From 0919d9cefcaccfaec129f70644367feb772d95fd Mon Sep 17 00:00:00 2001 From: "Bergquist, Brett" Date: Sun, 12 Nov 2023 03:37:36 -0800 Subject: [PATCH 1/7] Resolve "Update community-operator chart to support having a namespace override" --- charts/community-operator/Chart.yaml | 28 +++++++++---------- .../templates/database_roles.yaml | 6 ++-- .../templates/operator.yaml | 2 +- .../templates/operator_roles.yaml | 8 +++--- charts/community-operator/values.yaml | 4 +++ 5 files changed, 26 insertions(+), 22 deletions(-) diff --git a/charts/community-operator/Chart.yaml b/charts/community-operator/Chart.yaml index f5257dbb..15efe8a8 100644 --- a/charts/community-operator/Chart.yaml +++ b/charts/community-operator/Chart.yaml @@ -1,21 +1,21 @@ apiVersion: v2 -name: community-operator -description: MongoDB Kubernetes Community Operator -version: 0.8.3 -type: application appVersion: 0.8.3 -kubeVersion: '>=1.16-0' +dependencies: +- condition: community-operator-crds.enabled + name: community-operator-crds + repository: https://mongodb.github.io/helm-charts + version: 0.8.3 +description: MongoDB Kubernetes Community Operator +home: https://github.com/mongodb/mongodb-kubernetes-operator +icon: https://mongodb-images-new.s3.eu-west-1.amazonaws.com/leaf-green-dark.png keywords: - mongodb - database - nosql -icon: https://mongodb-images-new.s3.eu-west-1.amazonaws.com/leaf-green-dark.png -home: https://github.com/mongodb/mongodb-kubernetes-operator +kubeVersion: '>=1.16-0' maintainers: -- name: MongoDB - email: support@mongodb.com -dependencies: -- name: community-operator-crds - version: 0.8.3 - repository: https://mongodb.github.io/helm-charts - condition: community-operator-crds.enabled +- email: support@mongodb.com + name: MongoDB +name: community-operator-cp +type: application +version: 0.8.3 diff --git a/charts/community-operator/templates/database_roles.yaml b/charts/community-operator/templates/database_roles.yaml index b5662ff6..1bbe3e95 100644 --- a/charts/community-operator/templates/database_roles.yaml +++ b/charts/community-operator/templates/database_roles.yaml @@ -3,14 +3,14 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ .Values.database.name }} - namespace: {{ if .Values.database.namespace }} {{ .Values.database.namespace }} {{ else }} {{ .Release.Namespace }} {{ end }} + namespace: {{ if .Values.database.namespace }} {{ .Values.database.namespace }} {{ else }} {{ default .Release.Namespace .Values.operator.namespaceOverride | trunc 63 | trimSuffix "-" }} {{ end }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ .Values.database.name }} - namespace: {{ if .Values.database.namespace }} {{ .Values.database.namespace }} {{ else }} {{ .Release.Namespace }} {{ end }} + namespace: {{ if .Values.database.namespace }} {{ .Values.database.namespace }} {{ else }} {{ default .Release.Namespace .Values.operator.namespaceOverride | trunc 63 | trimSuffix "-" }} {{ end }} rules: - apiGroups: - "" @@ -32,7 +32,7 @@ kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: {{ .Values.database.name }} - namespace: {{ if .Values.database.namespace }} {{ .Values.database.namespace }} {{ else }} {{ .Release.Namespace }} {{ end }} + namespace: {{ if .Values.database.namespace }} {{ .Values.database.namespace }} {{ else }} {{ default .Release.Namespace .Values.operator.namespaceOverride | trunc 63 | trimSuffix "-" }} {{ end }} subjects: - kind: ServiceAccount name: {{ .Values.database.name }} diff --git a/charts/community-operator/templates/operator.yaml b/charts/community-operator/templates/operator.yaml index 15af4014..61fad3f4 100644 --- a/charts/community-operator/templates/operator.yaml +++ b/charts/community-operator/templates/operator.yaml @@ -7,7 +7,7 @@ metadata: labels: owner: mongodb name: {{ .Values.operator.name }} - namespace: {{ .Release.Namespace }} + namespace: {{ default .Release.Namespace .Values.operator.namespaceOverride | trunc 63 | trimSuffix "-" }} spec: replicas: {{ .Values.operator.replicas }} selector: diff --git a/charts/community-operator/templates/operator_roles.yaml b/charts/community-operator/templates/operator_roles.yaml index 0f0988b9..635a49b3 100644 --- a/charts/community-operator/templates/operator_roles.yaml +++ b/charts/community-operator/templates/operator_roles.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ .Values.operator.name }} - namespace: {{ .Release.Namespace }} + namespace: {{ default .Release.Namespace .Values.operator.namespaceOverride | trunc 63 | trimSuffix "-" }} --- apiVersion: rbac.authorization.k8s.io/v1 @@ -13,7 +13,7 @@ metadata: {{- if not (eq (.Values.operator.watchNamespace | default "*") "*") }} namespace: {{ .Values.operator.watchNamespace }} {{- else }} - namespace: {{ .Release.Namespace }} + namespace: {{ default .Release.Namespace .Values.operator.namespaceOverride | trunc 63 | trimSuffix "-" }} {{- end }} rules: - apiGroups: @@ -65,12 +65,12 @@ metadata: {{- if ne (.Values.operator.watchNamespace | default "*") "*" }} namespace: {{ .Values.operator.watchNamespace }} {{- else }} - namespace: {{ .Release.Namespace }} + namespace: {{ default .Release.Namespace .Values.operator.namespaceOverride | trunc 63 | trimSuffix "-" }} {{- end }} subjects: - kind: ServiceAccount name: {{ .Values.operator.name }} - namespace: {{ .Release.Namespace }} + namespace: {{ default .Release.Namespace .Values.operator.namespaceOverride | trunc 