Running all stack
This commit is contained in:
@@ -111,11 +111,12 @@ data:
|
||||
{{- $replicaCount := int .Values.replicaCount }}
|
||||
{{- $portNumber := int .Values.service.ports.mongodb }}
|
||||
{{- $fullname := include "mongodb.fullname" . }}
|
||||
{{- $serviceName := include "mongodb.service.nameOverride" . }}
|
||||
{{- $releaseNamespace := include "mongodb.namespace" . }}
|
||||
{{- $clusterDomain := .Values.clusterDomain }}
|
||||
{{- $mongoList := list }}
|
||||
{{- range $e, $i := until $replicaCount }}
|
||||
{{- $mongoList = append $mongoList (printf "%s-%d.%s-headless.%s.svc.%s:%d" $fullname $i $fullname $releaseNamespace $clusterDomain $portNumber) }}
|
||||
{{- $mongoList = append $mongoList (printf "%s-%d.%s.%s.svc.%s:%d" $fullname $i $serviceName $releaseNamespace $clusterDomain $portNumber) }}
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.externalAccess.externalMaster.enabled }}
|
||||
@@ -254,28 +255,34 @@ data:
|
||||
# read rs.conf again and store it. settings format is '"<key>" : <value>,'
|
||||
currentRsConf=$(mongosh ${usernameAndPassword} --eval 'rs.conf()')
|
||||
|
||||
desiredEqualsactual=unknown
|
||||
desiredEqualsActual=unknown
|
||||
settingsToConfigure=""
|
||||
for key in ${!desiredRsConf[@]}; do
|
||||
value=${desiredRsConf[$key]}
|
||||
if ! $(echo "\"${currentRsConf}"\" | grep -q -e "${key}: ${value},"); then
|
||||
if [[ $key =~ ^members\[[0-9]+\]\..+ ]]; then
|
||||
memberIndex=$(echo $key | grep -o -E '[0-9]+')
|
||||
nodeConfigKey=${key#*.}
|
||||
settingsToConfigure="${settingsToConfigure}cfg.members[${memberIndex}].${nodeConfigKey} = ${value}; "
|
||||
if [[ $key =~ ^members\[[0-9]+\]\..+ ]]; then
|
||||
# Replica set member specific setting
|
||||
if [[ "$(mongosh --eval "cfg=${currentRsConf}; cfg.${key}" 2>/dev/null)" != "${value}" ]]; then
|
||||
desiredEqualsActual=false
|
||||
logger "rs conf: ${key} needs to be updated to desired value: ${value}"
|
||||
settingsToConfigure="${settingsToConfigure}cfg.${key} = ${value}; "
|
||||
else
|
||||
# General rs settings
|
||||
settingsToConfigure="${settingsToConfigure}cfg.settings.${key} = ${value}; "
|
||||
logger "rs conf: ${key} is already at desired value: ${value}"
|
||||
fi
|
||||
desiredEqualsactual=false
|
||||
else
|
||||
logger "rs conf: ${key} is already at desired value: ${value}"
|
||||
# General rs setting
|
||||
if [[ "$(mongosh --eval "cfg=${currentRsConf}; cfg.settings.${key}" 2>/dev/null)" != "${value}" ]]; then
|
||||
desiredEqualsActual=false
|
||||
logger "rs conf: ${key} needs to be updated to desired value: ${value}"
|
||||
settingsToConfigure="${settingsToConfigure}cfg.settings.${key} = ${value}; "
|
||||
else
|
||||
logger "rs conf: ${key} is already at desired value: ${value}"
|
||||
fi
|
||||
fi
|
||||
done
|
||||
|
||||
if [[ "${desiredEqualsactual}" != "false" ]]; then
|
||||
if [[ "${desiredEqualsActual}" != "false" ]]; then
|
||||
logger "replicaSetConfigurationSettings match the settings of the currently running rs"
|
||||
desiredEqualsactual=true
|
||||
desiredEqualsActual=true
|
||||
rs_conf_configured_ok=true
|
||||
logger "Current settings match desired settings (There have been ${rsConfWriteAttempts} attempts to write to mongoDB rs configuration)"
|
||||
exit
|
||||
@@ -313,4 +320,3 @@ data:
|
||||
done
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
@@ -97,7 +97,7 @@ spec:
|
||||
{{- if and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.service.type "LoadBalancer") }}
|
||||
{{- include "mongodb.initContainers.autoDiscovery" . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if and .Values.externalAccess.enabled ( or .Values.externalAccess.service.publicNames .Values.externalAccess.service.domain ) }}
|
||||
{{- if and .Values.externalAccess.enabled .Values.externalAccess.service.publicNames }}
|
||||
{{- include "mongodb.initContainers.dnsCheck" . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- include "mongodb.initContainer.prepareLogDir" . | nindent 8 }}
