mirror of
https://github.com/bitnami/charts.git
synced 2026-03-06 15:10:15 +08:00
[bitnami/mongodb] Simplify and fix externalAccess configuration (#25397)
* [bitnami/mongodb] Simplify and fix externalAccess configuration Signed-off-by: Fran Mulero <fmulero@vmware.com> * Version bump Signed-off-by: Fran Mulero <fmulero@vmware.com> * Update README.md with readme-generator-for-helm Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com> * Change validations Signed-off-by: Fran Mulero <fmulero@vmware.com> * Create init container to wait for dns resolution Signed-off-by: Fran Mulero <fmulero@vmware.com> * Update README.md with readme-generator-for-helm Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com> * Amend MONGODB_INITIAL_PRIMARY_HOST on arbiter statefulset Signed-off-by: Fran Mulero <fmulero@vmware.com> * Add documentation Signed-off-by: Fran Mulero <fmulero@vmware.com> * Fix Chart copyright and little fix on replicaset statefulset Signed-off-by: Fran Mulero <fmulero@vmware.com> * Remove local addresses and IPs from certificate definition Signed-off-by: Fran Mulero <fmulero@vmware.com> * Add mongosh home directory to avoid this message: Could not access file: ENOENT: no such file or directory, mkdir '/.mongodb/mongosh' Signed-off-by: Fran Mulero <fmulero@vmware.com> * Add README note about hostAliases Signed-off-by: Fran Mulero <fmulero@vmware.com> --------- Signed-off-by: Fran Mulero <fmulero@vmware.com> Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com> Co-authored-by: Bitnami Containers <bitnami-bot@vmware.com>
This commit is contained in:
Fran Mulero
@@ -39,4 +39,4 @@ maintainers:
|
||||
name: mongodb
|
||||
sources:
|
||||
- https://github.com/bitnami/charts/tree/main/bitnami/mongodb
|
||||
version: 15.2.0
|
||||
version: 15.3.0
|
||||
|
||||
@@ -147,37 +147,63 @@ In order to access MongoDB(®) nodes from outside the cluster when using a re
|
||||
|
||||
#### Use LoadBalancer services
|
||||
|
||||
Two alternatives are available to use *LoadBalancer* services:
|
||||
Three alternatives are available to use *LoadBalancer* services:
|
||||
|
||||
- Use random load balancer IP addresses using an *initContainer* that waits for the IP addresses to be ready and discovers them automatically. An example deployment configuration is shown below:
|
||||
|
||||
```text
|
||||
architecture=replicaset
|
||||
replicaCount=2
|
||||
externalAccess.enabled=true
|
||||
externalAccess.service.type=LoadBalancer
|
||||
externalAccess.service.port=27017
|
||||
externalAccess.autoDiscovery.enabled=true
|
||||
serviceAccount.create=true
|
||||
rbac.create=true
|
||||
```yaml
|
||||
architecture: replicaset
|
||||
replicaCount: 2
|
||||
externalAccess:
|
||||
enabled: true
|
||||
service:
|
||||
type: LoadBalancer
|
||||
autoDiscovery:
|
||||
enabled: true
|
||||
serviceAccount:
|
||||
create: true
|
||||
automountServiceAccountToken: true
|
||||
rbac:
|
||||
create: true
|
||||
```
|
||||
|
||||
> NOTE: This option requires creating RBAC rules on clusters where RBAC policies are enabled.
|
||||
|
||||
- Manually specify the load balancer IP addresses. An example deployment configuration is shown below, with the placeholder EXTERNAL-IP-ADDRESS-X used in place of the load balancer IP addresses:
|
||||
|
||||
```text
|
||||
architecture=replicaset
|
||||
replicaCount=2
|
||||
externalAccess.enabled=true
|
||||
externalAccess.service.type=LoadBalancer
|
||||
externalAccess.service.port=27017
|
||||
externalAccess.service.loadBalancerIPs[0]='EXTERNAL-IP-ADDRESS-1'
|
||||
externalAccess.service.loadBalancerIPs[1]='EXTERNAL-IP-ADDRESS-2'
|
||||
```yaml
|
||||
architecture: replicaset
|
||||
replicaCount: 2
|
||||
externalAccess:
|
||||
enabled: true
|
||||
service:
|
||||
type: LoadBalancer
|
||||
loadBalancerIPs:
|
||||
- 'EXTERNAL-IP-ADDRESS-1'
|
||||
- 'EXTERNAL-IP-ADDRESS-2'
|
||||
```
|
||||
|
||||
> NOTE: This option requires knowing the load balancer IP addresses, so that each MongoDB® node's advertised hostname is configured with it.
|
||||
|
||||
- Specify `externalAccess.service.publicNames`. These names must be resolvable by the MongoDB® containers. To ensure that, if this value is set, an initContainer is added to wait for the ip addresses associated to those names. We can combine this feature with `external-dns`, setting the required annotations to configure the load balancer names:
|
||||
|
||||
```yaml
|
||||
architecture: replicaset
|
||||
replicaCount: 2
|
||||
externalAccess:
|
||||
enabled: true
|
||||
service:
|
||||
type: LoadBalancer
|
||||
publicNames:
|
||||
- 'mongodb-0.example.com'
|
||||
- 'mongodb-1.example.com'
|
||||
annotationsList:
|
||||
- external-dns.alpha.kubernetes.io/hostname: mongodb-0.example.com
|
||||
- external-dns.alpha.kubernetes.io/hostname: mongodb-1.example.com
|
||||
```
|
||||
|
||||
> NOTE: If register new DNS records for those names is not an option, the release can be upgraded setting `hostAliases` with the public IPs assigned to the external services.
