core/oc-k8s
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Running all stack

Browse Source
This commit is contained in:
mr
2026-01-06 08:23:16 +01:00
parent 5a0651106d
commit 3d416169e3
56 changed files with 1974 additions and 435 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
opencloud/charts/mongodb/templates/NOTES.txt
View File

@@ -2,6 +2,10 @@ CHART NAME: {{ .Chart.Name }}
CHART VERSION: {{ .Chart.Version }}
APP VERSION: {{ .Chart.AppVersion }}
⚠ WARNING: Since August 28th, 2025, only a limited subset of images/charts are available for free.
Subscribe to Bitnami Secure Images to receive continued support and security updates.
More info at https://bitnami.com and https://github.com/bitnami/containers/issues/83267
{{- if .Values.diagnosticMode.enabled }}
The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with:
@@ -168,4 +172,5 @@ Then, open the obtained URL in a browser.
{{- include "common.warnings.rollingTag" .Values.tls.image }}
{{- include "mongodb.validateValues" . }}
{{- include "common.warnings.resources" (dict "sections" (list "arbiter" "externalAccess.autoDiscovery" "hidden" "metrics" "" "tls" "volumePermissions") "context" $) }}
{{- include "common.warnings.modifiedImages" (dict "images" (list .Values.image .Values.tls.image .Values.externalAccess.autoDiscovery.image .Values.externalAccess.dnsCheck.image .Values.volumePermissions.image .Values.metrics.image) "context" $) }}
{{- include "common.warnings.modifiedImages" (dict "images" (list .Values.image .Values.tls.image .Values.externalAccess.autoDiscovery.image .Values.externalAccess.dnsCheck.image .Values.volumePermissions.image .Values.metrics.image) "context" $) }}
{{- include "common.errors.insecureImages" (dict "images" (list .Values.image .Values.tls.image .Values.externalAccess.autoDiscovery.image .Values.externalAccess.dnsCheck.image .Values.volumePermissions.image .Values.metrics.image) "context" $) }}

35
opencloud/charts/mongodb/templates/_helpers.tpl
View File

@@ -309,6 +309,11 @@ Init container definition to change/establish volume permissions.
{{- else if ne .Values.volumePermissions.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }}
{{- end }}
{{- if include "common.fips.enabled" . }}
env:
- name: OPENSSL_FIPS
value: {{ include "common.fips.config" (dict "tech" "openssl" "fips" .Values.volumePermissions.fips "global" .Values.global) | quote }}
{{- end }}
volumeMounts:
- name: empty-dir
mountPath: /tmp
@@ -338,6 +343,11 @@ Init container definition to recover log dir.
{{- else if ne .Values.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" .Values.resourcesPreset) | nindent 12 }}
{{- end }}
{{- if include "common.fips.enabled" . }}
env:
- name: OPENSSL_FIPS
value: {{ include "common.fips.config" (dict "tech" "openssl" "fips" .Values.fips "global" .Values.global) | quote }}
{{- end }}
volumeMounts:
- name: empty-dir
mountPath: /opt/bitnami/mongodb/logs
@@ -366,6 +376,11 @@ Init container definition to get external IP addresses.
{{- else if ne .Values.externalAccess.autoDiscovery.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" .Values.externalAccess.autoDiscovery.resourcesPreset) | nindent 12 }}
{{- end }}
{{- if include "common.fips.enabled" . }}
env:
- name: OPENSSL_FIPS
value: {{ include "common.fips.config" (dict "tech" "openssl" "fips" .Values.externalAccess.autoDiscovery.fips "global" .Values.global) | quote }}
{{- end }}
volumeMounts:
- name: shared
mountPath: /shared
@@ -401,6 +416,11 @@ Init container definition to wait external DNS names.
{{- else if ne .Values.externalAccess.dnsCheck.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" .Values.externalAccess.dnsCheck.resourcesPreset) | nindent 12 }}
{{- end }}
{{- if include "common.fips.enabled" . }}
env:
- name: OPENSSL_FIPS
value: {{ include "common.fips.config" (dict "tech" "openssl" "fips" .Values.externalAccess.dnsCheck.fips "global" .Values.global) | quote }}
{{- end }}
{{- end -}}
{{/*
@@ -644,24 +664,13 @@ Validate values of MongoDB® exporter URI string - auth.enabled and/or tls.en
{{- end -}}
{{- if .Values.metrics.username -}}
{{- $uriAuth := ternary "$(echo $MONGODB_METRICS_USERNAME | sed -r \"s/@/%40/g;s/:/%3A/g\"):$(echo $MONGODB_METRICS_PASSWORD | sed -r \"s/@/%40/g;s/:/%3A/g\")@" "" .Values.auth.enabled -}}
{{- printf "mongodb://%slocalhost:%d/admin?%s" $uriAuth (int .Values.containerPorts.mongodb) $tlsArgs -}}
{{- printf "mongodb://%s$(hostname -s):%d/admin?%s" $uriAuth (int .Values.containerPorts.mongodb) $tlsArgs -}}
{{- else -}}
{{- $uriAuth := ternary "$MONGODB_ROOT_USER:$(echo $MONGODB_ROOT_PASSWORD | sed -r \"s/@/%40/g;s/:/%3A/g\")@" "" .Values.auth.enabled -}}
{{- printf "mongodb://%slocalhost:%d/admin?%s" $uriAuth (int .Values.containerPorts.mongodb) $tlsArgs -}}
{{- printf "mongodb://%s$(hostname -s):%d/admin?%s" $uriAuth (int .Values.containerPorts.mongodb) $tlsArgs -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiGroup for PodSecurityPolicy.
*/}}
{{- define "podSecurityPolicy.apiGroup" -}}
{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
{{- print "policy" -}}
{{- else -}}
{{- print "extensions" -}}
{{- end -}}
{{- end -}}
{{/*
Return true if a TLS secret object should be created
*/}}

