1 # Copyright VMware, Inc.
2 # SPDX-License-Identifier: APACHE-2.0
4 ## @section Global parameters
5 ## Global Docker image parameters
6 ## Please, note that this will override the image parameters, including dependencies, configured to use the global value
7 ## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
10 ## @param global.imageRegistry Global Docker image registry
11 ## @param global.imagePullSecrets Global Docker registry secret names as an array
12 ## @param global.storageClass Global StorageClass for Persistent Volume(s)
13 ## @param global.namespaceOverride Override the namespace for resource deployed by the chart, but can itself be overridden by the local namespaceOverride
19 ## - myRegistryKeySecretName
24 ## @section Common parameters
27 ## @param nameOverride String to partially override mongodb.fullname template (will maintain the release name)
30 ## @param fullnameOverride String to fully override mongodb.fullname template
33 ## @param namespaceOverride String to fully override common.names.namespace
36 ## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set)
39 ## @param clusterDomain Default Kubernetes cluster domain
41 clusterDomain: cluster.local
42 ## @param extraDeploy Array of extra objects to deploy with the release
44 ## This needs to be uncommented and added to 'extraDeploy' in order to use the replicaset 'mongo-labeler' sidecar
45 ## for dynamically discovering the mongodb primary pod
46 ## suggestion is to use a hard-coded and predictable TCP port for the primary mongodb pod (here is 30001, choose your own)
50 ## name: mongodb-primary
51 ## namespace: the-mongodb-namespace
53 ## app.kubernetes.io/component: mongodb
54 ## app.kubernetes.io/instance: mongodb
55 ## app.kubernetes.io/managed-by: Helm
56 ## app.kubernetes.io/name: mongodb
59 ## externalTrafficPolicy: Cluster
65 ## targetPort: mongodb
67 ## app.kubernetes.io/component: mongodb
68 ## app.kubernetes.io/instance: mongodb
69 ## app.kubernetes.io/name: mongodb
73 ## @param commonLabels Add labels to all the deployed resources (sub-charts are not considered). Evaluated as a template
76 ## @param commonAnnotations Common annotations to add to all Mongo resources (sub-charts are not considered). Evaluated as a template
79 ## @param topologyKey Override common lib default topology key. If empty - "kubernetes.io/hostname" is used
80 ## i.e. topologyKey: topology.kubernetes.io/zone
83 ## @param serviceBindings.enabled Create secret for service binding (Experimental)
84 ## Ref: https://servicebinding.io/service-provider/
88 ## @param enableServiceLinks Whether information about services should be injected into pod's environment variable
89 ## The environment variables injected by service links are not used, but can lead to slow boot times or slow running of the scripts when there are many services in the current namespace.
90 ## If you experience slow pod startups or slow running of the scripts you probably want to set this to `false`.
92 enableServiceLinks: true
93 ## Enable diagnostic mode in the deployment
96 ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
99 ## @param diagnosticMode.command Command to override all containers in the deployment
103 ## @param diagnosticMode.args Args to override all containers in the deployment
107 ## @section MongoDB(®) parameters
110 ## Bitnami MongoDB(®) image
111 ## ref: https://hub.docker.com/r/bitnami/mongodb/tags/
112 ## @param image.registry [default: REGISTRY_NAME] MongoDB(®) image registry
113 ## @param image.repository [default: REPOSITORY_NAME/mongodb] MongoDB(®) image registry
114 ## @skip image.tag MongoDB(®) image tag (immutable tags are recommended)
115 ## @param image.digest MongoDB(®) image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
116 ## @param image.pullPolicy MongoDB(®) image pull policy
117 ## @param image.pullSecrets Specify docker-registry secret names as an array
118 ## @param image.debug Set to true if you would like to see extra information on logs
122 repository: bitnami/mongodb
123 tag: 7.0.8-debian-12-r2
125 ## Specify a imagePullPolicy
126 ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
128 pullPolicy: IfNotPresent
129 ## Optionally specify an array of imagePullSecrets.
130 ## Secrets must be manually created in the namespace.
131 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
134 ## - myRegistryKeySecretName
137 ## Set to true if you would like to see extra information on logs
140 ## @param schedulerName Name of the scheduler (other than default) to dispatch pods
141 ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
144 ## @param architecture MongoDB(®) architecture (`standalone` or `replicaset`)
146 architecture: standalone
147 ## @param useStatefulSet Set to true to use a StatefulSet instead of a Deployment (only when `architecture=standalone`)
149 useStatefulSet: false
150 ## MongoDB(®) Authentication parameters
153 ## @param auth.enabled Enable authentication
154 ## ref: https://docs.mongodb.com/manual/tutorial/enable-authentication/
157 ## @param auth.rootUser MongoDB(®) root user
160 ## @param auth.rootPassword MongoDB(®) root password
161 ## ref: https://github.com/bitnami/containers/tree/main/bitnami/mongodb#setting-the-root-user-and-password-on-first-run
164 ## MongoDB(®) custom users and databases
165 ## ref: https://github.com/bitnami/containers/tree/main/bitnami/mongodb#creating-a-user-and-database-on-first-run
166 ## @param auth.usernames List of custom users to be created during the initialization
167 ## @param auth.passwords List of passwords for the custom users set at `auth.usernames`
168 ## @param auth.databases List of custom databases to be created during the initialization
173 ## @param auth.username DEPRECATED: use `auth.usernames` instead
174 ## @param auth.password DEPRECATED: use `auth.passwords` instead
175 ## @param auth.database DEPRECATED: use `auth.databases` instead
180 ## @param auth.replicaSetKey Key used for authentication in the replicaset (only when `architecture=replicaset`)
183 ## @param auth.existingSecret Existing secret with MongoDB(®) credentials (keys: `mongodb-passwords`, `mongodb-root-password`, `mongodb-metrics-password`, `mongodb-replica-set-key`)
184 ## NOTE: When it's set the previous parameters are ignored.
