diff --git a/.devcontainer/README.md b/.devcontainer/README.md index 02936417ea..871a4fad22 100644 --- a/.devcontainer/README.md +++ b/.devcontainer/README.md @@ -6,7 +6,7 @@ To run the CTST tests in the codespace, simply head to `.github/script/end2end/` and run `run-e2e-ctst.sh` script. ```bash - cd .github/script/end2end/ + cd .github/scripts/end2end/ bash run-e2e-ctst.sh ``` diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index 8fcf0709de..d12800951d 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -74,13 +74,17 @@ "permissions": { "contents": "read" } + }, + "scality/zenko-drctl": { + "permissions": { + "contents": "read" + } } } } }, "containerEnv": { "ZENKO_MONGODB_DATABASE": "zenko-database", - "ZENKO_MONGODB_SHARDED": "true" }, // Use 'postCreateCommand' to run commands after the container is created. "postCreateCommand": "bash .devcontainer/setup.sh" diff --git a/.devcontainer/setup.sh b/.devcontainer/setup.sh index 8e379d601b..408588bc98 100755 --- a/.devcontainer/setup.sh +++ b/.devcontainer/setup.sh @@ -1,22 +1,22 @@ #!/bin/bash +set -e + env_variables=$(yq eval '.env | to_entries | .[] | .key + "=" + .value' .github/workflows/end2end.yaml | sed 's/\${{[^}]*}}//g') && export $env_variables export GIT_ACCESS_TOKEN=${GITHUB_TOKEN} export E2E_IMAGE_TAG=latest -array_length=`yq ".runs.steps | length - 1" .github/actions/deploy/action.yaml` +array_length=$(yq ".runs.steps | length - 1" .github/actions/deploy/action.yaml) for i in $(seq 0 $array_length); do - step=`yq ".runs.steps[$i]" .github/actions/deploy/action.yaml` - working_dir=`yq ".runs.steps[$i].working-directory" .github/actions/deploy/action.yaml` - run_command=`yq ".runs.steps[$i].run" .github/actions/deploy/action.yaml` + #step=$(yq ".runs.steps[$i]" .github/actions/deploy/action.yaml) + working_dir=$(yq ".runs.steps[$i].working-directory" .github/actions/deploy/action.yaml) + run_command=$(yq ".runs.steps[$i].run" .github/actions/deploy/action.yaml) # We don't want to run `run-e2e-test.sh` because it is used for linting here, user will run it manually if needed after deployment # We can't run `configure-e2e.sh` here because it needs an image that is not yet built and sent to kind, will be run after ( - if [[ "$run_command" != "null" && "$run_command" != *"configure-e2e.sh"* && "$run_command" != *"run-e2e-test.sh"* ]] - then - if [ "$working_dir" != "null" ] - then + if [[ "$run_command" != "null" && "$run_command" != *"configure-e2e.sh"* && "$run_command" != *"run-e2e-test.sh"* ]]; then + if [ "$working_dir" != "null" ]; then echo "Changing working dir: $working_dir" cd $working_dir fi @@ -33,7 +33,7 @@ done envsubst < 'e2e-config.yaml.template' > 'e2e-config.yaml' if [[ "${ENABLE_RING_TESTS}" == "false" ]]; then - yq -i 'del(.locations[] | select(.locationType == "location-scality-ring-s3-v1"))' e2e-config.yaml + yq -i 'del(.locations[] | select(.locationType == "location-scality-ring-s3-v1"))' e2e-config.yaml fi docker build -t $E2E_IMAGE_NAME:$E2E_IMAGE_TAG . kind load docker-image ${E2E_IMAGE_NAME}:${E2E_IMAGE_TAG} @@ -50,5 +50,6 @@ docker image prune -af CTST_TAG=$(sed 's/.*"cli-testing": ".*#\(.*\)".*/\1/;t;d' ./tests/ctst/package.json) SORBET_TAG=$(yq eval '.sorbet.tag' solution/deps.yaml) -docker build --build-arg CTST_TAG=$CTST_TAG --build-arg SORBET_TAG=$SORBET_TAG -t $E2E_CTST_IMAGE_NAME:$E2E_IMAGE_TAG ./tests/ctst +DRCTL_TAG=$(yq eval '.drctl.tag' solution/deps.yaml) +docker build --build-arg CTST_TAG=$CTST_TAG --build-arg SORBET_TAG=$SORBET_TAG --build-arg DRCTL_TAG=$DRCTL_TAG -t $E2E_CTST_IMAGE_NAME:$E2E_IMAGE_TAG ./tests/ctst kind load docker-image ${E2E_CTST_IMAGE_NAME}:${E2E_IMAGE_TAG} diff --git a/.github/actions/archive-artifacts/action.yaml b/.github/actions/archive-artifacts/action.yaml index 375a56dc08..0f18c7e653 100644 --- a/.github/actions/archive-artifacts/action.yaml +++ b/.github/actions/archive-artifacts/action.yaml @@ -16,6 +16,7 @@ runs: tar zcvf /tmp/artifacts/${{ github.sha }}-${STAGE}-logs-volumes.tgz /tmp/artifacts/data/${STAGE}/kind-logs; - name: Dump kafka shell: bash + continue-on-error: true run: |- set -exu diff --git a/.github/actions/debug-wait/action.yaml b/.github/actions/debug-wait/action.yaml index 5f15cfa1a3..3f852fdb02 100644 --- a/.github/actions/debug-wait/action.yaml +++ b/.github/actions/debug-wait/action.yaml @@ -13,4 +13,3 @@ runs: tmate-server-port: ${{ env.TMATE_SERVER_PORT }} tmate-server-rsa-fingerprint: ${{ env.TMATE_SERVER_RSA_FINGERPRINT }} tmate-server-ed25519-fingerprint: ${{ env.TMATE_SERVER_ED25519_FINGERPRINT }} - if: failure() && runner.debug == '1' diff --git a/.github/actions/deploy/action.yaml b/.github/actions/deploy/action.yaml index af3e274ed3..1fc7708f0c 100644 --- a/.github/actions/deploy/action.yaml +++ b/.github/actions/deploy/action.yaml @@ -7,10 +7,6 @@ inputs: description: "The tag of the Zenko Operator image to use" required: false default: "" - extra_components: - description: "Extra components to add to zenkoversion" - required: false - default: "" runs: using: composite steps: @@ -78,8 +74,6 @@ runs: shell: bash run: bash deploy-zenko.sh end2end default working-directory: ./.github/scripts/end2end - env: - EXTRA_COMPONENTS: ${{ inputs.extra_components }} - name: Add Keycloak user and assign StorageManager role shell: bash run: bash keycloak-helper.sh add-user default diff --git a/.github/scripts/end2end/configs/prometheus.yaml b/.github/scripts/end2end/configs/prometheus.yaml new file mode 100644 index 0000000000..e885d6325b --- /dev/null +++ b/.github/scripts/end2end/configs/prometheus.yaml @@ -0,0 +1,48 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: ${PROMETHEUS_NAME} +rules: +- apiGroups: + - "" + resources: + - pods + - services + - endpoints + verbs: + - '*' +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ${PROMETHEUS_NAME} +subjects: +- kind: ServiceAccount + name: default + namespace: default +roleRef: + kind: Role + name: ${PROMETHEUS_NAME} + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: monitoring.coreos.com/v1 +kind: Prometheus +metadata: + name: ${PROMETHEUS_NAME} + labels: + prometheus: ${PROMETHEUS_NAME} +spec: + version: v2.35.0 + evaluationInterval: 30s + logFormat: logfmt + logLevel: info + podMonitorNamespaceSelector: {} + podMonitorSelector: + matchLabels: + metalk8s.scality.com/monitor: "" + probeSelector: + matchLabels: + metalk8s.scality.com/monitor: "" + ruleSelector: + matchLabels: + metalk8s.scality.com/monitor: "" diff --git a/.github/scripts/end2end/configs/zenko.yaml b/.github/scripts/end2end/configs/zenko.yaml index a709ec270e..fcd6345e04 100644 --- a/.github/scripts/end2end/configs/zenko.yaml +++ b/.github/scripts/end2end/configs/zenko.yaml @@ -4,6 +4,8 @@ kind: Zenko metadata: name: ${ZENKO_NAME} ${ZENKO_ANNOTATIONS} + zenko.io/x-backbeat-oneshard-replicaset: data-db-mongodb-sharded-shard-0 + zenko.io/x-backbeat-oneshard-replicaset-hosts: data-db-mongodb-sharded-shard0-data-0.data-db-mongodb-sharded-headless.default.svc.cluster.local:27017 spec: version: ${ZENKO_VERSION_NAME} replicas: 1 diff --git a/.github/scripts/end2end/configs/zenkoversion.yaml b/.github/scripts/end2end/configs/zenkoversion.yaml index ecc2fe133c..67f6549211 100644 --- a/.github/scripts/end2end/configs/zenkoversion.yaml +++ b/.github/scripts/end2end/configs/zenkoversion.yaml @@ -66,6 +66,9 @@ spec: backbeat: image: '${BACKBEAT_IMAGE}' tag: '${BACKBEAT_TAG}' + drctl: + image: '${DRCTL_IMAGE}' + tag: '${DRCTL_TAG}' utapi: image: '${UTAPI_IMAGE}' tag: '${UTAPI_TAG}' @@ -106,9 +109,9 @@ spec: monitoring: image: '${JMX_JAVAAGENT_IMAGE}' tag: '${JMX_JAVAAGENT_TAG}' - cleaner: - image: '${KAFKA_CLEANER_IMAGE}' - tag: '${KAFKA_CLEANER_TAG}' + listener: + image: haproxy + tag: '${HAPROXY_TAG}' vault: image: '${VAULT_IMAGE}' tag: '${VAULT_TAG}' @@ -127,7 +130,6 @@ spec: image: '${REDIS_EXPORTER_IMAGE}' tag: '${REDIS_EXPORTER_TAG}' kubedb: '${REDIS_KUBEDB_TAG}' - ${EXTRA_COMPONENTS} defaults: backbeatConcurrency: lifecycleBucketProcessor: 30 diff --git a/.github/scripts/end2end/deploy-zenko.sh b/.github/scripts/end2end/deploy-zenko.sh index 2e4b785a02..5d774b58cb 100755 --- a/.github/scripts/end2end/deploy-zenko.sh +++ b/.github/scripts/end2end/deploy-zenko.sh @@ -38,21 +38,14 @@ else fi # TODO: use kustomize -ZENKO_MONGODB_SHARDED=${ZENKO_MONGODB_SHARDED:-'false'} -if [ "${ZENKO_MONGODB_SHARDED}" = 'true' ]; then - export ZENKO_ANNOTATIONS="annotations: - zenko.io/x-backbeat-oneshard-replicaset: data-db-mongodb-sharded-shard-0 - zenko.io/x-backbeat-oneshard-replicaset-hosts: data-db-mongodb-sharded-shard0-data-0.data-db-mongodb-sharded-headless.default.svc.cluster.local:27017" - export ZENKO_MONGODB_ENDPOINT="data-db-mongodb-sharded.default.svc.cluster.local:27017" - export ZENKO_MONGODB_CONFIG="writeConcern: 'majority' +export ZENKO_ANNOTATIONS="annotations:" +export ZENKO_MONGODB_ENDPOINT="data-db-mongodb-sharded.default.svc.cluster.local:27017" +export ZENKO_MONGODB_CONFIG="writeConcern: 'majority' enableSharding: true" -else - export ZENKO_MONGODB_ENDPOINT="dev-db-mongodb-primary-0.dev-db-mongodb-headless.default.svc.cluster.local:27017" -fi export ZENKO_MONGODB_DATABASE="${ZENKO_MONGODB_DATABASE:-'datadb'}" if [ "${TIME_PROGRESSION_FACTOR}" -gt 1 ]; then - export ZENKO_ANNOTATIONS="${ZENKO_ANNOTATIONS:-annotations:} + export ZENKO_ANNOTATIONS="$ZENKO_ANNOTATIONS zenko.io/time-progression-factor: \"${TIME_PROGRESSION_FACTOR}\"" fi diff --git a/.github/scripts/end2end/install-kind-dependencies.sh b/.github/scripts/end2end/install-kind-dependencies.sh index df2f3a05bc..599d686672 100755 --- a/.github/scripts/end2end/install-kind-dependencies.sh +++ b/.github/scripts/end2end/install-kind-dependencies.sh @@ -16,7 +16,6 @@ KAFKA_OPERATOR_VERSION=0.23.0 INGRESS_NGINX_VERSION=controller-v1.1.0 PROMETHEUS_VERSION=v0.52.1 KEYCLOAK_VERSION=18.4.4 -BITNAMI_MONGODB_VER=7.8.0 MONGODB_ROOT_USERNAME=root MONGODB_ROOT_PASSWORD=rootpass @@ -24,15 +23,8 @@ MONGODB_APP_USERNAME=data MONGODB_APP_PASSWORD=datapass MONGODB_APP_DATABASE="${ZENKO_MONGODB_DATABASE:-'datadb'}" MONGODB_RS_KEY=0123456789abcdef -# force a 4.0 image as that's what artesca uses -DEPS_FILE="$DIR/../../../solution-base/deps.yaml" -MONGODB_IMAGE_TAG=$(yq eval ".mongodb.tag" $DEPS_FILE) -MONGODB_INIT_IMAGE_NAME=$(yq eval ".mongodb-shell.image" $DEPS_FILE) -MONGODB_INIT_IMAGE_TAG=$(yq eval ".mongodb-shell.tag" $DEPS_FILE) -MONGODB_EXPORTER_IMAGE_TAG=$(yq eval ".mongodb-exporter.tag" $DEPS_FILE) ENABLE_KEYCLOAK_HTTPS=${ENABLE_KEYCLOAK_HTTPS:-'false'} -ZENKO_MONGODB_SHARDED=${ZENKO_MONGODB_SHARDED:-'false'} KAFKA_CHART=banzaicloud-stable/kafka-operator @@ -65,13 +57,22 @@ kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/${IN kubectl rollout status -n ingress-nginx deployment/ingress-nginx-controller --timeout=10m # cert-manager -kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/${CERT_MANAGER_VERSION}/cert-manager.yaml +kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/${CERT_MANAGER_VERSION}/cert-manager.yaml --wait +# kubectl apply --validate=false -f - <> $GITHUB_ENV -echo 'ZENKO_MONGODB_SECRET_NAME="mongodb-db-creds-pra"' >> $GITHUB_ENV +echo 'ZENKO_MONGODB_DATABASE="pradb"' >> "$GITHUB_ENV" +echo 'ZENKO_MONGODB_SECRET_NAME="mongodb-db-creds-pra"' >> "$GITHUB_ENV" -echo 'ZENKO_IAM_INGRESS="iam.dr.zenko.local"' >> $GITHUB_ENV -echo 'ZENKO_STS_INGRESS="sts.dr.zenko.local"' >> $GITHUB_ENV -echo 'ZENKO_MANAGEMENT_INGRESS="management.dr.zenko.local"' >> $GITHUB_ENV -echo 'ZENKO_S3_INGRESS="s3.dr.zenko.local"' >> $GITHUB_ENV -echo 'ZENKO_UI_INGRESS="ui.dr.zenko.local"' >> $GITHUB_ENV +echo 'ZENKO_IAM_INGRESS="iam.dr.zenko.local"' >> "$GITHUB_ENV" +echo 'ZENKO_STS_INGRESS="sts.dr.zenko.local"' >> "$GITHUB_ENV" +echo 'ZENKO_MANAGEMENT_INGRESS="management.dr.zenko.local"' >> "$GITHUB_ENV" +echo 'ZENKO_S3_INGRESS="s3.dr.zenko.local"' >> "$GITHUB_ENV" +echo 'ZENKO_UI_INGRESS="ui.dr.zenko.local"' >> "$GITHUB_ENV" MONGODB_ROOT_USERNAME="${MONGODB_ROOT_USERNAME:-'root'}" MONGODB_ROOT_PASSWORD="${MONGODB_ROOT_PASSWORD:-'rootpass'}" @@ -36,3 +36,36 @@ stringData: mongodb-password: $MONGODB_PRA_PASSWORD mongodb-database: $MONGODB_PRA_DATABASE EOF + +# Pre-create volume, to ensure it ends up on first node (dev-worker) +KAFKA_NODE="${CLUSTER_NAME:-kind}-worker" +kubectl -n ${PRA_NAMESPACE} apply -f - <> "$GITHUB_ENV" diff --git a/.github/scripts/end2end/run-e2e-ctst.sh b/.github/scripts/end2end/run-e2e-ctst.sh index b503f64c9e..cbe9368b4b 100755 --- a/.github/scripts/end2end/run-e2e-ctst.sh +++ b/.github/scripts/end2end/run-e2e-ctst.sh @@ -81,6 +81,8 @@ WORLD_PARAMETERS="$(jq -c <> $GITHUB_ENV SORBET_TAG=$(yq eval '.sorbet.tag' deps.yaml) + DRCTL_TAG=$(yq eval .drctl.tag deps.yaml) EOF - name: Build and push CI image uses: docker/build-push-action@v5 @@ -444,6 +443,7 @@ jobs: - name: Debug wait uses: ./.github/actions/debug-wait timeout-minutes: 60 + if: failure() && runner.debug == '1' - name: Upload results if: "!cancelled() && env.TRUNK_TOKEN" uses: trunk-io/analytics-uploader@main @@ -491,26 +491,13 @@ jobs: registry: ghcr.io - name: Deploy Zenko uses: ./.github/actions/deploy - env: - ZENKO_MONGODB_SHARDED: "true" - with: - zkop_tag: 1.6.0-preview.2 - extra_components: | - drctl: - image: ghcr.io/scality/zenko-drctl - tag: ${{ env.DRCTL_TAG }} - name: Prepare PRA environment run: bash prepare-pra.sh working-directory: ./.github/scripts/end2end - name: Deploy second Zenko for PRA run: bash deploy-zenko.sh end2end-pra default './configs/zenko.yaml' env: - ZENKO_MONGODB_SHARDED: "true" ZENKO_MONGODB_DATABASE: "pradb" - EXTRA_COMPONENTS: | - drctl: - image: 'ghcr.io/scality/zenko-drctl' - tag: ${{ env.DRCTL_TAG }} working-directory: ./.github/scripts/end2end - name: Add Keycloak pra user and assign StorageManager role shell: bash @@ -530,6 +517,20 @@ jobs: - name: Run CTST end to end tests run: bash run-e2e-ctst.sh "" "" "" "" --tags @PRA working-directory: ./.github/scripts/end2end + - name: Debug wait + uses: ./.github/actions/debug-wait + timeout-minutes: 60 + if: failure() && runner.debug == '1' + - name: Upload results + if: "!cancelled() && env.TRUNK_TOKEN" + uses: trunk-io/analytics-uploader@main + with: + junit-paths: /artifacts/data/reports/*.xml + org-slug: ${{ github.repository_owner }} + token: ${{ env.TRUNK_TOKEN }} + env: + TRUNK_TOKEN: ${{ secrets.TRUNK_TOKEN }} + continue-on-error: true - name: Archive artifact logs and data uses: ./.github/actions/archive-artifacts env: @@ -598,6 +599,7 @@ jobs: - name: Debug wait uses: ./.github/actions/debug-wait timeout-minutes: 60 + if: failure() && runner.debug == '1' - name: Archive artifact logs and data uses: ./.github/actions/archive-artifacts env: @@ -638,7 +640,6 @@ jobs: uses: ./.github/actions/deploy env: GIT_ACCESS_TOKEN: ${{ secrets.GIT_ACCESS_TOKEN }} - ZENKO_MONGODB_SHARDED: "true" - name: Run backbeat end to end tests run: bash run-e2e-test.sh "end2end" ${E2E_IMAGE_NAME}:${E2E_IMAGE_TAG} "backbeat" "default" working-directory: ./.github/scripts/end2end @@ -655,6 +656,7 @@ jobs: - name: Debug wait uses: ./.github/actions/debug-wait timeout-minutes: 60 + if: failure() && runner.debug == '1' - name: Archive artifact logs and data uses: ./.github/actions/archive-artifacts env: @@ -695,7 +697,6 @@ jobs: uses: ./.github/actions/deploy env: GIT_ACCESS_TOKEN: ${{ secrets.GIT_ACCESS_TOKEN }} - ZENKO_MONGODB_SHARDED: "true" ZENKO_ENABLE_SOSAPI: true TIME_PROGRESSION_FACTOR: 86400 TRANSITION_ONE_DAY_EARLIER: false @@ -719,6 +720,7 @@ jobs: - name: Debug wait uses: ./.github/actions/debug-wait timeout-minutes: 60 + if: failure() && runner.debug == '1' - name: Archive artifact logs and data uses: ./.github/actions/archive-artifacts env: @@ -747,6 +749,7 @@ jobs: - end2end-http - end2end-https - end2end-sharded + - end2end-pra - ctst-end2end-sharded if: failure() steps: @@ -775,6 +778,7 @@ jobs: - end2end-http - end2end-https - end2end-sharded + - end2end-pra - ctst-end2end-sharded if: success() steps: diff --git a/monitoring/pra/alerts.yaml b/monitoring/pra/alerts.yaml new file mode 100644 index 0000000000..6fcaa06b78 --- /dev/null +++ b/monitoring/pra/alerts.yaml @@ -0,0 +1,88 @@ +x-inputs: + - name: namespace + type: constant + value: zenko + - name: kafka_connect_src_job + type: constant + value: artesca-data-dr-source-base-queue-connector-metrics + - name: kafka_connect_sink_job + type: constant + value: artesca-data-dr-base-queue-connector-metrics + - name: dr_sink_instance + type: constant + value: artesca-data-dr + - name: rto_alert_threshold + type: config + value: 3600 # 1 hour + - name: mongo_jobs + type: constant + value: zenko/data-db-mongodb-sharded-shard.* + - name: lifecycle_jobs + type: constant + value: artesca-data-backbeat-lifecycle-.*-headless + +groups: +- name: PraAlerts + rules: + + - alert: DrResourcePausedWhileOtherRunning + expr: | + (sum(up{drSinkInstance="",job="${kafka_connect_src_job}", namespace="${namespace}"}) or vector(0)) + != + (sum(up{drSinkInstance="${dr_sink_instance}", job="${kafka_connect_sink_job}", namespace="${namespace}"}) or vector(0)) + for: 1m + labels: + severity: warning + annotations: + summary: 'DR Resource Paused While Other Running' + description: 'One site s DR resource is paused while the other is not. This could lead to data inconsistency between sites.' + + - alert: DrResourcePausedForTooLong + expr: | + (sum(up{drSinkInstance="", job="${kafka_connect_src_job}", namespace="${namespace}"}) or vector(0)) == 0 + for: 5m + labels: + severity: warning + annotations: + summary: 'DR resource paused for too long' + description: 'The DR resource has been paused for more than 5 minutes.' + + - alert: KafkaConnectOutageSource + expr: | + sum(rate(kafka_connect_task_error_total_record_errors{drSinkInstance="", job="${kafka_connect_src_job}"}[$__rate_interval])) > 0 + or + sum(rate(kafka_connect_task_error_total_record_failures{drSinkInstance="", job="${kafka_connect_src_job}"}[$__rate_interval])) > 0 + for: 1m + labels: + severity: critical + annotations: + description: >- + Kafka-connect on source is not working nominally. The rate of errors or failures has exceeded 0. This could lead DR to get out of sync if not addressed promptly. + summary: 'Kafka Connect not working' + + - alert: KafkaConnectOutageSink + expr: | + sum(rate(kafka_connect_task_error_total_record_errors{drSinkInstance="${dr_sink_instance}", job="${kafka_connect_sink_job}"}[$__rate_interval])) > 0 + or + sum(rate(kafka_connect_task_error_total_record_failures{drSinkInstance="${dr_sink_instance}", job="${kafka_connect_sink_job}"}[$__rate_interval])) > 0 + for: 1m + labels: + severity: critical + annotations: + description: >- + Kafka-connect on sink is not working nominally. The rate of errors or failures has exceeded 0. This could lead to data loss if not addressed promptly. + summary: 'Kafka Connect not working' + + - alert: WriteTimesLatency + expr: | + ( + sum(s3_lifecycle_last_timestamp_ms{drSinkInstance="", job=~"${lifecycle_jobs}",namespace="${namespace}"}) + - + sum(mongodb_ss_repl_lastWrite_lastWriteDate{drSinkInstance="${dr_sink_instance}", job=~"${mongo_jobs}", namespace="${namespace}"}) + ) > ${rto_alert_threshold} * 1000 + for: 1m + labels: + severity: critical + annotations: + summary: 'Write times latency' + description: 'The difference in write times between the source and protected sites is more than half of the Recovery Time Objective (12 hours). This could lead to data inconsistency between sites.' diff --git a/monitoring/pra/dashboard.json b/monitoring/pra/dashboard.json new file mode 100644 index 0000000000..d88ecbb49d --- /dev/null +++ b/monitoring/pra/dashboard.json @@ -0,0 +1,1202 @@ +{ + "__inputs": [ + { + "description": "Prometheus server that will be used for all panels in the dashboard.", + "label": "Prometheus", + "name": "DS_PROMETHEUS", + "pluginId": "prometheus", + "pluginName": "Prometheus", + "type": "datasource" + }, + { + "description": "Namespace associated with the Zenko instance", + "label": "namespace", + "name": "namespace", + "type": "constant", + "value": "zenko" + }, + { + "description": "Name of the ZenkoDR instance", + "label": "zenko instance name", + "name": "zenkoName", + "type": "constant", + "value": "artesca-data" + }, + { + "description": "Name of the kafka instance/job/cluster_name", + "label": "kafka instance", + "name": "kafka_instance", + "type": "constant", + "value": "artesca-data-dr-base-queue" + }, + { + "description": "Name of the kafka connect job", + "label": "kafka connect source job", + "name": "kafka_connect_src_job", + "type": "constant", + "value": "artesca-data-dr-base-queue-connector-metrics" + }, + { + "description": "Name of the kafka connect job", + "label": "kafka connect sink job", + "name": "kafka_connect_sink_job", + "type": "constant", + "value": "artesca-data-dr-base-queue-connector-metrics" + }, + { + "description": "Promethes label expression for lifecycle jobs", + "label": "Lifecycle jobs", + "name": "lifecycle_jobs", + "type": "constant", + "value": "artesca-data-backbeat-lifecycle-.*-headless" + }, + { + "description": "Promethes label expression for mongo jobs", + "label": "MongoDb jobs", + "name": "mongo_jobs", + "type": "constant", + "value": "zenko/data-db-mongodb-sharded-shard.