|
||||
|
||||
#### Use NodePort services
|
||||
|
||||
Manually specify the node ports to use. An example deployment configuration is shown below, with the placeholder NODE-PORT-X used in place of the node ports:
|
||||
@@ -333,6 +359,19 @@ To use your own CA, set `tls.caCert` and `tls.caKey` with appropriate base64 enc
|
||||
|
||||
> NOTE: Currently, only RSA private keys are supported.
|
||||
|
||||
#### Use your own certificates
|
||||
|
||||
To use your own certificates, set `tls.standalone.existingSecret`, `tls.replicaset.existingSecrets`, `tls.hidden.existingSecrets` and/or `tls.arbiter.existingSecret` secrets according to your needs. All of them must be references to `kubernetes.io/tls` secrets and the certificates must be created using the same CA. The CA can be added directly to each secret using the `ca.crt` key:
|
||||
|
||||
```shell
|
||||
kubectl create secret tls "mongodb-0-cert" --cert="mongodb-0.crt" --key="mongodb-0.key"
|
||||
kubectl patch secret "mongodb-0-cert" -p="{\"data\":{\"ca.crt\": \"$(cat ca.crt | base64 -w0 )\"}}"
|
||||
```
|
||||
|
||||
Or adding it to the "endpoint certificate" and setting the value `tls.pemChainIncluded`. If we reuse the example above, the `mongodb-0.crt` file should include CA cert and we shouldn't need to patch the secret to add the `ca.crt` set key.
|
||||
|
||||
> NOTE: Certificates should be signed for the fully qualified domain names. If `externalAccess.service.publicNames`is set, those names should be used in the certificates set in `tls.replicaset.existingSecrets`.
|
||||
|
||||
#### Access the cluster
|
||||
|
||||
To access the cluster, enable the init container which generates the MongoDB(®) server/client PEM key needed to access the cluster. Please be sure to include the `$my_hostname` section with your actual hostname, and the alternative hostnames section should contain the hostnames that should be allowed access to the MongoDB(®) replicaset. Additionally, if external access is enabled, the load balancer IP addresses are added to the alternative names list.
|
||||
@@ -562,6 +601,13 @@ If you encounter errors when working with persistent volumes, refer to our [trou
|
||||
| `externalAccess.autoDiscovery.image.pullSecrets` | Init container auto-discovery image pull secrets | `[]` |
|
||||
| `externalAccess.autoDiscovery.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if externalAccess.autoDiscovery.resources is set (externalAccess.autoDiscovery.resources is recommended for production). | `nano` |
|
||||
| `externalAccess.autoDiscovery.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
|
||||
| `externalAccess.dnsCheck.image.registry` | Init container dns-check image registry | `REGISTRY_NAME` |
|
||||
| `externalAccess.dnsCheck.image.repository` | Init container dns-check image repository | `REPOSITORY_NAME/kubectl` |
|
||||
| `externalAccess.dnsCheck.image.digest` | Init container dns-check image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `externalAccess.dnsCheck.image.pullPolicy` | Init container dns-check image pull policy | `IfNotPresent` |
|
||||
| `externalAccess.dnsCheck.image.pullSecrets` | Init container dns-check image pull secrets | `[]` |
|
||||
| `externalAccess.dnsCheck.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if externalAccess.autoDiscovery.resources is set (externalAccess.autoDiscovery.resources is recommended for production). | `nano` |
|
||||
| `externalAccess.dnsCheck.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
|
||||
| `externalAccess.externalMaster.enabled` | Use external master for bootstrapping | `false` |
|
||||
| `externalAccess.externalMaster.host` | External master host to bootstrap from | `""` |
|
||||
| `externalAccess.externalMaster.port` | Port for MongoDB(®) service external master host | `27017` |
|
||||
@@ -569,14 +615,16 @@ If you encounter errors when working with persistent volumes, refer to our [trou
|
||||
| `externalAccess.service.portName` | MongoDB(®) port name used for external access when service type is LoadBalancer | `mongodb` |
|
||||
| `externalAccess.service.ports.mongodb` | MongoDB(®) port used for external access when service type is LoadBalancer | `27017` |
|
||||
| `externalAccess.service.loadBalancerIPs` | Array of load balancer IPs for MongoDB(®) nodes | `[]` |
|
||||
| `externalAccess.service.publicNames` | Array of public names. The size should be equal to the number of replicas. | `[]` |
|
||||
| `externalAccess.service.loadBalancerClass` | loadBalancerClass when service type is LoadBalancer | `""` |
|
||||
| `externalAccess.service.loadBalancerSourceRanges` | Address(es) that are allowed when service is LoadBalancer | `[]` |
|
||||
| `externalAccess.service.allocateLoadBalancerNodePorts` | Wheter to allocate node ports when service type is LoadBalancer | `true` |
|
||||
| `externalAccess.service.allocateLoadBalancerNodePorts` | Whether to allocate node ports when service type is LoadBalancer | `true` |
|
||||
| `externalAccess.service.externalTrafficPolicy` | MongoDB(®) service external traffic policy | `Local` |
|
||||
| `externalAccess.service.nodePorts` | Array of node ports used to configure MongoDB(®) advertised hostname when service type is NodePort | `[]` |
|
||||
| `externalAccess.service.domain` | Domain or external IP used to configure MongoDB(®) advertised hostname when service type is NodePort | `""` |
|
||||
| `externalAccess.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` |
|
||||
| `externalAccess.service.annotations` | Service annotations for external access | `{}` |
|
||||
| `externalAccess.service.annotations` | Service annotations for external access. These annotations are common for all services created. | `{}` |
|
||||
| `externalAccess.service.annotationsList` | Service annotations for eache external service. This value contains a list allowing different annotations per each external service. | `[]` |
|
||||
| `externalAccess.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` |
|
||||
| `externalAccess.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
|
||||
| `externalAccess.hidden.enabled` | Enable Kubernetes external cluster access to MongoDB(®) hidden nodes | `false` |
|
||||
|
||||
@@ -74,6 +74,13 @@ Return the proper image name (for the init container auto-discovery image)
|
||||
{{- include "common.images.image" (dict "imageRoot" .Values.externalAccess.autoDiscovery.image "global" .Values.global) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the proper image name (for the init container dns-check image)
|
||||
*/}}
|
||||
{{- define "mongodb.externalAccess.dnsCheck.image" -}}
|
||||
{{- include "common.images.image" (dict "imageRoot" .Values.externalAccess.dnsCheck.image "global" .Values.global) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return the proper image name (for the TLS Certs image)
|
||||
*/}}
|
||||
@@ -85,7 +92,7 @@ Return the proper image name (for the TLS Certs image)
|
||||
Return the proper Docker Image Registry Secret Names
|
||||
*/}}
|
||||
{{- define "mongodb.imagePullSecrets" -}}
|
||||
{{- include "common.images.renderPullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image .Values.tls.image) "context" $) -}}
|
||||
{{- include "common.images.renderPullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image .Values.tls.image .Values.externalAccess.dnsCheck.image .Values.externalAccess.autoDiscovery.image) "context" $) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
@@ -221,6 +228,103 @@ Get the initialization scripts ConfigMap name.
