3 SPDX-License-Identifier: APACHE-2.0
6 {{/* vim: set filetype=mustache: */}}
8 Expand the name of the chart.
10 {{- define "mongodb.name" -}}
11 {{- include "common.names.name" . -}}
15 Create a default fully qualified app name.
16 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
17 If release name contains chart name it will be used as a full name.
19 {{- define "mongodb.fullname" -}}
20 {{- include "common.names.fullname" . -}}
24 Create a default mongo service name which can be overridden.
26 {{- define "mongodb.service.nameOverride" -}}
27 {{- if and .Values.service .Values.service.nameOverride -}}
28 {{- print .Values.service.nameOverride -}}
30 {{- if eq .Values.architecture "replicaset" -}}
31 {{- printf "%s-headless" (include "mongodb.fullname" .) -}}
33 {{- printf "%s" (include "mongodb.fullname" .) -}}
39 Create a default mongo arbiter service name which can be overridden.
41 {{- define "mongodb.arbiter.service.nameOverride" -}}
42 {{- if and .Values.arbiter.service .Values.arbiter.service.nameOverride -}}
43 {{- print .Values.arbiter.service.nameOverride -}}
45 {{- printf "%s-arbiter-headless" (include "mongodb.fullname" .) -}}
50 Return the proper MongoDB® image name
52 {{- define "mongodb.image" -}}
53 {{- include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) -}}
57 Return the proper image name (for the metrics image)
59 {{- define "mongodb.metrics.image" -}}
60 {{- include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) -}}
64 Return the proper image name (for the init container volume-permissions image)
66 {{- define "mongodb.volumePermissions.image" -}}
67 {{- include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) -}}
71 Return the proper image name (for the init container auto-discovery image)
73 {{- define "mongodb.externalAccess.autoDiscovery.image" -}}
74 {{- include "common.images.image" (dict "imageRoot" .Values.externalAccess.autoDiscovery.image "global" .Values.global) -}}
78 Return the proper image name (for the TLS Certs image)
80 {{- define "mongodb.tls.image" -}}
81 {{- include "common.images.image" (dict "imageRoot" .Values.tls.image "global" .Values.global) -}}
85 Return the proper Docker Image Registry Secret Names
87 {{- define "mongodb.imagePullSecrets" -}}
88 {{- include "common.images.renderPullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image .Values.tls.image) "context" $) -}}
92 Allow the release namespace to be overridden for multi-namespace deployments in combined charts.
94 {{- define "mongodb.namespace" -}}
95 {{- if and .Values.global .Values.global.namespaceOverride -}}
96 {{- print .Values.global.namespaceOverride -}}
98 {{- print .Release.Namespace -}}
101 {{- define "mongodb.serviceMonitor.namespace" -}}
102 {{- if .Values.metrics.serviceMonitor.namespace -}}
103 {{- print .Values.metrics.serviceMonitor.namespace -}}
105 {{- include "mongodb.namespace" . -}}
108 {{- define "mongodb.prometheusRule.namespace" -}}
109 {{- if .Values.metrics.prometheusRule.namespace -}}
110 {{- print .Values.metrics.prometheusRule.namespace -}}
112 {{- include "mongodb.namespace" . -}}
117 Returns the proper service account name depending if an explicit service account name is set
118 in the values file. If the name is not set it will default to either mongodb.fullname if serviceAccount.create
119 is true or default otherwise.
