3 SPDX-License-Identifier: APACHE-2.0
6 {{- if not (eq .Values.architecture "replicaset") }}
7 apiVersion: {{ if .Values.useStatefulSet }}{{ include "common.capabilities.statefulset.apiVersion" . }}{{- else }}{{ include "common.capabilities.deployment.apiVersion" . }}{{- end }}
8 kind: {{ if .Values.useStatefulSet }}StatefulSet{{- else }}Deployment{{- end }}
10 name: {{ include "mongodb.fullname" . }}
11 namespace: {{ include "mongodb.namespace" . | quote }}
12 {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.labels .Values.commonLabels ) "context" . ) }}
13 labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
14 app.kubernetes.io/component: mongodb
15 {{- if or .Values.annotations .Values.commonAnnotations }}
16 {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.annotations .Values.commonAnnotations ) "context" . ) }}
17 annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
20 replicas: {{ gt (.Values.replicaCount | int) 1 | ternary 1 .Values.replicaCount }}
21 {{- if .Values.useStatefulSet }}
22 serviceName: {{ include "mongodb.service.nameOverride" . }}
24 {{- if .Values.updateStrategy}}
25 {{- if .Values.useStatefulSet }}
30 {{- toYaml .Values.updateStrategy | nindent 4 }}
32 {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }}
34 matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
35 app.kubernetes.io/component: mongodb
38 labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }}
39 app.kubernetes.io/component: mongodb
40 {{- if or (include "mongodb.createConfigmap" .) .Values.podAnnotations }}
42 {{- if (include "mongodb.createConfigmap" .) }}
43 checksum/configuration: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
45 {{- if .Values.podAnnotations }}
46 {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }}
50 {{- include "mongodb.imagePullSecrets" . | nindent 6 }}
51 automountServiceAccountToken: {{ .Values.automountServiceAccountToken }}
52 {{- if .Values.hostAliases }}
53 hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }}
55 {{- if .Values.schedulerName }}
56 schedulerName: {{ .Values.schedulerName | quote }}
58 serviceAccountName: {{ template "mongodb.serviceAccountName" . }}
59 {{- if .Values.affinity }}
60 affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }}
63 podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "component" "mongodb" "customLabels" $podLabels "topologyKey" .Values.topologyKey "context" $) | nindent 10 }}
64 podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "component" "mongodb" "customLabels" $podLabels "topologyKey" .Values.topologyKey "context" $) | nindent 10 }}
65 nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }}
67 {{- if .Values.nodeSelector }}
68 nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
70 {{- if .Values.tolerations }}
71 tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }}
73 {{- if .Values.priorityClassName }}
74 priorityClassName: {{ .Values.priorityClassName }}
76 {{- if .Values.runtimeClassName }}
77 runtimeClassName: {{ .Values.runtimeClassName }}
79 {{- if .Values.podSecurityContext.enabled }}
80 securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
82 {{ if .Values.terminationGracePeriodSeconds }}
83 terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
85 enableServiceLinks: {{ .Values.enableServiceLinks }}
86 {{- if or .Values.initContainers (and .Values.volumePermissions.enabled .Values.persistence.enabled) .Values.tls.enabled }}
88 {{- if .Values.initContainers }}
89 {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }}
91 {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }}
92 - name: volume-permissions
93 image: {{ include "mongodb.volumePermissions.image" . }}
94 imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
100 mkdir -p {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }}
101 chown {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }}
102 find {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }}
103 {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }}
104 securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }}
106 securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }}
108 {{- if .Values.volumePermissions.resources }}
109 resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
