Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-03-06 15:10:15 +08:00
Code Issues Packages Projects Releases Wiki Activity

[bitnami/mongodb] Standarize mongodb (#9648)

Browse Source 
* MongoDB standarization

Signed-off-by: Fran Mulero <fmulero@vmware.com>

* Update README.md with readme-generator-for-helm

Signed-off-by: Bitnami Containers <containers@bitnami.com>

* Service review

Signed-off-by: Fran Mulero <fmulero@vmware.com>

* Amend hidden.service.portName metadata

Signed-off-by: Fran Mulero <fmulero@vmware.com>

* revert changes in values-replicaset-with-rbac

Signed-off-by: Fran Mulero <fmulero@vmware.com>

* Add upgrade codumentation

Signed-off-by: Fran Mulero <fmulero@vmware.com>

* Recover passwords from previous secrets during upgrades

Signed-off-by: Fran Mulero <fmulero@vmware.com>

* Update README.md with readme-generator-for-helm

Signed-off-by: Bitnami Containers <containers@bitnami.com>

* Amend labeels in service monitor

Signed-off-by: Fran Mulero <fmulero@vmware.com>

* Include tempplate render for extraVolumes and extraVolumeMounts

Signed-off-by: Fran Mulero <fmulero@vmware.com>

* Review PR and apply comments/suggestions

Signed-off-by: Fran Mulero <fmulero@vmware.com>

* avoid changing ownership of '.snapshot' and 'lost+found'

Signed-off-by: Fran Mulero <fmulero@vmware.com>

* Amend readme

Signed-off-by: Fran Mulero <fmulero@vmware.com>

* Amend certificate autogeneration to keep previous behavior

Signed-off-by: Fran Mulero <fmulero@vmware.com>

* Implement changes requested in PR

Signed-off-by: Fran Mulero <fmulero@vmware.com>

* Update README.md with readme-generator-for-helm

Signed-off-by: Bitnami Containers <containers@bitnami.com>

* Update VIB values

Signed-off-by: Fran Mulero <fmulero@vmware.com>

* Add sessionAffinity and fix typo in prometheus rules

Signed-off-by: Fran Mulero <fmulero@vmware.com>

* Update README.md with readme-generator-for-helm

Signed-off-by: Bitnami Containers <containers@bitnami.com>

* Apply suggestions

Signed-off-by: Fran Mulero <fmulero@vmware.com>

* Bump image version

Signed-off-by: Fran Mulero <fmulero@vmware.com>

* Review tiemouts after mongosh inclusion

Signed-off-by: Fran Mulero <fmulero@vmware.com>

* [bitnami/mongodb] Update components versions

Signed-off-by: Bitnami Containers <containers@bitnami.com>

Co-authored-by: Bitnami Containers <containers@bitnami.com>
This commit is contained in:
Fran Mulero
2022-04-29 15:37:24 +02:00
committed by GitHub
parent b61ed244e7
commit fdd8b69129
32 changed files with 1290 additions and 891 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.vib/mongodb/vib-verify.json
View File

@@ -22,7 +22,7 @@
"url": "{SHA_ARCHIVE}",
"path": "/bitnami/mongodb"
},
"runtime_parameters": "ImF1dGgiOgogICJyb290UGFzc3dvcmQiOiAiN2RNeExmY3F4TiIKICAicm9vdFVzZXIiOiAicm9vdCIKInNlcnZpY2UiOgogICJwb3J0IjogODAKICAidHlwZSI6ICJMb2FkQmFsYW5jZXIi",
"runtime_parameters": "ImF1dGgiOgogICJyb290UGFzc3dvcmQiOiAiN2RNeExmY3F4TiIKICAicm9vdFVzZXIiOiAicm9vdCIKInNlcnZpY2UiOgogICJwb3J0cyI6CiAgICAibW9uZ29kYiI6IDgwCiAgInR5cGUiOiAiTG9hZEJhbGFuY2VyIgo=",
"target_platform": {
"target_platform_id": "{VIB_ENV_TARGET_PLATFORM}",
"size": {

6
bitnami/mongodb/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: common
repository: https://charts.bitnami.com/bitnami
version: 1.13.0
digest: sha256:e83af41b39942278f8389623671732e624f28c6f1ad6ac2d937e210c5f354a18
generated: "2022-03-27T02:27:35.666937334Z"
version: 1.13.1
digest: sha256:1056dac8da880ed967a191e8d9eaf04766f77bda66a5715456d5dd4494a4a942
generated: "2022-04-29T12:16:09.930340975Z"

4
bitnami/mongodb/Chart.yaml
View File

@@ -1,7 +1,7 @@
annotations:
category: Database
apiVersion: v2
appVersion: 4.4.13
appVersion: 5.0.8
dependencies:
- name: common
repository: https://charts.bitnami.com/bitnami
@@ -26,4 +26,4 @@ name: mongodb
sources:
- https://github.com/bitnami/bitnami-docker-mongodb
- https://mongodb.org
version: 11.2.0
version: 12.0.0

