Mission Control Custom Resource Definition (CRD)

control.k8ssandra.io/v1alpha1

Resource Types:

K8ssandraTask

K8ssandraTask is the Schema for the k8ssandratasks API

Name Type Description Required

apiVersion

string

control.k8ssandra.io.v1alpha1

true

kind

string

K8ssandraTask

true

metadata

object

Refer to the Kubernetes API documentation for the fields of the metadata field.

true

spec

object

K8ssandraTaskSpec defines the desired state of K8ssandraTask

false

status

object

K8ssandraTaskStatus defines the observed state of K8ssandraTask

false

K8ssandraTask.spec

K8ssandraTaskSpec defines the desired state of K8ssandraTask

Name Type Description Required

cluster

object

Which K8ssandraCluster this task is operating on.

false

datacenters

[]string

The names of the targeted datacenters. If omitted, will default to all DCs in spec order.

false

dcConcurrencyPolicy

string

How to handle concurrency across DCs. Valid values are: - "Forbid" (default): sequential processing. The K8ssandraTask only spawns one CassandraTask at a time, which must run to completion before the CassandraTask for the next DC is created. If any CassandraTask fails, the K8ssandraTask is marked as failed, and the remaining CassandraTasks are cancelled (i.e. never created). - "Allow": parallel processing. The K8ssandraTask spawns all CassandraTasks at once. If any CassandraTask fails, the K8ssandraTask is marked as failed, but the remaining CassandraTasks finish running.

false

template

object

The characteristics of the CassandraTask that will get created for each DC.

false

K8ssandraTask.spec.cluster

Which K8ssandraCluster this task is operating on.

Name Type Description Required

apiVersion

string

API version of the referent.

false

fieldPath

string

If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.

false

kind

string

false

name

string

false

namespace

string

false

resourceVersion

string

false

uid

string

false

K8ssandraTask.spec.template

The characteristics of the CassandraTask that will get created for each DC.

Name Type Description Required

concurrencyPolicy

string

Specifics if this task can be run concurrently with other active tasks. Valid values are: - "Allow": allows multiple Tasks to run concurrently on Cassandra cluster - "Forbid" (default): only a single task is executed at once The "Allow" property is only valid if all the other active Tasks have "Allow" as well.

false

jobs

[]object

Jobs defines the jobs this task will execute (and their order)

false

restartPolicy

string

RestartPolicy indicates the behavior n case of failure. Default is Never.

false

scheduledTime

string

ScheduledTime indicates the earliest possible time this task is executed. This does not necessarily equal to the time it is actually executed (if other tasks are blocking for example). If not set, the task will be executed immediately.

  • Format: date-time

false

ttlSecondsAfterFinished

integer

TTLSecondsAfterFinished defines how long the completed job will kept before being cleaned up. If set to 0 the task will not be cleaned up by the cass-operator. If unset, the default time (86400s) is used.

  • Format: int32

false

K8ssandraTask.spec.template.jobs[index]

Name Type Description Required

command

string

Command defines what is run against Cassandra pods

true

name

string

true

args

object

Arguments are additional parameters for the command

false

K8ssandraTask.spec.template.jobs[index].args

Arguments are additional parameters for the command

Name Type Description Required

end_token

string

false

jobs

integer

false

keyspace_name

string

false

new_tokens

map[string]string

NewTokens is a map of pod names to their newly-assigned tokens. Required for the move command, ignored otherwise. Pods referenced in this map must exist; any existing pod not referenced in this map will not be moved.

false

no_snapshot

boolean

false

no_validate

boolean

Scrub arguments

false

pod_name

string

false

rack

string

false

skip_corrupted

boolean

false

source_datacenter

string

false

split_output

boolean

Compaction arguments

false

start_token

string

false

tables

[]string

false

K8ssandraTask.status

K8ssandraTaskStatus defines the observed state of K8ssandraTask

Name Type Description Required

active

integer

The number of actively running pods.

false

completionTime

string

Represents time when the job was completed. It is not guaranteed to be set in happens-before order across separate operations. It is represented in RFC3339 form and is in UTC. The completion time is only set when the job finishes successfully.