63 | trimSuffix "-" }} roleRef: kind: {{ if eq (.Values.operator.watchNamespace | default "") "*" }} ClusterRole {{ else }} Role {{ end }} name: {{ .Values.operator.name }} diff --git a/charts/community-operator/values.yaml b/charts/community-operator/values.yaml index b04749bf..eccdfb7c 100644 --- a/charts/community-operator/values.yaml +++ b/charts/community-operator/values.yaml @@ -8,6 +8,10 @@ operator: # Deployment, ServiceAccount, Role etc. name: mongodb-kubernetes-operator + # Allow the operator namespace to be overridden which is useful when having this operator + # be a subchart dependency + # namespaceOverride: + # Name of the operator image operatorImageName: mongodb-kubernetes-operator From 6e7c96e29dd2824e664ff15dd13deceb6f234639 Mon Sep 17 00:00:00 2001 From: Brett Bergquist Date: Sun, 12 Nov 2023 07:38:57 -0500 Subject: [PATCH 2/7] Update community-operator chart to support having a namespace override --- charts/community-operator/templates/database_roles.yaml | 6 +++--- charts/community-operator/templates/operator.yaml | 2 +- charts/community-operator/templates/operator_roles.yaml | 8 ++++---- charts/community-operator/values.yaml | 4 ++++ 4 files changed, 12 insertions(+), 8 deletions(-) diff --git a/charts/community-operator/templates/database_roles.yaml b/charts/community-operator/templates/database_roles.yaml index b5662ff6..1bbe3e95 100644 --- a/charts/community-operator/templates/database_roles.yaml +++ b/charts/community-operator/templates/database_roles.yaml @@ -3,14 +3,14 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ .Values.database.name }} - namespace: {{ if .Values.database.namespace }} {{ .Values.database.namespace }} {{ else }} {{ .Release.Namespace }} {{ end }} + namespace: {{ if .Values.database.namespace }} {{ .Values.database.namespace }} {{ else }} {{ default .Release.Namespace .Values.operator.namespaceOverride | trunc 63 | trimSuffix "-" }} {{ end }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ .Values.database.name }} - namespace: {{ if .Values.database.namespace }} {{ .Values.database.namespace }} {{ else }} {{ .Release.Namespace }} {{ end }} + namespace: {{ if .Values.database.namespace }} {{ .Values.database.namespace }} {{ else }} {{ default .Release.Namespace .Values.operator.namespaceOverride | trunc 63 | trimSuffix "-" }} {{ end }} rules: - apiGroups: - "" @@ -32,7 +32,7 @@ kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: {{ .Values.database.name }} - namespace: {{ if .Values.database.namespace }} {{ .Values.database.namespace }} {{ else }} {{ .Release.Namespace }} {{ end }} + namespace: {{ if .Values.database.namespace }} {{ .Values.database.namespace }} {{ else }} {{ default .Release.Namespace .Values.operator.namespaceOverride | trunc 63 | trimSuffix "-" }} {{ end }} subjects: - kind: ServiceAccount name: {{ .Values.database.name }} diff --git a/charts/community-operator/templates/operator.yaml b/charts/community-operator/templates/operator.yaml index 15af4014..61fad3f4 100644 --- a/charts/community-operator/templates/operator.yaml +++ b/charts/community-operator/templates/operator.yaml @@ -7,7 +7,7 @@ metadata: labels: owner: mongodb name: {{ .Values.operator.name }} - namespace: {{ .Release.Namespace }} + namespace: {{ default .Release.Namespace .Values.operator.namespaceOverride | trunc 63 | trimSuffix "-" }} spec: replicas: {{ .Values.operator.replicas }} selector: diff --git a/charts/community-operator/templates/operator_roles.yaml b/charts/community-operator/templates/operator_roles.yaml index 0f0988b9..635a49b3 100644 --- a/charts/community-operator/templates/operator_roles.yaml +++ b/charts/community-operator/templates/operator_roles.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ .Values.operator.name }} - namespace: {{ .Release.Namespace }} + namespace: {{ default .Release.Namespace .Values.operator.namespaceOverride | trunc 63 | trimSuffix "-" }} --- apiVersion: rbac.authorization.k8s.io/v1 @@ -13,7 +13,7 @@ metadata: {{- if not (eq (.Values.operator.watchNamespace | default "*") "*") }} namespace: {{ .Values.operator.watchNamespace }} {{- else }} - namespace: {{ .Release.Namespace }} + namespace: {{ default .Release.Namespace .Values.operator.namespaceOverride | trunc 63 | trimSuffix "-" }} {{- end }} rules: - apiGroups: @@ -65,12 +65,12 @@ metadata: {{- if ne (.Values.operator.watchNamespace | default "*") "*" }} namespace: {{ .Values.operator.watchNamespace }} {{- else }} - namespace: {{ .Release.Namespace }} + namespace: {{ default .Release.Namespace .Values.operator.namespaceOverride | trunc 63 | trimSuffix "-" }} {{- end }} subjects: - kind: ServiceAccount name: {{ .Values.operator.name }} - namespace: {{ .Release.Namespace }} + namespace: {{ default .Release.Namespace .Values.operator.namespaceOverride | trunc 63 | trimSuffix "-" }} roleRef: kind: {{ if eq (.Values.operator.watchNamespace | default "") "*" }} ClusterRole {{ else }} Role {{ end }} name: {{ .Values.operator.name }} diff --git a/charts/community-operator/values.yaml b/charts/community-operator/values.yaml index b04749bf..eccdfb7c 100644 --- a/charts/community-operator/values.yaml +++ b/charts/community-operator/values.yaml @@ -8,6 +8,10 @@ operator: # Deployment, ServiceAccount, Role etc. name: mongodb-kubernetes-operator + # Allow the operator namespace to be overridden which is useful when having this operator + # be