121 {{- define "mongodb.serviceAccountName" -}}
122 {{- if .Values.serviceAccount.create -}}
123 {{- default (include "mongodb.fullname" .) (print .Values.serviceAccount.name) -}}
125 {{- default "default" (print .Values.serviceAccount.name) -}}
130 Return the list of custom users to create during the initialization (string format)
132 {{- define "mongodb.customUsers" -}}
133 {{- $customUsers := list -}}
134 {{- if .Values.auth.username -}}
135 {{- $customUsers = append $customUsers .Values.auth.username }}
137 {{- range .Values.auth.usernames }}
138 {{- $customUsers = append $customUsers . }}
140 {{- printf "%s" (default "" (join "," $customUsers)) -}}
144 Return the list of passwords for the custom users (string format)
146 {{- define "mongodb.customPasswords" -}}
147 {{- $customPasswords := list -}}
148 {{- if .Values.auth.password -}}
149 {{- $customPasswords = append $customPasswords .Values.auth.password }}
151 {{- range .Values.auth.passwords }}
152 {{- $customPasswords = append $customPasswords . }}
154 {{- printf "%s" (default "" (join "," $customPasswords)) -}}
158 Return the list of custom databases to create during the initialization (string format)
160 {{- define "mongodb.customDatabases" -}}
161 {{- $customDatabases := list -}}
162 {{- if .Values.auth.database -}}
163 {{- $customDatabases = append $customDatabases .Values.auth.database }}
165 {{- range .Values.auth.databases }}
166 {{- $customDatabases = append $customDatabases . }}
168 {{- printf "%s" (default "" (join "," $customDatabases)) -}}
172 Return the configmap with the MongoDB® configuration
174 {{- define "mongodb.configmapName" -}}
175 {{- if .Values.existingConfigmap -}}
176 {{- printf "%s" (tpl .Values.existingConfigmap $) -}}
178 {{- printf "%s" (include "mongodb.fullname" .) -}}
183 Return true if a configmap object should be created for MongoDB®
185 {{- define "mongodb.createConfigmap" -}}
186 {{- if and .Values.configuration (not .Values.existingConfigmap) }}
193 Return the secret with MongoDB® credentials
195 {{- define "mongodb.secretName" -}}
196 {{- if .Values.auth.existingSecret -}}
197 {{- printf "%s" (tpl .Values.auth.existingSecret $) -}}
199 {{- printf "%s" (include "mongodb.fullname" .) -}}
204 Return true if a secret object should be created for MongoDB®
206 {{- define "mongodb.createSecret" -}}
207 {{- if and .Values.auth.enabled (not .Values.auth.existingSecret) }}
214 Get the initialization scripts ConfigMap name.
216 {{- define "mongodb.initdbScriptsCM" -}}
217 {{- if .Values.initdbScriptsConfigMap -}}
218 {{- printf "%s" .Values.initdbScriptsConfigMap -}}
220 {{- printf "%s-init-scripts" (include "mongodb.fullname" .) -}}
225 Return true if the Arbiter should be deployed
227 {{- define "mongodb.arbiter.enabled" -}}
228 {{- if and (eq .Values.architecture "replicaset") .Values.arbiter.enabled }}
235 Return the configmap with the MongoDB® configuration for the Arbiter
237 {{- define "mongodb.arbiter.configmapName" -}}
238 {{- if .Values.arbiter.existingConfigmap -}}
239 {{- printf "%s" (tpl .Values.arbiter.existingConfigmap $) -}}
241 {{- printf "%s-arbiter" (include "mongodb.fullname" .) -}}
246 Return true if a configmap object should be created for MongoDB® Arbiter
248 {{- define "mongodb.arbiter.createConfigmap" -}}
249 {{- if and (eq .Values.architecture "replicaset") .Values.arbiter.enabled .Values.arbiter.configuration (not .Values.arbiter.existingConfigmap) }}
256 Return true if the Hidden should be deployed
258 {{- define "mongodb.hidden.enabled" -}}
259 {{- if and (eq .Values.architecture "replicaset") .Values.hidden.enabled }}
265 Return the configmap with the MongoDB® configuration for the Hidden
267 {{- define "mongodb.hidden.configmapName" -}}
268 {{- if .Values.hidden.existingConfigmap -}}
269 {{- printf "%s" (tpl .Values.hidden.existingConfigmap $) -}}
271 {{- printf "%s-hidden" (include "mongodb.fullname" .) -}}
276 Return true if a configmap object should be created for MongoDB® Hidden
278 {{- define "mongodb.hidden.createConfigmap" -}}
279 {{- if and (include "mongodb.hidden.enabled" .) .Values.hidden.enabled .Values.hidden.configuration (not .Values.hidden.existingConfigmap) }}
