Added P1-specific config files

373d0994 · jonathan.janos@mongodb.com · 97b2a03a · 373d0994 · 373d0994 · 373d0994
Commit 373d0994 authored Jul 12, 2021 by jonathan.janos@mongodb.com
Showing with 349 additions and 3 deletions

README.md README.md +7 -3

platform_one/mongodb-enterprise.modified.yaml platform_one/mongodb-enterprise.modified.yaml +246 -0

platform_one/ops-manager-localMode.yaml platform_one/ops-manager-localMode.yaml +96 -0

No files found.
--- a/README.md
+++ b/README.md
 # Before You Begin #
-**PRIOR TO UTILIZING THE MONGODB ENTERPRISE ADVANCED CONTAINERS, CONTACT YOUR MONGODB SALES REPRESENTATIVE.**  YOUR USE OF THE MONGODB ENTERPRISE SERVER IS SUBJECT TO THE TERMS AND CONDITIONS OF THE AGREEMENT BETWEEN USAF AND THE APPLICABLE RESELLER OF THE MONGODB ENTERPRISE SERVER.  SUCH AGREEMENT INCORPORATES THE TERMS & CONDITIONS OF THE MONGODB ENTERPRISE ADVANCED LICENSE AGREEMENT, THE VERSION OF WHICH CURRENT AS OF SEPTEMBER 2020 IS SET FORTH BELOW.  THE MONGODB ENTERPRISE ADVANCED LICENSE AGREEMENT IS SUBJECT TO AMENDMENT AND MODIFICATION FROM TIME TO TIME.
+**PRIOR TO UTILIZING THESE MONGODB ENTERPRISE ADVANCED CONTAINERS, CONTACT YOUR MONGODB SALES REPRESENTATIVE.**  YOUR USE OF THE MONGODB ENTERPRISE SERVER IS SUBJECT TO THE TERMS AND CONDITIONS OF THE AGREEMENT BETWEEN USAF AND THE APPLICABLE RESELLER OF THE MONGODB ENTERPRISE SERVER.  SUCH AGREEMENT INCORPORATES THE TERMS & CONDITIONS OF THE MONGODB ENTERPRISE ADVANCED LICENSE AGREEMENT, THE VERSION OF WHICH CURRENT AS OF SEPTEMBER 2020 IS SET FORTH BELOW.  THE MONGODB ENTERPRISE ADVANCED LICENSE AGREEMENT IS SUBJECT TO AMENDMENT AND MODIFICATION FROM TIME TO TIME.
 # Contact Information #
 For licensing and technical information, please use the following contact information:
-Keegan Wetzel, EAE USAF
+Keegan Wetzel, EAE USAF  
 708-256-7904
-keegan.wetzel@mongodb.com
+keegan.wetzel@mongodb.com  
 Please also CC: publicsector@mongodb.com
+# Platform One #
+Note that the majority of this specific repo ("MongoDB Enterprise Kubernetes") is a clone of the public 1.5.3 repo. It contains essential files, such as the crd.yaml file, which must be deployed prior to deployment of the MongoDB Kubernetes Operator. Additional files have been provided that are specific to Platform One. Look in the platform_one folder for a mongodb-enterprise.yaml file configured to use the Platform One containers, as well as an example Ops Manager configuration file that is configured for Local Mode operation (i.e. disconnected environments).
 # MongoDB Enterprise Kubernetes Operator #