494
bitnami/mongodb/README.md
View File

@@ -78,6 +78,8 @@ Refer to the [chart documentation for more information on each of these architec
| ------------------------ | --------------------------------------------------------------------------------------------------------- | --------------- |
| `nameOverride` | String to partially override mongodb.fullname template (will maintain the release name) | `""` |
| `fullnameOverride` | String to fully override mongodb.fullname template | `""` |
| `namespaceOverride` | String to fully override common.names.namespace | `""` |
| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` |
| `clusterDomain` | Default Kubernetes cluster domain | `cluster.local` |
| `extraDeploy` | Array of extra objects to deploy with the release | `[]` |
| `commonLabels` | Add labels to all the deployed resources (sub-charts are not considered). Evaluated as a template | `{}` |
@@ -89,49 +91,50 @@ Refer to the [chart documentation for more information on each of these architec
### MongoDB(&reg;) parameters
| Name | Description | Value |
| ---------------------- | ------------------------------------------------------------------------------------------------------------------------------- | ---------------------- |
| `image.registry` | MongoDB(&reg;) image registry | `docker.io` |
| `image.repository` | MongoDB(&reg;) image registry | `bitnami/mongodb` |
| `image.tag` | MongoDB(&reg;) image tag (immutable tags are recommended) | `4.4.13-debian-10-r51` |
| `image.pullPolicy` | MongoDB(&reg;) image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `image.debug` | Set to true if you would like to see extra information on logs | `false` |
| `schedulerName` | Name of the scheduler (other than default) to dispatch pods | `""` |
| `architecture` | MongoDB(&reg;) architecture (`standalone` or `replicaset`) | `standalone` |
| `useStatefulSet` | Set to true to use a StatefulSet instead of a Deployment (only when `architecture=standalone`) | `false` |
| `auth.enabled` | Enable authentication | `true` |
| `auth.rootUser` | MongoDB(&reg;) root user | `root` |
| `auth.rootPassword` | MongoDB(&reg;) root password | `""` |
| `auth.usernames` | List of custom users to be created during the initialization | `[]` |
| `auth.passwords` | List of passwords for the custom users set at `auth.usernames` | `[]` |
| `auth.databases` | List of custom databases to be created during the initialization | `[]` |
| `auth.username` | DEPRECATED: use `auth.usernames` instead | `""` |
| `auth.password` | DEPRECATED: use `auth.passwords` instead | `""` |
| `auth.database` | DEPRECATED: use `auth.databases` instead | `""` |
| `auth.replicaSetKey` | Key used for authentication in the replicaset (only when `architecture=replicaset`) | `""` |
| `auth.existingSecret` | Existing secret with MongoDB(&reg;) credentials (keys: `mongodb-password`, `mongodb-root-password`, ` mongodb-replica-set-key`) | `""` |
| `tls.enabled` | Enable MongoDB(&reg;) TLS support between nodes in the cluster as well as between mongo clients and nodes | `false` |
| `tls.autoGenerated` | Generate a custom CA and self-signed certificates | `true` |
| `tls.existingSecret` | Existing secret with TLS certificates (keys: `mongodb-ca-cert`, `mongodb-ca-key`, `client-pem`) | `""` |
| `tls.caCert` | Custom CA certificated (base64 encoded) | `""` |
| `tls.caKey` | CA certificate private key (base64 encoded) | `""` |
| `tls.image.registry` | Init container TLS certs setup image registry | `docker.io` |
| `tls.image.repository` | Init container TLS certs setup image repository | `bitnami/nginx` |
| `tls.image.tag` | Init container TLS certs setup image tag (immutable tags are recommended) | `1.21.6-debian-10-r84` |
| `tls.image.pullPolicy` | Init container TLS certs setup image pull policy | `IfNotPresent` |
| `tls.extraDnsNames` | Add extra dns names to the CA, can solve x509 auth issue for pod clients | `[]` |
| `tls.mode` | Allows to set the tls mode which should be used when tls is enabled (options: `allowTLS`, `preferTLS`, `requireTLS`) | `requireTLS` |
| `hostAliases` | Add deployment host aliases | `[]` |
| `replicaSetName` | Name of the replica set (only when `architecture=replicaset`) | `rs0` |
| `replicaSetHostnames` | Enable DNS hostnames in the replicaset config (only when `architecture=replicaset`) | `true` |
| `enableIPv6` | Switch to enable/disable IPv6 on MongoDB(&reg;) | `false` |
| `directoryPerDB` | Switch to enable/disable DirectoryPerDB on MongoDB(&reg;) | `false` |
| `systemLogVerbosity` | MongoDB(&reg;) system log verbosity level | `0` |
| `disableSystemLog` | Switch to enable/disable MongoDB(&reg;) system log | `false` |
| `disableJavascript` | Switch to enable/disable MongoDB(&reg;) server-side JavaScript execution | `false` |
| `enableJournal` | Switch to enable/disable MongoDB(&reg;) Journaling | `true` |
| `configuration` | MongoDB(&reg;) configuration file to be used for Primary and Secondary nodes | `""` |
| Name | Description | Value |
| ----------------------- | ------------------------------------------------------------------------------------------------------------------------------- | ---------------------- |
| `image.registry` | MongoDB(&reg;) image registry | `docker.io` |
| `image.repository` | MongoDB(&reg;) image registry | `bitnami/mongodb` |
| `image.tag` | MongoDB(&reg;) image tag (immutable tags are recommended) | `5.0.8-debian-10-r3` |
| `image.pullPolicy` | MongoDB(&reg;) image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `image.debug` | Set to true if you would like to see extra information on logs | `false` |
| `schedulerName` | Name of the scheduler (other than default) to dispatch pods | `""` |
| `architecture` | MongoDB(&reg;) architecture (`standalone` or `replicaset`) | `standalone` |
| `useStatefulSet` | Set to true to use a StatefulSet instead of a Deployment (only when `architecture=standalone`) | `false` |
| `auth.enabled` | Enable authentication | `true` |
| `auth.rootUser` | MongoDB(&reg;) root user | `root` |
| `auth.rootPassword` | MongoDB(&reg;) root password | `""` |
| `auth.usernames` | List of custom users to be created during the initialization | `[]` |
| `auth.passwords` | List of passwords for the custom users set at `auth.usernames` | `[]` |
| `auth.databases` | List of custom databases to be created during the initialization | `[]` |
| `auth.username` | DEPRECATED: use `auth.usernames` instead | `""` |
| `auth.password` | DEPRECATED: use `auth.passwords` instead | `""` |
| `auth.database` | DEPRECATED: use `auth.databases` instead | `""` |
| `auth.replicaSetKey` | Key used for authentication in the replicaset (only when `architecture=replicaset`) | `""` |
| `auth.existingSecret` | Existing secret with MongoDB(&reg;) credentials (keys: `mongodb-password`, `mongodb-root-password`, ` mongodb-replica-set-key`) | `""` |
| `tls.enabled` | Enable MongoDB(&reg;) TLS support between nodes in the cluster as well as between mongo clients and nodes | `false` |
| `tls.autoGenerated` | Generate a custom CA and self-signed certificates | `true` |
| `tls.existingSecret` | Existing secret with TLS certificates (keys: `mongodb-ca-cert`, `mongodb-ca-key`, `client-pem`) | `""` |
| `tls.caCert` | Custom CA certificated (base64 encoded) | `""` |
| `tls.caKey` | CA certificate private key (base64 encoded) | `""` |
| `tls.image.registry` | Init container TLS certs setup image registry | `docker.io` |
| `tls.image.repository` | Init container TLS certs setup image repository | `bitnami/nginx` |
| `tls.image.tag` | Init container TLS certs setup image tag (immutable tags are recommended) | `1.21.6-debian-10-r85` |
| `tls.image.pullPolicy` | Init container TLS certs setup image pull policy | `IfNotPresent` |
| `tls.image.pullSecrets` | Init container TLS certs specify docker-registry secret names as an array | `[]` |
| `tls.extraDnsNames` | Add extra dns names to the CA, can solve x509 auth issue for pod clients | `[]` |
| `tls.mode` | Allows to set the tls mode which should be used when tls is enabled (options: `allowTLS`, `preferTLS`, `requireTLS`) | `requireTLS` |
| `hostAliases` | Add deployment host aliases | `[]` |
| `replicaSetName` | Name of the replica set (only when `architecture=replicaset`) | `rs0` |
| `replicaSetHostnames` | Enable DNS hostnames in the replicaset config (only when `architecture=replicaset`) | `true` |
| `enableIPv6` | Switch to enable/disable IPv6 on MongoDB(&reg;) | `false` |
| `directoryPerDB` | Switch to enable/disable DirectoryPerDB on MongoDB(&reg;) | `false` |
| `systemLogVerbosity` | MongoDB(&reg;) system log verbosity level | `0` |
| `disableSystemLog` | Switch to enable/disable MongoDB(&reg;) system log | `false` |
| `disableJavascript` | Switch to enable/disable MongoDB(&reg;) server-side JavaScript execution | `false` |
| `enableJournal` | Switch to enable/disable MongoDB(&reg;) Journaling | `true` |
| `configuration` | MongoDB(&reg;) configuration file to be used for Primary and Secondary nodes | `""` |
### replicaSetConfigurationSettings settings applied during runtime (not via configuration file)
@@ -153,62 +156,65 @@ Refer to the [chart documentation for more information on each of these architec
### MongoDB(&reg;) statefulset parameters
| Name | Description | Value |
| --------------------------------------- | -------------------------------------------------------------------------------------------------------- | --------------- |
| `annotations` | Additional labels to be added to the MongoDB(&reg;) statefulset. Evaluated as a template | `{}` |
| `labels` | Annotations to be added to the MongoDB(&reg;) statefulset. Evaluated as a template | `{}` |
| `replicaCount` | Number of MongoDB(&reg;) nodes (only when `architecture=replicaset`) | `2` |
| `strategyType` | StrategyType for MongoDB(&reg;) statefulset | `RollingUpdate` |
| `podManagementPolicy` | Pod management policy for MongoDB(&reg;) | `OrderedReady` |
| `podAffinityPreset` | MongoDB(&reg;) Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `podAntiAffinityPreset` | MongoDB(&reg;) Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `nodeAffinityPreset.type` | MongoDB(&reg;) Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `nodeAffinityPreset.key` | MongoDB(&reg;) Node label key to match Ignored if `affinity` is set. | `""` |
| `nodeAffinityPreset.values` | MongoDB(&reg;) Node label values to match. Ignored if `affinity` is set. | `[]` |
| `affinity` | MongoDB(&reg;) Affinity for pod assignment | `{}` |
| `nodeSelector` | MongoDB(&reg;) Node labels for pod assignment | `{}` |
| `tolerations` | MongoDB(&reg;) Tolerations for pod assignment | `[]` |
| `topologySpreadConstraints` | MongoDB(&reg;) Spread Constraints for Pods | `[]` |
| `podLabels` | MongoDB(&reg;) pod labels | `{}` |
| `podAnnotations` | MongoDB(&reg;) Pod annotations | `{}` |
| `priorityClassName` | Name of the existing priority class to be used by MongoDB(&reg;) pod(s) | `""` |
| `runtimeClassName` | Name of the runtime class to be used by MongoDB(&reg;) pod(s) | `""` |
| `podSecurityContext.enabled` | Enable MongoDB(&reg;) pod(s)' Security Context | `true` |
| `podSecurityContext.fsGroup` | Group ID for the volumes of the MongoDB(&reg;) pod(s) | `1001` |
| `podSecurityContext.sysctls` | sysctl settings of the MongoDB(&reg;) pod(s)' | `[]` |
| `containerSecurityContext.enabled` | Enable MongoDB(&reg;) container(s)' Security Context | `true` |
| `containerSecurityContext.runAsUser` | User ID for the MongoDB(&reg;) container | `1001` |
| `containerSecurityContext.runAsNonRoot` | Set MongoDB(&reg;) container's Security Context runAsNonRoot | `true` |
| `resources.limits` | The resources limits for MongoDB(&reg;) containers | `{}` |
| `resources.requests` | The requested resources for MongoDB(&reg;) containers | `{}` |
| `livenessProbe.enabled` | Enable livenessProbe | `true` |
| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` |
| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `readinessProbe.enabled` | Enable readinessProbe | `true` |
| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` |
| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `startupProbe.enabled` | Enable startupProbe | `false` |
| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` |
| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `30` |
| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `customLivenessProbe` | Override default liveness probe for MongoDB(&reg;) containers | `{}` |
| `customReadinessProbe` | Override default readiness probe for MongoDB(&reg;) containers | `{}` |
| `customStartupProbe` | Override default startup probe for MongoDB(&reg;) containers | `{}` |
| `initContainers` | Add additional init containers for the hidden node pod(s) | `[]` |
| `sidecars` | Add additional sidecar containers for the MongoDB(&reg;) pod(s) | `[]` |
| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MongoDB(&reg;) container(s) | `[]` |
| `extraVolumes` | Optionally specify extra list of additional volumes to the MongoDB(&reg;) statefulset | `[]` |
| `pdb.create` | Enable/disable a Pod Disruption Budget creation for MongoDB(&reg;) pod(s) | `false` |
| `pdb.minAvailable` | Minimum number/percentage of MongoDB(&reg;) pods that must still be available after the eviction | `1` |
| `pdb.maxUnavailable` | Maximum number/percentage of MongoDB(&reg;) pods that may be made unavailable after the eviction | `""` |
| Name | Description | Value |
| --------------------------------------- | ---------------------------------------------------------------------------------------------------------------- | --------------- |
| `annotations` | Additional labels to be added to the MongoDB(&reg;) statefulset. Evaluated as a template | `{}` |
| `labels` | Annotations to be added to the MongoDB(&reg;) statefulset. Evaluated as a template | `{}` |
| `replicaCount` | Number of MongoDB(&reg;) nodes (only when `architecture=replicaset`) | `2` |
| `updateStrategy.type` | Strategy to use to replace existing MongoDB(&reg;) pods. When architecture=standalone and useStatefulSet=false, | `RollingUpdate` |
| `podManagementPolicy` | Pod management policy for MongoDB(&reg;) | `OrderedReady` |
| `podAffinityPreset` | MongoDB(&reg;) Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `podAntiAffinityPreset` | MongoDB(&reg;) Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `nodeAffinityPreset.type` | MongoDB(&reg;) Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `nodeAffinityPreset.key` | MongoDB(&reg;) Node label key to match Ignored if `affinity` is set. | `""` |
| `nodeAffinityPreset.values` | MongoDB(&reg;) Node label values to match. Ignored if `affinity` is set. | `[]` |
| `affinity` | MongoDB(&reg;) Affinity for pod assignment | `{}` |
| `nodeSelector` | MongoDB(&reg;) Node labels for pod assignment | `{}` |
| `tolerations` | MongoDB(&reg;) Tolerations for pod assignment | `[]` |
| `topologySpreadConstraints` | MongoDB(&reg;) Spread Constraints for Pods | `[]` |
| `lifecycleHooks` | LifecycleHook for the MongoDB(&reg;) container(s) to automate configuration before or after startup | `{}` |
| `terminationGracePeriodSeconds` | MongoDB(&reg;) Termination Grace Period | `""` |
| `podLabels` | MongoDB(&reg;) pod labels | `{}` |
| `podAnnotations` | MongoDB(&reg;) Pod annotations | `{}` |
| `priorityClassName` | Name of the existing priority class to be used by MongoDB(&reg;) pod(s) | `""` |
| `runtimeClassName` | Name of the runtime class to be used by MongoDB(&reg;) pod(s) | `""` |
| `podSecurityContext.enabled` | Enable MongoDB(&reg;) pod(s)' Security Context | `true` |
| `podSecurityContext.fsGroup` | Group ID for the volumes of the MongoDB(&reg;) pod(s) | `1001` |
| `podSecurityContext.sysctls` | sysctl settings of the MongoDB(&reg;) pod(s)' | `[]` |
| `containerSecurityContext.enabled` | Enable MongoDB(&reg;) container(s)' Security Context | `true` |
| `containerSecurityContext.runAsUser` | User ID for the MongoDB(&reg;) container | `1001` |
| `containerSecurityContext.runAsNonRoot` | Set MongoDB(&reg;) container's Security Context runAsNonRoot | `true` |
| `resources.limits` | The resources limits for MongoDB(&reg;) containers | `{}` |
| `resources.requests` | The requested resources for MongoDB(&reg;) containers | `{}` |
| `containerPorts.mongodb` | MongoDB(&reg;) container port | `27017` |
| `livenessProbe.enabled` | Enable livenessProbe | `true` |
| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` |
| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` |
| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `10` |
| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `readinessProbe.enabled` | Enable readinessProbe | `true` |
| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` |
| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `startupProbe.enabled` | Enable startupProbe | `false` |
| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` |
| `startupProbe.periodSeconds` | Period seconds for startupProbe | `20` |
| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `10` |
| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `30` |
| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `customLivenessProbe` | Override default liveness probe for MongoDB(&reg;) containers | `{}` |
| `customReadinessProbe` | Override default readiness probe for MongoDB(&reg;) containers | `{}` |
| `customStartupProbe` | Override default startup probe for MongoDB(&reg;) containers | `{}` |
| `initContainers` | Add additional init containers for the hidden node pod(s) | `[]` |
| `sidecars` | Add additional sidecar containers for the MongoDB(&reg;) pod(s) | `[]` |
| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MongoDB(&reg;) container(s) | `[]` |
| `extraVolumes` | Optionally specify extra list of additional volumes to the MongoDB(&reg;) statefulset | `[]` |
| `pdb.create` | Enable/disable a Pod Disruption Budget creation for MongoDB(&reg;) pod(s) | `false` |
| `pdb.minAvailable` | Minimum number/percentage of MongoDB(&reg;) pods that must still be available after the eviction | `1` |
| `pdb.maxUnavailable` | Maximum number/percentage of MongoDB(&reg;) pods that may be made unavailable after the eviction | `""` |
### Traffic exposure parameters
@@ -216,15 +222,19 @@ Refer to the [chart documentation for more information on each of these architec
| Name | Description | Value |
| -------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- |
| `service.nameOverride` | MongoDB(&reg;) service name | `""` |
| `service.type` | Kubernetes Service type | `ClusterIP` |
| `service.port` | MongoDB(&reg;) service port | `27017` |
| `service.portName` | MongoDB(&reg;) service port name | `mongodb` |
| `service.nodePort` | Port to bind to for NodePort and LoadBalancer service types | `""` |
| `service.clusterIP` | MongoDB(&reg;) service cluster IP | `""` |
| `service.externalIPs` | Specify the externalIP value ClusterIP service type. | `[]` |
| `service.loadBalancerIP` | loadBalancerIP for MongoDB(&reg;) Service | `""` |
| `service.loadBalancerSourceRanges` | Address(es) that are allowed when service is LoadBalancer | `[]` |
| `service.type` | Kubernetes Service type (only for standalone architecture) | `ClusterIP` |
| `service.portName` | MongoDB(&reg;) service port name (only for standalone architecture) | `mongodb` |
| `service.ports.mongodb` | MongoDB(&reg;) service port. | `27017` |
| `service.nodePorts.mongodb` | Port to bind to for NodePort and LoadBalancer service types (only for standalone architecture) | `""` |
| `service.clusterIP` | MongoDB(&reg;) service cluster IP (only for standalone architecture) | `""` |
| `service.externalIPs` | Specify the externalIP value ClusterIP service type (only for standalone architecture) | `[]` |
| `service.loadBalancerIP` | loadBalancerIP for MongoDB(&reg;) Service (only for standalone architecture) | `""` |
| `service.loadBalancerSourceRanges` | Address(es) that are allowed when service is LoadBalancer (only for standalone architecture) | `[]` |
| `service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` |
| `service.annotations` | Provide any additional annotations that may be required | `{}` |
| `service.externalTrafficPolicy` | service external traffic policy (only for standalone architecture) | `Local` |
| `service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` |
| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
| `externalAccess.enabled` | Enable Kubernetes external cluster access to MongoDB(&reg;) nodes (only for replicaset architecture) | `false` |
| `externalAccess.autoDiscovery.enabled` | Enable using an init container to auto-detect external IPs by querying the K8s API | `false` |
| `externalAccess.autoDiscovery.image.registry` | Init container auto-discovery image registry | `docker.io` |
@@ -235,53 +245,65 @@ Refer to the [chart documentation for more information on each of these architec
| `externalAccess.autoDiscovery.resources.limits` | Init container auto-discovery resource limits | `{}` |
| `externalAccess.autoDiscovery.resources.requests` | Init container auto-discovery resource requests | `{}` |
| `externalAccess.service.type` | Kubernetes Service type for external access. Allowed values: NodePort, LoadBalancer or ClusterIP | `LoadBalancer` |
| `externalAccess.service.port` | MongoDB(&reg;) port used for external access when service type is LoadBalancer | `27017` |
| `externalAccess.service.portName` | MongoDB(&reg;) port name used for external access when service type is LoadBalancer | `mongodb` |
| `externalAccess.service.ports.mongodb` | MongoDB(&reg;) port used for external access when service type is LoadBalancer | `27017` |
| `externalAccess.service.loadBalancerIPs` | Array of load balancer IPs for MongoDB(&reg;) nodes | `[]` |
| `externalAccess.service.loadBalancerSourceRanges` | Address(es) that are allowed when service is LoadBalancer | `[]` |
| `externalAccess.service.externalTrafficPolicy` | MongoDB(&reg;) service external traffic policy | `Local` |
| `externalAccess.service.nodePorts` | Array of node ports used to configure MongoDB(&reg;) advertised hostname when service type is NodePort | `[]` |
| `externalAccess.service.domain` | Domain or external IP used to configure MongoDB(&reg;) advertised hostname when service type is NodePort | `""` |
| `externalAccess.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` |
| `externalAccess.service.annotations` | Service annotations for external access | `{}` |
| `externalAccess.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` |
| `externalAccess.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
| `externalAccess.hidden.enabled` | Enable Kubernetes external cluster access to MongoDB(&reg;) hidden nodes | `false` |
| `externalAccess.hidden.service.type` | Kubernetes Service type for external access. Allowed values: NodePort or LoadBalancer | `LoadBalancer` |
| `externalAccess.hidden.service.port` | MongoDB(&reg;) port used for external access when service type is LoadBalancer | `27017` |
| `externalAccess.hidden.service.portName` | MongoDB(&reg;) port name used for external access when service type is LoadBalancer | `mongodb` |
| `externalAccess.hidden.service.ports.mongodb` | MongoDB(&reg;) port used for external access when service type is LoadBalancer | `27017` |
| `externalAccess.hidden.service.loadBalancerIPs` | Array of load balancer IPs for MongoDB(&reg;) nodes | `[]` |
| `externalAccess.hidden.service.loadBalancerSourceRanges` | Address(es) that are allowed when service is LoadBalancer | `[]` |
| `externalAccess.hidden.service.externalTrafficPolicy` | MongoDB(&reg;) service external traffic policy | `Local` |
| `externalAccess.hidden.service.nodePorts` | Array of node ports used to configure MongoDB(&reg;) advertised hostname when service type is NodePort. Length must be the same as replicaCount | `[]` |
| `externalAccess.hidden.service.domain` | Domain or external IP used to configure MongoDB(&reg;) advertised hostname when service type is NodePort | `""` |
| `externalAccess.hidden.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` |
| `externalAccess.hidden.service.annotations` | Service annotations for external access | `{}` |
| `externalAccess.hidden.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` |
| `externalAccess.hidden.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
### Persistence parameters
| Name | Description | Value |
| --------------------------------------------- | ---------------------------------------------------------------------------------- | ------------------- |
| `persistence.enabled` | Enable MongoDB(&reg;) data persistence using PVC | `true` |
| `persistence.medium` | Provide a medium for `emptyDir` volumes. | `""` |
| `persistence.existingClaim` | Provide an existing `PersistentVolumeClaim` (only when `architecture=standalone`) | `""` |
| `persistence.storageClass` | PVC Storage Class for MongoDB(&reg;) data volume | `""` |
| `persistence.accessModes` | PV Access Mode | `["ReadWriteOnce"]` |
| `persistence.size` | PVC Storage Request for MongoDB(&reg;) data volume | `8Gi` |
| `persistence.annotations` | PVC annotations | `{}` |
| `persistence.mountPath` | Path to mount the volume at | `/bitnami/mongodb` |
| `persistence.subPath` | Subdirectory of the volume to mount at | `""` |
| `persistence.volumeClaimTemplates.selector` | A label query over volumes to consider for binding (e.g. when using local volumes) | `{}` |
| `persistence.volumeClaimTemplates.requests` | Custom PVC requests attributes | `{}` |
| `persistence.volumeClaimTemplates.dataSource` | Add dataSource to the VolumeClaimTemplate | `{}` |
| Name | Description | Value |
| --------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------- | ------------------- |
| `persistence.enabled` | Enable MongoDB(&reg;) data persistence using PVC | `true` |
| `persistence.medium` | Provide a medium for `emptyDir` volumes. | `""` |
| `persistence.existingClaim` | Provide an existing `PersistentVolumeClaim` (only when `architecture=standalone`) | `""` |
| `persistence.resourcePolicy` | Setting it to "keep" to avoid removing PVCs during a helm delete operation. Leaving it empty will delete PVCs after the chart deleted | `""` |
| `persistence.storageClass` | PVC Storage Class for MongoDB(&reg;) data volume | `""` |
| `persistence.accessModes` | PV Access Mode | `["ReadWriteOnce"]` |
| `persistence.size` | PVC Storage Request for MongoDB(&reg;) data volume | `8Gi` |
| `persistence.annotations` | PVC annotations | `{}` |
| `persistence.mountPath` | Path to mount the volume at | `/bitnami/mongodb` |
| `persistence.subPath` | Subdirectory of the volume to mount at | `""` |
| `persistence.volumeClaimTemplates.selector` | A label query over volumes to consider for binding (e.g. when using local volumes) | `{}` |
| `persistence.volumeClaimTemplates.requests` | Custom PVC requests attributes | `{}` |
| `persistence.volumeClaimTemplates.dataSource` | Add dataSource to the VolumeClaimTemplate | `{}` |
### RBAC parameters
| Name | Description | Value |
| -------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
| `serviceAccount.create` | Enable creation of ServiceAccount for MongoDB(&reg;) pods | `true` |
| `serviceAccount.name` | Name of the created serviceAccount | `""` |
| `serviceAccount.annotations` | Additional Service Account annotations | `{}` |
| `rbac.create` | Whether to create & use RBAC resources or not | `false` |
| `rbac.role.rules` | Custom rules to create following the role specification | `[]` |
| `podSecurityPolicy.create` | Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later | `false` |
| `podSecurityPolicy.allowPrivilegeEscalation` | Enable privilege escalation | `false` |
| `podSecurityPolicy.privileged` | Allow privileged | `false` |
| `podSecurityPolicy.spec` | Specify the full spec to use for Pod Security Policy | `{}` |
| Name | Description | Value |
| --------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
| `serviceAccount.create` | Enable creation of ServiceAccount for MongoDB(&reg;) pods | `true` |
| `serviceAccount.name` | Name of the created serviceAccount | `""` |
| `serviceAccount.annotations` | Additional Service Account annotations | `{}` |
| `serviceAccount.automountServiceAccountToken` | Allows auto mount of ServiceAccountToken on the serviceAccount created | `true` |
| `rbac.create` | Whether to create & use RBAC resources or not | `false` |
| `rbac.rules` | Custom rules to create following the role specification | `[]` |
| `podSecurityPolicy.create` | Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later | `false` |
| `podSecurityPolicy.allowPrivilegeEscalation` | Enable privilege escalation | `false` |
| `podSecurityPolicy.privileged` | Allow privileged | `false` |
| `podSecurityPolicy.spec` | Specify the full spec to use for Pod Security Policy | `{}` |
### Volume Permissions parameters
@@ -291,7 +313,7 @@ Refer to the [chart documentation for more information on each of these architec
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `10-debian-10-r403` |
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `10-debian-10-r404` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` |
@@ -301,61 +323,79 @@ Refer to the [chart documentation for more information on each of these architec
### Arbiter parameters
| Name | Description | Value |
| -------------------------------------------- | ------------------------------------------------------------------------------------------------- | ------- |
| `arbiter.enabled` | Enable deploying the arbiter | `true` |
| `arbiter.configuration` | Arbiter configuration file to be used | `""` |
| `arbiter.hostAliases` | Add deployment host aliases | `[]` |
| `arbiter.existingConfigmap` | Name of existing ConfigMap with Arbiter configuration | `""` |
| `arbiter.command` | Override default container command (useful when using custom images) | `[]` |
| `arbiter.args` | Override default container args (useful when using custom images) | `[]` |
| `arbiter.extraFlags` | Arbiter additional command line flags | `[]` |
| `arbiter.extraEnvVars` | Extra environment variables to add to Arbiter pods | `[]` |
| `arbiter.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` |
| `arbiter.extraEnvVarsSecret` | Name of existing Secret containing extra env vars (in case of sensitive data) | `""` |
| `arbiter.annotations` | Additional labels to be added to the Arbiter statefulset | `{}` |
| `arbiter.labels` | Annotations to be added to the Arbiter statefulset | `{}` |
| `arbiter.podAffinityPreset` | Arbiter Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `arbiter.podAntiAffinityPreset` | Arbiter Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `arbiter.nodeAffinityPreset.type` | Arbiter Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `arbiter.nodeAffinityPreset.key` | Arbiter Node label key to match Ignored if `affinity` is set. | `""` |
| `arbiter.nodeAffinityPreset.values` | Arbiter Node label values to match. Ignored if `affinity` is set. | `[]` |
| `arbiter.affinity` | Arbiter Affinity for pod assignment | `{}` |
| `arbiter.nodeSelector` | Arbiter Node labels for pod assignment | `{}` |
| `arbiter.tolerations` | Arbiter Tolerations for pod assignment | `[]` |
| `arbiter.podLabels` | Arbiter pod labels | `{}` |
| `arbiter.podAnnotations` | Arbiter Pod annotations | `{}` |
| `arbiter.priorityClassName` | Name of the existing priority class to be used by Arbiter pod(s) | `""` |
| `arbiter.runtimeClassName` | Name of the runtime class to be used by Arbiter pod(s) | `""` |
| `arbiter.podSecurityContext.enabled` | Enable Arbiter pod(s)' Security Context | `true` |
| `arbiter.podSecurityContext.fsGroup` | Group ID for the volumes of the Arbiter pod(s) | `1001` |
| `arbiter.podSecurityContext.sysctls` | sysctl settings of the Arbiter pod(s)' | `[]` |
| `arbiter.containerSecurityContext.enabled` | Enable Arbiter container(s)' Security Context | `true` |
| `arbiter.containerSecurityContext.runAsUser` | User ID for the Arbiter container | `1001` |
| `arbiter.resources.limits` | The resources limits for Arbiter containers | `{}` |
| `arbiter.resources.requests` | The requested resources for Arbiter containers | `{}` |
| `arbiter.livenessProbe.enabled` | Enable livenessProbe | `true` |
| `arbiter.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` |
| `arbiter.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `arbiter.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `arbiter.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
| `arbiter.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `arbiter.readinessProbe.enabled` | Enable readinessProbe | `true` |
| `arbiter.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` |
| `arbiter.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `arbiter.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
| `arbiter.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
| `arbiter.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `arbiter.customLivenessProbe` | Override default liveness probe for Arbiter containers | `{}` |
| `arbiter.customReadinessProbe` | Override default readiness probe for Arbiter containers | `{}` |
| `arbiter.initContainers` | Add additional init containers for the Arbiter pod(s) | `[]` |
| `arbiter.sidecars` | Add additional sidecar containers for the Arbiter pod(s) | `[]` |
| `arbiter.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Arbiter container(s) | `[]` |
| `arbiter.extraVolumes` | Optionally specify extra list of additional volumes to the Arbiter statefulset | `[]` |
| `arbiter.pdb.create` | Enable/disable a Pod Disruption Budget creation for Arbiter pod(s) | `false` |
| `arbiter.pdb.minAvailable` | Minimum number/percentage of Arbiter pods that should remain scheduled | `1` |
| `arbiter.pdb.maxUnavailable` | Maximum number/percentage of Arbiter pods that may be made unavailable | `""` |
| `arbiter.service.nameOverride` | The arbiter service name | `""` |
| Name | Description | Value |
| ----------------------------------------------- | ------------------------------------------------------------------------------------------------- | --------------- |
| `arbiter.enabled` | Enable deploying the arbiter | `true` |
| `arbiter.hostAliases` | Add deployment host aliases | `[]` |
| `arbiter.configuration` | Arbiter configuration file to be used | `""` |
| `arbiter.existingConfigmap` | Name of existing ConfigMap with Arbiter configuration | `""` |
| `arbiter.command` | Override default container command (useful when using custom images) | `[]` |
| `arbiter.args` | Override default container args (useful when using custom images) | `[]` |
| `arbiter.extraFlags` | Arbiter additional command line flags | `[]` |
| `arbiter.extraEnvVars` | Extra environment variables to add to Arbiter pods | `[]` |
| `arbiter.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` |
| `arbiter.extraEnvVarsSecret` | Name of existing Secret containing extra env vars (in case of sensitive data) | `""` |
| `arbiter.annotations` | Additional labels to be added to the Arbiter statefulset | `{}` |
| `arbiter.labels` | Annotations to be added to the Arbiter statefulset | `{}` |
| `arbiter.topologySpreadConstraints` | MongoDB(&reg;) Spread Constraints for arbiter Pods | `[]` |
| `arbiter.lifecycleHooks` | LifecycleHook for the Arbiter container to automate configuration before or after startup | `{}` |
| `arbiter.terminationGracePeriodSeconds` | Arbiter Termination Grace Period | `""` |
| `arbiter.updateStrategy.type` | Strategy that will be employed to update Pods in the StatefulSet | `RollingUpdate` |
| `arbiter.podManagementPolicy` | Pod management policy for MongoDB(&reg;) | `OrderedReady` |
| `arbiter.schedulerName` | Name of the scheduler (other than default) to dispatch pods | `""` |
| `arbiter.podAffinityPreset` | Arbiter Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `arbiter.podAntiAffinityPreset` | Arbiter Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `arbiter.nodeAffinityPreset.type` | Arbiter Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `arbiter.nodeAffinityPreset.key` | Arbiter Node label key to match Ignored if `affinity` is set. | `""` |
| `arbiter.nodeAffinityPreset.values` | Arbiter Node label values to match. Ignored if `affinity` is set. | `[]` |
| `arbiter.affinity` | Arbiter Affinity for pod assignment | `{}` |
| `arbiter.nodeSelector` | Arbiter Node labels for pod assignment | `{}` |
| `arbiter.tolerations` | Arbiter Tolerations for pod assignment | `[]` |
| `arbiter.podLabels` | Arbiter pod labels | `{}` |
| `arbiter.podAnnotations` | Arbiter Pod annotations | `{}` |
| `arbiter.priorityClassName` | Name of the existing priority class to be used by Arbiter pod(s) | `""` |
| `arbiter.runtimeClassName` | Name of the runtime class to be used by Arbiter pod(s) | `""` |
| `arbiter.podSecurityContext.enabled` | Enable Arbiter pod(s)' Security Context | `true` |
| `arbiter.podSecurityContext.fsGroup` | Group ID for the volumes of the Arbiter pod(s) | `1001` |
| `arbiter.podSecurityContext.sysctls` | sysctl settings of the Arbiter pod(s)' | `[]` |
| `arbiter.containerSecurityContext.enabled` | Enable Arbiter container(s)' Security Context | `true` |
| `arbiter.containerSecurityContext.runAsUser` | User ID for the Arbiter container | `1001` |
| `arbiter.containerSecurityContext.runAsNonRoot` | Set Arbiter containers' Security Context runAsNonRoot | `true` |
| `arbiter.resources.limits` | The resources limits for Arbiter containers | `{}` |
| `arbiter.resources.requests` | The requested resources for Arbiter containers | `{}` |
| `arbiter.containerPorts.mongodb` | MongoDB(&reg;) arbiter container port | `27017` |
| `arbiter.livenessProbe.enabled` | Enable livenessProbe | `true` |
| `arbiter.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` |
| `arbiter.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` |
| `arbiter.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `10` |
| `arbiter.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
| `arbiter.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `arbiter.readinessProbe.enabled` | Enable readinessProbe | `true` |
| `arbiter.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` |
| `arbiter.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `20` |
| `arbiter.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `10` |
| `arbiter.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
| `arbiter.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `arbiter.startupProbe.enabled` | Enable startupProbe | `false` |
| `arbiter.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` |
| `arbiter.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
| `arbiter.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
| `arbiter.startupProbe.failureThreshold` | Failure threshold for startupProbe | `30` |
| `arbiter.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `arbiter.customLivenessProbe` | Override default liveness probe for Arbiter containers | `{}` |
| `arbiter.customReadinessProbe` | Override default readiness probe for Arbiter containers | `{}` |
| `arbiter.customStartupProbe` | Override default startup probe for Arbiter containers | `{}` |
| `arbiter.initContainers` | Add additional init containers for the Arbiter pod(s) | `[]` |
| `arbiter.sidecars` | Add additional sidecar containers for the Arbiter pod(s) | `[]` |
| `arbiter.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Arbiter container(s) | `[]` |
| `arbiter.extraVolumes` | Optionally specify extra list of additional volumes to the Arbiter statefulset | `[]` |
| `arbiter.pdb.create` | Enable/disable a Pod Disruption Budget creation for Arbiter pod(s) | `false` |
| `arbiter.pdb.minAvailable` | Minimum number/percentage of Arbiter pods that should remain scheduled | `1` |
| `arbiter.pdb.maxUnavailable` | Maximum number/percentage of Arbiter pods that may be made unavailable | `""` |
| `arbiter.service.nameOverride` | The arbiter service name | `""` |
| `arbiter.service.ports.mongodb` | MongoDB(&reg;) service port | `27017` |
| `arbiter.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` |
| `arbiter.service.annotations` | Provide any additional annotations that may be required | `{}` |
### Hidden Node parameters
@@ -363,6 +403,7 @@ Refer to the [chart documentation for more information on each of these architec
| Name | Description | Value |
| ---------------------------------------------------- | ---------------------------------------------------------------------------------------------------- | ------------------- |
| `hidden.enabled` | Enable deploying the hidden nodes | `false` |
| `hidden.hostAliases` | Add deployment host aliases | `[]` |
| `hidden.configuration` | Hidden node configuration file to be used | `""` |
| `hidden.existingConfigmap` | Name of existing ConfigMap with Hidden node configuration | `""` |
| `hidden.command` | Override default container command (useful when using custom images) | `[]` |
@@ -373,9 +414,13 @@ Refer to the [chart documentation for more information on each of these architec
| `hidden.extraEnvVarsSecret` | Name of existing Secret containing extra env vars (in case of sensitive data) | `""` |
| `hidden.annotations` | Additional labels to be added to thehidden node statefulset | `{}` |
| `hidden.labels` | Annotations to be added to the hidden node statefulset | `{}` |
| `hidden.topologySpreadConstraints` | MongoDB(&reg;) Spread Constraints for hidden Pods | `[]` |
| `hidden.lifecycleHooks` | LifecycleHook for the Hidden container to automate configuration before or after startup | `{}` |
| `hidden.replicaCount` | Number of hidden nodes (only when `architecture=replicaset`) | `1` |
| `hidden.strategyType` | StrategyType for hidden node statefulset | `RollingUpdate` |
| `hidden.terminationGracePeriodSeconds` | Hidden Termination Grace Period | `""` |
| `hidden.updateStrategy.type` | Strategy that will be employed to update Pods in the StatefulSet | `RollingUpdate` |
| `hidden.podManagementPolicy` | Pod management policy for hidden node | `OrderedReady` |
| `hidden.schedulerName` | Name of the scheduler (other than default) to dispatch pods | `""` |
| `hidden.podAffinityPreset` | Hidden node Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `hidden.podAntiAffinityPreset` | Hidden node Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `hidden.nodeAffinityPreset.type` | Hidden Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
@@ -388,22 +433,36 @@ Refer to the [chart documentation for more information on each of these architec
| `hidden.podAnnotations` | Hidden node Pod annotations | `{}` |
| `hidden.priorityClassName` | Name of the existing priority class to be used by hidden node pod(s) | `""` |
| `hidden.runtimeClassName` | Name of the runtime class to be used by hidden node pod(s) | `""` |
| `hidden.podSecurityContext.enabled` | Enable Hidden pod(s)' Security Context | `true` |
| `hidden.podSecurityContext.fsGroup` | Group ID for the volumes of the Hidden pod(s) | `1001` |
| `hidden.podSecurityContext.sysctls` | sysctl settings of the Hidden pod(s)' | `[]` |
| `hidden.containerSecurityContext.enabled` | Enable Hidden container(s)' Security Context | `true` |
| `hidden.containerSecurityContext.runAsUser` | User ID for the Hidden container | `1001` |
| `hidden.containerSecurityContext.runAsNonRoot` | Set Hidden containers' Security Context runAsNonRoot | `true` |
| `hidden.resources.limits` | The resources limits for hidden node containers | `{}` |
| `hidden.resources.requests` | The requested resources for hidden node containers | `{}` |
| `hidden.containerPorts.mongodb` | MongoDB(&reg;) hidden container port | `27017` |
| `hidden.livenessProbe.enabled` | Enable livenessProbe | `true` |
| `hidden.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` |
| `hidden.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `hidden.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `hidden.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` |
| `hidden.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `10` |
| `hidden.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
| `hidden.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `hidden.readinessProbe.enabled` | Enable readinessProbe | `true` |
| `hidden.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` |
| `hidden.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `hidden.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
| `hidden.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `20` |
| `hidden.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `10` |
| `hidden.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
| `hidden.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `hidden.startupProbe.enabled` | Enable startupProbe | `false` |
| `hidden.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` |
| `hidden.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
| `hidden.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
| `hidden.startupProbe.failureThreshold` | Failure threshold for startupProbe | `30` |
| `hidden.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `hidden.customLivenessProbe` | Override default liveness probe for hidden node containers | `{}` |
| `hidden.customReadinessProbe` | Override default readiness probe for hidden node containers | `{}` |
| `hidden.customStartupProbe` | Override default startup probe for MongoDB(&reg;) containers | `{}` |
| `hidden.initContainers` | Add init containers to the MongoDB(&reg;) Hidden pods. | `[]` |
| `hidden.sidecars` | Add additional sidecar containers for the hidden node pod(s) | `[]` |
| `hidden.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the hidden node container(s) | `[]` |
@@ -420,7 +479,12 @@ Refer to the [chart documentation for more information on each of these architec
| `hidden.persistence.mountPath` | The path the volume will be mounted at, useful when using different MongoDB(&reg;) images. | `/bitnami/mongodb` |
| `hidden.persistence.subPath` | The subdirectory of the volume to mount to, useful in dev environments | `""` |
| `hidden.persistence.volumeClaimTemplates.selector` | A label query over volumes to consider for binding (e.g. when using local volumes) | `{}` |
| `hidden.persistence.volumeClaimTemplates.requests` | Custom PVC requests attributes | `{}` |
| `hidden.persistence.volumeClaimTemplates.dataSource` | Set volumeClaimTemplate dataSource | `{}` |
| `hidden.service.portName` | MongoDB(&reg;) service port name | `mongodb` |
| `hidden.service.ports.mongodb` | MongoDB(&reg;) service port | `27017` |
| `hidden.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` |
| `hidden.service.annotations` | Provide any additional annotations that may be required | `{}` |
### Metrics parameters
@@ -430,19 +494,19 @@ Refer to the [chart documentation for more information on each of these architec
| `metrics.enabled` | Enable using a sidecar Prometheus exporter | `false` |
| `metrics.image.registry` | MongoDB(&reg;) Prometheus exporter image registry | `docker.io` |
| `metrics.image.repository` | MongoDB(&reg;) Prometheus exporter image repository | `bitnami/mongodb-exporter` |
| `metrics.image.tag` | MongoDB(&reg;) Prometheus exporter image tag (immutable tags are recommended) | `0.31.2-debian-10-r13` |
| `metrics.image.tag` | MongoDB(&reg;) Prometheus exporter image tag (immutable tags are recommended) | `0.31.2-debian-10-r14` |
| `metrics.image.pullPolicy` | MongoDB(&reg;) Prometheus exporter image pull policy | `IfNotPresent` |
| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `metrics.username` | String with username for the metrics exporter | `""` |
| `metrics.password` | String with password for the metrics exporter | `""` |
| `metrics.extraFlags` | String with extra flags to the metrics exporter | `""` |
| `metrics.extraUri` | Additional URI options of the metrics service | `""` |
| `metrics.resources.limits` | The resources limits for Prometheus exporter containers | `{}` |
| `metrics.resources.requests` | The requested resources for Prometheus exporter containers | `{}` |
| `metrics.containerPort` | Port of the Prometheus metrics container | `9216` |
| `metrics.service.annotations` | Annotations for Prometheus Exporter pods. Evaluated as a template. | `{}` |
| `metrics.service.type` | Type of the Prometheus metrics service | `ClusterIP` |
| `metrics.service.port` | Port of the Prometheus metrics service | `9216` |
| `metrics.service.ports.metrics` | Port of the Prometheus metrics service | `9216` |
| `metrics.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` |
| `metrics.livenessProbe.enabled` | Enable livenessProbe | `true` |
| `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `15` |
| `metrics.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `5` |
@@ -455,13 +519,25 @@ Refer to the [chart documentation for more information on each of these architec
| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` |
| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `metrics.startupProbe.enabled` | Enable startupProbe | `false` |
| `metrics.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` |
| `metrics.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
| `metrics.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
| `metrics.startupProbe.failureThreshold` | Failure threshold for startupProbe | `30` |
| `metrics.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `metrics.customLivenessProbe` | Override default liveness probe for MongoDB(&reg;) containers | `{}` |
| `metrics.customReadinessProbe` | Override default readiness probe for MongoDB(&reg;) containers | `{}` |
| `metrics.customStartupProbe` | Override default startup probe for MongoDB(&reg;) containers | `{}` |
| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using Prometheus Operator | `false` |
| `metrics.serviceMonitor.namespace` | Namespace which Prometheus is running in | `""` |
| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `30s` |
| `metrics.serviceMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `""` |
| `metrics.serviceMonitor.relabellings` | RelabelConfigs to apply to samples before scraping. | `[]` |
| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping. | `[]` |
| `metrics.serviceMonitor.metricRelabelings` | MetricsRelabelConfigs to apply to samples before ingestion. | `[]` |
| `metrics.serviceMonitor.additionalLabels` | Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with | `{}` |
| `metrics.serviceMonitor.labels` | Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with | `{}` |
| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` |
| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` |
| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` |
| `metrics.prometheusRule.enabled` | Set this to true to create prometheusRules for Prometheus operator | `false` |
| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so prometheusRules will be discovered by Prometheus | `{}` |
| `metrics.prometheusRule.namespace` | Namespace where prometheusRules resource should be created | `""` |
@@ -572,6 +648,24 @@ $ helm upgrade my-release bitnami/mongodb --set auth.rootPassword=[PASSWORD] (--
> Note: you need to substitute the placeholders [PASSWORD] and [REPLICASETKEY] with the values obtained in the installation notes.
### To 12.0.0
This major release renames several values in this chart and adds missing features, in order to be inline with the rest of assets in the Bitnami charts repository.
Affected values:
- `strategyType` is replaced by `updateStrategy`
- `service.port` is renamed to `service.ports.mongodb`
- `service.nodePort` is renamed to `service.nodePorts.mongodb`
- `externalAccess.service.port` is renamed to `externalAccess.hidden.service.ports.mongodb`
- `rbac.role.rules` is renamed to `rbac.rules`
- `externalAccess.hidden.service.port` is renamed ot `externalAccess.hidden.service.ports.mongodb`
- `hidden.strategyType` is replaced by `hidden.updateStrategy`
- `metrics.serviceMonitor.relabellings` is renamed to `metrics.serviceMonitor.relabelings`(typo fixed)
- `metrics.serviceMonitor.additionalLabels` is renamed to `metrics.serviceMonitor.labels`
Additionally also updates the MongoDB image dependency to it newest major, 5.0
### To 11.0.0
In this version, the mongodb-exporter bundled as part of this Helm chart was updated to a new version which, even it is not a major change, can contain breaking changes (from `0.11.X` to `0.30.X`).

