Project\nmetadata:\n  name: my-project\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: project-secret\n    prefix: MY_SECRET_PREFIX_\n    annotations:\n      foo: bar\n    labels:\n      baz: egg\n\n  tags:\n    env: prod\n\n  billingAddress: NYC\n  cloud: aws-eu-west-1\n</code></pre>"},{"location":"api-reference/project.html#Project","title":"Project","text":"<p>Project is the Schema for the projects API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>Project</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). ProjectSpec defines the desired state of Project. See below for nested schema.</li> </ul>"},{"location":"api-reference/project.html#spec","title":"spec","text":"<p>Appears on <code>Project</code>.</p> <p>ProjectSpec defines the desired state of Project.</p> <p>Optional</p> <ul> <li><code>accountId</code> (string, MaxLength: 32). Account ID.</li> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>billingAddress</code> (string, MaxLength: 1000). Billing name and address of the project.</li> <li><code>billingCurrency</code> (string, Enum: <code>AUD</code>, <code>CAD</code>, <code>CHF</code>, <code>DKK</code>, <code>EUR</code>, <code>GBP</code>, <code>NOK</code>, <code>SEK</code>, <code>USD</code>). Billing currency.</li> <li><code>billingEmails</code> (array of strings, MaxItems: 10). Billing contact emails of the project.</li> <li><code>billingExtraText</code> (string, MaxLength: 1000). Extra text to be included in all project invoices, e.g. purchase order or cost center number.</li> <li><code>billingGroupId</code> (string, MinLength: 36, MaxLength: 36). BillingGroup ID.</li> <li><code>cardId</code> (string, MaxLength: 64). Credit card ID; The ID may be either last 4 digits of the card or the actual ID.</li> <li><code>cloud</code> (string, MaxLength: 256). Target cloud, example: aws-eu-central-1.</li> <li><code>connInfoSecretTarget</code> (object). Information regarding secret creation. Exposed keys: <code>PROJECT_CA_CERT</code>. See below for nested schema.</li> <li><code>copyFromProject</code> (string, MaxLength: 63). Project name from which to copy settings to the new project.</li> <li><code>countryCode</code> (string, MinLength: 2, MaxLength: 2). Billing country code of the project.</li> <li><code>tags</code> (object, AdditionalProperties: string). Tags are key-value pairs that allow you to categorize projects.</li> <li><code>technicalEmails</code> (array of strings, MaxItems: 10). Technical contact emails of the project.</li> </ul>"},{"location":"api-reference/project.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/project.html#spec.connInfoSecretTarget","title":"connInfoSecretTarget","text":"<p>Appears on <code>spec</code>.</p> <p>Information regarding secret creation. Exposed keys: <code>PROJECT_CA_CERT</code>.</p> <p>Required</p> <ul> <li><code>name</code> (string). Name of the secret resource to be created. By default, is equal to the resource name.</li> </ul> <p>Optional</p> <ul> <li><code>annotations</code> (object, AdditionalProperties: string). Annotations added to the secret.</li> <li><code>labels</code> (object, AdditionalProperties: string). Labels added to the secret.</li> <li><code>prefix</code> (string). Prefix for the secret's keys. Added \"as is\" without any transformations. By default, is equal to the kind name in uppercase + underscore, e.g. <code>KAFKA_</code>, <code>REDIS_</code>, etc.</li> </ul>"},{"location":"api-reference/projectvpc.html","title":"ProjectVPC","text":""},{"location":"api-reference/projectvpc.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: ProjectVPC\nmetadata:\n  name: my-project-vpc\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: aiven-project-name\n  cloudName: google-europe-west1\n  networkCidr: 10.0.0.0/24\n</code></pre>"},{"location":"api-reference/projectvpc.html#ProjectVPC","title":"ProjectVPC","text":"<p>ProjectVPC is the Schema for the projectvpcs API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>ProjectVPC</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). ProjectVPCSpec defines the desired state of ProjectVPC. See below for nested schema.</li> </ul>"},{"location":"api-reference/projectvpc.html#spec","title":"spec","text":"<p>Appears on <code>ProjectVPC</code>.</p> <p>ProjectVPCSpec defines the desired state of ProjectVPC.</p> <p>Required</p> <ul> <li><code>cloudName</code> (string, Immutable, MaxLength: 256). Cloud the VPC is in.</li> <li><code>networkCidr</code> (string, Immutable, MaxLength: 36). Network address range used by the VPC like 192.168.0.0/24.</li> <li><code>project</code> (string, Immutable, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). The project the VPC belongs to.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> </ul>"},{"location":"api-reference/projectvpc.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/redis.html","title":"Redis","text":""},{"location":"api-reference/redis.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: Redis\nmetadata:\n  name: k8s-redis\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: redis-token\n    prefix: MY_SECRET_PREFIX_\n    annotations:\n      foo: bar\n    labels:\n      baz: egg\n\n  project: my-aiven-project\n  cloudName: google-europe-west1\n  plan: startup-4\n\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n\n  userConfig:\n    redis_maxmemory_policy: \"allkeys-random\"\n</code></pre>"},{"location":"api-reference/redis.html#Redis","title":"Redis","text":"<p>Redis is the Schema for the redis API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>Redis</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). RedisSpec defines the desired state of Redis. See below for nested schema.</li> </ul>"},{"location":"api-reference/redis.html#spec","title":"spec","text":"<p>Appears on <code>Redis</code>.</p> <p>RedisSpec defines the desired state of Redis.</p> <p>Required</p> <ul> <li><code>plan</code> (string, MaxLength: 128). Subscription plan.</li> <li><code>project</code> (string, Immutable, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Target project.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>cloudName</code> (string, MaxLength: 256). Cloud the service runs in.</li> <li><code>connInfoSecretTarget</code> (object). Information regarding secret creation. Exposed keys: <code>REDIS_HOST</code>, <code>REDIS_PORT</code>, <code>REDIS_USER</code>, <code>REDIS_PASSWORD</code>. See below for nested schema.</li> <li><code>disk_space</code> (string, Format: <code>^[1-9][0-9]*(GiB|G)*</code>). The disk space of the service, possible values depend on the service type, the cloud provider and the project. Reducing will result in the service re-balancing.</li> <li><code>maintenanceWindowDow</code> (string, Enum: <code>monday</code>, <code>tuesday</code>, <code>wednesday</code>, <code>thursday</code>, <code>friday</code>, <code>saturday</code>, <code>sunday</code>). Day of week when maintenance operations should be performed. One monday, tuesday, wednesday, etc.</li> <li><code>maintenanceWindowTime</code> (string, MaxLength: 8). Time of day when maintenance operations should be performed. UTC time in HH:mm:ss format.</li> <li><code>projectVPCRef</code> (object). ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically. See below for nested schema.</li> <li><code>projectVpcId</code> (string, MaxLength: 36). Identifier of the VPC the service should be in, if any.</li> <li><code>serviceIntegrations</code> (array of objects, Immutable, MaxItems: 1). Service integrations to specify when creating a service. Not applied after initial service creation. See below for nested schema.</li> <li><code>tags</code> (object, AdditionalProperties: string). Tags are key-value pairs that allow you to categorize services.</li> <li><code>terminationProtection</code> (boolean). Prevent service from being deleted. It is recommended to have this enabled for all services.</li> <li><code>userConfig</code> (object). Redis specific user configuration options. See below for nested schema.</li> </ul>"},{"location":"api-reference/redis.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/redis.html#spec.connInfoSecretTarget","title":"connInfoSecretTarget","text":"<p>Appears on <code>spec</code>.</p> <p>Information regarding secret creation. Exposed keys: <code>REDIS_HOST</code>, <code>REDIS_PORT</code>, <code>REDIS_USER</code>, <code>REDIS_PASSWORD</code>.</p> <p>Required</p> <ul> <li><code>name</code> (string). Name of the secret resource to be created. By default, is equal to the resource name.</li> </ul> <p>Optional</p> <ul> <li><code>annotations</code> (object, AdditionalProperties: string). Annotations added to the secret.</li> <li><code>labels</code> (object, AdditionalProperties: string). Labels added to the secret.</li> <li><code>prefix</code> (string). Prefix for the secret's keys. Added \"as is\" without any transformations. By default, is equal to the kind name in uppercase + underscore, e.g. <code>KAFKA_</code>, <code>REDIS_</code>, etc.</li> </ul>"},{"location":"api-reference/redis.html#spec.projectVPCRef","title":"projectVPCRef","text":"<p>Appears on <code>spec</code>.</p> <p>ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically.</p> <p>Required</p> <ul> <li><code>name</code> (string, MinLength: 1). </li> </ul> <p>Optional</p> <ul> <li><code>namespace</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/redis.html#spec.serviceIntegrations","title":"serviceIntegrations","text":"<p>Appears on <code>spec</code>.</p> <p>Service integrations to specify when creating a service. Not applied after initial service creation.</p> <p>Required</p> <ul> <li><code>integrationType</code> (string, Enum: <code>read_replica</code>). </li> <li><code>sourceServiceName</code> (string, MinLength: 1, MaxLength: 64). </li> </ul>"},{"location":"api-reference/redis.html#spec.userConfig","title":"userConfig","text":"<p>Appears on <code>spec</code>.</p> <p>Redis specific user configuration options.</p> <p>Optional</p> <ul> <li><code>additional_backup_regions</code> (array of strings, MaxItems: 1). Additional Cloud Regions for Backup Replication.</li> <li><code>ip_filter</code> (array of objects, MaxItems: 1024). Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>. See below for nested schema.</li> <li><code>migration</code> (object). Migrate data from existing server. See below for nested schema.</li> <li><code>private_access</code> (object). Allow access to selected service ports from private networks. See below for nested schema.</li> <li><code>privatelink_access</code> (object). Allow access to selected service components through Privatelink. See below for nested schema.</li> <li><code>project_to_fork_from</code> (string, Immutable, MaxLength: 63). Name of another project to fork a service from. This has effect only when a new service is being created.</li> <li><code>public_access</code> (object). Allow access to selected service ports from the public Internet. See below for nested schema.</li> <li><code>recovery_basebackup_name</code> (string, Pattern: <code>^[a-zA-Z0-9-_:.]+$</code>, MaxLength: 128). Name of the basebackup to restore in forked service.</li> <li><code>redis_acl_channels_default</code> (string, Enum: <code>allchannels</code>, <code>resetchannels</code>). Determines default pub/sub channels' ACL for new users if ACL is not supplied. When this option is not defined, all_channels is assumed to keep backward compatibility. This option doesn't affect Redis configuration acl-pubsub-default.</li> <li><code>redis_io_threads</code> (integer, Minimum: 1, Maximum: 32). Set Redis IO thread count. Changing this will cause a restart of the Redis service.</li> <li><code>redis_lfu_decay_time</code> (integer, Minimum: 1, Maximum: 120). LFU maxmemory-policy counter decay time in minutes.</li> <li><code>redis_lfu_log_factor</code> (integer, Minimum: 0, Maximum: 100). Counter logarithm factor for volatile-lfu and allkeys-lfu maxmemory-policies.</li> <li><code>redis_maxmemory_policy</code> (string, Enum: <code>noeviction</code>, <code>allkeys-lru</code>, <code>volatile-lru</code>, <code>allkeys-random</code>, <code>volatile-random</code>, <code>volatile-ttl</code>, <code>volatile-lfu</code>, <code>allkeys-lfu</code>). Redis maxmemory-policy.</li> <li><code>redis_notify_keyspace_events</code> (string, Pattern: <code>^[KEg\\$lshzxeA]*$</code>, MaxLength: 32). Set notify-keyspace-events option.</li> <li><code>redis_number_of_databases</code> (integer, Minimum: 1, Maximum: 128). Set number of Redis databases. Changing this will cause a restart of the Redis service.</li> <li><code>redis_persistence</code> (string, Enum: <code>off</code>, <code>rdb</code>). When persistence is <code>rdb</code>, Redis does RDB dumps each 10 minutes if any key is changed. Also RDB dumps are done according to backup schedule for backup purposes. When persistence is <code>off</code>, no RDB dumps and backups are done, so data can be lost at any moment if service is restarted for any reason, or if service is powered off. Also service can't be forked.</li> <li><code>redis_pubsub_client_output_buffer_limit</code> (integer, Minimum: 32, Maximum: 512). Set output buffer limit for pub / sub clients in MB. The value is the hard limit, the soft limit is 1/4 of the hard limit. When setting the limit, be mindful of the available memory in the selected service plan.</li> <li><code>redis_ssl</code> (boolean). Require SSL to access Redis.</li> <li><code>redis_timeout</code> (integer, Minimum: 0, Maximum: 31536000). Redis idle connection timeout in seconds.</li> <li><code>service_to_fork_from</code> (string, Immutable, MaxLength: 64). Name of another service to fork from. This has effect only when a new service is being created.</li> <li><code>static_ips</code> (boolean). Use static public IP addresses.</li> </ul>"},{"location":"api-reference/redis.html#spec.userConfig.ip_filter","title":"ip_filter","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>.</p> <p>Required</p> <ul> <li><code>network</code> (string, MaxLength: 43). CIDR address block.</li> </ul> <p>Optional</p> <ul> <li><code>description</code> (string, MaxLength: 1024). Description for IP filter list entry.</li> </ul>"},{"location":"api-reference/redis.html#spec.userConfig.migration","title":"migration","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Migrate data from existing server.</p> <p>Required</p> <ul> <li><code>host</code> (string, MaxLength: 255). Hostname or IP address of the server where to migrate data from.</li> <li><code>port</code> (integer, Minimum: 1, Maximum: 65535). Port number of the server where to migrate data from.</li> </ul> <p>Optional</p> <ul> <li><code>dbname</code> (string, MaxLength: 63). Database name for bootstrapping the initial connection.</li> <li><code>ignore_dbs</code> (string, MaxLength: 2048). Comma-separated list of databases, which should be ignored during migration (supported by MySQL and PostgreSQL only at the moment).</li> <li><code>method</code> (string, Enum: <code>dump</code>, <code>replication</code>). The migration method to be used (currently supported only by Redis, Dragonfly, MySQL and PostgreSQL service types).</li> <li><code>password</code> (string, MaxLength: 256). Password for authentication with the server where to migrate data from.</li> <li><code>ssl</code> (boolean). The server where to migrate data from is secured with SSL.</li> <li><code>username</code> (string, MaxLength: 256). User name for authentication with the server where to migrate data from.</li> </ul>"},{"location":"api-reference/redis.html#spec.userConfig.private_access","title":"private_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from private networks.</p> <p>Optional</p> <ul> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> <li><code>redis</code> (boolean). Allow clients to connect to redis with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> </ul>"},{"location":"api-reference/redis.html#spec.userConfig.privatelink_access","title":"privatelink_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service components through Privatelink.</p> <p>Optional</p> <ul> <li><code>prometheus</code> (boolean). Enable prometheus.</li> <li><code>redis</code> (boolean). Enable redis.</li> </ul>"},{"location":"api-reference/redis.html#spec.userConfig.public_access","title":"public_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from the public Internet.</p> <p>Optional</p> <ul> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus from the public internet for service nodes that are in a project VPC or another type of private network.</li> <li><code>redis</code> (boolean). Allow clients to connect to redis from the public internet for service nodes that are in a project VPC or another type of private network.</li> </ul>"},{"location":"api-reference/serviceintegration.html","title":"ServiceIntegration","text":""},{"location":"api-reference/serviceintegration.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: ServiceIntegration\nmetadata:\n  name: my-service-integration\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: aiven-project-name\n\n  integrationType: kafka_logs\n  sourceServiceName: my-source-service-name\n  destinationServiceName: my-destination-service-name\n\n  kafkaLogs:\n    kafka_topic: my-kafka-topic\n</code></pre>"},{"location":"api-reference/serviceintegration.html#ServiceIntegration","title":"ServiceIntegration","text":"<p>ServiceIntegration is the Schema for the serviceintegrations API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>ServiceIntegration</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). ServiceIntegrationSpec defines the desired state of ServiceIntegration. See below for nested schema.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec","title":"spec","text":"<p>Appears on <code>ServiceIntegration</code>.</p> <p>ServiceIntegrationSpec defines the desired state of ServiceIntegration.</p> <p>Required</p> <ul> <li><code>integrationType</code> (string, Enum: <code>alertmanager</code>, <code>autoscaler</code>, <code>caching</code>, <code>cassandra_cross_service_cluster</code>, <code>clickhouse_kafka</code>, <code>clickhouse_postgresql</code>, <code>dashboard</code>, <code>datadog</code>, <code>datasource</code>, <code>external_aws_cloudwatch_logs</code>, <code>external_aws_cloudwatch_metrics</code>, <code>external_elasticsearch_logs</code>, <code>external_google_cloud_logging</code>, <code>external_opensearch_logs</code>, <code>flink</code>, <code>flink_external_kafka</code>, <code>internal_connectivity</code>, <code>jolokia</code>, <code>kafka_connect</code>, <code>kafka_logs</code>, <code>kafka_mirrormaker</code>, <code>logs</code>, <code>m3aggregator</code>, <code>m3coordinator</code>, <code>metrics</code>, <code>opensearch_cross_cluster_replication</code>, <code>opensearch_cross_cluster_search</code>, <code>prometheus</code>, <code>read_replica</code>, <code>rsyslog</code>, <code>schema_registry_proxy</code>, <code>stresstester</code>, <code>thanosquery</code>, <code>thanosstore</code>, <code>vmalert</code>, Immutable). Type of the service integration accepted by Aiven API. Some values may not be supported by the operator.</li> <li><code>project</code> (string, Immutable, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Project the integration belongs to.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>clickhouseKafka</code> (object). Clickhouse Kafka configuration values. See below for nested schema.</li> <li><code>clickhousePostgresql</code> (object). Clickhouse PostgreSQL configuration values. See below for nested schema.</li> <li><code>datadog</code> (object). Datadog specific user configuration options. See below for nested schema.</li> <li><code>destinationEndpointId</code> (string, Immutable, MaxLength: 36). Destination endpoint for the integration (if any).</li> <li><code>destinationProjectName</code> (string, Immutable, MaxLength: 63). Destination project for the integration (if any).</li> <li><code>destinationServiceName</code> (string, Immutable, MaxLength: 64). Destination service for the integration (if any).</li> <li><code>externalAWSCloudwatchMetrics</code> (object). External AWS CloudWatch Metrics integration Logs configuration values. See below for nested schema.</li> <li><code>kafkaConnect</code> (object). Kafka Connect service configuration values. See below for nested schema.</li> <li><code>kafkaLogs</code> (object). Kafka logs configuration values. See below for nested schema.</li> <li><code>kafkaMirrormaker</code> (object). Kafka MirrorMaker configuration values. See below for nested schema.</li> <li><code>logs</code> (object). Logs configuration values. See below for nested schema.</li> <li><code>metrics</code> (object). Metrics configuration values. See below for nested schema.</li> <li><code>sourceEndpointID</code> (string, Immutable, MaxLength: 36). Source endpoint for the integration (if any).</li> <li><code>sourceProjectName</code> (string, Immutable, MaxLength: 63). Source project for the integration (if any).</li> <li><code>sourceServiceName</code> (string, Immutable, MaxLength: 64). Source service for the integration (if any).</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.clickhouseKafka","title":"clickhouseKafka","text":"<p>Appears on <code>spec</code>.</p> <p>Clickhouse Kafka configuration values.</p> <p>Required</p> <ul> <li><code>tables</code> (array of objects, MaxItems: 100). Tables to create. See below for nested schema.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.clickhouseKafka.tables","title":"tables","text":"<p>Appears on <code>spec.clickhouseKafka</code>.</p> <p>Tables to create.</p> <p>Required</p> <ul> <li><code>columns</code> (array of objects, MaxItems: 100). Table columns. See below for nested schema.</li> <li><code>data_format</code> (string, Enum: <code>Avro</code>, <code>CSV</code>, <code>JSONAsString</code>, <code>JSONCompactEachRow</code>, <code>JSONCompactStringsEachRow</code>, <code>JSONEachRow</code>, <code>JSONStringsEachRow</code>, <code>MsgPack</code>, <code>TSKV</code>, <code>TSV</code>, <code>TabSeparated</code>, <code>RawBLOB</code>, <code>AvroConfluent</code>). Message data format.</li> <li><code>group_name</code> (string, MinLength: 1, MaxLength: 249). Kafka consumers group.</li> <li><code>name</code> (string, MinLength: 1, MaxLength: 40). Name of the table.</li> <li><code>topics</code> (array of objects, MaxItems: 100). Kafka topics. See below for nested schema.</li> </ul> <p>Optional</p> <ul> <li><code>auto_offset_reset</code> (string, Enum: <code>smallest</code>, <code>earliest</code>, <code>beginning</code>, <code>largest</code>, <code>latest</code>, <code>end</code>). Action to take when there is no initial offset in offset store or the desired offset is out of range.</li> <li><code>date_time_input_format</code> (string, Enum: <code>basic</code>, <code>best_effort</code>, <code>best_effort_us</code>). Method to read DateTime from text input formats.</li> <li><code>handle_error_mode</code> (string, Enum: <code>default</code>, <code>stream</code>). How to handle errors for Kafka engine.</li> <li><code>max_block_size</code> (integer, Minimum: 0, Maximum: 1000000000). Number of row collected by poll(s) for flushing data from Kafka.</li> <li><code>max_rows_per_message</code> (integer, Minimum: 1, Maximum: 1000000000). The maximum number of rows produced in one kafka message for row-based formats.</li> <li><code>num_consumers</code> (integer, Minimum: 1, Maximum: 10). The number of consumers per table per replica.</li> <li><code>poll_max_batch_size</code> (integer, Minimum: 0, Maximum: 1000000000). Maximum amount of messages to be polled in a single Kafka poll.</li> <li><code>skip_broken_messages</code> (integer, Minimum: 0, Maximum: 1000000000). Skip at least this number of broken messages from Kafka topic per block.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.clickhouseKafka.tables.columns","title":"columns","text":"<p>Appears on <code>spec.clickhouseKafka.tables</code>.</p> <p>Table columns.</p> <p>Required</p> <ul> <li><code>name</code> (string, MinLength: 1, MaxLength: 40). Column name.</li> <li><code>type</code> (string, MinLength: 1, MaxLength: 1000). Column type.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.clickhouseKafka.tables.topics","title":"topics","text":"<p>Appears on <code>spec.clickhouseKafka.tables</code>.</p> <p>Kafka topics.</p> <p>Required</p> <ul> <li><code>name</code> (string, MinLength: 1, MaxLength: 249). Name of the topic.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.clickhousePostgresql","title":"clickhousePostgresql","text":"<p>Appears on <code>spec</code>.</p> <p>Clickhouse PostgreSQL configuration values.</p> <p>Required</p> <ul> <li><code>databases</code> (array of objects, MaxItems: 10). Databases to expose. See below for nested schema.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.clickhousePostgresql.databases","title":"databases","text":"<p>Appears on <code>spec.clickhousePostgresql</code>.</p> <p>Databases to expose.</p> <p>Optional</p> <ul> <li><code>database</code> (string, MinLength: 1, MaxLength: 63). PostgreSQL database to expose.</li> <li><code>schema</code> (string, MinLength: 1, MaxLength: 63). PostgreSQL schema to expose.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.datadog","title":"datadog","text":"<p>Appears on <code>spec</code>.</p> <p>Datadog specific user configuration options.</p> <p>Optional</p> <ul> <li><code>datadog_dbm_enabled</code> (boolean). Enable Datadog Database Monitoring.</li> <li><code>datadog_tags</code> (array of objects, MaxItems: 32). Custom tags provided by user. See below for nested schema.</li> <li><code>exclude_consumer_groups</code> (array of strings, MaxItems: 1024). List of custom metrics.</li> <li><code>exclude_topics</code> (array of strings, MaxItems: 1024). List of topics to exclude.</li> <li><code>include_consumer_groups</code> (array of strings, MaxItems: 1024). List of custom metrics.</li> <li><code>include_topics</code> (array of strings, MaxItems: 1024). List of topics to include.</li> <li><code>kafka_custom_metrics</code> (array of strings, MaxItems: 1024). List of custom metrics.</li> <li><code>max_jmx_metrics</code> (integer, Minimum: 10, Maximum: 100000). Maximum number of JMX metrics to send.</li> <li><code>opensearch</code> (object). Datadog Opensearch Options. See below for nested schema.</li> <li><code>redis</code> (object). Datadog Redis Options. See below for nested schema.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.datadog.datadog_tags","title":"datadog_tags","text":"<p>Appears on <code>spec.datadog</code>.</p> <p>Custom tags provided by user.</p> <p>Required</p> <ul> <li><code>tag</code> (string, MinLength: 1, MaxLength: 200). Tag format and usage are described here: https://docs.datadoghq.com/getting_started/tagging. Tags with prefix <code>aiven-</code> are reserved for Aiven.</li> </ul> <p>Optional</p> <ul> <li><code>comment</code> (string, MaxLength: 1024). Optional tag explanation.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.datadog.opensearch","title":"opensearch","text":"<p>Appears on <code>spec.datadog</code>.</p> <p>Datadog Opensearch Options.</p> <p>Optional</p> <ul> <li><code>index_stats_enabled</code> (boolean). Enable Datadog Opensearch Index Monitoring.</li> <li><code>pending_task_stats_enabled</code> (boolean). Enable Datadog Opensearch Pending Task Monitoring.</li> <li><code>pshard_stats_enabled</code> (boolean). Enable Datadog Opensearch Primary Shard Monitoring.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.datadog.redis","title":"redis","text":"<p>Appears on <code>spec.datadog</code>.</p> <p>Datadog Redis Options.</p> <p>Required</p> <ul> <li><code>command_stats_enabled</code> (boolean). Enable command_stats option in the agent's configuration.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.externalAWSCloudwatchMetrics","title":"externalAWSCloudwatchMetrics","text":"<p>Appears on <code>spec</code>.</p> <p>External AWS CloudWatch Metrics integration Logs configuration values.</p> <p>Optional</p> <ul> <li><code>dropped_metrics</code> (array of objects, MaxItems: 1024). Metrics to not send to AWS CloudWatch (takes precedence over extra_metrics). See below for nested schema.</li> <li><code>extra_metrics</code> (array of objects, MaxItems: 1024). Metrics to allow through to AWS CloudWatch (in addition to default metrics). See below for nested schema.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.externalAWSCloudwatchMetrics.dropped_metrics","title":"dropped_metrics","text":"<p>Appears on <code>spec.externalAWSCloudwatchMetrics</code>.</p> <p>Metrics to not send to AWS CloudWatch (takes precedence over extra_metrics).</p> <p>Required</p> <ul> <li><code>field</code> (string, MaxLength: 1000). Identifier of a value in the metric.</li> <li><code>metric</code> (string, MaxLength: 1000). Identifier of the metric.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.externalAWSCloudwatchMetrics.extra_metrics","title":"extra_metrics","text":"<p>Appears on <code>spec.externalAWSCloudwatchMetrics</code>.</p> <p>Metrics to allow through to AWS CloudWatch (in addition to default metrics).</p> <p>Required</p> <ul> <li><code>field</code> (string, MaxLength: 1000). Identifier of a value in the metric.</li> <li><code>metric</code> (string, MaxLength: 1000). Identifier of the metric.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.kafkaConnect","title":"kafkaConnect","text":"<p>Appears on <code>spec</code>.</p> <p>Kafka Connect service configuration values.</p> <p>Required</p> <ul> <li><code>kafka_connect</code> (object). Kafka Connect service configuration values. See below for nested schema.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.kafkaConnect.kafka_connect","title":"kafka_connect","text":"<p>Appears on <code>spec.kafkaConnect</code>.</p> <p>Kafka Connect service configuration values.</p> <p>Optional</p> <ul> <li><code>config_storage_topic</code> (string, MaxLength: 249). The name of the topic where connector and task configuration data are stored.This must be the same for all workers with the same group_id.</li> <li><code>group_id</code> (string, MaxLength: 249). A unique string that identifies the Connect cluster group this worker belongs to.</li> <li><code>offset_storage_topic</code> (string, MaxLength: 249). The name of the topic where connector and task configuration offsets are stored.This must be the same for all workers with the same group_id.</li> <li><code>status_storage_topic</code> (string, MaxLength: 249). The name of the topic where connector and task configuration status updates are stored.This must be the same for all workers with the same group_id.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.kafkaLogs","title":"kafkaLogs","text":"<p>Appears on <code>spec</code>.</p> <p>Kafka logs configuration values.</p> <p>Required</p> <ul> <li><code>kafka_topic</code> (string, MinLength: 1, MaxLength: 249). Topic name.</li> </ul> <p>Optional</p> <ul> <li><code>selected_log_fields</code> (array of strings, MaxItems: 5). The list of logging fields that will be sent to the integration logging service. The MESSAGE and timestamp fields are always sent.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.kafkaMirrormaker","title":"kafkaMirrormaker","text":"<p>Appears on <code>spec</code>.</p> <p>Kafka MirrorMaker configuration values.</p> <p>Optional</p> <ul> <li><code>cluster_alias</code> (string, Pattern: <code>^[a-zA-Z0-9_.-]+$</code>, MaxLength: 128). The alias under which the Kafka cluster is known to MirrorMaker. Can contain the following symbols: ASCII alphanumerics, <code>.</code>, <code>_</code>, and <code>-</code>.</li> <li><code>kafka_mirrormaker</code> (object). Kafka MirrorMaker configuration values. See below for nested schema.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.kafkaMirrormaker.kafka_mirrormaker","title":"kafka_mirrormaker","text":"<p>Appears on <code>spec.kafkaMirrormaker</code>.</p> <p>Kafka MirrorMaker configuration values.</p> <p>Optional</p> <ul> <li><code>consumer_fetch_min_bytes</code> (integer, Minimum: 1, Maximum: 5242880). The minimum amount of data the server should return for a fetch request.</li> <li><code>producer_batch_size</code> (integer, Minimum: 0, Maximum: 5242880). The batch size in bytes producer will attempt to collect before publishing to broker.</li> <li><code>producer_buffer_memory</code> (integer, Minimum: 5242880, Maximum: 134217728). The amount of bytes producer can use for buffering data before publishing to broker.</li> <li><code>producer_compression_type</code> (string, Enum: <code>gzip</code>, <code>snappy</code>, <code>lz4</code>, <code>zstd</code>, <code>none</code>). Specify the default compression type for producers. This configuration accepts the standard compression codecs (<code>gzip</code>, <code>snappy</code>, <code>lz4</code>, <code>zstd</code>). It additionally accepts <code>none</code> which is the default and equivalent to no compression.</li> <li><code>producer_linger_ms</code> (integer, Minimum: 0, Maximum: 5000). The linger time (ms) for waiting new data to arrive for publishing.</li> <li><code>producer_max_request_size</code> (integer, Minimum: 0, Maximum: 268435456). The maximum request size in bytes.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.logs","title":"logs","text":"<p>Appears on <code>spec</code>.</p> <p>Logs configuration values.</p> <p>Optional</p> <ul> <li><code>elasticsearch_index_days_max</code> (integer, Minimum: 1, Maximum: 10000). Elasticsearch index retention limit.</li> <li><code>elasticsearch_index_prefix</code> (string, MinLength: 1, MaxLength: 1024). Elasticsearch index prefix.</li> <li><code>selected_log_fields</code> (array of strings, MaxItems: 5). The list of logging fields that will be sent to the integration logging service. The MESSAGE and timestamp fields are always sent.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.metrics","title":"metrics","text":"<p>Appears on <code>spec</code>.</p> <p>Metrics configuration values.</p> <p>Optional</p> <ul> <li><code>database</code> (string, Pattern: <code>^[_A-Za-z0-9][-_A-Za-z0-9]{0,39}$</code>, MaxLength: 40). Name of the database where to store metric datapoints. Only affects PostgreSQL destinations. Defaults to <code>metrics</code>. Note that this must be the same for all metrics integrations that write data to the same PostgreSQL service.</li> <li><code>retention_days</code> (integer, Minimum: 0, Maximum: 10000). Number of days to keep old metrics. Only affects PostgreSQL destinations. Set to 0 for no automatic cleanup. Defaults to 30 days.</li> <li><code>ro_username</code> (string, Pattern: <code>^[_A-Za-z0-9][-._A-Za-z0-9]{0,39}$</code>, MaxLength: 40). Name of a user that can be used to read metrics. This will be used for Grafana integration (if enabled) to prevent Grafana users from making undesired changes. Only affects PostgreSQL destinations. Defaults to <code>metrics_reader</code>. Note that this must be the same for all metrics integrations that write data to the same PostgreSQL service.</li> <li><code>source_mysql</code> (object). Configuration options for metrics where source service is MySQL. See below for nested schema.</li> <li><code>username</code> (string, Pattern: <code>^[_A-Za-z0-9][-._A-Za-z0-9]{0,39}$</code>, MaxLength: 40). Name of the user used to write metrics. Only affects PostgreSQL destinations. Defaults to <code>metrics_writer</code>. Note that this must be the same for all metrics integrations that write data to the same PostgreSQL service.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.metrics.source_mysql","title":"source_mysql","text":"<p>Appears on <code>spec.metrics</code>.</p> <p>Configuration options for metrics where source service is MySQL.</p> <p>Required</p> <ul> <li><code>telegraf</code> (object). Configuration options for Telegraf MySQL input plugin. See below for nested schema.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.metrics.source_mysql.telegraf","title":"telegraf","text":"<p>Appears on <code>spec.metrics.source_mysql</code>.</p> <p>Configuration options for Telegraf MySQL input plugin.</p> <p>Optional</p> <ul> <li><code>gather_event_waits</code> (boolean). Gather metrics from PERFORMANCE_SCHEMA.EVENT_WAITS.</li> <li><code>gather_file_events_stats</code> (boolean). gather metrics from PERFORMANCE_SCHEMA.FILE_SUMMARY_BY_EVENT_NAME.</li> <li><code>gather_index_io_waits</code> (boolean). Gather metrics from PERFORMANCE_SCHEMA.TABLE_IO_WAITS_SUMMARY_BY_INDEX_USAGE.</li> <li><code>gather_info_schema_auto_inc</code> (boolean). Gather auto_increment columns and max values from information schema.</li> <li><code>gather_innodb_metrics</code> (boolean). Gather metrics from INFORMATION_SCHEMA.INNODB_METRICS.</li> <li><code>gather_perf_events_statements</code> (boolean). Gather metrics from PERFORMANCE_SCHEMA.EVENTS_STATEMENTS_SUMMARY_BY_DIGEST.</li> <li><code>gather_process_list</code> (boolean). Gather thread state counts from INFORMATION_SCHEMA.PROCESSLIST.</li> <li><code>gather_slave_status</code> (boolean). Gather metrics from SHOW SLAVE STATUS command output.</li> <li><code>gather_table_io_waits</code> (boolean). Gather metrics from PERFORMANCE_SCHEMA.TABLE_IO_WAITS_SUMMARY_BY_TABLE.</li> <li><code>gather_table_lock_waits</code> (boolean). Gather metrics from PERFORMANCE_SCHEMA.TABLE_LOCK_WAITS.</li> <li><code>gather_table_schema</code> (boolean). Gather metrics from INFORMATION_SCHEMA.TABLES.</li> <li><code>perf_events_statements_digest_text_limit</code> (integer, Minimum: 1, Maximum: 2048). Truncates digest text from perf_events_statements into this many characters.</li> <li><code>perf_events_statements_limit</code> (integer, Minimum: 1, Maximum: 4000). Limits metrics from perf_events_statements.</li> <li><code>perf_events_statements_time_limit</code> (integer, Minimum: 1, Maximum: 2592000). Only include perf_events_statements whose last seen is less than this many seconds.</li> </ul>"},{"location":"api-reference/serviceuser.html","title":"ServiceUser","text":""},{"location":"api-reference/serviceuser.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: ServiceUser\nmetadata:\n  name: my-service-user\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: service-user-secret\n    prefix: MY_SECRET_PREFIX_\n    annotations:\n      foo: bar\n    labels:\n      baz: egg\n\n  project: aiven-project-name\n  serviceName: my-service-name\n</code></pre>"},{"location":"api-reference/serviceuser.html#ServiceUser","title":"ServiceUser","text":"<p>ServiceUser is the Schema for the serviceusers API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>ServiceUser</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). ServiceUserSpec defines the desired state of ServiceUser. See below for nested schema.</li> </ul>"},{"location":"api-reference/serviceuser.html#spec","title":"spec","text":"<p>Appears on <code>ServiceUser</code>.</p> <p>ServiceUserSpec defines the desired state of ServiceUser.</p> <p>Required</p> <ul> <li><code>project</code> (string, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Project to link the user to.</li> <li><code>serviceName</code> (string, MaxLength: 63). Service to link the user to.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>authentication</code> (string, Enum: <code>caching_sha2_password</code>, <code>mysql_native_password</code>). Authentication details.</li> <li><code>connInfoSecretTarget</code> (object). Information regarding secret creation. Exposed keys: <code>SERVICEUSER_HOST</code>, <code>SERVICEUSER_PORT</code>, <code>SERVICEUSER_USERNAME</code>, <code>SERVICEUSER_PASSWORD</code>, <code>SERVICEUSER_CA_CERT</code>, <code>SERVICEUSER_ACCESS_CERT</code>, <code>SERVICEUSER_ACCESS_KEY</code>. See below for nested schema.</li> </ul>"},{"location":"api-reference/serviceuser.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/serviceuser.html#spec.connInfoSecretTarget","title":"connInfoSecretTarget","text":"<p>Appears on <code>spec</code>.</p> <p>Information regarding secret creation. Exposed keys: <code>SERVICEUSER_HOST</code>, <code>SERVICEUSER_PORT</code>, <code>SERVICEUSER_USERNAME</code>, <code>SERVICEUSER_PASSWORD</code>, <code>SERVICEUSER_CA_CERT</code>, <code>SERVICEUSER_ACCESS_CERT</code>, <code>SERVICEUSER_ACCESS_KEY</code>.</p> <p>Required</p> <ul> <li><code>name</code> (string). Name of the secret resource to be created. By default, is equal to the resource name.</li> </ul> <p>Optional</p> <ul> <li><code>annotations</code> (object, AdditionalProperties: string). Annotations added to the secret.</li> <li><code>labels</code> (object, AdditionalProperties: string). Labels added to the secret.</li> <li><code>prefix</code> (string). Prefix for the secret's keys. Added \"as is\" without any transformations. By default, is equal to the kind name in uppercase + underscore, e.g. <code>KAFKA_</code>, <code>REDIS_</code>, etc.</li> </ul>"},{"location":"contributing/index.html","title":"Contributing Guidelines","text":"<p>The Aiven Operator for Kubernetes project accepts contributions via GitHub pull requests. This document outlines the process to help get your contribution accepted.</p> <p>Please see also the Aiven Operator for Kubernetes Developer Guide.</p>"},{"location":"contributing/index.html#support-channels","title":"Support Channels","text":"<p>This project offers support through GitHub issues and can be filed here. Moreover, GitHub issues are used as the primary method for tracking anything to do with the Aiven Operator for Kubernetes project.</p>"},{"location":"contributing/index.html#pull-request-process","title":"Pull Request Process","text":"<ol> <li>Ensure any install or build dependencies are removed before the end of the layer when doing a build.</li> <li>Increase the version numbers in any examples files and the README.md and in corresponding file in he /docs folder to    the new version that this Pull Request would represent. The versioning scheme we use is SemVer.</li> <li>You may merge the Pull Request in once you have the sign-off of two other developers, or if you do not have    permission to do that, you may request the second reviewer to merge it for you.</li> </ol>"},{"location":"contributing/index.html#code-of-conduct","title":"Code of Conduct","text":""},{"location":"contributing/index.html#our-pledge","title":"Our Pledge","text":"<p>In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation.</p>"},{"location":"contributing/index.html#our-standards","title":"Our Standards","text":"<p>Examples of behavior that contributes to creating a positive environment include:</p> <ul> <li>Using welcoming and inclusive language</li> <li>Being respectful of differing viewpoints and experiences</li> <li>Gracefully accepting constructive criticism</li> <li>Focusing on what is best for the community</li> <li>Showing empathy towards other community members</li> </ul> <p>Examples of unacceptable behavior by participants include:</p> <ul> <li>The use of sexualized language or imagery and unwelcome sexual attention or advances</li> <li>Trolling, insulting/derogatory comments, and personal or political attacks</li> <li>Public or private harassment</li> <li>Publishing others' private information, such as a physical or electronic address, without explicit permission</li> <li>Other conduct which could reasonably be considered inappropriate in a professional setting</li> </ul>"},{"location":"contributing/index.html#commit-messages","title":"Commit Messages","text":"<p>This project adheres to the Conventional Commits specification. Please, make sure that your commit messages follow that specification.</p>"},{"location":"contributing/index.html#our-responsibilities","title":"Our Responsibilities","text":"<p>Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior.</p> <p>Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful.</p>"},{"location":"contributing/index.html#scope","title":"Scope","text":"<p>This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers.</p>"},{"location":"contributing/index.html#enforcement","title":"Enforcement","text":"<p>Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at opensource@aiven.io. All complaints will be reviewed and investigated and will result in a response that is deemed necessary and appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately.</p> <p>Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership.</p>"},{"location":"contributing/developer-guide.html","title":"Developer guide","text":""},{"location":"contributing/developer-guide.html#getting-started","title":"Getting Started","text":"<p>You must have a working Go environment and then clone the repository:</p> <pre><code>git clone git@github.com:aiven/aiven-operator.git\ncd aiven-operator\n</code></pre>"},{"location":"contributing/developer-guide.html#resource-generation","title":"Resource generation","text":"<p>Please see this page for more information.</p>"},{"location":"contributing/developer-guide.html#building","title":"Building","text":"<p>The project uses the <code>make</code> build system.</p> <p>Building the operator binary:</p> <pre><code>make build\n</code></pre>"},{"location":"contributing/developer-guide.html#testing","title":"Testing","text":"<p>As of now, we only support integration tests who interact directly with Aiven. To run the tests, you'll need an Aiven account and an Aiven authentication code.</p>"},{"location":"contributing/developer-guide.html#prerequisites","title":"Prerequisites","text":"<p>Please have installed first:</p> <ul> <li>docker/podman</li> <li>helm</li> <li>Aiven CLI (make sure you have logged in)</li> <li>jq</li> <li>kcat</li> <li>base64, note: MACOS version doesn't support <code>-w0</code> flag, some tests may not work properly</li> <li>kind, and existing cluster, e.g.     <pre><code> kind create cluster --image kindest/node:v1.24.0 --wait 5m\n</code></pre></li> </ul> <p>The following commands must be executed with these environment variables (keep them in secret!):</p> <ul> <li><code>AIVEN_TOKEN</code> \u2014 your authentication token </li> <li><code>AIVEN_PROJECT_NAME</code> \u2014 your Aiven project name to run services in</li> </ul> <p>Setup everything:</p> <pre><code>make e2e-setup-kind\n</code></pre> <p>Note</p> <p>Additionally, webhooks can be disabled,  if there are any problems with them.</p> <pre><code>WEBHOOKS_ENABLED=false make e2e-setup-kind\n</code></pre> <p>Run e2e tests (creates real services in <code>AIVEN_PROJECT_NAME</code>):</p> <pre><code>make test-e2e-preinstalled \n</code></pre> <p>When you're done, just drop the cluster:</p> <pre><code>kind delete cluster\n</code></pre>"},{"location":"contributing/developer-guide.html#documentation","title":"Documentation","text":"<p>The documentation is written in markdown and generated by mkdocs and mkdocs-material. </p> <p>To run the documentation live preview:</p> <pre><code>make serve-docs\n</code></pre> <p>And open the <code>http://localhost:8000/aiven-operator/</code> page in your web browser.</p> <p>The documentation API Reference section is generated automatically from the source code during the documentation deployment. To generate it locally, run the following command:</p> <pre><code>make docs\n</code></pre>"},{"location":"contributing/resource-generation.html","title":"Resource generation","text":"<p>Aiven Kubernetes Operator generates service configs code (also known as user configs) and documentation from public service types schema.</p>"},{"location":"contributing/resource-generation.html#flow-overview","title":"Flow overview","text":"<p>When a new schema is issued on the API, a cron job fetches it, parses, patches, and saves in a shared library \u2014 go-api-schemas.</p> <p>When the library is updated,  the GitHub dependabot creates PRs to the dependant repositories,  like Aiven Kubernetes Operator and Aiven Terraform Provider.</p> <p>Then the <code>make generate</code> command is called by GitHub action. And the PR is ready for review.</p> <pre><code>flowchart TB\n    API(Aiven API) &lt;-.-&gt;|polls schema updates| Schema([go-api-schemas])\n    Bot(dependabot) &lt;-.-&gt;|polls updates| Schema \n    Bot--&gt;|pull request|UpdateOP[/\"\u2728 $ make generate \u2728\"/]\n    UpdateOP--&gt;|review| OP([operator repository])</code></pre>"},{"location":"contributing/resource-generation.html#make-generate","title":"make generate","text":"<p>The command runs several generators in a certain sequence. First, the user config generator is called. Then controller-gen cli. Then API reference docs generator and charts generator.</p> <p>Here how it goes in the details:</p> <ol> <li>User config generator creates Go structs (k8s api compatible objects) with docstrings,     validation rules and constraints (immutable, maxLength, etc)</li> <li>controller-gen generates k8s methods,    generates CRDs for those objects,     creates charts for cluster roles and webhooks. </li> <li>Docs generator creates API reference out of CRDs:<ol> <li>it looks for an example file for the given CRD kind in <code>./&lt;api-reference-docs&gt;/example/</code>,    if it finds one, it validates that with the CRD.     Each CRD has an OpenAPI v3 schema as a part of it.     This is also used by Kubernetes itself to validate user input.</li> <li>generates full spec reference out of the schema</li> <li>creates a markdown file with spec and example (if exists)</li> </ol> </li> <li>Charts generator     updates CRDs, webhooks and cluster roles charts,    adds all changes to the changelog </li> </ol> <pre><code>flowchart TB\n    Make[/$ make generate/]--&gt;Generator(userconfig generator&lt;br&gt; creates/updates structs using updated spec)\n    Generator--&gt;|go: KafkaUserConfig struct| K8S(controller-gen&lt;br&gt; adds k8s methods to structs)\n    K8S--&gt;|go files| CRD(controller-gen&lt;br&gt; creates CRDs out of structs)\n    CRD--&gt;|CRD: aiven.io_kafkas.yaml| Docs(docs generator)\n    subgraph API reference generation\n        Docs--&gt;|aiven.io_kafkas.yaml|Reference(creates reference&lt;br&gt; out of CRD)\n        Docs--&gt;|examples/kafka.yaml,&lt;br&gt; aiven.io_kafkas.yaml|Examples(validates example&lt;br&gt; using CRD)\n        Examples--&gt; Markdown(creates docs out of CRDs, adds examples)\n        Reference--&gt;Markdown(kafka.md)\n    end\n    CRD--&gt;|yaml files|Charts(charts generator&lt;br&gt; updates helm charts&lt;br&gt; and the changelog)\n    Charts--&gt;ToRelease(\"Ready to release \ud83c\udf89\")\n    Markdown--&gt;ToRelease</code></pre>"},{"location":"contributing/resource-generation.html#charts-version-bump","title":"Charts version bump","text":"<p>By default, charts generator keeps the current helm chart's version, because it doesn't know semver. You need it to do manually.</p> <p>To do so run the following command with the version of your choice:</p> <pre><code>make version=v1.0.0 charts\n</code></pre>"},{"location":"installation/helm.html","title":"Installing with Helm (recommended)","text":""},{"location":"installation/helm.html#installing","title":"Installing","text":"<p>The Aiven Operator for Kubernetes can be installed via Helm. </p> <p>Before you start, make sure you have the prerequisites.</p> <p>First add the Aiven Helm repository:</p> <pre><code>helm repo add aiven https://aiven.github.io/aiven-charts &amp;&amp; helm repo update\n</code></pre>"},{"location":"installation/helm.html#installing-custom-resource-definitions","title":"Installing Custom Resource Definitions","text":"<pre><code>helm install aiven-operator-crds aiven/aiven-operator-crds\n</code></pre> <p>Verify the installation: <pre><code>kubectl api-resources --api-group=aiven.io\n</code></pre> The output is similar to the following:</p> <pre><code>NAME                  SHORTNAMES   APIVERSION          NAMESPACED   KIND\nconnectionpools                    aiven.io/v1alpha1   true         ConnectionPool\ndatabases                          aiven.io/v1alpha1   true         Database\n... &lt; several omitted lines &gt;\n</code></pre>"},{"location":"installation/helm.html#installing-the-operator","title":"Installing the Operator","text":"<pre><code>helm install aiven-operator aiven/aiven-operator\n</code></pre> <p>Note</p> <p>Installation will fail if webhooks are enabled and the CRDs for the cert-manager are not installed.</p> <p>Verify the installation:  <pre><code>helm status aiven-operator\n</code></pre></p> <p>The output is similar to the following:</p> <pre><code>NAME: aiven-operator\nLAST DEPLOYED: Fri Sep 10 15:23:26 2021\nNAMESPACE: default\nSTATUS: deployed\nREVISION: 1\nTEST SUITE: None\n</code></pre> <p>It is also possible to install the operator without webhooks enabled: <pre><code>helm install aiven-operator aiven/aiven-operator --set webhooks.enabled=false\n</code></pre></p>"},{"location":"installation/helm.html#configuration-options","title":"Configuration Options","text":"<p>Please refer to the values.yaml of the chart.</p>"},{"location":"installation/helm.html#installing-without-full-cluster-administrator-access","title":"Installing without full cluster administrator access","text":"<p>There can be some scenarios where the individual installing the Helm chart does not have the ability to provision cluster-wide resources (e.g. ClusterRoles/ClusterRoleBindings). In this scenario, you can have a cluster administrator manually install the ClusterRole and ClusterRoleBinding the operator requires prior to installing the Helm chart specifying <code>false</code> for the <code>clusterRole.create</code> attribute. </p>"},{"location":"installation/helm.html#uninstalling","title":"Uninstalling","text":"<p>Important</p> <p>Please see this page for more information.</p> <p>Find out the name of your deployment:</p> <pre><code>helm list\n</code></pre> <p>The output has the name of each deployment similar to the following: </p> <pre><code>NAME                NAMESPACE   REVISION    UPDATED                                     STATUS      CHART                       APP VERSION\naiven-operator      default     1           2021-09-09 10:56:14.623700249 +0200 CEST    deployed    aiven-operator-v0.1.0       v0.1.0     \naiven-operator-crds default     1           2021-09-09 10:56:05.736411868 +0200 CEST    deployed    aiven-operator-crds-v0.1.0  v0.1.0\n</code></pre> <p>Remove the CRDs:</p> <pre><code>helm uninstall aiven-operator-crds\n</code></pre> <p>The confirmation message is similar to the following:</p> <pre><code>release \"aiven-operator-crds\" uninstalled\n</code></pre> <p>Remove the operator:</p> <pre><code>helm uninstall aiven-operator\n</code></pre> <p>The confirmation message is similar to the following:</p> <pre><code>release \"aiven-operator\" uninstalled\n</code></pre>"},{"location":"installation/kubectl.html","title":"Installing with kubectl","text":""},{"location":"installation/kubectl.html#installing","title":"Installing","text":"<p>Before you start, make sure you have the prerequisites.</p> <p>All Aiven Operator for Kubernetes components can be installed from one YAML file that is uploaded for every release:</p> <pre><code>kubectl apply -f https://github.com/aiven/aiven-operator/releases/latest/download/deployment.yaml\n</code></pre> <p>By default the Deployment is installed into the <code>aiven-operator-system</code> namespace.</p>"},{"location":"installation/kubectl.html#uninstalling","title":"Uninstalling","text":"<p>Assuming you installed version <code>vX.Y.Z</code> of the operator it can be uninstalled via</p> <pre><code>kubectl delete -f https://github.com/aiven/aiven-operator/releases/download/vX.Y.Z/deployment.yaml\n</code></pre>"},{"location":"installation/prerequisites.html","title":"Prerequisites","text":"<p>The Aiven Operator for Kubernetes supports all major Kubernetes distributions, both locally and in the cloud.</p> <p>Make sure you have the following:</p> <ul> <li>To use the operator, you need admin access to a Kubernetes cluster.</li> <li>For playground usage you can use kind for example.</li> <li>For productive usage Helm is recommended.</li> </ul>"},{"location":"installation/prerequisites.html#cert-manager","title":"Cert Manager","text":"<p>The Aiven Operator for Kubernetes uses <code>cert-manager</code> to configure the service reference of our webhooks.</p> <p>Please follow the installation instructions on their website.</p> <p>Note</p> <p>This is not required in the Helm installation if you select to disable webhooks,  but that is not recommended outside of playground use.  