diff --git a/LICENSE b/LICENSE index f4b3bfba195c26bb3e167a1f4869c10252cb5619..5adc32d72fa965a6b9a130d0b8c60410303fe2c4 100644 --- a/LICENSE +++ b/LICENSE @@ -1,74 +1,2 @@ -# MongoDB Enterprise Advanced (EA) - Customer Agreement # - -By agreeing to an Order Form that references this Customer Agreement (this “Agreement”), or by downloading our Software for a free trial, you agree to this Agreement. If you represent an organization, you represent and warrant that you have the authority to agree to this Agreement on behalf of your organization. - -1. Definitions. The following terms have the following meanings: - -“Affiliate” means an organization that controls, is controlled by, or is under common control with, a party, where “control” means direct or indirect ownership of more than 50% of the voting interests of the organization. - -“Confidential Information” means information a party designates as confidential or reasonably considers as confidential, and includes pricing information on an Order Form. “Confidential Information” excludes information that is (a) or becomes publicly available through no fault of the recipient, (b) received from a third party without a duty of confidentiality, (c) independently developed by the receiving party without breaching this Agreement, or (d) rightfully known or lawfully in the possession of the receiving party prior to disclosure from the other party. - -“Consulting Services” means the consulting or professional services included in your Subscription. - -“Customer,” “you” and “your” means the organization that agrees to an Order Form or downloads the Software for a free trial. - -“Deliverable” means a work provided to you as a part of the Consulting Services, including any report. - -“Documentation” means the instructions, specifications and information regarding the Software available at https://docs.mongodb.com/. - -“MongoDB,” “we,” “our” and “us” means the MongoDB company that agrees to an Order Form. - -“Order Form” means an ordering document for Subscriptions signed by both parties that refers to this Agreement. - -“Server” means each unit of RAM as specified on an Order Form of: (a) a physical machine, dedicated server or server blade that stores data; or (b) an instance that stores data in a public or private cloud, where “cloud” includes any type of virtualized or containerized environment (e.g., simple operating systems, virtual machines, CGroups). - -“Software” means the MongoDB Enterprise database software, MongoDB Ops Manager, MongoDB Charts, MongoDB Connector for Business Intelligence, and any other software included with a Subscription, including any generally available updates to such software, but excluding open source software components, each of which has its copyright notice and license included in the license file and Documentation. - -“Subscription” means a subscription for our Software, Support, or Consulting Services set forth in an Order Form. - -“Support” means support, if any, included in a Subscription. - -2. Subscriptions. - -(a) Generally. We will provide you with the Software, Support and Consulting Services included in the Subscription. We will provide you with Support in accordance with the applicable support policy available on our website, currently available at https://www.mongodb.com/support-policy. While we may modify our support policy from time to time, we will not modify it in a way that materially and adversely affects your Support. Your Affiliates may purchase Subscriptions directly from us by signing an Order Form and you may allow an Affiliate to use your Subscriptions as long as you are responsible for the Affiliate’s compliance with this Agreement. - -(b) Free Evaluation and Development. MongoDB grants you a royalty-free, nontransferable and nonexclusive license to use and reproduce the Software in your internal environment for evaluation and development purposes. You will not use the Software for any other purpose, including testing, quality assurance or production purposes without purchasing an Enterprise Advanced Subscription. We provide the free evaluation and development license of our Software on an “AS-IS” basis without any warranty. - -(c) Enterprise Advanced Subscription. MongoDB grants you a nontransferable and nonexclusive license during the term of the Subscription to use and reproduce the Software in your internal environment for the purposes and on the number of Servers stated on the Order Form. You will cover each Server used by an application with an Enterprise Advanced Subscription. - -3. Consulting Services. You will provide MongoDB with reasonable assistance and information to facilitate scheduling and performance of Consulting Services. You will also appoint an engagement manager to help ensure effective delivery of the Consulting Services. Consulting Services and any Deliverables are accepted when delivered unless otherwise set forth in an Order Form. We may engage qualified subcontractors to provide the Consulting Services, and we are responsible for any subcontractor’s compliance with this Agreement. We grant you a royalty-free, perpetual, nontransferable and nonexclusive license to use and reproduce any Deliverables for your internal business purposes, except for training materials, which may only be used by the individual employees who attended the training session. - -4. Your Responsibilities. As a condition to your use of the Software, you will not, and will not allow any third party to: (a) decompile, disassemble, translate, reverse engineer or attempt to derive source code from any portion of the Software; (b) sell, sublicense, rent, lease, distribute, market, or commercialize the Software, your Subscription or any Deliverables, provided that you may use the Software in connection with an application available to your end customers as long as they cannot access the Software directly; (c) directly or indirectly circumvent or violate the technical restrictions of the Software; (d) remove any identification, proprietary, copyright or other notices in the Software, Documentation or Deliverables; (e) modify or create a derivative work of any portion of the Software; (f) publicly disseminate performance information about, or analysis of, the Software, including benchmarking test results, or your Subscription; (g) use the Software on more Servers than licensed on an Order Form; (h) use Support or Ops Manager, Cloud Manager, MongoDB Charts, or MongoDB Connector for Business Intelligence in connection with any application that is not covered by an Enterprise Advanced Subscription; or (i) access or use the Software in a way intended to avoid incurring fees or exceeding usage limits or quotas. You will comply with applicable laws in connection with your use of Software, Deliverables, Consulting Services and your Subscriptions, including any applicable U.S. export regulations and anti-corruption laws. - -5. Payment and Taxes. You will pay undisputed fees and reimburse any business expenses as set forth on and in accordance with an Order Form. Your payment for Subscriptions is non-refundable and you may not terminate or cancel an Order Form except as stated in this Agreement. Our fees exclude and you will pay applicable taxes and similar charges, including sales, usage, excise and value added taxes. Nothing in this Agreement requires either party to pay any income taxes or similar charges of the other party. If applicable law requires you to withhold any amount from your payment, you will provide us with copies of documents related to your withholding upon our request. - -6. Confidentiality. This Agreement supersedes any applicable non-disclosure agreement between the parties with respect to your use of the Software. The receiving party will use the disclosing party’s Confidential Information only in connection with this Agreement and protect the disclosing party’s Confidential Information by using the same degree of care used to protect its own confidential information, but not less than a reasonable degree of care. The receiving party will limit disclosure of the disclosing party’s Confidential Information to its and its Affiliates’ directors, officers, employees and contractors bound to confidentiality obligations at least as protective as the confidentiality provisions in this Agreement and who have a need to know the Confidential Information. The receiving party will not disclose the disclosing party’s Confidential Information to a any other third party without the disclosing party's consent, except where required to comply with applicable law or a compulsory legal order or process, provided that the receiving party will, if legally permitted, promptly notify the disclosing party. Each party will return or destroy the other party’s Confidential Information upon written request from the other party. - -7. Intellectual Property. This Agreement does not transfer any right, title or interest in any intellectual property to any party, except as expressly set forth in this Agreement. You are not obligated to provide us with any suggestions or other feedback, but if you do, we may use and modify this feedback without any restriction or payment. - -8. Warranties. MongoDB represents and warrants that: (a) the Software will perform substantially in accordance with the Documentation, and (b) it will perform Consulting Services and Support in a diligent and workmanlike manner consistent with industry standards. Your exclusive remedy for MongoDB’s material breach of warranty is to terminate any affected Subscription in accordance with Section 11 and receive a refund of any prepaid fees for unused Subscriptions. Except as set forth in this Section, we provide the Software, Consulting Services and Support on an “AS-IS” basis. To the fullest extent not prohibited by law, MongoDB disclaims and this Agreement excludes any implied or statutory warranty, including any warranty of title, non-infringement, merchantability or fitness for a particular purpose. - -9. Limitation of Liability. - -(a) Neither party will be liable to the other for any incidental or consequential damages, including lost profits or business opportunities, or any special or punitive damages. - -(b) Except as set forth in Section 9(c) and 9(d), each party’s cumulative liability will not exceed the total fees payable to MongoDB by Customer under this Agreement during the 12-month period before the event giving rise to the liability. - -(c) Each party’s cumulative liability under Section 10 will not exceed $3,000,000. - -(d) Nothing in this Agreement limits either party’s liability for: (i) fraud or fraudulent misrepresentation; (ii) death or personal injury caused by negligence, gross negligence or intentional misconduct; (iii) Customer’s payment obligations; or (iv) any liability which cannot legally be limited. - -10. Indemnification. - -(a) Customer Indemnification. If a third party asserts a claim against MongoDB alleging that software, content or data used by Customer in connection with the Software or any Subscription, or provided to MongoDB in order for MongoDB to perform Consulting Services, infringes a third party’s intellectual property right (a “Claim Against Us”), Customer will defend MongoDB against the Claim Against Us at Customer’s expense, and indemnify MongoDB from any damages, reasonable legal fees and costs finally awarded against MongoDB to the extent resulting from the Claim Against Us or for amounts paid by MongoDB to settle the Claim Against Us. Customer will have no obligation to defend or indemnify MongoDB if the Claim Against Us is based on MongoDB’s unauthorized changes to Customer’s software, content, data or other information. - -(b) MongoDB Indemnification. If a third party asserts a claim against Customer that the Software infringes a third party’s intellectual property right or any Deliverable infringes a third party’s copyright (a “Claim Against You”), MongoDB will defend Customer against the Claim Against You at MongoDB’s expense and indemnify Customer from any damages, reasonable legal fees and costs finally awarded against Customer to the extent resulting from the Claim Against You or for amounts paid by Customer to settle the Claim Against You. MongoDB will not be obligated to defend or indemnify Customer if the Claim Against You is based on: (i) combination of the Software with other software, content, data or business process not contemplated by Documentation; (ii) use of any older release of the Software when use of a newer version would have avoided the alleged or actual infringement; (iii) any modification of the Software made by anyone other than MongoDB; or (iv) MongoDB's compliance with any materials, designs, specifications or instructions provided by Customer. - -(c) Infringement Remedies. In addition to MongoDB’s indemnity obligations, if the Software or any Deliverable becomes, or in MongoDB’s opinion is likely to become, the subject of an infringement claim, MongoDB may at its option and expense and as Customer’s sole and exclusive remedy: (i) procure for Customer the right to make continued use of the Software or Deliverable; (ii) replace or modify the Software or Deliverable so that it becomes non-infringing; or (iii) terminate Customer’s license to the Software or Deliverable and refund any prepaid fees for unused Subscriptions. - -(d) Indemnification Procedures. Each party will provide the other with prompt notice of any claim. A party’s failure to provide prompt notice to the other party relieves the party of its obligation to defend and indemnify the other party only to the extent that the failure to provide notice materially harms the party’s ability to defend the claim. The indemnifying party will have sole control of the defense of the claim, including any settlement. The indemnified party will provide the indemnifying party with reasonable cooperation in connection with the defense of the claim, and may participate in the defense at its own expense. This Section 10 sets forth each party’s exclusive remedy for any third party infringement claim. - -11. Term and Termination. The term of this Agreement commences when you agree to an Order Form, or you download our Software for a free trial, and will remain in effect until terminated in accordance with this Agreement. Either party may terminate this Agreement for convenience immediately upon notice if all Order Forms under this Agreement have expired or been terminated. Neither party may terminate an Order Form for convenience. If a party fails to cure a material breach of this Agreement within 30 days after receipt of written notice of the breach, the other party may terminate this Agreement and any affected Order Form. Upon termination of an Order Form or this Agreement, you will remove the Software from all Servers covered by the terminated Subscriptions. Provisions intended by their nature to survive termination of this Agreement survive termination. During the term of this Agreement and one year following termination, we may inspect your records relating to your use of the Software or Consulting Services for the purposes of verifying compliance with this Agreement. - -12. General. Notices under this Agreement will be in writing and effective on the delivery date. The parties will deliver notices by personal delivery or courier to the address of the other party set forth on the Order Form. If you are located in North, Central or South America, New York law governs this Agreement, excluding any applicable conflict of laws rules or principles, and the parties agree to the exclusive jurisdiction of the courts in New York, New York. For customers located elsewhere, the law of England and Wales governs this Agreement, excluding any applicable conflict of laws rules or