37
opencloud/charts/mongodb/templates/arbiter/statefulset.yaml
View File

@@ -87,7 +87,7 @@ spec:
{{- if .Values.arbiter.initContainers }}
{{- include "common.tplvalues.render" (dict "value" .Values.arbiter.initContainers "context" $) | nindent 8 }}
{{- end }}
{{- if and .Values.externalAccess.enabled ( or .Values.externalAccess.service.publicNames .Values.externalAccess.service.domain ) }}
{{- if and .Values.externalAccess.enabled .Values.externalAccess.service.publicNames }}
{{- include "mongodb.initContainers.dnsCheck" . | nindent 8 }}
{{- end }}
{{- if and .Values.tls.enabled .Values.arbiter.enabled }}
@@ -107,6 +107,10 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.name
{{- if include "common.fips.enabled" . }}
- name: OPENSSL_FIPS
value: {{ include "common.fips.config" (dict "tech" "openssl" "fips" .Values.tls.fips "global" .Values.global) | quote }}
{{- end }}
volumeMounts:
- name: empty-dir
mountPath: /tmp
@@ -126,6 +130,9 @@ spec:
- /bitnami/scripts/generate-certs.sh
args:
- -s {{ include "mongodb.arbiter.service.nameOverride" . }}
{{- if .Values.tls.securityContext }}
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.tls.securityContext "context" $) | nindent 12 }}
{{- end }}
{{- end }}
containers:
- name: mongodb-arbiter
@@ -164,6 +171,10 @@ spec:
value: {{ include "mongodb.initialPrimaryHost" . | quote }}
- name: MONGODB_REPLICA_SET_NAME
value: {{ .Values.replicaSetName | quote }}
{{- if include "common.fips.enabled" . }}
- name: OPENSSL_FIPS
value: {{ include "common.fips.config" (dict "tech" "openssl" "fips" .Values.arbiter.fips "global" .Values.global) | quote }}
{{- end }}
- name: MONGODB_ADVERTISED_HOSTNAME
value: "$(MY_POD_NAME).{{ include "mongodb.arbiter.service.nameOverride" . }}.$(MY_POD_NAMESPACE).svc.{{ .Values.clusterDomain }}"
- name: MONGODB_PORT_NUMBER
@@ -173,6 +184,12 @@ spec:
{{- if .Values.auth.enabled }}
- name: MONGODB_INITIAL_PRIMARY_ROOT_USER
value: {{ .Values.auth.rootUser | quote }}
{{- if .Values.usePasswordFiles }}
- name: MONGODB_INITIAL_PRIMARY_ROOT_PASSWORD_FILE
value: "/opt/bitnami/mongodb/secrets/mongodb-root-password"
- name: MONGODB_REPLICA_SET_KEY_FILE
value: "/opt/bitnami/mongodb/secrets/mongodb-replica-set-key"
{{- else }}
- name: MONGODB_INITIAL_PRIMARY_ROOT_PASSWORD
valueFrom:
secretKeyRef:
@@ -184,6 +201,7 @@ spec:
name: {{ include "mongodb.secretName" . }}
key: mongodb-replica-set-key
{{- end }}
{{- end }}
- name: ALLOW_EMPTY_PASSWORD
value: {{ ternary "no" "yes" .Values.auth.enabled | quote }}
{{- $extraFlags := .Values.arbiter.extraFlags | join " " -}}
@@ -265,6 +283,10 @@ spec:
- name: empty-dir
mountPath: /bitnami/mongodb
subPath: app-volume-dir
{{- if and .Values.usePasswordFiles .Values.auth.enabled }}
- name: mongodb-secrets
mountPath: /opt/bitnami/mongodb/secrets
{{- end }}
{{- if or .Values.arbiter.configuration .Values.arbiter.existingConfigmap }}
- name: config
mountPath: /opt/bitnami/mongodb/conf/mongodb.conf
@@ -283,11 +305,16 @@ spec:
volumes:
- name: empty-dir
emptyDir: {}
{{- if or .Values.arbiter.configuration .Values.arbiter.existingConfigmap .Values.arbiter.extraVolumes .Values.tls.enabled }}
{{- if and .Values.usePasswordFiles .Values.auth.enabled }}
- name: mongodb-secrets
secret:
secretName: {{ include "mongodb.secretName" . }}
{{- end }}
{{- if or .Values.arbiter.configuration .Values.arbiter.existingConfigmap .Values.arbiter.extraVolumes .Values.tls.enabled }}
- name: common-scripts
configMap:
name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }}
defaultMode: 0o555
defaultMode: 0555
{{- if or .Values.arbiter.configuration .Values.arbiter.existingConfigmap }}
- name: config
configMap:
@@ -303,10 +330,10 @@ spec:
items:
- key: mongodb-ca-cert
path: mongodb-ca-cert
mode: 0o600
mode: 0600
- key: mongodb-ca-key
path: mongodb-ca-key
mode: 0o600
mode: 0600
{{- else }}
- name: mongodb-certs-0
secret:

48
opencloud/charts/mongodb/templates/backup/cronjob.yaml
View File

@@ -28,8 +28,8 @@ metadata:
{{- end }}
spec:
schedule: {{ quote .Values.backup.cronjob.schedule }}
{{- if .Values.backup.cronjob.timezone }}
timeZone: {{ .Values.backup.cronjob.timezone | quote }}
{{- if .Values.backup.cronjob.timeZone }}
timeZone: {{ .Values.backup.cronjob.timeZone | quote }}
{{- end }}
concurrencyPolicy: {{ .Values.backup.cronjob.concurrencyPolicy }}
failedJobsHistoryLimit: {{ .Values.backup.cronjob.failedJobsHistoryLimit }}
@@ -70,6 +70,7 @@ spec:
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.podSecurityContext "context" $) | nindent 12 }}
{{- end }}
enableServiceLinks: {{ .Values.enableServiceLinks }}
serviceAccountName: {{ .Values.backup.cronjob.serviceAccount.name | quote }}
{{- if .Values.tls.enabled }}
initContainers:
- name: generate-tls-certs
@@ -84,6 +85,10 @@ spec:
valueFrom:
fieldRef:
fieldPath: status.hostIP
{{- if include "common.fips.enabled" . }}
- name: OPENSSL_FIPS
value: {{ include "common.fips.config" (dict "tech" "openssl" "fips" .Values.tls.fips "global" .Values.global) | quote }}
{{- end }}
volumeMounts:
- name: empty-dir
mountPath: /tmp
@@ -114,27 +119,39 @@ spec:
{{- else if ne .Values.tls.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" .Values.tls.resourcesPreset) | nindent 16 }}
{{- end }}
{{- if .Values.tls.securityContext }}
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.tls.securityContext "context" $) | nindent 16 }}
{{- end }}
{{- end }}
containers:
- name: {{ include "mongodb.fullname" . }}-mongodump
image: {{ include "mongodb.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
env:
{{- if .Values.auth.enabled }}
{{- if .Values.auth.enabled }}
- name: MONGODB_ROOT_USER
value: {{ .Values.auth.rootUser | quote }}
{{- if .Values.usePasswordFiles }}
- name: MONGODB_ROOT_PASSWORD_FILE
value: "/opt/bitnami/mongodb/secrets/mongodb-root-password"
{{- else }}
- name: MONGODB_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "mongodb.secretName" . }}
key: mongodb-root-password
{{- end }}
{{- end }}
{{- end }}
- name: MONGODB_SERVICE_NAME
value: {{ include "mongodb.service.nameOverride" . }}
- name: MONGODB_PORT_NUMBER
value: {{ .Values.containerPorts.mongodb | quote }}
- name: MONGODUMP_DIR
value: {{ .Values.backup.cronjob.storage.mountPath }}
{{- if include "common.fips.enabled" . }}
- name: OPENSSL_FIPS
value: {{ include "common.fips.config" (dict "tech" "openssl" "fips" .Values.backup.cronjob.fips "global" .Values.global) | quote }}
{{- end }}
{{- if .Values.tls.enabled }}
- name: MONGODB_CLIENT_EXTRA_FLAGS
value: --ssl --sslPEMKeyFile=/certs/mongodb.pem --sslCAFile=/certs/mongodb-ca-cert
@@ -143,9 +160,13 @@ spec:
command: {{- include "common.tplvalues.render" (dict "value" .Values.backup.cronjob.command "context" $) | nindent 14 }}
{{- else }}
command:
- /bin/sh
- /bin/bash
- -c
- "mongodump {{- if .Values.auth.enabled }} --username=${MONGODB_ROOT_USER} --password=${MONGODB_ROOT_PASSWORD} --authenticationDatabase=admin {{- end }} --host=${MONGODB_SERVICE_NAME} --port=${MONGODB_PORT_NUMBER} ${MONGODB_CLIENT_EXTRA_FLAGS} {{- if (eq $.Values.architecture "replicaset") }}--oplog{{- end }} --gzip --archive=${MONGODUMP_DIR}/mongodump-$(date '+%Y-%m-%d-%H-%M').gz"
- |
{{- if and .Values.auth.enabled .Values.usePasswordFiles }}
export MONGODB_ROOT_PASSWORD="$(< $MONGODB_ROOT_PASSWORD_FILE)"
{{- end }}
mongodump {{- if .Values.auth.enabled }} --username=${MONGODB_ROOT_USER} --password=${MONGODB_ROOT_PASSWORD} --authenticationDatabase=admin {{- end }} --host=${MONGODB_SERVICE_NAME} --port=${MONGODB_PORT_NUMBER} ${MONGODB_CLIENT_EXTRA_FLAGS} {{- if (eq $.Values.architecture "replicaset") }}--oplog{{- end }} --gzip --archive=${MONGODUMP_DIR}/mongodump-$(date '+%Y-%m-%d-%H-%M').gz
{{- end }}
{{- if .Values.backup.cronjob.resources }}
resources: {{- include "common.tplvalues.render" (dict "value" .Values.backup.cronjob.resources "context" $) | nindent 14 }}
@@ -156,6 +177,10 @@ spec:
- name: empty-dir
mountPath: /tmp
subPath: tmp-dir
{{- if and .Values.usePasswordFiles .Values.auth.enabled }}
- name: mongodb-secrets
mountPath: /opt/bitnami/mongodb/secrets
{{- end }}
{{- if .Values.tls.enabled }}
- name: certs
mountPath: /certs
@@ -181,7 +206,12 @@ spec:
- name: common-scripts
configMap:
name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }}
defaultMode: 0o550
defaultMode: 0550
{{- if and .Values.usePasswordFiles .Values.auth.enabled }}
- name: mongodb-secrets
secret:
secretName: {{ include "mongodb.secretName" . }}
{{- end }}
{{- if .Values.tls.enabled }}
- name: certs
emptyDir: {}
@@ -192,10 +222,10 @@ spec:
items:
- key: mongodb-ca-cert
path: mongodb-ca-cert
mode: 0o600
mode: 0600
- key: mongodb-ca-key
path: mongodb-ca-key
mode: 0o600
mode: 0600
{{- else }}
- name: mongodb-certs-0
secret:

74
opencloud/charts/mongodb/templates/hidden/statefulset.yaml
View File

@@ -96,7 +96,7 @@ spec:
{{- if and .Values.externalAccess.hidden.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.hidden.service.type "LoadBalancer") }}
{{- include "mongodb.initContainers.autoDiscovery" . | indent 8 }}
{{- end }}
{{- if and .Values.externalAccess.enabled ( or .Values.externalAccess.service.publicNames .Values.externalAccess.service.domain ) }}
{{- if and .Values.externalAccess.enabled .Values.externalAccess.service.publicNames }}
{{- include "mongodb.initContainers.dnsCheck" . | indent 8 }}
{{- end }}
{{- include "mongodb.initContainer.prepareLogDir" . | nindent 8 }}
@@ -117,6 +117,10 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.name
{{- if include "common.fips.enabled" . }}
- name: OPENSSL_FIPS
value: {{ include "common.fips.config" (dict "tech" "openssl" "fips" .Values.tls.fips "global" .Values.global) | quote }}
{{- end }}
volumeMounts:
{{- if (include "mongodb.autoGenerateCerts" .) }}
- name: certs-volume
@@ -149,6 +153,9 @@ spec:
{{- else if ne .Values.tls.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" .Values.tls.resourcesPreset) | nindent 12 }}
{{- end }}
{{- if .Values.tls.securityContext }}
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.tls.securityContext "context" $) | nindent 12 }}
{{- end }}
{{- end }}
containers:
- name: mongodb
@@ -196,6 +203,10 @@ spec:
value: "hidden"
- name: MONGODB_INITIAL_PRIMARY_HOST
value: {{ include "mongodb.initialPrimaryHost" . | quote }}
{{- if include "common.fips.enabled" . }}
- name: OPENSSL_FIPS
value: {{ include "common.fips.config" (dict "tech" "openssl" "fips" .Values.hidden.fips "global" .Values.global) | quote }}
{{- end }}
- name: MONGODB_REPLICA_SET_NAME
value: {{ .Values.replicaSetName | quote }}
{{- if and .Values.replicaSetHostnames (not .Values.externalAccess.hidden.enabled) }}
@@ -214,14 +225,25 @@ spec:
{{- end }}
{{- if .Values.auth.enabled }}
{{- if and (not (empty $customUsers)) (not (empty $customDatabases)) }}
{{- if .Values.usePasswordFiles }}
- name: MONGODB_EXTRA_PASSWORDS_FILE
value: "/opt/bitnami/mongodb/secrets/mongodb-passwords"
{{- else }}
- name: MONGODB_EXTRA_PASSWORDS
valueFrom:
secretKeyRef:
name: {{ include "mongodb.secretName" . }}
key: mongodb-passwords
{{- end }}
{{- end }}
- name: MONGODB_ROOT_USER
value: {{ .Values.auth.rootUser | quote }}
{{- if .Values.usePasswordFiles }}
- name: MONGODB_ROOT_PASSWORD_FILE
value: "/opt/bitnami/mongodb/secrets/mongodb-root-password"
- name: MONGODB_REPLICA_SET_KEY_FILE
value: "/opt/bitnami/mongodb/secrets/mongodb-replica-set-key"
{{- else }}
- name: MONGODB_ROOT_PASSWORD
valueFrom:
secretKeyRef:
@@ -233,10 +255,15 @@ spec:
name: {{ include "mongodb.secretName" . }}
key: mongodb-replica-set-key
{{- end }}
{{- end }}
{{- if and .Values.metrics.enabled (not (empty .Values.metrics.username)) }}
- name: MONGODB_METRICS_USERNAME
value: {{ .Values.metrics.username | quote }}
{{- if .Values.auth.enabled }}
{{- if .Values.usePasswordFiles }}
- name: MONGODB_METRICS_PASSWORD_FILE
value: "/opt/bitnami/mongodb/secrets/mongodb-metrics-password"
{{- else }}
- name: MONGODB_METRICS_PASSWORD
valueFrom:
secretKeyRef:
@@ -244,6 +271,7 @@ spec:
key: mongodb-metrics-password
{{- end }}
{{- end }}
{{- end }}
- name: ALLOW_EMPTY_PASSWORD
value: {{ ternary "no" "yes" .Values.auth.enabled | quote }}
- name: MONGODB_SYSTEM_LOG_VERBOSITY
@@ -329,6 +357,10 @@ spec:
subPath: {{ .Values.hidden.persistence.subPath }}
- name: common-scripts
mountPath: /bitnami/scripts
{{- if and .Values.usePasswordFiles .Values.auth.enabled }}
- name: mongodb-secrets
mountPath: /opt/bitnami/mongodb/secrets
{{- end }}
{{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }}
- name: custom-init-scripts
mountPath: /docker-entrypoint-initdb.d
@@ -390,6 +422,13 @@ spec:
{{- else }}
args:
- |
{{- if and .Values.usePasswordFiles .Values.auth.enabled }}
{{- if .Values.metrics.username }}
export MONGODB_METRICS_PASSWORD="$(< $MONGODB_METRICS_PASSWORD_FILE)"
{{- else }}
export MONGODB_ROOT_PASSWORD="$(< $MONGODB_ROOT_PASSWORD_FILE)"
{{- end }}
{{- end }}
/bin/mongodb_exporter {{ include "mongodb.exporterArgs" $ }} --mongodb.direct-connect --mongodb.global-conn-pool --mongodb.uri "{{ include "mongodb.mongodb_exporter.uri" . }}" {{ .Values.metrics.extraFlags }}
{{- end }}
env:
@@ -397,14 +436,23 @@ spec:
{{- if not .Values.metrics.username }}
- name: MONGODB_ROOT_USER
value: {{ .Values.auth.rootUser | quote }}
{{- if .Values.usePasswordFiles }}
- name: MONGODB_ROOT_PASSWORD_FILE
value: "/opt/bitnami/mongodb/secrets/mongodb-root-password"
{{- else }}
- name: MONGODB_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "mongodb.secretName" . }}
key: mongodb-root-password
{{- end }}
{{- else }}
- name: MONGODB_METRICS_USERNAME
value: {{ .Values.metrics.username | quote }}
{{- if .Values.usePasswordFiles }}
- name: MONGODB_METRICS_PASSWORD_FILE
value: "/opt/bitnami/mongodb/secrets/mongodb-metrics-password"
{{- else }}
- name: MONGODB_METRICS_PASSWORD
valueFrom:
secretKeyRef:
@@ -412,10 +460,21 @@ spec:
key: mongodb-metrics-password
{{- end }}
{{- end }}
{{- end }}
{{- if include "common.fips.enabled" . }}
- name: OPENSSL_FIPS
value: {{ include "common.fips.config" (dict "tech" "openssl" "fips" .Values.metrics.fips "global" .Values.global) | quote }}
- name: GODEBUG
value: {{ include "common.fips.config" (dict "tech" "golang" "fips" .Values.metrics.fips "global" .Values.global) | quote }}
{{- end }}
volumeMounts:
- name: empty-dir
mountPath: /tmp
subPath: tmp-dir
{{- if and .Values.usePasswordFiles .Values.auth.enabled }}
- name: mongodb-secrets
mountPath: /opt/bitnami/mongodb/secrets
{{- end }}
{{- if .Values.tls.enabled }}
- name: certs
mountPath: /certs
@@ -468,7 +527,12 @@ spec:
- name: common-scripts
configMap:
name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }}
defaultMode: 0o555
defaultMode: 0555
{{- if and .Values.usePasswordFiles .Values.auth.enabled }}
- name: mongodb-secrets
secret:
secretName: {{ include "mongodb.secretName" . }}
{{- end }}
{{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }}
- name: custom-init-scripts
configMap:
@@ -486,7 +550,7 @@ spec:
- name: scripts
configMap:
name: {{ printf "%s-scripts" (include "mongodb.fullname" .) }}
defaultMode: 0o755
defaultMode: 0755
{{- if .Values.hidden.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.hidden.extraVolumes "context" $) | nindent 8 }}
{{- end }}
@@ -500,10 +564,10 @@ spec:
items:
- key: mongodb-ca-cert
path: mongodb-ca-cert
mode: 0o600
mode: 0600
- key: mongodb-ca-key
path: mongodb-ca-key
mode: 0o600
mode: 0600
{{- else }}
{{- range $index, $secret := .Values.tls.hidden.existingSecrets }}
- name: mongodb-certs-{{ $index }}