*" + }, + { + "description": "Promethes label expression to filter PRA locations", + "label": "Locations", + "name": "locations", + "type": "constant", + "value": "glacier" + }, + { + "description": "Expected number of replicas", + "label": "Replicas", + "name": "replicas", + "type": "constant", + "value": "1" + }, + { + "description": "Name of the DR sink instance", + "label": "DR Sink Instance", + "name": "dr_sink_instance", + "type": "constant", + "value": "artesca-data-dr" + } + ], + "annotations": { + "list": [] + }, + "description": "", + "editable": true, + "gnetId": null, + "hideControls": false, + "id": null, + "links": [], + "panels": [ + { + "datasource": "${DS_PROMETHEUS}", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "decimals": null, + "mappings": [], + "max": 1, + "min": "0", + "noValue": "0", + "thresholds": { + "mode": "percentage", + "steps": [ + { + "color": "red", + "index": 0, + "line": true, + "op": "gt", + "value": "null", + "yaxis": "left" + }, + { + "color": "yellow", + "index": 1, + "line": true, + "op": "gt", + "value": 50.0, + "yaxis": "left" + }, + { + "color": "green", + "index": 2, + "line": true, + "op": "gt", + "value": 100.0, + "yaxis": "left" + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 4, + "x": 0, + "y": 0 + }, + "hideTimeOverride": false, + "id": 1, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "last" + ], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "targets": [ + { + "datasource": null, + "expr": "sum(up{job=\"${kafka_connect_src_job}\", namespace=\"${namespace}\", drSinkInstance=\"\"})", + "format": "time_series", + "hide": false, + "instant": false, + "interval": "", + "intervalFactor": 1, + "legendFormat": "", + "metric": "", + "refId": "", + "step": 10, + "target": "" + } + ], + "title": "KafkaConnect Source", + "transformations": [], + "transparent": false, + "type": "stat" + }, + { + "datasource": "${DS_PROMETHEUS}", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "decimals": null, + "mappings": [], + "max": 1, + "min": "0", + "noValue": "0", + "thresholds": { + "mode": "percentage", + "steps": [ + { + "color": "red", + "index": 0, + "line": true, + "op": "gt", + "value": "null", + "yaxis": "left" + }, + { + "color": "yellow", + "index": 1, + "line": true, + "op": "gt", + "value": 50.0, + "yaxis": "left" + }, + { + "color": "green", + "index": 2, + "line": true, + "op": "gt", + "value": 100.0, + "yaxis": "left" + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 4, + "x": 4, + "y": 0 + }, + "hideTimeOverride": false, + "id": 2, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "last" + ], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "targets": [ + { + "datasource": null, + "expr": "sum(up{job=\"${kafka_connect_sink_job}\", namespace=\"${namespace}\", drSinkInstance=\"${dr_sink_instance}\"})", + "format": "time_series", + "hide": false, + "instant": false, + "interval": "", + "intervalFactor": 1, + "legendFormat": "", + "metric": "", + "refId": "", + "step": 10, + "target": "" + } + ], + "title": "KafkaConnect Sink", + "transformations": [], + "transparent": false, + "type": "stat" + }, + { + "datasource": "${DS_PROMETHEUS}", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "decimals": null, + "mappings": [], + "max": 1, + "min": "0", + "noValue": "0", + "thresholds": { + "mode": "percentage", + "steps": [ + { + "color": "red", + "index": 0, + "line": true, + "op": "gt", + "value": "null", + "yaxis": "left" + }, + { + "color": "yellow", + "index": 1, + "line": true, + "op": "gt", + "value": 50.0, + "yaxis": "left" + }, + { + "color": "green", + "index": 2, + "line": true, + "op": "gt", + "value": 100.0, + "yaxis": "left" + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 4, + "x": 8, + "y": 0 + }, + "hideTimeOverride": false, + "id": 3, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "last" + ], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "targets": [ + { + "datasource": null, + "expr": "sum(up{job=\"${kafka_instance}\", namespace=\"${namespace}\"})", + "format": "time_series", + "hide": false, + "instant": false, + "interval": "", + "intervalFactor": 1, + "legendFormat": "", + "metric": "", + "refId": "", + "step": 10, + "target": "" + } + ], + "title": "Kafka", + "transformations": [], + "transparent": false, + "type": "stat" + }, + { + "datasource": "${DS_PROMETHEUS}", + "description": "Time since the last eligible op on the primary site.", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "decimals": null, + "mappings": [], + "noValue": "-", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "#808080", + "index": 0, + "line": true, + "op": "gt", + "value": "null", + "yaxis": "left" + }, + { + "color": "green", + "index": 1, + "line": true, + "op": "gt", + "value": 0.0, + "yaxis": "left" + }, + { + "color": "super-light-yellow", + "index": 2, + "line": true, + "op": "gt", + "value": 1800.0, + "yaxis": "left" + }, + { + "color": "orange", + "index": 3, + "line": true, + "op": "gt", + "value": 3600.0, + "yaxis": "left" + }, + { + "color": "red", + "index": 4, + "line": true, + "op": "gt", + "value": 3700.0, + "yaxis": "left" + } + ] + }, + "unit": "clockms" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 6, + "x": 12, + "y": 0 + }, + "hideTimeOverride": false, + "id": 4, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "last" + ], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "targets": [ + { + "datasource": null, + "expr": "time() - s3_lifecycle_last_timestamp_ms{location=~\"${locations}\", job=~\"${lifecycle_jobs}\", namespace=\"${namespace}\"}", + "format": "time_series", + "hide": false, + "instant": false, + "interval": "", + "intervalFactor": 1, + "legendFormat": "", + "metric": "", + "refId": "", + "step": 10, + "target": "" + } + ], + "title": "Last lifecycle op", + "transformations": [], + "transparent": false, + "type": "stat" + }, + { + "datasource": "${DS_PROMETHEUS}", + "description": "Time since the last mongo DB write on DR site.", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "custom": {}, + "decimals": null, + "mappings": [], + "noValue": "-", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "#808080", + "index": 0, + "line": true, + "op": "gt", + "value": "null", + "yaxis": "left" + }, + { + "color": "green", + "index": 1, + "line": true, + "op": "gt", + "value": 0.0, + "yaxis": "left" + }, + { + "color": "super-light-yellow", + "index": 2, + "line": true, + "op": "gt", + "value": 1800.0, + "yaxis": "left" + }, + { + "color": "orange", + "index": 3, + "line": true, + "op": "gt", + "value": 3600.0, + "yaxis": "left" + }, + { + "color": "red", + "index": 4, + "line": true, + "op": "gt", + "value": 3700.0, + "yaxis": "left" + } + ] + }, + "unit": "clockms" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 6, + "x": 18, + "y": 0 + }, + "hideTimeOverride": false, + "id": 5, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "last" + ], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "targets": [ + { + "datasource": null, + "expr": "time() - mongodb_ss_repl_lastWrite_lastWriteDate{job=~\"${mongo_jobs}\", namespace=\"${namespace}\", drSinkInstance=\"${dr_sink_instance}\"}", + "format": "time_series", + "hide": false, + "instant": false, + "interval": "", + "intervalFactor": 1, + "legendFormat": "", + "metric": "", + "refId": "", + "step": 10, + "target": "" + } + ], + "title": "Last DR mongo write", + "transformations": [], + "transparent": false, + "type": "stat" + }, + { + "collapsed": false, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "thresholds": { + "mode": "absolute", + "steps": [] + } + } + }, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 4 + }, + "hideTimeOverride": false, + "id": 6, + "links": [], + "maxDataPoints": 100, + "panels": [], + "targets": [], + "title": "Kafka Lag", + "transformations": [], + "transparent": false, + "type": "row" + }, + { + "datasource": "${DS_PROMETHEUS}", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 30, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "log": 2, + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": {}, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 8, + "x": 0, + "y": 5 + }, + "hideTimeOverride": false, + "id": 7, + "links": [], + "maxDataPoints": 100, + "options": { + "legend": { + "calcs": [ + "max", + "mean" + ], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single" + } + }, + "targets": [ + { + "datasource": null, + "expr": "sum(kafka_consumer_fetch_manager_records_lag{namespace=\"${namespace}\", drSinkInstance=\"\", job=\"${kafka_connect_src_job}\"})", + "format": "time_series", + "hide": false, + "instant": false, + "interval": "", + "intervalFactor": 1, + "legendFormat": " ", + "metric": "", + "refId": "", + "step": 10, + "target": "" + } + ], + "title": "Kafka Connect Source Lag", + "transformations": [], + "transparent": false, + "type": "timeseries" + }, + { + "datasource": "${DS_PROMETHEUS}", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 30, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "log": 2, + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": {}, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 8, + "x": 8, + "y": 5 + }, + "hideTimeOverride": false, + "id": 8, + "links": [], + "maxDataPoints": 100, + "options": { + "legend": { + "calcs": [ + "max", + "mean" + ], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single" + } + }, + "targets": [ + { + "datasource": null, + "expr": "max(kafka_consumergroup_group_max_lag{cluster_name=\"${kafka_instance}\", namespace=\"${namespace}\"})", + "format": "time_series", + "hide": false, + "instant": false, + "interval": "", + "intervalFactor": 1, + "legendFormat": " ", + "metric": "", + "refId": "", + "step": 10, + "target": "" + } + ], + "title": "Kafka Lag", + "transformations": [], + "transparent": false, + "type": "timeseries" + }, + { + "datasource": "${DS_PROMETHEUS}", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 30, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "log": 2, + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": {}, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 8, + "x": 16, + "y": 5 + }, + "hideTimeOverride": false, + "id": 9, + "links": [], + "maxDataPoints": 100, + "options": { + "legend": { + "calcs": [ + "max", + "mean" + ], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single" + } + }, + "targets": [ + { + "datasource": null, + "expr": "sum(kafka_consumer_fetch_manager_records_lag{namespace=\"${namespace}\", drSinkInstance=\"${dr_sink_instance}\", job=\"${kafka_connect_sink_job}\"})", + "format": "time_series", + "hide": false, + "instant": false, + "interval": "", + "intervalFactor": 1, + "legendFormat": " ", + "metric": "", + "refId": "", + "step": 10, + "target": "" + } + ], + "title": "Kafka Connect Sink Lag", + "transformations": [], + "transparent": false, + "type": "timeseries" + }, + { + "collapsed": false, + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "thresholds": { + "mode": "absolute", + "steps": [] + } + } + }, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 13 + }, + "hideTimeOverride": false, + "id": 10, + "links": [], + "maxDataPoints": 100, + "panels": [], + "targets": [], + "title": "Processing rate", + "transformations": [], + "transparent": false, + "type": "row" + }, + { + "datasource": "${DS_PROMETHEUS}", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 30, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "log": 2, + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": {}, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [] + }, + "unit": "ops" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 8, + "x": 0, + "y": 14 + }, + "hideTimeOverride": false, + "id": 11, + "links": [], + "maxDataPoints": 100, + "options": { + "legend": { + "calcs": [ + "mean", + "max" + ], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single" + } + }, + "targets": [ + { + "datasource": null, + "expr": "sum(rate(s3_lifecycle_duration_seconds_count{location=~\"${locations}\", job=~\"${lifecycle_jobs}\", namespace=\"${namespace}\", type=\"archive\"}[$__rate_interval]))", + "format": "time_series", + "hide": false, + "instant": false, + "interval": "", + "intervalFactor": 1, + "legendFormat": " ", + "metric": "", + "refId": "", + "step": 10, + "target": "" + } + ], + "title": "Lifecycle Archive Rate (source)", + "transformations": [], + "transparent": false, + "type": "timeseries" + }, + { + "datasource": "${DS_PROMETHEUS}", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 30, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "log": 2, + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": {}, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [] + }, + "unit": "ops" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 8, + "x": 8, + "y": 14 + }, + "hideTimeOverride": false, + "id": 12, + "links": [], + "maxDataPoints": 100, + "options": { + "legend": { + "calcs": [ + "max", + "mean" + ], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single" + } + }, + "targets": [ + { + "datasource": null, + "expr": "sum(rate(kafka_server_brokertopicmetrics_messagesin_total{job=\"${kafka_instance}\", namespace=\"${namespace}\", topic=\"\"}[$__rate_interval]))", + "format": "time_series", + "hide": false, + "instant": false, + "interval": "", + "intervalFactor": 1, + "legendFormat": " ", + "metric": "", + "refId": "", + "step": 10, + "target": "" + } + ], + "title": "Kafka Message Rate", + "transformations": [], + "transparent": false, + "type": "timeseries" + }, + { + "datasource": "${DS_PROMETHEUS}", + "editable": true, + "error": false, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 30, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "log": 2, + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": {}, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [] + }, + "unit": "ops" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 8, + "x": 16, + "y": 14 + }, + "hideTimeOverride": false, + "id": 13, + "links": [], + "maxDataPoints": 100, + "options": { + "legend": { + "calcs": [ + "mean", + "max" + ], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single" + } + }, + "targets": [ + { + "datasource": null, + "expr": "sum(rate(kafka_connect_mongodb_sink_task_metrics_in_task_put{job=\"${kafka_connect_sink_job}\", namespace=\"${namespace}\"}[$__rate_interval]))", + "format": "time_series", + "hide": false, + "instant": false, + "interval": "", + "intervalFactor": 1, + "legendFormat": " ", + "metric": "", + "refId": "", + "step": 10, + "target": "" + } + ], + "title": "Metadata Write Rate (sink)", + "transformations": [], + "transparent": false, + "type": "timeseries" + } + ], + "refresh": "30s", + "rows": [], + "schemaVersion": 12, + "sharedCrosshair": false, + "style": "dark", + "tags": [], + "templating": { + "list": [] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "hidden": false, + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "", + "title": "Zenko DR ${zenkoName}", + "uid": null, + "version": 1 +} diff --git a/monitoring/pra/dashboard.py b/monitoring/pra/dashboard.py new file mode 100644 index 0000000000..06bd91dc73 --- /dev/null +++ b/monitoring/pra/dashboard.py @@ -0,0 +1,311 @@ +from grafanalib.core import ( + ConstantInput, + DataSourceInput, + RowPanel, + Threshold, +) + +from grafanalib import formatunits as UNITS +from scalgrafanalib import ( + layout, + metrics, + Dashboard, + Stat, + Target, + TimeSeries, +) + + +class Metrics: + DR_SOURCE = 'drSinkInstance=""' + DR_SINK = 'drSinkInstance="${dr_sink_instance}"' + + UP = metrics.Metric( + "up", + "drSinkInstance", job="${job}", namespace="${namespace}", + ) + + KAFKA_CONSUMERGROUP_LAG = metrics.Metric( + "kafka_consumergroup_group_max_lag", + "group", cluster_name="${kafka_instance}", namespace="${namespace}", + ) + + KAFKA_CONNECT_SOURCE_TASK_RECORDS_LAG = metrics.Metric( + "kafka_consumer_fetch_manager_records_lag", + "drSinkInstance", "job", namespace="${namespace}", + ) + + LIFECYCLE_DURATION = metrics.BucketMetric( + "s3_lifecycle_duration_seconds", + "type", location=["${locations}"], job=["${lifecycle_jobs}"], namespace="${namespace}", + ) + + LIFECYCLE_LAST_TIMESTAMP = metrics.Metric( + "s3_lifecycle_last_timestamp_ms", + "type", location=["${locations}"], job=["${lifecycle_jobs}"], namespace="${namespace}", + ) + + KAFKA_MESSAGES_IN_TOTAL = metrics.CounterMetric( + "kafka_server_brokertopicmetrics_messagesin_total", + job="${kafka_instance}", namespace="${namespace}", topic="", # topic="" is the total + ) + + KAFKA_CONNECT_MONGODB_PUT_TOTAL = metrics.CounterMetric( + "kafka_connect_mongodb_sink_task_metrics_in_task_put", + "drSinkInstance", job="${kafka_connect_sink_job}", namespace="${namespace}", + ) + + MONGODB_OPLOG_START_TS, MONGODB_OPLOG_END_TS, MONGODB_LAST_WRITE_TS = [ + metrics.Metric( + name, + "drSinkInstance", job=["${mongo_jobs}"], namespace="${namespace}", + ) + for name in ( + "mongodb_oplog_stats_start", + "mongodb_oplog_stats_end", + "mongodb_ss_repl_lastWrite_lastWriteDate", + ) + ] + + +up = [ + Stat( + title=title, + dataSource="${DS_PROMETHEUS}", + reduceCalc="last", + minValue="0", + maxValue=replicas, + noValue="0", + targets=[ + Target( + expr='sum(' + metric + ')', + ), + ], + thresholdType="percentage", + thresholds=[ + Threshold("red", 0, 0.0), + Threshold("yellow", 1, 50.0), + Threshold("green", 2, 100.0), + ], + ) + for title, metric, replicas in [ + ["KafkaConnect Source", Metrics.UP(Metrics.DR_SOURCE, job="${kafka_connect_src_job}"), 1], + ["KafkaConnect Sink", Metrics.UP(Metrics.DR_SINK, job="${kafka_connect_sink_job}"), 1], + ["Kafka", Metrics.UP('job="${kafka_instance}"'), 1], + ] +] + +lastLifecycle = Stat( + title="Last lifecycle op", + description="Time since the last eligible op on the primary site.", + dataSource="${DS_PROMETHEUS}", + format=UNITS.CLOCK_MSEC, + noValue="-", + reduceCalc="last", + targets=[ + Target( + expr="time() - " + Metrics.LIFECYCLE_LAST_TIMESTAMP(), + ) + ], + thresholds=[ + Threshold("#808080", 0, 0.0), + Threshold("green", 1, 0.0), + Threshold("super-light-yellow", 2, 1800.0), + Threshold("orange", 3, 3600.0), + Threshold("red", 4, 3700.0), + ], +) + +lastMongodbWrite = Stat( + title="Last DR mongo write", + description="Time since the last mongo DB write on DR site.", + dataSource="${DS_PROMETHEUS}", + format=UNITS.CLOCK_MSEC, + noValue="-", + reduceCalc="last", + targets=[ + Target( + expr="time() - " + Metrics.MONGODB_LAST_WRITE_TS(Metrics.DR_SINK), + ) + ], + thresholds=[ + Threshold("#808080", 0, 0.0), + Threshold("green", 1, 0.0), + Threshold("super-light-yellow", 2, 1800.0), + Threshold("orange", 3, 3600.0), + Threshold("red", 4, 3700.0), + ], +) + +kafka_lag = TimeSeries( + title="Kafka Lag", + dataSource="${DS_PROMETHEUS}", + fillOpacity=30, + legendDisplayMode="list", + legendCalcs=["max", "mean"], + unit=UNITS.SECONDS, + targets=[Target( + expr="max(" + Metrics.KAFKA_CONSUMERGROUP_LAG() + ")", + legendFormat=" ", + )], +) + + +kafka_connect_lag_source, kafka_connect_lag_sink = [ + TimeSeries( + title="Kafka Connect " + name + " Lag", + dataSource="${DS_PROMETHEUS}", + fillOpacity=30, + legendDisplayMode="list", + legendCalcs=["max", "mean"], + unit=UNITS.SECONDS, + targets=[Target( + expr="sum(" + metric + ")", + legendFormat=" ", + )], + ) + for name, metric in [ + ["Source", Metrics.KAFKA_CONNECT_SOURCE_TASK_RECORDS_LAG(Metrics.DR_SOURCE, job="${kafka_connect_src_job}")], + ["Sink", Metrics.KAFKA_CONNECT_SOURCE_TASK_RECORDS_LAG(Metrics.DR_SINK, job="${kafka_connect_sink_job}")], + ] +] + + +lifecycle_archive_rate = TimeSeries( + title="Lifecycle Archive Rate (source)", + dataSource="${DS_PROMETHEUS}", + fillOpacity=30, + legendDisplayMode="list", + legendCalcs=["mean", "max"], + unit=UNITS.OPS_PER_SEC, + targets=[Target( + expr="sum(rate(" + Metrics.LIFECYCLE_DURATION.count(type="archive") + "))", + legendFormat=" ", + )], +) + + +incoming_message_rate = TimeSeries( + title="Kafka Message Rate", + dataSource="${DS_PROMETHEUS}", + fillOpacity=30, + legendDisplayMode="list", + legendCalcs=["max", "mean"], + unit=UNITS.OPS_PER_SEC, + targets=[Target( + expr="sum(rate(" + Metrics.KAFKA_MESSAGES_IN_TOTAL() + "))", + legendFormat=" ", + )], +) + + +outgoing_message_rate = TimeSeries( + title="Metadata Write Rate (sink)", + dataSource="${DS_PROMETHEUS}", + fillOpacity=30, + legendDisplayMode="list", + legendCalcs=["mean", "max"], + unit=UNITS.OPS_PER_SEC, + targets=[Target( + expr="sum(rate(" + Metrics.KAFKA_CONNECT_MONGODB_PUT_TOTAL() + "))", + legendFormat=" ", + )], +) + + +dashboard = ( + Dashboard( + title="Zenko DR ${zenkoName}", + editable=True, + refresh="30s", + timezone="", + version=1, + inputs=[ + DataSourceInput( + name="DS_PROMETHEUS", + label="Prometheus", + description="Prometheus server that will be used for all panels in the dashboard.", + pluginId="prometheus", + pluginName="Prometheus", + ), + ConstantInput( + name="namespace", + label="namespace", + description="Namespace associated with the Zenko instance", + value="zenko", + ), + ConstantInput( + name="zenkoName", + label="zenko instance name", + description="Name of the ZenkoDR instance", + value="artesca-data", + ), + ConstantInput( + name="kafka_instance", + label="kafka instance", + description="Name of the kafka instance/job/cluster_name", + value="artesca-data-dr-base-queue", + ), + ConstantInput( + name="kafka_connect_src_job", + label="kafka connect source job", + description="Name of the kafka connect job", + value="artesca-data-dr-base-queue-connector-metrics", + ), + ConstantInput( + name="kafka_connect_sink_job", + label="kafka connect sink job", + description="Name of the kafka connect job", + value="artesca-data-dr-base-queue-connector-metrics", + ), + ConstantInput( + name="lifecycle_jobs", + label="Lifecycle jobs", + description="Promethes label expression for lifecycle jobs", + value="artesca-data-backbeat-lifecycle-.*-headless", + ), + ConstantInput( + name="mongo_jobs", + label="MongoDb jobs", + description="Promethes label expression for mongo jobs", + value="zenko/data-db-mongodb-sharded-shard.*", + ), + ConstantInput( + name="locations", + label="Locations", + description="Promethes label expression to filter PRA locations", + value="glacier", + ), + ConstantInput( + name="replicas", + label="Replicas", + description="Expected number of replicas", + value="1", + ), + ConstantInput( + name="dr_sink_instance", + label="DR Sink Instance", + description="Name of the DR sink instance", + value="artesca-data-dr", + ), + ], + panels=layout.column([ + layout.row( + up + layout.resize([lastLifecycle, lastMongodbWrite], width=6,), + height=4, + ), + RowPanel(title="Kafka Lag"), + layout.row( + [kafka_connect_lag_source, kafka_lag, kafka_connect_lag_sink], + height=8, + ), + RowPanel(title="Processing rate"), + layout.row( + [lifecycle_archive_rate, incoming_message_rate, outgoing_message_rate], + height=8, + ), + ]), + ) + .auto_panel_ids() + .verify_datasources() +) \ No newline at end of file diff --git a/solution-base/build.sh b/solution-base/build.sh index d932fcc1bd..2608754504 100755 --- a/solution-base/build.sh +++ b/solution-base/build.sh @@ -29,35 +29,15 @@ SKOPEO=skopeo SKOPEO_OPTS="--override-os linux --insecure-policy" SOLUTION_REGISTRY=metalk8s-registry-from-config.invalid/${PRODUCT_LOWERNAME}-${VERSION_FULL} -KUBEDB_SCRIPT_BRANCH_TAG=89fab34cf2f5d9e0bcc3c2d5b0f0599f94ff0dca - -KUBEDB_OPERATOR_PATH=${ISO_ROOT}/deploy/kubedb.yaml -KUBEDB_CATALOGS_PATH=${ISO_ROOT}/deploy/kubedb-catalogs.yaml -MONGODB_SINGLE_NODE_PATH=${ISO_ROOT}/deploy/mongodb-1-node.yaml -MONGODB_THREE_NODE_PATH=${ISO_ROOT}/deploy/mongodb-3-nodes.yaml MONGODB_SHARDED_SINGLE_NODE_PATH=${ISO_ROOT}/deploy/mongodb-sharded-1-node.yaml MONGODB_SHARDED_THREE_NODE_PATH=${ISO_ROOT}/deploy/mongodb-sharded-3-nodes.yaml SOLUTION_ENV='SOLUTION_ENV' -export KUBEDB_NAMESPACE=${SOLUTION_ENV} -export KUBEDB_SERVICE_ACCOUNT=kubedb-operator -export KUBEDB_IMAGE_NAME=operator -export KUBEDB_OPERATOR_NAME=kubedb-operator -export KUBEDB_CERT_NAME=kubedb-operator-apiserver-cert -export KUBEDB_DOCKER_REGISTRY=${SOLUTION_REGISTRY} -export KUBEDB_PRIORITY_CLASS=system-cluster-critical - MONGODB_NAME="mongodb" MONGODB_SHARDED_NAME="data-db" MONGODB_NAMESPACE=${SOLUTION_ENV} MONGODB_REGISTRY=${SOLUTION_REGISTRY} -MONGODB_IMAGE_NAME="mongodb" -MONGODB_IMAGE_TAG=$(yq eval ".mongodb.tag" $SOLUTION_BASE_DIR/deps.yaml) -MONGODB_INIT_IMAGE_NAME=MONGODB_SHARDED_SHELL_IMAGE_NAME=$(yq eval ".mongodb-shell.image" $SOLUTION_BASE_DIR/deps.yaml | awk -F'/' '{print $NF}') -MONGODB_INIT_IMAGE_TAG=$(yq eval ".mongodb-shell.tag" $SOLUTION_BASE_DIR/deps.yaml) -MONGODB_EXPORTER_IMAGE_NAME="mongodb-exporter" -MONGODB_EXPORTER_IMAGE_TAG=$(yq eval ".mongodb-exporter.tag" $SOLUTION_BASE_DIR/deps.yaml) MONGODB_SHARDED_IMAGE_NAME="mongodb-sharded" MONGODB_SHARDED_IMAGE_TAG=$(yq eval ".mongodb-sharded.tag" $SOLUTION_BASE_DIR/deps.yaml) MONGODB_SHARDED_EXPORTER_IMAGE_NAME="mongodb-exporter" @@ -89,75 +69,6 @@ function mkdirs() mkdir -p ${IMAGES_ROOT} } -function kubedb_yamls() -{ - echo merging kubedb yamls - operator_yamls=( - certs - operator - service-account - rbac-list - user-roles - appcatalog-user-roles - validating-webhook - mutating-webhook - psp-operator - psp-mongodb - psp-redis - ) - catalog_yamls=( - kubedb-catalog-mongodb - kubedb-catalog-redis - ) - - for y in "${operator_yamls[@]}"; do - cat ${SOLUTION_BASE_DIR}/kubedb/${y}.yaml | envsubst >> ${KUBEDB_OPERATOR_PATH} - echo --- >> ${KUBEDB_OPERATOR_PATH} - done - - for y in "${catalog_yamls[@]}"; do - cat ${SOLUTION_BASE_DIR}/kubedb/${y}.yaml | envsubst >> ${KUBEDB_CATALOGS_PATH} - echo --- >> ${KUBEDB_CATALOGS_PATH} - done -} - -function render_mongodb_yamls() -{ - local OUTPUT_PATH=${1:-${OPERATOR_PATH}} - local NODE_COUNT=${2:-1} - local ADD_OPTIONS=${3:-""} - - echo creating mongodb ${NODE_COUNT}-node yamls - CHART_PATH="$SOLUTION_BASE_DIR/mongodb/charts/mongodb" - - helm template ${MONGODB_NAME} ${CHART_PATH} -n ${MONGODB_NAMESPACE} \ - -f "${CHART_PATH}/custom-values.yaml" \ - --set "image.registry=${MONGODB_REGISTRY}" \ - --set "image.repository=${MONGODB_IMAGE_NAME}" \ - --set "image.tag=${MONGODB_IMAGE_TAG}" \ - --set "volumePermissions.image.registry=${MONGODB_REGISTRY}" \ - --set "volumePermissions.image.repository=${MONGODB_INIT_IMAGE_NAME}" \ - --set "volumePermissions.image.tag=${MONGODB_INIT_IMAGE_TAG}" \ - --set "metrics.image.registry=${MONGODB_REGISTRY}" \ - --set "metrics.image.repository=${MONGODB_EXPORTER_IMAGE_NAME}" \ - --set "metrics.image.tag=${MONGODB_EXPORTER_IMAGE_TAG}" \ - --set "persistence.storageClass=${MONGODB_STORAGE_CLASS}" \ - --set "existingSecret=${MONGODB_NAME}-db-creds" \ - --set "volumePermissions.enabled=true" \ - --set "replicaSet.enabled=true" \ - --set "${ADD_OPTIONS}" >> ${OUTPUT_PATH} -} - -function mongodb_yamls() -{ - - render_mongodb_yamls "${MONGODB_SINGLE_NODE_PATH}" 1 \ - "replicaSet.pdb.minAvailable.secondary=0,replicaSet.pdb.minAvailable.arbiter=0,replicaSet.replicas.secondary=0,replicaSet.replicas.arbiter=0" - - render_mongodb_yamls "${MONGODB_THREE_NODE_PATH}" 3 \ - "replicaSet.pdb.minAvailable.secondary=1,replicaSet.pdb.minAvailable.arbiter=0,replicaSet.replicas.secondary=2,replicaSet.replicas.arbiter=0" -} - function render_mongodb_sharded_yamls() { local OUTPUT_PATH=${1:-${OPERATOR_PATH}} @@ -291,8 +202,6 @@ MANIFEST_ONLY=${MANIFEST_ONLY:-'false'} # run everything in order clean mkdirs -kubedb_yamls -mongodb_yamls mongodb_sharded_yamls gen_manifest_yaml diff --git a/solution-base/deps.yaml b/solution-base/deps.yaml index 7374ee0639..f7d5c2f6c5 100644 --- a/solution-base/deps.yaml +++ b/solution-base/deps.yaml @@ -1,12 +1,6 @@ # Please keep the first level keys sorted # to sort keys, use the following command # yq eval 'sortKeys(.)' -i deps.yaml -mongodb: - image: bitnami/mongodb - tag: 4.0.27-debian-9-r118 -mongodb-exporter: - image: bitnami/mongodb-exporter - tag: 0.34.0-debian-11-r31 mongodb-sharded: image: bitnami/mongodb-sharded tag: 4.2.21-debian-10-r7 diff --git a/solution-base/kubedb/appcatalog-user-roles.yaml b/solution-base/kubedb/appcatalog-user-roles.yaml deleted file mode 100644 index 4c601fb79d..0000000000 --- a/solution-base/kubedb/appcatalog-user-roles.