Andreas Geissler | cde4a78 | 2024-02-28 16:08:06 +0100 | [diff] [blame] | 1 | {{- /* |
| 2 | Copyright VMware, Inc. |
| 3 | SPDX-License-Identifier: APACHE-2.0 |
| 4 | */}} |
| 5 | |
| 6 | {{- if .Values.backup.enabled }} |
| 7 | apiVersion: batch/v1 |
| 8 | kind: CronJob |
| 9 | metadata: |
| 10 | name: {{ include "mongodb.fullname" . }}-mongodump |
| 11 | namespace: {{ include "mongodb.namespace" . | quote }} |
| 12 | labels: {{- include "common.labels.standard" . | nindent 4 }} |
| 13 | app.kubernetes.io/component: mongodump |
| 14 | {{- if .Values.backup.cronjob.labels }} |
| 15 | {{- include "common.tplvalues.render" (dict "value" .Values.backup.cronjob.labels "context" $) | nindent 4 }} |
| 16 | {{- end }} |
| 17 | {{- if .Values.commonLabels }} |
| 18 | {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} |
| 19 | {{- end }} |
| 20 | {{- if or .Values.backup.cronjob.annotations .Values.commonAnnotations }} |
| 21 | annotations: |
| 22 | {{- if .Values.backup.cronjob.annotations }} |
| 23 | {{- include "common.tplvalues.render" ( dict "value" .Values.backup.cronjob.annotations "context" $) | nindent 4 }} |
| 24 | {{- end }} |
| 25 | {{- if .Values.commonAnnotations }} |
| 26 | {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} |
| 27 | {{- end }} |
| 28 | {{- end }} |
| 29 | spec: |
| 30 | schedule: {{ quote .Values.backup.cronjob.schedule }} |
| 31 | concurrencyPolicy: {{ .Values.backup.cronjob.concurrencyPolicy }} |
| 32 | failedJobsHistoryLimit: {{ .Values.backup.cronjob.failedJobsHistoryLimit }} |
| 33 | successfulJobsHistoryLimit: {{ .Values.backup.cronjob.successfulJobsHistoryLimit }} |
| 34 | {{- if .Values.backup.cronjob.startingDeadlineSeconds }} |
| 35 | startingDeadlineSeconds: {{ .Values.backup.cronjob.startingDeadlineSeconds }} |
| 36 | {{- end }} |
| 37 | jobTemplate: |
| 38 | spec: |
| 39 | {{- if .Values.backup.cronjob.ttlSecondsAfterFinished }} |
| 40 | ttlSecondsAfterFinished: {{ .Values.backup.cronjob.ttlSecondsAfterFinished }} |
| 41 | {{- end }} |
| 42 | template: |
| 43 | metadata: |
| 44 | labels: {{- include "common.labels.standard" . | nindent 12 }} |
| 45 | app.kubernetes.io/component: mongodump |
| 46 | {{- if .Values.backup.cronjob.labels }} |
| 47 | {{- include "common.tplvalues.render" (dict "value" .Values.backup.cronjob.labels "context" $) | nindent 12 }} |
| 48 | {{- end }} |
| 49 | {{- if .Values.commonLabels }} |
| 50 | {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 12 }} |
| 51 | {{- end }} |
| 52 | {{- if or .Values.backup.cronjob.annotations .Values.commonAnnotations }} |
| 53 | annotations: |
| 54 | {{- if .Values.backup.cronjob.annotations }} |
| 55 | {{- include "common.tplvalues.render" ( dict "value" .Values.backup.cronjob.annotations "context" $) | nindent 12 }} |
| 56 | {{- end }} |
| 57 | {{- if .Values.commonAnnotations }} |
| 58 | {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 12 }} |
| 59 | {{- end }} |
| 60 | {{- end }} |
| 61 | spec: |
| 62 | {{- include "mongodb.imagePullSecrets" . | nindent 10 }} |
| 63 | {{- if .Values.podSecurityContext.enabled }} |