principles, and the parties agree to the exclusive jurisdiction of the courts in London, England. This Agreement does not create a partnership, agency relationship, or joint venture between the parties. The United Nations Convention for the International Sale of Goods does not apply to this Agreement. Unless you tell us otherwise in writing, we may refer to our relationship with you as a customer. Any assignment of this Agreement by you without our prior written consent will be null and void, except an assignment to an Affiliate or in connection with a merger or sale of all or substantially all of your assets or stock, provided that you may not assign this Agreement to a competitor of ours without our prior written consent. If any provision of this Agreement is unenforceable, that provision will be modified to render it enforceable to the extent possible to effect the parties’ intention and the remaining provisions will not be affected. The parties may amend this Agreement only by a written amendment signed by both parties. This Agreement incorporates any addenda or exhibits, and any Order Form, and comprises the parties’ entire agreement relating to the subject matter of this Agreement. Neither party has entered into this Agreement in reliance on any representations or warranties other than those expressly set forth in this Agreement or in an applicable Order Form. If any conflict exists between the provisions in this Agreement and any Order Form, the Order Form controls, and if any conflict exists between this Agreement and any addenda, exhibit or other agreement, this Agreement controls. A purchase order is for convenience only and any terms that govern the purchase order are of no effect. Customer’s purchase of any Subscription is not contingent on, and Customer has not relied on, the delivery of any future functionality, regardless of any communication about our products. Neither party will be liable for failures or delays in performance due to causes beyond its reasonable control. - +Usage of the MongoDB Enterprise Operator for Kubernetes indicates agreement with the MongoDB Development, Test, and Evaluation Agreement +https://www.mongodb.com/legal/evaluation-agreement diff --git a/README.md b/README.md index 0dd5011568c8435c6af8926b6cd979f7e21a9e59..2396fab2cb20e0045c58e30a4007fadf6ae0fef5 100644 --- a/README.md +++ b/README.md @@ -1,17 +1,20 @@ # Before You Begin # -**PRIOR TO UTILIZING THE MONGODB ENTERPRISE ADVANCED CONTAINER, CONTACT YOUR MONGODB SALES REPRESENTATIVE.** YOUR USE OF THE MONGODB ENTERPRISE SERVER IS SUBJECT TO THE TERMS AND CONDITIONS OF THE AGREEMENT BETWEEN USAF AND THE APPLICABLE RESELLER OF THE MONGODB ENTERPRISE SERVER. SUCH AGREEMENT INCORPORATES THE TERMS & CONDITIONS OF THE MONGODB ENTERPRISE ADVANCED LICENSE AGREEMENT, THE VERSION OF WHICH CURRENT AS OF SEPTEMBER 2020 IS SET FORTH BELOW. THE MONGODB ENTERPRISE ADVANCED LICENSE AGREEMENT IS SUBJECT TO AMENDMENT AND MODIFICATION FROM TIME TO TIME. +**PRIOR TO UTILIZING THESE MONGODB ENTERPRISE ADVANCED CONTAINERS, CONTACT YOUR MONGODB SALES REPRESENTATIVE.** YOUR USE OF THE MONGODB ENTERPRISE SERVER IS SUBJECT TO THE TERMS AND CONDITIONS OF THE AGREEMENT BETWEEN USAF AND THE APPLICABLE RESELLER OF THE MONGODB ENTERPRISE SERVER. SUCH AGREEMENT INCORPORATES THE TERMS & CONDITIONS OF THE MONGODB ENTERPRISE ADVANCED LICENSE AGREEMENT, THE VERSION OF WHICH CURRENT AS OF SEPTEMBER 2020 IS SET FORTH BELOW. THE MONGODB ENTERPRISE ADVANCED LICENSE AGREEMENT IS SUBJECT TO AMENDMENT AND MODIFICATION FROM TIME TO TIME. # Contact Information # For licensing and technical information, please use the following contact information: -Anton Hoffman, EAE USAF -781-996-8860 -anton.hoffman@mongodb.com +Keegan Wetzel, EAE USAF +708-256-7904 +keegan.wetzel@mongodb.com Please also CC: publicsector@mongodb.com +# Platform One # + +Note that the majority of this specific repo ("MongoDB Enterprise Kubernetes") is a clone of the public 1.5.3 repo. It contains essential files, such as the crd.yaml file, which must be deployed prior to deployment of the MongoDB Kubernetes Operator. Additional files have been provided that are specific to Platform One. Look in the platform_one folder for a mongodb-enterprise.yaml file configured to use the Platform One containers, as well as an example Ops Manager configuration file that is configured for Local Mode operation (i.e. disconnected environments). # MongoDB Enterprise Kubernetes Operator # @@ -24,7 +27,7 @@ The Operator requires access to one of our database management tools - Ops Manag You may run Ops Manager either inside or outside Kubernetes, or may use Cloud Manager (cloud.mongodb.com) instead. The Operator is currently Generally Available, supported by the [MongoDB Support Team](https://support.mongodb.com/). If you need urgent help, please file a support ticket. -For non-urgent requests, you may file a Github Issue in the public repo (https://github.com/mongodb/mongodb-enterprise-kubernetes). +For non-urgent requests, you may file a Github Issue here in the repo. You can discuss this integration in our new [Community Forum](https://community.mongodb.com/) - please use the tag [enterprise-kubernetes-operator](https://community.mongodb.com/tags/enterprise-kubernetes-operator). @@ -51,7 +54,8 @@ to see which Kubernetes and Openshift versions the Operator is compatible with To work with MongoDB resource this Operator requires [Ops Manager](https://docs.opsmanager.mongodb.com/current/) (Ops Manager can be installed into the same Kubernetes cluster by the Operator or installed outside of the cluster manually) - +or [Cloud Manager](https://cloud.mongodb.com/user#/cloud/login). +> If this is your first time trying the Operator, Cloud Manager is easier to get started ## Installation @@ -112,7 +116,7 @@ Check the end of the page for instructions on how to remove the Operator. For the Operator to work, you will need the following information: -* Base URL - the URL of an Ops Manager instance +* Base URL - the URL of an Ops Manager instance (for Cloud Manager use `https://cloud.mongodb.com`) * (optionally) Project Name - the name of an Ops Manager Project where MongoDBs will be deployed into. It will be created by the Operator if it doesn't exist (and this is the recommended way instead of reusing the project created in OpsManager directly). If omitted the name of the MongoDB resource will be used as a project name. diff --git a/crds.yaml b/crds.yaml index ae6911379a0f66256f3ebedf4ec5b33151718774..dd573ae375e424c6d77e3093886354e6e4a17185 100644 --- a/crds.yaml +++ b/crds.yaml @@ -1,3 +1,6 @@ +--- +# Source: mongodb-enterprise-operator/templates/crds.yaml + --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition @@ -11,7 +14,7 @@ spec: kind: MongoDB plural: mongodb shortNames: - - mdb + - mdb singular: mongodb additionalPrinterColumns: - name: Type @@ -90,14 +93,19 @@ spec: additionalMongodConfig: type: object - exposedExternally: - type: boolean - - agent: - type: object properties: - startupOptions: + net: type: object + properties: + ssl: + type: object + properties: + mode: + type: string + enum: ["disabled", "allowSSL", "preferSSL", "requireSSL", "allowTLS", "preferTLS", "requireTLS"] + + exposedExternally: + type: boolean # Generic PodSpec configuration podSpec: @@ -174,41 +182,15 @@ spec: authentication: type: object properties: - agents: - type: object - properties: - mode: - type: string - enum: ["SCRAM", "X509", "LDAP"] - automationUsername: - type: string - automationPasswordSecretRef: - type: object - properties: - name: - type: string - key: - type: string - automationLdapGroupDN: - type: string - clientCertificateSecretRef: - type: object - properties: - name: - type: string - required: - - mode enabled: type: boolean modes: type: array items: type: string - enum: ["SCRAM", "X509", "LDAP"] + enum: ["SCRAM", "X509"] ignoreUnknownUsers: type: boolean - requireClientTLSAuthentication: - type: boolean tls: type: object properties: @@ -216,104 +198,11 @@ spec: type: boolean ca: type: string - secretRef: - type: object - properties: - name: - type: string additionalCertificateDomains: type: array items: type: string - ldap: - type: object - properties: - bindQueryUser: - type: string - servers: - type: array - items: - type: string - transportSecurity: - type: string - enum: ["none", "tls"] - bindQueryPasswordSecretRef: - type: object - properties: - name: - type: string - caConfigMapRef: - type: object - authzQueryTemplate: - type: string - userToDNMapping: - type: string - roles: - type: array - description: "List of roles not bounded to specific users" - items: - type: object - properties: - role: - type: string - description: "The name of the role" - db: - type: string - description: "The db the role belongs to" - roles: - type: array - description: "List of roles this role inherits from" - items: - type: object - properties: - db: - type: string - description: "The db the role belongs to" - role: - type: string - description: "The name of the role" - authenticationRestrictions: - type: array - description: "List of restriction for users authenticating to this role" - items: - type: object - properties: - clientSource: - type: array - description: "List of IP addresses or CIDR ranges allowed the user can connect from" - items: - type: string - serverAddress: - type: array - description: "List of IP addresses or CIDR ranges allowed the user can connect to" - items: - type: string - privileges: - type: array - description: "List of privileges granted to this role" - items: - type: object - properties: - actions: - type: array - description: "List of actions allowed to this role" - items: - type: string - resource: - type: object - description: "Resource on which the privileges are granted" - properties: - db: - type: string - description: "Name of the database" - collection: - type: string - description: "Name of the collection" - cluster: - type: boolean - description: "True for cluster-wide privileges" - # Sharded Cluster properties shardPodSpec: type: object @@ -514,10 +403,8 @@ spec: labelSelector: type: object configServerCount: - minimum: 1 type: integer mongodsPerShardCount: - minimum: 1 type: integer mongosCount: minimum: 1 @@ -525,36 +412,7 @@ spec: shardCount: minimum: 1 type: integer - mongos: - type: object - properties: - additionalMongodConfig: - type: object - agent: - type: object - properties: - startupOptions: - type: object - configSrv: - type: object - properties: - additionalMongodConfig: - type: object - agent: - type: object - properties: - startupOptions: - type: object - shard: - type: object - properties: - additionalMongodConfig: - type: object - agent: - type: object - properties: - startupOptions: - type: object + --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition @@ -568,7 +426,7 @@ spec: kind: MongoDBUser plural: mongodbusers shortNames: - - mdbu + - mdbu singular: mongodbuser additionalPrinterColumns: - name: State @@ -582,59 +440,60 @@ spec: subresources: status: {} validation: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - username: - type: string - description: "The username of the user" - db: - type: string - description: "The database the user is stored in" - project: - type: string - description: "The project the user belongs to" - passwordSecretKeyRef: - type: object - properties: - name: - type: string - key: - type: string - description: "DEPRECATED The project the user belongs to" - mongodbResourceRef: - type: object - properties: - name: - type: string - description: "The name of a MongoDB resource in the same namespace" - roles: - type: array - items: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + username: + type: string + description: "The username of the user" + db: + type: string + description: "The database the user is stored in" + project: + type: string + description: "The project the user belongs to" + passwordSecretKeyRef: type: object properties: name: type: string - description: "The name of the role" - db: + key: type: string - description: "The db the role can act on" - passwordSecretKeyRef: - type: object - properties: - name: - type: string - key: - type: string - required: - - name - - db - required: - - username - - db + description: "DEPRECATED The project the user belongs to" + mongodbResourceRef: + type: object + properties: + name: + type: string + description: "The name of a MongoDB resource in the same namespace" + roles: + type: array + items: + type: object + properties: + name: + type: string + description: "The name of the role" + db: + type: string + description: "The db the role can act on" + passwordSecretKeyRef: + type: object + properties: + name: + type: string + key: + type: string + required: + - name + - db + required: + - username + - db + --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition @@ -648,7 +507,7 @@ spec: kind: MongoDBOpsManager plural: opsmanagers shortNames: - - om + - om singular: opsmanager additionalPrinterColumns: - name: Replicas @@ -707,8 +566,6 @@ spec: tls: type: object properties: - ca: - type: string secretRef: type: object properties: @@ -783,7 +640,7 @@ spec: name: type: string required: - - name + - name required: - name - mongodbResourceRef @@ -807,7 +664,7 @@ spec: name: type: string required: - - name + - name required: - name - mongodbResourceRef @@ -818,31 +675,30 @@ spec: properties: name: type: string - mongodbResourceRef: - type: object - properties: - name: - type: string - required: - - name - mongodbUserRef: - type: object - properties: - name: - type: string - required: - - name - pathStyleAccessEnabled: - type: boolean - s3BucketEndpoint: - type: string - s3BucketName: - type: string - s3SecretRef: - type: object - properties: - name: - type: string + mongodbResourceRef: + type: object + properties: + name: + type: string + required: + - name + mongodbUserRef: + type: object + properties: + name: + type: string + required: + - name + pathStyleAccessEnabled: + type: boolean + s3BucketEndpoint: + type: string + s3BucketName: + type: string + s3SecretRef: + type: object + properties: + name: string required: - name - pathStyleAccessEnabled @@ -902,13 +758,6 @@ spec: properties: spec: type: object - - agent: - type: object - properties: - startupOptions: - type: object - podSpec: type: object properties: @@ -980,18 +829,23 @@ spec: required: - version - applicationDatabase + + +# This ClusterRole is necessary in order to use validating webhooks—these will +# prevent you from applying a variety of invalid resource definitions. The +# validating webhooks are optional so this can be removed if necessary. --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: mongodb-enterprise-operator-mongodb-webhook rules: - - apiGroups: - - "admissionregistration.k8s.io" - resources: - - validatingwebhookconfigurations - verbs: - - get - - create - - update - - delete +- apiGroups: + - "admissionregistration.k8s.io" + resources: + - validatingwebhookconfigurations + verbs: + - get + - create + - update + - delete diff --git a/docs/assets/image--000.png b/docs/assets/image--000.png deleted file mode 100644 index 7c2ee0d6e242874572062d0f1bab3320ebd3155a..0000000000000000000000000000000000000000 Binary files a/docs/assets/image--000.png and /dev/null differ diff --git a/docs/assets/image--002.png b/docs/assets/image--002.png deleted file mode 100644 index cbebc06e79040cfc735816f8ae049a206331fdad..0000000000000000000000000000000000000000 Binary files a/docs/assets/image--002.png and /dev/null differ diff --git a/docs/assets/image--004.png b/docs/assets/image--004.png deleted file mode 100644 index 96934769b8e5fadd50b4078bf4d10a0f829bcc54..0000000000000000000000000000000000000000 Binary files a/docs/assets/image--004.png and /dev/null differ diff --git a/docs/assets/image--008.png