  • Format: date-time

false

conditions

[]object

The latest available observations of an object’s current state. When a Job fails, one of the conditions will have type "Failed" and status true. When a Job is suspended, one of the conditions will have type "Suspended" and status true; when the Job is resumed, the status of this condition will become false. When a Job is completed, one of the conditions will have type "Complete" and status true. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/

false

datacenters

map[string]object

The individual progress of the CassandraTask in each datacenter.

false

failed

integer

The number of pods which reached phase Failed.

false

startTime

string

Represents time when the job controller started processing a job. When a Job is created in the suspended state, this field is not set until the first time it is resumed. This field is reset every time a Job is resumed from suspension. It is represented in RFC3339 form and is in UTC.

  • Format: date-time

false

succeeded

integer

The number of pods which reached phase Succeeded.

false

K8ssandraTask.status.conditions[index]

Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example,

type FooStatus struct{
    // Represents the observations of a foo's current state.
    // Known .status.conditions.type are: "Available", "Progressing", and "Degraded"
    // +patchMergeKey=type
    // +patchStrategy=merge
    // +listType=map
    // +listMapKey=type
    Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"`
    // other fields
}
Name Type Description Required

lastTransitionTime

string

lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.

  • Format: date-time

true

message

string

message is a human readable message indicating details about the transition. This may be an empty string.

true

reason

string

reason contains a programmatic identifier indicating the reason for the condition’s last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.

true

status

enum

status of the condition, one of True, False, Unknown.

  • Enum: True, False, Unknown

true

type

string

type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)

true

observedGeneration

integer

observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.

  • Format: int64

  • Minimum: 0

false

K8ssandraTask.status.datacenters[key]

CassandraTaskStatus defines the observed state of CassandraJob

Name Type Description Required

active

integer

The number of actively running pods.

false

completionTime

string

Represents time when the job was completed. It is not guaranteed to be set in happens-before order across separate operations. It is represented in RFC3339 form and is in UTC. The completion time is only set when the job finishes successfully.

  • Format: date-time

false

conditions

[]object

The latest available observations of an object’s current state. When a Job fails, one of the conditions will have type "Failed" and status true. When a Job is suspended, one of the conditions will have type "Suspended" and status true; when the Job is resumed, the status of this condition will become false. When a Job is completed, one of the conditions will have type "Complete" and status true. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/

false

failed

integer

The number of pods which reached phase Failed.

false

startTime

string

Represents time when the job controller started processing a job. When a Job is created in the suspended state, this field is not set until the first time it is resumed. This field is reset every time a Job is resumed from suspension. It is represented in RFC3339 form and is in UTC.

  • Format: date-time

false

succeeded

integer

The number of pods which reached phase Succeeded.

false

K8ssandraTask.status.datacenters[key].conditions[index]

Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example,

type FooStatus struct{
    // Represents the observations of a foo's current state.
    // Known .status.conditions.type are: "Available", "Progressing", and "Degraded"
    // +patchMergeKey=type
    // +patchStrategy=merge
    // +listType=map
    // +listMapKey=type
    Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"`
    // other fields
}
Name Type Description Required

lastTransitionTime

string

lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.

  • Format: date-time

true

message

string

message is a human readable message indicating details about the transition. This may be an empty string.

true

reason

string

reason contains a programmatic identifier indicating the reason for the condition’s last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.

true

status

enum

status of the condition, one of True, False, Unknown.

  • Enum: True, False, Unknown

true

type

string

type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)

true

observedGeneration

integer

observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.

  • Format: int64

  • Minimum: 0

false

medusa.k8ssandra.io/v1alpha1

Resource Types:

MedusaBackupJob

MedusaBackupJob is the Schema for the medusabackupjobs API

Name Type Description Required

apiVersion

string

medusa.k8ssandra.io.v1alpha1

true

kind

string

MedusaBackupJob

true

metadata

object

Refer to the Kubernetes API documentation for the fields of the metadata field.

true

spec

object

MedusaBackupJobSpec defines the desired state of MedusaBackupJob

false

status

object

MedusaBackupJobStatus defines the observed state of MedusaBackupJob

false

MedusaBackupJob.spec

MedusaBackupJobSpec defines the desired state of MedusaBackupJob

Name Type Description Required

cassandraDatacenter

string

The name of the CassandraDatacenter to back up

true

backupType

enum

The type of the backup: "full" or "differential"

