From 2ce97aef28f916f1c2e36e8eb9938a5ad696a8dc Mon Sep 17 00:00:00 2001 From: Julio Pasinatto Date: Thu, 12 Sep 2024 10:04:15 -0300 Subject: [PATCH 01/13] K8SPSMDB-1153 - Update psmdb charts versions for 1.18.0 release --- charts/psmdb-db/Chart.yaml | 4 ++-- charts/psmdb-db/README.md | 4 ++-- charts/psmdb-db/values.yaml | 4 ++-- charts/psmdb-operator/Chart.yaml | 4 ++-- charts/psmdb-operator/README.md | 4 ++-- charts/psmdb-operator/values.yaml | 2 +- 6 files changed, 11 insertions(+), 11 deletions(-) diff --git a/charts/psmdb-db/Chart.yaml b/charts/psmdb-db/Chart.yaml index fd2c31e0..401ec1a3 100644 --- a/charts/psmdb-db/Chart.yaml +++ b/charts/psmdb-db/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: "1.17.0" +appVersion: "1.18.0" description: A Helm chart for installing Percona Server MongoDB Cluster Databases using the PSMDB Operator. name: psmdb-db home: https://www.percona.com/doc/kubernetes-operator-for-psmongodb/index.html -version: 1.17.0 +version: 1.18.0 maintainers: - name: tplavcic email: tomislav.plavcic@percona.com diff --git a/charts/psmdb-db/README.md b/charts/psmdb-db/README.md index 1c725bba..fa077971 100644 --- a/charts/psmdb-db/README.md +++ b/charts/psmdb-db/README.md @@ -19,14 +19,14 @@ To install the chart with the `psmdb` release name using a dedicated namespace ( ```sh helm repo add percona https://percona.github.io/percona-helm-charts/ -helm install my-db percona/psmdb-db --version 1.17.0 --namespace my-namespace +helm install my-db percona/psmdb-db --version 1.18.0 --namespace my-namespace ``` The chart can be customized using the following configurable parameters: | Parameter | Description | Default | | --------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------- | -| `crVersion` | CR Cluster Manifest version | `1.17.0` | +| `crVersion` | CR Cluster Manifest version | `1.18.0` | | `pause` | Stop PSMDB Database safely | `false` | | `unmanaged` | Start cluster and don't manage it (cross cluster replication) | `false` | | `unsafeFlags.tls` | Allows users from configuring a cluster without TLS/SSL certificates | `false` | diff --git a/charts/psmdb-db/values.yaml b/charts/psmdb-db/values.yaml index 417d1922..b91e5240 100644 --- a/charts/psmdb-db/values.yaml +++ b/charts/psmdb-db/values.yaml @@ -18,7 +18,7 @@ finalizers: nameOverride: "" fullnameOverride: "" -crVersion: 1.17.0 +crVersion: 1.18.0 pause: false unmanaged: false unsafeFlags: @@ -52,7 +52,7 @@ imagePullPolicy: Always # imagePullSecrets: [] # initImage: # repository: percona/percona-server-mongodb-operator -# tag: 1.17.0 +# tag: 1.18.0 # initContainerSecurityContext: {} # tls: # mode: preferTLS diff --git a/charts/psmdb-operator/Chart.yaml b/charts/psmdb-operator/Chart.yaml index ff2ba8c8..fe55dae6 100644 --- a/charts/psmdb-operator/Chart.yaml +++ b/charts/psmdb-operator/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: "1.17.0" +appVersion: "1.18.0" description: A Helm chart for deploying the Percona Operator for MongoDB name: psmdb-operator home: https://docs.percona.com/percona-operator-for-mongodb/ -version: 1.17.0 +version: 1.18.0 maintainers: - name: tplavcic email: tomislav.plavcic@percona.com diff --git a/charts/psmdb-operator/README.md b/charts/psmdb-operator/README.md index a3094686..db1bc16d 100644 --- a/charts/psmdb-operator/README.md +++ b/charts/psmdb-operator/README.md @@ -19,7 +19,7 @@ To install the chart with the `psmdb` release name using a dedicated namespace ( ```sh helm repo add percona https://percona.github.io/percona-helm-charts/ -helm install my-operator percona/psmdb-operator --version 1.17.0 --namespace my-namespace +helm install my-operator percona/psmdb-operator --version 1.18.0 --namespace my-namespace ``` The chart can be customized using the following configurable parameters: @@ -27,7 +27,7 @@ The chart can be customized using the following configurable parameters: | Parameter | Description | Default | | ---------------------------- | --------------------------------------------------------------------------------------------------- | ----------------------------------------- | | `image.repository` | PSMDB Operator Container image name | `percona/percona-server-mongodb-operator` | -| `image.tag` | PSMDB Operator Container image tag | `1.17.0` | +| `image.tag` | PSMDB Operator Container image tag | `1.18.0` | | `image.pullPolicy` | PSMDB Operator Container pull policy | `Always` | | `image.pullSecrets` | PSMDB Operator Pod pull secret | `[]` | | `replicaCount` | PSMDB Operator Pod quantity | `1` | diff --git a/charts/psmdb-operator/values.yaml b/charts/psmdb-operator/values.yaml index 5c9a00fb..e954e8f2 100644 --- a/charts/psmdb-operator/values.yaml +++ b/charts/psmdb-operator/values.yaml @@ -6,7 +6,7 @@ replicaCount: 1 image: repository: percona/percona-server-mongodb-operator - tag: 1.17.0 + tag: 1.18.0 pullPolicy: IfNotPresent # disableTelemetry: according to From 4d391b456a6ea6704041406b5330b0b323eb7ebf Mon Sep 17 00:00:00 2001 From: Andrii Dema Date: Fri, 13 Sep 2024 00:04:50 +0300 Subject: [PATCH 02/13] K8SPSMDB-1132: add `spec.secrets.keyFile` field https://perconadev.atlassian.net/browse/K8SPSMDB-1132 --- charts/psmdb-db/README.md | 12 ++++++++---- charts/psmdb-db/values.yaml | 1 + charts/psmdb-operator/crds/crd.yaml | 2 ++ 3 files changed, 11 insertions(+), 4 deletions(-) diff --git a/charts/psmdb-db/README.md b/charts/psmdb-db/README.md index fa077971..e0edb781 100644 --- a/charts/psmdb-db/README.md +++ b/charts/psmdb-db/README.md @@ -3,18 +3,22 @@ This chart deploys Percona Server for MongoDB Cluster on Kubernetes controlled by Percona Operator for MongoDB. Useful links: + - [Operator Github repository](https://github.com/percona/percona-server-mongodb-operator) - [Operator Documentation](https://www.percona.com/doc/kubernetes-operator-for-psmongodb/index.html) ## Pre-requisites -* Percona Operator for MongoDB running in your Kubernetes cluster. See installation details [here](https://github.com/percona/percona-helm-charts/blob/main/charts/psmdb-operator) or in the [Operator Documentation](https://www.percona.com/doc/kubernetes-operator-for-psmongodb/helm.html). -* Kubernetes 1.27+ -* Helm v3 + +- Percona Operator for MongoDB running in your Kubernetes cluster. See installation details [here](https://github.com/percona/percona-helm-charts/blob/main/charts/psmdb-operator) or in the [Operator Documentation](https://www.percona.com/doc/kubernetes-operator-for-psmongodb/helm.html). +- Kubernetes 1.27+ +- Helm v3 # Chart Details + This chart will deploy Percona Server for MongoDB Cluster in Kubernetes. It will create a Custom Resource, and the Operator will trigger the creation of corresponding Kubernetes primitives: StatefulSets, Pods, Secrets, etc. ## Installing the Chart + To install the chart with the `psmdb` release name using a dedicated namespace (recommended): ```sh @@ -65,6 +69,7 @@ The chart can be customized using the following configurable parameters: | | | `secrets.users` | The name of the Secrets object for the MongoDB users required to run the operator | `""` | | `secrets.encryptionKey` | Set secret for data at rest encryption key | `""` | +| `secrets.keyFile` | Specifies a secret key file for authenticating MongoDB instances | `""` | | `secrets.vault` | Specifies a secret object to provide integration with HashiCorp Vault | `""` | | `secrets.ldapSecret` | Specifies a secret object for LDAP over TLS connection between MongoDB and OpenLDAP server | `""` | | `secrets.sse` | The name of the Secrets object for server side encryption credentials | `""` | @@ -261,7 +266,6 @@ The chart can be customized using the following configurable parameters: | `backup.tasks` | Backup working schedule | `{}` | | `systemUsers` | PSMDB operator system users | `{}` | - Specify parameters using `--set key=value[,key=value]` argument to `helm install` Notice that you can use multiple replica sets only with sharding enabled. diff --git a/charts/psmdb-db/values.yaml b/charts/psmdb-db/values.yaml index b91e5240..5a7562e5 100644 --- a/charts/psmdb-db/values.yaml +++ b/charts/psmdb-db/values.yaml @@ -68,6 +68,7 @@ secrets: {} # If not set the operator generates the default secret with name -secrets # users: my-cluster-name-secrets # encryptionKey: my-cluster-name-mongodb-encryption-key + # keyFile: my-cluster-name-mongodb-keyfile # vault: my-cluster-name-vault # ldapSecret: my-ldap-secret # sse: my-cluster-name-sse diff --git a/charts/psmdb-operator/crds/crd.yaml b/charts/psmdb-operator/crds/crd.yaml index 6c2ee036..2168bc07 100644 --- a/charts/psmdb-operator/crds/crd.yaml +++ b/charts/psmdb-operator/crds/crd.yaml @@ -8860,6 +8860,8 @@ spec: properties: encryptionKey: type: string + keyFile: + type: string ldapSecret: type: string sse: From 2880d981604effa74eec69cd1978e5e1ff748dc2 Mon Sep 17 00:00:00 2001 From: Andrii Dema Date: Fri, 13 Sep 2024 00:52:54 +0300 Subject: [PATCH 03/13] K8SPSMDB-739: standardize `expose` sections https://perconadev.atlassian.net/browse/K8SPSMDB-739 --- charts/psmdb-db/README.md | 38 ++++++++++++------- charts/psmdb-db/templates/cluster.yaml | 51 +++++++++++++++----------- charts/psmdb-db/values.yaml | 29 ++++++++++----- charts/psmdb-operator/crds/crd.yaml | 48 ++++++++++++++++++++++++ 4 files changed, 122 insertions(+), 44 deletions(-) diff --git a/charts/psmdb-db/README.md b/charts/psmdb-db/README.md index fa077971..654a32f2 100644 --- a/charts/psmdb-db/README.md +++ b/charts/psmdb-db/README.md @@ -3,18 +3,22 @@ This chart deploys Percona Server for MongoDB Cluster on Kubernetes controlled by Percona Operator for MongoDB. Useful links: + - [Operator Github repository](https://github.com/percona/percona-server-mongodb-operator) - [Operator Documentation](https://www.percona.com/doc/kubernetes-operator-for-psmongodb/index.html) ## Pre-requisites -* Percona Operator for MongoDB running in your Kubernetes cluster. See installation details [here](https://github.com/percona/percona-helm-charts/blob/main/charts/psmdb-operator) or in the [Operator Documentation](https://www.percona.com/doc/kubernetes-operator-for-psmongodb/helm.html). -* Kubernetes 1.27+ -* Helm v3 + +- Percona Operator for MongoDB running in your Kubernetes cluster. See installation details [here](https://github.com/percona/percona-helm-charts/blob/main/charts/psmdb-operator) or in the [Operator Documentation](https://www.percona.com/doc/kubernetes-operator-for-psmongodb/helm.html). +- Kubernetes 1.27+ +- Helm v3 # Chart Details + This chart will deploy Percona Server for MongoDB Cluster in Kubernetes. It will create a Custom Resource, and the Operator will trigger the creation of corresponding Kubernetes primitives: StatefulSets, Pods, Secrets, etc. ## Installing the Chart + To install the chart with the `psmdb` release name using a dedicated namespace (recommended): ```sh @@ -103,10 +107,13 @@ The chart can be customized using the following configurable parameters: | `replsets.rs0.podDisruptionBudget.maxUnavailable` | ReplicaSet failed Pods maximum quantity | `1` | | `replsets.rs0.splitHorizons` | External URI for Split-horizon for replica set Pods of the exposed cluster | `{}` | | `replsets.rs0.expose.enabled` | Allow access to replicaSet from outside of Kubernetes | `false` | -| `replsets.rs0.expose.exposeType` | Network service access point type | `ClusterIP` | +| `replsets.rs0.expose.type` | Network service access point type | `ClusterIP` | +| `replsets.rs0.expose.loadBalancerIP` | Set client IP to Load Balancer | `""` | | `replsets.rs0.expose.loadBalancerSourceRanges` | Limit client IP's access to Load Balancer | `{}` | -| `replsets.rs0.expose.serviceAnnotations` | ReplicaSet service annotations | `{}` | -| `replsets.rs0.expose.serviceLabels` | ReplicaSet service labels | `{}` | +| `replsets.rs0.expose.annotations` | ReplicaSet service annotations | `{}` | +| `replsets.rs0.expose.labels` | ReplicaSet service labels | `{}` | +| `replsets.rs0.expose.internalTrafficPolicy` | ReplicaSet service internal traffic policy | `Local` | +| `replsets.rs0.expose.externalTrafficPolicy` | ReplicaSet service external traffic policy | `Local` | | `replsets.rs0.schedulerName` | ReplicaSet Pod schedulerName | `""` | | `replsets.rs0.resources` | ReplicaSet Pods resource requests and limits | `{}` | | `replsets.rs0.volumeSpec` | ReplicaSet Pods storage resources | `{}` | @@ -184,10 +191,13 @@ The chart can be customized using the following configurable parameters: | `sharding.configrs.sidecarPVCs` | Config ReplicaSet Pod sidecar PVCs | `[]` | | `sharding.configrs.podDisruptionBudget.maxUnavailable` | Config ReplicaSet failed Pods maximum quantity | `1` | | `sharding.configrs.expose.enabled` | Allow access to cfg replica from outside of Kubernetes | `false` | -| `sharding.configrs.expose.exposeType` | Network service access point type | `ClusterIP` | +| `sharding.configrs.expose.type` | Network service access point type | `ClusterIP` | +| `sharding.configrs.expose.loadBalancerIP` | Set client IP to Load Balancer | `""` | | `sharding.configrs.expose.loadBalancerSourceRanges` | Limit client IP's access to Load Balancer | `{}` | -| `sharding.configrs.expose.serviceAnnotations` | Config ReplicaSet service annotations | `{}` | -| `sharding.configrs.expose.serviceLabels` | Config ReplicaSet service labels | `{}` | +| `sharding.configrs.expose.annotations` | Config ReplicaSet service annotations | `{}` | +| `sharding.configrs.expose.labels` | Config ReplicaSet service labels | `{}` | +| `sharding.configrs.expose.internalTrafficPolicy` | Config ReplicaSet service internal traffic policy | `Local` | +| `sharding.configrs.expose.externalTrafficPolicy` | Config ReplicaSet service external traffic policy | `Local` | | `sharding.configrs.resources.limits.cpu` | Config ReplicaSet resource limits CPU | `300m` | | `sharding.configrs.resources.limits.memory` | Config ReplicaSet resource limits memory | `0.5G` | | `sharding.configrs.resources.requests.cpu` | Config ReplicaSet resource requests CPU | `300m` | @@ -228,11 +238,14 @@ The chart can be customized using the following configurable parameters: | `sharding.mongos.resources.limits.memory` | Mongos Pods resource limits memory | `0.5G` | | `sharding.mongos.resources.requests.cpu` | Mongos Pods resource requests CPU | `300m` | | `sharding.mongos.resources.requests.memory` | Mongos Pods resource requests memory | `0.5G` | -| `sharding.mongos.expose.exposeType` | Mongos service exposeType | `ClusterIP` | +| `sharding.mongos.expose.type` | Mongos service type | `ClusterIP` | +| `sharding.mongos.expose.loadBalancerIP` | Set client IP to Load Balancer | `""` | | `sharding.mongos.expose.servicePerPod` | Create a separate ClusterIP Service for each mongos instance | `false` | | `sharding.mongos.expose.loadBalancerSourceRanges` | Limit client IP's access to Load Balancer | `{}` | -| `sharding.mongos.expose.serviceAnnotations` | Mongos service annotations | `{}` | -| `sharding.mongos.expose.serviceLabels` | Mongos service labels | `{}` | +| `sharding.mongos.expose.annotations` | Mongos service annotations | `{}` | +| `sharding.mongos.expose.labels` | Mongos service labels | `{}` | +| `sharding.mongos.expose.internalTrafficPolicy` | Mongos service internal traffic policy | `Local` | +| `sharding.mongos.expose.externalTrafficPolicy` | Mongos service external traffic policy | `Local` | | `sharding.mongos.expose.nodePort` | Custom port if exposing mongos via NodePort | `""` | | `sharding.mongos.hostAliases` | The IP address for Kubernetes host aliases | `[]` | | | @@ -261,7 +274,6 @@ The chart can be customized using the following configurable parameters: | `backup.tasks` | Backup working schedule | `{}` | | `systemUsers` | PSMDB operator system users | `{}` | - Specify parameters using `--set key=value[,key=value]` argument to `helm install` Notice that you can use multiple replica sets only with sharding enabled. diff --git a/charts/psmdb-db/templates/cluster.yaml b/charts/psmdb-db/templates/cluster.yaml index 6e188861..57942d0a 100644 --- a/charts/psmdb-db/templates/cluster.yaml +++ b/charts/psmdb-db/templates/cluster.yaml @@ -181,19 +181,22 @@ spec: {{- if $replset.expose }} expose: enabled: {{ $replset.expose.enabled }} - exposeType: {{ $replset.expose.exposeType }} + type: {{ $replset.expose.type }} + loadBalancerIP: {{ $replset.expose.loadBalancerIP }} {{- if $replset.expose.loadBalancerSourceRanges }} loadBalancerSourceRanges: {{ $replset.expose.loadBalancerSourceRanges | toYaml | indent 8 }} {{- end }} - {{- if $replset.expose.serviceAnnotations }} - serviceAnnotations: -{{ $replset.expose.serviceAnnotations | toYaml | indent 8 }} + {{- if $replset.expose.annotations }} + annotations: +{{ $replset.expose.annotations | toYaml | indent 8 }} {{- end }} - {{- if $replset.expose.serviceLabels }} - serviceLabels: -{{ $replset.expose.serviceLabels | toYaml | indent 8 }} + {{- if $replset.expose.labels }} + labels: +{{ $replset.expose.labels | toYaml | indent 8 }} {{- end }} + internalTrafficPolicy: {{ $replset.expose.internalTrafficPolicy }} + externalTrafficPolicy: {{ $replset.expose.externalTrafficPolicy }} {{- end }} {{- if $replset.schedulerName }} schedulerName: {{ $replset.schedulerName }} @@ -420,19 +423,22 @@ spec: {{- if .Values.sharding.configrs.expose }} expose: enabled: {{ .Values.sharding.configrs.expose.enabled }} - exposeType: {{ .Values.sharding.configrs.expose.exposeType }} + type: {{ .Values.sharding.configrs.expose.type }} + loadBalancerIP: {{ .Values.sharding.configrs.expose.loadBalancerIP }} {{- if .Values.sharding.configrs.expose.loadBalancerSourceRanges }} loadBalancerSourceRanges: {{ .Values.sharding.configrs.expose.loadBalancerSourceRanges | toYaml | indent 10 }} {{- end }} - {{- if .Values.sharding.configrs.expose.serviceAnnotations }} - serviceAnnotations: -{{ .Values.sharding.configrs.expose.serviceAnnotations | toYaml | indent 10 }} + {{- if .Values.sharding.configrs.expose.annotations }} + annotations: +{{ .Values.sharding.configrs.expose.annotations | toYaml | indent 10 }} {{- end }} - {{- if .Values.sharding.configrs.expose.serviceLabels }} - serviceLabels: -{{ .Values.sharding.configrs.expose.serviceLabels | toYaml | indent 10 }} + {{- if .Values.sharding.configrs.expose.labels }} + labels: +{{ .Values.sharding.configrs.expose.labels | toYaml | indent 10 }} {{- end }} + internalTrafficPolicy: {{ .Values.sharding.configrs.expose.internalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.sharding.configrs.expose.externalTrafficPolicy }} {{- end }} resources: limits: @@ -545,7 +551,8 @@ spec: cpu: {{ .Values.sharding.mongos.resources.requests.cpu }} memory: {{ .Values.sharding.mongos.resources.requests.memory }} expose: - exposeType: {{ .Values.sharding.mongos.expose.exposeType }} + type: {{ .Values.sharding.mongos.expose.type }} + loadBalancerIP: {{ .Values.sharding.mongos.expose.loadBalancerIP }} {{- if .Values.sharding.mongos.expose.servicePerPod }} servicePerPod: {{ .Values.sharding.mongos.expose.servicePerPod }} {{- end }} @@ -553,14 +560,16 @@ spec: loadBalancerSourceRanges: {{ .Values.sharding.mongos.expose.loadBalancerSourceRanges | toYaml | indent 10 }} {{- end }} - {{- if .Values.sharding.mongos.expose.serviceAnnotations }} - serviceAnnotations: -{{ .Values.sharding.mongos.expose.serviceAnnotations | toYaml | indent 10 }} + {{- if .Values.sharding.mongos.expose.annotations }} + annotations: +{{ .Values.sharding.mongos.expose.annotations | toYaml | indent 10 }} {{- end }} - {{- if .Values.sharding.mongos.expose.serviceLabels }} - serviceLabels: -{{ .Values.sharding.mongos.expose.serviceLabels | toYaml | indent 10 }} + {{- if .Values.sharding.mongos.expose.labels }} + labels: +{{ .Values.sharding.mongos.expose.labels | toYaml | indent 10 }} {{- end }} + internalTrafficPolicy: {{ .Values.sharding.mongos.expose.internalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.sharding.mongos.expose.externalTrafficPolicy }} {{- if .Values.sharding.mongos.expose.nodePort }} nodePort: {{ .Values.sharding.mongos.expose.nodePort }} {{- end }} diff --git a/charts/psmdb-db/values.yaml b/charts/psmdb-db/values.yaml index b91e5240..16f15a43 100644 --- a/charts/psmdb-db/values.yaml +++ b/charts/psmdb-db/values.yaml @@ -196,13 +196,16 @@ replsets: # external-2: rs0-2.mycluster2.xyz expose: enabled: false - exposeType: ClusterIP + type: ClusterIP + # loadBalancerIP: 10.0.0.0 # loadBalancerSourceRanges: # - 10.0.0.0/8 - # serviceAnnotations: + # annotations: # service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http - # serviceLabels: + # labels: # some-label: some-key + # internalTrafficPolicy: Local + # externalTrafficPolicy: Local # schedulerName: "" resources: limits: @@ -369,13 +372,16 @@ sharding: maxUnavailable: 1 expose: enabled: false - exposeType: ClusterIP + type: ClusterIP + # loadBalancerIP: 10.0.0.0 # loadBalancerSourceRanges: # - 10.0.0.0/8 - # serviceAnnotations: + # annotations: # service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http - # serviceLabels: + # labels: # some-label: some-key + # internalTrafficPolicy: Local + # externalTrafficPolicy: Local resources: limits: cpu: "300m" @@ -460,14 +466,17 @@ sharding: cpu: "300m" memory: "0.5G" expose: - exposeType: ClusterIP - # servicePerPod: true + enabled: false + type: ClusterIP + # loadBalancerIP: 10.0.0.0/8 # loadBalancerSourceRanges: # - 10.0.0.0/8 - # serviceAnnotations: + # annotations: # service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http - # serviceLabels: + # labels: # some-label: some-key + # internalTrafficPolicy: Local + # externalTrafficPolicy: Local # nodePort: 32017 # auditLog: # destination: file diff --git a/charts/psmdb-operator/crds/crd.yaml b/charts/psmdb-operator/crds/crd.yaml index 6c2ee036..515934c6 100644 --- a/charts/psmdb-operator/crds/crd.yaml +++ b/charts/psmdb-operator/crds/crd.yaml @@ -4019,10 +4019,24 @@ spec: type: object expose: properties: + annotations: + additionalProperties: + type: string + type: object enabled: type: boolean exposeType: type: string + externalTrafficPolicy: + type: string + internalTrafficPolicy: + type: string + labels: + additionalProperties: + type: string + type: object + loadBalancerIP: + type: string loadBalancerSourceRanges: items: type: string @@ -4038,6 +4052,8 @@ spec: additionalProperties: type: string type: object + type: + type: string required: - enabled type: object @@ -11605,10 +11621,24 @@ spec: type: object expose: properties: + annotations: + additionalProperties: + type: string + type: object enabled: type: boolean exposeType: type: string + externalTrafficPolicy: + type: string + internalTrafficPolicy: + type: string + labels: + additionalProperties: + type: string + type: object + loadBalancerIP: + type: string loadBalancerSourceRanges: items: type: string @@ -11624,6 +11654,8 @@ spec: additionalProperties: type: string type: object + type: + type: string required: - enabled type: object @@ -16967,8 +16999,22 @@ spec: type: object expose: properties: + annotations: + additionalProperties: + type: string + type: object exposeType: type: string + externalTrafficPolicy: + type: string + internalTrafficPolicy: + type: string + labels: + additionalProperties: + type: string + type: object + loadBalancerIP: + type: string loadBalancerSourceRanges: items: type: string @@ -16986,6 +17032,8 @@ spec: type: object servicePerPod: type: boolean + type: + type: string type: object hostAliases: items: From 7862977409993f6cf825b56531769f98e24edee8 Mon Sep 17 00:00:00 2001 From: Inel Pandzic Date: Wed, 18 Sep 2024 17:32:53 +0200 Subject: [PATCH 04/13] Add spec.roles --- charts/psmdb-db/README.md | 10 ++++++++ charts/psmdb-db/templates/cluster.yaml | 5 ++++ charts/psmdb-db/values.yaml | 34 ++++++++++++++++++++++++++ 3 files changed, 49 insertions(+) diff --git a/charts/psmdb-db/README.md b/charts/psmdb-db/README.md index fa077971..e577511e 100644 --- a/charts/psmdb-db/README.md +++ b/charts/psmdb-db/README.md @@ -243,6 +243,16 @@ The chart can be customized using the following configurable parameters: | `users.roles.role.name` | Name of the MongoDB role assigned to the user. As [built-in roles](https://www.mongodb.com/docs/manual/reference/built-in-roles/#built-in-roles), so [custom roles](https://github.com/mongodb/mongodb-kubernetes-operator/blob/master/docs/deploy-configure.md#define-a-custom-database-role) are supported | `""` | | `users.roles.role.db` | Database that the MongoDB role applies to | `""` | | | +| `roles.role` | Name of the custom role. | `""` | +| `roles.db` | Database in which you want to store the user-defined role. | `"admin"` | +| `roles.authenticationRestrictions.clientSource` | Array of IP addresses or CIDR blocks from which users assigned this role can connect.MongoDB servers reject connection requests from users with this role if the requests come from a client that is not present in this array. | `""` | +| `roles.authenticationRestrictions.serverAddress` | Array of IP addresses or CIDR blocks to which users assigned this role can connect.MongoDB servers reject connection requests from users with this role if the client requests to connect to a server that is not present in this array. | `""` | +| `roles.privileges.actions` | Name of the role. Valid values are built-in roles. | `[]` | +| `spec.roles.privileges.resource.db` | Database for which the privilege `spec.security.roles.privileges.actions` apply. An empty string ("") indicates that the privilege actions apply to all databases. | `""` | +| `spec.roles.privileges.resource.collection` | Collection for which the privilege `spec.security.roles.privileges.actions` apply. An empty string ("") indicates that the privilege actions apply to all of the database's collections. | `""` | +| `spec.roles.privileges.resource.cluster` | Flag that indicates that the privilege `spec.security.roles.privileges.actions` apply to all databases and collections in the MongoDB deployment. If omitted, defaults to false.If set to true, do not provide values for `spec.security.roles.privileges.resource.database` and `spec.security.roles.privileges.resource.collection`. | `""` | +| `spec.roles.roles.role` | Name of the role to inherit from. | `""` | +| `spec.roles.roles.db` | Name of database that contains the role to inherit from. | `""` | | `backup.enabled` | Enable backup PBM agent | `true` | | `backup.annotations` | Backup job annotations | `{}` | | `backup.podSecurityContext` | Set the security context for a Pod | `{}` | diff --git a/charts/psmdb-db/templates/cluster.yaml b/charts/psmdb-db/templates/cluster.yaml index 6e188861..9440ec58 100644 --- a/charts/psmdb-db/templates/cluster.yaml +++ b/charts/psmdb-db/templates/cluster.yaml @@ -578,6 +578,11 @@ spec: {{ .Values.users | toYaml | indent 2 }} {{- end }} + {{- if .Values.roles }} + roles: +{{ .Values.roles | toYaml | indent 2 }} + {{- end }} + backup: enabled: {{ .Values.backup.enabled }} {{- if .Values.backup.annotations }} diff --git a/charts/psmdb-db/values.yaml b/charts/psmdb-db/values.yaml index b91e5240..3dec02a2 100644 --- a/charts/psmdb-db/values.yaml +++ b/charts/psmdb-db/values.yaml @@ -499,6 +499,40 @@ sharding: # - name: dbOwner # db: sometest +# roles: +# - role: myClusterwideAdmin +# db: admin +# privileges: +# - resource: +# cluster: true +# actions: +# - addShard +# - resource: +# db: config +# collection: '' +# actions: +# - find +# - update +# - insert +# - remove +# roles: +# - role: read +# db: admin +# - role: my-role +# db: myDb +# privileges: +# - resource: +# db: '' +# collection: '' +# actions: +# - find +# authenticationRestrictions: +# - clientSource: +# - 127.0.0.1 +# serverAddress: +# - 127.0.0.1 + + backup: enabled: true image: From fe5bb1ea3db9a87f96195621ef863d19ee531fc4 Mon Sep 17 00:00:00 2001 From: Andrii Dema Date: Thu, 19 Sep 2024 14:49:39 +0300 Subject: [PATCH 05/13] K8SPSMDB-1160: disable pvc resizing by default https://perconadev.atlassian.net/browse/K8SPSMDB-1160 --- charts/psmdb-db/templates/cluster.yaml | 1 + charts/psmdb-db/values.yaml | 2 ++ charts/psmdb-operator/crds/crd.yaml | 2 ++ 3 files changed, 5 insertions(+) diff --git a/charts/psmdb-db/templates/cluster.yaml b/charts/psmdb-db/templates/cluster.yaml index 6e188861..98b7be12 100644 --- a/charts/psmdb-db/templates/cluster.yaml +++ b/charts/psmdb-db/templates/cluster.yaml @@ -18,6 +18,7 @@ spec: {{- if .Values.platform }} platform: {{ .Values.platform }} {{- end }} + expansionEnabled: {{ .Values.expansionEnabled }} {{- if .Values.clusterServiceDNSSuffix }} clusterServiceDNSSuffix: {{ .Values.clusterServiceDNSSuffix }} {{- end }} diff --git a/charts/psmdb-db/values.yaml b/charts/psmdb-db/values.yaml index b91e5240..3efcca17 100644 --- a/charts/psmdb-db/values.yaml +++ b/charts/psmdb-db/values.yaml @@ -28,6 +28,8 @@ unsafeFlags: terminationGracePeriod: false backupIfUnhealthy: false +expansionEnabled: false + annotations: {} # ignoreAnnotations: diff --git a/charts/psmdb-operator/crds/crd.yaml b/charts/psmdb-operator/crds/crd.yaml index 6c2ee036..b34ede96 100644 --- a/charts/psmdb-operator/crds/crd.yaml +++ b/charts/psmdb-operator/crds/crd.yaml @@ -1067,6 +1067,8 @@ spec: type: string crVersion: type: string + expansionEnabled: + type: boolean ignoreAnnotations: items: type: string From 53b93790b08dfb2b031a2f312200a6a246ebc393 Mon Sep 17 00:00:00 2001 From: Andrii Dema Date: Thu, 19 Sep 2024 17:41:50 +0300 Subject: [PATCH 06/13] change field name --- charts/psmdb-db/templates/cluster.yaml | 2 +- charts/psmdb-db/values.yaml | 2 +- charts/psmdb-operator/crds/crd.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/psmdb-db/templates/cluster.yaml b/charts/psmdb-db/templates/cluster.yaml index 98b7be12..2172bf63 100644 --- a/charts/psmdb-db/templates/cluster.yaml +++ b/charts/psmdb-db/templates/cluster.yaml @@ -18,7 +18,7 @@ spec: {{- if .Values.platform }} platform: {{ .Values.platform }} {{- end }} - expansionEnabled: {{ .Values.expansionEnabled }} + enableVolumeExpansion: {{ .Values.enableVolumeExpansion }} {{- if .Values.clusterServiceDNSSuffix }} clusterServiceDNSSuffix: {{ .Values.clusterServiceDNSSuffix }} {{- end }} diff --git a/charts/psmdb-db/values.yaml b/charts/psmdb-db/values.yaml index 3efcca17..28f6a1bb 100644 --- a/charts/psmdb-db/values.yaml +++ b/charts/psmdb-db/values.yaml @@ -28,7 +28,7 @@ unsafeFlags: terminationGracePeriod: false backupIfUnhealthy: false -expansionEnabled: false +enableVolumeExpansion: false annotations: {} diff --git a/charts/psmdb-operator/crds/crd.yaml b/charts/psmdb-operator/crds/crd.yaml index b34ede96..7a48e933 100644 --- a/charts/psmdb-operator/crds/crd.yaml +++ b/charts/psmdb-operator/crds/crd.yaml @@ -1067,7 +1067,7 @@ spec: type: string crVersion: type: string - expansionEnabled: + enableVolumeExpansion: type: boolean ignoreAnnotations: items: From c05006860ffec5f65f28945e17a8b60e0b4f866d Mon Sep 17 00:00:00 2001 From: Inel Pandzic Date: Tue, 24 Sep 2024 08:49:30 +0200 Subject: [PATCH 07/13] Fix readme and update crds. --- charts/psmdb-db/README.md | 10 +-- charts/psmdb-operator/crds/crd.yaml | 132 ++++++++++++++++++++++++++-- 2 files changed, 131 insertions(+), 11 deletions(-) diff --git a/charts/psmdb-db/README.md b/charts/psmdb-db/README.md index e577511e..86cdee30 100644 --- a/charts/psmdb-db/README.md +++ b/charts/psmdb-db/README.md @@ -248,11 +248,11 @@ The chart can be customized using the following configurable parameters: | `roles.authenticationRestrictions.clientSource` | Array of IP addresses or CIDR blocks from which users assigned this role can connect.MongoDB servers reject connection requests from users with this role if the requests come from a client that is not present in this array. | `""` | | `roles.authenticationRestrictions.serverAddress` | Array of IP addresses or CIDR blocks to which users assigned this role can connect.MongoDB servers reject connection requests from users with this role if the client requests to connect to a server that is not present in this array. | `""` | | `roles.privileges.actions` | Name of the role. Valid values are built-in roles. | `[]` | -| `spec.roles.privileges.resource.db` | Database for which the privilege `spec.security.roles.privileges.actions` apply. An empty string ("") indicates that the privilege actions apply to all databases. | `""` | -| `spec.roles.privileges.resource.collection` | Collection for which the privilege `spec.security.roles.privileges.actions` apply. An empty string ("") indicates that the privilege actions apply to all of the database's collections. | `""` | -| `spec.roles.privileges.resource.cluster` | Flag that indicates that the privilege `spec.security.roles.privileges.actions` apply to all databases and collections in the MongoDB deployment. If omitted, defaults to false.If set to true, do not provide values for `spec.security.roles.privileges.resource.database` and `spec.security.roles.privileges.resource.collection`. | `""` | -| `spec.roles.roles.role` | Name of the role to inherit from. | `""` | -| `spec.roles.roles.db` | Name of database that contains the role to inherit from. | `""` | +| `roles.privileges.resource.db` | Database for which the privilege `security.roles.privileges.actions` apply. An empty string ("") indicates that the privilege actions apply to all databases. | `""` | +| `roles.privileges.resource.collection` | Collection for which the privilege `security.roles.privileges.actions` apply. An empty string ("") indicates that the privilege actions apply to all of the database's collections. | `""` | +| `roles.privileges.resource.cluster` | Flag that indicates that the privilege `security.roles.privileges.actions` apply to all databases and collections in the MongoDB deployment. If omitted, defaults to false.If set to true, do not provide values for `security.roles.privileges.resource.database` and `security.roles.privileges.resource.collection`. | `""` | +| `roles.roles.role` | Name of the role to inherit from. | `""` | +| `roles.roles.db` | Name of database that contains the role to inherit from. | `""` | | `backup.enabled` | Enable backup PBM agent | `true` | | `backup.annotations` | Backup job annotations | `{}` | | `backup.podSecurityContext` | Set the security context for a Pod | `{}` | diff --git a/charts/psmdb-operator/crds/crd.yaml b/charts/psmdb-operator/crds/crd.yaml index 6c2ee036..6bc50308 100644 --- a/charts/psmdb-operator/crds/crd.yaml +++ b/charts/psmdb-operator/crds/crd.yaml @@ -327,6 +327,15 @@ spec: type: object replset: type: string + selective: + properties: + namespaces: + items: + type: string + type: array + withUsersAndRoles: + type: boolean + type: object storageName: type: string type: object @@ -1067,6 +1076,8 @@ spec: type: string crVersion: type: string + enableVolumeExpansion: + type: boolean ignoreAnnotations: items: type: string @@ -4019,10 +4030,24 @@ spec: type: object expose: properties: + annotations: + additionalProperties: + type: string + type: object enabled: type: boolean exposeType: type: string + externalTrafficPolicy: + type: string + internalTrafficPolicy: + type: string + labels: + additionalProperties: + type: string + type: object + loadBalancerIP: + type: string loadBalancerSourceRanges: items: type: string @@ -4038,6 +4063,8 @@ spec: additionalProperties: type: string type: object + type: + type: string required: - enabled type: object @@ -6879,6 +6906,10 @@ spec: type: string type: object type: object + primaryPreferTagSelector: + additionalProperties: + type: string + type: object priorityClassName: type: string readinessProbe: @@ -8854,6 +8885,64 @@ spec: - size type: object type: array + roles: + items: + properties: + authenticationRestrictions: + items: + properties: + clientSource: + items: + type: string + type: array + serverAddress: + items: + type: string + type: array + type: object + type: array + db: + type: string + privileges: + items: + properties: + actions: + items: + type: string + type: array + resource: + properties: + cluster: + type: boolean + collection: + type: string + db: + type: string + type: object + required: + - actions + type: object + type: array + role: + type: string + roles: + items: + properties: + db: + type: string + role: + type: string + required: + - db + - role + type: object + type: array + required: + - db + - privileges + - role + type: object + type: array schedulerName: type: string secrets: @@ -11605,10 +11694,24 @@ spec: type: object expose: properties: + annotations: + additionalProperties: + type: string + type: object enabled: type: boolean exposeType: type: string + externalTrafficPolicy: + type: string + internalTrafficPolicy: + type: string + labels: + additionalProperties: + type: string + type: object + loadBalancerIP: + type: string loadBalancerSourceRanges: items: type: string @@ -11624,6 +11727,8 @@ spec: additionalProperties: type: string type: object + type: + type: string required: - enabled type: object @@ -14465,6 +14570,10 @@ spec: type: string type: object type: object + primaryPreferTagSelector: + additionalProperties: + type: string + type: object priorityClassName: type: string readinessProbe: @@ -16967,8 +17076,22 @@ spec: type: object expose: properties: + annotations: + additionalProperties: + type: string + type: object exposeType: type: string + externalTrafficPolicy: + type: string + internalTrafficPolicy: + type: string + labels: + additionalProperties: + type: string + type: object + loadBalancerIP: + type: string loadBalancerSourceRanges: items: type: string @@ -16986,6 +17109,8 @@ spec: type: object servicePerPod: type: boolean + type: + type: string type: object hostAliases: items: @@ -19054,14 +19179,10 @@ spec: key: type: string name: - default: "" type: string - optional: - type: boolean required: - - key + - name type: object - x-kubernetes-map-type: atomic roles: items: properties: @@ -19075,7 +19196,6 @@ spec: type: object type: array required: - - db - name - passwordSecretRef - roles From e897865cb54f5a31c8c132a4a18a2af567350be3 Mon Sep 17 00:00:00 2001 From: Andrii Dema Date: Wed, 25 Sep 2024 16:16:52 +0300 Subject: [PATCH 08/13] update `README.md` --- charts/psmdb-db/README.md | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/charts/psmdb-db/README.md b/charts/psmdb-db/README.md index fa077971..3d50da93 100644 --- a/charts/psmdb-db/README.md +++ b/charts/psmdb-db/README.md @@ -3,18 +3,22 @@ This chart deploys Percona Server for MongoDB Cluster on Kubernetes controlled by Percona Operator for MongoDB. Useful links: + - [Operator Github repository](https://github.com/percona/percona-server-mongodb-operator) - [Operator Documentation](https://www.percona.com/doc/kubernetes-operator-for-psmongodb/index.html) ## Pre-requisites -* Percona Operator for MongoDB running in your Kubernetes cluster. See installation details [here](https://github.com/percona/percona-helm-charts/blob/main/charts/psmdb-operator) or in the [Operator Documentation](https://www.percona.com/doc/kubernetes-operator-for-psmongodb/helm.html). -* Kubernetes 1.27+ -* Helm v3 + +- Percona Operator for MongoDB running in your Kubernetes cluster. See installation details [here](https://github.com/percona/percona-helm-charts/blob/main/charts/psmdb-operator) or in the [Operator Documentation](https://www.percona.com/doc/kubernetes-operator-for-psmongodb/helm.html). +- Kubernetes 1.27+ +- Helm v3 # Chart Details + This chart will deploy Percona Server for MongoDB Cluster in Kubernetes. It will create a Custom Resource, and the Operator will trigger the creation of corresponding Kubernetes primitives: StatefulSets, Pods, Secrets, etc. ## Installing the Chart + To install the chart with the `psmdb` release name using a dedicated namespace (recommended): ```sh @@ -29,6 +33,7 @@ The chart can be customized using the following configurable parameters: | `crVersion` | CR Cluster Manifest version | `1.18.0` | | `pause` | Stop PSMDB Database safely | `false` | | `unmanaged` | Start cluster and don't manage it (cross cluster replication) | `false` | +| `enableVolumeExpansion` | Allows to resize `PersistentVolumeClaim`s by changing `.volumeSpec.persistentVolumeClaim.resources` field | `false` | | `unsafeFlags.tls` | Allows users from configuring a cluster without TLS/SSL certificates | `false` | | `unsafeFlags.replsetSize` | Allows users from configuring a cluster with unsafe parameters: starting it with less than 3 replica set instances or with an even number