b/docs/assets/image--008.png deleted file mode 100644 index ef776fd77a1a69803c565190e0da3018a5c3eac6..0000000000000000000000000000000000000000 Binary files a/docs/assets/image--008.png and /dev/null differ diff --git a/docs/assets/image--014.png b/docs/assets/image--014.png deleted file mode 100644 index 8d0c75e7a564d80291bef5aaec249fc2bf9d3ec3..0000000000000000000000000000000000000000 Binary files a/docs/assets/image--014.png and /dev/null differ diff --git a/docs/assets/image--030.png b/docs/assets/image--030.png deleted file mode 100644 index 3321b971e5f73c2c5415a6e9ce2897fd4186d647..0000000000000000000000000000000000000000 Binary files a/docs/assets/image--030.png and /dev/null differ diff --git a/docs/assets/image--032.png b/docs/assets/image--032.png deleted file mode 100644 index 510c89a9e14c5d0935fd4962edf197cb4519fe2f..0000000000000000000000000000000000000000 Binary files a/docs/assets/image--032.png and /dev/null differ diff --git a/docs/assets/image--034.png b/docs/assets/image--034.png deleted file mode 100644 index e21b432325676cd498fabee8c0b14e1170690903..0000000000000000000000000000000000000000 Binary files a/docs/assets/image--034.png and /dev/null differ diff --git a/docs/openshift-marketplace.md b/docs/openshift-marketplace.md deleted file mode 100644 index ea639c1a228228c9a536e619d5accc9da1c4fe2f..0000000000000000000000000000000000000000 --- a/docs/openshift-marketplace.md +++ /dev/null @@ -1,149 +0,0 @@ -# OpenShift MongoDB Enterprise Kubernetes Operator -## Operator Service Catalog and Marketplace - -This installation document is a guide for deploying MongoDB Enterprise Kubernetes Operator, Ops Manager and first MongoDB DataBase using OpenShift Operator catalog or Marketplace. - -## Configuring required components - -Step 1: Create a namespace to install MongoDB - -``` -oc create ns mongodb -``` - -Step 2: Install the operator in the cluster in the namespace created above - -![Installed Operators](assets/image--000.png) - -Step 3: Wait for the Operator to be deployed. - -![Operator Installed](assets/image--002.png) - -Step 4: Deploy MongoDB Ops Manager. - -Ops Manager is an Enterprise Control Plane for all your MongoDB Clusters. It is a extensive application and may seem complicated. Please visit [Documentation](https://docs.mongodb.com/kubernetes-operator/stable/om-resources/) to plan and configure production deployments. - -*Only a single Ops Manager deployment is required for all MongoDB clusters in your organization. This step could be skipped if Ops Manager is already deployed. Alternatively [Cloud Manager](https://cloud.mongodb.com) - hosted Ops Manager could be used instead.* - -![Screenshot](assets/image--004.png) - - -To deploy a very simple Ops Manager configuration two steps are required. -1. Create Admin Credential Secret -```bash -create secret generic ops-manager-admin-secret \ ---from-literal=Username="jane.doe@example.com" \ ---from-literal=Password="Passw0rd." \ ---from-literal=FirstName="Jane" \ ---from-literal=LastName="Doe" -n mongodb -``` -2. Deploy Ops Manager instance with CRD -![Screenshot](assets/image--008.png) - -With sample yaml CRD definition - -```yaml -apiVersion: mongodb.com/v1 -kind: MongoDBOpsManager -metadata: - name: ops-manager - namespace: mongodb -spec: - # the version of Ops Manager to use - version: 4.4.1 - - # the name of the secret containing admin user credentials. - adminCredentials: ops-manager-admin-secret - - externalConnectivity: - type: LoadBalancer - - # the Replica Set backing Ops Manager. - # appDB has the SCRAM-SHA authentication mode always enabled - applicationDatabase: - members: 3 -``` - -Change the `adminCredentials` property to link to the name of the secret created previously. In this example it is ops-manager-admin. - -`Click create.` - ->For more detailed installation visit our blog post: https://www.mongodb.com/blog/post/running-mongodb-ops-manager-in-kubernetes - -Step 7: Verify MongoDB Ops Manager is successfully deployed. Verify Ops Manager resource and ensure that ops-manager resource reached Running state : -`oc describe om ops-manager` - - ->NOTE: Wait for the secret ops-manager-admin-key to be created. It contains Global Admin Programmatic API that will be required in the subsequent steps. We recommend to create new Programmatic API Key scoped to a single Ops Manager Organization https://docs.opsmanager.mongodb.com/rapid/tutorial/manage-programmatic-api-keys/#mms-prog-api-key - - -Please note OpsManager URL exposed by LoadBalancer before moving to the next Section - -## Deploy MongoDB - -In order to create MongoDB Cluster three Kubernetes resources need to be deployed. https://docs.mongodb.com/kubernetes-operator/stable/mdb-resources/ - -1. Kubernetes ConfigMap that contain settings for Operator to connect to Ops Manager - ```bash - os create configmap \ - --from-literal="baseUrl=" \ - --from-literal="projectName=" \ #Optional - --from-literal="orgId=" - ``` - >OpsManagerURL is an Ops Manager url including port (default 8080) noted in Step 7. - ->Documentation: https://docs.mongodb.com/kubernetes-operator/stable/tutorial/create-project-using-configmap/#create-k8s-project - - -2. Kubernetes Secret containing Programmatic API Key to Operator to connect to Ops Manager. -> ops-manager-admin-key secret could be used instead for none production deployments. - -``` -oc -n \ - create secret generic \ - --from-literal="user=" \ - --from-literal="publicApiKey=" - ``` - -For instructions on how to create Ops Manager Organization and Programmatic API Key please refer to documentation: https://docs.mongodb.com/kubernetes-operator/stable/tutorial/create-operator-credentials/#create-k8s-credentials - -3. Deploy Ops Manager -![Deploy MongoDB](assets/image--030.png) - -Click on the first tile to create the MongoDB Deployment Instance - -![Deploy MongoDB](assets/image--032.png) - -* Choose a name for MongoDB cluster 'metadata.name` -* Substitute the values `spec.OpsManager` with a reference to the config map `` -* Substitute the values `spec.credentials` with secret name ``. - -`Click Create. ` - ->For comprehensive Documentation, please visit https://docs.mongodb.com/kubernetes-operator/stable/mdb-resources/ - -### Verify MongoDB cluster is operational - -Verify Status of MongoDB Resource reached ``Running`` state ->Optionally monitor state of pods, sts and services linked to MongoDB CRD -![Deploy MongoDB](assets/image--034.png) - ->Note: MongoDB Enterprise Operator logs are the best source to start troubleshooting any issues with deployments - -### Connect to MongoDB Cluster - -MongoDB Enterprise Operator create Kubernetes Service For each MongoDB deployed using default port 27017. - -` ..svc.` - -MongoDB Connection String could be built using SRV record - -` mongodb+srv://..svc.` - -***In order to connect to MongoDB from outside of OpenShift cluster an ingress route needs to be created manually. Operator does not create ingress or external services.*** - -***MongoDB ReplicaSet External connectivity requires Split Horizon Configuration: [Connect to a MongoDB Database Resource from Outside Kubernetes](https://docs.mongodb.com/kubernetes-operator/stable/tutorial/connect-from-outside-k8s/)*** - ->EXAMPLE -To connect to a sharded cluster resource named shardedcluster, you might use the following connection string:
``mongo --host shardedcluster-mongos-0.shardedcluster-svc.mongodb.svc.cluster.local --port 27017`` - diff --git a/helm_chart/Chart.yaml b/helm_chart/Chart.yaml index 43cda30a0ec8b3f94e929e468044b53650d3115a..4bc4629b9326fe27f2ee3beb52c8853d228819da 100644 --- a/helm_chart/Chart.yaml +++ b/helm_chart/Chart.yaml @@ -1,7 +1,7 @@ name: mongodb-enterprise-operator description: MongoDB Kubernetes Enterprise Operator -version: 1.8.0 -kubeVersion: '>=1.13-0' +version: 1.5.3 +kubeVersion: '>=1.13' keywords: - mongodb - database diff --git a/helm_chart/crds/mongodbusers.mongodb.com.yaml b/helm_chart/crds/mongodbusers.mongodb.com.yaml deleted file mode 100644 index 856e461a2bee14e3c25e48e5575fd6a9ff52cefb..0000000000000000000000000000000000000000 --- a/helm_chart/crds/mongodbusers.mongodb.com.yaml +++ /dev/null @@ -1,80 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: mongodbusers.mongodb.com -spec: - group: mongodb.com - version: v1 - scope: Namespaced - names: - kind: MongoDBUser - plural: mongodbusers - shortNames: - - mdbu - singular: mongodbuser - additionalPrinterColumns: - - name: State - type: string - description: The current state of the MongoDB User - JSONPath: .status.phase - - name: Age - type: date - description: The time since the MongoDB User resource was created - JSONPath: .metadata.creationTimestamp - subresources: - status: {} - validation: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - username: - type: string - description: "The username of the user" - db: - type: string - description: "The database the user is stored in" - project: - type: string - description: "The project the user belongs to" - passwordSecretKeyRef: - type: object - properties: - name: - type: string - key: - type: string - description: "DEPRECATED The project the user belongs to" - mongodbResourceRef: - type: object - properties: - name: - type: string - description: "The name of a MongoDB resource in the same namespace" - roles: - type: array - items: - type: object - properties: - name: - type: string - description: "The name of the role" - db: - type: string - description: "The db the role can act on" - passwordSecretKeyRef: - type: object - properties: - name: - type: string - key: - type: string - required: - - name - - db - required: - - username - - db diff --git a/helm_chart/crds/opsmanagers.mongodb.com.yaml b/helm_chart/crds/opsmanagers.mongodb.com.yaml deleted file mode 100644 index e595a3552f7d41fb11a65b1f85b913a0f98c4da1..0000000000000000000000000000000000000000 --- a/helm_chart/crds/opsmanagers.mongodb.com.yaml +++ /dev/null @@ -1,345 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: opsmanagers.mongodb.com -spec: - group: mongodb.com - version: v1 - scope: Namespaced - names: - kind: MongoDBOpsManager - plural: opsmanagers - shortNames: - - om - singular: opsmanager - additionalPrinterColumns: - - name: Replicas - type: integer - description: The number of replicas of MongoDBOpsManager. - JSONPath: .spec.replicas - - name: Version - type: string - description: The version of MongoDBOpsManager. - JSONPath: .spec.version - - name: State (OpsManager) - type: string - description: The current state of the MongoDBOpsManager. - JSONPath: .status.opsManager.phase - - name: State (AppDB) - type: string - description: The current state of the MongoDBOpsManager Application Database. - JSONPath: .status.applicationDatabase.phase - - name: State (Backup) - type: string - description: The current state of the MongoDBOpsManager Backup Daemon. - JSONPath: .status.backup.phase - - name: Age - type: date - description: The time since the MongoDBOpsManager resource was created. - JSONPath: .metadata.creationTimestamp - - name: Warnings - type: string - description: Warnings - JSONPath: .status.warnings - subresources: - status: {} - validation: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - version: - type: string - replicas: - minimum: 1 - type: integer - clusterName: - type: string - format: hostname - description: "DEPRECATED Use clusterDomain instead" - clusterDomain: - type: string - format: hostname - - security: - type: object - properties: - tls: - type: object - properties: - ca: - type: string - secretRef: - type: object - properties: - name: - type: string - required: - - name - - adminCredentials: - type: string - externalConnectivity: - type: object - properties: - type: - type: string - enum: ["LoadBalancer", "NodePort"] - port: - type: integer - loadBalancerIP: - type: string - externalTrafficPolicy: - type: string - enum: ["Cluster", "Local"] - annotations: - type: object - required: - - type - configuration: - type: object - jvmParameters: - type: array - items: - type: string - statefulSet: - type: object - properties: - spec: - type: object - backup: - type: object - properties: - enabled: - type: boolean - jvmParameters: - type: array - items: - type: string - headDB: - type: object - properties: - storage: - type: string - storageClass: - type: string - opLogStores: - type: array - items: - type: object - properties: - name: - type: string - mongodbResourceRef: - type: object - properties: - name: - type: string - required: - - name - mongodbUserRef: - type: object - properties: - name: - type: string - required: - - name - required: - - name - - mongodbResourceRef - blockStores: - type: array - items: - type: object - properties: - name: - type: string - mongodbResourceRef: - type: object - properties: - name: - type: string - required: - - name - mongodbUserRef: - type: object - properties: - name: - type: string - required: - - name - required: - - name - - mongodbResourceRef - s3Stores: - type: array - items: - type: object - properties: - name: - type: string - mongodbResourceRef: - type: object - properties: - name: - type: string - required: - - name - mongodbUserRef: - type: object - properties: - name: - type: string - required: - - name - pathStyleAccessEnabled: - type: boolean - s3BucketEndpoint: - type: string - s3BucketName: - type: string - s3SecretRef: - type: object - properties: - name: - type: string - required: - - name - - pathStyleAccessEnabled - - s3BucketEndpoint - - s3BucketName - - s3SecretRef - statefulSet: - type: object - properties: - spec: - type: object - required: - - enabled - applicationDatabase: - type: object - properties: - passwordSecretKeyRef: - type: object - properties: - name: - type: string - key: - type: string - required: - - name - security: - type: object - properties: - tls: - type: object - properties: - ca: - type: string - secretRef: - type: object - properties: - name: - type: string - required: - - name - required: - - secretRef - members: - maximum: 50 - minimum: 3 - type: integer - version: - type: string - pattern: "^[0-9]+.[0-9]+.[0-9]+(-.+)?$|^$" - logLevel: - type: string - enum: ["DEBUG", "INFO", "WARN", "ERROR", "FATAL"] - persistent: - type: boolean - statefulSet: - type: object - properties: - spec: - type: object - - agent: - type: object - properties: - startupOptions: - type: object - - podSpec: - type: object - properties: - podTemplate: - type: object - properties: - metadata: - type: object - spec: - type: object - podAntiAffinityTopologyKey: - type: string - cpu: - type: string - cpuRequests: - type: string - memory: - type: string - memoryRequests: - type: string - podAffinity: - type: object - nodeAffinity: - type: object - persistence: - type: object - properties: - single: - type: object - properties: - storage: - type: string - storageClass: - type: string - labelSelector: - type: object - multiple: - type: object - properties: - data: - type: object - properties: - storage: - type: string - storageClass: - type: string - labelSelector: - type: object - journal: - type: object - properties: - storage: - type: string - storageClass: - type: string - labelSelector: - type: object - logs: - type: object - properties: - storage: - type: string - storageClass: - type: string - labelSelector: - type: object - required: - - members - required: - - version - - applicationDatabase diff --git a/helm_chart/crds/webhook-cluster-role.yaml b/helm_chart/crds/webhook-cluster-role.yaml deleted file mode 100644 index a487956d26a673b74dec2ecb1d9edb719adecf97..0000000000000000000000000000000000000000 --- a/helm_chart/crds/webhook-cluster-role.