188 ## @param tls.enabled Enable MongoDB(®) TLS support between nodes in the cluster as well as between mongo clients and nodes
192 ## @param tls.mTLS.enabled IF TLS support is enabled, require clients to provide certificates
194 ## @param tls.autoGenerated Generate a custom CA and self-signed certificates
197 ## @param tls.existingSecret Existing secret with TLS certificates (keys: `mongodb-ca-cert`, `mongodb-ca-key`)
198 ## NOTE: When it's set it will disable secret creation.
201 ## Add Custom CA certificate
202 ## @param tls.caCert Custom CA certificated (base64 encoded)
203 ## @param tls.caKey CA certificate private key (base64 encoded)
207 ## @param tls.pemChainIncluded Flag to denote that the Certificate Authority (CA) certificates are bundled with the endpoint cert.
208 ## Certificates must be in proper order, where the top certificate is the leaf and the bottom certificate is the top-most intermediate CA.
210 pemChainIncluded: false
212 ## @param tls.standalone.existingSecret Existing secret with TLS certificates (`tls.key`, `tls.crt`, `ca.crt`) or (`tls.key`, `tls.crt`) with tls.pemChainIncluded set as enabled.
213 ## NOTE: When it's set it will disable certificate self-generation from existing CA.
217 ## @param tls.replicaset.existingSecrets Array of existing secrets with TLS certificates (`tls.key`, `tls.crt`, `ca.crt`) or (`tls.key`, `tls.crt`) with tls.pemChainIncluded set as enabled.
221 ## NOTE: When it's set it will disable certificate self-generation from existing CA.
225 ## @param tls.hidden.existingSecrets Array of existing secrets with TLS certificates (`tls.key`, `tls.crt`, `ca.crt`) or (`tls.key`, `tls.crt`) with tls.pemChainIncluded set as enabled.
229 ## NOTE: When it's set it will disable certificate self-generation from existing CA.
233 ## @param tls.arbiter.existingSecret Existing secret with TLS certificates (`tls.key`, `tls.crt`, `ca.crt`) or (`tls.key`, `tls.crt`) with tls.pemChainIncluded set as enabled.
234 ## NOTE: When it's set it will disable certificate self-generation from existing CA.
237 ## Bitnami Nginx image
238 ## @param tls.image.registry [default: REGISTRY_NAME] Init container TLS certs setup image registry
239 ## @param tls.image.repository [default: REPOSITORY_NAME/nginx] Init container TLS certs setup image repository
240 ## @skip tls.image.tag Init container TLS certs setup image tag (immutable tags are recommended)
241 ## @param tls.image.digest Init container TLS certs setup image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
242 ## @param tls.image.pullPolicy Init container TLS certs setup image pull policy
243 ## @param tls.image.pullSecrets Init container TLS certs specify docker-registry secret names as an array
244 ## @param tls.extraDnsNames Add extra dns names to the CA, can solve x509 auth issue for pod clients
248 repository: bitnami/nginx
249 tag: 1.25.4-debian-12-r7
251 pullPolicy: IfNotPresent
252 ## Optionally specify an array of imagePullSecrets.
253 ## Secrets must be manually created in the namespace.
254 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
257 ## - myRegistryKeySecretName
262 ## "DNS.6": "$my_host"
266 ## @param tls.mode Allows to set the tls mode which should be used when tls is enabled (options: `allowTLS`, `preferTLS`, `requireTLS`)
269 ## Init Container resource requests and limits
270 ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
271 ## We usually recommend not to specify default resources and to leave this as a conscious
272 ## choice for the user. This also increases chances charts run on environments with little
273 ## resources, such as Minikube. If you do want to specify resources, uncomment the following
274 ## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
275 ## @param tls.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if tls.resources is set (tls.resources is recommended for production).
276 ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
278 resourcesPreset: "none"
279 ## @param tls.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
290 ## Init Container securityContext
291 ## ref: https://kubernetes.io/docs/concepts/security/pod-security-policy/
292 ## @param tls.securityContext Init container generate-tls-cert Security context
296 ## allowPrivilegeEscalation: false
300 ## @param automountServiceAccountToken Mount Service Account token in pod
302 automountServiceAccountToken: false
303 ## @param hostAliases Add deployment host aliases
304 ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
307 ## @param replicaSetName Name of the replica set (only when `architecture=replicaset`)
308 ## Ignored when mongodb.architecture=standalone
311 ## @param replicaSetHostnames Enable DNS hostnames in the replicaset config (only when `architecture=replicaset`)
312 ## Ignored when mongodb.architecture=standalone
313 ## Ignored when externalAccess.enabled=true
315 replicaSetHostnames: true
316 ## @param enableIPv6 Switch to enable/disable IPv6 on MongoDB(®)
317 ## ref: https://github.com/bitnami/containers/tree/main/bitnami/mongodb#enablingdisabling-ipv6
320 ## @param directoryPerDB Switch to enable/disable DirectoryPerDB on MongoDB(®)
321 ## ref: https://github.com/bitnami/containers/tree/main/bitnami/mongodb#enablingdisabling-directoryperdb
323 directoryPerDB: false
324 ## MongoDB(®) System Log configuration
325 ## ref: https://github.com/bitnami/containers/tree/main/bitnami/mongodb#configuring-system-log-verbosity-level
326 ## @param systemLogVerbosity MongoDB(®) system log verbosity level
327 ## @param disableSystemLog Switch to enable/disable MongoDB(®) system log
329 systemLogVerbosity: 0
330 disableSystemLog: false
331 ## @param disableJavascript Switch to enable/disable MongoDB(®) server-side JavaScript execution
332 ## ref: https://docs.mongodb.com/manual/core/server-side-javascript/
334 disableJavascript: false
335 ## @param enableJournal Switch to enable/disable MongoDB(®) Journaling
336 ## ref: https://docs.mongodb.com/manual/reference/configuration-options/#mongodb-setting-storage.journal.enabled
339 ## @param configuration MongoDB(®) configuration file to be used for Primary and Secondary nodes
340 ## For documentation of all options, see: http://docs.mongodb.org/manual/reference/configuration-options/
343 ## # where and how to store data.
