| {{- /* |
| Copyright VMware, Inc. |
| SPDX-License-Identifier: APACHE-2.0 |
| */}} |
| |
| {{- if eq .Values.architecture "replicaset" }} |
| {{- $replicaCount := int .Values.replicaCount }} |
| {{- $loadBalancerIPListLength := len .Values.externalAccess.service.loadBalancerIPs }} |
| {{- if not (and .Values.externalAccess.enabled (not .Values.externalAccess.autoDiscovery.enabled) (not (eq $replicaCount $loadBalancerIPListLength )) (eq .Values.externalAccess.service.type "LoadBalancer")) }} |
| apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} |
| kind: StatefulSet |
| metadata: |
| name: {{ include "mongodb.fullname" . }} |
| namespace: {{ include "mongodb.namespace" . | quote }} |
| {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.labels .Values.commonLabels ) "context" . ) }} |
| labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} |
| app.kubernetes.io/component: mongodb |
| {{- if or .Values.annotations .Values.commonAnnotations }} |
| {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.annotations .Values.commonAnnotations ) "context" . ) }} |
| annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} |
| {{- end }} |
| spec: |
| serviceName: {{ include "mongodb.service.nameOverride" . }} |
| podManagementPolicy: {{ .Values.podManagementPolicy }} |
| replicas: {{ .Values.replicaCount }} |
| {{- if .Values.updateStrategy }} |
| updateStrategy: {{- toYaml .Values.updateStrategy | nindent 4 }} |
| {{- end }} |
| {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }} |
| selector: |
| matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }} |
| app.kubernetes.io/component: mongodb |
| template: |
| metadata: |
| labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }} |
| app.kubernetes.io/component: mongodb |
| {{- if or (include "mongodb.createConfigmap" .) .Values.podAnnotations }} |
| annotations: |
| {{- if (include "mongodb.createConfigmap" .) }} |
| checksum/configuration: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} |
| {{- end }} |
| {{- if .Values.podAnnotations }} |
| {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} |
| {{- end }} |
| {{- end }} |
| spec: |
| {{- include "mongodb.imagePullSecrets" . | nindent 6 }} |
| {{- if .Values.schedulerName }} |
| schedulerName: {{ .Values.schedulerName | quote }} |
| {{- end }} |
| serviceAccountName: {{ template "mongodb.serviceAccountName" . }} |
| automountServiceAccountToken: {{ .Values.automountServiceAccountToken }} |
| {{- if .Values.hostAliases }} |
| hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} |
| {{- end }} |
| {{- if .Values.affinity }} |
| affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} |
| {{- else }} |
| affinity: |
| podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "component" "mongodb" "customLabels" $podLabels "topologyKey" .Values.topologyKey "context" $) | nindent 10 }} |
| podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "component" "mongodb" "customLabels" $podLabels "topologyKey" .Values.topologyKey "context" $) | nindent 10 }} |
| nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} |
| {{- end }} |
| {{- if .Values.nodeSelector }} |
| nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} |
| {{- end }} |
| {{- if .Values.tolerations }} |
| tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} |
| {{- end }} |
| {{- if .Values.topologySpreadConstraints }} |
| topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" $) | nindent 8 }} |
| {{- end }} |
| {{- if .Values.priorityClassName }} |
| priorityClassName: {{ .Values.priorityClassName }} |
| {{- end }} |
| {{- if .Values.runtimeClassName }} |
| runtimeClassName: {{ .Values.runtimeClassName }} |
| {{- end }} |
| {{- if .Values.podSecurityContext.enabled }} |
| securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} |
| {{- end }} |
| {{ if .Values.terminationGracePeriodSeconds }} |
| terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} |