285 Compile all warnings into a single message, and call fail.
287 {{- define "mongodb.validateValues" -}}
288 {{- $messages := list -}}
289 {{- $messages := append $messages (include "mongodb.validateValues.pspAndRBAC" .) -}}
290 {{- $messages := append $messages (include "mongodb.validateValues.architecture" .) -}}
291 {{- $messages := append $messages (include "mongodb.validateValues.customUsersDBs" .) -}}
292 {{- $messages := append $messages (include "mongodb.validateValues.customUsersDBsLength" .) -}}
293 {{- $messages := append $messages (include "mongodb.validateValues.externalAccessServiceType" .) -}}
294 {{- $messages := append $messages (include "mongodb.validateValues.loadBalancerIPsListLength" .) -}}
295 {{- $messages := append $messages (include "mongodb.validateValues.nodePortListLength" .) -}}
296 {{- $messages := append $messages (include "mongodb.validateValues.externalAccessAutoDiscoveryRBAC" .) -}}
297 {{- $messages := append $messages (include "mongodb.validateValues.replicaset.existingSecrets" .) -}}
298 {{- $messages := append $messages (include "mongodb.validateValues.hidden.existingSecrets" .) -}}
299 {{- $messages := without $messages "" -}}
300 {{- $message := join "\n" $messages -}}
303 {{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}}
307 {{/* Validate RBAC is created when using PSP */}}
308 {{- define "mongodb.validateValues.pspAndRBAC" -}}
309 {{- if and (.Values.podSecurityPolicy.create) (not .Values.rbac.create) -}}
310 mongodb: podSecurityPolicy.create, rbac.create
311 Both podSecurityPolicy.create and rbac.create must be true, if you want
312 to create podSecurityPolicy
316 {{/* Validate values of MongoDB® - must provide a valid architecture */}}
317 {{- define "mongodb.validateValues.architecture" -}}
318 {{- if and (ne .Values.architecture "standalone") (ne .Values.architecture "replicaset") -}}
319 mongodb: architecture
320 Invalid architecture selected. Valid values are "standalone" and
321 "replicaset". Please set a valid architecture (--set mongodb.architecture="xxxx")
326 Validate values of MongoDB® - both auth.usernames and auth.databases are necessary
327 to create a custom user and database during 1st initialization
329 {{- define "mongodb.validateValues.customUsersDBs" -}}
330 {{- $customUsers := include "mongodb.customUsers" . -}}
331 {{- $customDatabases := include "mongodb.customDatabases" . -}}
332 {{- if or (and (empty $customUsers) (not (empty $customDatabases))) (and (not (empty $customUsers)) (empty $customDatabases)) }}
333 mongodb: auth.usernames, auth.databases
334 Both auth.usernames and auth.databases must be provided to create
335 custom users and databases during 1st initialization.
336 Please set both of them (--set auth.usernames[0]="xxxx",auth.databases[0]="yyyy")
341 Validate values of MongoDB® - both auth.usernames and auth.databases arrays should have the same length
342 to create a custom user and database during 1st initialization
344 {{- define "mongodb.validateValues.customUsersDBsLength" -}}
345 {{- if ne (len .Values.auth.usernames) (len .Values.auth.databases) }}
346 mongodb: auth.usernames, auth.databases
347 Both auth.usernames and auth.databases arrays should have the same length
352 Validate values of MongoDB® - service type for external access
354 {{- define "mongodb.validateValues.externalAccessServiceType" -}}
355 {{- if and (eq .Values.architecture "replicaset") (not (eq .Values.externalAccess.service.type "NodePort")) (not (eq .Values.externalAccess.service.type "LoadBalancer")) (not (eq .Values.externalAccess.service.type "ClusterIP")) -}}