14
bitnami/mongodb/templates/NOTES.txt
View File

@@ -23,7 +23,7 @@ In order to replicate the container startup scripts execute this command:
{{- else }}
{{- $replicaCount := int .Values.replicaCount }}
{{- $portNumber := int .Values.service.port }}
{{- $portNumber := int .Values.service.ports.mongodb }}
{{- $fullname := include "mongodb.fullname" . }}
{{- $releaseNamespace := include "mongodb.namespace" . }}
{{- $clusterDomain := .Values.clusterDomain }}
@@ -152,7 +152,7 @@ To connect to your database nodes from outside, you need to add both primary and
echo "$(kubectl get svc --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ template "mongodb.name" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=mongodb,pod" -o jsonpath='{.items[*].status.loadBalancer.ingress[0].ip}' | tr ' ' '\n')"
MongoDB&reg; nodes port: {{ .Values.externalAccess.service.port }}
MongoDB&reg; nodes port: {{ .Values.externalAccess.service.ports.mongodb }}
{{- end }}
@@ -187,8 +187,8 @@ To connect to your database from outside the cluster execute the following comma
To access the MongoDB&reg; Prometheus metrics, get the MongoDB&reg; Prometheus URL by running:
kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "mongodb.fullname" . }}-metrics {{ .Values.metrics.service.port }}:{{ .Values.metrics.service.port }} &
echo "Prometheus Metrics URL: http://127.0.0.1:{{ .Values.metrics.service.port }}/metrics"
kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "mongodb.fullname" . }}-metrics {{ .Values.metrics.service.ports.metrics }}:{{ .Values.metrics.service.ports.metrics }} &
echo "Prometheus Metrics URL: http://127.0.0.1:{{ .Values.metrics.service.ports.metrics }}/metrics"
Then, open the obtained URL in a browser.
@@ -198,7 +198,5 @@ Then, open the obtained URL in a browser.
{{- include "common.warnings.rollingTag" .Values.metrics.image }}
{{- include "common.warnings.rollingTag" .Values.externalAccess.autoDiscovery.image }}
{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }}
{{- include "mongodb.validateValues" . }}
{{- $secretName := include "mongodb.fullname" . -}}
{{- $passwordValidationErrors := include "common.validations.values.mongodb.passwords" (dict "secret" $secretName "context" $) -}}
{{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $passwordValidationErrors) "context" $) -}}
{{- include "common.warnings.rollingTag" .Values.tls.image }}
{{- include "mongodb.validateValues" . }}

50
bitnami/mongodb/templates/_helpers.tpl
View File

@@ -19,14 +19,10 @@ If release name contains chart name it will be used as a full name.
Create a default mongo service name which can be overridden.
*/}}
{{- define "mongodb.service.nameOverride" -}}
{{- if .Values.service -}}
{{- if .Values.service.nameOverride }}
{{- .Values.service.nameOverride -}}
{{- else -}}
{{ include "mongodb.fullname" . }}-headless
{{- end -}}
{{- if and .Values.service .Values.service.nameOverride -}}
{{- print .Values.service.nameOverride -}}
{{- else -}}
{{ include "mongodb.fullname" . }}-headless
{{- printf "%s-headless" (include "mongodb.fullname" .) -}}
{{- end }}
{{- end }}
@@ -34,14 +30,10 @@ Create a default mongo service name which can be overridden.
Create a default mongo arbiter service name which can be overridden.
*/}}
{{- define "mongodb.arbiter.service.nameOverride" -}}
{{- if .Values.arbiter.service -}}
{{- if .Values.arbiter.service.nameOverride }}
{{- .Values.arbiter.service.nameOverride -}}
{{- else -}}
{{ include "mongodb.fullname" . }}-arbiter-headless
{{- end -}}
{{- if and .Values.arbiter.service .Values.arbiter.service.nameOverride -}}
{{- print .Values.arbiter.service.nameOverride -}}
{{- else -}}
{{ include "mongodb.fullname" . }}-arbiter-headless
{{- printf "%s-arbiter-headless" (include "mongodb.fullname" .) -}}
{{- end }}
{{- end }}
@@ -49,68 +41,64 @@ Create a default mongo arbiter service name which can be overridden.
Return the proper MongoDB&reg; image name
*/}}
{{- define "mongodb.image" -}}
{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }}
{{- include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) -}}
{{- end -}}
{{/*
Return the proper image name (for the metrics image)
*/}}
{{- define "mongodb.metrics.image" -}}
{{ include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) }}
{{- include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) -}}
{{- end -}}
{{/*
Return the proper image name (for the init container volume-permissions image)
*/}}
{{- define "mongodb.volumePermissions.image" -}}
{{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }}
{{- include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) -}}
{{- end -}}
{{/*
Return the proper image name (for the init container auto-discovery image)
*/}}
{{- define "mongodb.externalAccess.autoDiscovery.image" -}}
{{ include "common.images.image" (dict "imageRoot" .Values.externalAccess.autoDiscovery.image "global" .Values.global) }}
{{- include "common.images.image" (dict "imageRoot" .Values.externalAccess.autoDiscovery.image "global" .Values.global) -}}
{{- end -}}
{{/*
Return the proper image name (for the TLS Certs image)
*/}}
{{- define "mongodb.tls.image" -}}
{{ include "common.images.image" (dict "imageRoot" .Values.tls.image "global" .Values.global) }}
{{- include "common.images.image" (dict "imageRoot" .Values.tls.image "global" .Values.global) -}}
{{- end -}}
{{/*
Return the proper Docker Image Registry Secret Names
*/}}
{{- define "mongodb.imagePullSecrets" -}}
{{ include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image) "global" .Values.global) }}
{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image .Values.tls.image) "global" .Values.global) -}}
{{- end -}}
{{/*
Allow the release namespace to be overridden for multi-namespace deployments in combined charts.
*/}}
{{- define "mongodb.namespace" -}}
{{- if .Values.global -}}
{{- if .Values.global.namespaceOverride }}
{{- .Values.global.namespaceOverride -}}
{{- else -}}
{{- .Release.Namespace -}}
{{- end -}}
{{- if and .Values.global .Values.global.namespaceOverride -}}
{{- print .Values.global.namespaceOverride -}}
{{- else -}}
{{- .Release.Namespace -}}
{{- print .Release.Namespace -}}
{{- end }}
{{- end -}}
{{- define "mongodb.serviceMonitor.namespace" -}}
{{- if .Values.metrics.serviceMonitor.namespace -}}
{{- .Values.metrics.serviceMonitor.namespace -}}
{{- print .Values.metrics.serviceMonitor.namespace -}}
{{- else -}}
{{- include "mongodb.namespace" . -}}
{{- end }}
{{- end -}}
{{- define "mongodb.prometheusRule.namespace" -}}
{{- if .Values.metrics.prometheusRule.namespace -}}
{{- .Values.metrics.prometheusRule.namespace -}}
{{- print .Values.metrics.prometheusRule.namespace -}}
{{- else -}}
{{- include "mongodb.namespace" . -}}
{{- end }}
@@ -123,9 +111,9 @@ is true or default otherwise.
*/}}
{{- define "mongodb.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "mongodb.fullname" .) .Values.serviceAccount.name }}
{{- default (include "mongodb.fullname" .) (print .Values.serviceAccount.name) -}}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- default "default" (print .Values.serviceAccount.name) -}}
{{- end -}}
{{- end -}}

2
bitnami/mongodb/templates/arbiter/configmap.yaml
View File

@@ -2,7 +2,7 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "mongodb.fullname" . }}-arbiter
name: {{ print "%s-arbiter" (include "mongodb.fullname" .) }}
namespace: {{ include "mongodb.namespace" . }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: arbiter