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: appscode:appcatalog:admin - labels: - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" -rules: -- apiGroups: - - appcatalog.appscode.com - resources: - - "*" - verbs: ["*"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: appscode:appcatalog:view - labels: - rbac.authorization.k8s.io/aggregate-to-view: "true" -rules: -- apiGroups: - - appcatalog.appscode.com - resources: - - "*" - verbs: ["get", "list", "watch"] diff --git a/solution-base/kubedb/certs.yaml b/solution-base/kubedb/certs.yaml deleted file mode 100644 index 2ca5ff949c..0000000000 --- a/solution-base/kubedb/certs.yaml +++ /dev/null @@ -1,34 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: selfsigned-issuer - namespace: ${KUBEDB_NAMESPACE} -spec: - selfSigned: {} ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: ${KUBEDB_CERT_NAME} - namespace: ${KUBEDB_NAMESPACE} -spec: - # Secret names are always required. - secretName: ${KUBEDB_CERT_NAME} - # TODO: How does kubedb handle cert regens? - duration: 2160h # 90d - renewBefore: 360h # 15d - isCA: false - privateKey: - algorithm: RSA - encoding: PKCS1 - size: 2048 - # At least one of a DNS Name, URI, Email Address, or IP address is required. - dnsNames: - - ${KUBEDB_OPERATOR_NAME} - - ${KUBEDB_OPERATOR_NAME}.${KUBEDB_NAMESPACE}.svc - # Issuer references are always required. - issuerRef: - name: selfsigned-issuer - # We can reference ClusterIssuers by changing the kind here. - # The default value is Issuer (i.e. a locally namespaced Issuer) - kind: Issuer diff --git a/solution-base/kubedb/kubedb-catalog-mongodb.yaml b/solution-base/kubedb/kubedb-catalog-mongodb.yaml deleted file mode 100644 index 379c2311d2..0000000000 --- a/solution-base/kubedb/kubedb-catalog-mongodb.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: catalog.kubedb.com/v1alpha1 -kind: MongoDBVersion -metadata: - name: "4.0-v1" - labels: - app: kubedb -spec: - version: "4.0.5" - db: - image: "${KUBEDB_DOCKER_REGISTRY}/mongo:4.0-v1" - exporter: - image: "${KUBEDB_DOCKER_REGISTRY}/mongodb_exporter:v1.0.0" - tools: - image: "${KUBEDB_DOCKER_REGISTRY}/mongo-tools:4.0-v1" - initContainer: - image: "${KUBEDB_DOCKER_REGISTRY}/busybox" - podSecurityPolicies: - databasePolicyName: mongodb-db - snapshotterPolicyName: mongodb-snapshot diff --git a/solution-base/kubedb/kubedb-catalog-redis.yaml b/solution-base/kubedb/kubedb-catalog-redis.yaml deleted file mode 100644 index 65c5ffeb40..0000000000 --- a/solution-base/kubedb/kubedb-catalog-redis.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: catalog.kubedb.com/v1alpha1 -kind: RedisVersion -metadata: - name: "5.0.3-v1" - labels: - app: kubedb -spec: - version: "5.0.3" - db: - image: "${KUBEDB_DOCKER_REGISTRY}/redis:5.0.3-v1" - exporter: - image: "${KUBEDB_DOCKER_REGISTRY}/redis_exporter:v0.21.1" - podSecurityPolicies: - databasePolicyName: redis-db diff --git a/solution-base/kubedb/mutating-webhook.yaml b/solution-base/kubedb/mutating-webhook.yaml deleted file mode 100644 index 92effc347b..0000000000 --- a/solution-base/kubedb/mutating-webhook.yaml +++ /dev/null @@ -1,100 +0,0 @@ -# register to intercept kubedb CRD creates / updates -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: MutatingWebhookConfiguration -metadata: - name: mutators.kubedb.com - labels: - app: kubedb -webhooks: -- name: elasticsearch.mutators.kubedb.com - clientConfig: - service: - namespace: default - name: kubernetes - path: /apis/mutators.kubedb.com/v1alpha1/elasticsearchmutators - rules: - - apiGroups: ["kubedb.com"] - apiVersions: ["*"] - resources: ["elasticsearches"] - operations: ["CREATE", "UPDATE"] - failurePolicy: Fail - sideEffects: None -- name: postgres.mutators.kubedb.com - clientConfig: - service: - namespace: default - name: kubernetes - path: /apis/mutators.kubedb.com/v1alpha1/postgresmutators - rules: - - apiGroups: ["kubedb.com"] - apiVersions: ["*"] - resources: ["postgreses"] - operations: ["CREATE", "UPDATE"] - failurePolicy: Fail - sideEffects: None -- name: mysql.mutators.kubedb.com - clientConfig: - service: - namespace: default - name: kubernetes - path: /apis/mutators.kubedb.com/v1alpha1/mysqlmutators - rules: - - apiGroups: ["kubedb.com"] - apiVersions: ["*"] - resources: ["mysqls"] - operations: ["CREATE", "UPDATE"] - failurePolicy: Fail - sideEffects: None -- name: mongodb.mutators.kubedb.com - clientConfig: - service: - namespace: default - name: kubernetes - path: /apis/mutators.kubedb.com/v1alpha1/mongodbmutators - rules: - - apiGroups: ["kubedb.com"] - apiVersions: ["*"] - resources: ["mongodbs"] - operations: ["CREATE", "UPDATE"] - failurePolicy: Fail - sideEffects: None -- name: redis.mutators.kubedb.com - clientConfig: - service: - namespace: default - name: kubernetes - path: /apis/mutators.kubedb.com/v1alpha1/redismutators - rules: - - apiGroups: ["kubedb.com"] - apiVersions: ["*"] - resources: ["redises"] - operations: ["CREATE", "UPDATE"] - failurePolicy: Fail - sideEffects: None -- name: memcached.mutators.kubedb.com - clientConfig: - service: - namespace: default - name: kubernetes - path: /apis/mutators.kubedb.com/v1alpha1/memcachedmutators - rules: - - apiGroups: ["kubedb.com"] - apiVersions: ["*"] - resources: ["memcacheds"] - operations: ["CREATE", "UPDATE"] - failurePolicy: Fail - sideEffects: None -- name: etcd.mutators.kubedb.com - clientConfig: - service: - namespace: default - name: kubernetes - path: /apis/mutators.kubedb.com/v1alpha1/etcdmutators - rules: - - apiGroups: ["kubedb.com"] - apiVersions: ["*"] - resources: ["etcds"] - operations: ["CREATE", "UPDATE"] - failurePolicy: Fail - sideEffects: None ---- diff --git a/solution-base/kubedb/operator.yaml b/solution-base/kubedb/operator.yaml deleted file mode 100644 index 239ee86ee1..0000000000 --- a/solution-base/kubedb/operator.yaml +++ /dev/null @@ -1,130 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: ${KUBEDB_OPERATOR_NAME} - namespace: ${KUBEDB_NAMESPACE} - labels: - app: kubedb -spec: - replicas: 1 - selector: - matchLabels: - app: kubedb - template: - metadata: - labels: - app: kubedb - annotations: - scheduler.alpha.kubernetes.io/critical-pod: '' - spec: - serviceAccountName: ${KUBEDB_SERVICE_ACCOUNT} - imagePullSecrets: [${KUBEDB_IMAGE_PULL_SECRET}] - containers: - - name: operator - image: ${KUBEDB_DOCKER_REGISTRY}/${KUBEDB_IMAGE_NAME}:${KUBEDB_OPERATOR_TAG} - imagePullPolicy: IfNotPresent - args: - - run - - --v=3 - - --governing-service=kubedb - - --rbac=true - - --secure-port=8443 - - --audit-log-path=- - - --tls-cert-file=/var/serving-cert/tls.crt - - --tls-private-key-file=/var/serving-cert/tls.key - - --enable-mutating-webhook=true - - --enable-validating-webhook=true - - --enable-status-subresource=true - - --bypass-validating-webhook-xray=false - - --enable-analytics=false - env: - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - ports: - - containerPort: 8443 - volumeMounts: - - mountPath: /var/serving-cert - name: serving-cert - readinessProbe: - httpGet: - path: /healthz - port: 8443 - scheme: HTTPS - initialDelaySeconds: 5 - livenessProbe: - httpGet: - path: /healthz - port: 8443 - scheme: HTTPS - initialDelaySeconds: 15 - timeoutSeconds: 15 - resources: - requests: - cpu: "100m" - nodeSelector: - beta.kubernetes.io/os: linux - beta.kubernetes.io/arch: amd64 - volumes: - - name: serving-cert - secret: - defaultMode: 420 - secretName: ${KUBEDB_CERT_NAME} ---- -apiVersion: v1 -kind: Service -metadata: - name: ${KUBEDB_OPERATOR_NAME} - namespace: ${KUBEDB_NAMESPACE} - labels: - app: kubedb -spec: - ports: - - name: api - port: 443 - targetPort: 8443 - selector: - app: kubedb ---- -# register as aggregated apiserver -apiVersion: apiregistration.k8s.io/v1 -kind: APIService -metadata: - name: v1alpha1.validators.kubedb.com - namespace: ${KUBEDB_NAMESPACE} - labels: - app: kubedb - annotations: - cert-manager.io/inject-ca-from: ${KUBEDB_NAMESPACE}/${KUBEDB_CERT_NAME} -spec: - group: validators.kubedb.com - groupPriorityMinimum: 1000 - versionPriority: 15 - service: - name: ${KUBEDB_OPERATOR_NAME} - namespace: ${KUBEDB_NAMESPACE} - version: v1alpha1 ---- -# register as aggregated apiserver -apiVersion: apiregistration.k8s.io/v1 -kind: APIService -metadata: - name: v1alpha1.mutators.kubedb.com - namespace: ${KUBEDB_NAMESPACE} - labels: - app: kubedb - annotations: - cert-manager.io/inject-ca-from: ${KUBEDB_NAMESPACE}/${KUBEDB_CERT_NAME} -spec: - group: mutators.kubedb.com - groupPriorityMinimum: 1000 - versionPriority: 15 - service: - name: ${KUBEDB_OPERATOR_NAME} - namespace: ${KUBEDB_NAMESPACE} - version: v1alpha1 diff --git a/solution-base/kubedb/psp-mongodb.yaml b/solution-base/kubedb/psp-mongodb.yaml deleted file mode 100644 index 7c7d2d5d90..0000000000 --- a/solution-base/kubedb/psp-mongodb.yaml +++ /dev/null @@ -1,46 +0,0 @@ -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: mongodb-db - labels: - app: kubedb -spec: - privileged: false - allowPrivilegeEscalation: false - volumes: - - "*" - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: RunAsAny - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - fsGroup: - rule: RunAsAny - ---- -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: mongodb-snapshot - labels: - app: kubedb -spec: #same spec as db - privileged: false - allowPrivilegeEscalation: false - volumes: - - "*" - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: RunAsAny - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - fsGroup: - rule: RunAsAny diff --git a/solution-base/kubedb/psp-operator.yaml b/solution-base/kubedb/psp-operator.yaml deleted file mode 100644 index 64079bd688..0000000000 --- a/solution-base/kubedb/psp-operator.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: ${KUBEDB_OPERATOR_NAME} - labels: - app: kubedb -spec: - privileged: true #Allowing privileged pods is necessary for ES db only! - allowPrivilegeEscalation: true #Allowing privilege escalation is necessary for ES db only! - volumes: - - '*' - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: RunAsAny - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - fsGroup: - rule: RunAsAny - allowedCapabilities: - - IPC_LOCK - - SYS_RESOURCE diff --git a/solution-base/kubedb/psp-redis.yaml b/solution-base/kubedb/psp-redis.yaml deleted file mode 100644 index 41b8c33391..0000000000 --- a/solution-base/kubedb/psp-redis.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: redis-db - labels: - app: kubedb -spec: - privileged: false - allowPrivilegeEscalation: false - volumes: - - "*" - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: RunAsAny - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - fsGroup: - rule: RunAsAny diff --git a/solution-base/kubedb/rbac-list.yaml b/solution-base/kubedb/rbac-list.yaml deleted file mode 100644 index cc6b62af54..0000000000 --- a/solution-base/kubedb/rbac-list.yaml +++ /dev/null @@ -1,186 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: ${KUBEDB_OPERATOR_NAME} - labels: - app: kubedb -rules: -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: ["*"] -- apiGroups: - - apiregistration.k8s.io - resources: - - apiservices - verbs: ["get", "patch"] -- apiGroups: - - admissionregistration.k8s.io - resources: - - mutatingwebhookconfigurations - - validatingwebhookconfigurations - verbs: ["delete", "get", "list", "watch", "patch"] -- apiGroups: - - rbac.authorization.k8s.io - resources: - - rolebindings - - roles - verbs: ["create", "delete", "get", "patch"] -- apiGroups: - - "" - resources: - - services - verbs: ["create", "delete", "get", "patch", "list"] -- apiGroups: - - "" - resources: - - secrets - - serviceaccounts - verbs: ["create", "delete", "get", "patch"] -- apiGroups: - - apps - resources: - - deployments - - statefulsets - verbs: ["create", "delete", "get", "list", "patch", "update"] -- apiGroups: - - apps - resources: - - replicasets - verbs: ["get"] -- apiGroups: - - batch - resources: - - jobs - verbs: ["create", "delete", "get", "list", "watch"] -- apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: ["get"] -- apiGroups: - - "" - resources: - - pods - verbs: ["*"] -- apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: ["create", "delete", "get", "list", "patch", "watch"] -- apiGroups: - - "" - resources: - - configmaps - verbs: ["create", "delete", "get", "update", "list", "patch"] -- apiGroups: - - "" - resources: - - events - verbs: ["create"] -- apiGroups: - - "" - resources: - - nodes - verbs: ["get", "list", "watch"] -- apiGroups: - - kubedb.com - - catalog.kubedb.com - - authorization.kubedb.com - resources: - - "*" - verbs: ["*"] -- apiGroups: - - appcatalog.appscode.com - resources: - - "*" - verbs: ["*"] -- apiGroups: - - monitoring.coreos.com - resources: - - servicemonitors - verbs: ["*"] -- apiGroups: - - "" - resources: - - "pods/exec" - verbs: ["create"] -- apiGroups: - - policy - resources: - - podsecuritypolicies - verbs: ["use"] - resourceNames: - - ${KUBEDB_OPERATOR_NAME} - - elasticsearch-db - - etcd-db - - memcached-db - - mongodb-db - - mysql-db - - postgres-db - - redis-db - - elasticsearch-snapshot - - mongodb-snapshot - - mysql-snapshot - - postgres-snapshot - # -array for custom PSPs -- apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: ["get", "list", "create", "delete", "patch"] -- apiGroups: - - stash.appscode.com - resources: - - restoresessions - verbs: ["get", "list", "watch"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: ${KUBEDB_OPERATOR_NAME} - labels: - app: kubedb -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ${KUBEDB_OPERATOR_NAME} -subjects: -- kind: ServiceAccount - name: ${KUBEDB_SERVICE_ACCOUNT} - namespace: ${KUBEDB_NAMESPACE} - ---- -# to read the config for terminating authentication -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: kubedb-server-extension-server-authentication-reader - namespace: kube-system - labels: - app: kubedb -roleRef: - kind: Role - apiGroup: rbac.authorization.k8s.io - name: extension-apiserver-authentication-reader -subjects: -- kind: ServiceAccount - name: ${KUBEDB_SERVICE_ACCOUNT} - namespace: ${KUBEDB_NAMESPACE} ---- -# to delegate authentication and authorization -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: kubedb-server-auth-delegator - labels: - app: kubedb -roleRef: - kind: ClusterRole - apiGroup: rbac.authorization.k8s.io - name: system:auth-delegator -subjects: -- kind: ServiceAccount - name: ${KUBEDB_SERVICE_ACCOUNT} - namespace: ${KUBEDB_NAMESPACE} diff --git a/solution-base/kubedb/service-account.yaml b/solution-base/kubedb/service-account.yaml deleted file mode 100644 index a36cc2749c..0000000000 --- a/solution-base/kubedb/service-account.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: ${KUBEDB_SERVICE_ACCOUNT} - namespace: ${KUBEDB_NAMESPACE} - labels: - app: kubedb diff --git a/solution-base/kubedb/user-roles.yaml b/solution-base/kubedb/user-roles.yaml deleted file mode 100644 index 13a333e325..0000000000 --- a/solution-base/kubedb/user-roles.yaml +++ /dev/null @@ -1,77 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kubedb:core:admin - labels: - rbac.authorization.k8s.io/aggregate-to-admin: "true" -rules: -- apiGroups: - - kubedb.com - - catalog.kubedb.com - resources: - - "*" - verbs: ["*"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kubedb:core:edit - labels: - rbac.authorization.k8s.io/aggregate-to-edit: "true" -rules: -- apiGroups: - - kubedb.com - resources: - - elasticsearches - - memcacheds - - mongodbs - - mysqls - - postgreses - - redises - - snapshots - verbs: ["*"] -- apiGroups: - - kubedb.com - resources: - - dormantdatabases - verbs: ["get", "list", "watch"] -- apiGroups: - - catalog.kubedb.com - resources: - - elasticsearchversions - - memcachedversions - - mongodbversions - - mysqlversions - - postgresversions - - redisversions - verbs: ["get", "list", "watch"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: kubedb:core:view - labels: - rbac.authorization.k8s.io/aggregate-to-view: "true" -rules: -- apiGroups: - - kubedb.com - resources: - - dormantdatabases - - elasticsearches - - memcacheds - - mongodbs - - mysqls - - postgreses - - redises - - snapshots - verbs: ["get", "list", "watch"] -- apiGroups: - - catalog.kubedb.com - resources: - - elasticsearchversions - - memcachedversions - - mongodbversions - - mysqlversions - - postgresversions - - redisversions - verbs: ["get", "list", "watch"] diff --git a/solution-base/kubedb/validating-webhook.yaml b/solution-base/kubedb/validating-webhook.yaml deleted file mode 100644 index ac00b11c12..0000000000 --- a/solution-base/kubedb/validating-webhook.yaml +++ /dev/null @@ -1,138 +0,0 @@ -# register to intercept kubedb CRD creates / updates -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: ValidatingWebhookConfiguration -metadata: - name: validators.kubedb.com - labels: - app: kubedb -webhooks: -- name: elasticsearch.validators.kubedb.com - clientConfig: - service: - namespace: default - name: kubernetes - path: /apis/validators.kubedb.com/v1alpha1/elasticsearchvalidators - rules: - - apiGroups: ["kubedb.com"] - apiVersions: ["*"] - resources: ["elasticsearches"] - operations: ["CREATE", "UPDATE", "DELETE"] - failurePolicy: Fail - sideEffects: None -- name: postgres.validators.kubedb.com - clientConfig: - service: - namespace: default - name: kubernetes - path: /apis/validators.kubedb.com/v1alpha1/postgresvalidators - rules: - - apiGroups: ["kubedb.com"] - apiVersions: ["*"] - resources: ["postgreses"] - operations: ["CREATE", "UPDATE", "DELETE"] - failurePolicy: Fail - sideEffects: None -- name: mysql.validators.kubedb.com - clientConfig: - service: - namespace: default - name: kubernetes - path: /apis/validators.kubedb.com/v1alpha1/mysqlvalidators - rules: - - apiGroups: ["kubedb.com"] - apiVersions: ["*"] - resources: ["mysqls"] - operations: ["CREATE", "UPDATE", "DELETE"] - failurePolicy: Fail - sideEffects: None -- name: mongodb.validators.kubedb.com - clientConfig: - service: - namespace: default - name: kubernetes - path: /apis/validators.kubedb.com/v1alpha1/mongodbvalidators - rules: - - apiGroups: ["kubedb.com"] - apiVersions: ["*"] - resources: ["mongodbs"] - operations: ["CREATE", "UPDATE", "DELETE"] - failurePolicy: Fail - sideEffects: None -- name: redis.validators.kubedb.com - clientConfig: - service: - namespace: default - name: kubernetes - path: /apis/validators.kubedb.com/v1alpha1/redisvalidators - rules: - - apiGroups: ["kubedb.com"] - apiVersions: ["*"] - resources: ["redises"] - operations: ["CREATE", "UPDATE", "DELETE"] - failurePolicy: Fail - sideEffects: None -- name: memcached.validators.kubedb.com - clientConfig: - service: - namespace: default - name: kubernetes - path: /apis/validators.kubedb.com/v1alpha1/memcachedvalidators - rules: - - apiGroups: ["kubedb.com"] - apiVersions: ["*"] - resources: ["memcacheds"] - operations: ["CREATE", "UPDATE", "DELETE"] - failurePolicy: Fail - sideEffects: None -- name: etcd.validators.kubedb.com - clientConfig: - service: - namespace: default - name: kubernetes - path: /apis/validators.kubedb.com/v1alpha1/etcdvalidators - rules: - - apiGroups: ["kubedb.com"] - apiVersions: ["*"] - resources: ["etcds"] - operations: ["CREATE", "UPDATE", "DELETE"] - failurePolicy: Fail - sideEffects: None -- name: snapshot.validators.kubedb.com - clientConfig: - service: - namespace: default - name: kubernetes - path: /apis/validators.kubedb.com/v1alpha1/snapshotvalidators - rules: - - apiGroups: ["kubedb.com"] - apiVersions: ["*"] - resources: ["snapshots"] - operations: ["CREATE", "UPDATE"] - failurePolicy: Fail - sideEffects: None -- name: dormantdatabase.validators.kubedb.com - clientConfig: - service: - namespace: default - name: kubernetes - path: /apis/validators.kubedb.com/v1alpha1/dormantdatabasevalidators - rules: - - apiGroups: ["kubedb.com"] - apiVersions: ["*"] - resources: ["dormantdatabases"] - operations: ["CREATE", "UPDATE", "DELETE"] - failurePolicy: Fail - sideEffects: None -- name: namespace.validators.kubedb.com - clientConfig: - service: - namespace: default - name: kubernetes - path: /apis/validators.kubedb.com/v1alpha1/namespaces - rules: - - apiGroups: [""] - apiVersions: ["*"] - resources: ["namespaces"] - operations: ["DELETE"] - failurePolicy: Fail - sideEffects: None diff --git a/solution-base/mongodb/charts/mongodb/.helmignore b/solution-base/mongodb/charts/mongodb/.helmignore deleted file mode 100644 index 6b8710a711..0000000000 --- a/solution-base/mongodb/charts/mongodb/.helmignore +++ /dev/null @@ -1 +0,0 @@ -.git diff --git a/solution-base/mongodb/charts/mongodb/Chart.yaml b/solution-base/mongodb/charts/mongodb/Chart.yaml deleted file mode 100644 index 4464586059..0000000000 --- a/solution-base/mongodb/charts/mongodb/Chart.