345 ## dbPath: /bitnami/mongodb/data/db
348 ## directoryPerDB: false
349 ## # where to write logging data
355 ## path: /opt/bitnami/mongodb/logs/mongodb.log
357 ## # network interfaces
362 ## pathPrefix: /opt/bitnami/mongodb/tmp
365 ## # replica set options
367 ## #replSetName: replicaset
368 ## #enableMajorityReadConcern: true
369 ## # process management options
370 ## processManagement:
372 ## pidFilePath: /opt/bitnami/mongodb/tmp/mongodb.pid
373 ## # set parameter options
375 ## enableLocalhostAuthBypass: true
376 ## # security options
378 ## authorization: disabled
379 ## #keyFile: /opt/bitnami/mongodb/conf/keyfile
382 ## @section replicaSetConfigurationSettings settings applied during runtime (not via configuration file)
383 ## If enabled, these are applied by a script which is called within setup.sh
384 ## for documentation see https://docs.mongodb.com/manual/reference/replica-configuration/#replica-set-configuration-fields
385 ## @param replicaSetConfigurationSettings.enabled Enable MongoDB(®) Switch to enable/disable configuring MongoDB(®) run time rs.conf settings
386 ## @param replicaSetConfigurationSettings.configuration run-time rs.conf settings
388 replicaSetConfigurationSettings:
391 ## Custom configurations for individual replica set members.
392 ## Use the prefix 'members[X].' to apply settings to the member X of the replica set.
393 ## Example: 'members[0].priority: 3' sets the priority of the first replica set member to 3.
394 ## The index X in 'members[X]' corresponds to the member's position in the replica set.
395 ## members[0].priority: 3
396 ## chainingAllowed : false
397 ## heartbeatTimeoutSecs : 10
398 ## heartbeatIntervalMillis : 2000
399 ## electionTimeoutMillis : 10000
400 ## catchUpTimeoutMillis : 30000
401 ## @param existingConfigmap Name of existing ConfigMap with MongoDB(®) configuration for Primary and Secondary nodes
402 ## NOTE: When it's set the arbiter.configuration parameter is ignored
404 existingConfigmap: ""
405 ## @param initdbScripts Dictionary of initdb scripts
406 ## Specify dictionary of scripts to be run at first boot
409 ## my_init_script.sh: |
411 ## echo "Do something."
414 ## @param initdbScriptsConfigMap Existing ConfigMap with custom initdb scripts
416 initdbScriptsConfigMap: ""
417 ## Command and args for running the container (set to default if not set). Use array form
418 ## @param command Override default container command (useful when using custom images)
419 ## @param args Override default container args (useful when using custom images)
423 ## @param extraFlags MongoDB(®) additional command line flags
426 ## - "--wiredTigerCacheSizeGB=2"
429 ## @param extraEnvVars Extra environment variables to add to MongoDB(®) pods
436 ## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars
439 ## @param extraEnvVarsSecret Name of existing Secret containing extra env vars (in case of sensitive data)
441 extraEnvVarsSecret: ""
442 ## @section MongoDB(®) statefulset parameters
445 ## @param annotations Additional labels to be added to the MongoDB(®) statefulset. Evaluated as a template
448 ## @param labels Annotations to be added to the MongoDB(®) statefulset. Evaluated as a template
451 ## @param replicaCount Number of MongoDB(®) nodes
452 ## When `mongodb.architecture=replicaset`, the number of replicas is taken in account
453 ## When `mongodb.architecture=standalone`, the number of replicas can only be 0 or 1 (value higher then 1 will not be taken in account)
456 ## @param updateStrategy.type Strategy to use to replace existing MongoDB(®) pods. When architecture=standalone and useStatefulSet=false,
457 ## this parameter will be applied on a deployment object. In other case it will be applied on a statefulset object
458 ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
459 ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
462 ## type: RollingUpdate
465 ## maxUnavailable: 25%
469 ## @param podManagementPolicy Pod management policy for MongoDB(®)
470 ## Should be initialized one by one when building the replicaset for the first time
472 podManagementPolicy: OrderedReady
473 ## @param podAffinityPreset MongoDB(®) Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
474 ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
476 podAffinityPreset: ""
477 ## @param podAntiAffinityPreset MongoDB(®) Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
478 ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
480 podAntiAffinityPreset: soft
481 ## Node affinity preset
482 ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
485 ## @param nodeAffinityPreset.type MongoDB(®) Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
488 ## @param nodeAffinityPreset.key MongoDB(®) Node label key to match Ignored if `affinity` is set.
490 ## key: "kubernetes.io/e2e-az-name"
493 ## @param nodeAffinityPreset.values MongoDB(®) Node label values to match. Ignored if `affinity` is set.
500 ## @param affinity MongoDB(®) Affinity for pod assignment
501 ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
502 ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
505 ## @param nodeSelector MongoDB(®) Node labels for pod assignment
506 ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
509 ## @param tolerations MongoDB(®) Tolerations for pod assignment
510 ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
513 ## @param topologySpreadConstraints MongoDB(®) Spread Constraints for Pods
514 ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
516 topologySpreadConstraints: []
517 ## @param lifecycleHooks LifecycleHook for the MongoDB(®) container(s) to automate configuration before or after startup
520 ## @param terminationGracePeriodSeconds MongoDB(®) Termination Grace Period
522 terminationGracePeriodSeconds: ""
523 ## @param podLabels MongoDB(®) pod labels
524 ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
527 ## @param podAnnotations MongoDB(®) Pod annotations
528 ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
531 ## @param priorityClassName Name of the existing priority class to be used by MongoDB(®) pod(s)
532 ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
534 priorityClassName: ""
535 ## @param runtimeClassName Name of the runtime class to be used by MongoDB(®) pod(s)
536 ## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/
539 ## MongoDB(®) pods' Security Context.