The Aiven Operator for Kubernetes uses webhooks for setting defaults  and enforcing invariants that are expected by the aiven API and will lead to errors if ignored.  In the future webhooks will also be used for conversion and supporting multiple CRD versions.</p>"},{"location":"installation/uninstalling.html","title":"Uninstalling","text":"<p>Danger</p> <p>Uninstalling the Aiven Operator for Kubernetes can remove the resources created in Aiven, possibly resulting in data loss.</p> <p>Depending on your installation, please follow one of:</p> <ul> <li>Helm</li> <li>kubectl</li> </ul>"},{"location":"installation/uninstalling.html#dealing-with-expired-tokens","title":"Dealing with expired tokens","text":"<p>Aiven resources need to have an accompanying secret that contains the token that is used to authorize the manipulation of that resource. If that token expired then you will not be able to delete the custom resource and deletion will also hang until the situation is resolved. The recommended approach to deal with that situation is to patch a valid token into the secret again so that proper cleanup of aiven resources can take place.</p>"},{"location":"installation/uninstalling.html#hanging-deletions","title":"Hanging deletions","text":"<p>To protect the secrets that the operator is using from deletion, it adds the finalizer <code>finalizers.aiven.io/needed-to-delete-services</code> to the secret. This solves a race condition that happens when deleting a namespace, where there is a possibility of the secret getting deleted before the resource that uses it. When the controller is deleted it may not cleanup the finalizers from all secrets. If there is a secret with this finalizer blocking deletion of a namespace, for now please do</p> <pre><code>kubectl patch secret &lt;offending-secret&gt; -p '{\"metadata\":{\"finalizers\":null}}' --type=merge\n</code></pre> <p>to remove the finalizer.</p>"},{"location":"resources/cassandra.html","title":"Cassandra","text":"<p>Aiven for Apache Cassandra\u00ae is a distributed database designed to handle large volumes of writes.</p> <p>Note</p> <p>Before going through this guide, make sure you have a Kubernetes cluster with the operator installed and a Kubernetes Secret with an Aiven authentication token.</p>"},{"location":"resources/cassandra.html#creating-a-cassandra-instance","title":"Creating a Cassandra instance","text":"<p>1. Create a file named <code>cassandra-sample.yaml</code>, and add the following content: </p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: Cassandra\nmetadata:\n  name: cassandra-sample\nspec:\n  # gets the authentication token from the `aiven-token` Secret\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  # outputs the Cassandra connection on the `cassandra-secret` Secret\n  connInfoSecretTarget:\n    name: cassandra-secret\n\n  # add your Project name here\n  project: &lt;your-project-name&gt;\n\n  # cloud provider and plan of your choice\n  # you can check all of the possibilities here https://aiven.io/pricing\n  cloudName: google-europe-west1\n  plan: startup-4\n\n  # general Aiven configuration\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n</code></pre> <p>2. Create the service by applying the configuration:</p> <pre><code>kubectl apply -f cassandra-sample.yaml \n</code></pre> <p>The output is:</p> <pre><code>cassandra.aiven.io/cassandra-sample created\n</code></pre> <p>3. Review the resource you created with this command:</p> <pre><code>kubectl describe cassandra.aiven.io cassandra-sample\n</code></pre> <p>The output is similar to the following:</p> <pre><code>...\nStatus:\n  Conditions:\n    Last Transition Time:  2023-01-31T10:17:25Z\n    Message:               Instance was created or update on Aiven side\n    Reason:                Created\n    Status:                True\n    Type:                  Initialized\n    Last Transition Time:  2023-01-31T10:24:00Z\n    Message:               Instance is running on Aiven side\n    Reason:                CheckRunning\n    Status:                True\n    Type:                  Running\n  State:                   RUNNING\n...\n</code></pre> <p>The resource can be in the <code>REBUILDING</code> state for a few minutes. Once the state changes to <code>RUNNING</code>, you can access the resource.</p>"},{"location":"resources/cassandra.html#using-the-connection-secret","title":"Using the connection Secret","text":"<p>For your convenience, the operator automatically stores the Cassandra connection information in a Secret created with the name specified on the <code>connInfoSecretTarget</code> field.</p> <p>To view the details of the Secret, use the following command:</p> <pre><code>kubectl describe secret cassandra-secret \n</code></pre> <p>The output is similar to the following:</p> <pre><code>Name:         cassandra-secret\nNamespace:    default\nLabels:       &lt;none&gt;\nAnnotations:  &lt;none&gt;\n\nType:  Opaque\n\nData\n====\nCASSANDRA_HOSTS:     59 bytes\nCASSANDRA_PASSWORD:  24 bytes\nCASSANDRA_PORT:      5 bytes\nCASSANDRA_URI:       66 bytes\nCASSANDRA_USER:      8 bytes\nCASSANDRA_HOST:      60 bytes\n</code></pre> <p>You can use the jq to quickly decode the Secret:</p> <pre><code>kubectl get secret cassandra-secret -o json | jq '.data | map_values(@base64d)'\n</code></pre> <p>The output is similar to the following:</p> <pre><code>{\n  \"CASSANDRA_HOST\": \"&lt;secret&gt;\",\n  \"CASSANDRA_HOSTS\": \"&lt;secret&gt;\",\n  \"CASSANDRA_PASSWORD\": \"&lt;secret&gt;\",\n  \"CASSANDRA_PORT\": \"14609\",\n  \"CASSANDRA_URI\": \"&lt;secret&gt;\",\n  \"CASSANDRA_USER\": \"avnadmin\"\n}\n</code></pre>"},{"location":"resources/cassandra.html#creating-a-cassandra-user","title":"Creating a Cassandra user","text":"<p>You can create service users for your instance of Aiven for Apache Cassandra. Service users are unique to this instance and are not shared with any other services.</p> <p>1. Create a file named cassandra-service-user.yaml:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: ServiceUser\nmetadata:\n  name: cassandra-service-user\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: cassandra-service-user-secret\n\n  project: &lt;your-project-name&gt;\n  serviceName: cassandra-sample\n</code></pre> <p>2. Create the user by applying the configuration:</p> <pre><code>kubectl apply -f cassandra-service-user.yaml\n</code></pre> <p>The <code>ServiceUser</code> resource generates a Secret with connection information. </p> <p>3. View the details of the Secret using the following command:</p> <pre><code>kubectl get secret cassandra-service-user-secret -o json | jq '.data | map_values(@base64d)'\n</code></pre> <p>The output is similar to the following:</p> <pre><code>{\n  \"ACCESS_CERT\": \"&lt;secret&gt;\",\n  \"ACCESS_KEY\": \"&lt;secret&gt;\",\n  \"CA_CERT\": \"&lt;secret&gt;\",\n  \"HOST\": \"&lt;secret&gt;\",\n  \"PASSWORD\": \"&lt;secret&gt;\",\n  \"PORT\": \"14609\",\n  \"USERNAME\": \"cassandra-service-user\"\n}\n</code></pre> <p>You can connect to the Cassandra instance using these credentials and the host information from the <code>cassandra-secret</code> Secret.</p>"},{"location":"resources/mysql.html","title":"MySQL","text":"<p>Aiven for MySQL is a fully managed relational database service, deployable in the cloud of your choice. </p> <p>Before going through this guide, make sure you have a Kubernetes cluster with the operator installed and a Kubernetes Secret with an Aiven authentication token.</p>"},{"location":"resources/mysql.html#creating-a-mysql-instance","title":"Creating a MySQL instance","text":"<p>1. Create a file named <code>mysql-sample.yaml</code>, and add the following content: </p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: MySQL\nmetadata:\n  name: mysql-sample\nspec:\n  # gets the authentication token from the `aiven-token` Secret\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  # outputs the MySQL connection on the `mysql-secret` Secret\n  connInfoSecretTarget:\n    name: mysql-secret\n\n  # add your Project name here\n  project: &lt;your-project-name&gt;\n\n  # cloud provider and plan of your choice\n  # you can check all of the possibilities here https://aiven.io/pricing\n  cloudName: google-europe-west1\n  plan: startup-4\n\n  # general Aiven configuration\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n</code></pre> <p>2. Create the service by applying the configuration:</p> <pre><code>kubectl apply -f mysql-sample.yaml \n</code></pre> <p>3. Review the resource you created with this command:</p> <pre><code>kubectl describe mysql.aiven.io mysql-sample\n</code></pre> <p>The output is similar to the following:</p> <pre><code>...\nStatus:\n  Conditions:\n    Last Transition Time:  2023-02-22T15:43:44Z\n    Message:               Instance was created or update on Aiven side\n    Reason:                Created\n    Status:                True\n    Type:                  Initialized\n    Last Transition Time:  2023-02-22T15:43:44Z\n    Message:               Instance was created or update on Aiven side, status remains unknown\n    Reason:                Created\n    Status:                Unknown\n    Type:                  Running\n  State:                   REBUILDING\n...\n</code></pre> <p>The resource will be in the <code>REBUILDING</code> state for a few minutes. Once the state changes to <code>RUNNING</code>, you can access the resource.</p>"},{"location":"resources/mysql.html#using-the-connection-secret","title":"Using the connection Secret","text":"<p>For your convenience, the operator automatically stores the MySQL connection information in a Secret created with the name specified on the <code>connInfoSecretTarget</code> field.</p> <p>To view the details of the Secret, use the following command:</p> <pre><code>kubectl describe secret mysql-secret \n</code></pre> <p>The output is similar to the following:</p> <pre><code>Name:         mysql-secret\nNamespace:    default\nLabels:       &lt;none&gt;\nAnnotations:  &lt;none&gt;\n\nType:  Opaque\n\nData\n====\nMYSQL_PORT:      5 bytes\nMYSQL_SSL_MODE:  8 bytes\nMYSQL_URI:       115 bytes\nMYSQL_USER:      8 bytes\nMYSQL_DATABASE:  9 bytes\nMYSQL_HOST:      39 bytes\nMYSQL_PASSWORD:  24 bytes\n</code></pre> <p>You can use jq to quickly decode the Secret:</p> <pre><code>kubectl get secret mysql-secret -o json | jq '.data | map_values(@base64d)'\n</code></pre> <p>The output is similar to the following:</p> <pre><code>{\n  \"MYSQL_DATABASE\": \"defaultdb\",\n  \"MYSQL_HOST\": \"&lt;secret&gt;\",\n  \"MYSQL_PASSWORD\": \"&lt;secret&gt;\",\n  \"MYSQL_PORT\": \"12691\",\n  \"MYSQL_SSL_MODE\": \"REQUIRED\",\n  \"MYSQL_URI\": \"&lt;secret&gt;\",\n  \"MYSQL_USER\": \"avnadmin\"\n}\n</code></pre>"},{"location":"resources/mysql.html#creating-a-mysql-user","title":"Creating a MySQL user","text":"<p>You can create service users for your instance of Aiven for MySQL. Service users are unique to this instance and are not shared with any other services.</p> <p>1. Create a file named mysql-service-user.yaml:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: ServiceUser\nmetadata:\n  name: mysql-service-user\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: mysql-service-user-secret\n\n  project: &lt;your-project-name&gt;\n  serviceName: mysql-sample\n</code></pre> <p>2. Create the user by applying the configuration:</p> <pre><code>kubectl apply -f mysql-service-user.yaml\n</code></pre> <p>The <code>ServiceUser</code> resource generates a Secret with connection information. </p> <p>3. View the details of the Secret using jq:</p> <pre><code>kubectl get secret mysql-service-user-secret -o json | jq '.data | map_values(@base64d)'\n</code></pre> <p>The output is similar to the following:</p> <pre><code>{\n  \"ACCESS_CERT\": \"&lt;secret&gt;\",\n  \"ACCESS_KEY\": \"&lt;secret&gt;\",\n  \"CA_CERT\": \"&lt;secret&gt;\",\n  \"HOST\": \"&lt;secret&gt;\",\n  \"PASSWORD\": \"&lt;secret&gt;\",\n  \"PORT\": \"14609\",\n  \"USERNAME\": \"mysql-service-user\"\n}\n</code></pre> <p>You can connect to the MySQL instance using these credentials and the host information from the <code>mysql-secret</code> Secret.</p>"},{"location":"resources/opensearch.html","title":"OpenSearch","text":"<p>OpenSearch\u00ae is an open source search and analytics suite including search engine, NoSQL document database, and visualization interface. OpenSearch offers a distributed, full-text search engine based on Apache Lucene\u00ae with a RESTful API interface and support for JSON documents.</p> <p>Note</p> <p>Before going through this guide, make sure you have a Kubernetes cluster with the operator installed  and a Kubernetes Secret with an Aiven authentication token.</p>"},{"location":"resources/opensearch.html#creating-an-opensearch-instance","title":"Creating an OpenSearch instance","text":"<p>1. Create a file named <code>os-sample.yaml</code>, and add the following content: </p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: OpenSearch\nmetadata:\n  name: os-sample\nspec:\n  # gets the authentication token from the `aiven-token` Secret\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  # outputs the OpenSearch connection on the `os-secret` Secret\n  connInfoSecretTarget:\n    name: os-secret\n\n  # add your Project name here\n  project: &lt;your-project-name&gt;\n\n  # cloud provider and plan of your choice\n  # you can check all of the possibilities here https://aiven.io/pricing\n  cloudName: google-europe-west1\n  plan: startup-4\n\n  # general Aiven configuration\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n</code></pre> <p>2. Create the service by applying the configuration:</p> <pre><code>kubectl apply -f os-sample.yaml \n</code></pre> <p>3. Review the resource you created with this command:</p> <pre><code>kubectl describe opensearch.aiven.io os-sample\n</code></pre> <p>The output is similar to the following:</p> <pre><code>...\nStatus:\n  Conditions:\n    Last Transition Time:  2023-01-19T14:41:43Z\n    Message:               Instance was created or update on Aiven side\n    Reason:                Created\n    Status:                True\n    Type:                  Initialized\n    Last Transition Time:  2023-01-19T14:41:43Z\n    Message:               Instance was created or update on Aiven side, status remains unknown\n    Reason:                Created\n    Status:                Unknown\n    Type:                  Running\n  State:                   REBUILDING\n...\n</code></pre> <p>The resource will be in the <code>REBUILDING</code> state for a few minutes. Once the state changes to <code>RUNNING</code>, you can access the resource.</p>"},{"location":"resources/opensearch.html#using-the-connection-secret","title":"Using the connection Secret","text":"<p>For your convenience, the operator automatically stores the OpenSearch connection information in a Secret created with the name specified on the <code>connInfoSecretTarget</code> field.</p> <p>To view the details of the Secret, use the following command:</p> <pre><code>kubectl describe secret os-secret \n</code></pre> <p>The output is similar to the following:</p> <pre><code>Name:         os-secret\nNamespace:    default\nLabels:       &lt;none&gt;\nAnnotations:  &lt;none&gt;\n\nType:  Opaque\n\nData\n====\nHOST:      61 bytes\nPASSWORD:  24 bytes\nPORT:      5 bytes\nUSER:      8 bytes\n</code></pre> <p>You can use the jq to quickly decode the Secret:</p> <pre><code>kubectl get secret os-secret -o json | jq '.data | map_values(@base64d)'\n</code></pre> <p>The output is similar to the following:</p> <pre><code>{\n  \"HOST\": \"os-sample-your-project.aivencloud.com\",\n  \"PASSWORD\": \"&lt;secret&gt;\",\n  \"PORT\": \"13041\",\n  \"USER\": \"avnadmin\"\n}\n</code></pre>"},{"location":"resources/opensearch.html#creating-an-opensearch-user","title":"Creating an OpenSearch user","text":"<p>You can create service users for your instance of Aiven for OpenSearch. Service users are unique to this instance and are not shared with any other services.</p> <p>1. Create a file named os-service-user.yaml:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: ServiceUser\nmetadata:\n  name: os-service-user\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: os-service-user-secret\n\n  project: &lt;your-project-name&gt;\n  serviceName: os-sample\n</code></pre> <p>2. Create the user by applying the configuration:</p> <pre><code>kubectl apply -f os-service-user.yaml\n</code></pre> <p>The <code>ServiceUser</code> resource generates a Secret with connection information.</p> <p>3. View the details of the Secret using the following command:</p> <pre><code>kubectl get secret os-service-user-secret -o json | jq '.data | map_values(@base64d)'\n</code></pre> <p>The output is similar to the following:</p> <pre><code>{\n  \"ACCESS_CERT\": \"&lt;secret&gt;\",\n  \"ACCESS_KEY\": \"&lt;secret&gt;\",\n  \"CA_CERT\": \"&lt;secret&gt;\",\n  \"HOST\": \"os-sample-your-project.aivencloud.com\",\n  \"PASSWORD\": \"&lt;secret&gt;\",\n  \"PORT\": \"14609\",\n  \"USERNAME\": \"os-service-user\"\n}\n</code></pre> <p>You can connect to the OpenSearch instance using these credentials and the host information from the <code>os-secret</code> Secret.</p>"},{"location":"resources/postgresql.html","title":"PostgreSQL","text":"<p>PostgreSQL is an open source, relational database. It's ideal for organisations that need a well organised tabular datastore. On top of the strict table and columns formats, PostgreSQL also offers solutions for nested datasets with the native <code>jsonb</code> format and advanced set of extensions including PostGIS, a spatial database extender for location queries. Aiven for PostgreSQL is the perfect fit for your relational data.</p> <p>With Aiven Kubernetes Operator, you can manage Aiven for PostgreSQL through the well defined Kubernetes API.</p> <p>Note</p> <p>Before going through this guide, make sure you have a Kubernetes cluster with the operator installed,  and a Kubernetes Secret with an Aiven authentication token.</p>"},{"location":"resources/postgresql.html#creating-a-postgresql-instance","title":"Creating a PostgreSQL instance","text":"<p>1. Create a file named <code>pg-sample.yaml</code> with the following content:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: PostgreSQL\nmetadata:\n  name: pg-sample\nspec:\n\n  # gets the authentication token from the `aiven-token` Secret\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  # outputs the PostgreSQL connection on the `pg-connection` Secret\n  connInfoSecretTarget:\n    name: pg-connection\n\n  # add your Project name here\n  project: &lt;your-project-name&gt;\n\n  # cloud provider and plan of your choice\n  # you can check all of the possibilities here https://aiven.io/pricing\n  cloudName: google-europe-west1\n  plan: startup-4\n\n  # general Aiven configuration\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n\n  # specific PostgreSQL configuration\n  userConfig:\n    pg_version: '11'\n</code></pre> <p>2. Create the service by applying the configuration:</p> <pre><code>kubectl apply -f pg-sample.yaml\n</code></pre> <p>3. Review the resource you created with the following command:</p> <pre><code>kubectl get postgresqls.aiven.io pg-sample\n</code></pre> <p>The output is similar to the following:</p> <pre><code>NAME        PROJECT        REGION                PLAN        STATE\npg-sample   your-project   google-europe-west1   startup-4   RUNNING\n</code></pre> <p>The resource can stay in the <code>BUILDING</code> state for a couple of minutes. Once the state changes to <code>RUNNING</code>, you are ready to access it.</p>"},{"location":"resources/postgresql.html#using-the-connection-secret","title":"Using the connection Secret","text":"<p>For your convenience, the operator automatically stores the PostgreSQL connection information in a Secret created with the name specified on the <code>connInfoSecretTarget</code> field.</p> <pre><code>kubectl describe secret pg-connection\n</code></pre> <p>The output is similar to the following:</p> <pre><code>Name:         pg-connection\nNamespace:    default\nAnnotations:  &lt;none&gt;\n\nType:  Opaque\n\nData\n====\nDATABASE_URI:  107 bytes\nPGDATABASE:    9 bytes\nPGHOST:        38 bytes\nPGPASSWORD:    16 bytes\nPGPORT:        5 bytes\nPGSSLMODE:     7 bytes\nPGUSER:        8 bytes\n</code></pre> <p>You can use the jq to quickly decode the Secret:</p> <pre><code>kubectl get secret pg-connection -o json | jq '.data | map_values(@base64d)'\n</code></pre> <p>The output is similar to the following:</p> <pre><code>{\n  \"DATABASE_URI\": \"postgres://avnadmin:&lt;secret-password&gt;@pg-sample-your-project.aivencloud.com:13039/defaultdb?sslmode=require\",\n  \"PGDATABASE\": \"defaultdb\",\n  \"PGHOST\": \"pg-sample-your-project.aivencloud.com\",\n  \"PGPASSWORD\": \"&lt;secret-password&gt;\",\n  \"PGPORT\": \"13039\",\n  \"PGSSLMODE\": \"require\",\n  \"PGUSER\": \"avnadmin\"\n}\n</code></pre>"},{"location":"resources/postgresql.html#testing-the-connection","title":"Testing the connection","text":"<p>You can verify your PostgreSQL connection from a Kubernetes workload by deploying a Pod that runs the <code>psql</code> command.</p> <p>1. Create a file named <code>pod-psql.yaml</code></p> <pre><code>apiVersion: v1\nkind: Pod\nmetadata:\n  name: psql-test-connection\nspec:\n  restartPolicy: Never\n  containers:\n    - image: postgres:11-alpine\n      name: postgres\n      command: [ 'psql', '$(DATABASE_URI)', '-c', 'SELECT version();' ]\n\n      # the pg-connection Secret becomes environment variables \n      envFrom:\n        - secretRef:\n            name: pg-connection\n</code></pre> <p>It runs once and stops, due to the <code>restartPolicy: Never</code> flag.</p> <p>2. Inspect the log:</p> <pre><code>kubectl logs psql-test-connection\n</code></pre> <p>The output is similar to the following: <pre><code>                                           version                                           \n---------------------------------------------------------------------------------------------\n PostgreSQL 11.12 on x86_64-pc-linux-gnu, compiled by gcc, a 68c5366192 p 6b9244f01a, 64-bit\n(1 row)\n</code></pre></p> <p>You have now connected to the PostgreSQL, and executed the <code>SELECT version();</code> query.</p>"},{"location":"resources/postgresql.html#creating-a-postgresql-database","title":"Creating a PostgreSQL database","text":"<p>The <code>Database</code> Kubernetes resource allows you to create a logical database within the PostgreSQL instance.</p> <p>Create the <code>pg-database-sample.yaml</code> file with the following content:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: Database\nmetadata:\n  name: pg-database-sample\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  # the name of the previously created PostgreSQL instance\n  serviceName: pg-sample\n\n  project: &lt;your-project-name&gt;\n  lcCollate: en_US.UTF-8\n  lcCtype: en_US.UTF-8\n</code></pre> <p>You can now connect to the <code>pg-database-sample</code> using the credentials stored in the <code>pg-connection</code> Secret.</p>"},{"location":"resources/postgresql.html#creating-a-postgresql-user","title":"Creating a PostgreSQL user","text":"<p>Aiven uses the concept of service user that allows you to create users for different services. You can create one for the PostgreSQL instance.</p> <p>1. Create a file named <code>pg-service-user.yaml</code>.</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: ServiceUser\nmetadata:\n  name: pg-service-user\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: pg-service-user-connection\n\n  project: &lt;your-project-name&gt;\n  serviceName: pg-sample\n</code></pre> <p>2. Apply the configuration with the following command.</p> <pre><code>kubectl apply -f pg-service-user.yaml\n</code></pre> <p>The <code>ServiceUser</code> resource generates a Secret with connection information, in this case named <code>pg-service-user-connection</code>:</p> <pre><code>kubectl get secret pg-service-user-connection -o json | jq '.data | map_values(@base64d)'\n</code></pre> <p>The output has the password and username: <pre><code>{\n  \"PASSWORD\": \"&lt;secret-password&gt;\",\n  \"USERNAME\": \"pg-service-user\"\n}\n</code></pre></p> <p>You can now connect to the PostgreSQL instance using the credentials generated above, and the host information from the <code>pg-connection</code> Secret.</p>"},{"location":"resources/postgresql.html#creating-a-postgresql-connection-pool","title":"Creating a PostgreSQL connection pool","text":"<p>Connection pooling allows you to maintain very large numbers of connections to a database while minimizing the consumption of server resources. For more information, refer to the connection pooling article in Aiven Docs. Aiven for PostgreSQL uses PGBouncer for connection pooling.</p> <p>You can create a connection pool with the <code>ConnectionPool</code> resource using the previously created <code>Database</code> and <code>ServiceUser</code>:</p> <p>Create a new file named <code>pg-connection-pool.yaml</code> with the following content:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: ConnectionPool\nmetadata:\n  name: pg-connection-pool\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: pg-connection-pool-connection\n\n  project: &lt;your-project-name&gt;\n  serviceName: pg-sample\n  databaseName: pg-database-sample\n  username: pg-service-user\n  poolSize: 10\n  poolMode: transaction\n</code></pre> <p>The <code>ConnectionPool</code> generates a Secret with the connection info using the name from the <code>connInfoSecretTarget.Name</code> field:</p> <p><pre><code>kubectl get secret pg-connection-pool-connection -o json | jq '.data | map_values(@base64d)' \n</code></pre> The output is similar to the following: </p> <pre><code>{\n  \"DATABASE_URI\": \"postgres://pg-service-user:&lt;secret-password&gt;@pg-sample-you-project.aivencloud.com:13040/pg-connection-pool?sslmode=require\",\n  \"PGDATABASE\": \"pg-database-sample\",\n  \"PGHOST\": \"pg-sample-your-project.aivencloud.com\",\n  \"PGPASSWORD\": \"&lt;secret-password&gt;\",\n  \"PGPORT\": \"13040\",\n  \"PGSSLMODE\": \"require\",\n  \"PGUSER\": \"pg-service-user\"\n}\n</code></pre>"},{"location":"resources/postgresql.html#creating-a-postgresql-read-only-replica","title":"Creating a PostgreSQL read-only replica","text":"<p>Read-only replicas can be used to reduce the load on the primary service by making read-only queries against the replica service. </p> <p>To create a read-only replica for a PostgreSQL service, you create a second PostgreSQL service and use serviceIntegrations to replicate data from your primary service.</p> <p>The example that follows creates a primary service and a read-only replica.</p> <p>1. Create a new file named <code>pg-read-replica.yaml</code> with the following:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: PostgreSQL\nmetadata:\n  name: primary-pg-service\nspec:\n  # gets the authentication token from the `aiven-token` Secret\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  # add your project's name here\n  project: &lt;your-project-name&gt;\n\n  # add the cloud provider and plan of your choice\n  # you can see all of the options at https://aiven.io/pricing\n  cloudName: google-europe-west1\n  plan: startup-4\n\n  # general Aiven configuration\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n  userConfig:\n    pg_version: '15'\n\n---\n\napiVersion: aiven.io/v1alpha1\nkind: PostgreSQL\nmetadata:\n  name: read-replica-pg\nspec:\n  # gets the authentication token from the `aiven-token` Secret\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  # add your project's name here\n  project: &lt;your-project-name&gt;\n\n  # add the cloud provider and plan of your choice\n  # you can see all of the options at https://aiven.io/pricing\n  cloudName: google-europe-west1\n  plan: startup-4\n\n  # general Aiven configuration\n  maintenanceWindowDow: saturday\n  maintenanceWindowTime: 23:00:00\n  userConfig:\n    pg_version: '15'\n\n  # use the read_replica integration and point it to your primary service\n  serviceIntegrations:\n  -  integrationType: read_replica\n     sourceServiceName: primary-pg-service\n</code></pre> <p>Note</p> <p>You can create the replica service in a different region or on a different cloud provider.</p> <p>2. Apply the configuration with the following command:</p> <pre><code>kubectl apply -f pg-read-replica.yaml\n</code></pre> <p>The output is similar to the following:</p> <pre><code>postgresql.aiven.io/primary-pg-service created\npostgresql.aiven.io/read-replica-pg created\n</code></pre> <p>3. Check the status of the primary service with the following command:</p> <pre><code>kubectl get postgresqls.aiven.io primary-pg-service\n</code></pre> <p>The output is similar to the following:</p> <pre><code>NAME                    PROJECT                 REGION                PLAN        STATE\nprimary-pg-service      &lt;your-project-name&gt;     google-europe-west1   startup-4   RUNNING\n</code></pre> <p>The resource can be in the <code>BUILDING</code> state for a few minutes. After the state of the primary service changes to <code>RUNNING</code>, the read-only replica is created. You can check the status of the replica using the same command with the name of the replica:</p> <pre><code>kubectl get postgresqls.aiven.io read-replica-pg\n</code></pre>"},{"location":"resources/project-vpc.html","title":"Aiven Project VPC","text":"<p>Virtual Private Cloud (VPC) peering is a method of connecting separate AWS, Google Cloud or Microsoft Azure private networks to each other. It makes it possible for the virtual machines in the different VPCs to talk to each other directly without going through the public internet.</p> <p>Within the Aiven Kubernetes Operator, you can create a <code>ProjectVPC</code> on Aiven's side to connect to your cloud provider.</p> <p>Note</p> <p>Before going through this guide, make sure you have a Kubernetes cluster with the operator installed,  and a Kubernetes Secret with an Aiven authentication token.</p>"},{"location":"resources/project-vpc.html#creating-an-aiven-vpc","title":"Creating an Aiven VPC","text":"<p>1. Create a file named <code>vpc-sample.yaml</code> with the following content:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: ProjectVPC\nmetadata:\n  name: vpc-sample\nspec:\n  # gets the authentication token from the `aiven-token` Secret\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: &lt;your-project-name&gt;\n\n  # creates a VPC to link an AWS account on the South Africa region\n  cloudName: aws-af-south-1\n\n  # the network range used by the VPC\n  networkCidr: 192.168.0.0/24\n</code></pre> <p>2. Create the Project by applying the configuration:</p> <pre><code>kubectl apply -f vpc-sample.yaml\n</code></pre> <p>3. Review the resource you created with the following command:</p> <pre><code>kubectl get projects.aiven.io vpc-sample\n</code></pre> <p>The output is similar to the following:</p> <pre><code>NAME         PROJECT          CLOUD            NETWORK CIDR\nvpc-sample   &lt;your-project&gt;   aws-af-south-1   192.168.0.0/24\n</code></pre>"},{"location":"resources/project-vpc.html#using-the-aiven-vpc","title":"Using the Aiven VPC","text":"<p>Follow the official VPC documentation to complete the VPC peering on your cloud of choice.</p>"},{"location":"resources/project.html","title":"Aiven Project","text":"<p>Note</p> <p>Before going through this guide, make sure you have a Kubernetes cluster with the operator installed  and a Kubernetes Secret with an Aiven authentication token.</p> <p>The <code>Project</code> CRD allows you to create Aiven Projects, where your resources can be located.</p> <p>To create a fully working Aiven Project with the Aiven Operator you need a source Aiven Project already created with a working billing configuration, like a credit card.</p> <p>Create a file named <code>project-sample.yaml</code> with the following content: <pre><code>apiVersion: aiven.io/v1alpha1\nkind: Project\nmetadata:\n  name: project-sample\nspec:\n  # the source Project to copy the billing information from\n  copyFromProject: &lt;your-source-project&gt;\n\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: project-sample\n</code></pre></p> <p>Apply the resource with: <pre><code>kubectl apply -f project-sample.yaml\n</code></pre></p> <p>Verify the newly created Project:</p> <pre><code>kubectl get projects.aiven.io project-sample\n</code></pre> <p>The output is similar to the following:</p> <pre><code>NAME             AGE\nproject-sample   22s\n</code></pre>"},{"location":"resources/redis.html","title":"Redis","text":"<p>Aiven for Redis\u00ae* is a fully managed in-memory NoSQL database that you can deploy in the cloud of your choice to store and access data quickly and efficiently.</p> <p>Note</p> <p>Before going through this guide, make sure you have a Kubernetes cluster with the operator installed  and a Kubernetes Secret with an Aiven authentication token.</p>"},{"location":"resources/redis.html#creating-a-redis-instance","title":"Creating a Redis instance","text":"<p>1. Create a file named <code>redis-sample.yaml</code>, and add the following content: </p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: Redis\nmetadata:\n  name: redis-sample\nspec:\n  # gets the authentication token from the `aiven-token` Secret\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  # outputs the Redis connection on the `redis-secret` Secret\n  connInfoSecretTarget:\n    name: redis-secret\n\n  # add your Project name here\n  project: &lt;your-project-name&gt;\n\n  # cloud provider and plan of your choice\n  # you can check all of the possibilities here https://aiven.io/pricing\n  cloudName: google-europe-west1\n  plan: startup-4\n\n  # general Aiven configuration\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n\n  # specific Redis configuration\n  userConfig:\n    redis_maxmemory_policy: \"allkeys-random\"\n</code></pre> <p>2. Create the service by applying the configuration:</p> <pre><code>kubectl apply -f redis-sample.yaml \n</code></pre> <p>3. Review the resource you created with this command:</p> <pre><code>kubectl describe redis.aiven.io redis-sample\n</code></pre> <p>The output is similar to the following:</p> <pre><code>...\nStatus:\n  Conditions:\n    Last Transition Time:  2023-01-19T14:48:59Z\n    Message:               Instance was created or update on Aiven side\n    Reason:                Created\n    Status:                True\n    Type:                  Initialized\n    Last Transition Time:  2023-01-19T14:48:59Z\n    Message:               Instance was created or update on Aiven side, status remains unknown\n    Reason:                Created\n    Status:                Unknown\n    Type:                  Running\n  State:                   REBUILDING\n...\n</code></pre> <p>The resource will be in the <code>REBUILDING</code> state for a few minutes. Once the state changes to <code>RUNNING</code>, you can access the resource.</p>"},{"location":"resources/redis.html#using-the-connection-secret","title":"Using the connection Secret","text":"<p>For your convenience, the operator automatically stores the Redis connection information in a Secret created with the name specified on the <code>connInfoSecretTarget</code> field.</p> <p>To view the details of the Secret, use the following command:</p> <pre><code>kubectl describe secret redis-secret \n</code></pre> <p>The output is similar to the following:</p> <pre><code>Name:         redis-secret\nNamespace:    default\nLabels:       &lt;none&gt;\nAnnotations:  &lt;none&gt;\n\nType:  Opaque\n\nData\n====\nSSL:       8 bytes\nUSER:      7 bytes\nHOST:      60 bytes\nPASSWORD:  24 bytes\nPORT:      5 bytes\n</code></pre> <p>You can use the jq to quickly decode the Secret:</p> <pre><code>kubectl get secret redis-secret -o json | jq '.data | map_values(@base64d)'\n</code></pre> <p>The output is similar to the following:</p> <pre><code>{\n  \"HOST\": \"redis-sample-your-project.aivencloud.com\",\n  \"PASSWORD\": \"&lt;secret-password&gt;\",\n  \"PORT\": \"14610\",\n  \"SSL\": \"required\",\n  \"USER\": \"default\"\n}\n</code></pre>"},{"location":"resources/service-integrations.html","title":"Service Integrations","text":"<p>Service Integrations provide additional functionality and features by connecting different Aiven services together.</p> <p>See our Getting Started with Service Integrations guide for more information.</p> <p>Note</p> <p>Before going through this guide, make sure you have a Kubernetes cluster with the operator installed,  and a Kubernetes Secret with an Aiven authentication token.</p>"},{"location":"resources/service-integrations.html#send-kafka-logs-to-a-kafka-topic","title":"Send Kafka logs to a Kafka Topic","text":"<p>This integration allows you to send Kafka service logs to a specific Kafka Topic.</p> <p>First, let's create a Kafka service and a topic.</p> <p>1. Create a new file named <code>kafka-sample-topic.yaml</code> with the following content:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: Kafka\nmetadata:\n  name: kafka-sample\nspec:\n  # gets the authentication token from the `aiven-token` Secret\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  # outputs the Kafka connection on the `kafka-connection` Secret\n  connInfoSecretTarget:\n    name: kafka-auth\n\n  # add your Project name here\n  project: &lt;your-project-name&gt;\n\n  # cloud provider and plan of your choice\n  # you can check all of the possibilities here https://aiven.io/pricing\n  cloudName: google-europe-west1\n  plan: startup-2\n\n  # general Aiven configuration\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n\n  # specific Kafka configuration\n  userConfig:\n    kafka_version: '2.7'\n\n---\n\napiVersion: aiven.io/v1alpha1\nkind: KafkaTopic\nmetadata:\n  name: logs\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: &lt;your-project-name&gt;\n  serviceName: kafka-sample\n\n  # here we can specify how many partitions the topic should have\n  partitions: 3\n  # and the topic replication factor\n  replication: 2\n\n  # we also support various topic-specific configurations\n  config:\n    flush_ms: 100\n</code></pre> <p>2. Create the resource on Kubernetes:</p> <pre><code>kubectl apply -f kafka-sample-topic.yaml \n</code></pre> <p>3. Now, create a <code>ServiceIntegration</code> resource to send the Kafka logs to the created topic. In the same file, add the    following YAML:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: ServiceIntegration\nmetadata:\n  name: service-integration-kafka-logs\nspec:\n\n  # gets the authentication token from the `aiven-token` Secret\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: &lt;your-project-name&gt;\n\n  # indicates the type of the integration\n  integrationType: kafka_logs\n\n  # we will send the logs to the same kafka-sample instance\n  # the source and destination are the same\n  sourceServiceName: kafka-sample\n  destinationServiceName: kafka-sample\n\n  # the topic name we will send to\n  kafkaLogs:\n    kafka_topic: logs\n</code></pre> <p>4. Reapply the resource on Kubernetes:</p> <pre><code>kubectl apply -f kafka-sample-topic.yaml \n</code></pre> <p>5. Let's check the created service integration:</p> <pre><code>kubectl get serviceintegrations.aiven.io service-integration-kafka-logs\n</code></pre> <p>The output is similar to the following:</p> <pre><code>NAME                             PROJECT        TYPE         SOURCE SERVICE NAME   DESTINATION SERVICE NAME   SOURCE ENDPOINT ID   DESTINATION ENDPOINT ID\nservice-integration-kafka-logs   your-project   kafka_logs   kafka-sample          kafka-sample                                    \n</code></pre> <p>Your Kafka service logs are now being streamed to the <code>logs</code> Kafka topic.</p>"},{"location":"resources/kafka/index.html","title":"Kafka","text":"<p>Aiven for Apache Kafka is an excellent option if you need to run Apache Kafka at scale. With Aiven Kubernetes Operator you can get up and running with a suitably sized Apache Kafka service in a few minutes.</p> <p>Note</p> <p>Before going through this guide, make sure you have a Kubernetes cluster with the operator installed  and a Kubernetes Secret with an Aiven authentication token.</p>"},{"location":"resources/kafka/index.html#creating-a-kafka-instance","title":"Creating a Kafka instance","text":"<p>1. Create a file named <code>kafka-sample.yaml</code>, and add the following content:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: Kafka\nmetadata:\n  name: kafka-sample\nspec:\n  # gets the authentication token from the `aiven-token` Secret\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  # outputs the Kafka connection on the `kafka-connection` Secret\n  connInfoSecretTarget:\n    name: kafka-auth\n\n  # add your Project name here\n  project: &lt;your-project-name&gt;\n\n  # cloud provider and plan of your choice\n  # you can check all of the possibilities here https://aiven.io/pricing\n  cloudName: google-europe-west1\n  plan: startup-2\n\n  # general Aiven configuration\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n\n  # specific Kafka configuration\n  userConfig:\n    kafka_version: '2.7'\n</code></pre> <p>2. Create the following resource on Kubernetes:</p> <pre><code>kubectl apply -f kafka-sample.yaml \n</code></pre> <p>3. Inspect the service created using the command below. </p> <pre><code>kubectl get kafka.aiven.io kafka-sample\n</code></pre> <p>The output has the project name and state, similar to the following:</p> <pre><code>NAME           PROJECT          REGION                PLAN        STATE\nkafka-sample   &lt;your-project&gt;   google-europe-west1   startup-2   RUNNING\n</code></pre> <p>After a couple of minutes, the <code>STATE</code> field is changed to <code>RUNNING</code>, and is ready to be used.</p>"},{"location":"resources/kafka/index.html#using-the-connection-secret","title":"Using the connection Secret","text":"<p>For your convenience, the operator automatically stores the Kafka connection information in a Secret created with the name specified on the <code>connInfoSecretTarget</code> field.</p> <pre><code>kubectl describe secret kafka-auth \n</code></pre> <p>The output is similar to the following:</p> <pre><code>Name:         kafka-auth\nNamespace:    default\nAnnotations:  &lt;none&gt;\n\nType:  Opaque\n\nData\n====\nCA_CERT:      1537 bytes\nHOST:         41 bytes\nPASSWORD:     16 bytes\nPORT:         5 bytes\nUSERNAME:     8 bytes\nACCESS_CERT:  1533 bytes\nACCESS_KEY:   2484 bytes\n</code></pre> <p>You can use the jq to quickly decode the Secret:</p> <pre><code>kubectl get secret kafka-auth -o json | jq '.data | map_values(@base64d)'\n</code></pre> <p>The output is similar to the following:</p> <pre><code>{\n  \"CA_CERT\": \"&lt;secret-ca-cert&gt;\",\n  \"ACCESS_CERT\": \"&lt;secret-cert&gt;\",\n  \"ACCESS_KEY\": \"&lt;secret-access-key&gt;\",\n  \"HOST\": \"kafka-sample-your-project.aivencloud.com\",\n  \"PASSWORD\": \"&lt;secret-password&gt;\",\n  \"PORT\": \"13041\",\n  \"USERNAME\": \"avnadmin\"\n}\n</code></pre>"},{"location":"resources/kafka/index.html#testing-the-connection","title":"Testing the connection","text":"<p>You can verify your access to the Kafka cluster from a Pod using the authentication data from the <code>kafka-auth</code> Secret. kcat is used for our examples below.</p> <p>1. Create a file named <code>kafka-test-connection.yaml</code>, and add the following content:</p> <pre><code>apiVersion: v1\nkind: Pod\nmetadata:\n  name: kafka-test-connection\nspec:\n  restartPolicy: Never\n  containers:\n    - image: edenhill/kcat:1.7.0\n      name: kcat\n\n      # the command below will connect to the Kafka cluster\n      # and output its metadata\n      command: [\n          'kcat', '-b', '$(HOST):$(PORT)',\n          '-X', 'security.protocol=SSL',\n          '-X', 'ssl.key.location=/kafka-auth/ACCESS_KEY',\n          '-X', 'ssl.key.password=$(PASSWORD)',\n          '-X', 'ssl.certificate.location=/kafka-auth/ACCESS_CERT',\n          '-X', 'ssl.ca.location=/kafka-auth/CA_CERT',\n          '-L'\n      ]\n\n      # loading the data from the Secret as environment variables\n      # useful to access the Kafka information, like hostname and port\n      envFrom:\n        - secretRef:\n            name: kafka-auth\n\n      volumeMounts:\n        - name: kafka-auth\n          mountPath: \"/kafka-auth\"\n\n  # loading the data from the Secret as files in a volume\n  # useful to access the Kafka certificates \n  volumes:\n    - name: kafka-auth\n      secret:\n        secretName: kafka-auth\n</code></pre> <p>2. Apply the file.</p> <pre><code>kubectl apply -f kafka-test-connection.yaml\n</code></pre> <p>Once successfully applied, you have a log with the metadata information about the Kafka cluster.</p> <pre><code>kubectl logs kafka-test-connection \n</code></pre> <p>The output is similar to the following:</p> <pre><code>Metadata for all topics (from broker -1: ssl://kafka-sample-your-project.aivencloud.com:13041/bootstrap):\n 3 brokers:\n  broker 2 at 35.205.234.70:13041\n  broker 3 at 34.77.127.70:13041 (controller)\n  broker 1 at 34.78.146.156:13041\n 0 topics:\n</code></pre>"},{"location":"resources/kafka/index.html#creating-a-kafkatopic-and-kafkaacl","title":"Creating a <code>KafkaTopic</code> and <code>KafkaACL</code>","text":"<p>To properly produce and consume content on Kafka, you need topics and ACLs. The operator supports both with the <code>KafkaTopic</code> and <code>KafkaACL</code> resources.</p> <p>Below, here is how to create a Kafka topic named <code>random-strings</code> where random string messages will be sent.</p> <p>1. Create a file named <code>kafka-topic-random-strings.yaml</code> with the content below:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: KafkaTopic\nmetadata:\n  name: random-strings\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: &lt;your-project-name&gt;\n  serviceName: kafka-sample\n\n  # here we can specify how many partitions the topic should have\n  partitions: 3\n  # and the topic replication factor\n  replication: 2\n\n  # we also support various topic-specific configurations\n  config:\n    flush_ms: 100\n</code></pre> <p>2. Create the resource on Kubernetes:</p> <pre><code>kubectl apply -f kafka-topic-random-strings.yaml\n</code></pre> <p>3. Create a user and an ACL. To use the Kafka topic, create a new user with the <code>ServiceUser</code> resource (in order to    avoid using the <code>avnadmin</code> superuser), and the <code>KafkaACL</code> to allow the user access to the topic.</p> <p>In a file named <code>kafka-acl-user-crab.yaml</code>, add the following two resources:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: ServiceUser\nmetadata:\n  # the name of our user \ud83e\udd80\n  name: crab\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  # the Secret name we will store the users' connection information\n  # looks exactly the same as the Secret generated when creating the Kafka cluster\n  # we will use this Secret to produce and consume events later!\n  connInfoSecretTarget:\n    name: kafka-crab-connection\n\n  # the Aiven project the user is related to\n  project: &lt;your-project-name&gt;\n\n  # the name of our Kafka Service\n  serviceName: kafka-sample\n\n---\n\napiVersion: aiven.io/v1alpha1\nkind: KafkaACL\nmetadata:\n  name: crab\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: &lt;your-project-name&gt;\n  serviceName: kafka-sample\n\n  # the username from the ServiceUser above\n  username: crab\n\n  # the ACL allows to produce and consume on the topic\n  permission: readwrite\n\n  # specify the topic we created before\n  topic: random-strings\n</code></pre> <p>To create the <code>crab</code> user and its permissions, execute the following command:</p> <pre><code>kubectl apply -f kafka-acl-user-crab.yaml\n</code></pre>"},{"location":"resources/kafka/index.html#producing-and-consuming-events","title":"Producing and consuming events","text":"<p>Using the previously created <code>KafkaTopic</code>, <code>ServiceUser</code>, <code>KafkaACL</code>, you can produce and consume events.</p> <p>You can use kcat to produce a message into Kafka, and the <code>-t random-strings</code> argument to select the desired topic, and use the content of the <code>/etc/issue</code> file as the message's body.</p> <p>1. Create a <code>kafka-crab-produce.yaml</code> file with the content below:</p> <pre><code>apiVersion: v1\nkind: Pod\nmetadata:\n  name: kafka-crab-produce\nspec:\n  restartPolicy: Never\n  containers:\n    - image: edenhill/kcat:1.7.0\n      name: kcat\n\n      # the command below will produce a message with the /etc/issue file content\n      command: [\n          'kcat', '-b', '$(HOST):$(PORT)',\n          '-X', 'security.protocol=SSL',\n          '-X', 'ssl.key.location=/crab-auth/ACCESS_KEY',\n          '-X', 'ssl.key.password=$(PASSWORD)',\n          '-X', 'ssl.certificate.location=/crab-auth/ACCESS_CERT',\n          '-X', 'ssl.ca.location=/crab-auth/CA_CERT',\n          '-P', '-t', 'random-strings', '/etc/issue',\n      ]\n\n      # loading the crab user data from the Secret as environment variables\n      # useful to access the Kafka information, like hostname and port\n      envFrom:\n        - secretRef:\n            name: kafka-crab-connection\n\n      volumeMounts:\n        - name: crab-auth\n          mountPath: \"/crab-auth\"\n\n  # loading the crab user information from the Secret as files in a volume\n  # useful to access the Kafka certificates \n  volumes:\n    - name: crab-auth\n      secret:\n        secretName: kafka-crab-connection\n</code></pre> <p>2. Create the Pod with the following content:</p> <pre><code>kubectl apply -f kafka-crab-produce.yaml\n</code></pre> <p>Now your event is stored in Kafka.</p> <p>To consume a message, you can use a graphical interface called Kowl. It allows you to explore information about our Kafka cluster, such as brokers, topics, or consumer groups.</p> <p>1. Create a Kubernetes Pod and service to deploy and access Kowl. Create a file named <code>kafka-crab-consume.yaml</code> with the    content below:</p> <pre><code>apiVersion: v1\nkind: Pod\nmetadata:\n  name: kafka-crab-consume\n  labels:\n    app: kafka-crab-consume\nspec:\n  containers:\n    - image: quay.io/cloudhut/kowl:v1.4.0\n      name: kowl\n\n      # kowl configuration values\n      env:\n        - name: KAFKA_TLS_ENABLED\n          value: 'true'\n\n        - name: KAFKA_BROKERS\n          value: $(HOST):$(PORT)\n        - name: KAFKA_TLS_PASSPHRASE\n          value: $(PASSWORD)\n\n        - name: KAFKA_TLS_CAFILEPATH\n          value: /crab-auth/CA_CERT\n        - name: KAFKA_TLS_CERTFILEPATH\n          value: /crab-auth/ACCESS_CERT\n        - name: KAFKA_TLS_KEYFILEPATH\n          value: /crab-auth/ACCESS_KEY\n\n      # inject all connection information as environment variables\n      envFrom:\n        - secretRef:\n            name: kafka-crab-connection\n\n      volumeMounts:\n        - name: crab-auth\n          mountPath: /crab-auth\n\n  # loading the crab user information from the Secret as files in a volume\n  # useful to access the Kafka certificates \n  volumes:\n    - name: crab-auth\n      secret:\n        secretName: kafka-crab-connection\n\n---\n\n# we will be using a simple service to access Kowl on port 8080\napiVersion: v1\nkind: Service\nmetadata:\n  name: kafka-crab-consume\nspec:\n  selector:\n    app: kafka-crab-consume\n  ports:\n    - port: 8080\n      targetPort: 8080\n</code></pre> <p>2. Create the resources with:</p> <pre><code>kubectl apply -f kafka-crab-consume.yaml\n</code></pre> <p>3. In another terminal create a port-forward tunnel to your Pod:</p> <pre><code>kubectl port-forward kafka-crab-consume 8080:8080\n</code></pre> <p>4. In the browser of your choice, access the http://localhost:8080 address. You now see a page with    the <code>random-strings</code> topic listed:    </p> <p>5. Click the topic name to see the message.    </p> <p>You have now consumed the message.</p>"},{"location":"resources/kafka/connect.html","title":"Kafka Connect","text":"<p>Aiven for Apache Kafka Connect is a framework and a runtime for integrating Kafka with other systems. Kafka connectors can either be a source (for pulling data from other systems into Kafka) or sink (for pushing data into other systems from Kafka).</p> <p>This section involves a few different Kubernetes CRDs: 1. A <code>KafkaService</code> service with a <code>KafkaTopic</code> 2. A <code>KafkaConnect</code> service 3. A <code>ServiceIntegration</code> to integrate the <code>Kafka</code> and <code>KafkaConnect</code> services 4. A <code>PostgreSQL</code> used as a sink to receive messages from <code>Kafka</code> 5. A <code>KafkaConnector</code> to finally connect the <code>Kafka</code> with the <code>PostgreSQL</code></p>"},{"location":"resources/kafka/connect.html#creating-the-resources","title":"Creating the resources","text":"<p>Create a file named <code>kafka-sample-connect.yaml</code> with the following content:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: Kafka\nmetadata:\n  name: kafka-sample-connect\nspec:\n  # gets the authentication token from the `aiven-token` Secret\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  # outputs the Kafka connection on the `kafka-connection` Secret\n  connInfoSecretTarget:\n    name: kafka-auth\n\n  # add your Project name here\n  project: &lt;your-project-name&gt;\n\n  # cloud provider and plan of your choice\n  # you can check all of the possibilities here https://aiven.io/pricing\n  cloudName: google-europe-west1\n  plan: business-4\n\n  # general Aiven configuration\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n\n  # specific Kafka configuration\n  userConfig:\n    kafka_version: '2.7'\n    kafka_connect: true\n\n---\n\napiVersion: aiven.io/v1alpha1\nkind: KafkaTopic\nmetadata:\n  name: kafka-topic-connect\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: &lt;your-project-name&gt;\n  serviceName: kafka-sample-connect\n\n  replication: 2\n  partitions: 1\n</code></pre> <p>Next, create a file named <code>kafka-connect.yaml</code> and add the following <code>KafkaConnect</code> resource:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: KafkaConnect\nmetadata:\n  name: kafka-connect\nspec:\n  # gets the authentication token from the `aiven-token` Secret\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  # add your Project name here\n  project: &lt;your-project-name&gt;\n\n  # cloud provider and plan of your choice\n  # you can check all of the possibilities here https://aiven.io/pricing\n  cloudName: google-europe-west1\n  plan: startup-4\n\n  # general Aiven configuration\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n</code></pre> <p>Now let's create a <code>ServiceIntegration</code>. It will use the fields <code>sourceServiceName</code> and <code>destinationServiceName</code> to integrate the previously created <code>kafka-sample-connect</code> and <code>kafka-connect</code>. Open a new file named <code>service-integration-connect.yaml</code> and add the content below:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: ServiceIntegration\nmetadata:\n  name: service-integration-kafka-connect\nspec:\n\n  # gets the authentication token from the `aiven-token` Secret\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: &lt;your-project-name&gt;\n\n  # indicates the type of the integration\n  integrationType: kafka_connect\n\n  # we will send messages from the `kafka-sample-connect` to `kafka-connect`\n  sourceServiceName: kafka-sample-connect\n  destinationServiceName: kafka-connect\n</code></pre> <p>Let's add an Aiven for PostgreSQL service. It will be the service used as a sink, receiving messages from the <code>kafka-sample-connect</code> cluster. Create a file named <code>pg-sample-connect.yaml</code> with the content below:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: PostgreSQL\nmetadata:\n  name: pg-connect\nspec:\n\n  # gets the authentication token from the `aiven-token` Secret\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  # outputs the PostgreSQL connection on the `pg-connection` Secret\n  connInfoSecretTarget:\n    name: pg-connection\n\n  # add your Project name here\n  project: &lt;your-project-name&gt;\n\n  # cloud provider and plan of your choice\n  # you can check all of the possibilities here https://aiven.io/pricing\n  cloudName: google-europe-west1\n  plan: startup-4\n\n  # general Aiven configuration\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n</code></pre> <p>Finally, let's add the glue of everything: a <code>KafkaConnector</code>. As described in the specification, it will send receive messages from the <code>kafka-sample-connect</code> and send them to the <code>pg-connect</code> service. Check our official documentation for more connectors.