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -appVersion: 4.0.27 -description: NoSQL document-oriented database that stores JSON-like documents with - dynamic schemas, simplifying the integration of data in content-driven applications. -engine: gotpl -home: https://mongodb.org -icon: https://bitnami.com/assets/stacks/mongodb/img/mongodb-stack-220x234.png -keywords: -- mongodb -- database -- nosql -- cluster -- replicaset -- replication -maintainers: -- email: containers@bitnami.com - name: Bitnami -name: mongodb -sources: -- https://github.com/bitnami/bitnami-docker-mongodb -version: 7.8.0 diff --git a/solution-base/mongodb/charts/mongodb/OWNERS b/solution-base/mongodb/charts/mongodb/OWNERS deleted file mode 100644 index f87e010777..0000000000 --- a/solution-base/mongodb/charts/mongodb/OWNERS +++ /dev/null @@ -1,16 +0,0 @@ -approvers: -- prydonius -- tompizmor -- sameersbn -- carrodher -- javsalgar -- juan131 -- miguelaeh -reviewers: -- prydonius -- tompizmor -- sameersbn -- carrodher -- javsalgar -- juan131 -- miguelaeh diff --git a/solution-base/mongodb/charts/mongodb/README.md b/solution-base/mongodb/charts/mongodb/README.md deleted file mode 100644 index 60ae1c6a00..0000000000 --- a/solution-base/mongodb/charts/mongodb/README.md +++ /dev/null @@ -1,315 +0,0 @@ -# MongoDB - -[MongoDB](https://www.mongodb.com/) is a cross-platform document-oriented database. Classified as a NoSQL database, MongoDB eschews the traditional table-based relational database structure in favor of JSON-like documents with dynamic schemas, making the integration of data in certain types of applications easier and faster. - -## TL;DR; - -```bash -$ helm install stable/mongodb -``` - -## Introduction - -This chart bootstraps a [MongoDB](https://github.com/bitnami/bitnami-docker-mongodb) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). - -## Prerequisites - -- Kubernetes 1.12+ -- Helm 2.11+ or Helm 3.0-beta3+ -- PV provisioner support in the underlying infrastructure -- ReadWriteMany volumes for deployment scaling - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```bash -$ helm install --name my-release stable/mongodb -``` - -The command deploys MongoDB on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```bash -$ helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Parameters - -The following table lists the configurable parameters of the MongoDB chart and their default values. - -| Parameter | Description | Default | -|----------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------| -| `global.imageRegistry` | Global Docker image registry | `nil` | -| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | -| `global.storageClass` | Global storage class for dynamic provisioning | `nil` | -| `image.registry` | MongoDB image registry | `docker.io` | -| `image.repository` | MongoDB Image name | `bitnami/mongodb` | -| `image.tag` | MongoDB Image tag | `{TAG_NAME}` | -| `image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | -| `image.debug` | Specify if debug logs should be enabled | `false` | -| `nameOverride` | String to partially override mongodb.fullname template with a string (will prepend the release name) | `nil` | -| `fullnameOverride` | String to fully override mongodb.fullname template with a string | `nil` | -| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` | -| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | -| `volumePermissions.image.repository` | Init container volume-permissions image name | `bitnami/minideb` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag | `stretch` | -| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` | -| `volumePermissions.resources` | Init container resource requests/limit | `nil` | -| `clusterDomain` | Default Kubernetes cluster domain | `cluster.local` | -| `usePassword` | Enable password authentication | `true` | -| `existingSecret` | Existing secret with MongoDB credentials | `nil` | -| `mongodbRootPassword` | MongoDB admin password | `random alphanumeric string (10)` | -| `mongodbUsername` | MongoDB custom user (mandatory if `mongodbDatabase` is set) | `nil` | -| `mongodbPassword` | MongoDB custom user password | `random alphanumeric string (10)` | -| `mongodbDatabase` | Database to create | `nil` | -| `mongodbEnableIPv6` | Switch to enable/disable IPv6 on MongoDB | `false` | -| `mongodbDirectoryPerDB` | Switch to enable/disable DirectoryPerDB on MongoDB | `false` | -| `mongodbSystemLogVerbosity` | MongoDB system log verbosity level | `0` | -| `mongodbDisableSystemLog` | Whether to disable MongoDB system log or not | `false` | -| `mongodbExtraFlags` | MongoDB additional command line flags | `[]` | -| `service.name` | Kubernetes service name | `nil` | -| `service.annotations` | Kubernetes service annotations, evaluated as a template | `{}` | -| `service.type` | Kubernetes Service type | `ClusterIP` | -| `service.clusterIP` | Static clusterIP or None for headless services | `nil` | -| `service.port` | MongoDB service port | `27017` | -| `service.nodePort` | Port to bind to for NodePort service type | `nil` | -| `service.loadBalancerIP` | Static IP Address to use for LoadBalancer service type | `nil` | -| `service.externalIPs` | External IP list to use with ClusterIP service type | `[]` | -| `service.loadBalancerSourceRanges` | List of IP ranges allowed access to load balancer (if supported) | `[]` (does not add IP range restrictions to the service) | -| `replicaSet.enabled` | Switch to enable/disable replica set configuration | `false` | -| `replicaSet.name` | Name of the replica set | `rs0` | -| `replicaSet.useHostnames` | Enable DNS hostnames in the replica set config | `true` | -| `replicaSet.key` | Key used for authentication in the replica set | `random alphanumeric string (10)` | -| `replicaSet.replicas.secondary` | Number of secondary nodes in the replica set | `1` | -| `replicaSet.replicas.arbiter` | Number of arbiter nodes in the replica set | `1` | -| `replicaSet.pdb.enabled` | Switch to enable/disable Pod Disruption Budget | `true` | -| `replicaSet.pdb.minAvailable.secondary` | PDB (min available) for the MongoDB Secondary nodes | `1` | -| `replicaSet.pdb.minAvailable.arbiter` | PDB (min available) for the MongoDB Arbiter nodes | `1` | -| `replicaSet.pdb.maxUnavailable.secondary` | PDB (max unavailable) for the MongoDB Secondary nodes | `nil` | -| `replicaSet.pdb.maxUnavailable.arbiter` | PDB (max unavailable) for the MongoDB Arbiter nodes | `nil` | -| `annotations` | Annotations to be added to the deployment or statefulsets | `{}` | -| `labels` | Additional labels for the deployment or statefulsets | `{}` | -| `podAnnotations` | Annotations to be added to pods | `{}` | -| `podLabels` | Additional labels for the pod(s). | `{}` | -| `resources` | Pod resources | `{}` | -| `resourcesArbiter` | Pod resources for arbiter when replica set is enabled | `{}` | -| `priorityClassName` | Pod priority class name | `` | -| `extraEnvVars` | Array containing extra env vars to be added to all pods in the cluster (evaluated as a template) | `nil` | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `affinity` | Affinity for pod assignment | `{}` | -| `affinityArbiter` | Affinity for arbiter pod assignment | `{}` | -| `tolerations` | Toleration labels for pod assignment | `{}` | -| `updateStrategy` | Statefulsets update strategy policy | `RollingUpdate` | -| `securityContext.enabled` | Enable security context | `true` | -| `securityContext.fsGroup` | Group ID for the container | `1001` | -| `securityContext.runAsUser` | User ID for the container | `1001` | -| `schedulerName` | Name of the k8s scheduler (other than default) | `nil` | -| `sidecars` | Add additional containers to pod | `[]` | -| `extraVolumes` | Add additional volumes to deployment | `[]` | -| `extraVolumeMounts` | Add additional volumes mounts to pod | `[]` | -| `sidecarsArbiter` | Add additional containers to arbiter pod | `[]` | -| `extraVolumesArbiter` | Add additional volumes to arbiter deployment | `[]` | -| `extraVolumeMountsArbiter` | Add additional volumes mounts to arbiter pod | `[]` | -| `persistence.enabled` | Use a PVC to persist data | `true` | -| `persistence.mountPath` | Path to mount the volume at | `/bitnami/mongodb` | -| `persistence.subPath` | Subdirectory of the volume to mount at | `""` | -| `persistence.storageClass` | Storage class of backing PVC | `nil` (uses alpha storage class annotation) | -| `persistence.accessModes` | Use volume as ReadOnly or ReadWrite | `[ReadWriteOnce]` | -| `persistence.size` | Size of data volume | `8Gi` | -| `persistence.annotations` | Persistent Volume annotations | `{}` | -| `persistence.existingClaim` | Name of an existing PVC to use (avoids creating one if this is given) | `nil` | -| `useStatefulSet` | Set to true to use StatefulSet instead of Deployment even when replicaSet.enalbed=false | `nil` | -| `extraInitContainers` | Additional init containers as a string to be passed to the `tpl` function | `{}` | -| `livenessProbe.enabled` | Enable/disable the Liveness probe | `true` | -| `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `30` | -| `livenessProbe.periodSeconds` | How often to perform the probe | `10` | -| `livenessProbe.timeoutSeconds` | When the probe times out | `5` | -| `livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` | -| `livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `6` | -| `readinessProbe.enabled` | Enable/disable the Readiness probe | `true` | -| `readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | `5` | -| `readinessProbe.periodSeconds` | How often to perform the probe | `10` | -| `readinessProbe.timeoutSeconds` | When the probe times out | `5` | -| `readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `6` | -| `readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` | -| `initConfigMap.name` | Custom config map with init scripts | `nil` | -| `configmap` | MongoDB configuration file to be used | `nil` | -| `ingress.enabled` | Enable ingress controller resource | `false` | -| `ingress.certManager` | Add annotations for cert-manager | `false` | -| `ingress.annotations` | Ingress annotations | `[]` | -| `ingress.hosts[0].name` | Hostname to your MongoDB installation | `mongodb.local` | -| `ingress.hosts[0].path` | Path within the url structure | `/` | -| `ingress.tls[0].hosts[0]` | TLS hosts | `mongodb.local` | -| `ingress.tls[0].secretName` | TLS Secret (certificates) | `mongodb.local-tls` | -| `ingress.secrets[0].name` | TLS Secret Name | `nil` | -| `ingress.secrets[0].certificate` | TLS Secret Certificate | `nil` | -| `ingress.secrets[0].key` | TLS Secret Key | `nil` | -| `metrics.enabled` | Start a side-car prometheus exporter | `false` | -| `metrics.image.registry` | MongoDB exporter image registry | `docker.io` | -| `metrics.image.repository` | MongoDB exporter image name | `bitnami/mongodb-exporter` | -| `metrics.image.tag` | MongoDB exporter image tag | `{TAG_NAME}` | -| `metrics.image.pullPolicy` | Image pull policy | `Always` | -| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | -| `metrics.podAnnotations.prometheus.io/scrape` | Additional annotations for Metrics exporter pod | `true` | -| `metrics.podAnnotations.prometheus.io/port` | Additional annotations for Metrics exporter pod | `"9216"` | -| `metrics.extraArgs` | String with extra arguments for the MongoDB Exporter | `` | -| `metrics.resources` | Exporter resource requests/limit | `{}` | -| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using PrometheusOperator | `false` | -| `metrics.serviceMonitor.namespace` | Optional namespace which Prometheus is running in | `nil` | -| `metrics.serviceMonitor.additionalLabels` | Used to pass Labels that are required by the Installed Prometheus Operator | `{}` | -| `metrics.serviceMonitor.relabellings` | Specify Metric Relabellings to add to the scrape endpoint | `nil` | -| `metrics.serviceMonitor.alerting.rules` | Define individual alerting rules as required | `{}` | -| `metrics.serviceMonitor.alerting.additionalLabels` | Used to pass Labels that are required by the Installed Prometheus Operator | `{}` | -| `metrics.livenessProbe.enabled` | Enable/disable the Liveness Check of Prometheus metrics exporter | `false` | -| `metrics.livenessProbe.initialDelaySeconds` | Initial Delay for Liveness Check of Prometheus metrics exporter | `15` | -| `metrics.livenessProbe.periodSeconds` | How often to perform Liveness Check of Prometheus metrics exporter | `5` | -| `metrics.livenessProbe.timeoutSeconds` | Timeout for Liveness Check of Prometheus metrics exporter | `5` | -| `metrics.livenessProbe.failureThreshold` | Failure Threshold for Liveness Check of Prometheus metrics exporter | `3` | -| `metrics.livenessProbe.successThreshold` | Success Threshold for Liveness Check of Prometheus metrics exporter | `1` | -| `metrics.readinessProbe.enabled` | Enable/disable the Readiness Check of Prometheus metrics exporter | `false` | -| `metrics.readinessProbe.initialDelaySeconds` | Initial Delay for Readiness Check of Prometheus metrics exporter | `5` | -| `metrics.readinessProbe.periodSeconds` | How often to perform Readiness Check of Prometheus metrics exporter | `5` | -| `metrics.readinessProbe.timeoutSeconds` | Timeout for Readiness Check of Prometheus metrics exporter | `1` | -| `metrics.readinessProbe.failureThreshold` | Failure Threshold for Readiness Check of Prometheus metrics exporter | `3` | -| `metrics.readinessProbe.successThreshold` | Success Threshold for Readiness Check of Prometheus metrics exporter | `1` | - - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```bash -$ helm install --name my-release \ - --set mongodbRootPassword=secretpassword,mongodbUsername=my-user,mongodbPassword=my-password,mongodbDatabase=my-database \ - stable/mongodb -``` - -The above command sets the MongoDB `root` account password to `secretpassword`. Additionally, it creates a standard database user named `my-user`, with the password `my-password`, who has access to a database named `my-database`. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```bash -$ helm install --name my-release -f values.yaml stable/mongodb -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Configuration and installation details - -### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) - -It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. - -Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. - -### Production configuration and horizontal scaling - -This chart includes a `values-production.yaml` file where you can find some parameters oriented to production configuration in comparison to the regular `values.yaml`. You can use this file instead of the default one. - -- Switch to enable/disable replica set configuration: -```diff -- replicaSet.enabled: false -+ replicaSet.enabled: true -``` - -- Start a side-car prometheus exporter: -```diff -- metrics.enabled: false -+ metrics.enabled: true -``` - -- Enable/disable the Liveness Check of Prometheus metrics exporter: -```diff -- metrics.livenessProbe.enabled: false -+ metrics.livenessProbe.enabled: true -``` - -- Enable/disable the Readiness Check of Prometheus metrics exporter: -```diff -- metrics.readinessProbe.enabled: false -+ metrics.readinessProbe.enabled: true -``` - -To horizontally scale this chart, you can use the `--replicas` flag to modify the number of secondary nodes in your MongoDB replica set. - -### Replication - -You can start the MongoDB chart in replica set mode with the following parameter: `replicaSet.enabled=true` - -Some characteristics of this chart are: - -- Each of the participants in the replication has a fixed stateful set so you always know where to find the primary, secondary or arbiter nodes. -- The number of secondary and arbiter nodes can be scaled out independently. -- Easy to move an application from using a standalone MongoDB server to use a replica set. - -### Initialize a fresh instance - -The [Bitnami MongoDB](https://github.com/bitnami/bitnami-docker-mongodb) image allows you to use your custom scripts to initialize a fresh instance. In order to execute the scripts, they must be located inside the chart folder `files/docker-entrypoint-initdb.d` so they can be consumed as a ConfigMap. -Also you can create a custom config map and give it via `initConfigMap`(check options for more details). - -The allowed extensions are `.sh`, and `.js`. - -## Persistence - -The [Bitnami MongoDB](https://github.com/bitnami/bitnami-docker-mongodb) image stores the MongoDB data and configurations at the `/bitnami/mongodb` path of the container. - -The chart mounts a [Persistent Volume](http://kubernetes.io/docs/user-guide/persistent-volumes/) at this location. The volume is created using dynamic volume provisioning. - -### Adjust permissions of persistent volume mountpoint - -As the image run as non-root by default, it is necessary to adjust the ownership of the persistent volume so that the container can write data into it. - -By default, the chart is configured to use Kubernetes Security Context to automatically change the ownership of the volume. However, this feature does not work in all Kubernetes distributions. -As an alternative, this chart supports using an initContainer to change the ownership of the volume before mounting it in the final destination. - -You can enable this initContainer by setting `volumePermissions.enabled` to `true`. - -## Upgrading - -### To 7.0.0 -From this version, the way of setting the ingress rules has changed. Instead of using `ingress.paths` and `ingress.hosts` as separate objects, you should now define the rules as objects inside the `ingress.hosts` value, for example: - -```yaml -ingress: - hosts: - - name: mongodb.local - path: / -``` - -### To 6.0.0 - -From this version, `mongodbEnableIPv6` is set to `false` by default in order to work properly in most k8s clusters, if you want to use IPv6 support, you need to set this variable to `true` by adding `--set mongodbEnableIPv6=true` to your `helm` command. -You can find more information in the [`bitnami/mongodb` image README](https://github.com/bitnami/bitnami-docker-mongodb/blob/master/README.md). - -### To 5.0.0 - -When enabling replicaset configuration, backwards compatibility is not guaranteed unless you modify the labels used on the chart's statefulsets. -Use the workaround below to upgrade from versions previous to 5.0.0. The following example assumes that the release name is `my-release`: - -```console -$ kubectl delete statefulset my-release-mongodb-arbiter my-release-mongodb-primary my-release-mongodb-secondary --cascade=false -``` - -## Configure Ingress -MongoDB can exposed externally using an Ingress controller. To do so, it's necessary to: - -- Install the MongoDB chart setting the parameter `ingress.enabled=true`. -- Create a ConfigMap to map the external port to use and the internal service/port where to redirect the requests (see https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/exposing-tcp-udp-services.md for more information). - -For instance, if you installed the MongoDB chart in the `default` namespace, you can install the [stable/nginx-ingress chart](https://github.com/helm/charts/tree/master/stable/nginx-ingress) setting the "tcp" parameter in the **values.yaml** used to install the chart as shown below: - -```yaml -... - -tcp: - 27017: "default/mongodb:27017" -``` diff --git a/solution-base/mongodb/charts/mongodb/custom-values.yaml b/solution-base/mongodb/charts/mongodb/custom-values.yaml deleted file mode 100644 index 2ab41e3f7f..0000000000 --- a/solution-base/mongodb/charts/mongodb/custom-values.yaml +++ /dev/null @@ -1,514 +0,0 @@ -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry and imagePullSecrets -## -# global: -# imageRegistry: myRegistryName -# imagePullSecrets: -# - myRegistryKeySecretName -# storageClass: myStorageClass - -image: - ## Bitnami MongoDB registry - ## - registry: docker.io - ## Bitnami MongoDB image name - ## - repository: bitnami/mongodb - ## Bitnami MongoDB image tag - ## ref: https://hub.docker.com/r/bitnami/mongodb/tags/ - ## - tag: 4.0.14-debian-9-r24 - ## Specify a imagePullPolicy - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - - ## Set to true if you would like to see extra information on logs - ## It turns on Bitnami debugging in minideb-extras-base - ## ref: https://github.com/bitnami/minideb-extras-base - debug: false - -## String to partially override mongodb.fullname template (will maintain the release name) -## -# nameOverride: - -## String to fully override mongodb.fullname template -## -# fullnameOverride: - -# Add custom extra environment variables to all the MongoDB containers -# extraEnvVars: - -## Init containers parameters: -## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. -## -volumePermissions: - enabled: false - image: - registry: docker.io - repository: bitnami/minideb - tag: stretch - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - resources: {} - -## Enable authentication -## ref: https://docs.mongodb.com/manual/tutorial/enable-authentication/ -# -usePassword: true -# existingSecret: name-of-existing-secret - -## MongoDB admin password -## ref: https://github.com/bitnami/bitnami-docker-mongodb/blob/master/README.md#setting-the-root-password-on-first-run -## -# mongodbRootPassword: - -## MongoDB custom user and database -## ref: https://github.com/bitnami/bitnami-docker-mongodb/blob/master/README.md#creating-a-user-and-database-on-first-run -## -# mongodbUsername: username -# mongodbPassword: password -# mongodbDatabase: database - -## Whether enable/disable IPv6 on MongoDB -## ref: https://github.com/bitnami/bitnami-docker-mongodb/blob/master/README.md#enabling/disabling-ipv6 -## -mongodbEnableIPv6: false - -## Whether enable/disable DirectoryPerDB on MongoDB -## ref: https://github.com/bitnami/bitnami-docker-mongodb/blob/master/README.md#enabling/disabling-directoryperdb -## -mongodbDirectoryPerDB: false - -## MongoDB System Log configuration -## ref: https://github.com/bitnami/bitnami-docker-mongodb#configuring-system-log-verbosity-level -## -mongodbSystemLogVerbosity: 0 -mongodbDisableSystemLog: false - -## MongoDB additional command line flags -## -## Can be used to specify command line flags, for example: -## -## mongodbExtraFlags: -## - "--wiredTigerCacheSizeGB=2" -mongodbExtraFlags: [] - -## Pod Security Context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ -## -securityContext: - enabled: true - fsGroup: 1001 - runAsUser: 1001 - -## Kubernetes Cluster Domain -clusterDomain: cluster.local - -## Kubernetes service type -service: - ## Specify an explicit service name. - # name: svc-mongo - ## Provide any additional annotations which may be required. - ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart - annotations: {} - type: ClusterIP - # clusterIP: None - port: 27017 - - ## Specify the nodePort value for the LoadBalancer and NodePort service types. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - # nodePort: - - ## Specify the externalIP value ClusterIP service type. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips - # externalIPs: [] - - ## Specify the loadBalancerIP value for LoadBalancer service types. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer - ## - # loadBalancerIP: - - ## Specify the loadBalancerSourceRanges value for LoadBalancer service types. - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## - # loadBalancerSourceRanges: [] - -## Use StatefulSet instead of Deployment when deploying standalone -useStatefulSet: false - -## Setting up replication -## ref: https://github.com/bitnami/bitnami-docker-mongodb#setting-up-a-replication -# -replicaSet: - ## Whether to create a MongoDB replica set for high availability or not - enabled: true - useHostnames: true - - ## Name of the replica set - ## - name: rs0 - - ## Key used for replica set authentication - ## - # key: key - - ## Number of replicas per each node type - ## - replicas: - secondary: 1 - arbiter: 1 - - ## Pod Disruption Budget - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ - pdb: - enabled: true - minAvailable: - secondary: 1 - arbiter: 1 - # maxUnavailable: - # secondary: 1 - # arbiter: 1 - -# Annotations to be added to the deployment or statefulsets -annotations: {} - -# Additional labels to apply to the deployment or statefulsets -labels: {} - -# Annotations to be added to MongoDB pods -podAnnotations: {} - -# Additional pod labels to apply -podLabels: {} - -## Use an alternate scheduler, e.g. "stork". -## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ -## -# schedulerName: - -## Configure resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## -resources: {} -# Define separate resources per arbiter, which are less then primary or secondary -# used only when replica set is enabled -resourcesArbiter: {} -# limits: -# cpu: 500m -# memory: 512Mi -# requests: -# cpu: 100m -# memory: 256Mi - -## Pod priority -## https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ -# priorityClassName: "" - -## Node selector -## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector -nodeSelector: {} - -## Affinity -## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -affinity: {} -# Define separate affinity for arbiter pod -affinityArbiter: {} - -## Tolerations -## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -tolerations: [] - -## Add sidecars to the pod -## -## For example: -## sidecars: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -sidecars: [] -## Array to add extra volumes -## -extraVolumes: [] -## Array to add extra mounts (normally used with extraVolumes) -## -extraVolumeMounts: [] - -## Add sidecars to the arbiter pod -# used only when replica set is enabled -## -## For example: -## sidecars: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -sidecarsArbiter: [] -## Array to add extra volumes to the arbiter -# used only when replica set is enabled -## -extraVolumesArbiter: [] -## Array to add extra mounts (normally used with extraVolumes) to the arbiter -# used only when replica set is enabled -## -extraVolumeMountsArbiter: [] - -## updateStrategy for MongoDB Primary, Secondary and Arbitrer statefulsets -## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies -updateStrategy: - type: RollingUpdate - -## Enable persistence using Persistent Volume Claims -## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ -## -persistence: - enabled: true - ## A manually managed Persistent Volume and Claim - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - ## - # existingClaim: - - ## The path the volume will be mounted at, useful when using different - ## MongoDB images. - ## - mountPath: /bitnami/mongodb - - ## The subdirectory of the volume to mount to, useful in dev environments - ## and one PV for multiple services. - ## - subPath: "" - - ## mongodb data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClass: "-" - accessModes: - - ReadWriteOnce - size: 10Gi - annotations: {} - selector: - matchLabels: - app.kubernetes.io/name: mongodb - app.kubernetes.io/part-of: zenko - -## Configure the ingress resource that allows you to access the -## MongoDB installation. Set up the URL -## ref: http://kubernetes.io/docs/user-guide/ingress/ -## -ingress: - ## Set to true to enable ingress record generation - enabled: false - - ## Set this to true in order to add the corresponding annotations for cert-manager - certManager: false - - ## Ingress annotations done as key:value pairs - ## For a full list of possible ingress annotations, please see - ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md - ## - ## If tls is set to true, annotation ingress.kubernetes.io/secure-backends: "true" will automatically be set - ## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set - annotations: - # kubernetes.io/ingress.class: nginx - - ## The list of hostnames to be covered with this ingress record. - ## Most likely this will be just one host, but in the event more hosts are needed, this is an array - hosts: - - name: mongodb.local - path: / - - ## The tls configuration for the ingress - ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls - tls: - - hosts: - - mongodb.local - secretName: mongodb.local-tls - - secrets: - ## If you're providing your own certificates, please use this to add the certificates as secrets - ## key and certificate should start with -----BEGIN CERTIFICATE----- or - ## -----BEGIN RSA PRIVATE KEY----- - ## - ## name should line up with a tlsSecret set further up - ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set - ## - ## It is also possible to create and manage the certificates outside of this helm chart - ## Please see README.md for more information - # - name: airflow.local-tls - # key: - # certificate: - -## Configure the options for init containers to be run before the main app containers -## are started. All init containers are run sequentially and must exit without errors -## for the next one to be started. -## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ -# extraInitContainers: | -# - name: do-something -# image: busybox -# command: ['do', 'something'] - -## Configure extra options for liveness and readiness probes -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) -livenessProbe: - enabled: true - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 -readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - -# Define custom config map with init scripts -initConfigMap: {} -# name: "init-config-map" - -## Entries for the MongoDB config file. For documentation of all options, see: -## http://docs.mongodb.org/manual/reference/configuration-options/ -## -configmap: -# # where and how to store data. -# storage: -# dbPath: /bitnami/mongodb/data/db -# journal: -# enabled: true -# directoryPerDB: false -# # where to write logging data. -# systemLog: -# destination: file -# quiet: false -# logAppend: true -# logRotate: reopen -# path: /opt/bitnami/mongodb/logs/mongodb.log -# verbosity: 0 -# # network interfaces -# net: -# port: 27017 -# unixDomainSocket: -# enabled: true -# pathPrefix: /opt/bitnami/mongodb/tmp -# ipv6: false -# bindIpAll: true -# # replica set options -# #replication: -# #replSetName: replicaset -# #enableMajorityReadConcern: true -# # process management options -# processManagement: -# fork: false -# pidFilePath: /opt/bitnami/mongodb/tmp/mongodb.pid -# # set parameter options -# setParameter: -# enableLocalhostAuthBypass: true -# # security options -# security: -# authorization: disabled -# #keyFile: /opt/bitnami/mongodb/conf/keyfile - -## Prometheus Exporter / Metrics -## -metrics: - enabled: true - - image: - registry: docker.io - repository: bitnami/mongodb-exporter - tag: 0.34.0-debian-11-r24 - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - - ## String with extra arguments to the metrics exporter - ## ref: https://github.com/percona/mongodb_exporter/blob/master/mongodb_exporter.go - ## - ## We use "--compatible-mode" flag to export old metric: "mongodb_mongod_replset_oplog_head_timestamp" - ## for mongoDB and backbeat dashboards. - extraArgs: "--collector.diagnosticdata --collector.replicasetstatus --collector.dbstats --collector.topmetrics --compatible-mode" - - ## Metrics exporter resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## - # resources: {} - - ## Metrics exporter liveness and readiness probes - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) - livenessProbe: - enabled: true - initialDelaySeconds: 15 - periodSeconds: 5 - timeoutSeconds: 5 - failureThreshold: 3 - successThreshold: 1 - readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 5 - timeoutSeconds: 1 - failureThreshold: 3 - successThreshold: 1 - - ## Metrics exporter pod Annotation - podAnnotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9216" - - ## Prometheus Service Monitor - ## ref: https://github.com/coreos/prometheus-operator - ## https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md - serviceMonitor: - ## If the operator is installed in your cluster, set to true to create a Service Monitor Entry - enabled: true - - ## Specify a namespace if needed - # namespace: monitoring - - ## Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec - additionalLabels: - metalk8s.scality.com/monitor: '' - - ## Specify Metric Relabellings to add to the scrape endpoint - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint - # relabellings: - - alerting: - ## Define individual alerting rules as required - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#rulegroup - ## https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/ - rules: {} - - ## Used to pass Labels that are used by the Prometheus installed in your cluster to select Prometheus Rules to work with - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec - additionalLabels: {} diff --git a/solution-base/mongodb/charts/mongodb/files/docker-entrypoint-initdb.d/README.md b/solution-base/mongodb/charts/mongodb/files/docker-entrypoint-initdb.d/README.md deleted file mode 100644 index a9299905d0..0000000000 --- a/solution-base/mongodb/charts/mongodb/files/docker-entrypoint-initdb.d/README.md +++ /dev/null @@ -1,3 +0,0 @@ -You can copy here your custom .sh, or .js file so they are executed during the first boot of the image. - -More info in the [bitnami-docker-mongodb](https://github.com/bitnami/bitnami-docker-mongodb#initializing-a-new-instance) repository. \ No newline at end of file diff --git a/solution-base/mongodb/charts/mongodb/files/docker-entrypoint-initdb.d/create-app-user.sh b/solution-base/mongodb/charts/mongodb/files/docker-entrypoint-initdb.d/create-app-user.sh deleted file mode 120000 index 61f367cb42..0000000000 --- a/solution-base/mongodb/charts/mongodb/files/docker-entrypoint-initdb.d/create-app-user.sh +++ /dev/null @@ -1 +0,0 @@ -../../../../scripts/create-app-user.sh \ No newline at end of file diff --git a/solution-base/mongodb/charts/mongodb/files/docker-entrypoint-initdb.d/set-default-write-concern-majority.sh b/solution-base/mongodb/charts/mongodb/files/docker-entrypoint-initdb.d/set-default-write-concern-majority.sh deleted file mode 120000 index 9d7ca4a1ef..0000000000 --- a/solution-base/mongodb/charts/mongodb/files/docker-entrypoint-initdb.d/set-default-write-concern-majority.sh +++ /dev/null @@ -1 +0,0 @@ -../../../../scripts/set-default-write-concern-majority.sh \ No newline at end of file diff --git a/solution-base/mongodb/charts/mongodb/templates/NOTES.txt b/solution-base/mongodb/charts/mongodb/templates/NOTES.txt deleted file mode 100644 index 2de5d48b9f..0000000000 --- a/solution-base/mongodb/charts/mongodb/templates/NOTES.txt +++ /dev/null @@ -1,75 +0,0 @@ -{{- if contains .Values.service.type "LoadBalancer" }} -{{- if not .Values.mongodbRootPassword }} -------------------------------------------------------------------------------- - WARNING - - By specifying "service.type=LoadBalancer" and not specifying "mongodbRootPassword" - you have most likely exposed the MongoDB service externally without any - authentication mechanism. - - For security reasons, we strongly suggest that you switch to "ClusterIP" or - "NodePort". As alternative, you can also specify a valid password on the - "mongodbRootPassword" parameter. - -------------------------------------------------------------------------------- -{{- end }} -{{- end }} - -** Please be patient while the chart is being deployed ** - -MongoDB can be accessed via port {{ .Values.service.port }} on the following DNS name from within your cluster: - - {{ template "mongodb.serviceName" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} - -{{ if .Values.usePassword -}} - -To get the root password run: - - export MONGODB_ROOT_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "mongodb.fullname" . }} -o jsonpath="{.data.mongodb-root-password}" | base64 --decode) - -{{- end }} -{{- if and .Values.mongodbUsername .Values.mongodbDatabase }} -{{- if .Values.mongodbPassword }} - -To get the password for "{{ .Values.mongodbUsername }}" run: - - export MONGODB_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "mongodb.fullname" . }} -o jsonpath="{.data.mongodb-password}" | base64 --decode) - -{{- end }} -{{- end }} - -To connect to your database run the following command: - - kubectl run --namespace {{ .Release.Namespace }} {{ template "mongodb.fullname" . }}-client --rm --tty -i --restart='Never' --image bitnami/mongodb --command -- mongo admin --host {{ template "mongodb.serviceName" . }} {{- if .Values.usePassword }} --authenticationDatabase admin -u root -p $MONGODB_ROOT_PASSWORD{{- end }} - -To connect to your database from outside the cluster execute the following commands: - -{{- if contains "NodePort" .Values.service.type }} - - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "mongodb.serviceName" . }}) - mongo --host $NODE_IP --port $NODE_PORT {{- if .Values.usePassword }} --authenticationDatabase admin -p $MONGODB_ROOT_PASSWORD{{- end }} - -{{- else if contains "LoadBalancer" .Values.service.type }} - - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "mongodb.serviceName" . }}' - - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "mongodb.serviceName" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - mongo --host $SERVICE_IP --port {{ .Values.service.nodePort }} {{- if .Values.usePassword }} --authenticationDatabase admin -p $MONGODB_ROOT_PASSWORD{{- end }} - -{{- else if contains "ClusterIP" .Values.service.type }} - - kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "mongodb.serviceName" . }} {{ .Values.service.port }}:{{ .Values.service.port }} & - mongo --host 127.0.0.1 {{- if .Values.usePassword }} --authenticationDatabase admin -p $MONGODB_ROOT_PASSWORD{{- end }} - -{{- end }} - -{{- include "mongodb.validateValues" . -}} - -{{- if and (contains "bitnami/" .Values.image.repository) (not (.Values.image.tag | toString | regexFind "-r\\d+$|sha256:")) }} - -WARNING: Rolling tag detected ({{ .Values.image.repository }}:{{ .Values.image.tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. -+info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ - -{{- end }} diff --git a/solution-base/mongodb/charts/mongodb/templates/_helpers.tpl b/solution-base/mongodb/charts/mongodb/templates/_helpers.tpl deleted file mode 100644 index fe6963a7e6..0000000000 --- a/solution-base/mongodb/charts/mongodb/templates/_helpers.tpl +++ /dev/null @@ -1,278 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "mongodb.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Renders a value that contains template. -Usage: -{{ include "mongodb.tplValue" ( dict "value" .Values.path.to.the.Value "context" $) }} -*/}} -{{- define "mongodb.tplValue" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "mongodb.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "mongodb.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create the name for the admin secret. -*/}} -{{- define "mongodb.adminSecret" -}} - {{- if .Values.auth.existingAdminSecret -}} - {{- .Values.auth.existingAdminSecret -}} - {{- else -}} - {{- template "mongodb.fullname" . -}}-admin - {{- end -}} -{{- end -}} - -{{/* -Create the name for the key secret. -*/}} -{{- define "mongodb.keySecret" -}} - {{- if .Values.auth.existingKeySecret -}} - {{- .Values.auth.existingKeySecret -}} - {{- else -}} - {{- template "mongodb.fullname" . -}}-keyfile - {{- end -}} -{{- end -}} - -{{/* -Return the proper MongoDB image name -*/}} -{{- define "mongodb.image" -}} -{{- $registryName := .Values.image.registry -}} -{{- $repositoryName := .Values.image.repository -}} -{{- $tag := .Values.image.tag | toString -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. -Also, we can't use a single if because lazy evaluation is not an option -*/}} -{{- if .Values.global }} - {{- if .Values.global.imageRegistry }} - {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} - {{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} - {{- end -}} -{{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} -{{- end -}} -{{- end -}} - -{{/* -Return the proper image name (for the metrics image) -*/}} -{{- define "mongodb.metrics.image" -}} -{{- $registryName := .Values.metrics.image.registry -}} -{{- $repositoryName := .Values.metrics.image.repository -}} -{{- $tag := .Values.metrics.image.tag | toString -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. -Also, we can't use a single if because lazy evaluation is not an option -*/}} -{{- if .Values.global }} - {{- if .Values.global.imageRegistry }} - {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} - {{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} - {{- end -}} -{{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} -{{- end -}} -{{- end -}} - - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "mongodb.imagePullSecrets" -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic. -Also, we can not use a single if because lazy evaluation is not an option -*/}} -{{- if .Values.global }} -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} - - name: {{ . }} -{{- end }} -{{- else if or .Values.image.pullSecrets .Values.metrics.image.pullSecrets .Values.volumePermissions.image.pullSecrets }} -imagePullSecrets: -{{- range .Values.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- range .Values.metrics.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- range .Values.volumePermissions.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- end -}} -{{- else if or .Values.image.pullSecrets .Values.metrics.image.pullSecrets .Values.volumePermissions.image.pullSecrets }} -imagePullSecrets: -{{- range .Values.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- range .Values.metrics.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- range .Values.volumePermissions.image.pullSecrets }} - - name: {{ . }} -{{- end }} -{{- end -}} -{{- end -}} - -{{/* -Return the proper image name (for the init container volume-permissions image) -*/}} -{{- define "mongodb.volumePermissions.image" -}} -{{- $registryName := .Values.volumePermissions.image.registry -}} -{{- $repositoryName := .Values.volumePermissions.image.repository -}} -{{- $tag := .Values.volumePermissions.image.tag | toString -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. -Also, we can't use a single if because lazy evaluation is not an option -*/}} -{{- if .Values.global }} - {{- if .Values.global.imageRegistry }} - {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} - {{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} - {{- end -}} -{{- else -}} - {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} -{{- end -}} -{{- end -}} - -{{/* -Compile all warnings into a single message, and call fail. -*/}} -{{- define "mongodb.validateValues" -}} -{{- $messages := list -}} -{{- $messages := append $messages (include "mongodb.validateValues.mongodbCustomDatabase" .) -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - -{{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} -{{- end -}} -{{- end -}} - -{{/* -Validate values of MongoDB - both mongodbUsername and mongodbDatabase are necessary -to create a custom user and database during 1st initialization -*/}} -{{- define "mongodb.validateValues.mongodbCustomDatabase" -}} -{{- if or (and .Values.mongodbUsername (not .Values.mongodbDatabase)) (and (not .Values.mongodbUsername) .Values.mongodbDatabase) }} -mongodb: mongodbUsername, mongodbDatabase - Both mongodbUsername and mongodbDatabase must be provided to create - a custom user and database during 1st initialization. - Please set both of them (--set mongodbUsername="xxxx",mongodbDatabase="yyyy") -{{- end -}} -{{- end -}} - -{{/* -Return the proper Storage Class -*/}} -{{- define "mongodb.storageClass" -}} -{{/* -Helm 2.11 supports the assignment of a value to a variable defined in a different scope, -but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic. -*/}} -{{- if .Values.global -}} - {{- if .Values.global.storageClass -}} - {{- if (eq "-" .Values.global.storageClass) -}} - {{- printf "storageClassName: \"\"" -}} - {{- else }} - {{- printf "storageClassName: %s" .Values.global.storageClass -}} - {{- end -}} - {{- else -}} - {{- if .Values.persistence.storageClass -}} - {{- if (eq "-" .Values.persistence.storageClass) -}} - {{- printf "storageClassName: \"\"" -}} - {{- else }} - {{- printf "storageClassName: %s" .Values.persistence.storageClass -}} - {{- end -}} - {{- end -}} - {{- end -}} -{{- else -}} - {{- if .Values.persistence.storageClass -}} - {{- if (eq "-" .Values.persistence.storageClass) -}} - {{- printf "storageClassName: \"\"" -}} - {{- else }} - {{- printf "storageClassName: %s" .Values.persistence.storageClass -}} - {{- end -}} - {{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Returns the proper Service name depending if an explicit service name is set -in the values file. If the name is not explicitly set it will take the "mongodb.fullname" -*/}} -{{- define "mongodb.serviceName" -}} - {{- if .Values.service.name -}} - {{ .Values.service.name }} - {{- else -}} - {{ template "mongodb.fullname" .}} - {{- end -}} -{{- end -}} - - -{{- define "mongodb.servicePort" -}} - {{- if .Values.service.port -}} - {{ .Values.service.port | toString }} - {{- else -}} - {{ 27017 | toString }} - {{- end -}} -{{- end -}} - -{{- define "mongodb.headlessServiceSuffix" -}} -{{ template "mongodb.fullname" .}}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:{{ template "mongodb.servicePort" . }} -{{- end -}} - -{{/* -Create the default mongodb replicaset hosts string -*/}} -{{- define "mongodb.hosts" -}} -{{- $secondaryCount := (int (.Values.replicaSet.replicas.secondary)) -}} -{{- $arbiterCount := (int (.Values.replicaSet.replicas.arbiter)) -}} -{{- $suffix := include "mongodb.headlessServiceSuffix" . -}} -{{- $name := include "mongodb.fullname" . -}} -{{ $name }}-primary-0.{{ $suffix }} -{{- range $v := until $secondaryCount}},{{ $name }}-secondary-{{ $v }}.{{ $suffix }}{{- end -}} -{{- range $v := until $arbiterCount}},{{ $name }}-arbiter-{{ $v }}.{{ $suffix }}{{- end -}} -{{- end -}} diff --git a/solution-base/mongodb/charts/mongodb/templates/configmap.yaml b/solution-base/mongodb/charts/mongodb/templates/configmap.yaml deleted file mode 100644 index 66dc853866..0000000000 --- a/solution-base/mongodb/charts/mongodb/templates/configmap.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.configmap }} -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app: {{ template "mongodb.name" . }} - chart: {{ template "mongodb.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - name: {{ template "mongodb.fullname" . }} -data: - mongodb.conf: |- -{{ toYaml .Values.configmap | indent 4 }} -{{- end }} \ No newline at end of file diff --git a/solution-base/mongodb/charts/mongodb/templates/deployment-standalone.yaml b/solution-base/mongodb/charts/mongodb/templates/deployment-standalone.yaml deleted file mode 100644 index 78c9e1d704..0000000000 --- a/solution-base/mongodb/charts/mongodb/templates/deployment-standalone.yaml +++ /dev/null @@ -1,299 +0,0 @@ -{{- if not .Values.replicaSet.enabled }} -apiVersion: apps/v1 -kind: {{ if .Values.useStatefulSet }}{{ "StatefulSet" }}{{- else }}{{ "Deployment" }}{{- end }} -metadata: - name: {{ template "mongodb.fullname" . }} - labels: - app: {{ template "mongodb.name" . }} - chart: {{ template "mongodb.chart" . }} - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" - {{- with .Values.labels }} -{{ toYaml . | indent 4 }} - {{- end }} - {{- with .Values.annotations }} - annotations: -{{ toYaml . | indent 4 }} - {{- end }} -spec: - strategy: - type: {{ .Values.updateStrategy.type }} - {{- if (eq "Recreate" .Values.updateStrategy.type) }} - rollingUpdate: null - {{- end }} - selector: - matchLabels: - app: {{ template "mongodb.name" . }} - release: "{{ .Release.Name }}" - template: - metadata: - labels: - app: {{ template "mongodb.name" . }} - release: "{{ .Release.Name }}" - chart: {{ template "mongodb.chart" . }} - {{- if .Values.podLabels }} -{{ toYaml .Values.podLabels | indent 8 }} - {{- end }} - {{- if or .Values.podAnnotations .Values.metrics.enabled }} - annotations: -{{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} -{{- end }} -{{- if .Values.metrics.enabled }} -{{ toYaml .Values.metrics.podAnnotations | indent 8 }} -{{- end }} - {{- end }} - spec: - {{- if .Values.schedulerName }} - schedulerName: "{{ .Values.schedulerName }}" - {{- end }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName }} - {{- end }} - {{- if .Values.securityContext.enabled }} - securityContext: - fsGroup: {{ .Values.securityContext.fsGroup }} - {{- end }} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} - {{- end -}} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 8 }} - {{- end }} -{{- include "mongodb.imagePullSecrets" . | indent 6 }} - initContainers: - {{- if .Values.extraInitContainers }} -{{ tpl .Values.extraInitContainers . | indent 6}} - {{- end }} - {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} - - name: volume-permissions - image: {{ template "mongodb.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - command: ["chown", "-R", "{{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }}", "{{ .Values.persistence.mountPath }}"] - securityContext: - runAsUser: 0 - resources: {{ toYaml .Values.volumePermissions.resources | nindent 10 }} - volumeMounts: - - name: data - mountPath: {{ .Values.persistence.mountPath }} - {{- end }} - containers: - - name: {{ template "mongodb.fullname" . }} - image: {{ template "mongodb.