From d3e8ab89a6d4869ef81c412a44ab4604cf2929c5 Mon Sep 17 00:00:00 2001 From: harsh goyal Date: Tue, 11 Jun 2024 12:03:55 +0100 Subject: [PATCH] feat: Added aws-rds promise and operators --- .github/linters/.gitleaks.toml | 2 +- .github/pull_request_template.md | 2 +- .github/workflows/docker-publish.yml | 2 +- .gitignore | 3 + internal/configure-pipeline/Dockerfile | 17 + .../dependencies/operator.yaml | 525 ++++ ...ices.k8s.aws_dbclusterparametergroups.yaml | 324 +++ .../rds.services.k8s.aws_dbclusters.yaml | 1574 +++++++++++ .../rds.services.k8s.aws_dbinstances.yaml | 2478 +++++++++++++++++ ...ds.services.k8s.aws_dbparametergroups.yaml | 278 ++ .../rds.services.k8s.aws_dbproxies.yaml | 247 ++ .../rds.services.k8s.aws_dbsubnetgroups.yaml | 253 ++ .../rds.services.k8s.aws_globalclusters.yaml | 194 ++ .../services.k8s.aws_adoptedresources.yaml | 254 ++ .../services.k8s.aws_fieldexports.yaml | 144 + internal/configure-pipeline/execute-pipeline | 31 + .../resources/rds-postgresql.yaml | 15 + internal/scripts/pipeline-image.sh | 42 + promise.yaml | 62 + 19 files changed, 6444 insertions(+), 3 deletions(-) create mode 100644 .gitignore create mode 100644 internal/configure-pipeline/Dockerfile create mode 100644 internal/configure-pipeline/dependencies/operator.yaml create mode 100644 internal/configure-pipeline/dependencies/rds.services.k8s.aws_dbclusterparametergroups.yaml create mode 100644 internal/configure-pipeline/dependencies/rds.services.k8s.aws_dbclusters.yaml create mode 100644 internal/configure-pipeline/dependencies/rds.services.k8s.aws_dbinstances.yaml create mode 100644 internal/configure-pipeline/dependencies/rds.services.k8s.aws_dbparametergroups.yaml create mode 100644 internal/configure-pipeline/dependencies/rds.services.k8s.aws_dbproxies.yaml create mode 100644 internal/configure-pipeline/dependencies/rds.services.k8s.aws_dbsubnetgroups.yaml create mode 100644 internal/configure-pipeline/dependencies/rds.services.k8s.aws_globalclusters.yaml create mode 100644 internal/configure-pipeline/dependencies/services.k8s.aws_adoptedresources.yaml create mode 100644 internal/configure-pipeline/dependencies/services.k8s.aws_fieldexports.yaml create mode 100644 internal/configure-pipeline/execute-pipeline create mode 100644 internal/configure-pipeline/resources/rds-postgresql.yaml create mode 100755 internal/scripts/pipeline-image.sh create mode 100644 promise.yaml diff --git a/.github/linters/.gitleaks.toml b/.github/linters/.gitleaks.toml index 729860f..12edca2 100644 --- a/.github/linters/.gitleaks.toml +++ b/.github/linters/.gitleaks.toml @@ -1,3 +1,3 @@ [rules] [rules.generic-api-key] - files-exclude = ["internal/configure-pipeline/dependencies/cluster-operator.yml"] + files-exclude = ["internal/configure-pipeline/dependencies/operator.yml"] diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index fe1ff05..b58b2fa 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -15,7 +15,7 @@ In order to have this pull request merged, complete the following tasks. - [ ] If this pull request is about and existing issue, I added the `Fix #ISSUE_NUMBER` label to the description of the pull request. -### Promise Flink maintainer tasks +### Promise aws-rds maintainer tasks - [ ] Label as `breaking` if this change breaks compatibility with the previous released version. - [ ] Label as either: `automation`, `bug`, `documentation`, `enhancement`, `infrastructure`. \ No newline at end of file diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 54035b7..3f8e010 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -82,7 +82,7 @@ jobs: id: build-and-push uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 with: - context: shell/internal/configure-pipeline + context: internal/configure-pipeline push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} platforms: linux/amd64,linux/arm64 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..2f2bdd1 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ + +/.idea/ +.idea \ No newline at end of file diff --git a/internal/configure-pipeline/Dockerfile b/internal/configure-pipeline/Dockerfile new file mode 100644 index 0000000..8dd3a98 --- /dev/null +++ b/internal/configure-pipeline/Dockerfile @@ -0,0 +1,17 @@ +FROM alpine:3.19 AS build + +LABEL org.opencontainers.image.authors "info@opencredo.com" +LABEL org.opencontainers.image.source https://github.com/opencredo/promise-aws-rds + +RUN mkdir -p /tmp/transfer /kratix/output +RUN apk update && apk add --no-cache yq + +COPY resources /tmp/transfer/resources/ +COPY dependencies/ /tmp/transfer/dependencies/ +COPY execute-pipeline execute-pipeline + +RUN chmod +x execute-pipeline + +ENV KRATIX_WORKFLOW_TYPE="promise" +CMD [ "sh", "-c", "./execute-pipeline" ] +ENTRYPOINT [] \ No newline at end of file diff --git a/internal/configure-pipeline/dependencies/operator.yaml b/internal/configure-pipeline/dependencies/operator.yaml new file mode 100644 index 0000000..a7a344f --- /dev/null +++ b/internal/configure-pipeline/dependencies/operator.yaml @@ -0,0 +1,525 @@ +--- +# Source: rds-chart/templates/service-account.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/name: rds-chart + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "1.2.5" + k8s-app: rds-chart + helm.sh/chart: rds-chart-1.2.5 + name: ack-rds-controller + namespace: default + annotations: +--- +# Source: rds-chart/templates/caches-role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: ack-namespaces-cache-rds-controller +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +--- +# Source: rds-chart/templates/cluster-role-controller.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: ack-rds-controller + labels: +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - patch + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - patch + - watch +- apiGroups: + - ec2.services.k8s.aws + resources: + - securitygroups + verbs: + - get + - list +- apiGroups: + - ec2.services.k8s.aws + resources: + - securitygroups/status + verbs: + - get + - list +- apiGroups: + - ec2.services.k8s.aws + resources: + - subnets + verbs: + - get + - list +- apiGroups: + - ec2.services.k8s.aws + resources: + - subnets/status + verbs: + - get + - list +- apiGroups: + - kms.services.k8s.aws + resources: + - keys + verbs: + - get + - list +- apiGroups: + - kms.services.k8s.aws + resources: + - keys/status + verbs: + - get + - list +- apiGroups: + - rds.services.k8s.aws + resources: + - dbclusterparametergroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rds.services.k8s.aws + resources: + - dbclusterparametergroups/status + verbs: + - get + - patch + - update +- apiGroups: + - rds.services.k8s.aws + resources: + - dbclusters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rds.services.k8s.aws + resources: + - dbclusters/status + verbs: + - get + - patch + - update +- apiGroups: + - rds.services.k8s.aws + resources: + - dbinstances + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rds.services.k8s.aws + resources: + - dbinstances/status + verbs: + - get + - patch + - update +- apiGroups: + - rds.services.k8s.aws + resources: + - dbparametergroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rds.services.k8s.aws + resources: + - dbparametergroups/status + verbs: + - get + - patch + - update +- apiGroups: + - rds.services.k8s.aws + resources: + - dbproxies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rds.services.k8s.aws + resources: + - dbproxies/status + verbs: + - get + - patch + - update +- apiGroups: + - rds.services.k8s.aws + resources: + - dbsubnetgroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rds.services.k8s.aws + resources: + - dbsubnetgroups/status + verbs: + - get + - patch + - update +- apiGroups: + - rds.services.k8s.aws + resources: + - globalclusters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rds.services.k8s.aws + resources: + - globalclusters/status + verbs: + - get + - patch + - update +- apiGroups: + - services.k8s.aws + resources: + - adoptedresources + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - services.k8s.aws + resources: + - adoptedresources/status + verbs: + - get + - patch + - update +- apiGroups: + - services.k8s.aws + resources: + - fieldexports + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - services.k8s.aws + resources: + - fieldexports/status + verbs: + - get + - patch + - update +--- +# Source: rds-chart/templates/caches-role-binding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: ack-namespaces-cache-rds-controller +roleRef: + kind: ClusterRole + apiGroup: rbac.authorization.k8s.io + name: ack-namespaces-cache-rds-controller +subjects: +- kind: ServiceAccount + name: ack-rds-controller + namespace: default +--- +# Source: rds-chart/templates/cluster-role-binding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: release-name-rds-chart +roleRef: + kind: ClusterRole + apiGroup: rbac.authorization.k8s.io + name: ack-rds-controller +subjects: +- kind: ServiceAccount + name: ack-rds-controller + namespace: default +--- +# Source: rds-chart/templates/caches-role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: ack-configmaps-cache-rds-controller + namespace: default +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch +--- +# Source: rds-chart/templates/role-reader.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + name: ack-rds-reader + namespace: default +rules: +- apiGroups: + - rds.services.k8s.aws + resources: + - dbclusters + - dbclusterparametergroups + - dbinstances + - dbparametergroups + - dbproxies + - dbsubnetgroups + - globalclusters + verbs: + - get + - list + - watch +--- +# Source: rds-chart/templates/role-writer.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + name: ack-rds-writer + namespace: default +rules: +- apiGroups: + - rds.services.k8s.aws + resources: + - dbclusters + - dbclusterparametergroups + - dbinstances + - dbparametergroups + - dbproxies + - dbsubnetgroups + - globalclusters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rds.services.k8s.aws + resources: + - dbclusters + - dbclusterparametergroups + - dbinstances + - dbparametergroups + - dbproxies + - dbsubnetgroups + - globalclusters + verbs: + - get + - patch + - update +--- +# Source: rds-chart/templates/caches-role-binding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: ack-configmaps-cache-rds-controller + namespace: default +roleRef: + kind: Role + apiGroup: rbac.authorization.k8s.io + name: ack-configmaps-cache-rds-controller +subjects: +- kind: ServiceAccount + name: ack-rds-controller + namespace: default +--- +# Source: rds-chart/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: release-name-rds-chart + namespace: default + labels: + app.kubernetes.io/name: rds-chart + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: "1.2.5" + k8s-app: rds-chart + helm.sh/chart: rds-chart-1.2.5 +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: rds-chart + app.kubernetes.io/instance: release-name + template: + metadata: + labels: + app.kubernetes.io/name: rds-chart + app.kubernetes.io/instance: release-name + app.kubernetes.io/managed-by: Helm + k8s-app: rds-chart + spec: + serviceAccountName: ack-rds-controller + containers: + - command: + - ./bin/controller + args: + - --aws-region + - "eu-west-2" + - --aws-endpoint-url + - "$(AWS_ENDPOINT_URL)" + - --log-level + - "$(ACK_LOG_LEVEL)" + - --resource-tags + - "$(ACK_RESOURCE_TAGS)" + - --watch-namespace + - "$(ACK_WATCH_NAMESPACE)" + - --deletion-policy + - "$(DELETION_POLICY)" + - --reconcile-default-resync-seconds + - "$(RECONCILE_DEFAULT_RESYNC_SECONDS)" + - --reconcile-default-max-concurrent-syncs + - "$(RECONCILE_DEFAULT_MAX_CONCURRENT_SYNCS)" + image: public.ecr.aws/aws-controllers-k8s/rds-controller:1.2.5 + imagePullPolicy: IfNotPresent + name: controller + ports: + - name: http + containerPort: 8080 + resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 50m + memory: 64Mi + env: + - name: ACK_SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: AWS_REGION + value: "eu-west-2" + - name: AWS_ENDPOINT_URL + value: "" + - name: ACK_WATCH_NAMESPACE + value: + - name: DELETION_POLICY + value: delete + - name: LEADER_ELECTION_NAMESPACE + value: "" + - name: ACK_LOG_LEVEL + value: "info" + - name: ACK_RESOURCE_TAGS + value: "services.k8s.aws/controller-version=%CONTROLLER_SERVICE%-%CONTROLLER_VERSION%,services.k8s.aws/namespace=%K8S_NAMESPACE%" + - name: RECONCILE_DEFAULT_RESYNC_SECONDS + value: "36000" + - name: RECONCILE_DEFAULT_MAX_CONCURRENT_SYNCS + value: "1" + volumeMounts: + securityContext: + allowPrivilegeEscalation: false + privileged: false + runAsNonRoot: true + capabilities: + drop: + - ALL + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + securityContext: + seccompProfile: + type: RuntimeDefault + terminationGracePeriodSeconds: 10 + nodeSelector: + kubernetes.io/os: linux + hostIPC: false + hostPID: false + hostNetwork: false + dnsPolicy: ClusterFirst + volumes: diff --git a/internal/configure-pipeline/dependencies/rds.services.k8s.aws_dbclusterparametergroups.yaml b/internal/configure-pipeline/dependencies/rds.services.k8s.aws_dbclusterparametergroups.yaml new file mode 100644 index 0000000..956cb08 --- /dev/null +++ b/internal/configure-pipeline/dependencies/rds.services.k8s.aws_dbclusterparametergroups.yaml @@ -0,0 +1,324 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: dbclusterparametergroups.rds.services.k8s.aws +spec: + group: rds.services.k8s.aws + names: + kind: DBClusterParameterGroup + listKind: DBClusterParameterGroupList + plural: dbclusterparametergroups + singular: dbclusterparametergroup + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: DBClusterParameterGroup is the Schema for the DBClusterParameterGroups + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + DBClusterParameterGroupSpec defines the desired state of DBClusterParameterGroup. + + + Contains the details of an Amazon RDS DB cluster parameter group. + + + This data type is used as a response element in the DescribeDBClusterParameterGroups + action. + properties: + description: + description: The description for the DB cluster parameter group. + type: string + family: + description: |- + The DB cluster parameter group family name. A DB cluster parameter group + can be associated with one and only one DB cluster parameter group family, + and can be applied only to a DB cluster running a database engine and engine + version compatible with that DB cluster parameter group family. + + + # Aurora MySQL + + + Example: aurora5.6, aurora-mysql5.7, aurora-mysql8.0 + + + # Aurora PostgreSQL + + + Example: aurora-postgresql9.6 + + + # RDS for MySQL + + + Example: mysql8.0 + + + # RDS for PostgreSQL + + + Example: postgres12 + + + To list all of the available parameter group families for a DB engine, use + the following command: + + + aws rds describe-db-engine-versions --query "DBEngineVersions[].DBParameterGroupFamily" + --engine + + + For example, to list all of the available parameter group families for the + Aurora PostgreSQL DB engine, use the following command: + + + aws rds describe-db-engine-versions --query "DBEngineVersions[].DBParameterGroupFamily" + --engine aurora-postgresql + + + The output contains duplicates. + + + The following are the valid DB engine values: + + + - aurora (for MySQL 5.6-compatible Aurora) + + + - aurora-mysql (for MySQL 5.7-compatible and MySQL 8.0-compatible Aurora) + + + - aurora-postgresql + + + - mysql + + + - postgres + type: string + name: + description: |- + The name of the DB cluster parameter group. + + + Constraints: + + + - Must not match the name of an existing DB cluster parameter group. + + + This value is stored as a lowercase string. + type: string + parameterOverrides: + additionalProperties: + type: string + type: object + parameters: + description: |- + A list of parameters in the DB cluster parameter group to modify. + + + Valid Values (for the application method): immediate | pending-reboot + + + You can use the immediate value with dynamic parameters only. You can use + the pending-reboot value for both dynamic and static parameters. + + + When the application method is immediate, changes to dynamic parameters are + applied immediately to the DB clusters associated with the parameter group. + When the application method is pending-reboot, changes to dynamic and static + parameters are applied after a reboot without failover to the DB clusters + associated with the parameter group. + items: + description: |- + This data type is used as a request parameter in the ModifyDBParameterGroup + and ResetDBParameterGroup actions. + + + This data type is used as a response element in the DescribeEngineDefaultParameters + and DescribeDBParameters actions. + properties: + allowedValues: + type: string + applyMethod: + type: string + applyType: + type: string + dataType: + type: string + description: + type: string + isModifiable: + type: boolean + minimumEngineVersion: + type: string + parameterName: + type: string + parameterValue: + type: string + source: + type: string + supportedEngineModes: + items: + type: string + type: array + type: object + type: array + tags: + description: Tags to assign to the DB cluster parameter group. + items: + description: |- + Metadata assigned to an Amazon RDS resource consisting of a key-value pair. + + + For more information, see Tagging Amazon RDS Resources (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html) + in the Amazon RDS User Guide. + properties: + key: + type: string + value: + type: string + type: object + type: array + required: + - description + - family + - name + type: object + status: + description: DBClusterParameterGroupStatus defines the observed state + of DBClusterParameterGroup + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + parameterOverrideStatuses: + description: Provides a list of parameters for the DB cluster parameter + group. + items: + description: |- + This data type is used as a request parameter in the ModifyDBParameterGroup + and ResetDBParameterGroup actions. + + + This data type is used as a response element in the DescribeEngineDefaultParameters + and DescribeDBParameters actions. + properties: + allowedValues: + type: string + applyMethod: + type: string + applyType: + type: string + dataType: + type: string + description: + type: string + isModifiable: + type: boolean + minimumEngineVersion: + type: string + parameterName: + type: string + parameterValue: + type: string + source: + type: string + supportedEngineModes: + items: + type: string + type: array + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/internal/configure-pipeline/dependencies/rds.services.k8s.aws_dbclusters.yaml b/internal/configure-pipeline/dependencies/rds.services.k8s.aws_dbclusters.yaml new file mode 100644 index 0000000..063a5fc --- /dev/null +++ b/internal/configure-pipeline/dependencies/rds.services.k8s.aws_dbclusters.yaml @@ -0,0 +1,1574 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: dbclusters.rds.services.k8s.aws +spec: + group: rds.services.k8s.aws + names: + kind: DBCluster + listKind: DBClusterList + plural: dbclusters + singular: dbcluster + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: DBCluster is the Schema