110 {{- else if ne .Values.volumePermissions.resourcesPreset "none" }}
111 resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }}
117 - name: {{ .Values.persistence.name | default "datadir" }}
118 mountPath: {{ .Values.persistence.mountPath }}
120 {{- if .Values.tls.enabled }}
121 - name: generate-tls-certs
122 image: {{ include "mongodb.tls.image" . }}
123 imagePullPolicy: {{ .Values.tls.image.pullPolicy | quote }}
125 - name: MY_POD_NAMESPACE
128 fieldPath: metadata.namespace
129 - name: MY_POD_HOST_IP
132 fieldPath: status.hostIP
137 {{- if (include "mongodb.autoGenerateCerts" .) }}
139 mountPath: /certs/CAs
141 - name: mongodb-certs-0
146 - name: common-scripts
147 mountPath: /bitnami/scripts
149 - /bitnami/scripts/generate-certs.sh
151 - -s {{ include "mongodb.service.nameOverride" . }}
152 {{- if .Values.externalAccess.service.loadBalancerIPs }}
153 - -i {{ join "," .Values.externalAccess.service.loadBalancerIPs }}
155 {{- if .Values.tls.extraDnsNames }}
156 - -n {{ join "," .Values.tls.extraDnsNames }}
158 {{- if .Values.tls.resources }}
159 resources: {{- toYaml .Values.tls.resources | nindent 12 }}
160 {{- else if ne .Values.tls.resourcesPreset "none" }}
161 resources: {{- include "common.resources.preset" (dict "type" .Values.tls.resourcesPreset) | nindent 12 }}
163 {{- if .Values.tls.securityContext }}
164 securityContext: {{- toYaml .Values.tls.securityContext | nindent 12 }}
170 image: {{ include "mongodb.image" . }}
171 imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
172 {{- if .Values.containerSecurityContext.enabled }}
173 securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
175 {{- if .Values.diagnosticMode.enabled }}
176 command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
177 {{- else if .Values.command }}
178 command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }}
180 {{- if .Values.diagnosticMode.enabled }}
181 args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
182 {{- else if .Values.args }}
183 args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }}
185 {{- if .Values.lifecycleHooks }}
186 lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }}
189 - name: BITNAMI_DEBUG
190 value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }}
191 {{- $customUsers := include "mongodb.customUsers" . -}}
192 {{- $customDatabases := include "mongodb.customDatabases" . -}}
193 {{- if not (empty $customUsers) }}
194 - name: MONGODB_EXTRA_USERNAMES
195 value: {{ $customUsers | quote }}
197 {{- if not (empty $customDatabases) }}
198 - name: MONGODB_EXTRA_DATABASES
199 value: {{ $customDatabases | quote }}
201 {{- if .Values.auth.enabled }}
202 {{- if and (not (empty $customUsers)) (not (empty $customDatabases)) }}
203 - name: MONGODB_EXTRA_PASSWORDS
206 name: {{ include "mongodb.secretName" . }}
207 key: mongodb-passwords
209 - name: MONGODB_ROOT_USER
210 value: {{ .Values.auth.rootUser | quote }}
211 - name: MONGODB_ROOT_PASSWORD
214 name: {{ include "mongodb.secretName" . }}
215 key: mongodb-root-password
217 {{- if and .Values.metrics.enabled (not (empty .Values.metrics.username)) }}
218 - name: MONGODB_METRICS_USERNAME
219 value: {{ .Values.metrics.username | quote }}
220 {{- if .Values.auth.enabled }}
221 - name: MONGODB_METRICS_PASSWORD
224 name: {{ include "mongodb.secretName" . }}
225 key: mongodb-metrics-password
228 - name: ALLOW_EMPTY_PASSWORD
229 value: {{ ternary "no" "yes" .Values.auth.enabled | quote }}
230 - name: MONGODB_SYSTEM_LOG_VERBOSITY
231 value: {{ .Values.systemLogVerbosity | quote }}
232 - name: MONGODB_DISABLE_SYSTEM_LOG
233 value: {{ ternary "yes" "no" .Values.disableSystemLog | quote }}
234 - name: MONGODB_DISABLE_JAVASCRIPT
235 value: {{ ternary "yes" "no" .Values.disableJavascript | quote }}
236 - name: MONGODB_ENABLE_JOURNAL
237 value: {{ ternary "yes" "no" .Values.enableJournal | quote }}
238 - name: MONGODB_PORT_NUMBER
239 value: {{ .Values.containerPorts.mongodb | quote }}
240 - name: MONGODB_ENABLE_IPV6
241 value: {{ ternary "yes" "no" .Values.enableIPv6 | quote }}
242 - name: MONGODB_ENABLE_DIRECTORY_PER_DB
243 value: {{ ternary "yes" "no" .Values.directoryPerDB | quote }}
244 {{- $extraFlags := .Values.extraFlags | join " " -}}