--- a/platform_one/mongodb-enterprise.modified.yaml
+++ b/platform_one/mongodb-enterprise.modified.yaml
+---
+# Source: mongodb-enterprise-operator/templates/operator-roles.yaml
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: mongodb-enterprise-operator
+  namespace: mongodb
+imagePullSecrets:
+  - name: registry1-credentials
+---
+kind:  Role 
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: mongodb-enterprise-operator
+  namespace: mongodb
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  - secrets
+  - services
+  verbs:
+  - get
+  - list
+  - create
+  - update
+  - delete
+  - watch
+- apiGroups:
+  - apps
+  resources:
+  - statefulsets
+  verbs:
+  - create
+  - get
+  - list
+  - watch
+  - delete
+  - update
+- apiGroups:
+  - mongodb.com
+  resources:
+  - mongodb
+  - mongodb/finalizers
+  - mongodbusers
+  - opsmanagers
+  - opsmanagers/finalizers
+  - mongodb/status
+  - mongodbusers/status
+  - opsmanagers/status
+  verbs:
+  - "*"
+# This ClusterRoleBinding is necessary in order to use validating
+# webhooks—these will prevent you from applying a variety of invalid resource
+# definitions. The validating webhooks are optional so this can be removed if
+# necessary.
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: mongodb-enterprise-operator-mongodb-webhook-binding
+  namespace: mongodb
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: mongodb-enterprise-operator-mongodb-webhook
+subjects:
+- kind: ServiceAccount
+  name: mongodb-enterprise-operator
+  namespace: mongodb
+---
+kind:  RoleBinding 
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: mongodb-enterprise-operator
+  namespace: mongodb
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind:  Role 
+  name: mongodb-enterprise-operator
+subjects:
+- kind: ServiceAccount
+  name: mongodb-enterprise-operator
+  namespace: mongodb
+# This ClusterRole is needed if the user wants to use the Kubernetes CA
+# infrastructure to generate certificates.
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: mongodb-enterprise-operator-mongodb-certs
+rules:
+- apiGroups:
+  - certificates.k8s.io
+  resources:
+  - certificatesigningrequests
+  verbs:
+  - get
+  - create
+  - list
+  - watch
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: mongodb-enterprise-operator-mongodb-certs-binding
+  namespace: mongodb
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: mongodb-enterprise-operator-mongodb-certs
+subjects:
+- kind: ServiceAccount
+  name: mongodb-enterprise-operator
+  namespace: mongodb
+---
+# Source: mongodb-enterprise-operator/templates/database-roles.yaml
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: mongodb-enterprise-appdb
+  namespace: mongodb
+imagePullSecrets:
+  - name: registry1-credentials
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: mongodb-enterprise-database-pods
+  namespace: mongodb
+imagePullSecrets:
+  - name: registry1-credentials
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: mongodb-enterprise-ops-manager
+  namespace: mongodb
+imagePullSecrets:
+  - name: registry1-credentials
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: mongodb-enterprise-appdb
+  namespace: mongodb
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - get
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: mongodb-enterprise-appdb
+  namespace: mongodb
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: mongodb-enterprise-appdb
+subjects:
+  - kind: ServiceAccount
+    name: mongodb-enterprise-appdb
+    namespace: mongodb
+---
+# Source: mongodb-enterprise-operator/templates/operator.yaml
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: mongodb-enterprise-operator
+  namespace: mongodb
+spec:
+  replicas: 1
+  selector:
+      matchLabels:
+        app: mongodb-enterprise-operator
+  template:
+    metadata:
+      labels:
+        app: mongodb-enterprise-operator
+    spec:
+      serviceAccountName: mongodb-enterprise-operator
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 2000
+      containers:
+      - name: mongodb-enterprise-operator
+        image: registry1.dso.mil/ironbank/mongodb/mongodb-enterprise/mongodb-enterprise-operator:1.5.3
+        imagePullPolicy: Always
+        args:
+          - "-watch-resource=mongodb"
+          - "-watch-resource=opsmanagers"
+          - "-watch-resource=mongodbusers"
+        command:
+          - "/usr/local/bin/mongodb-enterprise-operator"
+        env:
+        - name: OPERATOR_ENV
+          value: prod