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Get initial primary host to configure MongoDB cluster.
|
||||
*/}}
|
||||
{{- define "mongodb.initialPrimaryHost" -}}
|
||||
{{ ternary ( printf "%s-0.$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.%s" (include "mongodb.fullname" .) .Values.clusterDomain ) ( first .Values.externalAccess.service.publicNames ) ( empty .Values.externalAccess.service.publicNames ) }}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Init container definition to change/establish volume permissions.
|
||||
*/}}
|
||||
{{- define "mongodb.initContainer.volumePermissions" -}}
|
||||
- name: volume-permissions
|
||||
image: {{ include "mongodb.volumePermissions.image" . }}
|
||||
imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
|
||||
command:
|
||||
- /bin/bash
|
||||
args:
|
||||
- -ec
|
||||
- |
|
||||
mkdir -p {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }}
|
||||
chown {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }}
|
||||
find {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }}
|
||||
{{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }}
|
||||
securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }}
|
||||
{{- else }}
|
||||
securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.volumePermissions.resources }}
|
||||
resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
|
||||
{{- else if ne .Values.volumePermissions.resourcesPreset "none" }}
|
||||
resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- name: empty-dir
|
||||
mountPath: /tmp
|
||||
subPath: tmp-dir
|
||||
- name: {{ .Values.persistence.name | default "datadir" }}
|
||||
mountPath: {{ .Values.persistence.mountPath }}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Init container definition to get external IP addresses.
|
||||
*/}}
|
||||
{{- define "mongodb.initContainers.autoDiscovery" -}}
|
||||
- name: auto-discovery
|
||||
image: {{ include "mongodb.externalAccess.autoDiscovery.image" . }}
|
||||
imagePullPolicy: {{ .Values.externalAccess.autoDiscovery.image.pullPolicy | quote }}
|
||||
# We need the service account token for contacting the k8s API
|
||||
automountServiceAccountToken: true
|
||||
command:
|
||||
- /scripts/auto-discovery.sh
|
||||
env:
|
||||
- name: MY_POD_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
- name: SHARED_FILE
|
||||
value: "/shared/info.txt"
|
||||
{{- if .Values.externalAccess.autoDiscovery.resources }}
|
||||
resources: {{- toYaml .Values.externalAccess.autoDiscovery.resources | nindent 12 }}
|
||||
{{- else if ne .Values.externalAccess.autoDiscovery.resourcesPreset "none" }}
|
||||
resources: {{- include "common.resources.preset" (dict "type" .Values.externalAccess.autoDiscovery.resourcesPreset) | nindent 12 }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- name: shared
|
||||
mountPath: /shared
|
||||
- name: scripts
|
||||
mountPath: /scripts/auto-discovery.sh
|
||||
subPath: auto-discovery.sh
|
||||
- name: empty-dir
|
||||
mountPath: /tmp
|
||||
subPath: tmp-dir
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Init container definition to wait external DNS names.
|
||||
*/}}
|
||||
{{- define "mongodb.initContainers.dnsCheck" -}}
|
||||
- name: dns-check
|
||||
image: {{ include "mongodb.externalAccess.dnsCheck.image" . }}
|
||||
imagePullPolicy: {{ .Values.externalAccess.dnsCheck.image.pullPolicy | quote }}
|
||||
command:
|
||||
- /bin/bash
|
||||
args:
|
||||
- -ec
|
||||
- |
|
||||
# MONGODB_INITIAL_PRIMARY_HOST should be resolvable
|
||||
while ! (getent ahosts "{{ include "mongodb.initialPrimaryHost" . }}" | grep STREAM); do
|
||||
sleep 10
|
||||
done
|
||||
{{- if .Values.externalAccess.dnsCheck.resources }}
|
||||
resources: {{- toYaml .Values.externalAccess.dnsCheck.resources | nindent 12 }}
|
||||
{{- else if ne .Values.externalAccess.dnsCheck.resourcesPreset "none" }}
|
||||
resources: {{- include "common.resources.preset" (dict "type" .Values.externalAccess.dnsCheck.resourcesPreset) | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return true if the Arbiter should be deployed
|
||||
*/}}
|
||||
@@ -365,13 +469,17 @@ Validate values of MongoDB® - number of replicas must be the same than LoadB
|
||||
{{- define "mongodb.validateValues.loadBalancerIPsListLength" -}}
|
||||
{{- $replicaCount := int .Values.replicaCount }}
|
||||
{{- $loadBalancerListLength := len .Values.externalAccess.service.loadBalancerIPs }}
|
||||
{{- $publicNamesListLength := len .Values.externalAccess.service.publicNames }}
|
||||
{{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled (eq .Values.externalAccess.service.type "LoadBalancer") -}}
|
||||
{{- if and (not .Values.externalAccess.autoDiscovery.enabled) (eq $loadBalancerListLength 0) -}}
|
||||
{{- if and (not .Values.externalAccess.autoDiscovery.enabled) (eq $loadBalancerListLength 0) (eq $publicNamesListLength 0) -}}
|
||||
mongodb: .Values.externalAccess.service.loadBalancerIPs, .Values.externalAccess.service.publicNames
|
||||
externalAccess.service.loadBalancerIPs, externalAccess.service.publicNames or externalAccess.autoDiscovery.enabled are required when externalAccess is enabled.