11
bitnami/mongodb/templates/arbiter/headless-svc.yaml
View File

@@ -9,10 +9,10 @@ metadata:
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if or .Values.service.annotations .Values.commonAnnotations }}
{{- if or .Values.arbiter.service.annotations .Values.commonAnnotations }}
annotations:
{{- if .Values.service.annotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.service.annotations "context" $) | nindent 4 }}
{{- if .Values.arbiter.service.annotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.arbiter.service.annotations "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
@@ -23,8 +23,11 @@ spec:
clusterIP: None
ports:
- name: tcp-mongodb
port: {{ .Values.service.port }}
port: {{ .Values.arbiter.service.ports.mongodb }}
targetPort: mongodb
{{- if .Values.arbiter.service.extraPorts }}
{{- include "common.tplvalues.render" (dict "value" .Values.arbiter.service.extraPorts "context" $) | nindent 4 }}
{{- end }}
selector: {{- include "common.labels.matchLabels" . | nindent 4 }}
app.kubernetes.io/component: arbiter
{{- end }}

2
bitnami/mongodb/templates/arbiter/pdb.yaml
View File

@@ -2,7 +2,7 @@
apiVersion: {{ include "common.capabilities.policy.apiVersion" . }}
kind: PodDisruptionBudget
metadata:
name: {{ include "mongodb.fullname" . }}-arbiter
name: {{ printf "%s-arbiter" (include "mongodb.fullname" .) }}
namespace: {{ include "mongodb.namespace" . }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: arbiter

102
bitnami/mongodb/templates/arbiter/statefulset.yaml
View File

@@ -2,7 +2,7 @@
apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }}
kind: StatefulSet
metadata:
name: {{ include "mongodb.fullname" . }}-arbiter
name: {{ printf "%s-arbiter" (include "mongodb.fullname" .) }}
namespace: {{ include "mongodb.namespace" . }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: arbiter
@@ -23,6 +23,10 @@ metadata:
{{- end }}
spec:
serviceName: {{ include "mongodb.arbiter.service.nameOverride" . }}
podManagementPolicy: {{ .Values.arbiter.podManagementPolicy }}
{{- if .Values.arbiter.updateStrategy }}
updateStrategy: {{- toYaml .Values.arbiter.updateStrategy | nindent 4 }}
{{- end }}
selector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
app.kubernetes.io/component: arbiter
@@ -44,8 +48,8 @@ spec:
{{- end }}
spec:
{{- include "mongodb.imagePullSecrets" . | nindent 6 }}
{{- if .Values.schedulerName }}
schedulerName: "{{ .Values.schedulerName }}"
{{- if .Values.arbiter.schedulerName }}
schedulerName: {{ .Values.arbiter.schedulerName | quote }}
{{- end }}
serviceAccountName: {{ template "mongodb.serviceAccountName" . }}
{{- if .Values.arbiter.affinity }}
@@ -65,6 +69,9 @@ spec:
{{- if .Values.arbiter.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.tolerations "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.arbiter.topologySpreadConstraints }}
topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.topologySpreadConstraints "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.arbiter.priorityClassName }}
priorityClassName: {{ .Values.arbiter.priorityClassName }}
{{- end }}
@@ -74,6 +81,9 @@ spec:
{{- if .Values.arbiter.podSecurityContext.enabled }}
securityContext: {{- omit .Values.arbiter.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
{{ if .Values.arbiter.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.arbiter.terminationGracePeriodSeconds }}
{{- end }}
initContainers:
{{- if .Values.arbiter.initContainers }}
{{- include "common.tplvalues.render" (dict "value" .Values.arbiter.initContainers "context" $) | nindent 8 }}
@@ -87,51 +97,21 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: MY_POD_HOST_IP
valueFrom:
fieldRef:
fieldPath: status.hostIP
volumeMounts:
- name: certs-volume
mountPath: /certs/CAs
- name: certs
mountPath: /certs
- name: common-scripts
mountPath: /bitnami/scripts
command:
- sh
- "-c"
- |
/bin/bash <<'EOF'
my_hostname=$(hostname)
svc=$(echo -n "$my_hostname" | sed s/-[0-9]*$//)-headless
cp /certs/CAs/* /certs/
cat >/certs/openssl.cnf <<EOL
[req]
req_extensions = v3_req
distinguished_name = req_distinguished_name
[req_distinguished_name]
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = $svc
DNS.2 = $my_hostname
DNS.3 = $my_hostname.$svc.$MY_POD_NAMESPACE.svc.cluster.local
DNS.4 = localhost
DNS.5 = 127.0.0.1
EOL
export RANDFILE=/certs/.rnd && openssl genrsa -out /certs/mongo.key 2048
#Create the client/server cert
openssl req -new -key /certs/mongo.key -out /certs/mongo.csr -subj "/C=US/O=My Organisations/OU=IT/CN=$my_hostname" -config /certs/openssl.cnf
#Signing the server cert with the CA cert and key
openssl x509 -req -in /certs/mongo.csr -CA /certs/mongodb-ca-cert -CAkey /certs/mongodb-ca-key -CAcreateserial -out /certs/mongo.crt -days 3650 -extensions v3_req -extfile /certs/openssl.cnf
rm /certs/mongo.csr
#Concatenate to a pem file for use as the client PEM file which can be used for both member and client authentication.
cat /certs/mongo.crt /certs/mongo.key > /certs/mongodb.pem
cd /certs/
shopt -s extglob
rm -rf !(mongodb-ca-cert|mongodb.pem|CAs|openssl.cnf)
chmod 0600 mongodb-ca-cert mongodb.pem
EOF
- /bitnami/scripts/generate-certs.sh
args:
- -s {{ include "mongodb.arbiter.service.nameOverride" . }}
{{- end }}
containers:
- name: mongodb-arbiter
@@ -150,6 +130,9 @@ spec:
{{- else if .Values.arbiter.args }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.args "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.arbiter.lifecycleHooks }}
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.lifecycleHooks "context" $) | nindent 12 }}
{{- end }}
env:
- name: BITNAMI_DEBUG
value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }}
@@ -166,11 +149,13 @@ spec:
- name: MONGODB_REPLICA_SET_MODE
value: "arbiter"
- name: MONGODB_INITIAL_PRIMARY_HOST
value: "{{ include "mongodb.fullname" . }}-0.{{ include "mongodb.service.nameOverride" . }}.$(MY_POD_NAMESPACE).svc.{{ .Values.clusterDomain }}"
value: {{ printf "%s-0.%s.$(MY_POD_NAMESPACE).svc.%s" (include "mongodb.fullname" .) (include "mongodb.service.nameOverride" .) .Values.clusterDomain }}
- name: MONGODB_REPLICA_SET_NAME
value: {{ .Values.replicaSetName | quote }}
- name: MONGODB_ADVERTISED_HOSTNAME
value: "$(MY_POD_NAME).$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.{{ .Values.clusterDomain }}"
- name: MONGODB_PORT_NUMBER
value: {{ .Values.arbiter.containerPorts.mongodb | quote }}
{{- if .Values.auth.enabled }}
- name: MONGODB_INITIAL_PRIMARY_ROOT_USER
value: {{ .Values.auth.rootUser | quote }}
@@ -214,33 +199,30 @@ spec:
{{- end }}
{{- end }}
ports:
- containerPort: 27017
- containerPort: {{ .Values.arbiter.containerPorts.mongodb }}
name: mongodb
{{- if not .Values.diagnosticMode.enabled }}
{{- if .Values.arbiter.livenessProbe.enabled }}
livenessProbe:
livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.arbiter.livenessProbe "enabled") "context" $) | nindent 12 }}
tcpSocket:
port: mongodb
initialDelaySeconds: {{ .Values.arbiter.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.arbiter.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.arbiter.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.arbiter.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.arbiter.livenessProbe.failureThreshold }}
{{- else if .Values.arbiter.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.customLivenessProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.arbiter.readinessProbe.enabled }}
readinessProbe:
readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.arbiter.readinessProbe "enabled") "context" $) | nindent 12 }}
tcpSocket:
port: mongodb
initialDelaySeconds: {{ .Values.arbiter.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.arbiter.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.arbiter.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.arbiter.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.arbiter.readinessProbe.failureThreshold }}
{{- else if .Values.arbiter.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.customReadinessProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.arbiter.startupProbe.enabled }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.arbiter.startupProbe "enabled") "context" $) | nindent 12 }}
tcpSocket:
port: mongodb
{{- else if .Values.arbiter.customStartupProbe }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.customStartupProbe "context" $) | nindent 12 }}
{{- end }}
{{- end }}
{{- if .Values.arbiter.resources }}
resources: {{- toYaml .Values.arbiter.resources | nindent 12 }}
@@ -257,7 +239,7 @@ spec:
mountPath: /certs
{{- end }}
{{- if .Values.arbiter.extraVolumeMounts }}
{{- toYaml .Values.arbiter.extraVolumeMounts | nindent 12 }}
{{- include "common.tplvalues.render" (dict "value" .Values.arbiter.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
{{- end }}
{{- if .Values.arbiter.sidecars }}
@@ -265,6 +247,10 @@ spec:
{{- end }}
{{- if or .Values.arbiter.configuration .Values.arbiter.existingConfigmap .Values.arbiter.extraVolumes .Values.tls.enabled }}
volumes:
- name: common-scripts
configMap:
name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }}
defaultMode: 0555
{{- if or .Values.arbiter.configuration .Values.arbiter.existingConfigmap }}
- name: config
configMap:
@@ -285,7 +271,7 @@ spec:
mode: 0600
{{- end }}
{{- if .Values.arbiter.extraVolumes }}
{{- toYaml .Values.arbiter.extraVolumes | nindent 8 }}
{{- include "common.tplvalues.render" (dict "value" .Values.arbiter.extraVolumes "context" $) | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}

104
bitnami/mongodb/templates/common-scripts-cm.yaml Normal file
View File

@@ -0,0 +1,104 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }}
namespace: {{ include "mongodb.namespace" . }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: mongodb
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
data:
startup-probe.sh: |
#!/bin/bash
{{- if .Values.tls.enabled }}
TLS_OPTIONS='--tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert'
{{- end }}
mongosh $TLS_OPTIONS --port $MONGODB_PORT_NUMBER --eval 'db.hello().isWritablePrimary || db.hello().secondary' | grep -q 'true'
readiness-probe.sh: |
#!/bin/bash
{{- if .Values.tls.enabled }}
TLS_OPTIONS='--tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert'
{{- end }}
# Run the proper check depending on the version
[[ $(mongod -version | grep "db version") =~ ([0-9]+\.[0-9]+\.[0-9]+) ]] && VERSION=${BASH_REMATCH[1]}
. /opt/bitnami/scripts/libversion.sh
VERSION_MAJOR="$(get_sematic_version "$VERSION" 1)"
VERSION_MINOR="$(get_sematic_version "$VERSION" 2)"
VERSION_PATCH="$(get_sematic_version "$VERSION" 3)"
if [[ "$VERSION_MAJOR" -ge 5 ]] || [[ "$VERSION_MAJOR" -ge 4 ]] && [[ "$VERSION_MINOR" -ge 4 ]] && [[ "$VERSION_PATCH" -ge 2 ]]; then
mongosh $TLS_OPTIONS --port $MONGODB_PORT_NUMBER --eval 'db.hello().isWritablePrimary || db.hello().secondary' | grep -q 'true'
else
mongosh $TLS_OPTIONS --port $MONGODB_PORT_NUMBER --eval 'db.isMaster().ismaster || db.isMaster().secondary' | grep -q 'true'
fi
ping-mongodb.sh: |
#!/bin/bash
{{- if .Values.tls.enabled }}
TLS_OPTIONS='--tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert'
{{- end }}
mongosh $TLS_OPTIONS --port $MONGODB_PORT_NUMBER --eval "db.adminCommand('ping')"
{{- if and .Values.tls.enabled .Values.tls.autoGenerated }}
generate-certs.sh: |
#!/bin/bash
additional_ips=()
additional_names=()
while getopts "i:n:s:" flag
do
case "${flag}" in
i) read -a additional_ips <<< ${OPTARG//,/ } ;;
n) read -a additional_names <<< ${OPTARG//,/ } ;;
s) svc=${OPTARG// /} ;;
\?) exit 1 ;;
esac
done
my_hostname=$(hostname)
cp /certs/CAs/* /certs/
cat >/certs/openssl.cnf <<EOL
[req]
req_extensions = v3_req
distinguished_name = req_distinguished_name
[req_distinguished_name]
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = $svc
DNS.2 = $my_hostname
DNS.3 = $my_hostname.$svc.$MY_POD_NAMESPACE.svc.cluster.local
DNS.4 = localhost
DNS.5 = 127.0.0.1
IP.0 = ${MY_POD_HOST_IP}
EOL
index=1
for ip in "${additional_ips[@]}"; do
cat >>/certs/openssl.cnf <<EOL
IP.$index = $ip
EOL
((index++))
done;
index=6
for name in "${additional_names[@]}"; do
cat >>/certs/openssl.cnf <<EOL
DNS.$index = $name
EOL
((index++))
done;
export RANDFILE=/certs/.rnd && openssl genrsa -out /certs/mongo.key 2048
#Create the client/server cert
openssl req -new -key /certs/mongo.key -out /certs/mongo.csr -subj "/C=US/O=My Organisations/OU=IT/CN=$my_hostname" -config /certs/openssl.cnf
#Signing the server cert with the CA cert and key
openssl x509 -req -in /certs/mongo.csr -CA /certs/mongodb-ca-cert -CAkey /certs/mongodb-ca-key -CAcreateserial -out /certs/mongo.crt -days 3650 -extensions v3_req -extfile /certs/openssl.cnf
rm /certs/mongo.csr
#Concatenate to a pem file for use as the client PEM file which can be used for both member and client authentication.
cat /certs/mongo.crt /certs/mongo.key > /certs/mongodb.pem
cd /certs/
shopt -s extglob
rm -rf !(mongodb-ca-cert|mongodb.pem|CAs|openssl.cnf)
chmod 0600 mongodb-ca-cert mongodb.pem
{{- end }}

2
bitnami/mongodb/templates/hidden/configmap.yaml
View File

@@ -2,7 +2,7 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "mongodb.fullname" . }}-hidden
name: {{ printf "%s-hidden" (include "mongodb.fullname" .) }}
namespace: {{ include "mongodb.namespace" . }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: hidden

31
bitnami/mongodb/templates/hidden/external-access-svc.yaml
View File

@@ -10,7 +10,7 @@
apiVersion: v1
kind: Service
metadata:
name: {{ $fullName }}-hidden-{{ $i }}-external
name: {{ printf "%s-hidden-%d-external" $fullName $i }}
namespace: {{ include "mongodb.namespace" $ }}
labels: {{- include "common.labels.standard" $ | nindent 4 }}
app.kubernetes.io/component: hidden
@@ -18,8 +18,14 @@ metadata:
{{- include "common.tplvalues.render" ( dict "value" $root.Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
pod: {{ $targetPod }}
{{- if $root.Values.externalAccess.hidden.service.annotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $root.Values.externalAccess.hidden.service.annotations "context" $) | nindent 4 }}
{{- if or $root.Values.externalAccess.hidden.service.annotations $root.Values.commonAnnotations }}
annotations:
{{- if $root.Values.externalAccess.hidden.service.annotations }}
{{- include "common.tplvalues.render" ( dict "value" $root.Values.externalAccess.hidden.service.annotations "context" $) | nindent 4 }}
{{- end }}
{{- if $root.Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" $root.Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
spec:
type: {{ $root.Values.externalAccess.hidden.service.type }}
@@ -31,16 +37,29 @@ spec:
loadBalancerSourceRanges: {{- toYaml $root.Values.externalAccess.hidden.service.loadBalancerSourceRanges | nindent 4 }}
{{- end }}
{{- end }}
{{- if (or (eq $root.Values.externalAccess.hidden.service.type "LoadBalancer") (eq $root.Values.externalAccess.hidden.service.type "NodePort")) }}
externalTrafficPolicy: {{ $root.Values.externalAccess.hidden.service.externalTrafficPolicy | quote }}
{{- end }}
{{- if $root.Values.externalAccess.hidden.service.sessionAffinity }}
sessionAffinity: {{ $root.Values.externalAccess.hidden.service.sessionAffinity }}
{{- end }}
{{- if $root.Values.externalAccess.hidden.service.sessionAffinityConfig }}
sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" $root.Values.externalAccess.hidden.service.sessionAffinityConfig "context" $) | nindent 4 }}
{{- end }}
publishNotReadyAddresses: true
ports:
- name: {{ $root.Values.service.portName }}
port: {{ $root.Values.externalAccess.hidden.service.port }}
- name: {{ $root.Values.externalAccess.hidden.service.portName | quote }}
port: {{ $root.Values.externalAccess.hidden.service.ports.mongodb }}
{{- if not (empty $root.Values.externalAccess.hidden.service.nodePorts) }}
nodePort: {{ index $root.Values.externalAccess.hidden.service.nodePorts $i }}
{{- $nodePort := index $root.Values.externalAccess.hidden.service.nodePorts $i -}}
nodePort: {{ ternary (get $nodePort "mongodb") $nodePort (typeIs "dict" $nodePort)}}
{{- else }}
nodePort: null
{{- end }}
targetPort: mongodb
{{- if $root.Values.externalAccess.hidden.service.extraPorts }}
{{- include "common.tplvalues.render" (dict "value" $root.Values.externalAccess.hidden.service.extraPorts "context" $) | nindent 4 }}
{{- end }}
selector: {{- include "common.labels.matchLabels" $ | nindent 4 }}
app.kubernetes.io/component: hidden
statefulset.kubernetes.io/pod-name: {{ $targetPod }}

19
bitnami/mongodb/templates/hidden/headless-svc.yaml
View File

@@ -2,24 +2,33 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "mongodb.fullname" . }}-hidden-headless
name: {{ printf "%s-hidden-headless" (include "mongodb.fullname" .) }}
namespace: {{ include "mongodb.namespace" . }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: hidden
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.service.annotations }}
annotations: {{- include "common.tplvalues.render" (dict "value" .Values.service.annotations "context" $) | nindent 4 }}
{{- if or .Values.hidden.service.annotations .Values.commonAnnotations }}
annotations:
{{- if .Values.hidden.service.annotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.hidden.service.annotations "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
spec:
type: ClusterIP
clusterIP: None
publishNotReadyAddresses: true
ports:
- name: {{ .Values.service.portName }}
port: {{ .Values.service.port }}
- name: {{ .Values.hidden.service.portName | quote }}
port: {{ .Values.hidden.service.ports.mongodb }}
targetPort: mongodb
{{- if .Values.hidden.service.extraPorts }}
{{- include "common.tplvalues.render" (dict "value" .Values.hidden.service.extraPorts "context" $) | nindent 4 }}
{{- end }}
selector: {{- include "common.labels.matchLabels" . | nindent 4 }}
app.kubernetes.io/component: hidden
{{- end }}

2
bitnami/mongodb/templates/hidden/pdb.yaml
View File

@@ -2,7 +2,7 @@
apiVersion: {{ include "common.capabilities.policy.apiVersion" . }}
kind: PodDisruptionBudget
metadata:
name: {{ include "mongodb.fullname" . }}-hidden
name: {{ printf "%s-hidden" (include "mongodb.fullname" . )}}
namespace: {{ include "mongodb.namespace" . }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: hidden