| 64 | securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 12 }} |
| 65 | {{- end }} |
| 66 | enableServiceLinks: {{ .Values.enableServiceLinks }} |
| 67 | {{- if .Values.tls.enabled }} |
| 68 | initContainers: |
| 69 | - name: generate-tls-certs |
| 70 | image: {{ include "mongodb.tls.image" . }} |
| 71 | imagePullPolicy: {{ .Values.tls.image.pullPolicy | quote }} |
| 72 | env: |
| 73 | - name: MY_POD_NAMESPACE |
| 74 | valueFrom: |
| 75 | fieldRef: |
| 76 | fieldPath: metadata.namespace |
| 77 | - name: MY_POD_HOST_IP |
| 78 | valueFrom: |
| 79 | fieldRef: |
| 80 | fieldPath: status.hostIP |
| 81 | volumeMounts: |
| 82 | - name: empty-dir |
| 83 | mountPath: /tmp |
| 84 | subPath: tmp-dir |
| 85 | {{- if (include "mongodb.autoGenerateCerts" .) }} |
| 86 | - name: certs-volume |
| 87 | mountPath: /certs/CAs |
| 88 | {{- else }} |
| 89 | - name: mongodb-certs-0 |
| 90 | mountPath: /certs-0 |
| 91 | {{- end }} |
| 92 | - name: certs |
| 93 | mountPath: /certs |
| 94 | - name: common-scripts |
| 95 | mountPath: /bitnami/scripts |
| 96 | command: |
| 97 | - /bitnami/scripts/generate-certs.sh |
| 98 | args: |
| 99 | - -s {{ include "mongodb.service.nameOverride" . }} |
| 100 | {{- if .Values.externalAccess.service.loadBalancerIPs }} |
| 101 | - -i {{ join "," .Values.externalAccess.service.loadBalancerIPs }} |
| 102 | {{- end }} |
| 103 | {{- if .Values.tls.extraDnsNames }} |
| 104 | - -n {{ join "," .Values.tls.extraDnsNames }} |
| 105 | {{- end }} |
| 106 | {{- if .Values.tls.resources }} |
| 107 | resources: {{- toYaml .Values.tls.resources | nindent 16 }} |
| 108 | {{- else if ne .Values.tls.resourcesPreset "none" }} |
| 109 | resources: {{- include "common.resources.preset" (dict "type" .Values.tls.resourcesPreset) | nindent 16 }} |
| 110 | {{- end }} |
| 111 | {{- end }} |
| 112 | containers: |
| 113 | - name: {{ include "mongodb.fullname" . }}-mongodump |
| 114 | image: {{ include "mongodb.image" . }} |
| 115 | imagePullPolicy: {{ .Values.image.pullPolicy | quote }} |
| 116 | env: |
| 117 | {{- if .Values.auth.enabled }} |
| 118 | - name: MONGODB_ROOT_USER |
| 119 | value: {{ .Values.auth.rootUser | quote }} |
| 120 | - name: MONGODB_ROOT_PASSWORD |
| 121 | valueFrom: |
| 122 | secretKeyRef: |
| 123 | name: {{ include "mongodb.secretName" . }} |
| 124 | key: mongodb-root-password |
| 125 | {{- end }} |
| 126 | - name: MONGODB_SERVICE_NAME |
| 127 | value: {{ include "mongodb.service.nameOverride" . }} |
| 128 | - name: MONGODB_PORT_NUMBER |
| 129 | value: {{ .Values.containerPorts.mongodb | quote }} |
| 130 | - name: MONGODUMP_DIR |
| 131 | value: {{ .Values.backup.cronjob.storage.mountPath }} |
| 132 | {{- if .Values.tls.enabled }} |
| 133 | - name: MONGODB_CLIENT_EXTRA_FLAGS |
| 134 | value: --ssl --sslPEMKeyFile=/certs/mongodb.pem --sslCAFile=/certs/mongodb-ca-cert |
| 135 | {{- end }} |
| 136 | {{- if .Values.backup.cronjob.command }} |
| 137 | command: {{- include "common.tplvalues.render" (dict "value" .Values.backup.cronjob.command "context" $) | nindent 14 }} |
| 138 | {{- else }} |
| 139 | command: |
