Skip to main content

CRDs

important

The operator is bundled with the Custom Resource Definitions (CRDs) and cannot be deployed separately. Updating the operator will automatically update the respective CRDs.

TypesenseCluster

Typesense Kubernetes Operator is controlling the lifecycle of multiple Typesense instances in the same Kubernetes cluster by introducing TypesenseCluster, a new Custom Resource Definition:

TypesenseClusterSpec

NameDescriptionOptionalDefault
imageTypesense image
imagePullSecretsreference to the private registry authentication SecretX
adminApiKeyreference to the bootstrap SecretX
replicassize of the cluster (allowed 1, 3, 5 or 7)X3
apiPortREST/API portX8108
peeringPortpeering portX8107
resetPeersOnErrorautomatic reset of peers on errorXtrue
enableCorsenables CORSXfalse
corsDomainscomma separated list of domains allowed for CORSX
resourcesresources (request & limit)X1000m/100m
512Mi/256Mi
healthProbeTimeoutInMillisecondstimeout for waiting on the health endpoint responseX500
affinitygroup of affinity scheduling rulesX
nodeSelectornode selection constraintX
tolerationsschedule pods with matching taintsX
additionalServerConfigurationa reference to a ConfigMap holding extra configurationX
statefulSetAnnotationsuser-defined annotationsX
podAnnotationsuser-defined annotationsX
podsInheritStatefulSetAnnotationspropagate all StatefulSet annotations to PodsXfalse
serviceAnnotationsuser-defined annotationsX
storagecheck StorageSpec below
ingresscheck IngressSpec belowX
scrapersarray of DocSearchScraperSpec; check belowX
metricscheck MetricsSpec belowX
healthcheckcheck HealthCheckSpec belowX
topologySpreadConstraintshow to spread a group of pods across topology domainsX
priorityClassNamereference to a pod priority and preemption classX
securityContextcheck SecurityContextSpec belowX
incrementalQuorumRecoveryadd nodes gradually to the StatefulSet while recoveringXfalse
note
  • Add additional Typesense server configuration variables in a ConfigMap, using additionalServerConfiguration as described in: https://typesense.org/docs/28.0/api/server-configuration.html#using-environment-variables.
  • Any Typesense server configuration variable that is defined in TypesenseClusterSpec is overriding any additional reference of the same variable in additionalServerConfiguration. You can find an example of providing an additional ConfigMap in: config/samples/ts_v1alpha1_typesensecluster_kind.yaml.
  • In heavy datasets is advised to set incrementalQuorumRecovery to true and let the controller reconstruct the quorum node by node. That will smooth the leader election process while new nodes are joining but it will make recovery process last longer.

StorageSpec (optional)

NameDescriptionOptionalDefault
sizesize of the underlying PVX100Mi
storageClassNameStorageClass to be usedstandard
accessModeaccess mode for underlying PVReadWriteOnce
annotationsuser-defined annotationsX
important

As of v0.3.6, storage accessMode is introduced that supports ReadWriteOnce and ReadWriteMany.

  • If you are running on Open Telekom Cloud, you can take advantage of the additional annotations field csi.storage.k8s.io/fstype that controls how an S3 bucket is mounted into a Kubernetes pod. Using csi.storage.k8s.io/fstype: s3fs mounts an SFS Turbo, Scalable File System bucket using the S3-compatible API, which is useful when you want simple “filesystem-like” access but are okay with object-storage semantics that may not fully match POSIX behavior. Using the annotation csi.storage.k8s.io/fstype: obsfs mounts the bucket using the native OBS filesystem driver and is generally the more “OBS-native” approach; it avoids some S3FS-specific limitations and is often preferred when you want better integration with OBS. One big advantage of using these annotations is that the respective S3 buckets can be provisioned dynamically by the CSI.

  • If you are running on-premises clusters with democratic-csi installed as the CSI, you can use now use accessMode: ReadWriteMany to provision NFS-backed persistent volumes to support Typesense data volumes.

  • If you run on-premises clusters with custom S3-compatible storage (e.g., RustFS, SeaweedFS, JuiceFS, Ceph, CubeFS), you can now use accessMode: ReadWriteMany together with the juicefs-csi-driver to mount S3 buckets as persistent volumes in pods as Typesense data volumes.

  • If you run on-premises clusters or in any cloud provider, you can now attach any remote S3-compatible storage (e.g., AWS S3, Azure Blob Storage etc.), using accessMode: ReadWriteMany together with the juicefs-csi-driver to mount S3 buckets as persistent volumes in pods as Typesense data volumes.

For more information about installing and configuring JuiceFS and JuiceFS CSI Driver consult the official documentation.