540 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
541 ## @param podSecurityContext.enabled Enable MongoDB(®) pod(s)' Security Context
542 ## @param podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
543 ## @param podSecurityContext.supplementalGroups Set filesystem extra groups
544 ## @param podSecurityContext.fsGroup Group ID for the volumes of the MongoDB(®) pod(s)
545 ## @param podSecurityContext.sysctls sysctl settings of the MongoDB(®) pod(s)'
549 fsGroupChangePolicy: Always
550 supplementalGroups: []
555 ## - name: net.core.somaxconn
559 ## MongoDB(®) containers' Security Context (main and metrics container).
560 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
561 ## @param containerSecurityContext.enabled Enabled containers' Security Context
562 ## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
563 ## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser
564 ## @param containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
565 ## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
566 ## @param containerSecurityContext.privileged Set container's Security Context privileged
567 ## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
568 ## @param containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
569 ## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped
570 ## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
572 containerSecurityContext:
579 readOnlyRootFilesystem: true
580 allowPrivilegeEscalation: false
586 type: "RuntimeDefault"
587 ## MongoDB(®) containers' resource requests and limits.
588 ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
589 ## We usually recommend not to specify default resources and to leave this as a conscious
590 ## choice for the user. This also increases chances charts run on environments with little
591 ## resources, such as Minikube. If you do want to specify resources, uncomment the following
592 ## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
593 ## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
594 ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
596 resourcesPreset: "none"
597 ## @param resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
608 ## @param containerPorts.mongodb MongoDB(®) container port
612 ## MongoDB(®) pods' liveness probe. Evaluated as a template.
613 ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
614 ## @param livenessProbe.enabled Enable livenessProbe
615 ## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
616 ## @param livenessProbe.periodSeconds Period seconds for livenessProbe
617 ## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
618 ## @param livenessProbe.failureThreshold Failure threshold for livenessProbe
619 ## @param livenessProbe.successThreshold Success threshold for livenessProbe
623 initialDelaySeconds: 30
628 ## MongoDB(®) pods' readiness probe. Evaluated as a template.
629 ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
630 ## @param readinessProbe.enabled Enable readinessProbe
631 ## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
632 ## @param readinessProbe.periodSeconds Period seconds for readinessProbe
633 ## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
634 ## @param readinessProbe.failureThreshold Failure threshold for readinessProbe
635 ## @param readinessProbe.successThreshold Success threshold for readinessProbe
639 initialDelaySeconds: 5
644 ## Slow starting containers can be protected through startup probes
645 ## Startup probes are available in Kubernetes version 1.16 and above
646 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes
647 ## @param startupProbe.enabled Enable startupProbe
648 ## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
649 ## @param startupProbe.periodSeconds Period seconds for startupProbe
650 ## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe
651 ## @param startupProbe.failureThreshold Failure threshold for startupProbe
652 ## @param startupProbe.successThreshold Success threshold for startupProbe
656 initialDelaySeconds: 5
661 ## @param customLivenessProbe Override default liveness probe for MongoDB(®) containers
662 ## Ignored when livenessProbe.enabled=true
664 customLivenessProbe: {}
665 ## @param customReadinessProbe Override default readiness probe for MongoDB(®) containers
666 ## Ignored when readinessProbe.enabled=true
668 customReadinessProbe: {}
669 ## @param customStartupProbe Override default startup probe for MongoDB(®) containers
670 ## Ignored when startupProbe.enabled=true
672 customStartupProbe: {}
673 ## @param initContainers Add additional init containers for the hidden node pod(s)
676 ## - name: your-image-name
678 ## imagePullPolicy: Always
681 ## containerPort: 1234
684 ## @param sidecars Add additional sidecar containers for the MongoDB(®) pod(s)
687 ## - name: your-image-name
689 ## imagePullPolicy: Always
692 ## containerPort: 1234
693 ## This is an optional 'mongo-labeler' sidecar container that tracks replica-set for the primary mongodb pod
694 ## and labels it dynamically with ' primary: "true" ' in order for an extra-deployed service to always expose
695 ## and attach to the primary pod, this needs to be uncommented along with the suggested 'extraDeploy' example
696 ## and the suggested rbac example for the pod to be allowed adding labels to mongo replica pods
697 ## search 'mongo-labeler' through this file to find the sections that needs to be uncommented to make it work
699 ## - name: mongo-labeler
700 ## image: korenlev/k8s-mongo-labeler-sidecar
701 ## imagePullPolicy: Always
703 ## - name: LABEL_SELECTOR
704 ## value: "app.kubernetes.io/component=mongodb,app.kubernetes.io/instance=mongodb,app.kubernetes.io/name=mongodb"
706 ## value: "the-mongodb-namespace"
711 ## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for the MongoDB(®) container(s)
713 ## extraVolumeMounts:
715 ## mountPath: /usr/share/extras
718 extraVolumeMounts: []
719 ## @param extraVolumes Optionally specify extra list of additional volumes to the MongoDB(®) statefulset
725 ## MongoDB(®) Pod Disruption Budget configuration
726 ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
729 ## @param pdb.create Enable/disable a Pod Disruption Budget creation for MongoDB(®) pod(s)
732 ## @param pdb.minAvailable Minimum number/percentage of MongoDB(®) pods that must still be available after the eviction
735 ## @param pdb.maxUnavailable Maximum number/percentage of MongoDB(®) pods that may be made unavailable after the eviction
738 ## @section Traffic exposure parameters
741 ## Service parameters
744 ## @param service.nameOverride MongoDB(®) service name
747 ## @param service.type Kubernetes Service type (only for standalone architecture)
750 ## @param service.portName MongoDB(®) service port name (only for standalone architecture)
753 ## @param service.ports.mongodb MongoDB(®) service port.