|
||||
{{- else if and (not .Values.externalAccess.autoDiscovery.enabled) (not (eq $replicaCount $loadBalancerListLength )) (not (eq $loadBalancerListLength 0)) -}}
|
||||
mongodb: .Values.externalAccess.service.loadBalancerIPs
|
||||
externalAccess.service.loadBalancerIPs or externalAccess.autoDiscovery.enabled are required when externalAccess is enabled.
|
||||
{{- else if and (not .Values.externalAccess.autoDiscovery.enabled) (not (eq $replicaCount $loadBalancerListLength )) -}}
|
||||
mongodb: .Values.externalAccess.service.loadBalancerIPs
|
||||
Number of replicas ({{ $replicaCount }}) and loadBalancerIPs ({{ $loadBalancerListLength }}) array length must be the same.
|
||||
Number of replicas ({{ $replicaCount }}) and loadBalancerIPs array length ({{ $loadBalancerListLength }}) must be the same.
|
||||
{{- else if and (not .Values.externalAccess.autoDiscovery.enabled) (not (eq $replicaCount $publicNamesListLength )) (not (eq $publicNamesListLength 0)) -}}
|
||||
mongodb: .Values.externalAccess.service.publicNames
|
||||
Number of replicas ({{ $replicaCount }}) and publicNames array length ({{ $publicNamesListLength }}) must be the same.
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
@@ -384,8 +492,8 @@ Validate values of MongoDB® - number of replicas must be the same than NodeP
|
||||
{{- $nodePortListLength := len .Values.externalAccess.service.nodePorts }}
|
||||
{{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled (eq .Values.externalAccess.service.type "NodePort") -}}
|
||||
{{- if and (not .Values.externalAccess.autoDiscovery.enabled) (eq $nodePortListLength 0) -}}
|
||||
mongodb: .Values.externalAccess.service.loadBalancerIPs
|
||||
externalAccess.service.loadBalancerIPs or externalAccess.autoDiscovery.enabled are required when externalAccess is enabled.
|
||||
mongodb: .Values.externalAccess.service.nodePorts
|
||||
externalAccess.service.nodePorts or externalAccess.autoDiscovery.enabled are required when externalAccess is enabled.
|
||||
{{- else if and (not .Values.externalAccess.autoDiscovery.enabled) (not (eq $replicaCount $nodePortListLength )) -}}
|
||||
mongodb: .Values.externalAccess.service.nodePorts
|
||||
Number of replicas ({{ $replicaCount }}) and nodePorts ({{ $nodePortListLength }}) array length must be the same.
|
||||
|
||||
@@ -83,6 +83,9 @@ spec:
|
||||
{{- if .Values.arbiter.initContainers }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.arbiter.initContainers "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if and .Values.externalAccess.enabled ( or .Values.externalAccess.service.publicNames .Values.externalAccess.service.domain ) }}
|
||||
{{- include "mongodb.initContainers.dnsCheck" . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if and .Values.tls.enabled .Values.arbiter.enabled }}
|
||||
- name: generate-tls-certs
|
||||
image: {{ include "mongodb.tls.image" . }}
|
||||
@@ -156,7 +159,7 @@ spec:
|
||||
- name: MONGODB_REPLICA_SET_MODE
|
||||
value: "arbiter"
|
||||
- name: MONGODB_INITIAL_PRIMARY_HOST
|
||||
value: {{ printf "%s-0.%s.$(MY_POD_NAMESPACE).svc.%s" (include "mongodb.fullname" .) (include "mongodb.service.nameOverride" .) .Values.clusterDomain }}
|
||||
value: {{ include "mongodb.initialPrimaryHost" . | quote }}
|
||||
- name: MONGODB_REPLICA_SET_NAME
|
||||
value: {{ .Values.replicaSetName | quote }}
|
||||
- name: MONGODB_ADVERTISED_HOSTNAME
|
||||
|
||||
@@ -103,8 +103,8 @@ spec:
|
||||
{{- if .Values.externalAccess.service.loadBalancerIPs }}
|
||||
- -i {{ join "," .Values.externalAccess.service.loadBalancerIPs }}
|
||||
{{- end }}
|
||||
{{- if .Values.tls.extraDnsNames }}
|
||||
- -n {{ join "," .Values.tls.extraDnsNames }}
|
||||
{{- if or .Values.tls.extraDnsNames .Values.externalAccess.service.publicNames }}
|
||||
- -n {{ join "," ( concat .Values.tls.extraDnsNames .Values.externalAccess.service.publicNames ) }}
|
||||
{{- end }}
|
||||
{{- if .Values.tls.resources }}
|
||||
resources: {{- toYaml .Values.tls.resources | nindent 16 }}
|
||||
|
||||
@@ -81,9 +81,6 @@ data:
|
||||
{{- else }}
|
||||
DNS.3 = $svc.$MY_POD_NAMESPACE.svc.{{ .Values.clusterDomain }}
|
||||
{{- end }}
|
||||
DNS.4 = localhost
|
||||
IP.0 = ${MY_POD_HOST_IP}
|
||||
IP.1 = 127.0.0.1
|
||||
EOL
|
||||
index=2
|
||||
for ip in "${additional_ips[@]}"; do
|
||||
|
||||
@@ -89,33 +89,13 @@ spec:
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.hidden.initContainers "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if and .Values.volumePermissions.enabled .Values.hidden.persistence.enabled }}
|
||||
- name: volume-permissions
|
||||
image: {{ include "mongodb.volumePermissions.image" . }}
|
||||
imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
|
||||
command:
|
||||
- /bin/bash
|
||||
args:
|
||||
- -ec
|
||||
- |
|
||||
mkdir -p {{ printf "%s/%s" .Values.hidden.persistence.mountPath (default "" .Values.hidden.persistence.subPath) }}
|
||||
chown {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} {{ printf "%s/%s" .Values.hidden.persistence.mountPath (default "" .Values.hidden.persistence.subPath) }}
|
||||
find {{ printf "%s/%s" .Values.hidden.persistence.mountPath (default "" .Values.hidden.persistence.subPath) }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }}