| 140 | - /bin/sh |
| 141 | - -c |
| 142 | - "mongodump {{- if .Values.auth.enabled }} --username=${MONGODB_ROOT_USER} --password=${MONGODB_ROOT_PASSWORD} --authenticationDatabase=admin {{- end }} --host=${MONGODB_SERVICE_NAME} --port=${MONGODB_PORT_NUMBER} ${MONGODB_CLIENT_EXTRA_FLAGS} {{- if (eq $.Values.architecture "replicaset") }}--oplog{{- end }} --gzip --archive=${MONGODUMP_DIR}/mongodump-$(date '+%Y-%m-%d-%H-%M').gz" |
| 143 | {{- end }} |
| 144 | volumeMounts: |
| 145 | - name: empty-dir |
| 146 | mountPath: /tmp |
| 147 | subPath: tmp-dir |
| 148 | {{- if .Values.tls.enabled }} |
| 149 | - name: certs |
| 150 | mountPath: /certs |
| 151 | {{- if (include "mongodb.autoGenerateCerts" .) }} |
| 152 | - name: certs-volume |
| 153 | mountPath: /certs/CAs |
| 154 | {{- else }} |
| 155 | - name: mongodb-certs-0 |
| 156 | mountPath: /certs-0 |
| 157 | {{- end }} |
| 158 | {{- end }} |
| 159 | - name: datadir |
| 160 | mountPath: {{ .Values.backup.cronjob.storage.mountPath }} |
| 161 | subPath: {{ .Values.backup.cronjob.storage.subPath }} |
| 162 | {{- if .Values.backup.cronjob.containerSecurityContext.enabled }} |
| 163 | securityContext: |
| 164 | {{- include "common.tplvalues.render" ( dict "value" ( omit .Values.backup.cronjob.containerSecurityContext "enabled" ) "context" $) | nindent 14 }} |
| 165 | {{- end }} |
| 166 | restartPolicy: {{ .Values.backup.cronjob.restartPolicy }} |
| 167 | volumes: |
| 168 | - name: empty-dir |
Fiete Ostkamp | d2b2a3d | 2024-04-30 13:08:03 +0200 | [diff] [blame^] | 169 | emptyDir: |
| 170 | sizeLimit: 64Mi |
Andreas Geissler | cde4a78 | 2024-02-28 16:08:06 +0100 | [diff] [blame] | 171 | - name: common-scripts |
| 172 | configMap: |
| 173 | name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }} |
| 174 | defaultMode: 0550 |
| 175 | {{- if .Values.tls.enabled }} |
| 176 | - name: certs |
Fiete Ostkamp | d2b2a3d | 2024-04-30 13:08:03 +0200 | [diff] [blame^] | 177 | emptyDir: |
| 178 | sizeLimit: 64Mi |
Andreas Geissler | cde4a78 | 2024-02-28 16:08:06 +0100 | [diff] [blame] | 179 | {{- if (include "mongodb.autoGenerateCerts" .) }} |
| 180 | - name: certs-volume |
| 181 | secret: |
| 182 | secretName: {{ template "mongodb.tlsSecretName" . }} |
| 183 | items: |
| 184 | - key: mongodb-ca-cert |
| 185 | path: mongodb-ca-cert |
| 186 | mode: 0600 |
| 187 | - key: mongodb-ca-key |
| 188 | path: mongodb-ca-key |
| 189 | mode: 0600 |
| 190 | {{- else }} |
| 191 | - name: mongodb-certs-0 |
| 192 | secret: |
| 193 | secretName: {{ include "common.tplvalues.render" ( dict "value" .Values.tls.standalone.existingSecret "context" $) }} |
| 194 | defaultMode: 256 |
| 195 | {{- end }} |
| 196 | {{- end }} |
| 197 | {{- if .Values.backup.cronjob.storage.existingClaim }} |
| 198 | - name: datadir |
| 199 | persistentVolumeClaim: |
| 200 | claimName: {{ printf "%s" (tpl .Values.backup.cronjob.storage.existingClaim .) }} |
| 201 | {{- else }} |
| 202 | - name: datadir |
| 203 | persistentVolumeClaim: |
| 204 | claimName: {{ include "mongodb.fullname" . }}-mongodump |
| 205 | {{- end }} |
| 206 | {{- end }} |