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - {{- if .Values.securityContext.enabled }} - securityContext: - runAsNonRoot: true - runAsUser: {{ .Values.securityContext.runAsUser }} - {{- end }} - env: - {{- if .Values.image.debug}} - - name: BITNAMI_DEBUG - value: "true" - {{- end }} - {{- if .Values.usePassword }} - {{- if and .Values.mongodbUsername .Values.mongodbDatabase }} - - name: MONGODB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{- else }}{{ template "mongodb.fullname" . }}{{- end }} - key: mongodb-password - {{- end }} - - name: MONGODB_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{- else }}{{ template "mongodb.fullname" . }}{{- end }} - key: mongodb-root-password - {{- end }} - {{- if .Values.mongodbUsername }} - - name: MONGODB_USERNAME - value: {{ .Values.mongodbUsername | quote }} - {{- end }} - - name: MONGODB_SYSTEM_LOG_VERBOSITY - value: {{ .Values.mongodbSystemLogVerbosity | quote }} - - name: MONGODB_DISABLE_SYSTEM_LOG - {{- if .Values.mongodbDisableSystemLog }} - value: "yes" - {{- else }} - value: "no" - {{- end }} - {{- if .Values.mongodbDatabase }} - - name: MONGODB_DATABASE - value: {{ .Values.mongodbDatabase | quote }} - {{- end }} - - name: MONGODB_ENABLE_IPV6 - {{- if .Values.mongodbEnableIPv6 }} - value: "yes" - {{- else }} - value: "no" - {{- end }} - - name: MONGODB_ENABLE_DIRECTORY_PER_DB - {{- if .Values.mongodbDirectoryPerDB }} - value: "yes" - {{- else }} - value: "no" - {{- end }} - {{- if .Values.mongodbExtraFlags }} - - name: MONGODB_EXTRA_FLAGS - value: {{ .Values.mongodbExtraFlags | join " " | quote }} - {{- end }} - {{- if .Values.extraEnvVars }} - {{- include "mongodb.tplValue" ( dict "value" .Values.extraEnvVars "context" $ ) | nindent 8 }} - {{- end }} - ports: - - name: mongodb - containerPort: 27017 - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - exec: - command: - - mongo - - --eval - - "db.adminCommand('ping')" - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - exec: - command: - - mongo - - --eval - - "db.adminCommand('ping')" - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - {{- end }} - volumeMounts: - - name: data - mountPath: {{ .Values.persistence.mountPath }} - subPath: {{ .Values.persistence.subPath }} - {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*[sh|js|json]") (.Values.initConfigMap) }} - - name: custom-init-scripts - mountPath: /docker-entrypoint-initdb.d - {{- end }} - {{- if .Values.configmap }} - - name: config - mountPath: /opt/bitnami/mongodb/conf/mongodb.conf - subPath: mongodb.conf - {{- end }} - {{- if .Values.extraVolumeMounts }} -{{ toYaml .Values.extraVolumeMounts | indent 8}} - {{- end }} - resources: -{{ toYaml .Values.resources | indent 10 }} -{{- if .Values.metrics.enabled }} - - name: metrics - image: {{ template "mongodb.metrics.image" . }} - imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} - {{- if .Values.securityContext.enabled }} - securityContext: - runAsNonRoot: true - runAsUser: {{ .Values.securityContext.runAsUser }} - {{- end }} - env: - {{- if .Values.usePassword }} - - name: MONGODB_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{- else }}{{ template "mongodb.fullname" . }}{{- end }} - key: mongodb-root-password - command: [ 'sh', '-c', '/bin/mongodb_exporter --mongodb.uri mongodb://root:${MONGODB_ROOT_PASSWORD}@localhost:{{ .Values.service.port }}/admin {{ .Values.metrics.extraArgs }}' ] - {{- else }} - command: [ 'sh', '-c', '/bin/mongodb_exporter --mongodb.uri mongodb://localhost:{{ .Values.service.port }} {{ .Values.metrics.extraArgs }}' ] - {{- end }} - ports: - - name: metrics - containerPort: 9216 - {{- if .Values.metrics.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /metrics - port: metrics - initialDelaySeconds: {{ .Values.metrics.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.metrics.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.metrics.livenessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.metrics.livenessProbe.failureThreshold }} - successThreshold: {{ .Values.metrics.livenessProbe.successThreshold }} - {{- end }} - {{- if .Values.metrics.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: /metrics - port: metrics - initialDelaySeconds: {{ .Values.metrics.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.metrics.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.metrics.readinessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.metrics.readinessProbe.failureThreshold }} - successThreshold: {{ .Values.metrics.readinessProbe.successThreshold }} - {{- end }} - resources: -{{ toYaml .Values.metrics.resources | indent 10 }} -{{- end }} -{{- if .Values.sidecars }} -{{ toYaml .Values.sidecars | indent 6 }} -{{- end }} - volumes: - {{- if (.Files.Glob "files/docker-entrypoint-initdb.d/*[sh|js|json]") }} - - name: custom-init-scripts - configMap: - name: {{ template "mongodb.fullname" . }}-init-scripts - {{- end }} - {{- if (.Values.initConfigMap) }} - - name: custom-init-scripts - configMap: - name: {{ .Values.initConfigMap.name }} - {{- end }} - - name: data - {{- if not .Values.useStatefulSet }} - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim }}{{- else }}{{ template "mongodb.fullname" . }}{{- end }} - - {{- else }} - emptyDir: {} - {{- end -}} - {{- end -}} - {{- if .Values.configmap }} - - name: config - configMap: - name: {{ template "mongodb.fullname" . }} - {{- end }} - {{- if .Values.extraVolumes }} -{{ toYaml .Values.extraVolumes | indent 6}} - {{- end }} -{{- if .Values.useStatefulSet }} -{{- if .Values.persistence.enabled }} - volumeClaimTemplates: - - metadata: - name: data - annotations: - {{- range $key, $value := .Values.persistence.annotations }} - {{ $key }}: "{{ $value }}" - {{- end }} - spec: - accessModes: - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{ include "mongodb.storageClass" . }} -{{- else }} - - name: data - emptyDir: {} -{{- end }} -{{- end }} -{{- end -}} diff --git a/solution-base/mongodb/charts/mongodb/templates/ingress.yaml b/solution-base/mongodb/charts/mongodb/templates/ingress.yaml deleted file mode 100644 index 669c33b9e4..0000000000 --- a/solution-base/mongodb/charts/mongodb/templates/ingress.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if .Values.ingress.enabled }} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: {{ template "mongodb.fullname" . }} - labels: - app: {{ template "mongodb.name" . }} - chart: {{ template "mongodb.chart" . }} - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" - annotations: - {{- if .Values.ingress.certManager }} - kubernetes.io/tls-acme: "true" - {{- end }} - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -spec: - rules: - {{- range .Values.ingress.hosts }} - - host: {{ .name }} - http: - paths: - - path: {{ default "/" .path }} - backend: - serviceName: {{ template "mongodb.serviceName" $ }} - servicePort: mongodb - {{- end }} - {{- if .Values.ingress.tls }} - tls: -{{ toYaml .Values.ingress.tls | indent 4 }} - {{- end }} -{{- end }} diff --git a/solution-base/mongodb/charts/mongodb/templates/initialization-configmap.yaml b/solution-base/mongodb/charts/mongodb/templates/initialization-configmap.yaml deleted file mode 100644 index 02da7dfbed..0000000000 --- a/solution-base/mongodb/charts/mongodb/templates/initialization-configmap.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{ if (.Files.Glob "files/docker-entrypoint-initdb.d/*[sh|js|json]") }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "mongodb.fullname" . }}-init-scripts - labels: - app: {{ template "mongodb.name" . }} - chart: {{ template "mongodb.chart" . }} - release: {{ .Release.Name | quote }} - heritage: {{ .Release.Service | quote }} -data: -{{ tpl (.Files.Glob "files/docker-entrypoint-initdb.d/*[sh|js|json]").AsConfig . | indent 2 }} -{{ end }} diff --git a/solution-base/mongodb/charts/mongodb/templates/poddisruptionbudget-arbiter-rs.yaml b/solution-base/mongodb/charts/mongodb/templates/poddisruptionbudget-arbiter-rs.yaml deleted file mode 100644 index 85f0c65720..0000000000 --- a/solution-base/mongodb/charts/mongodb/templates/poddisruptionbudget-arbiter-rs.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- if and (and .Values.replicaSet.enabled .Values.replicaSet.pdb.enabled) (gt .Values.replicaSet.replicas.arbiter 0) }} -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - labels: - app: {{ template "mongodb.name" . }} - chart: {{ template "mongodb.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - name: {{ template "mongodb.fullname" . }}-arbiter -spec: - {{- if .Values.replicaSet.pdb.minAvailable }} - {{- if .Values.replicaSet.pdb.minAvailable.arbiter }} - minAvailable: {{ .Values.replicaSet.pdb.minAvailable.arbiter }} - {{- end }} - {{- end }} - {{- if .Values.replicaSet.pdb.maxUnavailable }} - {{- if .Values.replicaSet.pdb.maxUnavailable.arbiter }} - maxUnavailable: {{ .Values.replicaSet.pdb.maxUnavailable.arbiter }} - {{- end }} - {{- end }} - selector: - matchLabels: - app: {{ template "mongodb.name" . }} - release: {{ .Release.Name }} - component: arbiter -{{- end }} diff --git a/solution-base/mongodb/charts/mongodb/templates/poddisruptionbudget-secondary-rs.yaml b/solution-base/mongodb/charts/mongodb/templates/poddisruptionbudget-secondary-rs.yaml deleted file mode 100644 index 91be500fa1..0000000000 --- a/solution-base/mongodb/charts/mongodb/templates/poddisruptionbudget-secondary-rs.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- if and (and .Values.replicaSet.enabled .Values.replicaSet.pdb.enabled) (gt .Values.replicaSet.replicas.secondary 0) }} -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - labels: - app: {{ template "mongodb.name" . }} - chart: {{ template "mongodb.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - name: {{ template "mongodb.fullname" . }}-secondary -spec: - {{- if .Values.replicaSet.pdb.minAvailable }} - {{- if .Values.replicaSet.pdb.minAvailable.secondary }} - minAvailable: {{ .Values.replicaSet.pdb.minAvailable.secondary }} - {{- end }} - {{- end }} - {{- if .Values.replicaSet.pdb.maxUnavailable }} - {{- if .Values.replicaSet.pdb.maxUnavailable.secondary }} - maxUnavailable: {{ .Values.replicaSet.pdb.maxUnavailable.secondary }} - {{- end }} - {{- end }} - selector: - matchLabels: - app: {{ template "mongodb.name" . }} - release: {{ .Release.Name }} - component: secondary -{{- end }} diff --git a/solution-base/mongodb/charts/mongodb/templates/prometheus-alerting-rule.yaml b/solution-base/mongodb/charts/mongodb/templates/prometheus-alerting-rule.yaml deleted file mode 100644 index e6d4d4c688..0000000000 --- a/solution-base/mongodb/charts/mongodb/templates/prometheus-alerting-rule.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled .Values.metrics.serviceMonitor.alerting.rules }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ template "mongodb.fullname" . }} - labels: - app: {{ template "mongodb.name" . }} - chart: {{ template "mongodb.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - {{- if .Values.metrics.serviceMonitor.alerting.additionalLabels }} -{{ toYaml .Values.metrics.serviceMonitor.alerting.additionalLabels | indent 4 }} - {{- end }} -spec: - groups: -{{ toYaml .Values.metrics.serviceMonitor.alerting.rules | indent 4 }} -{{- end }} diff --git a/solution-base/mongodb/charts/mongodb/templates/prometheus-service-monitor.yaml b/solution-base/mongodb/charts/mongodb/templates/prometheus-service-monitor.yaml deleted file mode 100644 index 8900b344f0..0000000000 --- a/solution-base/mongodb/charts/mongodb/templates/prometheus-service-monitor.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "mongodb.fullname" . }} - {{- if .Values.metrics.serviceMonitor.namespace }} - namespace: {{ .Values.metrics.serviceMonitor.namespace }} - {{- end }} - labels: - app: {{ template "mongodb.name" . }} - chart: {{ template "mongodb.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - {{- if .Values.metrics.serviceMonitor.additionalLabels }} -{{ toYaml .Values.metrics.serviceMonitor.additionalLabels | indent 4 }} - {{- end }} -spec: - endpoints: - - interval: 30s - port: metrics - {{- if .Values.metrics.serviceMonitor.relabellings }} - metricRelabelings: -{{ toYaml .Values.metrics.serviceMonitor.relabellings | indent 4 }} - {{- end }} - jobLabel: {{ template "mongodb.fullname" . }} - namespaceSelector: - matchNames: - - "{{ $.Release.Namespace }}" - selector: - matchLabels: - app: {{ template "mongodb.name" . }} - chart: {{ template "mongodb.chart" . }} - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" -{{- end }} diff --git a/solution-base/mongodb/charts/mongodb/templates/pvc-standalone.yaml b/solution-base/mongodb/charts/mongodb/templates/pvc-standalone.yaml deleted file mode 100644 index f4e114d71a..0000000000 --- a/solution-base/mongodb/charts/mongodb/templates/pvc-standalone.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) (not .Values.replicaSet.enabled) (not .Values.useStatefulSet) }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - labels: - app: {{ template "mongodb.name" . }} - chart: {{ template "mongodb.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - name: {{ template "mongodb.fullname" . }} -spec: - accessModes: - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{ include "mongodb.storageClass" . }} -{{- end }} diff --git a/solution-base/mongodb/charts/mongodb/templates/secrets.yaml b/solution-base/mongodb/charts/mongodb/templates/secrets.yaml deleted file mode 100644 index bf644cba9e..0000000000 --- a/solution-base/mongodb/charts/mongodb/templates/secrets.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{ if and .Values.usePassword (not .Values.existingSecret) -}} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "mongodb.fullname" . }} - labels: - app: {{ template "mongodb.name" . }} - chart: {{ template "mongodb.chart" . }} - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" -type: Opaque -data: - {{- if .Values.mongodbRootPassword }} - mongodb-root-password: {{ .Values.mongodbRootPassword | b64enc | quote }} - {{- else }} - mongodb-root-password: {{ randAlphaNum 10 | b64enc | quote }} - {{- end }} - {{- if and .Values.mongodbUsername .Values.mongodbDatabase }} - {{- if .Values.mongodbPassword }} - mongodb-password: {{ .Values.mongodbPassword | b64enc | quote }} - {{- else }} - mongodb-password: {{ randAlphaNum 10 | b64enc | quote }} - {{- end }} - {{- end }} - {{- if .Values.replicaSet.enabled }} - {{- if .Values.replicaSet.key }} - mongodb-replica-set-key: {{ .Values.replicaSet.key | b64enc | quote }} - {{- else }} - mongodb-replica-set-key: {{ randAlphaNum 10 | b64enc | quote }} - {{- end }} - {{- end }} -{{- end }} diff --git a/solution-base/mongodb/charts/mongodb/templates/statefulset-arbiter-rs.yaml b/solution-base/mongodb/charts/mongodb/templates/statefulset-arbiter-rs.yaml deleted file mode 100644 index a131b49a40..0000000000 --- a/solution-base/mongodb/charts/mongodb/templates/statefulset-arbiter-rs.yaml +++ /dev/null @@ -1,187 +0,0 @@ -{{- if and .Values.replicaSet.enabled (gt .Values.replicaSet.replicas.arbiter 0) }} -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ template "mongodb.fullname" . }}-arbiter - labels: - app: {{ template "mongodb.name" . }} - chart: {{ template "mongodb.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - {{- with .Values.labels }} -{{ toYaml . | indent 4 }} - {{- end }} - {{- with .Values.annotations }} - annotations: -{{ toYaml . | indent 4 }} - {{- end }} -spec: - selector: - matchLabels: - app: {{ template "mongodb.name" . }} - release: {{ .Release.Name }} - component: arbiter - serviceName: {{ template "mongodb.fullname" . }}-headless - replicas: {{ .Values.replicaSet.replicas.arbiter }} - updateStrategy: - type: {{ .Values.updateStrategy.type }} - {{- if (eq "Recreate" .Values.updateStrategy.type) }} - rollingUpdate: null - {{- end }} - template: - metadata: - labels: - app: {{ template "mongodb.name" . }} - chart: {{ template "mongodb.chart" . }} - release: {{ .Release.Name }} - component: arbiter - {{- if .Values.podLabels }} -{{ toYaml .Values.podLabels | indent 8 }} - {{- end }} - {{- if .Values.podAnnotations }} - annotations: -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - {{- if .Values.schedulerName }} - schedulerName: "{{ .Values.schedulerName }}" - {{- end }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName }} - {{- end }} - {{- if .Values.securityContext.enabled }} - securityContext: - fsGroup: {{ .Values.securityContext.fsGroup }} - {{- end }} - {{- if .Values.affinityArbiter }} - affinity: -{{ toYaml .Values.affinityArbiter | indent 8 }} - {{- end -}} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 8 }} - {{- end }} -{{- include "mongodb.imagePullSecrets" . | indent 6 }} - {{- if .Values.extraInitContainers }} - initContainers: -{{ tpl .Values.extraInitContainers . | indent 6}} - {{- end }} - containers: - - name: {{ template "mongodb.name" . }}-arbiter - image: {{ template "mongodb.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - {{- if .Values.securityContext.enabled }} - securityContext: - runAsNonRoot: true - runAsUser: {{ .Values.securityContext.runAsUser }} - {{- end }} - ports: - - containerPort: {{ .Values.service.port }} - name: mongodb - env: - {{- if .Values.image.debug}} - - name: BITNAMI_DEBUG - value: "true" - {{- end }} - - name: MONGODB_SYSTEM_LOG_VERBOSITY - value: {{ .Values.mongodbSystemLogVerbosity | quote }} - - name: MONGODB_DISABLE_SYSTEM_LOG - {{- if .Values.mongodbDisableSystemLog }} - value: "yes" - {{- else }} - value: "no" - {{- end }} - - name: MONGODB_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: MONGODB_REPLICA_SET_MODE - value: "arbiter" - - name: MONGODB_PRIMARY_HOST - value: {{ template "mongodb.fullname" . }} - - name: MONGODB_REPLICA_SET_NAME - value: {{ .Values.replicaSet.name | quote }} - {{- if .Values.replicaSet.useHostnames }} - - name: MONGODB_ADVERTISED_HOSTNAME - value: "$(MONGODB_POD_NAME).{{ template "mongodb.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}" - {{- end }} - {{- if .Values.usePassword }} - - name: MONGODB_PRIMARY_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{- else }}{{ template "mongodb.fullname" . }}{{- end }} - key: mongodb-root-password - - name: MONGODB_REPLICA_SET_KEY - valueFrom: - secretKeyRef: - name: {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{- else }}{{ template "mongodb.fullname" . }}{{- end }} - key: mongodb-replica-set-key - {{- end }} - - name: MONGODB_ENABLE_IPV6 - {{- if .Values.mongodbEnableIPv6 }} - value: "yes" - {{- else }} - value: "no" - {{- end }} - - name: MONGODB_ENABLE_DIRECTORY_PER_DB - {{- if .Values.mongodbDirectoryPerDB }} - value: "yes" - {{- else }} - value: "no" - {{- end }} - {{- if .Values.mongodbExtraFlags }} - - name: MONGODB_EXTRA_FLAGS - value: {{ .Values.mongodbExtraFlags | join " " | quote }} - {{- end }} - {{- if .Values.extraEnvVars }} - {{- include "mongodb.tplValue" ( dict "value" .Values.extraEnvVars "context" $ ) | nindent 10 }} - {{- end }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - tcpSocket: - port: mongodb - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - tcpSocket: - port: mongodb - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - {{- end }} - volumeMounts: - {{- if .Values.configmap }} - - name: config - mountPath: /opt/bitnami/mongodb/conf/mongodb.conf - subPath: mongodb.conf - {{- end }} - resources: -{{ toYaml .Values.resourcesArbiter | indent 12 }} -{{- if .Values.extraVolumeMountsArbiter }} - volumeMounts: -{{ toYaml .Values.extraVolumeMountsArbiter | indent 12}} -{{- end }} -{{- if .Values.sidecarsArbiter }} -{{ toYaml .Values.sidecarsArbiter | indent 8 }} -{{- end }} - volumes: - {{- if .Values.configmap }} - - name: config - configMap: - name: {{ template "mongodb.fullname" . }} - {{- end }} - {{- if .Values.extraVolumesArbiter }} -{{ toYaml .Values.extraVolumesArbiter | indent 8 }} - {{- end }} -{{- end }} diff --git a/solution-base/mongodb/charts/mongodb/templates/statefulset-primary-rs.yaml b/solution-base/mongodb/charts/mongodb/templates/statefulset-primary-rs.yaml deleted file mode 100644 index cd42a8a71f..0000000000 --- a/solution-base/mongodb/charts/mongodb/templates/statefulset-primary-rs.yaml +++ /dev/null @@ -1,313 +0,0 @@ -{{- if .Values.replicaSet.enabled }} -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ template "mongodb.fullname" . }}-primary - labels: - app: {{ template "mongodb.name" . }} - chart: {{ template "mongodb.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - {{- with .Values.labels }} -{{ toYaml . | indent 4 }} - {{- end }} - {{- with .Values.annotations }} - annotations: -{{ toYaml . | indent 4 }} - {{- end }} -spec: - serviceName: {{ template "mongodb.fullname" . }}-headless - replicas: 1 - updateStrategy: - type: {{ .Values.updateStrategy.type }} - {{- if (eq "Recreate" .Values.updateStrategy.type) }} - rollingUpdate: null - {{- end }} - selector: - matchLabels: - app: {{ template "mongodb.name" . }} - release: {{ .Release.Name }} - component: primary - template: - metadata: - labels: - app: {{ template "mongodb.name" . }} - chart: {{ template "mongodb.chart" . }} - release: {{ .Release.Name }} - component: primary - {{- if .Values.podLabels }} -{{ toYaml .Values.podLabels | indent 8 }} - {{- end }} - {{- if or .Values.podAnnotations .Values.metrics.enabled }} - annotations: -{{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} -{{- end }} -{{- if .Values.metrics.enabled }} -{{ toYaml .Values.metrics.podAnnotations | indent 8 }} -{{- end }} - {{- end }} - spec: - {{- if .Values.schedulerName }} - schedulerName: "{{ .Values.schedulerName }}" - {{- end }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName }} - {{- end }} - {{- if .Values.securityContext.enabled }} - securityContext: - fsGroup: {{ .Values.securityContext.fsGroup }} - {{- end }} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} - {{- end -}} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 8 }} - {{- end }} -{{- include "mongodb.imagePullSecrets" . | indent 6 }} - initContainers: - {{- if .Values.extraInitContainers }} -{{ tpl .Values.extraInitContainers . | indent 6}} - {{- end }} - {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} - - name: volume-permissions - image: {{ template "mongodb.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - command: ["chown", "-R", "{{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }}", "{{ .Values.persistence.mountPath }}"] - securityContext: - runAsUser: 0 - resources: {{ toYaml .Values.volumePermissions.resources | nindent 10 }} - volumeMounts: - - name: datadir - mountPath: {{ .Values.persistence.mountPath }} - {{- end }} - containers: - - name: {{ template "mongodb.name" . }}-primary - image: {{ template "mongodb.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - {{- if .Values.securityContext.enabled }} - securityContext: - runAsNonRoot: true - runAsUser: {{ .Values.securityContext.runAsUser }} - {{- end }} - ports: - - containerPort: {{ .Values.service.port }} - name: mongodb - env: - {{- if .Values.image.debug}} - - name: BITNAMI_DEBUG - value: "true" - {{- end }} - - name: MONGODB_SYSTEM_LOG_VERBOSITY - value: {{ .Values.mongodbSystemLogVerbosity | quote }} - - name: MONGODB_DISABLE_SYSTEM_LOG - {{- if .Values.mongodbDisableSystemLog }} - value: "yes" - {{- else }} - value: "no" - {{- end }} - - name: MONGODB_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: MONGODB_REPLICA_SET_MODE - value: "primary" - - name: MONGODB_REPLICA_SET_NAME - value: {{ .Values.replicaSet.name | quote }} - {{- if .Values.replicaSet.useHostnames }} - - name: MONGODB_HOSTS - value: {{ template "mongodb.hosts". }} - - name: MONGODB_ADVERTISED_HOSTNAME - value: "$(MONGODB_POD_NAME).{{ template "mongodb.