4
opencloud/charts/mongodb/templates/networkpolicy.yaml
View File

@@ -57,7 +57,7 @@ spec:
{{- end }}
{{- end }}
{{- if .Values.networkPolicy.extraEgress }}
{{- include "common.tplvalues.render" ( dict "value" .Values.rts.networkPolicy.extraEgress "context" $ ) | nindent 4 }}
{{- include "common.tplvalues.render" ( dict "value" .Values.networkPolicy.extraEgress "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
ingress:
@@ -95,4 +95,4 @@ spec:
{{- if $extraIngress }}
{{- include "common.tplvalues.render" ( dict "value" $extraIngress "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}

34
opencloud/charts/mongodb/templates/replicaset/scripts-configmap.yaml
View File

@@ -111,11 +111,12 @@ data:
{{- $replicaCount := int .Values.replicaCount }}
{{- $portNumber := int .Values.service.ports.mongodb }}
{{- $fullname := include "mongodb.fullname" . }}
{{- $serviceName := include "mongodb.service.nameOverride" . }}
{{- $releaseNamespace := include "mongodb.namespace" . }}
{{- $clusterDomain := .Values.clusterDomain }}
{{- $mongoList := list }}
{{- range $e, $i := until $replicaCount }}
{{- $mongoList = append $mongoList (printf "%s-%d.%s-headless.%s.svc.%s:%d" $fullname $i $fullname $releaseNamespace $clusterDomain $portNumber) }}
{{- $mongoList = append $mongoList (printf "%s-%d.%s.%s.svc.%s:%d" $fullname $i $serviceName $releaseNamespace $clusterDomain $portNumber) }}
{{- end }}
{{- if .Values.externalAccess.externalMaster.enabled }}
@@ -254,28 +255,34 @@ data:
# read rs.conf again and store it. settings format is '"<key>" : <value>,'
currentRsConf=$(mongosh ${usernameAndPassword} --eval 'rs.conf()')
desiredEqualsactual=unknown
desiredEqualsActual=unknown
settingsToConfigure=""
for key in ${!desiredRsConf[@]}; do
value=${desiredRsConf[$key]}
if ! $(echo "\"${currentRsConf}"\" | grep -q -e "${key}: ${value},"); then
if [[ $key =~ ^members\[[0-9]+\]\..+ ]]; then
memberIndex=$(echo $key | grep -o -E '[0-9]+')
nodeConfigKey=${key#*.}
settingsToConfigure="${settingsToConfigure}cfg.members[${memberIndex}].${nodeConfigKey} = ${value}; "
if [[ $key =~ ^members\[[0-9]+\]\..+ ]]; then
# Replica set member specific setting
if [[ "$(mongosh --eval "cfg=${currentRsConf}; cfg.${key}" 2>/dev/null)" != "${value}" ]]; then
desiredEqualsActual=false
logger "rs conf: ${key} needs to be updated to desired value: ${value}"
settingsToConfigure="${settingsToConfigure}cfg.${key} = ${value}; "
else
# General rs settings
settingsToConfigure="${settingsToConfigure}cfg.settings.${key} = ${value}; "
logger "rs conf: ${key} is already at desired value: ${value}"
fi
desiredEqualsactual=false
else
logger "rs conf: ${key} is already at desired value: ${value}"
# General rs setting
if [[ "$(mongosh --eval "cfg=${currentRsConf}; cfg.settings.${key}" 2>/dev/null)" != "${value}" ]]; then
desiredEqualsActual=false
logger "rs conf: ${key} needs to be updated to desired value: ${value}"
settingsToConfigure="${settingsToConfigure}cfg.settings.${key} = ${value}; "
else
logger "rs conf: ${key} is already at desired value: ${value}"
fi
fi
done
if [[ "${desiredEqualsactual}" != "false" ]]; then
if [[ "${desiredEqualsActual}" != "false" ]]; then
logger "replicaSetConfigurationSettings match the settings of the currently running rs"
desiredEqualsactual=true
desiredEqualsActual=true
rs_conf_configured_ok=true
logger "Current settings match desired settings (There have been ${rsConfWriteAttempts} attempts to write to mongoDB rs configuration)"
exit
@@ -313,4 +320,3 @@ data:
done
{{- end }}
{{- end }}