  • Enum: differential, full

  • Default: differential

false

MedusaBackupJob.status

MedusaBackupJobStatus defines the observed state of MedusaBackupJob

Name Type Description Required

failed

[]string

false

finishTime

string

  • Format: date-time

false

finished

[]string

false

inProgress

[]string

false

startTime

string

  • Format: date-time

false

MedusaBackup

MedusaBackup is the Schema for the medusabackups API

Name Type Description Required

apiVersion

string

medusa.k8ssandra.io.v1alpha1

true

kind

string

MedusaBackup

true

metadata

object

Refer to the Kubernetes API documentation for the fields of the metadata field.

true

spec

object

MedusaBackupSpec defines the desired state of MedusaBackup

false

status

object

MedusaBackupStatus defines the observed state of MedusaBackup

false

MedusaBackup.spec

MedusaBackupSpec defines the desired state of MedusaBackup

Name Type Description Required

cassandraDatacenter

string

The name of the CassandraDatacenter to back up

true

backupType

enum

The type of the backup: "full" or "differential"

  • Enum: differential, full

  • Default: differential

false

MedusaBackup.status

MedusaBackupStatus defines the observed state of MedusaBackup

Name Type Description Required

finishTime

string

  • Format: date-time

false

finishedNodes

integer

  • Format: int32

false

nodes

[]object

false

startTime

string

  • Format: date-time

false

status

string

false

totalFiles

integer

  • Format: int64

false

totalNodes

integer

  • Format: int32

false

totalSize

string

false

MedusaBackup.status.nodes[index]

Name Type Description Required

datacenter

string

false

host

string

false

rack

string

false

tokens

[]integer

false

MedusaBackupSchedule

MedusaBackupSchedule is the Schema for the medusabackupschedules API

Name Type Description Required

apiVersion

string

medusa.k8ssandra.io.v1alpha1

true

kind

string

MedusaBackupSchedule

true

metadata

object

Refer to the Kubernetes API documentation for the fields of the metadata field.

true

spec

object

MedusaBackupScheduleSpec defines the desired state of MedusaBackupSchedule

false

status

object

MedusaBackupScheduleStatus defines the observed state of MedusaBackupSchedule

false

MedusaBackupSchedule.spec

MedusaBackupScheduleSpec defines the desired state of MedusaBackupSchedule

Name Type Description Required

backupSpec

object

BackupSpec defines the MedusaBackup to be created for this job

true

cronSchedule

string

CronSchedule is a cronjob format schedule for backups. Overrides any easier methods of defining the schedule

true

concurrencyPolicy

string

Specifics if this backup task can be run concurrently with other active backup tasks. Valid values are: - "Allow": allows multiple Tasks to run concurrently on Cassandra cluster - "Forbid" (default): only a single task is executed at once The "Allow" property is only valid if all the other active Tasks have "Allow" as well.

false

disabled

boolean

Disabled if set ensures this job is not scheduling anything

false

MedusaBackupSchedule.spec.backupSpec

BackupSpec defines the MedusaBackup to be created for this job

Name Type Description Required

cassandraDatacenter

string

The name of the CassandraDatacenter to back up

true

backupType

enum

The type of the backup: "full" or "differential"

  • Enum: differential, full

  • Default: differential

false

MedusaBackupSchedule.status

MedusaBackupScheduleStatus defines the observed state of MedusaBackupSchedule

Name Type Description Required

lastExecution

string

LastExecution tells when the backup was last time taken. If empty, the backup has never been taken

  • Format: date-time

false

nextSchedule

string

NextSchedule indicates when the next backup is going to be done

  • Format: date-time

false

MedusaConfiguration

MedusaConfiguration is the Schema for the medusaconfigurations API

Name Type Description Required

apiVersion

string

medusa.k8ssandra.io.v1alpha1

true

kind

string

MedusaConfiguration

true

metadata

object

Refer to the Kubernetes API documentation for the fields of the metadata field.

true

spec

object

MedusaConfigurationSpec defines the desired state of MedusaConfiguration

false

status

object

MedusaConfigurationStatus defines the observed state of MedusaConfiguration

false

MedusaConfiguration.spec

MedusaConfigurationSpec defines the desired state of MedusaConfiguration

Name Type Description Required

storageProperties

object

StorageProperties defines the storage backend settings to use for the backups.

false

MedusaConfiguration.spec.storageProperties

StorageProperties defines the storage backend settings to use for the backups.