245 {{- if .Values.tls.enabled }}
246 {{- if .Values.tls.mTLS.enabled }}
247 {{- $extraFlags = printf "--tlsCAFile=/certs/mongodb-ca-cert %s" $extraFlags }}
249 {{- $extraFlags = printf "--tlsMode=%s --tlsCertificateKeyFile=/certs/mongodb.pem %s" .Values.tls.mode $extraFlags }}
251 {{- if ne $extraFlags "" }}
252 - name: MONGODB_EXTRA_FLAGS
253 value: {{ $extraFlags | quote }}
255 {{- if .Values.tls.enabled }}
256 - name: MONGODB_CLIENT_EXTRA_FLAGS
257 value: --tls {{ if .Values.tls.mTLS.enabled }}--tlsCertificateKeyFile=/certs/mongodb.pem {{ end }}--tlsCAFile=/certs/mongodb-ca-cert
259 {{- if .Values.extraEnvVars }}
260 {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }}
262 {{- if or .Values.extraEnvVarsCM .Values.extraEnvVarsSecret }}
264 {{- if .Values.extraEnvVarsCM }}
266 name: {{ tpl .Values.extraEnvVarsCM . | quote }}
268 {{- if .Values.extraEnvVarsSecret }}
270 name: {{ tpl .Values.extraEnvVarsSecret . | quote }}
275 containerPort: {{ .Values.containerPorts.mongodb }}
276 {{- if not .Values.diagnosticMode.enabled }}
277 {{- if .Values.customLivenessProbe }}
278 livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }}
279 {{- else if .Values.livenessProbe.enabled }}
280 livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }}
283 - /bitnami/scripts/ping-mongodb.sh
286 {{- if not .Values.diagnosticMode.enabled }}
287 {{- if .Values.customReadinessProbe }}
288 readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }}
289 {{- else if .Values.readinessProbe.enabled }}
290 readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }}
293 - /bitnami/scripts/readiness-probe.sh
296 {{- if not .Values.diagnosticMode.enabled }}
297 {{- if .Values.customStartupProbe }}
298 startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }}
299 {{- else if .Values.startupProbe.enabled }}
300 startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }}
303 - /bitnami/scripts/startup-probe.sh
306 {{- if .Values.resources }}
307 resources: {{- toYaml .Values.resources | nindent 12 }}
308 {{- else if ne .Values.resourcesPreset "none" }}
309 resources: {{- include "common.resources.preset" (dict "type" .Values.resourcesPreset) | nindent 12 }}
316 mountPath: /opt/bitnami/mongodb/conf
317 subPath: app-conf-dir
319 mountPath: /opt/bitnami/mongodb/tmp
322 mountPath: /opt/bitnami/mongodb/logs
323 subPath: app-logs-dir
324 - name: {{ .Values.persistence.name | default "datadir" }}
325 mountPath: {{ .Values.persistence.mountPath }}
326 subPath: {{ .Values.persistence.subPath }}
327 - name: common-scripts
328 mountPath: /bitnami/scripts
329 {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }}
330 - name: custom-init-scripts
331 mountPath: /docker-entrypoint-initdb.d
333 {{- if or .Values.configuration .Values.existingConfigmap }}
335 mountPath: /opt/bitnami/mongodb/conf/mongodb.conf
336 subPath: mongodb.conf
338 {{- if .Values.tls.enabled }}
342 {{- if .Values.extraVolumeMounts }}
343 {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }}
345 {{- if .Values.metrics.enabled }}
347 image: {{ template "mongodb.metrics.image" . }}
348 imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
349 {{- if .Values.containerSecurityContext.enabled }}
350 securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
352 {{- if .Values.diagnosticMode.enabled }}
353 command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
354 {{- else if .Values.metrics.command }}
355 command: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.command "context" $) | nindent 12 }}
361 {{- if .Values.diagnosticMode.enabled }}
362 args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
363 {{- else if .Values.metrics.args }}
364 args: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.args "context" $) | nindent 12 }}
368 /bin/mongodb_exporter {{ include "mongodb.exporterArgs" $ }} --mongodb.direct-connect --mongodb.global-conn-pool --web.listen-address ":{{ .Values.metrics.containerPort }}" --mongodb.uri "{{ include "mongodb.mongodb_exporter.uri" . }}" {{ .Values.metrics.extraFlags }}
371 {{- if .Values.auth.enabled }}
372 {{- if not .Values.metrics.username }}
373 - name: MONGODB_ROOT_USER
374 value: {{ .Values.auth.rootUser | quote }}
375 - name: MONGODB_ROOT_PASSWORD
