Blame - charts/mongodb/templates/hidden/statefulset.yaml - pcloud

gio

07eb108

2024-10-25 14:35:56 +0400

[diff] [blame]

1

{{- /*

2

3

SPDX-License-Identifier: APACHE-2.0

*/}}

{{- $loadBalancerIPListLength := len .Values.externalAccess.hidden.service.loadBalancerIPs }}

9

{{- if not (and .Values.externalAccess.hidden.enabled (not .Values.externalAccess.autoDiscovery.enabled) (not (eq $replicaCount $loadBalancerIPListLength )) (eq .Values.externalAccess.hidden.service.type "LoadBalancer")) }}

10

apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }}

kind: StatefulSet

metadata:

namespace: {{ include "mongodb.namespace" . | quote }}

15

{{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.hidden.labels .Values.commonLabels ) "context" . ) }}

16

labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}

17

app.kubernetes.io/component: hidden

18

{{- if or .Values.hidden.annotations .Values.commonAnnotations }}

19

{{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.hidden.annotations .Values.commonAnnotations ) "context" . ) }}

20

annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}

21

22

spec:

23

serviceName: {{ printf "%s-hidden-headless" (include "mongodb.fullname" .) }}

24

podManagementPolicy: {{ .Values.hidden.podManagementPolicy }}

25

replicas: {{ .Values.hidden.replicaCount }}

26

27

updateStrategy: {{- toYaml .Values.hidden.updateStrategy | nindent 4 }}

28

29

{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.hidden.podLabels .Values.commonLabels ) "context" . ) }}

30

selector:

31

matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}

32

app.kubernetes.io/component: hidden

33

template:

34

metadata:

35

labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }}

36

app.kubernetes.io/component: hidden

37

{{- if or (include "mongodb.hidden.createConfigmap" .) .Values.hidden.podAnnotations }}

38

annotations:

39

40

checksum/configuration: {{ include (print $.Template.BasePath "/hidden/configmap.yaml") . | sha256sum }}

41

42

43

{{- include "common.tplvalues.render" (dict "value" .Values.hidden.podAnnotations "context" $) | nindent 8 }}

spec:

schedulerName: {{ .Values.hidden.schedulerName | quote }}

50

51

serviceAccountName: {{ template "mongodb.serviceAccountName" . }}

52

automountServiceAccountToken: {{ .Values.hidden.automountServiceAccountToken }}

53

54

hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.hostAliases "context" $) | nindent 8 }}

55

56

57

affinity: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.affinity "context" $) | nindent 8 }}

58

59

affinity:

60

podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.hidden.podAffinityPreset "component" "hidden" "customLabels" $podLabels "topologyKey" .Values.topologyKey "context" $) | nindent 10 }}

61

podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.hidden.podAntiAffinityPreset "component" "hidden" "customLabels" $podLabels "topologyKey" .Values.topologyKey "context" $) | nindent 10 }}

62

nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.hidden.nodeAffinityPreset.type "key" .Values.hidden.nodeAffinityPreset.key "values" .Values.hidden.nodeAffinityPreset.values) | nindent 10 }}

63

64

65

nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.nodeSelector "context" $) | nindent 8 }}

66

67

68

tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.tolerations "context" $) | nindent 8 }}

69

70

71

topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.topologySpreadConstraints "context" $) | nindent 8 }}

72

73

74

priorityClassName: {{ .Values.hidden.priorityClassName }}

75

76

77

runtimeClassName: {{ .Values.hidden.runtimeClassName }}

78

79

80

securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.hidden.podSecurityContext "context" $) | nindent 8 }}

81

82

83

terminationGracePeriodSeconds: {{ .Values.hidden.terminationGracePeriodSeconds }}

84

85

enableServiceLinks: {{ .Values.enableServiceLinks }}

86

initContainers:

87

88

{{- include "common.tplvalues.render" (dict "value" .Values.hidden.initContainers "context" $) | nindent 8 }}

89

90

{{- if and .Values.volumePermissions.enabled .Values.hidden.persistence.enabled }}

91

{{- include "mongodb.initContainer.volumePermissions" . | indent 8 }}

92

93

{{- if and .Values.externalAccess.hidden.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.hidden.service.type "LoadBalancer") }}

94

{{- include "mongodb.initContainers.autoDiscovery" . | indent 8 }}

95

96

{{- if and .Values.externalAccess.enabled ( or .Values.externalAccess.service.publicNames .Values.externalAccess.service.domain ) }}

97

98

99

{{- include "mongodb.initContainer.prepareLogDir" . | nindent 8 }}

100

101

- name: generate-tls-certs

102

image: {{ include "mongodb.tls.image" . }}

103

imagePullPolicy: {{ .Values.tls.image.pullPolicy | quote }}

104

env:

105

- name: MY_POD_NAMESPACE

106

valueFrom:

107

fieldRef:

108

fieldPath: metadata.namespace

109

- name: MY_POD_HOST_IP

110

valueFrom:

111

fieldRef:

112

fieldPath: status.hostIP

- name: MY_POD_NAME

valueFrom:

fieldRef:

fieldPath: metadata.name

volumeMounts:

- name: certs-volume

mountPath: /certs/CAs

121

122

123

- name: mongodb-certs-{{ $index }}

124

mountPath: /certs-{{ $index }}

- name: certs

mountPath: /certs

- name: common-scripts

130

mountPath: /bitnami/scripts

- name: empty-dir

mountPath: /tmp

subPath: tmp-dir

command:

- /bitnami/scripts/generate-certs.sh

136

args:

137

- -s {{ printf "%s-hidden-headless" (include "mongodb.fullname" .) }}

138

139

- -i {{ join "," .Values.externalAccess.hidden.service.loadBalancerIPs }}

140

141

{{- if or .Values.tls.extraDnsNames .Values.externalAccess.service.publicNames }}

142

- -n {{ join "," ( concat .Values.tls.extraDnsNames .Values.externalAccess.service.publicNames ) }}

143

144

145

resources: {{- include "common.tplvalues.render" (dict "value" .Values.tls.resources "context" $) | nindent 12 }}

146

147

resources: {{- include "common.resources.preset" (dict "type" .Values.tls.resourcesPreset) | nindent 12 }}

containers:

- name: mongodb

image: {{ include "mongodb.image" . }}

153

imagePullPolicy: {{ .Values.image.pullPolicy | quote }}

154

155

securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.hidden.containerSecurityContext "context" $) | nindent 12 }}

156

157

158

command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}

159

160

command: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.command "context" $) | nindent 12 }}

161

162

command:

163

- /scripts/setup-hidden.sh

164

165

166

args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}

167

168

args: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.args "context" $) | nindent 12 }}

169

170

171

lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.lifecycleHooks "context" $) | nindent 12 }}

172

173

env:

174

- name: BITNAMI_DEBUG

175

value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }}

176

{{- if and .Values.externalAccess.hidden.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.hidden.service.type "LoadBalancer") }}

177

- name: SHARED_FILE

178

value: "/shared/info.txt"

- name: MY_POD_NAME

valueFrom:

fieldRef:

fieldPath: metadata.name

184

- name: MY_POD_HOST_IP

185

valueFrom:

186

fieldRef:

187

fieldPath: status.hostIP

188

- name: MY_POD_NAMESPACE

189

valueFrom:

190

fieldRef:

191

fieldPath: metadata.namespace

192

- name: K8S_SERVICE_NAME

193

value: "{{ include "mongodb.service.nameOverride" . }}"

194

- name: K8S_HIDDEN_NODE_SERVICE_NAME

195

value: "{{ include "mongodb.fullname" . }}-hidden-headless"

196

- name: MONGODB_REPLICA_SET_MODE

197

value: "hidden"

198

- name: MONGODB_INITIAL_PRIMARY_HOST

199

value: {{ include "mongodb.initialPrimaryHost" . | quote }}

200

- name: MONGODB_REPLICA_SET_NAME

201

value: {{ .Values.replicaSetName | quote }}

202

{{- if and .Values.replicaSetHostnames (not .Values.externalAccess.hidden.enabled) }}

203

- name: MONGODB_ADVERTISED_HOSTNAME

204

value: "$(MY_POD_NAME).$(K8S_HIDDEN_NODE_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.{{ .Values.clusterDomain }}"

- name: MONGODB_EXTRA_USERNAMES

210

value: {{ $customUsers | quote }}

211

212

213

- name: MONGODB_EXTRA_DATABASES

214

value: {{ $customDatabases | quote }}

215

216

217

{{- if and (not (empty $customUsers)) (not (empty $customDatabases)) }}

218

- name: MONGODB_EXTRA_PASSWORDS

valueFrom:

secretKeyRef:

key: mongodb-passwords

223

224

- name: MONGODB_ROOT_USER

225

value: {{ .Values.auth.rootUser | quote }}

226

- name: MONGODB_ROOT_PASSWORD

valueFrom:

secretKeyRef:

key: mongodb-root-password

231

- name: MONGODB_REPLICA_SET_KEY

valueFrom:

secretKeyRef:

key: mongodb-replica-set-key

236

237

{{- if and .Values.metrics.enabled (not (empty .Values.metrics.username)) }}

238

- name: MONGODB_METRICS_USERNAME

239

value: {{ .Values.metrics.username | quote }}

240

241

- name: MONGODB_METRICS_PASSWORD

valueFrom:

secretKeyRef:

key: mongodb-metrics-password

246

247

248

- name: ALLOW_EMPTY_PASSWORD

249

value: {{ ternary "no" "yes" .Values.auth.enabled | quote }}

250

- name: MONGODB_SYSTEM_LOG_VERBOSITY

251

value: {{ .Values.systemLogVerbosity | quote }}

252

- name: MONGODB_DISABLE_SYSTEM_LOG

253

value: {{ ternary "yes" "no" .Values.disableSystemLog | quote }}

254

- name: MONGODB_DISABLE_JAVASCRIPT

255

value: {{ ternary "yes" "no" .Values.disableJavascript | quote }}

256

- name: MONGODB_ENABLE_JOURNAL

257

value: {{ ternary "yes" "no" .Values.enableJournal | quote }}

258

- name: MONGODB_PORT_NUMBER

259

value: {{ .Values.hidden.containerPorts.mongodb | quote }}

260

- name: MONGODB_ENABLE_IPV6

261

value: {{ ternary "yes" "no" .Values.enableIPv6 | quote }}

262

- name: MONGODB_ENABLE_DIRECTORY_PER_DB

263

value: {{ ternary "yes" "no" .Values.directoryPerDB | quote }}

{{- $extraFlags = printf "--tlsCAFile=/certs/mongodb-ca-cert %s" $extraFlags }}

268

269

{{- $extraFlags = printf "--tlsMode=%s --tlsCertificateKeyFile=/certs/mongodb.pem %s" .Values.tls.mode $extraFlags }}

270

271

272

- name: MONGODB_EXTRA_FLAGS

273

value: {{ $extraFlags | quote }}

274

275

276

- name: MONGODB_CLIENT_EXTRA_FLAGS

277

value: --tls {{ if .Values.tls.mTLS.enabled }}--tlsCertificateKeyFile=/certs/mongodb.pem {{ end }}--tlsCAFile=/certs/mongodb-ca-cert

278

279

280

{{- include "common.tplvalues.render" (dict "value" .Values.hidden.extraEnvVars "context" $) | nindent 12 }}

281

282

{{- if or .Values.hidden.extraEnvVarsCM .Values.hidden.extraEnvVarsSecret }}

envFrom:

- configMapRef:

- secretRef:

ports:

- containerPort: {{ .Values.hidden.containerPorts.mongodb }}

livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.customLivenessProbe "context" $) | nindent 12 }}

299

300

livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.hidden.livenessProbe "enabled") "context" $) | nindent 12 }}

301

exec:

302

command:

303

- /bitnami/scripts/ping-mongodb.sh

304

305

306

readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.customReadinessProbe "context" $) | nindent 12 }}

307

308

readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.hidden.readinessProbe "enabled") "context" $) | nindent 12 }}

309

exec:

310

command:

311

- /bitnami/scripts/readiness-probe.sh

312

313

314

startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.customStartupProbe "context" $) | nindent 12 }}

315

316

startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.hidden.startupProbe "enabled") "context" $) | nindent 12 }}

317

exec:

318

command:

319

- /bitnami/scripts/startup-probe.sh

resources: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.resources "context" $) | nindent 12 }}

324

325

resources: {{- include "common.resources.preset" (dict "type" .Values.hidden.resourcesPreset) | nindent 12 }}

volumeMounts:

- name: datadir

mountPath: {{ .Values.hidden.persistence.mountPath }}

330

subPath: {{ .Values.hidden.persistence.subPath }}

331

- name: common-scripts

332

mountPath: /bitnami/scripts

333

{{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }}

334

- name: custom-init-scripts

335

mountPath: /docker-entrypoint-initdb.d

336

337

{{- if or .Values.hidden.configuration .Values.hidden.existingConfigmap }}

338

- name: config

339

mountPath: /opt/bitnami/mongodb/conf/mongodb.conf

340

subPath: mongodb.conf

341

342

- name: scripts

343

mountPath: /scripts/setup-hidden.sh

344

subPath: setup-hidden.sh

345

{{- if and .Values.externalAccess.hidden.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.hidden.service.type "LoadBalancer") }}

- name: shared

mountPath: /shared

- name: certs

mountPath: /certs

- name: empty-dir

mountPath: /tmp

subPath: tmp-dir

- name: empty-dir

mountPath: /opt/bitnami/mongodb/conf

358

subPath: app-conf-dir

359

- name: empty-dir

360

mountPath: /opt/bitnami/mongodb/tmp

361

subPath: app-tmp-dir

362

- name: empty-dir

363

mountPath: /opt/bitnami/mongodb/logs

364

subPath: app-logs-dir

365

- name: empty-dir

366

mountPath: /.mongodb

367

subPath: mongosh-home

368

369

{{- include "common.tplvalues.render" (dict "value" .Values.hidden.extraVolumeMounts "context" $) | nindent 12 }}