for the DBClusters API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + DBClusterSpec defines the desired state of DBCluster. + + + Contains the details of an Amazon Aurora DB cluster or Multi-AZ DB cluster. + + + For an Amazon Aurora DB cluster, this data type is used as a response element + in the operations CreateDBCluster, DeleteDBCluster, DescribeDBClusters, FailoverDBCluster, + ModifyDBCluster, PromoteReadReplicaDBCluster, RestoreDBClusterFromS3, RestoreDBClusterFromSnapshot, + RestoreDBClusterToPointInTime, StartDBCluster, and StopDBCluster. + + + For a Multi-AZ DB cluster, this data type is used as a response element in + the operations CreateDBCluster, DeleteDBCluster, DescribeDBClusters, FailoverDBCluster, + ModifyDBCluster, RebootDBCluster, RestoreDBClusterFromSnapshot, and RestoreDBClusterToPointInTime. + + + For more information on Amazon Aurora DB clusters, see What is Amazon Aurora? + (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) + in the Amazon Aurora User Guide. + + + For more information on Multi-AZ DB clusters, see Multi-AZ deployments with + two readable standby DB instances (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) + in the Amazon RDS User Guide. + properties: + allocatedStorage: + description: |- + The amount of storage in gibibytes (GiB) to allocate to each DB instance + in the Multi-AZ DB cluster. + + + This setting is required to create a Multi-AZ DB cluster. + + + Valid for: Multi-AZ DB clusters only + format: int64 + type: integer + autoMinorVersionUpgrade: + description: |- + A value that indicates whether minor engine upgrades are applied automatically + to the DB cluster during the maintenance window. By default, minor engine + upgrades are applied automatically. + + + Valid for: Multi-AZ DB clusters only + type: boolean + availabilityZones: + description: |- + A list of Availability Zones (AZs) where DB instances in the DB cluster can + be created. + + + For information on Amazon Web Services Regions and Availability Zones, see + Choosing the Regions and Availability Zones (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Concepts.RegionsAndAvailabilityZones.html) + in the Amazon Aurora User Guide. + + + Valid for: Aurora DB clusters only + items: + type: string + type: array + backtrackWindow: + description: |- + The target backtrack window, in seconds. To disable backtracking, set this + value to 0. + + + Default: 0 + + + Constraints: + + + - If specified, this value must be set to a number from 0 to 259,200 (72 + hours). + + + Valid for: Aurora MySQL DB clusters only + format: int64 + type: integer + backupRetentionPeriod: + description: |- + The number of days for which automated backups are retained. + + + Default: 1 + + + Constraints: + + + - Must be a value from 1 to 35 + + + Valid for: Aurora DB clusters and Multi-AZ DB clusters + format: int64 + type: integer + characterSetName: + description: |- + A value that indicates that the DB cluster should be associated with the + specified CharacterSet. + + + Valid for: Aurora DB clusters only + type: string + copyTagsToSnapshot: + description: |- + A value that indicates whether to copy all tags from the DB cluster to snapshots + of the DB cluster. The default is not to copy them. + + + Valid for: Aurora DB clusters and Multi-AZ DB clusters + type: boolean + databaseName: + description: |- + The name for your database of up to 64 alphanumeric characters. If you do + not provide a name, Amazon RDS doesn't create a database in the DB cluster + you are creating. + + + Valid for: Aurora DB clusters and Multi-AZ DB clusters + type: string + dbClusterIdentifier: + description: |- + The DB cluster identifier. This parameter is stored as a lowercase string. + + + Constraints: + + + - Must contain from 1 to 63 letters, numbers, or hyphens. + + + - First character must be a letter. + + + - Can't end with a hyphen or contain two consecutive hyphens. + + + Example: my-cluster1 + + + Valid for: Aurora DB clusters and Multi-AZ DB clusters + type: string + dbClusterInstanceClass: + description: |- + The compute and memory capacity of each DB instance in the Multi-AZ DB cluster, + for example db.m6gd.xlarge. Not all DB instance classes are available in + all Amazon Web Services Regions, or for all database engines. + + + For the full list of DB instance classes and availability for your engine, + see DB instance class (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html) + in the Amazon RDS User Guide. + + + This setting is required to create a Multi-AZ DB cluster. + + + Valid for: Multi-AZ DB clusters only + type: string + dbClusterParameterGroupName: + description: |- + The name of the DB cluster parameter group to associate with this DB cluster. + If you do not specify a value, then the default DB cluster parameter group + for the specified DB engine and version is used. + + + Constraints: + + + - If supplied, must match the name of an existing DB cluster parameter + group. + + + Valid for: Aurora DB clusters and Multi-AZ DB clusters + type: string + dbClusterParameterGroupRef: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + type: object + type: object + dbSubnetGroupName: + description: |- + A DB subnet group to associate with this DB cluster. + + + This setting is required to create a Multi-AZ DB cluster. + + + Constraints: Must match the name of an existing DBSubnetGroup. Must not be + default. + + + Example: mydbsubnetgroup + + + Valid for: Aurora DB clusters and Multi-AZ DB clusters + type: string + dbSubnetGroupRef: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + type: object + type: object + dbSystemID: + description: Reserved for future use. + type: string + deletionProtection: + description: |- + A value that indicates whether the DB cluster has deletion protection enabled. + The database can't be deleted when deletion protection is enabled. By default, + deletion protection isn't enabled. + + + Valid for: Aurora DB clusters and Multi-AZ DB clusters + type: boolean + destinationRegion: + description: DestinationRegion is used for presigning the request + to a given region. + type: string + domain: + description: |- + The Active Directory directory ID to create the DB cluster in. + + + For Amazon Aurora DB clusters, Amazon RDS can use Kerberos authentication + to authenticate users that connect to the DB cluster. + + + For more information, see Kerberos authentication (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/kerberos-authentication.html) + in the Amazon Aurora User Guide. + + + Valid for: Aurora DB clusters only + type: string + domainIAMRoleName: + description: |- + Specify the name of the IAM role to be used when making API calls to the + Directory Service. + + + Valid for: Aurora DB clusters only + type: string + enableCloudwatchLogsExports: + description: |- + The list of log types that need to be enabled for exporting to CloudWatch + Logs. The values in the list depend on the DB engine being used. + + + # RDS for MySQL + + + Possible values are error, general, and slowquery. + + + # RDS for PostgreSQL + + + Possible values are postgresql and upgrade. + + + # Aurora MySQL + + + Possible values are audit, error, general, and slowquery. + + + # Aurora PostgreSQL + + + Possible value is postgresql. + + + For more information about exporting CloudWatch Logs for Amazon RDS, see + Publishing Database Logs to Amazon CloudWatch Logs (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch) + in the Amazon RDS User Guide. + + + For more information about exporting CloudWatch Logs for Amazon Aurora, see + Publishing Database Logs to Amazon CloudWatch Logs (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch) + in the Amazon Aurora User Guide. + + + Valid for: Aurora DB clusters and Multi-AZ DB clusters + items: + type: string + type: array + enableGlobalWriteForwarding: + description: |- + A value that indicates whether to enable this DB cluster to forward write + operations to the primary cluster of an Aurora global database (GlobalCluster). + By default, write operations are not allowed on Aurora DB clusters that are + secondary clusters in an Aurora global database. + + + You can set this value only on Aurora DB clusters that are members of an + Aurora global database. With this parameter enabled, a secondary cluster + can forward writes to the current primary cluster and the resulting changes + are replicated back to this cluster. For the primary DB cluster of an Aurora + global database, this value is used immediately if the primary is demoted + by the FailoverGlobalCluster API operation, but it does nothing until then. + + + Valid for: Aurora DB clusters only + type: boolean + enableHTTPEndpoint: + description: |- + A value that indicates whether to enable the HTTP endpoint for an Aurora + Serverless v1 DB cluster. By default, the HTTP endpoint is disabled. + + + When enabled, the HTTP endpoint provides a connectionless web service API + for running SQL queries on the Aurora Serverless v1 DB cluster. You can also + query your database from inside the RDS console with the query editor. + + + For more information, see Using the Data API for Aurora Serverless v1 (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/data-api.html) + in the Amazon Aurora User Guide. + + + Valid for: Aurora DB clusters only + type: boolean + enableIAMDatabaseAuthentication: + description: |- + A value that indicates whether to enable mapping of Amazon Web Services Identity + and Access Management (IAM) accounts to database accounts. By default, mapping + isn't enabled. + + + For more information, see IAM Database Authentication (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.IAMDBAuth.html) + in the Amazon Aurora User Guide. + + + Valid for: Aurora DB clusters only + type: boolean + enablePerformanceInsights: + description: |- + A value that indicates whether to turn on Performance Insights for the DB + cluster. + + + For more information, see Using Amazon Performance Insights (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.html) + in the Amazon RDS User Guide. + + + Valid for: Multi-AZ DB clusters only + type: boolean + engine: + description: |- + The name of the database engine to be used for this DB cluster. + + + Valid Values: + + + - aurora-mysql + + + - aurora-postgresql + + + - mysql + + + - postgres + + + Valid for: Aurora DB clusters and Multi-AZ DB clusters + type: string + engineMode: + description: |- + The DB engine mode of the DB cluster, either provisioned or serverless. + + + The serverless engine mode only applies for Aurora Serverless v1 DB clusters. + + + Limitations and requirements apply to some DB engine modes. For more information, + see the following sections in the Amazon Aurora User Guide: + + + - Limitations of Aurora Serverless v1 (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless.html#aurora-serverless.limitations) + + + - Requirements for Aurora Serverless v2 (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless-v2.requirements.html) + + + - Limitations of parallel query (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-mysql-parallel-query.html#aurora-mysql-parallel-query-limitations) + + + - Limitations of Aurora global databases (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-global-database.html#aurora-global-database.limitations) + + + Valid for: Aurora DB clusters only + type: string + engineVersion: + description: |- + The version number of the database engine to use. + + + To list all of the available engine versions for Aurora MySQL version 2 (5.7-compatible) + and version 3 (MySQL 8.0-compatible), use the following command: + + + aws rds describe-db-engine-versions --engine aurora-mysql --query "DBEngineVersions[].EngineVersion" + + + You can supply either 5.7 or 8.0 to use the default engine version for Aurora + MySQL version 2 or version 3, respectively. + + + To list all of the available engine versions for Aurora PostgreSQL, use the + following command: + + + aws rds describe-db-engine-versions --engine aurora-postgresql --query "DBEngineVersions[].EngineVersion" + + + To list all of the available engine versions for RDS for MySQL, use the following + command: + + + aws rds describe-db-engine-versions --engine mysql --query "DBEngineVersions[].EngineVersion" + + + To list all of the available engine versions for RDS for PostgreSQL, use + the following command: + + + aws rds describe-db-engine-versions --engine postgres --query "DBEngineVersions[].EngineVersion" + + + # Aurora MySQL + + + For information, see Database engine updates for Amazon Aurora MySQL (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Updates.html) + in the Amazon Aurora User Guide. + + + # Aurora PostgreSQL + + + For information, see Amazon Aurora PostgreSQL releases and engine versions + (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraPostgreSQL.Updates.20180305.html) + in the Amazon Aurora User Guide. + + + # MySQL + + + For information, see Amazon RDS for MySQL (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt) + in the Amazon RDS User Guide. + + + # PostgreSQL + + + For information, see Amazon RDS for PostgreSQL (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts) + in the Amazon RDS User Guide. + + + Valid for: Aurora DB clusters and Multi-AZ DB clusters + type: string + globalClusterIdentifier: + description: |- + The global cluster ID of an Aurora cluster that becomes the primary cluster + in the new global database cluster. + + + Valid for: Aurora DB clusters only + type: string + iops: + description: |- + The amount of Provisioned IOPS (input/output operations per second) to be + initially allocated for each DB instance in the Multi-AZ DB cluster. + + + For information about valid IOPS values, see Provisioned IOPS storage (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Storage.html#USER_PIOPS) + in the Amazon RDS User Guide. + + + This setting is required to create a Multi-AZ DB cluster. + + + Constraints: Must be a multiple between .5 and 50 of the storage amount for + the DB cluster. + + + Valid for: Multi-AZ DB clusters only + format: int64 + type: integer + kmsKeyID: + description: |- + The Amazon Web Services KMS key identifier for an encrypted DB cluster. + + + The Amazon Web Services KMS key identifier is the key ARN, key ID, alias + ARN, or alias name for the KMS key. To use a KMS key in a different Amazon + Web Services account, specify the key ARN or alias ARN. + + + When a KMS key isn't specified in KmsKeyId: + + + - If ReplicationSourceIdentifier identifies an encrypted source, then + Amazon RDS will use the KMS key used to encrypt the source. Otherwise, + Amazon RDS will use your default KMS key. + + + - If the StorageEncrypted parameter is enabled and ReplicationSourceIdentifier + isn't specified, then Amazon RDS will use your default KMS key. + + + There is a default KMS key for your Amazon Web Services account. Your Amazon + Web Services account has a different default KMS key for each Amazon Web + Services Region. + + + If you create a read replica of an encrypted DB cluster in another Amazon + Web Services Region, you must set KmsKeyId to a KMS key identifier that is + valid in the destination Amazon Web Services Region. This KMS key is used + to encrypt the read replica in that Amazon Web Services Region. + + + Valid for: Aurora DB clusters and Multi-AZ DB clusters + type: string + kmsKeyRef: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + type: object + type: object + manageMasterUserPassword: + description: |- + A value that indicates whether to manage the master user password with Amazon + Web Services Secrets Manager. + + + For more information, see Password management with Amazon Web Services Secrets + Manager (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html) + in the Amazon RDS User Guide and Password management with Amazon Web Services + Secrets Manager (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-secrets-manager.html) + in the Amazon Aurora User Guide. + + + Constraints: + + + - Can't manage the master user password with Amazon Web Services Secrets + Manager if MasterUserPassword is specified. + + + Valid for: Aurora DB clusters and Multi-AZ DB clusters + type: boolean + masterUserPassword: + description: |- + The password for the master database user. This password can contain any + printable ASCII character except "/", """, or "@". + + + Constraints: + + + - Must contain from 8 to 41 characters. + + + - Can't be specified if ManageMasterUserPassword is turned on. + + + Valid for: Aurora DB clusters and Multi-AZ DB clusters + properties: + key: + description: Key is the key within the secret + type: string + name: + description: name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: namespace defines the space within which the secret + name must be unique. + type: string + required: + - key + type: object + x-kubernetes-map-type: atomic + masterUserSecretKMSKeyID: + description: |- + The Amazon Web Services KMS key identifier to encrypt a secret that is automatically + generated and managed in Amazon Web Services Secrets Manager. + + + This setting is valid only if the master user password is managed by RDS + in Amazon Web Services Secrets Manager for the DB cluster. + + + The Amazon Web Services KMS key identifier is the key ARN, key ID, alias + ARN, or alias name for the KMS key. To use a KMS key in a different Amazon + Web Services account, specify the key ARN or alias ARN. + + + If you don't specify MasterUserSecretKmsKeyId, then the aws/secretsmanager + KMS key is used to encrypt the secret. If the secret is in a different Amazon + Web Services account, then you can't use the aws/secretsmanager KMS key to + encrypt the secret, and you must use a customer managed KMS key. + + + There is a default KMS key for your Amazon Web Services account. Your Amazon + Web Services account has a different default KMS key for each Amazon Web + Services Region. + + + Valid for: Aurora DB clusters and Multi-AZ DB clusters + type: string + masterUserSecretKMSKeyRef: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + type: object + type: object + masterUsername: + description: |- + The name of the master user for the DB cluster. + + + Constraints: + + + - Must be 1 to 16 letters or numbers. + + + - First character must be a letter. + + + - Can't be a reserved word for the chosen database engine. + + + Valid for: Aurora DB clusters and Multi-AZ DB clusters + type: string + monitoringInterval: + description: |- + The interval, in seconds, between points when Enhanced Monitoring metrics + are collected for the DB cluster. To turn off collecting Enhanced Monitoring + metrics, specify 0. The default is 0. + + + If MonitoringRoleArn is specified, also set MonitoringInterval to a value + other than 0. + + + Valid Values: 0, 1, 5, 10, 15, 30, 60 + + + Valid for: Multi-AZ DB clusters only + format: int64 + type: integer + monitoringRoleARN: + description: |- + The Amazon Resource Name (ARN) for the IAM role that permits RDS to send + Enhanced Monitoring metrics to Amazon CloudWatch Logs. An example is arn:aws:iam:123456789012:role/emaccess. + For information on creating a monitoring role, see Setting up and enabling + Enhanced Monitoring (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Monitoring.OS.html#USER_Monitoring.OS.Enabling) + in the Amazon RDS User Guide. + + + If MonitoringInterval is set to a value other than 0, supply a MonitoringRoleArn + value. + + + Valid for: Multi-AZ DB clusters only + type: string + networkType: + description: |- + The network type of the DB cluster. + + + Valid values: + + + - IPV4 + + + - DUAL + + + The network type is determined by the DBSubnetGroup specified for the DB + cluster. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 and + the IPv6 protocols (DUAL). + + + For more information, see Working with a DB instance in a VPC (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html) + in the Amazon Aurora User Guide. + + + Valid for: Aurora DB clusters only + type: string + optionGroupName: + description: |- + A value that indicates that the DB cluster should be associated with the + specified option group. + + + DB clusters are associated with a default option group that can't be modified. + type: string + performanceInsightsKMSKeyID: + description: |- + The Amazon Web Services KMS key identifier for encryption of Performance + Insights data. + + + The Amazon Web Services KMS key identifier is the key ARN, key ID, alias + ARN, or alias name for the KMS key. + + + If you don't specify a value for PerformanceInsightsKMSKeyId, then Amazon + RDS uses your default KMS key. There is a default KMS key for your Amazon + Web Services account. Your Amazon Web Services account has a different default + KMS key for each Amazon Web Services Region. + + + Valid for: Multi-AZ DB clusters only + type: string + performanceInsightsRetentionPeriod: + description: |- + The number of days to retain Performance Insights data. The default is 7 + days. The following values are valid: + + + - 7 + + + - month * 31, where month is a number of months from 1-23 + + + - 731 + + + For example, the following values are valid: + + + - 93 (3 months * 31) + + + - 341 (11 months * 31) + + + - 589 (19 months * 31) + + + - 731 + + + If you specify a retention period such as 94, which isn't a valid value, + RDS issues an error. + + + Valid for: Multi-AZ DB clusters only + format: int64 + type: integer + port: + description: |- + The port number on which the instances in the DB cluster accept connections. + + + # RDS for MySQL and Aurora MySQL + + + Default: 3306 + + + Valid values: 1150-65535 + + + # RDS for PostgreSQL and Aurora PostgreSQL + + + Default: 5432 + + + Valid values: 1150-65535 + + + Valid for: Aurora DB clusters and Multi-AZ DB clusters + format: int64 + type: integer + preSignedURL: + description: |- + When you are replicating a DB cluster from one Amazon Web Services GovCloud + (US) Region to another, an URL that contains a Signature Version 4 signed + request for the CreateDBCluster operation to be called in the source Amazon + Web Services Region where the DB cluster is replicated from. Specify PreSignedUrl + only when you are performing cross-Region replication from an encrypted DB + cluster. + + + The presigned URL must be a valid request for the CreateDBCluster API operation + that can run in the source Amazon Web Services Region that contains the encrypted + DB cluster to copy. + + + The presigned URL request must contain the following parameter values: + + + - KmsKeyId - The KMS key identifier for the KMS key to use to encrypt + the copy of the DB cluster in the destination Amazon Web Services Region. + This should refer to the same KMS key for both the CreateDBCluster operation + that is called in the destination Amazon Web Services Region, and the + operation contained in the presigned URL. + + + - DestinationRegion - The name of the Amazon Web Services Region that + Aurora read replica will be created in. + + + - ReplicationSourceIdentifier - The DB cluster identifier for the encrypted + DB cluster to be copied. This identifier must be in the Amazon Resource + Name (ARN) format for the source Amazon Web Services Region. For example, + if you are copying an encrypted DB cluster from the us-west-2 Amazon Web + Services Region, then your ReplicationSourceIdentifier would look like + Example: arn:aws:rds:us-west-2:123456789012:cluster:aurora-cluster1. + + + To learn how to generate a Signature Version 4 signed request, see Authenticating + Requests: Using Query Parameters (Amazon Web Services Signature Version 4) + (https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html) + and Signature Version 4 Signing Process (https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html). + + + If you are using an Amazon Web Services SDK tool or the CLI, you can specify + SourceRegion (or --source-region for the CLI) instead of specifying PreSignedUrl + manually. Specifying SourceRegion autogenerates a presigned URL that is a + valid request for the operation that can run in the source Amazon Web Services + Region. + + + Valid for: Aurora DB clusters only + type: string + preferredBackupWindow: + description: |- + The daily time range during which automated backups are created if automated + backups are enabled using the BackupRetentionPeriod parameter. + + + The default is a 30-minute window selected at random from an 8-hour block + of time for each Amazon Web Services Region. To view the time blocks available, + see Backup window (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Managing.Backups.html#Aurora.Managing.Backups.BackupWindow) + in the Amazon Aurora User Guide. + + + Constraints: + + + - Must be in the format hh24:mi-hh24:mi. + + + - Must be in Universal Coordinated Time (UTC). + + + - Must not conflict with the preferred maintenance window. + + + - Must be at least 30 minutes. + + + Valid for: Aurora DB clusters and Multi-AZ DB clusters + type: string + preferredMaintenanceWindow: + description: |- + The weekly time range during which system maintenance can occur, in Universal + Coordinated Time (UTC). + + + Format: ddd:hh24:mi-ddd:hh24:mi + + + The default is a 30-minute window selected at random from an 8-hour block + of time for each Amazon Web Services Region, occurring on a random day of + the week. To see the time blocks available, see Adjusting the Preferred DB + Cluster Maintenance Window (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_UpgradeDBInstance.Maintenance.html#AdjustingTheMaintenanceWindow.Aurora) + in the Amazon Aurora User Guide. + + + Valid Days: Mon, Tue, Wed, Thu, Fri, Sat, Sun. + + + Constraints: Minimum 30-minute window. + + + Valid for: Aurora DB clusters and Multi-AZ DB clusters + type: string + publiclyAccessible: + description: |- + A value that indicates whether the DB cluster is publicly accessible. + + + When the DB cluster is publicly accessible, its Domain Name System (DNS) + endpoint resolves to the private IP address from within the DB cluster's + virtual private cloud (VPC). It resolves to the public IP address from outside + of the DB cluster's VPC. Access to the DB cluster is ultimately controlled + by the security group it uses. That public access isn't permitted if the + security group assigned to the DB cluster doesn't permit it. + + + When the DB cluster isn't publicly accessible, it is an internal DB cluster + with a DNS name that resolves to a private IP address. + + + Default: The default behavior varies depending on whether DBSubnetGroupName + is specified. + + + If DBSubnetGroupName isn't specified, and PubliclyAccessible isn't specified, + the following applies: + + + - If the default VPC in the target Region doesn’t have an internet gateway + attached to it, the DB cluster is private. + + + - If the default VPC in the target Region has an internet gateway attached + to it, the DB cluster is public. + + + If DBSubnetGroupName is specified, and PubliclyAccessible isn't specified, + the following applies: + + + - If the subnets are part of a VPC that doesn’t have an internet gateway + attached to it, the DB cluster is private. + + + - If the subnets are part of a VPC that has an internet gateway attached + to it, the DB cluster is public. + + + Valid for: Multi-AZ DB clusters only + type: boolean + replicationSourceIdentifier: + description: |- + The Amazon Resource Name (ARN) of the source DB instance or DB cluster if + this DB cluster is created as a read replica. + + + Valid for: Aurora DB clusters and Multi-AZ DB clusters + type: string + scalingConfiguration: + description: |- + For DB clusters in serverless DB engine mode, the scaling properties of the + DB cluster. + + + Valid for: Aurora DB clusters only + properties: + autoPause: + type: boolean + maxCapacity: + format: int64 + type: integer + minCapacity: + format: int64 + type: integer + secondsBeforeTimeout: + format: int64 + type: integer + secondsUntilAutoPause: + format: int64 + type: integer + timeoutAction: + type: string + type: object + serverlessV2ScalingConfiguration: + description: |- + Contains the scaling configuration of an Aurora Serverless v2 DB cluster. + + + For more information, see Using Amazon Aurora Serverless v2 (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless-v2.html) + in the Amazon Aurora User Guide. + properties: + maxCapacity: + type: number + minCapacity: + type: number + type: object + snapshotIdentifier: + description: |- + The identifier for the DB snapshot or DB cluster snapshot to restore from. + + + You can use either the name or the Amazon Resource Name (ARN) to specify + a DB cluster snapshot. However, you can use only the ARN to specify a DB + snapshot. + + + Constraints: + + + - Must match the identifier of an existing Snapshot. + + + Valid for: Aurora DB clusters and Multi-AZ DB clusters + type: string + sourceRegion: + description: |- + SourceRegion is the source region where the resource exists. This is not + sent over the wire and is only used for presigning. This value should always + have the same region as the source ARN. + type: string + storageEncrypted: + description: |- + A value that indicates whether the DB cluster is encrypted. + + + Valid for: Aurora DB clusters and Multi-AZ DB clusters + type: boolean + storageType: + description: |- + Specifies the storage type to be associated with the DB cluster. + + + This setting is required to create a Multi-AZ DB cluster. + + + Valid values: io1 + + + When specified, a value for the Iops parameter is required. + + + Default: io1 + + + Valid for: Multi-AZ DB clusters only + type: string + tags: + description: |- + Tags to assign to the DB cluster. + + + Valid for: Aurora DB clusters and Multi-AZ DB clusters + items: + description: |- + Metadata assigned to an Amazon RDS resource consisting of a key-value pair. + + + For more information, see Tagging Amazon RDS Resources (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html) + in the Amazon RDS User Guide. + properties: + key: + type: string + value: + type: string + type: object + type: array + vpcSecurityGroupIDs: + description: |- + A list of EC2 VPC security groups to associate with this DB cluster. + + + Valid for: Aurora DB clusters and Multi-AZ DB clusters + items: + type: string + type: array + vpcSecurityGroupRefs: + items: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + type: object + type: object + type: array + required: + - dbClusterIdentifier + - engine + type: object + status: + description: DBClusterStatus defines the observed state of DBCluster + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + activityStreamKMSKeyID: + description: |- + The Amazon Web Services KMS key identifier used for encrypting messages in + the database activity stream. + + + The Amazon Web Services KMS key identifier is the key ARN, key ID, alias + ARN, or alias name for the KMS key. + type: string + activityStreamKinesisStreamName: + description: |- + The name of the Amazon Kinesis data stream used for the database activity + stream. + type: string + activityStreamMode: + description: |- + The mode of the database activity stream. Database events such as a change + or access generate an activity stream event. The database session can handle + these events either synchronously or asynchronously. + type: string + activityStreamStatus: + description: The status of the database activity stream. + type: string + associatedRoles: + description: |- + Provides a list of the Amazon Web Services Identity and Access Management + (IAM) roles that are associated with the DB cluster. IAM roles that are associated + with a DB cluster grant permission for the DB cluster to access other Amazon + Web Services on your behalf. + items: + description: |- + Describes an Amazon Web Services Identity and Access Management (IAM) role + that is associated with a DB cluster. + properties: + featureName: + type: string + roleARN: + type: string + status: + type: string + type: object + type: array + automaticRestartTime: + description: The time when a stopped DB cluster is restarted automatically. + format: date-time + type: string + backtrackConsumedChangeRecords: + description: The number of change records stored for Backtrack. + format: int64 + type: integer + capacity: + description: |- + The current capacity of an Aurora Serverless v1 DB cluster. The capacity + is 0 (zero) when the cluster is paused. + + + For more information about Aurora Serverless v1, see Using Amazon Aurora + Serverless v1 (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless.html) + in the Amazon Aurora User Guide. + format: int64 + type: integer + cloneGroupID: + description: Identifies the clone group to which the DB cluster is + associated. + type: string + clusterCreateTime: + description: |- + Specifies the time when the DB cluster was created, in Universal Coordinated + Time (UTC). + format: date-time + type: string + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + crossAccountClone: + description: |- + Specifies whether the DB cluster is a clone of a DB cluster owned by a different + Amazon Web Services account. + type: boolean + customEndpoints: + description: Identifies all custom endpoints associated with the cluster. + items: + type: string + type: array + dbClusterMembers: + description: Provides the list of instances that make up the DB cluster. + items: + description: Contains information about an instance that is part + of a DB cluster. + properties: + dbClusterParameterGroupStatus: + type: string + dbInstanceIdentifier: + type: string + isClusterWriter: + type: boolean + promotionTier: + format: int64 + type: integer + type: object + type: array + dbClusterOptionGroupMemberships: + description: Provides the list of option group memberships for this + DB cluster. + items: + description: Contains status information for a DB cluster option + group. + properties: + dbClusterOptionGroupName: + type: string + status: + type: string + type: object + type: array + dbClusterParameterGroup: + description: Specifies the name of the DB cluster parameter group + for the DB cluster. + type: string + dbClusterResourceID: + description: |- + The Amazon Web Services Region-unique, immutable identifier for the DB cluster. + This identifier is found in Amazon Web Services CloudTrail log entries whenever + the KMS key for the DB cluster is accessed. + type: string + dbSubnetGroup: + description: |- + Specifies information on the subnet group associated with the DB cluster, + including the name, description, and subnets in the subnet group. + type: string + domainMemberships: + description: The Active Directory Domain membership records associated + with the DB cluster. + items: + description: |- + An Active Directory Domain membership record associated with the DB instance + or cluster. + properties: + domain: + type: string + fQDN: + type: string + iamRoleName: + type: string + status: + type: string + type: object + type: array + earliestBacktrackTime: + description: The earliest time to which a DB cluster can be backtracked. + format: date-time + type: string + earliestRestorableTime: + description: |- + The earliest time to which a database can be restored with point-in-time + restore. + format: date-time + type: string + enabledCloudwatchLogsExports: + description: |- + A list of log types that this DB cluster is configured to export to CloudWatch + Logs. + + + Log types vary by DB engine. For information about the log types for each + DB engine, see Amazon RDS Database Log Files (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_LogAccess.html) + in the Amazon Aurora User Guide. + items: + type: string + type: array + endpoint: + description: Specifies the connection endpoint for the primary instance + of the DB cluster. + type: string + globalWriteForwardingRequested: + description: |- + Specifies whether you have requested to enable write forwarding for a secondary + cluster in an Aurora global database. Because write forwarding takes time + to enable, check the value of GlobalWriteForwardingStatus to confirm that + the request has completed before using the write forwarding feature for this + cluster. + type: boolean + globalWriteForwardingStatus: + description: |- + Specifies whether a secondary cluster in an Aurora global database has write + forwarding enabled, not enabled, or is in the process of enabling it. + type: string + hostedZoneID: + description: Specifies the ID that Amazon Route 53 assigns when you + create a hosted zone. + type: string + httpEndpointEnabled: + description: |- + A value that indicates whether the HTTP endpoint for an Aurora Serverless + v1 DB cluster is enabled. + + + When enabled, the HTTP endpoint provides a connectionless web service API + for running SQL queries on the Aurora Serverless v1 DB cluster. You can also + query your database from inside the RDS console with the query editor. + + + For more information, see Using the Data API for Aurora Serverless v1 (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/data-api.html) + in the Amazon Aurora User Guide. + type: boolean + iamDatabaseAuthenticationEnabled: + description: |- + A value that indicates whether the mapping of Amazon Web Services Identity + and Access Management (IAM) accounts to database accounts is enabled. + type: boolean + latestRestorableTime: + description: |- + Specifies the latest time to which a database can be restored with point-in-time + restore. + format: date-time + type: string + masterUserSecret: + description: |- + Contains the secret managed by RDS in Amazon Web Services Secrets Manager + for the master user password. + + + For more information, see Password management with Amazon Web Services Secrets + Manager (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html) + in the Amazon RDS User Guide and Password management with Amazon Web Services + Secrets Manager (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-secrets-manager.html) + in the Amazon Aurora User Guide. + properties: + kmsKeyID: + type: string + secretARN: + type: string + secretStatus: + type: string + type: object + multiAZ: + description: Specifies whether the DB cluster has instances in multiple + Availability Zones. + type: boolean + pendingModifiedValues: + description: |- + A value that specifies that changes to the DB cluster are pending. This