231
bitnami/mongodb/templates/hidden/statefulset.yaml
View File

@@ -5,7 +5,7 @@
apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }}
kind: StatefulSet
metadata:
name: {{ include "mongodb.fullname" . }}-hidden
name: {{ printf "%s-hidden" (include "mongodb.fullname" .) }}
namespace: {{ include "mongodb.namespace" . }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: hidden
@@ -19,14 +19,12 @@ metadata:
annotations: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.annotations "context" $) | nindent 4 }}
{{- end }}
spec:
serviceName: {{ include "mongodb.fullname" . }}-hidden-headless
serviceName: {{ printf "%s-hidden-headless" (include "mongodb.fullname" .) }}
podManagementPolicy: {{ .Values.hidden.podManagementPolicy }}
replicas: {{ .Values.hidden.replicaCount }}
updateStrategy:
type: {{ .Values.hidden.strategyType }}
{{- if (eq "OnDelete" .Values.hidden.strategyType) }}
rollingUpdate: null
{{- end }}
{{- if .Values.hidden.updateStrategy }}
updateStrategy: {{- toYaml .Values.hidden.updateStrategy | nindent 4 }}
{{- end }}
selector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
app.kubernetes.io/component: hidden
@@ -48,17 +46,20 @@ spec:
{{- end }}
spec:
{{- include "mongodb.imagePullSecrets" . | nindent 6 }}
{{- if .Values.schedulerName }}
schedulerName: "{{ .Values.schedulerName }}"
{{- if .Values.hidden.schedulerName }}
schedulerName: {{ .Values.hidden.schedulerName | quote }}
{{- end }}
serviceAccountName: {{ template "mongodb.serviceAccountName" . }}
{{- if .Values.hidden.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.hostAliases "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.hidden.affinity }}
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.hidden.podAffinityPreset "component" "" "context" $) | nindent 10 }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.hidden.podAntiAffinityPreset "component" "" "context" $) | nindent 10 }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.hidden.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.hidden.nodeAffinityPreset.type "key" .Values.hidden.nodeAffinityPreset.key "values" .Values.hidden.nodeAffinityPreset.values) | nindent 10 }}
{{- end }}
{{- if .Values.hidden.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.nodeSelector "context" $) | nindent 8 }}
@@ -66,14 +67,20 @@ spec:
{{- if .Values.hidden.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.tolerations "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.hidden.topologySpreadConstraints }}
topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.topologySpreadConstraints "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.hidden.priorityClassName }}
priorityClassName: {{ .Values.hidden.priorityClassName }}
{{- end }}
{{- if .Values.hidden.runtimeClassName }}
runtimeClassName: {{ .Values.hidden.runtimeClassName }}
{{- end }}
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- if .Values.hidden.podSecurityContext.enabled }}
securityContext: {{- omit .Values.hidden.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
{{ if .Values.hidden.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.hidden.terminationGracePeriodSeconds }}
{{- end }}
{{- if or .Values.hidden.initContainers (and .Values.volumePermissions.enabled .Values.hidden.persistence.enabled) (and .Values.externalAccess.hidden.enabled .Values.externalAccess.autoDiscovery.enabled) .Values.tls.enabled }}
initContainers:
@@ -86,13 +93,12 @@ spec:
imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
command:
- /bin/bash
- -ec
args:
- -ec
- |
mkdir -p {{ .Values.hidden.persistence.mountPath }}{{- if .Values.hidden.persistence.subPath }}/{{ .Values.hidden.persistence.subPath }}{{- end }}
{{- if and .Values.podSecurityContext.enabled .Values.containerSecurityContext.enabled }}
chown -R "{{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }}" "{{ .Values.hidden.persistence.mountPath }}{{- if .Values.hidden.persistence.subPath }}/{{ .Values.hidden.persistence.subPath }}{{- end }}"
{{- end }}
mkdir -p {{ printf "%s/%s" .Values.hidden.persistence.mountPath (default "" .Values.hidden.persistence.subPath) }}
chown {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} {{ printf "%s/%s" .Values.hidden.persistence.mountPath (default "" .Values.hidden.persistence.subPath) }}
find {{ printf "%s/%s" .Values.hidden.persistence.mountPath (default "" .Values.hidden.persistence.subPath) }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }}
{{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }}
securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }}
{{- else }}
@@ -123,51 +129,18 @@ spec:
mountPath: /certs/CAs
- name: certs
mountPath: /certs
- name: common-scripts
mountPath: /bitnami/scripts
command:
- sh
- "-c"
- |
/bin/bash <<'EOF'
my_hostname=$(hostname)
svc=$(echo -n "$my_hostname" | sed s/-[0-9]*$//)-headless
cp /certs/CAs/* /certs/
cat >/certs/openssl.cnf <<EOL
[req]
req_extensions = v3_req
distinguished_name = req_distinguished_name
[req_distinguished_name]
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = $svc
DNS.2 = $my_hostname
DNS.3 = $my_hostname.$svc.$MY_POD_NAMESPACE.svc.cluster.local
DNS.4 = localhost
DNS.5 = 127.0.0.1
{{- if .Values.externalAccess.hidden.service.loadBalancerIPs }}
{{- range $key, $val := .Values.externalAccess.hidden.service.loadBalancerIPs }}
IP.{{ $key }} = {{ $val | quote }}
{{- end }}
{{- else }}
IP.0 = {{ "$MY_POD_HOST_IP" | quote }}
{{- end }}
EOL
export RANDFILE=/certs/.rnd && openssl genrsa -out /certs/mongo.key 2048
#Create the client/server certificate
openssl req -new -key /certs/mongo.key -out /certs/mongo.csr -subj "/C=US/O=My Organisations/OU=IT/CN=$my_hostname" -config /certs/openssl.cnf
#Signing the server certificate with the CA cert and key
openssl x509 -req -in /certs/mongo.csr -CA /certs/mongodb-ca-cert -CAkey /certs/mongodb-ca-key -CAcreateserial -out /certs/mongo.crt -days 3650 -extensions v3_req -extfile /certs/openssl.cnf
rm /certs/mongo.csr
#Concatenate to a pem file for use as the client PEM file which can be used for both member and client authentication.
cat /certs/mongo.crt /certs/mongo.key > /certs/mongodb.pem
cd /certs/
shopt -s extglob
rm -rf !(mongodb-ca-cert|mongodb.pem|CAs|openssl.cnf)
chmod 0600 mongodb-ca-cert mongodb.pem
EOF
- /bitnami/scripts/generate-certs.sh
args:
- -s {{ printf "%s-hidden-headless" (include "mongodb.fullname" .) }}
{{- if .Values.externalAccess.hidden.service.loadBalancerIPs }}
- -i {{ join "," .Values.externalAccess.hidden.service.loadBalancerIPs }}
{{- end }}
{{- if .Values.tls.extraDnsNames }}
- -n {{ join "," .Values.tls.extraDnsNames }}
{{- end }}
{{- end }}
{{- if and .Values.externalAccess.hidden.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.hidden.service.type "LoadBalancer") }}
- name: auto-discovery
@@ -197,8 +170,8 @@ spec:
- name: mongodb
image: {{ include "mongodb.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- if .Values.hidden.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.hidden.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
@@ -213,6 +186,9 @@ spec:
{{- else if .Values.hidden.args }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.args "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.hidden.lifecycleHooks }}
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.lifecycleHooks "context" $) | nindent 12 }}
{{- end }}
env:
- name: BITNAMI_DEBUG
value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }}
@@ -239,7 +215,7 @@ spec:
- name: MONGODB_REPLICA_SET_MODE
value: "hidden"
- name: MONGODB_INITIAL_PRIMARY_HOST
value: "{{ include "mongodb.fullname" . }}-0.$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.{{ .Values.clusterDomain }}"
value: {{ printf "%s-0.$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.%s" (include "mongodb.fullname" .) .Values.clusterDomain }}
- name: MONGODB_REPLICA_SET_NAME
value: {{ .Values.replicaSetName | quote }}
{{- if and .Values.replicaSetHostnames (not .Values.externalAccess.hidden.enabled) }}
@@ -298,6 +274,8 @@ spec:
value: {{ ternary "yes" "no" .Values.disableJavascript | quote }}
- name: MONGODB_ENABLE_JOURNAL
value: {{ ternary "yes" "no" .Values.enableJournal | quote }}
- name: MONGODB_PORT_NUMBER
value: {{ .Values.hidden.containerPorts.mongodb | quote }}
- name: MONGODB_ENABLE_IPV6
value: {{ ternary "yes" "no" .Values.enableIPv6 | quote }}
- name: MONGODB_ENABLE_DIRECTORY_PER_DB
@@ -329,49 +307,33 @@ spec:
{{- end }}
{{- end }}
ports:
- containerPort: 27017
- containerPort: {{ .Values.hidden.containerPorts.mongodb }}
name: mongodb
{{- if not .Values.diagnosticMode.enabled }}
{{- if .Values.hidden.livenessProbe.enabled }}
livenessProbe:
livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.hidden.livenessProbe "enabled") "context" $) | nindent 12 }}
exec:
command:
- mongosh
{{- if .Values.tls.enabled }}
- --tls
- --tlsCertificateKeyFile=/certs/mongodb.pem
- --tlsCAFile=/certs/mongodb-ca-cert
{{- end }}
- --eval
- "db.adminCommand('ping')"
initialDelaySeconds: {{ .Values.hidden.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.hidden.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.hidden.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.hidden.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.hidden.livenessProbe.failureThreshold }}
- /bitnami/scripts/ping-mongodb.sh
{{- else if .Values.hidden.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.customLivenessProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.hidden.readinessProbe.enabled }}
readinessProbe:
readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.hidden.readinessProbe "enabled") "context" $) | nindent 12 }}
exec:
command:
- mongosh
{{- if .Values.tls.enabled }}
- --tls
- --tlsCertificateKeyFile=/certs/mongodb.pem
- --tlsCAFile=/certs/mongodb-ca-cert
{{- end }}
- --eval
- "db.adminCommand('ping')"
initialDelaySeconds: {{ .Values.hidden.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.hidden.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.hidden.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.hidden.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.hidden.readinessProbe.failureThreshold }}
- /bitnami/scripts/ping-mongodb.sh
{{- else if .Values.hidden.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.customReadinessProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.hidden.startupProbe.enabled }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.hidden.startupProbe "enabled") "context" $) | nindent 12 }}
exec:
command:
- /bitnami/scripts/startup-probe.sh
{{- else if .Values.hidden.customStartupProbe }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.customStartupProbe "context" $) | nindent 12 }}
{{- end }}
{{- end }}
{{- if .Values.hidden.resources }}
resources: {{- toYaml .Values.hidden.resources | nindent 12 }}
@@ -380,6 +342,8 @@ spec:
- name: datadir
mountPath: {{ .Values.hidden.persistence.mountPath }}
subPath: {{ .Values.hidden.persistence.subPath }}
- name: common-scripts
mountPath: /bitnami/scripts
{{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }}
- name: custom-init-scripts
mountPath: /docker-entrypoint-initdb.d
@@ -401,7 +365,7 @@ spec:
mountPath: /certs
{{- end }}
{{- if .Values.hidden.extraVolumeMounts }}
{{- toYaml .Values.hidden.extraVolumeMounts | nindent 12 }}
{{- include "common.tplvalues.render" (dict "value" .Values.hidden.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.metrics.enabled }}
- name: metrics
@@ -425,55 +389,56 @@ spec:
/bin/mongodb_exporter --mongodb.uri "{{ include "mongodb.mongodb_exporter.uri" . }}" {{ .Values.metrics.extraFlags }}
{{- end }}
env:
{{- if .Values.auth.enabled }}
{{- if not .Values.metrics.username }}
- name: MONGODB_ROOT_USER
value: {{ .Values.auth.rootUser | quote }}
- name: MONGODB_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "mongodb.secretName" . }}
key: mongodb-root-password
{{- else }}
- name: MONGODB_METRICS_USERNAME
value: {{ .Values.metrics.username | quote }}
- name: MONGODB_METRICS_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "mongodb.secretName" . }}
key: mongodb-metrics-password
{{- end }}
{{- end }}
{{- if .Values.auth.enabled }}
{{- if not .Values.metrics.username }}
- name: MONGODB_ROOT_USER
value: {{ .Values.auth.rootUser | quote }}
- name: MONGODB_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "mongodb.secretName" . }}
key: mongodb-root-password
{{- else }}
- name: MONGODB_METRICS_USERNAME
value: {{ .Values.metrics.username | quote }}
- name: MONGODB_METRICS_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "mongodb.secretName" . }}
key: mongodb-metrics-password
{{- end }}
{{- end }}
volumeMounts:
{{- if .Values.tls.enabled }}
- name: certs
mountPath: /certs
{{- end }}
{{- if .Values.tls.enabled }}
- name: certs
mountPath: /certs
{{- end }}
ports:
- name: metrics
containerPort: 9216
{{- if not .Values.diagnosticMode.enabled }}
{{- if .Values.metrics.livenessProbe.enabled }}
livenessProbe:
livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.livenessProbe "enabled") "context" $) | nindent 12 }}
httpGet:
path: /
port: metrics
initialDelaySeconds: {{ .Values.metrics.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.metrics.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.metrics.livenessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.metrics.livenessProbe.failureThreshold }}
successThreshold: {{ .Values.metrics.livenessProbe.successThreshold }}
{{- else if .Values.metrics.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customLivenessProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.metrics.readinessProbe.enabled }}
readinessProbe:
readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.readinessProbe "enabled") "context" $) | nindent 12 }}
httpGet:
path: /
port: metrics
initialDelaySeconds: {{ .Values.metrics.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.metrics.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.metrics.readinessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.metrics.readinessProbe.failureThreshold }}
successThreshold: {{ .Values.metrics.readinessProbe.successThreshold }}
{{- else if .Values.metrics.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customReadinessProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.metrics.startupProbe.enabled }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.startupProbe "enabled") "context" $) | nindent 12 }}
tcpSocket:
port: metrics
{{- else if .Values.metrics.customStartupProbe }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }}
{{- end }}
{{- end }}
{{- if .Values.metrics.resources }}
@@ -484,6 +449,10 @@ spec:
{{- include "common.tplvalues.render" (dict "value" .Values.hidden.sidecars "context" $) | nindent 8 }}
{{- end }}
volumes:
- name: common-scripts
configMap:
name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }}
defaultMode: 0555
{{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }}
- name: custom-init-scripts
configMap:
@@ -500,10 +469,10 @@ spec:
{{- end }}
- name: scripts
configMap:
name: {{ include "mongodb.fullname" . }}-scripts
name: {{ printf "%s-scripts" (include "mongodb.fullname" .) }}
defaultMode: 0755
{{- if .Values.hidden.extraVolumes }}
{{- toYaml .Values.hidden.extraVolumes | nindent 8 }}
{{- include "common.tplvalues.render" (dict "value" .Values.hidden.extraVolumes "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.tls.enabled }}
- name: certs

2
bitnami/mongodb/templates/initialization-configmap.yaml
View File

@@ -2,7 +2,7 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "mongodb.fullname" . }}-init-scripts
name: {{ printf "%s-init-scripts" (include "mongodb.fullname" .) }}
namespace: {{ include "mongodb.namespace" . }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: mongodb

17
bitnami/mongodb/templates/metrics-svc.yaml
View File

@@ -2,23 +2,32 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "mongodb.fullname" . }}-metrics
name: {{ printf "%s-metrics" (include "mongodb.fullname" .) }}
namespace: {{ include "mongodb.namespace" . }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: metrics
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.metrics.service.annotations }}
annotations: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.service.annotations "context" $) | nindent 4 }}
{{- if or .Values.metrics.service.annotations .Values.commonAnnotations }}
annotations:
{{- if .Values.metrics.service.annotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.service.annotations "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
spec:
type: {{ .Values.metrics.service.type }}
ports:
- port: {{ .Values.metrics.service.port }}
- port: {{ .Values.metrics.service.ports.metrics }}
targetPort: metrics
protocol: TCP
name: http-metrics
{{- if .Values.metrics.service.extraPorts }}
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.service.extraPorts "context" $) | nindent 4 }}
{{- end }}
selector: {{- include "common.labels.matchLabels" $ | nindent 4 }}
app.kubernetes.io/component: mongodb
{{- end }}

33
bitnami/mongodb/templates/replicaset/external-access-svc.yaml
View File

@@ -10,7 +10,7 @@
apiVersion: v1
kind: Service
metadata:
name: {{ $fullName }}-{{ $i }}-external
name: {{ printf "%s-%d-external" $fullName $i }}
namespace: {{ include "mongodb.namespace" $ }}
labels: {{- include "common.labels.standard" $ | nindent 4 }}
app.kubernetes.io/component: mongodb
@@ -18,8 +18,14 @@ metadata:
{{- include "common.tplvalues.render" ( dict "value" $root.Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
pod: {{ $targetPod }}
{{- if $root.Values.externalAccess.service.annotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $root.Values.externalAccess.service.annotations "context" $) | nindent 4 }}
{{- if or $root.Values.externalAccess.service.annotations $root.Values.commonAnnotations }}
annotations:
{{- if $root.Values.externalAccess.service.annotations }}
{{- include "common.tplvalues.render" ( dict "value" $root.Values.externalAccess.service.annotations "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
spec:
type: {{ $root.Values.externalAccess.service.type }}
@@ -31,14 +37,29 @@ spec:
loadBalancerSourceRanges: {{- toYaml $root.Values.externalAccess.service.loadBalancerSourceRanges | nindent 4 }}
{{- end }}
{{- end }}
{{- if (or (eq $root.Values.externalAccess.service.type "LoadBalancer") (eq $root.Values.externalAccess.service.type "NodePort")) }}
externalTrafficPolicy: {{ $root.Values.externalAccess.service.externalTrafficPolicy | quote }}
{{- end }}
{{- if $root.Values.externalAccess.service.sessionAffinity }}
sessionAffinity: {{ $root.Values.externalAccess.service.sessionAffinity }}
{{- end }}
{{- if $root.Values.externalAccess.service.sessionAffinityConfig }}
sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" $root.Values.externalAccess.service.sessionAffinityConfig "context" $) | nindent 4 }}
{{- end }}
publishNotReadyAddresses: true
ports:
- name: {{ $root.Values.service.portName }}
port: {{ $root.Values.externalAccess.service.port }}
- name: {{ $root.Values.externalAccess.service.portName | quote }}
port: {{ $root.Values.externalAccess.service.ports.mongodb }}
{{- if not (empty $root.Values.externalAccess.service.nodePorts) }}
nodePort: {{ index $root.Values.externalAccess.service.nodePorts $i }}
{{- $nodePort := index $root.Values.externalAccess.service.nodePorts $i -}}
nodePort: {{ ternary (get $nodePort "mongodb") $nodePort (typeIs "dict" $nodePort)}}
{{- else }}
nodePort: null
{{- end }}
targetPort: mongodb
{{- if $root.Values.externalAccess.service.extraPorts }}
{{- include "common.tplvalues.render" (dict "value" $root.Values.externalAccess.service.extraPorts "context" $) | nindent 4 }}
{{- end }}
selector: {{- include "common.labels.matchLabels" $ | nindent 4 }}
app.kubernetes.io/component: mongodb
statefulset.kubernetes.io/pod-name: {{ $targetPod }}

9
bitnami/mongodb/templates/replicaset/headless-svc.yaml
View File

@@ -12,7 +12,7 @@ metadata:
{{- if or .Values.service.annotations .Values.commonAnnotations }}
annotations:
{{- if .Values.service.annotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.service.annotations "context" $) | nindent 4 }}
{{- include "common.tplvalues.render" (dict "value" .Values.service.annotations "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
@@ -23,9 +23,12 @@ spec:
clusterIP: None
publishNotReadyAddresses: true
ports:
- name: {{ .Values.service.portName }}
port: {{ .Values.service.port }}
- name: {{ .Values.service.portName | quote }}
port: {{ .Values.service.ports.mongodb }}
targetPort: mongodb
{{- if .Values.service.extraPorts }}
{{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }}
{{- end }}
selector: {{- include "common.labels.matchLabels" . | nindent 4 }}
app.kubernetes.io/component: mongodb
{{- end }}

4
bitnami/mongodb/templates/replicaset/scripts-configmap.yaml
View File

@@ -2,7 +2,7 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "mongodb.fullname" . }}-scripts
name: {{ printf "%s-scripts" (include "mongodb.fullname" .) }}
namespace: {{ include "mongodb.namespace" . }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: mongodb
@@ -105,7 +105,7 @@ data:
if is_dir_empty "${MONGODB_DATA_DIR}/db"; then
info "Data dir empty, checking if the replica set already exists"
{{- $replicaCount := int .Values.replicaCount }}
{{- $portNumber := int .Values.service.port }}
{{- $portNumber := int .Values.service.ports.mongodb }}
{{- $fullname := include "mongodb.fullname" . }}
{{- $releaseNamespace := include "mongodb.namespace" . }}
{{- $clusterDomain := .Values.clusterDomain }}