- name: metrics

image: {{ template "mongodb.metrics.image" . }}

374

imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}

375

376

securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.containerSecurityContext "context" $) | nindent 12 }}

377

378

379

command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}

380

381

command: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.command "context" $) | nindent 12 }}

command:

- /bin/bash

- -ec

args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}

389

390

args: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.args "context" $) | nindent 12 }}

args:

- |

/bin/mongodb_exporter {{ include "mongodb.exporterArgs" $ }} --mongodb.direct-connect --mongodb.global-conn-pool --mongodb.uri "{{ include "mongodb.mongodb_exporter.uri" . }}" {{ .Values.metrics.extraFlags }}

env:

- name: MONGODB_ROOT_USER

400

value: {{ .Values.auth.rootUser | quote }}

401

- name: MONGODB_ROOT_PASSWORD

valueFrom:

secretKeyRef:

key: mongodb-root-password

406

407

- name: MONGODB_METRICS_USERNAME

408

value: {{ .Values.metrics.username | quote }}

409

- name: MONGODB_METRICS_PASSWORD

valueFrom:

secretKeyRef:

key: mongodb-metrics-password

volumeMounts:

- name: empty-dir

mountPath: /tmp

subPath: tmp-dir

- name: certs

mountPath: /certs

- name: empty-dir

mountPath: /opt/bitnami/redis-cluster/tmp

426

subPath: app-tmp-dir

427

428

{{- include "common.tplvalues.render" (dict "value" .Values.metrics.extraVolumeMounts "context" $) | nindent 12 }}

ports:

- name: metrics

containerPort: 9216

livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customLivenessProbe "context" $) | nindent 12 }}

436

437

livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.livenessProbe "enabled") "context" $) | nindent 12 }}

tcpSocket:

port: metrics

readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customReadinessProbe "context" $) | nindent 12 }}

443

444

readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.readinessProbe "enabled") "context" $) | nindent 12 }}

httpGet:

path: /

port: metrics

startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }}

451

452

startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.startupProbe "enabled") "context" $) | nindent 12 }}

tcpSocket:

port: metrics

resources: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.resources "context" $) | nindent 12 }}

459

460

resources: {{- include "common.resources.preset" (dict "type" .Values.metrics.resourcesPreset) | nindent 12 }}

{{- include "common.tplvalues.render" (dict "value" .Values.hidden.sidecars "context" $) | nindent 8 }}

volumes:

- name: empty-dir

emptyDir: {}

- name: common-scripts

configMap:

defaultMode: 0555

{{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }}

474

- name: custom-init-scripts

configMap:

{{- if or .Values.hidden.configuration .Values.hidden.existingConfigmap }}

- name: config

configMap:

{{- if and .Values.externalAccess.hidden.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.hidden.service.type "LoadBalancer") }}

- name: shared

emptyDir: {}

- name: scripts

configMap:

defaultMode: 0755

{{- include "common.tplvalues.render" (dict "value" .Values.hidden.extraVolumes "context" $) | nindent 8 }}

- name: certs

emptyDir: {}

- name: certs-volume

secret:

secretName: {{ template "mongodb.tlsSecretName" . }}

501

items:

502

- key: mongodb-ca-cert

503

path: mongodb-ca-cert

504

mode: 0600

505

- key: mongodb-ca-key

path: mongodb-ca-key

mode: 0600

{{- range $index, $secret := .Values.tls.hidden.existingSecrets }}

510

- name: mongodb-certs-{{ $index }}

511

secret:

512

secretName: {{ include "common.tplvalues.render" ( dict "value" $secret "context" $) }}

defaultMode: 256

- name: datadir

emptyDir:

medium: {{ .Values.hidden.persistence.medium | quote }}

emptyDir: {}

volumeClaimTemplates:

- metadata:

annotations: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.persistence.annotations "context" $) | nindent 10 }}

531

532

533

labels: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.labels "context" $) | nindent 10 }}

spec:

accessModes:

- {{ . | quote }}

resources:

requests:

storage: {{ .Values.hidden.persistence.size | quote }}

543

{{- if .Values.hidden.persistence.volumeClaimTemplates.requests }}

544

{{- include "common.tplvalues.render" (dict "value" .Values.hidden.persistence.volumeClaimTemplates.requests "context" $) | nindent 12 }}

545

546

{{- if .Values.hidden.persistence.volumeClaimTemplates.dataSource }}

547

dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.persistence.volumeClaimTemplates.dataSource "context" $) | nindent 10 }}

548

549

{{- if .Values.hidden.persistence.volumeClaimTemplates.selector }}

550

selector: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.persistence.volumeClaimTemplates.selector "context" $) | nindent 10 }}

551

552

{{ include "common.storage.class" (dict "persistence" .Values.hidden.persistence "global" .Values.global) }}

553

554

555