378 name: {{ include "mongodb.secretName" . }}
379 key: mongodb-root-password
381 - name: MONGODB_METRICS_USERNAME
382 value: {{ .Values.metrics.username | quote }}
383 - name: MONGODB_METRICS_PASSWORD
386 name: {{ include "mongodb.secretName" . }}
387 key: mongodb-metrics-password
394 {{- if .Values.tls.enabled }}
398 {{- if .Values.metrics.extraVolumeMounts }}
399 {{- include "common.tplvalues.render" (dict "value" .Values.metrics.extraVolumeMounts "context" $) | nindent 12 }}
403 containerPort: {{ .Values.metrics.containerPort }}
404 {{- if not .Values.diagnosticMode.enabled }}
405 {{- if .Values.metrics.customLivenessProbe }}
406 livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customLivenessProbe "context" $) | nindent 12 }}
407 {{- else if .Values.metrics.livenessProbe.enabled }}
408 livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.livenessProbe "enabled") "context" $) | nindent 12 }}
413 {{- if .Values.metrics.customReadinessProbe }}
414 readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customReadinessProbe "context" $) | nindent 12 }}
415 {{- else if .Values.metrics.readinessProbe.enabled }}
416 readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.readinessProbe "enabled") "context" $) | nindent 12 }}
421 {{- if .Values.metrics.customStartupProbe }}
422 startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }}
423 {{- else if .Values.metrics.startupProbe.enabled }}
424 startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.startupProbe "enabled") "context" $) | nindent 12 }}
429 {{- if .Values.metrics.resources }}
430 resources: {{- toYaml .Values.metrics.resources | nindent 12 }}
431 {{- else if ne .Values.metrics.resourcesPreset "none" }}
432 resources: {{- include "common.resources.preset" (dict "type" .Values.metrics.resourcesPreset) | nindent 12 }}
435 {{- if .Values.sidecars }}
436 {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }}
441 - name: common-scripts
443 name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }}
445 {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }}
446 - name: custom-init-scripts
448 name: {{ template "mongodb.initdbScriptsCM" . }}
450 {{- if or .Values.configuration .Values.existingConfigmap }}
453 name: {{ include "mongodb.configmapName" . }}
455 {{- if .Values.extraVolumes }}
456 {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }}
458 {{- if .Values.tls.enabled }}
461 {{- if (include "mongodb.autoGenerateCerts" .) }}
464 secretName: {{ template "mongodb.tlsSecretName" . }}
466 - key: mongodb-ca-cert
467 path: mongodb-ca-cert
469 - key: mongodb-ca-key
473 - name: mongodb-certs-0
475 secretName: {{ include "common.tplvalues.render" ( dict "value" .Values.tls.standalone.existingSecret "context" $) }}
479 {{- if not .Values.persistence.enabled }}
480 - name: {{ .Values.persistence.name | default "datadir" }}
481 {{- if .Values.persistence.medium }}
483 medium: {{ .Values.persistence.medium | quote }}
487 {{- else if .Values.persistence.existingClaim }}
488 - name: {{ .Values.persistence.name | default "datadir" }}
489 persistentVolumeClaim:
490 claimName: {{ printf "%s" (tpl .Values.persistence.existingClaim .) }}
491 {{- else if not .Values.useStatefulSet }}
492 - name: {{ .Values.persistence.name | default "datadir" }}
493 persistentVolumeClaim:
494 claimName: {{ template "mongodb.fullname" . }}
496 {{- if .Values.persistentVolumeClaimRetentionPolicy.enabled }}
497 persistentVolumeClaimRetentionPolicy:
498 whenDeleted: {{ .Values.persistentVolumeClaimRetentionPolicy.whenDeleted }}
499 whenScaled: {{ .Values.persistentVolumeClaimRetentionPolicy.whenScaled }}
501 volumeClaimTemplates:
503 name: {{ .Values.persistence.name | default "datadir" }}
504 {{- if .Values.persistence.annotations }}
505 annotations: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.annotations "context" $) | nindent 10 }}
509 {{- range .Values.persistence.accessModes }}
514 storage: {{ .Values.persistence.size | quote }}
515 {{- if .Values.persistence.volumeClaimTemplates.selector }}
516 selector: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.volumeClaimTemplates.selector "context" $) | nindent 10 }}
518 {{ include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) }}