| {{- end }} |
| enableServiceLinks: {{ .Values.enableServiceLinks }} |
| {{- if or .Values.initContainers (and .Values.volumePermissions.enabled .Values.persistence.enabled) (and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled) .Values.tls.enabled }} |
| initContainers: |
| {{- if .Values.initContainers }} |
| {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} |
| {{- end }} |
| {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} |
| - name: volume-permissions |
| image: {{ include "mongodb.volumePermissions.image" . }} |
| imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} |
| command: |
| - /bin/bash |
| args: |
| - -ec |
| - | |
| mkdir -p {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} |
| chown {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} |
| find {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} |
| {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} |
| securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }} |
| {{- else }} |
| securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }} |
| {{- end }} |
| {{- if .Values.volumePermissions.resources }} |
| resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} |
| {{- else if ne .Values.volumePermissions.resourcesPreset "none" }} |
| resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }} |
| {{- end }} |
| volumeMounts: |
| - name: datadir |
| mountPath: {{ .Values.persistence.mountPath }} |
| - name: empty-dir |
| mountPath: /tmp |
| subPath: tmp-dir |
| {{- end }} |
| {{- if .Values.tls.enabled }} |
| - name: generate-tls-certs |
| image: {{ include "mongodb.tls.image" . }} |
| imagePullPolicy: {{ .Values.tls.image.pullPolicy | quote }} |
| env: |
| - name: MY_POD_NAMESPACE |
| valueFrom: |
| fieldRef: |
| fieldPath: metadata.namespace |
| - name: MY_POD_HOST_IP |
| valueFrom: |
| fieldRef: |
| fieldPath: status.hostIP |
| - name: MY_POD_NAME |
| valueFrom: |
| fieldRef: |
| fieldPath: metadata.name |
| volumeMounts: |
| {{- if (include "mongodb.autoGenerateCerts" .) }} |
| - name: certs-volume |
| mountPath: /certs/CAs |
| {{- else }} |
| {{- range $index, $_ := .Values.tls.replicaset.existingSecrets }} |
| - name: mongodb-certs-{{ $index }} |
| mountPath: /certs-{{ $index }} |
| {{- end }} |
| {{- end }} |
| - name: certs |
| mountPath: /certs |
| - name: common-scripts |
| mountPath: /bitnami/scripts |
| - name: empty-dir |
| mountPath: /tmp |
| subPath: tmp-dir |
| command: |
| - /bitnami/scripts/generate-certs.sh |
| args: |
| - -s {{ include "mongodb.service.nameOverride" . }} |
| {{- if .Values.externalAccess.service.loadBalancerIPs }} |
| - -i {{ join "," .Values.externalAccess.service.loadBalancerIPs }} |
| {{- end }} |
| {{- if .Values.tls.extraDnsNames }} |
| - -n {{ join "," .Values.tls.extraDnsNames }} |
| {{- end }} |
| {{- if .Values.tls.resources }} |
| resources: {{- toYaml .Values.tls.resources | nindent 12 }} |
| {{- else if ne .Values.tls.resourcesPreset "none" }} |
| resources: {{- include "common.resources.preset" (dict "type" .Values.tls.resourcesPreset) | nindent 12 }} |
| {{- end }} |
| {{- end }} |
| {{- if and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.service.type "LoadBalancer") }} |
| - name: auto-discovery |
| image: {{ include "mongodb.externalAccess.autoDiscovery.image" . }} |
| imagePullPolicy: {{ .Values.externalAccess.autoDiscovery.image.pullPolicy | quote }} |
| # We need the service account token for contacting the k8s API |
| automountServiceAccountToken: true |
| command: |
| - /scripts/auto-discovery.sh |
| env: |
| - name: MY_POD_NAME |
| valueFrom: |
| fieldRef: |
| fieldPath: metadata.name |
| - name: SHARED_FILE |
| value: "/shared/info.txt" |
| {{- if .Values.externalAccess.autoDiscovery.resources }} |
| resources: {{- toYaml .Values.externalAccess.autoDiscovery.resources | nindent 12 }} |
| {{- else if ne .Values.externalAccess.autoDiscovery.resourcesPreset "none" }} |