|
||||
{{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }}
|
||||
securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }}
|
||||
{{- else }}
|
||||
securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.volumePermissions.resources }}
|
||||
resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
|
||||
{{- else if ne .Values.volumePermissions.resourcesPreset "none" }}
|
||||
resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- name: empty-dir
|
||||
mountPath: /tmp
|
||||
subPath: tmp-dir
|
||||
- name: datadir
|
||||
mountPath: {{ .Values.hidden.persistence.mountPath }}
|
||||
{{- include "mongodb.initContainer.volumePermissions" . | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if and .Values.externalAccess.hidden.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.hidden.service.type "LoadBalancer") }}
|
||||
{{- include "mongodb.initContainers.autoDiscovery" . | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if and .Values.externalAccess.enabled ( or .Values.externalAccess.service.publicNames .Values.externalAccess.service.domain ) }}
|
||||
{{- include "mongodb.initContainers.dnsCheck" . | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.tls.enabled }}
|
||||
- name: generate-tls-certs
|
||||
@@ -158,8 +138,8 @@ spec:
|
||||
{{- if .Values.externalAccess.hidden.service.loadBalancerIPs }}
|
||||
- -i {{ join "," .Values.externalAccess.hidden.service.loadBalancerIPs }}
|
||||
{{- end }}
|
||||
{{- if .Values.tls.extraDnsNames }}
|
||||
- -n {{ join "," .Values.tls.extraDnsNames }}
|
||||
{{- if or .Values.tls.extraDnsNames .Values.externalAccess.service.publicNames }}
|
||||
- -n {{ join "," ( concat .Values.tls.extraDnsNames .Values.externalAccess.service.publicNames ) }}
|
||||
{{- end }}
|
||||
{{- if .Values.tls.resources }}
|
||||
resources: {{- toYaml .Values.tls.resources | nindent 12 }}
|
||||
@@ -167,36 +147,6 @@ spec:
|
||||
resources: {{- include "common.resources.preset" (dict "type" .Values.tls.resourcesPreset) | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if and .Values.externalAccess.hidden.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.hidden.service.type "LoadBalancer") }}
|
||||
- name: auto-discovery
|
||||
image: {{ include "mongodb.externalAccess.autoDiscovery.image" . }}
|
||||
imagePullPolicy: {{ .Values.externalAccess.autoDiscovery.image.pullPolicy | quote }}
|
||||
command:
|
||||
- /scripts/auto-discovery.sh
|
||||
# We need the service account token for contacting the k8s API
|
||||
automountServiceAccountToken: true
|
||||
env:
|
||||
- name: MY_POD_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
- name: SHARED_FILE
|
||||
value: "/shared/info.txt"
|
||||
{{- if .Values.externalAccess.autoDiscovery.resources }}
|
||||
resources: {{- toYaml .Values.externalAccess.autoDiscovery.resources | nindent 12 }}
|
||||
{{- else if ne .Values.externalAccess.autoDiscovery.resourcesPreset "none" }}
|
||||
resources: {{- include "common.resources.preset" (dict "type" .Values.externalAccess.autoDiscovery.resourcesPreset) | nindent 12 }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- name: shared
|
||||
mountPath: /shared
|
||||
- name: scripts
|
||||
mountPath: /scripts/auto-discovery.sh
|
||||
subPath: auto-discovery.sh
|
||||
- name: empty-dir
|
||||
mountPath: /tmp
|
||||
subPath: tmp-dir
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: mongodb
|
||||
@@ -247,7 +197,7 @@ spec:
|
||||
- name: MONGODB_REPLICA_SET_MODE
|
||||
value: "hidden"
|
||||
- name: MONGODB_INITIAL_PRIMARY_HOST
|
||||
value: {{ printf "%s-0.$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.%s" (include "mongodb.fullname" .) .Values.clusterDomain }}
|
||||
value: {{ include "mongodb.initialPrimaryHost" . | quote }}
|
||||
- name: MONGODB_REPLICA_SET_NAME
|
||||
value: {{ .Values.replicaSetName | quote }}
|
||||
{{- if and .Values.replicaSetHostnames (not .Values.externalAccess.hidden.enabled) }}
|
||||
@@ -413,6 +363,9 @@ spec:
|
||||
- name: empty-dir
|
||||
mountPath: /opt/bitnami/mongodb/logs
|
||||
subPath: app-logs-dir
|
||||
- name: empty-dir
|
||||
mountPath: /.mongodb
|
||||
subPath: mongosh-home
|
||||
{{- if .Values.hidden.extraVolumeMounts }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.hidden.extraVolumeMounts "context" $) | nindent 12 }}
|
||||
{{- end }}
|
||||
|
||||
@@ -19,8 +19,9 @@ metadata:
|
||||
labels: {{- include "common.labels.standard" ( dict "customLabels" $root.Values.commonLabels "context" $ ) | nindent 4 }}
|
||||
app.kubernetes.io/component: mongodb
|
||||
pod: {{ $targetPod }}
|
||||
{{- if or $root.Values.externalAccess.service.annotations $root.Values.commonAnnotations }}
|
||||
{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list $root.Values.externalAccess.service.annotations $root.Values.commonAnnotations ) "context" $ ) }}
|
||||
{{- if or $root.Values.externalAccess.service.annotations $root.Values.commonAnnotations $root.Values.externalAccess.service.annotationsList}}
|
||||
{{- $exclusiveAnnotations := ternary ( dict ) (index $root.Values.externalAccess.service.annotationsList $i) ( lt (len $root.Values.externalAccess.service.annotationsList ) $i ) }}
|
||||