|
||||
@@ -118,6 +118,10 @@ spec:
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
{{- if include "common.fips.enabled" . }}
|
||||
- name: OPENSSL_FIPS
|
||||
value: {{ include "common.fips.config" (dict "tech" "openssl" "fips" .Values.tls.fips "global" .Values.global) | quote }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
{{- if (include "mongodb.autoGenerateCerts" .) }}
|
||||
- name: certs-volume
|
||||
@@ -200,6 +204,10 @@ spec:
|
||||
value: {{ include "mongodb.initialPrimaryHost" . | quote }}
|
||||
- name: MONGODB_REPLICA_SET_NAME
|
||||
value: {{ .Values.replicaSetName | quote }}
|
||||
{{- if include "common.fips.enabled" . }}
|
||||
- name: OPENSSL_FIPS
|
||||
value: {{ include "common.fips.config" (dict "tech" "openssl" "fips" .Values.fips "global" .Values.global) | quote }}
|
||||
{{- end }}
|
||||
{{- if and .Values.replicaSetHostnames (not .Values.externalAccess.enabled) }}
|
||||
- name: MONGODB_ADVERTISED_HOSTNAME
|
||||
value: "$(MY_POD_NAME).{{ include "mongodb.service.nameOverride" . }}.$(MY_POD_NAMESPACE).svc.{{ .Values.clusterDomain }}"
|
||||
@@ -216,14 +224,25 @@ spec:
|
||||
{{- end }}
|
||||
{{- if .Values.auth.enabled }}
|
||||
{{- if and (not (empty $customUsers)) (not (empty $customDatabases)) }}
|
||||
{{- if .Values.usePasswordFiles }}
|
||||
- name: MONGODB_EXTRA_PASSWORDS_FILE
|
||||
value: "/opt/bitnami/mongodb/secrets/mongodb-passwords"
|
||||
{{- else }}
|
||||
- name: MONGODB_EXTRA_PASSWORDS
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "mongodb.secretName" . }}
|
||||
key: mongodb-passwords
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
- name: MONGODB_ROOT_USER
|
||||
value: {{ .Values.auth.rootUser | quote }}
|
||||
{{- if .Values.usePasswordFiles }}
|
||||
- name: MONGODB_ROOT_PASSWORD_FILE
|
||||
value: "/opt/bitnami/mongodb/secrets/mongodb-root-password"
|
||||
- name: MONGODB_REPLICA_SET_KEY_FILE
|
||||
value: "/opt/bitnami/mongodb/secrets/mongodb-replica-set-key"
|
||||
{{- else }}
|
||||
- name: MONGODB_ROOT_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
@@ -235,10 +254,15 @@ spec:
|
||||
name: {{ include "mongodb.secretName" . }}
|
||||
key: mongodb-replica-set-key
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if and .Values.metrics.enabled (not (empty .Values.metrics.username)) }}
|
||||
- name: MONGODB_METRICS_USERNAME
|
||||
value: {{ .Values.metrics.username | quote }}
|
||||
{{- if .Values.auth.enabled }}
|
||||
{{- if .Values.usePasswordFiles }}
|
||||
- name: MONGODB_METRICS_PASSWORD_FILE
|
||||
value: "/opt/bitnami/mongodb/secrets/mongodb-metrics-password"
|
||||
{{- else }}
|
||||
- name: MONGODB_METRICS_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
@@ -246,6 +270,7 @@ spec:
|
||||
key: mongodb-metrics-password
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
- name: ALLOW_EMPTY_PASSWORD
|
||||
value: {{ ternary "no" "yes" .Values.auth.enabled | quote }}
|
||||
- name: MONGODB_SYSTEM_LOG_VERBOSITY
|
||||
@@ -341,6 +366,10 @@ spec:
|
||||
- name: empty-dir
|
||||
mountPath: /.mongodb
|
||||
subPath: mongosh-home
|
||||
{{- if and .Values.usePasswordFiles .Values.auth.enabled }}
|
||||
- name: mongodb-secrets
|
||||
mountPath: /opt/bitnami/mongodb/secrets
|
||||
{{- end }}
|
||||
- name: {{ .Values.persistence.name | default "datadir" }}
|
||||
mountPath: {{ .Values.persistence.mountPath }}
|
||||
subPath: {{ .Values.persistence.subPath }}
|
||||
@@ -397,6 +426,13 @@ spec:
|
||||
{{- else }}
|
||||
args:
|
||||
- |
|
||||
{{- if and .Values.usePasswordFiles .Values.auth.enabled }}
|
||||
{{- if .Values.metrics.username }}
|
||||
export MONGODB_METRICS_PASSWORD="$(< $MONGODB_METRICS_PASSWORD_FILE)"
|
||||
{{- else }}
|
||||
export MONGODB_ROOT_PASSWORD="$(< $MONGODB_ROOT_PASSWORD_FILE)"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