a subchart dependency + # namespaceOverride: + # Name of the operator image operatorImageName: mongodb-kubernetes-operator From 20bd489bd39ef8811457fb6f0f2890bf897bf7db Mon Sep 17 00:00:00 2001 From: "Bergquist, Brett" Date: Mon, 13 Nov 2023 02:31:18 -0800 Subject: [PATCH 3/7] Resolve "Add conditional namespace template if namespaceOverride is configured" --- charts/community-operator/templates/operator_namespace.yaml | 6 ++++++ charts/community-operator/values.yaml | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) create mode 100644 charts/community-operator/templates/operator_namespace.yaml diff --git a/charts/community-operator/templates/operator_namespace.yaml b/charts/community-operator/templates/operator_namespace.yaml new file mode 100644 index 00000000..00fe1283 --- /dev/null +++ b/charts/community-operator/templates/operator_namespace.yaml @@ -0,0 +1,6 @@ +{{- if .Values.operator.namespaceOverride }} +apiVersion: v1 +kind: Namespace +metadata: + name: {{ .Values.operator.namespaceOverride }} +{{- end }} diff --git a/charts/community-operator/values.yaml b/charts/community-operator/values.yaml index eccdfb7c..3ebc4d30 100644 --- a/charts/community-operator/values.yaml +++ b/charts/community-operator/values.yaml @@ -10,7 +10,7 @@ operator: # Allow the operator namespace to be overridden which is useful when having this operator # be a subchart dependency - # namespaceOverride: + #namespaceOverride: mongodb-solution # Name of the operator image operatorImageName: mongodb-kubernetes-operator From 1d16997cae03fc8b558e744a40b1502942ca7ddf Mon Sep 17 00:00:00 2001 From: Brett Bergquist Date: Mon, 13 Nov 2023 05:42:51 -0500 Subject: [PATCH 4/7] Added template to create operator override namespace This adds a conditional template for the namespace specified as the operator override namespace. --- charts/community-operator/templates/operator_namespace.yaml | 6 ++++++ charts/community-operator/values.yaml | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) create mode 100644 charts/community-operator/templates/operator_namespace.yaml diff --git a/charts/community-operator/templates/operator_namespace.yaml b/charts/community-operator/templates/operator_namespace.yaml new file mode 100644 index 00000000..00fe1283 --- /dev/null +++ b/charts/community-operator/templates/operator_namespace.yaml @@ -0,0 +1,6 @@ +{{- if .Values.operator.namespaceOverride }} +apiVersion: v1 +kind: Namespace +metadata: + name: {{ .Values.operator.namespaceOverride }} +{{- end }} diff --git a/charts/community-operator/values.yaml b/charts/community-operator/values.yaml index eccdfb7c..3ebc4d30 100644 --- a/charts/community-operator/values.yaml +++ b/charts/community-operator/values.yaml @@ -10,7 +10,7 @@ operator: # Allow the operator namespace to be overridden which is useful when having this operator # be a subchart dependency - # namespaceOverride: + #namespaceOverride: mongodb-solution # Name of the operator image operatorImageName: mongodb-kubernetes-operator From 3e8b6fe34837f6462661b42271ab855bcf710238 Mon Sep 17 00:00:00 2001 From: "Anthony, Zach" Date: Tue, 14 Nov 2023 10:58:02 -0800 Subject: [PATCH 5/7] Resolve "Add Gitlab CI support to build and publish the community-operator helm chart" --- .gitignore | 1 + .gitlab-ci.yml | 30 +++++++++++++++++++++++++ pom.xml | 59 ++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 90 insertions(+) create mode 100644 .gitlab-ci.yml create mode 100644 pom.xml diff --git a/.gitignore b/.gitignore index 080902ef..42d26e97 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ +target/ private/ *.crt *.key diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 00000000..1dfa79ad --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,30 @@ +default: + image: ${CI_REGISTRY}/devops/containers/smm-builder + +stages: + - build + - test + - deploy + +variables: + MAVEN_OPTS: >- + -Dmaven.repo.local=${CI_PROJECT_DIR}/.m2/repository + MAVEN_CLI_OPTS: "--batch-mode" + +build_job: + stage: build + script: + - mvn ${MAVEN_CLI_OPTS} compile + +test_job: + stage: test + script: + - mvn ${MAVEN_CLI_OPTS} test + +deploy_job: + stage: deploy + script: + - mvn ${MAVEN_CLI_OPTS} deploy -DskipTests + rules: + - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH + diff --git a/pom.xml b/pom.xml new file mode 100644 index 00000000..4c4fc1a1 --- /dev/null +++ b/pom.xml @@ -0,0 +1,59 @@ + + 4.0.0 + + + net.canogaperkins.smm + smm-parent-pom + 1.0.0-SNAPSHOT + + + net.canogaperkins.smm + community-operator + helm + 0.8.3 + community-operator + + + 6.11.0 + + + + + + io.kokuwa.maven + helm-maven-plugin + ${helm.maven.plugin.version} + + true + + + ${project.basedir}/charts/community-operator + ${project.version} + + + + mongodb + https://mongodb.github.io/helm-charts + + + + + smm-chart-stable + ${helm.uploadRepoStable.url} + ${helm.uploadRepoStable.username} + ${helm.uploadRepoStable.password} + ARTIFACTORY + + + smm-chart-snapshot + ${helm.uploadRepoSnapshot.url} + ${helm.uploadRepoSnapshot.username} + ${helm.uploadRepoSnapshot.password} + ARTIFACTORY + + + + + + From 6d6cf2a21df7967d6a0f47da30b39f161f774cb4 Mon Sep 17 00:00:00 2001 From: "Bergquist, Brett" Date: Sat, 18 Nov 2023 14:03:15 -0800 Subject: [PATCH 6/7] Resolve "Complete namespace support of the operator" --- .../community-operator/templates/_helpers.tpl | 69 +++++++++++++++++++ .../templates/database_roles.yaml | 13 ++-- .../mongodbcommunity_cr_with_tls.yaml | 4 +- .../templates/operator.yaml | 4 +- .../templates/operator_namespace.yaml | 6 +- .../templates/operator_roles.yaml | 15 ++-- charts/community-operator/values.yaml | 10 ++- 7 files changed, 104 insertions(+), 17 deletions(-) create mode 100644 charts/community-operator/templates/_helpers.tpl diff --git a/charts/community-operator/templates/_helpers.tpl b/charts/community-operator/templates/_helpers.tpl new file mode 100644 index 00000000..d26d6e1d --- /dev/null +++ b/charts/community-operator/templates/_helpers.tpl @@ -0,0 +1,69 @@ +{{/* +Construct the default namespace name. +*/}} +{{- define "community-operator.namespace" -}} +{{- default .Release.Namespace .Values.operator.namespace.name | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Expand the name of the chart. +*/}} +{{- define "community-operator.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "community-operator.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "community-operator.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "community-operator.labels" -}} +helm.sh/chart: {{ include "community-operator.chart" . }} +{{ include "community-operator.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "community-operator.selectorLabels" -}} +app.kubernetes.io/name: {{ include "community-operator.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "community-operator.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "community-operator.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/charts/community-operator/templates/database_roles.yaml b/charts/community-operator/templates/database_roles.yaml index 1bbe3e95..d91dea08 100644 --- a/charts/community-operator/templates/database_roles.yaml +++ b/charts/community-operator/templates/database_roles.yaml @@ -3,14 +3,17 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ .Values.database.name }} - namespace: {{ if .Values.database.namespace }} {{ .Values.database.namespace }} {{ else }} {{ default .Release.Namespace .Values.operator.namespaceOverride | trunc 63 | trimSuffix "-" }} {{ end }} - + namespace: {{ if .Values.database.namespace }} {{ .Values.database.namespace }} {{ else }} {{ include "community-operator.namespace" . }} {{ end }} + labels: + {{- include "community-operator.labels" . | nindent 4 }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ .Values.database.name }} - namespace: {{ if .Values.database.namespace }} {{ .Values.database.namespace }} {{ else }} {{ default .Release.Namespace .Values.operator.namespaceOverride | trunc 63 | trimSuffix "-" }} {{ end }} + namespace: {{ if .Values.database.namespace }} {{ .Values.database.namespace }} {{ else }} {{ include "community-operator.namespace" . }} {{ end }} + labels: + {{- include "community-operator.labels" . | nindent 4 }} rules: - apiGroups: - "" @@ -32,7 +35,9 @@ kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: {{ .Values.database.name }} - namespace: {{ if .Values.database.namespace }} {{ .Values.database.namespace }} {{ else }} {{ default .Release.Namespace .Values.operator.namespaceOverride | trunc 63 | trimSuffix "-" }} {{ end }} + namespace: {{ if .Values.database.namespace }} {{ .Values.database.namespace }} {{ else }} {{ include "community-operator.namespace" . }} {{ end }} + labels: + {{- include "community-operator.labels" . | nindent 4 }} subjects: - kind: ServiceAccount name: {{ .Values.database.name }} diff --git a/charts/community-operator/templates/mongodbcommunity_cr_with_tls.yaml b/charts/community-operator/templates/mongodbcommunity_cr_with_tls.yaml index b7179618..2937c54c 100644 --- a/charts/community-operator/templates/mongodbcommunity_cr_with_tls.yaml +++ b/charts/community-operator/templates/mongodbcommunity_cr_with_tls.yaml @@ -15,9 +15,9 @@ metadata: namespace: {{ .Values.namespace }} spec: isCA: true - commonName: "*.{{ .Values.resource.name }}-svc.{{ .Values.namespace }}.svc.cluster.local" + commonName: "*.{{ .Values.resource.name }}-svc.{{ .Values.namespace }}.svc.cluster.test" dnsNames: - - "*.{{ .Values.resource.name }}-svc.{{ .Values.namespace }}.svc.cluster.local" + - "*.{{ .Values.resource.name }}-svc.{{ .Values.namespace }}.svc.cluster.test" secretName: {{ .Values.resource.tls.caCertificateSecretRef }} privateKey: algorithm: ECDSA diff --git a/charts/community-operator/templates/operator.yaml b/charts/community-operator/templates/operator.yaml index 61fad3f4..0b0259ec 100644 --- a/charts/community-operator/templates/operator.yaml +++ b/charts/community-operator/templates/operator.yaml @@ -6,8 +6,9 @@ metadata: email: support@mongodb.com labels: owner: mongodb + {{- include "community-operator.labels" . | nindent 4 }} name: {{ .Values.operator.name }} - namespace: {{ default .Release.Namespace .Values.operator.namespaceOverride | trunc 63 | trimSuffix "-" }} + namespace: {{ include "community-operator.namespace" . }} spec: replicas: {{ .Values.operator.replicas }} selector: @@ -21,6 +22,7 @@ spec: metadata: labels: name: {{ .Values.operator.name }} + {{- include "community-operator.labels" . | nindent 8 }} spec: {{- with .Values.imagePullSecrets }} imagePullSecrets: diff --git a/charts/community-operator/templates/operator_namespace.yaml b/charts/community-operator/templates/operator_namespace.yaml index 00fe1283..924dbf37 100644 --- a/charts/community-operator/templates/operator_namespace.yaml +++ b/charts/community-operator/templates/operator_namespace.yaml @@ -1,6 +1,8 @@ -{{- if .Values.operator.namespaceOverride }} +{{- if .Values.operator.namespace.create -}} apiVersion: v1 kind: Namespace metadata: - name: {{ .Values.operator.namespaceOverride }} + name: {{ include "community-operator.namespace" . }} + labels: + {{- include "community-operator.labels" . | nindent 4 }} {{- end }} diff --git a/charts/community-operator/templates/operator_roles.yaml b/charts/community-operator/templates/operator_roles.yaml index 635a49b3..8a1dc16f 100644 --- a/charts/community-operator/templates/operator_roles.yaml +++ b/charts/community-operator/templates/operator_roles.yaml @@ -3,8 +3,9 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ .Values.operator.name }} - namespace: {{ default .Release.Namespace .Values.operator.namespaceOverride | trunc 63 | trimSuffix "-" }} - + namespace: {{ include "community-operator.namespace" . }} + labels: + {{- include "community-operator.labels" . | nindent 4 }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: {{ if eq (.Values.operator.watchNamespace | default "") "*" }} ClusterRole {{ else }} Role {{ end }} @@ -13,8 +14,10 @@ metadata: {{- if not (eq (.Values.operator.watchNamespace | default "*") "*") }} namespace: {{ .Values.operator.watchNamespace }} {{- else }} - namespace: {{ default .Release.Namespace .Values.operator.namespaceOverride | trunc 63 | trimSuffix "-" }} + namespace: {{ include "community-operator.namespace" . }} {{- end }} + labels: + {{- include "community-operator.labels" . | nindent 4 }} rules: - apiGroups: - "" @@ -65,12 +68,14 @@ metadata: {{- if ne (.Values.operator.watchNamespace | default "*") "*" }} namespace: {{ .Values.operator.watchNamespace }} {{- else }} - namespace: {{ default .Release.Namespace .Values.operator.namespaceOverride | trunc 63 | trimSuffix "-" }} + namespace: {{ include "community-operator.namespace" . }} {{- end }} + labels: + {{- include "community-operator.labels" . | nindent 4 }} subjects: - kind: ServiceAccount name: {{ .Values.operator.name }} - namespace: {{ default .Release.Namespace .Values.operator.namespaceOverride | trunc 63 | trimSuffix "-" }} + namespace: {{ include "community-operator.namespace" . }} roleRef: kind: {{ if eq (.Values.operator.watchNamespace | default "") "*" }} ClusterRole {{ else }} Role {{ end }} name: {{ .Values.operator.name }} diff --git a/charts/community-operator/values.yaml b/charts/community-operator/values.yaml index 3ebc4d30..487964ed 100644 --- a/charts/community-operator/values.yaml +++ b/charts/community-operator/values.yaml @@ -8,9 +8,13 @@ operator: # Deployment, ServiceAccount, Role etc. name: mongodb-kubernetes-operator - # Allow the operator namespace to be overridden which is useful when having this operator - # be a subchart dependency - #namespaceOverride: mongodb-solution + # Controls the namespace that will be used or created. This is useful + # if the operator is going to be included as a subchart. + namespace: + # create set to true will cause the namespace to be created + create: false + # name set to the operator namespace. This only used if creating the namespace + name: # Name of the operator image operatorImageName: mongodb-kubernetes-operator From a65baf6db3a42cb191eb3e578a22b5602f27ce31 Mon Sep 17 00:00:00 2001 From: "Bergquist, Brett" Date: Sat, 18 Nov 2023 16:59:37 -0800 Subject: [PATCH 7/7] Draft: Resolve "Package community-operator-crds as local chart dependency as community-operator-crds-cp" --- charts/community-operator/Chart.yaml | 3 +- .../community-operator-crds-cp/.helmignore | 25 + .../community-operator-crds-cp/Chart.yaml | 16 + ...ommunity.mongodb.com_mongodbcommunity.yaml | 577 ++++++++++++++++++ .../community-operator-crds-cp/values.yaml | 0 5 files changed, 619 insertions(+), 2 deletions(-) create mode 100644 charts/community-operator/charts/community-operator-crds-cp/.helmignore create mode 100644 charts/community-operator/charts/community-operator-crds-cp/Chart.yaml create mode 100644 charts/community-operator/charts/community-operator-crds-cp/crds/mongodbcommunity.mongodb.com_mongodbcommunity.yaml create mode 100644 charts/community-operator/charts/community-operator-crds-cp/values.yaml diff --git a/charts/community-operator/Chart.yaml b/charts/community-operator/Chart.yaml index 15efe8a8..881d0ef6 100644 --- a/charts/community-operator/Chart.yaml +++ b/charts/community-operator/Chart.yaml @@ -2,8 +2,7 @@ apiVersion: v2 appVersion: 0.8.3 dependencies: - condition: community-operator-crds.enabled - name: community-operator-crds - repository: https://mongodb.github.io/helm-charts + name: community-operator-crds-cp version: 0.8.3 description: MongoDB Kubernetes Community Operator home: https://github.com/mongodb/mongodb-kubernetes-operator diff --git a/charts/community-operator/charts/community-operator-crds-cp/.helmignore b/charts/community-operator/charts/community-operator-crds-cp/.helmignore new file mode 100644 index 00000000..3ad22985 --- /dev/null +++ b/charts/community-operator/charts/community-operator-crds-cp/.helmignore @@ -0,0 +1,25 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +*.crt +*.key diff --git a/charts/community-operator/charts/community-operator-crds-cp/Chart.yaml b/charts/community-operator/charts/community-operator-crds-cp/Chart.yaml new file mode 100644 index 