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}" - {{- end }} - {{- if .Values.usePassword }} - - name: MONGODB_APP_USERNAME - valueFrom: - secretKeyRef: - name: {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{- else }}{{ template "mongodb.fullname" . }}{{- end }} - key: mongodb-username - - name: MONGODB_APP_DATABASE - valueFrom: - secretKeyRef: - name: {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{- else }}{{ template "mongodb.fullname" . }}{{- end }} - key: mongodb-database - - name: MONGODB_APP_PASSWORD - valueFrom: - secretKeyRef: - name: {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{- else }}{{ template "mongodb.fullname" . }}{{- end }} - key: mongodb-password - - name: MONGODB_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{- else }}{{ template "mongodb.fullname" . }}{{- end }} - key: mongodb-root-password - - name: MONGODB_REPLICA_SET_KEY - valueFrom: - secretKeyRef: - name: {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{- else }}{{ template "mongodb.fullname" . }}{{- end }} - key: mongodb-replica-set-key - {{- end }} - - name: MONGODB_ENABLE_IPV6 - {{- if .Values.mongodbEnableIPv6 }} - value: "yes" - {{- else }} - value: "no" - {{- end }} - - name: MONGODB_ENABLE_DIRECTORY_PER_DB - {{- if .Values.mongodbDirectoryPerDB }} - value: "yes" - {{- else }} - value: "no" - {{- end }} - {{- if .Values.mongodbExtraFlags }} - - name: MONGODB_EXTRA_FLAGS - value: {{ .Values.mongodbExtraFlags | join " " | quote }} - {{- end }} - {{- if .Values.extraEnvVars }} - {{- include "mongodb.tplValue" ( dict "value" .Values.extraEnvVars "context" $ ) | nindent 10 }} - {{- end }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - exec: - command: - - pgrep - - mongod - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - exec: - command: - - mongo - - --eval - - "db.adminCommand('ping')" - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - {{- end }} - volumeMounts: - - name: datadir - mountPath: {{ .Values.persistence.mountPath }} - subPath: {{ .Values.persistence.subPath }} - {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*[sh|js|json]") (.Values.initConfigMap) }} - - name: custom-init-scripts - mountPath: /docker-entrypoint-initdb.d - {{- end }} - {{- if .Values.configmap }} - - name: config - mountPath: /opt/bitnami/mongodb/conf/mongodb.conf - subPath: mongodb.conf - {{- end }} - {{- if .Values.extraVolumeMounts }} -{{ toYaml .Values.extraVolumeMounts | indent 12}} - {{- end }} - resources: -{{ toYaml .Values.resources | indent 12 }} -{{- if .Values.metrics.enabled }} - - name: metrics - image: {{ template "mongodb.metrics.image" . }} - imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} - {{- if .Values.securityContext.enabled }} - securityContext: - runAsNonRoot: true - runAsUser: {{ .Values.securityContext.runAsUser }} - {{- end }} - env: - {{- if .Values.usePassword }} - - name: MONGODB_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{- else }}{{ template "mongodb.fullname" . }}{{- end }} - key: mongodb-root-password - command: [ 'sh', '-c', '/bin/mongodb_exporter --mongodb.uri mongodb://root:${MONGODB_ROOT_PASSWORD}@localhost:{{ .Values.service.port }}/admin {{ .Values.metrics.extraArgs }}' ] - {{- else }} - command: [ 'sh', '-c', '/bin/mongodb_exporter --mongodb.uri mongodb://localhost:{{ .Values.service.port }} {{ .Values.metrics.extraArgs }}' ] - {{- end }} - ports: - - name: metrics - containerPort: 9216 - {{- if .Values.metrics.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /metrics - port: metrics - initialDelaySeconds: {{ .Values.metrics.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.metrics.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.metrics.livenessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.metrics.livenessProbe.failureThreshold }} - successThreshold: {{ .Values.metrics.livenessProbe.successThreshold }} - {{- end }} - {{- if .Values.metrics.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: /metrics - port: metrics - initialDelaySeconds: {{ .Values.metrics.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.metrics.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.metrics.readinessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.metrics.readinessProbe.failureThreshold }} - successThreshold: {{ .Values.metrics.readinessProbe.successThreshold }} - {{- end }} - resources: -{{ toYaml .Values.metrics.resources | indent 12 }} -{{- end }} -{{- if .Values.sidecars }} -{{ toYaml .Values.sidecars | indent 8 }} -{{- end }} - volumes: - {{- if (.Files.Glob "files/docker-entrypoint-initdb.d/*[sh|js|json]") }} - - name: custom-init-scripts - configMap: - name: {{ template "mongodb.fullname" . }}-init-scripts - {{- end }} - {{- if (.Values.initConfigMap) }} - - name: custom-init-scripts - configMap: - name: {{ .Values.initConfigMap.name }} - {{- end }} - {{- if .Values.configmap }} - - name: config - configMap: - name: {{ template "mongodb.fullname" . }} - {{- end }} - {{- if .Values.extraVolumes }} -{{ toYaml .Values.extraVolumes | indent 8}} - {{- end }} -{{- if .Values.persistence.enabled }} - volumeClaimTemplates: - - metadata: - name: datadir - annotations: - {{- range $key, $value := .Values.persistence.annotations }} - {{ $key }}: "{{ $value }}" - {{- end }} - spec: - {{- if .Values.persistence.selector }} - selector: -{{ toYaml .Values.persistence.selector | indent 10 }} - {{- end }} - accessModes: - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{ include "mongodb.storageClass" . }} -{{- else }} - - name: datadir - emptyDir: {} -{{- end }} -{{- end }} diff --git a/solution-base/mongodb/charts/mongodb/templates/statefulset-secondary-rs.yaml b/solution-base/mongodb/charts/mongodb/templates/statefulset-secondary-rs.yaml deleted file mode 100644 index 51cb6f5046..0000000000 --- a/solution-base/mongodb/charts/mongodb/templates/statefulset-secondary-rs.yaml +++ /dev/null @@ -1,285 +0,0 @@ -{{- if and .Values.replicaSet.enabled (gt .Values.replicaSet.replicas.secondary 0) }} -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ template "mongodb.fullname" . }}-secondary - labels: - app: {{ template "mongodb.name" . }} - chart: {{ template "mongodb.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - {{- with .Values.labels }} -{{ toYaml . | indent 4 }} - {{- end }} - {{- with .Values.annotations }} - annotations: -{{ toYaml . | indent 4 }} - {{- end }} -spec: - selector: - matchLabels: - app: {{ template "mongodb.name" . }} - release: {{ .Release.Name }} - component: secondary - podManagementPolicy: "Parallel" - serviceName: {{ template "mongodb.fullname" . }}-headless - replicas: {{ .Values.replicaSet.replicas.secondary }} - updateStrategy: - type: {{ .Values.updateStrategy.type }} - {{- if (eq "Recreate" .Values.updateStrategy.type) }} - rollingUpdate: null - {{- end }} - template: - metadata: - labels: - app: {{ template "mongodb.name" . }} - chart: {{ template "mongodb.chart" . }} - release: {{ .Release.Name }} - component: secondary - {{- if .Values.podLabels }} -{{ toYaml .Values.podLabels | indent 8 }} - {{- end }} - {{- if or .Values.podAnnotations .Values.metrics.enabled }} - annotations: -{{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} -{{- end }} -{{- if .Values.metrics.enabled }} -{{ toYaml .Values.metrics.podAnnotations | indent 8 }} -{{- end }} - {{- end }} - spec: - {{- if .Values.schedulerName }} - schedulerName: "{{ .Values.schedulerName }}" - {{- end }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName }} - {{- end }} - {{- if .Values.securityContext.enabled }} - securityContext: - fsGroup: {{ .Values.securityContext.fsGroup }} - {{- end }} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} - {{- end -}} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 8 }} - {{- end }} -{{- include "mongodb.imagePullSecrets" . | indent 6 }} - initContainers: - {{- if .Values.extraInitContainers }} -{{ tpl .Values.extraInitContainers . | indent 6}} - {{- end }} - {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} - - name: volume-permissions - image: {{ template "mongodb.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - command: ["chown", "-R", "{{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }}", "{{ .Values.persistence.mountPath }}"] - securityContext: - runAsUser: 0 - resources: {{ toYaml .Values.volumePermissions.resources | nindent 10 }} - volumeMounts: - - name: datadir - mountPath: {{ .Values.persistence.mountPath }} - {{- end }} - containers: - - name: {{ template "mongodb.name" . }}-secondary - image: {{ template "mongodb.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - {{- if .Values.securityContext.enabled }} - securityContext: - runAsNonRoot: true - runAsUser: {{ .Values.securityContext.runAsUser }} - {{- end }} - ports: - - containerPort: {{ .Values.service.port }} - name: mongodb - env: - {{- if .Values.image.debug}} - - name: BITNAMI_DEBUG - value: "true" - {{- end }} - - name: MONGODB_SYSTEM_LOG_VERBOSITY - value: {{ .Values.mongodbSystemLogVerbosity | quote }} - - name: MONGODB_DISABLE_SYSTEM_LOG - {{- if .Values.mongodbDisableSystemLog }} - value: "yes" - {{- else }} - value: "no" - {{- end }} - - name: MONGODB_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: MONGODB_REPLICA_SET_MODE - value: "secondary" - - name: MONGODB_PRIMARY_HOST - value: {{ template "mongodb.fullname" . }} - - name: MONGODB_REPLICA_SET_NAME - value: {{ .Values.replicaSet.name | quote }} - {{- if .Values.replicaSet.useHostnames }} - - name: MONGODB_ADVERTISED_HOSTNAME - value: "$(MONGODB_POD_NAME).{{ template "mongodb.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}" - {{- end }} - {{- if .Values.usePassword }} - - name: MONGODB_PRIMARY_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{- else }}{{ template "mongodb.fullname" . }}{{- end }} - key: mongodb-root-password - - name: MONGODB_REPLICA_SET_KEY - valueFrom: - secretKeyRef: - name: {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{- else }}{{ template "mongodb.fullname" . }}{{- end }} - key: mongodb-replica-set-key - {{- end }} - - name: MONGODB_ENABLE_IPV6 - {{- if .Values.mongodbEnableIPv6 }} - value: "yes" - {{- else }} - value: "no" - {{- end }} - - name: MONGODB_ENABLE_DIRECTORY_PER_DB - {{- if .Values.mongodbDirectoryPerDB }} - value: "yes" - {{- else }} - value: "no" - {{- end }} - {{- if .Values.mongodbExtraFlags }} - - name: MONGODB_EXTRA_FLAGS - value: {{ .Values.mongodbExtraFlags | join " " | quote }} - {{- end }} - {{- if .Values.extraEnvVars }} - {{- include "mongodb.tplValue" ( dict "value" .Values.extraEnvVars "context" $ ) | nindent 10 }} - {{- end }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: - exec: - command: - - pgrep - - mongod - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: - exec: - command: - - mongo - - --eval - - "db.adminCommand('ping')" - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - {{- end }} - volumeMounts: - - name: datadir - mountPath: {{ .Values.persistence.mountPath }} - subPath: {{ .Values.persistence.subPath }} - {{- if .Values.configmap }} - - name: config - mountPath: /opt/bitnami/mongodb/conf/mongodb.conf - subPath: mongodb.conf - {{- end }} - {{- if .Values.extraVolumeMounts }} -{{ toYaml .Values.extraVolumeMounts | indent 12}} - {{- end }} - resources: -{{ toYaml .Values.resources | indent 12 }} -{{- if .Values.metrics.enabled }} - - name: metrics - image: {{ template "mongodb.metrics.image" . }} - imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} - {{- if .Values.securityContext.enabled }} - securityContext: - runAsNonRoot: true - runAsUser: {{ .Values.securityContext.runAsUser }} - {{- end }} - env: - {{- if .Values.usePassword }} - - name: MONGODB_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{- else }}{{ template "mongodb.fullname" . }}{{- end }} - key: mongodb-root-password - command: [ 'sh', '-c', '/bin/mongodb_exporter --mongodb.uri mongodb://root:${MONGODB_ROOT_PASSWORD}@localhost:{{ .Values.service.port }}/admin {{ .Values.metrics.extraArgs }}' ] - {{- else }} - command: [ 'sh', '-c', '/bin/mongodb_exporter --mongodb.uri mongodb://localhost:{{ .Values.service.port }} {{ .Values.metrics.extraArgs }}' ] - {{- end }} - ports: - - name: metrics - containerPort: 9216 - {{- if .Values.metrics.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: /metrics - port: metrics - initialDelaySeconds: {{ .Values.metrics.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.metrics.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.metrics.livenessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.metrics.livenessProbe.failureThreshold }} - successThreshold: {{ .Values.metrics.livenessProbe.successThreshold }} - {{- end }} - {{- if .Values.metrics.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: /metrics - port: metrics - initialDelaySeconds: {{ .Values.metrics.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.metrics.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.metrics.readinessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.metrics.readinessProbe.failureThreshold }} - successThreshold: {{ .Values.metrics.readinessProbe.successThreshold }} - {{- end }} - resources: -{{ toYaml .Values.metrics.resources | indent 12 }} -{{- end }} -{{- if .Values.sidecars }} -{{ toYaml .Values.sidecars | indent 8 }} -{{- end }} - volumes: - {{- if .Values.configmap }} - - name: config - configMap: - name: {{ template "mongodb.fullname" . }} - {{- end }} - {{- if .Values.extraVolumes }} -{{ toYaml .Values.extraVolumes | indent 8}} - {{- end }} -{{- if .Values.persistence.enabled }} - volumeClaimTemplates: - - metadata: - name: datadir - annotations: - {{- range $key, $value := .Values.persistence.annotations }} - {{ $key }}: "{{ $value }}" - {{- end }} - spec: - {{- if .Values.persistence.selector }} - selector: -{{ toYaml .Values.persistence.selector | indent 10 }} - {{- end }} - accessModes: - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{ include "mongodb.storageClass" . }} -{{- else }} - - name: datadir - emptyDir: {} -{{- end }} -{{- end }} diff --git a/solution-base/mongodb/charts/mongodb/templates/svc-headless-rs.yaml b/solution-base/mongodb/charts/mongodb/templates/svc-headless-rs.yaml deleted file mode 100644 index 92f1141ba7..0000000000 --- a/solution-base/mongodb/charts/mongodb/templates/svc-headless-rs.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.replicaSet.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "mongodb.fullname" . }}-headless - labels: - app: {{ template "mongodb.name" . }} - chart: {{ template "mongodb.chart" . }} - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" -{{- with .Values.service.annotations }} - annotations: {{ tpl (toYaml .) $ | nindent 4 }} -{{- end }} -spec: - type: ClusterIP - clusterIP: None - ports: - - name: mongodb - port: {{ .Values.service.port }} - selector: - app: {{ template "mongodb.name" . }} - release: {{ .Release.Name }} -{{- end }} diff --git a/solution-base/mongodb/charts/mongodb/templates/svc-primary-rs.yaml b/solution-base/mongodb/charts/mongodb/templates/svc-primary-rs.yaml deleted file mode 100644 index 78150684b5..0000000000 --- a/solution-base/mongodb/charts/mongodb/templates/svc-primary-rs.yaml +++ /dev/null @@ -1,44 +0,0 @@ -{{- if .Values.replicaSet.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "mongodb.serviceName" . }} - labels: - app: {{ template "mongodb.name" . }} - chart: {{ template "mongodb.chart" . }} - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" -{{- with .Values.service.annotations }} - annotations: {{ tpl (toYaml .) $ | nindent 4 }} -{{- end }} -spec: - type: {{ .Values.service.type }} - {{- if and (eq .Values.service.type "ClusterIP") .Values.service.clusterIP }} - clusterIP: {{ .Values.service.clusterIP }} - {{- end }} - {{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} - {{- end }} - {{- if .Values.service.externalIPs }} - externalIPs: {{ toYaml .Values.service.externalIPs | nindent 4 }} - {{- end }} - {{- if .Values.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- toYaml .Values.service.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - ports: - - name: mongodb - port: {{ .Values.service.port }} - targetPort: mongodb -{{- if .Values.service.nodePort }} - nodePort: {{ .Values.service.nodePort }} -{{- end }} -{{- if .Values.metrics.enabled }} - - name: metrics - port: 9216 - targetPort: metrics -{{- end }} - selector: - app: {{ template "mongodb.name" . }} - release: "{{ .Release.Name }}" - component: primary -{{- end }} diff --git a/solution-base/mongodb/charts/mongodb/templates/svc-standalone.yaml b/solution-base/mongodb/charts/mongodb/templates/svc-standalone.yaml deleted file mode 100644 index 0695c7323d..0000000000 --- a/solution-base/mongodb/charts/mongodb/templates/svc-standalone.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{- if not .Values.replicaSet.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "mongodb.serviceName" . }} - labels: - app: {{ template "mongodb.name" . }} - chart: {{ template "mongodb.chart" . }} - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" -{{- with .Values.service.annotations }} - annotations: {{ tpl (toYaml .) $ | nindent 4 }} -{{- end }} -spec: - type: {{ .Values.service.type }} - {{- if and (eq .Values.service.type "ClusterIP") .Values.service.clusterIP }} - clusterIP: {{ .Values.service.clusterIP }} - {{- end }} - {{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} - {{- end }} - {{- if .Values.service.externalIPs }} - externalIPs: {{ toYaml .Values.service.externalIPs | nindent 4 }} - {{- end }} - {{- if .Values.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: {{- toYaml .Values.service.loadBalancerSourceRanges | nindent 4 }} - {{- end }} - ports: - - name: mongodb - port: {{ .Values.service.port }} - targetPort: mongodb -{{- if .Values.service.nodePort }} - nodePort: {{ .Values.service.nodePort }} -{{- end }} -{{- if .Values.metrics.enabled }} - - name: metrics - port: 9216 - targetPort: metrics -{{- end }} - selector: - app: {{ template "mongodb.name" . }} - release: "{{ .Release.Name }}" -{{- end }} diff --git a/solution-base/mongodb/charts/mongodb/values-production.yaml b/solution-base/mongodb/charts/mongodb/values-production.yaml deleted file mode 100644 index da5d3dc7df..0000000000 --- a/solution-base/mongodb/charts/mongodb/values-production.yaml +++ /dev/null @@ -1,509 +0,0 @@ -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry and imagePullSecrets -## -# global: -# imageRegistry: myRegistryName -# imagePullSecrets: -# - myRegistryKeySecretName -# storageClass: myStorageClass - -image: - ## Bitnami MongoDB registry - ## - registry: docker.io - ## Bitnami MongoDB image name - ## - repository: bitnami/mongodb - ## Bitnami MongoDB image tag - ## ref: https://hub.docker.com/r/bitnami/mongodb/tags/ - ## - tag: 4.0.14-debian-9-r24 - ## Specify a imagePullPolicy - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - - ## Set to true if you would like to see extra information on logs - ## It turns on Bitnami debugging in minideb-extras-base - ## ref: https://github.com/bitnami/minideb-extras-base - debug: false - -## String to partially override mongodb.fullname template (will maintain the release name) -## -# nameOverride: - -## String to fully override mongodb.fullname template -## -# fullnameOverride: - -# Add custom extra environment variables to all the MongoDB containers -# extraEnvVars: - -## Init containers parameters: -## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. -## -volumePermissions: - enabled: false - image: - registry: docker.io - repository: bitnami/minideb - tag: stretch - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - resources: {} - -## Enable authentication -## ref: https://docs.mongodb.com/manual/tutorial/enable-authentication/ -# -usePassword: true -# existingSecret: name-of-existing-secret - -## MongoDB admin password -## ref: https://github.com/bitnami/bitnami-docker-mongodb/blob/master/README.md#setting-the-root-password-on-first-run -## -# mongodbRootPassword: - -## MongoDB custom user and database -## ref: https://github.com/bitnami/bitnami-docker-mongodb/blob/master/README.md#creating-a-user-and-database-on-first-run -## -# mongodbUsername: username -# mongodbPassword: password -# mongodbDatabase: database - -## Whether enable/disable IPv6 on MongoDB -## ref: https://github.com/bitnami/bitnami-docker-mongodb/blob/master/README.md#enabling/disabling-ipv6 -## -mongodbEnableIPv6: false - -## Whether enable/disable DirectoryPerDB on MongoDB -## ref: https://github.com/bitnami/bitnami-docker-mongodb/blob/master/README.md#enabling/disabling-directoryperdb -## -mongodbDirectoryPerDB: false - -## MongoDB System Log configuration -## ref: https://github.com/bitnami/bitnami-docker-mongodb#configuring-system-log-verbosity-level -## -mongodbSystemLogVerbosity: 0 -mongodbDisableSystemLog: false - -## MongoDB additional command line flags -## -## Can be used to specify command line flags, for example: -## -## mongodbExtraFlags: -## - "--wiredTigerCacheSizeGB=2" -mongodbExtraFlags: [] - -## Pod Security Context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ -## -securityContext: - enabled: true - fsGroup: 1001 - runAsUser: 1001 - -## Kubernetes Cluster Domain -clusterDomain: cluster.local - -## Kubernetes service type -service: - ## Specify an explicit service name. - # name: svc-mongo - ## Provide any additional annotations which may be required. - ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart - annotations: {} - type: ClusterIP - # clusterIP: None - port: 27017 - - ## Specify the nodePort value for the LoadBalancer and NodePort service types. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - # nodePort: - - ## Specify the externalIP value ClusterIP service type. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips - # externalIPs: [] - - ## Specify the loadBalancerIP value for LoadBalancer service types. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer - ## - # loadBalancerIP: - - ## Specify the loadBalancerSourceRanges value for LoadBalancer service types. - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## - # loadBalancerSourceRanges: [] - -## Use StatefulSet instead of Deployment when deploying standalone -useStatefulSet: false - -## Setting up replication -## ref: https://github.com/bitnami/bitnami-docker-mongodb#setting-up-a-replication -# -replicaSet: - ## Whether to create a MongoDB replica set for high availability or not - enabled: true - useHostnames: true - - ## Name of the replica set - ## - name: rs0 - - ## Key used for replica set authentication - ## - # key: key - - ## Number of replicas per each node type - ## - replicas: - secondary: 1 - arbiter: 1 - - ## Pod Disruption Budget - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ - pdb: - enabled: true - minAvailable: - secondary: 1 - arbiter: 1 - # maxUnavailable: - # secondary: 1 - # arbiter: 1 - -# Annotations to be added to the deployment or statefulsets -annotations: {} - -# Additional labels to apply to the deployment or statefulsets -labels: {} - -# Annotations to be added to MongoDB pods -podAnnotations: {} - -# Additional pod labels to apply -podLabels: {} - -## Use an alternate scheduler, e.g. "stork". -## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ -## -# schedulerName: - -## Configure resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## -resources: {} -# Define separate resources per arbiter, which are less then primary or secondary -# used only when replica set is enabled -resourcesArbiter: {} -# limits: -# cpu: 500m -# memory: 512Mi -# requests: -# cpu: 100m -# memory: 256Mi - -## Pod priority -## https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ -# priorityClassName: "" - -## Node selector -## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector -nodeSelector: {} - -## Affinity -## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -affinity: {} -# Define separate affinity for arbiter pod -affinityArbiter: {} - -## Tolerations -## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -tolerations: [] - -## Add sidecars to the pod -## -## For example: -## sidecars: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -sidecars: [] -## Array to add extra volumes -## -extraVolumes: [] -## Array to add extra mounts (normally used with extraVolumes) -## -extraVolumeMounts: [] - -## Add sidecars to the arbiter pod -# used only when replica set is enabled -## -## For example: -## sidecars: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -sidecarsArbiter: [] -## Array to add extra volumes to the arbiter -# used only when replica set is enabled -## -extraVolumesArbiter: [] -## Array to add extra mounts (normally used with extraVolumes) to the arbiter -# used only when replica set is enabled -## -extraVolumeMountsArbiter: [] - -## updateStrategy for MongoDB Primary, Secondary and Arbitrer statefulsets -## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies -updateStrategy: - type: RollingUpdate - -## Enable persistence using Persistent Volume Claims -## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ -## -persistence: - enabled: true - ## A manually managed Persistent Volume and Claim - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - ## - # existingClaim: - - ## The path the volume will be mounted at, useful when using different - ## MongoDB images. - ## - mountPath: /bitnami/mongodb - - ## The subdirectory of the volume to mount to, useful in dev environments - ## and one PV for multiple services. - ## - subPath: "" - - ## mongodb data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClass: "-" - accessModes: - - ReadWriteOnce - size: 8Gi - annotations: {} - -## Configure the ingress resource that allows you to access the -## MongoDB installation. Set up the URL -## ref: http://kubernetes.io/docs/user-guide/ingress/ -## -ingress: - ## Set to true to enable ingress record generation - enabled: false - - ## Set this to true in order to add the corresponding annotations for cert-manager - certManager: false - - ## Ingress annotations done as key:value pairs - ## For a full list of possible ingress annotations, please see - ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md - ## - ## If tls is set to true, annotation ingress.kubernetes.io/secure-backends: "true" will automatically be set - ## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set - annotations: - # kubernetes.io/ingress.class: nginx - - ## The list of hostnames to be covered with this ingress record. - ## Most likely this will be just one host, but in the event more hosts are needed, this is an array - hosts: - - name: mongodb.local - path: / - - ## The tls configuration for the ingress - ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls - tls: - - hosts: - - mongodb.local - secretName: mongodb.local-tls - - secrets: - ## If you're providing your own certificates, please use this to add the certificates as secrets - ## key and certificate should start with -----BEGIN CERTIFICATE----- or - ## -----BEGIN RSA PRIVATE KEY----- - ## - ## name should line up with a tlsSecret set further up - ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set - ## - ## It is also possible to create and manage the certificates outside of this helm chart - ## Please see README.md for more information - # - name: airflow.local-tls - # key: - # certificate: - -## Configure the options for init containers to be run before the main app containers -## are started. All init containers are run sequentially and must exit without errors -## for the next one to be started. -## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ -# extraInitContainers: | -# - name: do-something -# image: busybox -# command: ['do', 'something'] - -## Configure extra options for liveness and readiness probes -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) -livenessProbe: - enabled: true - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 -readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - -# Define custom config map with init scripts -initConfigMap: {} -# name: "init-config-map" - -## Entries for the MongoDB config file. For documentation of all options, see: -## http://docs.mongodb.org/manual/reference/configuration-options/ -## -configmap: -# # where and how to store data. -# storage: -# dbPath: /bitnami/mongodb/data/db -# journal: -# enabled: true -# directoryPerDB: false -# # where to write logging data. -# systemLog: -# destination: file -# quiet: false -# logAppend: true -# logRotate: reopen -# path: /opt/bitnami/mongodb/logs/mongodb.log -# verbosity: 0 -# # network interfaces -# net: -# port: 27017 -# unixDomainSocket: -# enabled: true -# pathPrefix: /opt/bitnami/mongodb/tmp -# ipv6: false -# bindIpAll: true -# # replica set options -# #replication: -# #replSetName: replicaset -# #enableMajorityReadConcern: true -# # process management options -# processManagement: -# fork: false -# pidFilePath: /opt/bitnami/mongodb/tmp/mongodb.pid -# # set parameter options -# setParameter: -# enableLocalhostAuthBypass: true -# # security options -# security: -# authorization: disabled -# #keyFile: /opt/bitnami/mongodb/conf/keyfile - -## Prometheus Exporter / Metrics -## -metrics: - enabled: true - - image: - registry: docker.io - repository: bitnami/mongodb-exporter - tag: 0.34.0-debian-11-r24 - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - - ## String with extra arguments to the metrics exporter - ## ref: https://github.com/percona/mongodb_exporter/blob/master/mongodb_exporter.go - ## - ## We use "--compatible-mode" flag to export old metric: "mongodb_mongod_replset_oplog_head_timestamp" - ## for mongoDB and backbeat dashboards. - extraArgs: "--collector.diagnosticdata --collector.replicasetstatus --collector.dbstats --collector.topmetrics --compatible-mode" - - ## Metrics exporter resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## - # resources: {} - - ## Metrics exporter liveness and readiness probes - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) - livenessProbe: - enabled: true - initialDelaySeconds: 15 - periodSeconds: 5 - timeoutSeconds: 5 - failureThreshold: 3 - successThreshold: 1 - readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 5 - timeoutSeconds: 1 - failureThreshold: 3 - successThreshold: 1 - - ## Metrics exporter pod Annotation - podAnnotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9216" - - ## Prometheus Service Monitor - ## ref: https://github.com/coreos/prometheus-operator - ## https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md - serviceMonitor: - ## If the operator is installed in your cluster, set to true to create a Service Monitor Entry - enabled: false - - ## Specify a namespace if needed - # namespace: monitoring - - ## Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec - additionalLabels: {} - - ## Specify Metric Relabellings to add to the scrape endpoint - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint - # relabellings: - - alerting: - ## Define individual alerting rules as required - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#rulegroup - ## https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/ - rules: {} - - ## Used to pass Labels that are used by the Prometheus installed in your cluster to select Prometheus Rules to work with - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec - additionalLabels: {} diff --git a/solution-base/mongodb/charts/mongodb/values.schema.json b/solution-base/mongodb/charts/mongodb/values.schema.json deleted file mode 100644 index 9bf39e511a..0000000000 --- a/solution-base/mongodb/charts/mongodb/values.schema.json +++ /dev/null @@ -1,147 +0,0 @@ -{ - "$schema": "http://json-schema.org/schema#", - "type": "object", - "properties": { - "usePassword": { - "type": "boolean", - "title": "Enable password authentication", - "form": true - }, - "mongodbRootPassword": { - "type": "string", - "title": "MongoDB admin password", - "form": true, - "description": "Defaults to a random 10-character alphanumeric string if not set", - "hidden": { - "condition": false, - "value": "usePassword" - } - }, - "mongodbDatabase": { - "type": "string", - "title": "MongoDB custom database", - "description": "Name of the custom database to be created during the 1st initialization of MongoDB", - "form": true - }, - "mongodbUsername": { - "type": "string", - "title": "MongoDB custom user", - "description": "Name of the custom user to be created during the 1st initialization of MongoDB. This user only has permissions on the MongoDB custom database", - "form": true - }, - "mongodbPassword": { - "type": "string", - "title": "Password for MongoDB custom user", - "form": true, - "description": "Defaults to a random 10-character alphanumeric string if not set", - "hidden": { - "condition": false, - "value": "usePassword" - } - }, - "replicaSet": { - "type": "object", - "title": "Replicaset configuration", - "form": true, - "properties": { - "enabled": { - "type": "boolean", - "form": true, - "title": "Enable replicaset configuration" - }, - "replicas": { - "type": "object", - "title": "Number of replicas", - "form": true, - "hidden": { - "condition": false, - "value": "replicaSet.enabled" - }, - "properties": { - "secondary": { - "type": "integer", - "title": "Secondary node replicas", - "description": "Number of secondary node replicas to deploy", - "form": true - }, - "arbiter": { - "type": "integer", - "title": "Arbiter node replicas", - "description": "Number of arbiter node replicas to deploy", - "form": true - } - } - } - } - }, - "persistence": { - "type": "object", - "title": "Persistence configuration", - "form": true, - "properties": { - "enabled": { - "type": "boolean", - "form": true, - "title": "Enable persistence", - "description": "Enable persistence using Persistent Volume Claims" - }, - "size": { - "type": "string", - "title": "Persistent Volume Size", - "form": true, - "render": "slider", - "sliderMin": 1, - "sliderMax": 100, - "sliderUnit": "Gi", - "hidden": { - "condition": false, - "value": "persistence.enabled" - } - } - } - }, - "volumePermissions": { - "type": "object", - "hidden": { - "condition": false, - "value": "persistence.enabled" - }, - "properties": { - "enabled": { - "type": "boolean", - "form": true, - "title": "Enable Init Containers", - "description": "Use an init container to set required folder permissions on the data volume before mounting it in the final destination" - } - } - }, - "metrics": { - "type": "object", - "form": true, - "title": "Prometheus metrics details", - "properties": { - "enabled": { - "type": "boolean", - "title": "Create Prometheus metrics exporter", - "description": "Create a side-car container to expose Prometheus metrics", - "form": true - }, - "serviceMonitor": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "title": "Create Prometheus Operator ServiceMonitor", - "description": "Create a ServiceMonitor to track metrics using Prometheus Operator", - "form": true, - "hidden": { - "condition": false, - "value": "metrics.enabled" - } - } - } - } - } - } - } -} diff --git a/solution-base/mongodb/charts/mongodb/values.yaml b/solution-base/mongodb/charts/mongodb/values.yaml deleted file mode 100644 index 4b3abda985..0000000000 --- a/solution-base/mongodb/charts/mongodb/values.yaml +++ /dev/null @@ -1,510 +0,0 @@ -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry and imagePullSecrets -## -# global: -# imageRegistry: myRegistryName -# imagePullSecrets: -# - myRegistryKeySecretName -# storageClass: myStorageClass - -image: - ## Bitnami MongoDB registry - ## - registry: docker.io - ## Bitnami MongoDB image name - ## - repository: bitnami/mongodb - ## Bitnami MongoDB image tag - ## ref: https://hub.docker.com/r/bitnami/mongodb/tags/ - ## - tag: 4.0.27-debian-9-r118 - ## Specify a imagePullPolicy - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - - ## Set to true if you would like to see extra information on logs - ## It turns on Bitnami debugging in minideb-extras-base - ## ref: https://github.com/bitnami/minideb-extras-base - debug: false - -## String to partially override mongodb.fullname template (will maintain the release name) -## -# nameOverride: - -## String to fully override mongodb.fullname template -## -# fullnameOverride: - -## Init containers parameters: -## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. -## -volumePermissions: - enabled: false - image: - registry: docker.io - repository: bitnami/minideb - tag: stretch - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - resources: {} - -## Enable authentication -## ref: https://docs.mongodb.com/manual/tutorial/enable-authentication/ -# -usePassword: true -# existingSecret: name-of-existing-secret - -## MongoDB admin password -## ref: https://github.com/bitnami/bitnami-docker-mongodb/blob/master/README.md#setting-the-root-password-on-first-run -## -# mongodbRootPassword: - -## MongoDB custom user and database -## ref: https://github.com/bitnami/bitnami-docker-mongodb/blob/master/README.md#creating-a-user-and-database-on-first-run -## -# mongodbUsername: username -# mongodbPassword: password -# mongodbDatabase: database - -## Whether enable/disable IPv6 on MongoDB -## ref: https://github.com/bitnami/bitnami-docker-mongodb/blob/master/README.md#enabling/disabling-ipv6 -## -mongodbEnableIPv6: false - -## Whether enable/disable DirectoryPerDB on MongoDB -## ref: https://github.com/bitnami/bitnami-docker-mongodb/blob/master/README.md#enabling/disabling-directoryperdb -## -mongodbDirectoryPerDB: false - -## MongoDB System Log configuration -## ref: https://github.com/bitnami/bitnami-docker-mongodb#configuring-system-log-verbosity-level -## -mongodbSystemLogVerbosity: 0 -mongodbDisableSystemLog: false - -## MongoDB additional command line flags -## -## Can be used to specify command line flags, for example: -## -## mongodbExtraFlags: -## - "--wiredTigerCacheSizeGB=2" -mongodbExtraFlags: [] - -## Pod Security Context -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ -## -securityContext: - enabled: true - fsGroup: 1001 - runAsUser: 1001 - -## Kubernetes Cluster Domain -clusterDomain: cluster.local - -## Kubernetes service type -service: - ## Specify an explicit service name. - # name: svc-mongo - ## Provide any additional annotations which may be required. - ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart - annotations: {} - type: ClusterIP - # clusterIP: None - port: 27017 - - ## Specify the nodePort value for the LoadBalancer and NodePort service types. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - # nodePort: - - ## Specify the externalIP value ClusterIP service type. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips - # externalIPs: [] - - ## Specify the loadBalancerIP value for LoadBalancer service types. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer - ## - # loadBalancerIP: - - ## Specify the loadBalancerSourceRanges value for LoadBalancer service types. - ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service - ## - # loadBalancerSourceRanges: [] - -# Add custom extra environment variables to all the MongoDB containers -# extraEnvVars: - -## Use StatefulSet instead of Deployment when deploying standalone -useStatefulSet: false - -## Setting up replication -## ref: https://github.com/bitnami/bitnami-docker-mongodb#setting-up-a-replication -# -replicaSet: - ## Whether to create a MongoDB replica set for high availability or not - enabled: false - useHostnames: true - - ## Name of the replica set - ## - name: rs0 - - ## Key used for replica set authentication - ## - # key: key - - ## Number of replicas per each node type - ## - replicas: - secondary: 1 - arbiter: 1 - - ## Pod Disruption Budget - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ - pdb: - enabled: true - minAvailable: - primary: 1 - secondary: 1 - arbiter: 1 - # maxUnavailable: - # primary: 1 - # secondary: 1 - # arbiter: 1 - -# Annotations to be added to the deployment or statefulsets -annotations: {} - -# Additional labels to apply to the deployment or statefulsets -labels: {} - -# Annotations to be added to MongoDB pods -podAnnotations: {} - -# Additional pod labels to apply -podLabels: {} - -## Use an alternate scheduler, e.g. "stork". -## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ -## -# schedulerName: - -## Configure resource requests and limits -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## -resources: {} -# Define separate resources per arbiter, which are less then primary or secondary -# used only when replica set is enabled -resourcesArbiter: {} -# limits: -# cpu: 500m -# memory: 512Mi -# requests: -# cpu: 100m -# memory: 256Mi - -## Pod priority -## https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ -# priorityClassName: "" - -## Node selector -## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector -nodeSelector: {} - -## Affinity -## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -affinity: {} -# Define separate affinity for arbiter pod -affinityArbiter: {} - -## Tolerations -## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -tolerations: [] - -## updateStrategy for MongoDB Primary, Secondary and Arbitrer statefulsets -## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies -updateStrategy: - type: RollingUpdate - -## Add sidecars to the pod -## -## For example: -## sidecars: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -sidecars: [] -## Array to add extra volumes -## -extraVolumes: [] -## Array to add extra mounts (normally used with extraVolumes) -## -extraVolumeMounts: [] - -## Add sidecars to the arbiter pod -# used only when replica set is enabled -## -## For example: -## sidecars: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -sidecarsArbiter: [] -## Array to add extra volumes to the arbiter -# used only when replica set is enabled -## -extraVolumesArbiter: [] -## Array to add extra mounts (normally used with extraVolumes) to the arbiter -# used only when replica set is enabled -## -extraVolumeMountsArbiter: [] - -## Enable persistence using Persistent Volume Claims -## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ -## -persistence: - enabled: true - ## A manually managed Persistent Volume and Claim - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - ## - # existingClaim: - - ## The path the volume will be mounted at, useful when using different - ## MongoDB images. - ## - mountPath: /bitnami/mongodb - - ## The subdirectory of the volume to mount to, useful in dev environments - ## and one PV for multiple services. - ## - subPath: "" - - ## mongodb data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClass: "-" - accessModes: - - ReadWriteOnce - size: 8Gi - annotations: {} - -## Configure the ingress resource that allows you to access the -## MongoDB installation. Set up the URL -## ref: http://kubernetes.io/docs/user-guide/ingress/ -## -ingress: - ## Set to true to enable ingress record generation - enabled: false - - ## Set this to true in order to add the corresponding annotations for cert-manager - certManager: false - - ## Ingress annotations done as key:value pairs - ## For a full list of possible ingress annotations, please see - ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md - ## - ## If tls is set to true, annotation ingress.kubernetes.io/secure-backends: "true" will automatically be set - ## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set - annotations: - # kubernetes.io/ingress.class: nginx - - ## The list of hostnames to be covered with this ingress record. - ## Most likely this will be just one host, but in the event more hosts are needed, this is an array - hosts: - - name: mongodb.local - path: / - - ## The tls configuration for the ingress - ## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls - tls: - - hosts: - - mongodb.local - secretName: mongodb.local-tls - - secrets: - ## If you're providing your own certificates, please use this to add the certificates as secrets - ## key and certificate should start with -----BEGIN CERTIFICATE----- or - ## -----BEGIN RSA PRIVATE KEY----- - ## - ## name should line up with a tlsSecret set further up - ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set - ## - ## It is also possible to create and manage the certificates outside of this helm chart - ## Please see README.md for more information - # - name: airflow.local-tls - # key: - # certificate: - -## Configure the options for init containers to be run before the main app containers -## are started. All init containers are run sequentially and must exit without errors -## for the next one to be started. -## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ -# extraInitContainers: | -# - name: do-something -# image: busybox -# command: ['do', 'something'] - -## Configure extra options for liveness and readiness probes -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) -livenessProbe: - enabled: true - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 -readinessProbe: - enabled: true - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - -# Define custom config map with init scripts -initConfigMap: {} -# name: "init-config-map" - -## Entries for the MongoDB config file. For documentation of all options, see: -## http://docs.mongodb.org/manual/reference/configuration-options/ -## -configmap: -# # where and how to store data. -# storage: -# dbPath: /bitnami/mongodb/data/db -# journal: -# enabled: true -# directoryPerDB: false -# # where to write logging data. -# systemLog: -# destination: file -# quiet: false -# logAppend: true -# logRotate: reopen -# path: /opt/bitnami/mongodb/logs/mongodb.log -# verbosity: 0 -# # network interfaces -# net: -# port: 27017 -# unixDomainSocket: -# enabled: true -# pathPrefix: /opt/bitnami/mongodb/tmp -# ipv6: false -# bindIpAll: true -# # replica set options -# #replication: -# #replSetName: replicaset -# #enableMajorityReadConcern: true -# # process management options -# processManagement: -# fork: false -# pidFilePath: /opt/bitnami/mongodb/tmp/mongodb.pid -# # set parameter options -# setParameter: -# enableLocalhostAuthBypass: true -# # security options -# security: -# authorization: disabled -# #keyFile: /opt/bitnami/mongodb/conf/keyfile - -## Prometheus Exporter / Metrics -## -metrics: - enabled: false - - image: - registry: docker.io - repository: bitnami/mongodb-exporter - tag: 0.34.0-debian-11-r24 - pullPolicy: IfNotPresent - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - ## String with extra arguments to the metrics exporter - ## ref: https://github.com/percona/mongodb_exporter/blob/master/mongodb_exporter.go - ## - ## We use "--compatible-mode" flag to export old metric: "mongodb_mongod_replset_oplog_head_timestamp" - ## for mongoDB and backbeat dashboards. - extraArgs: "--collector.diagnosticdata --collector.replicasetstatus --collector.dbstats --collector.topmetrics --compatible-mode" - - ## Metrics exporter resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## - # resources: {} - - ## Metrics exporter liveness and readiness probes - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) - livenessProbe: - enabled: false - initialDelaySeconds: 15 - periodSeconds: 5 - timeoutSeconds: 5 - failureThreshold: 3 - successThreshold: 1 - readinessProbe: - enabled: false - initialDelaySeconds: 5 - periodSeconds: 5 - timeoutSeconds: 1 - failureThreshold: 3 - successThreshold: 1 - - ## Metrics exporter pod Annotation - podAnnotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9216" - - ## Prometheus Service Monitor - ## ref: https://github.com/coreos/prometheus-operator - ## https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md - serviceMonitor: - ## If the operator is installed in your cluster, set to true to create a Service Monitor Entry - enabled: false - - ## Specify a namespace if needed - # namespace: monitoring - - ## Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec - additionalLabels: {} - - ## Specify Metric Relabellings to add to the scrape endpoint - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint - # relabellings: - - alerting: - ## Define individual alerting rules as required - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#rulegroup - ## https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/ - rules: {} - - ## Used to pass Labels that are used by the Prometheus installed in your cluster to select Prometheus Rules to work with - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec - additionalLabels: {} diff --git a/solution-base/mongodb/patches/create-app-creds.patch b/solution-base/mongodb/patches/create-app-creds.patch deleted file mode 100644 index 6d1c4ed5c6..0000000000 --- a/solution-base/mongodb/patches/create-app-creds.patch +++ /dev/null @@ -1,101 +0,0 @@ -diff --git a/solution-base/mongodb/charts/mongodb/files/docker-entrypoint-initdb.d/create-app-user.sh b/solution-base/mongodb/charts/mongodb/files/docker-entrypoint-initdb.d/create-app-user.sh -new file mode 100644 -index 00000000..886b73d9 ---- /dev/null -+++ b/solution-base/mongodb/charts/mongodb/files/docker-entrypoint-initdb.d/create-app-user.sh -@@ -0,0 +1,30 @@ -+#!/bin/bash -+ -+create_user() { -+ mongo --host $MONGODB_HOSTS -u 'root' -p "$MONGODB_ROOT_PASSWORD" <