element + is only included when changes are pending. Specific changes are identified + by subelements. + properties: + allocatedStorage: + format: int64 + type: integer + backupRetentionPeriod: + format: int64 + type: integer + dbClusterIdentifier: + type: string + engineVersion: + type: string + iamDatabaseAuthenticationEnabled: + type: boolean + iops: + format: int64 + type: integer + masterUserPassword: + type: string + pendingCloudwatchLogsExports: + description: |- + A list of the log types whose configuration is still pending. In other words, + these log types are in the process of being activated or deactivated. + properties: + logTypesToDisable: + items: + type: string + type: array + logTypesToEnable: + items: + type: string + type: array + type: object + type: object + percentProgress: + description: Specifies the progress of the operation as a percentage. + type: string + performanceInsightsEnabled: + description: |- + True if Performance Insights is enabled for the DB cluster, and otherwise + false. + + + This setting is only for non-Aurora Multi-AZ DB clusters. + type: boolean + readReplicaIdentifiers: + description: |- + Contains one or more identifiers of the read replicas associated with this + DB cluster. + items: + type: string + type: array + readerEndpoint: + description: |- + The reader endpoint for the DB cluster. The reader endpoint for a DB cluster + load-balances connections across the Aurora Replicas that are available in + a DB cluster. As clients request new connections to the reader endpoint, + Aurora distributes the connection requests among the Aurora Replicas in the + DB cluster. This functionality can help balance your read workload across + multiple Aurora Replicas in your DB cluster. + + + If a failover occurs, and the Aurora Replica that you are connected to is + promoted to be the primary instance, your connection is dropped. To continue + sending your read workload to other Aurora Replicas in the cluster, you can + then reconnect to the reader endpoint. + type: string + status: + description: Specifies the current state of this DB cluster. + type: string + tagList: + items: + description: |- + Metadata assigned to an Amazon RDS resource consisting of a key-value pair. + + + For more information, see Tagging Amazon RDS Resources (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html) + in the Amazon RDS User Guide. + properties: + key: + type: string + value: + type: string + type: object + type: array + vpcSecurityGroups: + description: Provides a list of VPC security groups that the DB cluster + belongs to. + items: + description: |- + This data type is used as a response element for queries on VPC security + group membership. + properties: + status: + type: string + vpcSecurityGroupID: + type: string + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/internal/configure-pipeline/dependencies/rds.services.k8s.aws_dbinstances.yaml b/internal/configure-pipeline/dependencies/rds.services.k8s.aws_dbinstances.yaml new file mode 100644 index 0000000..c76ee21 --- /dev/null +++ b/internal/configure-pipeline/dependencies/rds.services.k8s.aws_dbinstances.yaml @@ -0,0 +1,2478 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: dbinstances.rds.services.k8s.aws +spec: + group: rds.services.k8s.aws + names: + kind: DBInstance + listKind: DBInstanceList + plural: dbinstances + singular: dbinstance + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.dbInstanceStatus + name: STATUS + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: DBInstance is the Schema for the DBInstances API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + DBInstanceSpec defines the desired state of DBInstance. + + + Contains the details of an Amazon RDS DB instance. + + + This data type is used as a response element in the operations CreateDBInstance, + CreateDBInstanceReadReplica, DeleteDBInstance, DescribeDBInstances, ModifyDBInstance, + PromoteReadReplica, RebootDBInstance, RestoreDBInstanceFromDBSnapshot, RestoreDBInstanceFromS3, + RestoreDBInstanceToPointInTime, StartDBInstance, and StopDBInstance. + properties: + allocatedStorage: + description: |- + The amount of storage in gibibytes (GiB) to allocate for the DB instance. + + + Type: Integer + + + # Amazon Aurora + + + Not applicable. Aurora cluster volumes automatically grow as the amount of + data in your database increases, though you are only charged for the space + that you use in an Aurora cluster volume. + + + # Amazon RDS Custom + + + Constraints to the amount of storage for each storage type are the following: + + + - General Purpose (SSD) storage (gp2, gp3): Must be an integer from 40 + to 65536 for RDS Custom for Oracle, 16384 for RDS Custom for SQL Server. + + + - Provisioned IOPS storage (io1): Must be an integer from 40 to 65536 + for RDS Custom for Oracle, 16384 for RDS Custom for SQL Server. + + + # MySQL + + + Constraints to the amount of storage for each storage type are the following: + + + - General Purpose (SSD) storage (gp2, gp3): Must be an integer from 20 + to 65536. + + + - Provisioned IOPS storage (io1): Must be an integer from 100 to 65536. + + + - Magnetic storage (standard): Must be an integer from 5 to 3072. + + + # MariaDB + + + Constraints to the amount of storage for each storage type are the following: + + + - General Purpose (SSD) storage (gp2, gp3): Must be an integer from 20 + to 65536. + + + - Provisioned IOPS storage (io1): Must be an integer from 100 to 65536. + + + - Magnetic storage (standard): Must be an integer from 5 to 3072. + + + # PostgreSQL + + + Constraints to the amount of storage for each storage type are the following: + + + - General Purpose (SSD) storage (gp2, gp3): Must be an integer from 20 + to 65536. + + + - Provisioned IOPS storage (io1): Must be an integer from 100 to 65536. + + + - Magnetic storage (standard): Must be an integer from 5 to 3072. + + + # Oracle + + + Constraints to the amount of storage for each storage type are the following: + + + - General Purpose (SSD) storage (gp2, gp3): Must be an integer from 20 + to 65536. + + + - Provisioned IOPS storage (io1): Must be an integer from 100 to 65536. + + + - Magnetic storage (standard): Must be an integer from 10 to 3072. + + + # SQL Server + + + Constraints to the amount of storage for each storage type are the following: + + + - General Purpose (SSD) storage (gp2, gp3): Enterprise and Standard editions: + Must be an integer from 20 to 16384. Web and Express editions: Must be + an integer from 20 to 16384. + + + - Provisioned IOPS storage (io1): Enterprise and Standard editions: Must + be an integer from 100 to 16384. Web and Express editions: Must be an + integer from 100 to 16384. + + + - Magnetic storage (standard): Enterprise and Standard editions: Must + be an integer from 20 to 1024. Web and Express editions: Must be an integer + from 20 to 1024. + format: int64 + type: integer + autoMinorVersionUpgrade: + description: |- + A value that indicates whether minor engine upgrades are applied automatically + to the DB instance during the maintenance window. By default, minor engine + upgrades are applied automatically. + + + If you create an RDS Custom DB instance, you must set AutoMinorVersionUpgrade + to false. + type: boolean + availabilityZone: + description: |- + The Availability Zone (AZ) where the database will be created. For information + on Amazon Web Services Regions and Availability Zones, see Regions and Availability + Zones (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.html). + + + # Amazon Aurora + + + Each Aurora DB cluster hosts copies of its storage in three separate Availability + Zones. Specify one of these Availability Zones. Aurora automatically chooses + an appropriate Availability Zone if you don't specify one. + + + Default: A random, system-chosen Availability Zone in the endpoint's Amazon + Web Services Region. + + + Example: us-east-1d + + + Constraint: The AvailabilityZone parameter can't be specified if the DB instance + is a Multi-AZ deployment. The specified Availability Zone must be in the + same Amazon Web Services Region as the current endpoint. + type: string + backupRetentionPeriod: + description: |- + The number of days for which automated backups are retained. Setting this + parameter to a positive number enables backups. Setting this parameter to + 0 disables automated backups. + + + # Amazon Aurora + + + Not applicable. The retention period for automated backups is managed by + the DB cluster. + + + Default: 1 + + + Constraints: + + + - Must be a value from 0 to 35 + + + - Can't be set to 0 if the DB instance is a source to read replicas + + + - Can't be set to 0 for an RDS Custom for Oracle DB instance + format: int64 + type: integer + backupTarget: + description: |- + Specifies where automated backups and manual snapshots are stored. + + + Possible values are outposts (Amazon Web Services Outposts) and region (Amazon + Web Services Region). The default is region. + + + For more information, see Working with Amazon RDS on Amazon Web Services + Outposts (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-on-outposts.html) + in the Amazon RDS User Guide. + type: string + caCertificateIdentifier: + description: |- + Specifies the CA certificate identifier to use for the DB instance’s server + certificate. + + + This setting doesn't apply to RDS Custom. + + + For more information, see Using SSL/TLS to encrypt a connection to a DB instance + (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html) + in the Amazon RDS User Guide and Using SSL/TLS to encrypt a connection to + a DB cluster (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL.html) + in the Amazon Aurora User Guide. + type: string + characterSetName: + description: |- + For supported engines, this value indicates that the DB instance should be + associated with the specified CharacterSet. + + + This setting doesn't apply to RDS Custom. However, if you need to change + the character set, you can change it on the database itself. + + + # Amazon Aurora + + + Not applicable. The character set is managed by the DB cluster. For more + information, see CreateDBCluster. + type: string + copyTagsToSnapshot: + description: |- + A value that indicates whether to copy tags from the DB instance to snapshots + of the DB instance. By default, tags are not copied. + + + # Amazon Aurora + + + Not applicable. Copying tags to snapshots is managed by the DB cluster. Setting + this value for an Aurora DB instance has no effect on the DB cluster setting. + type: boolean + customIAMInstanceProfile: + description: |- + The instance profile associated with the underlying Amazon EC2 instance of + an RDS Custom DB instance. The instance profile must meet the following requirements: + + + - The profile must exist in your account. + + + - The profile must have an IAM role that Amazon EC2 has permissions to + assume. + + + - The instance profile name and the associated IAM role name must start + with the prefix AWSRDSCustom. + + + For the list of permissions required for the IAM role, see Configure IAM + and your VPC (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-setup-orcl.html#custom-setup-orcl.iam-vpc) + in the Amazon RDS User Guide. + + + This setting is required for RDS Custom. + type: string + dbClusterIdentifier: + description: |- + The identifier of the DB cluster that the instance will belong to. + + + This setting doesn't apply to RDS Custom. + type: string + dbClusterSnapshotIdentifier: + description: |- + The identifier for the RDS for MySQL Multi-AZ DB cluster snapshot to restore + from. + + + For more information on Multi-AZ DB clusters, see Multi-AZ DB cluster deployments + (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/multi-az-db-clusters-concepts.html) + in the Amazon RDS User Guide. + + + Constraints: + + + - Must match the identifier of an existing Multi-AZ DB cluster snapshot. + + + - Can't be specified when DBSnapshotIdentifier is specified. + + + - Must be specified when DBSnapshotIdentifier isn't specified. + + + - If you are restoring from a shared manual Multi-AZ DB cluster snapshot, + the DBClusterSnapshotIdentifier must be the ARN of the shared snapshot. + + + - Can't be the identifier of an Aurora DB cluster snapshot. + + + - Can't be the identifier of an RDS for PostgreSQL Multi-AZ DB cluster + snapshot. + type: string + dbInstanceClass: + description: |- + The compute and memory capacity of the DB instance, for example db.m5.large. + Not all DB instance classes are available in all Amazon Web Services Regions, + or for all database engines. For the full list of DB instance classes, and + availability for your engine, see DB instance classes (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html) + in the Amazon RDS User Guide or Aurora DB instance classes (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Concepts.DBInstanceClass.html) + in the Amazon Aurora User Guide. + type: string + dbInstanceIdentifier: + description: |- + The DB instance identifier. This parameter is stored as a lowercase string. + + + Constraints: + + + - Must contain from 1 to 63 letters, numbers, or hyphens. + + + - First character must be a letter. + + + - Can't end with a hyphen or contain two consecutive hyphens. + + + Example: mydbinstance + type: string + dbName: + description: |- + The meaning of this parameter differs according to the database engine you + use. + + + # MySQL + + + The name of the database to create when the DB instance is created. If this + parameter isn't specified, no database is created in the DB instance. + + + Constraints: + + + - Must contain 1 to 64 letters or numbers. + + + - Must begin with a letter. Subsequent characters can be letters, underscores, + or digits (0-9). + + + - Can't be a word reserved by the specified database engine + + + # MariaDB + + + The name of the database to create when the DB instance is created. If this + parameter isn't specified, no database is created in the DB instance. + + + Constraints: + + + - Must contain 1 to 64 letters or numbers. + + + - Must begin with a letter. Subsequent characters can be letters, underscores, + or digits (0-9). + + + - Can't be a word reserved by the specified database engine + + + # PostgreSQL + + + The name of the database to create when the DB instance is created. If this + parameter isn't specified, a database named postgres is created in the DB + instance. + + + Constraints: + + + - Must contain 1 to 63 letters, numbers, or underscores. + + + - Must begin with a letter. Subsequent characters can be letters, underscores, + or digits (0-9). + + + - Can't be a word reserved by the specified database engine + + + # Oracle + + + The Oracle System ID (SID) of the created DB instance. If you specify null, + the default value ORCL is used. You can't specify the string NULL, or any + other reserved word, for DBName. + + + Default: ORCL + + + Constraints: + + + - Can't be longer than 8 characters + + + # Amazon RDS Custom for Oracle + + + The Oracle System ID (SID) of the created RDS Custom DB instance. If you + don't specify a value, the default value is ORCL. + + + Default: ORCL + + + Constraints: + + + - It must contain 1 to 8 alphanumeric characters. + + + - It must contain a letter. + + + - It can't be a word reserved by the database engine. + + + # Amazon RDS Custom for SQL Server + + + Not applicable. Must be null. + + + # SQL Server + + + Not applicable. Must be null. + + + # Amazon Aurora MySQL + + + The name of the database to create when the primary DB instance of the Aurora + MySQL DB cluster is created. If this parameter isn't specified for an Aurora + MySQL DB cluster, no database is created in the DB cluster. + + + Constraints: + + + - It must contain 1 to 64 alphanumeric characters. + + + - It can't be a word reserved by the database engine. + + + # Amazon Aurora PostgreSQL + + + The name of the database to create when the primary DB instance of the Aurora + PostgreSQL DB cluster is created. If this parameter isn't specified for an + Aurora PostgreSQL DB cluster, a database named postgres is created in the + DB cluster. + + + Constraints: + + + - It must contain 1 to 63 alphanumeric characters. + + + - It must begin with a letter. Subsequent characters can be letters, underscores, + or digits (0 to 9). + + + - It can't be a word reserved by the database engine. + type: string + dbParameterGroupName: + description: |- + The name of the DB parameter group to associate with this DB instance. If + you do not specify a value, then the default DB parameter group for the specified + DB engine and version is used. + + + This setting doesn't apply to RDS Custom. + + + Constraints: + + + - It must be 1 to 255 letters, numbers, or hyphens. + + + - The first character must be a letter. + + + - It can't end with a hyphen or contain two consecutive hyphens. + type: string + dbParameterGroupRef: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + type: object + type: object + dbSnapshotIdentifier: + description: |- + The identifier for the DB snapshot to restore from. + + + Constraints: + + + - Must match the identifier of an existing DBSnapshot. + + + - Can't be specified when DBClusterSnapshotIdentifier is specified. + + + - Must be specified when DBClusterSnapshotIdentifier isn't specified. + + + - If you are restoring from a shared manual DB snapshot, the DBSnapshotIdentifier + must be the ARN of the shared DB snapshot. + type: string + dbSubnetGroupName: + description: |- + A DB subnet group to associate with this DB instance. + + + Constraints: Must match the name of an existing DBSubnetGroup. Must not be + default. + + + Example: mydbsubnetgroup + type: string + dbSubnetGroupRef: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + type: object + type: object + deletionProtection: + description: |- + A value that indicates whether the DB instance has deletion protection enabled. + The database can't be deleted when deletion protection is enabled. By default, + deletion protection isn't enabled. For more information, see Deleting a DB + Instance (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_DeleteInstance.html). + + + # Amazon Aurora + + + Not applicable. You can enable or disable deletion protection for the DB + cluster. For more information, see CreateDBCluster. DB instances in a DB + cluster can be deleted even when deletion protection is enabled for the DB + cluster. + type: boolean + destinationRegion: + description: DestinationRegion is used for presigning the request + to a given region. + type: string + domain: + description: |- + The Active Directory directory ID to create the DB instance in. Currently, + only MySQL, Microsoft SQL Server, Oracle, and PostgreSQL DB instances can + be created in an Active Directory Domain. + + + For more information, see Kerberos Authentication (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/kerberos-authentication.html) + in the Amazon RDS User Guide. + + + This setting doesn't apply to RDS Custom. + + + # Amazon Aurora + + + Not applicable. The domain is managed by the DB cluster. + type: string + domainIAMRoleName: + description: |- + Specify the name of the IAM role to be used