00000000..99b6b99f --- /dev/null +++ b/charts/community-operator/charts/community-operator-crds-cp/Chart.yaml @@ -0,0 +1,16 @@ +apiVersion: v2 +name: community-operator-crds-cp +description: MongoDB Kubernetes Community Operator - CRDs +type: application +version: 0.8.3 +appVersion: 0.8.3 +kubeVersion: '>=1.16-0' +keywords: +- mongodb +- database +- nosql +icon: https://mongodb-images-new.s3.eu-west-1.amazonaws.com/leaf-green-dark.png +home: https://github.com/mongodb/mongodb-kubernetes-operator +maintainers: +- name: MongoDB + email: support@mongodb.com diff --git a/charts/community-operator/charts/community-operator-crds-cp/crds/mongodbcommunity.mongodb.com_mongodbcommunity.yaml b/charts/community-operator/charts/community-operator-crds-cp/crds/mongodbcommunity.mongodb.com_mongodbcommunity.yaml new file mode 100644 index 00000000..f903a1b5 --- /dev/null +++ b/charts/community-operator/charts/community-operator-crds-cp/crds/mongodbcommunity.mongodb.com_mongodbcommunity.yaml @@ -0,0 +1,577 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.3 + service.binding: path={.metadata.name}-{.spec.users[0].db}-{.spec.users[0].name},objectType=Secret + service.binding/connectionString: path={.metadata.name}-{.spec.users[0].db}-{.spec.users[0].name},objectType=Secret,sourceKey=connectionString.standardSrv + service.binding/password: path={.metadata.name}-{.spec.users[0].db}-{.spec.users[0].name},objectType=Secret,sourceKey=password + service.binding/provider: community + service.binding/type: mongodb + service.binding/username: path={.metadata.name}-{.spec.users[0].db}-{.spec.users[0].name},objectType=Secret,sourceKey=username + creationTimestamp: null + name: mongodbcommunity.mongodbcommunity.mongodb.com +spec: + group: mongodbcommunity.mongodb.com + names: + kind: MongoDBCommunity + listKind: MongoDBCommunityList + plural: mongodbcommunity + shortNames: + - mdbc + singular: mongodbcommunity + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Current state of the MongoDB deployment + jsonPath: .status.phase + name: Phase + type: string + - description: Version of MongoDB server + jsonPath: .status.version + name: Version + type: string + name: v1 + schema: + openAPIV3Schema: + description: MongoDBCommunity is the Schema for the mongodbs API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MongoDBCommunitySpec defines the desired state of MongoDB + properties: + additionalConnectionStringConfig: + description: Additional options to be appended to the connection string. + These options apply to the entire resource and to each user. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + additionalMongodConfig: + description: 'AdditionalMongodConfig is additional configuration that + can be passed to each data-bearing mongod at runtime. Uses the same + structure as the mongod configuration file: https://www.mongodb.com/docs/manual/reference/configuration-options/' + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + agent: + description: AgentConfiguration sets options for the MongoDB automation + agent + properties: + logFile: + type: string + logLevel: + type: string + logRotate: + description: LogRotate if enabled, will enable LogRotate for all + processes. + properties: + includeAuditLogsWithMongoDBLogs: + description: set to 'true' to have the Automation Agent rotate + the audit files along with mongodb log files + type: boolean + numTotal: + description: maximum number of log files to have total + type: integer + numUncompressed: + description: maximum number of log files to leave uncompressed + type: integer + percentOfDiskspace: + description: Maximum percentage of the total disk space these + log files should take up. The string needs to be able to + be converted to float64 + type: string + sizeThresholdMB: + description: Maximum size for an individual log file before + rotation. The string needs to be able to be converted to + float64. Fractional values of MB are supported. + type: string + timeThresholdHrs: + description: maximum hours for an individual log file before + rotation + type: integer + required: + - sizeThresholdMB + - timeThresholdHrs + type: object + maxLogFileDurationHours: + type: integer + systemLog: + description: SystemLog configures system log of mongod + properties: + destination: + type: string + logAppend: + type: boolean + path: + type: string + required: + - destination + - logAppend + - path + type: object + type: object + arbiters: + description: 'Arbiters is the number of arbiters to add to the Replica + Set. It is not recommended to have more than one arbiter per Replica + Set. More info: https://www.mongodb.com/docs/manual/tutorial/add-replica-set-arbiter/' + type: integer + automationConfig: + description: AutomationConfigOverride is merged on top of the operator + created automation config. Processes are merged by name. Currently + Only the process.disabled field is supported. + properties: + processes: + items: + description: OverrideProcess contains fields that we can override + on the AutomationConfig processes. + properties: + disabled: + type: boolean + logRotate: + description: CrdLogRotate is the crd definition of LogRotate + including fields in strings while the agent supports them + as float64 + properties: + includeAuditLogsWithMongoDBLogs: + description: set to 'true' to have the Automation Agent + rotate the audit files along with