IngressSpec (optional)

NameDescriptionOptionalDefault
imagenginx image to useXnginx:alpine
refererFQDN allowed to access reverse proxyXempty or the value of spec.corsDomains if set
HttpDirectivesnginx proxy HttpDirectivesX
serverDirectivesnginx proxy ServerDirectivesX
locationDirectivesnginx proxy LocationDirectivesX
hostIngress host
pathHTTP Ingress pathX/
pathTypeinterpretation of the path matchingXImplementationSpecific
clusterIssuercert-manager ClusterIssuerX
tlsSecretNameTLS Secret name to useX
ingressClassNameIngress to be used
serviceAnnotationsuser-defined annotationsX
annotationsuser-defined annotationsX
resourcesresources (request & limit)X150m/100m
64Mi/32Mi
readOnlyRootFilesystemcheck ReadOnlyRootFilesystemSpec belowX

ReadOnlyRootFilesystemSpec (optional)

NameDescriptionOptionalDefault
securityContextsecurity conf for the containerXSecurityContext{ReadOnlyRootFilesystem: true}
volumesadditional volumesX
volumeMountsadditional mounts in the containerX
note

This feature makes use of the existence of cert-manager in the cluster, but does not actively enforce it with an error. If no clusterIssuer is specified a valid certificate must be stored in a secret and the secret name must be provided in the tlsSecretName config.

If you are targeting Open Telekom Cloud, you might be interested in provisioning additionally the designated DNS solver webhook for Open Telekom Cloud. You can find it here.

caution

Although in official Typesense documentation under Production Best Practices -> Configuration is stated:

"Typesense comes built-in with a high performance HTTP server that is used by likes of Fastly in their edge servers at scale. So Typesense can be directly exposed to incoming public-facing internet traffic, without the need to place it behind another web server like Nginx/Apache or your backend API."

It is highly recommended, from this operator's perspective, to always expose Typesense behind a reverse proxy (using the referer option).

DocSearchScraperSpec (optional)

NameDescriptionOptionalDefault
namename of the scraper
imagecontainer image to use
configconfig to use
schedulecron expression; no timezone; no seconds
authConfigurationa reference to a Secret holding auth configurationX
note

If you need to scrape a target that requires authentication, you can add the authentication configuration as environment variables via authConfiguration. In order to see which options are supported currently out of the box, consult the official documentation: https://typesense.org/docs/guide/docsearch.html#authentication

MetricsSpec (optional)

NameDescriptionOptionalDefault
imagecontainer image to useXakyriako78/typesense-prometheus-exporter:0.1.9
releasePrometheus release to become a target of
intervalinterval in seconds between two scrapesX15
resourcesresources (request & limit)X100m/100m
64Mi/32Mi
tip

If you've provisioned Prometheus via kube-prometheus-stack, you can find the corresponding release value of your Prometheus instance by checking the labels of the Prometheus operator pod e.g:

kubectl describe pod {kube-prometheus-stack-operator-pod} -n {kube-prometheus-stack-namespace}

name:             promstack-kube-prometheus-operator-755485dc68-dmkw2
Namespace:        monitoring
[...]
Labels:           app=kube-prometheus-stack-operator
app.kubernetes.io/component=prometheus-operator
app.kubernetes.io/instance=promstack
app.kubernetes.io/managed-by=Helm
app.kubernetes.io/name=kube-prometheus-stack-prometheus-operator
app.kubernetes.io/part-of=kube-prometheus-stack
app.kubernetes.io/version=67.8.0
chart=kube-prometheus-stack-67.8.0
heritage=Helm
pod-template-hash=755485dc68
release=promstack
[...]

HealthCheckSpec (optional)

NameDescriptionOptionalDefault
imagecontainer image to useXakyriako78/typesense-healthcheck:0.1.8
resourcesresources (request & limit)X100m/100m
64Mi/32Mi

SecurityContextSpec (optional)

NameDescriptionOptionalDefault
podpod security contenxtXcheck specs
typesensecontainer security contenxtX
healthcheckcontainer security contenxtX
metriccontainer security contenxtX

TypesenseClusterStatus

NameDescription
phaseTypesense Cluster/Controller Operational Phase
conditionsmetav1.Conditions related to the outcome of the reconciliation (see table below)

Conditions Summary

ConditionValueReasonDescription
ConditionReadytrueQuorumReadyCluster is Operational
falseQuorumNotReadyCluster is not Operational
falseQuorumNotReadyWaitATermCluster is not Operational; Waits a Term
falseQuorumPurgedCluster is not Operational; Recreating all Pods
falseQuorumDowngradedCluster is not Operational; Scheduled to Single-Instance
falseQuorumUpgradedCluster is Operational; Scheduled to Original Size
falseQuorumNeedsAttentionXXXCluster is not Operational; Administrative Action Required