757 ## @param service.nodePorts.mongodb Port to bind to for NodePort and LoadBalancer service types (only for standalone architecture)
758 ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
762 ## @param service.clusterIP MongoDB(®) service cluster IP (only for standalone architecture)
767 ## @param service.externalIPs Specify the externalIP value ClusterIP service type (only for standalone architecture)
768 ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips
771 ## @param service.loadBalancerIP loadBalancerIP for MongoDB(®) Service (only for standalone architecture)
772 ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer
775 ## @param service.loadBalancerClass loadBalancerClass for MongoDB(®) Service (only for standalone architecture)
776 # ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class
777 loadBalancerClass: ""
778 ## @param service.loadBalancerSourceRanges Address(es) that are allowed when service is LoadBalancer (only for standalone architecture)
779 ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
781 loadBalancerSourceRanges: []
782 ## @param service.allocateLoadBalancerNodePorts Wheter to allocate node ports when service type is LoadBalancer
783 ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-nodeport-allocation
785 allocateLoadBalancerNodePorts: true
786 ## @param service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
789 ## @param service.annotations Provide any additional annotations that may be required
792 ## @param service.externalTrafficPolicy service external traffic policy (only for standalone architecture)
793 ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
795 externalTrafficPolicy: Local
796 ## @param service.sessionAffinity Control where client requests go, to the same pod or round-robin
797 ## Values: ClientIP or None
798 ## ref: https://kubernetes.io/docs/concepts/services-networking/service/
800 sessionAffinity: None
801 ## @param service.sessionAffinityConfig Additional settings for the sessionAffinity
802 ## sessionAffinityConfig:
804 ## timeoutSeconds: 300
806 sessionAffinityConfig: {}
807 ## Headless service properties
810 ## @param service.headless.annotations Annotations for the headless service.
813 ## External Access to MongoDB(®) nodes configuration
816 ## @param externalAccess.enabled Enable Kubernetes external cluster access to MongoDB(®) nodes (only for replicaset architecture)
819 ## External IPs auto-discovery configuration
820 ## An init container is used to auto-detect LB IPs or node ports by querying the K8s API
821 ## Note: RBAC might be required
824 ## @param externalAccess.autoDiscovery.enabled Enable using an init container to auto-detect external IPs by querying the K8s API
827 ## Bitnami Kubectl image
828 ## ref: https://hub.docker.com/r/bitnami/kubectl/tags/
829 ## @param externalAccess.autoDiscovery.image.registry [default: REGISTRY_NAME] Init container auto-discovery image registry
830 ## @param externalAccess.autoDiscovery.image.repository [default: REPOSITORY_NAME/kubectl] Init container auto-discovery image repository
831 ## @skip externalAccess.autoDiscovery.image.tag Init container auto-discovery image tag (immutable tags are recommended)
832 ## @param externalAccess.autoDiscovery.image.digest Init container auto-discovery image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
833 ## @param externalAccess.autoDiscovery.image.pullPolicy Init container auto-discovery image pull policy
834 ## @param externalAccess.autoDiscovery.image.pullSecrets Init container auto-discovery image pull secrets
838 repository: bitnami/kubectl
839 tag: 1.29.3-debian-12-r3
841 ## Specify a imagePullPolicy
842 ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
843 ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
845 pullPolicy: IfNotPresent
846 ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace)
847 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
850 ## - myRegistryKeySecretName
853 ## Init Container resource requests and limits
854 ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
855 ## We usually recommend not to specify default resources and to leave this as a conscious
856 ## choice for the user. This also increases chances charts run on environments with little
857 ## resources, such as Minikube. If you do want to specify resources, uncomment the following
858 ## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
859 ## @param externalAccess.autoDiscovery.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if externalAccess.autoDiscovery.resources is set (externalAccess.autoDiscovery.resources is recommended for production).
860 ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
862 resourcesPreset: "none"
863 ## @param externalAccess.autoDiscovery.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
874 ## Parameters to configure a set of Pods that connect to an existing MongoDB(®) deployment that lies outside of Kubernetes.
875 ## @param externalAccess.externalMaster.enabled Use external master for bootstrapping
876 ## @param externalAccess.externalMaster.host External master host to bootstrap from
877 ## @param externalAccess.externalMaster.port Port for MongoDB(®) service external master host
883 ## Parameters to configure K8s service(s) used to externally access MongoDB(®)
884 ## A new service per broker will be created
887 ## @param externalAccess.service.type Kubernetes Service type for external access. Allowed values: NodePort, LoadBalancer or ClusterIP
890 ## @param externalAccess.service.portName MongoDB(®) port name used for external access when service type is LoadBalancer
893 ## @param externalAccess.service.ports.mongodb MongoDB(®) port used for external access when service type is LoadBalancer
897 ## @param externalAccess.service.loadBalancerIPs Array of load balancer IPs for MongoDB(®) nodes
904 ## @param externalAccess.service.loadBalancerClass loadBalancerClass when service type is LoadBalancer
905 # ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class
906 loadBalancerClass: ""
907 ## @param externalAccess.service.loadBalancerSourceRanges Address(es) that are allowed when service is LoadBalancer
908 ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
910 ## loadBalancerSourceRanges:
913 loadBalancerSourceRanges: []
914 ## @param externalAccess.service.allocateLoadBalancerNodePorts Wheter to allocate node ports when service type is LoadBalancer
915 ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-nodeport-allocation
917 allocateLoadBalancerNodePorts: true
918 ## @param externalAccess.service.externalTrafficPolicy MongoDB(®) service external traffic policy
919 ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
921 externalTrafficPolicy: Local
922 ## @param externalAccess.service.nodePorts Array of node ports used to configure MongoDB(®) advertised hostname when service type is NodePort
929 ## @param externalAccess.service.domain Domain or external IP used to configure MongoDB(®) advertised hostname when service type is NodePort
930 ## If not specified, the container will try to get the kubernetes node external IP
932 ## domain: mydomain.com
935 ## @param externalAccess.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