</p> <p>Create a file named <code>kafka-connector-connect.yaml</code> and with the content below:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: KafkaConnector\nmetadata:\n  name: kafka-connector\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: &lt;your-project-name&gt;\n\n  # the Kafka cluster name\n  serviceName: kafka-sample-connect\n\n  # the connector we will be using\n  connectorClass: io.aiven.connect.jdbc.JdbcSinkConnector\n\n  userConfig:\n    auto.create: \"true\"\n\n    # constructs the pg-connect connection information\n    connection.url: 'jdbc:postgresql://{{ fromSecret \"pg-connection\" \"PGHOST\"}}:{{ fromSecret \"pg-connection\" \"PGPORT\" }}/{{ fromSecret \"pg-connection\" \"PGDATABASE\" }}'\n    connection.user: '{{ fromSecret \"pg-connection\" \"PGUSER\" }}'\n    connection.password: '{{ fromSecret \"pg-connection\" \"PGPASSWORD\" }}'\n\n    # specify which topics it will watch\n    topics: kafka-topic-connect\n\n    key.converter: org.apache.kafka.connect.json.JsonConverter\n    value.converter: org.apache.kafka.connect.json.JsonConverter\n    value.converter.schemas.enable: \"true\"\n</code></pre> <p>With all the files created, apply the new Kubernetes resources:</p> <pre><code>kubectl apply \\\n  -f kafka-sample-connect.yaml \\\n  -f kafka-connect.yaml \\\n  -f service-integration-connect.yaml \\\n  -f pg-sample-connect.yaml \\\n  -f kafka-connector-connect.yaml\n</code></pre> <p>It will take some time for all the services to be up and running. You can check their status with the following command:</p> <pre><code>kubectl get \\\n    kafkas.aiven.io/kafka-sample-connect \\\n    kafkaconnects.aiven.io/kafka-connect \\\n    postgresqls.aiven.io/pg-connect \\\n    kafkaconnectors.aiven.io/kafka-connector\n</code></pre> <p>The output is similar to the following:</p> <p><pre><code>NAME                                  PROJECT        REGION                PLAN         STATE\nkafka.aiven.io/kafka-sample-connect   your-project   google-europe-west1   business-4   RUNNING\n\nNAME                                  STATE\nkafkaconnect.aiven.io/kafka-connect   RUNNING\n\nNAME                             PROJECT        REGION                PLAN        STATE\npostgresql.aiven.io/pg-connect   your-project   google-europe-west1   startup-4   RUNNING\n\nNAME                                      SERVICE NAME           PROJECT        CONNECTOR CLASS                           STATE     TASKS TOTAL   TASKS RUNNING\nkafkaconnector.aiven.io/kafka-connector   kafka-sample-connect   your-project   io.aiven.connect.jdbc.JdbcSinkConnector   RUNNING   1             1\n</code></pre> The deployment is finished when all services have the state <code>RUNNING</code>.</p>"},{"location":"resources/kafka/connect.html#testing","title":"Testing","text":"<p>To test the connection integration, let's produce a Kafka message using kcat from within the Kubernetes cluster. We will deploy a Pod responsible for crafting a message and sending to the Kafka cluster, using the <code>kafka-auth</code> secret generate by the <code>Kafka</code> CRD.</p> <p>Create a new file named <code>kcat-connect.yaml</code> and add the content below:</p> <pre><code>apiVersion: v1\nkind: Pod\nmetadata:\n  name: kafka-message\nspec:\n  containers:\n\n  restartPolicy: Never\n    - image: edenhill/kcat:1.7.0\n      name: kcat\n\n      command: ['/bin/sh']\n      args: [\n        '-c',\n        'echo {\\\"schema\\\":{\\\"type\\\":\\\"struct\\\",\\\"fields\\\":[{ \\\"field\\\": \\\"text\\\", \\\"type\\\": \\\"string\\\", \\\"optional\\\": false } ] }, \\\"payload\\\": { \\\"text\\\": \\\"Hello World\\\" } } &gt; /tmp/msg;\n\n        kcat\n          -b $(HOST):$(PORT)\n          -X security.protocol=SSL\n          -X ssl.key.location=/kafka-auth/ACCESS_KEY\n          -X ssl.key.password=$(PASSWORD)\n          -X ssl.certificate.location=/kafka-auth/ACCESS_CERT\n          -X ssl.ca.location=/kafka-auth/CA_CERT\n          -P -t kafka-topic-connect /tmp/msg'\n      ]\n\n      envFrom:\n      - secretRef:\n          name: kafka-auth\n\n      volumeMounts:\n      - name: kafka-auth\n        mountPath: \"/kafka-auth\"\n\n  volumes:\n  - name: kafka-auth\n    secret:\n      secretName: kafka-auth\n</code></pre> <p>Apply the file with:</p> <pre><code>kubectl apply -f kcat-connect.yaml\n</code></pre> <p>The Pod will execute the commands and finish. You can confirm its <code>Completed</code> state with:</p> <pre><code>kubectl get pod kafka-message\n</code></pre> <p>The output is similar to the following:</p> <pre><code>NAME            READY   STATUS      RESTARTS   AGE\nkafka-message   0/1     Completed   0          5m35s\n</code></pre> <p>If everything went smoothly, we should have our produced message in the PostgreSQL service. Let's check that out.</p> <p>Create a file named <code>psql-connect.yaml</code> with the content below:</p> <pre><code>apiVersion: v1\nkind: Pod\nmetadata:\n  name: psql-connect\nspec:\n  restartPolicy: Never\n  containers:\n    - image: postgres:13\n      name: postgres\n      # \"kafka-topic-connect\" is the table automatically created by KafkaConnect\n      command: ['psql', '$(DATABASE_URI)', '-c', 'SELECT * from \"kafka-topic-connect\";']\n\n      envFrom:\n      - secretRef:\n          name: pg-connection\n</code></pre> <p>Apply the file with:</p> <pre><code>kubectl apply -f psql-connect.yaml\n</code></pre> <p>After a couple of seconds, inspect its log with this command: </p> <pre><code>kubectl logs psql-connect \n</code></pre> <p>The output is similar to the following: </p> <pre><code>    text     \n-------------\n Hello World\n(1 row)\n</code></pre>"},{"location":"resources/kafka/connect.html#clean-up","title":"Clean up","text":"<p>To clean up all the created resources, use the following command:</p> <pre><code>kubectl delete \\\n  -f kafka-sample-connect.yaml \\\n  -f kafka-connect.yaml \\\n  -f service-integration-connect.yaml \\\n  -f pg-sample-connect.yaml \\\n  -f kafka-connector-connect.yaml \\\n  -f kcat-connect.yaml \\\n  -f psql-connect.yaml\n</code></pre>"},{"location":"resources/kafka/schema.html","title":"Kafka Schema","text":""},{"location":"resources/kafka/schema.html#creating-a-kafkaschema","title":"Creating a <code>KafkaSchema</code>","text":"<p>Aiven develops and maintain Karapace, an open source implementation of Kafka REST and schema registry. Is available out of the box for our managed Kafka service.</p> <p>The schema registry address and authentication is the same as the Kafka broker, the only different is the usage of the port 13044.</p> <p>First, let's create an Aiven for Apache Kafka service.</p> <p>1. Create a file named <code>kafka-sample-schema.yaml</code> and add the content below:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: Kafka\nmetadata:\n  name: kafka-sample-schema\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: kafka-auth\n\n  project: &lt;your-project-name&gt;\n  cloudName: google-europe-west1\n  plan: startup-2\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n\n  userConfig:\n    kafka_version: '2.7'\n\n    # this flag enables the Schema registry\n    schema_registry: true\n</code></pre> <p>2. Apply the changes with the following command:</p> <pre><code>kubectl apply -f kafka-schema.yaml \n</code></pre> <p>Now, let's create the schema itself.</p> <p>1. Create a new file named <code>kafka-sample-schema.yaml</code> and add the YAML content below:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: KafkaSchema\nmetadata:\n  name: kafka-schema\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: &lt;your-project-name&gt;\n  serviceName: kafka-sample-schema\n\n  # the name of the Schema\n  subjectName: MySchema\n\n  # the schema itself, in JSON format\n  schema: |\n    {\n      \"type\": \"record\",\n      \"name\": \"MySchema\",\n      \"fields\": [\n        {\n          \"name\": \"field\",\n          \"type\": \"string\"\n        }\n      ]\n    }\n\n  # sets the schema compatibility level \n  compatibilityLevel: BACKWARD\n</code></pre> <p>2. Create the schema with the command:</p> <pre><code>kubectl apply -f kafka-schema.yaml\n</code></pre> <p>3. Review the resource you created with the following command:</p> <pre><code>kubectl get kafkaschemas.aiven.io kafka-schema\n</code></pre> <p>The output is similar to the following:</p> <pre><code>NAME           SERVICE NAME   PROJECT          SUBJECT    COMPATIBILITY LEVEL   VERSION\nkafka-schema   kafka-sample   &lt;your-project&gt;   MySchema   BACKWARD              1\n</code></pre> <p>Now you can follow the instructions to use a schema registry in Java on how to use the schema created.</p>"}]}
\ No newline at end of file
+{"config":{"lang":["en"],"separator":"[\\s\\-]+","pipeline":["stopWordFilter"]},"docs":[{"location":"index.html","title":"Welcome to Aiven Operator for Kubernetes","text":"<p>Provision and manage Aiven services from your Kubernetes cluster.</p>"},{"location":"index.html#what-is-aiven","title":"What is Aiven?","text":"<p>Aiven offers managed services for the best open source data technologies, on a cloud of your choice.</p> <p>We offer multiple cloud options because we believe that everyone should have access to great data platforms wherever they host their applications. Our customers tell us they love it because they know that they aren\u2019t locked in to one particular cloud platform for all their data needs.</p>"},{"location":"index.html#contributing","title":"Contributing","text":"<p>The contribution guide covers everything you need to know about how you can contribute to Aiven Operator for Kubernetes. The developer guide will help you onboard as a developer.</p>"},{"location":"authentication.html","title":"Authenticating","text":"<p>To get authenticated and authorized, set up the communication between the Aiven Operator for Kubernetes and Aiven by using a token stored in a Kubernetes secret. You can then refer to the secret name on every custom resource in the <code>authSecretRef</code> field.</p> <p>If you don't have an Aiven account yet, sign up here for a free trial. \ud83e\udd80</p> <p>1. Generate an authentication token</p> <p>Refer to our documentation article to generate your authentication token.</p> <p>2. Create the Kubernetes Secret</p> <p>The following command creates a secret named <code>aiven-token</code> with a <code>token</code> field containing the authentication token:</p> <pre><code>kubectl create secret generic aiven-token --from-literal=token=\"&lt;your-token-here&gt;\"\n</code></pre> <p>When managing your Aiven resources, we will be using the created Secret in the <code>authSecretRef</code> field. It will look like the example below:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: PostgreSQL\nmetadata:\n  name: pg-sample\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n  [ ... ]\n</code></pre> <p>Also, note that within Aiven, all resources are conceptually inside a Project. By default, a random project name is generated when you signup, but you can also create new projects.</p> <p>The Project name is required in most of the resources. It will look like the example below:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: PostgreSQL\nmetadata:\n  name: pg-sample\nspec:\n  project: &lt;your-project-name-here&gt;\n  [ ... ]\n</code></pre>"},{"location":"changelog.html","title":"Changelog","text":""},{"location":"changelog.html#v0160-2023-12-07","title":"v0.16.0 - 2023-12-07","text":"<ul> <li>Set conditions on errors: <code>Preconditions</code>, <code>CreateOrUpdate</code>, <code>Delete</code>. Thanks to @atarax</li> <li>Fix object updates lost when reconciler exits before the object is committed  </li> <li>Add <code>Kafka</code> field <code>userConfig.kafka.transaction_partition_verification_enable</code>, type <code>boolean</code>: Enable   verification that checks that the partition has been added to the transaction before writing transactional   records to the partition</li> <li>Add <code>Cassandra</code> field <code>userConfig.service_log</code>, type <code>boolean</code>: Store logs for the service so that   they are available in the HTTP API and console</li> <li>Add <code>Clickhouse</code> field <code>userConfig.service_log</code>, type <code>boolean</code>: Store logs for the service so that   they are available in the HTTP API and console</li> <li>Add <code>Grafana</code> field <code>userConfig.service_log</code>, type <code>boolean</code>: Store logs for the service so that they   are available in the HTTP API and console</li> <li>Add <code>KafkaConnect</code> field <code>userConfig.service_log</code>, type <code>boolean</code>: Store logs for the service so that   they are available in the HTTP API and console</li> <li>Add <code>Kafka</code> field <code>userConfig.kafka_rest_config.name_strategy_validation</code>, type <code>boolean</code>: If true,   validate that given schema is registered under expected subject name by the used name strategy when   producing messages</li> <li>Add <code>Kafka</code> field <code>userConfig.service_log</code>, type <code>boolean</code>: Store logs for the service so that they   are available in the HTTP API and console</li> <li>Add <code>MySQL</code> field <code>userConfig.service_log</code>, type <code>boolean</code>: Store logs for the service so that they   are available in the HTTP API and console</li> <li>Add <code>OpenSearch</code> field <code>userConfig.service_log</code>, type <code>boolean</code>: Store logs for the service so that   they are available in the HTTP API and console</li> <li>Add <code>PostgreSQL</code> field <code>userConfig.pg_qualstats</code>, type <code>object</code>: System-wide settings for the pg_qualstats   extension</li> <li>Add <code>PostgreSQL</code> field <code>userConfig.service_log</code>, type <code>boolean</code>: Store logs for the service so that   they are available in the HTTP API and console</li> <li>Add <code>Redis</code> field <code>userConfig.service_log</code>, type <code>boolean</code>: Store logs for the service so that they   are available in the HTTP API and console</li> </ul>"},{"location":"changelog.html#v0150-2023-11-17","title":"v0.15.0 - 2023-11-17","text":"<ul> <li>Upgrade to Go 1.21</li> <li>Add option to orphan resources. Thanks to @atarax</li> <li>Fix <code>ServiceIntegration</code>: do not send empty user config to the API </li> <li>Add a format for <code>string</code> type fields to the documentation</li> <li>Generate CRDs changelog</li> <li>Add <code>Clickhouse</code> field <code>userConfig.private_access.clickhouse_mysql</code>, type <code>boolean</code>: Allow clients   to connect to clickhouse_mysql with a DNS name that always resolves to the service's private IP addresses</li> <li>Add <code>Clickhouse</code> field <code>userConfig.privatelink_access.clickhouse_mysql</code>, type <code>boolean</code>: Enable clickhouse_mysql</li> <li>Add <code>Clickhouse</code> field <code>userConfig.public_access.clickhouse_mysql</code>, type <code>boolean</code>: Allow clients to   connect to clickhouse_mysql from the public internet for service nodes that are in a project VPC   or another type of private network</li> <li>Add <code>Grafana</code> field <code>userConfig.unified_alerting_enabled</code>, type <code>boolean</code>: Enable or disable Grafana   unified alerting functionality</li> <li>Add <code>Kafka</code> field <code>userConfig.aiven_kafka_topic_messages</code>, type <code>boolean</code>: Allow access to read Kafka   topic messages in the Aiven Console and REST API</li> <li>Add <code>Kafka</code> field <code>userConfig.kafka.sasl_oauthbearer_expected_audience</code>, type <code>string</code>: The (optional)   comma-delimited setting for the broker to use to verify that the JWT was issued for one of the   expected audiences</li> <li>Add <code>Kafka</code> field <code>userConfig.kafka.sasl_oauthbearer_expected_issuer</code>, type <code>string</code>: Optional setting   for the broker to use to verify that the JWT was created by the expected issuer</li> <li>Add <code>Kafka</code> field <code>userConfig.kafka.sasl_oauthbearer_jwks_endpoint_url</code>, type <code>string</code>: OIDC JWKS endpoint   URL. By setting this the SASL SSL OAuth2/OIDC authentication is enabled</li> <li>Add <code>Kafka</code> field <code>userConfig.kafka.sasl_oauthbearer_sub_claim_name</code>, type <code>string</code>: Name of the scope   from which to extract the subject claim from the JWT. Defaults to sub</li> <li>Change <code>Kafka</code> field <code>userConfig.kafka_version</code>: enum <code>[3.1, 3.3, 3.4, 3.5]</code> \u2192 <code>[3.1, 3.3, 3.4,   3.5, 3.6]</code></li> <li>Change <code>Kafka</code> field <code>userConfig.tiered_storage.local_cache.size</code>: deprecated</li> <li>Add <code>OpenSearch</code> field <code>userConfig.opensearch.indices_memory_max_index_buffer_size</code>, type <code>integer</code>:   Absolute value. Default is unbound. Doesn't work without indices.memory.index_buffer_size</li> <li>Add <code>OpenSearch</code> field <code>userConfig.opensearch.indices_memory_min_index_buffer_size</code>, type <code>integer</code>:   Absolute value. Default is 48mb. Doesn't work without indices.memory.index_buffer_size</li> <li>Change <code>OpenSearch</code> field <code>userConfig.opensearch.auth_failure_listeners.internal_authentication_backend_limiting.authentication_backend</code>:   enum <code>[internal]</code></li> <li>Change <code>OpenSearch</code> field <code>userConfig.opensearch.auth_failure_listeners.internal_authentication_backend_limiting.type</code>:   enum <code>[username]</code></li> <li>Change <code>OpenSearch</code> field <code>userConfig.opensearch.auth_failure_listeners.ip_rate_limiting.type</code>: enum <code>[ip]</code></li> <li>Change <code>OpenSearch</code> field <code>userConfig.opensearch.search_max_buckets</code>: maximum <code>65536</code> \u2192 <code>1000000</code></li> <li>Change <code>ServiceIntegration</code> field <code>kafkaMirrormaker.kafka_mirrormaker.producer_max_request_size</code>: maximum   <code>67108864</code> \u2192 <code>268435456</code></li> </ul>"},{"location":"changelog.html#v0140-2023-09-21","title":"v0.14.0 - 2023-09-21","text":"<ul> <li>Make <code>projectVpcId</code> and <code>projectVPCRef</code> mutable</li> <li>Fix panic on <code>nil</code> user config conversion</li> <li>Use aiven-go-client with context support</li> <li>Deprecate <code>Cassandra</code> kind option <code>additional_backup_regions</code></li> <li>Add <code>Grafana</code> kind option <code>auto_login</code></li> <li>Add <code>Kafka</code> kind properties <code>log_local_retention_bytes</code>, <code>log_local_retention_ms</code></li> <li>Remove <code>Kafka</code> kind option <code>remote_log_storage_system_enable</code></li> <li>Add <code>OpenSearch</code> kind option <code>auth_failure_listeners</code></li> <li>Add <code>OpenSearch</code> kind Index State Management options</li> </ul>"},{"location":"changelog.html#v0130-2023-08-18","title":"v0.13.0 - 2023-08-18","text":"<ul> <li>Add TieredStorage support to <code>Kafka</code></li> <li>Add <code>Kafka</code> version <code>3.5</code></li> <li>Add <code>Kafka</code> spec property <code>scheduled_rebalance_max_delay_ms</code></li> <li>Mark deprecated <code>Kafka</code> spec property <code>remote_log_storage_system_enable</code></li> <li>Add <code>KafkaConnect</code> spec property <code>scheduled_rebalance_max_delay_ms</code></li> <li>Add <code>OpenSearch</code> spec property <code>openid</code> </li> <li>Use updated go client with enhanced retries</li> </ul>"},{"location":"changelog.html#v0123-2023-07-13","title":"v0.12.3 - 2023-07-13","text":"<ul> <li>Expose <code>KAFKA_SCHEMA_REGISTRY_HOST</code> and <code>KAFKA_SCHEMA_REGISTRY_PORT</code> for <code>Kafka</code></li> <li>Expose <code>KAFKA_CONNECT_HOST</code>, <code>KAFKA_CONNECT_PORT</code>, <code>KAFKA_REST_HOST</code> and <code>KAFKA_REST_PORT</code> for <code>Kafka</code>. Thanks to @Dariusch</li> </ul>"},{"location":"changelog.html#v0122-2023-06-20","title":"v0.12.2 - 2023-06-20","text":"<ul> <li>Make conditions and state optional attributes of service status. Thanks to @mortenlj</li> <li>Remove deprecated <code>unclean_leader_election_enable</code> from <code>KafkaTopic</code> kind config</li> <li>Expose <code>KAFKA_SASL_PORT</code> for <code>Kafka</code> kind if <code>SASL</code> authentication method is enabled</li> <li>Add <code>redis</code> options to datadog <code>ServiceIntegration</code></li> <li>Add <code>Cassandra</code> version <code>3</code></li> <li>Add <code>Kafka</code> versions <code>3.1</code> and <code>3.4</code></li> <li>Add <code>kafka_rest_config.producer_max_request_size</code> option</li> <li>Add <code>kafka_mirrormaker.producer_compression_type</code> option</li> </ul>"},{"location":"changelog.html#v0120-2023-05-10","title":"v0.12.0 - 2023-05-10","text":"<ul> <li>Fix service tags create/update. Thanks to @mortenlj</li> <li>Add prefix name option for secrets. Thanks to @jordiclariana</li> <li>Add <code>clusterRole.create</code> option to Helm chart. Thanks to @ryaneorth</li> <li>Use kind name as default prefix for secrets to avoid collisions. Please migrate your applications before legacy names removed</li> <li>Fix secrets creation on openshift</li> <li>Add <code>OpenSearch.spec.userConfig.idp_pemtrustedcas_content</code> option.   Specifies the PEM-encoded root certificate authority (CA) content for the SAML identity provider (IdP) server verification.</li> </ul>"},{"location":"changelog.html#v0110-2023-04-25","title":"v0.11.0 - 2023-04-25","text":"<ul> <li>Add <code>ServiceIntegration</code> kind <code>SourceProjectName</code> and <code>DestinationProjectName</code> fields</li> <li>Add <code>ServiceIntegration</code> fields <code>MaxLength</code> validation</li> <li>Add <code>ServiceIntegration</code> validation: multiple user configs cannot be set</li> <li>Fix <code>ServiceIntegration</code>, should not require <code>destinationServiceName</code> or <code>sourceEndpointID</code> field</li> <li>Fix <code>ServiceIntegration</code>, add missing <code>external_aws_cloudwatch_metrics</code> type config serialization</li> <li>Update <code>ServiceIntegration</code> integration type list</li> <li>Add <code>annotations</code> and <code>labels</code> fields to <code>connInfoSecretTarget</code></li> <li>Allow to disable capabilities check to install webhooks. Thanks to @amstee</li> <li>Set <code>OpenSearch.spec.userConfig.opensearch.search_max_buckets</code> maximum to <code>65536</code></li> </ul>"},{"location":"changelog.html#v0100-2023-04-17","title":"v0.10.0 - 2023-04-17","text":"<ul> <li>Mark service <code>plan</code> as a required field</li> <li>Add <code>minumim</code>, <code>maximum</code> validations for <code>number</code> type</li> <li>Move helm charts to the operator repository</li> <li>Add helm charts generator</li> <li>Remove <code>ip_filter</code> backward compatability</li> <li>Fix deletion errors omitted</li> <li>Add service integration <code>clickhouseKafka.tables.data_format-property</code> enum <code>RawBLOB</code> value</li> <li>Update OpenSearch <code>userConfig.opensearch.email_sender_username</code> validation pattern</li> <li>Add Kafka <code>log_cleaner_min_cleanable_ratio</code> minimum and maximum validation rules</li> <li>Remove Kafka version <code>3.2</code>, reached EOL</li> <li>Remove PostgreSQL version <code>10</code>, reached EOL</li> <li>Explicitly delete <code>ProjectVPC</code> by <code>ID</code> to avoid conflicts </li> <li>Speed up <code>ProjectVPC</code> deletion by exiting on <code>DELETING</code> status</li> <li>Fix missing RBAC permissions to update finalizers for various controllers </li> <li>Refactor <code>ClickhouseUser</code> controller</li> <li>Mark <code>ClickhouseUser.spec.project</code> and <code>ClickhouseUser.spec.serviceName</code> as immutable</li> <li>Remove deprecated service integration type <code>signalfx</code></li> <li>Add build version to the Aiven client user-agent</li> </ul>"},{"location":"changelog.html#v090-2023-03-03","title":"v0.9.0 - 2023-03-03","text":"<ul> <li><code>AuthSecretRef</code> fields marked as required</li> <li>Generate user configs for existing service integrations: <code>datadog</code>, <code>kafka_connect</code>, <code>kafka_logs</code>, <code>metrics</code></li> <li>Add new service integrations: <code>clickhouse_postgresql</code>, <code>clickhouse_kafka</code>, <code>clickhouse_kafka</code>, <code>logs</code>, <code>external_aws_cloudwatch_metrics</code></li> <li>Add <code>KafkaTopic.Spec.topicName</code> field. Unlike the <code>metadata.name</code>, supports additional characters and has a longer length.   <code>KafkaTopic.Spec.topicName</code> replaces <code>metadata.name</code> in future releases and will be marked as required.</li> <li>Accept <code>false</code> value for <code>termination_protection</code> property</li> <li>Fix <code>min_cleanable_dirty_ratio</code>. Thanks to @TV2rd</li> </ul>"},{"location":"changelog.html#v080-2023-02-15","title":"v0.8.0 - 2023-02-15","text":"<p>Important: This release brings breaking changes to the <code>userConfig</code> property. After new charts are installed, update your existing instances manually using the <code>kubectl edit</code> command according to the API reference.</p> <p>Note: It is now recommended to disable webhooks for Kubernetes version 1.25 and higher, as native CRD validation rules are used.</p> <ul> <li>Breaking change: <code>ip_filter</code> field is now of <code>object</code> type</li> <li>Breaking change: Update user configs for following kinds: PostgreSQL, Kafka, KafkaConnect, Redis, Clickhouse, OpenSearch</li> <li>Add CRD validation rules for immutable fields</li> <li>Add user config field validations (enum, minimum, maximum, minLength, and others)</li> <li>Add <code>serviceIntegrations</code> on service types. Only the <code>read_replica</code> type is available.</li> <li>Add KafkaTopic <code>min_cleanable_dirty_ratio</code> config field support</li> <li>Add Clickhouse <code>spec.disk_space</code> property</li> <li>Use updated aiven-go-client with retries</li> <li>Add <code>linux/amd64</code> build. Thanks to @christoffer-eide</li> </ul>"},{"location":"changelog.html#v071-2023-01-24","title":"v0.7.1 - 2023-01-24","text":"<ul> <li>Add Cassandra Kind</li> <li>Add Grafana Kind</li> <li>Recreate Kafka ACL if modified.    Note: Modification of ACL created prior to v0.5.1 won't delete existing instance at Aiven.   It must be deleted manually.</li> <li>Fix MySQL webhook</li> </ul>"},{"location":"changelog.html#v060-2023-01-16","title":"v0.6.0 - 2023-01-16","text":"<ul> <li>Remove <code>never</code> from choices of maintenance dow</li> <li>Add <code>development</code> flag to configure logger's behavior</li> <li>Add user config generator (see <code>make generate-user-configs</code>)</li> <li>Add <code>genericServiceHandler</code> to generalize service management </li> <li>Add MySQL Kind</li> </ul>"},{"location":"changelog.html#v052-2022-12-09","title":"v0.5.2 - 2022-12-09","text":"<ul> <li>Fix deployment release manifest generation</li> </ul>"},{"location":"changelog.html#v051-2022-11-28","title":"v0.5.1 - 2022-11-28","text":"<ul> <li>Fix <code>KafkaACL</code> deletion</li> </ul>"},{"location":"changelog.html#v050-2022-11-27","title":"v0.5.0 - 2022-11-27","text":"<ul> <li>Add ability to link resources through the references</li> <li>Add <code>ProjectVPCRef</code> property to <code>Kafka</code>, <code>OpenSearch</code>, <code>Clickhouse</code> and <code>Redis</code> kinds   to get <code>ProjectVPC</code> ID when resource is ready</li> <li>Improve <code>ProjectVPC</code> deletion, deletes by ID first if possible, then tries by name</li> <li>Fix <code>client.Object</code> storage update data loss</li> </ul>"},{"location":"changelog.html#v040-2022-08-04","title":"v0.4.0 - 2022-08-04","text":"<ul> <li>Upgrade to Go 1.18</li> <li>Add support for connection pull incoming user</li> <li>Fix typo on config/samples/kafka disk_space</li> <li>Add tags support for project and service resources</li> <li>Enable termination protection</li> </ul>"},{"location":"changelog.html#v020-2021-11-17","title":"v0.2.0 - 2021-11-17","text":"<p>features: * add Redis CRD</p> <p>improvements: * watch CRDs to reconcile token secrets</p> <p>fixes: * fix RBACs of KafkaACL CRD</p>"},{"location":"changelog.html#v011-2021-09-13","title":"v0.1.1 - 2021-09-13","text":"<p>improvements: * update helm installation docs</p> <p>fixes: * fix typo in a kafka-connector kuttl test</p>"},{"location":"changelog.html#v010-2021-09-10","title":"v0.1.0 - 2021-09-10","text":"<p>features: * initial release</p>"},{"location":"troubleshooting.html","title":"Troubleshooting","text":""},{"location":"troubleshooting.html#verifying-operator-status","title":"Verifying operator status","text":"<p>Use the following checks to help you troubleshoot the Aiven Operator for Kubernetes.</p>"},{"location":"troubleshooting.html#checking-the-pods","title":"Checking the Pods","text":"<p>Verify that all the operator Pods are <code>READY</code>, and the <code>STATUS</code> is <code>Running</code>.</p> <pre><code>kubectl get pod -n aiven-operator-system\n</code></pre> <p>The output is similar to the following:</p> <pre><code>NAME                                                            READY   STATUS    RESTARTS   AGE\naiven-operator-controller-manager-576d944499-ggttj   1/1     Running   0          12m\n</code></pre> <p>Verify that the <code>cert-manager</code> Pods are also running.</p> <pre><code>kubectl get pod -n cert-manager\n</code></pre> <p>The output has the status:</p> <pre><code>NAME                                       READY   STATUS    RESTARTS   AGE\ncert-manager-7dd5854bb4-85cpv              1/1     Running   0          76s\ncert-manager-cainjector-64c949654c-n2z8l   1/1     Running   0          77s\ncert-manager-webhook-6bdffc7c9d-47w6z      1/1     Running   0          76s\n</code></pre>"},{"location":"troubleshooting.html#visualizing-the-operator-logs","title":"Visualizing the operator logs","text":"<p>Use the following command to visualize all the logs from the operator.</p> <pre><code>kubectl logs -n aiven-operator-system -l control-plane=controller-manager\n</code></pre>"},{"location":"troubleshooting.html#verifing-the-operator-version","title":"Verifing the operator version","text":"<pre><code>kubectl get pod -n aiven-operator-system -l control-plane=controller-manager -o jsonpath=\"{.items[0].spec.containers[0].image}\"\n</code></pre>"},{"location":"troubleshooting.html#known-issues-and-limitations","title":"Known issues and limitations","text":"<p>We're always working to resolve problems that pop up in Aiven products. If your problem is listed below, we know about it and are working to fix it. If your problem isn't listed below, report it as an issue.</p>"},{"location":"troubleshooting.html#cert-manager","title":"cert-manager","text":""},{"location":"troubleshooting.html#issue","title":"Issue","text":"<p>The following event appears on the operator Pod:</p> <pre><code>MountVolume.SetUp failed for volume \"cert\" : secret \"webhook-server-cert\" not found\n</code></pre>"},{"location":"troubleshooting.html#impact","title":"Impact","text":"<p>You cannot run the operator.</p>"},{"location":"troubleshooting.html#solution","title":"Solution","text":"<p>Make sure that cert-manager is up and running.</p> <pre><code>kubectl get pod -n cert-manager\n</code></pre> <p>The output shows the status of each cert-manager:</p> <pre><code>NAME                                       READY   STATUS    RESTARTS   AGE\ncert-manager-7dd5854bb4-85cpv              1/1     Running   0          76s\ncert-manager-cainjector-64c949654c-n2z8l   1/1     Running   0          77s\ncert-manager-webhook-6bdffc7c9d-47w6z      1/1     Running   0          76s\n</code></pre>"},{"location":"api-reference/index.html","title":"aiven.io/v1alpha1","text":"<p>Autogenerated from CRD files.</p>"},{"location":"api-reference/cassandra.html","title":"Cassandra","text":""},{"location":"api-reference/cassandra.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: Cassandra\nmetadata:\n  name: my-cassandra\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: cassandra-secret\n    prefix: MY_SECRET_PREFIX_\n    annotations:\n      foo: bar\n    labels:\n      baz: egg\n\n  project: aiven-project-name\n  cloudName: google-europe-west1\n  plan: startup-4\n\n  maintenanceWindowDow: sunday\n  maintenanceWindowTime: 11:00:00\n\n  userConfig:\n    migrate_sstableloader: true\n    public_access:\n      prometheus: true\n    ip_filter:\n      - network: 0.0.0.0\n        description: whatever\n      - network: 10.20.0.0/16\n</code></pre>"},{"location":"api-reference/cassandra.html#Cassandra","title":"Cassandra","text":"<p>Cassandra is the Schema for the cassandras API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>Cassandra</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). CassandraSpec defines the desired state of Cassandra. See below for nested schema.</li> </ul>"},{"location":"api-reference/cassandra.html#spec","title":"spec","text":"<p>Appears on <code>Cassandra</code>.</p> <p>CassandraSpec defines the desired state of Cassandra.</p> <p>Required</p> <ul> <li><code>plan</code> (string, MaxLength: 128). Subscription plan.</li> <li><code>project</code> (string, Immutable, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Target project.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>cloudName</code> (string, MaxLength: 256). Cloud the service runs in.</li> <li><code>connInfoSecretTarget</code> (object). Information regarding secret creation. Exposed keys: <code>CASSANDRA_HOST</code>, <code>CASSANDRA_PORT</code>, <code>CASSANDRA_USER</code>, <code>CASSANDRA_PASSWORD</code>, <code>CASSANDRA_URI</code>, <code>CASSANDRA_HOSTS</code>. See below for nested schema.</li> <li><code>disk_space</code> (string, Format: <code>^[1-9][0-9]*(GiB|G)*</code>). The disk space of the service, possible values depend on the service type, the cloud provider and the project. Reducing will result in the service re-balancing.</li> <li><code>maintenanceWindowDow</code> (string, Enum: <code>monday</code>, <code>tuesday</code>, <code>wednesday</code>, <code>thursday</code>, <code>friday</code>, <code>saturday</code>, <code>sunday</code>). Day of week when maintenance operations should be performed. One monday, tuesday, wednesday, etc.</li> <li><code>maintenanceWindowTime</code> (string, MaxLength: 8). Time of day when maintenance operations should be performed. UTC time in HH:mm:ss format.</li> <li><code>projectVPCRef</code> (object). ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically. See below for nested schema.</li> <li><code>projectVpcId</code> (string, MaxLength: 36). Identifier of the VPC the service should be in, if any.</li> <li><code>serviceIntegrations</code> (array of objects, Immutable, MaxItems: 1). Service integrations to specify when creating a service. Not applied after initial service creation. See below for nested schema.</li> <li><code>tags</code> (object, AdditionalProperties: string). Tags are key-value pairs that allow you to categorize services.</li> <li><code>terminationProtection</code> (boolean). Prevent service from being deleted. It is recommended to have this enabled for all services.</li> <li><code>userConfig</code> (object). Cassandra specific user configuration options. See below for nested schema.</li> </ul>"},{"location":"api-reference/cassandra.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/cassandra.html#spec.connInfoSecretTarget","title":"connInfoSecretTarget","text":"<p>Appears on <code>spec</code>.</p> <p>Information regarding secret creation. Exposed keys: <code>CASSANDRA_HOST</code>, <code>CASSANDRA_PORT</code>, <code>CASSANDRA_USER</code>, <code>CASSANDRA_PASSWORD</code>, <code>CASSANDRA_URI</code>, <code>CASSANDRA_HOSTS</code>.</p> <p>Required</p> <ul> <li><code>name</code> (string). Name of the secret resource to be created. By default, is equal to the resource name.</li> </ul> <p>Optional</p> <ul> <li><code>annotations</code> (object, AdditionalProperties: string). Annotations added to the secret.</li> <li><code>labels</code> (object, AdditionalProperties: string). Labels added to the secret.</li> <li><code>prefix</code> (string). Prefix for the secret's keys. Added \"as is\" without any transformations. By default, is equal to the kind name in uppercase + underscore, e.g. <code>KAFKA_</code>, <code>REDIS_</code>, etc.</li> </ul>"},{"location":"api-reference/cassandra.html#spec.projectVPCRef","title":"projectVPCRef","text":"<p>Appears on <code>spec</code>.</p> <p>ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically.</p> <p>Required</p> <ul> <li><code>name</code> (string, MinLength: 1). </li> </ul> <p>Optional</p> <ul> <li><code>namespace</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/cassandra.html#spec.serviceIntegrations","title":"serviceIntegrations","text":"<p>Appears on <code>spec</code>.</p> <p>Service integrations to specify when creating a service. Not applied after initial service creation.</p> <p>Required</p> <ul> <li><code>integrationType</code> (string, Enum: <code>read_replica</code>). </li> <li><code>sourceServiceName</code> (string, MinLength: 1, MaxLength: 64). </li> </ul>"},{"location":"api-reference/cassandra.html#spec.userConfig","title":"userConfig","text":"<p>Appears on <code>spec</code>.</p> <p>Cassandra specific user configuration options.</p> <p>Optional</p> <ul> <li><code>additional_backup_regions</code> (array of strings, MaxItems: 1). Deprecated. Additional Cloud Regions for Backup Replication.</li> <li><code>backup_hour</code> (integer, Minimum: 0, Maximum: 23). The hour of day (in UTC) when backup for the service is started. New backup is only started if previous backup has already completed.</li> <li><code>backup_minute</code> (integer, Minimum: 0, Maximum: 59). The minute of an hour when backup for the service is started. New backup is only started if previous backup has already completed.</li> <li><code>cassandra</code> (object). cassandra configuration values. See below for nested schema.</li> <li><code>cassandra_version</code> (string, Enum: <code>4</code>, <code>3</code>). Cassandra major version.</li> <li><code>ip_filter</code> (array of objects, MaxItems: 1024). Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>. See below for nested schema.</li> <li><code>migrate_sstableloader</code> (boolean). Sets the service into migration mode enabling the sstableloader utility to be used to upload Cassandra data files. Available only on service create.</li> <li><code>private_access</code> (object). Allow access to selected service ports from private networks. See below for nested schema.</li> <li><code>project_to_fork_from</code> (string, Immutable, MaxLength: 63). Name of another project to fork a service from. This has effect only when a new service is being created.</li> <li><code>public_access</code> (object). Allow access to selected service ports from the public Internet. See below for nested schema.</li> <li><code>service_log</code> (boolean). Store logs for the service so that they are available in the HTTP API and console.</li> <li><code>service_to_fork_from</code> (string, Immutable, MaxLength: 64). Name of another service to fork from. This has effect only when a new service is being created.</li> <li><code>service_to_join_with</code> (string, MaxLength: 64). When bootstrapping, instead of creating a new Cassandra cluster try to join an existing one from another service. Can only be set on service creation.</li> <li><code>static_ips</code> (boolean). Use static public IP addresses.</li> </ul>"},{"location":"api-reference/cassandra.html#spec.userConfig.cassandra","title":"cassandra","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>cassandra configuration values.</p> <p>Optional</p> <ul> <li><code>batch_size_fail_threshold_in_kb</code> (integer, Minimum: 1, Maximum: 1000000). Fail any multiple-partition batch exceeding this value. 50kb (10x warn threshold) by default.</li> <li><code>batch_size_warn_threshold_in_kb</code> (integer, Minimum: 1, Maximum: 1000000). Log a warning message on any multiple-partition batch size exceeding this value.5kb per batch by default.Caution should be taken on increasing the size of this thresholdas it can lead to node instability.</li> <li><code>datacenter</code> (string, MaxLength: 128). Name of the datacenter to which nodes of this service belong. Can be set only when creating the service.</li> </ul>"},{"location":"api-reference/cassandra.html#spec.userConfig.ip_filter","title":"ip_filter","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>.</p> <p>Required</p> <ul> <li><code>network</code> (string, MaxLength: 43). CIDR address block.</li> </ul> <p>Optional</p> <ul> <li><code>description</code> (string, MaxLength: 1024). Description for IP filter list entry.</li> </ul>"},{"location":"api-reference/cassandra.html#spec.userConfig.private_access","title":"private_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from private networks.</p> <p>Required</p> <ul> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> </ul>"},{"location":"api-reference/cassandra.html#spec.userConfig.public_access","title":"public_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from the public Internet.</p> <p>Required</p> <ul> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus from the public internet for service nodes that are in a project VPC or another type of private network.</li> </ul>"},{"location":"api-reference/clickhouse.html","title":"Clickhouse","text":""},{"location":"api-reference/clickhouse.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: Clickhouse\nmetadata:\n  name: my-clickhouse\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: clickhouse-secret\n    prefix: MY_SECRET_PREFIX_\n    annotations:\n      foo: bar\n    labels:\n      baz: egg\n\n  project: my-aiven-project\n  cloudName: google-europe-west1\n  plan: startup-16\n\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n</code></pre>"},{"location":"api-reference/clickhouse.html#Clickhouse","title":"Clickhouse","text":"<p>Clickhouse is the Schema for the clickhouses API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>Clickhouse</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). ClickhouseSpec defines the desired state of Clickhouse. See below for nested schema.</li> </ul>"},{"location":"api-reference/clickhouse.html#spec","title":"spec","text":"<p>Appears on <code>Clickhouse</code>.</p> <p>ClickhouseSpec defines the desired state of Clickhouse.</p> <p>Required</p> <ul> <li><code>plan</code> (string, MaxLength: 128). Subscription plan.</li> <li><code>project</code> (string, Immutable, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Target project.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>cloudName</code> (string, MaxLength: 256). Cloud the service runs in.</li> <li><code>connInfoSecretTarget</code> (object). Information regarding secret creation. Exposed keys: <code>CLICKHOUSE_HOST</code>, <code>CLICKHOUSE_PORT</code>, <code>CLICKHOUSE_USER</code>, <code>CLICKHOUSE_PASSWORD</code>. See below for nested schema.</li> <li><code>disk_space</code> (string, Format: <code>^[1-9][0-9]*(GiB|G)*</code>). The disk space of the service, possible values depend on the service type, the cloud provider and the project. Reducing will result in the service re-balancing.</li> <li><code>maintenanceWindowDow</code> (string, Enum: <code>monday</code>, <code>tuesday</code>, <code>wednesday</code>, <code>thursday</code>, <code>friday</code>, <code>saturday</code>, <code>sunday</code>). Day of week when maintenance operations should be performed. One monday, tuesday, wednesday, etc.</li> <li><code>maintenanceWindowTime</code> (string, MaxLength: 8). Time of day when maintenance operations should be performed. UTC time in HH:mm:ss format.</li> <li><code>projectVPCRef</code> (object). ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically. See below for nested schema.</li> <li><code>projectVpcId</code> (string, MaxLength: 36). Identifier of the VPC the service should be in, if any.</li> <li><code>serviceIntegrations</code> (array of objects, Immutable, MaxItems: 1). Service integrations to specify when creating a service. Not applied after initial service creation. See below for nested schema.</li> <li><code>tags</code> (object, AdditionalProperties: string). Tags are key-value pairs that allow you to categorize services.</li> <li><code>terminationProtection</code> (boolean). Prevent service from being deleted. It is recommended to have this enabled for all services.</li> <li><code>userConfig</code> (object). OpenSearch specific user configuration options. See below for nested schema.</li> </ul>"},{"location":"api-reference/clickhouse.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/clickhouse.html#spec.connInfoSecretTarget","title":"connInfoSecretTarget","text":"<p>Appears on <code>spec</code>.</p> <p>Information regarding secret creation. Exposed keys: <code>CLICKHOUSE_HOST</code>, <code>CLICKHOUSE_PORT</code>, <code>CLICKHOUSE_USER</code>, <code>CLICKHOUSE_PASSWORD</code>.</p> <p>Required</p> <ul> <li><code>name</code> (string). Name of the secret resource to be created. By default, is equal to the resource name.</li> </ul> <p>Optional</p> <ul> <li><code>annotations</code> (object, AdditionalProperties: string). Annotations added to the secret.</li> <li><code>labels</code> (object, AdditionalProperties: string). Labels added to the secret.</li> <li><code>prefix</code> (string). Prefix for the secret's keys. Added \"as is\" without any transformations. By default, is equal to the kind name in uppercase + underscore, e.g. <code>KAFKA_</code>, <code>REDIS_</code>, etc.</li> </ul>"},{"location":"api-reference/clickhouse.html#spec.projectVPCRef","title":"projectVPCRef","text":"<p>Appears on <code>spec</code>.</p> <p>ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically.</p> <p>Required</p> <ul> <li><code>name</code> (string, MinLength: 1). </li> </ul> <p>Optional</p> <ul> <li><code>namespace</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/clickhouse.html#spec.serviceIntegrations","title":"serviceIntegrations","text":"<p>Appears on <code>spec</code>.</p> <p>Service integrations to specify when creating a service. Not applied after initial service creation.</p> <p>Required</p> <ul> <li><code>integrationType</code> (string, Enum: <code>read_replica</code>). </li> <li><code>sourceServiceName</code> (string, MinLength: 1, MaxLength: 64). </li> </ul>"},{"location":"api-reference/clickhouse.html#spec.userConfig","title":"userConfig","text":"<p>Appears on <code>spec</code>.</p> <p>OpenSearch specific user configuration options.</p> <p>Optional</p> <ul> <li><code>additional_backup_regions</code> (array of strings, MaxItems: 1). Additional Cloud Regions for Backup Replication.</li> <li><code>ip_filter</code> (array of objects, MaxItems: 1024). Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>. See below for nested schema.</li> <li><code>private_access</code> (object). Allow access to selected service ports from private networks. See below for nested schema.</li> <li><code>privatelink_access</code> (object). Allow access to selected service components through Privatelink. See below for nested schema.</li> <li><code>project_to_fork_from</code> (string, Immutable, MaxLength: 63). Name of another project to fork a service from. This has effect only when a new service is being created.</li> <li><code>public_access</code> (object). Allow access to selected service ports from the public Internet. See below for nested schema.</li> <li><code>service_log</code> (boolean). Store logs for the service so that they are available in the HTTP API and console.</li> <li><code>service_to_fork_from</code> (string, Immutable, MaxLength: 64). Name of another service to fork from. This has effect only when a new service is being created.</li> <li><code>static_ips</code> (boolean). Use static public IP addresses.</li> </ul>"},{"location":"api-reference/clickhouse.html#spec.userConfig.ip_filter","title":"ip_filter","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>.</p> <p>Required</p> <ul> <li><code>network</code> (string, MaxLength: 43). CIDR address block.</li> </ul> <p>Optional</p> <ul> <li><code>description</code> (string, MaxLength: 1024). Description for IP filter list entry.</li> </ul>"},{"location":"api-reference/clickhouse.html#spec.userConfig.private_access","title":"private_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from private networks.</p> <p>Optional</p> <ul> <li><code>clickhouse</code> (boolean). Allow clients to connect to clickhouse with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> <li><code>clickhouse_https</code> (boolean). Allow clients to connect to clickhouse_https with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> <li><code>clickhouse_mysql</code> (boolean). Allow clients to connect to clickhouse_mysql with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> </ul>"},{"location":"api-reference/clickhouse.html#spec.userConfig.privatelink_access","title":"privatelink_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service components through Privatelink.</p> <p>Optional</p> <ul> <li><code>clickhouse</code> (boolean). Enable clickhouse.</li> <li><code>clickhouse_https</code> (boolean). Enable clickhouse_https.</li> <li><code>clickhouse_mysql</code> (boolean). Enable clickhouse_mysql.</li> <li><code>prometheus</code> (boolean). Enable prometheus.</li> </ul>"},{"location":"api-reference/clickhouse.html#spec.userConfig.public_access","title":"public_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from the public Internet.</p> <p>Optional</p> <ul> <li><code>clickhouse</code> (boolean). Allow clients to connect to clickhouse from the public internet for service nodes that are in a project VPC or another type of private network.</li> <li><code>clickhouse_https</code> (boolean). Allow clients to connect to clickhouse_https from the public internet for service nodes that are in a project VPC or another type of private network.</li> <li><code>clickhouse_mysql</code> (boolean). Allow clients to connect to clickhouse_mysql from the public internet for service nodes that are in a project VPC or another type of private network.</li> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus from the public internet for service nodes that are in a project VPC or another type of private network.</li> </ul>"},{"location":"api-reference/clickhouseuser.html","title":"ClickhouseUser","text":""},{"location":"api-reference/clickhouseuser.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: ClickhouseUser\nmetadata:\n  name: my-clickhouse-user\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: clickhouse-user-secret\n    prefix: MY_SECRET_PREFIX_\n    annotations:\n      foo: bar\n    labels:\n      baz: egg\n\n  project: my-aiven-project\n  serviceName: my-clickhouse\n</code></pre>"},{"location":"api-reference/clickhouseuser.html#ClickhouseUser","title":"ClickhouseUser","text":"<p>ClickhouseUser is the Schema for the clickhouseusers API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>ClickhouseUser</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). ClickhouseUserSpec defines the desired state of ClickhouseUser. See below for nested schema.</li> </ul>"},{"location":"api-reference/clickhouseuser.html#spec","title":"spec","text":"<p>Appears on <code>ClickhouseUser</code>.</p> <p>ClickhouseUserSpec defines the desired state of ClickhouseUser.</p> <p>Required</p> <ul> <li><code>project</code> (string, Immutable, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Project to link the user to.</li> <li><code>serviceName</code> (string, Immutable, MaxLength: 63). Service to link the user to.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>connInfoSecretTarget</code> (object). Information regarding secret creation. Exposed keys: <code>CLICKHOUSEUSER_HOST</code>, <code>CLICKHOUSEUSER_PORT</code>, <code>CLICKHOUSEUSER_USER</code>, <code>CLICKHOUSEUSER_PASSWORD</code>. See below for nested schema.</li> </ul>"},{"location":"api-reference/clickhouseuser.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/clickhouseuser.html#spec.connInfoSecretTarget","title":"connInfoSecretTarget","text":"<p>Appears on <code>spec</code>.</p> <p>Information regarding secret creation. Exposed keys: <code>CLICKHOUSEUSER_HOST</code>, <code>CLICKHOUSEUSER_PORT</code>, <code>CLICKHOUSEUSER_USER</code>, <code>CLICKHOUSEUSER_PASSWORD</code>.</p> <p>Required</p> <ul> <li><code>name</code> (string). Name of the secret resource to be created. By default, is equal to the resource name.</li> </ul> <p>Optional</p> <ul> <li><code>annotations</code> (object, AdditionalProperties: string). Annotations added to the secret.</li> <li><code>labels</code> (object, AdditionalProperties: string). Labels added to the secret.</li> <li><code>prefix</code> (string). Prefix for the secret's keys. Added \"as is\" without any transformations. By default, is equal to the kind name in uppercase + underscore, e.g. <code>KAFKA_</code>, <code>REDIS_</code>, etc.</li> </ul>"},{"location":"api-reference/connectionpool.html","title":"ConnectionPool","text":""},{"location":"api-reference/connectionpool.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: ConnectionPool\nmetadata:\n  name: my-connection-pool\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: connection-pool-secret\n    prefix: MY_SECRET_PREFIX_\n    annotations:\n      foo: bar\n    labels:\n      baz: egg\n\n  project: aiven-project-name\n  serviceName: google-europe-west1\n  databaseName: my-db\n  username: my-user\n  poolMode: transaction\n  poolSize: 25\n</code></pre>"},{"location":"api-reference/connectionpool.html#ConnectionPool","title":"ConnectionPool","text":"<p>ConnectionPool is the Schema for the connectionpools API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>ConnectionPool</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). ConnectionPoolSpec defines the desired state of ConnectionPool. See below for nested schema.</li> </ul>"},{"location":"api-reference/connectionpool.html#spec","title":"spec","text":"<p>Appears on <code>ConnectionPool</code>.</p> <p>ConnectionPoolSpec defines the desired state of ConnectionPool.</p> <p>Required</p> <ul> <li><code>databaseName</code> (string, MaxLength: 40). Name of the database the pool connects to.</li> <li><code>project</code> (string, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Target project.</li> <li><code>serviceName</code> (string, MaxLength: 63). Service name.</li> <li><code>username</code> (string, MaxLength: 64). Name of the service user used to connect to the database.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>connInfoSecretTarget</code> (object). Information regarding secret creation. Exposed keys: <code>CONNECTIONPOOL_HOST</code>, <code>CONNECTIONPOOL_PORT</code>, <code>CONNECTIONPOOL_DATABASE</code>, <code>CONNECTIONPOOL_USER</code>, <code>CONNECTIONPOOL_PASSWORD</code>, <code>CONNECTIONPOOL_SSLMODE</code>, <code>CONNECTIONPOOL_DATABASE_URI</code>. See below for nested schema.</li> <li><code>poolMode</code> (string, Enum: <code>session</code>, <code>transaction</code>, <code>statement</code>). Mode the pool operates in (session, transaction, statement).</li> <li><code>poolSize</code> (integer). Number of connections the pool may create towards the backend server.</li> </ul>"},{"location":"api-reference/connectionpool.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/connectionpool.html#spec.connInfoSecretTarget","title":"connInfoSecretTarget","text":"<p>Appears on <code>spec</code>.</p> <p>Information regarding secret creation. Exposed keys: <code>CONNECTIONPOOL_HOST</code>, <code>CONNECTIONPOOL_PORT</code>, <code>CONNECTIONPOOL_DATABASE</code>, <code>CONNECTIONPOOL_USER</code>, <code>CONNECTIONPOOL_PASSWORD</code>, <code>CONNECTIONPOOL_SSLMODE</code>, <code>CONNECTIONPOOL_DATABASE_URI</code>.