Name Type Description Required

apiProfile

string

AWS Profile to use for authentication.

false

backupGracePeriodInDays

integer

Age after which orphan sstables can be deleted from the storage backend. Protects from race conditions between purge and ongoing backups. Defaults to 10 days.

false

bucketName

string

The name of the bucket to use for the backups.

false

concurrentTransfers

integer

Number of concurrent uploads. Helps maximizing the speed of uploads but puts more pressure on the network. Defaults to 0.

  • Default: 0

false

credentialsType

enum

Type of credentials to use for authentication. Can be "role-based", "credential-based" or empty.

  • Enum: role-based, credential-based

false

host

string

Host to connect to for the storage backend.

false

maxBackupAge

integer

Maximum backup age that the purge process should observe.

  • Default: 0

false

maxBackupCount

integer

Maximum number of backups to keep (used by the purge process). Default is unlimited.

  • Default: 0

false

multiPartUploadThreshold

integer

File size over which cloud specific cli tools are used for transfer. Defaults to 100 MB.

  • Default: 104857600

false

podStorage

object

Pod storage settings for the local storage provider

false

port

integer

Port to connect to for the storage backend.

false

prefix

string

Name of the top level folder in the backup bucket. If empty, the cluster name will be used.

false

region

string

Region of the storage bucket. Defaults to "default".

false

secure

boolean

Whether to use SSL for the storage backend.

false

sslVerify

boolean

When using SSL, whether to also verify the certificate.

false

storageProvider

enum

The storage backend to use for the backups.

  • Enum: google_storage, azure_blobs, s3, s3_compatible, s3_rgw, ibm_storage

false

storageSecretRef

object

Kubernetes Secret that stores the key file for the storage provider’s API. If using 'local' storage, this value is ignored.

false

transferMaxBandwidth

string

Max upload bandwidth in MB/s. Defaults to 50 MB/s.

  • Default: 50MB/s

false

MedusaConfiguration.spec.storageProperties.podStorage

Pod storage settings for the local storage provider

Name Type Description Required

accessModes

[]string

Pod local storage access modes

false

size

int or string

Size of the pod’s storage in bytes. Defaults to 10 GB.

  • Default: 10Gi

false

storageClassName

string

Storage class name to use for the pod’s storage.

false

MedusaConfiguration.spec.storageProperties.storageSecretRef

Kubernetes Secret that stores the key file for the storage provider’s API. If using 'local' storage, this value is ignored.

Name Type Description Required

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?

false

MedusaConfiguration.status

MedusaConfigurationStatus defines the observed state of MedusaConfiguration

Name Type Description Required

conditions

[]object

false

MedusaConfiguration.status.conditions[index]

Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example,

type FooStatus struct{
    // Represents the observations of a foo's current state.
    // Known .status.conditions.type are: "Available", "Progressing", and "Degraded"
    // +patchMergeKey=type
    // +patchStrategy=merge
    // +listType=map
    // +listMapKey=type
    Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"`
    // other fields
}
Name Type Description Required

lastTransitionTime

string

lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.

  • Format: date-time

true

message

string

message is a human readable message indicating details about the transition. This may be an empty string.

true

reason

string

reason contains a programmatic identifier indicating the reason for the condition’s last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.

true

status

enum

status of the condition, one of True, False, Unknown.

  • Enum: True, False, Unknown

true

type

string

type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)

true

observedGeneration

integer

observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.