75
opencloud/charts/mongodb/templates/replicaset/statefulset.yaml
View File

@@ -97,7 +97,7 @@ spec:
{{- if and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.service.type "LoadBalancer") }}
{{- include "mongodb.initContainers.autoDiscovery" . | nindent 8 }}
{{- end }}
{{- if and .Values.externalAccess.enabled ( or .Values.externalAccess.service.publicNames .Values.externalAccess.service.domain ) }}
{{- if and .Values.externalAccess.enabled .Values.externalAccess.service.publicNames }}
{{- include "mongodb.initContainers.dnsCheck" . | nindent 8 }}
{{- end }}
{{- include "mongodb.initContainer.prepareLogDir" . | nindent 8 }}
@@ -118,6 +118,10 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.name
{{- if include "common.fips.enabled" . }}
- name: OPENSSL_FIPS
value: {{ include "common.fips.config" (dict "tech" "openssl" "fips" .Values.tls.fips "global" .Values.global) | quote }}
{{- end }}
volumeMounts:
{{- if (include "mongodb.autoGenerateCerts" .) }}
- name: certs-volume
@@ -200,6 +204,10 @@ spec:
value: {{ include "mongodb.initialPrimaryHost" . | quote }}
- name: MONGODB_REPLICA_SET_NAME
value: {{ .Values.replicaSetName | quote }}
{{- if include "common.fips.enabled" . }}
- name: OPENSSL_FIPS
value: {{ include "common.fips.config" (dict "tech" "openssl" "fips" .Values.fips "global" .Values.global) | quote }}
{{- end }}
{{- if and .Values.replicaSetHostnames (not .Values.externalAccess.enabled) }}
- name: MONGODB_ADVERTISED_HOSTNAME
value: "$(MY_POD_NAME).{{ include "mongodb.service.nameOverride" . }}.$(MY_POD_NAMESPACE).svc.{{ .Values.clusterDomain }}"
@@ -216,14 +224,25 @@ spec:
{{- end }}
{{- if .Values.auth.enabled }}
{{- if and (not (empty $customUsers)) (not (empty $customDatabases)) }}
{{- if .Values.usePasswordFiles }}
- name: MONGODB_EXTRA_PASSWORDS_FILE
value: "/opt/bitnami/mongodb/secrets/mongodb-passwords"
{{- else }}
- name: MONGODB_EXTRA_PASSWORDS
valueFrom:
secretKeyRef:
name: {{ include "mongodb.secretName" . }}
key: mongodb-passwords
{{- end }}
{{- end }}
- name: MONGODB_ROOT_USER
value: {{ .Values.auth.rootUser | quote }}
{{- if .Values.usePasswordFiles }}
- name: MONGODB_ROOT_PASSWORD_FILE
value: "/opt/bitnami/mongodb/secrets/mongodb-root-password"
- name: MONGODB_REPLICA_SET_KEY_FILE
value: "/opt/bitnami/mongodb/secrets/mongodb-replica-set-key"
{{- else }}
- name: MONGODB_ROOT_PASSWORD
valueFrom:
secretKeyRef:
@@ -235,10 +254,15 @@ spec:
name: {{ include "mongodb.secretName" . }}
key: mongodb-replica-set-key
{{- end }}
{{- end }}
{{- if and .Values.metrics.enabled (not (empty .Values.metrics.username)) }}
- name: MONGODB_METRICS_USERNAME
value: {{ .Values.metrics.username | quote }}
{{- if .Values.auth.enabled }}
{{- if .Values.usePasswordFiles }}
- name: MONGODB_METRICS_PASSWORD_FILE
value: "/opt/bitnami/mongodb/secrets/mongodb-metrics-password"
{{- else }}
- name: MONGODB_METRICS_PASSWORD
valueFrom:
secretKeyRef:
@@ -246,6 +270,7 @@ spec:
key: mongodb-metrics-password
{{- end }}
{{- end }}
{{- end }}
- name: ALLOW_EMPTY_PASSWORD
value: {{ ternary "no" "yes" .Values.auth.enabled | quote }}
- name: MONGODB_SYSTEM_LOG_VERBOSITY
@@ -341,6 +366,10 @@ spec:
- name: empty-dir
mountPath: /.mongodb
subPath: mongosh-home
{{- if and .Values.usePasswordFiles .Values.auth.enabled }}
- name: mongodb-secrets
mountPath: /opt/bitnami/mongodb/secrets
{{- end }}
- name: {{ .Values.persistence.name | default "datadir" }}
mountPath: {{ .Values.persistence.mountPath }}
subPath: {{ .Values.persistence.subPath }}
@@ -397,6 +426,13 @@ spec:
{{- else }}
args:
- |
{{- if and .Values.usePasswordFiles .Values.auth.enabled }}
{{- if .Values.metrics.username }}
export MONGODB_METRICS_PASSWORD="$(< $MONGODB_METRICS_PASSWORD_FILE)"
{{- else }}
export MONGODB_ROOT_PASSWORD="$(< $MONGODB_ROOT_PASSWORD_FILE)"
{{- end }}
{{- end }}
/bin/mongodb_exporter {{ include "mongodb.exporterArgs" $ }} --mongodb.direct-connect --mongodb.global-conn-pool --web.listen-address ":{{ .Values.metrics.containerPort }}" --mongodb.uri "{{ include "mongodb.mongodb_exporter.uri" . }}" {{ .Values.metrics.extraFlags }}
{{- end }}
env:
@@ -404,14 +440,23 @@ spec:
{{- if not .Values.metrics.username }}
- name: MONGODB_ROOT_USER
value: {{ .Values.auth.rootUser | quote }}
{{- if .Values.usePasswordFiles }}
- name: MONGODB_ROOT_PASSWORD_FILE
value: "/opt/bitnami/mongodb/secrets/mongodb-root-password"
{{- else }}
- name: MONGODB_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "mongodb.secretName" . }}
key: mongodb-root-password
{{- end }}
{{- else }}
- name: MONGODB_METRICS_USERNAME
value: {{ .Values.metrics.username | quote }}
{{- if .Values.usePasswordFiles }}
- name: MONGODB_METRICS_PASSWORD_FILE
value: "/opt/bitnami/mongodb/secrets/mongodb-metrics-password"
{{- else }}
- name: MONGODB_METRICS_PASSWORD
valueFrom:
secretKeyRef:
@@ -419,10 +464,21 @@ spec:
key: mongodb-metrics-password
{{- end }}
{{- end }}
{{- end }}
{{- if include "common.fips.enabled" . }}
- name: OPENSSL_FIPS
value: {{ include "common.fips.config" (dict "tech" "openssl" "fips" .Values.metrics.fips "global" .Values.global) | quote }}
- name: GODEBUG
value: {{ include "common.fips.config" (dict "tech" "golang" "fips" .Values.metrics.fips "global" .Values.global) | quote }}
{{- end }}
volumeMounts:
- name: empty-dir
mountPath: /tmp
subPath: tmp-dir
{{- if and .Values.usePasswordFiles .Values.auth.enabled }}
- name: mongodb-secrets
mountPath: /opt/bitnami/mongodb/secrets
{{- end }}
{{- if .Values.tls.enabled }}
- name: certs
mountPath: /certs
@@ -472,7 +528,12 @@ spec:
- name: common-scripts
configMap:
name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }}
defaultMode: 0o550
defaultMode: 0550
{{- if and .Values.usePasswordFiles .Values.auth.enabled }}
- name: mongodb-secrets
secret:
secretName: {{ include "mongodb.secretName" . }}
{{- end }}
{{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }}
- name: custom-init-scripts
configMap:
@@ -490,7 +551,7 @@ spec:
- name: scripts
configMap:
name: {{ printf "%s-scripts" (include "mongodb.fullname" .) }}
defaultMode: 0o755
defaultMode: 0755
{{- if .Values.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }}
{{- end }}
@@ -504,10 +565,10 @@ spec:
items:
- key: mongodb-ca-cert
path: mongodb-ca-cert
mode: 0o600
mode: 0600
- key: mongodb-ca-key
path: mongodb-ca-key
mode: 0o600
mode: 0600
{{- else }}
{{- range $index, $secret := .Values.tls.replicaset.existingSecrets }}
- name: mongodb-certs-{{ $index }}
@@ -532,9 +593,7 @@ spec:
whenScaled: {{ .Values.persistentVolumeClaimRetentionPolicy.whenScaled }}
{{- end }}
volumeClaimTemplates:
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
- metadata:
name: datadir
{{- if .Values.persistence.annotations }}
annotations: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.annotations "context" $) | nindent 10 }}