/bin/mongodb_exporter {{ include "mongodb.exporterArgs" $ }} --mongodb.direct-connect --mongodb.global-conn-pool --web.listen-address ":{{ .Values.metrics.containerPort }}" --mongodb.uri "{{ include "mongodb.mongodb_exporter.uri" . }}" {{ .Values.metrics.extraFlags }}
|
||||
{{- end }}
|
||||
env:
|
||||
@@ -404,14 +440,23 @@ spec:
|
||||
{{- if not .Values.metrics.username }}
|
||||
- name: MONGODB_ROOT_USER
|
||||
value: {{ .Values.auth.rootUser | quote }}
|
||||
{{- if .Values.usePasswordFiles }}
|
||||
- name: MONGODB_ROOT_PASSWORD_FILE
|
||||
value: "/opt/bitnami/mongodb/secrets/mongodb-root-password"
|
||||
{{- else }}
|
||||
- name: MONGODB_ROOT_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "mongodb.secretName" . }}
|
||||
key: mongodb-root-password
|
||||
{{- end }}
|
||||
{{- else }}
|
||||
- name: MONGODB_METRICS_USERNAME
|
||||
value: {{ .Values.metrics.username | quote }}
|
||||
{{- if .Values.usePasswordFiles }}
|
||||
- name: MONGODB_METRICS_PASSWORD_FILE
|
||||
value: "/opt/bitnami/mongodb/secrets/mongodb-metrics-password"
|
||||
{{- else }}
|
||||
- name: MONGODB_METRICS_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
@@ -419,10 +464,21 @@ spec:
|
||||
key: mongodb-metrics-password
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if include "common.fips.enabled" . }}
|
||||
- name: OPENSSL_FIPS
|
||||
value: {{ include "common.fips.config" (dict "tech" "openssl" "fips" .Values.metrics.fips "global" .Values.global) | quote }}
|
||||
- name: GODEBUG
|
||||
value: {{ include "common.fips.config" (dict "tech" "golang" "fips" .Values.metrics.fips "global" .Values.global) | quote }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- name: empty-dir
|
||||
mountPath: /tmp
|
||||
subPath: tmp-dir
|
||||
{{- if and .Values.usePasswordFiles .Values.auth.enabled }}
|
||||
- name: mongodb-secrets
|
||||
mountPath: /opt/bitnami/mongodb/secrets
|
||||
{{- end }}
|
||||
{{- if .Values.tls.enabled }}
|
||||
- name: certs
|
||||
mountPath: /certs
|
||||
@@ -472,7 +528,12 @@ spec:
|
||||
- name: common-scripts
|
||||
configMap:
|
||||
name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }}
|
||||
defaultMode: 0o550
|
||||
defaultMode: 0550
|
||||
{{- if and .Values.usePasswordFiles .Values.auth.enabled }}
|
||||
- name: mongodb-secrets
|
||||
secret:
|
||||
secretName: {{ include "mongodb.secretName" . }}
|
||||
{{- end }}
|
||||
{{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }}
|
||||
- name: custom-init-scripts
|
||||
configMap:
|
||||
@@ -490,7 +551,7 @@ spec:
|
||||
- name: scripts
|
||||
configMap:
|
||||
name: {{ printf "%s-scripts" (include "mongodb.fullname" .) }}
|
||||
defaultMode: 0o755
|
||||
defaultMode: 0755
|
||||
{{- if .Values.extraVolumes }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
@@ -504,10 +565,10 @@ spec:
|
||||
items:
|
||||
- key: mongodb-ca-cert
|
||||
path: mongodb-ca-cert
|
||||
mode: 0o600
|
||||
mode: 0600
|
||||
- key: mongodb-ca-key
|
||||
path: mongodb-ca-key
|
||||
mode: 0o600
|
||||
mode: 0600
|
||||
{{- else }}
|
||||
{{- range $index, $secret := .Values.tls.replicaset.existingSecrets }}
|
||||
- name: mongodb-certs-{{ $index }}
|
||||
@@ -532,9 +593,7 @@ spec:
|
||||
whenScaled: {{ .Values.persistentVolumeClaimRetentionPolicy.whenScaled }}
|
||||
{{- end }}
|
||||
volumeClaimTemplates:
|
||||
- apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
- metadata:
|
||||
name: datadir
|
||||
{{- if .Values.persistence.annotations }}
|
||||
annotations: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.annotations "context" $) | nindent 10 }}
|
||||
|
||||
@@ -25,6 +25,7 @@ metadata:
|
||||
{{- end }}
|
||||
spec:
|
||||
type: ClusterIP
|
||||
publishNotReadyAddresses: {{ $root.Values.service.publishNotReadyAddresses }}
|
||||
ports:
|
||||
- name: {{ $root.Values.service.portName | quote }}
|
||||
port: {{ $root.Values.service.ports.mongodb }}
|
||||
|
||||
Reference in New Issue
Block a user