</p> <p>Required</p> <ul> <li><code>name</code> (string). Name of the secret resource to be created. By default, is equal to the resource name.</li> </ul> <p>Optional</p> <ul> <li><code>annotations</code> (object, AdditionalProperties: string). Annotations added to the secret.</li> <li><code>labels</code> (object, AdditionalProperties: string). Labels added to the secret.</li> <li><code>prefix</code> (string). Prefix for the secret's keys. Added \"as is\" without any transformations. By default, is equal to the kind name in uppercase + underscore, e.g. <code>KAFKA_</code>, <code>REDIS_</code>, etc.</li> </ul>"},{"location":"api-reference/database.html","title":"Database","text":""},{"location":"api-reference/database.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: Database\nmetadata:\n  name: my-db\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: aiven-project-name\n  serviceName: google-europe-west1\n\n  lcCtype: en_US.UTF-8\n  lcCollate: en_US.UTF-8\n</code></pre>"},{"location":"api-reference/database.html#Database","title":"Database","text":"<p>Database is the Schema for the databases API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>Database</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). DatabaseSpec defines the desired state of Database. See below for nested schema.</li> </ul>"},{"location":"api-reference/database.html#spec","title":"spec","text":"<p>Appears on <code>Database</code>.</p> <p>DatabaseSpec defines the desired state of Database.</p> <p>Required</p> <ul> <li><code>project</code> (string, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Project to link the database to.</li> <li><code>serviceName</code> (string, MaxLength: 63). PostgreSQL service to link the database to.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>lcCollate</code> (string, MaxLength: 128). Default string sort order (LC_COLLATE) of the database. Default value: en_US.UTF-8.</li> <li><code>lcCtype</code> (string, MaxLength: 128). Default character classification (LC_CTYPE) of the database. Default value: en_US.UTF-8.</li> <li><code>terminationProtection</code> (boolean). It is a Kubernetes side deletion protections, which prevents the database from being deleted by Kubernetes. It is recommended to enable this for any production databases containing critical data.</li> </ul>"},{"location":"api-reference/database.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/grafana.html","title":"Grafana","text":""},{"location":"api-reference/grafana.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: Grafana\nmetadata:\n  name: my-grafana\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: grafana-secret\n    prefix: MY_SECRET_PREFIX_\n    annotations:\n      foo: bar\n    labels:\n      baz: egg\n\n  project: my-aiven-project\n  cloudName: google-europe-west1\n  plan: startup-1\n\n  maintenanceWindowDow: sunday\n  maintenanceWindowTime: 11:00:00\n\n  userConfig:\n    public_access:\n      grafana: true\n    ip_filter:\n      - network: 0.0.0.0\n        description: whatever\n      - network: 10.20.0.0/16\n</code></pre>"},{"location":"api-reference/grafana.html#Grafana","title":"Grafana","text":"<p>Grafana is the Schema for the grafanas API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>Grafana</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). GrafanaSpec defines the desired state of Grafana. See below for nested schema.</li> </ul>"},{"location":"api-reference/grafana.html#spec","title":"spec","text":"<p>Appears on <code>Grafana</code>.</p> <p>GrafanaSpec defines the desired state of Grafana.</p> <p>Required</p> <ul> <li><code>plan</code> (string, MaxLength: 128). Subscription plan.</li> <li><code>project</code> (string, Immutable, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Target project.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>cloudName</code> (string, MaxLength: 256). Cloud the service runs in.</li> <li><code>connInfoSecretTarget</code> (object). Information regarding secret creation. Exposed keys: <code>GRAFANA_HOST</code>, <code>GRAFANA_PORT</code>, <code>GRAFANA_USER</code>, <code>GRAFANA_PASSWORD</code>, <code>GRAFANA_URI</code>, <code>GRAFANA_HOSTS</code>. See below for nested schema.</li> <li><code>disk_space</code> (string, Format: <code>^[1-9][0-9]*(GiB|G)*</code>). The disk space of the service, possible values depend on the service type, the cloud provider and the project. Reducing will result in the service re-balancing.</li> <li><code>maintenanceWindowDow</code> (string, Enum: <code>monday</code>, <code>tuesday</code>, <code>wednesday</code>, <code>thursday</code>, <code>friday</code>, <code>saturday</code>, <code>sunday</code>). Day of week when maintenance operations should be performed. One monday, tuesday, wednesday, etc.</li> <li><code>maintenanceWindowTime</code> (string, MaxLength: 8). Time of day when maintenance operations should be performed. UTC time in HH:mm:ss format.</li> <li><code>projectVPCRef</code> (object). ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically. See below for nested schema.</li> <li><code>projectVpcId</code> (string, MaxLength: 36). Identifier of the VPC the service should be in, if any.</li> <li><code>serviceIntegrations</code> (array of objects, Immutable, MaxItems: 1). Service integrations to specify when creating a service. Not applied after initial service creation. See below for nested schema.</li> <li><code>tags</code> (object, AdditionalProperties: string). Tags are key-value pairs that allow you to categorize services.</li> <li><code>terminationProtection</code> (boolean). Prevent service from being deleted. It is recommended to have this enabled for all services.</li> <li><code>userConfig</code> (object). Cassandra specific user configuration options. See below for nested schema.</li> </ul>"},{"location":"api-reference/grafana.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/grafana.html#spec.connInfoSecretTarget","title":"connInfoSecretTarget","text":"<p>Appears on <code>spec</code>.</p> <p>Information regarding secret creation. Exposed keys: <code>GRAFANA_HOST</code>, <code>GRAFANA_PORT</code>, <code>GRAFANA_USER</code>, <code>GRAFANA_PASSWORD</code>, <code>GRAFANA_URI</code>, <code>GRAFANA_HOSTS</code>.</p> <p>Required</p> <ul> <li><code>name</code> (string). Name of the secret resource to be created. By default, is equal to the resource name.</li> </ul> <p>Optional</p> <ul> <li><code>annotations</code> (object, AdditionalProperties: string). Annotations added to the secret.</li> <li><code>labels</code> (object, AdditionalProperties: string). Labels added to the secret.</li> <li><code>prefix</code> (string). Prefix for the secret's keys. Added \"as is\" without any transformations. By default, is equal to the kind name in uppercase + underscore, e.g. <code>KAFKA_</code>, <code>REDIS_</code>, etc.</li> </ul>"},{"location":"api-reference/grafana.html#spec.projectVPCRef","title":"projectVPCRef","text":"<p>Appears on <code>spec</code>.</p> <p>ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically.</p> <p>Required</p> <ul> <li><code>name</code> (string, MinLength: 1). </li> </ul> <p>Optional</p> <ul> <li><code>namespace</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/grafana.html#spec.serviceIntegrations","title":"serviceIntegrations","text":"<p>Appears on <code>spec</code>.</p> <p>Service integrations to specify when creating a service. Not applied after initial service creation.</p> <p>Required</p> <ul> <li><code>integrationType</code> (string, Enum: <code>read_replica</code>). </li> <li><code>sourceServiceName</code> (string, MinLength: 1, MaxLength: 64). </li> </ul>"},{"location":"api-reference/grafana.html#spec.userConfig","title":"userConfig","text":"<p>Appears on <code>spec</code>.</p> <p>Cassandra specific user configuration options.</p> <p>Optional</p> <ul> <li><code>additional_backup_regions</code> (array of strings, MaxItems: 1). Additional Cloud Regions for Backup Replication.</li> <li><code>alerting_enabled</code> (boolean). Enable or disable Grafana legacy alerting functionality. This should not be enabled with unified_alerting_enabled.</li> <li><code>alerting_error_or_timeout</code> (string, Enum: <code>alerting</code>, <code>keep_state</code>). Default error or timeout setting for new alerting rules.</li> <li><code>alerting_max_annotations_to_keep</code> (integer, Minimum: 0, Maximum: 1000000). Max number of alert annotations that Grafana stores. 0 (default) keeps all alert annotations.</li> <li><code>alerting_nodata_or_nullvalues</code> (string, Enum: <code>alerting</code>, <code>no_data</code>, <code>keep_state</code>, <code>ok</code>). Default value for 'no data or null values' for new alerting rules.</li> <li><code>allow_embedding</code> (boolean). Allow embedding Grafana dashboards with iframe/frame/object/embed tags. Disabled by default to limit impact of clickjacking.</li> <li><code>auth_azuread</code> (object). Azure AD OAuth integration. See below for nested schema.</li> <li><code>auth_basic_enabled</code> (boolean). Enable or disable basic authentication form, used by Grafana built-in login.</li> <li><code>auth_generic_oauth</code> (object). Generic OAuth integration. See below for nested schema.</li> <li><code>auth_github</code> (object). Github Auth integration. See below for nested schema.</li> <li><code>auth_gitlab</code> (object). GitLab Auth integration. See below for nested schema.</li> <li><code>auth_google</code> (object). Google Auth integration. See below for nested schema.</li> <li><code>cookie_samesite</code> (string, Enum: <code>lax</code>, <code>strict</code>, <code>none</code>). Cookie SameSite attribute: <code>strict</code> prevents sending cookie for cross-site requests, effectively disabling direct linking from other sites to Grafana. <code>lax</code> is the default value.</li> <li><code>custom_domain</code> (string, MaxLength: 255). Serve the web frontend using a custom CNAME pointing to the Aiven DNS name.</li> <li><code>dashboard_previews_enabled</code> (boolean). This feature is new in Grafana 9 and is quite resource intensive. It may cause low-end plans to work more slowly while the dashboard previews are rendering.</li> <li><code>dashboards_min_refresh_interval</code> (string, Pattern: <code>^[0-9]+(ms|s|m|h|d)$</code>, MaxLength: 16). Signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s, 1h.</li> <li><code>dashboards_versions_to_keep</code> (integer, Minimum: 1, Maximum: 100). Dashboard versions to keep per dashboard.</li> <li><code>dataproxy_send_user_header</code> (boolean). Send <code>X-Grafana-User</code> header to data source.</li> <li><code>dataproxy_timeout</code> (integer, Minimum: 15, Maximum: 90). Timeout for data proxy requests in seconds.</li> <li><code>date_formats</code> (object). Grafana date format specifications. See below for nested schema.</li> <li><code>disable_gravatar</code> (boolean). Set to true to disable gravatar. Defaults to false (gravatar is enabled).</li> <li><code>editors_can_admin</code> (boolean). Editors can manage folders, teams and dashboards created by them.</li> <li><code>external_image_storage</code> (object). External image store settings. See below for nested schema.</li> <li><code>google_analytics_ua_id</code> (string, Pattern: <code>^(G|UA|YT|MO)-[a-zA-Z0-9-]+$</code>, MaxLength: 64). Google Analytics ID.</li> <li><code>ip_filter</code> (array of objects, MaxItems: 1024). Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>. See below for nested schema.</li> <li><code>metrics_enabled</code> (boolean). Enable Grafana /metrics endpoint.</li> <li><code>oauth_allow_insecure_email_lookup</code> (boolean). Enforce user lookup based on email instead of the unique ID provided by the IdP.</li> <li><code>private_access</code> (object). Allow access to selected service ports from private networks. See below for nested schema.</li> <li><code>privatelink_access</code> (object). Allow access to selected service components through Privatelink. See below for nested schema.</li> <li><code>project_to_fork_from</code> (string, Immutable, MaxLength: 63). Name of another project to fork a service from. This has effect only when a new service is being created.</li> <li><code>public_access</code> (object). Allow access to selected service ports from the public Internet. See below for nested schema.</li> <li><code>recovery_basebackup_name</code> (string, Pattern: <code>^[a-zA-Z0-9-_:.]+$</code>, MaxLength: 128). Name of the basebackup to restore in forked service.</li> <li><code>service_log</code> (boolean). Store logs for the service so that they are available in the HTTP API and console.</li> <li><code>service_to_fork_from</code> (string, Immutable, MaxLength: 64). Name of another service to fork from. This has effect only when a new service is being created.</li> <li><code>smtp_server</code> (object). SMTP server settings. See below for nested schema.</li> <li><code>static_ips</code> (boolean). Use static public IP addresses.</li> <li><code>unified_alerting_enabled</code> (boolean). Enable or disable Grafana unified alerting functionality. By default this is enabled and any legacy alerts will be migrated on upgrade to Grafana 9+. To stay on legacy alerting, set unified_alerting_enabled to false and alerting_enabled to true. See https://grafana.com/docs/grafana/latest/alerting/set-up/migrating-alerts/ for more details.</li> <li><code>user_auto_assign_org</code> (boolean). Auto-assign new users on signup to main organization. Defaults to false.</li> <li><code>user_auto_assign_org_role</code> (string, Enum: <code>Viewer</code>, <code>Admin</code>, <code>Editor</code>). Set role for new signups. Defaults to Viewer.</li> <li><code>viewers_can_edit</code> (boolean). Users with view-only permission can edit but not save dashboards.</li> </ul>"},{"location":"api-reference/grafana.html#spec.userConfig.auth_azuread","title":"auth_azuread","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Azure AD OAuth integration.</p> <p>Required</p> <ul> <li><code>auth_url</code> (string, MaxLength: 2048). Authorization URL.</li> <li><code>client_id</code> (string, Pattern: <code>^[\\040-\\176]+$</code>, MaxLength: 1024). Client ID from provider.</li> <li><code>client_secret</code> (string, Pattern: <code>^[\\040-\\176]+$</code>, MaxLength: 1024). Client secret from provider.</li> <li><code>token_url</code> (string, MaxLength: 2048). Token URL.</li> </ul> <p>Optional</p> <ul> <li><code>allow_sign_up</code> (boolean). Automatically sign-up users on successful sign-in.</li> <li><code>allowed_domains</code> (array of strings, MaxItems: 50). Allowed domains.</li> <li><code>allowed_groups</code> (array of strings, MaxItems: 50). Require users to belong to one of given groups.</li> </ul>"},{"location":"api-reference/grafana.html#spec.userConfig.auth_generic_oauth","title":"auth_generic_oauth","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Generic OAuth integration.</p> <p>Required</p> <ul> <li><code>api_url</code> (string, MaxLength: 2048). API URL.</li> <li><code>auth_url</code> (string, MaxLength: 2048). Authorization URL.</li> <li><code>client_id</code> (string, Pattern: <code>^[\\040-\\176]+$</code>, MaxLength: 1024). Client ID from provider.</li> <li><code>client_secret</code> (string, Pattern: <code>^[\\040-\\176]+$</code>, MaxLength: 1024). Client secret from provider.</li> <li><code>token_url</code> (string, MaxLength: 2048). Token URL.</li> </ul> <p>Optional</p> <ul> <li><code>allow_sign_up</code> (boolean). Automatically sign-up users on successful sign-in.</li> <li><code>allowed_domains</code> (array of strings, MaxItems: 50). Allowed domains.</li> <li><code>allowed_organizations</code> (array of strings, MaxItems: 50). Require user to be member of one of the listed organizations.</li> <li><code>auto_login</code> (boolean). Allow users to bypass the login screen and automatically log in.</li> <li><code>name</code> (string, Pattern: <code>^[a-zA-Z0-9_\\- ]+$</code>, MaxLength: 128). Name of the OAuth integration.</li> <li><code>scopes</code> (array of strings, MaxItems: 50). OAuth scopes.</li> </ul>"},{"location":"api-reference/grafana.html#spec.userConfig.auth_github","title":"auth_github","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Github Auth integration.</p> <p>Required</p> <ul> <li><code>client_id</code> (string, Pattern: <code>^[\\040-\\176]+$</code>, MaxLength: 1024). Client ID from provider.</li> <li><code>client_secret</code> (string, Pattern: <code>^[\\040-\\176]+$</code>, MaxLength: 1024). Client secret from provider.</li> </ul> <p>Optional</p> <ul> <li><code>allow_sign_up</code> (boolean). Automatically sign-up users on successful sign-in.</li> <li><code>allowed_organizations</code> (array of strings, MaxItems: 50). Require users to belong to one of given organizations.</li> <li><code>team_ids</code> (array of integers, MaxItems: 50). Require users to belong to one of given team IDs.</li> </ul>"},{"location":"api-reference/grafana.html#spec.userConfig.auth_gitlab","title":"auth_gitlab","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>GitLab Auth integration.</p> <p>Required</p> <ul> <li><code>allowed_groups</code> (array of strings, MaxItems: 50). Require users to belong to one of given groups.</li> <li><code>client_id</code> (string, Pattern: <code>^[\\040-\\176]+$</code>, MaxLength: 1024). Client ID from provider.</li> <li><code>client_secret</code> (string, Pattern: <code>^[\\040-\\176]+$</code>, MaxLength: 1024). Client secret from provider.</li> </ul> <p>Optional</p> <ul> <li><code>allow_sign_up</code> (boolean). Automatically sign-up users on successful sign-in.</li> <li><code>api_url</code> (string, MaxLength: 2048). API URL. This only needs to be set when using self hosted GitLab.</li> <li><code>auth_url</code> (string, MaxLength: 2048). Authorization URL. This only needs to be set when using self hosted GitLab.</li> <li><code>token_url</code> (string, MaxLength: 2048). Token URL. This only needs to be set when using self hosted GitLab.</li> </ul>"},{"location":"api-reference/grafana.html#spec.userConfig.auth_google","title":"auth_google","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Google Auth integration.</p> <p>Required</p> <ul> <li><code>allowed_domains</code> (array of strings, MaxItems: 64). Domains allowed to sign-in to this Grafana.</li> <li><code>client_id</code> (string, Pattern: <code>^[\\040-\\176]+$</code>, MaxLength: 1024). Client ID from provider.</li> <li><code>client_secret</code> (string, Pattern: <code>^[\\040-\\176]+$</code>, MaxLength: 1024). Client secret from provider.</li> </ul> <p>Optional</p> <ul> <li><code>allow_sign_up</code> (boolean). Automatically sign-up users on successful sign-in.</li> </ul>"},{"location":"api-reference/grafana.html#spec.userConfig.date_formats","title":"date_formats","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Grafana date format specifications.</p> <p>Optional</p> <ul> <li><code>default_timezone</code> (string, MaxLength: 64). Default time zone for user preferences. Value <code>browser</code> uses browser local time zone.</li> <li><code>full_date</code> (string, MaxLength: 128). Moment.js style format string for cases where full date is shown.</li> <li><code>interval_day</code> (string, MaxLength: 128). Moment.js style format string used when a time requiring day accuracy is shown.</li> <li><code>interval_hour</code> (string, MaxLength: 128). Moment.js style format string used when a time requiring hour accuracy is shown.</li> <li><code>interval_minute</code> (string, MaxLength: 128). Moment.js style format string used when a time requiring minute accuracy is shown.</li> <li><code>interval_month</code> (string, MaxLength: 128). Moment.js style format string used when a time requiring month accuracy is shown.</li> <li><code>interval_second</code> (string, MaxLength: 128). Moment.js style format string used when a time requiring second accuracy is shown.</li> <li><code>interval_year</code> (string, MaxLength: 128). Moment.js style format string used when a time requiring year accuracy is shown.</li> </ul>"},{"location":"api-reference/grafana.html#spec.userConfig.external_image_storage","title":"external_image_storage","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>External image store settings.</p> <p>Required</p> <ul> <li><code>access_key</code> (string, Pattern: <code>^[A-Z0-9]+$</code>, MaxLength: 4096). S3 access key. Requires permissions to the S3 bucket for the s3:PutObject and s3:PutObjectAcl actions.</li> <li><code>bucket_url</code> (string, MaxLength: 2048). Bucket URL for S3.</li> <li><code>provider</code> (string, Enum: <code>s3</code>). Provider type.</li> <li><code>secret_key</code> (string, Pattern: <code>^[A-Za-z0-9/+=]+$</code>, MaxLength: 4096). S3 secret key.</li> </ul>"},{"location":"api-reference/grafana.html#spec.userConfig.ip_filter","title":"ip_filter","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>.</p> <p>Required</p> <ul> <li><code>network</code> (string, MaxLength: 43). CIDR address block.</li> </ul> <p>Optional</p> <ul> <li><code>description</code> (string, MaxLength: 1024). Description for IP filter list entry.</li> </ul>"},{"location":"api-reference/grafana.html#spec.userConfig.private_access","title":"private_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from private networks.</p> <p>Required</p> <ul> <li><code>grafana</code> (boolean). Allow clients to connect to grafana with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> </ul>"},{"location":"api-reference/grafana.html#spec.userConfig.privatelink_access","title":"privatelink_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service components through Privatelink.</p> <p>Required</p> <ul> <li><code>grafana</code> (boolean). Enable grafana.</li> </ul>"},{"location":"api-reference/grafana.html#spec.userConfig.public_access","title":"public_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from the public Internet.</p> <p>Required</p> <ul> <li><code>grafana</code> (boolean). Allow clients to connect to grafana from the public internet for service nodes that are in a project VPC or another type of private network.</li> </ul>"},{"location":"api-reference/grafana.html#spec.userConfig.smtp_server","title":"smtp_server","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>SMTP server settings.</p> <p>Required</p> <ul> <li><code>from_address</code> (string, MaxLength: 319). Address used for sending emails.</li> <li><code>host</code> (string, MaxLength: 255). Server hostname or IP.</li> <li><code>port</code> (integer, Minimum: 1, Maximum: 65535). SMTP server port.</li> </ul> <p>Optional</p> <ul> <li><code>from_name</code> (string, Pattern: <code>^[^\\x00-\\x1F]+$</code>, MaxLength: 128). Name used in outgoing emails, defaults to Grafana.</li> <li><code>password</code> (string, Pattern: <code>^[^\\x00-\\x1F]+$</code>, MaxLength: 255). Password for SMTP authentication.</li> <li><code>skip_verify</code> (boolean). Skip verifying server certificate. Defaults to false.</li> <li><code>starttls_policy</code> (string, Enum: <code>OpportunisticStartTLS</code>, <code>MandatoryStartTLS</code>, <code>NoStartTLS</code>). Either OpportunisticStartTLS, MandatoryStartTLS or NoStartTLS. Default is OpportunisticStartTLS.</li> <li><code>username</code> (string, Pattern: <code>^[^\\x00-\\x1F]+$</code>, MaxLength: 255). Username for SMTP authentication.</li> </ul>"},{"location":"api-reference/kafka.html","title":"Kafka","text":""},{"location":"api-reference/kafka.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: Kafka\nmetadata:\n  name: my-kafka\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: kafka-secret\n    prefix: MY_SECRET_PREFIX_\n    annotations:\n      foo: bar\n    labels:\n      baz: egg\n\n  project: my-aiven-project\n  cloudName: google-europe-west1\n  plan: startup-2\n\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n</code></pre>"},{"location":"api-reference/kafka.html#Kafka","title":"Kafka","text":"<p>Kafka is the Schema for the kafkas API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>Kafka</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). KafkaSpec defines the desired state of Kafka. See below for nested schema.</li> </ul>"},{"location":"api-reference/kafka.html#spec","title":"spec","text":"<p>Appears on <code>Kafka</code>.</p> <p>KafkaSpec defines the desired state of Kafka.</p> <p>Required</p> <ul> <li><code>plan</code> (string, MaxLength: 128). Subscription plan.</li> <li><code>project</code> (string, Immutable, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Target project.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>cloudName</code> (string, MaxLength: 256). Cloud the service runs in.</li> <li><code>connInfoSecretTarget</code> (object). Information regarding secret creation. Exposed keys: <code>KAFKA_HOST</code>, <code>KAFKA_PORT</code>, <code>KAFKA_USERNAME</code>, <code>KAFKA_PASSWORD</code>, <code>KAFKA_ACCESS_CERT</code>, <code>KAFKA_ACCESS_KEY</code>, <code>KAFKA_SASL_HOST</code>, <code>KAFKA_SASL_PORT</code>, <code>KAFKA_SCHEMA_REGISTRY_HOST</code>, <code>KAFKA_SCHEMA_REGISTRY_PORT</code>, <code>KAFKA_CONNECT_HOST</code>, <code>KAFKA_CONNECT_PORT</code>, <code>KAFKA_REST_HOST</code>, <code>KAFKA_REST_PORT</code>. See below for nested schema.</li> <li><code>disk_space</code> (string, Format: <code>^[1-9][0-9]*(GiB|G)*</code>). The disk space of the service, possible values depend on the service type, the cloud provider and the project. Reducing will result in the service re-balancing.</li> <li><code>karapace</code> (boolean). Switch the service to use Karapace for schema registry and REST proxy.</li> <li><code>maintenanceWindowDow</code> (string, Enum: <code>monday</code>, <code>tuesday</code>, <code>wednesday</code>, <code>thursday</code>, <code>friday</code>, <code>saturday</code>, <code>sunday</code>). Day of week when maintenance operations should be performed. One monday, tuesday, wednesday, etc.</li> <li><code>maintenanceWindowTime</code> (string, MaxLength: 8). Time of day when maintenance operations should be performed. UTC time in HH:mm:ss format.</li> <li><code>projectVPCRef</code> (object). ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically. See below for nested schema.</li> <li><code>projectVpcId</code> (string, MaxLength: 36). Identifier of the VPC the service should be in, if any.</li> <li><code>serviceIntegrations</code> (array of objects, Immutable, MaxItems: 1). Service integrations to specify when creating a service. Not applied after initial service creation. See below for nested schema.</li> <li><code>tags</code> (object, AdditionalProperties: string). Tags are key-value pairs that allow you to categorize services.</li> <li><code>terminationProtection</code> (boolean). Prevent service from being deleted. It is recommended to have this enabled for all services.</li> <li><code>userConfig</code> (object). Kafka specific user configuration options. See below for nested schema.</li> </ul>"},{"location":"api-reference/kafka.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/kafka.html#spec.connInfoSecretTarget","title":"connInfoSecretTarget","text":"<p>Appears on <code>spec</code>.</p> <p>Information regarding secret creation. Exposed keys: <code>KAFKA_HOST</code>, <code>KAFKA_PORT</code>, <code>KAFKA_USERNAME</code>, <code>KAFKA_PASSWORD</code>, <code>KAFKA_ACCESS_CERT</code>, <code>KAFKA_ACCESS_KEY</code>, <code>KAFKA_SASL_HOST</code>, <code>KAFKA_SASL_PORT</code>, <code>KAFKA_SCHEMA_REGISTRY_HOST</code>, <code>KAFKA_SCHEMA_REGISTRY_PORT</code>, <code>KAFKA_CONNECT_HOST</code>, <code>KAFKA_CONNECT_PORT</code>, <code>KAFKA_REST_HOST</code>, <code>KAFKA_REST_PORT</code>.</p> <p>Required</p> <ul> <li><code>name</code> (string). Name of the secret resource to be created. By default, is equal to the resource name.</li> </ul> <p>Optional</p> <ul> <li><code>annotations</code> (object, AdditionalProperties: string). Annotations added to the secret.</li> <li><code>labels</code> (object, AdditionalProperties: string). Labels added to the secret.</li> <li><code>prefix</code> (string). Prefix for the secret's keys. Added \"as is\" without any transformations. By default, is equal to the kind name in uppercase + underscore, e.g. <code>KAFKA_</code>, <code>REDIS_</code>, etc.</li> </ul>"},{"location":"api-reference/kafka.html#spec.projectVPCRef","title":"projectVPCRef","text":"<p>Appears on <code>spec</code>.</p> <p>ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically.</p> <p>Required</p> <ul> <li><code>name</code> (string, MinLength: 1). </li> </ul> <p>Optional</p> <ul> <li><code>namespace</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/kafka.html#spec.serviceIntegrations","title":"serviceIntegrations","text":"<p>Appears on <code>spec</code>.</p> <p>Service integrations to specify when creating a service. Not applied after initial service creation.</p> <p>Required</p> <ul> <li><code>integrationType</code> (string, Enum: <code>read_replica</code>). </li> <li><code>sourceServiceName</code> (string, MinLength: 1, MaxLength: 64). </li> </ul>"},{"location":"api-reference/kafka.html#spec.userConfig","title":"userConfig","text":"<p>Appears on <code>spec</code>.</p> <p>Kafka specific user configuration options.</p> <p>Optional</p> <ul> <li><code>additional_backup_regions</code> (array of strings, MaxItems: 1). Additional Cloud Regions for Backup Replication.</li> <li><code>aiven_kafka_topic_messages</code> (boolean). Allow access to read Kafka topic messages in the Aiven Console and REST API.</li> <li><code>custom_domain</code> (string, MaxLength: 255). Serve the web frontend using a custom CNAME pointing to the Aiven DNS name.</li> <li><code>ip_filter</code> (array of objects, MaxItems: 1024). Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>. See below for nested schema.</li> <li><code>kafka</code> (object). Kafka broker configuration values. See below for nested schema.</li> <li><code>kafka_authentication_methods</code> (object). Kafka authentication methods. See below for nested schema.</li> <li><code>kafka_connect</code> (boolean). Enable Kafka Connect service.</li> <li><code>kafka_connect_config</code> (object). Kafka Connect configuration values. See below for nested schema.</li> <li><code>kafka_rest</code> (boolean). Enable Kafka-REST service.</li> <li><code>kafka_rest_authorization</code> (boolean). Enable authorization in Kafka-REST service.</li> <li><code>kafka_rest_config</code> (object). Kafka REST configuration. See below for nested schema.</li> <li><code>kafka_version</code> (string, Enum: <code>3.3</code>, <code>3.1</code>, <code>3.4</code>, <code>3.5</code>, <code>3.6</code>). Kafka major version.</li> <li><code>private_access</code> (object). Allow access to selected service ports from private networks. See below for nested schema.</li> <li><code>privatelink_access</code> (object). Allow access to selected service components through Privatelink. See below for nested schema.</li> <li><code>public_access</code> (object). Allow access to selected service ports from the public Internet. See below for nested schema.</li> <li><code>schema_registry</code> (boolean). Enable Schema-Registry service.</li> <li><code>schema_registry_config</code> (object). Schema Registry configuration. See below for nested schema.</li> <li><code>service_log</code> (boolean). Store logs for the service so that they are available in the HTTP API and console.</li> <li><code>static_ips</code> (boolean). Use static public IP addresses.</li> <li><code>tiered_storage</code> (object). Tiered storage configuration. See below for nested schema.</li> </ul>"},{"location":"api-reference/kafka.html#spec.userConfig.ip_filter","title":"ip_filter","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>.</p> <p>Required</p> <ul> <li><code>network</code> (string, MaxLength: 43). CIDR address block.</li> </ul> <p>Optional</p> <ul> <li><code>description</code> (string, MaxLength: 1024). Description for IP filter list entry.</li> </ul>"},{"location":"api-reference/kafka.html#spec.userConfig.kafka","title":"kafka","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Kafka broker configuration values.</p> <p>Optional</p> <ul> <li><code>auto_create_topics_enable</code> (boolean). Enable auto creation of topics.</li> <li><code>compression_type</code> (string, Enum: <code>gzip</code>, <code>snappy</code>, <code>lz4</code>, <code>zstd</code>, <code>uncompressed</code>, <code>producer</code>). Specify the final compression type for a given topic. This configuration accepts the standard compression codecs (<code>gzip</code>, <code>snappy</code>, <code>lz4</code>, <code>zstd</code>). It additionally accepts <code>uncompressed</code> which is equivalent to no compression; and <code>producer</code> which means retain the original compression codec set by the producer.</li> <li><code>connections_max_idle_ms</code> (integer, Minimum: 1000, Maximum: 3600000). Idle connections timeout: the server socket processor threads close the connections that idle for longer than this.</li> <li><code>default_replication_factor</code> (integer, Minimum: 1, Maximum: 10). Replication factor for autocreated topics.</li> <li><code>group_initial_rebalance_delay_ms</code> (integer, Minimum: 0, Maximum: 300000). The amount of time, in milliseconds, the group coordinator will wait for more consumers to join a new group before performing the first rebalance. A longer delay means potentially fewer rebalances, but increases the time until processing begins. The default value for this is 3 seconds. During development and testing it might be desirable to set this to 0 in order to not delay test execution time.</li> <li><code>group_max_session_timeout_ms</code> (integer, Minimum: 0, Maximum: 1800000). The maximum allowed session timeout for registered consumers. Longer timeouts give consumers more time to process messages in between heartbeats at the cost of a longer time to detect failures.</li> <li><code>group_min_session_timeout_ms</code> (integer, Minimum: 0, Maximum: 60000). The minimum allowed session timeout for registered consumers. Longer timeouts give consumers more time to process messages in between heartbeats at the cost of a longer time to detect failures.</li> <li><code>log_cleaner_delete_retention_ms</code> (integer, Minimum: 0, Maximum: 315569260000). How long are delete records retained?.</li> <li><code>log_cleaner_max_compaction_lag_ms</code> (integer, Minimum: 30000). The maximum amount of time message will remain uncompacted. Only applicable for logs that are being compacted.</li> <li><code>log_cleaner_min_cleanable_ratio</code> (number, Minimum: 0.2, Maximum: 0.9). Controls log compactor frequency. Larger value means more frequent compactions but also more space wasted for logs. Consider setting log.cleaner.max.compaction.lag.ms to enforce compactions sooner, instead of setting a very high value for this option.</li> <li><code>log_cleaner_min_compaction_lag_ms</code> (integer, Minimum: 0). The minimum time a message will remain uncompacted in the log. Only applicable for logs that are being compacted.</li> <li><code>log_cleanup_policy</code> (string, Enum: <code>delete</code>, <code>compact</code>, <code>compact,delete</code>). The default cleanup policy for segments beyond the retention window.</li> <li><code>log_flush_interval_messages</code> (integer, Minimum: 1). The number of messages accumulated on a log partition before messages are flushed to disk.</li> <li><code>log_flush_interval_ms</code> (integer, Minimum: 0). The maximum time in ms that a message in any topic is kept in memory before flushed to disk. If not set, the value in log.flush.scheduler.interval.ms is used.</li> <li><code>log_index_interval_bytes</code> (integer, Minimum: 0, Maximum: 104857600). The interval with which Kafka adds an entry to the offset index.</li> <li><code>log_index_size_max_bytes</code> (integer, Minimum: 1048576, Maximum: 104857600). The maximum size in bytes of the offset index.</li> <li><code>log_local_retention_bytes</code> (integer, Minimum: -2). The maximum size of local log segments that can grow for a partition before it gets eligible for deletion. If set to -2, the value of log.retention.bytes is used. The effective value should always be less than or equal to log.retention.bytes value.</li> <li><code>log_local_retention_ms</code> (integer, Minimum: -2). The number of milliseconds to keep the local log segments before it gets eligible for deletion. If set to -2, the value of log.retention.ms is used. The effective value should always be less than or equal to log.retention.ms value.</li> <li><code>log_message_downconversion_enable</code> (boolean). This configuration controls whether down-conversion of message formats is enabled to satisfy consume requests.</li> <li><code>log_message_timestamp_difference_max_ms</code> (integer, Minimum: 0). The maximum difference allowed between the timestamp when a broker receives a message and the timestamp specified in the message.</li> <li><code>log_message_timestamp_type</code> (string, Enum: <code>CreateTime</code>, <code>LogAppendTime</code>). Define whether the timestamp in the message is message create time or log append time.</li> <li><code>log_preallocate</code> (boolean). Should pre allocate file when create new segment?.</li> <li><code>log_retention_bytes</code> (integer, Minimum: -1). The maximum size of the log before deleting messages.</li> <li><code>log_retention_hours</code> (integer, Minimum: -1, Maximum: 2147483647). The number of hours to keep a log file before deleting it.</li> <li><code>log_retention_ms</code> (integer, Minimum: -1). The number of milliseconds to keep a log file before deleting it (in milliseconds), If not set, the value in log.retention.minutes is used. If set to -1, no time limit is applied.</li> <li><code>log_roll_jitter_ms</code> (integer, Minimum: 0). The maximum jitter to subtract from logRollTimeMillis (in milliseconds). If not set, the value in log.roll.jitter.hours is used.</li> <li><code>log_roll_ms</code> (integer, Minimum: 1). The maximum time before a new log segment is rolled out (in milliseconds).</li> <li><code>log_segment_bytes</code> (integer, Minimum: 10485760, Maximum: 1073741824). The maximum size of a single log file.</li> <li><code>log_segment_delete_delay_ms</code> (integer, Minimum: 0, Maximum: 3600000). The amount of time to wait before deleting a file from the filesystem.</li> <li><code>max_connections_per_ip</code> (integer, Minimum: 256, Maximum: 2147483647). The maximum number of connections allowed from each ip address (defaults to 2147483647).</li> <li><code>max_incremental_fetch_session_cache_slots</code> (integer, Minimum: 1000, Maximum: 10000). The maximum number of incremental fetch sessions that the broker will maintain.</li> <li><code>message_max_bytes</code> (integer, Minimum: 0, Maximum: 100001200). The maximum size of message that the server can receive.</li> <li><code>min_insync_replicas</code> (integer, Minimum: 1, Maximum: 7). When a producer sets acks to <code>all</code> (or <code>-1</code>), min.insync.replicas specifies the minimum number of replicas that must acknowledge a write for the write to be considered successful.</li> <li><code>num_partitions</code> (integer, Minimum: 1, Maximum: 1000). Number of partitions for autocreated topics.</li> <li><code>offsets_retention_minutes</code> (integer, Minimum: 1, Maximum: 2147483647). Log retention window in minutes for offsets topic.</li> <li><code>producer_purgatory_purge_interval_requests</code> (integer, Minimum: 10, Maximum: 10000). The purge interval (in number of requests) of the producer request purgatory(defaults to 1000).</li> <li><code>replica_fetch_max_bytes</code> (integer, Minimum: 1048576, Maximum: 104857600). The number of bytes of messages to attempt to fetch for each partition (defaults to 1048576). This is not an absolute maximum, if the first record batch in the first non-empty partition of the fetch is larger than this value, the record batch will still be returned to ensure that progress can be made.</li> <li><code>replica_fetch_response_max_bytes</code> (integer, Minimum: 10485760, Maximum: 1048576000). Maximum bytes expected for the entire fetch response (defaults to 10485760). Records are fetched in batches, and if the first record batch in the first non-empty partition of the fetch is larger than this value, the record batch will still be returned to ensure that progress can be made. As such, this is not an absolute maximum.</li> <li><code>sasl_oauthbearer_expected_audience</code> (string, MaxLength: 128). The (optional) comma-delimited setting for the broker to use to verify that the JWT was issued for one of the expected audiences.</li> <li><code>sasl_oauthbearer_expected_issuer</code> (string, MaxLength: 128). Optional setting for the broker to use to verify that the JWT was created by the expected issuer.</li> <li><code>sasl_oauthbearer_jwks_endpoint_url</code> (string, MaxLength: 2048). OIDC JWKS endpoint URL. By setting this the SASL SSL OAuth2/OIDC authentication is enabled. See also other options for SASL OAuth2/OIDC.</li> <li><code>sasl_oauthbearer_sub_claim_name</code> (string, MaxLength: 128). Name of the scope from which to extract the subject claim from the JWT. Defaults to sub.</li> <li><code>socket_request_max_bytes</code> (integer, Minimum: 10485760, Maximum: 209715200). The maximum number of bytes in a socket request (defaults to 104857600).</li> <li><code>transaction_partition_verification_enable</code> (boolean). Enable verification that checks that the partition has been added to the transaction before writing transactional records to the partition.</li> <li><code>transaction_remove_expired_transaction_cleanup_interval_ms</code> (integer, Minimum: 600000, Maximum: 3600000). The interval at which to remove transactions that have expired due to transactional.id.expiration.ms passing (defaults to 3600000 (1 hour)).</li> <li><code>transaction_state_log_segment_bytes</code> (integer, Minimum: 1048576, Maximum: 2147483647). The transaction topic segment bytes should be kept relatively small in order to facilitate faster log compaction and cache loads (defaults to 104857600 (100 mebibytes)).</li> </ul>"},{"location":"api-reference/kafka.html#spec.userConfig.kafka_authentication_methods","title":"kafka_authentication_methods","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Kafka authentication methods.</p> <p>Optional</p> <ul> <li><code>certificate</code> (boolean). Enable certificate/SSL authentication.</li> <li><code>sasl</code> (boolean). Enable SASL authentication.</li> </ul>"},{"location":"api-reference/kafka.html#spec.userConfig.kafka_connect_config","title":"kafka_connect_config","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Kafka Connect configuration values.</p> <p>Optional</p> <ul> <li><code>connector_client_config_override_policy</code> (string, Enum: <code>None</code>, <code>All</code>). Defines what client configurations can be overridden by the connector. Default is None.</li> <li><code>consumer_auto_offset_reset</code> (string, Enum: <code>earliest</code>, <code>latest</code>). What to do when there is no initial offset in Kafka or if the current offset does not exist any more on the server. Default is earliest.</li> <li><code>consumer_fetch_max_bytes</code> (integer, Minimum: 1048576, Maximum: 104857600). Records are fetched in batches by the consumer, and if the first record batch in the first non-empty partition of the fetch is larger than this value, the record batch will still be returned to ensure that the consumer can make progress. As such, this is not a absolute maximum.</li> <li><code>consumer_isolation_level</code> (string, Enum: <code>read_uncommitted</code>, <code>read_committed</code>). Transaction read isolation level. read_uncommitted is the default, but read_committed can be used if consume-exactly-once behavior is desired.</li> <li><code>consumer_max_partition_fetch_bytes</code> (integer, Minimum: 1048576, Maximum: 104857600). Records are fetched in batches by the consumer.If the first record batch in the first non-empty partition of the fetch is larger than this limit, the batch will still be returned to ensure that the consumer can make progress.</li> <li><code>consumer_max_poll_interval_ms</code> (integer, Minimum: 1, Maximum: 2147483647). The maximum delay in milliseconds between invocations of poll() when using consumer group management (defaults to 300000).</li> <li><code>consumer_max_poll_records</code> (integer, Minimum: 1, Maximum: 10000). The maximum number of records returned in a single call to poll() (defaults to 500).</li> <li><code>offset_flush_interval_ms</code> (integer, Minimum: 1, Maximum: 100000000). The interval at which to try committing offsets for tasks (defaults to 60000).</li> <li><code>offset_flush_timeout_ms</code> (integer, Minimum: 1, Maximum: 2147483647). Maximum number of milliseconds to wait for records to flush and partition offset data to be committed to offset storage before cancelling the process and restoring the offset data to be committed in a future attempt (defaults to 5000).</li> <li><code>producer_batch_size</code> (integer, Minimum: 0, Maximum: 5242880). This setting gives the upper bound of the batch size to be sent. If there are fewer than this many bytes accumulated for this partition, the producer will <code>linger</code> for the linger.ms time waiting for more records to show up. A batch size of zero will disable batching entirely (defaults to 16384).</li> <li><code>producer_buffer_memory</code> (integer, Minimum: 5242880, Maximum: 134217728). The total bytes of memory the producer can use to buffer records waiting to be sent to the broker (defaults to 33554432).</li> <li><code>producer_compression_type</code> (string, Enum: <code>gzip</code>, <code>snappy</code>, <code>lz4</code>, <code>zstd</code>, <code>none</code>). Specify the default compression type for producers. This configuration accepts the standard compression codecs (<code>gzip</code>, <code>snappy</code>, <code>lz4</code>, <code>zstd</code>). It additionally accepts <code>none</code> which is the default and equivalent to no compression.</li> <li><code>producer_linger_ms</code> (integer, Minimum: 0, Maximum: 5000). This setting gives the upper bound on the delay for batching: once there is batch.size worth of records for a partition it will be sent immediately regardless of this setting, however if there are fewer than this many bytes accumulated for this partition the producer will <code>linger</code> for the specified time waiting for more records to show up. Defaults to 0.</li> <li><code>producer_max_request_size</code> (integer, Minimum: 131072, Maximum: 67108864). This setting will limit the number of record batches the producer will send in a single request to avoid sending huge requests.</li> <li><code>scheduled_rebalance_max_delay_ms</code> (integer, Minimum: 0, Maximum: 600000). The maximum delay that is scheduled in order to wait for the return of one or more departed workers before rebalancing and reassigning their connectors and tasks to the group. During this period the connectors and tasks of the departed workers remain unassigned.  Defaults to 5 minutes.</li> <li><code>session_timeout_ms</code> (integer, Minimum: 1, Maximum: 2147483647). The timeout in milliseconds used to detect failures when using Kafka\u2019s group management facilities (defaults to 10000).</li> </ul>"},{"location":"api-reference/kafka.html#spec.userConfig.kafka_rest_config","title":"kafka_rest_config","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Kafka REST configuration.</p> <p>Optional</p> <ul> <li><code>consumer_enable_auto_commit</code> (boolean). If true the consumer's offset will be periodically committed to Kafka in the background.</li> <li><code>consumer_request_max_bytes</code> (integer, Minimum: 0, Maximum: 671088640). Maximum number of bytes in unencoded message keys and values by a single request.</li> <li><code>consumer_request_timeout_ms</code> (integer, Enum: <code>1000</code>, <code>15000</code>, <code>30000</code>, Minimum: 1000, Maximum: 30000). The maximum total time to wait for messages for a request if the maximum number of messages has not yet been reached.</li> <li><code>name_strategy_validation</code> (boolean). If true, validate that given schema is registered under expected subject name by the used name strategy when producing messages.</li> <li><code>producer_acks</code> (string, Enum: <code>all</code>, <code>-1</code>, <code>0</code>, <code>1</code>). The number of acknowledgments the producer requires the leader to have received before considering a request complete. If set to <code>all</code> or <code>-1</code>, the leader will wait for the full set of in-sync replicas to acknowledge the record.</li> <li><code>producer_compression_type</code> (string, Enum: <code>gzip</code>, <code>snappy</code>, <code>lz4</code>, <code>zstd</code>, <code>none</code>). Specify the default compression type for producers. This configuration accepts the standard compression codecs (<code>gzip</code>, <code>snappy</code>, <code>lz4</code>, <code>zstd</code>). It additionally accepts <code>none</code> which is the default and equivalent to no compression.</li> <li><code>producer_linger_ms</code> (integer, Minimum: 0, Maximum: 5000). Wait for up to the given delay to allow batching records together.</li> <li><code>producer_max_request_size</code> (integer, Minimum: 0, Maximum: 2147483647). The maximum size of a request in bytes. Note that Kafka broker can also cap the record batch size.</li> <li><code>simpleconsumer_pool_size_max</code> (integer, Minimum: 10, Maximum: 250). Maximum number of SimpleConsumers that can be instantiated per broker.</li> </ul>"},{"location":"api-reference/kafka.html#spec.userConfig.private_access","title":"private_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from private networks.</p> <p>Optional</p> <ul> <li><code>kafka</code> (boolean). Allow clients to connect to kafka with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> <li><code>kafka_connect</code> (boolean). Allow clients to connect to kafka_connect with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> <li><code>kafka_rest</code> (boolean). Allow clients to connect to kafka_rest with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> <li><code>schema_registry</code> (boolean). Allow clients to connect to schema_registry with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> </ul>"},{"location":"api-reference/kafka.html#spec.userConfig.privatelink_access","title":"privatelink_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service components through Privatelink.</p> <p>Optional</p> <ul> <li><code>jolokia</code> (boolean). Enable jolokia.</li> <li><code>kafka</code> (boolean). Enable kafka.</li> <li><code>kafka_connect</code> (boolean). Enable kafka_connect.</li> <li><code>kafka_rest</code> (boolean). Enable kafka_rest.</li> <li><code>prometheus</code> (boolean). Enable prometheus.</li> <li><code>schema_registry</code> (boolean). Enable schema_registry.</li> </ul>"},{"location":"api-reference/kafka.html#spec.userConfig.public_access","title":"public_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from the public Internet.</p> <p>Optional</p> <ul> <li><code>kafka</code> (boolean). Allow clients to connect to kafka from the public internet for service nodes that are in a project VPC or another type of private network.</li> <li><code>kafka_connect</code> (boolean). Allow clients to connect to kafka_connect from the public internet for service nodes that are in a project VPC or another type of private network.</li> <li><code>kafka_rest</code> (boolean). Allow clients to connect to kafka_rest from the public internet for service nodes that are in a project VPC or another type of private network.</li> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus from the public internet for service nodes that are in a project VPC or another type of private network.</li> <li><code>schema_registry</code> (boolean). Allow clients to connect to schema_registry from the public internet for service nodes that are in a project VPC or another type of private network.</li> </ul>"},{"location":"api-reference/kafka.html#spec.userConfig.schema_registry_config","title":"schema_registry_config","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Schema Registry configuration.</p> <p>Optional</p> <ul> <li><code>leader_eligibility</code> (boolean). If true, Karapace / Schema Registry on the service nodes can participate in leader election. It might be needed to disable this when the schemas topic is replicated to a secondary cluster and Karapace / Schema Registry there must not participate in leader election. Defaults to <code>true</code>.</li> <li><code>topic_name</code> (string, MinLength: 1, MaxLength: 249). The durable single partition topic that acts as the durable log for the data. This topic must be compacted to avoid losing data due to retention policy. Please note that changing this configuration in an existing Schema Registry / Karapace setup leads to previous schemas being inaccessible, data encoded with them potentially unreadable and schema ID sequence put out of order. It's only possible to do the switch while Schema Registry / Karapace is disabled. Defaults to <code>_schemas</code>.</li> </ul>"},{"location":"api-reference/kafka.html#spec.userConfig.tiered_storage","title":"tiered_storage","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Tiered storage configuration.</p> <p>Optional</p> <ul> <li><code>enabled</code> (boolean). Whether to enable the tiered storage functionality.</li> <li><code>local_cache</code> (object). Deprecated. Local cache configuration. See below for nested schema.</li> </ul>"},{"location":"api-reference/kafka.html#spec.userConfig.tiered_storage.local_cache","title":"local_cache","text":"<p>Appears on <code>spec.userConfig.tiered_storage</code>.</p> <p>Deprecated. Local cache configuration.</p> <p>Required</p> <ul> <li><code>size</code> (integer, Minimum: 1, Maximum: 107374182400). Deprecated. Local cache size in bytes.</li> </ul>"},{"location":"api-reference/kafkaacl.html","title":"KafkaACL","text":""},{"location":"api-reference/kafkaacl.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: KafkaACL\nmetadata:\n  name: my-kafka-acl\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: my-aiven-project\n  serviceName: my-kafka\n  topic: my-topic\n  username: my-user\n  permission: admin\n</code></pre>"},{"location":"api-reference/kafkaacl.html#KafkaACL","title":"KafkaACL","text":"<p>KafkaACL is the Schema for the kafkaacls API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>KafkaACL</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). KafkaACLSpec defines the desired state of KafkaACL. See below for nested schema.</li> </ul>"},{"location":"api-reference/kafkaacl.html#spec","title":"spec","text":"<p>Appears on <code>KafkaACL</code>.</p> <p>KafkaACLSpec defines the desired state of KafkaACL.</p> <p>Required</p> <ul> <li><code>permission</code> (string, Enum: <code>admin</code>, <code>read</code>, <code>readwrite</code>, <code>write</code>). Kafka permission to grant (admin, read, readwrite, write).</li> <li><code>project</code> (string, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Project to link the Kafka ACL to.</li> <li><code>serviceName</code> (string, MaxLength: 63). Service to link the Kafka ACL to.</li> <li><code>topic</code> (string). Topic name pattern for the ACL entry.</li> <li><code>username</code> (string). Username pattern for the ACL entry.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> </ul>"},{"location":"api-reference/kafkaacl.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/kafkaconnect.html","title":"KafkaConnect","text":""},{"location":"api-reference/kafkaconnect.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: KafkaConnect\nmetadata:\n  name: my-kafka-connect\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: my-aiven-project\n  cloudName: google-europe-west1\n  plan: business-4\n\n  userConfig:\n    kafka_connect:\n      consumer_isolation_level: read_committed\n    public_access:\n      kafka_connect: true\n</code></pre>"},{"location":"api-reference/kafkaconnect.html#KafkaConnect","title":"KafkaConnect","text":"<p>KafkaConnect is the Schema for the kafkaconnects API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>KafkaConnect</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). KafkaConnectSpec defines the desired state of KafkaConnect. See below for nested schema.