356 mongodb: externalAccess.service.type
357 Available service type for external access are NodePort, LoadBalancer or ClusterIP.
362 Validate values of MongoDB® - number of replicas must be the same than LoadBalancer IPs list
364 {{- define "mongodb.validateValues.loadBalancerIPsListLength" -}}
365 {{- $replicaCount := int .Values.replicaCount }}
366 {{- $loadBalancerListLength := len .Values.externalAccess.service.loadBalancerIPs }}
367 {{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled (not .Values.externalAccess.autoDiscovery.enabled ) (eq .Values.externalAccess.service.type "LoadBalancer") (not (eq $replicaCount $loadBalancerListLength )) -}}
368 mongodb: .Values.externalAccess.service.loadBalancerIPs
369 Number of replicas and loadBalancerIPs array length must be the same.
374 Validate values of MongoDB® - number of replicas must be the same than NodePort list
376 {{- define "mongodb.validateValues.nodePortListLength" -}}
377 {{- $replicaCount := int .Values.replicaCount }}
378 {{- $nodePortListLength := len .Values.externalAccess.service.nodePorts }}
379 {{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled (eq .Values.externalAccess.service.type "NodePort") (not (eq $replicaCount $nodePortListLength )) -}}
380 mongodb: .Values.externalAccess.service.nodePorts
381 Number of replicas and nodePorts array length must be the same.
386 Validate values of MongoDB® - RBAC should be enabled when autoDiscovery is enabled
388 {{- define "mongodb.validateValues.externalAccessAutoDiscoveryRBAC" -}}
389 {{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled (not .Values.rbac.create ) }}
391 By specifying "externalAccess.enabled=true" and "externalAccess.autoDiscovery.enabled=true"
392 an initContainer will be used to autodetect the external IPs/ports by querying the
393 K8s API. Please note this initContainer requires specific RBAC resources. You can create them
394 by specifying "--set rbac.create=true".
399 Validate values of MongoDB® - Number of replicaset secrets must be the same than number of replicaset nodes.
401 {{- define "mongodb.validateValues.replicaset.existingSecrets" -}}
402 {{- if and .Values.tls.enabled (eq .Values.architecture "replicaset") (not (empty .Values.tls.replicaset.existingSecrets)) }}
403 {{- $nbSecrets := len .Values.tls.replicaset.existingSecrets -}}
404 {{- if not (eq $nbSecrets (int .Values.replicaCount)) }}
405 mongodb: tls.replicaset.existingSecrets
406 tls.replicaset.existingSecrets Number of secrets and number of replicaset nodes must be the same.
412 Validate values of MongoDB® - Number of hidden secrets must be the same than number of hidden nodes.
414 {{- define "mongodb.validateValues.hidden.existingSecrets" -}}
415 {{- if and .Values.tls.enabled (include "mongodb.hidden.enabled" .) (not (empty .Values.tls.hidden.existingSecrets)) }}
416 {{- $nbSecrets := len .Values.tls.hidden.existingSecrets -}}
417 {{- if not (eq $nbSecrets (int .Values.hidden.replicaCount)) }}
418 mongodb: tls.hidden.existingSecrets
419 tls.hidden.existingSecrets Number of secrets and number of hidden nodes must be the same.