  • Format: int64

  • Minimum: 0

false

MedusaRestoreJob

MedusaRestoreJob is the Schema for the medusarestorejobs API

Name Type Description Required

apiVersion

string

medusa.k8ssandra.io.v1alpha1

true

kind

string

MedusaRestoreJob

true

metadata

object

Refer to the Kubernetes API documentation for the fields of the metadata field.

true

spec

object

MedusaRestoreJobSpec defines the desired state of MedusaRestoreJob

false

status

object

MedusaRestoreJobStatus defines the observed state of MedusaRestoreJob

false

MedusaRestoreJob.spec

MedusaRestoreJobSpec defines the desired state of MedusaRestoreJob

Name Type Description Required

backup

string

The name of the MedusaBackup to restore.

true

cassandraDatacenter

string

Name of the Cassandra datacenter to perform the restore on.

true

MedusaRestoreJob.status

MedusaRestoreJobStatus defines the observed state of MedusaRestoreJob

Name Type Description Required

restoreKey

string

A unique key that identifies the restore operation.

true

datacenterStopped

string

  • Format: date-time

false

failed

[]string

false

finishTime

string

  • Format: date-time

false

finished

[]string

false

inProgress

[]string

false

message

string

Message gives the reason why restore operation failed

false

restoreMapping

object

Mapping between source and target nodes for a restore

false

restorePrepared

boolean

false

startTime

string

  • Format: date-time

false

MedusaRestoreJob.status.restoreMapping

Mapping between source and target nodes for a restore

Name Type Description Required

host_map

map[string]object

Mapping between source and target nodes for a restore

false

in_place

boolean

Whether the restore is in-place or not

false

MedusaRestoreJob.status.restoreMapping.host_map[key]

Name Type Description Required

seed

boolean

true

source

[]string

true

Medusa

Name Type Description Required

apiVersion

string

medusa.k8ssandra.io.v1alpha1

true

kind

string

Medusa

true

metadata

object

Refer to the Kubernetes API documentation for the fields of the metadata field.

true

spec

object

MedusaSpec defines the desired state of Medusa.

false

Medusa.spec

MedusaSpec defines the desired state of Medusa.

Name Type Description Required

cassandraUserSecretRef

string

Defines the username and password that Medusa will use to authenticate CQL connections to Cassandra clusters. These credentials will be automatically turned into CQL roles by cass-operator when bootstrapping the datacenter, then passed to the Medusa instances, so that it can authenticate against nodes in the datacenter using CQL. The secret must be in the same namespace as Cassandra and must contain two keys: "username" and "password".

false

containerImage

object

MedusaContainerImage is the image characteristics to use for Medusa containers. Leave nil to use a default image.

false

securityContext

object

SecurityContext applied to the Medusa containers.

false

storageProperties

object

Provides all storage backend related properties for backups.

false

Medusa.spec.containerImage

MedusaContainerImage is the image characteristics to use for Medusa containers. Leave nil to use a default image.

Name Type Description Required

repository

string

  • Default: k8ssandra/medusa

true

imagePullSecret

object

LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.

false

pullPolicy

string

PullPolicy describes a policy for if/when to pull a container image

  • Default: IfNotPresent

false

registry

string

  • Default: docker.io

false

tag

string

  • Default: latest

false

Medusa.spec.containerImage.imagePullSecret

LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.

Name Type Description Required

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?

false

Medusa.spec.securityContext

SecurityContext applied to the Medusa containers.

Name Type Description Required

allowPrivilegeEscalation

boolean

AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN

false

capabilities

object

The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime.

false

privileged

boolean

Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false.

false

procMount

string

procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled.

false

readOnlyRootFilesystem

boolean

Whether this container has a read-only root filesystem. Default is false.

false

runAsGroup

integer

The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

  • Format: int64

false

runAsNonRoot

boolean

Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

false

runAsUser

integer

The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

  • Format: int64

false

seLinuxOptions

object

The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

false

seccompProfile

object

The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options.

false

windowsOptions

object

The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

false

Medusa.spec.securityContext.capabilities

The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime.

Name Type Description Required

add

[]string

Added capabilities

false

drop

[]string

Removed capabilities

false

Medusa.spec.securityContext.seLinuxOptions

The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

Name Type Description Required

level

string

Level is SELinux level label that applies to the container.

false

role

string

Role is a SELinux role label that applies to the container.

false

type

string

Type is a SELinux type label that applies to the container.

false

user

string

User is a SELinux user label that applies to the container.

false

Medusa.spec.securityContext.seccompProfile

The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options.