246
bitnami/mongodb/templates/replicaset/statefulset.yaml
View File

@@ -28,11 +28,9 @@ spec:
serviceName: {{ include "mongodb.service.nameOverride" . }}
podManagementPolicy: {{ .Values.podManagementPolicy }}
replicas: {{ .Values.replicaCount }}
updateStrategy:
type: {{ .Values.strategyType }}
{{- if (eq "OnDelete" .Values.strategyType) }}
rollingUpdate: null
{{- end }}
{{- if .Values.updateStrategy }}
updateStrategy: {{- toYaml .Values.updateStrategy | nindent 4 }}
{{- end }}
selector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
app.kubernetes.io/component: mongodb
@@ -55,7 +53,7 @@ spec:
spec:
{{- include "mongodb.imagePullSecrets" . | nindent 6 }}
{{- if .Values.schedulerName }}
schedulerName: "{{ .Values.schedulerName }}"
schedulerName: {{ .Values.schedulerName | quote }}
{{- end }}
serviceAccountName: {{ template "mongodb.serviceAccountName" . }}
{{- if .Values.hostAliases }}
@@ -87,6 +85,9 @@ spec:
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
{{ if .Values.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
{{- end }}
{{- if or .Values.initContainers (and .Values.volumePermissions.enabled .Values.persistence.enabled) (and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled) .Values.tls.enabled }}
initContainers:
{{- if .Values.initContainers }}
@@ -98,13 +99,12 @@ spec:
imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
command:
- /bin/bash
- -ec
args:
- -ec
- |
mkdir -p {{ .Values.persistence.mountPath }}{{- if .Values.persistence.subPath }}/{{ .Values.persistence.subPath }}{{- end }}
{{- if and .Values.podSecurityContext.enabled .Values.containerSecurityContext.enabled }}
chown -R "{{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }}" "{{ .Values.persistence.mountPath }}{{- if .Values.persistence.subPath }}/{{ .Values.persistence.subPath }}{{- end }}"
{{- end }}
mkdir -p {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }}
chown {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }}
find {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }}
{{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }}
securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }}
{{- else }}
@@ -131,60 +131,22 @@ spec:
fieldRef:
fieldPath: status.hostIP
volumeMounts:
- name: certs-volume
mountPath: /certs/CAs
- name: certs
mountPath: /certs
- name: certs-volume
mountPath: /certs/CAs
- name: certs
mountPath: /certs
- name: common-scripts
mountPath: /bitnami/scripts
command:
- sh
- "-c"
- |
/bin/bash <<'EOF'
my_hostname=$(hostname)
svc={{ include "mongodb.service.nameOverride" . }}
cp /certs/CAs/* /certs/
cat >/certs/openssl.cnf <<EOL
[req]
req_extensions = v3_req
distinguished_name = req_distinguished_name
[req_distinguished_name]
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = $svc
DNS.2 = $my_hostname
DNS.3 = $my_hostname.$svc.$MY_POD_NAMESPACE.svc.{{ .Values.clusterDomain }}
DNS.4 = localhost
DNS.5 = 127.0.0.1
{{- if .Values.tls.extraDnsNames }}
{{- range $key, $dnsName := .Values.tls.extraDnsNames }}
{{ $key }} = {{ $dnsName }}
{{- end }}
{{- end }}
{{- if .Values.externalAccess.service.loadBalancerIPs }}
{{- range $key, $val := .Values.externalAccess.service.loadBalancerIPs }}
IP.{{ $key }} = {{ $val | quote }}
{{- end }}
{{- else }}
IP.0 = {{ "$MY_POD_HOST_IP" | quote }}
{{- end }}
EOL
export RANDFILE=/certs/.rnd && openssl genrsa -out /certs/mongo.key 2048
#Create the client/server certificate
openssl req -new -key /certs/mongo.key -out /certs/mongo.csr -subj "/C=US/O=My Organisations/OU=IT/CN=$my_hostname" -config /certs/openssl.cnf
#Signing the server certificate with the CA cert and key
openssl x509 -req -in /certs/mongo.csr -CA /certs/mongodb-ca-cert -CAkey /certs/mongodb-ca-key -CAcreateserial -out /certs/mongo.crt -days 3650 -extensions v3_req -extfile /certs/openssl.cnf
rm /certs/mongo.csr
#Concatenate to a pem file for use as the client PEM file which can be used for both member and client authentication.
cat /certs/mongo.crt /certs/mongo.key > /certs/mongodb.pem
cd /certs/
shopt -s extglob
rm -rf !(mongodb-ca-cert|mongodb.pem|CAs|openssl.cnf)
chmod 0600 mongodb-ca-cert mongodb.pem
EOF
- /bitnami/scripts/generate-certs.sh
args:
- -s {{ include "mongodb.service.nameOverride" . }}
{{- if .Values.externalAccess.service.loadBalancerIPs }}
- -i {{ join "," .Values.externalAccess.service.loadBalancerIPs }}
{{- end }}
{{- if .Values.tls.extraDnsNames }}
- -n {{ join "," .Values.tls.extraDnsNames }}
{{- end }}
{{- end }}
{{- if and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.service.type "LoadBalancer") }}
- name: auto-discovery
@@ -230,6 +192,9 @@ spec:
{{- else if .Values.args }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.lifecycleHooks }}
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }}
{{- end }}
env:
- name: BITNAMI_DEBUG
value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }}
@@ -252,7 +217,7 @@ spec:
- name: K8S_SERVICE_NAME
value: "{{ include "mongodb.service.nameOverride" . }}"
- name: MONGODB_INITIAL_PRIMARY_HOST
value: "{{ include "mongodb.fullname" . }}-0.$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.{{ .Values.clusterDomain }}"
value: {{ printf "%s-0.$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.%s" (include "mongodb.fullname" .) .Values.clusterDomain }}
- name: MONGODB_REPLICA_SET_NAME
value: {{ .Values.replicaSetName | quote }}
{{- if and .Values.replicaSetHostnames (not .Values.externalAccess.enabled) }}
@@ -311,6 +276,8 @@ spec:
value: {{ ternary "yes" "no" .Values.disableJavascript | quote }}
- name: MONGODB_ENABLE_JOURNAL
value: {{ ternary "yes" "no" .Values.enableJournal | quote }}
- name: MONGODB_PORT_NUMBER
value: {{ .Values.containerPorts.mongodb | quote }}
- name: MONGODB_ENABLE_IPV6
value: {{ ternary "yes" "no" .Values.enableIPv6 | quote }}
- name: MONGODB_ENABLE_DIRECTORY_PER_DB
@@ -342,74 +309,30 @@ spec:
{{- end }}
{{- end }}
ports:
- containerPort: 27017
name: mongodb
- name: mongodb
containerPort: {{ .Values.containerPorts.mongodb }}
{{- if not .Values.diagnosticMode.enabled }}
{{- if .Values.livenessProbe.enabled }}
livenessProbe:
livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }}
exec:
command:
- mongosh
{{- if .Values.tls.enabled }}
- --tls
- --tlsCertificateKeyFile=/certs/mongodb.pem
- --tlsCAFile=/certs/mongodb-ca-cert
{{- end }}
- --eval
- "db.adminCommand('ping')"
initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
command:
- /bitnami/scripts/ping-mongodb.sh
{{- else if .Values.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.readinessProbe.enabled }}
readinessProbe:
readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }}
exec:
command:
- bash
- -ec
- |
{{- if .Values.tls.enabled }}
TLS_OPTIONS='--tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert'
{{- end }}
# Run the proper check depending on the version
[[ $(mongosh --version) =~ ([0-9]+\.[0-9]+\.[0-9]+) ]] && VERSION=${BASH_REMATCH[1]}
. /opt/bitnami/scripts/libversion.sh
VERSION_MAJOR="$(get_sematic_version "$VERSION" 1)"
VERSION_MINOR="$(get_sematic_version "$VERSION" 2)"
VERSION_PATCH="$(get_sematic_version "$VERSION" 3)"
if [[ "$VERSION_MAJOR" -ge 4 ]] && [[ "$VERSION_MINOR" -ge 4 ]] && [[ "$VERSION_PATCH" -ge 2 ]]; then
mongosh $TLS_OPTIONS --eval 'db.hello().isWritablePrimary || db.hello().secondary' | grep -q 'true'
else
mongosh $TLS_OPTIONS --eval 'db.isMaster().ismaster || db.isMaster().secondary' | grep -q 'true'
fi
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
command:
- /bitnami/scripts/readiness-probe.sh
{{- else if .Values.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.startupProbe.enabled }}
startupProbe:
startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }}
exec:
command:
- bash
- -ec
- |
{{- if .Values.tls.enabled }}
TLS_OPTIONS='--tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert'
{{- end }}
mongosh $TLS_OPTIONS --eval 'db.hello().isWritablePrimary || db.hello().secondary' | grep -q 'true'
initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.startupProbe.periodSeconds }}
timeoutSeconds: {{ .Values.startupProbe.timeoutSeconds }}
successThreshold: {{ .Values.startupProbe.successThreshold }}
failureThreshold: {{ .Values.startupProbe.failureThreshold }}
command:
- /bitnami/scripts/startup-probe.sh
{{- else if .Values.customStartupProbe }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }}
{{- end }}
@@ -421,6 +344,8 @@ spec:
- name: datadir
mountPath: {{ .Values.persistence.mountPath }}
subPath: {{ .Values.persistence.subPath }}
- name: common-scripts
mountPath: /bitnami/scripts
{{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }}
- name: custom-init-scripts
mountPath: /docker-entrypoint-initdb.d
@@ -447,7 +372,7 @@ spec:
mountPath: /certs
{{- end }}
{{- if .Values.extraVolumeMounts }}
{{- toYaml .Values.extraVolumeMounts | nindent 12 }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.metrics.enabled }}
- name: metrics
@@ -471,55 +396,56 @@ spec:
/bin/mongodb_exporter --web.listen-address ":{{ .Values.metrics.containerPort }}" --mongodb.uri "{{ include "mongodb.mongodb_exporter.uri" . }}" {{ .Values.metrics.extraFlags }}
{{- end }}
env:
{{- if .Values.auth.enabled }}
{{- if not .Values.metrics.username }}
- name: MONGODB_ROOT_USER
value: {{ .Values.auth.rootUser | quote }}
- name: MONGODB_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "mongodb.secretName" . }}
key: mongodb-root-password
{{- else }}
- name: MONGODB_METRICS_USERNAME
value: {{ .Values.metrics.username | quote }}
- name: MONGODB_METRICS_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "mongodb.secretName" . }}
key: mongodb-metrics-password
{{- end }}
{{- end }}
{{- if .Values.auth.enabled }}
{{- if not .Values.metrics.username }}
- name: MONGODB_ROOT_USER
value: {{ .Values.auth.rootUser | quote }}
- name: MONGODB_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "mongodb.secretName" . }}
key: mongodb-root-password
{{- else }}
- name: MONGODB_METRICS_USERNAME
value: {{ .Values.metrics.username | quote }}
- name: MONGODB_METRICS_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "mongodb.secretName" . }}
key: mongodb-metrics-password
{{- end }}
{{- end }}
volumeMounts:
{{- if .Values.tls.enabled }}
- name: certs
mountPath: /certs
{{- end }}
{{- if .Values.tls.enabled }}
- name: certs
mountPath: /certs
{{- end }}
ports:
- name: metrics
containerPort: {{ .Values.metrics.containerPort }}
{{- if not .Values.diagnosticMode.enabled }}
{{- if .Values.metrics.livenessProbe.enabled }}
livenessProbe:
livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.livenessProbe "enabled") "context" $) | nindent 12 }}
httpGet:
path: /
port: metrics
initialDelaySeconds: {{ .Values.metrics.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.metrics.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.metrics.livenessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.metrics.livenessProbe.failureThreshold }}
successThreshold: {{ .Values.metrics.livenessProbe.successThreshold }}
{{- else if .Values.metrics.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customLivenessProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.metrics.readinessProbe.enabled }}
readinessProbe:
readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.readinessProbe "enabled") "context" $) | nindent 12 }}
httpGet:
path: /
port: metrics
initialDelaySeconds: {{ .Values.metrics.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.metrics.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.metrics.readinessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.metrics.readinessProbe.failureThreshold }}
successThreshold: {{ .Values.metrics.readinessProbe.successThreshold }}
{{- else if .Values.metrics.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customReadinessProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.metrics.startupProbe.enabled }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.startupProbe "enabled") "context" $) | nindent 12 }}
tcpSocket:
port: metrics
{{- else if .Values.metrics.customStartupProbe }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }}
{{- end }}
{{- end }}
{{- if .Values.metrics.resources }}
@@ -530,6 +456,10 @@ spec:
{{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }}
{{- end }}
volumes:
- name: common-scripts
configMap:
name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }}
defaultMode: 0550
{{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }}
- name: custom-init-scripts
configMap:
@@ -546,10 +476,10 @@ spec:
{{- end }}
- name: scripts
configMap:
name: {{ include "mongodb.fullname" . }}-scripts
name: {{ printf "%s-scripts" (include "mongodb.fullname" .) }}
defaultMode: 0755
{{- if .Values.extraVolumes }}
{{- toYaml .Values.extraVolumes | nindent 8 }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.tls.enabled }}
- name: certs

19
bitnami/mongodb/templates/replicaset/svc.yaml
View File

@@ -11,22 +11,31 @@
apiVersion: v1
kind: Service
metadata:
name: {{ $fullName }}-{{ $i }}
name: {{ printf "%s-%d" $fullName $i }}
namespace: {{ include "mongodb.namespace" $ }}
labels: {{- include "common.labels.standard" $ | nindent 4 }}
app.kubernetes.io/component: mongodb
{{- if $root.Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" $root.Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if $root.Values.service.annotations }}
annotations: {{- include "common.tplvalues.render" (dict "value" $root.Values.service.annotations "context" $) | nindent 4 }}
{{- if or $root.Values.service.annotations $root.Values.commonAnnotations }}
annotations:
{{- if $root.Values.service.annotations }}
{{- include "common.tplvalues.render" ( dict "value" $root.Values.service.annotations "context" $) | nindent 4 }}
{{- end }}
{{- if $root.Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" $root.Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
spec:
type: ClusterIP
ports:
- name: {{ $root.Values.service.portName }}
port: {{ $root.Values.service.port }}
- name: {{ $root.Values.service.portName | quote }}
port: {{ $root.Values.service.ports.mongodb }}
targetPort: mongodb
{{- if $root.Values.service.extraPorts }}
{{- include "common.tplvalues.render" (dict "value" $root.Values.service.extraPorts "context" $) | nindent 4 }}
{{- end }}
selector: {{- include "common.labels.matchLabels" $ | nindent 4 }}
app.kubernetes.io/component: mongodb
statefulset.kubernetes.io/pod-name: {{ $targetPod }}

4
bitnami/mongodb/templates/role.yaml
View File

@@ -17,8 +17,8 @@ rules:
- get
- list
- watch
{{- if .Values.rbac.role.rules }}
{{- toYaml .Values.rbac.role.rules | nindent 2 }}
{{- if .Values.rbac.rules }}
{{- include "common.tplvalues.render" ( dict "value" .Values.rbac.rules "context" $ ) | nindent 2 }}
{{- end -}}
{{- $pspAvailable := (semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .)) -}}
{{- if and $pspAvailable .Values.podSecurityPolicy.create }}

2
bitnami/mongodb/templates/secrets-ca.yaml
View File

@@ -9,7 +9,7 @@ metadata:
name: {{ template "mongodb.tlsSecretName" . }}
namespace: {{ template "mongodb.namespace" . }}
labels:
{{- include "common.labels.standard" . | nindent 4 }}
{{- include "common.labels.standard" . | nindent 4 }}
app.kubernetes.io/component: mongodb
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}

40
bitnami/mongodb/templates/secrets.yaml
View File

@@ -14,38 +14,28 @@ metadata:
{{- end }}
type: Opaque
data:
{{- if .Values.auth.rootPassword }}
mongodb-root-password: {{ .Values.auth.rootPassword | toString | b64enc | quote }}
{{- else }}
mongodb-root-password: {{ randAlphaNum 10 | b64enc | quote }}
{{- end }}
mongodb-root-password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "mongodb.fullname" .) "key" "mongodb-root-password" "providedValues" (list "auth.rootPassword" ) "context" $) }}
{{- $customUsers := include "mongodb.customUsers" . -}}
{{- $customDatabases := include "mongodb.customDatabases" . -}}
{{- $customPasswords := include "mongodb.customPasswords" . -}}
{{- if and (not (empty $customUsers)) (not (empty $customDatabases)) }}
{{- if not (empty $customPasswords) }}
mongodb-passwords: {{ $customPasswords | toString | b64enc | quote }}
{{- else }}
{{- $customUsersList := splitList "," $customUsers }}
{{- $customPasswordsList := list }}
{{- range $customUsersList }}
{{- $customPasswordsList = append $customPasswordsList (randAlphaNum 10) }}
{{- end }}
mongodb-passwords: {{ (join "," $customPasswordsList) | b64enc | quote }}
{{- $passwordList := list -}}
{{- if and (not (empty $customUsers)) (not (empty $customDatabases)) -}}
{{- if not (empty $customPasswords) -}}
{{- $passwordList = $customPasswords -}}
{{- else -}}
{{- $customUsersList := splitList "," $customUsers -}}
{{- $customPasswordsList := list -}}
{{- range $customUsersList -}}
{{- $customPasswordsList = append $customPasswordsList (randAlphaNum 10) -}}
{{- end -}}
{{- $passwordList = (join "," $customPasswordsList) -}}
{{- end }}
mongodb-passwords: {{ include "common.secrets.passwords.manage" (dict "secret" (include "mongodb.fullname" .) "key" "mongodb-passwords" "providedValues" (list "mongodbPasswords" ) "context" (merge $ (dict "Values" (dict "mongodbPasswords" $passwordList)))) }}
{{- end }}
{{- if .Values.metrics.username }}
{{- if .Values.metrics.password }}
mongodb-metrics-password: {{ .Values.metrics.password | toString | b64enc | quote }}
{{- else }}
mongodb-metrics-password: {{ randAlphaNum 10 | b64enc | quote }}
{{- end }}
mongodb-metrics-password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "mongodb.fullname" .) "key" "mongodb-metrics-password" "providedValues" (list "metrics.password" ) "context" $) }}
{{- end }}
{{- if eq .Values.architecture "replicaset" }}
{{- if .Values.auth.replicaSetKey }}
mongodb-replica-set-key: {{ .Values.auth.replicaSetKey | toString | b64enc | quote }}
{{- else }}
mongodb-replica-set-key: {{ randAlphaNum 10 | b64enc | quote }}
{{- end }}
mongodb-replica-set-key: {{ include "common.secrets.passwords.manage" (dict "secret" (include "mongodb.fullname" .) "key" "mongodb-replica-set-key" "providedValues" (list "auth.replicaSetKey" ) "context" $) }}
{{- end }}
{{- end }}

1
bitnami/mongodb/templates/serviceaccount.yaml
View File

@@ -19,4 +19,5 @@ metadata:
{{- end }}
secrets:
- name: {{ template "mongodb.fullname" . }}
automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
{{- end }}

20
bitnami/mongodb/templates/servicemonitor.yaml
View File

@@ -5,16 +5,26 @@ metadata:
name: {{ include "mongodb.fullname" . }}
namespace: {{ include "mongodb.serviceMonitor.namespace" . }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.metrics.serviceMonitor.additionalLabels }}
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.additionalLabels "context" $) | nindent 4 }}
{{- if .Values.metrics.serviceMonitor.labels }}
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.labels "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
app.kubernetes.io/component: metrics
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- if .Values.metrics.serviceMonitor.jobLabel }}
jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel }}
{{- end }}
selector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
{{- if .Values.metrics.serviceMonitor.selector }}
{{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }}
{{- end }}
app.kubernetes.io/component: metrics
endpoints:
- port: http-metrics
{{- if .Values.metrics.serviceMonitor.interval }}
@@ -29,10 +39,10 @@ spec:
{{- if .Values.metrics.serviceMonitor.metricRelabelings }}
metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.metrics.serviceMonitor.honorLabels }}
honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }}
{{- end }}
namespaceSelector:
matchNames:
- "{{ include "mongodb.namespace" . }}"
selector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
app.kubernetes.io/component: metrics
{{- end }}