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: mongodb-enterprise-operator-mongodb-webhook -rules: - - apiGroups: - - "admissionregistration.k8s.io" - resources: - - validatingwebhookconfigurations - verbs: - - get - - create - - update - - delete diff --git a/helm_chart/crds/mongodb.mongodb.com.yaml b/helm_chart/templates/crds.yaml similarity index 55% rename from helm_chart/crds/mongodb.mongodb.com.yaml rename to helm_chart/templates/crds.yaml index fe9a453b67b5fa8ee81c32c3445ebee9ab6afc8d..8c00c3782692ba838cfd1bb01d86269f08a5d475 100644 --- a/helm_chart/crds/mongodb.mongodb.com.yaml +++ b/helm_chart/templates/crds.yaml @@ -1,3 +1,5 @@ +{{- if .Values.createCrds }} +{{- if has "mongodb" (.Values.operator.watchedResources | default (tuple "mongodb")) }} --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition @@ -11,7 +13,7 @@ spec: kind: MongoDB plural: mongodb shortNames: - - mdb + - mdb singular: mongodb additionalPrinterColumns: - name: Type @@ -30,8 +32,10 @@ spec: type: date description: The time since the MongoDB resource was created. JSONPath: .metadata.creationTimestamp +{{- if .Values.subresourceEnabled }} subresources: status: {} +{{- end }} validation: openAPIV3Schema: type: object @@ -90,14 +94,19 @@ spec: additionalMongodConfig: type: object - exposedExternally: - type: boolean - - agent: - type: object properties: - startupOptions: + net: type: object + properties: + ssl: + type: object + properties: + mode: + type: string + enum: ["disabled", "allowSSL", "preferSSL", "requireSSL", "allowTLS", "preferTLS", "requireTLS"] + + exposedExternally: + type: boolean # Generic PodSpec configuration podSpec: @@ -174,41 +183,15 @@ spec: authentication: type: object properties: - agents: - type: object - properties: - mode: - type: string - enum: ["SCRAM", "X509", "LDAP"] - automationUsername: - type: string - automationPasswordSecretRef: - type: object - properties: - name: - type: string - key: - type: string - automationLdapGroupDN: - type: string - clientCertificateSecretRef: - type: object - properties: - name: - type: string - required: - - mode enabled: type: boolean modes: type: array items: type: string - enum: ["SCRAM", "X509", "LDAP"] + enum: ["SCRAM", "X509"] ignoreUnknownUsers: type: boolean - requireClientTLSAuthentication: - type: boolean tls: type: object properties: @@ -216,104 +199,11 @@ spec: type: boolean ca: type: string - secretRef: - type: object - properties: - name: - type: string additionalCertificateDomains: type: array items: type: string - ldap: - type: object - properties: - bindQueryUser: - type: string - servers: - type: array - items: - type: string - transportSecurity: - type: string - enum: ["none", "tls"] - bindQueryPasswordSecretRef: - type: object - properties: - name: - type: string - caConfigMapRef: - type: object - authzQueryTemplate: - type: string - userToDNMapping: - type: string - roles: - type: array - description: "List of roles not bounded to specific users" - items: - type: object - properties: - role: - type: string - description: "The name of the role" - db: - type: string - description: "The db the role belongs to" - roles: - type: array - description: "List of roles this role inherits from" - items: - type: object - properties: - db: - type: string - description: "The db the role belongs to" - role: - type: string - description: "The name of the role" - authenticationRestrictions: - type: array - description: "List of restriction for users authenticating to this role" - items: - type: object - properties: - clientSource: - type: array - description: "List of IP addresses or CIDR ranges allowed the user can connect from" - items: - type: string - serverAddress: - type: array - description: "List of IP addresses or CIDR ranges allowed the user can connect to" - items: - type: string - privileges: - type: array - description: "List of privileges granted to this role" - items: - type: object - properties: - actions: - type: array - description: "List of actions allowed to this role" - items: - type: string - resource: - type: object - description: "Resource on which the privileges are granted" - properties: - db: - type: string - description: "Name of the database" - collection: - type: string - description: "Name of the collection" - cluster: - type: boolean - description: "True for cluster-wide privileges" - # Sharded Cluster properties shardPodSpec: type: object @@ -514,10 +404,8 @@ spec: labelSelector: type: object configServerCount: - minimum: 1 type: integer mongodsPerShardCount: - minimum: 1 type: integer mongosCount: minimum: 1 @@ -525,33 +413,450 @@ spec: shardCount: minimum: 1 type: integer - mongos: +{{- end }} +{{- if has "mongodbusers" (.Values.operator.watchedResources | default (tuple "mongodbusers")) }} + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: mongodbusers.mongodb.com +spec: + group: mongodb.com + version: v1 + scope: Namespaced + names: + kind: MongoDBUser + plural: mongodbusers + shortNames: + - mdbu + singular: mongodbuser + additionalPrinterColumns: + - name: State + type: string + description: The current state of the MongoDB User + JSONPath: .status.phase + - name: Age + type: date + description: The time since the MongoDB User resource was created + JSONPath: .metadata.creationTimestamp +{{- if .Values.subresourceEnabled }} + subresources: + status: {} +{{- end }} + validation: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + username: + type: string + description: "The username of the user" + db: + type: string + description: "The database the user is stored in" + project: + type: string + description: "The project the user belongs to" + passwordSecretKeyRef: + type: object + properties: + name: + type: string + key: + type: string + description: "DEPRECATED The project the user belongs to" + mongodbResourceRef: + type: object + properties: + name: + type: string + description: "The name of a MongoDB resource in the same namespace" + roles: + type: array + items: + type: object + properties: + name: + type: string + description: "The name of the role" + db: + type: string + description: "The db the role can act on" + passwordSecretKeyRef: + type: object + properties: + name: + type: string + key: + type: string + required: + - name + - db + required: + - username + - db +{{- end }} +{{- if has "opsmanagers" (.Values.operator.watchedResources | default (tuple "opsmanagers")) }} + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: opsmanagers.mongodb.com +spec: + group: mongodb.com + version: v1 + scope: Namespaced + names: + kind: MongoDBOpsManager + plural: opsmanagers + shortNames: + - om + singular: opsmanager + additionalPrinterColumns: + - name: Replicas + type: integer + description: The number of replicas of MongoDBOpsManager. + JSONPath: .spec.replicas + - name: Version + type: string + description: The version of MongoDBOpsManager. + JSONPath: .spec.version + - name: State (OpsManager) + type: string + description: The current state of the MongoDBOpsManager. + JSONPath: .status.opsManager.phase + - name: State (AppDB) + type: string + description: The current state of the MongoDBOpsManager Application Database. + JSONPath: .status.applicationDatabase.phase + - name: State (Backup) + type: string + description: The current state of the MongoDBOpsManager Backup Daemon. + JSONPath: .status.backup.phase + - name: Age + type: date + description: The time since the MongoDBOpsManager resource was created. + JSONPath: .metadata.creationTimestamp + - name: Warnings + type: string + description: Warnings + JSONPath: .status.warnings +{{- if .Values.subresourceEnabled }} + subresources: + status: {} +{{- end }} + validation: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + version: + type: string + replicas: + minimum: 1 + type: integer + clusterName: + type: string + format: hostname + description: "DEPRECATED Use clusterDomain instead" + clusterDomain: + type: string + format: hostname + + security: type: object properties: - additionalMongodConfig: - type: object - agent: + tls: type: object properties: - startupOptions: + secretRef: type: object - configSrv: + properties: + name: + type: string + required: + - name + + adminCredentials: + type: string + externalConnectivity: type: object properties: - additionalMongodConfig: + type: + type: string + enum: ["LoadBalancer", "NodePort"] + port: + type: integer + loadBalancerIP: + type: string + externalTrafficPolicy: + type: string + enum: ["Cluster", "Local"] + annotations: type: object - agent: + required: + - type + configuration: + type: object + jvmParameters: + type: array + items: + type: string + statefulSet: + type: object + properties: + spec: + type: object + backup: + type: object + properties: + enabled: + type: boolean + jvmParameters: + type: array + items: + type: string + headDB: type: object properties: - startupOptions: + storage: + type: string + storageClass: + type: string + opLogStores: + type: array + items: + type: object + properties: + name: + type: string + mongodbResourceRef: + type: object + properties: + name: + type: string + required: + - name + mongodbUserRef: + type: object + properties: + name: + type: string + required: + - name + required: + - name + - mongodbResourceRef + blockStores: + type: array + items: + type: object + properties: + name: + type: string + mongodbResourceRef: + type: object + properties: + name: + type: string + required: + - name + mongodbUserRef: + type: object + properties: + name: + type: string + required: + - name + required: + - name + - mongodbResourceRef + s3Stores: + type: array + items: + type: object + properties: + name: + type: string + mongodbResourceRef: + type: object + properties: + name: + type: string + required: + - name + mongodbUserRef: + type: object + properties: + name: + type: string + required: + - name + pathStyleAccessEnabled: + type: boolean + s3BucketEndpoint: + type: string + s3BucketName: + type: string + s3SecretRef: type: object - shard: + properties: + name: string + required: + - name + - pathStyleAccessEnabled + - s3BucketEndpoint + - s3BucketName + - s3SecretRef + statefulSet: + type: object + properties: + spec: + type: object + required: + - enabled + applicationDatabase: type: object properties: - additionalMongodConfig: + passwordSecretKeyRef: + type: object + properties: + name: + type: string + key: + type: string + required: + - name + security: + type: object + properties: + tls: + type: object + properties: + ca: + type: string + secretRef: + type: object + properties: + name: + type: string + required: + - name + required: + - secretRef + members: + maximum: 50 + minimum: 3 + type: integer + version: + type: string + pattern: "^[0-9]+.[0-9]+.[0-9]+(-.+)?$|^$" + logLevel: + type: string + enum: ["DEBUG", "INFO", "WARN", "ERROR", "FATAL"] + persistent: + type: boolean + statefulSet: type: object - agent: + properties: + spec: + type: object + podSpec: type: object properties: - startupOptions: + podTemplate: + type: object + properties: + metadata: + type: object + spec: + type: object + podAntiAffinityTopologyKey: + type: string + cpu: + type: string + cpuRequests: + type: string + memory: + type: string + memoryRequests: + type: string + podAffinity: + type: object + nodeAffinity: type: object + persistence: + type: object + properties: + single: + type: object + properties: + storage: + type: string + storageClass: + type: string + labelSelector: + type: object + multiple: + type: object + properties: + data: + type: object + properties: + storage: + type: string + storageClass: + type: string + labelSelector: + type: object + journal: + type: object + properties: + storage: + type: string + storageClass: + type: string + labelSelector: + type: object + logs: + type: object + properties: + storage: + type: string + storageClass: + type: string + labelSelector: + type: object + required: + - members + required: + - version + - applicationDatabase +{{- end }} +{{- end }} + + +# This ClusterRole is necessary in order to use validating webhooks—these will +# prevent you from applying a variety of invalid resource definitions. The +# validating webhooks are optional so this can be removed if necessary. +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: mongodb-enterprise-operator-mongodb-webhook +rules: +- apiGroups: + - "admissionregistration.k8s.io" + resources: + - validatingwebhookconfigurations + verbs: + - get + - create + - update + - delete diff --git a/helm_chart/templates/database-roles.yaml b/helm_chart/templates/database-roles.yaml index 4461c722ab1c155deedb8d7cdbede89cda3d080b..1c9e448409383849ee7120815e7bc7a72e6d5fde 100644 --- a/helm_chart/templates/database-roles.yaml +++ b/helm_chart/templates/database-roles.yaml @@ -8,10 +8,6 @@ metadata: {{- else }} namespace: {{ .Values.namespace }} {{- end }} -{{- if .Values.registry.imagePullSecrets}} -imagePullSecrets: - - name: {{ .Values.registry.imagePullSecrets }} -{{- end }} --- apiVersion: v1 @@ -23,10 +19,6 @@ metadata: {{- else }} namespace: {{ .Values.namespace }} {{- end }} -{{- if .Values.registry.imagePullSecrets}} -imagePullSecrets: - - name: {{ .Values.registry.imagePullSecrets }} -{{- end }} --- apiVersion: v1 @@ -38,10 +30,6 @@ metadata: {{- else }} namespace: {{ .Values.namespace }} {{- end }} -{{- if .Values.registry.imagePullSecrets}} -imagePullSecrets: - - name: {{ .Values.registry.imagePullSecrets }} -{{- end }} --- kind: Role @@ -57,7 +45,7 @@ rules: - apiGroups: - "" resources: - - secrets + - configmaps verbs: - get diff --git a/helm_chart/templates/operator-roles.yaml b/helm_chart/templates/operator-roles.yaml index ccca3e754008cd9c21cdf85463bb559c2a6ae537..9762589cc2ef15809b18b9474ef71e8f8d345d30 100644 --- a/helm_chart/templates/operator-roles.yaml +++ b/helm_chart/templates/operator-roles.yaml @@ -6,10 +6,6 @@ metadata: {{- if .Values.namespace }} namespace: {{ .Values.namespace }} {{- end }} -{{- if .Values.registry.imagePullSecrets}} -imagePullSecrets: - - name: {{ .Values.registry.imagePullSecrets }} -{{- end }} --- @@ -47,15 +43,6 @@ rules: - watch - delete - update - {{- if eq (.Values.operator.watchNamespace | default "") "*" }} -- apiGroups: - - "" - resources: - - namespaces - verbs: - - list - - watch - {{- end}} - apiGroups: - mongodb.com resources: diff --git a/helm_chart/templates/operator.yaml b/helm_chart/templates/operator.yaml index e662a019d1b4efd32f4a1f1c8a50df750df029c8..cfc655528f36a5efc03b792b408896dbbf4617bf 100644 --- a/helm_chart/templates/operator.yaml +++ b/helm_chart/templates/operator.yaml @@ -10,15 +10,11 @@ spec: replicas: 1 selector: matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/name: {{ .Values.operator.name }} - app.kubernetes.io/instance: {{ .Values.operator.name }} + app: {{ .Values.operator.name }} template: metadata: labels: - app.kubernetes.io/component: controller - app.kubernetes.io/name: {{ .Values.operator.name }} - app.kubernetes.io/instance: {{ .Values.operator.name }} + app: {{ .Values.operator.name }} spec: serviceAccountName: {{ .Values.operator.name }} {{- if not .Values.managedSecurityContext }} @@ -61,33 +57,24 @@ spec: - name: MANAGED_SECURITY_CONTEXT value: 'true' {{- end }} + - name: MONGODB_ENTERPRISE_DATABASE_IMAGE + value: {{ .Values.registry.operator }}/{{ .Values.database.name }}:{{ .Values.operator.version }} - name: IMAGE_PULL_POLICY value: {{ .Values.registry.pullPolicy }} - # Database - - name: MONGODB_ENTERPRISE_DATABASE_IMAGE - value: {{ .Values.registry.database }}/{{ .Values.database.name }} - - name: INIT_DATABASE_IMAGE_REPOSITORY - value: {{ .Values.registry.initDatabase }}/{{ .Values.initDatabase.name }} - - name: INIT_DATABASE_VERSION - value: {{ .Values.initDatabase.version }} - - name: DATABASE_VERSION - value: {{ .Values.database.version }} - # Ops Manager - name: OPS_MANAGER_IMAGE_REPOSITORY value: {{ .Values.registry.opsManager }}/{{ .Values.opsManager.name }} - name: INIT_OPS_MANAGER_IMAGE_REPOSITORY value: {{ .Values.registry.initOpsManager }}/{{ .Values.initOpsManager.name }} - name: INIT_OPS_MANAGER_VERSION value: {{ .Values.initOpsManager.version }} - # AppDB - - name: APPDB_IMAGE_REPOSITORY - value: {{ .Values.registry.appDb }}/{{ .Values.appDb.name }} - name: INIT_APPDB_IMAGE_REPOSITORY value: {{ .Values.registry.initAppDb }}/{{ .Values.initAppDb.name }} - name: INIT_APPDB_VERSION value: {{ .Values.initAppDb.version }} - name: OPS_MANAGER_IMAGE_PULL_POLICY value: {{ .Values.registry.pullPolicy }} + - name: APPDB_IMAGE_REPOSITORY + value: {{ .Values.registry.appDb }}/{{ .Values.appDb.name }} {{- if .Values.registry.imagePullSecrets }} - name: IMAGE_PULL_SECRETS value: {{ .Values.registry.imagePullSecrets }} diff --git a/helm_chart/values-openshift.yaml b/helm_chart/values-openshift.yaml index 9cfe6aa78ebf4ec7ce321f43ad81788309033eef..2969b269ff11a400f7de897daf201fcef3bb6fd3 100644 --- a/helm_chart/values-openshift.yaml +++ b/helm_chart/values-openshift.yaml @@ -1,3 +1,6 @@ +# Create the CustomerResourceDefinition for MongoDB custom types. +createCrds: true + # Name of the Namespace to use namespace: mongodb @@ -15,7 +18,7 @@ operator: deployment_name: mongodb-enterprise-operator # Version of mongodb-enterprise-operator and mongodb-enterprise-database images - version: 1.8.0 + version: 1.5.3 # The Custom Resources that will be watched by the Operator. Needs to be changed if only some of the CRDs are installed watchedResources: @@ -23,39 +26,28 @@ operator: - opsmanagers - mongodbusers -## Database database: name: enterprise-database - version: 2.0.0 - -initDatabase: - name: mongodb-enterprise-init-database - version: 1.0.0 -## Ops Manager opsManager: name: mongodb-enterprise-ops-manager initOpsManager: name: mongodb-enterprise-init-ops-manager - version: 1.0.2 + version: 1.0.0 -## Application Database appDb: name: mongodb-enterprise-appdb initAppDb: name: mongodb-enterprise-init-appdb - version: 1.0.4 + version: 1.0.0 -## Registry registry: # The pull secret must be specified imagePullSecrets: pullPolicy: Always - database: registry.connect.redhat.com/mongodb operator: registry.connect.redhat.com/mongodb - initDatabase: registry.connect.redhat.com/mongodb initOpsManager: registry.connect.redhat.com/mongodb opsManager: registry.connect.redhat.com/mongodb initAppDb: registry.connect.redhat.com/mongodb diff --git a/helm_chart/values.yaml b/helm_chart/values.yaml index f121f99e20fc24c3dc69e980d28756024c458b21..21e3e8b0d8919d57d028d311656932e7ce24ecd3 100644 --- a/helm_chart/values.yaml +++ b/helm_chart/values.yaml @@ -1,8 +1,9 @@ +# Create the CustomerResourceDefinition for MongoDB custom types. +createCrds: true + # Name of the Namespace to use namespace: mongodb -## Operator - # Set this to true if your cluster is managing SecurityContext for you. # If running OpenShift (Cloud, Minishift, etc.), set this to true. managedSecurityContext: false @@ -18,7 +19,7 @@ operator: deployment_name: mongodb-enterprise-operator # Version of mongodb-enterprise-operator and mongodb-enterprise-database images - version: 1.8.0 + version: 1.5.3 # The Custom Resources that will be watched by the Operator. Needs to be changed if only some of the CRDs are installed watchedResources: @@ -26,40 +27,29 @@ operator: - opsmanagers - mongodbusers -## Database database: name: mongodb-enterprise-database - version: 2.0.0 - -initDatabase: - name: mongodb-enterprise-init-database - version: 1.0.0 -## Ops Manager opsManager: name: mongodb-enterprise-ops-manager initOpsManager: name: mongodb-enterprise-init-ops-manager - version: 1.0.2 + version: 1.0.0 -## Application Database appDb: name: mongodb-enterprise-appdb initAppDb: name: mongodb-enterprise-init-appdb - version: 1.0.4 + version: 1.0.0 -## Registry registry: imagePullSecrets: # TODO: specify for each image and move there? pullPolicy: Always # Specify if images are pulled from private registry operator: quay.io/mongodb - database: quay.io/mongodb - initDatabase: quay.io/mongodb initOpsManager: quay.io/mongodb opsManager: quay.io/mongodb initAppDb: quay.io/mongodb diff --git a/mongodb-enterprise-openshift.yaml b/mongodb-enterprise-openshift.yaml index d00b8c9d6b954592c3c1883bbf06e1032379cf8a..128edbdab7feb23cde7b10c0b0b1b031786694f5 100644 --- a/mongodb-enterprise-openshift.yaml +++ b/mongodb-enterprise-openshift.yaml @@ -1,58 +1,14 @@ --- # Source: mongodb-enterprise-operator/templates/operator-roles.yaml +--- apiVersion: v1 kind: ServiceAccount metadata: name: enterprise-operator namespace: mongodb + + --- -# Source: mongodb-enterprise-operator/templates/operator-roles.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: enterprise-operator-mongodb-certs -rules: -- apiGroups: - - certificates.k8s.io - resources: - - certificatesigningrequests - verbs: - - get - - create - - list - - watch ---- -# Source: mongodb-enterprise-operator/templates/operator-roles.yaml -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: enterprise-operator-mongodb-webhook-binding - namespace: mongodb -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: mongodb-enterprise-operator-mongodb-webhook -subjects: -- kind: ServiceAccount - name: enterprise-operator - namespace: mongodb ---- -# Source: mongodb-enterprise-operator/templates/operator-roles.yaml -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: enterprise-operator-mongodb-certs-binding - namespace: mongodb -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: enterprise-operator-mongodb-certs -subjects: -- kind: ServiceAccount - name: enterprise-operator - namespace: mongodb ---- -# Source: mongodb-enterprise-operator/templates/operator-roles.yaml kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: @@ -101,7 +57,21 @@ rules: # definitions. The validating webhooks are optional so this can be removed if # necessary. --- -# Source: mongodb-enterprise-operator/templates/operator-roles.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: enterprise-operator-mongodb-webhook-binding + namespace: mongodb +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: mongodb-enterprise-operator-mongodb-webhook +subjects: +- kind: ServiceAccount + name: enterprise-operator + namespace: mongodb + +--- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: @@ -118,29 +88,62 @@ subjects: # This ClusterRole is needed if the user wants to use the Kubernetes CA # infrastructure to generate certificates. +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: enterprise-operator-mongodb-certs +rules: +- apiGroups: + - certificates.k8s.io + resources: + - certificatesigningrequests + verbs: + - get + - create + - list + - watch + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: enterprise-operator-mongodb-certs-binding + namespace: mongodb +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: enterprise-operator-mongodb-certs +subjects: +- kind: ServiceAccount + name: enterprise-operator + namespace: mongodb + + --- # Source: mongodb-enterprise-operator/templates/database-roles.yaml +--- apiVersion: v1 kind: ServiceAccount metadata: name: mongodb-enterprise-appdb namespace: mongodb + --- -# Source: mongodb-enterprise-operator/templates/database-roles.yaml apiVersion: v1 kind: ServiceAccount metadata: name: mongodb-enterprise-database-pods namespace: mongodb + --- -# Source: mongodb-enterprise-operator/templates/database-roles.yaml apiVersion: v1 kind: ServiceAccount metadata: name: mongodb-enterprise-ops-manager namespace: mongodb + --- -# Source: mongodb-enterprise-operator/templates/database-roles.yaml kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: @@ -150,11 +153,11 @@ rules: - apiGroups: - "" resources: - - secrets + - configmaps verbs: - get + --- -# Source: mongodb-enterprise-operator/templates/database-roles.yaml kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: @@ -168,8 +171,10 @@ subjects: - kind: ServiceAccount name: mongodb-enterprise-appdb namespace: mongodb + --- # Source: mongodb-enterprise-operator/templates/operator.yaml +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -179,20 +184,16 @@ spec: replicas: 1 selector: matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/name: enterprise-operator - app.kubernetes.io/instance: enterprise-operator + app: enterprise-operator template: metadata: labels: - app.kubernetes.io/component: controller - app.kubernetes.io/name: enterprise-operator - app.kubernetes.io/instance: enterprise-operator + app: enterprise-operator spec: serviceAccountName: enterprise-operator containers: - name: mongodb-enterprise-operator - image: registry.connect.redhat.com/mongodb/enterprise-operator:1.8.0 + image: registry.connect.redhat.com/mongodb/enterprise-operator:1.5.3 imagePullPolicy: Always args: - "-watch-resource=mongodb" @@ -213,30 +214,21 @@ spec: fieldPath: metadata.namespace - name: MANAGED_SECURITY_CONTEXT value: 'true' + - name: MONGODB_ENTERPRISE_DATABASE_IMAGE + value: registry.connect.redhat.com/mongodb/enterprise-database:1.5.3 - name: IMAGE_PULL_POLICY value: Always - # Database - - name: MONGODB_ENTERPRISE_DATABASE_IMAGE - value: registry.connect.redhat.com/mongodb/enterprise-database - - name: INIT_DATABASE_IMAGE_REPOSITORY - value: registry.connect.redhat.com/mongodb/mongodb-enterprise-init-database - - name: INIT_DATABASE_VERSION - value: 1.0.0 - - name: DATABASE_VERSION - value: 2.0.0 - # Ops Manager - name: OPS_MANAGER_IMAGE_REPOSITORY value: registry.connect.redhat.com/mongodb/mongodb-enterprise-ops-manager - name: INIT_OPS_MANAGER_IMAGE_REPOSITORY value: registry.connect.redhat.com/mongodb/mongodb-enterprise-init-ops-manager - name: INIT_OPS_MANAGER_VERSION - value: 1.0.2 - # AppDB - - name: APPDB_IMAGE_REPOSITORY - value: registry.connect.redhat.com/mongodb/mongodb-enterprise-appdb + value: 1.0.0 - name: INIT_APPDB_IMAGE_REPOSITORY value: registry.connect.redhat.com/mongodb/mongodb-enterprise-init-appdb - name: INIT_APPDB_VERSION - value: 1.0.4 + value: 1.0.0 - name: OPS_MANAGER_IMAGE_PULL_POLICY value: Always + - name: APPDB_IMAGE_REPOSITORY + value: registry.connect.redhat.com/mongodb/mongodb-enterprise-appdb diff --git a/mongodb-enterprise.yaml b/mongodb-enterprise.yaml index e63d699c652976102adc0aeadfe2db5d69a5a281..0dc3ad1176cbdafb7ba2bd589f62cfac263bfe66 100644 --- a/mongodb-enterprise.yaml +++ b/mongodb-enterprise.yaml @@ -1,58 +1,14 @@ --- # Source: mongodb-enterprise-operator/templates/operator-roles.yaml +--- apiVersion: v1 kind: ServiceAccount metadata: name: mongodb-enterprise-operator namespace: mongodb + + --- -# Source: mongodb-enterprise-operator/templates/operator-roles.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: mongodb-enterprise-operator-mongodb-certs -rules: -- apiGroups: - - certificates.k8s.io - resources: - - certificatesigningrequests - verbs: - - get - - create - - list - - watch ---- -# Source: mongodb-enterprise-operator/templates/operator-roles.yaml -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: mongodb-enterprise-operator-mongodb-webhook-binding - namespace: mongodb -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: mongodb-enterprise-operator-mongodb-webhook -subjects: -- kind: ServiceAccount - name: mongodb-enterprise-operator - namespace: mongodb ---- -# Source: mongodb-enterprise-operator/templates/operator-roles.yaml -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: mongodb-enterprise-operator-mongodb-certs-binding - namespace: mongodb -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: mongodb-enterprise-operator-mongodb-certs -subjects: -- kind: ServiceAccount - name: mongodb-enterprise-operator - namespace: mongodb ---- -# Source: mongodb-enterprise-operator/templates/operator-roles.yaml kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: @@ -101,7 +57,21 @@ rules: # definitions. The validating webhooks are optional so this can be removed if # necessary. --- -# Source: mongodb-enterprise-operator/templates/operator-roles.yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: mongodb-enterprise-operator-mongodb-webhook-binding + namespace: mongodb +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: mongodb-enterprise-operator-mongodb-webhook +subjects: +- kind: ServiceAccount + name: mongodb-enterprise-operator + namespace: mongodb + +--- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: @@ -118,29 +88,62 @@ subjects: # This ClusterRole is needed if the user wants to use the Kubernetes CA # infrastructure to generate certificates. +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: mongodb-enterprise-operator-mongodb-certs +rules: +- apiGroups: + - certificates.k8s.io + resources: + - certificatesigningrequests + verbs: + - get + - create + - list + - watch + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: mongodb-enterprise-operator-mongodb-certs-binding + namespace: mongodb +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: mongodb-enterprise-operator-mongodb-certs +subjects: +- kind: ServiceAccount + name: mongodb-enterprise-operator + namespace: mongodb + + --- # Source: mongodb-enterprise-operator/templates/database-roles.yaml +--- apiVersion: v1 kind: ServiceAccount metadata: name: mongodb-enterprise-appdb namespace: mongodb + --- -# Source: mongodb-enterprise-operator/templates/database-roles.yaml apiVersion: v1 kind: ServiceAccount metadata: name: mongodb-enterprise-database-pods namespace: mongodb + --- -# Source: mongodb-enterprise-operator/templates/database-roles.yaml apiVersion: v1 kind: ServiceAccount metadata: name: mongodb-enterprise-ops-manager namespace: mongodb + --- -# Source: mongodb-enterprise-operator/templates/database-roles.yaml kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: @@ -150,11 +153,11 @@ rules: - apiGroups: - "" resources: - - secrets + - configmaps verbs: - get + --- -# Source: mongodb-enterprise-operator/templates/database-roles.yaml kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: @@ -168,8 +171,10 @@ subjects: - kind: ServiceAccount name: mongodb-enterprise-appdb namespace: mongodb + --- # Source: mongodb-enterprise-operator/templates/operator.yaml +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -179,15 +184,11 @@ spec: replicas: 1 selector: matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/name: mongodb-enterprise-operator - app.kubernetes.io/instance: mongodb-enterprise-operator + app: mongodb-enterprise-operator template: metadata: labels: - app.kubernetes.io/component: controller - app.kubernetes.io/name: mongodb-enterprise-operator - app.kubernetes.io/instance: mongodb-enterprise-operator + app: mongodb-enterprise-operator spec: serviceAccountName: mongodb-enterprise-operator securityContext: @@ -195,7 +196,7 @@ spec: runAsUser: 2000 containers: - name: mongodb-enterprise-operator - image: quay.io/mongodb/mongodb-enterprise-operator:1.8.0 + image: quay.io/mongodb/mongodb-enterprise-operator:1.5.3 imagePullPolicy: Always args: - "-watch-resource=mongodb" @@ -214,30 +215,21 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace + - name: MONGODB_ENTERPRISE_DATABASE_IMAGE + value: quay.io/mongodb/mongodb-enterprise-database:1.5.3 - name: IMAGE_PULL_POLICY value: Always - # Database - - name: MONGODB_ENTERPRISE_DATABASE_IMAGE - value: quay.io/mongodb/mongodb-enterprise-database - - name: INIT_DATABASE_IMAGE_REPOSITORY - value: quay.io/mongodb/mongodb-enterprise-init-database - - name: INIT_DATABASE_VERSION - value: 1.0.0 - - name: DATABASE_VERSION - value: 2.0.0 - # Ops Manager - name: OPS_MANAGER_IMAGE_REPOSITORY value: quay.io/mongodb/mongodb-enterprise-ops-manager - name: INIT_OPS_MANAGER_IMAGE_REPOSITORY value: quay.io/mongodb/mongodb-enterprise-init-ops-manager - name: INIT_OPS_MANAGER_VERSION - value: 1.0.2 - # AppDB - - name: APPDB_IMAGE_REPOSITORY - value: quay.io/mongodb/mongodb-enterprise-appdb + value: 1.0.0 - name: INIT_APPDB_IMAGE_REPOSITORY value: quay.io/mongodb/mongodb-enterprise-init-appdb - name: INIT_APPDB_VERSION - value: 1.0.4 + value: 1.0.0 - name: OPS_MANAGER_IMAGE_PULL_POLICY value: Always + - name: APPDB_IMAGE_REPOSITORY + value: quay.io/mongodb/mongodb-enterprise-appdb diff --git a/openshift-install.md b/openshift-install.md index df87d1a41b1671e1a3621214cdc8fc3e265c2ad9..b9b627a6f53b312c65431c40d644f6febc000cb5 100644 --- a/openshift-install.md +++ b/openshift-install.md @@ -1,6 +1,6 @@ # OpenShift Install -The MongoDB Enterprise Operator requires a set of images including `operator`, `database` and others. The Openshift +The MongoDB Enterprise Operator requires two images to work: `operator` and `database` images. The Openshift installation requires images to be based on Red Hat Enterprise Linux, and these images are published to [Red Hat Container Catalog](https://catalog.redhat.com/software/containers/explore/). You will have to create special credentials for your OpenShift installation to be able to fetch images from this registry. @@ -8,7 +8,7 @@ for your OpenShift installation to be able to fetch images from this registry. ## Create your OpenShift Secret First, complete the instructions -[here](https://access.redhat.com/terms-based-registry/#/token/openshift3-test-cluster/docker-config). Unfortunately, +[here](https://access.redhat.com/terms-based-registry/#/token/openshift3-test-cluster/docker-config). Unfortunatelly, these instructions refer to a `registry.redhat.io` Registry which is not the one we need, but they accept the same credentials. First, click on "view its contents" to display the contents we need, and save these contents into a json file. This file includes 1 entry for `registry.redhat.io`; replicate that entry with a new name, @@ -27,15 +27,19 @@ file. This file includes 1 entry for `registry.redhat.io`; replicate that entry } ``` -Now save this file and create a `Secret` object from it: +Now save this file as `dockerconfig` and encode it as a base64 string. + ``` -$ kubectl -n create secret generic openshift-pull-secrets --from-file=.dockerconfigjson= \ - --type=kubernetes.io/dockerconfigjson +$ cat dockerconfig | base64 -w0 > .dockerconfigjson ``` -## Install the Operator using the new Secret to pull images +Finally, create a `Secret` object that contains this encoded string: -### Installation using .yaml config file +``` +$ kubectl -n create secret generic openshift-pull-secrets --from-file=.dockerconfigjson +``` + +## Use the new Secret to pull images Now that the `Secret` has been created, you need to reference it from the `mongodb-enterprise-openshift.yaml` file. When you edit this file, you'll realize that there's a `Deployment` object at the end (the one with name @@ -47,8 +51,7 @@ The `spec` section will look something like: # ... spec: - imagePullSecrets: - - name: openshift-pull-secrets # this is where the name of the Secret goes + imagePullSecrets: openshift-pull-secrets # this is where the name of the Secret goes ... containers: - name: enterprise-operator @@ -72,6 +75,8 @@ containers: ... ``` +## Finish the Operator Installation + Now that we have instructed our OpenShift cluster to be able to fetch images from the Red Hat registry we will be able to install the operator using: @@ -81,11 +86,3 @@ $ kubectl -n -f mongodb-enterprise-openshift.yaml From now on, the OpenShift cluster will be authenticated to pull images from the Red Hat registry. Now you should be able to return to the regular instructions for Kubernetes. - -### Installation using Helm - -As an alternative to manual editing the config files you can use the following command to install the Operator using `Helm`: - -```bash -helm install --set registry.imagePullSecrets=openshift-pull-secrets --values helm_chart/values-openshift.yaml helm_chart -``` diff --git a/platform_one/mongodb-enterprise.modified.yaml b/platform_one/mongodb-enterprise.modified.yaml new file mode 100644 index 0000000000000000000000000000000000000000..8567ae7d93ea84ab3d026368e23811f9a35daf44 --- /dev/null +++ b/platform_one/mongodb-enterprise.modified.yaml @@ -0,0 +1,246 @@ +--- +# Source: mongodb-enterprise-operator/templates/operator-roles.yaml +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: mongodb-enterprise-operator + namespace: mongodb +imagePullSecrets: + - name: registry1-credentials + + +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: mongodb-enterprise-operator + namespace: mongodb +rules: +- apiGroups: + - "" + resources: + - configmaps + - secrets + - services + verbs: + - get + - list + - create + - update + - delete + - watch +- apiGroups: + - apps + resources: + - statefulsets + verbs: + - create + - get + - list + - watch + - delete + - update +- apiGroups: + - mongodb.com + resources: + - mongodb + - mongodb/finalizers + - mongodbusers + - opsmanagers + - opsmanagers/finalizers + - mongodb/status + - mongodbusers/status + - opsmanagers/status + verbs: + - "*" +# This ClusterRoleBinding is necessary in order to use validating +# webhooks—these will prevent you from applying a variety of invalid resource +# definitions. The validating webhooks are optional so this can be removed if +# necessary. +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: mongodb-enterprise-operator-mongodb-webhook-binding + namespace: mongodb +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: mongodb-enterprise-operator-mongodb-webhook +subjects: +- kind: ServiceAccount + name: mongodb-enterprise-operator + namespace: mongodb + +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: mongodb-enterprise-operator + namespace: mongodb +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: mongodb-enterprise-operator +subjects: +- kind: ServiceAccount + name: mongodb-enterprise-operator + namespace: mongodb + +# This ClusterRole is needed if the user wants to use the Kubernetes CA +# infrastructure to generate certificates. +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: mongodb-enterprise-operator-mongodb-certs +rules: +- apiGroups: + - certificates.k8s.io + resources: + - certificatesigningrequests + verbs: + - get + - create + - list + - watch + +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: mongodb-enterprise-operator-mongodb-certs-binding + namespace: mongodb +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: mongodb-enterprise-operator-mongodb-certs +subjects: +- kind: ServiceAccount + name: mongodb-enterprise-operator + namespace: mongodb + + +--- +# Source: mongodb-enterprise-operator/templates/database-roles.yaml +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: mongodb-enterprise-appdb + namespace: mongodb +imagePullSecrets: + - name: registry1-credentials + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: mongodb-enterprise-database-pods + namespace: mongodb +imagePullSecrets: + - name: registry1-credentials + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: mongodb-enterprise-ops-manager + namespace: mongodb +imagePullSecrets: + - name: registry1-credentials + +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: mongodb-enterprise-appdb + namespace: mongodb +rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: mongodb-enterprise-appdb + namespace: mongodb +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: mongodb-enterprise-appdb +subjects: + - kind: ServiceAccount + name: mongodb-enterprise-appdb + namespace: mongodb + +--- +# Source: mongodb-enterprise-operator/templates/operator.yaml +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mongodb-enterprise-operator + namespace: mongodb +spec: + replicas: 1 + selector: + matchLabels: + app: mongodb-enterprise-operator + template: + metadata: + labels: + app: mongodb-enterprise-operator + spec: + serviceAccountName: mongodb-enterprise-operator + securityContext: + runAsNonRoot: true + runAsUser: 2000 + containers: + - name: mongodb-enterprise-operator + image: registry1.dso.mil/ironbank/mongodb/mongodb-enterprise/mongodb-enterprise-operator:1.5.3 + imagePullPolicy: Always + args: + - "-watch-resource=mongodb" + - "-watch-resource=opsmanagers" + - "-watch-resource=mongodbusers" + command: + - "/usr/local/bin/mongodb-enterprise-operator" + env: + - name: OPERATOR_ENV + value: prod + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CURRENT_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MONGODB_ENTERPRISE_DATABASE_IMAGE + value: registry1.dso.mil/ironbank/mongodb/mongodb-enterprise/mongodb-enterprise-database:1.5.3 + - name: IMAGE_PULL_POLICY + value: Always + - name: OPS_MANAGER_IMAGE_REPOSITORY + value: registry1.dso.mil/ironbank/mongodb/mongodb-enterprise/mongodb-enterprise-ops-manager + - name: INIT_OPS_MANAGER_IMAGE_REPOSITORY + value: registry1.dso.mil/ironbank/mongodb/mongodb-enterprise/mongodb-ops-manager-init + - name: INIT_OPS_MANAGER_VERSION + value: 1.0.0 + - name: INIT_APPDB_IMAGE_REPOSITORY + value: registry1.dso.mil/ironbank/mongodb/mongodb-enterprise/mongodb-ops-manager-appdb-init + - name: INIT_APPDB_VERSION + value: 1.0.0 + - name: OPS_MANAGER_IMAGE_PULL_POLICY + value: Always + - name: APPDB_IMAGE_REPOSITORY + value: registry1.dso.mil/ironbank/mongodb/mongodb-enterprise/mongodb-ops-manager-appdb + imagePullSecrets: + - name: registry1-credentials + diff --git a/platform_one/ops-manager-localMode.yaml b/platform_one/ops-manager-localMode.yaml new file mode 100644 index 0000000000000000000000000000000000000000..8cc24f2bfa79291adfb0764d7f130909cb631f1c --- /dev/null +++ b/platform_one/ops-manager-localMode.yaml @@ -0,0 +1,96 @@ +--- +apiVersion: mongodb.com/v1 +kind: MongoDBOpsManager +metadata: + name: ops-manager-localmode +spec: + replicas: 1 + version: 4.4.14 + adminCredentials: ops-manager-firstuser-secret + + # optional. The Ops Manager configuration. All the values must be of type string. + # Setting these values allow you to bypass the configuration wizard (a manual step). + configuration: + # passing mms.ignoreInitialUiSetup=true allows to avoid the setup wizard in Ops Manager. Note, that + # this requires to set some mandatory configuration properties, see + # https://docs.opsmanager.mongodb.com/current/reference/configuration/index.html#mms.ignoreInitialUiSetup + mms.ignoreInitialUiSetup: "true" + mms.adminEmailAddr: someadmin@somewhere.com + mms.fromEmailAddr: someadmin@somewhere.com + mms.mail.hostname: someemail-smtp.somewhere.com + mms.mail.port: "465" + mms.mail.ssl: "true" + mms.mail.transport: smtp + mms.minimumTLSVersion: TLSv1.2 + mms.replyToEmailAddr: someadmin@somewhere.com + mms.fromEmailAddr: someadmin@somewhere.com + # Local Mode must be configured so Ops Manger does not download any binaries from + # the internet. Only the binaries present will be available for the agents. + # automation.versions.source: mongodb + automation.versions.source: local + + # optional. Disabled by default. Creates an additional service to make Ops Manager reachable from + # outside of the Kubernetes cluster. + externalConnectivity: + # LoadBalancer|NodePort + type: NodePort + # optional. Corresponds to NodePort port + port: 30100 + # optional + # loadBalancerIP: 123.456.789 + # optional + # externalTrafficPolicy: Local + + statefulSet: + spec: + template: + spec: + volumes: + - name: mongodb-versions + persistentVolumeClaim: + claimName: mongodb-versions-claim + containers: + - name: mongodb-ops-manager + volumeMounts: + - name: mongodb-versions + mountPath: /mongodb-ops-manager/mongodb-releases + + initContainers: + - name: mongodb-binaries-init-container + image: registry1.dso.mil/ironbank/mongodb/mongodb-enterprise/mongodb-ops-manager-db-bin:4.4.14 + command: + - cp + - -r + - /binaries/. + - /mongodb-ops-manager/mongodb-releases/ + volumeMounts: + - name: mongodb-versions + mountPath: /mongodb-ops-manager/mongodb-releases + + # the application database backing Ops Manager. Replica Set is the only supported type + # Application database has the SCRAM-SHA authentication mode always enabled + applicationDatabase: + members: 3 + # optional. Configures the version of MongoDB used as an application database. + # The bundled MongoDB binary will be used if omitted and no download from the Internet will happen + # version: "4.4.1" + persistent: true + podSpec: + cpu: '0.25' + + backup: + enabled: false + +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: mongodb-versions-claim +spec: + # storageClassName: gp2 + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 3Gi + diff --git a/samples/kubernetes-clients/README.md b/samples/kubernetes-clients/README.md new file mode 100644 index 0000000000000000000000000000000000000000..17bcb1d64d89f7bd88140e9f39b6533d1d2d487a --- /dev/null +++ b/samples/kubernetes-clients/README.md @@ -0,0 +1,13 @@ +# Examples for Kubernetes Clients + +The following directories include code samples for using the MongoDB Enterprise Kubernetes Operator programatically with the different [Kubernetes API client libraries](https://github.com/kubernetes-client) available. + +## Disclaimer + +Please note that the code and scripts in these sub-folders are released for use "AS IS" without any warranties of any kind, including, but not limited to their installation, use, or performance. + +We do not warrant that the technology will meet your requirements, that the operation thereof will be uninterrupted or error-free, or that any errors will be corrected. + +Any use of these sample scripts is at user's own risk. There is no guarantee that they have been through thorough testing in a comparable environment and we are not responsible for any damage or data loss incurred with their use. + +The user is responsible for reviewing and testing any scripts to be executed thoroughly before use in any non-testing environment. \ No newline at end of file diff --git a/samples/kubernetes-clients/python/README.md b/samples/kubernetes-clients/python/README.md new file mode 100644 index 0000000000000000000000000000000000000000..d7261c0ba2f3e012e6b350ef9406f0ce72819385 --- /dev/null +++ b/samples/kubernetes-clients/python/README.md @@ -0,0 +1,22 @@ +The following examples using the [Official Python client library for Kubernetes](https://github.com/kubernetes-client/python) show how to: + +- Creation of the following Kubernetes objects: + - Config map for the Ops/Cloud Manager project + - Secret for the API user + +- Create and delete the following type of MongoDB deployments: + - Standalone + - Replica Set + - Sharded Cluster + +The sample code has been tested with Python 2.7 and 3.6. + +For more details, please refer to the repository for the Python client library for Kubernetes: https://github.com/kubernetes-client/python + +**NOTE**: the given example assume the existence of the following: + - namespace `mongodb` + - ClusterRole/Role `mongodb-enterprise-operator` + - ClusterRoleBinding/RoleBinding `mongodb-enterprise-operator` + - ServiceAccount `mongodb-enterprise-operator` + + If using a different namespace, please modify the relevant variable in the sample code. \ No newline at end of file diff --git a/samples/kubernetes-clients/python/mongodb_kube_client.py b/samples/kubernetes-clients/python/mongodb_kube_client.py new file mode 100644 index 0000000000000000000000000000000000000000..0d329796c820995e8f5d50f1c29ee30d623b2567 --- /dev/null +++ b/samples/kubernetes-clients/python/mongodb_kube_client.py @@ -0,0 +1,246 @@ +from __future__ import print_function + +import base64 + +from pprint import pprint +from kubernetes import client, config +from kubernetes.client.rest import ApiException + +# Added for Python2 and Python3 cross-compatibility +try: + + def base64encode(input_string): + return base64.encodebytes(bytes(input_string, "utf-8")) + + +except: + base64encode = base64.b64encode + + +class MongoDBEnterpriseKubeClient(object): + def __init__(self, namespace, om_api_user, om_api_key, om_project_id, om_base_url): + + config.load_kube_config() + + # Instantiate Core V1 API + self.v1 = client.CoreV1Api() + + # Instantiate RBAC Auth V1 API + self.rbac_auth_v1 = client.RbacAuthorizationV1Api() + + # Instantiate Apps V1 API + self.apps_v1 = client.AppsV1Api() + + # Instantiate Custom Objects API - for creating MongoDB deployments + self.custom_obj = client.CustomObjectsApi() + + # Namespace; must be already created in the Kubernetes Cluster + self.namespace = namespace + + # Ops Manager API information + self.om_api_user = om_api_user + self.om_api_key = om_api_key + + # Ops Manager project information + self.om_project_id = om_project_id + self.om_base_url = om_base_url + + def create_secret(self): + """ + Create secret: + https://docs.opsmanager.mongodb.com/current/tutorial/install-k8s-operator/index.html#create-credentials + + Equivalent to execute: + kubectl -n mongodb create secret generic \ + my-credentials --from-literal="user=" \ + --from-literal="publicApiKey=" + """ + + print( + "Creating secret for user named %s with the provided API key" + % self.om_api_user + ) + metadata = client.V1ObjectMeta(name="my-credentials", namespace=self.namespace) + + # Encode credentials + encoded_user = base64encode(self.om_api_user) + encoded_key = base64encode(self.om_api_key) + + # Transform binary into string + encoded_user = encoded_user.decode("utf-8").rstrip("\n") + encoded_key = encoded_key.decode("utf-8").rstrip("\n") + + body = client.V1Secret( + api_version="v1", + kind="Secret", + metadata=metadata, + type="from-literal", + data={"user": encoded_user, "publicApiKey": encoded_key}, + ) + + try: + api_response = self.v1.create_namespaced_secret(self.namespace, body) + pprint(api_response) + except ApiException as e: + print("Exception when creating secret: %s\n" % e) + + def create_config_map(self): + """ + Create a config map: + https://docs.opsmanager.mongodb.com/current/tutorial/install-k8s-operator/index.html#create-onprem-project + """ + + print( + "Creating config map for project ID %s with base URL %s" + % (self.om_project_id, self.om_base_url) + ) + metadata = client.V1ObjectMeta(name="my-project", namespace=self.namespace) + + body = client.V1ConfigMap( + api_version="v1", + kind="ConfigMap", + metadata=metadata, + data={"projectId": self.om_project_id, "baseUrl": self.om_base_url}, + ) + + try: + api_response = self.v1.create_namespaced_config_map(self.namespace, body) + pprint(api_response) + except ApiException as e: + print("Exception when creating config map: %s\n" % e) + + def deploy_standalone(self, mongo_version, name): + """ + Creating a standalone MongoDB process. + """ + + group = "mongodb.com" + version = "v1" + plural = "mongodb" + + body = { + "spec": { + "persistent": False, + "version": str(mongo_version), + "credentials": "my-credentials", + "project": "my-project", + }, + "kind": "MongoDB", + "apiVersion": "mongodb.com/v1", + "metadata": {"name": name, "namespace": self.namespace}, + } + + try: + api_response = self.custom_obj.create_namespaced_custom_object( + group, version, self.namespace, plural, body + ) + pprint(api_response) + except ApiException as e: + print("Exception when creating a MongoDB standalone process: %s\n" % e) + + def deploy_replica_set(self, mongo_version, name, members=3): + """ + Creating a MongoDB Replica Set. + """ + + group = "mongodb.com" + version = "v1" + plural = "mongodb" + + body = { + "spec": { + "members": members, + "persistent": False, + "version": str(mongo_version), + "credentials": "my-credentials", + "project": "my-project", + }, + "kind": "MongoDB", + "apiVersion": "mongodb.com/v1", + "metadata": {"name": name, "namespace": self.namespace}, + } + + try: + + api_response = self.custom_obj.create_namespaced_custom_object( + group, version, self.namespace, plural, body + ) + pprint(api_response) + except ApiException as e: + print("Exception when creating a MongoDB Replica Set: %s\n" % e) + + def deploy_sharded_cluster( + self, + mongo_version, + name, + num_shards, + num_mongos, + num_mongod_per_shard=3, + num_cfg_rs_members=3, + ): + """ + Creating a MongoDB Sharded Cluster. + """ + + group = "mongodb.com" + version = "v1" + plural = "mongodb" + + body = { + "spec": { + "shardCount": num_shards, + "mongodsPerShardCount": num_mongod_per_shard, + "mongosCount": num_mongos, + "persistent": False, + "version": mongo_version, + "configServerCount": num_cfg_rs_members, + "credentials": "my-credentials", + "project": "my-project", + }, + "kind": "MongoDB", + "apiVersion": "mongodb.com/v1", + "metadata": {"name": name, "namespace": self.namespace}, + } + + try: + api_response = self.custom_obj.create_namespaced_custom_object( + group, version, self.namespace, plural, body + ) + pprint(api_response) + except ApiException as e: + print("Exception when creating a MongoDB Sharded Cluster: %s\n" % e) + + def delete_mongo_process(self, name, type_plural): + """ + Delete MongoDB deployments by name and type + """ + + group = "mongodb.com" + version = "v1" + namespace = self.namespace + plural = type_plural + body = client.V1DeleteOptions(propagation_policy="Background") + grace_period_seconds = 56 + orphan_dependents = False + + try: + api_response = self.custom_obj.delete_namespaced_custom_object( + group, + version, + namespace, + plural, + name, + body, + grace_period_seconds=grace_period_seconds, + orphan_dependents=orphan_dependents, + ) + pprint(api_response) + if api_response["status"] == "Success": + return True + except ApiException as e: + print("Exception when deleting MongoDB deployment: %s\n" % e) + return False + + +if __name__ == "__main__": + pass diff --git a/samples/kubernetes-clients/python/mongodb_kube_operator.cfg b/samples/kubernetes-clients/python/mongodb_kube_operator.cfg new file mode 100644 index 0000000000000000000000000000000000000000..e5d62511968d5602def202451240886bab95d3d1 --- /dev/null +++ b/samples/kubernetes-clients/python/mongodb_kube_operator.cfg @@ -0,0 +1,8 @@ +ops_manager: + project: + api_user: + api_key: + base_url: + +kubernetes: + namespace: mongodb diff --git a/samples/kubernetes-clients/python/requirements.txt b/samples/kubernetes-clients/python/requirements.txt new file mode 100644 index 0000000000000000000000000000000000000000..5c09bc9542f838229d293dbdfaaaf73708b41064 --- /dev/null +++ b/samples/kubernetes-clients/python/requirements.txt @@ -0,0 +1 @@ +kubernetes==6.0.0 \ No newline at end of file diff --git a/samples/kubernetes-clients/python/test_mongodb_kube_client.py b/samples/kubernetes-clients/python/test_mongodb_kube_client.py new file mode 100644 index 0000000000000000000000000000000000000000..d186f21d65cd323b0f41a69ae0a8a80c9720d769 --- /dev/null +++ b/samples/kubernetes-clients/python/test_mongodb_kube_client.py @@ -0,0 +1,66 @@ +#!/usr/bin/env python +from __future__ import print_function + +import yaml + +from mongodb_kube_client import MongoDBEnterpriseKubeClient + + +def parse_config_file(path): + """ + Parses the config file in the given path + """ + with open(path, "r") as parameters: + try: + return yaml.load(parameters) + except yaml.YAMLError as exc: + print("Error when loading environment variables", exc) + + +def main(): + parameters = parse_config_file("mongodb_kube_operator.cfg") + + namespace = parameters["kubernetes"]["namespace"] + om_project = parameters["ops_manager"]["project"] + om_base_url = parameters["ops_manager"]["base_url"] + om_api_user = parameters["ops_manager"]["api_user"] + om_api_key = parameters["ops_manager"]["api_key"] + + # Instantiate client wrapper + kube_client = MongoDBEnterpriseKubeClient( + namespace, om_api_user, om_api_key, om_project, om_base_url + ) + + # Create a secret and config map for project + kube_client.create_secret() + kube_client.create_config_map() + + # Create a standalone, replica set and sharded cluster + + kube_client.deploy_standalone(mongo_version="4.0.0", name="my-standalone") + + kube_client.deploy_replica_set( + mongo_version="4.0.0", name="my-replica-set", members=3 + ) + + kube_client.deploy_sharded_cluster( + mongo_version="4.0.0", + name="my-sharded-cluster", + num_mongod_per_shard=3, + num_shards=2, + num_cfg_rs_members=3, + num_mongos=2, + ) + """ + # Delete the created deployments + + kube_client.delete_mongo_process(name="my-standalone", type_plural="mongodb") + + kube_client.delete_mongo_process(name="my-replica-set", type_plural="mongodb") + + kube_client.delete_mongo_process(name="my-sharded-cluster", type_plural="mongodb") + """ + + +if __name__ == "__main__": + main() diff --git a/samples/mongodb/agent-startup-options/replica-set-agent-startup-options.yaml b/samples/mongodb/agent-startup-options/replica-set-agent-startup-options.yaml deleted file mode 100644 index 8e651a77cc8dacf9ce8fdeec2da7bdec16cd7b72..0000000000000000000000000000000000000000 --- a/samples/mongodb/agent-startup-options/replica-set-agent-startup-options.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: mongodb.com/v1 -kind: MongoDB -metadata: - name: my-replica-set-agent-parameters -spec: - members: 3 - version: 4.4.0-ent - type: ReplicaSet - opsManager: - configMapRef: - name: my-project - credentials: my-credentials - persistent: true - # optional. Allows to pass custom flags that will be used - # when launching the mongodb agent. All values must be strings - # The full list of available settings is at: - # https://docs.opsmanager.mongodb.com/current/reference/mongodb-agent-settings/ - agent: - startupOptions: - maxLogFiles: "30" - dialTimeoutSeconds: "40" diff --git a/samples/mongodb/agent-startup-options/sharded-cluster-agent-startup-options.yaml b/samples/mongodb/agent-startup-options/sharded-cluster-agent-startup-options.yaml deleted file mode 100644 index a32a9c04f7abd50edae02543a99819a72918c197..0000000000000000000000000000000000000000 --- a/samples/mongodb/agent-startup-options/sharded-cluster-agent-startup-options.yaml +++ /dev/null @@ -1,45 +0,0 @@ -apiVersion: mongodb.com/v1 -kind: MongoDB -metadata: - name: my-sharded-cluster-options -spec: - version: 4.4.0-ent - type: ShardedCluster - opsManager: - configMapRef: - name: my-project - credentials: my-credentials - persistent: true - shardCount: 2 - mongodsPerShardCount: 3 - mongosCount: 2 - configServerCount: 1 - - mongos: - # optional. Allows to pass custom flags that will be used - # when launching the mongodb agent for mongos processes. - # All values must be string - # The full list of available settings is at: - # https://docs.opsmanager.mongodb.com/current/reference/mongodb-agent-settings/ - agent: - startupOptions: - maxLogFiles: "30" - - configSrv: - # optional. Allows to pass custom flags that will be used - # when launching the mongodb agent for Config Server mongod processes. - # All values must be string - # The full list of available settings is at: - # https://docs.opsmanager.mongodb.com/current/reference/mongodb-agent-settings/ - agent: - startupOptions: - dialTimeoutSeconds: "40" - shard: - # optional. Allows to pass custom flags that will be used - # when launching the mongodb agent for Shards mongod processes. - # All values must be string - # The full list of available settings is at: - # https://docs.opsmanager.mongodb.com/current/reference/mongodb-agent-settings/ - agent: - startupOptions: - serverSelectionTimeoutSeconds: "20" diff --git a/samples/mongodb/agent-startup-options/standalone-agent-startup-options.yaml b/samples/mongodb/agent-startup-options/standalone-agent-startup-options.yaml deleted file mode 100644 index 55ae9a0e51376e10efc4a211bfcbd2c07401e4a3..0000000000000000000000000000000000000000 --- a/samples/mongodb/agent-startup-options/standalone-agent-startup-options.yaml +++ /dev/null @@ -1,24 +0,0 @@ ---- -apiVersion: mongodb.com/v1 -kind: MongoDB -metadata: - name: my-standalone -spec: - version: 4.4.0-ent - service: my-service - - opsManager: - configMapRef: - name: my-project - credentials: my-credentials - type: Standalone - - persistent: true - # optional. Allows to pass custom flags that will be used - # when launching the mongodb agent. All values must be strings - # The full list of available settings is at: - # https://docs.opsmanager.mongodb.com/current/reference/mongodb-agent-settings/ - agent: - startupOptions: - maxLogFiles: "30" - dialTimeoutSeconds: "40" diff --git a/samples/mongodb/authentication/ldap/replica-set/replica-set-ldap-user.yaml b/samples/mongodb/authentication/ldap/replica-set/replica-set-ldap-user.yaml deleted file mode 100644 index cd7571646d2c841d5fffb4966e9eb78fa6f798ed..0000000000000000000000000000000000000000 --- a/samples/mongodb/authentication/ldap/replica-set/replica-set-ldap-user.yaml +++ /dev/null @@ -1,19 +0,0 @@ ---- -apiVersion: mongodb.com/v1 -kind: MongoDBUser -metadata: - name: my-ldap-user -spec: - username: my-ldap-user - db: $external - mongodbResourceRef: - name: my-ldap-enabled-replica-set # The name of the MongoDB resource this user will be added to - roles: - - db: admin - name: clusterAdmin - - db: admin - name: userAdminAnyDatabase - - db: admin - name: readWrite - - db: admin - name: userAdminAnyDatabase diff --git a/samples/mongodb/authentication/ldap/replica-set/replica-set-ldap.yaml b/samples/mongodb/authentication/ldap/replica-set/replica-set-ldap.yaml deleted file mode 100644 index 8ba72fcec2ea8512e57aa99c0dddd0e55b2605c6..0000000000000000000000000000000000000000 --- a/samples/mongodb/authentication/ldap/replica-set/replica-set-ldap.yaml +++ /dev/null @@ -1,53 +0,0 @@ -# Creates a MongoDB Replica Set with LDAP Authentication Enabled. -# LDAP is an Enterprise-only feature. - ---- -apiVersion: mongodb.com/v1 -kind: MongoDB -metadata: - name: my-ldap-enabled-replica-set -spec: - type: ReplicaSet - members: 3 - version: 4.0.4-ent - - opsManager: - configMapRef: - name: my-project - credentials: my-credentials - - security: - authentication: - enabled: true - # Enabled LDAP Authentication Mode - modes: ["LDAP"] - - # LDAP related configuration - ldap: - # Specify the hostname:port combination of one or - # more LDAP servers - servers: - - "" - - "" - - # Set to "tls" to use LDAP over TLS. Leave blank if - # LDAP server does not accept TLS. - transportSecurity: "tls" - - # ConfigMap containing a CA certificate that validates - # the LDAP server's TLS certificate. - caConfigMapRef: - name: "" - key: "" - - # Specify the LDAP Distinguished Name to which - # MongoDB binds when connecting to the LDAP server - bindQueryUser: "cn=admin,dc=example,dc=org" - - # Specify the password with which MongoDB binds - # when connecting to an LDAP server. This is a - # reference to a Secret Kubernetes Object containing - # one "password" key. - bindQueryPasswordSecretRef: - name: "" - diff --git a/samples/mongodb/authentication/ldap/sharded-cluster/sharded-cluster-ldap-user.yaml b/samples/mongodb/authentication/ldap/sharded-cluster/sharded-cluster-ldap-user.yaml deleted file mode 100644 index aeb7e7d6967d2b34f5a967112648cc00f59c6dff..0000000000000000000000000000000000000000 --- a/samples/mongodb/authentication/ldap/sharded-cluster/sharded-cluster-ldap-user.yaml +++ /dev/null @@ -1,19 +0,0 @@ ---- -apiVersion: mongodb.com/v1 -kind: MongoDBUser -metadata: - name: my-ldap-user -spec: - username: my-ldap-user - db: $external - mongodbResourceRef: - name: my-ldap-enabled-sharded-cluster # The name of the MongoDB resource this user will be added to - roles: - - db: admin - name: clusterAdmin - - db: admin - name: userAdminAnyDatabase - - db: admin - name: readWrite - - db: admin - name: userAdminAnyDatabase diff --git a/samples/mongodb/authentication/ldap/sharded-cluster/sharded-cluster-ldap.yaml b/samples/mongodb/authentication/ldap/sharded-cluster/sharded-cluster-ldap.yaml deleted file mode 100644 index c1fe491ba5061ae27eeba4e36cfad419cf32f023..0000000000000000000000000000000000000000 --- a/samples/mongodb/authentication/ldap/sharded-cluster/sharded-cluster-ldap.yaml +++ /dev/null @@ -1,56 +0,0 @@ ---- -apiVersion: mongodb.com/v1 -kind: MongoDB -metadata: - name: my-ldap-enabled-sharded-cluster -spec: - type: ShardedCluster - - shardCount: 2 - mongodsPerShardCount: 