Spec schema
UserDefinedAuthenticationSpec defines the desired state of UserDefinedAuthentication.
dbclusterRef: string
keytabSecretRef: string
pgHbaEntries:
- string
pgIdentEntries:
- string
ldapConfiguration:
cacheTTLSeconds: integer
enableGroupMapping: boolean
enableLdapOptReferrals: boolean
ldapBaseDN: string
ldapBindDN: string
ldapBindPasswordSecretRef:
name: string
ldapURI: string
ldapsCertificateSecretRef:
name: string
Field TypeRequired or optional |
Description |
|---|---|
dbclusterRef
| |
objectRequired | DBClusterRef is a reference to the target DBCluster in the same namespace to which these authentication settings apply. |
dbclusterRef.name
| |
stringRequired | Name of the referent. For more information, see Names. |
keytabSecretRef
| |
objectRequired | KeytabSecretRef is a reference to the Secret resource in the same namespace containing the Kerberos keytab file. The Secret must have a data field named 'krb5.keytab'. |
keytabSecretRef.name
| |
stringRequired | Name of the referent. For more information, see Names. |
pgHbaEntries
| |
list (string)Required | PgHbaEntries is a list of pg_hba.conf entries that will be applied to the target DBCluster for this authentication method. Each string in the list represents a separate line in the pg_hba.conf file. |
pgIdentEntries
| |
list (string)Optional | PgIdentEntries is an optional list of pg_ident.conf entries (user name maps) that will be applied to the target DBCluster. Each string in the list represents a separate line in the pg_ident.conf file. |
ldapConfiguration
| |
objectOptional | LDAPConfiguration holds the settings for group mapping. These settings configure the google_pg_auth extension to perform LDAP lookups for AD group synchronization after a successful GSSAPI login. |
ldapConfiguration.cacheTTLSeconds
| |
integerOptional | CacheTTLSeconds is the time-to-live for the user-to-group mapping cache in seconds. |
ldapConfiguration.enableGroupMapping
| |
booleanOptional | EnableGroupMapping is the switch to turn the AD group synchronization feature on or off. |
ldapConfiguration.enableLdapOptReferrals
| |
booleanOptional | EnableLdapOptReferrals determines whether to enable the LDAP referrals option. |
ldapConfiguration.ldapBaseDN
| |
stringOptional | LDAPBaseDN is the Base Distinguished Name for LDAP searches. e.g., "DC=my-corp,DC=com" |
ldapConfiguration.ldapBindDN
| |
stringOptional | LDAPBindDN is the Distinguished Name to bind as for the LDAP search. This is the service account user that will perform the group lookups. e.g., "setupadmin@ad-controller.my-corp.com" |
ldapConfiguration.ldapBindPasswordSecretRef
| |
objectOptional | LDAPBindPasswordSecretRef is a reference to the Secret in the same namespace that contains the password for the LDAP bind user. The Secret must have a data field named 'password'. |
ldapConfiguration.ldapBindPasswordSecretRef.name
| |
stringOptional | Name of the referent. For more information, see Names. |
ldapConfiguration.ldapURI
| |
stringOptional | LDAPURI is the URI for the LDAPS or LDAP server. e.g., "ldap://ad-controller.my-corp.com" |
ldapConfiguration.ldapsCertificateSecretRef
| |
objectOptional | LDAPSCertificateSecretRef is an optional reference to the Secret in the same namespace that contains the CA certificate for LDAPS. The Secret must have a data field named 'ldap.crt'. |
ldapConfiguration.ldapsCertificateSecretRef.name
| |
stringOptional | Name of the referent. For more information, see Names. |
Status schema
UserDefinedAuthenticationStatus defines the observed state of UserDefinedAuthentication.
conditions:
- lastTransitionTime: string
message: string
observedGeneration: integer
reason: string
status: string
type: string
criticalIncidents:
- code: string
createTime: string
message: string
messageTemplateParams: object
resource:
component: string
location:
cluster: string
group: string
kind: string
name: string
namespace: string
version: string
stackTrace:
- component: string
message: string
transientUntil: string
message: string
observedGeneration: integer
reconciled: boolean
state: string
Field TypeRequired or optional |
Description |
|---|---|
conditions[]
| |
objectOptional | Conditions represents the latest available observations of the entity's current state. |
conditions[].lastTransitionTime
| |
stringRequired | lastTransitionTime is the last time the condition transitioned from one status to another, which occurs when the underlying condition changed. If the time when the underlying condition changed is unknown, use the time when the API field changed. |
conditions[].message
| |
stringRequired | message is a human readable message indicating details about the transition. This can be an empty string. |
conditions[].observedGeneration
| |
integerOptional | observedGeneration represents the .metadata.generation that the condition was set based upon. For example, if .metadata.generation is 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. |
conditions[].reason
| |
stringRequired | reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types can define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value must be a CamelCase string. This field might not be empty. |
conditions[].status
| |
stringRequired | status of the condition, one of True, False, Unknown. |
conditions[].type
| |
stringRequired | type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available. Because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regular expression that it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt). |
criticalIncidents[]
| |
objectOptional | CriticalIncidents is a flat list of all active Critical Incidents. |
criticalIncidents[].code
| |
stringRequired |
Code is the error code of this particular error. Error codes are
DBSE+numeric strings, like DBSE1012.
|
criticalIncidents[].createTime
| |
stringRequired | CreateTime is the timestamp when this Incident was created at the origin. |
criticalIncidents[].message
| |
stringOptional | Message describes the incident or error that occurred. |
criticalIncidents[].messageTemplateParams
| |
objectOptional | MessageTemplateParams contains key-value pairs necessary for generating a user-friendly data-driven version of Message in the user interface. |
criticalIncidents[].resource
| |
objectRequired | Resource contains information about the Database Service component that reported the incident, as well as information about the Kubernetes resource. |
criticalIncidents[].resource.component
| |
stringRequired | Component is an internal identifier of the Database Service subsystem that reported the incident. |
criticalIncidents[].resource.location
| |
objectOptional | Location. |
criticalIncidents[].resource.location.cluster
| |
stringOptional | The name of the cluster of the affected Kubernetes resource. |
criticalIncidents[].resource.location.group
| |
stringOptional | The Group name of the Kubernetes resource. |
criticalIncidents[].resource.location.kind
| |
stringOptional | The Kind of the Kubernetes resource. |
criticalIncidents[].resource.location.name
| |
stringOptional | The name of the affected Kubernetes resource. |
criticalIncidents[].resource.location.namespace
| |
stringOptional | The namespace of the affected Kubernetes resource. |
criticalIncidents[].resource.location.version
| |
stringOptional | The Version of the Kubernetes resource. |
criticalIncidents[].stackTrace[]
| |
objectOptional | An unstructured list of messages from the stack trace. |
criticalIncidents[].stackTrace[].component
| |
stringOptional | The name of a Database Service component that logged the message. |
criticalIncidents[].stackTrace.message
| |
stringOptional | Logged message. |
criticalIncidents[].transientUntil
| |
stringOptional | TransientUntil, if present, indicates that the issue must be considered transient until the specified time. |
message
| |
stringOptional | Message provides a human-readable message detailing the current state or any errors. |
observedGeneration
| |
integerOptional | Internal: The generation observed by the controller. |
reconciled
| |
booleanOptional | Internal: Whether the resource was reconciled by the controller. |
state
| |
stringOptional | State represents the current state of the UserDefinedAuthentication resource. The values are: `Processing`, `Ready`, `Failed`, and `Unknown`. |