938 ## @param externalAccess.service.annotations Service annotations for external access
941 ## @param externalAccess.service.sessionAffinity Control where client requests go, to the same pod or round-robin
942 ## Values: ClientIP or None
943 ## ref: https://kubernetes.io/docs/concepts/services-networking/service/
945 sessionAffinity: None
946 ## @param externalAccess.service.sessionAffinityConfig Additional settings for the sessionAffinity
947 ## sessionAffinityConfig:
949 ## timeoutSeconds: 300
951 sessionAffinityConfig: {}
952 ## External Access to MongoDB(®) Hidden nodes configuration
955 ## @param externalAccess.hidden.enabled Enable Kubernetes external cluster access to MongoDB(®) hidden nodes
958 ## Parameters to configure K8s service(s) used to externally access MongoDB(®)
959 ## A new service per broker will be created
962 ## @param externalAccess.hidden.service.type Kubernetes Service type for external access. Allowed values: NodePort or LoadBalancer
965 ## @param externalAccess.hidden.service.portName MongoDB(®) port name used for external access when service type is LoadBalancer
968 ## @param externalAccess.hidden.service.ports.mongodb MongoDB(®) port used for external access when service type is LoadBalancer
972 ## @param externalAccess.hidden.service.loadBalancerIPs Array of load balancer IPs for MongoDB(®) nodes
979 ## @param externalAccess.hidden.service.loadBalancerClass loadBalancerClass when service type is LoadBalancer
980 # ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class
981 loadBalancerClass: ""
982 ## @param externalAccess.hidden.service.loadBalancerSourceRanges Address(es) that are allowed when service is LoadBalancer
983 ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
985 ## loadBalancerSourceRanges:
988 loadBalancerSourceRanges: []
989 ## @param externalAccess.hidden.service.allocateLoadBalancerNodePorts Wheter to allocate node ports when service type is LoadBalancer
990 ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-nodeport-allocation
992 allocateLoadBalancerNodePorts: true
993 ## @param externalAccess.hidden.service.externalTrafficPolicy MongoDB(®) service external traffic policy
994 ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
996 externalTrafficPolicy: Local
997 ## @param externalAccess.hidden.service.nodePorts Array of node ports used to configure MongoDB(®) advertised hostname when service type is NodePort. Length must be the same as replicaCount
1004 ## @param externalAccess.hidden.service.domain Domain or external IP used to configure MongoDB(®) advertised hostname when service type is NodePort
1005 ## If not specified, the container will try to get the kubernetes node external IP
1007 ## domain: mydomain.com
1010 ## @param externalAccess.hidden.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
1013 ## @param externalAccess.hidden.service.annotations Service annotations for external access
1016 ## @param externalAccess.hidden.service.sessionAffinity Control where client requests go, to the same pod or round-robin
1017 ## Values: ClientIP or None
1018 ## ref: https://kubernetes.io/docs/concepts/services-networking/service/
1020 sessionAffinity: None
1021 ## @param externalAccess.hidden.service.sessionAffinityConfig Additional settings for the sessionAffinity
1022 ## sessionAffinityConfig:
1024 ## timeoutSeconds: 300
1026 sessionAffinityConfig: {}
1027 ## @section Network policy parameters
1031 ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
1034 ## @param networkPolicy.enabled Specifies whether a NetworkPolicy should be created
1037 ## @param networkPolicy.allowExternal Don't require server label for connections
1038 ## The Policy model to apply. When set to false, only pods with the correct
1039 ## server label will have network access to the ports server is listening
1040 ## on. When true, server will accept connections from any source
1041 ## (with the correct destination port).
1044 ## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
1046 allowExternalEgress: true
1047 ## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolice
1057 ## - matchExpressions:
1063 ## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
1073 ## - matchExpressions:
1080 ## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
1081 ## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
1083 ingressNSMatchLabels: {}
1084 ingressNSPodMatchLabels: {}
1086 ## @param persistence.enabled Enable MongoDB(®) data persistence using PVC
1089 ## @param persistence.name Name of the PVC and mounted volume
1092 ## @param persistence.medium Provide a medium for `emptyDir` volumes.
1093 ## Requires persistence.enabled: false
1096 ## @param persistence.existingClaim Provide an existing `PersistentVolumeClaim` (only when `architecture=standalone`)
1097 ## Requires persistence.enabled: true
1098 ## If defined, PVC must be created manually before volume will be bound
1099 ## Ignored when mongodb.architecture=replicaset
1102 ## @param persistence.resourcePolicy Setting it to "keep" to avoid removing PVCs during a helm delete operation. Leaving it empty will delete PVCs after the chart deleted
1105 ## @param persistence.storageClass PVC Storage Class for MongoDB(®) data volume
1106 ## If defined, storageClassName: <storageClass>
1107 ## If set to "-", storageClassName: "", which disables dynamic provisioning
1108 ## If undefined (the default) or set to null, no storageClassName spec is
1109 ## set, choosing the default provisioner.
1112 ## @param persistence.accessModes PV Access Mode
1116 ## @param persistence.size PVC Storage Request for MongoDB(®) data volume
1119 ## @param persistence.annotations PVC annotations
1122 ## @param persistence.mountPath Path to mount the volume at
1123 ## MongoDB(®) images.
1125 mountPath: /bitnami/mongodb
1126 ## @param persistence.subPath Subdirectory of the volume to mount at
1127 ## and one PV for multiple services.
1130 ## Fine tuning for volumeClaimTemplates
1132 volumeClaimTemplates:
1133 ## @param persistence.volumeClaimTemplates.selector A label query over volumes to consider for binding (e.g. when using local volumes)
1134 ## A label query over volumes to consider for binding (e.g. when using local volumes)
1135 ## See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#labelselector-v1-meta for more details
1138 ## @param persistence.volumeClaimTemplates.requests Custom PVC requests attributes
1139 ## Sometime cloud providers use additional requests attributes to provision custom storage instance
1140 ## See https://cloud.ibm.com/docs/containers?topic=containers-file_storage#file_dynamic_statefulset
1143 ## @param persistence.volumeClaimTemplates.dataSource Add dataSource to the VolumeClaimTemplate
1146 ## Persistent Volume Claim Retention Policy
1147 ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention
1149 persistentVolumeClaimRetentionPolicy:
1150 ## @param persistentVolumeClaimRetentionPolicy.enabled Enable Persistent volume retention policy for MongoDB(®) Statefulset
1153 ## @param persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced
1156 ## @param persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted
1159 ## @section Backup parameters
1160 ## This section implements a trivial logical dump cronjob of the database.