</li> </ul>"},{"location":"api-reference/kafkaconnect.html#spec","title":"spec","text":"<p>Appears on <code>KafkaConnect</code>.</p> <p>KafkaConnectSpec defines the desired state of KafkaConnect.</p> <p>Required</p> <ul> <li><code>plan</code> (string, MaxLength: 128). Subscription plan.</li> <li><code>project</code> (string, Immutable, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Target project.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>cloudName</code> (string, MaxLength: 256). Cloud the service runs in.</li> <li><code>maintenanceWindowDow</code> (string, Enum: <code>monday</code>, <code>tuesday</code>, <code>wednesday</code>, <code>thursday</code>, <code>friday</code>, <code>saturday</code>, <code>sunday</code>). Day of week when maintenance operations should be performed. One monday, tuesday, wednesday, etc.</li> <li><code>maintenanceWindowTime</code> (string, MaxLength: 8). Time of day when maintenance operations should be performed. UTC time in HH:mm:ss format.</li> <li><code>projectVPCRef</code> (object). ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically. See below for nested schema.</li> <li><code>projectVpcId</code> (string, MaxLength: 36). Identifier of the VPC the service should be in, if any.</li> <li><code>serviceIntegrations</code> (array of objects, Immutable, MaxItems: 1). Service integrations to specify when creating a service. Not applied after initial service creation. See below for nested schema.</li> <li><code>tags</code> (object, AdditionalProperties: string). Tags are key-value pairs that allow you to categorize services.</li> <li><code>terminationProtection</code> (boolean). Prevent service from being deleted. It is recommended to have this enabled for all services.</li> <li><code>userConfig</code> (object). KafkaConnect specific user configuration options. See below for nested schema.</li> </ul>"},{"location":"api-reference/kafkaconnect.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/kafkaconnect.html#spec.projectVPCRef","title":"projectVPCRef","text":"<p>Appears on <code>spec</code>.</p> <p>ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically.</p> <p>Required</p> <ul> <li><code>name</code> (string, MinLength: 1). </li> </ul> <p>Optional</p> <ul> <li><code>namespace</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/kafkaconnect.html#spec.serviceIntegrations","title":"serviceIntegrations","text":"<p>Appears on <code>spec</code>.</p> <p>Service integrations to specify when creating a service. Not applied after initial service creation.</p> <p>Required</p> <ul> <li><code>integrationType</code> (string, Enum: <code>read_replica</code>). </li> <li><code>sourceServiceName</code> (string, MinLength: 1, MaxLength: 64). </li> </ul>"},{"location":"api-reference/kafkaconnect.html#spec.userConfig","title":"userConfig","text":"<p>Appears on <code>spec</code>.</p> <p>KafkaConnect specific user configuration options.</p> <p>Optional</p> <ul> <li><code>additional_backup_regions</code> (array of strings, MaxItems: 1). Additional Cloud Regions for Backup Replication.</li> <li><code>ip_filter</code> (array of objects, MaxItems: 1024). Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>. See below for nested schema.</li> <li><code>kafka_connect</code> (object). Kafka Connect configuration values. See below for nested schema.</li> <li><code>private_access</code> (object). Allow access to selected service ports from private networks. See below for nested schema.</li> <li><code>privatelink_access</code> (object). Allow access to selected service components through Privatelink. See below for nested schema.</li> <li><code>public_access</code> (object). Allow access to selected service ports from the public Internet. See below for nested schema.</li> <li><code>service_log</code> (boolean). Store logs for the service so that they are available in the HTTP API and console.</li> <li><code>static_ips</code> (boolean). Use static public IP addresses.</li> </ul>"},{"location":"api-reference/kafkaconnect.html#spec.userConfig.ip_filter","title":"ip_filter","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>.</p> <p>Required</p> <ul> <li><code>network</code> (string, MaxLength: 43). CIDR address block.</li> </ul> <p>Optional</p> <ul> <li><code>description</code> (string, MaxLength: 1024). Description for IP filter list entry.</li> </ul>"},{"location":"api-reference/kafkaconnect.html#spec.userConfig.kafka_connect","title":"kafka_connect","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Kafka Connect configuration values.</p> <p>Optional</p> <ul> <li><code>connector_client_config_override_policy</code> (string, Enum: <code>None</code>, <code>All</code>). Defines what client configurations can be overridden by the connector. Default is None.</li> <li><code>consumer_auto_offset_reset</code> (string, Enum: <code>earliest</code>, <code>latest</code>). What to do when there is no initial offset in Kafka or if the current offset does not exist any more on the server. Default is earliest.</li> <li><code>consumer_fetch_max_bytes</code> (integer, Minimum: 1048576, Maximum: 104857600). Records are fetched in batches by the consumer, and if the first record batch in the first non-empty partition of the fetch is larger than this value, the record batch will still be returned to ensure that the consumer can make progress. As such, this is not a absolute maximum.</li> <li><code>consumer_isolation_level</code> (string, Enum: <code>read_uncommitted</code>, <code>read_committed</code>). Transaction read isolation level. read_uncommitted is the default, but read_committed can be used if consume-exactly-once behavior is desired.</li> <li><code>consumer_max_partition_fetch_bytes</code> (integer, Minimum: 1048576, Maximum: 104857600). Records are fetched in batches by the consumer.If the first record batch in the first non-empty partition of the fetch is larger than this limit, the batch will still be returned to ensure that the consumer can make progress.</li> <li><code>consumer_max_poll_interval_ms</code> (integer, Minimum: 1, Maximum: 2147483647). The maximum delay in milliseconds between invocations of poll() when using consumer group management (defaults to 300000).</li> <li><code>consumer_max_poll_records</code> (integer, Minimum: 1, Maximum: 10000). The maximum number of records returned in a single call to poll() (defaults to 500).</li> <li><code>offset_flush_interval_ms</code> (integer, Minimum: 1, Maximum: 100000000). The interval at which to try committing offsets for tasks (defaults to 60000).</li> <li><code>offset_flush_timeout_ms</code> (integer, Minimum: 1, Maximum: 2147483647). Maximum number of milliseconds to wait for records to flush and partition offset data to be committed to offset storage before cancelling the process and restoring the offset data to be committed in a future attempt (defaults to 5000).</li> <li><code>producer_batch_size</code> (integer, Minimum: 0, Maximum: 5242880). This setting gives the upper bound of the batch size to be sent. If there are fewer than this many bytes accumulated for this partition, the producer will <code>linger</code> for the linger.ms time waiting for more records to show up. A batch size of zero will disable batching entirely (defaults to 16384).</li> <li><code>producer_buffer_memory</code> (integer, Minimum: 5242880, Maximum: 134217728). The total bytes of memory the producer can use to buffer records waiting to be sent to the broker (defaults to 33554432).</li> <li><code>producer_compression_type</code> (string, Enum: <code>gzip</code>, <code>snappy</code>, <code>lz4</code>, <code>zstd</code>, <code>none</code>). Specify the default compression type for producers. This configuration accepts the standard compression codecs (<code>gzip</code>, <code>snappy</code>, <code>lz4</code>, <code>zstd</code>). It additionally accepts <code>none</code> which is the default and equivalent to no compression.</li> <li><code>producer_linger_ms</code> (integer, Minimum: 0, Maximum: 5000). This setting gives the upper bound on the delay for batching: once there is batch.size worth of records for a partition it will be sent immediately regardless of this setting, however if there are fewer than this many bytes accumulated for this partition the producer will <code>linger</code> for the specified time waiting for more records to show up. Defaults to 0.</li> <li><code>producer_max_request_size</code> (integer, Minimum: 131072, Maximum: 67108864). This setting will limit the number of record batches the producer will send in a single request to avoid sending huge requests.</li> <li><code>scheduled_rebalance_max_delay_ms</code> (integer, Minimum: 0, Maximum: 600000). The maximum delay that is scheduled in order to wait for the return of one or more departed workers before rebalancing and reassigning their connectors and tasks to the group. During this period the connectors and tasks of the departed workers remain unassigned.  Defaults to 5 minutes.</li> <li><code>session_timeout_ms</code> (integer, Minimum: 1, Maximum: 2147483647). The timeout in milliseconds used to detect failures when using Kafka\u2019s group management facilities (defaults to 10000).</li> </ul>"},{"location":"api-reference/kafkaconnect.html#spec.userConfig.private_access","title":"private_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from private networks.</p> <p>Optional</p> <ul> <li><code>kafka_connect</code> (boolean). Allow clients to connect to kafka_connect with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> </ul>"},{"location":"api-reference/kafkaconnect.html#spec.userConfig.privatelink_access","title":"privatelink_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service components through Privatelink.</p> <p>Optional</p> <ul> <li><code>jolokia</code> (boolean). Enable jolokia.</li> <li><code>kafka_connect</code> (boolean). Enable kafka_connect.</li> <li><code>prometheus</code> (boolean). Enable prometheus.</li> </ul>"},{"location":"api-reference/kafkaconnect.html#spec.userConfig.public_access","title":"public_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from the public Internet.</p> <p>Optional</p> <ul> <li><code>kafka_connect</code> (boolean). Allow clients to connect to kafka_connect from the public internet for service nodes that are in a project VPC or another type of private network.</li> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus from the public internet for service nodes that are in a project VPC or another type of private network.</li> </ul>"},{"location":"api-reference/kafkaconnector.html","title":"KafkaConnector","text":""},{"location":"api-reference/kafkaconnector.html#KafkaConnector","title":"KafkaConnector","text":"<p>KafkaConnector is the Schema for the kafkaconnectors API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>KafkaConnector</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). KafkaConnectorSpec defines the desired state of KafkaConnector. See below for nested schema.</li> </ul>"},{"location":"api-reference/kafkaconnector.html#spec","title":"spec","text":"<p>Appears on <code>KafkaConnector</code>.</p> <p>KafkaConnectorSpec defines the desired state of KafkaConnector.</p> <p>Required</p> <ul> <li><code>connectorClass</code> (string, MaxLength: 1024). The Java class of the connector.</li> <li><code>project</code> (string, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Target project.</li> <li><code>serviceName</code> (string, MaxLength: 63). Service name.</li> <li><code>userConfig</code> (object, AdditionalProperties: string). The connector specific configuration To build config values from secret the template function <code>{{ fromSecret \"name\" \"key\" }}</code> is provided when interpreting the keys.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> </ul>"},{"location":"api-reference/kafkaconnector.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/kafkaschema.html","title":"KafkaSchema","text":""},{"location":"api-reference/kafkaschema.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: KafkaSchema\nmetadata:\n  name: my-schema\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: my-aiven-project\n  serviceName: my-kafka\n  subjectName: mny-subject\n  compatibilityLevel: BACKWARD\n  schema: |\n    {\n        \"doc\": \"example_doc\",\n        \"fields\": [{\n            \"default\": 5,\n            \"doc\": \"field_doc\",\n            \"name\": \"field_name\",\n            \"namespace\": \"field_namespace\",\n            \"type\": \"int\"\n        }],\n        \"name\": \"example_name\",\n        \"namespace\": \"example_namespace\",\n        \"type\": \"record\"\n    }\n</code></pre>"},{"location":"api-reference/kafkaschema.html#KafkaSchema","title":"KafkaSchema","text":"<p>KafkaSchema is the Schema for the kafkaschemas API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>KafkaSchema</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). KafkaSchemaSpec defines the desired state of KafkaSchema. See below for nested schema.</li> </ul>"},{"location":"api-reference/kafkaschema.html#spec","title":"spec","text":"<p>Appears on <code>KafkaSchema</code>.</p> <p>KafkaSchemaSpec defines the desired state of KafkaSchema.</p> <p>Required</p> <ul> <li><code>project</code> (string, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Project to link the Kafka Schema to.</li> <li><code>schema</code> (string). Kafka Schema configuration should be a valid Avro Schema JSON format.</li> <li><code>serviceName</code> (string, MaxLength: 63). Service to link the Kafka Schema to.</li> <li><code>subjectName</code> (string, MaxLength: 63). Kafka Schema Subject name.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>compatibilityLevel</code> (string, Enum: <code>BACKWARD</code>, <code>BACKWARD_TRANSITIVE</code>, <code>FORWARD</code>, <code>FORWARD_TRANSITIVE</code>, <code>FULL</code>, <code>FULL_TRANSITIVE</code>, <code>NONE</code>). Kafka Schemas compatibility level.</li> </ul>"},{"location":"api-reference/kafkaschema.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/kafkatopic.html","title":"KafkaTopic","text":""},{"location":"api-reference/kafkatopic.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: KafkaTopic\nmetadata:\n  name: kafka-topic\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: my-aiven-project\n  serviceName: my-kafka\n  topicName: my-kafka-topic\n\n  replication: 2\n  partitions: 1\n\n  config:\n    min_cleanable_dirty_ratio: 0.2\n</code></pre>"},{"location":"api-reference/kafkatopic.html#KafkaTopic","title":"KafkaTopic","text":"<p>KafkaTopic is the Schema for the kafkatopics API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>KafkaTopic</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). KafkaTopicSpec defines the desired state of KafkaTopic. See below for nested schema.</li> </ul>"},{"location":"api-reference/kafkatopic.html#spec","title":"spec","text":"<p>Appears on <code>KafkaTopic</code>.</p> <p>KafkaTopicSpec defines the desired state of KafkaTopic.</p> <p>Required</p> <ul> <li><code>partitions</code> (integer, Minimum: 1, Maximum: 1000000). Number of partitions to create in the topic.</li> <li><code>project</code> (string, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Target project.</li> <li><code>replication</code> (integer, Minimum: 2). Replication factor for the topic.</li> <li><code>serviceName</code> (string, MaxLength: 63). Service name.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>config</code> (object). Kafka topic configuration. See below for nested schema.</li> <li><code>tags</code> (array of objects). Kafka topic tags. See below for nested schema.</li> <li><code>termination_protection</code> (boolean). It is a Kubernetes side deletion protections, which prevents the kafka topic from being deleted by Kubernetes. It is recommended to enable this for any production databases containing critical data.</li> <li><code>topicName</code> (string, Immutable, MinLength: 1, MaxLength: 249). Topic name. If provided, is used instead of metadata.name. This field supports additional characters, has a longer length, and will replace metadata.name in future releases.</li> </ul>"},{"location":"api-reference/kafkatopic.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/kafkatopic.html#spec.config","title":"config","text":"<p>Appears on <code>spec</code>.</p> <p>Kafka topic configuration.</p> <p>Optional</p> <ul> <li><code>cleanup_policy</code> (string). cleanup.policy value.</li> <li><code>compression_type</code> (string). compression.type value.</li> <li><code>delete_retention_ms</code> (integer). delete.retention.ms value.</li> <li><code>file_delete_delay_ms</code> (integer). file.delete.delay.ms value.</li> <li><code>flush_messages</code> (integer). flush.messages value.</li> <li><code>flush_ms</code> (integer). flush.ms value.</li> <li><code>index_interval_bytes</code> (integer). index.interval.bytes value.</li> <li><code>max_compaction_lag_ms</code> (integer). max.compaction.lag.ms value.</li> <li><code>max_message_bytes</code> (integer). max.message.bytes value.</li> <li><code>message_downconversion_enable</code> (boolean). message.downconversion.enable value.</li> <li><code>message_format_version</code> (string). message.format.version value.</li> <li><code>message_timestamp_difference_max_ms</code> (integer). message.timestamp.difference.max.ms value.</li> <li><code>message_timestamp_type</code> (string). message.timestamp.type value.</li> <li><code>min_cleanable_dirty_ratio</code> (number). min.cleanable.dirty.ratio value.</li> <li><code>min_compaction_lag_ms</code> (integer). min.compaction.lag.ms value.</li> <li><code>min_insync_replicas</code> (integer). min.insync.replicas value.</li> <li><code>preallocate</code> (boolean). preallocate value.</li> <li><code>retention_bytes</code> (integer). retention.bytes value.</li> <li><code>retention_ms</code> (integer). retention.ms value.</li> <li><code>segment_bytes</code> (integer). segment.bytes value.</li> <li><code>segment_index_bytes</code> (integer). segment.index.bytes value.</li> <li><code>segment_jitter_ms</code> (integer). segment.jitter.ms value.</li> <li><code>segment_ms</code> (integer). segment.ms value.</li> </ul>"},{"location":"api-reference/kafkatopic.html#spec.tags","title":"tags","text":"<p>Appears on <code>spec</code>.</p> <p>Kafka topic tags.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1, MaxLength: 64, Format: <code>^[a-zA-Z0-9_-]*$</code>). </li> </ul> <p>Optional</p> <ul> <li><code>value</code> (string, MaxLength: 256, Format: <code>^[a-zA-Z0-9_-]*$</code>). </li> </ul>"},{"location":"api-reference/mysql.html","title":"MySQL","text":""},{"location":"api-reference/mysql.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: MySQL\nmetadata:\n  name: my-mysql\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: mysql-secret\n    prefix: MY_SECRET_PREFIX_\n    annotations:\n      foo: bar\n    labels:\n      baz: egg\n\n  project: my-aiven-project\n  cloudName: google-europe-west1\n  plan: business-4\n\n  maintenanceWindowDow: sunday\n  maintenanceWindowTime: 11:00:00\n\n  userConfig:\n    backup_hour: 17\n    backup_minute: 11\n    ip_filter:\n      - network: 0.0.0.0\n        description: whatever\n      - network: 10.20.0.0/16\n</code></pre>"},{"location":"api-reference/mysql.html#MySQL","title":"MySQL","text":"<p>MySQL is the Schema for the mysqls API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>MySQL</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). MySQLSpec defines the desired state of MySQL. See below for nested schema.</li> </ul>"},{"location":"api-reference/mysql.html#spec","title":"spec","text":"<p>Appears on <code>MySQL</code>.</p> <p>MySQLSpec defines the desired state of MySQL.</p> <p>Required</p> <ul> <li><code>plan</code> (string, MaxLength: 128). Subscription plan.</li> <li><code>project</code> (string, Immutable, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Target project.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>cloudName</code> (string, MaxLength: 256). Cloud the service runs in.</li> <li><code>connInfoSecretTarget</code> (object). Information regarding secret creation. Exposed keys: <code>MYSQL_HOST</code>, <code>MYSQL_PORT</code>, <code>MYSQL_DATABASE</code>, <code>MYSQL_USER</code>, <code>MYSQL_PASSWORD</code>, <code>MYSQL_SSL_MODE</code>, <code>MYSQL_URI</code>, <code>MYSQL_REPLICA_URI</code>. See below for nested schema.</li> <li><code>disk_space</code> (string, Format: <code>^[1-9][0-9]*(GiB|G)*</code>). The disk space of the service, possible values depend on the service type, the cloud provider and the project. Reducing will result in the service re-balancing.</li> <li><code>maintenanceWindowDow</code> (string, Enum: <code>monday</code>, <code>tuesday</code>, <code>wednesday</code>, <code>thursday</code>, <code>friday</code>, <code>saturday</code>, <code>sunday</code>). Day of week when maintenance operations should be performed. One monday, tuesday, wednesday, etc.</li> <li><code>maintenanceWindowTime</code> (string, MaxLength: 8). Time of day when maintenance operations should be performed. UTC time in HH:mm:ss format.</li> <li><code>projectVPCRef</code> (object). ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically. See below for nested schema.</li> <li><code>projectVpcId</code> (string, MaxLength: 36). Identifier of the VPC the service should be in, if any.</li> <li><code>serviceIntegrations</code> (array of objects, Immutable, MaxItems: 1). Service integrations to specify when creating a service. Not applied after initial service creation. See below for nested schema.</li> <li><code>tags</code> (object, AdditionalProperties: string). Tags are key-value pairs that allow you to categorize services.</li> <li><code>terminationProtection</code> (boolean). Prevent service from being deleted. It is recommended to have this enabled for all services.</li> <li><code>userConfig</code> (object). MySQL specific user configuration options. See below for nested schema.</li> </ul>"},{"location":"api-reference/mysql.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/mysql.html#spec.connInfoSecretTarget","title":"connInfoSecretTarget","text":"<p>Appears on <code>spec</code>.</p> <p>Information regarding secret creation. Exposed keys: <code>MYSQL_HOST</code>, <code>MYSQL_PORT</code>, <code>MYSQL_DATABASE</code>, <code>MYSQL_USER</code>, <code>MYSQL_PASSWORD</code>, <code>MYSQL_SSL_MODE</code>, <code>MYSQL_URI</code>, <code>MYSQL_REPLICA_URI</code>.</p> <p>Required</p> <ul> <li><code>name</code> (string). Name of the secret resource to be created. By default, is equal to the resource name.</li> </ul> <p>Optional</p> <ul> <li><code>annotations</code> (object, AdditionalProperties: string). Annotations added to the secret.</li> <li><code>labels</code> (object, AdditionalProperties: string). Labels added to the secret.</li> <li><code>prefix</code> (string). Prefix for the secret's keys. Added \"as is\" without any transformations. By default, is equal to the kind name in uppercase + underscore, e.g. <code>KAFKA_</code>, <code>REDIS_</code>, etc.</li> </ul>"},{"location":"api-reference/mysql.html#spec.projectVPCRef","title":"projectVPCRef","text":"<p>Appears on <code>spec</code>.</p> <p>ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically.</p> <p>Required</p> <ul> <li><code>name</code> (string, MinLength: 1). </li> </ul> <p>Optional</p> <ul> <li><code>namespace</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/mysql.html#spec.serviceIntegrations","title":"serviceIntegrations","text":"<p>Appears on <code>spec</code>.</p> <p>Service integrations to specify when creating a service. Not applied after initial service creation.</p> <p>Required</p> <ul> <li><code>integrationType</code> (string, Enum: <code>read_replica</code>). </li> <li><code>sourceServiceName</code> (string, MinLength: 1, MaxLength: 64). </li> </ul>"},{"location":"api-reference/mysql.html#spec.userConfig","title":"userConfig","text":"<p>Appears on <code>spec</code>.</p> <p>MySQL specific user configuration options.</p> <p>Optional</p> <ul> <li><code>additional_backup_regions</code> (array of strings, MaxItems: 1). Additional Cloud Regions for Backup Replication.</li> <li><code>admin_password</code> (string, Immutable, Pattern: <code>^[a-zA-Z0-9-_]+$</code>, MinLength: 8, MaxLength: 256). Custom password for admin user. Defaults to random string. This must be set only when a new service is being created.</li> <li><code>admin_username</code> (string, Immutable, Pattern: <code>^[_A-Za-z0-9][-._A-Za-z0-9]{0,63}$</code>, MaxLength: 64). Custom username for admin user. This must be set only when a new service is being created.</li> <li><code>backup_hour</code> (integer, Minimum: 0, Maximum: 23). The hour of day (in UTC) when backup for the service is started. New backup is only started if previous backup has already completed.</li> <li><code>backup_minute</code> (integer, Minimum: 0, Maximum: 59). The minute of an hour when backup for the service is started. New backup is only started if previous backup has already completed.</li> <li><code>binlog_retention_period</code> (integer, Minimum: 600, Maximum: 86400). The minimum amount of time in seconds to keep binlog entries before deletion. This may be extended for services that require binlog entries for longer than the default for example if using the MySQL Debezium Kafka connector.</li> <li><code>ip_filter</code> (array of objects, MaxItems: 1024). Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>. See below for nested schema.</li> <li><code>migration</code> (object). Migrate data from existing server. See below for nested schema.</li> <li><code>mysql</code> (object). mysql.conf configuration values. See below for nested schema.</li> <li><code>mysql_version</code> (string, Enum: <code>8</code>). MySQL major version.</li> <li><code>private_access</code> (object). Allow access to selected service ports from private networks. See below for nested schema.</li> <li><code>privatelink_access</code> (object). Allow access to selected service components through Privatelink. See below for nested schema.</li> <li><code>project_to_fork_from</code> (string, Immutable, MaxLength: 63). Name of another project to fork a service from. This has effect only when a new service is being created.</li> <li><code>public_access</code> (object). Allow access to selected service ports from the public Internet. See below for nested schema.</li> <li><code>recovery_target_time</code> (string, Immutable, MaxLength: 32). Recovery target time when forking a service. This has effect only when a new service is being created.</li> <li><code>service_log</code> (boolean). Store logs for the service so that they are available in the HTTP API and console.</li> <li><code>service_to_fork_from</code> (string, Immutable, MaxLength: 64). Name of another service to fork from. This has effect only when a new service is being created.</li> <li><code>static_ips</code> (boolean). Use static public IP addresses.</li> </ul>"},{"location":"api-reference/mysql.html#spec.userConfig.ip_filter","title":"ip_filter","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>.</p> <p>Required</p> <ul> <li><code>network</code> (string, MaxLength: 43). CIDR address block.</li> </ul> <p>Optional</p> <ul> <li><code>description</code> (string, MaxLength: 1024). Description for IP filter list entry.</li> </ul>"},{"location":"api-reference/mysql.html#spec.userConfig.migration","title":"migration","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Migrate data from existing server.</p> <p>Required</p> <ul> <li><code>host</code> (string, MaxLength: 255). Hostname or IP address of the server where to migrate data from.</li> <li><code>port</code> (integer, Minimum: 1, Maximum: 65535). Port number of the server where to migrate data from.</li> </ul> <p>Optional</p> <ul> <li><code>dbname</code> (string, MaxLength: 63). Database name for bootstrapping the initial connection.</li> <li><code>ignore_dbs</code> (string, MaxLength: 2048). Comma-separated list of databases, which should be ignored during migration (supported by MySQL and PostgreSQL only at the moment).</li> <li><code>method</code> (string, Enum: <code>dump</code>, <code>replication</code>). The migration method to be used (currently supported only by Redis, Dragonfly, MySQL and PostgreSQL service types).</li> <li><code>password</code> (string, MaxLength: 256). Password for authentication with the server where to migrate data from.</li> <li><code>ssl</code> (boolean). The server where to migrate data from is secured with SSL.</li> <li><code>username</code> (string, MaxLength: 256). User name for authentication with the server where to migrate data from.</li> </ul>"},{"location":"api-reference/mysql.html#spec.userConfig.mysql","title":"mysql","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>mysql.conf configuration values.</p> <p>Optional</p> <ul> <li><code>connect_timeout</code> (integer, Minimum: 2, Maximum: 3600). The number of seconds that the mysqld server waits for a connect packet before responding with Bad handshake.</li> <li><code>default_time_zone</code> (string, MinLength: 2, MaxLength: 100). Default server time zone as an offset from UTC (from -12:00 to +12:00), a time zone name, or <code>SYSTEM</code> to use the MySQL server default.</li> <li><code>group_concat_max_len</code> (integer, Minimum: 4). The maximum permitted result length in bytes for the GROUP_CONCAT() function.</li> <li><code>information_schema_stats_expiry</code> (integer, Minimum: 900, Maximum: 31536000). The time, in seconds, before cached statistics expire.</li> <li><code>innodb_change_buffer_max_size</code> (integer, Minimum: 0, Maximum: 50). Maximum size for the InnoDB change buffer, as a percentage of the total size of the buffer pool. Default is 25.</li> <li><code>innodb_flush_neighbors</code> (integer, Minimum: 0, Maximum: 2). Specifies whether flushing a page from the InnoDB buffer pool also flushes other dirty pages in the same extent (default is 1): 0 - dirty pages in the same extent are not flushed,  1 - flush contiguous dirty pages in the same extent,  2 - flush dirty pages in the same extent.</li> <li><code>innodb_ft_min_token_size</code> (integer, Minimum: 0, Maximum: 16). Minimum length of words that are stored in an InnoDB FULLTEXT index. Changing this parameter will lead to a restart of the MySQL service.</li> <li><code>innodb_ft_server_stopword_table</code> (string, Pattern: <code>^.+/.+$</code>, MaxLength: 1024). This option is used to specify your own InnoDB FULLTEXT index stopword list for all InnoDB tables.</li> <li><code>innodb_lock_wait_timeout</code> (integer, Minimum: 1, Maximum: 3600). The length of time in seconds an InnoDB transaction waits for a row lock before giving up. Default is 120.</li> <li><code>innodb_log_buffer_size</code> (integer, Minimum: 1048576, Maximum: 4294967295). The size in bytes of the buffer that InnoDB uses to write to the log files on disk.</li> <li><code>innodb_online_alter_log_max_size</code> (integer, Minimum: 65536, Maximum: 1099511627776). The upper limit in bytes on the size of the temporary log files used during online DDL operations for InnoDB tables.</li> <li><code>innodb_print_all_deadlocks</code> (boolean). When enabled, information about all deadlocks in InnoDB user transactions is recorded in the error log. Disabled by default.</li> <li><code>innodb_read_io_threads</code> (integer, Minimum: 1, Maximum: 64). The number of I/O threads for read operations in InnoDB. Default is 4. Changing this parameter will lead to a restart of the MySQL service.</li> <li><code>innodb_rollback_on_timeout</code> (boolean). When enabled a transaction timeout causes InnoDB to abort and roll back the entire transaction. Changing this parameter will lead to a restart of the MySQL service.</li> <li><code>innodb_thread_concurrency</code> (integer, Minimum: 0, Maximum: 1000). Defines the maximum number of threads permitted inside of InnoDB. Default is 0 (infinite concurrency - no limit).</li> <li><code>innodb_write_io_threads</code> (integer, Minimum: 1, Maximum: 64). The number of I/O threads for write operations in InnoDB. Default is 4. Changing this parameter will lead to a restart of the MySQL service.</li> <li><code>interactive_timeout</code> (integer, Minimum: 30, Maximum: 604800). The number of seconds the server waits for activity on an interactive connection before closing it.</li> <li><code>internal_tmp_mem_storage_engine</code> (string, Enum: <code>TempTable</code>, <code>MEMORY</code>). The storage engine for in-memory internal temporary tables.</li> <li><code>long_query_time</code> (number, Minimum: 0, Maximum: 3600). The slow_query_logs work as SQL statements that take more than long_query_time seconds to execute. Default is 10s.</li> <li><code>max_allowed_packet</code> (integer, Minimum: 102400, Maximum: 1073741824). Size of the largest message in bytes that can be received by the server. Default is 67108864 (64M).</li> <li><code>max_heap_table_size</code> (integer, Minimum: 1048576, Maximum: 1073741824). Limits the size of internal in-memory tables. Also set tmp_table_size. Default is 16777216 (16M).</li> <li><code>net_buffer_length</code> (integer, Minimum: 1024, Maximum: 1048576). Start sizes of connection buffer and result buffer. Default is 16384 (16K). Changing this parameter will lead to a restart of the MySQL service.</li> <li><code>net_read_timeout</code> (integer, Minimum: 1, Maximum: 3600). The number of seconds to wait for more data from a connection before aborting the read.</li> <li><code>net_write_timeout</code> (integer, Minimum: 1, Maximum: 3600). The number of seconds to wait for a block to be written to a connection before aborting the write.</li> <li><code>slow_query_log</code> (boolean). Slow query log enables capturing of slow queries. Setting slow_query_log to false also truncates the mysql.slow_log table. Default is off.</li> <li><code>sort_buffer_size</code> (integer, Minimum: 32768, Maximum: 1073741824). Sort buffer size in bytes for ORDER BY optimization. Default is 262144 (256K).</li> <li><code>sql_mode</code> (string, Pattern: <code>^[A-Z_]*(,[A-Z_]+)*$</code>, MaxLength: 1024). Global SQL mode. Set to empty to use MySQL server defaults. When creating a new service and not setting this field Aiven default SQL mode (strict, SQL standard compliant) will be assigned.</li> <li><code>sql_require_primary_key</code> (boolean). Require primary key to be defined for new tables or old tables modified with ALTER TABLE and fail if missing. It is recommended to always have primary keys because various functionality may break if any large table is missing them.</li> <li><code>tmp_table_size</code> (integer, Minimum: 1048576, Maximum: 1073741824). Limits the size of internal in-memory tables. Also set max_heap_table_size. Default is 16777216 (16M).</li> <li><code>wait_timeout</code> (integer, Minimum: 1, Maximum: 2147483). The number of seconds the server waits for activity on a noninteractive connection before closing it.</li> </ul>"},{"location":"api-reference/mysql.html#spec.userConfig.private_access","title":"private_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from private networks.</p> <p>Optional</p> <ul> <li><code>mysql</code> (boolean). Allow clients to connect to mysql with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> <li><code>mysqlx</code> (boolean). Allow clients to connect to mysqlx with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> </ul>"},{"location":"api-reference/mysql.html#spec.userConfig.privatelink_access","title":"privatelink_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service components through Privatelink.</p> <p>Optional</p> <ul> <li><code>mysql</code> (boolean). Enable mysql.</li> <li><code>mysqlx</code> (boolean). Enable mysqlx.</li> <li><code>prometheus</code> (boolean). Enable prometheus.</li> </ul>"},{"location":"api-reference/mysql.html#spec.userConfig.public_access","title":"public_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from the public Internet.</p> <p>Optional</p> <ul> <li><code>mysql</code> (boolean). Allow clients to connect to mysql from the public internet for service nodes that are in a project VPC or another type of private network.</li> <li><code>mysqlx</code> (boolean). Allow clients to connect to mysqlx from the public internet for service nodes that are in a project VPC or another type of private network.</li> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus from the public internet for service nodes that are in a project VPC or another type of private network.</li> </ul>"},{"location":"api-reference/opensearch.html","title":"OpenSearch","text":""},{"location":"api-reference/opensearch.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: OpenSearch\nmetadata:\n  name: my-os\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: os-secret\n    prefix: MY_SECRET_PREFIX_\n    annotations:\n      foo: bar\n    labels:\n      baz: egg\n\n  project: my-aiven-project\n  cloudName: google-europe-west1\n  plan: startup-4\n  disk_space: 80Gib\n\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n</code></pre>"},{"location":"api-reference/opensearch.html#OpenSearch","title":"OpenSearch","text":"<p>OpenSearch is the Schema for the opensearches API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>OpenSearch</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). OpenSearchSpec defines the desired state of OpenSearch. See below for nested schema.</li> </ul>"},{"location":"api-reference/opensearch.html#spec","title":"spec","text":"<p>Appears on <code>OpenSearch</code>.</p> <p>OpenSearchSpec defines the desired state of OpenSearch.</p> <p>Required</p> <ul> <li><code>plan</code> (string, MaxLength: 128). Subscription plan.</li> <li><code>project</code> (string, Immutable, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Target project.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>cloudName</code> (string, MaxLength: 256). Cloud the service runs in.</li> <li><code>connInfoSecretTarget</code> (object). Information regarding secret creation. Exposed keys: <code>OPENSEARCH_HOST</code>, <code>OPENSEARCH_PORT</code>, <code>OPENSEARCH_USER</code>, <code>OPENSEARCH_PASSWORD</code>. See below for nested schema.</li> <li><code>disk_space</code> (string, Format: <code>^[1-9][0-9]*(GiB|G)*</code>). The disk space of the service, possible values depend on the service type, the cloud provider and the project. Reducing will result in the service re-balancing.</li> <li><code>maintenanceWindowDow</code> (string, Enum: <code>monday</code>, <code>tuesday</code>, <code>wednesday</code>, <code>thursday</code>, <code>friday</code>, <code>saturday</code>, <code>sunday</code>). Day of week when maintenance operations should be performed. One monday, tuesday, wednesday, etc.</li> <li><code>maintenanceWindowTime</code> (string, MaxLength: 8). Time of day when maintenance operations should be performed. UTC time in HH:mm:ss format.</li> <li><code>projectVPCRef</code> (object). ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically. See below for nested schema.</li> <li><code>projectVpcId</code> (string, MaxLength: 36). Identifier of the VPC the service should be in, if any.</li> <li><code>serviceIntegrations</code> (array of objects, Immutable, MaxItems: 1). Service integrations to specify when creating a service. Not applied after initial service creation. See below for nested schema.</li> <li><code>tags</code> (object, AdditionalProperties: string). Tags are key-value pairs that allow you to categorize services.</li> <li><code>terminationProtection</code> (boolean). Prevent service from being deleted. It is recommended to have this enabled for all services.</li> <li><code>userConfig</code> (object). OpenSearch specific user configuration options. See below for nested schema.</li> </ul>"},{"location":"api-reference/opensearch.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/opensearch.html#spec.connInfoSecretTarget","title":"connInfoSecretTarget","text":"<p>Appears on <code>spec</code>.</p> <p>Information regarding secret creation. Exposed keys: <code>OPENSEARCH_HOST</code>, <code>OPENSEARCH_PORT</code>, <code>OPENSEARCH_USER</code>, <code>OPENSEARCH_PASSWORD</code>.</p> <p>Required</p> <ul> <li><code>name</code> (string). Name of the secret resource to be created. By default, is equal to the resource name.</li> </ul> <p>Optional</p> <ul> <li><code>annotations</code> (object, AdditionalProperties: string). Annotations added to the secret.</li> <li><code>labels</code> (object, AdditionalProperties: string). Labels added to the secret.</li> <li><code>prefix</code> (string). Prefix for the secret's keys. Added \"as is\" without any transformations. By default, is equal to the kind name in uppercase + underscore, e.g. <code>KAFKA_</code>, <code>REDIS_</code>, etc.</li> </ul>"},{"location":"api-reference/opensearch.html#spec.projectVPCRef","title":"projectVPCRef","text":"<p>Appears on <code>spec</code>.</p> <p>ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically.</p> <p>Required</p> <ul> <li><code>name</code> (string, MinLength: 1). </li> </ul> <p>Optional</p> <ul> <li><code>namespace</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/opensearch.html#spec.serviceIntegrations","title":"serviceIntegrations","text":"<p>Appears on <code>spec</code>.</p> <p>Service integrations to specify when creating a service. Not applied after initial service creation.</p> <p>Required</p> <ul> <li><code>integrationType</code> (string, Enum: <code>read_replica</code>). </li> <li><code>sourceServiceName</code> (string, MinLength: 1, MaxLength: 64). </li> </ul>"},{"location":"api-reference/opensearch.html#spec.userConfig","title":"userConfig","text":"<p>Appears on <code>spec</code>.</p> <p>OpenSearch specific user configuration options.</p> <p>Optional</p> <ul> <li><code>additional_backup_regions</code> (array of strings, MaxItems: 1). Additional Cloud Regions for Backup Replication.</li> <li><code>custom_domain</code> (string, MaxLength: 255). Serve the web frontend using a custom CNAME pointing to the Aiven DNS name.</li> <li><code>disable_replication_factor_adjustment</code> (boolean). DEPRECATED: Disable automatic replication factor adjustment for multi-node services. By default, Aiven ensures all indexes are replicated at least to two nodes. Note: Due to potential data loss in case of losing a service node, this setting can no longer be activated.</li> <li><code>index_patterns</code> (array of objects, MaxItems: 512). Index patterns. See below for nested schema.</li> <li><code>index_template</code> (object). Template settings for all new indexes. See below for nested schema.</li> <li><code>ip_filter</code> (array of objects, MaxItems: 1024). Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>. See below for nested schema.</li> <li><code>keep_index_refresh_interval</code> (boolean). Aiven automation resets index.refresh_interval to default value for every index to be sure that indices are always visible to search. If it doesn't fit your case, you can disable this by setting up this flag to true.</li> <li><code>max_index_count</code> (integer, Minimum: 0). DEPRECATED: use index_patterns instead.</li> <li><code>openid</code> (object). OpenSearch OpenID Connect Configuration. See below for nested schema.</li> <li><code>opensearch</code> (object). OpenSearch settings. See below for nested schema.</li> <li><code>opensearch_dashboards</code> (object). OpenSearch Dashboards settings. See below for nested schema.</li> <li><code>opensearch_version</code> (string, Enum: <code>1</code>, <code>2</code>). OpenSearch major version.</li> <li><code>private_access</code> (object). Allow access to selected service ports from private networks. See below for nested schema.</li> <li><code>privatelink_access</code> (object). Allow access to selected service components through Privatelink. See below for nested schema.</li> <li><code>project_to_fork_from</code> (string, Immutable, MaxLength: 63). Name of another project to fork a service from. This has effect only when a new service is being created.</li> <li><code>public_access</code> (object). Allow access to selected service ports from the public Internet. See below for nested schema.</li> <li><code>recovery_basebackup_name</code> (string, Pattern: <code>^[a-zA-Z0-9-_:.]+$</code>, MaxLength: 128). Name of the basebackup to restore in forked service.</li> <li><code>saml</code> (object). OpenSearch SAML configuration. See below for nested schema.</li> <li><code>service_log</code> (boolean). Store logs for the service so that they are available in the HTTP API and console.</li> <li><code>service_to_fork_from</code> (string, Immutable, MaxLength: 64). Name of another service to fork from. This has effect only when a new service is being created.</li> <li><code>static_ips</code> (boolean). Use static public IP addresses.</li> </ul>"},{"location":"api-reference/opensearch.html#spec.userConfig.index_patterns","title":"index_patterns","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Index patterns.</p> <p>Required</p> <ul> <li><code>max_index_count</code> (integer, Minimum: 0). Maximum number of indexes to keep.</li> <li><code>pattern</code> (string, Pattern: <code>^[A-Za-z0-9-_.*?]+$</code>, MaxLength: 1024). fnmatch pattern.</li> </ul> <p>Optional</p> <ul> <li><code>sorting_algorithm</code> (string, Enum: <code>alphabetical</code>, <code>creation_date</code>). Deletion sorting algorithm.</li> </ul>"},{"location":"api-reference/opensearch.html#spec.userConfig.index_template","title":"index_template","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Template settings for all new indexes.</p> <p>Optional</p> <ul> <li><code>mapping_nested_objects_limit</code> (integer, Minimum: 0, Maximum: 100000). The maximum number of nested JSON objects that a single document can contain across all nested types. This limit helps to prevent out of memory errors when a document contains too many nested objects. Default is 10000.</li> <li><code>number_of_replicas</code> (integer, Minimum: 0, Maximum: 29). The number of replicas each primary shard has.</li> <li><code>number_of_shards</code> (integer, Minimum: 1, Maximum: 1024). The number of primary shards that an index should have.</li> </ul>"},{"location":"api-reference/opensearch.html#spec.userConfig.ip_filter","title":"ip_filter","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>.</p> <p>Required</p> <ul> <li><code>network</code> (string, MaxLength: 43). CIDR address block.</li> </ul> <p>Optional</p> <ul> <li><code>description</code> (string, MaxLength: 1024). Description for IP filter list entry.</li> </ul>"},{"location":"api-reference/opensearch.html#spec.userConfig.openid","title":"openid","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>OpenSearch OpenID Connect Configuration.</p> <p>Required</p> <ul> <li><code>client_id</code> (string, MinLength: 1, MaxLength: 1024). The ID of the OpenID Connect client configured in your IdP. Required.</li> <li><code>client_secret</code> (string, MinLength: 1, MaxLength: 1024). The client secret of the OpenID Connect client configured in your IdP. Required.</li> <li><code>connect_url</code> (string, MaxLength: 2048). The URL of your IdP where the Security plugin can find the OpenID Connect metadata/configuration settings.</li> </ul> <p>Optional</p> <ul> <li><code>enabled</code> (boolean). Enables or disables OpenID Connect authentication for OpenSearch. When enabled, users can authenticate using OpenID Connect with an Identity Provider.</li> <li><code>header</code> (string, MinLength: 1, MaxLength: 1024). HTTP header name of the JWT token. Optional. Default is Authorization.</li> <li><code>jwt_header</code> (string, MinLength: 1, MaxLength: 1024). The HTTP header that stores the token. Typically the Authorization header with the Bearer schema: Authorization: Bearer . Optional. Default is Authorization. <li><code>jwt_url_parameter</code> (string, MinLength: 1, MaxLength: 1024). If the token is not transmitted in the HTTP header, but as an URL parameter, define the name of the parameter here. Optional.</li> <li><code>refresh_rate_limit_count</code> (integer, Minimum: 10). The maximum number of unknown key IDs in the time frame. Default is 10. Optional.</li> <li><code>refresh_rate_limit_time_window_ms</code> (integer, Minimum: 10000). The time frame to use when checking the maximum number of unknown key IDs, in milliseconds. Optional.Default is 10000 (10 seconds).</li> <li><code>roles_key</code> (string, MinLength: 1, MaxLength: 1024). The key in the JSON payload that stores the user\u2019s roles. The value of this key must be a comma-separated list of roles. Required only if you want to use roles in the JWT.</li> <li><code>scope</code> (string, MinLength: 1, MaxLength: 1024). The scope of the identity token issued by the IdP. Optional. Default is openid profile email address phone.</li> <li><code>subject_key</code> (string, MinLength: 1, MaxLength: 1024). The key in the JSON payload that stores the user\u2019s name. If not defined, the subject registered claim is used. Most IdP providers use the preferred_username claim. Optional.</li>"},{"location":"api-reference/opensearch.html#spec.userConfig.opensearch","title":"opensearch","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>OpenSearch settings.</p> <p>Optional</p> <ul> <li><code>action_auto_create_index_enabled</code> (boolean). Explicitly allow or block automatic creation of indices. Defaults to true.</li> <li><code>action_destructive_requires_name</code> (boolean). Require explicit index names when deleting.</li> <li><code>auth_failure_listeners</code> (object). Opensearch Security Plugin Settings. See below for nested schema.</li> <li><code>cluster_max_shards_per_node</code> (integer, Minimum: 100, Maximum: 10000). Controls the number of shards allowed in the cluster per data node.</li> <li><code>cluster_routing_allocation_node_concurrent_recoveries</code> (integer, Minimum: 2, Maximum: 16). How many concurrent incoming/outgoing shard recoveries (normally replicas) are allowed to happen on a node. Defaults to 2.</li> <li><code>email_sender_name</code> (string, Pattern: <code>^[a-zA-Z0-9-_]+$</code>, MaxLength: 40). Sender name placeholder to be used in Opensearch Dashboards and Opensearch keystore.</li> <li><code>email_sender_password</code> (string, Pattern: <code>^[^\\x00-\\x1F]+$</code>, MaxLength: 1024). Sender password for Opensearch alerts to authenticate with SMTP server.</li> <li><code>email_sender_username</code> (string, Pattern: <code>^[^\\x00-\\x1F]+$</code>, MaxLength: 320). Sender username for Opensearch alerts.</li> <li><code>http_max_content_length</code> (integer, Minimum: 1, Maximum: 2147483647). Maximum content length for HTTP requests to the OpenSearch HTTP API, in bytes.</li> <li><code>http_max_header_size</code> (integer, Minimum: 1024, Maximum: 262144). The max size of allowed headers, in bytes.</li> <li><code>http_max_initial_line_length</code> (integer, Minimum: 1024, Maximum: 65536). The max length of an HTTP URL, in bytes.</li> <li><code>indices_fielddata_cache_size</code> (integer, Minimum: 3, Maximum: 100). Relative amount. Maximum amount of heap memory used for field data cache. This is an expert setting; decreasing the value too much will increase overhead of loading field data; too much memory used for field data cache will decrease amount of heap available for other operations.</li> <li><code>indices_memory_index_buffer_size</code> (integer, Minimum: 3, Maximum: 40). Percentage value. Default is 10%. Total amount of heap used for indexing buffer, before writing segments to disk. This is an expert setting. Too low value will slow down indexing; too high value will increase indexing performance but causes performance issues for query performance.</li> <li><code>indices_memory_max_index_buffer_size</code> (integer, Minimum: 3, Maximum: 2048). Absolute value. Default is unbound. Doesn't work without indices.memory.index_buffer_size. Maximum amount of heap used for query cache, an absolute indices.memory.index_buffer_size maximum hard limit.</li> <li><code>indices_memory_min_index_buffer_size</code> (integer, Minimum: 3, Maximum: 2048). Absolute value. Default is 48mb. Doesn't work without indices.memory.index_buffer_size. Minimum amount of heap used for query cache, an absolute indices.memory.index_buffer_size minimal hard limit.</li> <li><code>indices_queries_cache_size</code> (integer, Minimum: 3, Maximum: 40). Percentage value. Default is 10%. Maximum amount of heap used for query cache. This is an expert setting. Too low value will decrease query performance and increase performance for other operations; too high value will cause issues with other OpenSearch functionality.</li> <li><code>indices_query_bool_max_clause_count</code> (integer, Minimum: 64, Maximum: 4096). Maximum number of clauses Lucene BooleanQuery can have. The default value (1024) is relatively high, and increasing it may cause performance issues. Investigate other approaches first before increasing this value.</li> <li><code>indices_recovery_max_bytes_per_sec</code> (integer, Minimum: 40, Maximum: 400). Limits total inbound and outbound recovery traffic for each node. Applies to both peer recoveries as well as snapshot recoveries (i.e., restores from a snapshot). Defaults to 40mb.</li> <li><code>indices_recovery_max_concurrent_file_chunks</code> (integer, Minimum: 2, Maximum: 5). Number of file chunks sent in parallel for each recovery. Defaults to 2.</li> <li><code>ism_enabled</code> (boolean). Specifies whether ISM is enabled or not.</li> <li><code>ism_history_enabled</code> (boolean). Specifies whether audit history is enabled or not. The logs from ISM are automatically indexed to a logs document.</li> <li><code>ism_history_max_age</code> (integer, Minimum: 1, Maximum: 2147483647). The maximum age before rolling over the audit history index in hours.</li> <li><code>ism_history_max_docs</code> (integer, Minimum: 1). The maximum number of documents before rolling over the audit history index.</li> <li><code>ism_history_rollover_check_period</code> (integer, Minimum: 1, Maximum: 2147483647). The time between rollover checks for the audit history index in hours.</li> <li><code>ism_history_rollover_retention_period</code> (integer, Minimum: 1, Maximum: 2147483647). How long audit history indices are kept in days.</li> <li><code>override_main_response_version</code> (boolean). Compatibility mode sets OpenSearch to report its version as 7.10 so clients continue to work. Default is false.</li> <li><code>reindex_remote_whitelist</code> (array of strings, MaxItems: 32). Whitelisted addresses for reindexing. Changing this value will cause all OpenSearch instances to restart.</li> <li><code>script_max_compilations_rate</code> (string, MaxLength: 1024). Script compilation circuit breaker limits the number of inline script compilations within a period of time. Default is use-context.</li> <li><code>search_max_buckets</code> (integer, Minimum: 1, Maximum: 1000000). Maximum number of aggregation buckets allowed in a single response. OpenSearch default value is used when this is not defined.</li> <li><code>thread_pool_analyze_queue_size</code> (integer, Minimum: 10, Maximum: 2000). Size for the thread pool queue. See documentation for exact details.</li> <li><code>thread_pool_analyze_size</code> (integer, Minimum: 1, Maximum: 128). Size for the thread pool. See documentation for exact details. Do note this may have maximum value depending on CPU count - value is automatically lowered if set to higher than maximum value.</li> <li><code>thread_pool_force_merge_size</code> (integer, Minimum: 1, Maximum: 128). Size for the thread pool. See documentation for exact details. Do note this may have maximum value depending on CPU count - value is automatically lowered if set to higher than maximum value.</li> <li><code>thread_pool_get_queue_size</code> (integer, Minimum: 10, Maximum: 2000). Size for the thread pool queue. See documentation for exact details.</li> <li><code>thread_pool_get_size</code> (integer, Minimum: 1, Maximum: 128). Size for the thread pool. See documentation for exact details. Do note this may have maximum value depending on CPU count - value is automatically lowered if set to higher than maximum value.