3 - mongosCount: 2 - configServerCount: 3 - - version: 4.0.4-ent - - opsManager: - configMapRef: - name: my-project - credentials: my-credentials - - security: - authentication: - enabled: true - - # Enabled LDAP Authentication Mode - modes: ["LDAP"] - - # LDAP related configuration - ldap: - # Specify the hostname:port combination of one or - # more LDAP servers - servers: - - "" - - "" - - # Set to "tls" to use LDAP over TLS. Leave blank if - # LDAP server does not accept TLS. - transportSecurity: "tls" - - # ConfigMap containing a CA certificate that validates - # the LDAP server's TLS certificate. - caConfigMapRef: - name: "" - key: "" - - # Specify the LDAP Distinguished Name to which - # MongoDB binds when connecting to the LDAP server - bindQueryUser: "cn=admin,dc=example,dc=org" - - # Specify the password with which MongoDB binds - # when connecting to an LDAP server. This is a - # reference to a Secret Kubernetes Object containing - # one "password" key. - bindQueryPasswordSecretRef: - name: "" - diff --git a/samples/mongodb/minimal/replica-set.yaml b/samples/mongodb/minimal/replica-set.yaml index 363cac3549fa40ba10f524fc689aa383221a0396..bac8695b1e8fe33dd5ba0758823e8430263e741e 100644 --- a/samples/mongodb/minimal/replica-set.yaml +++ b/samples/mongodb/minimal/replica-set.yaml @@ -9,7 +9,7 @@ metadata: name: my-replica-set spec: members: 3 - version: 4.4.0-ent + version: 4.2.1-ent type: ReplicaSet opsManager: @@ -18,18 +18,3 @@ spec: credentials: my-credentials persistent: false - - podSpec: - # 'podTemplate' allows to set custom fields in PodTemplateSpec (https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#podtemplatespec-v1-core) - # for the Database StatefulSet. - podTemplate: - spec: - containers: - - name: mongodb-enterprise-database - resources: - limits: - cpu: "2" - memory: 700m - requests: - cpu: "1" - memory: 500m diff --git a/samples/mongodb/minimal/sharded-cluster.yaml b/samples/mongodb/minimal/sharded-cluster.yaml index 493fc4b60254484ddaa47031fe580cd655bbb24b..234186d19f37e63955e0814d67fef1097fd6535f 100644 --- a/samples/mongodb/minimal/sharded-cluster.yaml +++ b/samples/mongodb/minimal/sharded-cluster.yaml @@ -12,7 +12,7 @@ spec: mongodsPerShardCount: 3 mongosCount: 2 configServerCount: 3 - version: 4.4.0-ent + version: 4.2.1-ent type: ShardedCluster # Before you create this object, you'll need to create a project ConfigMap and a # credentials Secret. For instructions on how to do this, please refer to our @@ -27,40 +27,3 @@ spec: # testing only, and must not be used in production. 'false' will disable # Persistent Volume Claims. The default is 'true' persistent: false - - configSrvPodSpec: - podTemplate: - spec: - containers: - - name: mongodb-enterprise-database - resources: - limits: - cpu: "2" - memory: 700m - requests: - cpu: "1" - memory: 500m - shardPodSpec: - podTemplate: - spec: - containers: - - name: mongodb-enterprise-database - resources: - limits: - cpu: "2" - memory: 700m - requests: - cpu: "1" - memory: 500m - mongosPodSpec: - podTemplate: - spec: - containers: - - name: mongodb-enterprise-database - resources: - limits: - cpu: "1" - memory: 200m - requests: - cpu: "0.5" - memory: 100m \ No newline at end of file diff --git a/samples/mongodb/minimal/standalone.yaml b/samples/mongodb/minimal/standalone.yaml index 30e1b8acf5c04d55e7dc1a943ad96e65a6142100..cd9e5466d06bfbfea8cfd1df960a48fbabf9b02c 100644 --- a/samples/mongodb/minimal/standalone.yaml +++ b/samples/mongodb/minimal/standalone.yaml @@ -8,7 +8,7 @@ kind: MongoDB metadata: name: my-standalone spec: - version: 4.4.0-ent + version: 4.2.1-ent type: Standalone # Before you create this object, you'll need to create a project ConfigMap and a # credentials Secret. For instructions on how to do this, please refer to our @@ -23,18 +23,3 @@ spec: # testing only, and must not be used in production. 'false' will disable # Persistent Volume Claims. The default is 'true' persistent: false - - podSpec: - # 'podTemplate' allows to set custom fields in PodTemplateSpec (https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#podtemplatespec-v1-core) - # for the Database StatefulSet. - podTemplate: - spec: - containers: - - name: mongodb-enterprise-database - resources: - limits: - cpu: "2" - memory: 700m - requests: - cpu: "1" - memory: 500m \ No newline at end of file diff --git a/samples/mongodb/mongodb-options/replica-set-mongod-options.yaml b/samples/mongodb/mongodb-options/replica-set-mongod-options.yaml deleted file mode 100644 index a6c3265c6479f6335c9411add6187d908bd72d62..0000000000000000000000000000000000000000 --- a/samples/mongodb/mongodb-options/replica-set-mongod-options.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: mongodb.com/v1 -kind: MongoDB -metadata: - name: my-replica-set-options -spec: - members: 3 - version: 4.2.8-ent - type: ReplicaSet - opsManager: - configMapRef: - name: my-project - credentials: my-credentials - persistent: true - # optional. Allows to pass custom MongoDB process configuration - additionalMongodConfig: - systemLog: - logAppend: true - verbosity: 4 - operationProfiling: - mode: slowOp diff --git a/samples/mongodb/mongodb-options/sharded-cluster-mongod-options.yaml b/samples/mongodb/mongodb-options/sharded-cluster-mongod-options.yaml deleted file mode 100644 index fa5d40287e57e4af89b9c29f88a0453dedfc9e68..0000000000000000000000000000000000000000 --- a/samples/mongodb/mongodb-options/sharded-cluster-mongod-options.yaml +++ /dev/null @@ -1,33 +0,0 @@ -apiVersion: mongodb.com/v1 -kind: MongoDB -metadata: - name: my-sharded-cluster-options -spec: - version: 4.2.8-ent - type: ShardedCluster - opsManager: - configMapRef: - name: my-project - credentials: my-credentials - persistent: true - shardCount: 2 - mongodsPerShardCount: 3 - mongosCount: 2 - configServerCount: 1 - mongos: - # optional. Allows to pass custom configuration for mongos processes - additionalMongodConfig: - systemLog: - logAppend: true - verbosity: 4 - configSrv: - # optional. Allows to pass custom configuration for Config Server mongod processes - additionalMongodConfig: - operationProfiling: - mode: slowOp - shard: - additionalMongodConfig: - # optional. Allows to pass custom configuration for Shards mongod processes - storage: - journal: - commitIntervalMs: 50 diff --git a/samples/ops-manager/ops-manager-appdb-agent-startup-parameters.yaml b/samples/ops-manager/ops-manager-appdb-agent-startup-parameters.yaml deleted file mode 100644 index 185373026b598aaf96fcf204ace73f4193bdd757..0000000000000000000000000000000000000000 --- a/samples/ops-manager/ops-manager-appdb-agent-startup-parameters.yaml +++ /dev/null @@ -1,33 +0,0 @@ ---- -apiVersion: mongodb.com/v1 -kind: MongoDBOpsManager -metadata: - name: ops-manager -spec: - # the number of Ops Manager instances to run. Set to value bigger - # than 1 to get high availability and upgrades without downtime - replicas: 3 - - # the version of Ops Manager distro to use - version: 4.4.1 - - # optional. Specify the custom cluster domain of the Kubernetes cluster if it's different from the default one ('cluster.local'). - # This affects the urls generated by the Operator. - # This field is also used for Application Database url - clusterDomain: mycompany.net - - # the name of the secret containing admin user credentials. - # Either remove the secret or change the password using Ops Manager UI after the Ops Manager - # resource is created! - adminCredentials: ops-manager-admin-secret - - # the application database backing Ops Manager. Replica Set is the only supported type - # Application database has the SCRAM-SHA authentication mode always enabled - applicationDatabase: - members: 3 - persistent: true - # optional. Allows to pass custom flags that will be used - # when launching the mongodb agent. All values must be strings - agent: - startupOptions: - serverSelectionTimeoutSeconds: "20" diff --git a/samples/ops-manager/ops-manager-backup.yaml b/samples/ops-manager/ops-manager-backup.yaml index 6aa24778e81911098398e9f1e0b78dfc0c00eab2..19fedfa0432cfcc46d4b49c7388f77a7324e4b5c 100644 --- a/samples/ops-manager/ops-manager-backup.yaml +++ b/samples/ops-manager/ops-manager-backup.yaml @@ -5,7 +5,7 @@ metadata: name: ops-manager-backup spec: replicas: 1 - version: 4.4.1 + version: 4.2.12 adminCredentials: ops-manager-admin-secret # optional. Enabled by default diff --git a/samples/ops-manager/ops-manager-external.yaml b/samples/ops-manager/ops-manager-external.yaml index eaf24fb5cd54a99d05520b3d316e6358e8bb5034..c598c80e00b45b7392c829833505b18455473273 100644 --- a/samples/ops-manager/ops-manager-external.yaml +++ b/samples/ops-manager/ops-manager-external.yaml @@ -5,7 +5,7 @@ metadata: name: ops-manager-external spec: replicas: 1 - version: 4.4.1 + version: 4.2.12 adminCredentials: ops-manager-admin-secret configuration: diff --git a/samples/ops-manager/ops-manager-ignore-ui-setup.yaml b/samples/ops-manager/ops-manager-ignore-ui-setup.yaml index 5658b806a65acaf7745bb45f517b0422805f2840..8fa567ae4217e144ade34f7ba9639ae3940e2ae4 100644 --- a/samples/ops-manager/ops-manager-ignore-ui-setup.yaml +++ b/samples/ops-manager/ops-manager-ignore-ui-setup.yaml @@ -4,7 +4,7 @@ metadata: name: ops-manager-ignore-ui spec: replicas: 1 - version: 4.4.1 + version: 4.2.12 adminCredentials: ops-manager-admin-secret configuration: diff --git a/samples/ops-manager/ops-manager-local-mode-bincontainer.yaml b/samples/ops-manager/ops-manager-local-mode-bincontainer.yaml deleted file mode 100644 index 931c8ad883150eea19188716d8096054e6c17a6e..0000000000000000000000000000000000000000 --- a/samples/ops-manager/ops-manager-local-mode-bincontainer.yaml +++ /dev/null @@ -1,59 +0,0 @@ ---- -apiVersion: mongodb.com/v1 -kind: MongoDBOpsManager -metadata: - name: ops-manager-localmode -spec: - replicas: 1 - version: 4.4.1 - adminCredentials: ops-manager-admin-secret - - # Local Mode must be configured so Ops Manger does not download any binaries from - # the internet. Only the binaries present will be available for the agents. - configuration: - automation.versions.source: local - - statefulSet: - spec: - template: - spec: - volumes: - - name: mongodb-versions - persistentVolumeClaim: - claimName: mongodb-versions-claim - containers: - - name: mongodb-ops-manager - volumeMounts: - - name: mongodb-versions - mountPath: /mongodb-ops-manager/mongodb-releases - - initContainers: - - name: mongodb-ops-manager-db-binaries-rhel7 - # Redirect this to IronBank - image: quay.io/mongodb/mongodb-enterprise/mongodb-ops-manager/mongodb-ops-manager-db-binaries-rhel7:4.2.8 - command: - - cp - - -a - - /binaries/* - - /mongodb-ops-manager/mongodb-releases/ - volumeMounts: - - name: mongodb-versions - mountPath: /mongodb-ops-manager/mongodb-releases - - - - applicationDatabase: - members: 3 - ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: mongodb-versions-claim -spec: - storageClassName: gp2 - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 3Gi diff --git a/samples/ops-manager/ops-manager-local-mode.yaml b/samples/ops-manager/ops-manager-local-mode.yaml index 90178d21792db7a2f6de15cb0b7d8ea7e85d9613..51e3d5f579205352f7ee69ff5293e160c3a28541 100644 --- a/samples/ops-manager/ops-manager-local-mode.yaml +++ b/samples/ops-manager/ops-manager-local-mode.yaml @@ -4,7 +4,7 @@ metadata: name: ops-manager-localmode spec: replicas: 2 - version: 4.4.1 + version: 4.2.12 adminCredentials: ops-manager-admin-secret configuration: # this enables local mode in Ops Manager diff --git a/samples/ops-manager/ops-manager-non-root.yaml b/samples/ops-manager/ops-manager-non-root.yaml deleted file mode 100644 index d725b7f9f2c05c285a87c9e9791d7173d16a384b..0000000000000000000000000000000000000000 --- a/samples/ops-manager/ops-manager-non-root.yaml +++ /dev/null @@ -1,27 +0,0 @@ ---- -apiVersion: mongodb.com/v1 -kind: MongoDBOpsManager -metadata: - name: ops-manager -spec: - replicas: 1 - version: 4.4.1 - - adminCredentials: ops-manager-admin-secret - - applicationDatabase: - members: 3 - version: 4.2.6-ent - persistent: true - - - # The statefulSet entry will modify the way the StatefulSet holding the - # Ops Manager and Backup Daemon Pods will be created. In this case we can - # specify a non-default SecurityContext. - statefulSet: - spec: - template: - spec: - securityContext: - fsGroup: 5000 - runAsUser: 5000 diff --git a/samples/ops-manager/ops-manager-pod-spec.yaml b/samples/ops-manager/ops-manager-pod-spec.yaml index cf4d88c08a4b76124b797e8e73372c2fca112895..853e17c0b224e78d8d17eea154f1eeb5ee62c6a2 100644 --- a/samples/ops-manager/ops-manager-pod-spec.yaml +++ b/samples/ops-manager/ops-manager-pod-spec.yaml @@ -4,7 +4,7 @@ metadata: name: ops-manager-pod-spec spec: replicas: 1 - version: 4.4.1 + version: 4.2.12 adminCredentials: ops-manager-admin-secret configuration: mms.testUtil.enabled: "true" diff --git a/samples/ops-manager/ops-manager-scram.yaml b/samples/ops-manager/ops-manager-scram.yaml index 085bfe265b50d7aafb86862afc4aeb411de8c3ce..edf1d251ef80075b1c176939eb8af3baf62f9568 100644 --- a/samples/ops-manager/ops-manager-scram.yaml +++ b/samples/ops-manager/ops-manager-scram.yaml @@ -5,7 +5,7 @@ metadata: name: ops-manager-scram spec: replicas: 1 - version: 4.4.1 + version: 4.2.12 adminCredentials: ops-manager-admin-secret # the application database backing Ops Manager. Replica Set is the only supported type diff --git a/samples/ops-manager/ops-manager-tls.yaml b/samples/ops-manager/ops-manager-tls.yaml index b4625c8118078733beadb70e6975ffcbd0ee7d5a..a5b6fa79ab2e665b64decf7944756059b4ef541d 100644 --- a/samples/ops-manager/ops-manager-tls.yaml +++ b/samples/ops-manager/ops-manager-tls.yaml @@ -4,7 +4,7 @@ metadata: name: ops-manager-tls spec: replicas: 1 - version: 4.4.1 + version: 4.2.12 adminCredentials: ops-manager-admin-secret configuration: diff --git a/samples/ops-manager/ops-manager.yaml b/samples/ops-manager/ops-manager.yaml index dd3f64931aab73ea3aabc053a4f13b802ebc75c9..dc85a7cda55e0a9c67367aec0a9779a0a3b15d0b 100644 --- a/samples/ops-manager/ops-manager.yaml +++ b/samples/ops-manager/ops-manager.yaml @@ -9,7 +9,7 @@ spec: replicas: 3 # the version of Ops Manager distro to use - version: 4.4.1 + version: 4.2.12 # optional. Specify the custom cluster domain of the Kubernetes cluster if it's different from the default one ('cluster.local'). # This affects the urls generated by the Operator. @@ -33,9 +33,5 @@ spec: # The bundled MongoDB binary will be used if omitted and no download from the Internet will happen version: 4.2.6-ent persistent: true - # optional. Allows to pass custom MongoDB process configuration - additionalMongodConfig: - operationProfiling: - mode: slowOp podSpec: cpu: '0.25' diff --git a/support/mdb_operator_diagnostic_data.sh b/support/mdb_operator_diagnostic_data.sh index a970e41b5ef3fe126617ea6d0e62363259d185f8..b1fd839212ea63af57fb285a5f7a86176a94817a 100755 --- a/support/mdb_operator_diagnostic_data.sh +++ b/support/mdb_operator_diagnostic_data.sh @@ -1,7 +1,5 @@ #!/usr/bin/env bash -set -Eeou pipefail - # # mdb_operator_diagnostic_data.sh # @@ -70,7 +68,7 @@ if [ ${private_mode} == 0 ]; then fi echo "++ Versions" -mdb_operator_pod=$(kubectl -n "${namespace}" get pods -l "controller=${operator_name}" -o name | cut -d'/' -f 2) +mdb_operator_pod=$(kubectl -n "${namespace}" get pods -l "app=${operator_name}" -o name | cut -d'/' -f 2) echo "+ Operator Pod: pod/${mdb_operator_pod}" mdb_operator_filename="operator.yaml" @@ -180,7 +178,7 @@ echo "+ Certificates (no private keys are captured)" csr_filename="csr.text" kubectl get csr | grep "${namespace}" echo "+ Saving Certificate state into ${csr_filename}" -kubectl describe "$(kubectl get csr -o name | grep "${namespace}")" +kubectl describe "$(kubectl get csr -o name | grep ${namespace})" echo "++ MongoDBUser Resource Status" mdbusers_filename="mdbu.yaml"