1161 ## This only comes with the consistency guarantees of the dump program.
1162 ## This is not a snapshot based roll forward/backward recovery backup.
1163 ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/
1166 ## @param backup.enabled Enable the logical dump of the database "regularly"
1169 ## Fine tuning cronjob's config
1172 ## @param backup.cronjob.schedule Set the cronjob parameter schedule
1175 ## @param backup.cronjob.concurrencyPolicy Set the cronjob parameter concurrencyPolicy
1177 concurrencyPolicy: Allow
1178 ## @param backup.cronjob.failedJobsHistoryLimit Set the cronjob parameter failedJobsHistoryLimit
1180 failedJobsHistoryLimit: 1
1181 ## @param backup.cronjob.successfulJobsHistoryLimit Set the cronjob parameter successfulJobsHistoryLimit
1183 successfulJobsHistoryLimit: 3
1184 ## @param backup.cronjob.startingDeadlineSeconds Set the cronjob parameter startingDeadlineSeconds
1186 startingDeadlineSeconds: ""
1187 ## @param backup.cronjob.ttlSecondsAfterFinished Set the cronjob parameter ttlSecondsAfterFinished
1189 ttlSecondsAfterFinished: ""
1190 ## @param backup.cronjob.restartPolicy Set the cronjob parameter restartPolicy
1192 restartPolicy: OnFailure
1193 ## backup container's Security Context
1194 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
1195 ## @param backup.cronjob.containerSecurityContext.enabled Enabled containers' Security Context
1196 ## @param backup.cronjob.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
1197 ## @param backup.cronjob.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
1198 ## @param backup.cronjob.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
1199 ## @param backup.cronjob.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
1200 ## @param backup.cronjob.containerSecurityContext.privileged Set container's Security Context privileged
1201 ## @param backup.cronjob.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
1202 ## @param backup.cronjob.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
1203 ## @param backup.cronjob.containerSecurityContext.capabilities.drop List of capabilities to be dropped
1204 ## @param backup.cronjob.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
1206 containerSecurityContext:
1213 readOnlyRootFilesystem: true
1214 allowPrivilegeEscalation: false
1220 type: "RuntimeDefault"
1221 ## @param backup.cronjob.command Set backup container's command to run
1224 ## @param backup.cronjob.labels Set the cronjob labels
1227 ## @param backup.cronjob.annotations Set the cronjob annotations
1230 ## Backup container's
1233 ## @param backup.cronjob.storage.existingClaim Provide an existing `PersistentVolumeClaim` (only when `architecture=standalone`)
1234 ## If defined, PVC must be created manually before volume will be bound
1237 ## @param backup.cronjob.storage.resourcePolicy Setting it to "keep" to avoid removing PVCs during a helm delete operation. Leaving it empty will delete PVCs after the chart deleted
1240 ## @param backup.cronjob.storage.storageClass PVC Storage Class for the backup data volume
1241 ## If defined, storageClassName: <storageClass>
1242 ## If set to "-", storageClassName: "", which disables dynamic provisioning
1243 ## If undefined (the default) or set to null, no storageClassName spec is
1244 ## set, choosing the default provisioner.
1247 ## @param backup.cronjob.storage.accessModes PV Access Mode
1251 ## @param backup.cronjob.storage.size PVC Storage Request for the backup data volume
1254 ## @param backup.cronjob.storage.annotations PVC annotations
1257 ## @param backup.cronjob.storage.mountPath Path to mount the volume at
1259 mountPath: /backup/mongodb
1260 ## @param backup.cronjob.storage.subPath Subdirectory of the volume to mount at
1261 ## and one PV for multiple services.
1264 ## Fine tuning for volumeClaimTemplates
1266 volumeClaimTemplates:
1267 ## @param backup.cronjob.storage.volumeClaimTemplates.selector A label query over volumes to consider for binding (e.g. when using local volumes)
1268 ## A label query over volumes to consider for binding (e.g. when using local volumes)
1269 ## See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#labelselector-v1-meta for more details
1272 ## @section RBAC parameters
1276 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
1279 ## @param serviceAccount.create Enable creation of ServiceAccount for MongoDB(®) pods
1282 ## @param serviceAccount.name Name of the created serviceAccount
1283 ## If not set and create is true, a name is generated using the mongodb.fullname template
1286 ## @param serviceAccount.annotations Additional Service Account annotations
1289 ## @param serviceAccount.automountServiceAccountToken Allows auto mount of ServiceAccountToken on the serviceAccount created
1290 ## Can be set to false if pods using this serviceAccount do not need to use K8s API
1292 automountServiceAccountToken: false
1293 ## Role Based Access
1294 ## ref: https://kubernetes.io/docs/admin/authorization/rbac/
1297 ## @param rbac.create Whether to create & use RBAC resources or not
1298 ## binding MongoDB(®) ServiceAccount to a role
1299 ## that allows MongoDB(®) pods querying the K8s API
1300 ## this needs to be set to 'true' to enable the mongo-labeler sidecar primary mongodb discovery
1303 ## @param rbac.rules Custom rules to create following the role specification
1304 ## The example below needs to be uncommented to use the 'mongo-labeler' sidecar for dynamic discovery of the primary mongodb pod:
1317 ## PodSecurityPolicy configuration
1318 ## Be sure to also set rbac.create to true, otherwise Role and RoleBinding won't be created.
1319 ## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
1322 ## @param podSecurityPolicy.create Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later
1325 ## @param podSecurityPolicy.allowPrivilegeEscalation Enable privilege escalation
1326 ## Either use predefined policy with some adjustments or use `podSecurityPolicy.spec`
1328 allowPrivilegeEscalation: false
1329 ## @param podSecurityPolicy.privileged Allow privileged
1332 ## @param podSecurityPolicy.spec Specify the full spec to use for Pod Security Policy
1333 ## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
1334 ## Defining a spec ignores the above values.