{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list $root.Values.externalAccess.service.annotations $root.Values.commonAnnotations $exclusiveAnnotations ) "context" $ ) }}
|
||||
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
|
||||
@@ -73,7 +73,7 @@ data:
|
||||
export MONGODB_ADVERTISED_HOSTNAME="$(<${SHARED_FILE})"
|
||||
{{- else }}
|
||||
ID="${MY_POD_NAME#"{{ $fullname }}-"}"
|
||||
export MONGODB_ADVERTISED_HOSTNAME=$(echo '{{ .Values.externalAccess.service.loadBalancerIPs }}' | tr -d '[]' | cut -d ' ' -f "$(($ID + 1))")
|
||||
export MONGODB_ADVERTISED_HOSTNAME=$(echo '{{ coalesce .Values.externalAccess.service.publicNames .Values.externalAccess.service.loadBalancerIPs }}' | tr -d '[]' | cut -d ' ' -f "$(($ID + 1))")
|
||||
{{- end }}
|
||||
{{- else if eq .Values.externalAccess.service.type "NodePort" }}
|
||||
ID="${MY_POD_NAME#"{{ $fullname }}-"}"
|
||||
@@ -113,7 +113,6 @@ data:
|
||||
{{- $fullname := include "mongodb.fullname" . }}
|
||||
{{- $releaseNamespace := include "mongodb.namespace" . }}
|
||||
{{- $clusterDomain := .Values.clusterDomain }}
|
||||
{{- $loadBalancerIPListLength := len .Values.externalAccess.service.loadBalancerIPs }}
|
||||
{{- $mongoList := list }}
|
||||
{{- range $e, $i := until $replicaCount }}
|
||||
{{- $mongoList = append $mongoList (printf "%s-%d.%s-headless.%s.svc.%s:%d" $fullname $i $fullname $releaseNamespace $clusterDomain $portNumber) }}
|
||||
@@ -159,7 +158,6 @@ data:
|
||||
export MONGODB_EXTRA_DATABASES_FILE=""
|
||||
export MONGODB_EXTRA_PASSWORDS_FILE=""
|
||||
fi
|
||||
|
||||
exec /opt/bitnami/scripts/mongodb/entrypoint.sh /opt/bitnami/scripts/mongodb/run.sh
|
||||
setup-hidden.sh: |-
|
||||
#!/bin/bash
|
||||
|
||||
@@ -6,7 +6,8 @@ SPDX-License-Identifier: APACHE-2.0
|
||||
{{- if eq .Values.architecture "replicaset" }}
|
||||
{{- $replicaCount := int .Values.replicaCount }}
|
||||
{{- $loadBalancerIPListLength := len .Values.externalAccess.service.loadBalancerIPs }}
|
||||
{{- if not (and .Values.externalAccess.enabled (not .Values.externalAccess.autoDiscovery.enabled) (not (eq $replicaCount $loadBalancerIPListLength )) (eq .Values.externalAccess.service.type "LoadBalancer")) }}
|
||||
{{- $publicNamesLength := len .Values.externalAccess.service.publicNames }}
|
||||
{{- if not (and .Values.externalAccess.enabled (not .Values.externalAccess.autoDiscovery.enabled) (eq .Values.externalAccess.service.type "LoadBalancer") (not (eq $replicaCount $loadBalancerIPListLength)) (not (eq $replicaCount $publicNamesLength))) }}
|
||||
apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }}
|
||||
kind: StatefulSet
|
||||
metadata:
|
||||
@@ -83,39 +84,19 @@ spec:
|
||||
terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
|
||||
{{- end }}
|
||||
enableServiceLinks: {{ .Values.enableServiceLinks }}
|
||||
{{- if or .Values.initContainers (and .Values.volumePermissions.enabled .Values.persistence.enabled) (and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled) .Values.tls.enabled }}
|
||||
{{- if or .Values.initContainers (and .Values.volumePermissions.enabled .Values.persistence.enabled) (and .Values.externalAccess.enabled (or .Values.externalAccess.autoDiscovery.enabled .Values.externalAccess.service.publicNames .Values.externalAccess.service.domain)) .Values.tls.enabled }}
|
||||
initContainers:
|
||||
{{- if .Values.initContainers }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }}
|
||||
- name: volume-permissions
|
||||
image: {{ include "mongodb.volumePermissions.image" . }}
|
||||
imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
|
||||
command:
|
||||
- /bin/bash
|
||||
args:
|
||||
- -ec
|
||||
- |
|
||||
mkdir -p {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }}
|
||||
chown {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }}
|
||||
find {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }}
|
||||
{{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }}
|
||||
securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }}
|
||||
{{- else }}
|
||||
securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.volumePermissions.resources }}
|
||||
resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
|
||||
{{- else if ne .Values.volumePermissions.resourcesPreset "none" }}
|
||||
resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- name: datadir
|
||||
mountPath: {{ .Values.persistence.mountPath }}
|
||||
- name: empty-dir
|
||||
mountPath: /tmp
|
||||
subPath: tmp-dir
|
||||
{{- include "mongodb.initContainer.volumePermissions" . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.service.type "LoadBalancer") }}
|
||||
{{- include "mongodb.initContainers.autoDiscovery" . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if and .Values.externalAccess.enabled ( or .Values.externalAccess.service.publicNames .Values.externalAccess.service.domain ) }}
|
||||
{{- include "mongodb.initContainers.dnsCheck" . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.tls.enabled }}
|
||||
- name: generate-tls-certs
|
||||
@@ -158,8 +139,8 @@ spec:
|
||||
{{- if .Values.externalAccess.service.loadBalancerIPs }}
|
||||
- -i {{ join "," .Values.externalAccess.service.loadBalancerIPs }}
|
||||
{{- end }}
|
||||
{{- if .Values.tls.extraDnsNames }}