of replica set instances without additional arbiter | `false` | | `unsafeFlags.mongosSize` | Allows users from configuring a sharded cluster with less than 3 config server Pods or less than 2 mongos Pods | `false` | @@ -261,7 +266,6 @@ The chart can be customized using the following configurable parameters: | `backup.tasks` | Backup working schedule | `{}` | | `systemUsers` | PSMDB operator system users | `{}` | - Specify parameters using `--set key=value[,key=value]` argument to `helm install` Notice that you can use multiple replica sets only with sharding enabled. From fb7ed7c5d3da279312ff7742a0321b3b74dabedf Mon Sep 17 00:00:00 2001 From: Julio Pasinatto Date: Thu, 24 Oct 2024 19:38:45 -0300 Subject: [PATCH 09/13] K8SPSMDB-1113: add percona.com/delete-pitr-chunks finalizer --- charts/psmdb-db/README.md | 1 + charts/psmdb-db/values.yaml | 2 ++ 2 files changed, 3 insertions(+) diff --git a/charts/psmdb-db/README.md b/charts/psmdb-db/README.md index cf67adcf..f1fc0c62 100644 --- a/charts/psmdb-db/README.md +++ b/charts/psmdb-db/README.md @@ -53,6 +53,7 @@ The chart can be customized using the following configurable parameters: | `upgradeOptions.setFCV` | Set feature compatibility version on major upgrade | `false` | | `finalizers:percona.com/delete-psmdb-pvc` | Set this if you want to delete database persistent volumes on cluster deletion | `[]` | | `finalizers:percona.com/delete-psmdb-pods-in-order` | Set this if you want to delete PSMDB pods in order (primary last) | `[]` | +| `finalizers:percona.com/delete-pitr-chunks` | Set this if you want to delete all pitr chunks on cluster deletion | `[]` | | `image.repository` | PSMDB Container image repository | `percona/percona-server-mongodb` | | `image.tag` | PSMDB Container image tag | `7.0.12-7` | | `imagePullPolicy` | The policy used to update images | `Always` | diff --git a/charts/psmdb-db/values.yaml b/charts/psmdb-db/values.yaml index 38aaf02b..2efdec2b 100644 --- a/charts/psmdb-db/values.yaml +++ b/charts/psmdb-db/values.yaml @@ -14,6 +14,8 @@ finalizers: - percona.com/delete-psmdb-pods-in-order ## Set this if you want to delete database persistent volumes on cluster deletion # - percona.com/delete-psmdb-pvc +## Set this if you want to delete all pitr chunks on cluster deletion +# - percona.com/delete-pitr-chunks nameOverride: "" fullnameOverride: "" From 0691b2d35bd3d731ec6c0758a53246be3c47c7ca Mon Sep 17 00:00:00 2001 From: Julio Pasinatto Date: Wed, 13 Nov 2024 07:39:53 -0300 Subject: [PATCH 10/13] Update images for PSMDB 1.18.0 charts --- charts/psmdb-db/README.md | 48 ++--- charts/psmdb-db/values.yaml | 12 +- charts/psmdb-operator/README.md | 2 +- charts/psmdb-operator/crds/crd.yaml | 246 ++++++++++++++++++++-- charts/psmdb-operator/templates/role.yaml | 1 + 5 files changed, 262 insertions(+), 47 deletions(-) diff --git a/charts/psmdb-db/README.md b/charts/psmdb-db/README.md index d6978fe4..244af79c 100644 --- a/charts/psmdb-db/README.md +++ b/charts/psmdb-db/README.md @@ -10,7 +10,7 @@ Useful links: ## Pre-requisites - Percona Operator for MongoDB running in your Kubernetes cluster. See installation details [here](https://github.com/percona/percona-helm-charts/blob/main/charts/psmdb-operator) or in the [Operator Documentation](https://www.percona.com/doc/kubernetes-operator-for-psmongodb/helm.html). -- Kubernetes 1.27+ +- Kubernetes 1.28+ - Helm v3 # Chart Details @@ -55,7 +55,7 @@ The chart can be customized using the following configurable parameters: | `finalizers:percona.com/delete-psmdb-pods-in-order` | Set this if you want to delete PSMDB pods in order (primary last) | `[]` | | `finalizers:percona.com/delete-pitr-chunks` | Set this if you want to delete all pitr chunks on cluster deletion | `[]` | | `image.repository` | PSMDB Container image repository | `percona/percona-server-mongodb` | -| `image.tag` | PSMDB Container image tag | `7.0.12-7` | +| `image.tag` | PSMDB Container image tag | `7.0.14-8-multi` | | `imagePullPolicy` | The policy used to update images | `Always` | | `imagePullSecrets` | PSMDB Container pull secret | `[]` | | `initImage.repository` | Repository for custom init image | `""` | @@ -80,13 +80,12 @@ The chart can be customized using the following configurable parameters: | | | `pmm.enabled` | Enable integration with [Percona Monitoring and Management software](https://www.percona.com/blog/2020/07/23/using-percona-kubernetes-operators-with-percona-monitoring-and-management/) | `false` | | `pmm.image.repository` | PMM Container image repository | `percona/pmm-client` | -| `pmm.image.tag` | PMM Container image tag | `2.42.0` | +| `pmm.image.tag` | PMM Container image tag | `2.43.2` | | `pmm.serverHost` | PMM server related K8S service hostname | `monitoring-service` | | `pmm.containerSecurityContext` | Set the security context for PMM container | `{}` | -| `pmm.resources` | Set resources for PMM container | `{}` | -| `pmm.mongodParams` | PMM mongod params | `""` | -| | -| `pmm.mongosParams` | PMM mongos params | `""` | +| `pmm.resources` | Set resources for PMM container | `{}` | +| `pmm.mongodParams` | PMM mongod params | `""` | +| `pmm.mongosParams` | PMM mongos params | `""` | | | | `replsets.rs0.name` | ReplicaSet name | `rs0` | | `replsets.rs0.size` | ReplicaSet size (pod quantity) | `3` | @@ -256,30 +255,31 @@ The chart can be customized using the following configurable parameters: | `sharding.mongos.expose.nodePort` | Custom port if exposing mongos via NodePort | `""` | | `sharding.mongos.hostAliases` | The IP address for Kubernetes host aliases | `[]` | | | -| `users.name` | The username of the MongoDB application user | `""` | -| `users.db` | Database that the user authenticates against | `""` | -| `users.passwordSecretRef.name` | Name of the secret that contains the user's password | `""` | -| `users.passwordSecretRef.key` | Key in the secret that corresponds to the value of the user's password | `""` | -| `users.roles.role.name` | Name of the MongoDB role assigned to the user. As [built-in roles](https://www.mongodb.com/docs/manual/reference/built-in-roles/#built-in-roles), so [custom roles](https://github.com/mongodb/mongodb-kubernetes-operator/blob/master/docs/deploy-configure.md#define-a-custom-database-role) are supported | `""` | -| `users.roles.role.db` | Database that the MongoDB role applies to | `""` | +| `users.name` | The username of the MongoDB application user | `""` | +| `users.db` | Database that the user authenticates against | `""` | +| `users.passwordSecretRef.name` | Name of the secret that contains the user's password | `""` | +| `users.passwordSecretRef.key` | Key in the secret that corresponds to the value of the user's password | `""` | +| `users.roles.role.name` | Name of the MongoDB role assigned to the user. As [built-in roles](https://www.mongodb.com/docs/manual/reference/built-in-roles/#built-in-roles), so [custom roles](https://github.com/mongodb/mongodb-kubernetes-operator/blob/master/docs/deploy-configure.md#define-a-custom-database-role) are supported | `""` | +| `users.roles.role.db` | Database that the MongoDB role applies to | `""` | +| | +| `roles.role` | Name of the custom role. | `""` | +| `roles.db` | Database in which you want to store the user-defined role. | `admin` | +| `roles.authenticationRestrictions.clientSource` | Array of IP addresses or CIDR blocks from which users assigned this role can connect.MongoDB servers reject connection requests from users with this role if the requests come from a client that is not present in this array. | `""` | +| `roles.authenticationRestrictions.serverAddress` | Array of IP addresses or CIDR blocks to which users assigned this role can connect.MongoDB servers reject connection requests from users with this role if the client requests to connect to a server that is not present in this array. | `""` | +| `roles.privileges.actions` | Name of the role. Valid values are built-in roles. | `[]` | +| `roles.privileges.resource.db` | Database for which the privilege `security.roles.privileges.actions` apply. An empty string ("") indicates that the privilege actions apply to all databases. | `""` | +| `roles.privileges.resource.collection` | Collection for which the privilege `security.roles.privileges.actions` apply. An empty string ("") indicates that the privilege actions apply to all of the database's collections. | `""` | +| `roles.privileges.resource.cluster` | Flag that indicates that the privilege `security.roles.privileges.actions` apply to all databases and collections in the MongoDB deployment. If omitted, defaults to false.If set to true, do not provide values for `security.roles.privileges.resource.database` and `security.roles.privileges.resource.collection`. | `""` | +| `roles.roles.role` | Name of the role to inherit from. | `""` | +| `roles.roles.db` | Name of database that contains the role to inherit from. | `""` | | | -| `roles.role` | Name of the custom role. | `""` | -| `roles.db` | Database in which you want to store the user-defined role. | `"admin"` | -| `roles.authenticationRestrictions.clientSource` | Array of IP addresses or CIDR blocks from which users assigned this role can connect.MongoDB servers reject connection requests from users with this role if the requests come from a client that is not present in this array. | `""` | -| `roles.authenticationRestrictions.serverAddress` | Array of IP addresses or CIDR blocks to which users assigned this role can connect.MongoDB servers reject connection requests from users with this role if the client requests to connect to a server that is not present in this array. | `""` | -| `roles.privileges.actions` | Name of the role. Valid values are built-in roles. | `[]` | -| `roles.privileges.resource.db` | Database for which the privilege `security.roles.privileges.actions` apply. An empty string ("") indicates that the privilege actions apply to all databases. | `""` | -| `roles.privileges.resource.collection` | Collection for which the privilege `security.roles.privileges.actions` apply. An empty string ("") indicates that the privilege actions apply to all of the database's collections. | `""` | -| `roles.privileges.resource.cluster` | Flag that indicates that the privilege `security.roles.privileges.actions` apply to all databases and collections in the MongoDB deployment. If omitted, defaults to false.If set to true, do not provide values for `security.roles.privileges.resource.database` and `security.roles.privileges.resource.collection`. | `""` | -| `roles.roles.role` | Name of the role to inherit from. | `""` | -| `roles.roles.db` | Name of database that contains the role to inherit from. | `""` | | `backup.enabled` | Enable backup PBM agent | `true` | | `backup.annotations` | Backup job annotations | `{}` | | `backup.podSecurityContext` | Set the security context for a Pod | `{}` | | `backup.containerSecurityContext` | Set the security context for a Container | `{}` | | `backup.restartOnFailure` | Backup Pods restart policy | `true` | | `backup.image.repository` | PBM Container image repository | `percona/percona-backup-mongodb` | -| `backup.image.tag` | PBM Container image tag | `2.5.0` | +| `backup.image.tag` | PBM Container image tag | `2.7.0-multi` | | `backup.storages` | Local/remote backup storages settings | `{}` | | `backup.pitr.enabled` | Enable point in time recovery for backup | `false` | | `backup.pitr.oplogOnly` | Start collecting oplogs even if full logical backup doesn't exist | `false` | diff --git a/charts/psmdb-db/values.yaml b/charts/psmdb-db/values.yaml index 0b9ca52a..9e480b31 100644 --- a/charts/psmdb-db/values.yaml +++ b/charts/psmdb-db/values.yaml @@ -50,7 +50,7 @@ upgradeOptions: image: repository: percona/percona-server-mongodb - tag: 7.0.12-7 + tag: 7.0.14-8-multi imagePullPolicy: Always # imagePullSecrets: [] @@ -81,7 +81,7 @@ pmm: enabled: false image: repository: percona/pmm-client - tag: 2.42.0 + tag: 2.43.2 serverHost: monitoring-service # mongodParams: "" # mongosParams: "" @@ -499,7 +499,7 @@ sharding: # users: # - name: my-user # db: admin -# passwordSecretRef: +# passwordSecretRef: # name: my-user-password # key: my-user-password-key # roles: @@ -509,12 +509,12 @@ sharding: # db: admin # - name: my-usr # db: admin -# passwordSecretRef: +# passwordSecretRef: # name: my-user-pwd # key: my-user-pwd-key # roles: # - name: dbOwner -# db: sometest +# db: sometest # roles: # - role: myClusterwideAdmin @@ -554,7 +554,7 @@ backup: enabled: true image: repository: percona/percona-backup-mongodb - tag: 2.5.0 + tag: 2.7.0-multi # annotations: # iam.amazonaws.com/role: role-arn # podSecurityContext: {} diff --git a/charts/psmdb-operator/README.md b/charts/psmdb-operator/README.md index db1bc16d..1cd9b881 100644 --- a/charts/psmdb-operator/README.md +++ b/charts/psmdb-operator/README.md @@ -6,7 +6,7 @@ Useful links: - [Operator Documentation](https://www.percona.com/doc/kubernetes-operator-for-psmongodb/index.html) ## Pre-requisites -* Kubernetes 1.27+ +* Kubernetes 1.28+ * Helm v3 # Installation diff --git a/charts/psmdb-operator/crds/crd.yaml b/charts/psmdb-operator/crds/crd.yaml index eeb1f93d..89641ef5 100644 --- a/charts/psmdb-operator/crds/crd.yaml +++ b/charts/psmdb-operator/crds/crd.