| resources: {{- include "common.resources.preset" (dict "type" .Values.externalAccess.autoDiscovery.resourcesPreset) | nindent 12 }} |
| {{- end }} |
| volumeMounts: |
| - name: shared |
| mountPath: /shared |
| - name: scripts |
| mountPath: /scripts/auto-discovery.sh |
| subPath: auto-discovery.sh |
| - name: empty-dir |
| mountPath: /tmp |
| subPath: tmp-dir |
| {{- end }} |
| {{- end }} |
| containers: |
| - name: mongodb |
| image: {{ include "mongodb.image" . }} |
| imagePullPolicy: {{ .Values.image.pullPolicy | quote }} |
| {{- if .Values.containerSecurityContext.enabled }} |
| securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} |
| {{- end }} |
| {{- if .Values.diagnosticMode.enabled }} |
| command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} |
| {{- else if .Values.command }} |
| command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} |
| {{- else }} |
| command: |
| - /scripts/setup.sh |
| {{- end }} |
| {{- if .Values.diagnosticMode.enabled }} |
| args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} |
| {{- else if .Values.args }} |
| args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} |
| {{- end }} |
| {{- if .Values.lifecycleHooks }} |
| lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} |
| {{- end }} |
| env: |
| - name: BITNAMI_DEBUG |
| value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} |
| {{- if and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.service.type "LoadBalancer") }} |
| - name: SHARED_FILE |
| value: "/shared/info.txt" |
| {{- end }} |
| - name: MY_POD_NAME |
| valueFrom: |
| fieldRef: |
| fieldPath: metadata.name |
| - name: MY_POD_NAMESPACE |
| valueFrom: |
| fieldRef: |
| fieldPath: metadata.namespace |
| - name: MY_POD_HOST_IP |
| valueFrom: |
| fieldRef: |
| fieldPath: status.hostIP |
| - name: K8S_SERVICE_NAME |
| value: "{{ include "mongodb.service.nameOverride" . }}" |
| - name: MONGODB_INITIAL_PRIMARY_HOST |
| value: {{ printf "%s-0.$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.%s" (include "mongodb.fullname" .) .Values.clusterDomain }} |
| - name: MONGODB_REPLICA_SET_NAME |
| value: {{ .Values.replicaSetName | quote }} |
| {{- if and .Values.replicaSetHostnames (not .Values.externalAccess.enabled) }} |
| - name: MONGODB_ADVERTISED_HOSTNAME |
| value: "$(MY_POD_NAME).$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.{{ .Values.clusterDomain }}" |
| {{- end }} |
| {{- $customUsers := include "mongodb.customUsers" . -}} |
| {{- $customDatabases := include "mongodb.customDatabases" . -}} |
| {{- if not (empty $customUsers) }} |
| - name: MONGODB_EXTRA_USERNAMES |
| value: {{ $customUsers | quote }} |
| {{- end }} |
| {{- if not (empty $customDatabases) }} |
| - name: MONGODB_EXTRA_DATABASES |
| value: {{ $customDatabases | quote }} |
| {{- end }} |
| {{- if .Values.auth.enabled }} |
| {{- if and (not (empty $customUsers)) (not (empty $customDatabases)) }} |
| - name: MONGODB_EXTRA_PASSWORDS |
| valueFrom: |
| secretKeyRef: |
| name: {{ include "mongodb.secretName" . }} |
| key: mongodb-passwords |
| {{- end }} |
| - name: MONGODB_ROOT_USER |
| value: {{ .Values.auth.rootUser | quote }} |
| - name: MONGODB_ROOT_PASSWORD |
| valueFrom: |
| secretKeyRef: |
| name: {{ include "mongodb.secretName" . }} |
| key: mongodb-root-password |
| - name: MONGODB_REPLICA_SET_KEY |
| valueFrom: |
| secretKeyRef: |
| name: {{ include "mongodb.secretName" . }} |
| key: mongodb-replica-set-key |
| {{- end }} |
| {{- if and .Values.metrics.enabled (not (empty .Values.metrics.username)) }} |
| - name: MONGODB_METRICS_USERNAME |
| value: {{ .Values.metrics.username | quote }} |
| {{- if .Values.auth.enabled }} |
| - name: MONGODB_METRICS_PASSWORD |
| valueFrom: |
| secretKeyRef: |
| name: {{ include "mongodb.secretName" . }} |
| key: mongodb-metrics-password |
| {{- end }} |
| {{- end }} |
| - name: ALLOW_EMPTY_PASSWORD |
| value: {{ ternary "no" "yes" .Values.auth.enabled | quote }} |