1
opencloud/charts/mongodb/templates/replicaset/svc.yaml
View File

@@ -25,6 +25,7 @@ metadata:
{{- end }}
spec:
type: ClusterIP
publishNotReadyAddresses: {{ $root.Values.service.publishNotReadyAddresses }}
ports:
- name: {{ $root.Values.service.portName | quote }}
port: {{ $root.Values.service.ports.mongodb }}

2
opencloud/charts/mongodb/templates/role.yaml
View File

@@ -23,7 +23,7 @@ rules:
{{- include "common.tplvalues.render" ( dict "value" .Values.rbac.rules "context" $ ) | nindent 2 }}
{{- end -}}
{{- if and (include "common.capabilities.psp.supported" .) .Values.podSecurityPolicy.create }}
- apiGroups: ['{{ template "podSecurityPolicy.apiGroup" . }}']
- apiGroups: ['policy']
resources: ['podsecuritypolicies']
verbs: ['use']
resourceNames: [{{ include "mongodb.fullname" . }}]

65
opencloud/charts/mongodb/templates/standalone/dep-sts.yaml
View File

@@ -107,6 +107,10 @@ spec:
valueFrom:
fieldRef:
fieldPath: status.hostIP
{{- if include "common.fips.enabled" . }}
- name: OPENSSL_FIPS
value: {{ include "common.fips.config" (dict "tech" "openssl" "fips" .Values.tls.fips "global" .Values.global) | quote }}
{{- end }}
volumeMounts:
- name: empty-dir
mountPath: /tmp
@@ -176,24 +180,38 @@ spec:
{{- end }}
{{- if .Values.auth.enabled }}
{{- if and (not (empty $customUsers)) (not (empty $customDatabases)) }}
{{- if .Values.usePasswordFiles }}
- name: MONGODB_EXTRA_PASSWORDS_FILE
value: "/opt/bitnami/mongodb/secrets/mongodb-passwords"
{{- else }}
- name: MONGODB_EXTRA_PASSWORDS
valueFrom:
secretKeyRef:
name: {{ include "mongodb.secretName" . }}
key: mongodb-passwords
{{- end }}
{{- end }}
- name: MONGODB_ROOT_USER
value: {{ .Values.auth.rootUser | quote }}
{{- if .Values.usePasswordFiles }}
- name: MONGODB_ROOT_PASSWORD_FILE
value: "/opt/bitnami/mongodb/secrets/mongodb-root-password"
{{- else }}
- name: MONGODB_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "mongodb.secretName" . }}
key: mongodb-root-password
{{- end }}
{{- end }}
{{- if and .Values.metrics.enabled (not (empty .Values.metrics.username)) }}
- name: MONGODB_METRICS_USERNAME
value: {{ .Values.metrics.username | quote }}
{{- if .Values.auth.enabled }}
{{- if .Values.usePasswordFiles }}
- name: MONGODB_METRICS_PASSWORD_FILE
value: "/opt/bitnami/mongodb/secrets/mongodb-metrics-password"
{{- else }}
- name: MONGODB_METRICS_PASSWORD
valueFrom:
secretKeyRef:
@@ -201,6 +219,11 @@ spec:
key: mongodb-metrics-password
{{- end }}
{{- end }}
{{- end }}
{{- if include "common.fips.enabled" . }}
- name: OPENSSL_FIPS
value: {{ include "common.fips.config" (dict "tech" "openssl" "fips" .Values.fips "global" .Values.global) | quote }}
{{- end }}
- name: ALLOW_EMPTY_PASSWORD
value: {{ ternary "no" "yes" .Values.auth.enabled | quote }}
- name: MONGODB_SYSTEM_LOG_VERBOSITY
@@ -305,6 +328,10 @@ spec:
subPath: {{ .Values.persistence.subPath }}
- name: common-scripts
mountPath: /bitnami/scripts
{{- if and .Values.usePasswordFiles .Values.auth.enabled }}
- name: mongodb-secrets
mountPath: /opt/bitnami/mongodb/secrets
{{- end }}
{{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }}
- name: custom-init-scripts
mountPath: /docker-entrypoint-initdb.d
@@ -344,6 +371,13 @@ spec:
{{- else }}
args:
- |
{{- if and .Values.usePasswordFiles .Values.auth.enabled }}
{{- if .Values.metrics.username }}
export MONGODB_METRICS_PASSWORD="$(< $MONGODB_METRICS_PASSWORD_FILE)"
{{- else }}
export MONGODB_ROOT_PASSWORD="$(< $MONGODB_ROOT_PASSWORD_FILE)"
{{- end }}
{{- end }}
/bin/mongodb_exporter {{ include "mongodb.exporterArgs" $ }} --mongodb.direct-connect --mongodb.global-conn-pool --web.listen-address ":{{ .Values.metrics.containerPort }}" --mongodb.uri "{{ include "mongodb.mongodb_exporter.uri" . }}" {{ .Values.metrics.extraFlags }}
{{- end }}
env:
@@ -351,14 +385,23 @@ spec:
{{- if not .Values.metrics.username }}
- name: MONGODB_ROOT_USER
value: {{ .Values.auth.rootUser | quote }}
{{- if .Values.usePasswordFiles }}
- name: MONGODB_ROOT_PASSWORD_FILE
value: "/opt/bitnami/mongodb/secrets/mongodb-root-password"
{{- else }}
- name: MONGODB_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "mongodb.secretName" . }}
key: mongodb-root-password
{{- end }}
{{- else }}
- name: MONGODB_METRICS_USERNAME
value: {{ .Values.metrics.username | quote }}
{{- if .Values.usePasswordFiles }}
- name: MONGODB_METRICS_PASSWORD_FILE
value: "/opt/bitnami/mongodb/secrets/mongodb-metrics-password"
{{- else }}
- name: MONGODB_METRICS_PASSWORD
valueFrom:
secretKeyRef:
@@ -366,10 +409,21 @@ spec:
key: mongodb-metrics-password
{{- end }}
{{- end }}
{{- end }}
{{- if include "common.fips.enabled" . }}
- name: OPENSSL_FIPS
value: {{ include "common.fips.config" (dict "tech" "openssl" "fips" .Values.metrics.fips "global" .Values.global) | quote }}
- name: GODEBUG
value: {{ include "common.fips.config" (dict "tech" "golang" "fips" .Values.metrics.fips "global" .Values.global) | quote }}
{{- end }}
volumeMounts:
- name: empty-dir
mountPath: /tmp
subPath: tmp-dir
{{- if and .Values.usePasswordFiles .Values.auth.enabled }}
- name: mongodb-secrets
mountPath: /opt/bitnami/mongodb/secrets
{{- end }}
{{- if .Values.tls.enabled }}
- name: certs
mountPath: /certs
@@ -419,7 +473,12 @@ spec:
- name: common-scripts
configMap:
name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }}
defaultMode: 0o550
defaultMode: 0550
{{- if and .Values.usePasswordFiles .Values.auth.enabled }}
- name: mongodb-secrets
secret:
secretName: {{ include "mongodb.secretName" . }}
{{- end }}
{{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }}
- name: custom-init-scripts
configMap:
@@ -443,10 +502,10 @@ spec:
items:
- key: mongodb-ca-cert
path: mongodb-ca-cert
mode: 0o600
mode: 0600
- key: mongodb-ca-key
path: mongodb-ca-key
mode: 0o600
mode: 0600
{{- else }}
- name: mongodb-certs-0
secret:

5
opencloud/charts/mongodb/templates/standalone/svc.yaml
View File

@@ -35,15 +35,16 @@ spec:
{{- if (eq .Values.service.type "LoadBalancer") }}
allocateLoadBalancerNodePorts: {{ .Values.service.allocateLoadBalancerNodePorts }}
{{- end }}
{{- if .Values.service.sessionAffinity }}
{{- if ne .Values.service.sessionAffinity "None" }}
sessionAffinity: {{ .Values.service.sessionAffinity }}
{{- end }}
{{- if .Values.service.sessionAffinityConfig }}
sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.service.sessionAffinityConfig "context" $) | nindent 4 }}
{{- end }}
{{- end }}
{{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }}
externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }}
{{- end }}
publishNotReadyAddresses: {{ .Values.service.publishNotReadyAddresses }}
ports:
- name: {{ .Values.service.portName | quote }}
port: {{ .Values.service.ports.mongodb }}

14
opencloud/charts/mongodb/templates/update-password/job.yaml
View File

@@ -122,14 +122,14 @@ spec:
{{- if .Values.passwordUpdateJob.extraCommands }}
info "Running extra commmands"
{{- include "common.tplValues.render" (dict "value" .Values.passwordUpdateJob.extraCommands "context" $) | nindent 14 }}
{{- include "common.tplvalues.render" (dict "value" .Values.passwordUpdateJob.extraCommands "context" $) | nindent 14 }}
{{- end }}
info "Password update job finished successfully"
{{- end }}
env:
- name: BITNAMI_DEBUG
value: {{ ternary "true" "false" .Values.image.debug | quote }}
{{- if not .Values.auth.usePasswordFiles }}
{{- if not .Values.usePasswordFiles }}
- name: MONGODB_PREVIOUS_ROOT_PASSWORD
valueFrom:
secretKeyRef:
@@ -141,12 +141,16 @@ spec:
name: {{ template "mongodb.update-job.newSecretName" . }}
key: mongodb-root-password
{{- end }}
{{- if include "common.fips.enabled" . }}
- name: OPENSSL_FIPS
value: {{ include "common.fips.config" (dict "tech" "openssl" "fips" .Values.passwordUpdateJob.fips "global" .Values.global) | quote }}
{{- end }}
{{- if and (not (empty $customUsers)) (not (empty $customDatabases)) }}
- name: MONGODB_EXTRA_USERNAMES
value: {{ $customUsers | quote }}
- name: MONGODB_EXTRA_DATABASES
value: {{ $customDatabases | quote }}
{{- if not .Values.auth.usePasswordFiles }}
{{- if not .Values.usePasswordFiles }}
- name: MONGODB_NEW_EXTRA_PASSWORDS
valueFrom:
secretKeyRef:
@@ -157,7 +161,7 @@ spec:
{{- if .Values.metrics.username }}
- name: MONGODB_METRICS_USER
value: {{ .Values.metrics.username | quote }}
{{- if not .Values.auth.usePasswordFiles }}
{{- if not .Values.usePasswordFiles }}
- name: MONGODB_PREVIOUS_METRICS_PASSWORD
valueFrom:
secretKeyRef:
@@ -217,7 +221,7 @@ spec:
volumes:
- name: empty-dir
emptyDir: {}
{{- if and .Values.auth.usePasswordFiles }}
{{- if and .Values.usePasswordFiles }}
- name: mongodb-previous-credentials
secret:
secretName: {{ template "mongodb.update-job.previousSecretName" . }}