Gitiles
Code Review Sign In
code.v1.dodo.cloud / pcloud / refs/heads/main / . / charts / mongodb / templates / arbiter / statefulset.yaml
blob: 27bc9cf124c0185116bd584b1069450fb0f27c9b [file] [log] [blame]
gio07eb1082024-10-25 14:35:56 +0400[diff] [blame]1{{- /*
2Copyright Broadcom, Inc. All Rights Reserved.
3SPDX-License-Identifier: APACHE-2.0
4*/}}
5
6{{- if (include "mongodb.arbiter.enabled" .) }}
7apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }}
8kind: StatefulSet
9metadata:
10 name: {{ printf "%s-arbiter" (include "mongodb.fullname" .) }}
11 namespace: {{ include "mongodb.namespace" . | quote }}
12 {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.arbiter.labels .Values.commonLabels ) "context" . ) }}
13 labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
14 app.kubernetes.io/component: arbiter
15 {{- if or .Values.arbiter.annotations .Values.commonAnnotations }}
16 {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.arbiter.annotations .Values.commonAnnotations ) "context" . ) }}
17 annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
18 {{- end }}
19spec:
20 serviceName: {{ include "mongodb.arbiter.service.nameOverride" . }}
21 podManagementPolicy: {{ .Values.arbiter.podManagementPolicy }}
22 replicas: 1
23 {{- if .Values.arbiter.updateStrategy }}
24 updateStrategy: {{- toYaml .Values.arbiter.updateStrategy | nindent 4 }}
25 {{- end }}
26 {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.arbiter.podLabels .Values.commonLabels ) "context" . ) }}
27 selector:
28 matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
29 app.kubernetes.io/component: arbiter
30 template:
31 metadata:
32 labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }}
33 app.kubernetes.io/component: arbiter
34 {{- if or (include "mongodb.arbiter.createConfigmap" .) .Values.arbiter.podAnnotations }}
35 annotations:
36 {{- if (include "mongodb.arbiter.createConfigmap" .) }}
37 checksum/configuration: {{ include (print $.Template.BasePath "/arbiter/configmap.yaml") . | sha256sum }}
38 {{- end }}
39 {{- if .Values.arbiter.podAnnotations }}
40 {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.podAnnotations "context" $) | nindent 8 }}
41 {{- end }}
42 {{- end }}
43 spec:
44 {{- include "mongodb.imagePullSecrets" . | nindent 6 }}
45 {{- if .Values.arbiter.schedulerName }}
46 schedulerName: {{ .Values.arbiter.schedulerName | quote }}
47 {{- end }}
48 serviceAccountName: {{ template "mongodb.serviceAccountName" . }}
49 {{- if .Values.arbiter.affinity }}
50 affinity: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.affinity "context" $) | nindent 8 }}
51 {{- else }}
52 affinity:
53 podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.arbiter.podAffinityPreset "component" "mongodb" "customLabels" $podLabels "topologyKey" .Values.topologyKey "context" $) | nindent 10 }}
54 podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.arbiter.podAntiAffinityPreset "component" "mongodb" "customLabels" $podLabels "topologyKey" .Values.topologyKey "context" $) | nindent 10 }}
55 nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.arbiter.nodeAffinityPreset.type "key" .Values.arbiter.nodeAffinityPreset.key "values" .Values.arbiter.nodeAffinityPreset.values) | nindent 10 }}
56 {{- end }}
57 {{- if .Values.arbiter.nodeSelector }}
58 nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.nodeSelector "context" $) | nindent 8 }}
59 {{- end }}
60 automountServiceAccountToken: {{ .Values.arbiter.automountServiceAccountToken }}