| - name: MONGODB_SYSTEM_LOG_VERBOSITY |
| value: {{ .Values.systemLogVerbosity | quote }} |
| - name: MONGODB_DISABLE_SYSTEM_LOG |
| value: {{ ternary "yes" "no" .Values.disableSystemLog | quote }} |
| - name: MONGODB_DISABLE_JAVASCRIPT |
| value: {{ ternary "yes" "no" .Values.disableJavascript | quote }} |
| - name: MONGODB_ENABLE_JOURNAL |
| value: {{ ternary "yes" "no" .Values.enableJournal | quote }} |
| - name: MONGODB_PORT_NUMBER |
| value: {{ .Values.containerPorts.mongodb | quote }} |
| - name: MONGODB_ENABLE_IPV6 |
| value: {{ ternary "yes" "no" .Values.enableIPv6 | quote }} |
| - name: MONGODB_ENABLE_DIRECTORY_PER_DB |
| value: {{ ternary "yes" "no" .Values.directoryPerDB | quote }} |
| {{- $extraFlags := .Values.extraFlags | join " " -}} |
| {{- if .Values.tls.enabled }} |
| {{- if .Values.tls.mTLS.enabled }} |
| {{- $extraFlags = printf "--tlsCAFile=/certs/mongodb-ca-cert %s" $extraFlags }} |
| {{- end }} |
| {{- $extraFlags = printf "--tlsMode=%s --tlsCertificateKeyFile=/certs/mongodb.pem %s" .Values.tls.mode $extraFlags }} |
| {{- end }} |
| {{- if ne $extraFlags "" }} |
| - name: MONGODB_EXTRA_FLAGS |
| value: {{ $extraFlags | quote }} |
| {{- end }} |
| {{- if .Values.tls.enabled }} |
| - name: MONGODB_CLIENT_EXTRA_FLAGS |
| value: --tls {{ if .Values.tls.mTLS.enabled }}--tlsCertificateKeyFile=/certs/mongodb.pem {{ end }}--tlsCAFile=/certs/mongodb-ca-cert |
| {{- end }} |
| {{- if .Values.extraEnvVars }} |
| {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} |
| {{- end }} |
| {{- if or .Values.extraEnvVarsCM .Values.extraEnvVarsSecret }} |
| envFrom: |
| {{- if .Values.extraEnvVarsCM }} |
| - configMapRef: |
| name: {{ tpl .Values.extraEnvVarsCM . | quote }} |
| {{- end }} |
| {{- if .Values.extraEnvVarsSecret }} |
| - secretRef: |
| name: {{ tpl .Values.extraEnvVarsSecret . | quote }} |
| {{- end }} |
| {{- end }} |
| ports: |
| - name: mongodb |
| containerPort: {{ .Values.containerPorts.mongodb }} |
| {{- if not .Values.diagnosticMode.enabled }} |
| {{- if .Values.customLivenessProbe }} |
| livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} |
| {{- else if .Values.livenessProbe.enabled }} |
| livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }} |
| exec: |
| command: |
| - /bitnami/scripts/ping-mongodb.sh |
| {{- end }} |
| {{- if .Values.customReadinessProbe }} |
| readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} |
| {{- else if .Values.readinessProbe.enabled }} |
| readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }} |
| exec: |
| command: |
| - /bitnami/scripts/readiness-probe.sh |
| {{- end }} |
| {{- if .Values.customStartupProbe }} |
| startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} |
| {{- else if .Values.startupProbe.enabled }} |
| startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }} |
| exec: |
| command: |
| - /bitnami/scripts/startup-probe.sh |
| {{- end }} |
| {{- end }} |
| {{- if .Values.resources }} |
| resources: {{- toYaml .Values.resources | nindent 12 }} |
| {{- else if ne .Values.resourcesPreset "none" }} |
| resources: {{- include "common.resources.preset" (dict "type" .Values.resourcesPreset) | nindent 12 }} |
| {{- end }} |
| volumeMounts: |
| - name: empty-dir |
| mountPath: /tmp |
| subPath: tmp-dir |
| - name: empty-dir |
| mountPath: /opt/bitnami/mongodb/conf |
| subPath: app-conf-dir |
| - name: empty-dir |
| mountPath: /opt/bitnami/mongodb/tmp |
| subPath: app-tmp-dir |
| - name: empty-dir |
| mountPath: /opt/bitnami/mongodb/logs |
| subPath: app-logs-dir |
| - name: datadir |
| mountPath: {{ .Values.persistence.mountPath }} |
| subPath: {{ .Values.persistence.subPath }} |
| - name: common-scripts |
| mountPath: /bitnami/scripts |
| {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }} |
| - name: custom-init-scripts |
| mountPath: /docker-entrypoint-initdb.d |
| {{- end }} |
| {{- if or .Values.configuration .Values.existingConfigmap }} |
| - name: config |