</li> <li><code>thread_pool_search_queue_size</code> (integer, Minimum: 10, Maximum: 2000). Size for the thread pool queue. See documentation for exact details.</li> <li><code>thread_pool_search_size</code> (integer, Minimum: 1, Maximum: 128). Size for the thread pool. See documentation for exact details. Do note this may have maximum value depending on CPU count - value is automatically lowered if set to higher than maximum value.</li> <li><code>thread_pool_search_throttled_queue_size</code> (integer, Minimum: 10, Maximum: 2000). Size for the thread pool queue. See documentation for exact details.</li> <li><code>thread_pool_search_throttled_size</code> (integer, Minimum: 1, Maximum: 128). Size for the thread pool. See documentation for exact details. Do note this may have maximum value depending on CPU count - value is automatically lowered if set to higher than maximum value.</li> <li><code>thread_pool_write_queue_size</code> (integer, Minimum: 10, Maximum: 2000). Size for the thread pool queue. See documentation for exact details.</li> <li><code>thread_pool_write_size</code> (integer, Minimum: 1, Maximum: 128). Size for the thread pool. See documentation for exact details. Do note this may have maximum value depending on CPU count - value is automatically lowered if set to higher than maximum value.</li> </ul>"},{"location":"api-reference/opensearch.html#spec.userConfig.opensearch.auth_failure_listeners","title":"auth_failure_listeners","text":"<p>Appears on <code>spec.userConfig.opensearch</code>.</p> <p>Opensearch Security Plugin Settings.</p> <p>Optional</p> <ul> <li><code>internal_authentication_backend_limiting</code> (object).  See below for nested schema.</li> <li><code>ip_rate_limiting</code> (object). IP address rate limiting settings. See below for nested schema.</li> </ul>"},{"location":"api-reference/opensearch.html#spec.userConfig.opensearch.auth_failure_listeners.internal_authentication_backend_limiting","title":"internal_authentication_backend_limiting","text":"<p>Appears on <code>spec.userConfig.opensearch.auth_failure_listeners</code>.</p> <p>Optional</p> <ul> <li><code>allowed_tries</code> (integer, Minimum: 0, Maximum: 2147483647). The number of login attempts allowed before login is blocked.</li> <li><code>authentication_backend</code> (string, Enum: <code>internal</code>, MaxLength: 1024). internal_authentication_backend_limiting.authentication_backend.</li> <li><code>block_expiry_seconds</code> (integer, Minimum: 0, Maximum: 2147483647). The duration of time that login remains blocked after a failed login.</li> <li><code>max_blocked_clients</code> (integer, Minimum: 0, Maximum: 2147483647). internal_authentication_backend_limiting.max_blocked_clients.</li> <li><code>max_tracked_clients</code> (integer, Minimum: 0, Maximum: 2147483647). The maximum number of tracked IP addresses that have failed login.</li> <li><code>time_window_seconds</code> (integer, Minimum: 0, Maximum: 2147483647). The window of time in which the value for <code>allowed_tries</code> is enforced.</li> <li><code>type</code> (string, Enum: <code>username</code>, MaxLength: 1024). internal_authentication_backend_limiting.type.</li> </ul>"},{"location":"api-reference/opensearch.html#spec.userConfig.opensearch.auth_failure_listeners.ip_rate_limiting","title":"ip_rate_limiting","text":"<p>Appears on <code>spec.userConfig.opensearch.auth_failure_listeners</code>.</p> <p>IP address rate limiting settings.</p> <p>Optional</p> <ul> <li><code>allowed_tries</code> (integer, Minimum: 1, Maximum: 2147483647). The number of login attempts allowed before login is blocked.</li> <li><code>block_expiry_seconds</code> (integer, Minimum: 1, Maximum: 36000). The duration of time that login remains blocked after a failed login.</li> <li><code>max_blocked_clients</code> (integer, Minimum: 0, Maximum: 2147483647). The maximum number of blocked IP addresses.</li> <li><code>max_tracked_clients</code> (integer, Minimum: 0, Maximum: 2147483647). The maximum number of tracked IP addresses that have failed login.</li> <li><code>time_window_seconds</code> (integer, Minimum: 1, Maximum: 36000). The window of time in which the value for <code>allowed_tries</code> is enforced.</li> <li><code>type</code> (string, Enum: <code>ip</code>, MaxLength: 1024). The type of rate limiting.</li> </ul>"},{"location":"api-reference/opensearch.html#spec.userConfig.opensearch_dashboards","title":"opensearch_dashboards","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>OpenSearch Dashboards settings.</p> <p>Optional</p> <ul> <li><code>enabled</code> (boolean). Enable or disable OpenSearch Dashboards.</li> <li><code>max_old_space_size</code> (integer, Minimum: 64, Maximum: 2048). Limits the maximum amount of memory (in MiB) the OpenSearch Dashboards process can use. This sets the max_old_space_size option of the nodejs running the OpenSearch Dashboards. Note: the memory reserved by OpenSearch Dashboards is not available for OpenSearch.</li> <li><code>opensearch_request_timeout</code> (integer, Minimum: 5000, Maximum: 120000). Timeout in milliseconds for requests made by OpenSearch Dashboards towards OpenSearch.</li> </ul>"},{"location":"api-reference/opensearch.html#spec.userConfig.private_access","title":"private_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from private networks.</p> <p>Optional</p> <ul> <li><code>opensearch</code> (boolean). Allow clients to connect to opensearch with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> <li><code>opensearch_dashboards</code> (boolean). Allow clients to connect to opensearch_dashboards with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> </ul>"},{"location":"api-reference/opensearch.html#spec.userConfig.privatelink_access","title":"privatelink_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service components through Privatelink.</p> <p>Optional</p> <ul> <li><code>opensearch</code> (boolean). Enable opensearch.</li> <li><code>opensearch_dashboards</code> (boolean). Enable opensearch_dashboards.</li> <li><code>prometheus</code> (boolean). Enable prometheus.</li> </ul>"},{"location":"api-reference/opensearch.html#spec.userConfig.public_access","title":"public_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from the public Internet.</p> <p>Optional</p> <ul> <li><code>opensearch</code> (boolean). Allow clients to connect to opensearch from the public internet for service nodes that are in a project VPC or another type of private network.</li> <li><code>opensearch_dashboards</code> (boolean). Allow clients to connect to opensearch_dashboards from the public internet for service nodes that are in a project VPC or another type of private network.</li> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus from the public internet for service nodes that are in a project VPC or another type of private network.</li> </ul>"},{"location":"api-reference/opensearch.html#spec.userConfig.saml","title":"saml","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>OpenSearch SAML configuration.</p> <p>Required</p> <ul> <li><code>enabled</code> (boolean). Enables or disables SAML-based authentication for OpenSearch. When enabled, users can authenticate using SAML with an Identity Provider.</li> <li><code>idp_entity_id</code> (string, MinLength: 1, MaxLength: 1024). The unique identifier for the Identity Provider (IdP) entity that is used for SAML authentication. This value is typically provided by the IdP.</li> <li><code>idp_metadata_url</code> (string, MinLength: 1, MaxLength: 2048). The URL of the SAML metadata for the Identity Provider (IdP). This is used to configure SAML-based authentication with the IdP.</li> <li><code>sp_entity_id</code> (string, MinLength: 1, MaxLength: 1024). The unique identifier for the Service Provider (SP) entity that is used for SAML authentication. This value is typically provided by the SP.</li> </ul> <p>Optional</p> <ul> <li><code>idp_pemtrustedcas_content</code> (string, MaxLength: 16384). This parameter specifies the PEM-encoded root certificate authority (CA) content for the SAML identity provider (IdP) server verification. The root CA content is used to verify the SSL/TLS certificate presented by the server.</li> <li><code>roles_key</code> (string, MinLength: 1, MaxLength: 256). Optional. Specifies the attribute in the SAML response where role information is stored, if available. Role attributes are not required for SAML authentication, but can be included in SAML assertions by most Identity Providers (IdPs) to determine user access levels or permissions.</li> <li><code>subject_key</code> (string, MinLength: 1, MaxLength: 256). Optional. Specifies the attribute in the SAML response where the subject identifier is stored. If not configured, the NameID attribute is used by default.</li> </ul>"},{"location":"api-reference/postgresql.html","title":"PostgreSQL","text":""},{"location":"api-reference/postgresql.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: PostgreSQL\nmetadata:\n  name: my-postgresql\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: postgresql-secret\n    prefix: MY_SECRET_PREFIX_\n    annotations:\n      foo: bar\n    labels:\n      baz: egg\n\n  project: aiven-project-name\n  cloudName: google-europe-west1\n  plan: startup-4\n\n  maintenanceWindowDow: sunday\n  maintenanceWindowTime: 11:00:00\n\n  userConfig:\n    pg_version: \"15\"\n</code></pre>"},{"location":"api-reference/postgresql.html#PostgreSQL","title":"PostgreSQL","text":"<p>PostgreSQL is the Schema for the postgresql API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>PostgreSQL</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). PostgreSQLSpec defines the desired state of postgres instance. See below for nested schema.</li> </ul>"},{"location":"api-reference/postgresql.html#spec","title":"spec","text":"<p>Appears on <code>PostgreSQL</code>.</p> <p>PostgreSQLSpec defines the desired state of postgres instance.</p> <p>Required</p> <ul> <li><code>plan</code> (string, MaxLength: 128). Subscription plan.</li> <li><code>project</code> (string, Immutable, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Target project.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>cloudName</code> (string, MaxLength: 256). Cloud the service runs in.</li> <li><code>connInfoSecretTarget</code> (object). Information regarding secret creation. Exposed keys: <code>POSTGRESQL_HOST</code>, <code>POSTGRESQL_PORT</code>, <code>POSTGRESQL_DATABASE</code>, <code>POSTGRESQL_USER</code>, <code>POSTGRESQL_PASSWORD</code>, <code>POSTGRESQL_SSLMODE</code>, <code>POSTGRESQL_DATABASE_URI</code>. See below for nested schema.</li> <li><code>disk_space</code> (string, Format: <code>^[1-9][0-9]*(GiB|G)*</code>). The disk space of the service, possible values depend on the service type, the cloud provider and the project. Reducing will result in the service re-balancing.</li> <li><code>maintenanceWindowDow</code> (string, Enum: <code>monday</code>, <code>tuesday</code>, <code>wednesday</code>, <code>thursday</code>, <code>friday</code>, <code>saturday</code>, <code>sunday</code>). Day of week when maintenance operations should be performed. One monday, tuesday, wednesday, etc.</li> <li><code>maintenanceWindowTime</code> (string, MaxLength: 8). Time of day when maintenance operations should be performed. UTC time in HH:mm:ss format.</li> <li><code>projectVPCRef</code> (object). ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically. See below for nested schema.</li> <li><code>projectVpcId</code> (string, MaxLength: 36). Identifier of the VPC the service should be in, if any.</li> <li><code>serviceIntegrations</code> (array of objects, Immutable, MaxItems: 1). Service integrations to specify when creating a service. Not applied after initial service creation. See below for nested schema.</li> <li><code>tags</code> (object, AdditionalProperties: string). Tags are key-value pairs that allow you to categorize services.</li> <li><code>terminationProtection</code> (boolean). Prevent service from being deleted. It is recommended to have this enabled for all services.</li> <li><code>userConfig</code> (object). PostgreSQL specific user configuration options. See below for nested schema.</li> </ul>"},{"location":"api-reference/postgresql.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/postgresql.html#spec.connInfoSecretTarget","title":"connInfoSecretTarget","text":"<p>Appears on <code>spec</code>.</p> <p>Information regarding secret creation. Exposed keys: <code>POSTGRESQL_HOST</code>, <code>POSTGRESQL_PORT</code>, <code>POSTGRESQL_DATABASE</code>, <code>POSTGRESQL_USER</code>, <code>POSTGRESQL_PASSWORD</code>, <code>POSTGRESQL_SSLMODE</code>, <code>POSTGRESQL_DATABASE_URI</code>.</p> <p>Required</p> <ul> <li><code>name</code> (string). Name of the secret resource to be created. By default, is equal to the resource name.</li> </ul> <p>Optional</p> <ul> <li><code>annotations</code> (object, AdditionalProperties: string). Annotations added to the secret.</li> <li><code>labels</code> (object, AdditionalProperties: string). Labels added to the secret.</li> <li><code>prefix</code> (string). Prefix for the secret's keys. Added \"as is\" without any transformations. By default, is equal to the kind name in uppercase + underscore, e.g. <code>KAFKA_</code>, <code>REDIS_</code>, etc.</li> </ul>"},{"location":"api-reference/postgresql.html#spec.projectVPCRef","title":"projectVPCRef","text":"<p>Appears on <code>spec</code>.</p> <p>ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically.</p> <p>Required</p> <ul> <li><code>name</code> (string, MinLength: 1). </li> </ul> <p>Optional</p> <ul> <li><code>namespace</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/postgresql.html#spec.serviceIntegrations","title":"serviceIntegrations","text":"<p>Appears on <code>spec</code>.</p> <p>Service integrations to specify when creating a service. Not applied after initial service creation.</p> <p>Required</p> <ul> <li><code>integrationType</code> (string, Enum: <code>read_replica</code>). </li> <li><code>sourceServiceName</code> (string, MinLength: 1, MaxLength: 64). </li> </ul>"},{"location":"api-reference/postgresql.html#spec.userConfig","title":"userConfig","text":"<p>Appears on <code>spec</code>.</p> <p>PostgreSQL specific user configuration options.</p> <p>Optional</p> <ul> <li><code>additional_backup_regions</code> (array of strings, MaxItems: 1). Additional Cloud Regions for Backup Replication.</li> <li><code>admin_password</code> (string, Immutable, Pattern: <code>^[a-zA-Z0-9-_]+$</code>, MinLength: 8, MaxLength: 256). Custom password for admin user. Defaults to random string. This must be set only when a new service is being created.</li> <li><code>admin_username</code> (string, Immutable, Pattern: <code>^[_A-Za-z0-9][-._A-Za-z0-9]{0,63}$</code>, MaxLength: 64). Custom username for admin user. This must be set only when a new service is being created.</li> <li><code>backup_hour</code> (integer, Minimum: 0, Maximum: 23). The hour of day (in UTC) when backup for the service is started. New backup is only started if previous backup has already completed.</li> <li><code>backup_minute</code> (integer, Minimum: 0, Maximum: 59). The minute of an hour when backup for the service is started. New backup is only started if previous backup has already completed.</li> <li><code>enable_ipv6</code> (boolean). Register AAAA DNS records for the service, and allow IPv6 packets to service ports.</li> <li><code>ip_filter</code> (array of objects, MaxItems: 1024). Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>. See below for nested schema.</li> <li><code>migration</code> (object). Migrate data from existing server. See below for nested schema.</li> <li><code>pg</code> (object). postgresql.conf configuration values. See below for nested schema.</li> <li><code>pg_qualstats</code> (object). System-wide settings for the pg_qualstats extension. See below for nested schema.</li> <li><code>pg_read_replica</code> (boolean). Should the service which is being forked be a read replica (deprecated, use read_replica service integration instead).</li> <li><code>pg_service_to_fork_from</code> (string, Immutable, MaxLength: 64). Name of the PG Service from which to fork (deprecated, use service_to_fork_from). This has effect only when a new service is being created.</li> <li><code>pg_stat_monitor_enable</code> (boolean). Enable the pg_stat_monitor extension. Enabling this extension will cause the cluster to be restarted.When this extension is enabled, pg_stat_statements results for utility commands are unreliable.</li> <li><code>pg_version</code> (string, Enum: <code>11</code>, <code>12</code>, <code>13</code>, <code>14</code>, <code>15</code>). PostgreSQL major version.</li> <li><code>pgbouncer</code> (object). PGBouncer connection pooling settings. See below for nested schema.</li> <li><code>pglookout</code> (object). System-wide settings for pglookout. See below for nested schema.</li> <li><code>private_access</code> (object). Allow access to selected service ports from private networks. See below for nested schema.</li> <li><code>privatelink_access</code> (object). Allow access to selected service components through Privatelink. See below for nested schema.</li> <li><code>project_to_fork_from</code> (string, Immutable, MaxLength: 63). Name of another project to fork a service from. This has effect only when a new service is being created.</li> <li><code>public_access</code> (object). Allow access to selected service ports from the public Internet. See below for nested schema.</li> <li><code>recovery_target_time</code> (string, Immutable, MaxLength: 32). Recovery target time when forking a service. This has effect only when a new service is being created.</li> <li><code>service_log</code> (boolean). Store logs for the service so that they are available in the HTTP API and console.</li> <li><code>service_to_fork_from</code> (string, Immutable, MaxLength: 64). Name of another service to fork from. This has effect only when a new service is being created.</li> <li><code>shared_buffers_percentage</code> (number, Minimum: 20, Maximum: 60). Percentage of total RAM that the database server uses for shared memory buffers. Valid range is 20-60 (float), which corresponds to 20% - 60%. This setting adjusts the shared_buffers configuration value.</li> <li><code>static_ips</code> (boolean). Use static public IP addresses.</li> <li><code>synchronous_replication</code> (string, Enum: <code>quorum</code>, <code>off</code>). Synchronous replication type. Note that the service plan also needs to support synchronous replication.</li> <li><code>timescaledb</code> (object). System-wide settings for the timescaledb extension. See below for nested schema.</li> <li><code>variant</code> (string, Enum: <code>aiven</code>, <code>timescale</code>). Variant of the PostgreSQL service, may affect the features that are exposed by default.</li> <li><code>work_mem</code> (integer, Minimum: 1, Maximum: 1024). Sets the maximum amount of memory to be used by a query operation (such as a sort or hash table) before writing to temporary disk files, in MB. Default is 1MB + 0.075% of total RAM (up to 32MB).</li> </ul>"},{"location":"api-reference/postgresql.html#spec.userConfig.ip_filter","title":"ip_filter","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>.</p> <p>Required</p> <ul> <li><code>network</code> (string, MaxLength: 43). CIDR address block.</li> </ul> <p>Optional</p> <ul> <li><code>description</code> (string, MaxLength: 1024). Description for IP filter list entry.</li> </ul>"},{"location":"api-reference/postgresql.html#spec.userConfig.migration","title":"migration","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Migrate data from existing server.</p> <p>Required</p> <ul> <li><code>host</code> (string, MaxLength: 255). Hostname or IP address of the server where to migrate data from.</li> <li><code>port</code> (integer, Minimum: 1, Maximum: 65535). Port number of the server where to migrate data from.</li> </ul> <p>Optional</p> <ul> <li><code>dbname</code> (string, MaxLength: 63). Database name for bootstrapping the initial connection.</li> <li><code>ignore_dbs</code> (string, MaxLength: 2048). Comma-separated list of databases, which should be ignored during migration (supported by MySQL and PostgreSQL only at the moment).</li> <li><code>method</code> (string, Enum: <code>dump</code>, <code>replication</code>). The migration method to be used (currently supported only by Redis, Dragonfly, MySQL and PostgreSQL service types).</li> <li><code>password</code> (string, MaxLength: 256). Password for authentication with the server where to migrate data from.</li> <li><code>ssl</code> (boolean). The server where to migrate data from is secured with SSL.</li> <li><code>username</code> (string, MaxLength: 256). User name for authentication with the server where to migrate data from.</li> </ul>"},{"location":"api-reference/postgresql.html#spec.userConfig.pg","title":"pg","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>postgresql.conf configuration values.</p> <p>Optional</p> <ul> <li><code>autovacuum_analyze_scale_factor</code> (number, Minimum: 0, Maximum: 1). Specifies a fraction of the table size to add to autovacuum_analyze_threshold when deciding whether to trigger an ANALYZE. The default is 0.2 (20% of table size).</li> <li><code>autovacuum_analyze_threshold</code> (integer, Minimum: 0, Maximum: 2147483647). Specifies the minimum number of inserted, updated or deleted tuples needed to trigger an  ANALYZE in any one table. The default is 50 tuples.</li> <li><code>autovacuum_freeze_max_age</code> (integer, Minimum: 200000000, Maximum: 1500000000). Specifies the maximum age (in transactions) that a table's pg_class.relfrozenxid field can attain before a VACUUM operation is forced to prevent transaction ID wraparound within the table. Note that the system will launch autovacuum processes to prevent wraparound even when autovacuum is otherwise disabled. This parameter will cause the server to be restarted.</li> <li><code>autovacuum_max_workers</code> (integer, Minimum: 1, Maximum: 20). Specifies the maximum number of autovacuum processes (other than the autovacuum launcher) that may be running at any one time. The default is three. This parameter can only be set at server start.</li> <li><code>autovacuum_naptime</code> (integer, Minimum: 1, Maximum: 86400). Specifies the minimum delay between autovacuum runs on any given database. The delay is measured in seconds, and the default is one minute.</li> <li><code>autovacuum_vacuum_cost_delay</code> (integer, Minimum: -1, Maximum: 100). Specifies the cost delay value that will be used in automatic VACUUM operations. If -1 is specified, the regular vacuum_cost_delay value will be used. The default value is 20 milliseconds.</li> <li><code>autovacuum_vacuum_cost_limit</code> (integer, Minimum: -1, Maximum: 10000). Specifies the cost limit value that will be used in automatic VACUUM operations. If -1 is specified (which is the default), the regular vacuum_cost_limit value will be used.</li> <li><code>autovacuum_vacuum_scale_factor</code> (number, Minimum: 0, Maximum: 1). Specifies a fraction of the table size to add to autovacuum_vacuum_threshold when deciding whether to trigger a VACUUM. The default is 0.2 (20% of table size).</li> <li><code>autovacuum_vacuum_threshold</code> (integer, Minimum: 0, Maximum: 2147483647). Specifies the minimum number of updated or deleted tuples needed to trigger a VACUUM in any one table. The default is 50 tuples.</li> <li><code>bgwriter_delay</code> (integer, Minimum: 10, Maximum: 10000). Specifies the delay between activity rounds for the background writer in milliseconds. Default is 200.</li> <li><code>bgwriter_flush_after</code> (integer, Minimum: 0, Maximum: 2048). Whenever more than bgwriter_flush_after bytes have been written by the background writer, attempt to force the OS to issue these writes to the underlying storage. Specified in kilobytes, default is 512. Setting of 0 disables forced writeback.</li> <li><code>bgwriter_lru_maxpages</code> (integer, Minimum: 0, Maximum: 1073741823). In each round, no more than this many buffers will be written by the background writer. Setting this to zero disables background writing. Default is 100.</li> <li><code>bgwriter_lru_multiplier</code> (number, Minimum: 0, Maximum: 10). The average recent need for new buffers is multiplied by bgwriter_lru_multiplier to arrive at an estimate of the number that will be needed during the next round, (up to bgwriter_lru_maxpages). 1.0 represents a \u201cjust in time\u201d policy of writing exactly the number of buffers predicted to be needed. Larger values provide some cushion against spikes in demand, while smaller values intentionally leave writes to be done by server processes. The default is 2.0.</li> <li><code>deadlock_timeout</code> (integer, Minimum: 500, Maximum: 1800000). This is the amount of time, in milliseconds, to wait on a lock before checking to see if there is a deadlock condition.</li> <li><code>default_toast_compression</code> (string, Enum: <code>lz4</code>, <code>pglz</code>). Specifies the default TOAST compression method for values of compressible columns (the default is lz4).</li> <li><code>idle_in_transaction_session_timeout</code> (integer, Minimum: 0, Maximum: 604800000). Time out sessions with open transactions after this number of milliseconds.</li> <li><code>jit</code> (boolean). Controls system-wide use of Just-in-Time Compilation (JIT).</li> <li><code>log_autovacuum_min_duration</code> (integer, Minimum: -1, Maximum: 2147483647). Causes each action executed by autovacuum to be logged if it ran for at least the specified number of milliseconds. Setting this to zero logs all autovacuum actions. Minus-one (the default) disables logging autovacuum actions.</li> <li><code>log_error_verbosity</code> (string, Enum: <code>TERSE</code>, <code>DEFAULT</code>, <code>VERBOSE</code>). Controls the amount of detail written in the server log for each message that is logged.</li> <li><code>log_line_prefix</code> (string, Enum: <code>'pid=%p,user=%u,db=%d,app=%a,client=%h '</code>, <code>'%t [%p]: [%l-1] user=%u,db=%d,app=%a,client=%h '</code>, <code>'%m [%p] %q[user=%u,db=%d,app=%a] '</code>). Choose from one of the available log-formats. These can support popular log analyzers like pgbadger, pganalyze etc.</li> <li><code>log_min_duration_statement</code> (integer, Minimum: -1, Maximum: 86400000). Log statements that take more than this number of milliseconds to run, -1 disables.</li> <li><code>log_temp_files</code> (integer, Minimum: -1, Maximum: 2147483647). Log statements for each temporary file created larger than this number of kilobytes, -1 disables.</li> <li><code>max_files_per_process</code> (integer, Minimum: 1000, Maximum: 4096). PostgreSQL maximum number of files that can be open per process.</li> <li><code>max_locks_per_transaction</code> (integer, Minimum: 64, Maximum: 6400). PostgreSQL maximum locks per transaction.</li> <li><code>max_logical_replication_workers</code> (integer, Minimum: 4, Maximum: 64). PostgreSQL maximum logical replication workers (taken from the pool of max_parallel_workers).</li> <li><code>max_parallel_workers</code> (integer, Minimum: 0, Maximum: 96). Sets the maximum number of workers that the system can support for parallel queries.</li> <li><code>max_parallel_workers_per_gather</code> (integer, Minimum: 0, Maximum: 96). Sets the maximum number of workers that can be started by a single Gather or Gather Merge node.</li> <li><code>max_pred_locks_per_transaction</code> (integer, Minimum: 64, Maximum: 5120). PostgreSQL maximum predicate locks per transaction.</li> <li><code>max_prepared_transactions</code> (integer, Minimum: 0, Maximum: 10000). PostgreSQL maximum prepared transactions.</li> <li><code>max_replication_slots</code> (integer, Minimum: 8, Maximum: 64). PostgreSQL maximum replication slots.</li> <li><code>max_slot_wal_keep_size</code> (integer, Minimum: -1, Maximum: 2147483647). PostgreSQL maximum WAL size (MB) reserved for replication slots. Default is -1 (unlimited). wal_keep_size minimum WAL size setting takes precedence over this.</li> <li><code>max_stack_depth</code> (integer, Minimum: 2097152, Maximum: 6291456). Maximum depth of the stack in bytes.</li> <li><code>max_standby_archive_delay</code> (integer, Minimum: 1, Maximum: 43200000). Max standby archive delay in milliseconds.</li> <li><code>max_standby_streaming_delay</code> (integer, Minimum: 1, Maximum: 43200000). Max standby streaming delay in milliseconds.</li> <li><code>max_wal_senders</code> (integer, Minimum: 20, Maximum: 64). PostgreSQL maximum WAL senders.</li> <li><code>max_worker_processes</code> (integer, Minimum: 8, Maximum: 96). Sets the maximum number of background processes that the system can support.</li> <li><code>pg_partman_bgw.interval</code> (integer, Minimum: 3600, Maximum: 604800). Sets the time interval to run pg_partman's scheduled tasks.</li> <li><code>pg_partman_bgw.role</code> (string, Pattern: <code>^[_A-Za-z0-9][-._A-Za-z0-9]{0,63}$</code>, MaxLength: 64). Controls which role to use for pg_partman's scheduled background tasks.</li> <li><code>pg_stat_monitor.pgsm_enable_query_plan</code> (boolean). Enables or disables query plan monitoring.</li> <li><code>pg_stat_monitor.pgsm_max_buckets</code> (integer, Minimum: 1, Maximum: 10). Sets the maximum number of buckets.</li> <li><code>pg_stat_statements.track</code> (string, Enum: <code>all</code>, <code>top</code>, <code>none</code>). Controls which statements are counted. Specify top to track top-level statements (those issued directly by clients), all to also track nested statements (such as statements invoked within functions), or none to disable statement statistics collection. The default value is top.</li> <li><code>temp_file_limit</code> (integer, Minimum: -1, Maximum: 2147483647). PostgreSQL temporary file limit in KiB, -1 for unlimited.</li> <li><code>timezone</code> (string, MaxLength: 64). PostgreSQL service timezone.</li> <li><code>track_activity_query_size</code> (integer, Minimum: 1024, Maximum: 10240). Specifies the number of bytes reserved to track the currently executing command for each active session.</li> <li><code>track_commit_timestamp</code> (string, Enum: <code>off</code>, <code>on</code>). Record commit time of transactions.</li> <li><code>track_functions</code> (string, Enum: <code>all</code>, <code>pl</code>, <code>none</code>). Enables tracking of function call counts and time used.</li> <li><code>track_io_timing</code> (string, Enum: <code>off</code>, <code>on</code>). Enables timing of database I/O calls. This parameter is off by default, because it will repeatedly query the operating system for the current time, which may cause significant overhead on some platforms.</li> <li><code>wal_sender_timeout</code> (integer). Terminate replication connections that are inactive for longer than this amount of time, in milliseconds. Setting this value to zero disables the timeout.</li> <li><code>wal_writer_delay</code> (integer, Minimum: 10, Maximum: 200). WAL flush interval in milliseconds. Note that setting this value to lower than the default 200ms may negatively impact performance.</li> </ul>"},{"location":"api-reference/postgresql.html#spec.userConfig.pg_qualstats","title":"pg_qualstats","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>System-wide settings for the pg_qualstats extension.</p> <p>Optional</p> <ul> <li><code>enabled</code> (boolean). Enable / Disable pg_qualstats.</li> <li><code>min_err_estimate_num</code> (integer, Minimum: 0). Error estimation num threshold to save quals.</li> <li><code>min_err_estimate_ratio</code> (integer, Minimum: 0). Error estimation ratio threshold to save quals.</li> <li><code>track_constants</code> (boolean). Enable / Disable pg_qualstats constants tracking.</li> <li><code>track_pg_catalog</code> (boolean). Track quals on system catalogs too.</li> </ul>"},{"location":"api-reference/postgresql.html#spec.userConfig.pgbouncer","title":"pgbouncer","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>PGBouncer connection pooling settings.</p> <p>Optional</p> <ul> <li><code>autodb_idle_timeout</code> (integer, Minimum: 0, Maximum: 86400). If the automatically created database pools have been unused this many seconds, they are freed. If 0 then timeout is disabled. [seconds].</li> <li><code>autodb_max_db_connections</code> (integer, Minimum: 0, Maximum: 2147483647). Do not allow more than this many server connections per database (regardless of user). Setting it to 0 means unlimited.</li> <li><code>autodb_pool_mode</code> (string, Enum: <code>session</code>, <code>transaction</code>, <code>statement</code>). PGBouncer pool mode.</li> <li><code>autodb_pool_size</code> (integer, Minimum: 0, Maximum: 10000). If non-zero then create automatically a pool of that size per user when a pool doesn't exist.</li> <li><code>ignore_startup_parameters</code> (array of strings, MaxItems: 32). List of parameters to ignore when given in startup packet.</li> <li><code>min_pool_size</code> (integer, Minimum: 0, Maximum: 10000). Add more server connections to pool if below this number. Improves behavior when usual load comes suddenly back after period of total inactivity. The value is effectively capped at the pool size.</li> <li><code>server_idle_timeout</code> (integer, Minimum: 0, Maximum: 86400). If a server connection has been idle more than this many seconds it will be dropped. If 0 then timeout is disabled. [seconds].</li> <li><code>server_lifetime</code> (integer, Minimum: 60, Maximum: 86400). The pooler will close an unused server connection that has been connected longer than this. [seconds].</li> <li><code>server_reset_query_always</code> (boolean). Run server_reset_query (DISCARD ALL) in all pooling modes.</li> </ul>"},{"location":"api-reference/postgresql.html#spec.userConfig.pglookout","title":"pglookout","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>System-wide settings for pglookout.</p> <p>Required</p> <ul> <li><code>max_failover_replication_time_lag</code> (integer, Minimum: 10). Number of seconds of master unavailability before triggering database failover to standby.</li> </ul>"},{"location":"api-reference/postgresql.html#spec.userConfig.private_access","title":"private_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from private networks.</p> <p>Optional</p> <ul> <li><code>pg</code> (boolean). Allow clients to connect to pg with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> <li><code>pgbouncer</code> (boolean). Allow clients to connect to pgbouncer with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> </ul>"},{"location":"api-reference/postgresql.html#spec.userConfig.privatelink_access","title":"privatelink_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service components through Privatelink.</p> <p>Optional</p> <ul> <li><code>pg</code> (boolean). Enable pg.</li> <li><code>pgbouncer</code> (boolean). Enable pgbouncer.</li> <li><code>prometheus</code> (boolean). Enable prometheus.</li> </ul>"},{"location":"api-reference/postgresql.html#spec.userConfig.public_access","title":"public_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from the public Internet.</p> <p>Optional</p> <ul> <li><code>pg</code> (boolean). Allow clients to connect to pg from the public internet for service nodes that are in a project VPC or another type of private network.</li> <li><code>pgbouncer</code> (boolean). Allow clients to connect to pgbouncer from the public internet for service nodes that are in a project VPC or another type of private network.</li> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus from the public internet for service nodes that are in a project VPC or another type of private network.</li> </ul>"},{"location":"api-reference/postgresql.html#spec.userConfig.timescaledb","title":"timescaledb","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>System-wide settings for the timescaledb extension.</p> <p>Required</p> <ul> <li><code>max_background_workers</code> (integer, Minimum: 1, Maximum: 4096). The number of background workers for timescaledb operations. You should configure this setting to the sum of your number of databases and the total number of concurrent background workers you want running at any given point in time.</li> </ul>"},{"location":"api-reference/project.html","title":"Project","text":""},{"location":"api-reference/project.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: Project\nmetadata:\n  name: my-project\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: project-secret\n    prefix: MY_SECRET_PREFIX_\n    annotations:\n      foo: bar\n    labels:\n      baz: egg\n\n  tags:\n    env: prod\n\n  billingAddress: NYC\n  cloud: aws-eu-west-1\n</code></pre>"},{"location":"api-reference/project.html#Project","title":"Project","text":"<p>Project is the Schema for the projects API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>Project</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). ProjectSpec defines the desired state of Project. See below for nested schema.</li> </ul>"},{"location":"api-reference/project.html#spec","title":"spec","text":"<p>Appears on <code>Project</code>.</p> <p>ProjectSpec defines the desired state of Project.</p> <p>Optional</p> <ul> <li><code>accountId</code> (string, MaxLength: 32). Account ID.</li> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>billingAddress</code> (string, MaxLength: 1000). Billing name and address of the project.</li> <li><code>billingCurrency</code> (string, Enum: <code>AUD</code>, <code>CAD</code>, <code>CHF</code>, <code>DKK</code>, <code>EUR</code>, <code>GBP</code>, <code>NOK</code>, <code>SEK</code>, <code>USD</code>). Billing currency.</li> <li><code>billingEmails</code> (array of strings, MaxItems: 10). Billing contact emails of the project.</li> <li><code>billingExtraText</code> (string, MaxLength: 1000). Extra text to be included in all project invoices, e.g. purchase order or cost center number.</li> <li><code>billingGroupId</code> (string, MinLength: 36, MaxLength: 36). BillingGroup ID.</li> <li><code>cardId</code> (string, MaxLength: 64). Credit card ID; The ID may be either last 4 digits of the card or the actual ID.</li> <li><code>cloud</code> (string, MaxLength: 256). Target cloud, example: aws-eu-central-1.</li> <li><code>connInfoSecretTarget</code> (object). Information regarding secret creation. Exposed keys: <code>PROJECT_CA_CERT</code>. See below for nested schema.</li> <li><code>copyFromProject</code> (string, MaxLength: 63). Project name from which to copy settings to the new project.</li> <li><code>countryCode</code> (string, MinLength: 2, MaxLength: 2). Billing country code of the project.</li> <li><code>tags</code> (object, AdditionalProperties: string). Tags are key-value pairs that allow you to categorize projects.</li> <li><code>technicalEmails</code> (array of strings, MaxItems: 10). Technical contact emails of the project.</li> </ul>"},{"location":"api-reference/project.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/project.html#spec.connInfoSecretTarget","title":"connInfoSecretTarget","text":"<p>Appears on <code>spec</code>.</p> <p>Information regarding secret creation. Exposed keys: <code>PROJECT_CA_CERT</code>.</p> <p>Required</p> <ul> <li><code>name</code> (string). Name of the secret resource to be created. By default, is equal to the resource name.</li> </ul> <p>Optional</p> <ul> <li><code>annotations</code> (object, AdditionalProperties: string). Annotations added to the secret.</li> <li><code>labels</code> (object, AdditionalProperties: string). Labels added to the secret.</li> <li><code>prefix</code> (string). Prefix for the secret's keys. Added \"as is\" without any transformations. By default, is equal to the kind name in uppercase + underscore, e.g. <code>KAFKA_</code>, <code>REDIS_</code>, etc.</li> </ul>"},{"location":"api-reference/projectvpc.html","title":"ProjectVPC","text":""},{"location":"api-reference/projectvpc.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: ProjectVPC\nmetadata:\n  name: my-project-vpc\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: aiven-project-name\n  cloudName: google-europe-west1\n  networkCidr: 10.0.0.0/24\n</code></pre>"},{"location":"api-reference/projectvpc.html#ProjectVPC","title":"ProjectVPC","text":"<p>ProjectVPC is the Schema for the projectvpcs API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>ProjectVPC</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). ProjectVPCSpec defines the desired state of ProjectVPC. See below for nested schema.</li> </ul>"},{"location":"api-reference/projectvpc.html#spec","title":"spec","text":"<p>Appears on <code>ProjectVPC</code>.</p> <p>ProjectVPCSpec defines the desired state of ProjectVPC.</p> <p>Required</p> <ul> <li><code>cloudName</code> (string, Immutable, MaxLength: 256). Cloud the VPC is in.</li> <li><code>networkCidr</code> (string, Immutable, MaxLength: 36). Network address range used by the VPC like 192.168.0.0/24.</li> <li><code>project</code> (string, Immutable, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). The project the VPC belongs to.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> </ul>"},{"location":"api-reference/projectvpc.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/redis.html","title":"Redis","text":""},{"location":"api-reference/redis.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: Redis\nmetadata:\n  name: k8s-redis\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: redis-token\n    prefix: MY_SECRET_PREFIX_\n    annotations:\n      foo: bar\n    labels:\n      baz: egg\n\n  project: my-aiven-project\n  cloudName: google-europe-west1\n  plan: startup-4\n\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n\n  userConfig:\n    redis_maxmemory_policy: \"allkeys-random\"\n</code></pre>"},{"location":"api-reference/redis.html#Redis","title":"Redis","text":"<p>Redis is the Schema for the redis API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>Redis</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). RedisSpec defines the desired state of Redis. See below for nested schema.</li> </ul>"},{"location":"api-reference/redis.html#spec","title":"spec","text":"<p>Appears on <code>Redis</code>.</p> <p>RedisSpec defines the desired state of Redis.</p> <p>Required</p> <ul> <li><code>plan</code> (string, MaxLength: 128). Subscription plan.</li> <li><code>project</code> (string, Immutable, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Target project.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>cloudName</code> (string, MaxLength: 256). Cloud the service runs in.</li> <li><code>connInfoSecretTarget</code> (object). Information regarding secret creation. Exposed keys: <code>REDIS_HOST</code>, <code>REDIS_PORT</code>, <code>REDIS_USER</code>, <code>REDIS_PASSWORD</code>. See below for nested schema.</li> <li><code>disk_space</code> (string, Format: <code>^[1-9][0-9]*(GiB|G)*</code>). The disk space of the service, possible values depend on the service type, the cloud provider and the project. Reducing will result in the service re-balancing.</li> <li><code>maintenanceWindowDow</code> (string, Enum: <code>monday</code>, <code>tuesday</code>, <code>wednesday</code>, <code>thursday</code>, <code>friday</code>, <code>saturday</code>, <code>sunday</code>). Day of week when maintenance operations should be performed. One monday, tuesday, wednesday, etc.</li> <li><code>maintenanceWindowTime</code> (string, MaxLength: 8). Time of day when maintenance operations should be performed. UTC time in HH:mm:ss format.</li> <li><code>projectVPCRef</code> (object). ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically. See below for nested schema.</li> <li><code>projectVpcId</code> (string, MaxLength: 36). Identifier of the VPC the service should be in, if any.</li> <li><code>serviceIntegrations</code> (array of objects, Immutable, MaxItems: 1). Service integrations to specify when creating a service. Not applied after initial service creation. See below for nested schema.</li> <li><code>tags</code> (object, AdditionalProperties: string). Tags are key-value pairs that allow you to categorize services.</li> <li><code>terminationProtection</code> (boolean). Prevent service from being deleted. It is recommended to have this enabled for all services.</li> <li><code>userConfig</code> (object). Redis specific user configuration options. See below for nested schema.</li> </ul>"},{"location":"api-reference/redis.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/redis.html#spec.connInfoSecretTarget","title":"connInfoSecretTarget","text":"<p>Appears on <code>spec</code>.</p> <p>Information regarding secret creation. Exposed keys: <code>REDIS_HOST</code>, <code>REDIS_PORT</code>, <code>REDIS_USER</code>, <code>REDIS_PASSWORD</code>.</p> <p>Required</p> <ul> <li><code>name</code> (string). Name of the secret resource to be created. By default, is equal to the resource name.</li> </ul> <p>Optional</p> <ul> <li><code>annotations</code> (object, AdditionalProperties: string). Annotations added to the secret.</li> <li><code>labels</code> (object, AdditionalProperties: string). Labels added to the secret.</li> <li><code>prefix</code> (string). Prefix for the secret's keys. Added \"as is\" without any transformations. By default, is equal to the kind name in uppercase + underscore, e.g. <code>KAFKA_</code>, <code>REDIS_</code>, etc.</li> </ul>"},{"location":"api-reference/redis.html#spec.projectVPCRef","title":"projectVPCRef","text":"<p>Appears on <code>spec</code>.</p> <p>ProjectVPCRef reference to ProjectVPC resource to use its ID as ProjectVPCID automatically.</p> <p>Required</p> <ul> <li><code>name</code> (string, MinLength: 1). </li> </ul> <p>Optional</p> <ul> <li><code>namespace</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/redis.html#spec.serviceIntegrations","title":"serviceIntegrations","text":"<p>Appears on <code>spec</code>.</p> <p>Service integrations to specify when creating a service. Not applied after initial service creation.</p> <p>Required</p> <ul> <li><code>integrationType</code> (string, Enum: <code>read_replica</code>). </li> <li><code>sourceServiceName</code> (string, MinLength: 1, MaxLength: 64). </li> </ul>"},{"location":"api-reference/redis.html#spec.userConfig","title":"userConfig","text":"<p>Appears on <code>spec</code>.</p> <p>Redis specific user configuration options.</p> <p>Optional</p> <ul> <li><code>additional_backup_regions</code> (array of strings, MaxItems: 1). Additional Cloud Regions for Backup Replication.</li> <li><code>ip_filter</code> (array of objects, MaxItems: 1024). Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>. See below for nested schema.</li> <li><code>migration</code> (object). Migrate data from existing server. See below for nested schema.</li> <li><code>private_access</code> (object). Allow access to selected service ports from private networks. See below for nested schema.</li> <li><code>privatelink_access</code> (object). Allow access to selected service components through Privatelink. See below for nested schema.</li> <li><code>project_to_fork_from</code> (string, Immutable, MaxLength: 63). Name of another project to fork a service from. This has effect only when a new service is being created.</li> <li><code>public_access</code> (object). Allow access to selected service ports from the public Internet. See below for nested schema.</li> <li><code>recovery_basebackup_name</code> (string, Pattern: <code>^[a-zA-Z0-9-_:.]+$</code>, MaxLength: 128). Name of the basebackup to restore in forked service.</li> <li><code>redis_acl_channels_default</code> (string, Enum: <code>allchannels</code>, <code>resetchannels</code>). Determines default pub/sub channels' ACL for new users if ACL is not supplied. When this option is not defined, all_channels is assumed to keep backward compatibility. This option doesn't affect Redis configuration acl-pubsub-default.</li> <li><code>redis_io_threads</code> (integer, Minimum: 1, Maximum: 32). Set Redis IO thread count. Changing this will cause a restart of the Redis service.</li> <li><code>redis_lfu_decay_time</code> (integer, Minimum: 1, Maximum: 120). LFU maxmemory-policy counter decay time in minutes.</li> <li><code>redis_lfu_log_factor</code> (integer, Minimum: 0, Maximum: 100). Counter logarithm factor for volatile-lfu and allkeys-lfu maxmemory-policies.</li> <li><code>redis_maxmemory_policy</code> (string, Enum: <code>noeviction</code>, <code>allkeys-lru</code>, <code>volatile-lru</code>, <code>allkeys-random</code>, <code>volatile-random</code>, <code>volatile-ttl</code>, <code>volatile-lfu</code>, <code>allkeys-lfu</code>). Redis maxmemory-policy.</li> <li><code>redis_notify_keyspace_events</code> (string, Pattern: <code>^[KEg\\$lshzxeA]*$</code>, MaxLength: 32). Set notify-keyspace-events option.</li> <li><code>redis_number_of_databases</code> (integer, Minimum: 1, Maximum: 128). Set number of Redis databases. Changing this will cause a restart of the Redis service.</li> <li><code>redis_persistence</code> (string, Enum: <code>off</code>, <code>rdb</code>). When persistence is <code>rdb</code>, Redis does RDB dumps each 10 minutes if any key is changed. Also RDB dumps are done according to backup schedule for backup purposes. When persistence is <code>off</code>, no RDB dumps and backups are done, so data can be lost at any moment if service is restarted for any reason, or if service is powered off. Also service can't be forked.</li> <li><code>redis_pubsub_client_output_buffer_limit</code> (integer, Minimum: 32, Maximum: 512). Set output buffer limit for pub / sub clients in MB. The value is the hard limit, the soft limit is 1/4 of the hard limit. When setting the limit, be mindful of the available memory in the selected service plan.</li> <li><code>redis_ssl</code> (boolean). Require SSL to access Redis.</li> <li><code>redis_timeout</code> (integer, Minimum: 0, Maximum: 31536000). Redis idle connection timeout in seconds.</li> <li><code>service_log</code> (boolean). Store logs for the service so that they are available in the HTTP API and console.</li> <li><code>service_to_fork_from</code> (string, Immutable, MaxLength: 64). Name of another service to fork from. This has effect only when a new service is being created.</li> <li><code>static_ips</code> (boolean). Use static public IP addresses.</li> </ul>"},{"location":"api-reference/redis.html#spec.userConfig.ip_filter","title":"ip_filter","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow incoming connections from CIDR address block, e.g. <code>10.20.0.0/16</code>.</p> <p>Required</p> <ul> <li><code>network</code> (string, MaxLength: 43). CIDR address block.</li> </ul> <p>Optional</p> <ul> <li><code>description</code> (string, MaxLength: 1024). Description for IP filter list entry.</li> </ul>"},{"location":"api-reference/redis.html#spec.userConfig.migration","title":"migration","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Migrate data from existing server.</p> <p>Required</p> <ul> <li><code>host</code> (string, MaxLength: 255). Hostname or IP address of the server where to migrate data from.</li> <li><code>port</code> (integer, Minimum: 1, Maximum: 65535). Port number of the server where to migrate data from.</li> </ul> <p>Optional</p> <ul> <li><code>dbname</code> (string, MaxLength: 63). Database name for bootstrapping the initial connection.</li> <li><code>ignore_dbs</code> (string, MaxLength: 2048). Comma-separated list of databases, which should be ignored during migration (supported by MySQL and PostgreSQL only at the moment).</li> <li><code>method</code> (string, Enum: <code>dump</code>, <code>replication</code>). The migration method to be used (currently supported only by Redis, Dragonfly, MySQL and PostgreSQL service types).</li> <li><code>password</code> (string, MaxLength: 256). Password for authentication with the server where to migrate data from.</li> <li><code>ssl</code> (boolean). The server where to migrate data from is secured with SSL.</li> <li><code>username</code> (string, MaxLength: 256). User name for authentication with the server where to migrate data from.</li> </ul>"},{"location":"api-reference/redis.html#spec.userConfig.private_access","title":"private_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from private networks.</p> <p>Optional</p> <ul> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> <li><code>redis</code> (boolean). Allow clients to connect to redis with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations.</li> </ul>"},{"location":"api-reference/redis.html#spec.userConfig.privatelink_access","title":"privatelink_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service components through Privatelink.</p> <p>Optional</p> <ul> <li><code>prometheus</code> (boolean). Enable prometheus.</li> <li><code>redis</code> (boolean). Enable redis.</li> </ul>"},{"location":"api-reference/redis.html#spec.userConfig.public_access","title":"public_access","text":"<p>Appears on <code>spec.userConfig</code>.</p> <p>Allow access to selected service ports from the public Internet.</p> <p>Optional</p> <ul> <li><code>prometheus</code> (boolean). Allow clients to connect to prometheus from the public internet for service nodes that are in a project VPC or another type of private network.</li> <li><code>redis</code> (boolean). Allow clients to connect to redis from the public internet for service nodes that are in a project VPC or another type of private network.</li> </ul>"},{"location":"api-reference/serviceintegration.html","title":"ServiceIntegration","text":""},{"location":"api-reference/serviceintegration.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: ServiceIntegration\nmetadata:\n  name: my-service-integration\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: aiven-project-name\n\n  integrationType: kafka_logs\n  sourceServiceName: my-source-service-name\n  destinationServiceName: my-destination-service-name\n\n  kafkaLogs:\n    kafka_topic: my-kafka-topic\n</code></pre>"},{"location":"api-reference/serviceintegration.html#ServiceIntegration","title":"ServiceIntegration","text":"<p>ServiceIntegration is the Schema for the serviceintegrations API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>ServiceIntegration</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). ServiceIntegrationSpec defines the desired state of ServiceIntegration. See below for nested schema.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec","title":"spec","text":"<p>Appears on <code>ServiceIntegration</code>.</p> <p>ServiceIntegrationSpec defines the desired state of ServiceIntegration.</p> <p>Required</p> <ul> <li><code>integrationType</code> (string, Enum: <code>alertmanager</code>, <code>autoscaler</code>, <code>caching</code>, <code>cassandra_cross_service_cluster</code>, <code>clickhouse_kafka</code>, <code>clickhouse_postgresql</code>, <code>dashboard</code>, <code>datadog</code>, <code>datasource</code>, <code>external_aws_cloudwatch_logs</code>, <code>external_aws_cloudwatch_metrics</code>, <code>external_elasticsearch_logs</code>, <code>external_google_cloud_logging</code>, <code>external_opensearch_logs</code>, <code>flink</code>, <code>flink_external_kafka</code>, <code>internal_connectivity</code>, <code>jolokia</code>, <code>kafka_connect</code>, <code>kafka_logs</code>, <code>kafka_mirrormaker</code>, <code>logs</code>, <code>m3aggregator</code>, <code>m3coordinator</code>, <code>metrics</code>, <code>opensearch_cross_cluster_replication</code>, <code>opensearch_cross_cluster_search</code>, <code>prometheus</code>, <code>read_replica</code>, <code>rsyslog</code>, <code>schema_registry_proxy</code>, <code>stresstester</code>, <code>thanosquery</code>, <code>thanosstore</code>, <code>vmalert</code>, Immutable). Type of the service integration accepted by Aiven API. Some values may not be supported by the operator.</li> <li><code>project</code> (string, Immutable, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Project the integration belongs to.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>clickhouseKafka</code> (object). Clickhouse Kafka configuration values. See below for nested schema.</li> <li><code>clickhousePostgresql</code> (object). Clickhouse PostgreSQL configuration values. See below for nested schema.