Field | Default | Details |
|---|---|---|
metadata.name | <same-as-in-FEPCluster> | This value is inherited from parent FEPCluster CR |
metadata.namespace | <same-as-in-FEPCluster> | This value is inherited from parent FEPCluster CR |
spec.pgAdminPassword | spec.fepChildCrVal.users.pgAdminPassword of FEPCluster CR | postgres superuser password. Masked once secret is created/changed Note: initial values inherited once only at start. Changes to FEPUser directly |
spec.pgdb | spec.fepChildCrVal. users.pgdb of FEPCluster CR | Name of a user database Note: Created once only at start. Cannot be changed |
spec.pgpassword | spec.fepChildCrVal.users.pgpassword of FEPCluster CR | Password for superuser for user database pgdb. Masked once secret is created/changed Note: initial values inherited once only at start. Changes to FEPUser directly |
spec.pguser | spec.fepChildCrVal.users.pguser of FEPCluster CR | Name of a user database Note: Created once only at start. Cannot be changed |
spec.pgrepluser | spec.fepChildCrVal.users.pgrepluser of FEPCluster CR | Name of a database user for replication |
spec.pgreplpassword | spec.fepChildCrVal.users.pgreplpassword of FEPCluster CR | Password for pgrepluser |
spec.tdepassphrase | spec.fepChildCrVal.users.tdepassphrase of FEPCluster CR | Passphrase for encrypting/decrypting keystore file which contains the TDE encryption key |
spec.pgRewindUser | rewind_user | Database user for Rewind |
spec.pgRewindUserPassword | rewind_password | Password for database user rewinduser |
spec.pgMetricsUser | spec.fepChildCrVal.sysUsers.pgMetricsUser | Optional Refer to "1.2.1 FEPCluster Custom Resource Parameters" for details. |
spec.pgMetricsPassword | spec.fepChildCrVal.sysUsers.pgMetricsPassword | Optional Refer to "1.2.1 FEPCluster Custom Resource Parameters" for details. |
spec.pgAdminTls | spec.fepChildCrVal.sysUsers.pgAdminTls | Optional section Refer to "1.2.1 FEPCluster Custom Resource Parameters" for details. |
spec.pgrepluserTls | spec.fepChildCrVal.sysUsers.pgrepluserTls | Optional section Refer to "1.2.1 FEPCluster Custom Resource Parameters" for details. |
spec.pgRewindUserTls | spec.fepChildCrVal.sysUsers.pgRewindUserTls | Optional section Refer to "1.2.1 FEPCluster Custom Resource Parameters" for details. |
spec.pgMetricsUserTls | spec.fepChildCrVal.sysUsers.pgMetricsUserTls | Optional section Refer to "1.2.1 FEPCluster Custom Resource Parameters" for details. |
Example of FEPUser CR created
apiVersion: fep.fujitsu.io/v1
kind: FEPUser
metadata:
name: new-fep-19n
namespace: testswatiproject
spec:
pgAdminPassword: '***************'
pgdb: mydb
pgpassword: '***************'
pgreplpassword: '***************'
pgrepluser: repluser
pguser: mydbuser
tdepassphrase: '***************'
sysExtraLogging: false
pgRewindUser: rewind_user
pgRewindUserPassword: rewind_password
pgAdminTls:
certificateName: admin-client-certs-secret
caName: admin-ssl-rootcert-configmap
sslMode: prefer
pgrepluserTls:
certificateName: repluser-client-certs-secret
caName: repluser-ca-name-configmap
sslMode: prefer
pgRewindUserTls:
certificateName: rewinduser-client-certs-secret
caName: rewinduser-ca-name-configmap
sslMode: preferNote
Password and Passphrase are masked in output from CR. The original values can still be found in the respective Kubernetes secrets and configmaps.
TDE is enabled by default with given tdepassphrase and must have a value.
TDE is enabled by using the key tdepassphrase with the desired passphrase.Do not remove this key once TDE is enabled. Otherwise, the database may go into a crash loop. If the Cluster is running on Async Replication and a failover/switchover occured during the crash loop, there could be data lost. The team is looking at preventing the deletion of this passphrase from Operator even if customer tries to remove it in customer resource.
Database users and their passwords managed by the FEPUser CR should not be changed in the SQL interface. Inconsistencies with the information managed by the operator can cause problems with operator operation. If you make changes in the SQL interface, use the SQL interface again to restore the original state.