[bitnami/mongodb] support backups for standalone TLS-enabled instances (#19241)

* support backups for standalone TLS-enabled instances Signed-off-by: Brian Dols <brian.dols@inky.com> * bump mongodb chart version Signed-off-by: Brian Dols <brian.dols@inky.com> --------- Signed-off-by: Brian Dols <brian.dols@inky.com>
2026-03-16 14:57:08 +08:00 · 2023-10-05 04:28:36 -05:00
parent 80e25e342b
commit 63e8c9814f
2 changed files with 57 additions and 3 deletions
--- a/bitnami/mongodb/templates/backup/cronjob.yaml
+++ b/bitnami/mongodb/templates/backup/cronjob.yaml
@@ -39,6 +39,9 @@ spec:
      {{- if .Values.backup.cronjob.ttlSecondsAfterFinished }}
      ttlSecondsAfterFinished: {{ .Values.backup.cronjob.ttlSecondsAfterFinished }}
      {{- end }}
+      {{- if .Values.podSecurityContext.enabled }}
+      securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
+      {{- end }}
      template:
        metadata:
          labels: {{- include "common.labels.standard" . | nindent 12 }}
@@ -59,6 +62,46 @@ spec:
            {{- end }}
          {{- end }}
        spec:
+          {{- if .Values.tls.enabled }}
+          initContainers:
+            - name: generate-tls-certs
+              image: {{ include "mongodb.tls.image" . }}
+              imagePullPolicy: {{ .Values.tls.image.pullPolicy | quote }}
+              env:
+                - name: MY_POD_NAMESPACE
+                  valueFrom:
+                    fieldRef:
+                      fieldPath: metadata.namespace
+                - name: MY_POD_HOST_IP
+                  valueFrom:
+                    fieldRef:
+                      fieldPath: status.hostIP
+              volumeMounts:
+                {{- if (include "mongodb.autoGenerateCerts" .) }}
+                - name: certs-volume
+                  mountPath: /certs/CAs
+                {{- else }}
+                - name: mongodb-certs-0
+                  mountPath: /certs-0
+                {{- end }}
+                - name: certs
+                  mountPath: /certs
+                - name: common-scripts
+                  mountPath: /bitnami/scripts
+              command:
+                - /bitnami/scripts/generate-certs.sh
+              args:
+                - -s {{ include "mongodb.service.nameOverride" . }}
+                {{- if .Values.externalAccess.service.loadBalancerIPs }}
+                - -i {{ join "," .Values.externalAccess.service.loadBalancerIPs }}
+                {{- end }}
+                {{- if .Values.tls.extraDnsNames }}
+                - -n {{ join "," .Values.tls.extraDnsNames }}
+                {{- end }}
+              {{- if .Values.tls.resources }}
+              resources: {{- toYaml .Values.tls.resources | nindent 16 }}
+              {{- end }}
+          {{- end }}
          containers:
          - name: {{ include "mongodb.fullname" . }}-mongodump
            image: {{ include "mongodb.image" . }}
@@ -80,7 +123,7 @@ spec:
                value: {{ .Values.backup.cronjob.storage.mountPath }}
              {{- if .Values.tls.enabled }}
              - name: MONGODB_CLIENT_EXTRA_FLAGS
-                value: --tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert
+                value: --ssl --sslPEMKeyFile=/certs/mongodb.pem --sslCAFile=/certs/mongodb-ca-cert
              {{- end }}
            {{- if .Values.backup.cronjob.command }}
            command: {{- include "common.tplvalues.render" (dict "value" .Values.backup.cronjob.command "context" $) | nindent 14 }}
@@ -88,12 +131,19 @@ spec:
            command:
              - /bin/sh
              - -c
-              - "mongodump {{- if .Values.auth.enabled }} --username=${MONGODB_ROOT_USER} --password=${MONGODB_ROOT_PASSWORD} {{- end }} --host=${MONGODB_SERVICE_NAME} --port=${MONGODB_PORT_NUMBER} ${MONGODB_CLIENT_EXTRA_FLAGS} --oplog --gzip --archive=${MONGODUMP_DIR}/mongodump-$(date '+%Y-%m-%d-%H-%M').gz"
+              - "mongodump {{- if .Values.auth.enabled }} --username=${MONGODB_ROOT_USER} --password=${MONGODB_ROOT_PASSWORD} {{- end }} --host=${MONGODB_SERVICE_NAME} --port=${MONGODB_PORT_NUMBER} ${MONGODB_CLIENT_EXTRA_FLAGS} {{- if (eq $.Values.architecture "replicaset") }}--oplog{{- end }} --gzip --archive=${MONGODUMP_DIR}/mongodump-$(date '+%Y-%m-%d-%H-%M').gz"
            {{- end }}
            volumeMounts:
              {{- if .Values.tls.enabled }}
              - name: certs
                mountPath: /certs
+              {{- if (include "mongodb.autoGenerateCerts" .) }}
+              - name: certs-volume
+                mountPath: /certs/CAs
+              {{- else }}
+              - name: mongodb-certs-0
+                mountPath: /certs-0
+              {{- end }}
              {{- end }}
              - name: datadir
                mountPath: {{ .Values.backup.cronjob.storage.mountPath }}
@@ -102,6 +152,10 @@ spec:
              {{- include "common.tplvalues.render" ( dict "value" .Values.backup.cronjob.containerSecurityContext "context" $) | nindent 14 }}
          restartPolicy: {{ .Values.backup.cronjob.restartPolicy }}
          volumes:
+            - name: common-scripts
+              configMap:
+                name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }}
+                defaultMode: 0550
            {{- if .Values.tls.enabled }}
            - name: certs
              emptyDir: {}