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.16.3 name: perconaservermongodbbackups.psmdb.percona.com spec: group: psmdb.percona.com @@ -179,7 +179,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.16.3 name: perconaservermongodbrestores.psmdb.percona.com spec: group: psmdb.percona.com @@ -366,7 +366,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.16.3 name: perconaservermongodbs.psmdb.percona.com spec: group: psmdb.percona.com @@ -910,6 +910,8 @@ spec: type: integer type: array x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + type: string sysctls: items: properties: @@ -942,6 +944,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -1275,6 +1279,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -2237,6 +2243,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -2457,10 +2465,12 @@ spec: diskURI: type: string fsType: + default: ext4 type: string kind: type: string readOnly: + default: false type: boolean required: - diskName @@ -2820,6 +2830,13 @@ spec: required: - path type: object + image: + properties: + pullPolicy: + type: string + reference: + type: string + type: object iscsi: properties: chapAuthDiscovery: @@ -2833,6 +2850,7 @@ spec: iqn: type: string iscsiInterface: + default: default type: string lun: format: int32 @@ -3081,6 +3099,7 @@ spec: image: type: string keyring: + default: /etc/ceph/keyring type: string monitors: items: @@ -3088,6 +3107,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd type: string readOnly: type: boolean @@ -3099,6 +3119,7 @@ spec: type: object x-kubernetes-map-type: atomic user: + default: admin type: string required: - image @@ -3107,6 +3128,7 @@ spec: scaleIO: properties: fsType: + default: xfs type: string gateway: type: string @@ -3124,6 +3146,7 @@ spec: sslEnabled: type: boolean storageMode: + default: ThinProvisioned type: string storagePool: type: string @@ -3451,6 +3474,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -3557,6 +3581,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -3638,6 +3663,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -3755,6 +3782,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -4046,15 +4074,10 @@ spec: additionalProperties: type: string type: object - loadBalancerIP: - type: string loadBalancerSourceRanges: items: type: string type: array - nodePort: - format: int32 - type: integer serviceAnnotations: additionalProperties: type: string @@ -4071,12 +4094,20 @@ spec: externalNodes: items: properties: + horizons: + additionalProperties: + type: string + type: object host: type: string port: type: integer priority: type: integer + tags: + additionalProperties: + type: string + type: object votes: type: integer required: @@ -4122,6 +4153,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -4740,6 +4772,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -4870,6 +4903,8 @@ spec: type: integer type: array x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + type: string sysctls: items: properties: @@ -4916,6 +4951,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -4984,6 +5020,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -5204,10 +5242,12 @@ spec: diskURI: type: string fsType: + default: ext4 type: string kind: type: string readOnly: + default: false type: boolean required: - diskName @@ -5567,6 +5607,13 @@ spec: required: - path type: object + image: + properties: + pullPolicy: + type: string + reference: + type: string + type: object iscsi: properties: chapAuthDiscovery: @@ -5580,6 +5627,7 @@ spec: iqn: type: string iscsiInterface: + default: default type: string lun: format: int32 @@ -5828,6 +5876,7 @@ spec: image: type: string keyring: + default: /etc/ceph/keyring type: string monitors: items: @@ -5835,6 +5884,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd type: string readOnly: type: boolean @@ -5846,6 +5896,7 @@ spec: type: object x-kubernetes-map-type: atomic user: + default: admin type: string required: - image @@ -5854,6 +5905,7 @@ spec: scaleIO: properties: fsType: + default: xfs type: string gateway: type: string @@ -5871,6 +5923,7 @@ spec: sslEnabled: type: boolean storageMode: + default: ThinProvisioned type: string storagePool: type: string @@ -6198,6 +6251,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -6304,6 +6358,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -6385,6 +6440,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -6502,6 +6559,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -6881,6 +6939,8 @@ spec: type: integer type: array x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + type: string sysctls: items: properties: @@ -6931,6 +6991,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -6992,6 +7053,21 @@ spec: format: int32 type: integer type: object + replsetOverrides: + additionalProperties: + properties: + horizons: + additionalProperties: + type: string + type: object + host: + type: string + tags: + additionalProperties: + type: string + type: object + type: object + type: object resources: properties: claims: @@ -6999,6 +7075,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -7219,10 +7297,12 @@ spec: diskURI: type: string fsType: + default: ext4 type: string kind: type: string readOnly: + default: false type: boolean required: - diskName @@ -7582,6 +7662,13 @@ spec: required: - path type: object + image: + properties: + pullPolicy: + type: string + reference: + type: string + type: object iscsi: properties: chapAuthDiscovery: @@ -7595,6 +7682,7 @@ spec: iqn: type: string iscsiInterface: + default: default type: string lun: format: int32 @@ -7843,6 +7931,7 @@ spec: image: type: string keyring: + default: /etc/ceph/keyring type: string monitors: items: @@ -7850,6 +7939,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd type: string readOnly: type: boolean @@ -7861,6 +7951,7 @@ spec: type: object x-kubernetes-map-type: atomic user: + default: admin type: string required: - image @@ -7869,6 +7960,7 @@ spec: scaleIO: properties: fsType: + default: xfs type: string gateway: type: string @@ -7886,6 +7978,7 @@ spec: sslEnabled: type: boolean storageMode: + default: ThinProvisioned type: string storagePool: type: string @@ -8213,6 +8306,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -8319,6 +8413,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -8400,6 +8495,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -8517,6 +8614,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -9903,6 +10001,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -10123,10 +10223,12 @@ spec: diskURI: type: string fsType: + default: ext4 type: string kind: type: string readOnly: + default: false type: boolean required: - diskName @@ -10486,6 +10588,13 @@ spec: required: - path type: object + image: + properties: + pullPolicy: + type: string + reference: + type: string + type: object iscsi: properties: chapAuthDiscovery: @@ -10499,6 +10608,7 @@ spec: iqn: type: string iscsiInterface: + default: default type: string lun: format: int32 @@ -10747,6 +10857,7 @@ spec: image: type: string keyring: + default: /etc/ceph/keyring type: string monitors: items: @@ -10754,6 +10865,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd type: string readOnly: type: boolean @@ -10765,6 +10877,7 @@ spec: type: object x-kubernetes-map-type: atomic user: + default: admin type: string required: - image @@ -10773,6 +10886,7 @@ spec: scaleIO: properties: fsType: + default: xfs type: string gateway: type: string @@ -10790,6 +10904,7 @@ spec: sslEnabled: type: boolean storageMode: + default: ThinProvisioned type: string storagePool: type: string @@ -11117,6 +11232,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -11223,6 +11339,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -11304,6 +11421,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -11421,6 +11540,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -11712,15 +11832,10 @@ spec: additionalProperties: type: string type: object - loadBalancerIP: - type: string loadBalancerSourceRanges: items: type: string type: array - nodePort: - format: int32 - type: integer serviceAnnotations: additionalProperties: type: string @@ -11737,12 +11852,20 @@ spec: externalNodes: items: properties: + horizons: + additionalProperties: + type: string + type: object host: type: string port: type: integer priority: type: integer + tags: + additionalProperties: + type: string + type: object votes: type: integer required: @@ -11788,6 +11911,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -12406,6 +12530,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -12536,6 +12661,8 @@ spec: type: integer type: array x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + type: string sysctls: items: properties: @@ -12582,6 +12709,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -12650,6 +12778,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -12870,10 +13000,12 @@ spec: diskURI: type: string fsType: + default: ext4 type: string kind: type: string readOnly: + default: false type: boolean required: - diskName @@ -13233,6 +13365,13 @@ spec: required: - path type: object + image: + properties: + pullPolicy: + type: string + reference: + type: string + type: object iscsi: properties: chapAuthDiscovery: @@ -13246,6 +13385,7 @@ spec: iqn: type: string iscsiInterface: + default: default type: string lun: format: int32 @@ -13494,6 +13634,7 @@ spec: image: type: string keyring: + default: /etc/ceph/keyring type: string monitors: items: @@ -13501,6 +13642,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd type: string readOnly: type: boolean @@ -13512,6 +13654,7 @@ spec: type: object x-kubernetes-map-type: atomic user: + default: admin type: string required: - image @@ -13520,6 +13663,7 @@ spec: scaleIO: properties: fsType: + default: xfs type: string gateway: type: string @@ -13537,6 +13681,7 @@ spec: sslEnabled: type: boolean storageMode: + default: ThinProvisioned type: string storagePool: type: string @@ -13864,6 +14009,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -13970,6 +14116,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -14051,6 +14198,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -14168,6 +14317,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -14547,6 +14697,8 @@ spec: type: integer type: array x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + type: string sysctls: items: properties: @@ -14597,6 +14749,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -14658,6 +14811,21 @@ spec: format: int32 type: integer type: object + replsetOverrides: + additionalProperties: + properties: + horizons: + additionalProperties: + type: string + type: object + host: + type: string + tags: + additionalProperties: + type: string + type: object + type: object + type: object resources: properties: claims: @@ -14665,6 +14833,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -14885,10 +15055,12 @@ spec: diskURI: type: string fsType: + default: ext4 type: string kind: type: string readOnly: + default: false type: boolean required: - diskName @@ -15248,6 +15420,13 @@ spec: required: - path type: object + image: + properties: + pullPolicy: + type: string + reference: + type: string + type: object iscsi: properties: chapAuthDiscovery: @@ -15261,6 +15440,7 @@ spec: iqn: type: string iscsiInterface: + default: default type: string lun: format: int32 @@ -15509,6 +15689,7 @@ spec: image: type: string keyring: + default: /etc/ceph/keyring type: string monitors: items: @@ -15516,6 +15697,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd type: string readOnly: type: boolean @@ -15527,6 +15709,7 @@ spec: type: object x-kubernetes-map-type: atomic user: + default: admin type: string required: - image @@ -15535,6 +15718,7 @@ spec: scaleIO: properties: fsType: + default: xfs type: string gateway: type: string @@ -15552,6 +15736,7 @@ spec: sslEnabled: type: boolean storageMode: + default: ThinProvisioned type: string storagePool: type: string @@ -15879,6 +16064,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -15985,6 +16171,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -16066,6 +16253,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -16183,6 +16372,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -17092,8 +17282,6 @@ spec: additionalProperties: type: string type: object - loadBalancerIP: - type: string loadBalancerSourceRanges: items: type: string @@ -17154,6 +17342,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -17284,6 +17473,8 @@ spec: type: integer type: array x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + type: string sysctls: items: properties: @@ -17333,6 +17524,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -17401,6 +17593,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -17626,10 +17820,12 @@ spec: diskURI: type: string fsType: + default: ext4 type: string kind: type: string readOnly: + default: false type: boolean required: - diskName @@ -17989,6 +18185,13 @@ spec: required: - path type: object + image: + properties: + pullPolicy: + type: string + reference: + type: string + type: object iscsi: properties: chapAuthDiscovery: @@ -18002,6 +18205,7 @@ spec: iqn: type: string iscsiInterface: + default: default type: string lun: format: int32 @@ -18250,6 +18454,7 @@ spec: image: type: string keyring: + default: /etc/ceph/keyring type: string monitors: items: @@ -18257,6 +18462,7 @@ spec: type: array x-kubernetes-list-type: atomic pool: + default: rbd type: string readOnly: type: boolean @@ -18268,6 +18474,7 @@ spec: type: object x-kubernetes-map-type: atomic user: + default: admin type: string required: - image @@ -18276,6 +18483,7 @@ spec: scaleIO: properties: fsType: + default: xfs type: string gateway: type: string @@ -18293,6 +18501,7 @@ spec: sslEnabled: type: boolean storageMode: + default: ThinProvisioned type: string storagePool: type: string @@ -18620,6 +18829,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -18726,6 +18936,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -18807,6 +19018,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -18924,6 +19137,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -19309,4 +19523,4 @@ spec: served: true storage: true subresources: - status: {} + status: {} \ No newline at end of file diff --git a/charts/psmdb-operator/templates/role.yaml b/charts/psmdb-operator/templates/role.yaml index 537c1e86..4d65e6a7 100644 --- a/charts/psmdb-operator/templates/role.yaml +++ b/charts/psmdb-operator/templates/role.yaml @@ -139,6 +139,7 @@ rules: resources: - issuers - certificates + - certificaterequests verbs: - get - list From b76a1ba614a336e20942a328ab51fc95cb14f882 Mon Sep 17 00:00:00 2001 From: Julio Pasinatto Date: Thu, 14 Nov 2024 09:11:12 -0300 Subject: [PATCH 11/13] Add replsetOverrides and primaryPreferTagSelector --- charts/psmdb-db/README.md | 341 +++++++++++++------------ charts/psmdb-db/templates/cluster.yaml | 26 ++ charts/psmdb-db/values.yaml | 16 ++ 3 files changed, 217 insertions(+), 166 deletions(-) diff --git a/charts/psmdb-db/README.md b/charts/psmdb-db/README.md index 244af79c..6b7671d2 100644 --- a/charts/psmdb-db/README.md +++ b/charts/psmdb-db/README.md @@ -87,173 +87,182 @@ The chart can be customized using the following configurable parameters: | `pmm.mongodParams` | PMM mongod params | `""` | | `pmm.mongosParams` | PMM mongos params | `""` | | | -| `replsets.rs0.name` | ReplicaSet name | `rs0` | -| `replsets.rs0.size` | ReplicaSet size (pod quantity) | `3` | -| `replsets.rs0.terminationGracePeriodSeconds` | The amount of seconds Kubernetes will wait for a clean replica set Pods termination | `""` | -| `replsets.rs0.externalNodes` | ReplicaSet external nodes (cross cluster replication) | `[]` | -| `replsets.rs0.configuration` | Custom config for mongod in replica set | `""` | -| `replsets.rs0.topologySpreadConstraints` | Control how Pods are spread across your cluster among failure-domains such as regions, zones, nodes, and other user-defined topology domains | `{}` | -| `replsets.rs0.serviceAccountName` | Run replicaset Containers under specified K8S SA | `""` | -| `replsets.rs0.affinity.antiAffinityTopologyKey` | ReplicaSet Pod affinity | `kubernetes.io/hostname` | -| `replsets.rs0.affinity.advanced` | ReplicaSet Pod advanced affinity | `{}` | -| `replsets.rs0.tolerations` | ReplicaSet Pod tolerations | `[]` | -| `replsets.rs0.priorityClass` | ReplicaSet Pod priorityClassName | `""` | -| `replsets.rs0.annotations` | ReplicaSet Pod annotations | `{}` | -| `replsets.rs0.labels` | ReplicaSet Pod labels | `{}` | -| `replsets.rs0.nodeSelector` | ReplicaSet Pod nodeSelector labels | `{}` | -| `replsets.rs0.livenessProbe` | ReplicaSet Pod livenessProbe structure | `{}` | -| `replsets.rs0.readinessProbe` | ReplicaSet Pod readinessProbe structure | `{}` | -| `replsets.rs0.storage` | Set cacheSizeRatio or other custom MongoDB storage options | `{}` | -| `replsets.rs0.podSecurityContext` | Set the security context for a Pod | `{}` | -| `replsets.rs0.containerSecurityContext` | Set the security context for a Container | `{}` | -| `replsets.rs0.runtimeClass` | ReplicaSet Pod runtimeClassName | `""` | -| `replsets.rs0.sidecars` | ReplicaSet Pod sidecars | `{}` | -| `replsets.rs0.sidecarVolumes` | ReplicaSet Pod sidecar volumes | `[]` | -| `replsets.rs0.sidecarPVCs` | ReplicaSet Pod sidecar PVCs | `[]` | -| `replsets.rs0.podDisruptionBudget.maxUnavailable` | ReplicaSet failed Pods maximum quantity | `1` | -| `replsets.rs0.splitHorizons` | External URI for Split-horizon for replica set Pods of the exposed cluster | `{}` | -| `replsets.rs0.expose.enabled` | Allow access to replicaSet from outside of Kubernetes | `false` | -| `replsets.rs0.expose.type` | Network service access point type | `ClusterIP` | -| `replsets.rs0.expose.loadBalancerIP` | Set client IP to Load Balancer | `""` | -| `replsets.rs0.expose.loadBalancerSourceRanges` | Limit client IP's access to Load Balancer | `{}` | -| `replsets.rs0.expose.annotations` | ReplicaSet service annotations | `{}` | -| `replsets.rs0.expose.labels` | ReplicaSet service labels | `{}` | -| `replsets.rs0.expose.internalTrafficPolicy` | ReplicaSet service internal traffic policy | `Local` | -| `replsets.rs0.expose.externalTrafficPolicy` | ReplicaSet service external traffic policy | `Local` | -| `replsets.rs0.schedulerName` | ReplicaSet Pod schedulerName | `""` | -| `replsets.rs0.resources` | ReplicaSet Pods resource requests and limits | `{}` | -| `replsets.rs0.volumeSpec` | ReplicaSet Pods storage resources | `{}` | -| `replsets.rs0.volumeSpec.emptyDir` | ReplicaSet Pods emptyDir K8S storage | `{}` | -| `replsets.rs0.volumeSpec.hostPath` | ReplicaSet Pods hostPath K8S storage | | -| `replsets.rs0.volumeSpec.hostPath.path` | ReplicaSet Pods hostPath K8S storage path | `""` | -| `replsets.rs0.volumeSpec.hostPath.type` | Type for hostPath volume | `Directory` | -| `replsets.rs0.volumeSpec.pvc` | ReplicaSet Pods PVC request parameters | | -| `replsets.rs0.volumeSpec.pvc.annotations` | The Kubernetes annotations metadata for Persistent Volume Claim | `{}` | -| `replsets.rs0.volumeSpec.pvc.labels` | The Kubernetes labels metadata for Persistent Volume Claim | `{}` | -| `replsets.rs0.volumeSpec.pvc.storageClassName` | ReplicaSet Pods PVC target storageClass | `""` | -| `replsets.rs0.volumeSpec.pvc.accessModes` | ReplicaSet Pods PVC access policy | `[]` | -| `replsets.rs0.volumeSpec.pvc.resources.requests.storage` | ReplicaSet Pods PVC storage size | `3Gi` | -| `replsets.rs0.hostAliases` | The IP address for Kubernetes host aliases | `[]` | -| `replsets.rs0.nonvoting.enabled` | Add MongoDB nonvoting Pods | `false` | -| `replsets.rs0.nonvoting.podSecurityContext` | Set the security context for a Pod | `{}` | -| `replsets.rs0.nonvoting.containerSecurityContext` | Set the security context for a Container | `{}` | -| `replsets.rs0.nonvoting.size` | Number of nonvoting Pods | `1` | -| `replsets.rs0.nonvoting.configuration` | Custom config for mongod nonvoting member | `""` | -| `replsets.rs0.nonvoting.serviceAccountName` | Run replicaset nonvoting Container under specified K8S SA | `""` | -| `replsets.rs0.nonvoting.affinity.antiAffinityTopologyKey` | Nonvoting Pods affinity | `kubernetes.io/hostname` | -| `replsets.rs0.nonvoting.affinity.advanced` | Nonvoting Pods advanced affinity | `{}` | -| `replsets.rs0.nonvoting.tolerations` | Nonvoting Pod tolerations | `[]` | -| `replsets.rs0.nonvoting.priorityClass` | Nonvoting Pod priorityClassName | `""` | -| `replsets.rs0.nonvoting.annotations` | Nonvoting Pod annotations | `{}` | -| `replsets.rs0.nonvoting.labels` | Nonvoting Pod labels | `{}` | -| `replsets.rs0.nonvoting.nodeSelector` | Nonvoting Pod nodeSelector labels | `{}` | -| `replsets.rs0.nonvoting.podDisruptionBudget.maxUnavailable` | Nonvoting failed Pods maximum quantity | `1` | -| `replsets.rs0.nonvoting.resources` | Nonvoting Pods resource requests and limits | `{}` | -| `replsets.rs0.nonvoting.volumeSpec` | Nonvoting Pods storage resources | `{}` | -| `replsets.rs0.nonvoting.volumeSpec.emptyDir` | Nonvoting Pods emptyDir K8S storage | `{}` | -| `replsets.rs0.nonvoting.volumeSpec.hostPath` | Nonvoting Pods hostPath K8S storage | | -| `replsets.rs0.nonvoting.volumeSpec.hostPath.path` | Nonvoting Pods hostPath K8S storage path | `""` | -| `replsets.rs0.nonvoting.volumeSpec.hostPath.type` | Type for hostPath volume | `Directory` | -| `replsets.rs0.nonvoting.volumeSpec.pvc` | Nonvoting Pods PVC request parameters | | -| `replsets.rs0.nonvoting.volumeSpec.pvc.annotations` | The Kubernetes annotations metadata for Persistent Volume Claim | `{}` | -| `replsets.rs0.nonvoting.volumeSpec.pvc.labels` | The Kubernetes labels metadata for Persistent Volume Claim | `{}` | -| `replsets.rs0.nonvoting.volumeSpec.pvc.storageClassName` | Nonvoting Pods PVC target storageClass | `""` | -| `replsets.rs0.nonvoting.volumeSpec.pvc.accessModes` | Nonvoting Pods PVC access policy | `[]` | -| `replsets.rs0.nonvoting.volumeSpec.pvc.resources.requests.storage` | Nonvoting Pods PVC storage size | `3Gi` | -| `replsets.rs0.arbiter.enabled` | Create MongoDB arbiter service | `false` | -| `replsets.rs0.arbiter.size` | MongoDB arbiter Pod quantity | `1` | -| `replsets.rs0.arbiter.serviceAccountName` | Run replicaset arbiter Container under specified K8S SA | `""` | -| `replsets.rs0.arbiter.affinity.antiAffinityTopologyKey` | MongoDB arbiter Pod affinity | `kubernetes.io/hostname` | -| `replsets.rs0.arbiter.affinity.advanced` | MongoDB arbiter Pod advanced affinity | `{}` | -| `replsets.rs0.arbiter.tolerations` | MongoDB arbiter Pod tolerations | `[]` | -| `replsets.rs0.arbiter.priorityClass` | MongoDB arbiter priorityClassName | `""` | -| `replsets.rs0.arbiter.annotations` | MongoDB arbiter Pod annotations | `{}` | -| `replsets.rs0.arbiter.labels` | MongoDB arbiter Pod labels | `{}` | -| `replsets.rs0.arbiter.nodeSelector` | MongoDB arbiter Pod nodeSelector labels | `{}` | +| `replsets.rs0.name` | ReplicaSet name | `rs0` | +| `replsets.rs0.size` | ReplicaSet size (pod quantity) | `3` | +| `replsets.rs0.terminationGracePeriodSeconds` | The amount of seconds Kubernetes will wait for a clean replica set Pods termination | `""` | +| `replsets.rs0.externalNodes.host` | The URL or IP address of the external replset instance | `""` | +| `replsets.rs0.externalNodes.port` | The port number of the external replset instance | `""` | +| `replsets.rs0.externalNodes.votes` | The number of [votes](https://docs.mongodb.com/manual/reference/replica-configuration/#mongodb-rsconf-rsconf.members-n-.votes) of the external replset instance | `""` | +| `replsets.rs0.externalNodes.priority` | The [priority](https://docs.mongodb.com/manual/reference/replica-configuration/#mongodb-rsconf-rsconf.members-n-.priority) of the external replset instance | `""` | +| `replsets.rs0.configuration` | Custom config for mongod in replica set | `""` | +| `replsets.rs0.topologySpreadConstraints` | Control how Pods are spread across your cluster among failure-domains such as regions, zones, nodes, and other user-defined topology domains | `{}` | +| `replsets.rs0.replsetOverrides` | Use if you need tooverride the replica set members FQDNs with custom hostnames. Each key under `replsetOverrides` should be name of a Pod. The Operator won’t perform any validation for hostnames, so it's the user’s responsibility to ensure connectivity | `{}` | +| `replsets.rs0.serviceAccountName` | Run replicaset Containers under specified K8S SA | `""` | +| `replsets.rs0.affinity.antiAffinityTopologyKey` | ReplicaSet Pod affinity | `kubernetes.io/hostname` | +| `replsets.rs0.affinity.advanced` | ReplicaSet Pod advanced affinity | `{}` | +| `replsets.rs0.tolerations` | ReplicaSet Pod tolerations | `[]` | +| `replsets.rs0.priorityClass` | ReplicaSet Pod priorityClassName | `""` | +| `replsets.rs0.annotations` | ReplicaSet Pod annotations | `{}` | +| `replsets.rs0.labels` | ReplicaSet Pod labels | `{}` | +| `replsets.rs0.nodeSelector` | ReplicaSet Pod nodeSelector labels | `{}` | +| `replsets.rs0.livenessProbe` | ReplicaSet Pod livenessProbe structure | `{}` | +| `replsets.rs0.readinessProbe` | ReplicaSet Pod readinessProbe structure | `{}` | +| `replsets.rs0.storage` | Set cacheSizeRatio or other custom MongoDB storage options | `{}` | +| `replsets.rs0.podSecurityContext` | Set the security context for a Pod | `{}` | +| `replsets.rs0.containerSecurityContext` | Set the security context for a Container | `{}` | +| `replsets.rs0.runtimeClass` | ReplicaSet Pod runtimeClassName | `""` | +| `replsets.rs0.sidecars` | ReplicaSet Pod sidecars | `{}` | +| `replsets.rs0.sidecarVolumes` | ReplicaSet Pod sidecar volumes | `[]` | +| `replsets.rs0.sidecarPVCs` | ReplicaSet Pod sidecar PVCs | `[]` | +| `replsets.rs0.podDisruptionBudget.maxUnavailable` | ReplicaSet failed Pods maximum quantity | `1` | +| `replsets.rs0.splitHorizons` | External URI for Split-horizon for replica set Pods of the exposed cluster | `{}` | +| `replsets.rs0.expose.enabled` | Allow access to replicaSet from outside of Kubernetes | `false` | +| `replsets.rs0.expose.type` | Network service access point type | `ClusterIP` | +| `replsets.rs0.expose.loadBalancerIP` | Set client IP to Load Balancer | `""` | +| `replsets.rs0.expose.loadBalancerSourceRanges` | Limit client IP's access to Load Balancer | `{}` | +| `replsets.rs0.expose.annotations` | ReplicaSet service annotations | `{}` | +| `replsets.rs0.expose.labels` | ReplicaSet service labels | `{}` | +| `replsets.rs0.expose.internalTrafficPolicy` | ReplicaSet service internal traffic policy | `Local` | +| `replsets.rs0.expose.externalTrafficPolicy` | ReplicaSet service external traffic policy | `Local` | +| `replsets.rs0.schedulerName` | ReplicaSet Pod schedulerName | `""` | +| `replsets.rs0.resources` | ReplicaSet Pods resource requests and limits | `{}` | +| `replsets.rs0.volumeSpec` | ReplicaSet Pods storage resources | `{}` | +| `replsets.rs0.volumeSpec.emptyDir` | ReplicaSet Pods emptyDir K8S storage | `{}` | +| `replsets.rs0.volumeSpec.hostPath` | ReplicaSet Pods hostPath K8S storage | | +| `replsets.rs0.volumeSpec.hostPath.path` | ReplicaSet Pods hostPath K8S storage path | `""` | +| `replsets.rs0.volumeSpec.hostPath.type` | Type for hostPath volume | `Directory` | +| `replsets.rs0.volumeSpec.pvc` | ReplicaSet Pods PVC request parameters | | +| `replsets.rs0.volumeSpec.pvc.annotations` | The Kubernetes annotations metadata for Persistent Volume Claim | `{}` | +| `replsets.rs0.volumeSpec.pvc.labels` | The Kubernetes labels metadata for Persistent Volume Claim | `{}` | +| `replsets.rs0.volumeSpec.pvc.storageClassName` | ReplicaSet Pods PVC target storageClass | `""` | +| `replsets.rs0.volumeSpec.pvc.accessModes` | ReplicaSet Pods PVC access policy | `[]` | +| `replsets.rs0.volumeSpec.pvc.resources.requests.storage` | ReplicaSet Pods PVC storage size | `3Gi` | +| `replsets.rs0.hostAliases` | The IP address for Kubernetes host aliases | `[]` | +| `replsets.rs0.nonvoting.enabled` | Add MongoDB nonvoting Pods | `false` | +| `replsets.rs0.nonvoting.podSecurityContext` | Set the security context for a Pod | `{}` | +| `replsets.rs0.nonvoting.containerSecurityContext` | Set the security context for a Container | `{}` | +| `replsets.rs0.nonvoting.size` | Number of nonvoting Pods | `1` | +| `replsets.rs0.nonvoting.configuration` | Custom config for mongod nonvoting member | `""` | +| `replsets.rs0.nonvoting.serviceAccountName` | Run replicaset nonvoting Container under specified K8S SA | `""` | +| `replsets.rs0.nonvoting.affinity.antiAffinityTopologyKey` | Nonvoting Pods affinity | `kubernetes.io/hostname` | +| `replsets.rs0.nonvoting.affinity.advanced` | Nonvoting Pods advanced affinity | `{}` | +| `replsets.rs0.nonvoting.tolerations` | Nonvoting Pod tolerations | `[]` | +| `replsets.rs0.nonvoting.priorityClass` | Nonvoting Pod priorityClassName | `""` | +| `replsets.rs0.primaryPreferTagSelector.region` | Makes MongoDB instance to be selected as Primary based on specified region | `""` | +| `replsets.rs0.primaryPreferTagSelector.zone` | Makes MongoDB instance to be selected as Primary based on specified zone | `""` | +| `replsets.rs0.nonvoting.annotations` | Nonvoting Pod annotations | `{}` | +| `replsets.rs0.nonvoting.labels` | Nonvoting Pod labels | `{}` | +| `replsets.rs0.nonvoting.nodeSelector` | Nonvoting Pod nodeSelector labels | `{}` | +| `replsets.rs0.nonvoting.podDisruptionBudget.maxUnavailable` | Nonvoting failed Pods maximum quantity | `1` | +| `replsets.rs0.nonvoting.resources` | Nonvoting Pods resource requests and limits | `{}` | +| `replsets.rs0.nonvoting.volumeSpec` | Nonvoting Pods storage resources | `{}` | +| `replsets.rs0.nonvoting.volumeSpec.emptyDir` | Nonvoting Pods emptyDir K8S storage | `{}` | +| `replsets.rs0.nonvoting.volumeSpec.hostPath` | Nonvoting Pods hostPath K8S storage | | +| `replsets.rs0.nonvoting.volumeSpec.hostPath.path` | Nonvoting Pods hostPath K8S storage path | `""` | +| `replsets.rs0.nonvoting.volumeSpec.hostPath.type` | Type for hostPath volume | `Directory` | +| `replsets.rs0.nonvoting.volumeSpec.pvc` | Nonvoting Pods PVC request parameters | | +| `replsets.rs0.nonvoting.volumeSpec.pvc.annotations` | The Kubernetes annotations metadata for Persistent Volume Claim | `{}` | +| `replsets.rs0.nonvoting.volumeSpec.pvc.labels` | The Kubernetes labels metadata for Persistent Volume Claim | `{}` | +| `replsets.rs0.nonvoting.volumeSpec.pvc.storageClassName` | Nonvoting Pods PVC target storageClass | `""` | +| `replsets.rs0.nonvoting.volumeSpec.pvc.accessModes` | Nonvoting Pods PVC access policy | `[]` | +| `replsets.rs0.nonvoting.volumeSpec.pvc.resources.requests.storage` | Nonvoting Pods PVC storage size | `3Gi` | +| `replsets.rs0.arbiter.enabled` | Create MongoDB arbiter service | `false` | +| `replsets.rs0.arbiter.size` | MongoDB arbiter Pod quantity | `1` | +| `replsets.rs0.arbiter.serviceAccountName` | Run replicaset arbiter Container under specified K8S SA | `""` | +| `replsets.rs0.arbiter.affinity.antiAffinityTopologyKey` | MongoDB arbiter Pod affinity | `kubernetes.io/hostname` | +| `replsets.rs0.arbiter.affinity.advanced` | MongoDB arbiter Pod advanced affinity | `{}` | +| `replsets.rs0.arbiter.tolerations` | MongoDB arbiter Pod tolerations | `[]` | +| `replsets.rs0.arbiter.priorityClass` | MongoDB arbiter priorityClassName | `""` | +| `replsets.rs0.arbiter.annotations` | MongoDB arbiter Pod annotations | `{}` | +| `replsets.rs0.arbiter.labels` | MongoDB arbiter Pod labels | `{}` | +| `replsets.rs0.arbiter.nodeSelector` | MongoDB arbiter Pod nodeSelector labels | `{}` | | | -| `sharding.enabled` | Enable sharding setup | `true` | -| `sharding.balancer.enabled` | Enable/disable balancer | `true` | -| `sharding.configrs.size` | Config ReplicaSet size (pod quantity) | `3` | -| `sharding.configrs.terminationGracePeriodSeconds` | The amount of seconds Kubernetes will wait for a clean replica set Pods termination | `""` | -| `sharding.configrs.externalNodes` | Config ReplicaSet external nodes (cross cluster replication) | `[]` | -| `sharding.configrs.configuration` | Custom config for mongod in config replica set | `""` | -| `sharding.configrs.topologySpreadConstraints` | Control how Pods are spread across your cluster among failure-domains such as regions, zones, nodes, and other user-defined topology domains | `{}` | -| `sharding.configrs.serviceAccountName` | Run sharding configrs Containers under specified K8S SA | `""` | -| `sharding.configrs.affinity.antiAffinityTopologyKey` | Config ReplicaSet Pod affinity | `kubernetes.io/hostname` | -| `sharding.configrs.affinity.advanced` | Config ReplicaSet Pod advanced affinity | `{}` | -| `sharding.configrs.tolerations` | Config ReplicaSet Pod tolerations | `[]` | -| `sharding.configrs.priorityClass` | Config ReplicaSet Pod priorityClassName | `""` | -| `sharding.configrs.annotations` | Config ReplicaSet Pod annotations | `{}` | -| `sharding.configrs.labels` | Config ReplicaSet Pod labels | `{}` | -| `sharding.configrs.nodeSelector` | Config ReplicaSet Pod nodeSelector labels | `{}` | -| `sharding.configrs.livenessProbe` | Config ReplicaSet Pod livenessProbe structure | `{}` | -| `sharding.configrs.readinessProbe` | Config ReplicaSet Pod readinessProbe structure | `{}` | -| `sharding.configrs.storage` | Set cacheSizeRatio or other custom MongoDB storage options | `{}` | -| `sharding.configrs.podSecurityContext` | Set the security context for a Pod | `{}` | -| `sharding.configrs.containerSecurityContext` | Set the security context for a Container | `{}` | -| `sharding.configrs.runtimeClass` | Config ReplicaSet Pod runtimeClassName | `""` | -| `sharding.configrs.sidecars` | Config ReplicaSet Pod sidecars | `{}` | -| `sharding.configrs.sidecarVolumes` | Config ReplicaSet Pod sidecar volumes | `[]` | -| `sharding.configrs.sidecarPVCs` | Config ReplicaSet Pod sidecar PVCs | `[]` | -| `sharding.configrs.podDisruptionBudget.maxUnavailable` | Config ReplicaSet failed Pods maximum quantity | `1` | -| `sharding.configrs.expose.enabled` | Allow access to cfg replica from outside of Kubernetes | `false` | -| `sharding.configrs.expose.type` | Network service access point type | `ClusterIP` | -| `sharding.configrs.expose.loadBalancerIP` | Set client IP to Load Balancer | `""` | -| `sharding.configrs.expose.loadBalancerSourceRanges` | Limit client IP's access to Load Balancer | `{}` | -| `sharding.configrs.expose.annotations` | Config ReplicaSet service annotations | `{}` | -| `sharding.configrs.expose.labels` | Config ReplicaSet service labels | `{}` | -| `sharding.configrs.expose.internalTrafficPolicy` | Config ReplicaSet service internal traffic policy | `Local` | -| `sharding.configrs.expose.externalTrafficPolicy` | Config ReplicaSet service external traffic policy | `Local` | -| `sharding.configrs.resources.limits.cpu` | Config ReplicaSet resource limits CPU | `300m` | -| `sharding.configrs.resources.limits.memory` | Config ReplicaSet resource limits memory | `0.5G` | -| `sharding.configrs.resources.requests.cpu` | Config ReplicaSet resource requests CPU | `300m` | -| `sharding.configrs.resources.requests.memory` | Config ReplicaSet resource requests memory | `0.5G` | -| `sharding.configrs.volumeSpec.hostPath` | Config ReplicaSet hostPath K8S storage | | -| `sharding.configrs.volumeSpec.hostPath.path` | Config ReplicaSet hostPath K8S storage path | `""` | -| `sharding.configrs.volumeSpec.hostPath.type` | Type for hostPath volum | `Directory` | -| `sharding.configrs.volumeSpec.emptyDir` | Config ReplicaSet Pods emptyDir K8S storage | | -| `sharding.configrs.volumeSpec.pvc` | Config ReplicaSet Pods PVC request parameters | | -| `sharding.configrs.volumeSpec.pvc.annotations` | The Kubernetes annotations metadata for Persistent Volume Claim | `{}` | -| `sharding.configrs.volumeSpec.pvc.labels` | The Kubernetes labels metadata for Persistent Volume Claim | `{}` | -| `sharding.configrs.volumeSpec.pvc.storageClassName` | Config ReplicaSet Pods PVC storageClass | `""` | -| `sharding.configrs.volumeSpec.pvc.accessModes` | Config ReplicaSet Pods PVC access policy | `[]` | -| `sharding.configrs.volumeSpec.pvc.resources.requests.storage` | Config ReplicaSet Pods PVC storage size | `3Gi` | -| `sharding.configrs.hostAliases` | The IP address for Kubernetes host aliases | `[]` | -| `sharding.mongos.size` | Mongos size (pod quantity) | `3` | -| `sharding.mongos.terminationGracePeriodSeconds` | The amount of seconds Kubernetes will wait for a clean mongos Pods termination | `""` | -| `sharding.mongos.configuration` | Custom config for mongos | `""` | -| `sharding.mongos.topologySpreadConstraints` | Control how Pods are spread across your cluster among failure-domains such as regions, zones, nodes, and other user-defined topology domains | `{}` | -| `sharding.mongos.serviceAccountName` | Run sharding mongos Containers under specified K8S SA | `""` | -| `sharding.mongos.affinity.antiAffinityTopologyKey` | Mongos Pods affinity | `kubernetes.io/hostname` | -| `sharding.mongos.affinity.advanced` | Mongos Pods advanced affinity | `{}` | -| `sharding.mongos.tolerations` | Mongos Pods tolerations | `[]` | -| `sharding.mongos.priorityClass` | Mongos Pods priorityClassName | `""` | -| `sharding.mongos.annotations` | Mongos Pods annotations | `{}` | -| `sharding.mongos.labels` | Mongos Pods labels | `{}` | -| `sharding.mongos.nodeSelector` | Mongos Pods nodeSelector labels | `{}` | -| `sharding.mongos.livenessProbe` | Mongos Pod livenessProbe structure | `{}` | -| `sharding.mongos.readinessProbe` | Mongos Pod readinessProbe structure | `{}` | -| `sharding.mongos.podSecurityContext` | Set the security context for a Pod | `{}` | -| `sharding.mongos.containerSecurityContext` | Set the security context for a Container | `{}` | -| `sharding.mongos.runtimeClass` | Mongos Pod runtimeClassName | `""` | -| `sharding.mongos.sidecars` | Mongos Pod sidecars | `{}` | -| `sharding.mongos.sidecarVolumes` | Mongos Pod sidecar volumes | `[]` | -| `sharding.mongos.sidecarPVCs` | Mongos Pod sidecar PVCs | `[]` | -| `sharding.mongos.podDisruptionBudget.maxUnavailable` | Mongos failed Pods maximum quantity | `1` | -| `sharding.mongos.resources.limits.cpu` | Mongos Pods resource limits CPU | `300m` | -| `sharding.mongos.resources.limits.memory` | Mongos Pods resource limits memory | `0.5G` | -| `sharding.mongos.resources.requests.cpu` | Mongos Pods resource requests CPU | `300m` | -| `sharding.mongos.resources.requests.memory` | Mongos Pods resource requests memory | `0.5G` | -| `sharding.mongos.expose.type` | Mongos service type | `ClusterIP` | -| `sharding.mongos.expose.loadBalancerIP` | Set client IP to Load Balancer | `""` | -| `sharding.mongos.expose.servicePerPod` | Create a separate ClusterIP Service for each mongos instance | `false` | -| `sharding.mongos.expose.loadBalancerSourceRanges` | Limit client IP's access to Load Balancer | `{}` | -| `sharding.mongos.expose.annotations` | Mongos service annotations | `{}` | -| `sharding.mongos.expose.labels` | Mongos service labels | `{}` | -| `sharding.mongos.expose.internalTrafficPolicy` | Mongos service internal traffic policy | `Local` | -| `sharding.mongos.expose.externalTrafficPolicy` | Mongos service external traffic policy | `Local` | -| `sharding.mongos.expose.nodePort` | Custom port if exposing mongos via NodePort | `""` | -| `sharding.mongos.hostAliases` | The IP address for Kubernetes host aliases | `[]` | +| `sharding.enabled` | Enable sharding setup | `true` | +| `sharding.balancer.enabled` | Enable/disable balancer | `true` | +| `sharding.configrs.size` | Config ReplicaSet size (pod quantity) | `3` | +| `sharding.configrs.terminationGracePeriodSeconds` | The amount of seconds Kubernetes will wait for a clean replica set Pods termination | `""` | +| `sharding.configrs.externalNodes.host` | The URL or IP address of the external config server instance | `""` | +| `sharding.configrs.externalNodes.port` | The port number of the external config server instance | `""` | +| `sharding.configrs.externalNodes.votes` | The number of [votes :octicons-link-external-16:](https://docs.mongodb.com/manual/reference/replica-configuration/#mongodb-rsconf-rsconf.members-n-.votes) of the [external config server instance](replication-main.md) | `""` | +| `sharding.configrs.externalNodes.priority` | The [priority :octicons-link-external-16:](https://docs.mongodb.com/manual/reference/replica-configuration/#mongodb-rsconf-rsconf.members-n-.priority) of the [external config server instance](replication-main.md) | `""` | +| `sharding.configrs.configuration` | Custom config for mongod in config replica set | `""` | +| `sharding.configrs.topologySpreadConstraints` | Control how Pods are spread across your cluster among failure-domains such as regions, zones, nodes, and other user-defined topology domains | `{}` | +| `sharding.configrs.serviceAccountName` | Run sharding configrs Containers under specified K8S SA | `""` | +| `sharding.configrs.affinity.antiAffinityTopologyKey` | Config ReplicaSet Pod affinity | `kubernetes.io/hostname` | +| `sharding.configrs.affinity.advanced` | Config ReplicaSet Pod advanced affinity | `{}` | +| `sharding.configrs.tolerations` | Config ReplicaSet Pod tolerations | `[]` | +| `sharding.configrs.priorityClass` | Config ReplicaSet Pod priorityClassName | `""` | +| `sharding.configrs.annotations` | Config ReplicaSet Pod annotations | `{}` | +| `sharding.configrs.labels` | Config ReplicaSet Pod labels | `{}` | +| `sharding.configrs.nodeSelector` | Config ReplicaSet Pod nodeSelector labels | `{}` | +| `sharding.configrs.livenessProbe` | Config ReplicaSet Pod livenessProbe structure | `{}` | +| `sharding.configrs.readinessProbe` | Config ReplicaSet Pod readinessProbe structure | `{}` | +| `sharding.configrs.storage` | Set cacheSizeRatio or other custom MongoDB storage options | `{}` | +| `sharding.configrs.podSecurityContext` | Set the security context for a Pod | `{}` | +| `sharding.configrs.containerSecurityContext` | Set the security context for a Container | `{}` | +| `sharding.configrs.runtimeClass` | Config ReplicaSet Pod runtimeClassName | `""` | +| `sharding.configrs.sidecars` | Config ReplicaSet Pod sidecars | `{}` | +| `sharding.configrs.sidecarVolumes` | Config ReplicaSet Pod sidecar volumes | `[]` | +| `sharding.configrs.sidecarPVCs` | Config ReplicaSet Pod sidecar PVCs | `[]` | +| `sharding.configrs.podDisruptionBudget.maxUnavailable` | Config ReplicaSet failed Pods maximum quantity | `1` | +| `sharding.configrs.expose.enabled` | Allow access to cfg replica from outside of Kubernetes | `false` | +| `sharding.configrs.expose.type` | Network service access point type | `ClusterIP` | +| `sharding.configrs.expose.loadBalancerIP` | Set client IP to Load Balancer | `""` | +| `sharding.configrs.expose.loadBalancerSourceRanges` | Limit client IP's access to Load Balancer | `{}` | +| `sharding.configrs.expose.annotations` | Config ReplicaSet service annotations | `{}` | +| `sharding.configrs.expose.labels` | Config ReplicaSet service labels | `{}` | +| `sharding.configrs.expose.internalTrafficPolicy` | Config ReplicaSet service internal traffic policy | `Local` | +| `sharding.configrs.expose.externalTrafficPolicy` | Config ReplicaSet service external traffic policy | `Local` | +| `sharding.configrs.resources.limits.cpu` | Config ReplicaSet resource limits CPU | `300m` | +| `sharding.configrs.resources.limits.memory` | Config ReplicaSet resource limits memory | `0.5G` | +| `sharding.configrs.resources.requests.cpu` | Config ReplicaSet resource requests CPU | `300m` | +| `sharding.configrs.resources.requests.memory` | Config ReplicaSet resource requests memory | `0.5G` | +| `sharding.configrs.volumeSpec.hostPath` | Config ReplicaSet hostPath K8S storage | | +| `sharding.configrs.volumeSpec.hostPath.path` | Config ReplicaSet hostPath K8S storage path | `""` | +| `sharding.configrs.volumeSpec.hostPath.type` | Type for hostPath volum | `Directory` | +| `sharding.configrs.volumeSpec.emptyDir` | Config ReplicaSet Pods emptyDir K8S storage | | +| `sharding.configrs.volumeSpec.pvc` | Config ReplicaSet Pods PVC request parameters | | +| `sharding.configrs.volumeSpec.pvc.annotations` | The Kubernetes annotations metadata for Persistent Volume Claim | `{}` | +| `sharding.configrs.volumeSpec.pvc.labels` | The Kubernetes labels metadata for Persistent Volume Claim | `{}` | +| `sharding.configrs.volumeSpec.pvc.storageClassName` | Config ReplicaSet Pods PVC storageClass | `""` | +| `sharding.configrs.volumeSpec.pvc.accessModes` | Config ReplicaSet Pods PVC access policy | `[]` | +| `sharding.configrs.volumeSpec.pvc.resources.requests.storage` | Config ReplicaSet Pods PVC storage size | `3Gi` | +| `sharding.configrs.hostAliases` | The IP address for Kubernetes host aliases | `[]` | +| `sharding.mongos.size` | Mongos size (pod quantity) | `3` | +| `sharding.mongos.terminationGracePeriodSeconds` | The amount of seconds Kubernetes will wait for a clean mongos Pods termination | `""` | +| `sharding.mongos.configuration` | Custom config for mongos | `""` | +| `sharding.mongos.topologySpreadConstraints` | Control how Pods are spread across your cluster among failure-domains such as regions, zones, nodes, and other user-defined topology domains | `{}` | +| `sharding.mongos.serviceAccountName` | Run sharding mongos Containers under specified K8S SA | `""` | +| `sharding.mongos.affinity.antiAffinityTopologyKey` | Mongos Pods affinity | `kubernetes.io/hostname` | +| `sharding.mongos.affinity.advanced` | Mongos Pods advanced affinity | `{}` | +| `sharding.mongos.tolerations` | Mongos Pods tolerations | `[]` | +| `sharding.mongos.priorityClass` | Mongos Pods priorityClassName | `""` | +| `sharding.mongos.annotations` | Mongos Pods annotations | `{}` | +| `sharding.mongos.labels` | Mongos Pods labels | `{}` | +| `sharding.mongos.nodeSelector` | Mongos Pods nodeSelector labels | `{}` | +| `sharding.mongos.livenessProbe` | Mongos Pod livenessProbe structure | `{}` | +| `sharding.mongos.readinessProbe` | Mongos Pod readinessProbe structure | `{}` | +| `sharding.mongos.podSecurityContext` | Set the security context for a Pod | `{}` | +| `sharding.mongos.containerSecurityContext` | Set the security context for a Container | `{}` | +| `sharding.mongos.runtimeClass` | Mongos Pod runtimeClassName | `""` | +| `sharding.mongos.sidecars` | Mongos Pod sidecars | `{}` | +| `sharding.mongos.sidecarVolumes` | Mongos Pod sidecar volumes | `[]` | +| `sharding.mongos.sidecarPVCs` | Mongos Pod sidecar PVCs | `[]` | +| `sharding.mongos.podDisruptionBudget.maxUnavailable` | Mongos failed Pods maximum quantity | `1` | +| `sharding.mongos.resources.limits.cpu` | Mongos Pods resource limits CPU | `300m` | +| `sharding.mongos.resources.limits.memory` | Mongos Pods resource limits memory | `0.5G` | +| `sharding.mongos.resources.requests.cpu` | Mongos Pods resource requests CPU | `300m` | +| `sharding.mongos.resources.requests.memory` | Mongos Pods resource requests memory | `0.5G` | +| `sharding.mongos.expose.type` | Mongos service type | `ClusterIP` | +| `sharding.mongos.expose.loadBalancerIP` | Set client IP to Load Balancer | `""` | +| `sharding.mongos.expose.servicePerPod` | Create a separate ClusterIP Service for each mongos instance | `false` | +| `sharding.mongos.expose.loadBalancerSourceRanges` | Limit client IP's access to Load Balancer | `{}` | +| `sharding.mongos.expose.annotations` | Mongos service annotations | `{}` | +| `sharding.mongos.expose.labels` | Mongos service labels | `{}` | +| `sharding.mongos.expose.internalTrafficPolicy` | Mongos service internal traffic policy | `Local` | +| `sharding.mongos.expose.externalTrafficPolicy` | Mongos service external traffic policy | `Local` | +| `sharding.mongos.expose.nodePort` | Custom port if exposing mongos via NodePort | `""` | +| `sharding.mongos.hostAliases` | The IP address for Kubernetes host aliases | `[]` | | | | `users.name` | The username of the MongoDB application user | `""` | | `users.db` | Database that the user authenticates against | `""` | diff --git a/charts/psmdb-db/templates/cluster.yaml b/charts/psmdb-db/templates/cluster.yaml index 1004f93b..165bba3d 100644 --- a/charts/psmdb-db/templates/cluster.yaml +++ b/charts/psmdb-db/templates/cluster.yaml @@ -116,6 +116,10 @@ spec: topologySpreadConstraints: {{ $replset.topologySpreadConstraints | toYaml | indent 6 }} {{- end }} +{{- if $replset.replsetOverrides }} + replsetOverrides: +{{ $replset.replsetOverrides | toYaml | indent 6 }} + {{- end }} {{- if $replset.serviceAccountName }} serviceAccountName: {{ $replset.serviceAccountName }} {{- end }} @@ -125,6 +129,10 @@ spec: {{- end }} {{- if $replset.priorityClass }} priorityClassName: {{ $replset.priorityClass }} + {{- end }} + {{- if $replset.primaryPreferTagSelector }} + primaryPreferTagSelector: +{{ $replset.primaryPreferTagSelector | toYaml | indent 6 }} {{- end }} {{- if $replset.annotations }} annotations: @@ -193,7 +201,9 @@ spec: expose: enabled: {{ $replset.expose.enabled }} type: {{ $replset.expose.type }} + {{- if $replset.expose.loadBalancerIP }} loadBalancerIP: {{ $replset.expose.loadBalancerIP }} + {{- end }} {{- if $replset.expose.loadBalancerSourceRanges }} loadBalancerSourceRanges: {{ $replset.expose.loadBalancerSourceRanges | toYaml | indent 8 }} @@ -206,8 +216,12 @@ spec: labels: {{ $replset.expose.labels | toYaml | indent 8 }} {{- end }} + {{- if $replset.expose.internalTrafficPolicy }} internalTrafficPolicy: {{ $replset.expose.internalTrafficPolicy }} + {{- end }} + {{- if $replset.expose.externalTrafficPolicy }} externalTrafficPolicy: {{ $replset.expose.externalTrafficPolicy }} + {{- end }} {{- end }} {{- if $replset.schedulerName }} schedulerName: {{ $replset.schedulerName }} @@ -435,7 +449,9 @@ spec: expose: enabled: {{ .Values.sharding.configrs.expose.enabled }} type: {{ .Values.sharding.configrs.expose.type }} + {{- if .Values.sharding.configrs.expose.loadBalancerIP }} loadBalancerIP: {{ .Values.sharding.configrs.expose.loadBalancerIP }} + {{- end }} {{- if .Values.sharding.configrs.expose.loadBalancerSourceRanges }} loadBalancerSourceRanges: {{ .Values.sharding.configrs.expose.loadBalancerSourceRanges | toYaml | indent 10 }} @@ -448,8 +464,12 @@ spec: labels: {{ .Values.sharding.configrs.expose.labels | toYaml | indent 10 }} {{- end }} + {{- if .Values.sharding.configrs.expose.internalTrafficPolicy }} internalTrafficPolicy: {{ .Values.sharding.configrs.expose.internalTrafficPolicy }} + {{- end }} + {{- if .Values.sharding.configrs.expose.externalTrafficPolicy }} externalTrafficPolicy: {{ .Values.sharding.configrs.expose.externalTrafficPolicy }} + {{- end }} {{- end }} resources: limits: @@ -563,7 +583,9 @@ spec: memory: {{ .Values.sharding.mongos.resources.requests.memory }} expose: type: {{ .Values.sharding.mongos.expose.type }} + {{- if .Values.sharding.mongos.expose.loadBalancerIP }} loadBalancerIP: {{ .Values.sharding.mongos.expose.loadBalancerIP }} + {{- end }} {{- if .Values.sharding.mongos.expose.servicePerPod }} servicePerPod: {{ .Values.sharding.mongos.expose.servicePerPod }} {{- end }} @@ -579,8 +601,12 @@ spec: labels: {{ .Values.sharding.mongos.expose.labels | toYaml | indent 10 }} {{- end }} + {{- if .Values.sharding.mongos.expose.internalTrafficPolicy }} internalTrafficPolicy: {{ .Values.sharding.mongos.expose.internalTrafficPolicy }} + {{- end }} + {{- if .Values.sharding.mongos.expose.externalTrafficPolicy }} externalTrafficPolicy: {{ .Values.sharding.mongos.expose.externalTrafficPolicy }} + {{- end }} {{- if .Values.sharding.mongos.expose.nodePort }} nodePort: {{ .Values.sharding.mongos.expose.nodePort }} {{- end }} diff --git a/charts/psmdb-db/values.yaml b/charts/psmdb-db/values.yaml index 9e480b31..f0779918 100644 --- a/charts/psmdb-db/values.yaml +++ b/charts/psmdb-db/values.yaml @@ -113,6 +113,19 @@ replsets: # maxSkew: 1 # topologyKey: kubernetes.io/hostname # whenUnsatisfiable: DoNotSchedule + # replsetOverrides: + # my-cluster-name-rs0-0: + # host: my-cluster-name-rs0-0.example.net:27017 + # tags: + # key: value-0 + # my-cluster-name-rs0-1: + # host: my-cluster-name-rs0-1.example.net:27017 + # tags: + # key: value-1 + # my-cluster-name-rs0-2: + # host: my-cluster-name-rs0-2.example.net:27017 + # tags: + # key: value-2 affinity: antiAffinityTopologyKey: "kubernetes.io/hostname" # advanced: @@ -126,6 +139,9 @@ replsets: # - S1 # topologyKey: failure-domain.beta.kubernetes.io/zone # tolerations: [] + # primaryPreferTagSelector: + # region: us-west-2 + # zone: us-west-2c # priorityClass: "" # annotations: {} # labels: {} From 622e53b6a235267cc7197700fac0865e8191a7e3 Mon Sep 17 00:00:00 2001 From: Julio Pasinatto Date: Thu, 14 Nov 2024 10:01:01 -0300 Subject: [PATCH 12/13] Align mongos size with cr --- charts/psmdb-db/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/psmdb-db/values.yaml b/charts/psmdb-db/values.yaml index f0779918..8e59dee0 100644 --- a/charts/psmdb-db/values.yaml +++ b/charts/psmdb-db/values.yaml @@ -435,7 +435,7 @@ sharding: # - "host2" mongos: - size: 2 + size: 3 # terminationGracePeriodSeconds: 300 # configuration: | # systemLog: From f7a10542053a3bc590672318a471839ad9660de0 Mon Sep 17 00:00:00 2001 From: Julio Pasinatto Date: Thu, 14 Nov 2024 10:55:49 -0300 Subject: [PATCH 13/13] Remove externalTrafficPolicy from values comments --- charts/psmdb-db/values.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/charts/psmdb-db/values.yaml b/charts/psmdb-db/values.yaml index 8e59dee0..ed1f18d0 100644 --- a/charts/psmdb-db/values.yaml +++ b/charts/psmdb-db/values.yaml @@ -229,7 +229,6 @@ replsets: # labels: # some-label: some-key # internalTrafficPolicy: Local - # externalTrafficPolicy: Local # schedulerName: "" resources: limits: @@ -405,7 +404,6 @@ sharding: # labels: # some-label: some-key # internalTrafficPolicy: Local - # externalTrafficPolicy: Local resources: limits: cpu: "300m" @@ -500,7 +498,6 @@ sharding: # labels: # some-label: some-key # internalTrafficPolicy: Local - # externalTrafficPolicy: Local # nodePort: 32017 # auditLog: # destination: file