</li> <li><code>datadog</code> (object). Datadog specific user configuration options. See below for nested schema.</li> <li><code>destinationEndpointId</code> (string, Immutable, MaxLength: 36). Destination endpoint for the integration (if any).</li> <li><code>destinationProjectName</code> (string, Immutable, MaxLength: 63). Destination project for the integration (if any).</li> <li><code>destinationServiceName</code> (string, Immutable, MaxLength: 64). Destination service for the integration (if any).</li> <li><code>externalAWSCloudwatchMetrics</code> (object). External AWS CloudWatch Metrics integration Logs configuration values. See below for nested schema.</li> <li><code>kafkaConnect</code> (object). Kafka Connect service configuration values. See below for nested schema.</li> <li><code>kafkaLogs</code> (object). Kafka logs configuration values. See below for nested schema.</li> <li><code>kafkaMirrormaker</code> (object). Kafka MirrorMaker configuration values. See below for nested schema.</li> <li><code>logs</code> (object). Logs configuration values. See below for nested schema.</li> <li><code>metrics</code> (object). Metrics configuration values. See below for nested schema.</li> <li><code>sourceEndpointID</code> (string, Immutable, MaxLength: 36). Source endpoint for the integration (if any).</li> <li><code>sourceProjectName</code> (string, Immutable, MaxLength: 63). Source project for the integration (if any).</li> <li><code>sourceServiceName</code> (string, Immutable, MaxLength: 64). Source service for the integration (if any).</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.clickhouseKafka","title":"clickhouseKafka","text":"<p>Appears on <code>spec</code>.</p> <p>Clickhouse Kafka configuration values.</p> <p>Required</p> <ul> <li><code>tables</code> (array of objects, MaxItems: 100). Tables to create. See below for nested schema.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.clickhouseKafka.tables","title":"tables","text":"<p>Appears on <code>spec.clickhouseKafka</code>.</p> <p>Tables to create.</p> <p>Required</p> <ul> <li><code>columns</code> (array of objects, MaxItems: 100). Table columns. See below for nested schema.</li> <li><code>data_format</code> (string, Enum: <code>Avro</code>, <code>CSV</code>, <code>JSONAsString</code>, <code>JSONCompactEachRow</code>, <code>JSONCompactStringsEachRow</code>, <code>JSONEachRow</code>, <code>JSONStringsEachRow</code>, <code>MsgPack</code>, <code>TSKV</code>, <code>TSV</code>, <code>TabSeparated</code>, <code>RawBLOB</code>, <code>AvroConfluent</code>). Message data format.</li> <li><code>group_name</code> (string, MinLength: 1, MaxLength: 249). Kafka consumers group.</li> <li><code>name</code> (string, MinLength: 1, MaxLength: 40). Name of the table.</li> <li><code>topics</code> (array of objects, MaxItems: 100). Kafka topics. See below for nested schema.</li> </ul> <p>Optional</p> <ul> <li><code>auto_offset_reset</code> (string, Enum: <code>smallest</code>, <code>earliest</code>, <code>beginning</code>, <code>largest</code>, <code>latest</code>, <code>end</code>). Action to take when there is no initial offset in offset store or the desired offset is out of range.</li> <li><code>date_time_input_format</code> (string, Enum: <code>basic</code>, <code>best_effort</code>, <code>best_effort_us</code>). Method to read DateTime from text input formats.</li> <li><code>handle_error_mode</code> (string, Enum: <code>default</code>, <code>stream</code>). How to handle errors for Kafka engine.</li> <li><code>max_block_size</code> (integer, Minimum: 0, Maximum: 1000000000). Number of row collected by poll(s) for flushing data from Kafka.</li> <li><code>max_rows_per_message</code> (integer, Minimum: 1, Maximum: 1000000000). The maximum number of rows produced in one kafka message for row-based formats.</li> <li><code>num_consumers</code> (integer, Minimum: 1, Maximum: 10). The number of consumers per table per replica.</li> <li><code>poll_max_batch_size</code> (integer, Minimum: 0, Maximum: 1000000000). Maximum amount of messages to be polled in a single Kafka poll.</li> <li><code>skip_broken_messages</code> (integer, Minimum: 0, Maximum: 1000000000). Skip at least this number of broken messages from Kafka topic per block.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.clickhouseKafka.tables.columns","title":"columns","text":"<p>Appears on <code>spec.clickhouseKafka.tables</code>.</p> <p>Table columns.</p> <p>Required</p> <ul> <li><code>name</code> (string, MinLength: 1, MaxLength: 40). Column name.</li> <li><code>type</code> (string, MinLength: 1, MaxLength: 1000). Column type.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.clickhouseKafka.tables.topics","title":"topics","text":"<p>Appears on <code>spec.clickhouseKafka.tables</code>.</p> <p>Kafka topics.</p> <p>Required</p> <ul> <li><code>name</code> (string, MinLength: 1, MaxLength: 249). Name of the topic.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.clickhousePostgresql","title":"clickhousePostgresql","text":"<p>Appears on <code>spec</code>.</p> <p>Clickhouse PostgreSQL configuration values.</p> <p>Required</p> <ul> <li><code>databases</code> (array of objects, MaxItems: 10). Databases to expose. See below for nested schema.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.clickhousePostgresql.databases","title":"databases","text":"<p>Appears on <code>spec.clickhousePostgresql</code>.</p> <p>Databases to expose.</p> <p>Optional</p> <ul> <li><code>database</code> (string, MinLength: 1, MaxLength: 63). PostgreSQL database to expose.</li> <li><code>schema</code> (string, MinLength: 1, MaxLength: 63). PostgreSQL schema to expose.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.datadog","title":"datadog","text":"<p>Appears on <code>spec</code>.</p> <p>Datadog specific user configuration options.</p> <p>Optional</p> <ul> <li><code>datadog_dbm_enabled</code> (boolean). Enable Datadog Database Monitoring.</li> <li><code>datadog_tags</code> (array of objects, MaxItems: 32). Custom tags provided by user. See below for nested schema.</li> <li><code>exclude_consumer_groups</code> (array of strings, MaxItems: 1024). List of custom metrics.</li> <li><code>exclude_topics</code> (array of strings, MaxItems: 1024). List of topics to exclude.</li> <li><code>include_consumer_groups</code> (array of strings, MaxItems: 1024). List of custom metrics.</li> <li><code>include_topics</code> (array of strings, MaxItems: 1024). List of topics to include.</li> <li><code>kafka_custom_metrics</code> (array of strings, MaxItems: 1024). List of custom metrics.</li> <li><code>max_jmx_metrics</code> (integer, Minimum: 10, Maximum: 100000). Maximum number of JMX metrics to send.</li> <li><code>opensearch</code> (object). Datadog Opensearch Options. See below for nested schema.</li> <li><code>redis</code> (object). Datadog Redis Options. See below for nested schema.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.datadog.datadog_tags","title":"datadog_tags","text":"<p>Appears on <code>spec.datadog</code>.</p> <p>Custom tags provided by user.</p> <p>Required</p> <ul> <li><code>tag</code> (string, MinLength: 1, MaxLength: 200). Tag format and usage are described here: https://docs.datadoghq.com/getting_started/tagging. Tags with prefix <code>aiven-</code> are reserved for Aiven.</li> </ul> <p>Optional</p> <ul> <li><code>comment</code> (string, MaxLength: 1024). Optional tag explanation.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.datadog.opensearch","title":"opensearch","text":"<p>Appears on <code>spec.datadog</code>.</p> <p>Datadog Opensearch Options.</p> <p>Optional</p> <ul> <li><code>index_stats_enabled</code> (boolean). Enable Datadog Opensearch Index Monitoring.</li> <li><code>pending_task_stats_enabled</code> (boolean). Enable Datadog Opensearch Pending Task Monitoring.</li> <li><code>pshard_stats_enabled</code> (boolean). Enable Datadog Opensearch Primary Shard Monitoring.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.datadog.redis","title":"redis","text":"<p>Appears on <code>spec.datadog</code>.</p> <p>Datadog Redis Options.</p> <p>Required</p> <ul> <li><code>command_stats_enabled</code> (boolean). Enable command_stats option in the agent's configuration.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.externalAWSCloudwatchMetrics","title":"externalAWSCloudwatchMetrics","text":"<p>Appears on <code>spec</code>.</p> <p>External AWS CloudWatch Metrics integration Logs configuration values.</p> <p>Optional</p> <ul> <li><code>dropped_metrics</code> (array of objects, MaxItems: 1024). Metrics to not send to AWS CloudWatch (takes precedence over extra_metrics). See below for nested schema.</li> <li><code>extra_metrics</code> (array of objects, MaxItems: 1024). Metrics to allow through to AWS CloudWatch (in addition to default metrics). See below for nested schema.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.externalAWSCloudwatchMetrics.dropped_metrics","title":"dropped_metrics","text":"<p>Appears on <code>spec.externalAWSCloudwatchMetrics</code>.</p> <p>Metrics to not send to AWS CloudWatch (takes precedence over extra_metrics).</p> <p>Required</p> <ul> <li><code>field</code> (string, MaxLength: 1000). Identifier of a value in the metric.</li> <li><code>metric</code> (string, MaxLength: 1000). Identifier of the metric.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.externalAWSCloudwatchMetrics.extra_metrics","title":"extra_metrics","text":"<p>Appears on <code>spec.externalAWSCloudwatchMetrics</code>.</p> <p>Metrics to allow through to AWS CloudWatch (in addition to default metrics).</p> <p>Required</p> <ul> <li><code>field</code> (string, MaxLength: 1000). Identifier of a value in the metric.</li> <li><code>metric</code> (string, MaxLength: 1000). Identifier of the metric.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.kafkaConnect","title":"kafkaConnect","text":"<p>Appears on <code>spec</code>.</p> <p>Kafka Connect service configuration values.</p> <p>Required</p> <ul> <li><code>kafka_connect</code> (object). Kafka Connect service configuration values. See below for nested schema.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.kafkaConnect.kafka_connect","title":"kafka_connect","text":"<p>Appears on <code>spec.kafkaConnect</code>.</p> <p>Kafka Connect service configuration values.</p> <p>Optional</p> <ul> <li><code>config_storage_topic</code> (string, MaxLength: 249). The name of the topic where connector and task configuration data are stored.This must be the same for all workers with the same group_id.</li> <li><code>group_id</code> (string, MaxLength: 249). A unique string that identifies the Connect cluster group this worker belongs to.</li> <li><code>offset_storage_topic</code> (string, MaxLength: 249). The name of the topic where connector and task configuration offsets are stored.This must be the same for all workers with the same group_id.</li> <li><code>status_storage_topic</code> (string, MaxLength: 249). The name of the topic where connector and task configuration status updates are stored.This must be the same for all workers with the same group_id.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.kafkaLogs","title":"kafkaLogs","text":"<p>Appears on <code>spec</code>.</p> <p>Kafka logs configuration values.</p> <p>Required</p> <ul> <li><code>kafka_topic</code> (string, MinLength: 1, MaxLength: 249). Topic name.</li> </ul> <p>Optional</p> <ul> <li><code>selected_log_fields</code> (array of strings, MaxItems: 5). The list of logging fields that will be sent to the integration logging service. The MESSAGE and timestamp fields are always sent.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.kafkaMirrormaker","title":"kafkaMirrormaker","text":"<p>Appears on <code>spec</code>.</p> <p>Kafka MirrorMaker configuration values.</p> <p>Optional</p> <ul> <li><code>cluster_alias</code> (string, Pattern: <code>^[a-zA-Z0-9_.-]+$</code>, MaxLength: 128). The alias under which the Kafka cluster is known to MirrorMaker. Can contain the following symbols: ASCII alphanumerics, <code>.</code>, <code>_</code>, and <code>-</code>.</li> <li><code>kafka_mirrormaker</code> (object). Kafka MirrorMaker configuration values. See below for nested schema.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.kafkaMirrormaker.kafka_mirrormaker","title":"kafka_mirrormaker","text":"<p>Appears on <code>spec.kafkaMirrormaker</code>.</p> <p>Kafka MirrorMaker configuration values.</p> <p>Optional</p> <ul> <li><code>consumer_fetch_min_bytes</code> (integer, Minimum: 1, Maximum: 5242880). The minimum amount of data the server should return for a fetch request.</li> <li><code>producer_batch_size</code> (integer, Minimum: 0, Maximum: 5242880). The batch size in bytes producer will attempt to collect before publishing to broker.</li> <li><code>producer_buffer_memory</code> (integer, Minimum: 5242880, Maximum: 134217728). The amount of bytes producer can use for buffering data before publishing to broker.</li> <li><code>producer_compression_type</code> (string, Enum: <code>gzip</code>, <code>snappy</code>, <code>lz4</code>, <code>zstd</code>, <code>none</code>). Specify the default compression type for producers. This configuration accepts the standard compression codecs (<code>gzip</code>, <code>snappy</code>, <code>lz4</code>, <code>zstd</code>). It additionally accepts <code>none</code> which is the default and equivalent to no compression.</li> <li><code>producer_linger_ms</code> (integer, Minimum: 0, Maximum: 5000). The linger time (ms) for waiting new data to arrive for publishing.</li> <li><code>producer_max_request_size</code> (integer, Minimum: 0, Maximum: 268435456). The maximum request size in bytes.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.logs","title":"logs","text":"<p>Appears on <code>spec</code>.</p> <p>Logs configuration values.</p> <p>Optional</p> <ul> <li><code>elasticsearch_index_days_max</code> (integer, Minimum: 1, Maximum: 10000). Elasticsearch index retention limit.</li> <li><code>elasticsearch_index_prefix</code> (string, MinLength: 1, MaxLength: 1024). Elasticsearch index prefix.</li> <li><code>selected_log_fields</code> (array of strings, MaxItems: 5). The list of logging fields that will be sent to the integration logging service. The MESSAGE and timestamp fields are always sent.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.metrics","title":"metrics","text":"<p>Appears on <code>spec</code>.</p> <p>Metrics configuration values.</p> <p>Optional</p> <ul> <li><code>database</code> (string, Pattern: <code>^[_A-Za-z0-9][-_A-Za-z0-9]{0,39}$</code>, MaxLength: 40). Name of the database where to store metric datapoints. Only affects PostgreSQL destinations. Defaults to <code>metrics</code>. Note that this must be the same for all metrics integrations that write data to the same PostgreSQL service.</li> <li><code>retention_days</code> (integer, Minimum: 0, Maximum: 10000). Number of days to keep old metrics. Only affects PostgreSQL destinations. Set to 0 for no automatic cleanup. Defaults to 30 days.</li> <li><code>ro_username</code> (string, Pattern: <code>^[_A-Za-z0-9][-._A-Za-z0-9]{0,39}$</code>, MaxLength: 40). Name of a user that can be used to read metrics. This will be used for Grafana integration (if enabled) to prevent Grafana users from making undesired changes. Only affects PostgreSQL destinations. Defaults to <code>metrics_reader</code>. Note that this must be the same for all metrics integrations that write data to the same PostgreSQL service.</li> <li><code>source_mysql</code> (object). Configuration options for metrics where source service is MySQL. See below for nested schema.</li> <li><code>username</code> (string, Pattern: <code>^[_A-Za-z0-9][-._A-Za-z0-9]{0,39}$</code>, MaxLength: 40). Name of the user used to write metrics. Only affects PostgreSQL destinations. Defaults to <code>metrics_writer</code>. Note that this must be the same for all metrics integrations that write data to the same PostgreSQL service.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.metrics.source_mysql","title":"source_mysql","text":"<p>Appears on <code>spec.metrics</code>.</p> <p>Configuration options for metrics where source service is MySQL.</p> <p>Required</p> <ul> <li><code>telegraf</code> (object). Configuration options for Telegraf MySQL input plugin. See below for nested schema.</li> </ul>"},{"location":"api-reference/serviceintegration.html#spec.metrics.source_mysql.telegraf","title":"telegraf","text":"<p>Appears on <code>spec.metrics.source_mysql</code>.</p> <p>Configuration options for Telegraf MySQL input plugin.</p> <p>Optional</p> <ul> <li><code>gather_event_waits</code> (boolean). Gather metrics from PERFORMANCE_SCHEMA.EVENT_WAITS.</li> <li><code>gather_file_events_stats</code> (boolean). gather metrics from PERFORMANCE_SCHEMA.FILE_SUMMARY_BY_EVENT_NAME.</li> <li><code>gather_index_io_waits</code> (boolean). Gather metrics from PERFORMANCE_SCHEMA.TABLE_IO_WAITS_SUMMARY_BY_INDEX_USAGE.</li> <li><code>gather_info_schema_auto_inc</code> (boolean). Gather auto_increment columns and max values from information schema.</li> <li><code>gather_innodb_metrics</code> (boolean). Gather metrics from INFORMATION_SCHEMA.INNODB_METRICS.</li> <li><code>gather_perf_events_statements</code> (boolean). Gather metrics from PERFORMANCE_SCHEMA.EVENTS_STATEMENTS_SUMMARY_BY_DIGEST.</li> <li><code>gather_process_list</code> (boolean). Gather thread state counts from INFORMATION_SCHEMA.PROCESSLIST.</li> <li><code>gather_slave_status</code> (boolean). Gather metrics from SHOW SLAVE STATUS command output.</li> <li><code>gather_table_io_waits</code> (boolean). Gather metrics from PERFORMANCE_SCHEMA.TABLE_IO_WAITS_SUMMARY_BY_TABLE.</li> <li><code>gather_table_lock_waits</code> (boolean). Gather metrics from PERFORMANCE_SCHEMA.TABLE_LOCK_WAITS.</li> <li><code>gather_table_schema</code> (boolean). Gather metrics from INFORMATION_SCHEMA.TABLES.</li> <li><code>perf_events_statements_digest_text_limit</code> (integer, Minimum: 1, Maximum: 2048). Truncates digest text from perf_events_statements into this many characters.</li> <li><code>perf_events_statements_limit</code> (integer, Minimum: 1, Maximum: 4000). Limits metrics from perf_events_statements.</li> <li><code>perf_events_statements_time_limit</code> (integer, Minimum: 1, Maximum: 2592000). Only include perf_events_statements whose last seen is less than this many seconds.</li> </ul>"},{"location":"api-reference/serviceuser.html","title":"ServiceUser","text":""},{"location":"api-reference/serviceuser.html#usage-example","title":"Usage example","text":"<pre><code>apiVersion: aiven.io/v1alpha1\nkind: ServiceUser\nmetadata:\n  name: my-service-user\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: service-user-secret\n    prefix: MY_SECRET_PREFIX_\n    annotations:\n      foo: bar\n    labels:\n      baz: egg\n\n  project: aiven-project-name\n  serviceName: my-service-name\n</code></pre>"},{"location":"api-reference/serviceuser.html#ServiceUser","title":"ServiceUser","text":"<p>ServiceUser is the Schema for the serviceusers API.</p> <p>Required</p> <ul> <li><code>apiVersion</code> (string). Value <code>aiven.io/v1alpha1</code>.</li> <li><code>kind</code> (string). Value <code>ServiceUser</code>.</li> <li><code>metadata</code> (object). Data that identifies the object, including a <code>name</code> string and optional <code>namespace</code>.</li> <li><code>spec</code> (object). ServiceUserSpec defines the desired state of ServiceUser. See below for nested schema.</li> </ul>"},{"location":"api-reference/serviceuser.html#spec","title":"spec","text":"<p>Appears on <code>ServiceUser</code>.</p> <p>ServiceUserSpec defines the desired state of ServiceUser.</p> <p>Required</p> <ul> <li><code>project</code> (string, MaxLength: 63, Format: <code>^[a-zA-Z0-9_-]*$</code>). Project to link the user to.</li> <li><code>serviceName</code> (string, MaxLength: 63). Service to link the user to.</li> </ul> <p>Optional</p> <ul> <li><code>authSecretRef</code> (object). Authentication reference to Aiven token in a secret. See below for nested schema.</li> <li><code>authentication</code> (string, Enum: <code>caching_sha2_password</code>, <code>mysql_native_password</code>). Authentication details.</li> <li><code>connInfoSecretTarget</code> (object). Information regarding secret creation. Exposed keys: <code>SERVICEUSER_HOST</code>, <code>SERVICEUSER_PORT</code>, <code>SERVICEUSER_USERNAME</code>, <code>SERVICEUSER_PASSWORD</code>, <code>SERVICEUSER_CA_CERT</code>, <code>SERVICEUSER_ACCESS_CERT</code>, <code>SERVICEUSER_ACCESS_KEY</code>. See below for nested schema.</li> </ul>"},{"location":"api-reference/serviceuser.html#spec.authSecretRef","title":"authSecretRef","text":"<p>Appears on <code>spec</code>.</p> <p>Authentication reference to Aiven token in a secret.</p> <p>Required</p> <ul> <li><code>key</code> (string, MinLength: 1). </li> <li><code>name</code> (string, MinLength: 1). </li> </ul>"},{"location":"api-reference/serviceuser.html#spec.connInfoSecretTarget","title":"connInfoSecretTarget","text":"<p>Appears on <code>spec</code>.</p> <p>Information regarding secret creation. Exposed keys: <code>SERVICEUSER_HOST</code>, <code>SERVICEUSER_PORT</code>, <code>SERVICEUSER_USERNAME</code>, <code>SERVICEUSER_PASSWORD</code>, <code>SERVICEUSER_CA_CERT</code>, <code>SERVICEUSER_ACCESS_CERT</code>, <code>SERVICEUSER_ACCESS_KEY</code>.</p> <p>Required</p> <ul> <li><code>name</code> (string). Name of the secret resource to be created. By default, is equal to the resource name.</li> </ul> <p>Optional</p> <ul> <li><code>annotations</code> (object, AdditionalProperties: string). Annotations added to the secret.</li> <li><code>labels</code> (object, AdditionalProperties: string). Labels added to the secret.</li> <li><code>prefix</code> (string). Prefix for the secret's keys. Added \"as is\" without any transformations. By default, is equal to the kind name in uppercase + underscore, e.g. <code>KAFKA_</code>, <code>REDIS_</code>, etc.</li> </ul>"},{"location":"contributing/index.html","title":"Contributing Guidelines","text":"<p>The Aiven Operator for Kubernetes project accepts contributions via GitHub pull requests. This document outlines the process to help get your contribution accepted.</p> <p>Please see also the Aiven Operator for Kubernetes Developer Guide.</p>"},{"location":"contributing/index.html#support-channels","title":"Support Channels","text":"<p>This project offers support through GitHub issues and can be filed here. Moreover, GitHub issues are used as the primary method for tracking anything to do with the Aiven Operator for Kubernetes project.</p>"},{"location":"contributing/index.html#pull-request-process","title":"Pull Request Process","text":"<ol> <li>Ensure any install or build dependencies are removed before the end of the layer when doing a build.</li> <li>Increase the version numbers in any examples files and the README.md and in corresponding file in he /docs folder to    the new version that this Pull Request would represent. The versioning scheme we use is SemVer.</li> <li>You may merge the Pull Request in once you have the sign-off of two other developers, or if you do not have    permission to do that, you may request the second reviewer to merge it for you.</li> </ol>"},{"location":"contributing/index.html#code-of-conduct","title":"Code of Conduct","text":""},{"location":"contributing/index.html#our-pledge","title":"Our Pledge","text":"<p>In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation.</p>"},{"location":"contributing/index.html#our-standards","title":"Our Standards","text":"<p>Examples of behavior that contributes to creating a positive environment include:</p> <ul> <li>Using welcoming and inclusive language</li> <li>Being respectful of differing viewpoints and experiences</li> <li>Gracefully accepting constructive criticism</li> <li>Focusing on what is best for the community</li> <li>Showing empathy towards other community members</li> </ul> <p>Examples of unacceptable behavior by participants include:</p> <ul> <li>The use of sexualized language or imagery and unwelcome sexual attention or advances</li> <li>Trolling, insulting/derogatory comments, and personal or political attacks</li> <li>Public or private harassment</li> <li>Publishing others' private information, such as a physical or electronic address, without explicit permission</li> <li>Other conduct which could reasonably be considered inappropriate in a professional setting</li> </ul>"},{"location":"contributing/index.html#commit-messages","title":"Commit Messages","text":"<p>This project adheres to the Conventional Commits specification. Please, make sure that your commit messages follow that specification.</p>"},{"location":"contributing/index.html#our-responsibilities","title":"Our Responsibilities","text":"<p>Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior.</p> <p>Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful.</p>"},{"location":"contributing/index.html#scope","title":"Scope","text":"<p>This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers.</p>"},{"location":"contributing/index.html#enforcement","title":"Enforcement","text":"<p>Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at opensource@aiven.io. All complaints will be reviewed and investigated and will result in a response that is deemed necessary and appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately.</p> <p>Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership.</p>"},{"location":"contributing/developer-guide.html","title":"Developer guide","text":""},{"location":"contributing/developer-guide.html#getting-started","title":"Getting Started","text":"<p>You must have a working Go environment and then clone the repository:</p> <pre><code>git clone git@github.com:aiven/aiven-operator.git\ncd aiven-operator\n</code></pre>"},{"location":"contributing/developer-guide.html#resource-generation","title":"Resource generation","text":"<p>Please see this page for more information.</p>"},{"location":"contributing/developer-guide.html#building","title":"Building","text":"<p>The project uses the <code>make</code> build system.</p> <p>Building the operator binary:</p> <pre><code>make build\n</code></pre>"},{"location":"contributing/developer-guide.html#testing","title":"Testing","text":"<p>As of now, we only support integration tests who interact directly with Aiven. To run the tests, you'll need an Aiven account and an Aiven authentication code.</p>"},{"location":"contributing/developer-guide.html#prerequisites","title":"Prerequisites","text":"<p>Please have installed first:</p> <ul> <li>docker/podman</li> <li>helm</li> <li>Aiven CLI (make sure you have logged in)</li> <li>jq</li> <li>kcat</li> <li>base64, note: MACOS version doesn't support <code>-w0</code> flag, some tests may not work properly</li> <li>kind, and existing cluster, e.g.     <pre><code> kind create cluster --image kindest/node:v1.24.0 --wait 5m\n</code></pre></li> </ul> <p>The following commands must be executed with these environment variables (keep them in secret!):</p> <ul> <li><code>AIVEN_TOKEN</code> \u2014 your authentication token </li> <li><code>AIVEN_PROJECT_NAME</code> \u2014 your Aiven project name to run services in</li> </ul> <p>Setup everything:</p> <pre><code>make e2e-setup-kind\n</code></pre> <p>Note</p> <p>Additionally, webhooks can be disabled,  if there are any problems with them.</p> <pre><code>WEBHOOKS_ENABLED=false make e2e-setup-kind\n</code></pre> <p>Run e2e tests (creates real services in <code>AIVEN_PROJECT_NAME</code>):</p> <pre><code>make test-e2e-preinstalled \n</code></pre> <p>When you're done, just drop the cluster:</p> <pre><code>kind delete cluster\n</code></pre>"},{"location":"contributing/developer-guide.html#documentation","title":"Documentation","text":"<p>The documentation is written in markdown and generated by mkdocs and mkdocs-material. </p> <p>To run the documentation live preview:</p> <pre><code>make serve-docs\n</code></pre> <p>And open the <code>http://localhost:8000/aiven-operator/</code> page in your web browser.</p> <p>The documentation API Reference section is generated automatically from the source code during the documentation deployment. To generate it locally, run the following command:</p> <pre><code>make docs\n</code></pre>"},{"location":"contributing/resource-generation.html","title":"Resource generation","text":"<p>Aiven Kubernetes Operator generates service configs code (also known as user configs) and documentation from public service types schema.</p>"},{"location":"contributing/resource-generation.html#flow-overview","title":"Flow overview","text":"<p>When a new schema is issued on the API, a cron job fetches it, parses, patches, and saves in a shared library \u2014 go-api-schemas.</p> <p>When the library is updated,  the GitHub dependabot creates PRs to the dependant repositories,  like Aiven Kubernetes Operator and Aiven Terraform Provider.</p> <p>Then the <code>make generate</code> command is called by GitHub action. And the PR is ready for review.</p> <pre><code>flowchart TB\n    API(Aiven API) &lt;-.-&gt;|polls schema updates| Schema([go-api-schemas])\n    Bot(dependabot) &lt;-.-&gt;|polls updates| Schema \n    Bot--&gt;|pull request|UpdateOP[/\"\u2728 $ make generate \u2728\"/]\n    UpdateOP--&gt;|review| OP([operator repository])</code></pre>"},{"location":"contributing/resource-generation.html#make-generate","title":"make generate","text":"<p>The command runs several generators in a certain sequence. First, the user config generator is called. Then controller-gen cli. Then API reference docs generator and charts generator.</p> <p>Here how it goes in the details:</p> <ol> <li>User config generator creates Go structs (k8s api compatible objects) with docstrings,     validation rules and constraints (immutable, maxLength, etc)</li> <li>controller-gen generates k8s methods,    generates CRDs for those objects,     creates charts for cluster roles and webhooks. </li> <li>Docs generator creates API reference out of CRDs:<ol> <li>it looks for an example file for the given CRD kind in <code>./&lt;api-reference-docs&gt;/example/</code>,    if it finds one, it validates that with the CRD.     Each CRD has an OpenAPI v3 schema as a part of it.     This is also used by Kubernetes itself to validate user input.</li> <li>generates full spec reference out of the schema</li> <li>creates a markdown file with spec and example (if exists)</li> </ol> </li> <li>Charts generator     updates CRDs, webhooks and cluster roles charts,    adds all changes to the changelog </li> </ol> <pre><code>flowchart TB\n    Make[/$ make generate/]--&gt;Generator(userconfig generator&lt;br&gt; creates/updates structs using updated spec)\n    Generator--&gt;|go: KafkaUserConfig struct| K8S(controller-gen&lt;br&gt; adds k8s methods to structs)\n    K8S--&gt;|go files| CRD(controller-gen&lt;br&gt; creates CRDs out of structs)\n    CRD--&gt;|CRD: aiven.io_kafkas.yaml| Docs(docs generator)\n    subgraph API reference generation\n        Docs--&gt;|aiven.io_kafkas.yaml|Reference(creates reference&lt;br&gt; out of CRD)\n        Docs--&gt;|examples/kafka.yaml,&lt;br&gt; aiven.io_kafkas.yaml|Examples(validates example&lt;br&gt; using CRD)\n        Examples--&gt; Markdown(creates docs out of CRDs, adds examples)\n        Reference--&gt;Markdown(kafka.md)\n    end\n    CRD--&gt;|yaml files|Charts(charts generator&lt;br&gt; updates helm charts&lt;br&gt; and the changelog)\n    Charts--&gt;ToRelease(\"Ready to release \ud83c\udf89\")\n    Markdown--&gt;ToRelease</code></pre>"},{"location":"contributing/resource-generation.html#charts-version-bump","title":"Charts version bump","text":"<p>By default, charts generator keeps the current helm chart's version, because it doesn't know semver. You need it to do manually.</p> <p>To do so run the following command with the version of your choice:</p> <pre><code>make version=v1.0.0 charts\n</code></pre>"},{"location":"installation/helm.html","title":"Installing with Helm (recommended)","text":""},{"location":"installation/helm.html#installing","title":"Installing","text":"<p>The Aiven Operator for Kubernetes can be installed via Helm. </p> <p>Before you start, make sure you have the prerequisites.</p> <p>First add the Aiven Helm repository:</p> <pre><code>helm repo add aiven https://aiven.github.io/aiven-charts &amp;&amp; helm repo update\n</code></pre>"},{"location":"installation/helm.html#installing-custom-resource-definitions","title":"Installing Custom Resource Definitions","text":"<pre><code>helm install aiven-operator-crds aiven/aiven-operator-crds\n</code></pre> <p>Verify the installation: <pre><code>kubectl api-resources --api-group=aiven.io\n</code></pre> The output is similar to the following:</p> <pre><code>NAME                  SHORTNAMES   APIVERSION          NAMESPACED   KIND\nconnectionpools                    aiven.io/v1alpha1   true         ConnectionPool\ndatabases                          aiven.io/v1alpha1   true         Database\n... &lt; several omitted lines &gt;\n</code></pre>"},{"location":"installation/helm.html#installing-the-operator","title":"Installing the Operator","text":"<pre><code>helm install aiven-operator aiven/aiven-operator\n</code></pre> <p>Note</p> <p>Installation will fail if webhooks are enabled and the CRDs for the cert-manager are not installed.</p> <p>Verify the installation:  <pre><code>helm status aiven-operator\n</code></pre></p> <p>The output is similar to the following:</p> <pre><code>NAME: aiven-operator\nLAST DEPLOYED: Fri Sep 10 15:23:26 2021\nNAMESPACE: default\nSTATUS: deployed\nREVISION: 1\nTEST SUITE: None\n</code></pre> <p>It is also possible to install the operator without webhooks enabled: <pre><code>helm install aiven-operator aiven/aiven-operator --set webhooks.enabled=false\n</code></pre></p>"},{"location":"installation/helm.html#configuration-options","title":"Configuration Options","text":"<p>Please refer to the values.yaml of the chart.</p>"},{"location":"installation/helm.html#installing-without-full-cluster-administrator-access","title":"Installing without full cluster administrator access","text":"<p>There can be some scenarios where the individual installing the Helm chart does not have the ability to provision cluster-wide resources (e.g. ClusterRoles/ClusterRoleBindings). In this scenario, you can have a cluster administrator manually install the ClusterRole and ClusterRoleBinding the operator requires prior to installing the Helm chart specifying <code>false</code> for the <code>clusterRole.create</code> attribute. </p>"},{"location":"installation/helm.html#uninstalling","title":"Uninstalling","text":"<p>Important</p> <p>Please see this page for more information.</p> <p>Find out the name of your deployment:</p> <pre><code>helm list\n</code></pre> <p>The output has the name of each deployment similar to the following: </p> <pre><code>NAME                NAMESPACE   REVISION    UPDATED                                     STATUS      CHART                       APP VERSION\naiven-operator      default     1           2021-09-09 10:56:14.623700249 +0200 CEST    deployed    aiven-operator-v0.1.0       v0.1.0     \naiven-operator-crds default     1           2021-09-09 10:56:05.736411868 +0200 CEST    deployed    aiven-operator-crds-v0.1.0  v0.1.0\n</code></pre> <p>Remove the CRDs:</p> <pre><code>helm uninstall aiven-operator-crds\n</code></pre> <p>The confirmation message is similar to the following:</p> <pre><code>release \"aiven-operator-crds\" uninstalled\n</code></pre> <p>Remove the operator:</p> <pre><code>helm uninstall aiven-operator\n</code></pre> <p>The confirmation message is similar to the following:</p> <pre><code>release \"aiven-operator\" uninstalled\n</code></pre>"},{"location":"installation/kubectl.html","title":"Installing with kubectl","text":""},{"location":"installation/kubectl.html#installing","title":"Installing","text":"<p>Before you start, make sure you have the prerequisites.</p> <p>All Aiven Operator for Kubernetes components can be installed from one YAML file that is uploaded for every release:</p> <pre><code>kubectl apply -f https://github.com/aiven/aiven-operator/releases/latest/download/deployment.yaml\n</code></pre> <p>By default the Deployment is installed into the <code>aiven-operator-system</code> namespace.</p>"},{"location":"installation/kubectl.html#uninstalling","title":"Uninstalling","text":"<p>Assuming you installed version <code>vX.Y.Z</code> of the operator it can be uninstalled via</p> <pre><code>kubectl delete -f https://github.com/aiven/aiven-operator/releases/download/vX.Y.Z/deployment.yaml\n</code></pre>"},{"location":"installation/prerequisites.html","title":"Prerequisites","text":"<p>The Aiven Operator for Kubernetes supports all major Kubernetes distributions, both locally and in the cloud.</p> <p>Make sure you have the following:</p> <ul> <li>To use the operator, you need admin access to a Kubernetes cluster.</li> <li>For playground usage you can use kind for example.</li> <li>For productive usage Helm is recommended.</li> </ul>"},{"location":"installation/prerequisites.html#cert-manager","title":"Cert Manager","text":"<p>The Aiven Operator for Kubernetes uses <code>cert-manager</code> to configure the service reference of our webhooks.</p> <p>Please follow the installation instructions on their website.</p> <p>Note</p> <p>This is not required in the Helm installation if you select to disable webhooks,  but that is not recommended outside of playground use.  The Aiven Operator for Kubernetes uses webhooks for setting defaults  and enforcing invariants that are expected by the aiven API and will lead to errors if ignored.  In the future webhooks will also be used for conversion and supporting multiple CRD versions.</p>"},{"location":"installation/uninstalling.html","title":"Uninstalling","text":"<p>Danger</p> <p>Uninstalling the Aiven Operator for Kubernetes can remove the resources created in Aiven, possibly resulting in data loss.</p> <p>Depending on your installation, please follow one of:</p> <ul> <li>Helm</li> <li>kubectl</li> </ul>"},{"location":"installation/uninstalling.html#dealing-with-expired-tokens","title":"Dealing with expired tokens","text":"<p>Aiven resources need to have an accompanying secret that contains the token that is used to authorize the manipulation of that resource. If that token expired then you will not be able to delete the custom resource and deletion will also hang until the situation is resolved. The recommended approach to deal with that situation is to patch a valid token into the secret again so that proper cleanup of aiven resources can take place.</p>"},{"location":"installation/uninstalling.html#hanging-deletions","title":"Hanging deletions","text":"<p>To protect the secrets that the operator is using from deletion, it adds the finalizer <code>finalizers.aiven.io/needed-to-delete-services</code> to the secret. This solves a race condition that happens when deleting a namespace, where there is a possibility of the secret getting deleted before the resource that uses it. When the controller is deleted it may not cleanup the finalizers from all secrets. If there is a secret with this finalizer blocking deletion of a namespace, for now please do</p> <pre><code>kubectl patch secret &lt;offending-secret&gt; -p '{\"metadata\":{\"finalizers\":null}}' --type=merge\n</code></pre> <p>to remove the finalizer.</p>"},{"location":"resources/cassandra.html","title":"Cassandra","text":"<p>Aiven for Apache Cassandra\u00ae is a distributed database designed to handle large volumes of writes.</p> <p>Note</p> <p>Before going through this guide, make sure you have a Kubernetes cluster with the operator installed and a Kubernetes Secret with an Aiven authentication token.</p>"},{"location":"resources/cassandra.html#creating-a-cassandra-instance","title":"Creating a Cassandra instance","text":"<p>1. Create a file named <code>cassandra-sample.yaml</code>, and add the following content: </p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: Cassandra\nmetadata:\n  name: cassandra-sample\nspec:\n  # gets the authentication token from the `aiven-token` Secret\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  # outputs the Cassandra connection on the `cassandra-secret` Secret\n  connInfoSecretTarget:\n    name: cassandra-secret\n\n  # add your Project name here\n  project: &lt;your-project-name&gt;\n\n  # cloud provider and plan of your choice\n  # you can check all of the possibilities here https://aiven.io/pricing\n  cloudName: google-europe-west1\n  plan: startup-4\n\n  # general Aiven configuration\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n</code></pre> <p>2. Create the service by applying the configuration:</p> <pre><code>kubectl apply -f cassandra-sample.yaml \n</code></pre> <p>The output is:</p> <pre><code>cassandra.aiven.io/cassandra-sample created\n</code></pre> <p>3. Review the resource you created with this command:</p> <pre><code>kubectl describe cassandra.aiven.io cassandra-sample\n</code></pre> <p>The output is similar to the following:</p> <pre><code>...\nStatus:\n  Conditions:\n    Last Transition Time:  2023-01-31T10:17:25Z\n    Message:               Instance was created or update on Aiven side\n    Reason:                Created\n    Status:                True\n    Type:                  Initialized\n    Last Transition Time:  2023-01-31T10:24:00Z\n    Message:               Instance is running on Aiven side\n    Reason:                CheckRunning\n    Status:                True\n    Type:                  Running\n  State:                   RUNNING\n...\n</code></pre> <p>The resource can be in the <code>REBUILDING</code> state for a few minutes. Once the state changes to <code>RUNNING</code>, you can access the resource.</p>"},{"location":"resources/cassandra.html#using-the-connection-secret","title":"Using the connection Secret","text":"<p>For your convenience, the operator automatically stores the Cassandra connection information in a Secret created with the name specified on the <code>connInfoSecretTarget</code> field.</p> <p>To view the details of the Secret, use the following command:</p> <pre><code>kubectl describe secret cassandra-secret \n</code></pre> <p>The output is similar to the following:</p> <pre><code>Name:         cassandra-secret\nNamespace:    default\nLabels:       &lt;none&gt;\nAnnotations:  &lt;none&gt;\n\nType:  Opaque\n\nData\n====\nCASSANDRA_HOSTS:     59 bytes\nCASSANDRA_PASSWORD:  24 bytes\nCASSANDRA_PORT:      5 bytes\nCASSANDRA_URI:       66 bytes\nCASSANDRA_USER:      8 bytes\nCASSANDRA_HOST:      60 bytes\n</code></pre> <p>You can use the jq to quickly decode the Secret:</p> <pre><code>kubectl get secret cassandra-secret -o json | jq '.data | map_values(@base64d)'\n</code></pre> <p>The output is similar to the following:</p> <pre><code>{\n  \"CASSANDRA_HOST\": \"&lt;secret&gt;\",\n  \"CASSANDRA_HOSTS\": \"&lt;secret&gt;\",\n  \"CASSANDRA_PASSWORD\": \"&lt;secret&gt;\",\n  \"CASSANDRA_PORT\": \"14609\",\n  \"CASSANDRA_URI\": \"&lt;secret&gt;\",\n  \"CASSANDRA_USER\": \"avnadmin\"\n}\n</code></pre>"},{"location":"resources/cassandra.html#creating-a-cassandra-user","title":"Creating a Cassandra user","text":"<p>You can create service users for your instance of Aiven for Apache Cassandra. Service users are unique to this instance and are not shared with any other services.</p> <p>1. Create a file named cassandra-service-user.yaml:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: ServiceUser\nmetadata:\n  name: cassandra-service-user\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: cassandra-service-user-secret\n\n  project: &lt;your-project-name&gt;\n  serviceName: cassandra-sample\n</code></pre> <p>2. Create the user by applying the configuration:</p> <pre><code>kubectl apply -f cassandra-service-user.yaml\n</code></pre> <p>The <code>ServiceUser</code> resource generates a Secret with connection information. </p> <p>3. View the details of the Secret using the following command:</p> <pre><code>kubectl get secret cassandra-service-user-secret -o json | jq '.data | map_values(@base64d)'\n</code></pre> <p>The output is similar to the following:</p> <pre><code>{\n  \"ACCESS_CERT\": \"&lt;secret&gt;\",\n  \"ACCESS_KEY\": \"&lt;secret&gt;\",\n  \"CA_CERT\": \"&lt;secret&gt;\",\n  \"HOST\": \"&lt;secret&gt;\",\n  \"PASSWORD\": \"&lt;secret&gt;\",\n  \"PORT\": \"14609\",\n  \"USERNAME\": \"cassandra-service-user\"\n}\n</code></pre> <p>You can connect to the Cassandra instance using these credentials and the host information from the <code>cassandra-secret</code> Secret.</p>"},{"location":"resources/mysql.html","title":"MySQL","text":"<p>Aiven for MySQL is a fully managed relational database service, deployable in the cloud of your choice. </p> <p>Before going through this guide, make sure you have a Kubernetes cluster with the operator installed and a Kubernetes Secret with an Aiven authentication token.</p>"},{"location":"resources/mysql.html#creating-a-mysql-instance","title":"Creating a MySQL instance","text":"<p>1. Create a file named <code>mysql-sample.yaml</code>, and add the following content: </p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: MySQL\nmetadata:\n  name: mysql-sample\nspec:\n  # gets the authentication token from the `aiven-token` Secret\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  # outputs the MySQL connection on the `mysql-secret` Secret\n  connInfoSecretTarget:\n    name: mysql-secret\n\n  # add your Project name here\n  project: &lt;your-project-name&gt;\n\n  # cloud provider and plan of your choice\n  # you can check all of the possibilities here https://aiven.io/pricing\n  cloudName: google-europe-west1\n  plan: startup-4\n\n  # general Aiven configuration\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n</code></pre> <p>2. Create the service by applying the configuration:</p> <pre><code>kubectl apply -f mysql-sample.yaml \n</code></pre> <p>3. Review the resource you created with this command:</p> <pre><code>kubectl describe mysql.aiven.io mysql-sample\n</code></pre> <p>The output is similar to the following:</p> <pre><code>...\nStatus:\n  Conditions:\n    Last Transition Time:  2023-02-22T15:43:44Z\n    Message:               Instance was created or update on Aiven side\n    Reason:                Created\n    Status:                True\n    Type:                  Initialized\n    Last Transition Time:  2023-02-22T15:43:44Z\n    Message:               Instance was created or update on Aiven side, status remains unknown\n    Reason:                Created\n    Status:                Unknown\n    Type:                  Running\n  State:                   REBUILDING\n...\n</code></pre> <p>The resource will be in the <code>REBUILDING</code> state for a few minutes. Once the state changes to <code>RUNNING</code>, you can access the resource.</p>"},{"location":"resources/mysql.html#using-the-connection-secret","title":"Using the connection Secret","text":"<p>For your convenience, the operator automatically stores the MySQL connection information in a Secret created with the name specified on the <code>connInfoSecretTarget</code> field.</p> <p>To view the details of the Secret, use the following command:</p> <pre><code>kubectl describe secret mysql-secret \n</code></pre> <p>The output is similar to the following:</p> <pre><code>Name:         mysql-secret\nNamespace:    default\nLabels:       &lt;none&gt;\nAnnotations:  &lt;none&gt;\n\nType:  Opaque\n\nData\n====\nMYSQL_PORT:      5 bytes\nMYSQL_SSL_MODE:  8 bytes\nMYSQL_URI:       115 bytes\nMYSQL_USER:      8 bytes\nMYSQL_DATABASE:  9 bytes\nMYSQL_HOST:      39 bytes\nMYSQL_PASSWORD:  24 bytes\n</code></pre> <p>You can use jq to quickly decode the Secret:</p> <pre><code>kubectl get secret mysql-secret -o json | jq '.data | map_values(@base64d)'\n</code></pre> <p>The output is similar to the following:</p> <pre><code>{\n  \"MYSQL_DATABASE\": \"defaultdb\",\n  \"MYSQL_HOST\": \"&lt;secret&gt;\",\n  \"MYSQL_PASSWORD\": \"&lt;secret&gt;\",\n  \"MYSQL_PORT\": \"12691\",\n  \"MYSQL_SSL_MODE\": \"REQUIRED\",\n  \"MYSQL_URI\": \"&lt;secret&gt;\",\n  \"MYSQL_USER\": \"avnadmin\"\n}\n</code></pre>"},{"location":"resources/mysql.html#creating-a-mysql-user","title":"Creating a MySQL user","text":"<p>You can create service users for your instance of Aiven for MySQL. Service users are unique to this instance and are not shared with any other services.</p> <p>1. Create a file named mysql-service-user.yaml:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: ServiceUser\nmetadata:\n  name: mysql-service-user\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: mysql-service-user-secret\n\n  project: &lt;your-project-name&gt;\n  serviceName: mysql-sample\n</code></pre> <p>2. Create the user by applying the configuration:</p> <pre><code>kubectl apply -f mysql-service-user.yaml\n</code></pre> <p>The <code>ServiceUser</code> resource generates a Secret with connection information. </p> <p>3. View the details of the Secret using jq:</p> <pre><code>kubectl get secret mysql-service-user-secret -o json | jq '.data | map_values(@base64d)'\n</code></pre> <p>The output is similar to the following:</p> <pre><code>{\n  \"ACCESS_CERT\": \"&lt;secret&gt;\",\n  \"ACCESS_KEY\": \"&lt;secret&gt;\",\n  \"CA_CERT\": \"&lt;secret&gt;\",\n  \"HOST\": \"&lt;secret&gt;\",\n  \"PASSWORD\": \"&lt;secret&gt;\",\n  \"PORT\": \"14609\",\n  \"USERNAME\": \"mysql-service-user\"\n}\n</code></pre> <p>You can connect to the MySQL instance using these credentials and the host information from the <code>mysql-secret</code> Secret.</p>"},{"location":"resources/opensearch.html","title":"OpenSearch","text":"<p>OpenSearch\u00ae is an open source search and analytics suite including search engine, NoSQL document database, and visualization interface. OpenSearch offers a distributed, full-text search engine based on Apache Lucene\u00ae with a RESTful API interface and support for JSON documents.</p> <p>Note</p> <p>Before going through this guide, make sure you have a Kubernetes cluster with the operator installed  and a Kubernetes Secret with an Aiven authentication token.</p>"},{"location":"resources/opensearch.html#creating-an-opensearch-instance","title":"Creating an OpenSearch instance","text":"<p>1. Create a file named <code>os-sample.yaml</code>, and add the following content: </p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: OpenSearch\nmetadata:\n  name: os-sample\nspec:\n  # gets the authentication token from the `aiven-token` Secret\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  # outputs the OpenSearch connection on the `os-secret` Secret\n  connInfoSecretTarget:\n    name: os-secret\n\n  # add your Project name here\n  project: &lt;your-project-name&gt;\n\n  # cloud provider and plan of your choice\n  # you can check all of the possibilities here https://aiven.io/pricing\n  cloudName: google-europe-west1\n  plan: startup-4\n\n  # general Aiven configuration\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n</code></pre> <p>2. Create the service by applying the configuration:</p> <pre><code>kubectl apply -f os-sample.yaml \n</code></pre> <p>3. Review the resource you created with this command:</p> <pre><code>kubectl describe opensearch.aiven.io os-sample\n</code></pre> <p>The output is similar to the following:</p> <pre><code>...\nStatus:\n  Conditions:\n    Last Transition Time:  2023-01-19T14:41:43Z\n    Message:               Instance was created or update on Aiven side\n    Reason:                Created\n    Status:                True\n    Type:                  Initialized\n    Last Transition Time:  2023-01-19T14:41:43Z\n    Message:               Instance was created or update on Aiven side, status remains unknown\n    Reason:                Created\n    Status:                Unknown\n    Type:                  Running\n  State:                   REBUILDING\n...\n</code></pre> <p>The resource will be in the <code>REBUILDING</code> state for a few minutes. Once the state changes to <code>RUNNING</code>, you can access the resource.</p>"},{"location":"resources/opensearch.html#using-the-connection-secret","title":"Using the connection Secret","text":"<p>For your convenience, the operator automatically stores the OpenSearch connection information in a Secret created with the name specified on the <code>connInfoSecretTarget</code> field.</p> <p>To view the details of the Secret, use the following command:</p> <pre><code>kubectl describe secret os-secret \n</code></pre> <p>The output is similar to the following:</p> <pre><code>Name:         os-secret\nNamespace:    default\nLabels:       &lt;none&gt;\nAnnotations:  &lt;none&gt;\n\nType:  Opaque\n\nData\n====\nHOST:      61 bytes\nPASSWORD:  24 bytes\nPORT:      5 bytes\nUSER:      8 bytes\n</code></pre> <p>You can use the jq to quickly decode the Secret:</p> <pre><code>kubectl get secret os-secret -o json | jq '.data | map_values(@base64d)'\n</code></pre> <p>The output is similar to the following:</p> <pre><code>{\n  \"HOST\": \"os-sample-your-project.aivencloud.com\",\n  \"PASSWORD\": \"&lt;secret&gt;\",\n  \"PORT\": \"13041\",\n  \"USER\": \"avnadmin\"\n}\n</code></pre>"},{"location":"resources/opensearch.html#creating-an-opensearch-user","title":"Creating an OpenSearch user","text":"<p>You can create service users for your instance of Aiven for OpenSearch. Service users are unique to this instance and are not shared with any other services.</p> <p>1. Create a file named os-service-user.yaml:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: ServiceUser\nmetadata:\n  name: os-service-user\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: os-service-user-secret\n\n  project: &lt;your-project-name&gt;\n  serviceName: os-sample\n</code></pre> <p>2. Create the user by applying the configuration:</p> <pre><code>kubectl apply -f os-service-user.yaml\n</code></pre> <p>The <code>ServiceUser</code> resource generates a Secret with connection information.</p> <p>3. View the details of the Secret using the following command:</p> <pre><code>kubectl get secret os-service-user-secret -o json | jq '.data | map_values(@base64d)'\n</code></pre> <p>The output is similar to the following:</p> <pre><code>{\n  \"ACCESS_CERT\": \"&lt;secret&gt;\",\n  \"ACCESS_KEY\": \"&lt;secret&gt;\",\n  \"CA_CERT\": \"&lt;secret&gt;\",\n  \"HOST\": \"os-sample-your-project.aivencloud.com\",\n  \"PASSWORD\": \"&lt;secret&gt;\",\n  \"PORT\": \"14609\",\n  \"USERNAME\": \"os-service-user\"\n}\n</code></pre> <p>You can connect to the OpenSearch instance using these credentials and the host information from the <code>os-secret</code> Secret.</p>"},{"location":"resources/postgresql.html","title":"PostgreSQL","text":"<p>PostgreSQL is an open source, relational database. It's ideal for organisations that need a well organised tabular datastore. On top of the strict table and columns formats, PostgreSQL also offers solutions for nested datasets with the native <code>jsonb</code> format and advanced set of extensions including PostGIS, a spatial database extender for location queries. Aiven for PostgreSQL is the perfect fit for your relational data.</p> <p>With Aiven Kubernetes Operator, you can manage Aiven for PostgreSQL through the well defined Kubernetes API.</p> <p>Note</p> <p>Before going through this guide, make sure you have a Kubernetes cluster with the operator installed,  and a Kubernetes Secret with an Aiven authentication token.</p>"},{"location":"resources/postgresql.html#creating-a-postgresql-instance","title":"Creating a PostgreSQL instance","text":"<p>1. Create a file named <code>pg-sample.yaml</code> with the following content:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: PostgreSQL\nmetadata:\n  name: pg-sample\nspec:\n\n  # gets the authentication token from the `aiven-token` Secret\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  # outputs the PostgreSQL connection on the `pg-connection` Secret\n  connInfoSecretTarget:\n    name: pg-connection\n\n  # add your Project name here\n  project: &lt;your-project-name&gt;\n\n  # cloud provider and plan of your choice\n  # you can check all of the possibilities here https://aiven.io/pricing\n  cloudName: google-europe-west1\n  plan: startup-4\n\n  # general Aiven configuration\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n\n  # specific PostgreSQL configuration\n  userConfig:\n    pg_version: '11'\n</code></pre> <p>2. Create the service by applying the configuration:</p> <pre><code>kubectl apply -f pg-sample.yaml\n</code></pre> <p>3. Review the resource you created with the following command:</p> <pre><code>kubectl get postgresqls.aiven.io pg-sample\n</code></pre> <p>The output is similar to the following:</p> <pre><code>NAME        PROJECT        REGION                PLAN        STATE\npg-sample   your-project   google-europe-west1   startup-4   RUNNING\n</code></pre> <p>The resource can stay in the <code>BUILDING</code> state for a couple of minutes. Once the state changes to <code>RUNNING</code>, you are ready to access it.