when making API calls to the + Directory Service. + + + This setting doesn't apply to RDS Custom. + + + # Amazon Aurora + + + Not applicable. The domain is managed by the DB cluster. + type: string + enableCloudwatchLogsExports: + description: |- + The list of log types that need to be enabled for exporting to CloudWatch + Logs. The values in the list depend on the DB engine. For more information, + see Publishing Database Logs to Amazon CloudWatch Logs (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch) + in the Amazon RDS User Guide. + + + # Amazon Aurora + + + Not applicable. CloudWatch Logs exports are managed by the DB cluster. + + + # RDS Custom + + + Not applicable. + + + # MariaDB + + + Possible values are audit, error, general, and slowquery. + + + # Microsoft SQL Server + + + Possible values are agent and error. + + + # MySQL + + + Possible values are audit, error, general, and slowquery. + + + # Oracle + + + Possible values are alert, audit, listener, trace, and oemagent. + + + # PostgreSQL + + + Possible values are postgresql and upgrade. + items: + type: string + type: array + enableCustomerOwnedIP: + description: |- + A value that indicates whether to enable a customer-owned IP address (CoIP) + for an RDS on Outposts DB instance. + + + A CoIP provides local or external connectivity to resources in your Outpost + subnets through your on-premises network. For some use cases, a CoIP can + provide lower latency for connections to the DB instance from outside of + its virtual private cloud (VPC) on your local network. + + + For more information about RDS on Outposts, see Working with Amazon RDS on + Amazon Web Services Outposts (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-on-outposts.html) + in the Amazon RDS User Guide. + + + For more information about CoIPs, see Customer-owned IP addresses (https://docs.aws.amazon.com/outposts/latest/userguide/routing.html#ip-addressing) + in the Amazon Web Services Outposts User Guide. + type: boolean + enableIAMDatabaseAuthentication: + description: |- + A value that indicates whether to enable mapping of Amazon Web Services Identity + and Access Management (IAM) accounts to database accounts. By default, mapping + isn't enabled. + + + For more information, see IAM Database Authentication for MySQL and PostgreSQL + (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html) + in the Amazon RDS User Guide. + + + This setting doesn't apply to RDS Custom. + + + # Amazon Aurora + + + Not applicable. Mapping Amazon Web Services IAM accounts to database accounts + is managed by the DB cluster. + type: boolean + engine: + description: |- + The name of the database engine to be used for this instance. + + + Not every database engine is available for every Amazon Web Services Region. + + + Valid Values: + + + - aurora (for MySQL 5.6-compatible Aurora) + + + - aurora-mysql (for MySQL 5.7-compatible and MySQL 8.0-compatible Aurora) + + + - aurora-postgresql + + + - custom-oracle-ee (for RDS Custom for Oracle instances) + + + - custom-sqlserver-ee (for RDS Custom for SQL Server instances) + + + - custom-sqlserver-se (for RDS Custom for SQL Server instances) + + + - custom-sqlserver-web (for RDS Custom for SQL Server instances) + + + - mariadb + + + - mysql + + + - oracle-ee + + + - oracle-ee-cdb + + + - oracle-se2 + + + - oracle-se2-cdb + + + - postgres + + + - sqlserver-ee + + + - sqlserver-se + + + - sqlserver-ex + + + - sqlserver-web + type: string + engineVersion: + description: |- + The version number of the database engine to use. + + + For a list of valid engine versions, use the DescribeDBEngineVersions operation. + + + The following are the database engines and links to information about the + major and minor versions that are available with Amazon RDS. Not every database + engine is available for every Amazon Web Services Region. + + + # Amazon Aurora + + + Not applicable. The version number of the database engine to be used by the + DB instance is managed by the DB cluster. + + + # Amazon RDS Custom for Oracle + + + A custom engine version (CEV) that you have previously created. This setting + is required for RDS Custom for Oracle. The CEV name has the following format: + 19.customized_string. A valid CEV name is 19.my_cev1. For more information, + see Creating an RDS Custom for Oracle DB instance (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-creating.html#custom-creating.create) + in the Amazon RDS User Guide. + + + # Amazon RDS Custom for SQL Server + + + See RDS Custom for SQL Server general requirements (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-reqs-limits-MS.html) + in the Amazon RDS User Guide. + + + # MariaDB + + + For information, see MariaDB on Amazon RDS Versions (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MariaDB.html#MariaDB.Concepts.VersionMgmt) + in the Amazon RDS User Guide. + + + # Microsoft SQL Server + + + For information, see Microsoft SQL Server Versions on Amazon RDS (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html#SQLServer.Concepts.General.VersionSupport) + in the Amazon RDS User Guide. + + + # MySQL + + + For information, see MySQL on Amazon RDS Versions (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt) + in the Amazon RDS User Guide. + + + # Oracle + + + For information, see Oracle Database Engine Release Notes (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.Oracle.PatchComposition.html) + in the Amazon RDS User Guide. + + + # PostgreSQL + + + For information, see Amazon RDS for PostgreSQL versions and extensions (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts) + in the Amazon RDS User Guide. + type: string + iops: + description: |- + The amount of Provisioned IOPS (input/output operations per second) to be + initially allocated for the DB instance. For information about valid IOPS + values, see Amazon RDS DB instance storage (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Storage.html) + in the Amazon RDS User Guide. + + + Constraints: For MariaDB, MySQL, Oracle, and PostgreSQL DB instances, must + be a multiple between .5 and 50 of the storage amount for the DB instance. + For SQL Server DB instances, must be a multiple between 1 and 50 of the storage + amount for the DB instance. + + + # Amazon Aurora + + + Not applicable. Storage is managed by the DB cluster. + format: int64 + type: integer + kmsKeyID: + description: |- + The Amazon Web Services KMS key identifier for an encrypted DB instance. + + + The Amazon Web Services KMS key identifier is the key ARN, key ID, alias + ARN, or alias name for the KMS key. To use a KMS key in a different Amazon + Web Services account, specify the key ARN or alias ARN. + + + # Amazon Aurora + + + Not applicable. The Amazon Web Services KMS key identifier is managed by + the DB cluster. For more information, see CreateDBCluster. + + + If StorageEncrypted is enabled, and you do not specify a value for the KmsKeyId + parameter, then Amazon RDS uses your default KMS key. There is a default + KMS key for your Amazon Web Services account. Your Amazon Web Services account + has a different default KMS key for each Amazon Web Services Region. + + + # Amazon RDS Custom + + + A KMS key is required for RDS Custom instances. For most RDS engines, if + you leave this parameter empty while enabling StorageEncrypted, the engine + uses the default KMS key. However, RDS Custom doesn't use the default key + when this parameter is empty. You must explicitly specify a key. + type: string + kmsKeyRef: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + type: object + type: object + licenseModel: + description: |- + License model information for this DB instance. + + + Valid values: license-included | bring-your-own-license | general-public-license + + + This setting doesn't apply to RDS Custom. + + + # Amazon Aurora + + + Not applicable. + type: string + manageMasterUserPassword: + description: |- + A value that indicates whether to manage the master user password with Amazon + Web Services Secrets Manager. + + + For more information, see Password management with Amazon Web Services Secrets + Manager (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html) + in the Amazon RDS User Guide. + + + Constraints: + + + - Can't manage the master user password with Amazon Web Services Secrets + Manager if MasterUserPassword is specified. + type: boolean + masterUserPassword: + description: |- + The password for the master user. The password can include any printable + ASCII character except "/", """, or "@". + + + # Amazon Aurora + + + Not applicable. The password for the master user is managed by the DB cluster. + + + Constraints: Can't be specified if ManageMasterUserPassword is turned on. + + + # MariaDB + + + Constraints: Must contain from 8 to 41 characters. + + + # Microsoft SQL Server + + + Constraints: Must contain from 8 to 128 characters. + + + # MySQL + + + Constraints: Must contain from 8 to 41 characters. + + + # Oracle + + + Constraints: Must contain from 8 to 30 characters. + + + # PostgreSQL + + + Constraints: Must contain from 8 to 128 characters. + properties: + key: + description: Key is the key within the secret + type: string + name: + description: name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: namespace defines the space within which the secret + name must be unique. + type: string + required: + - key + type: object + x-kubernetes-map-type: atomic + masterUserSecretKMSKeyID: + description: |- + The Amazon Web Services KMS key identifier to encrypt a secret that is automatically + generated and managed in Amazon Web Services Secrets Manager. + + + This setting is valid only if the master user password is managed by RDS + in Amazon Web Services Secrets Manager for the DB instance. + + + The Amazon Web Services KMS key identifier is the key ARN, key ID, alias + ARN, or alias name for the KMS key. To use a KMS key in a different Amazon + Web Services account, specify the key ARN or alias ARN. + + + If you don't specify MasterUserSecretKmsKeyId, then the aws/secretsmanager + KMS key is used to encrypt the secret. If the secret is in a different Amazon + Web Services account, then you can't use the aws/secretsmanager KMS key to + encrypt the secret, and you must use a customer managed KMS key. + + + There is a default KMS key for your Amazon Web Services account. Your Amazon + Web Services account has a different default KMS key for each Amazon Web + Services Region. + type: string + masterUserSecretKMSKeyRef: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + type: object + type: object + masterUsername: + description: |- + The name for the master user. + + + # Amazon Aurora + + + Not applicable. The name for the master user is managed by the DB cluster. + + + # Amazon RDS + + + Constraints: + + + - Required. + + + - Must be 1 to 16 letters, numbers, or underscores. + + + - First character must be a letter. + + + - Can't be a reserved word for the chosen database engine. + type: string + maxAllocatedStorage: + description: |- + The upper limit in gibibytes (GiB) to which Amazon RDS can automatically + scale the storage of the DB instance. + + + For more information about this setting, including limitations that apply + to it, see Managing capacity automatically with Amazon RDS storage autoscaling + (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PIOPS.StorageTypes.html#USER_PIOPS.Autoscaling) + in the Amazon RDS User Guide. + + + This setting doesn't apply to RDS Custom. + + + # Amazon Aurora + + + Not applicable. Storage is managed by the DB cluster. + format: int64 + type: integer + monitoringInterval: + description: |- + The interval, in seconds, between points when Enhanced Monitoring metrics + are collected for the DB instance. To disable collection of Enhanced Monitoring + metrics, specify 0. The default is 0. + + + If MonitoringRoleArn is specified, then you must set MonitoringInterval to + a value other than 0. + + + This setting doesn't apply to RDS Custom. + + + Valid Values: 0, 1, 5, 10, 15, 30, 60 + format: int64 + type: integer + monitoringRoleARN: + description: |- + The ARN for the IAM role that permits RDS to send enhanced monitoring metrics + to Amazon CloudWatch Logs. For example, arn:aws:iam:123456789012:role/emaccess. + For information on creating a monitoring role, see Setting Up and Enabling + Enhanced Monitoring (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Monitoring.OS.html#USER_Monitoring.OS.Enabling) + in the Amazon RDS User Guide. + + + If MonitoringInterval is set to a value other than 0, then you must supply + a MonitoringRoleArn value. + + + This setting doesn't apply to RDS Custom. + type: string + multiAZ: + description: |- + A value that indicates whether the DB instance is a Multi-AZ deployment. + You can't set the AvailabilityZone parameter if the DB instance is a Multi-AZ + deployment. + + + This setting doesn't apply to RDS Custom. + + + # Amazon Aurora + + + Not applicable. DB instance Availability Zones (AZs) are managed by the DB + cluster. + type: boolean + ncharCharacterSetName: + description: |- + The name of the NCHAR character set for the Oracle DB instance. + + + This parameter doesn't apply to RDS Custom. + type: string + networkType: + description: |- + The network type of the DB instance. + + + Valid values: + + + - IPV4 + + + - DUAL + + + The network type is determined by the DBSubnetGroup specified for the DB + instance. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 + and the IPv6 protocols (DUAL). + + + For more information, see Working with a DB instance in a VPC (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html) + in the Amazon RDS User Guide. + type: string + optionGroupName: + description: |- + A value that indicates that the DB instance should be associated with the + specified option group. + + + Permanent options, such as the TDE option for Oracle Advanced Security TDE, + can't be removed from an option group. Also, that option group can't be removed + from a DB instance after it is associated with a DB instance. + + + This setting doesn't apply to RDS Custom. + + + # Amazon Aurora + + + Not applicable. + type: string + performanceInsightsEnabled: + description: |- + A value that indicates whether to enable Performance Insights for the DB + instance. For more information, see Using Amazon Performance Insights (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.html) + in the Amazon RDS User Guide. + + + This setting doesn't apply to RDS Custom. + type: boolean + performanceInsightsKMSKeyID: + description: |- + The Amazon Web Services KMS key identifier for encryption of Performance + Insights data. + + + The Amazon Web Services KMS key identifier is the key ARN, key ID, alias + ARN, or alias name for the KMS key. + + + If you do not specify a value for PerformanceInsightsKMSKeyId, then Amazon + RDS uses your default KMS key. There is a default KMS key for your Amazon + Web Services account. Your Amazon Web Services account has a different default + KMS key for each Amazon Web Services Region. + + + This setting doesn't apply to RDS Custom. + type: string + performanceInsightsRetentionPeriod: + description: |- + The number of days to retain Performance Insights data. The default is 7 + days. The following values are valid: + + + - 7 + + + - month * 31, where month is a number of months from 1-23 + + + - 731 + + + For example, the following values are valid: + + + - 93 (3 months * 31) + + + - 341 (11 months * 31) + + + - 589 (19 months * 31) + + + - 731 + + + If you specify a retention period such as 94, which isn't a valid value, + RDS issues an error. + + + This setting doesn't apply to RDS Custom. + format: int64 + type: integer + port: + description: |- + The port number on which the database accepts connections. + + + # MySQL + + + Default: 3306 + + + Valid values: 1150-65535 + + + Type: Integer + + + # MariaDB + + + Default: 3306 + + + Valid values: 1150-65535 + + + Type: Integer + + + # PostgreSQL + + + Default: 5432 + + + Valid values: 1150-65535 + + + Type: Integer + + + # Oracle + + + Default: 1521 + + + Valid values: 1150-65535 + + + # SQL Server + + + Default: 1433 + + + Valid values: 1150-65535 except 1234, 1434, 3260, 3343, 3389, 47001, and + 49152-49156. + + + # Amazon Aurora + + + Default: 3306 + + + Valid values: 1150-65535 + + + Type: Integer + format: int64 + type: integer + preSignedURL: + description: |- + When you are creating a read replica from one Amazon Web Services GovCloud + (US) Region to another or from one China Amazon Web Services Region to another, + the URL that contains a Signature Version 4 signed request for the CreateDBInstanceReadReplica + API operation in the source Amazon Web Services Region that contains the + source DB instance. + + + This setting applies only to Amazon Web Services GovCloud (US) Regions and + China Amazon Web Services Regions. It's ignored in other Amazon Web Services + Regions. + + + This setting applies only when replicating from a source DB instance. Source + DB clusters aren't supported in Amazon Web Services GovCloud (US) Regions + and China Amazon Web Services Regions. + + + You must specify this parameter when you create an encrypted read replica + from another Amazon Web Services Region by using the Amazon RDS API. Don't + specify PreSignedUrl when you are creating an encrypted read replica in the + same Amazon Web Services Region. + + + The presigned URL must be a valid request for the CreateDBInstanceReadReplica + API operation that can run in the source Amazon Web Services Region that + contains the encrypted source DB instance. The presigned URL request must + contain the following parameter values: + + + - DestinationRegion - The Amazon Web Services Region that the encrypted + read replica is created in. This Amazon Web Services Region is the same + one where the CreateDBInstanceReadReplica operation is called that contains + this presigned URL. For example, if you create an encrypted DB instance + in the us-west-1 Amazon Web Services Region, from a source DB instance + in the us-east-2 Amazon Web Services Region, then you call the CreateDBInstanceReadReplica + operation in the us-east-1 Amazon Web Services Region and provide a presigned + URL that contains a call to the CreateDBInstanceReadReplica operation + in the us-west-2 Amazon Web Services Region. For this example, the DestinationRegion + in the presigned URL must be set to the us-east-1 Amazon Web Services + Region. + + + - KmsKeyId - The KMS key identifier for the key to use to encrypt the + read replica in the destination Amazon Web Services Region. This is the + same identifier for both the CreateDBInstanceReadReplica operation that + is called in the destination Amazon Web Services Region, and the operation + contained in the presigned URL. + + + - SourceDBInstanceIdentifier - The DB instance identifier for the encrypted + DB instance to be replicated. This identifier must be in the Amazon Resource + Name (ARN) format for the source Amazon Web Services Region. For example, + if you are creating an encrypted read replica from a DB instance in the + us-west-2 Amazon Web Services Region, then your SourceDBInstanceIdentifier + looks like the following example: arn:aws:rds:us-west-2:123456789012:instance:mysql-instance1-20161115. + + + To learn how to generate a Signature Version 4 signed request, see Authenticating + Requests: Using Query Parameters (Amazon Web Services Signature Version 4) + (https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html) + and Signature Version 4 Signing Process (https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html). + + + If you are using an Amazon Web Services SDK tool or the CLI, you can specify + SourceRegion (or --source-region for the CLI) instead of specifying PreSignedUrl + manually. Specifying SourceRegion autogenerates a presigned URL that is a + valid request for the operation that can run in the source Amazon Web Services + Region. + + + SourceRegion isn't supported for SQL Server, because Amazon RDS for SQL Server + doesn't support cross-Region read replicas. + + + This setting doesn't apply to RDS Custom. + type: string + preferredBackupWindow: + description: |- + The daily time range during which automated backups are created if automated + backups are enabled, using the BackupRetentionPeriod parameter. The default + is a 30-minute window selected at random from an 8-hour block of time for + each Amazon Web Services Region. For more information, see Backup window + (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html#USER_WorkingWithAutomatedBackups.BackupWindow) + in the Amazon RDS User Guide. + + + # Amazon Aurora + + + Not applicable. The daily time range for creating automated backups is managed + by the DB cluster. + + + Constraints: + + + - Must be in the format hh24:mi-hh24:mi. + + + - Must be in Universal Coordinated Time (UTC). + + + - Must not conflict with the preferred maintenance window. + + + - Must be at least 30 minutes. + type: string + preferredMaintenanceWindow: + description: |- + The time range each week during which system maintenance can occur, in Universal + Coordinated Time (UTC). For more information, see Amazon RDS Maintenance + Window (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Maintenance.html#Concepts.DBMaintenance). + + + Format: ddd:hh24:mi-ddd:hh24:mi + + + The default is a 30-minute window selected at random from an 8-hour block + of time for each Amazon Web Services Region, occurring on a random day of + the week. + + + Valid Days: Mon, Tue, Wed, Thu, Fri, Sat, Sun. + + + Constraints: Minimum 30-minute window. + type: string + processorFeatures: + description: |- + The number of CPU cores and the number of threads per core for the DB instance + class of the DB instance. + + + This setting doesn't apply to RDS Custom. + + + # Amazon Aurora + + + Not applicable. + items: + description: |- + Contains the processor features of a DB instance class. + + + To specify the number of CPU cores, use the coreCount feature name for the + Name parameter. To specify the number of threads per core, use the threadsPerCore + feature name for the Name parameter. + + + You can set the processor features of the DB instance class for a DB instance + when you call one of the following actions: + + + - CreateDBInstance + + + - ModifyDBInstance + + + - RestoreDBInstanceFromDBSnapshot + + + - RestoreDBInstanceFromS3 + + + - RestoreDBInstanceToPointInTime + + + You can view the valid processor values for a particular instance class by + calling the DescribeOrderableDBInstanceOptions action and specifying the + instance class for the DBInstanceClass parameter. + + + In addition, you can use the following actions for DB instance class processor + information: + + + - DescribeDBInstances + + + - DescribeDBSnapshots + + + - DescribeValidDBInstanceModifications + + + If you call DescribeDBInstances, ProcessorFeature returns non-null values + only if the following conditions are met: + + + - You are accessing an Oracle DB instance. + + + - Your Oracle DB instance class supports configuring the number of CPU + cores and threads per core. + + + - The current number CPU cores and threads is set to a non-default value. + + + For more information, see Configuring the Processor of the DB Instance Class + (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html#USER_ConfigureProcessor) + in the Amazon RDS User Guide. + properties: + name: + type: string + value: + type: string + type: object + type: array + promotionTier: + description: |- + A value that specifies the order in which an Aurora Replica is promoted to + the primary instance after a failure of the existing primary instance. For + more information, see Fault Tolerance for an Aurora DB Cluster (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Managing.Backups.html#Aurora.Managing.FaultTolerance) + in the Amazon Aurora User Guide. + + + This setting doesn't apply to RDS Custom. + + + Default: 1 + + + Valid Values: 0 - 15 + format: int64 + type: integer + publiclyAccessible: + description: |- + A value that indicates whether the DB instance is publicly accessible. + + + When the DB instance is publicly accessible, its Domain Name System (DNS) + endpoint resolves to the private IP address from within the DB instance's + virtual private cloud (VPC). It resolves to the public IP address from outside + of the DB instance's VPC. Access to the DB instance is ultimately controlled + by the security group it uses. That public access is not permitted if the + security group assigned to the DB instance doesn't permit it. + + + When the DB instance isn't publicly accessible, it is an internal DB instance + with a DNS name that resolves to a private IP address. + + + Default: The default behavior varies depending on whether DBSubnetGroupName + is specified. + + + If DBSubnetGroupName isn't specified, and PubliclyAccessible isn't specified, + the following applies: + + + - If the default VPC in the target Region doesn’t have an internet gateway + attached to it, the DB instance is private. + + + - If the default VPC in the target Region has an internet gateway attached + to it, the DB instance is public. + + + If DBSubnetGroupName is specified, and PubliclyAccessible isn't specified, + the following applies: + + + - If the subnets are part of a VPC that doesn’t have an internet gateway + attached to it, the DB instance is private. + + + - If the subnets are part of a VPC that has an internet gateway attached + to it, the DB instance is public. + type: boolean + replicaMode: + description: |- + The open mode of the replica database: mounted or read-only. + + + This parameter is only supported for Oracle DB instances. + + + Mounted DB replicas are included in Oracle Database Enterprise Edition. The + main use case for mounted replicas is cross-Region disaster recovery. The + primary database doesn't use Active Data Guard to transmit information to + the mounted replica. Because it doesn't accept user connections, a mounted + replica can't serve a read-only workload. + + + You can create a combination of mounted and read-only DB replicas for the + same primary DB instance. For more information, see Working with Oracle Read + Replicas for Amazon RDS (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/oracle-read-replicas.html) + in the Amazon RDS User Guide. + + + For RDS Custom, you must specify this parameter and set it to mounted. The + value won't be set by default. After replica creation, you can manage the + open mode manually. + type: string + sourceDBInstanceIdentifier: + description: |- + The identifier of the DB instance that will act as the source for the read + replica. Each DB instance can have up to 15 read replicas, with the exception + of Oracle and SQL Server, which can have up to five. + + + Constraints: + + + - Must be the identifier of an existing MySQL, MariaDB, Oracle, PostgreSQL, + or SQL Server DB instance. + + + - Can't be specified if the SourceDBClusterIdentifier parameter is also + specified. + + + - For the limitations of Oracle read replicas, see Version and licensing + considerations for RDS for Oracle replicas (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/oracle-read-replicas.limitations.html#oracle-read-replicas.limitations.versions-and-licenses) + in the Amazon RDS User Guide. + + + - For the limitations of SQL Server read replicas, see Read replica limitations + with SQL Server (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/SQLServer.ReadReplicas.html#SQLServer.ReadReplicas.Limitations) + in the Amazon RDS User Guide. + + + - The specified DB instance must have automatic backups enabled, that + is, its backup retention period must be greater than 0. + + + - If the source DB instance is in the same Amazon Web Services Region + as the read replica, specify a valid DB instance identifier. + + + - If the source DB instance is in a different Amazon Web Services Region + from the read replica, specify a valid DB instance ARN. For more information, + see Constructing an ARN for Amazon RDS (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.ARN.html#USER_Tagging.ARN.Constructing) + in the Amazon RDS User Guide. This doesn't apply to SQL Server or RDS + Custom, which don't support cross-Region replicas. + type: string + sourceRegion: + description: |- + SourceRegion is the source region where the resource exists. This is not + sent over the wire and is only used for presigning. This value should always + have the same region as the source ARN. + type: string + storageEncrypted: + description: |- + A value that indicates whether the DB instance is encrypted. By default, + it isn't encrypted. + + + For RDS Custom instances, either set this parameter to true or leave it unset. + If you set this parameter to false, RDS reports an error. + + + # Amazon Aurora + + + Not applicable. The encryption for DB instances is managed by the DB cluster. + type: boolean + storageThroughput: + description: |- + Specifies the storage throughput value for the DB instance. + + + This setting applies only to the gp3 storage type. + + + This setting doesn't apply to RDS Custom or Amazon Aurora. + format: int64 + type: integer + storageType: + description: |- + Specifies the storage type to be associated with the DB instance. + + + Valid values: gp2 | gp3 | io1 | standard + + + If you specify io1 or gp3, you must also include a value for the Iops parameter. + + + Default: io1 if the Iops parameter is specified, otherwise gp2 + + + # Amazon Aurora + + + Not applicable. Storage is managed by the DB cluster. + type: string + tags: + description: Tags to assign to the DB instance. + items: + description: |- + Metadata assigned to an Amazon RDS resource consisting of a key-value pair. + + + For more information, see Tagging Amazon RDS Resources (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html) + in the Amazon RDS User Guide. + properties: + key: + type: string + value: + type: string + type: object + type: array + tdeCredentialARN: + description: |- + The ARN from the key store with which to associate the instance for TDE encryption. + + + This setting doesn't apply to RDS Custom. + + + # Amazon Aurora + + + Not applicable. + type: string + tdeCredentialPassword: + description: |- + The password for the given ARN from the key store in order to access the + device. + + + This setting doesn't apply to RDS Custom. + type: string + timezone: + description: |- + The time zone of the DB instance. The time zone parameter is currently supported + only by Microsoft SQL Server (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html#SQLServer.Concepts.General.TimeZone). + type: string + useDefaultProcessorFeatures: + description: |- + A value that indicates whether the DB instance class of the DB instance uses + its default processor features. + + + This setting doesn't apply to RDS Custom. + type: boolean + vpcSecurityGroupIDs: + description: |- + A list of Amazon EC2 VPC security groups to associate with this DB instance. + + + # Amazon Aurora + + + Not applicable. The associated list of EC2 VPC security groups is managed + by the DB cluster. + + + Default: The default EC2 VPC security group for the DB subnet group's VPC. + items: + type: string + type: array + vpcSecurityGroupRefs: + items: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + type: object + type: object + type: array + required: + - dbInstanceClass + - dbInstanceIdentifier + - engine + type: object + status: + description: DBInstanceStatus defines the observed state of DBInstance + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + activityStreamEngineNativeAuditFieldsIncluded: + description: |- + Indicates whether engine-native audit fields are included in the database + activity stream. + type: boolean + activityStreamKMSKeyID: + description: |- + The Amazon Web Services KMS key identifier used for encrypting messages in + the database activity stream. The Amazon Web Services KMS key identifier + is the key ARN, key ID, alias ARN, or alias name for the KMS key. + type: string + activityStreamKinesisStreamName: + description: |- + The name of the Amazon Kinesis data stream used for the database activity + stream. + type: string + activityStreamMode: + description: |- + The mode of the database activity stream. Database events such as a change + or access generate an activity stream event. RDS for Oracle always handles + these events asynchronously. + type: string + activityStreamPolicyStatus: + description: The status of the policy state of the activity stream. + type: string + activityStreamStatus: + description: The status of the database activity stream. + type: string + associatedRoles: + description: |- + The Amazon Web Services Identity and Access Management (IAM) roles associated + with the DB instance. + items: + description: |- + Describes an Amazon Web Services Identity and Access Management (IAM) role + that is associated with a DB instance. + properties: + featureName: + type: string + roleARN: + type: string + status: + type: string + type: object + type: array + automaticRestartTime: + description: The time when a stopped DB instance is restarted automatically. + format: date-time + type: string + automationMode: + description: |- + The automation mode of the RDS Custom DB instance: full or all paused. If + full, the DB instance automates monitoring and instance recovery. If all + paused, the instance pauses automation for the duration set by --resume-full-automation-mode-minutes. + type: string + awsBackupRecoveryPointARN: + description: |- + The Amazon Resource Name (ARN) of the recovery point in Amazon Web Services + Backup. + type: string + certificateDetails: + description: The details of the DB instance's server certificate. + properties: + cAIdentifier: + type: string + validTill: + format: date-time + type: string + type: object + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + customerOwnedIPEnabled: + description: |- + Specifies whether a customer-owned IP address (CoIP) is enabled for an RDS + on Outposts DB instance. + + + A CoIP provides local or external connectivity to resources in your Outpost + subnets through your on-premises network. For some use cases, a CoIP can + provide lower latency for connections to the DB instance from outside of + its virtual private cloud (VPC) on your local network. + + + For more information about RDS on Outposts, see Working with Amazon RDS on + Amazon Web Services Outposts (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-on-outposts.html) + in the Amazon RDS User Guide. + + + For more information about CoIPs, see Customer-owned IP addresses (https://docs.aws.amazon.com/outposts/latest/userguide/routing.html#ip-addressing) + in the Amazon Web Services Outposts User Guide. + type: boolean + dbInstanceAutomatedBackupsReplications: + description: The list of replicated automated backups associated with + the DB instance. + items: + description: |- + Automated backups of a DB instance replicated to another Amazon Web Services + Region. They consist of system backups, transaction logs, and database instance + properties. + properties: + dbInstanceAutomatedBackupsARN: + type: string + type: object + type: array + dbInstancePort: + description: |- + Specifies the port that the DB instance listens on. If the DB instance is + part of a DB cluster, this can be a different port than the DB cluster port. + format: int64 + type: integer + dbInstanceStatus: + description: |- + Specifies the current state of this database. + + + For information about DB instance statuses, see Viewing DB instance status + (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/accessing-monitoring.html#Overview.DBInstance.Status) + in the Amazon RDS User Guide. + type: string + dbParameterGroups: + description: Provides the list of DB parameter groups applied to this + DB instance. + items: + description: |- + The status of the DB parameter group. + + + This data type is used as a response element in the following actions: + + + - CreateDBInstance + + + - CreateDBInstanceReadReplica + + + - DeleteDBInstance + + + - ModifyDBInstance + + + - RebootDBInstance + + + - RestoreDBInstanceFromDBSnapshot + properties: + dbParameterGroupName: + type: string + parameterApplyStatus: + type: string + type: object + type: array + dbSubnetGroup: + description: |- + Specifies information on the subnet group associated with the DB instance, + including the name, description, and subnets in the subnet group. + properties: + dbSubnetGroupARN: + type: string + dbSubnetGroupDescription: + type: string + dbSubnetGroupName: + type: string + subnetGroupStatus: + type: string + subnets: + items: + description: |- + This data type is used as a response element for the DescribeDBSubnetGroups + operation. + properties: + subnetAvailabilityZone: + description: |- + Contains Availability Zone information. + + + This data type is used as an element in the OrderableDBInstanceOption data + type. + properties: + name: + type: string + type: object + subnetIdentifier: + type: string + subnetOutpost: + description: |- + A data type that represents an Outpost. + + + For more information about RDS on Outposts, see Amazon RDS on Amazon Web + Services Outposts (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-on-outposts.html) + in the Amazon RDS User Guide. + properties: + arn: + type: string + type: object + subnetStatus: + type: string + type: object + type: array + supportedNetworkTypes: + items: + type: string + type: array + vpcID: + type: string + type: object + dbSystemID: + description: |- + The Oracle system ID (Oracle SID) for a container database (CDB). The Oracle + SID is also the name of the CDB. This setting is valid for RDS Custom only. + type: string + dbiResourceID: + description: |- + The Amazon Web Services Region-unique, immutable identifier for the DB instance. + This identifier is found in Amazon Web Services CloudTrail log entries whenever + the Amazon Web Services KMS key for the DB instance is accessed. + type: string + domainMemberships: + description: The Active Directory Domain membership records associated + with the DB instance. + items: + description: |- + An Active Directory Domain membership record associated with the DB instance + or cluster. + properties: + domain: + type: string + fQDN: + type: string + iamRoleName: + type: string + status: + type: string + type: object + type: array + enabledCloudwatchLogsExports: + description: |- + A list of log types that this DB instance is configured to export to CloudWatch + Logs. + + + Log types vary by DB engine. For information about the log types for each + DB engine, see Amazon RDS Database Log Files (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.html) + in the Amazon RDS User Guide. + items: + type: string + type: array + endpoint: + description: |- + Specifies the connection endpoint. + + + The endpoint might not be shown for instances whose status is creating. + properties: + address: + type: string + hostedZoneID: + type: string + port: + format: int64 + type: integer + type: object + enhancedMonitoringResourceARN: + description: |- + The Amazon Resource Name (ARN) of the Amazon CloudWatch Logs log stream that + receives the Enhanced Monitoring metrics data for the DB instance. + type: string + iamDatabaseAuthenticationEnabled: + description: |- + True if mapping of Amazon Web Services Identity and Access Management (IAM) + accounts to database accounts is enabled, and otherwise false. + + + IAM database authentication can be enabled for the following database engines + + + * For MySQL 5.6, minor version 5.6.34 or higher + + + * For MySQL 5.7, minor version 5.7.16 or higher + + + * Aurora 5.6 or higher. To enable IAM database authentication for Aurora, + see DBCluster Type. + type: boolean + instanceCreateTime: + description: Provides the date and time the DB instance was created. + format: date-time + type: string + latestRestorableTime: + description: |- + Specifies the latest time to which a database can be restored with point-in-time + restore. + format: date-time + type: string + listenerEndpoint: + description: Specifies the listener connection endpoint for SQL Server + Always On. + properties: + address: + type: string + hostedZoneID: + type: string + port: + format: int64 + type: integer + type: object + masterUserSecret: + description: |- + Contains the secret managed by RDS in Amazon Web Services Secrets Manager + for the master user password. + + + For more information, see Password management with Amazon Web Services Secrets + Manager (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html) + in the Amazon RDS User Guide. + properties: + kmsKeyID: + type: string + secretARN: + type: string + secretStatus: + type: string + type: object + optionGroupMemberships: + description: Provides the list of option group memberships for this + DB instance. + items: + description: Provides information on the option groups the DB instance + is a member of. + properties: + optionGroupName: + type: string + status: + type: string + type: object + type: array + pendingModifiedValues: + description: |- + A value that specifies that changes to the DB instance are pending. This + element is only included when changes are pending. Specific changes are identified + by subelements. + properties: + allocatedStorage: + format: int64 + type: integer + automationMode: + type: string + backupRetentionPeriod: + format: int64 + type: integer + caCertificateIdentifier: + type: string + dbInstanceClass: + type: string + dbInstanceIdentifier: + type: string + dbSubnetGroupName: + type: string + engineVersion: + type: string + iamDatabaseAuthenticationEnabled: + type: boolean + iops: + format: int64 + type: integer + licenseModel: + type: string + masterUserPassword: + type: string + multiAZ: + type: boolean + pendingCloudwatchLogsExports: + description: |- + A list of the log types whose configuration is still pending. In other words, + these log types are in the process of being activated or deactivated. + properties: + logTypesToDisable: + items: + type: string + type: array + logTypesToEnable: + items: + type: string + type: array + type: object + port: + format: int64 + type: integer + processorFeatures: + items: + description: |- + Contains the processor features of a DB instance class. + + + To specify the number of CPU cores, use the coreCount feature name for the + Name parameter. To specify the number of threads per core, use the threadsPerCore + feature name for the Name parameter. + + + You can set the processor features of the DB instance class for a DB instance + when you call one of the following actions: + + + - CreateDBInstance + + + - ModifyDBInstance + + + - RestoreDBInstanceFromDBSnapshot + + + - RestoreDBInstanceFromS3 + + + - RestoreDBInstanceToPointInTime + + + You can view the valid processor values for a particular instance class by + calling the DescribeOrderableDBInstanceOptions action and specifying the + instance class for the DBInstanceClass parameter. + + + In addition, you can use the following actions for DB instance class processor + information: + + + - DescribeDBInstances + + + - DescribeDBSnapshots + + + - DescribeValidDBInstanceModifications + + + If you call DescribeDBInstances, ProcessorFeature returns non-null values + only if the following conditions are met: + + + - You are accessing an Oracle DB instance. + + + - Your Oracle DB instance class supports configuring the number of CPU + cores and threads per core. + + + - The current number CPU cores and threads is set to a non-default value. + + + For more information, see Configuring the Processor of the DB Instance Class + (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html#USER_ConfigureProcessor) + in the Amazon RDS User Guide. + properties: + name: + type: string + value: + type: string + type: object + type: array + resumeFullAutomationModeTime: + format: date-time + type: string + storageThroughput: + format: int64 + type: integer + storageType: + type: string + type: object + readReplicaDBClusterIdentifiers: + description: |- + Contains one or more identifiers of Aurora DB clusters to which the RDS DB + instance is replicated as a read replica. For example, when you create an + Aurora read replica of an RDS for MySQL DB instance, the Aurora MySQL DB + cluster for the Aurora read replica is shown. This output doesn't contain + information about cross-Region Aurora read replicas. + + + Currently, each RDS DB instance can have only one Aurora read replica. + items: + type: string + type: array + readReplicaDBInstanceIdentifiers: + description: |- + Contains one or more identifiers of the read replicas associated with this + DB instance. + items: + type: string + type: array + readReplicaSourceDBClusterIdentifier: + description: |- + Contains the identifier of the source DB cluster if this DB instance is a + read replica. + type: string + readReplicaSourceDBInstanceIdentifier: + description: |- + Contains the identifier of the source DB instance if this DB instance is + a read replica. + type: string + resumeFullAutomationModeTime: + description: |- + The number of minutes to pause the automation. When the time period ends, + RDS Custom resumes full automation. The minimum value is 60 (default). The + maximum value is 1,440. + format: date-time + type: string + secondaryAvailabilityZone: + description: |- + If present, specifies the name of the secondary Availability Zone for a DB + instance with multi-AZ support. + type: string + statusInfos: + description: |- + The status of a read replica. If the instance isn't a read replica, this + is blank. + items: + description: Provides a list of status information for a DB instance. + properties: + message: + type: string + normal: + type: boolean + status: + type: string + statusType: + type: string + type: object + type: array + vpcSecurityGroups: + description: |- + Provides a list of VPC security group elements that the DB instance belongs + to. + items: + description: |- + This data type is used as a response element for queries on VPC security + group membership. + properties: + status: + type: string + vpcSecurityGroupID: + type: string + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/internal/configure-pipeline/dependencies/rds.services.k8s.aws_dbparametergroups.yaml b/internal/configure-pipeline/dependencies/rds.services.k8s.aws_dbparametergroups.yaml new file mode 100644 index 0000000..84048ca --- /dev/null +++ b/internal/configure-pipeline/dependencies/rds.services.k8s.aws_dbparametergroups.yaml @@ -0,0 +1,278 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: dbparametergroups.rds.services.k8s.aws +spec: + group: rds.services.k8s.aws + names: + kind: DBParameterGroup + listKind: DBParameterGroupList + plural: dbparametergroups + singular: dbparametergroup + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: DBParameterGroup is the Schema for the DBParameterGroups API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + DBParameterGroupSpec defines the desired state of DBParameterGroup. + + + Contains the details of an Amazon RDS DB parameter group. + + + This data type is used as a response element in the DescribeDBParameterGroups + action. + properties: + description: + description: The description for the DB parameter group. + type: string + family: + description: |- + The DB parameter group family name. A DB parameter group can be associated + with one and only one DB parameter group family, and can be applied only + to a DB instance running a database engine and engine version compatible + with that DB parameter group family. + + + To list all of the available parameter group families for a DB engine, use + the following command: + + + aws rds describe-db-engine-versions --query "DBEngineVersions[].DBParameterGroupFamily" + --engine + + + For example, to list all of the available parameter group families for the + MySQL DB engine, use the following command: + + + aws rds describe-db-engine-versions --query "DBEngineVersions[].DBParameterGroupFamily" + --engine mysql + + + The output contains duplicates. + + + The following are the valid DB engine values: + + + - aurora (for MySQL 5.6-compatible Aurora) + + + - aurora-mysql (for MySQL 5.7-compatible and MySQL 8.0-compatible Aurora) + + + - aurora-postgresql + + + - mariadb + + + - mysql + + + - oracle-ee + + + - oracle-ee-cdb + + + - oracle-se2 + + + - oracle-se2-cdb + + + - postgres + + + - sqlserver-ee + + + - sqlserver-se + + + - sqlserver-ex + + + - sqlserver-web + type: string + name: + description: |- + The name of the DB parameter group. + + + Constraints: + + + - Must be 1 to 255 letters, numbers, or hyphens. + + + - First character must be a letter + + + - Can't end with a hyphen or contain two consecutive hyphens + + + This value is stored as a lowercase string. + type: string + parameterOverrides: + additionalProperties: + type: string + type: object + tags: + description: Tags to assign to the DB parameter group. + items: + description: |- + Metadata assigned to an Amazon RDS resource consisting of a key-value pair. + + + For more information, see Tagging Amazon RDS Resources (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html) + in the Amazon RDS User Guide. + properties: + key: + type: string + value: + type: string + type: object + type: array + required: + - description + - family + - name + type: object + status: + description: DBParameterGroupStatus defines the observed state of DBParameterGroup + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + parameterOverrideStatuses: + description: A list of Parameter values. + items: + description: |- + This data type is used as a request parameter in the ModifyDBParameterGroup + and ResetDBParameterGroup actions. + + + This data type is used as a response element in the DescribeEngineDefaultParameters + and DescribeDBParameters actions. + properties: + allowedValues: + type: string + applyMethod: + type: string + applyType: + type: string + dataType: + type: string + description: + type: string + isModifiable: + type: boolean + minimumEngineVersion: + type: string + parameterName: + type: string + parameterValue: + type: string + source: + type: string + supportedEngineModes: + items: + type: string + type: array + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/internal/configure-pipeline/dependencies/rds.services.k8s.aws_dbproxies.yaml b/internal/configure-pipeline/dependencies/rds.services.k8s.aws_dbproxies.yaml new file mode 100644 index 0000000..1c31e09 --- /dev/null +++ b/internal/configure-pipeline/dependencies/rds.services.k8s.aws_dbproxies.yaml @@ -0,0 +1,247 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: dbproxies.rds.services.k8s.aws +spec: + group: rds.services.k8s.aws + names: + kind: DBProxy + listKind: DBProxyList + plural: dbproxies + singular: dbproxy + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: DBProxy is the Schema for the DBProxies API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + DBProxySpec defines the desired state of DBProxy. + + + The data structure representing a proxy managed by the RDS Proxy. + + + This data type is used as a response element in the DescribeDBProxies action. + properties: + auth: + description: The authorization mechanism that the proxy uses. + items: + description: |- + Specifies the details of authentication used by a proxy to log in as a specific + database user. + properties: + authScheme: + type: string + clientPasswordAuthType: + type: string + description: + type: string + iamAuth: + type: string + secretARN: + type: string + userName: + type: string + type: object + type: array + debugLogging: + description: |- + Whether the proxy includes detailed information about SQL statements in its + logs. This information helps you to debug issues involving SQL behavior or + the performance and scalability of the proxy connections. The debug information + includes the text of SQL statements that you submit through the proxy. Thus, + only enable this setting when needed for debugging, and only when you have + security measures in place to safeguard any sensitive information that appears + in the logs. + type: boolean + engineFamily: + description: |- + The kinds of databases that the proxy can connect to. This value determines + which database network protocol the proxy recognizes when it interprets network + traffic to and from the database. For Aurora MySQL, RDS for MariaDB, and + RDS for MySQL databases, specify MYSQL. For Aurora PostgreSQL and RDS for + PostgreSQL databases, specify POSTGRESQL. For RDS for Microsoft SQL Server, + specify SQLSERVER. + type: string + idleClientTimeout: + description: |- + The number of seconds that a connection to the proxy can be inactive before + the proxy disconnects it. You can set this value higher or lower than the + connection timeout limit for the associated database. + format: int64 + type: integer + name: + description: |- + The identifier for the proxy. This name must be unique for all proxies owned + by your Amazon Web Services account in the specified Amazon Web Services + Region. An identifier must begin with a letter and must contain only ASCII + letters, digits, and hyphens; it can't end with a hyphen or contain two consecutive + hyphens. + type: string + requireTLS: + description: |- + A Boolean parameter that specifies whether Transport Layer Security (TLS) + encryption is required for connections to the proxy. By enabling this setting, + you can enforce encrypted TLS connections to the proxy. + type: boolean + roleARN: + description: |- + The Amazon Resource Name (ARN) of the IAM role that the proxy uses to access + secrets in Amazon Web Services Secrets Manager. + type: string + tags: + description: |- + An optional set of key-value pairs to associate arbitrary data of your choosing + with the proxy. + items: + description: |- + Metadata assigned to an Amazon RDS resource consisting of a key-value pair. + + + For more information, see Tagging Amazon RDS Resources (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html) + in the Amazon RDS User Guide. + properties: + key: + type: string + value: + type: string + type: object + type: array + vpcSecurityGroupIDs: + description: One or more VPC security group IDs to associate with + the new proxy. + items: + type: string + type: array + vpcSubnetIDs: + description: One or more VPC subnet IDs to associate with the new + proxy. + items: + type: string + type: array + required: + - auth + - engineFamily + - name + - roleARN + - vpcSubnetIDs + type: object + status: + description: DBProxyStatus defines the observed state of DBProxy + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + createdDate: + description: The date and time when the proxy was first created. + format: date-time + type: string + endpoint: + description: |- + The endpoint that you can use to connect to the DB proxy. You include the + endpoint value in the connection string for a database client application. + type: string + status: + description: |- + The current status of this proxy. A status of available means the proxy is + ready to handle requests. Other values indicate that you must wait for the + proxy to be ready, or take some action to resolve an issue. + type: string + updatedDate: + description: The date and time when the proxy was last updated. + format: date-time + type: string + vpcID: + description: Provides the VPC ID of the DB proxy. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/internal/configure-pipeline/dependencies/rds.services.k8s.aws_dbsubnetgroups.yaml b/internal/configure-pipeline/dependencies/rds.services.k8s.aws_dbsubnetgroups.yaml new file mode 100644 index 0000000..8852e53 --- /dev/null +++ b/internal/configure-pipeline/dependencies/rds.services.k8s.aws_dbsubnetgroups.yaml @@ -0,0 +1,253 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: dbsubnetgroups.rds.services.k8s.aws +spec: + group: rds.services.k8s.aws + names: + kind: DBSubnetGroup + listKind: DBSubnetGroupList + plural: dbsubnetgroups + singular: dbsubnetgroup + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: DBSubnetGroup is the Schema for the DBSubnetGroups API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + DBSubnetGroupSpec defines the desired state of DBSubnetGroup. + + + Contains the details of an Amazon RDS DB subnet group. + + + This data type is used as a response element in the DescribeDBSubnetGroups + action. + properties: + description: + description: The description for the DB subnet group. + type: string + name: + description: |- + The name for the DB subnet group. This value is stored as a lowercase string. + + + Constraints: + + + - Must contain no more than 255 letters, numbers, periods, underscores, + spaces, or hyphens. + + + - Must not be default. + + + - First character must be a letter. + + + Example: mydbsubnetgroup + type: string + subnetIDs: + description: The EC2 Subnet IDs for the DB subnet group. + items: + type: string + type: array + subnetRefs: + items: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: + type: string + type: object + type: object + type: array + tags: + description: Tags to assign to the DB subnet group. + items: + description: |- + Metadata assigned to an Amazon RDS resource consisting of a key-value pair. + + + For more information, see Tagging Amazon RDS Resources (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Tagging.html) + in the Amazon RDS User Guide. + properties: + key: + type: string + value: + type: string + type: object + type: array + required: + - description + - name + type: object + status: + description: DBSubnetGroupStatus defines the observed state of DBSubnetGroup + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + subnetGroupStatus: + description: Provides the status of the DB subnet group. + type: string + subnets: + description: Contains a list of Subnet elements. + items: + description: |- + This data type is used as a response element for the DescribeDBSubnetGroups + operation. + properties: + subnetAvailabilityZone: + description: |- + Contains Availability Zone information. + + + This data type is used as an element in the OrderableDBInstanceOption data + type. + properties: + name: + type: string + type: object + subnetIdentifier: + type: string + subnetOutpost: + description: |- + A data type that represents an Outpost. + + + For more information about RDS on Outposts, see Amazon RDS on Amazon Web + Services Outposts (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-on-outposts.html) + in the Amazon RDS User Guide. + properties: + arn: + type: string + type: object + subnetStatus: + type: string + type: object + type: array + supportedNetworkTypes: + description: |- + The network type of the DB subnet group. + + + Valid values: + + + * IPV4 + + + * DUAL + + + A DBSubnetGroup can support only the IPv4 protocol or the IPv4 and the IPv6 + protocols (DUAL). + + + For more information, see Working with a DB instance in a VPC (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html) + in the Amazon RDS User Guide. + items: + type: string + type: array + vpcID: + description: Provides the VpcId of the DB subnet group. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/internal/configure-pipeline/dependencies/rds.services.k8s.aws_globalclusters.yaml b/internal/configure-pipeline/dependencies/rds.services.k8s.aws_globalclusters.yaml new file mode 100644 index 0000000..394551e --- /dev/null +++ b/internal/configure-pipeline/dependencies/rds.services.k8s.aws_globalclusters.yaml @@ -0,0 +1,194 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: globalclusters.rds.services.k8s.aws +spec: + group: rds.services.k8s.aws + names: + kind: GlobalCluster + listKind: GlobalClusterList + plural: globalclusters + singular: globalcluster + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: GlobalCluster is the Schema for the GlobalClusters API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + GlobalClusterSpec defines the desired state of GlobalCluster. + + + A data type representing an Aurora global database. + properties: + databaseName: + description: |- + The name for your database of up to 64 alphanumeric characters. If you do + not provide a name, Amazon Aurora will not create a database in the global + database cluster you are creating. + type: string + deletionProtection: + description: |- + The deletion protection setting for the new global database. The global database + can't be deleted when deletion protection is enabled. + type: boolean + engine: + description: The name of the database engine to be used for this DB + cluster. + type: string + engineVersion: + description: The engine version of the Aurora global database. + type: string + globalClusterIdentifier: + description: The cluster identifier of the new global database cluster. + type: string + sourceDBClusterIdentifier: + description: |- + The Amazon Resource Name (ARN) to use as the primary cluster of the global + database. This parameter is optional. + type: string + storageEncrypted: + description: The storage encryption setting for the new global database + cluster. + type: boolean + type: object + status: + description: GlobalClusterStatus defines the observed state of GlobalCluster + properties: + ackResourceMetadata: + description: |- + All CRs managed by ACK have a common `Status.ACKResourceMetadata` member + that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: |- + ARN is the Amazon Resource Name for the resource. This is a + globally-unique identifier and is set only by the ACK service controller + once the controller has orchestrated the creation of the resource OR + when it has verified that an "adopted" resource (a resource where the + ARN annotation was set by the Kubernetes user on the CR) exists and + matches the supplied CR's Spec field values. + TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270 + type: string + ownerAccountID: + description: |- + OwnerAccountID is the AWS Account ID of the account that owns the + backend AWS service API resource. + type: string + region: + description: Region is the AWS region in which the resource exists + or will exist. + type: string + required: + - ownerAccountID + - region + type: object + conditions: + description: |- + All CRS managed by ACK have a common `Status.Conditions` member that + contains a collection of `ackv1alpha1.Condition` objects that describe + the various terminal states of the CR and its backend AWS service API + resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + failoverState: + description: |- + A data object containing all properties for the current state of an in-process + or pending failover process for this Aurora global database. This object + is empty unless the FailoverGlobalCluster API operation has been called on + this Aurora global database (GlobalCluster). + properties: + fromDBClusterARN: + type: string + status: + type: string + toDBClusterARN: + type: string + type: object + globalClusterMembers: + description: The list of primary and secondary clusters within the + global database cluster. + items: + description: |- + A data structure with information about any primary and secondary clusters + associated with an Aurora global database. + properties: + dbClusterARN: + type: string + globalWriteForwardingStatus: + type: string + isWriter: + type: boolean + readers: + items: + type: string + type: array + type: object + type: array + globalClusterResourceID: + description: |- + The Amazon Web Services Region-unique, immutable identifier for the global + database cluster. This identifier is found in Amazon Web Services CloudTrail + log entries whenever the Amazon Web Services KMS key for the DB cluster is + accessed. + type: string + status: + description: Specifies the current state of this global database cluster. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/internal/configure-pipeline/dependencies/services.k8s.aws_adoptedresources.yaml b/internal/configure-pipeline/dependencies/services.k8s.aws_adoptedresources.yaml new file mode 100644 index 0000000..65eff73 --- /dev/null +++ b/internal/configure-pipeline/dependencies/services.k8s.aws_adoptedresources.yaml @@ -0,0 +1,254 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: adoptedresources.services.k8s.aws +spec: + group: services.k8s.aws + names: + kind: AdoptedResource + listKind: AdoptedResourceList + plural: adoptedresources + singular: adoptedresource + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: AdoptedResource is the schema for the AdoptedResource API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: AdoptedResourceSpec defines the desired state of the AdoptedResource. + properties: + aws: + description: AWSIdentifiers provide all unique ways to reference an + AWS resource. + properties: + additionalKeys: + additionalProperties: + type: string + description: |- + AdditionalKeys represents any additional arbitrary identifiers used when + describing the target resource. + type: object + arn: + description: |- + ARN is the AWS Resource Name for the resource. It is a globally + unique identifier. + type: string + nameOrID: + description: |- + NameOrId is a user-supplied string identifier for the resource. It may + or may not be globally unique, depending on the type of resource. + type: string + type: object + kubernetes: + description: |- + ResourceWithMetadata provides the values necessary to create a + Kubernetes resource and override any of its metadata values. + properties: + group: + type: string + kind: + type: string + metadata: + description: |- + ObjectMeta is metadata that all persisted resources must have, which includes all objects + users must create. + It is not possible to use `metav1.ObjectMeta` inside spec, as the controller-gen + automatically converts this to an arbitrary string-string map. + https://github.com/kubernetes-sigs/controller-tools/issues/385 + + + Active discussion about inclusion of this field in the spec is happening in this PR: + https://github.com/kubernetes-sigs/controller-tools/pull/395 + + + Until this is allowed, or if it never is, we will produce a subset of the object meta + that contains only the fields which the user is allowed to modify in the metadata. + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + generateName: + description: |- + GenerateName is an optional prefix, used by the server, to generate a unique + name ONLY IF the Name field has not been provided. + If this field is used, the name returned to the client will be different + than the name passed. This value will also be combined with a unique suffix. + The provided value has the same validation rules as the Name field, + and may be truncated by the length of the suffix required to make the value + unique on the server. + + + If this field is specified and the generated name exists, the server will + NOT return a 409 - instead, it will either return 201 Created or 500 with Reason + ServerTimeout indicating a unique name could not be found in the time allotted, and the client + should retry (optionally after the time indicated in the Retry-After header). + + + Applied only if Name is not specified. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency + type: string + labels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + name: + description: |- + Name must be unique within a namespace. Is required when creating resources, although + some resources may allow a client to request the generation of an appropriate name + automatically. Name is primarily intended for creation idempotence and configuration + definition. + Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/identifiers#names + type: string + namespace: + description: |- + Namespace defines the space within each name must be unique. An empty namespace is + equivalent to the "default" namespace, but "default" is the canonical representation. + Not all objects are required to be scoped to a namespace - the value of this field for + those objects will be empty. + + + Must be a DNS_LABEL. + Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/namespaces + type: string + ownerReferences: + description: |- + List of objects depended by this object. If ALL objects in the list have + been deleted, this object will be garbage collected. If this object is managed by a controller, + then an entry in this list will point to this controller, with the controller field set to true. + There cannot be more than one managing controller. + items: + description: |- + OwnerReference contains enough information to let you identify an owning + object. An owning object must be in the same namespace as the dependent, or + be cluster-scoped, so there is no namespace field. + properties: + apiVersion: + description: API version of the referent. + type: string + blockOwnerDeletion: + description: |- + If true, AND if the owner has the "foregroundDeletion" finalizer, then + the owner cannot be deleted from the key-value store until this + reference is removed. + See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion + for how the garbage collector interacts with this field and enforces the foreground deletion. + Defaults to false. + To set this field, a user needs "delete" permission of the owner, + otherwise 422 (Unprocessable Entity) will be returned. + type: boolean + controller: + description: If true, this reference points to the managing + controller. + type: boolean + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids + type: string + required: + - apiVersion + - kind + - name + - uid + type: object + x-kubernetes-map-type: atomic + type: array + type: object + required: + - group + - kind + type: object + required: + - aws + - kubernetes + type: object + status: + description: AdoptedResourceStatus defines the observed status of the + AdoptedResource. + properties: + conditions: + description: |- + A collection of `ackv1alpha1.Condition` objects that describe the various + terminal states of the adopted resource CR and its target custom resource + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + required: + - conditions + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/internal/configure-pipeline/dependencies/services.k8s.aws_fieldexports.yaml b/internal/configure-pipeline/dependencies/services.k8s.aws_fieldexports.yaml new file mode 100644 index 0000000..4d3a8f1 --- /dev/null +++ b/internal/configure-pipeline/dependencies/services.k8s.aws_fieldexports.yaml @@ -0,0 +1,144 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: fieldexports.services.k8s.aws +spec: + group: services.k8s.aws + names: + kind: FieldExport + listKind: FieldExportList + plural: fieldexports + singular: fieldexport + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: FieldExport is the schema for the FieldExport API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: FieldExportSpec defines the desired state of the FieldExport. + properties: + from: + description: |- + ResourceFieldSelector provides the values necessary to identify an individual + field on an individual K8s resource. + properties: + path: + type: string + resource: + description: |- + NamespacedResource provides all the values necessary to identify an ACK + resource of a given type (within the same namespace as the custom resource + containing this type). + properties: + group: + type: string + kind: + type: string + name: + type: string + required: + - group + - kind + - name + type: object + required: + - path + - resource + type: object + to: + description: |- + FieldExportTarget provides the values necessary to identify the + output path for a field export. + properties: + key: + description: Key overrides the default value (`.`) + for the FieldExport target + type: string + kind: + description: |- + FieldExportOutputType represents all types that can be produced by a field + export operation + enum: + - configmap + - secret + type: string + name: + type: string + namespace: + description: Namespace is marked as optional, so we cannot compose + `NamespacedName` + type: string + required: + - kind + - name + type: object + required: + - from + - to + type: object + status: + description: FieldExportStatus defines the observed status of the FieldExport. + properties: + conditions: + description: |- + A collection of `ackv1alpha1.Condition` objects that describe the various + recoverable states of the field CR + items: + description: |- + Condition is the common struct used by all CRDs managed by ACK service + controllers to indicate terminal states of the CR and its backend AWS + service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + required: + - conditions + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/internal/configure-pipeline/execute-pipeline b/internal/configure-pipeline/execute-pipeline new file mode 100644 index 0000000..c6b56db --- /dev/null +++ b/internal/configure-pipeline/execute-pipeline @@ -0,0 +1,31 @@ +#!/usr/bin/env sh + +set -eux + +if [ "$KRATIX_WORKFLOW_TYPE" = "promise" ]; then + + echo "Executing promise workflow" + cp /tmp/transfer/dependencies/* /kratix/output/ + +elif [ "$KRATIX_WORKFLOW_TYPE" = "resource" ]; then + + echo "Executing resource workflow" +# base_instance="/tmp/transfer/resources/flink-basic.yaml" +# +# # Read current values from the provided resource request +# name="$(yq eval '.spec.name' /kratix/input/object.yaml)" +# namespace="$(yq eval '.spec.namespace // "default"' /kratix/input/object.yaml)" +# +# # Replace defaults with user provided values +# cat ${base_instance} | +# yq eval " +# .metadata.namespace = \"${namespace}\" | +# .metadata.name = \"${name}\" +# " - > /kratix/output/flink-instance.yaml + +else + + echo "Error: Unknown workflow. Exiting with error" + exit 1 + +fi \ No newline at end of file diff --git a/internal/configure-pipeline/resources/rds-postgresql.yaml b/internal/configure-pipeline/resources/rds-postgresql.yaml new file mode 100644 index 0000000..45efa6b --- /dev/null +++ b/internal/configure-pipeline/resources/rds-postgresql.yaml @@ -0,0 +1,15 @@ +apiVersion: rds.services.k8s.aws/v1alpha1 +kind: DBInstance +metadata: + name: "test-postgres-instance" +spec: + allocatedStorage: 20 + dbInstanceClass: db.t4g.micro + dbInstanceIdentifier: "test-postgres-instance" + engine: postgres + engineVersion: "14" + masterUsername: "postgres" + masterUserPassword: + namespace: default + name: "test-postgres-instance-password" + key: password \ No newline at end of file diff --git a/internal/scripts/pipeline-image.sh b/internal/scripts/pipeline-image.sh new file mode 100755 index 0000000..6d731c1 --- /dev/null +++ b/internal/scripts/pipeline-image.sh @@ -0,0 +1,42 @@ +#!/usr/bin/env bash + +set -e + +PWD="$(cd "$(dirname "$0")"/.. && pwd)" + +promise_name="aws-rds" +pipeline_image="opencredo/promise-${promise_name}/${promise_name}-configure-pipeline:v0.1.0" + +while [ $# -gt 0 ]; do + case "$1" in + build) + docker build buildx \ + --tag "${pipeline_image}" \ + --platform linux/amd64 \ + --load \ + "${PWD}/configure-pipeline" + ;; + + load) + kind load docker-image "${pipeline_image}" --name platform + ;; + + push) + docker push "${pipeline_image}" + ;; + + rmi) + docker rmi --force "${pipeline_image}" + ;; + + pull) + docker pull "${pipeline_image}" + ;; + + *) + echo "unknown command $1" + exit 1 + ;; + esac + shift +done diff --git a/promise.yaml b/promise.yaml new file mode 100644 index 0000000..f95cd30 --- /dev/null +++ b/promise.yaml @@ -0,0 +1,62 @@ +apiVersion: platform.kratix.io/v1alpha1 +kind: Promise +metadata: + name: aws-rds +spec: + api: + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + name: awsrds.example.promise.syntasso.io + spec: + group: example.promise.syntasso.io + names: + kind: AWSRDS + plural: awsrds + singular: awsrds + shortNames: + - awsrds + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + namespace: + default: default + description: Kubernetes namespace to create aws rds instance. + type: string + name: + type: string + description: AWS RDS instance name + workflows: + promise: + configure: + - apiVersion: platform.kratix.io/v1alpha1 + kind: Pipeline + metadata: + name: promise-configure + namespace: default + spec: + containers: + - image: 533267353680.dkr.ecr.eu-west-2.amazonaws.com/aws-rds-configure-pipeline:v0.1.0 + name: aws-rds-promise-pipeline + imagePullPolicy: Always + resource: + configure: + - apiVersion: platform.kratix.io/v1alpha1 + kind: Pipeline + metadata: + name: instance-configure + namespace: default + spec: + containers: + - image: 533267353680.dkr.ecr.eu-west-2.amazonaws.com/aws-rds-configure-pipeline:v0.1.0 + name: aws-rds-instance-promise-pipeline + imagePullPolicy: Always \ No newline at end of file