243
bitnami/mongodb/templates/standalone/dep-sts.yaml
View File

@@ -25,18 +25,15 @@ spec:
replicas: 1
{{- if .Values.useStatefulSet }}
serviceName: {{ include "mongodb.fullname" . }}
{{- end }}
{{- if .Values.updateStrategy}}
{{- if .Values.useStatefulSet }}
updateStrategy:
{{- else }}
strategy:
{{- end }}
{{- if .Values.useStatefulSet }}
type: {{ .Values.strategyType }}
{{- else }}
type: Recreate
{{- end -}}
{{- if or (and (not .Values.useStatefulSet) (eq "Recreate" .Values.strategyType)) (and .Values.useStatefulSet (eq "OnDelete" .Values.strategyType)) }}
rollingUpdate: null
{{- end }}
{{- toYaml .Values.updateStrategy | nindent 4 }}
{{- end}}
selector:
matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
app.kubernetes.io/component: mongodb
@@ -61,8 +58,11 @@ spec:
{{- end }}
spec:
{{- include "mongodb.imagePullSecrets" . | nindent 6 }}
{{- if .Values.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.schedulerName }}
schedulerName: "{{ .Values.schedulerName }}"
schedulerName: {{ .Values.schedulerName | quote }}
{{- end }}
serviceAccountName: {{ template "mongodb.serviceAccountName" . }}
{{- if .Values.affinity }}
@@ -91,6 +91,9 @@ spec:
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
{{ if .Values.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
{{- end }}
{{- if or .Values.initContainers (and .Values.volumePermissions.enabled .Values.persistence.enabled) .Values.tls.enabled }}
initContainers:
{{- if .Values.initContainers }}
@@ -102,13 +105,12 @@ spec:
imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
command:
- /bin/bash
- -ec
args:
- -ec
- |
mkdir -p {{ .Values.persistence.mountPath }}{{- if .Values.persistence.subPath }}/{{ .Values.persistence.subPath }}{{- end }}
{{- if and .Values.podSecurityContext.enabled .Values.containerSecurityContext.enabled }}
chown -R "{{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }}" "{{ .Values.persistence.mountPath }}{{- if .Values.persistence.subPath }}/{{ .Values.persistence.subPath }}{{- end }}"
{{- end }}
mkdir -p {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }}
chown {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }}
find {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }}
{{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }}
securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }}
{{- else }}
@@ -130,54 +132,27 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: MY_POD_HOST_IP
valueFrom:
fieldRef:
fieldPath: status.hostIP
volumeMounts:
- name: certs-volume
mountPath: /certs/CAs
- name: certs
mountPath: /certs
- name: certs-volume
mountPath: /certs/CAs
- name: certs
mountPath: /certs
- name: common-scripts
mountPath: /bitnami/scripts
command:
- sh
- "-c"
- |
/bin/bash <<'EOF'
my_hostname=$(hostname)
svc=$(echo -n "$my_hostname" | sed s/-[0-9]*$//)-headless
cp /certs/CAs/* /certs/
cat >/certs/openssl.cnf <<EOL
[req]
req_extensions = v3_req
distinguished_name = req_distinguished_name
[req_distinguished_name]
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = $svc
DNS.2 = $my_hostname
DNS.3 = $my_hostname.$svc.$MY_POD_NAMESPACE.svc.cluster.local
DNS.4 = localhost
DNS.5 = 127.0.0.1
{{- if .Values.tls.extraDnsNames }}
{{- range $key, $dnsName := .Values.tls.extraDnsNames }}
{{ $key }} = {{ $dnsName }}
{{- end }}
{{- end }}
EOL
export RANDFILE=/certs/.rnd && openssl genrsa -out /certs/mongo.key 2048
#Create the client/server cert
openssl req -new -key /certs/mongo.key -out /certs/mongo.csr -subj "/C=US/O=My Organisations/OU=IT/CN=$my_hostname" -config /certs/openssl.cnf
#Signing the server cert with the CA cert and key
openssl x509 -req -in /certs/mongo.csr -CA /certs/mongodb-ca-cert -CAkey /certs/mongodb-ca-key -CAcreateserial -out /certs/mongo.crt -days 3650 -extensions v3_req -extfile /certs/openssl.cnf
rm /certs/mongo.csr
#Concatenate to a pem file for use as the client PEM file which can be used for both member and client authentication.
cat /certs/mongo.crt /certs/mongo.key > /certs/mongodb.pem
cd /certs/
shopt -s extglob
rm -rf !(mongodb-ca-cert|mongodb.pem|CAs|openssl.cnf)
chmod 0600 mongodb-ca-cert mongodb.pem
EOF
- /bitnami/scripts/generate-certs.sh
args:
- -s {{ include "mongodb.service.nameOverride" . }}
{{- if .Values.externalAccess.service.loadBalancerIPs }}
- -i {{ join "," .Values.externalAccess.service.loadBalancerIPs }}
{{- end }}
{{- if .Values.tls.extraDnsNames }}
- -n {{ join "," .Values.tls.extraDnsNames }}
{{- end }}
{{- end }}
{{- end }}
containers:
@@ -197,6 +172,9 @@ spec:
{{- else if .Values.args }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.lifecycleHooks }}
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }}
{{- end }}
env:
- name: BITNAMI_DEBUG
value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }}
@@ -247,6 +225,8 @@ spec:
value: {{ ternary "yes" "no" .Values.disableJavascript | quote }}
- name: MONGODB_ENABLE_JOURNAL
value: {{ ternary "yes" "no" .Values.enableJournal | quote }}
- name: MONGODB_PORT_NUMBER
value: {{ .Values.containerPorts.mongodb | quote }}
- name: MONGODB_ENABLE_IPV6
value: {{ ternary "yes" "no" .Values.enableIPv6 | quote }}
- name: MONGODB_ENABLE_DIRECTORY_PER_DB
@@ -279,77 +259,33 @@ spec:
{{- end }}
ports:
- name: mongodb
containerPort: 27017
containerPort: {{ .Values.containerPorts.mongodb }}
{{- if not .Values.diagnosticMode.enabled }}
{{- if .Values.livenessProbe.enabled }}
livenessProbe:
livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }}
exec:
command:
- mongosh
{{- if .Values.tls.enabled }}
- --tls
- --tlsCertificateKeyFile=/certs/mongodb.pem
- --tlsCAFile=/certs/mongodb-ca-cert
{{- end }}
- --eval
- "db.adminCommand('ping')"
initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
- /bitnami/scripts/ping-mongodb.sh
{{- else if .Values.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }}
{{- end }}
{{- end }}
{{- if not .Values.diagnosticMode.enabled }}
{{- if .Values.readinessProbe.enabled }}
readinessProbe:
readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }}
exec:
command:
- bash
- -ec
- |
{{- if .Values.tls.enabled }}
TLS_OPTIONS='--tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert'
{{- end }}
# Run the proper check depending on the version
[[ $(mongosh --version) =~ ([0-9]+\.[0-9]+\.[0-9]+) ]] && VERSION=${BASH_REMATCH[1]}
. /opt/bitnami/scripts/libversion.sh
VERSION_MAJOR="$(get_sematic_version "$VERSION" 1)"
VERSION_MINOR="$(get_sematic_version "$VERSION" 2)"
VERSION_PATCH="$(get_sematic_version "$VERSION" 3)"
if [[ "$VERSION_MAJOR" -ge 4 ]] && [[ "$VERSION_MINOR" -ge 4 ]] && [[ "$VERSION_PATCH" -ge 2 ]]; then
mongosh $TLS_OPTIONS --eval 'db.hello().isWritablePrimary || db.hello().secondary' | grep -q 'true'
else
mongosh $TLS_OPTIONS --eval 'db.isMaster().ismaster || db.isMaster().secondary' | grep -q 'true'
fi
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
- /bitnami/scripts/readiness-probe.sh
{{- else if .Values.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }}
{{- end }}
{{- end }}
{{- if not .Values.diagnosticMode.enabled }}
{{- if .Values.startupProbe.enabled }}
startupProbe:
startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }}
exec:
command:
- bash
- -ec
- |
{{- if .Values.tls.enabled }}
TLS_OPTIONS='--tls --tlsCertificateKeyFile=/certs/mongodb.pem --tlsCAFile=/certs/mongodb-ca-cert'
{{- end }}
mongosh --disableImplicitSessions $TLS_OPTIONS --eval 'db.hello().isWritablePrimary || db.hello().secondary' | grep -q 'true'
initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.startupProbe.periodSeconds }}
timeoutSeconds: {{ .Values.startupProbe.timeoutSeconds }}
successThreshold: {{ .Values.startupProbe.successThreshold }}
failureThreshold: {{ .Values.startupProbe.failureThreshold }}
- /bitnami/scripts/startup-probe.sh
{{- else if .Values.customStartupProbe }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }}
{{- end }}
@@ -361,6 +297,8 @@ spec:
- name: datadir
mountPath: {{ .Values.persistence.mountPath }}
subPath: {{ .Values.persistence.subPath }}
- name: common-scripts
mountPath: /bitnami/scripts
{{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }}
- name: custom-init-scripts
mountPath: /docker-entrypoint-initdb.d
@@ -375,7 +313,7 @@ spec:
mountPath: /certs
{{- end }}
{{- if .Values.extraVolumeMounts }}
{{- toYaml .Values.extraVolumeMounts | nindent 12 }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.metrics.enabled }}
- name: metrics
@@ -391,55 +329,56 @@ spec:
- |
/bin/mongodb_exporter --web.listen-address ":{{ .Values.metrics.containerPort }}" --mongodb.uri "{{ include "mongodb.mongodb_exporter.uri" . }}" {{ .Values.metrics.extraFlags }}
env:
{{- if .Values.auth.enabled }}
{{- if not .Values.metrics.username }}
- name: MONGODB_ROOT_USER
value: {{ .Values.auth.rootUser | quote }}
- name: MONGODB_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "mongodb.secretName" . }}
key: mongodb-root-password
{{- else }}
- name: MONGODB_METRICS_USERNAME
value: {{ .Values.metrics.username | quote }}
- name: MONGODB_METRICS_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "mongodb.secretName" . }}
key: mongodb-metrics-password
{{- end }}
{{- end }}
{{- if .Values.auth.enabled }}
{{- if not .Values.metrics.username }}
- name: MONGODB_ROOT_USER
value: {{ .Values.auth.rootUser | quote }}
- name: MONGODB_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "mongodb.secretName" . }}
key: mongodb-root-password
{{- else }}
- name: MONGODB_METRICS_USERNAME
value: {{ .Values.metrics.username | quote }}
- name: MONGODB_METRICS_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "mongodb.secretName" . }}
key: mongodb-metrics-password
{{- end }}
{{- end }}
volumeMounts:
{{- if .Values.tls.enabled }}
- name: certs
mountPath: /certs
{{- end }}
{{- if .Values.tls.enabled }}
- name: certs
mountPath: /certs
{{- end }}
ports:
- name: metrics
containerPort: {{ .Values.metrics.containerPort }}
- name: mongodb
containerPort: {{ .Values.containerPorts.mongodb }}
{{- if not .Values.diagnosticMode.enabled }}
{{- if .Values.metrics.livenessProbe.enabled }}
livenessProbe:
livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.livenessProbe "enabled") "context" $) | nindent 12 }}
httpGet:
path: /
port: metrics
initialDelaySeconds: {{ .Values.metrics.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.metrics.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.metrics.livenessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.metrics.livenessProbe.failureThreshold }}
successThreshold: {{ .Values.metrics.livenessProbe.successThreshold }}
{{- else if .Values.metrics.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customLivenessProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.metrics.readinessProbe.enabled }}
readinessProbe:
readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.readinessProbe "enabled") "context" $) | nindent 12 }}
httpGet:
path: /
port: metrics
initialDelaySeconds: {{ .Values.metrics.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.metrics.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.metrics.readinessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.metrics.readinessProbe.failureThreshold }}
successThreshold: {{ .Values.metrics.readinessProbe.successThreshold }}
{{- else if .Values.metrics.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customReadinessProbe "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.metrics.startupProbe.enabled }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.startupProbe "enabled") "context" $) | nindent 12 }}
tcpSocket:
port: metrics
{{- else if .Values.metrics.customStartupProbe }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }}
{{- end }}
{{- end }}
{{- if .Values.metrics.resources }}
@@ -450,6 +389,10 @@ spec:
{{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }}
{{- end }}
volumes:
- name: common-scripts
configMap:
name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }}
defaultMode: 0550
{{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }}
- name: custom-init-scripts
configMap:
@@ -461,7 +404,7 @@ spec:
name: {{ include "mongodb.configmapName" . }}
{{- end }}
{{- if .Values.extraVolumes }}
{{- toYaml .Values.extraVolumes | nindent 8 }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.tls.enabled }}
- name: certs

5
bitnami/mongodb/templates/standalone/pvc.yaml
View File

@@ -9,7 +9,7 @@ metadata:
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if or .Values.persistence.annotations .Values.commonAnnotations }}
{{- if or .Values.persistence.annotations .Values.commonAnnotations .Values.persistence.resourcePolicy }}
annotations:
{{- if .Values.commonAnnotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
@@ -17,6 +17,9 @@ metadata:
{{- if .Values.persistence.annotations }}
{{- include "common.tplvalues.render" ( dict "value" .Values.persistence.annotations "context" $) | nindent 4 }}
{{- end }}
{{- if .Values.persistence.resourcePolicy }}
helm.sh/resource-policy: {{ .Values.persistence.resourcePolicy | quote }}
{{- end }}
{{- end }}
spec:
accessModes:

20
bitnami/mongodb/templates/standalone/svc.yaml
View File

@@ -32,15 +32,27 @@ spec:
{{- if .Values.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges: {{- toYaml .Values.service.loadBalancerSourceRanges | nindent 4 }}
{{- end }}
{{- if .Values.service.sessionAffinity }}
sessionAffinity: {{ .Values.service.sessionAffinity }}
{{- end }}
{{- if .Values.service.sessionAffinityConfig }}
sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.service.sessionAffinityConfig "context" $) | nindent 4 }}
{{- end }}
{{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }}
externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }}
{{- end }}
ports:
- name: {{ .Values.service.portName }}
port: {{ .Values.service.port }}
- name: {{ .Values.service.portName | quote }}
port: {{ .Values.service.ports.mongodb }}
targetPort: mongodb
{{- if and (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) .Values.service.nodePort }}
nodePort: {{ .Values.service.nodePort }}
{{- if and (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) .Values.service.nodePorts.mongodb }}
nodePort: {{ .Values.service.nodePorts.mongodb }}
{{- else if eq .Values.service.type "ClusterIP" }}
nodePort: null
{{- end }}
{{- if .Values.service.extraPorts }}
{{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }}
{{- end }}
selector: {{- include "common.labels.matchLabels" . | nindent 4 }}
app.kubernetes.io/component: mongodb
{{- end }}