425 Validate values of MongoDB® exporter URI string - auth.enabled and/or tls.enabled must be enabled or it defaults
427 {{- define "mongodb.mongodb_exporter.uri" -}}
428 {{- $tlsEnabled := .Values.tls.enabled -}}
429 {{- $mTlsEnabled := and $tlsEnabled .Values.tls.mTLS.enabled -}}
430 {{- $tlsArgs := "" -}}
431 {{- if $tlsEnabled -}}
432 {{- $tlsCertKeyFile := ternary "&tlsCertificateKeyFile=/certs/mongodb.pem" "" $mTlsEnabled -}}
433 {{- $tlsArgs = printf "tls=true%s&tlsCAFile=/certs/mongodb-ca-cert" $tlsCertKeyFile -}}
435 {{- if .Values.metrics.username -}}
436 {{- $uriAuth := ternary "$(echo $MONGODB_METRICS_USERNAME | sed -r \"s/@/%40/g;s/:/%3A/g\"):$(echo $MONGODB_METRICS_PASSWORD | sed -r \"s/@/%40/g;s/:/%3A/g\")@" "" .Values.auth.enabled -}}
437 {{- printf "mongodb://%slocalhost:%d/admin?%s" $uriAuth (int .Values.containerPorts.mongodb) $tlsArgs -}}
439 {{- $uriAuth := ternary "$MONGODB_ROOT_USER:$(echo $MONGODB_ROOT_PASSWORD | sed -r \"s/@/%40/g;s/:/%3A/g\")@" "" .Values.auth.enabled -}}
440 {{- printf "mongodb://%slocalhost:%d/admin?%s" $uriAuth (int .Values.containerPorts.mongodb) $tlsArgs -}}
445 Return the appropriate apiGroup for PodSecurityPolicy.
447 {{- define "podSecurityPolicy.apiGroup" -}}
448 {{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
449 {{- print "policy" -}}
451 {{- print "extensions" -}}
456 Return true if a TLS secret object should be created
458 {{- define "mongodb.createTlsSecret" -}}
459 {{- if and .Values.tls.enabled (not .Values.tls.existingSecret) (include "mongodb.autoGenerateCerts" .) }}
465 Return the secret containing MongoDB® TLS certificates
467 {{- define "mongodb.tlsSecretName" -}}
468 {{- $secretName := .Values.tls.existingSecret -}}
469 {{- if $secretName -}}
470 {{- printf "%s" (tpl $secretName $) -}}
472 {{- printf "%s-ca" (include "mongodb.fullname" .) -}}
477 Return true if certificates must be auto generated
479 {{- define "mongodb.autoGenerateCerts" -}}
480 {{- $standalone := (eq .Values.architecture "standalone") | ternary (not .Values.tls.standalone.existingSecret) true -}}
481 {{- $replicaset := (eq .Values.architecture "replicaset") | ternary (empty .Values.tls.replicaset.existingSecrets) true -}}
482 {{- $arbiter := (eq (include "mongodb.arbiter.enabled" .) "true") | ternary (not .Values.tls.arbiter.existingSecret) true -}}
483 {{- $hidden := (eq (include "mongodb.hidden.enabled" .) "true") | ternary (empty .Values.tls.hidden.existingSecrets) true -}}
484 {{- if and $standalone $replicaset $arbiter $hidden -}}
490 Generate argument list for mongodb-exporter
491 reference: https://github.com/percona/mongodb_exporter/blob/main/REFERENCE.md
493 {{- define "mongodb.exporterArgs" -}}
494 {{- with .Values.metrics.collector -}}
495 {{- ternary " --collect-all" "" .all -}}
496 {{- ternary " --collector.diagnosticdata" "" .diagnosticdata -}}
497 {{- ternary " --collector.replicasetstatus" "" .replicasetstatus -}}
498 {{- ternary " --collector.dbstats" "" .dbstats -}}
499 {{- ternary " --collector.topmetrics" "" .topmetrics -}}
500 {{- ternary " --collector.indexstats" "" .indexstats -}}
501 {{- ternary " --collector.collstats" "" .collstats -}}
502 {{- if .collstatsColls -}}
503 {{- " --mongodb.collstats-colls=" -}}
504 {{- join "," .collstatsColls -}}
506 {{- if .indexstatsColls -}}
507 {{- " --mongodb.indexstats-colls=" -}}
508 {{- join "," .indexstatsColls -}}
510 {{- $limitArg := print " --collector.collstats-limit=" .collstatsLimit -}}
511 {{- ne (print .collstatsLimit) "0" | ternary $limitArg "" -}}
513 {{- ternary " --compatible-mode" "" .Values.metrics.compatibleMode -}}