+        - name: WATCH_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        - name: CURRENT_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        - name: MONGODB_ENTERPRISE_DATABASE_IMAGE
+          value: registry1.dso.mil/ironbank/mongodb/mongodb-enterprise/mongodb-enterprise-database:1.5.3
+        - name: IMAGE_PULL_POLICY
+          value: Always
+        - name: OPS_MANAGER_IMAGE_REPOSITORY
+          value: registry1.dso.mil/ironbank/mongodb/mongodb-enterprise/mongodb-enterprise-ops-manager
+        - name: INIT_OPS_MANAGER_IMAGE_REPOSITORY
+          value: registry1.dso.mil/ironbank/mongodb/mongodb-enterprise/mongodb-ops-manager-init
+        - name: INIT_OPS_MANAGER_VERSION
+          value: 1.0.0
+        - name: INIT_APPDB_IMAGE_REPOSITORY
+          value: registry1.dso.mil/ironbank/mongodb/mongodb-enterprise/mongodb-ops-manager-appdb-init
+        - name: INIT_APPDB_VERSION
+          value: 1.0.0
+        - name: OPS_MANAGER_IMAGE_PULL_POLICY
+          value: Always
+        - name: APPDB_IMAGE_REPOSITORY
+          value: registry1.dso.mil/ironbank/mongodb/mongodb-enterprise/mongodb-ops-manager-appdb
+      imagePullSecrets:
+      - name: registry1-credentials
--- a/platform_one/ops-manager-localMode.yaml
+++ b/platform_one/ops-manager-localMode.yaml
+---
+apiVersion: mongodb.com/v1
+kind: MongoDBOpsManager
+metadata:
+  name: ops-manager-localmode
+spec:
+  replicas: 1
+  version: 4.4.14
+  adminCredentials: ops-manager-firstuser-secret
+  # optional. The Ops Manager configuration. All the values must be of type string.
+  # Setting these values allow you to bypass the configuration wizard (a manual step).
+  configuration:
+    # passing mms.ignoreInitialUiSetup=true allows to avoid the setup wizard in Ops Manager. Note, that
+    # this requires to set some mandatory configuration properties, see
+    # https://docs.opsmanager.mongodb.com/current/reference/configuration/index.html#mms.ignoreInitialUiSetup
+    mms.ignoreInitialUiSetup: "true"
+    mms.adminEmailAddr: someadmin@somewhere.com
+    mms.fromEmailAddr: someadmin@somewhere.com
+    mms.mail.hostname: someemail-smtp.somewhere.com
+    mms.mail.port: "465"
+    mms.mail.ssl: "true"
+    mms.mail.transport: smtp
+    mms.minimumTLSVersion: TLSv1.2
+    mms.replyToEmailAddr: someadmin@somewhere.com
+    mms.fromEmailAddr: someadmin@somewhere.com
+    # Local Mode must be configured so Ops Manger does not download any binaries from
+    # the internet. Only the binaries present will be available for the agents.
+    # automation.versions.source: mongodb
+    automation.versions.source: local
+  # optional. Disabled by default. Creates an additional service to make Ops Manager reachable from
+  # outside of the Kubernetes cluster.
+  externalConnectivity:
+    # LoadBalancer|NodePort
+    type: NodePort
+    # optional. Corresponds to NodePort port
+    port: 30100
+    # optional
+    # loadBalancerIP: 123.456.789
+    # optional
+    # externalTrafficPolicy: Local
+  statefulSet:
+    spec:
+      template:
+        spec:
+          volumes:
+            - name: mongodb-versions
+              persistentVolumeClaim:
+                claimName: mongodb-versions-claim
+          containers:
+            - name: mongodb-ops-manager
+              volumeMounts:
+                - name: mongodb-versions
+                  mountPath: /mongodb-ops-manager/mongodb-releases
+          initContainers:
+          - name: mongodb-binaries-init-container
+            image: registry1.dso.mil/ironbank/mongodb/mongodb-enterprise/mongodb-ops-manager-db-bin:4.4.14
+            command:
+            - cp
+            - -r
+            - /binaries/.
+            - /mongodb-ops-manager/mongodb-releases/
+            volumeMounts:
+             - name: mongodb-versions
+               mountPath: /mongodb-ops-manager/mongodb-releases
+  # the application database backing Ops Manager. Replica Set is the only supported type
+  # Application database has the SCRAM-SHA authentication mode always enabled
+  applicationDatabase:
+    members: 3
+    # optional. Configures the version of MongoDB used as an application database.
+    # The bundled MongoDB binary will be used if omitted and no download from the Internet will happen
+    # version: "4.4.1"
+    persistent: true
+    podSpec:
+      cpu: '0.25'
+  backup:
+    enabled: false
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: mongodb-versions-claim
+spec:
+  # storageClassName: gp2
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 3Gi