| mountPath: /opt/bitnami/mongodb/conf/mongodb.conf |
| subPath: mongodb.conf |
| {{- end }} |
| - name: scripts |
| mountPath: /scripts/setup.sh |
| subPath: setup.sh |
| {{ if .Values.replicaSetConfigurationSettings.enabled }} |
| - name: scripts |
| mountPath: /scripts/replicaSetConfigurationSettings.sh |
| subPath: replicaSetConfigurationSettings.sh |
| {{- end }} |
| {{- if and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.service.type "LoadBalancer") }} |
| - name: shared |
| mountPath: /shared |
| {{- end }} |
| {{- if .Values.tls.enabled }} |
| - name: certs |
| mountPath: /certs |
| {{- end }} |
| {{- if .Values.extraVolumeMounts }} |
| {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} |
| {{- end }} |
| {{- if .Values.metrics.enabled }} |
| - name: metrics |
| image: {{ template "mongodb.metrics.image" . }} |
| imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} |
| {{- if .Values.containerSecurityContext.enabled }} |
| securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} |
| {{- end }} |
| {{- if .Values.diagnosticMode.enabled }} |
| command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} |
| {{- else if .Values.metrics.command }} |
| command: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.command "context" $) | nindent 12 }} |
| {{- else }} |
| command: |
| - /bin/bash |
| - -ec |
| {{- end }} |
| {{- if .Values.diagnosticMode.enabled }} |
| args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} |
| {{- else if .Values.metrics.args }} |
| args: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.args "context" $) | nindent 12 }} |
| {{- else }} |
| args: |
| - | |
| /bin/mongodb_exporter {{ include "mongodb.exporterArgs" $ }} --mongodb.direct-connect --mongodb.global-conn-pool --web.listen-address ":{{ .Values.metrics.containerPort }}" --mongodb.uri "{{ include "mongodb.mongodb_exporter.uri" . }}" {{ .Values.metrics.extraFlags }} |
| {{- end }} |
| env: |
| {{- if .Values.auth.enabled }} |
| {{- if not .Values.metrics.username }} |
| - name: MONGODB_ROOT_USER |
| value: {{ .Values.auth.rootUser | quote }} |
| - name: MONGODB_ROOT_PASSWORD |
| valueFrom: |
| secretKeyRef: |
| name: {{ include "mongodb.secretName" . }} |
| key: mongodb-root-password |
| {{- else }} |
| - name: MONGODB_METRICS_USERNAME |
| value: {{ .Values.metrics.username | quote }} |
| - name: MONGODB_METRICS_PASSWORD |
| valueFrom: |
| secretKeyRef: |
| name: {{ include "mongodb.secretName" . }} |
| key: mongodb-metrics-password |
| {{- end }} |
| {{- end }} |
| volumeMounts: |
| - name: empty-dir |
| mountPath: /tmp |
| subPath: tmp-dir |
| {{- if .Values.tls.enabled }} |
| - name: certs |
| mountPath: /certs |
| {{- end }} |
| {{- if .Values.metrics.extraVolumeMounts }} |
| {{- include "common.tplvalues.render" (dict "value" .Values.metrics.extraVolumeMounts "context" $) | nindent 12 }} |
| {{- end }} |
| ports: |
| - name: metrics |
| containerPort: {{ .Values.metrics.containerPort }} |
| {{- if not .Values.diagnosticMode.enabled }} |
| {{- if .Values.metrics.customLivenessProbe }} |
| livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customLivenessProbe "context" $) | nindent 12 }} |
| {{- else if .Values.metrics.livenessProbe.enabled }} |
| livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.livenessProbe "enabled") "context" $) | nindent 12 }} |
| httpGet: |
| path: / |
| port: metrics |
| {{- end }} |
| {{- if .Values.metrics.customReadinessProbe }} |
| readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customReadinessProbe "context" $) | nindent 12 }} |
| {{- else if .Values.metrics.readinessProbe.enabled }} |
| readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.readinessProbe "enabled") "context" $) | nindent 12 }} |
| httpGet: |
| path: / |
| port: metrics |
| {{- end }} |
| {{- if .Values.metrics.customStartupProbe }} |
| startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }} |