Name Type Description Required

type

string

type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.

true

localhostProfile

string

localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet’s configured seccomp profile location. Must only be set if type is "Localhost".

false

Medusa.spec.securityContext.windowsOptions

The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

Name Type Description Required

gmsaCredentialSpec

string

GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.

false

gmsaCredentialSpecName

string

GMSACredentialSpecName is the name of the GMSA credential spec to use.

false

hostProcess

boolean

HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod’s containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.

false

runAsUserName

string

The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

false

Medusa.spec.storageProperties

Provides all storage backend related properties for backups.

Name Type Description Required

apiProfile

string

AWS Profile to use for authentication.

false

backupGracePeriodInDays

integer

Age after which orphan sstables can be deleted from the storage backend. Protects from race conditions between purge and ongoing backups. Defaults to 10 days.

false

bucketName

string

The name of the bucket to use for the backups.

false

concurrentTransfers

integer

Number of concurrent uploads. Helps maximizing the speed of uploads but puts more pressure on the network. Defaults to 1.

  • Default: 1

false

host

string

Host to connect to for the storage backend.

false

maxBackupAge

integer

Maximum backup age that the purge process should observe.

  • Default: 0

false

maxBackupCount

integer

Maximum number of backups to keep (used by the purge process). Default is unlimited.

  • Default: 0

false

multiPartUploadThreshold

integer

File size over which cloud specific cli tools are used for transfer. Defaults to 100 MB.

  • Default: 104857600

false

port

integer

Port to connect to for the storage backend.

false

prefix

string

Name of the top level folder in the backup bucket. If empty, the cluster name will be used.

false

region

string

Region of the storage bucket. Defaults to "default".

false

secure

boolean

Whether to use SSL for the storage backend.

false

storageProvider

enum

The storage backend to use for the backups.

  • Enum: local, google_storage, azure_blobs, s3, s3_compatible, s3_rgw, ibm_storage

false

storageSecretRef

string

Kubernetes Secret that stores the key file for the storage provider’s API. If using 'local' storage, this value is ignored.

false

transferMaxBandwidth

string

Max upload bandwidth in MB/s. Defaults to 50 MB/s.

  • Default: 50MB/s

false

MedusaTask

MedusaTask is the Schema for the MedusaTasks API

Name Type Description Required

apiVersion

string

medusa.k8ssandra.io.v1alpha1

true

kind

string

MedusaTask

true

metadata

object

Refer to the Kubernetes API documentation for the fields of the metadata field.

true

spec

object

MedusaTaskSpec defines the desired state of MedusaTask

false

status

object

MedusaTaskStatus defines the observed state of MedusaTask

false

MedusaTask.spec

MedusaTaskSpec defines the desired state of MedusaTask

Name Type Description Required

cassandraDatacenter

string

The name of the CassandraDatacenter to run the task on

true

backupName

string

Name of the backup. Will be necessary for operations such as verify or status.

false

operation

enum

Requested operation to perform.

  • Enum: sync, purge, prepare_restore

false

restoreKey

string

Restore key to use for the prepare_restore operation.

false

MedusaTask.status

MedusaTaskStatus defines the observed state of MedusaTask

Name Type Description Required

failed

[]string

false

finishTime

string

  • Format: date-time

false

finished

[]object

false

inProgress

[]string

false

startTime

string

  • Format: date-time

false

MedusaTask.status.finished[index]

Name Type Description Required

nbBackupsPurged

integer

Number of backups that were purged. Only populated for purge tasks.

false

nbObjectsPurged

integer

Number of objects/files that were purged. Only populated for purge tasks.

false

podName

string

Name of the pod that ran the task. Always populated.

false

totalObjectsWithinGcGrace

integer

Number of objects that couldn’t be deleted due to Medusa GC grace. Only populated for purge tasks.

false

totalPurgedSize

integer

Total size of purged files. Only populated for purge tasks.

false

Was this helpful?

Give Feedback

How can we improve the documentation?

© 2025 DataStax | Privacy policy | Terms of use

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: +1 (650) 389-6000, info@datastax.com