61 {{- if .Values.arbiter.hostAliases }}
62 hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.hostAliases "context" $) | nindent 8 }}
63 {{- end }}
64 {{- if .Values.arbiter.tolerations }}
65 tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.tolerations "context" $) | nindent 8 }}
66 {{- end }}
67 {{- if .Values.arbiter.topologySpreadConstraints }}
68 topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.topologySpreadConstraints "context" $) | nindent 8 }}
69 {{- end }}
70 {{- if .Values.arbiter.priorityClassName }}
71 priorityClassName: {{ .Values.arbiter.priorityClassName }}
72 {{- end }}
73 {{- if .Values.arbiter.runtimeClassName }}
74 runtimeClassName: {{ .Values.arbiter.runtimeClassName }}
75 {{- end }}
76 {{- if .Values.arbiter.podSecurityContext.enabled }}
77 securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.arbiter.podSecurityContext "context" $) | nindent 8 }}
78 {{- end }}
79 {{ if .Values.arbiter.terminationGracePeriodSeconds }}
80 terminationGracePeriodSeconds: {{ .Values.arbiter.terminationGracePeriodSeconds }}
81 {{- end }}
82 enableServiceLinks: {{ .Values.enableServiceLinks }}
83 initContainers:
84 {{- if .Values.arbiter.initContainers }}
85 {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.initContainers "context" $) | nindent 8 }}
86 {{- end }}
87 {{- if and .Values.externalAccess.enabled ( or .Values.externalAccess.service.publicNames .Values.externalAccess.service.domain ) }}
88 {{- include "mongodb.initContainers.dnsCheck" . | nindent 8 }}
89 {{- end }}
90 {{- if and .Values.tls.enabled .Values.arbiter.enabled }}
91 - name: generate-tls-certs
92 image: {{ include "mongodb.tls.image" . }}
93 imagePullPolicy: {{ .Values.tls.image.pullPolicy | quote }}
94 env:
95 - name: MY_POD_NAMESPACE
96 valueFrom:
97 fieldRef:
98 fieldPath: metadata.namespace
99 - name: MY_POD_HOST_IP
100 valueFrom:
101 fieldRef:
102 fieldPath: status.hostIP
103 - name: MY_POD_NAME
104 valueFrom:
105 fieldRef:
106 fieldPath: metadata.name
107 volumeMounts:
108 - name: empty-dir
109 mountPath: /tmp
110 subPath: tmp-dir
111 {{- if (include "mongodb.autoGenerateCerts" .) }}
112 - name: certs-volume
113 mountPath: /certs/CAs
114 {{- else }}
115 - name: mongodb-certs-0
116 mountPath: /certs-0
117 {{- end }}
118 - name: certs
119 mountPath: /certs
120 - name: common-scripts
121 mountPath: /bitnami/scripts
122 command:
123 - /bitnami/scripts/generate-certs.sh
124 args:
125 - -s {{ include "mongodb.arbiter.service.nameOverride" . }}
126 {{- end }}
127 containers:
128 - name: mongodb-arbiter
129 image: {{ include "mongodb.image" . }}
130 imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
131 {{- if .Values.arbiter.containerSecurityContext.enabled }}
132 securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.arbiter.containerSecurityContext "context" $) | nindent 12 }}
133 {{- end }}
134 {{- if .Values.diagnosticMode.enabled }}
135 command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
136 {{- else if .Values.arbiter.command }}
137 command: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.command "context" $) | nindent 12 }}
138 {{- end }}
139 {{- if .Values.diagnosticMode.enabled }}
140 args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
141 {{- else if .Values.arbiter.args }}
142 args: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.args "context" $) | nindent 12 }}
143 {{- end }}
144 {{- if .Values.arbiter.lifecycleHooks }}
145 lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.lifecycleHooks "context" $) | nindent 12 }}