| {{- else if .Values.metrics.startupProbe.enabled }} |
| startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.startupProbe "enabled") "context" $) | nindent 12 }} |
| tcpSocket: |
| port: metrics |
| {{- end }} |
| {{- end }} |
| {{- if .Values.metrics.resources }} |
| resources: {{- toYaml .Values.metrics.resources | nindent 12 }} |
| {{- else if ne .Values.metrics.resourcesPreset "none" }} |
| resources: {{- include "common.resources.preset" (dict "type" .Values.metrics.resourcesPreset) | nindent 12 }} |
| {{- end }} |
| {{- end }} |
| {{- if .Values.sidecars }} |
| {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }} |
| {{- end }} |
| volumes: |
| - name: empty-dir |
| emptyDir: {} |
| - name: common-scripts |
| configMap: |
| name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }} |
| defaultMode: 0550 |
| {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }} |
| - name: custom-init-scripts |
| configMap: |
| name: {{ template "mongodb.initdbScriptsCM" . }} |
| {{- end }} |
| {{- if or .Values.configuration .Values.existingConfigmap }} |
| - name: config |
| configMap: |
| name: {{ include "mongodb.configmapName" . }} |
| {{- end }} |
| {{- if and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.service.type "LoadBalancer") }} |
| - name: shared |
| emptyDir: {} |
| {{- end }} |
| - name: scripts |
| configMap: |
| name: {{ printf "%s-scripts" (include "mongodb.fullname" .) }} |
| defaultMode: 0755 |
| {{- if .Values.extraVolumes }} |
| {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} |
| {{- end }} |
| {{- if .Values.tls.enabled }} |
| - name: certs |
| emptyDir: {} |
| {{- if (include "mongodb.autoGenerateCerts" .) }} |
| - name: certs-volume |
| secret: |
| secretName: {{ template "mongodb.tlsSecretName" . }} |
| items: |
| - key: mongodb-ca-cert |
| path: mongodb-ca-cert |
| mode: 0600 |
| - key: mongodb-ca-key |
| path: mongodb-ca-key |
| mode: 0600 |
| {{- else }} |
| {{- range $index, $secret := .Values.tls.replicaset.existingSecrets }} |
| - name: mongodb-certs-{{ $index }} |
| secret: |
| secretName: {{ include "common.tplvalues.render" ( dict "value" $secret "context" $) }} |
| defaultMode: 256 |
| {{- end }} |
| {{- end }} |
| {{- end }} |
| {{- if not .Values.persistence.enabled }} |
| - name: datadir |
| {{- if .Values.persistence.medium }} |
| emptyDir: |
| medium: {{ .Values.persistence.medium | quote }} |
| {{- else }} |
| emptyDir: {} |
| {{- end }} |
| {{- else }} |
| {{- if .Values.persistentVolumeClaimRetentionPolicy.enabled }} |
| persistentVolumeClaimRetentionPolicy: |
| whenDeleted: {{ .Values.persistentVolumeClaimRetentionPolicy.whenDeleted }} |
| whenScaled: {{ .Values.persistentVolumeClaimRetentionPolicy.whenScaled }} |
| {{- end }} |
| volumeClaimTemplates: |
| - apiVersion: v1 |
| kind: PersistentVolumeClaim |
| metadata: |
| name: datadir |
| {{- if .Values.persistence.annotations }} |
| annotations: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.annotations "context" $) | nindent 10 }} |
| {{- end }} |
| spec: |
| accessModes: |
| {{- range .Values.persistence.accessModes }} |
| - {{ . | quote }} |
| {{- end }} |
| resources: |
| requests: |
| storage: {{ .Values.persistence.size | quote }} |
| {{- if .Values.persistence.volumeClaimTemplates.requests }} |
| {{- include "common.tplvalues.render" (dict "value" .Values.persistence.volumeClaimTemplates.requests "context" $) | nindent 12 }} |
| {{- end }} |
| {{- if .Values.persistence.volumeClaimTemplates.dataSource }} |
| dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.volumeClaimTemplates.dataSource "context" $) | nindent 10 }} |
| {{- end }} |
| {{- if .Values.persistence.volumeClaimTemplates.selector }} |
| selector: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.volumeClaimTemplates.selector "context" $) | nindent 10 }} |
| {{- end }} |
| {{ include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) }} |
| {{- end }} |
| {{- end }} |
| {{- end }} |