mongodb log files + type: boolean + numTotal: + description: maximum number of log files to have total + type: integer + numUncompressed: + description: maximum number of log files to leave uncompressed + type: integer + percentOfDiskspace: + description: Maximum percentage of the total disk space + these log files should take up. The string needs to + be able to be converted to float64 + type: string + sizeThresholdMB: + description: Maximum size for an individual log file + before rotation. The string needs to be able to be + converted to float64. Fractional values of MB are + supported. + type: string + timeThresholdHrs: + description: maximum hours for an individual log file + before rotation + type: integer + required: + - sizeThresholdMB + - timeThresholdHrs + type: object + name: + type: string + required: + - disabled + - name + type: object + type: array + required: + - processes + type: object + featureCompatibilityVersion: + description: FeatureCompatibilityVersion configures the feature compatibility + version that will be set for the deployment + type: string + members: + description: Members is the number of members in the replica set + type: integer + prometheus: + description: Prometheus configurations. + properties: + metricsPath: + description: Indicates path to the metrics endpoint. + pattern: ^\/[a-z0-9]+$ + type: string + passwordSecretRef: + description: Name of a Secret containing a HTTP Basic Auth Password. + properties: + key: + description: Key is the key in the secret storing this password. + Defaults to "password" + type: string + name: + description: Name is the name of the secret storing this user's + password + type: string + required: + - name + type: object + port: + description: Port where metrics endpoint will bind to. Defaults + to 9216. + type: integer + tlsSecretKeyRef: + description: Name of a Secret (type kubernetes.io/tls) holding + the certificates to use in the Prometheus endpoint. + properties: + key: + description: Key is the key in the secret storing this password. + Defaults to "password" + type: string + name: + description: Name is the name of the secret storing this user's + password + type: string + required: + - name + type: object + username: + description: HTTP Basic Auth Username for metrics endpoint. + type: string + required: + - passwordSecretRef + - username + type: object + replicaSetHorizons: + description: ReplicaSetHorizons Add this parameter and values if you + need your database to be accessed outside of Kubernetes. This setting + allows you to provide different DNS settings within the Kubernetes + cluster and to the Kubernetes cluster. The Kubernetes Operator uses + split horizon DNS for replica set members. This feature allows communication + both within the Kubernetes cluster and from outside Kubernetes. + items: + additionalProperties: + type: string + type: object + type: array + security: + description: Security configures security features, such as TLS, and + authentication settings for a deployment + properties: + authentication: + properties: + agentCertificateSecretRef: + description: 'AgentCertificateSecret is a reference to a Secret + containing the certificate and the key for the automation + agent The secret needs to have available: - certificate + under key: "tls.crt" - private key under key: "tls.key" + If additionally, tls.pem is present, then it needs to be + equal to the concatenation of tls.crt and tls.key' + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + agentMode: + description: AgentMode contains the authentication mode used + by the automation agent. + enum: + - SCRAM + - SCRAM-SHA-256 + - SCRAM-SHA-1 + - X509 + type: string + ignoreUnknownUsers: + default: true + nullable: true + type: boolean + modes: + description: Modes is an array specifying which authentication + methods should be enabled. + items: + enum: + - SCRAM + - SCRAM-SHA-256 + - SCRAM-SHA-1 + - X509 + type: string + type: array + required: + - modes + type: object + roles: + description: User-specified custom MongoDB roles that should be + configured in the deployment. + items: + description: CustomRole defines a custom MongoDB role. + properties: + authenticationRestrictions: + description: The authentication restrictions the server + enforces on the role. + items: + description: AuthenticationRestriction specifies a list + of IP addresses and CIDR ranges users are allowed to + connect to or from. + properties: + clientSource: + items: + type: string + type: array + serverAddress: + items: + type: string + type: array + required: + - clientSource + - serverAddress + type: object + type: array + db: + description: The database of the role. + type: string + privileges: + description: The privileges to grant the role. + items: + description: Privilege defines the actions a role is allowed + to perform on a given resource. + properties: + actions: + items: + type: string + type: array + resource: + description: Resource specifies specifies the resources + upon which a privilege permits actions. See https://www.mongodb.com/docs/manual/reference/resource-document + for more. + properties: + anyResource: + type: boolean + cluster: + type: boolean + collection: + type: string + db: + type: string + type: object + required: + - actions + - resource + type: object + type: array + role: + description: The name of the role. + type: string + roles: + description: An array of roles from which this role inherits + privileges. + items: + description: Role is the database role this user should + have + properties: + db: + description: DB is the database the role can act on + type: string + name: + description: Name is the name of the role + type: string + required: + - db + - name + type: object + type: array + required: + - db + - privileges + - role + type: object + type: array + tls: + description: TLS configuration for both client-server and server-server + communication + properties: + caCertificateSecretRef: + description: CaCertificateSecret is a reference to a Secret + containing the certificate for the CA which signed the server + certificates The certificate is expected to be available + under the key "ca.crt" + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + caConfigMapRef: + description: CaConfigMap is a reference to a ConfigMap containing + the certificate for the CA which signed the server certificates + The certificate is expected to be available under the key + "ca.crt" This field is ignored when CaCertificateSecretRef + is configured + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + certificateKeySecretRef: + description: CertificateKeySecret is a reference to a Secret + containing a private key and certificate to use for TLS. + The key and cert are expected to be PEM encoded and available + at "tls.key" and "tls.crt". This is the same format used + for the standard "kubernetes.io/tls" Secret type, but no + specific type is required. Alternatively, an entry tls.pem, + containing the concatenation of cert and key, can be provided. + If all of tls.pem, tls.crt and tls.key are present, the + tls.pem one needs to be equal to the concatenation of tls.crt + and tls.key + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + enabled: + type: boolean + optional: + description: Optional configures if TLS should be required + or optional for connections + type: boolean + required: + - enabled + type: object + type: object + statefulSet: + description: StatefulSetConfiguration holds the optional custom StatefulSet + that should be merged into the operator created one. + properties: + metadata: + description: StatefulSetMetadataWrapper is a wrapper around Labels + and Annotations + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - spec + type: object + type: + description: Type defines which type of MongoDB deployment the resource + should create + enum: + - ReplicaSet + type: string + users: + description: Users specifies the MongoDB users that should be configured + in your deployment + items: + properties: + additionalConnectionStringConfig: + description: Additional options to be appended to the connection + string. These options apply only to this user and will override + any existing options in the resource. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + connectionStringSecretName: + description: ConnectionStringSecretName is the name of the secret + object created by the operator which exposes the connection + strings for the user. If provided, this secret must be different + for each user in a deployment. + type: string + db: + default: admin + description: DB is the database the user is stored in. Defaults + to "admin" + type: string + name: + description: Name is the username of the user + type: string + passwordSecretRef: + description: PasswordSecretRef is a reference to the secret + containing this user's password + properties: + key: + description: Key is the key in the secret storing this password. + Defaults to "password" + type: string + name: + description: Name is the name of the secret storing this + user's password + type: string + required: + - name + type: object + roles: + description: Roles is an array of roles assigned to this user + items: + description: Role is the database role this user should have + properties: + db: + description: DB is the database the role can act on + type: string + name: + description: Name is the name of the role + type: string + required: + - db + - name + type: object + type: array + scramCredentialsSecretName: + description: ScramCredentialsSecretName appended by string "scram-credentials" + is the name of the secret object created by the mongoDB operator + for storing SCRAM credentials These secrets names must be + different for each user in a deployment. + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + required: + - name + - roles + type: object + type: array + version: + description: Version defines which version of MongoDB will be used + type: string + required: + - security + - type + - users + type: object + status: + description: MongoDBCommunityStatus defines the observed state of MongoDB + properties: + currentMongoDBArbiters: + type: integer + currentMongoDBMembers: + type: integer + currentStatefulSetArbitersReplicas: + type: integer + currentStatefulSetReplicas: + type: integer + message: + type: string + mongoUri: + type: string + phase: + type: string + version: + type: string + required: + - currentMongoDBMembers + - currentStatefulSetReplicas + - mongoUri + - phase + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/community-operator/charts/community-operator-crds-cp/values.yaml b/charts/community-operator/charts/community-operator-crds-cp/values.yaml new file mode 100644 index 00000000..e69de29b