146 {{- end }}
147 env:
148 - name: BITNAMI_DEBUG
149 value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }}
150 - name: MY_POD_NAME
151 valueFrom:
152 fieldRef:
153 fieldPath: metadata.name
154 - name: MY_POD_NAMESPACE
155 valueFrom:
156 fieldRef:
157 fieldPath: metadata.namespace
158 - name: K8S_SERVICE_NAME
159 value: "{{ include "mongodb.arbiter.service.nameOverride" . }}"
160 - name: MONGODB_REPLICA_SET_MODE
161 value: "arbiter"
162 - name: MONGODB_INITIAL_PRIMARY_HOST
163 value: {{ include "mongodb.initialPrimaryHost" . | quote }}
164 - name: MONGODB_REPLICA_SET_NAME
165 value: {{ .Values.replicaSetName | quote }}
166 - name: MONGODB_ADVERTISED_HOSTNAME
167 value: "$(MY_POD_NAME).$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.{{ .Values.clusterDomain }}"
168 - name: MONGODB_PORT_NUMBER
169 value: {{ .Values.arbiter.containerPorts.mongodb | quote }}
170 - name: MONGODB_ENABLE_IPV6
171 value: {{ ternary "yes" "no" .Values.enableIPv6 | quote }}
172 {{- if .Values.auth.enabled }}
173 - name: MONGODB_INITIAL_PRIMARY_ROOT_USER
174 value: {{ .Values.auth.rootUser | quote }}
175 - name: MONGODB_INITIAL_PRIMARY_ROOT_PASSWORD
176 valueFrom:
177 secretKeyRef:
178 name: {{ include "mongodb.secretName" . }}
179 key: mongodb-root-password
180 - name: MONGODB_REPLICA_SET_KEY
181 valueFrom:
182 secretKeyRef:
183 name: {{ include "mongodb.secretName" . }}
184 key: mongodb-replica-set-key
185 {{- end }}
186 - name: ALLOW_EMPTY_PASSWORD
187 value: {{ ternary "no" "yes" .Values.auth.enabled | quote }}
188 {{- $extraFlags := .Values.arbiter.extraFlags | join " " -}}
189 {{- if and .Values.tls.enabled .Values.arbiter.enabled }}
190 {{- if .Values.tls.mTLS.enabled }}
191 {{- $extraFlags = printf "--tlsCAFile=/certs/mongodb-ca-cert %s" $extraFlags }}
192 {{- end }}
193 {{- $extraFlags = printf "--tlsMode=%s --tlsCertificateKeyFile=/certs/mongodb.pem %s" .Values.tls.mode $extraFlags }}
194 {{- end }}
195 {{- if ne $extraFlags "" }}
196 - name: MONGODB_EXTRA_FLAGS
197 value: {{ $extraFlags | quote }}
198 {{- end }}
199 {{- if and .Values.tls.enabled .Values.arbiter.enabled }}
200 - name: MONGODB_CLIENT_EXTRA_FLAGS
201 value: --tls {{ if .Values.tls.mTLS.enabled }}--tlsCertificateKeyFile=/certs/mongodb.pem {{ end }}--tlsCAFile=/certs/mongodb-ca-cert
202 {{- end }}
203 {{- if .Values.arbiter.extraEnvVars }}
204 {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.extraEnvVars "context" $) | nindent 12 }}
205 {{- end }}
206 {{- if or .Values.arbiter.extraEnvVarsCM .Values.arbiter.extraEnvVarsSecret }}
207 envFrom:
208 {{- if .Values.arbiter.extraEnvVarsCM }}
209 - configMapRef:
210 name: {{ tpl .Values.arbiter.extraEnvVarsCM . | quote }}
211 {{- end }}
212 {{- if .Values.arbiter.extraEnvVarsSecret }}
213 - secretRef:
214 name: {{ tpl .Values.arbiter.extraEnvVarsSecret . | quote }}
215 {{- end }}
216 {{- end }}
217 ports:
218 - containerPort: {{ .Values.arbiter.containerPorts.mongodb }}
219 name: mongodb
220 {{- if not .Values.diagnosticMode.enabled }}
221 {{- if .Values.arbiter.customLivenessProbe }}
222 livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.customLivenessProbe "context" $) | nindent 12 }}
223 {{- else if .Values.arbiter.livenessProbe.enabled }}
224 livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.arbiter.livenessProbe "enabled") "context" $) | nindent 12 }}
225 exec:
226 command:
227 - pgrep
228 - mongod
229 {{- end }}
230 {{- if .Values.arbiter.customReadinessProbe }}
