From 6c9f51e4947e20dd05bc9f8357ff44b862e69c97 Mon Sep 17 00:00:00 2001 From: Junaid Chaudry Date: Thu, 9 Mar 2023 11:09:07 -0500 Subject: [PATCH] Adding ability to add 'extraManifests' --- .../templates/database_roles.yaml | 5 +- .../templates/extraObjects.yaml | 4 ++ .../mongodbcommunity_cr_with_tls.yaml | 10 ++- .../templates/operator_roles.yaml | 5 +- charts/community-operator/values.yaml | 67 +++++++++++++++++++ 5 files changed, 88 insertions(+), 3 deletions(-) create mode 100644 charts/community-operator/templates/extraObjects.yaml diff --git a/charts/community-operator/templates/database_roles.yaml b/charts/community-operator/templates/database_roles.yaml index b5662ff6..17f4e264 100644 --- a/charts/community-operator/templates/database_roles.yaml +++ b/charts/community-operator/templates/database_roles.yaml @@ -4,7 +4,10 @@ kind: ServiceAccount metadata: name: {{ .Values.database.name }} namespace: {{ if .Values.database.namespace }} {{ .Values.database.namespace }} {{ else }} {{ .Release.Namespace }} {{ end }} - + {{- with .Values.database.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role diff --git a/charts/community-operator/templates/extraObjects.yaml b/charts/community-operator/templates/extraObjects.yaml new file mode 100644 index 00000000..2855904e --- /dev/null +++ b/charts/community-operator/templates/extraObjects.yaml @@ -0,0 +1,4 @@ +{{ range .Values.extraObjects }} +--- +{{ tpl (toYaml .) $ }} +{{ end }} \ No newline at end of file diff --git a/charts/community-operator/templates/mongodbcommunity_cr_with_tls.yaml b/charts/community-operator/templates/mongodbcommunity_cr_with_tls.yaml index 4680fd78..882eb4ad 100644 --- a/charts/community-operator/templates/mongodbcommunity_cr_with_tls.yaml +++ b/charts/community-operator/templates/mongodbcommunity_cr_with_tls.yaml @@ -75,5 +75,13 @@ spec: {{- end }} authentication: modes: ["SCRAM"] - users: [] + {{ with .Values.resource.statefulSet }} + statefulSet: + {{- toYaml . | nindent 4 }} + {{- end}} + + {{- with .Values.resource.users }} + users: + {{- toYaml . | nindent 4 }} + {{- end }} {{- end }} diff --git a/charts/community-operator/templates/operator_roles.yaml b/charts/community-operator/templates/operator_roles.yaml index 0f0988b9..2ce8c017 100644 --- a/charts/community-operator/templates/operator_roles.yaml +++ b/charts/community-operator/templates/operator_roles.yaml @@ -4,7 +4,10 @@ kind: ServiceAccount metadata: name: {{ .Values.operator.name }} namespace: {{ .Release.Namespace }} - + {{- with .Values.operator.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: {{ if eq (.Values.operator.watchNamespace | default "") "*" }} ClusterRole {{ else }} Role {{ end }} diff --git a/charts/community-operator/values.yaml b/charts/community-operator/values.yaml index 9f2f8c48..649aa154 100644 --- a/charts/community-operator/values.yaml +++ b/charts/community-operator/values.yaml @@ -4,6 +4,10 @@ operator: # Deployment, ServiceAccount, Role etc. name: mongodb-kubernetes-operator + # serviceAccount annotations, if any to add + serviceAccount: + annotations: {} + # Name of the operator image operatorImageName: mongodb-kubernetes-operator @@ -33,7 +37,13 @@ operator: ## Operator's database database: + # Name that will be assigned to most of internal Kubernetes objects like + # ServiceAccount, Role etc. name: mongodb-database + # serviceAccount annotations, if any to add + serviceAccount: + annotations: {} + # set this to the namespace where you would like # to deploy the MongoDB database, # Note if the database namespace is not same @@ -77,7 +87,42 @@ resource: members: 3 tls: enabled: false + # users: [] + # - name: my-user + # db: admin + # passwordSecretRef: # a reference to the secret that will be used to generate the user's password + # name: my-user-password + # roles: + # - name: clusterAdmin + # db: admin + # - name: userAdminAnyDatabase + # db: admin + # - name: readWriteAnyDatabase + # db: admin + # - name: dbAdminAnyDatabase + # db: admin + # scramCredentialsSecretName: my-scram + # overwrite MDBC resource statefulset defaults + # statefulSet: + # spec: + # template: + # spec: + # imagePullSecrets: + # - name: my-secret + # volumes: + # - name: secretmanager-secretproviderclass + # csi: + # driver: secrets-store.csi.k8s.io + # readOnly: true + # volumeAttributes: + # secretProviderClass: mysecretclass + # containers: + # - name: mongodb-agent + # volumeMounts: + # - name: secretmanager-secretproviderclass + # mountPath: "/mnt/secrets-store" + # readOnly: true # Installs Cert-Manager in this cluster. useCertManager: true certificateKeySecretRef: tls-certificate @@ -85,3 +130,25 @@ resource: certManager: certDuration: 8760h # 365 days renewCertBefore: 720h # 30 days + +# -- Array of extra K8s manifests to deploy +extraObjects: [] + # - apiVersion: secrets-store.csi.x-k8s.io/v1 + # kind: SecretProviderClass + # metadata: + # name: mongodb-secrets-store + # spec: + # provider: aws + # parameters: + # objects: | + # - objectName: "mongodb" + # objectType: "secretsmanager" + # jmesPath: + # - path: "password" + # objectAlias: "password" + # secretObjects: + # - data: + # - key: password + # objectName: password + # secretName: my-user-password + # type: Opaque