|
||||
- -n {{ join "," .Values.tls.extraDnsNames }}
|
||||
{{- if or .Values.tls.extraDnsNames .Values.externalAccess.service.publicNames }}
|
||||
- -n {{ join "," ( concat .Values.tls.extraDnsNames .Values.externalAccess.service.publicNames ) }}
|
||||
{{- end }}
|
||||
{{- if .Values.tls.resources }}
|
||||
resources: {{- toYaml .Values.tls.resources | nindent 12 }}
|
||||
@@ -167,36 +148,6 @@ spec:
|
||||
resources: {{- include "common.resources.preset" (dict "type" .Values.tls.resourcesPreset) | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.service.type "LoadBalancer") }}
|
||||
- name: auto-discovery
|
||||
image: {{ include "mongodb.externalAccess.autoDiscovery.image" . }}
|
||||
imagePullPolicy: {{ .Values.externalAccess.autoDiscovery.image.pullPolicy | quote }}
|
||||
# We need the service account token for contacting the k8s API
|
||||
automountServiceAccountToken: true
|
||||
command:
|
||||
- /scripts/auto-discovery.sh
|
||||
env:
|
||||
- name: MY_POD_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
- name: SHARED_FILE
|
||||
value: "/shared/info.txt"
|
||||
{{- if .Values.externalAccess.autoDiscovery.resources }}
|
||||
resources: {{- toYaml .Values.externalAccess.autoDiscovery.resources | nindent 12 }}
|
||||
{{- else if ne .Values.externalAccess.autoDiscovery.resourcesPreset "none" }}
|
||||
resources: {{- include "common.resources.preset" (dict "type" .Values.externalAccess.autoDiscovery.resourcesPreset) | nindent 12 }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- name: shared
|
||||
mountPath: /shared
|
||||
- name: scripts
|
||||
mountPath: /scripts/auto-discovery.sh
|
||||
subPath: auto-discovery.sh
|
||||
- name: empty-dir
|
||||
mountPath: /tmp
|
||||
subPath: tmp-dir
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: mongodb
|
||||
@@ -243,7 +194,7 @@ spec:
|
||||
- name: K8S_SERVICE_NAME
|
||||
value: "{{ include "mongodb.service.nameOverride" . }}"
|
||||
- name: MONGODB_INITIAL_PRIMARY_HOST
|
||||
value: {{ printf "%s-0.$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.%s" (include "mongodb.fullname" .) .Values.clusterDomain }}
|
||||
value: {{ include "mongodb.initialPrimaryHost" . | quote }}
|
||||
- name: MONGODB_REPLICA_SET_NAME
|
||||
value: {{ .Values.replicaSetName | quote }}
|
||||
{{- if and .Values.replicaSetHostnames (not .Values.externalAccess.enabled) }}
|
||||
@@ -384,7 +335,10 @@ spec:
|
||||
- name: empty-dir
|
||||
mountPath: /opt/bitnami/mongodb/logs
|
||||
subPath: app-logs-dir
|
||||
- name: datadir
|
||||
- name: empty-dir
|
||||
mountPath: /.mongodb
|
||||
subPath: mongosh-home
|
||||
- name: {{ .Values.persistence.name | default "datadir" }}
|
||||
mountPath: {{ .Values.persistence.mountPath }}
|
||||
subPath: {{ .Values.persistence.subPath }}
|
||||
- name: common-scripts
|
||||
|
||||
@@ -89,33 +89,7 @@ spec:
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }}
|
||||
- name: volume-permissions
|
||||
image: {{ include "mongodb.volumePermissions.image" . }}
|
||||
imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
|
||||
command:
|
||||
- /bin/bash
|
||||
args:
|
||||
- -ec
|
||||
- |
|
||||
mkdir -p {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }}
|
||||
chown {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }}
|
||||
find {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }}
|
||||
{{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }}
|
||||
securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }}
|
||||
{{- else }}
|
||||
securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- if .Values.volumePermissions.resources }}
|
||||
resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
|
||||
{{- else if ne .Values.volumePermissions.resourcesPreset "none" }}
|
||||
resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- name: empty-dir
|
||||
mountPath: /tmp
|
||||
subPath: tmp-dir
|
||||
- name: {{ .Values.persistence.name | default "datadir" }}
|
||||
mountPath: {{ .Values.persistence.mountPath }}
|
||||
{{- include "mongodb.initContainer.volumePermissions" . | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.tls.enabled }}
|
||||
- name: generate-tls-certs
|
||||
@@ -152,8 +126,8 @@ spec:
|
||||
{{- if .Values.externalAccess.service.loadBalancerIPs }}
|
||||
- -i {{ join "," .Values.externalAccess.service.loadBalancerIPs }}
|
||||
{{- end }}
|
||||
{{- if .Values.tls.extraDnsNames }}
|
||||
- -n {{ join "," .Values.tls.extraDnsNames }}
|
||||
{{- if or .Values.tls.extraDnsNames .Values.externalAccess.service.publicNames }}
|
||||
- -n {{ join "," ( concat .Values.tls.extraDnsNames .Values.externalAccess.service.publicNames ) }}
|
||||
{{- end }}
|
||||
{{- if .Values.tls.resources }}
|
||||
resources: {{- toYaml .Values.tls.resources | nindent 12 }}
|
||||
@@ -321,6 +295,9 @@ spec:
|
||||
- name: empty-dir
|
||||
mountPath: /opt/bitnami/mongodb/logs
|
||||
subPath: app-logs-dir
|
||||
- name: empty-dir
|
||||
mountPath: /.mongodb
|
||||
subPath: mongosh-home
|
||||
- name: {{ .Values.persistence.name | default "datadir" }}
|
||||
mountPath: {{ .Values.persistence.mountPath }}
|
||||
subPath: {{ .Values.persistence.subPath }}
|
||||
|
||||
@@ -878,6 +878,56 @@ externalAccess:
|
||||
## memory: 1024Mi
|
||||
##
|
||||
resources: {}
|
||||
## Init container what mission is ensure public names can be resolved.
|
||||
##
|
||||
dnsCheck:
|
||||
## Bitnami os-shell image
|
||||
## ref: https://hub.docker.com/r/bitnami/os-shell/tags/
|
||||
## @param externalAccess.dnsCheck.image.registry [default: REGISTRY_NAME] Init container dns-check image registry
|
||||
## @param externalAccess.dnsCheck.image.repository [default: REPOSITORY_NAME/kubectl] Init container dns-check image repository
|
||||
## @skip externalAccess.dnsCheck.image.tag Init container dns-check image tag (immutable tags are recommended)
|
||||
## @param externalAccess.dnsCheck.image.digest Init container dns-check image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
|
||||
## @param externalAccess.dnsCheck.image.pullPolicy Init container dns-check image pull policy
|
||||
## @param externalAccess.dnsCheck.image.pullSecrets Init container dns-check image pull secrets
|
||||
##
|
||||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/os-shell
|
||||
tag: 12-debian-12-r19
|
||||
digest: ""
|
||||
## Specify a imagePullPolicy
|
||||
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
||||
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
|
||||
##
|
||||
pullPolicy: IfNotPresent
|
||||
## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace)
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
||||
## Example:
|
||||
## pullSecrets:
|
||||
## - myRegistryKeySecretName
|
||||
##
|
||||
pullSecrets: []
|
||||
## Init Container resource requests and limits
|
||||
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
|
||||
## We usually recommend not to specify default resources and to leave this as a conscious
|
||||
## choice for the user. This also increases chances charts run on environments with little
|
||||
## resources, such as Minikube. If you do want to specify resources, uncomment the following
|
||||
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
||||
## @param externalAccess.dnsCheck.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if externalAccess.autoDiscovery.resources is set (externalAccess.autoDiscovery.resources is recommended for production).
|
||||
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
|
||||
##
|
||||
resourcesPreset: "nano"
|
||||
## @param externalAccess.dnsCheck.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
|
||||
## Example:
|
||||
## resources:
|
||||
## requests:
|
||||
## cpu: 2
|
||||
## memory: 512Mi
|
||||
## limits:
|
||||
## cpu: 3
|
||||
## memory: 1024Mi
|
||||
##
|
||||
resources: {}
|
||||
## Parameters to configure a set of Pods that connect to an existing MongoDB(®) deployment that lies outside of Kubernetes.
|
||||
## @param externalAccess.externalMaster.enabled Use external master for bootstrapping
|
||||
## @param externalAccess.externalMaster.host External master host to bootstrap from
|
||||
@@ -908,6 +958,9 @@ externalAccess:
|
||||
## - Y.Y.Y.Y
|
||||
##
|
||||
loadBalancerIPs: []
|
||||
## @param externalAccess.service.publicNames Array of public names. The size should be equal to the number of replicas.
|
||||
##
|
||||
publicNames: []
|
||||
## @param externalAccess.service.loadBalancerClass loadBalancerClass when service type is LoadBalancer
|
||||
# ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class
|
||||
loadBalancerClass: ""
|
||||
@@ -918,7 +971,7 @@ externalAccess:
|
||||
## - 10.10.10.0/24
|
||||
##
|
||||
loadBalancerSourceRanges: []
|
||||
## @param externalAccess.service.allocateLoadBalancerNodePorts Wheter to allocate node ports when service type is LoadBalancer
|
||||
## @param externalAccess.service.allocateLoadBalancerNodePorts Whether to allocate node ports when service type is LoadBalancer
|
||||
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-nodeport-allocation
|
||||
##
|
||||
allocateLoadBalancerNodePorts: true
|
||||
@@ -942,9 +995,16 @@ externalAccess:
|
||||
## @param externalAccess.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
|
||||
##
|
||||
extraPorts: []
|
||||
## @param externalAccess.service.annotations Service annotations for external access
|
||||
## @param externalAccess.service.annotations Service annotations for external access. These annotations are common for all services created.
|
||||
##
|
||||
annotations: {}
|
||||
## @param externalAccess.service.annotationsList Service annotations for eache external service. This value contains a list allowing different annotations per each external service.
|
||||
## Eg:
|
||||
## annotationsList:
|
||||
## - external-dns.alpha.kubernetes.io/hostname: mongodb-0.example.com
|
||||
## - external-dns.alpha.kubernetes.io/hostname: mongodb-1.example.com
|
||||
##
|
||||
annotationsList: []
|
||||
## @param externalAccess.service.sessionAffinity Control where client requests go, to the same pod or round-robin
|
||||
## Values: ClientIP or None
|
||||
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
|
||||
|
||||
Reference in New Issue
Block a user