231 readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.customReadinessProbe "context" $) | nindent 12 }}
232 {{- else if .Values.arbiter.readinessProbe.enabled }}
233 readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.arbiter.readinessProbe "enabled") "context" $) | nindent 12 }}
234 tcpSocket:
235 port: mongodb
236 {{- end }}
237 {{- if .Values.arbiter.customStartupProbe }}
238 startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.customStartupProbe "context" $) | nindent 12 }}
239 {{- else if .Values.arbiter.startupProbe.enabled }}
240 startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.arbiter.startupProbe "enabled") "context" $) | nindent 12 }}
241 exec:
242 command:
243 - /bitnami/scripts/startup-probe.sh
244 {{- end }}
245 {{- end }}
246 {{- if .Values.arbiter.resources }}
247 resources: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.resources "context" $) | nindent 12 }}
248 {{- else if ne .Values.arbiter.resourcesPreset "none" }}
249 resources: {{- include "common.resources.preset" (dict "type" .Values.arbiter.resourcesPreset) | nindent 12 }}
250 {{- end }}
251 volumeMounts:
252 - name: empty-dir
253 mountPath: /tmp
254 subPath: tmp-dir
255 - name: empty-dir
256 mountPath: /opt/bitnami/mongodb/conf
257 subPath: app-conf-dir
258 - name: empty-dir
259 mountPath: /opt/bitnami/mongodb/tmp
260 subPath: app-tmp-dir
261 - name: empty-dir
262 mountPath: /opt/bitnami/mongodb/logs
263 subPath: app-logs-dir
264 - name: empty-dir
265 mountPath: /bitnami/mongodb
266 subPath: app-volume-dir
267 {{- if or .Values.arbiter.configuration .Values.arbiter.existingConfigmap }}
268 - name: config
269 mountPath: /opt/bitnami/mongodb/conf/mongodb.conf
270 subPath: mongodb.conf
271 {{- end }}
272 {{- if and .Values.tls.enabled .Values.arbiter.enabled }}
273 - name: certs
274 mountPath: /certs
275 {{- end }}
276 {{- if .Values.arbiter.extraVolumeMounts }}
277 {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.extraVolumeMounts "context" $) | nindent 12 }}
278 {{- end }}
279 {{- if .Values.arbiter.sidecars }}
280 {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.sidecars "context" $) | nindent 8 }}
281 {{- end }}
282 volumes:
283 - name: empty-dir
284 emptyDir: {}
285 {{- if or .Values.arbiter.configuration .Values.arbiter.existingConfigmap .Values.arbiter.extraVolumes .Values.tls.enabled }}
286 - name: common-scripts
287 configMap:
288 name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }}
289 defaultMode: 0555
290 {{- if or .Values.arbiter.configuration .Values.arbiter.existingConfigmap }}
291 - name: config
292 configMap:
293 name: {{ include "mongodb.arbiter.configmapName" . }}
294 {{- end }}
295 {{- if and .Values.tls.enabled .Values.arbiter.enabled }}
296 - name: certs
297 emptyDir: {}
298 {{- if (include "mongodb.autoGenerateCerts" .) }}
299 - name: certs-volume
300 secret:
301 secretName: {{ template "mongodb.tlsSecretName" . }}
302 items:
303 - key: mongodb-ca-cert
304 path: mongodb-ca-cert
305 mode: 0600
306 - key: mongodb-ca-key
307 path: mongodb-ca-key
308 mode: 0600
309 {{- else }}
310 - name: mongodb-certs-0
311 secret:
312 secretName: {{ include "common.tplvalues.render" ( dict "value" .Values.tls.arbiter.existingSecret "context" $) }}
313 defaultMode: 256
314 {{- end }}
315 {{- end }}
316 {{- if .Values.arbiter.extraVolumes }}
317 {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.extraVolumes "context" $) | nindent 8 }}
318 {{- end }}
319 {{- end }}
320{{- end }}