440
bitnami/mongodb/values.yaml
View File

@@ -28,6 +28,12 @@ nameOverride: ""
## @param fullnameOverride String to fully override mongodb.fullname template
##
fullnameOverride: ""
## @param namespaceOverride String to fully override common.names.namespace
##
namespaceOverride: ""
## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set)
##
kubeVersion: ""
## @param clusterDomain Default Kubernetes cluster domain
##
clusterDomain: cluster.local
@@ -99,7 +105,7 @@ diagnosticMode:
image:
registry: docker.io
repository: bitnami/mongodb
tag: 4.4.13-debian-10-r52
tag: 5.0.8-debian-10-r9
## Specify a imagePullPolicy
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
@@ -184,13 +190,23 @@ tls:
## @param tls.image.repository Init container TLS certs setup image repository
## @param tls.image.tag Init container TLS certs setup image tag (immutable tags are recommended)
## @param tls.image.pullPolicy Init container TLS certs setup image pull policy
## @param tls.image.pullSecrets Init container TLS certs specify docker-registry secret names as an array
## @param tls.extraDnsNames Add extra dns names to the CA, can solve x509 auth issue for pod clients
##
image:
registry: docker.io
repository: bitnami/nginx
tag: 1.21.6-debian-10-r85
tag: 1.21.6-debian-10-r92
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## e.g:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## e.g:
## extraDnsNames
## "DNS.6": "$my_host"
@@ -348,10 +364,19 @@ labels: {}
## Ignored when mongodb.architecture=standalone
##
replicaCount: 2
## @param strategyType StrategyType for MongoDB(&reg;) statefulset
## It can be set to RollingUpdate or Recreate by default.
## @param updateStrategy.type Strategy to use to replace existing MongoDB(&reg;) pods. When architecture=standalone and useStatefulSet=false,
##<EFBFBD><EFBFBD>this parameter will be applied on a deployment object. In other case it will be applied on a statefulset object
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
## Example:
## updateStrategy:
## type: RollingUpdate
## rollingUpdate:
## maxSurge: 25%
## maxUnavailable: 25%
##
strategyType: RollingUpdate
updateStrategy:
type: RollingUpdate
## @param podManagementPolicy Pod management policy for MongoDB(&reg;)
## Should be initialized one by one when building the replicaset for the first time
##
@@ -400,6 +425,12 @@ tolerations: []
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
##
topologySpreadConstraints: []
## @param lifecycleHooks LifecycleHook for the MongoDB(&reg;) container(s) to automate configuration before or after startup
##
lifecycleHooks: {}
## @param terminationGracePeriodSeconds MongoDB(&reg;) Termination Grace Period
##
terminationGracePeriodSeconds: ""
## @param podLabels MongoDB(&reg;) pod labels
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
##
@@ -464,6 +495,9 @@ resources:
## memory: 128Mi
##
requests: {}
## @param containerPorts.mongodb MongoDB(&reg;) container port
containerPorts:
mongodb: 27017
## MongoDB(&reg;) pods' liveness probe. Evaluated as a template.
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
## @param livenessProbe.enabled Enable livenessProbe
@@ -476,8 +510,8 @@ resources:
livenessProbe:
enabled: true
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
periodSeconds: 20
timeoutSeconds: 10
failureThreshold: 6
successThreshold: 1
## MongoDB(&reg;) pods' readiness probe. Evaluated as a template.
@@ -509,8 +543,8 @@ readinessProbe:
startupProbe:
enabled: false
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
periodSeconds: 20
timeoutSeconds: 10
successThreshold: 1
failureThreshold: 30
## @param customLivenessProbe Override default liveness probe for MongoDB(&reg;) containers
@@ -600,39 +634,59 @@ service:
## @param service.nameOverride MongoDB(&reg;) service name
##
nameOverride: ""
## @param service.type Kubernetes Service type
## @param service.type Kubernetes Service type (only for standalone architecture)
##
type: ClusterIP
## @param service.port MongoDB(&reg;) service port
##
port: 27017
## @param service.portName MongoDB(&reg;) service port name
## @param service.portName MongoDB(&reg;) service port name (only for standalone architecture)
##
portName: mongodb
## @param service.nodePort Port to bind to for NodePort and LoadBalancer service types
## @param service.ports.mongodb MongoDB(&reg;) service port.
##
ports:
mongodb: 27017
## @param service.nodePorts.mongodb Port to bind to for NodePort and LoadBalancer service types (only for standalone architecture)
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
##
nodePort: ""
## @param service.clusterIP MongoDB(&reg;) service cluster IP
nodePorts:
mongodb: ""
## @param service.clusterIP MongoDB(&reg;) service cluster IP (only for standalone architecture)
## e.g:
## clusterIP: None
##
clusterIP: ""
## @param service.externalIPs Specify the externalIP value ClusterIP service type.
## @param service.externalIPs Specify the externalIP value ClusterIP service type (only for standalone architecture)
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips
##
externalIPs: []
## @param service.loadBalancerIP loadBalancerIP for MongoDB(&reg;) Service
## @param service.loadBalancerIP loadBalancerIP for MongoDB(&reg;) Service (only for standalone architecture)
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer
##
loadBalancerIP: ""
## @param service.loadBalancerSourceRanges Address(es) that are allowed when service is LoadBalancer
## @param service.loadBalancerSourceRanges Address(es) that are allowed when service is LoadBalancer (only for standalone architecture)
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
##
loadBalancerSourceRanges: []
## @param service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
##
extraPorts: []
## @param service.annotations Provide any additional annotations that may be required
##
annotations: {}
## @param service.externalTrafficPolicy service external traffic policy (only for standalone architecture)
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
##
externalTrafficPolicy: Local
## @param service.sessionAffinity Control where client requests go, to the same pod or round-robin
## Values: ClientIP or None
## ref: https://kubernetes.io/docs/user-guide/services/
##
sessionAffinity: None
## @param service.sessionAffinityConfig Additional settings for the sessionAffinity
## sessionAffinityConfig:
## clientIP:
## timeoutSeconds: 300
##
sessionAffinityConfig: {}
## External Access to MongoDB(&reg;) nodes configuration
##
externalAccess:
@@ -658,7 +712,7 @@ externalAccess:
image:
registry: docker.io
repository: bitnami/kubectl
tag: 1.23.6-debian-10-r1
tag: 1.23.6-debian-10-r8
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
@@ -700,9 +754,13 @@ externalAccess:
## @param externalAccess.service.type Kubernetes Service type for external access. Allowed values: NodePort, LoadBalancer or ClusterIP
##
type: LoadBalancer
## @param externalAccess.service.port MongoDB(&reg;) port used for external access when service type is LoadBalancer
## @param externalAccess.service.portName MongoDB(&reg;) port name used for external access when service type is LoadBalancer
##
port: 27017
portName: "mongodb"
## @param externalAccess.service.ports.mongodb MongoDB(&reg;) port used for external access when service type is LoadBalancer
##
ports:
mongodb: 27017
## @param externalAccess.service.loadBalancerIPs Array of load balancer IPs for MongoDB(&reg;) nodes
## Example:
## loadBalancerIPs:
@@ -717,6 +775,10 @@ externalAccess:
## - 10.10.10.0/24
##
loadBalancerSourceRanges: []
## @param externalAccess.service.externalTrafficPolicy MongoDB(&reg;) service external traffic policy
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
##
externalTrafficPolicy: Local
## @param externalAccess.service.nodePorts Array of node ports used to configure MongoDB(&reg;) advertised hostname when service type is NodePort
## Example:
## nodePorts:
@@ -730,9 +792,23 @@ externalAccess:
## domain: mydomain.com
##
domain: ""
## @param externalAccess.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
##
extraPorts: []
## @param externalAccess.service.annotations Service annotations for external access
##
annotations: {}
## @param externalAccess.service.sessionAffinity Control where client requests go, to the same pod or round-robin
## Values: ClientIP or None
## ref: https://kubernetes.io/docs/user-guide/services/
##
sessionAffinity: None
## @param externalAccess.service.sessionAffinityConfig Additional settings for the sessionAffinity
## sessionAffinityConfig:
## clientIP:
## timeoutSeconds: 300
##
sessionAffinityConfig: {}
## External Access to MongoDB(&reg;) Hidden nodes configuration
##
hidden:
@@ -746,9 +822,13 @@ externalAccess:
## @param externalAccess.hidden.service.type Kubernetes Service type for external access. Allowed values: NodePort or LoadBalancer
##
type: LoadBalancer
## @param externalAccess.hidden.service.port MongoDB(&reg;) port used for external access when service type is LoadBalancer
## @param externalAccess.hidden.service.portName MongoDB(&reg;) port name used for external access when service type is LoadBalancer
##
port: 27017
portName: "mongodb"
## @param externalAccess.hidden.service.ports.mongodb MongoDB(&reg;) port used for external access when service type is LoadBalancer
##
ports:
mongodb: 27017
## @param externalAccess.hidden.service.loadBalancerIPs Array of load balancer IPs for MongoDB(&reg;) nodes
## Example:
## loadBalancerIPs:
@@ -763,6 +843,10 @@ externalAccess:
## - 10.10.10.0/24
##
loadBalancerSourceRanges: []
## @param externalAccess.hidden.service.externalTrafficPolicy MongoDB(&reg;) service external traffic policy
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
##
externalTrafficPolicy: Local
## @param externalAccess.hidden.service.nodePorts Array of node ports used to configure MongoDB(&reg;) advertised hostname when service type is NodePort. Length must be the same as replicaCount
## Example:
## nodePorts:
@@ -776,9 +860,23 @@ externalAccess:
## domain: mydomain.com
##
domain: ""
## @param externalAccess.hidden.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
##
extraPorts: []
## @param externalAccess.hidden.service.annotations Service annotations for external access
##
annotations: {}
## @param externalAccess.hidden.service.sessionAffinity Control where client requests go, to the same pod or round-robin
## Values: ClientIP or None
## ref: https://kubernetes.io/docs/user-guide/services/
##
sessionAffinity: None
## @param externalAccess.hidden.service.sessionAffinityConfig Additional settings for the sessionAffinity
## sessionAffinityConfig:
## clientIP:
## timeoutSeconds: 300
##
sessionAffinityConfig: {}
## @section Persistence parameters
##
@@ -800,6 +898,8 @@ persistence:
## Ignored when mongodb.architecture=replicaset
##
existingClaim: ""
## @param persistence.resourcePolicy Setting it to "keep" to avoid removing PVCs during a helm delete operation. Leaving it empty will delete PVCs after the chart deleted
resourcePolicy: ""
## @param persistence.storageClass PVC Storage Class for MongoDB(&reg;) data volume
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
@@ -859,6 +959,10 @@ serviceAccount:
## @param serviceAccount.annotations Additional Service Account annotations
##
annotations: {}
## @param serviceAccount.automountServiceAccountToken Allows auto mount of ServiceAccountToken on the serviceAccount created
## Can be set to false if pods using this serviceAccount do not need to use K8s API
##
automountServiceAccountToken: true
## Role Based Access
## ref: https://kubernetes.io/docs/admin/authorization/rbac/
##
@@ -869,21 +973,20 @@ rbac:
## this needs to be set to 'true' to enable the mongo-labeler sidecar primary mongodb discovery
##
create: false
role:
## @param rbac.role.rules Custom rules to create following the role specification
## The example below needs to be uncommented to use the 'mongo-labeler' sidecar for dynamic discovery of the primary mongodb pod:
## rules:
## - apiGroups:
## - ""
## resources:
## - pods
## verbs:
## - get
## - list
## - watch
## - update
##
rules: []
## @param rbac.rules Custom rules to create following the role specification
## The example below needs to be uncommented to use the 'mongo-labeler' sidecar for dynamic discovery of the primary mongodb pod:
## rules:
## - apiGroups:
## - ""
## resources:
## - pods
## verbs:
## - get
## - list
## - watch
## - update
##
rules: []
## PodSecurityPolicy configuration
## Be sure to also set rbac.create to true, otherwise Role and RoleBinding won't be created.
## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
@@ -939,7 +1042,6 @@ podSecurityPolicy:
## @section Volume Permissions parameters
##
## Init Container parameters
## Change the owner and group of the persistent volume(s) mountpoint(s) to 'runAsUser:fsGroup' on each component
## values from the securityContext section of the component
@@ -957,7 +1059,7 @@ volumePermissions:
image:
registry: docker.io
repository: bitnami/bitnami-shell
tag: 10-debian-10-r404
tag: 10-debian-10-r410
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
@@ -1013,14 +1115,14 @@ arbiter:
## https://docs.mongodb.com/manual/tutorial/add-replica-set-arbiter/
##
enabled: true
## @param arbiter.configuration Arbiter configuration file to be used
## http://docs.mongodb.org/manual/reference/configuration-options/
##
configuration: ""
## @param arbiter.hostAliases Add deployment host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
hostAliases: []
## @param arbiter.configuration Arbiter configuration file to be used
## http://docs.mongodb.org/manual/reference/configuration-options/
##
configuration: ""
## @param arbiter.existingConfigmap Name of existing ConfigMap with Arbiter configuration
## NOTE: When it's set the arbiter.configuration parameter is ignored
##
@@ -1056,6 +1158,34 @@ arbiter:
## @param arbiter.labels Annotations to be added to the Arbiter statefulset
##
labels: {}
## @param arbiter.topologySpreadConstraints MongoDB(&reg;) Spread Constraints for arbiter Pods
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
##
topologySpreadConstraints: []
## @param arbiter.lifecycleHooks LifecycleHook for the Arbiter container to automate configuration before or after startup
##
lifecycleHooks: {}
## @param arbiter.terminationGracePeriodSeconds Arbiter Termination Grace Period
##
terminationGracePeriodSeconds: ""
## @param arbiter.updateStrategy.type Strategy that will be employed to update Pods in the StatefulSet
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
## updateStrategy:
## type: RollingUpdate
## rollingUpdate:
## maxSurge: 25%
## maxUnavailable: 25%
##
updateStrategy:
type: RollingUpdate
## @param arbiter.podManagementPolicy Pod management policy for MongoDB(&reg;)
## Should be initialized one by one when building the replicaset for the first time
##
podManagementPolicy: OrderedReady
## @param arbiter.schedulerName Name of the scheduler (other than default) to dispatch pods
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
schedulerName: ""
## @param arbiter.podAffinityPreset Arbiter Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
@@ -1132,10 +1262,12 @@ arbiter:
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param arbiter.containerSecurityContext.enabled Enable Arbiter container(s)' Security Context
## @param arbiter.containerSecurityContext.runAsUser User ID for the Arbiter container
## @param arbiter.containerSecurityContext.runAsNonRoot Set Arbiter containers' Security Context runAsNonRoot
##
containerSecurityContext:
enabled: true
runAsUser: 1001
runAsNonRoot: true
## MongoDB(&reg;) Arbiter containers' resource requests and limits.
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## We usually recommend not to specify default resources and to leave this as a conscious
@@ -1158,6 +1290,10 @@ arbiter:
## memory: 128Mi
##
requests: {}
## @param arbiter.containerPorts.mongodb MongoDB(&reg;) arbiter container port
##
containerPorts:
mongodb: 27017
## MongoDB(&reg;) Arbiter pods' liveness probe. Evaluated as a template.
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
## @param arbiter.livenessProbe.enabled Enable livenessProbe
@@ -1170,8 +1306,8 @@ arbiter:
livenessProbe:
enabled: true
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
periodSeconds: 20
timeoutSeconds: 10
failureThreshold: 6
successThreshold: 1
## MongoDB(&reg;) Arbiter pods' readiness probe. Evaluated as a template.
@@ -1186,10 +1322,26 @@ arbiter:
readinessProbe:
enabled: true
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
periodSeconds: 20
timeoutSeconds: 10
failureThreshold: 6
successThreshold: 1
## MongoDB(&reg;) Arbiter pods' startup probe. Evaluated as a template.
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
## @param arbiter.startupProbe.enabled Enable startupProbe
## @param arbiter.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
## @param arbiter.startupProbe.periodSeconds Period seconds for startupProbe
## @param arbiter.startupProbe.timeoutSeconds Timeout seconds for startupProbe
## @param arbiter.startupProbe.failureThreshold Failure threshold for startupProbe
## @param arbiter.startupProbe.successThreshold Success threshold for startupProbe
##
startupProbe:
enabled: false
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 30
## @param arbiter.customLivenessProbe Override default liveness probe for Arbiter containers
## Ignored when arbiter.livenessProbe.enabled=true
##
@@ -1198,6 +1350,10 @@ arbiter:
## Ignored when arbiter.readinessProbe.enabled=true
##
customReadinessProbe: {}
## @param arbiter.customStartupProbe Override default startup probe for Arbiter containers
## Ignored when arbiter.startupProbe.enabled=true
##
customStartupProbe: {}
## @param arbiter.initContainers Add additional init containers for the Arbiter pod(s)
## Example:
## initContainers:
@@ -1253,6 +1409,16 @@ arbiter:
## @param arbiter.service.nameOverride The arbiter service name
##
nameOverride: ""
## @param arbiter.service.ports.mongodb MongoDB(&reg;) service port
##
ports:
mongodb: 27017
## @param arbiter.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
##
extraPorts: []
## @param arbiter.service.annotations Provide any additional annotations that may be required
##
annotations: {}
## @section Hidden Node parameters
##
@@ -1262,6 +1428,10 @@ hidden:
## https://docs.mongodb.com/manual/tutorial/configure-a-hidden-replica-set-member/
##
enabled: false
## @param hidden.hostAliases Add deployment host aliases
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
##
hostAliases: []
## @param hidden.configuration Hidden node configuration file to be used
## http://docs.mongodb.org/manual/reference/configuration-options/
##
@@ -1301,17 +1471,37 @@ hidden:
## @param hidden.labels Annotations to be added to the hidden node statefulset
##
labels: {}
## @param hidden.topologySpreadConstraints MongoDB(&reg;) Spread Constraints for hidden Pods
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
##
topologySpreadConstraints: []
## @param hidden.lifecycleHooks LifecycleHook for the Hidden container to automate configuration before or after startup
##
lifecycleHooks: {}
## @param hidden.replicaCount Number of hidden nodes (only when `architecture=replicaset`)
## Ignored when mongodb.architecture=standalone
##
replicaCount: 1
## @param hidden.strategyType StrategyType for hidden node statefulset
## It can be set to RollingUpdate or Recreate by default.
## @param hidden.terminationGracePeriodSeconds Hidden Termination Grace Period
##
strategyType: RollingUpdate
terminationGracePeriodSeconds: ""
## @param hidden.updateStrategy.type Strategy that will be employed to update Pods in the StatefulSet
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
## updateStrategy:
## type: RollingUpdate
## rollingUpdate:
## maxSurge: 25%
## maxUnavailable: 25%
##
updateStrategy:
type: RollingUpdate
## @param hidden.podManagementPolicy Pod management policy for hidden node
##
podManagementPolicy: OrderedReady
## @param hidden.schedulerName Name of the scheduler (other than default) to dispatch pods
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
schedulerName: ""
## @param hidden.podAffinityPreset Hidden node Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
@@ -1369,6 +1559,32 @@ hidden:
## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/
##
runtimeClassName: ""
## MongoDB(&reg;) Hidden pods' Security Context.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param hidden.podSecurityContext.enabled Enable Hidden pod(s)' Security Context
## @param hidden.podSecurityContext.fsGroup Group ID for the volumes of the Hidden pod(s)
## @param hidden.podSecurityContext.sysctls sysctl settings of the Hidden pod(s)'
##
podSecurityContext:
enabled: true
fsGroup: 1001
## sysctl settings
## Example:
## sysctls:
## - name: net.core.somaxconn
## value: "10000"
##
sysctls: []
## MongoDB(&reg;) Hidden containers' Security Context (only main container).
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param hidden.containerSecurityContext.enabled Enable Hidden container(s)' Security Context
## @param hidden.containerSecurityContext.runAsUser User ID for the Hidden container
## @param hidden.containerSecurityContext.runAsNonRoot Set Hidden containers' Security Context runAsNonRoot
##
containerSecurityContext:
enabled: true
runAsUser: 1001
runAsNonRoot: true
## MongoDB(&reg;) Hidden containers' resource requests and limits.
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## We usually recommend not to specify default resources and to leave this as a conscious
@@ -1391,6 +1607,9 @@ hidden:
## memory: 128Mi
##
requests: {}
## @param hidden.containerPorts.mongodb MongoDB(&reg;) hidden container port
containerPorts:
mongodb: 27017
## MongoDB(&reg;) Hidden pods' liveness probe. Evaluated as a template.
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
## @param hidden.livenessProbe.enabled Enable livenessProbe
@@ -1403,8 +1622,8 @@ hidden:
livenessProbe:
enabled: true
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
periodSeconds: 20
timeoutSeconds: 10
failureThreshold: 6
successThreshold: 1
## MongoDB(&reg;) Hidden pods' readiness probe. Evaluated as a template.
@@ -1419,18 +1638,39 @@ hidden:
readinessProbe:
enabled: true
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
periodSeconds: 20
timeoutSeconds: 10
failureThreshold: 6
successThreshold: 1
## Slow starting containers can be protected through startup probes
## Startup probes are available in Kubernetes version 1.16 and above
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes
## @param hidden.startupProbe.enabled Enable startupProbe
## @param hidden.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
## @param hidden.startupProbe.periodSeconds Period seconds for startupProbe
## @param hidden.startupProbe.timeoutSeconds Timeout seconds for startupProbe
## @param hidden.startupProbe.failureThreshold Failure threshold for startupProbe
## @param hidden.startupProbe.successThreshold Success threshold for startupProbe
##
startupProbe:
enabled: false
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 30
## @param hidden.customLivenessProbe Override default liveness probe for hidden node containers
## Ignored when livenessProbe.enabled=true
## Ignored when hidden.livenessProbe.enabled=true
##
customLivenessProbe: {}
## @param hidden.customReadinessProbe Override default readiness probe for hidden node containers
## Ignored when readinessProbe.enabled=true
## Ignored when hidden.readinessProbe.enabled=true
##
customReadinessProbe: {}
## @param hidden.customStartupProbe Override default startup probe for MongoDB(&reg;) containers
## Ignored when hidden.startupProbe.enabled=true
##
customStartupProbe: {}
## @param hidden.initContainers Add init containers to the MongoDB(&reg;) Hidden pods.
## Example:
## initContainers:
@@ -1522,9 +1762,28 @@ hidden:
## See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#labelselector-v1-meta for more details
##
selector: {}
## @param hidden.persistence.volumeClaimTemplates.requests Custom PVC requests attributes
## Sometime cloud providers use additional requests attributes to provision custom storage instance
## See https://cloud.ibm.com/docs/containers?topic=containers-file_storage#file_dynamic_statefulset
##
requests: {}
## @param hidden.persistence.volumeClaimTemplates.dataSource Set volumeClaimTemplate dataSource
##
dataSource: {}
service:
## @param hidden.service.portName MongoDB(&reg;) service port name
##
portName: "mongodb"
## @param hidden.service.ports.mongodb MongoDB(&reg;) service port
##
ports:
mongodb: 27017
## @param hidden.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
##
extraPorts: []
## @param hidden.service.annotations Provide any additional annotations that may be required
##
annotations: {}
## @section Metrics parameters
##
@@ -1544,7 +1803,7 @@ metrics:
image:
registry: docker.io
repository: bitnami/mongodb-exporter
tag: 0.31.2-debian-10-r14
tag: 0.32.0-debian-10-r3
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
@@ -1565,10 +1824,6 @@ metrics:
## ref: https://github.com/percona/mongodb_exporter/blob/master/mongodb_exporter.go
##
extraFlags: ""
## @param metrics.extraUri Additional URI options of the metrics service
## ref: https://docs.mongodb.com/manual/reference/connection-string
##
extraUri: ""
## Metrics exporter container resource requests and limits
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
## We usually recommend not to specify default resources and to leave this as a conscious
@@ -1602,14 +1857,18 @@ metrics:
##
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "{{ .Values.metrics.service.port }}"
prometheus.io/port: "{{ .Values.metrics.service.ports.metrics }}"
prometheus.io/path: "/metrics"
## @param metrics.service.type Type of the Prometheus metrics service
##
type: ClusterIP
## @param metrics.service.port Port of the Prometheus metrics service
## @param metrics.service.ports.metrics Port of the Prometheus metrics service
##
port: 9216
ports:
metrics: 9216
## @param metrics.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
##
extraPorts: []
## Metrics exporter liveness probe
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
## @param metrics.livenessProbe.enabled Enable livenessProbe
@@ -1642,6 +1901,35 @@ metrics:
timeoutSeconds: 1
failureThreshold: 3
successThreshold: 1
## Slow starting containers can be protected through startup probes
## Startup probes are available in Kubernetes version 1.16 and above
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes
## @param metrics.startupProbe.enabled Enable startupProbe
## @param metrics.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
## @param metrics.startupProbe.periodSeconds Period seconds for startupProbe
## @param metrics.startupProbe.timeoutSeconds Timeout seconds for startupProbe
## @param metrics.startupProbe.failureThreshold Failure threshold for startupProbe
## @param metrics.startupProbe.successThreshold Success threshold for startupProbe
##
startupProbe:
enabled: false
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 30
## @param metrics.customLivenessProbe Override default liveness probe for MongoDB(&reg;) containers
## Ignored when livenessProbe.enabled=true
##
customLivenessProbe: {}
## @param metrics.customReadinessProbe Override default readiness probe for MongoDB(&reg;) containers
## Ignored when readinessProbe.enabled=true
##
customReadinessProbe: {}
## @param metrics.customStartupProbe Override default startup probe for MongoDB(&reg;) containers
## Ignored when startupProbe.enabled=true
##
customStartupProbe: {}
## Prometheus Service Monitor
## ref: https://github.com/coreos/prometheus-operator
## https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md
@@ -1661,16 +1949,26 @@ metrics:
## scrapeTimeout: 30s
##
scrapeTimeout: ""
## @param metrics.serviceMonitor.relabellings RelabelConfigs to apply to samples before scraping.
## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping.
##
relabellings: []
relabelings: []
## @param metrics.serviceMonitor.metricRelabelings MetricsRelabelConfigs to apply to samples before ingestion.
##
metricRelabelings: []
## @param metrics.serviceMonitor.additionalLabels Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with
## @param metrics.serviceMonitor.labels Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec
##
additionalLabels: {}
labels: {}
## @param metrics.serviceMonitor.selector Prometheus instance selector labels
## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration
##
selector: {}
## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint
##
honorLabels: false
## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus.
##
jobLabel: ""
## Custom PrometheusRule to be defined
## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions
##