</p>"},{"location":"resources/postgresql.html#using-the-connection-secret","title":"Using the connection Secret","text":"<p>For your convenience, the operator automatically stores the PostgreSQL connection information in a Secret created with the name specified on the <code>connInfoSecretTarget</code> field.</p> <pre><code>kubectl describe secret pg-connection\n</code></pre> <p>The output is similar to the following:</p> <pre><code>Name:         pg-connection\nNamespace:    default\nAnnotations:  &lt;none&gt;\n\nType:  Opaque\n\nData\n====\nDATABASE_URI:  107 bytes\nPGDATABASE:    9 bytes\nPGHOST:        38 bytes\nPGPASSWORD:    16 bytes\nPGPORT:        5 bytes\nPGSSLMODE:     7 bytes\nPGUSER:        8 bytes\n</code></pre> <p>You can use the jq to quickly decode the Secret:</p> <pre><code>kubectl get secret pg-connection -o json | jq '.data | map_values(@base64d)'\n</code></pre> <p>The output is similar to the following:</p> <pre><code>{\n  \"DATABASE_URI\": \"postgres://avnadmin:&lt;secret-password&gt;@pg-sample-your-project.aivencloud.com:13039/defaultdb?sslmode=require\",\n  \"PGDATABASE\": \"defaultdb\",\n  \"PGHOST\": \"pg-sample-your-project.aivencloud.com\",\n  \"PGPASSWORD\": \"&lt;secret-password&gt;\",\n  \"PGPORT\": \"13039\",\n  \"PGSSLMODE\": \"require\",\n  \"PGUSER\": \"avnadmin\"\n}\n</code></pre>"},{"location":"resources/postgresql.html#testing-the-connection","title":"Testing the connection","text":"<p>You can verify your PostgreSQL connection from a Kubernetes workload by deploying a Pod that runs the <code>psql</code> command.</p> <p>1. Create a file named <code>pod-psql.yaml</code></p> <pre><code>apiVersion: v1\nkind: Pod\nmetadata:\n  name: psql-test-connection\nspec:\n  restartPolicy: Never\n  containers:\n    - image: postgres:11-alpine\n      name: postgres\n      command: [ 'psql', '$(DATABASE_URI)', '-c', 'SELECT version();' ]\n\n      # the pg-connection Secret becomes environment variables \n      envFrom:\n        - secretRef:\n            name: pg-connection\n</code></pre> <p>It runs once and stops, due to the <code>restartPolicy: Never</code> flag.</p> <p>2. Inspect the log:</p> <pre><code>kubectl logs psql-test-connection\n</code></pre> <p>The output is similar to the following: <pre><code>                                           version                                           \n---------------------------------------------------------------------------------------------\n PostgreSQL 11.12 on x86_64-pc-linux-gnu, compiled by gcc, a 68c5366192 p 6b9244f01a, 64-bit\n(1 row)\n</code></pre></p> <p>You have now connected to the PostgreSQL, and executed the <code>SELECT version();</code> query.</p>"},{"location":"resources/postgresql.html#creating-a-postgresql-database","title":"Creating a PostgreSQL database","text":"<p>The <code>Database</code> Kubernetes resource allows you to create a logical database within the PostgreSQL instance.</p> <p>Create the <code>pg-database-sample.yaml</code> file with the following content:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: Database\nmetadata:\n  name: pg-database-sample\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  # the name of the previously created PostgreSQL instance\n  serviceName: pg-sample\n\n  project: &lt;your-project-name&gt;\n  lcCollate: en_US.UTF-8\n  lcCtype: en_US.UTF-8\n</code></pre> <p>You can now connect to the <code>pg-database-sample</code> using the credentials stored in the <code>pg-connection</code> Secret.</p>"},{"location":"resources/postgresql.html#creating-a-postgresql-user","title":"Creating a PostgreSQL user","text":"<p>Aiven uses the concept of service user that allows you to create users for different services. You can create one for the PostgreSQL instance.</p> <p>1. Create a file named <code>pg-service-user.yaml</code>.</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: ServiceUser\nmetadata:\n  name: pg-service-user\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: pg-service-user-connection\n\n  project: &lt;your-project-name&gt;\n  serviceName: pg-sample\n</code></pre> <p>2. Apply the configuration with the following command.</p> <pre><code>kubectl apply -f pg-service-user.yaml\n</code></pre> <p>The <code>ServiceUser</code> resource generates a Secret with connection information, in this case named <code>pg-service-user-connection</code>:</p> <pre><code>kubectl get secret pg-service-user-connection -o json | jq '.data | map_values(@base64d)'\n</code></pre> <p>The output has the password and username: <pre><code>{\n  \"PASSWORD\": \"&lt;secret-password&gt;\",\n  \"USERNAME\": \"pg-service-user\"\n}\n</code></pre></p> <p>You can now connect to the PostgreSQL instance using the credentials generated above, and the host information from the <code>pg-connection</code> Secret.</p>"},{"location":"resources/postgresql.html#creating-a-postgresql-connection-pool","title":"Creating a PostgreSQL connection pool","text":"<p>Connection pooling allows you to maintain very large numbers of connections to a database while minimizing the consumption of server resources. For more information, refer to the connection pooling article in Aiven Docs. Aiven for PostgreSQL uses PGBouncer for connection pooling.</p> <p>You can create a connection pool with the <code>ConnectionPool</code> resource using the previously created <code>Database</code> and <code>ServiceUser</code>:</p> <p>Create a new file named <code>pg-connection-pool.yaml</code> with the following content:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: ConnectionPool\nmetadata:\n  name: pg-connection-pool\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: pg-connection-pool-connection\n\n  project: &lt;your-project-name&gt;\n  serviceName: pg-sample\n  databaseName: pg-database-sample\n  username: pg-service-user\n  poolSize: 10\n  poolMode: transaction\n</code></pre> <p>The <code>ConnectionPool</code> generates a Secret with the connection info using the name from the <code>connInfoSecretTarget.Name</code> field:</p> <p><pre><code>kubectl get secret pg-connection-pool-connection -o json | jq '.data | map_values(@base64d)' \n</code></pre> The output is similar to the following: </p> <pre><code>{\n  \"DATABASE_URI\": \"postgres://pg-service-user:&lt;secret-password&gt;@pg-sample-you-project.aivencloud.com:13040/pg-connection-pool?sslmode=require\",\n  \"PGDATABASE\": \"pg-database-sample\",\n  \"PGHOST\": \"pg-sample-your-project.aivencloud.com\",\n  \"PGPASSWORD\": \"&lt;secret-password&gt;\",\n  \"PGPORT\": \"13040\",\n  \"PGSSLMODE\": \"require\",\n  \"PGUSER\": \"pg-service-user\"\n}\n</code></pre>"},{"location":"resources/postgresql.html#creating-a-postgresql-read-only-replica","title":"Creating a PostgreSQL read-only replica","text":"<p>Read-only replicas can be used to reduce the load on the primary service by making read-only queries against the replica service. </p> <p>To create a read-only replica for a PostgreSQL service, you create a second PostgreSQL service and use serviceIntegrations to replicate data from your primary service.</p> <p>The example that follows creates a primary service and a read-only replica.</p> <p>1. Create a new file named <code>pg-read-replica.yaml</code> with the following:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: PostgreSQL\nmetadata:\n  name: primary-pg-service\nspec:\n  # gets the authentication token from the `aiven-token` Secret\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  # add your project's name here\n  project: &lt;your-project-name&gt;\n\n  # add the cloud provider and plan of your choice\n  # you can see all of the options at https://aiven.io/pricing\n  cloudName: google-europe-west1\n  plan: startup-4\n\n  # general Aiven configuration\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n  userConfig:\n    pg_version: '15'\n\n---\n\napiVersion: aiven.io/v1alpha1\nkind: PostgreSQL\nmetadata:\n  name: read-replica-pg\nspec:\n  # gets the authentication token from the `aiven-token` Secret\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  # add your project's name here\n  project: &lt;your-project-name&gt;\n\n  # add the cloud provider and plan of your choice\n  # you can see all of the options at https://aiven.io/pricing\n  cloudName: google-europe-west1\n  plan: startup-4\n\n  # general Aiven configuration\n  maintenanceWindowDow: saturday\n  maintenanceWindowTime: 23:00:00\n  userConfig:\n    pg_version: '15'\n\n  # use the read_replica integration and point it to your primary service\n  serviceIntegrations:\n  -  integrationType: read_replica\n     sourceServiceName: primary-pg-service\n</code></pre> <p>Note</p> <p>You can create the replica service in a different region or on a different cloud provider.</p> <p>2. Apply the configuration with the following command:</p> <pre><code>kubectl apply -f pg-read-replica.yaml\n</code></pre> <p>The output is similar to the following:</p> <pre><code>postgresql.aiven.io/primary-pg-service created\npostgresql.aiven.io/read-replica-pg created\n</code></pre> <p>3. Check the status of the primary service with the following command:</p> <pre><code>kubectl get postgresqls.aiven.io primary-pg-service\n</code></pre> <p>The output is similar to the following:</p> <pre><code>NAME                    PROJECT                 REGION                PLAN        STATE\nprimary-pg-service      &lt;your-project-name&gt;     google-europe-west1   startup-4   RUNNING\n</code></pre> <p>The resource can be in the <code>BUILDING</code> state for a few minutes. After the state of the primary service changes to <code>RUNNING</code>, the read-only replica is created. You can check the status of the replica using the same command with the name of the replica:</p> <pre><code>kubectl get postgresqls.aiven.io read-replica-pg\n</code></pre>"},{"location":"resources/project-vpc.html","title":"Aiven Project VPC","text":"<p>Virtual Private Cloud (VPC) peering is a method of connecting separate AWS, Google Cloud or Microsoft Azure private networks to each other. It makes it possible for the virtual machines in the different VPCs to talk to each other directly without going through the public internet.</p> <p>Within the Aiven Kubernetes Operator, you can create a <code>ProjectVPC</code> on Aiven's side to connect to your cloud provider.</p> <p>Note</p> <p>Before going through this guide, make sure you have a Kubernetes cluster with the operator installed,  and a Kubernetes Secret with an Aiven authentication token.</p>"},{"location":"resources/project-vpc.html#creating-an-aiven-vpc","title":"Creating an Aiven VPC","text":"<p>1. Create a file named <code>vpc-sample.yaml</code> with the following content:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: ProjectVPC\nmetadata:\n  name: vpc-sample\nspec:\n  # gets the authentication token from the `aiven-token` Secret\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: &lt;your-project-name&gt;\n\n  # creates a VPC to link an AWS account on the South Africa region\n  cloudName: aws-af-south-1\n\n  # the network range used by the VPC\n  networkCidr: 192.168.0.0/24\n</code></pre> <p>2. Create the Project by applying the configuration:</p> <pre><code>kubectl apply -f vpc-sample.yaml\n</code></pre> <p>3. Review the resource you created with the following command:</p> <pre><code>kubectl get projects.aiven.io vpc-sample\n</code></pre> <p>The output is similar to the following:</p> <pre><code>NAME         PROJECT          CLOUD            NETWORK CIDR\nvpc-sample   &lt;your-project&gt;   aws-af-south-1   192.168.0.0/24\n</code></pre>"},{"location":"resources/project-vpc.html#using-the-aiven-vpc","title":"Using the Aiven VPC","text":"<p>Follow the official VPC documentation to complete the VPC peering on your cloud of choice.</p>"},{"location":"resources/project.html","title":"Aiven Project","text":"<p>Note</p> <p>Before going through this guide, make sure you have a Kubernetes cluster with the operator installed  and a Kubernetes Secret with an Aiven authentication token.</p> <p>The <code>Project</code> CRD allows you to create Aiven Projects, where your resources can be located.</p> <p>To create a fully working Aiven Project with the Aiven Operator you need a source Aiven Project already created with a working billing configuration, like a credit card.</p> <p>Create a file named <code>project-sample.yaml</code> with the following content: <pre><code>apiVersion: aiven.io/v1alpha1\nkind: Project\nmetadata:\n  name: project-sample\nspec:\n  # the source Project to copy the billing information from\n  copyFromProject: &lt;your-source-project&gt;\n\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: project-sample\n</code></pre></p> <p>Apply the resource with: <pre><code>kubectl apply -f project-sample.yaml\n</code></pre></p> <p>Verify the newly created Project:</p> <pre><code>kubectl get projects.aiven.io project-sample\n</code></pre> <p>The output is similar to the following:</p> <pre><code>NAME             AGE\nproject-sample   22s\n</code></pre>"},{"location":"resources/redis.html","title":"Redis","text":"<p>Aiven for Redis\u00ae* is a fully managed in-memory NoSQL database that you can deploy in the cloud of your choice to store and access data quickly and efficiently.</p> <p>Note</p> <p>Before going through this guide, make sure you have a Kubernetes cluster with the operator installed  and a Kubernetes Secret with an Aiven authentication token.</p>"},{"location":"resources/redis.html#creating-a-redis-instance","title":"Creating a Redis instance","text":"<p>1. Create a file named <code>redis-sample.yaml</code>, and add the following content: </p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: Redis\nmetadata:\n  name: redis-sample\nspec:\n  # gets the authentication token from the `aiven-token` Secret\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  # outputs the Redis connection on the `redis-secret` Secret\n  connInfoSecretTarget:\n    name: redis-secret\n\n  # add your Project name here\n  project: &lt;your-project-name&gt;\n\n  # cloud provider and plan of your choice\n  # you can check all of the possibilities here https://aiven.io/pricing\n  cloudName: google-europe-west1\n  plan: startup-4\n\n  # general Aiven configuration\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n\n  # specific Redis configuration\n  userConfig:\n    redis_maxmemory_policy: \"allkeys-random\"\n</code></pre> <p>2. Create the service by applying the configuration:</p> <pre><code>kubectl apply -f redis-sample.yaml \n</code></pre> <p>3. Review the resource you created with this command:</p> <pre><code>kubectl describe redis.aiven.io redis-sample\n</code></pre> <p>The output is similar to the following:</p> <pre><code>...\nStatus:\n  Conditions:\n    Last Transition Time:  2023-01-19T14:48:59Z\n    Message:               Instance was created or update on Aiven side\n    Reason:                Created\n    Status:                True\n    Type:                  Initialized\n    Last Transition Time:  2023-01-19T14:48:59Z\n    Message:               Instance was created or update on Aiven side, status remains unknown\n    Reason:                Created\n    Status:                Unknown\n    Type:                  Running\n  State:                   REBUILDING\n...\n</code></pre> <p>The resource will be in the <code>REBUILDING</code> state for a few minutes. Once the state changes to <code>RUNNING</code>, you can access the resource.</p>"},{"location":"resources/redis.html#using-the-connection-secret","title":"Using the connection Secret","text":"<p>For your convenience, the operator automatically stores the Redis connection information in a Secret created with the name specified on the <code>connInfoSecretTarget</code> field.</p> <p>To view the details of the Secret, use the following command:</p> <pre><code>kubectl describe secret redis-secret \n</code></pre> <p>The output is similar to the following:</p> <pre><code>Name:         redis-secret\nNamespace:    default\nLabels:       &lt;none&gt;\nAnnotations:  &lt;none&gt;\n\nType:  Opaque\n\nData\n====\nSSL:       8 bytes\nUSER:      7 bytes\nHOST:      60 bytes\nPASSWORD:  24 bytes\nPORT:      5 bytes\n</code></pre> <p>You can use the jq to quickly decode the Secret:</p> <pre><code>kubectl get secret redis-secret -o json | jq '.data | map_values(@base64d)'\n</code></pre> <p>The output is similar to the following:</p> <pre><code>{\n  \"HOST\": \"redis-sample-your-project.aivencloud.com\",\n  \"PASSWORD\": \"&lt;secret-password&gt;\",\n  \"PORT\": \"14610\",\n  \"SSL\": \"required\",\n  \"USER\": \"default\"\n}\n</code></pre>"},{"location":"resources/service-integrations.html","title":"Service Integrations","text":"<p>Service Integrations provide additional functionality and features by connecting different Aiven services together.</p> <p>See our Getting Started with Service Integrations guide for more information.</p> <p>Note</p> <p>Before going through this guide, make sure you have a Kubernetes cluster with the operator installed,  and a Kubernetes Secret with an Aiven authentication token.</p>"},{"location":"resources/service-integrations.html#send-kafka-logs-to-a-kafka-topic","title":"Send Kafka logs to a Kafka Topic","text":"<p>This integration allows you to send Kafka service logs to a specific Kafka Topic.</p> <p>First, let's create a Kafka service and a topic.</p> <p>1. Create a new file named <code>kafka-sample-topic.yaml</code> with the following content:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: Kafka\nmetadata:\n  name: kafka-sample\nspec:\n  # gets the authentication token from the `aiven-token` Secret\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  # outputs the Kafka connection on the `kafka-connection` Secret\n  connInfoSecretTarget:\n    name: kafka-auth\n\n  # add your Project name here\n  project: &lt;your-project-name&gt;\n\n  # cloud provider and plan of your choice\n  # you can check all of the possibilities here https://aiven.io/pricing\n  cloudName: google-europe-west1\n  plan: startup-2\n\n  # general Aiven configuration\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n\n  # specific Kafka configuration\n  userConfig:\n    kafka_version: '2.7'\n\n---\n\napiVersion: aiven.io/v1alpha1\nkind: KafkaTopic\nmetadata:\n  name: logs\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: &lt;your-project-name&gt;\n  serviceName: kafka-sample\n\n  # here we can specify how many partitions the topic should have\n  partitions: 3\n  # and the topic replication factor\n  replication: 2\n\n  # we also support various topic-specific configurations\n  config:\n    flush_ms: 100\n</code></pre> <p>2. Create the resource on Kubernetes:</p> <pre><code>kubectl apply -f kafka-sample-topic.yaml \n</code></pre> <p>3. Now, create a <code>ServiceIntegration</code> resource to send the Kafka logs to the created topic. In the same file, add the    following YAML:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: ServiceIntegration\nmetadata:\n  name: service-integration-kafka-logs\nspec:\n\n  # gets the authentication token from the `aiven-token` Secret\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: &lt;your-project-name&gt;\n\n  # indicates the type of the integration\n  integrationType: kafka_logs\n\n  # we will send the logs to the same kafka-sample instance\n  # the source and destination are the same\n  sourceServiceName: kafka-sample\n  destinationServiceName: kafka-sample\n\n  # the topic name we will send to\n  kafkaLogs:\n    kafka_topic: logs\n</code></pre> <p>4. Reapply the resource on Kubernetes:</p> <pre><code>kubectl apply -f kafka-sample-topic.yaml \n</code></pre> <p>5. Let's check the created service integration:</p> <pre><code>kubectl get serviceintegrations.aiven.io service-integration-kafka-logs\n</code></pre> <p>The output is similar to the following:</p> <pre><code>NAME                             PROJECT        TYPE         SOURCE SERVICE NAME   DESTINATION SERVICE NAME   SOURCE ENDPOINT ID   DESTINATION ENDPOINT ID\nservice-integration-kafka-logs   your-project   kafka_logs   kafka-sample          kafka-sample                                    \n</code></pre> <p>Your Kafka service logs are now being streamed to the <code>logs</code> Kafka topic.</p>"},{"location":"resources/kafka/index.html","title":"Kafka","text":"<p>Aiven for Apache Kafka is an excellent option if you need to run Apache Kafka at scale. With Aiven Kubernetes Operator you can get up and running with a suitably sized Apache Kafka service in a few minutes.</p> <p>Note</p> <p>Before going through this guide, make sure you have a Kubernetes cluster with the operator installed  and a Kubernetes Secret with an Aiven authentication token.</p>"},{"location":"resources/kafka/index.html#creating-a-kafka-instance","title":"Creating a Kafka instance","text":"<p>1. Create a file named <code>kafka-sample.yaml</code>, and add the following content:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: Kafka\nmetadata:\n  name: kafka-sample\nspec:\n  # gets the authentication token from the `aiven-token` Secret\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  # outputs the Kafka connection on the `kafka-connection` Secret\n  connInfoSecretTarget:\n    name: kafka-auth\n\n  # add your Project name here\n  project: &lt;your-project-name&gt;\n\n  # cloud provider and plan of your choice\n  # you can check all of the possibilities here https://aiven.io/pricing\n  cloudName: google-europe-west1\n  plan: startup-2\n\n  # general Aiven configuration\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n\n  # specific Kafka configuration\n  userConfig:\n    kafka_version: '2.7'\n</code></pre> <p>2. Create the following resource on Kubernetes:</p> <pre><code>kubectl apply -f kafka-sample.yaml \n</code></pre> <p>3. Inspect the service created using the command below. </p> <pre><code>kubectl get kafka.aiven.io kafka-sample\n</code></pre> <p>The output has the project name and state, similar to the following:</p> <pre><code>NAME           PROJECT          REGION                PLAN        STATE\nkafka-sample   &lt;your-project&gt;   google-europe-west1   startup-2   RUNNING\n</code></pre> <p>After a couple of minutes, the <code>STATE</code> field is changed to <code>RUNNING</code>, and is ready to be used.</p>"},{"location":"resources/kafka/index.html#using-the-connection-secret","title":"Using the connection Secret","text":"<p>For your convenience, the operator automatically stores the Kafka connection information in a Secret created with the name specified on the <code>connInfoSecretTarget</code> field.</p> <pre><code>kubectl describe secret kafka-auth \n</code></pre> <p>The output is similar to the following:</p> <pre><code>Name:         kafka-auth\nNamespace:    default\nAnnotations:  &lt;none&gt;\n\nType:  Opaque\n\nData\n====\nCA_CERT:      1537 bytes\nHOST:         41 bytes\nPASSWORD:     16 bytes\nPORT:         5 bytes\nUSERNAME:     8 bytes\nACCESS_CERT:  1533 bytes\nACCESS_KEY:   2484 bytes\n</code></pre> <p>You can use the jq to quickly decode the Secret:</p> <pre><code>kubectl get secret kafka-auth -o json | jq '.data | map_values(@base64d)'\n</code></pre> <p>The output is similar to the following:</p> <pre><code>{\n  \"CA_CERT\": \"&lt;secret-ca-cert&gt;\",\n  \"ACCESS_CERT\": \"&lt;secret-cert&gt;\",\n  \"ACCESS_KEY\": \"&lt;secret-access-key&gt;\",\n  \"HOST\": \"kafka-sample-your-project.aivencloud.com\",\n  \"PASSWORD\": \"&lt;secret-password&gt;\",\n  \"PORT\": \"13041\",\n  \"USERNAME\": \"avnadmin\"\n}\n</code></pre>"},{"location":"resources/kafka/index.html#testing-the-connection","title":"Testing the connection","text":"<p>You can verify your access to the Kafka cluster from a Pod using the authentication data from the <code>kafka-auth</code> Secret. kcat is used for our examples below.</p> <p>1. Create a file named <code>kafka-test-connection.yaml</code>, and add the following content:</p> <pre><code>apiVersion: v1\nkind: Pod\nmetadata:\n  name: kafka-test-connection\nspec:\n  restartPolicy: Never\n  containers:\n    - image: edenhill/kcat:1.7.0\n      name: kcat\n\n      # the command below will connect to the Kafka cluster\n      # and output its metadata\n      command: [\n          'kcat', '-b', '$(HOST):$(PORT)',\n          '-X', 'security.protocol=SSL',\n          '-X', 'ssl.key.location=/kafka-auth/ACCESS_KEY',\n          '-X', 'ssl.key.password=$(PASSWORD)',\n          '-X', 'ssl.certificate.location=/kafka-auth/ACCESS_CERT',\n          '-X', 'ssl.ca.location=/kafka-auth/CA_CERT',\n          '-L'\n      ]\n\n      # loading the data from the Secret as environment variables\n      # useful to access the Kafka information, like hostname and port\n      envFrom:\n        - secretRef:\n            name: kafka-auth\n\n      volumeMounts:\n        - name: kafka-auth\n          mountPath: \"/kafka-auth\"\n\n  # loading the data from the Secret as files in a volume\n  # useful to access the Kafka certificates \n  volumes:\n    - name: kafka-auth\n      secret:\n        secretName: kafka-auth\n</code></pre> <p>2. Apply the file.</p> <pre><code>kubectl apply -f kafka-test-connection.yaml\n</code></pre> <p>Once successfully applied, you have a log with the metadata information about the Kafka cluster.</p> <pre><code>kubectl logs kafka-test-connection \n</code></pre> <p>The output is similar to the following:</p> <pre><code>Metadata for all topics (from broker -1: ssl://kafka-sample-your-project.aivencloud.com:13041/bootstrap):\n 3 brokers:\n  broker 2 at 35.205.234.70:13041\n  broker 3 at 34.77.127.70:13041 (controller)\n  broker 1 at 34.78.146.156:13041\n 0 topics:\n</code></pre>"},{"location":"resources/kafka/index.html#creating-a-kafkatopic-and-kafkaacl","title":"Creating a <code>KafkaTopic</code> and <code>KafkaACL</code>","text":"<p>To properly produce and consume content on Kafka, you need topics and ACLs. The operator supports both with the <code>KafkaTopic</code> and <code>KafkaACL</code> resources.</p> <p>Below, here is how to create a Kafka topic named <code>random-strings</code> where random string messages will be sent.</p> <p>1. Create a file named <code>kafka-topic-random-strings.yaml</code> with the content below:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: KafkaTopic\nmetadata:\n  name: random-strings\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: &lt;your-project-name&gt;\n  serviceName: kafka-sample\n\n  # here we can specify how many partitions the topic should have\n  partitions: 3\n  # and the topic replication factor\n  replication: 2\n\n  # we also support various topic-specific configurations\n  config:\n    flush_ms: 100\n</code></pre> <p>2. Create the resource on Kubernetes:</p> <pre><code>kubectl apply -f kafka-topic-random-strings.yaml\n</code></pre> <p>3. Create a user and an ACL. To use the Kafka topic, create a new user with the <code>ServiceUser</code> resource (in order to    avoid using the <code>avnadmin</code> superuser), and the <code>KafkaACL</code> to allow the user access to the topic.</p> <p>In a file named <code>kafka-acl-user-crab.yaml</code>, add the following two resources:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: ServiceUser\nmetadata:\n  # the name of our user \ud83e\udd80\n  name: crab\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  # the Secret name we will store the users' connection information\n  # looks exactly the same as the Secret generated when creating the Kafka cluster\n  # we will use this Secret to produce and consume events later!\n  connInfoSecretTarget:\n    name: kafka-crab-connection\n\n  # the Aiven project the user is related to\n  project: &lt;your-project-name&gt;\n\n  # the name of our Kafka Service\n  serviceName: kafka-sample\n\n---\n\napiVersion: aiven.io/v1alpha1\nkind: KafkaACL\nmetadata:\n  name: crab\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: &lt;your-project-name&gt;\n  serviceName: kafka-sample\n\n  # the username from the ServiceUser above\n  username: crab\n\n  # the ACL allows to produce and consume on the topic\n  permission: readwrite\n\n  # specify the topic we created before\n  topic: random-strings\n</code></pre> <p>To create the <code>crab</code> user and its permissions, execute the following command:</p> <pre><code>kubectl apply -f kafka-acl-user-crab.yaml\n</code></pre>"},{"location":"resources/kafka/index.html#producing-and-consuming-events","title":"Producing and consuming events","text":"<p>Using the previously created <code>KafkaTopic</code>, <code>ServiceUser</code>, <code>KafkaACL</code>, you can produce and consume events.</p> <p>You can use kcat to produce a message into Kafka, and the <code>-t random-strings</code> argument to select the desired topic, and use the content of the <code>/etc/issue</code> file as the message's body.</p> <p>1. Create a <code>kafka-crab-produce.yaml</code> file with the content below:</p> <pre><code>apiVersion: v1\nkind: Pod\nmetadata:\n  name: kafka-crab-produce\nspec:\n  restartPolicy: Never\n  containers:\n    - image: edenhill/kcat:1.7.0\n      name: kcat\n\n      # the command below will produce a message with the /etc/issue file content\n      command: [\n          'kcat', '-b', '$(HOST):$(PORT)',\n          '-X', 'security.protocol=SSL',\n          '-X', 'ssl.key.location=/crab-auth/ACCESS_KEY',\n          '-X', 'ssl.key.password=$(PASSWORD)',\n          '-X', 'ssl.certificate.location=/crab-auth/ACCESS_CERT',\n          '-X', 'ssl.ca.location=/crab-auth/CA_CERT',\n          '-P', '-t', 'random-strings', '/etc/issue',\n      ]\n\n      # loading the crab user data from the Secret as environment variables\n      # useful to access the Kafka information, like hostname and port\n      envFrom:\n        - secretRef:\n            name: kafka-crab-connection\n\n      volumeMounts:\n        - name: crab-auth\n          mountPath: \"/crab-auth\"\n\n  # loading the crab user information from the Secret as files in a volume\n  # useful to access the Kafka certificates \n  volumes:\n    - name: crab-auth\n      secret:\n        secretName: kafka-crab-connection\n</code></pre> <p>2. Create the Pod with the following content:</p> <pre><code>kubectl apply -f kafka-crab-produce.yaml\n</code></pre> <p>Now your event is stored in Kafka.</p> <p>To consume a message, you can use a graphical interface called Kowl. It allows you to explore information about our Kafka cluster, such as brokers, topics, or consumer groups.</p> <p>1. Create a Kubernetes Pod and service to deploy and access Kowl. Create a file named <code>kafka-crab-consume.yaml</code> with the    content below:</p> <pre><code>apiVersion: v1\nkind: Pod\nmetadata:\n  name: kafka-crab-consume\n  labels:\n    app: kafka-crab-consume\nspec:\n  containers:\n    - image: quay.io/cloudhut/kowl:v1.4.0\n      name: kowl\n\n      # kowl configuration values\n      env:\n        - name: KAFKA_TLS_ENABLED\n          value: 'true'\n\n        - name: KAFKA_BROKERS\n          value: $(HOST):$(PORT)\n        - name: KAFKA_TLS_PASSPHRASE\n          value: $(PASSWORD)\n\n        - name: KAFKA_TLS_CAFILEPATH\n          value: /crab-auth/CA_CERT\n        - name: KAFKA_TLS_CERTFILEPATH\n          value: /crab-auth/ACCESS_CERT\n        - name: KAFKA_TLS_KEYFILEPATH\n          value: /crab-auth/ACCESS_KEY\n\n      # inject all connection information as environment variables\n      envFrom:\n        - secretRef:\n            name: kafka-crab-connection\n\n      volumeMounts:\n        - name: crab-auth\n          mountPath: /crab-auth\n\n  # loading the crab user information from the Secret as files in a volume\n  # useful to access the Kafka certificates \n  volumes:\n    - name: crab-auth\n      secret:\n        secretName: kafka-crab-connection\n\n---\n\n# we will be using a simple service to access Kowl on port 8080\napiVersion: v1\nkind: Service\nmetadata:\n  name: kafka-crab-consume\nspec:\n  selector:\n    app: kafka-crab-consume\n  ports:\n    - port: 8080\n      targetPort: 8080\n</code></pre> <p>2. Create the resources with:</p> <pre><code>kubectl apply -f kafka-crab-consume.yaml\n</code></pre> <p>3. In another terminal create a port-forward tunnel to your Pod:</p> <pre><code>kubectl port-forward kafka-crab-consume 8080:8080\n</code></pre> <p>4. In the browser of your choice, access the http://localhost:8080 address. You now see a page with    the <code>random-strings</code> topic listed:    </p> <p>5. Click the topic name to see the message.    </p> <p>You have now consumed the message.</p>"},{"location":"resources/kafka/connect.html","title":"Kafka Connect","text":"<p>Aiven for Apache Kafka Connect is a framework and a runtime for integrating Kafka with other systems. Kafka connectors can either be a source (for pulling data from other systems into Kafka) or sink (for pushing data into other systems from Kafka).</p> <p>This section involves a few different Kubernetes CRDs: 1. A <code>KafkaService</code> service with a <code>KafkaTopic</code> 2. A <code>KafkaConnect</code> service 3. A <code>ServiceIntegration</code> to integrate the <code>Kafka</code> and <code>KafkaConnect</code> services 4. A <code>PostgreSQL</code> used as a sink to receive messages from <code>Kafka</code> 5. A <code>KafkaConnector</code> to finally connect the <code>Kafka</code> with the <code>PostgreSQL</code></p>"},{"location":"resources/kafka/connect.html#creating-the-resources","title":"Creating the resources","text":"<p>Create a file named <code>kafka-sample-connect.yaml</code> with the following content:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: Kafka\nmetadata:\n  name: kafka-sample-connect\nspec:\n  # gets the authentication token from the `aiven-token` Secret\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  # outputs the Kafka connection on the `kafka-connection` Secret\n  connInfoSecretTarget:\n    name: kafka-auth\n\n  # add your Project name here\n  project: &lt;your-project-name&gt;\n\n  # cloud provider and plan of your choice\n  # you can check all of the possibilities here https://aiven.io/pricing\n  cloudName: google-europe-west1\n  plan: business-4\n\n  # general Aiven configuration\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n\n  # specific Kafka configuration\n  userConfig:\n    kafka_version: '2.7'\n    kafka_connect: true\n\n---\n\napiVersion: aiven.io/v1alpha1\nkind: KafkaTopic\nmetadata:\n  name: kafka-topic-connect\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: &lt;your-project-name&gt;\n  serviceName: kafka-sample-connect\n\n  replication: 2\n  partitions: 1\n</code></pre> <p>Next, create a file named <code>kafka-connect.yaml</code> and add the following <code>KafkaConnect</code> resource:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: KafkaConnect\nmetadata:\n  name: kafka-connect\nspec:\n  # gets the authentication token from the `aiven-token` Secret\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  # add your Project name here\n  project: &lt;your-project-name&gt;\n\n  # cloud provider and plan of your choice\n  # you can check all of the possibilities here https://aiven.io/pricing\n  cloudName: google-europe-west1\n  plan: startup-4\n\n  # general Aiven configuration\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n</code></pre> <p>Now let's create a <code>ServiceIntegration</code>. It will use the fields <code>sourceServiceName</code> and <code>destinationServiceName</code> to integrate the previously created <code>kafka-sample-connect</code> and <code>kafka-connect</code>. Open a new file named <code>service-integration-connect.yaml</code> and add the content below:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: ServiceIntegration\nmetadata:\n  name: service-integration-kafka-connect\nspec:\n\n  # gets the authentication token from the `aiven-token` Secret\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: &lt;your-project-name&gt;\n\n  # indicates the type of the integration\n  integrationType: kafka_connect\n\n  # we will send messages from the `kafka-sample-connect` to `kafka-connect`\n  sourceServiceName: kafka-sample-connect\n  destinationServiceName: kafka-connect\n</code></pre> <p>Let's add an Aiven for PostgreSQL service. It will be the service used as a sink, receiving messages from the <code>kafka-sample-connect</code> cluster. Create a file named <code>pg-sample-connect.yaml</code> with the content below:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: PostgreSQL\nmetadata:\n  name: pg-connect\nspec:\n\n  # gets the authentication token from the `aiven-token` Secret\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  # outputs the PostgreSQL connection on the `pg-connection` Secret\n  connInfoSecretTarget:\n    name: pg-connection\n\n  # add your Project name here\n  project: &lt;your-project-name&gt;\n\n  # cloud provider and plan of your choice\n  # you can check all of the possibilities here https://aiven.io/pricing\n  cloudName: google-europe-west1\n  plan: startup-4\n\n  # general Aiven configuration\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n</code></pre> <p>Finally, let's add the glue of everything: a <code>KafkaConnector</code>. As described in the specification, it will send receive messages from the <code>kafka-sample-connect</code> and send them to the <code>pg-connect</code> service. Check our official documentation for more connectors.</p> <p>Create a file named <code>kafka-connector-connect.yaml</code> and with the content below:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: KafkaConnector\nmetadata:\n  name: kafka-connector\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: &lt;your-project-name&gt;\n\n  # the Kafka cluster name\n  serviceName: kafka-sample-connect\n\n  # the connector we will be using\n  connectorClass: io.aiven.connect.jdbc.JdbcSinkConnector\n\n  userConfig:\n    auto.create: \"true\"\n\n    # constructs the pg-connect connection information\n    connection.url: 'jdbc:postgresql://{{ fromSecret \"pg-connection\" \"PGHOST\"}}:{{ fromSecret \"pg-connection\" \"PGPORT\" }}/{{ fromSecret \"pg-connection\" \"PGDATABASE\" }}'\n    connection.user: '{{ fromSecret \"pg-connection\" \"PGUSER\" }}'\n    connection.password: '{{ fromSecret \"pg-connection\" \"PGPASSWORD\" }}'\n\n    # specify which topics it will watch\n    topics: kafka-topic-connect\n\n    key.converter: org.apache.kafka.connect.json.JsonConverter\n    value.converter: org.apache.kafka.connect.json.JsonConverter\n    value.converter.schemas.enable: \"true\"\n</code></pre> <p>With all the files created, apply the new Kubernetes resources:</p> <pre><code>kubectl apply \\\n  -f kafka-sample-connect.yaml \\\n  -f kafka-connect.yaml \\\n  -f service-integration-connect.yaml \\\n  -f pg-sample-connect.yaml \\\n  -f kafka-connector-connect.yaml\n</code></pre> <p>It will take some time for all the services to be up and running. You can check their status with the following command:</p> <pre><code>kubectl get \\\n    kafkas.aiven.io/kafka-sample-connect \\\n    kafkaconnects.aiven.io/kafka-connect \\\n    postgresqls.aiven.io/pg-connect \\\n    kafkaconnectors.aiven.io/kafka-connector\n</code></pre> <p>The output is similar to the following:</p> <p><pre><code>NAME                                  PROJECT        REGION                PLAN         STATE\nkafka.aiven.io/kafka-sample-connect   your-project   google-europe-west1   business-4   RUNNING\n\nNAME                                  STATE\nkafkaconnect.aiven.io/kafka-connect   RUNNING\n\nNAME                             PROJECT        REGION                PLAN        STATE\npostgresql.aiven.io/pg-connect   your-project   google-europe-west1   startup-4   RUNNING\n\nNAME                                      SERVICE NAME           PROJECT        CONNECTOR CLASS                           STATE     TASKS TOTAL   TASKS RUNNING\nkafkaconnector.aiven.io/kafka-connector   kafka-sample-connect   your-project   io.aiven.connect.jdbc.JdbcSinkConnector   RUNNING   1             1\n</code></pre> The deployment is finished when all services have the state <code>RUNNING</code>.</p>"},{"location":"resources/kafka/connect.html#testing","title":"Testing","text":"<p>To test the connection integration, let's produce a Kafka message using kcat from within the Kubernetes cluster. We will deploy a Pod responsible for crafting a message and sending to the Kafka cluster, using the <code>kafka-auth</code> secret generate by the <code>Kafka</code> CRD.</p> <p>Create a new file named <code>kcat-connect.yaml</code> and add the content below:</p> <pre><code>apiVersion: v1\nkind: Pod\nmetadata:\n  name: kafka-message\nspec:\n  containers:\n\n  restartPolicy: Never\n    - image: edenhill/kcat:1.7.0\n      name: kcat\n\n      command: ['/bin/sh']\n      args: [\n        '-c',\n        'echo {\\\"schema\\\":{\\\"type\\\":\\\"struct\\\",\\\"fields\\\":[{ \\\"field\\\": \\\"text\\\", \\\"type\\\": \\\"string\\\", \\\"optional\\\": false } ] }, \\\"payload\\\": { \\\"text\\\": \\\"Hello World\\\" } } &gt; /tmp/msg;\n\n        kcat\n          -b $(HOST):$(PORT)\n          -X security.protocol=SSL\n          -X ssl.key.location=/kafka-auth/ACCESS_KEY\n          -X ssl.key.password=$(PASSWORD)\n          -X ssl.certificate.location=/kafka-auth/ACCESS_CERT\n          -X ssl.ca.location=/kafka-auth/CA_CERT\n          -P -t kafka-topic-connect /tmp/msg'\n      ]\n\n      envFrom:\n      - secretRef:\n          name: kafka-auth\n\n      volumeMounts:\n      - name: kafka-auth\n        mountPath: \"/kafka-auth\"\n\n  volumes:\n  - name: kafka-auth\n    secret:\n      secretName: kafka-auth\n</code></pre> <p>Apply the file with:</p> <pre><code>kubectl apply -f kcat-connect.yaml\n</code></pre> <p>The Pod will execute the commands and finish. You can confirm its <code>Completed</code> state with:</p> <pre><code>kubectl get pod kafka-message\n</code></pre> <p>The output is similar to the following:</p> <pre><code>NAME            READY   STATUS      RESTARTS   AGE\nkafka-message   0/1     Completed   0          5m35s\n</code></pre> <p>If everything went smoothly, we should have our produced message in the PostgreSQL service. Let's check that out.</p> <p>Create a file named <code>psql-connect.yaml</code> with the content below:</p> <pre><code>apiVersion: v1\nkind: Pod\nmetadata:\n  name: psql-connect\nspec:\n  restartPolicy: Never\n  containers:\n    - image: postgres:13\n      name: postgres\n      # \"kafka-topic-connect\" is the table automatically created by KafkaConnect\n      command: ['psql', '$(DATABASE_URI)', '-c', 'SELECT * from \"kafka-topic-connect\";']\n\n      envFrom:\n      - secretRef:\n          name: pg-connection\n</code></pre> <p>Apply the file with:</p> <pre><code>kubectl apply -f psql-connect.yaml\n</code></pre> <p>After a couple of seconds, inspect its log with this command: </p> <pre><code>kubectl logs psql-connect \n</code></pre> <p>The output is similar to the following: </p> <pre><code>    text     \n-------------\n Hello World\n(1 row)\n</code></pre>"},{"location":"resources/kafka/connect.html#clean-up","title":"Clean up","text":"<p>To clean up all the created resources, use the following command:</p> <pre><code>kubectl delete \\\n  -f kafka-sample-connect.yaml \\\n  -f kafka-connect.yaml \\\n  -f service-integration-connect.yaml \\\n  -f pg-sample-connect.yaml \\\n  -f kafka-connector-connect.yaml \\\n  -f kcat-connect.yaml \\\n  -f psql-connect.yaml\n</code></pre>"},{"location":"resources/kafka/schema.html","title":"Kafka Schema","text":""},{"location":"resources/kafka/schema.html#creating-a-kafkaschema","title":"Creating a <code>KafkaSchema</code>","text":"<p>Aiven develops and maintain Karapace, an open source implementation of Kafka REST and schema registry. Is available out of the box for our managed Kafka service.</p> <p>The schema registry address and authentication is the same as the Kafka broker, the only different is the usage of the port 13044.</p> <p>First, let's create an Aiven for Apache Kafka service.</p> <p>1. Create a file named <code>kafka-sample-schema.yaml</code> and add the content below:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: Kafka\nmetadata:\n  name: kafka-sample-schema\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  connInfoSecretTarget:\n    name: kafka-auth\n\n  project: &lt;your-project-name&gt;\n  cloudName: google-europe-west1\n  plan: startup-2\n  maintenanceWindowDow: friday\n  maintenanceWindowTime: 23:00:00\n\n  userConfig:\n    kafka_version: '2.7'\n\n    # this flag enables the Schema registry\n    schema_registry: true\n</code></pre> <p>2. Apply the changes with the following command:</p> <pre><code>kubectl apply -f kafka-schema.yaml \n</code></pre> <p>Now, let's create the schema itself.</p> <p>1. Create a new file named <code>kafka-sample-schema.yaml</code> and add the YAML content below:</p> <pre><code>apiVersion: aiven.io/v1alpha1\nkind: KafkaSchema\nmetadata:\n  name: kafka-schema\nspec:\n  authSecretRef:\n    name: aiven-token\n    key: token\n\n  project: &lt;your-project-name&gt;\n  serviceName: kafka-sample-schema\n\n  # the name of the Schema\n  subjectName: MySchema\n\n  # the schema itself, in JSON format\n  schema: |\n    {\n      \"type\": \"record\",\n      \"name\": \"MySchema\",\n      \"fields\": [\n        {\n          \"name\": \"field\",\n          \"type\": \"string\"\n        }\n      ]\n    }\n\n  # sets the schema compatibility level \n  compatibilityLevel: BACKWARD\n</code></pre> <p>2. Create the schema with the command:</p> <pre><code>kubectl apply -f kafka-schema.yaml\n</code></pre> <p>3. Review the resource you created with the following command:</p> <pre><code>kubectl get kafkaschemas.aiven.io kafka-schema\n</code></pre> <p>The output is similar to the following:</p> <pre><code>NAME           SERVICE NAME   PROJECT          SUBJECT    COMPATIBILITY LEVEL   VERSION\nkafka-schema   kafka-sample   &lt;your-project&gt;   MySchema   BACKWARD              1\n</code></pre> <p>Now you can follow the instructions to use a schema registry in Java on how to use the schema created.</p>"}]}
\ No newline at end of file
diff --git a/sitemap.xml b/sitemap.xml
index d1a60a43..48ca3b38 100644
--- a/sitemap.xml
+++ b/sitemap.xml
@@ -2,217 +2,217 @@
 <urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
     <url>
          <loc>https://aiven.github.io/aiven-operator/index.html</loc>
-         <lastmod>2023-11-29</lastmod>
+         <lastmod>2023-12-07</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://aiven.github.io/aiven-operator/authentication.html</loc>
-         <lastmod>2023-11-29</lastmod>
+         <lastmod>2023-12-07</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://aiven.github.io/aiven-operator/changelog.html</loc>
-         <lastmod>2023-11-29</lastmod>
+         <lastmod>2023-12-07</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://aiven.github.io/aiven-operator/troubleshooting.html</loc>
-         <lastmod>2023-11-29</lastmod>
+         <lastmod>2023-12-07</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://aiven.github.io/aiven-operator/api-reference/index.html</loc>
-         <lastmod>2023-11-29</lastmod>
+         <lastmod>2023-12-07</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://aiven.github.io/aiven-operator/api-reference/cassandra.html</loc>
-         <lastmod>2023-11-29</lastmod>
+         <lastmod>2023-12-07</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://aiven.github.io/aiven-operator/api-reference/clickhouse.html</loc>
-         <lastmod>2023-11-29</lastmod>
+         <lastmod>2023-12-07</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://aiven.github.io/aiven-operator/api-reference/clickhouseuser.html</loc>
-         <lastmod>2023-11-29</lastmod>
+         <lastmod>2023-12-07</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://aiven.github.io/aiven-operator/api-reference/connectionpool.html</loc>
-         <lastmod>2023-11-29</lastmod>
+         <lastmod>2023-12-07</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://aiven.github.io/aiven-operator/api-reference/database.html</loc>
-         <lastmod>2023-11-29</lastmod>
+         <lastmod>2023-12-07</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://aiven.github.io/aiven-operator/api-reference/grafana.html</loc>
-         <lastmod>2023-11-29</lastmod>
+         <lastmod>2023-12-07</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://aiven.github.io/aiven-operator/api-reference/kafka.html</loc>
-         <lastmod>2023-11-29</lastmod>
+         <lastmod>2023-12-07</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://aiven.github.io/aiven-operator/api-reference/kafkaacl.html</loc>
-         <lastmod>2023-11-29</lastmod>
+         <lastmod>2023-12-07</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://aiven.github.io/aiven-operator/api-reference/kafkaconnect.html</loc>
-         <lastmod>2023-11-29</lastmod>
+         <lastmod>2023-12-07</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://aiven.github.io/aiven-operator/api-reference/kafkaconnector.html</loc>
-         <lastmod>2023-11-29</lastmod>
+         <lastmod>2023-12-07</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://aiven.github.io/aiven-operator/api-reference/kafkaschema.html</loc>
-         <lastmod>2023-11-29</lastmod>
+         <lastmod>2023-12-07</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://aiven.github.io/aiven-operator/api-reference/kafkatopic.html</loc>
-         <lastmod>2023-11-29</lastmod>
+         <lastmod>2023-12-07</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://aiven.github.io/aiven-operator/api-reference/mysql.html</loc>
-         <lastmod>2023-11-29</lastmod>
+         <lastmod>2023-12-07</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://aiven.github.io/aiven-operator/api-reference/opensearch.html</loc>
-         <lastmod>2023-11-29</lastmod>
+         <lastmod>2023-12-07</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://aiven.github.io/aiven-operator/api-reference/postgresql.html</loc>
-         <lastmod>2023-11-29</lastmod>
+         <lastmod>2023-12-07</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://aiven.github.io/aiven-operator/api-reference/project.html</loc>
-         <lastmod>2023-11-29</lastmod>
+         <lastmod>2023-12-07</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://aiven.github.io/aiven-operator/api-reference/projectvpc.html</loc>
-         <lastmod>2023-11-29</lastmod>
+         <lastmod>2023-12-07</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://aiven.github.io/aiven-operator/api-reference/redis.html</loc>
-         <lastmod>2023-11-29</lastmod>
+         <lastmod>2023-12-07</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://aiven.github.io/aiven-operator/api-reference/serviceintegration.html</loc>
-         <lastmod>2023-11-29</lastmod>
+         <lastmod>2023-12-07</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://aiven.github.io/aiven-operator/api-reference/serviceuser.html</loc>
-         <lastmod>2023-11-29</lastmod>
+         <lastmod>2023-12-07</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://aiven.github.io/aiven-operator/contributing/index.html</loc>
-         <lastmod>2023-11-29</lastmod>
+         <lastmod>2023-12-07</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://aiven.github.io/aiven-operator/contributing/developer-guide.html</loc>
-         <lastmod>2023-11-29</lastmod>
+         <lastmod>2023-12-07</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://aiven.github.io/aiven-operator/contributing/resource-generation.html</loc>
-         <lastmod>2023-11-29</lastmod>
+         <lastmod>2023-12-07</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://aiven.github.io/aiven-operator/installation/helm.html</loc>
-         <lastmod>2023-11-29</lastmod>
+         <lastmod>2023-12-07</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://aiven.github.io/aiven-operator/installation/kubectl.html</loc>
-         <lastmod>2023-11-29</lastmod>
+         <lastmod>2023-12-07</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://aiven.github.io/aiven-operator/installation/prerequisites.html</loc>
-         <lastmod>2023-11-29</lastmod>
+         <lastmod>2023-12-07</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://aiven.github.io/aiven-operator/installation/uninstalling.html</loc>
-         <lastmod>2023-11-29</lastmod>
+         <lastmod>2023-12-07</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://aiven.github.io/aiven-operator/resources/cassandra.html</loc>
-         <lastmod>2023-11-29</lastmod>
+         <lastmod>2023-12-07</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://aiven.github.io/aiven-operator/resources/mysql.html</loc>
-         <lastmod>2023-11-29</lastmod>
+         <lastmod>2023-12-07</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://aiven.github.io/aiven-operator/resources/opensearch.html</loc>
-         <lastmod>2023-11-29</lastmod>
+         <lastmod>2023-12-07</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://aiven.github.io/aiven-operator/resources/postgresql.html</loc>
-         <lastmod>2023-11-29</lastmod>
+         <lastmod>2023-12-07</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://aiven.github.io/aiven-operator/resources/project-vpc.html</loc>
-         <lastmod>2023-11-29</lastmod>
+         <lastmod>2023-12-07</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://aiven.github.io/aiven-operator/resources/project.html</loc>
-         <lastmod>2023-11-29</lastmod>
+         <lastmod>2023-12-07</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://aiven.github.io/aiven-operator/resources/redis.html</loc>
-         <lastmod>2023-11-29</lastmod>
+         <lastmod>2023-12-07</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://aiven.github.io/aiven-operator/resources/service-integrations.html</loc>
-         <lastmod>2023-11-29</lastmod>
+         <lastmod>2023-12-07</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://aiven.github.io/aiven-operator/resources/kafka/index.html</loc>
-         <lastmod>2023-11-29</lastmod>
+         <lastmod>2023-12-07</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://aiven.github.io/aiven-operator/resources/kafka/connect.html</loc>
-         <lastmod>2023-11-29</lastmod>
+         <lastmod>2023-12-07</lastmod>
          <changefreq>daily</changefreq>
     </url>
     <url>
          <loc>https://aiven.github.io/aiven-operator/resources/kafka/schema.html</loc>
-         <lastmod>2023-11-29</lastmod>
+         <lastmod>2023-12-07</lastmod>
          <changefreq>daily</changefreq>
     </url>
 </urlset>
\ No newline at end of file
diff --git a/sitemap.xml.gz b/sitemap.xml.gz
index 555adc408038de4853f5b96055021f44c3fc4517..ed2eadedc432e3117fc646949acfb202bff52eac 100644
GIT binary patch
delta 375
zcmV--0f_#Z1e*kZABzYGQ=)NY0{?SqbY*Q}a4vXlYyj1m&yJfg5XSHO6cKkIn?3Z8
z2z%=jbRWQ&3AiyH;<3r@+t&ozu-o1$Rr(MT*qG68teMg0sh(d4yPL?1VRy_Pi+#2u
zr@1w*J7zE6zvZ8^=lY?F-U@|XTI}SQ^&yO3%kp}?7GeTg4QiBveOHR^(?H5~vfLM6
zvif0{uGzrycDpLex}L2_GNa5yuINnYV^bJj#yOAVRbXEl*V1dzhrw3m{M*)wk}z;v
zANGf*{PB?QKcyw>+-8~XmFwu_=~9u{E)-7WQ(6&HFu&v0N<_KVD@1l{^tqE70UHQT
z$|2_LS)I<4Jpmd45R+H|T4)Wp?8y#z)aTfwLT~ZFN1rOrC7QX7EO_|QtwWR+<*ytS
zur}YF8%Mz3nZd;S9UM%!Z@?Gno1<voKghwTan$;qc@??&MyjK^aBIZ?3Eq$7NIl4p
V?EkZWcY6qh`X`s5VP?f2006x`#C`w(

delta 374
zcmV-+0g3*b1eyeYABzYGAe(1p0{?SqbY*Q}a4vXlYyj1m!H%0S5Qgvj6cKkINiW@s
zu(v)z`vAsFz>V<`k4<*pz9!Iy-S$?g(vOh9#*DtPW=6lKdU+k}ZXz#+-6=a1`)o%}
zb8B38%D#X5nt#q->ZdAtD-?EVv6EBQhcJFA%iHZ%hzT@Vs8I^`T`9Ux11Z<Za$h`W
z_0uk0vw`L9epQxrJzJ4vMwy9R(V5W4rZBvWa~{d7z`iuDrPrblgRRQ>x2+W=Vc@nt
z?vJ1H!y!LDrzPv$W|{7l>*(z1T9Mf<6wc&RS`kt(zvI?QM7h>0M0RWRrIQ;08wk$I
zA?EBwoiCF<0U7}jlUV^;XdSrh$qsnbm)N92Z}GrKpDNBZnz@ZEc=*w+LzEWfuN)Py
zHs6CAN5DUr!NmIm989=xz!&M8qiEkh$ib*_)cS*Y6}kCFs-wAZZ^Zx!-jC!+J;;yj
U|FeI0e+Y&8CtPYp>ct-b07bdHDgXcg