1338 ## allowPrivilegeEscalation: false
1340 ## rule: 'MustRunAs'
1345 ## hostNetwork: false
1347 ## privileged: false
1348 ## readOnlyRootFilesystem: false
1349 ## requiredDropCapabilities:
1352 ## rule: 'MustRunAs'
1358 ## supplementalGroups:
1359 ## rule: 'MustRunAs'
1367 ## - 'persistentVolumeClaim'
1369 ## @section Volume Permissions parameters
1371 ## Init Container parameters
1372 ## Change the owner and group of the persistent volume(s) mountpoint(s) to 'runAsUser:fsGroup' on each component
1373 ## values from the securityContext section of the component
1376 ## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup`
1379 ## @param volumePermissions.image.registry [default: REGISTRY_NAME] Init container volume-permissions image registry
1380 ## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] Init container volume-permissions image repository
1381 ## @skip volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended)
1382 ## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
1383 ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy
1384 ## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array
1388 repository: bitnami/os-shell
1389 tag: 12-debian-12-r18
1391 ## Specify a imagePullPolicy
1392 ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
1393 ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
1395 pullPolicy: IfNotPresent
1396 ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace)
1397 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
1400 ## - myRegistryKeySecretName
1403 ## Init Container resource requests and limits
1404 ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
1405 ## We usually recommend not to specify default resources and to leave this as a conscious
1406 ## choice for the user. This also increases chances charts run on environments with little
1407 ## resources, such as Minikube. If you do want to specify resources, uncomment the following
1408 ## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
1409 ## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production).
1410 ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
1412 resourcesPreset: "none"
1413 ## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
1424 ## Init container Security Context
1425 ## Note: the chown of the data folder is done to containerSecurityContext.runAsUser
1426 ## and not the below volumePermissions.securityContext.runAsUser
1427 ## When runAsUser is set to special value "auto", init container will try to chwon the
1428 ## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2`
1429 ## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed).
1430 ## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with
1431 ## podSecurityContext.enabled=false,containerSecurityContext.enabled=false and shmVolume.chmod.enabled=false
1432 ## @param volumePermissions.securityContext.seLinuxOptions [object,nullable] Set SELinux options in container
1433 ## @param volumePermissions.securityContext.runAsUser User ID for the volumePermissions container
1438 ## @section Arbiter parameters
1441 ## @param arbiter.enabled Enable deploying the arbiter
1442 ## https://docs.mongodb.com/manual/tutorial/add-replica-set-arbiter/
1445 ## @param arbiter.automountServiceAccountToken Mount Service Account token in pod
1447 automountServiceAccountToken: false
1448 ## @param arbiter.hostAliases Add deployment host aliases
1449 ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
1452 ## @param arbiter.configuration Arbiter configuration file to be used
1453 ## http://docs.mongodb.org/manual/reference/configuration-options/
1456 ## @param arbiter.existingConfigmap Name of existing ConfigMap with Arbiter configuration
1457 ## NOTE: When it's set the arbiter.configuration parameter is ignored
1459 existingConfigmap: ""
1460 ## Command and args for running the container (set to default if not set). Use array form
1461 ## @param arbiter.command Override default container command (useful when using custom images)
1462 ## @param arbiter.args Override default container args (useful when using custom images)
1466 ## @param arbiter.extraFlags Arbiter additional command line flags
1469 ## - "--wiredTigerCacheSizeGB=2"
1472 ## @param arbiter.extraEnvVars Extra environment variables to add to Arbiter pods
1479 ## @param arbiter.extraEnvVarsCM Name of existing ConfigMap containing extra env vars
1482 ## @param arbiter.extraEnvVarsSecret Name of existing Secret containing extra env vars (in case of sensitive data)
1484 extraEnvVarsSecret: ""
1485 ## @param arbiter.annotations Additional labels to be added to the Arbiter statefulset
1488 ## @param arbiter.labels Annotations to be added to the Arbiter statefulset
1491 ## @param arbiter.topologySpreadConstraints MongoDB(®) Spread Constraints for arbiter Pods
1492 ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
1494 topologySpreadConstraints: []
1495 ## @param arbiter.lifecycleHooks LifecycleHook for the Arbiter container to automate configuration before or after startup
1498 ## @param arbiter.terminationGracePeriodSeconds Arbiter Termination Grace Period
1500 terminationGracePeriodSeconds: ""
1501 ## @param arbiter.updateStrategy.type Strategy that will be employed to update Pods in the StatefulSet
1502 ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
1504 ## type: RollingUpdate
1507 ## maxUnavailable: 25%
1511 ## @param arbiter.podManagementPolicy Pod management policy for MongoDB(®)
1512 ## Should be initialized one by one when building the replicaset for the first time
1514 podManagementPolicy: OrderedReady
1515 ## @param arbiter.schedulerName Name of the scheduler (other than default) to dispatch pods
1516 ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
1519 ## @param arbiter.podAffinityPreset Arbiter Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
1520 ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
1522 podAffinityPreset: ""
1523 ## @param arbiter.podAntiAffinityPreset Arbiter Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
1524 ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
1526 podAntiAffinityPreset: soft
1527 ## Node affinity preset
1528 ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
1531 ## @param arbiter.nodeAffinityPreset.type Arbiter Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
1534 ## @param arbiter.nodeAffinityPreset.key Arbiter Node label key to match Ignored if `affinity` is set.
1536 ## key: "kubernetes.io/e2e-az-name"
1539 ## @param arbiter.nodeAffinityPreset.values Arbiter Node label values to match. Ignored if `affinity` is set.
1546 ## @param arbiter.affinity Arbiter Affinity for pod assignment
1547 ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
1548 ## Note: arbiter.podAffinityPreset, arbiter.podAntiAffinityPreset, and arbiter.nodeAffinityPreset will be ignored when it's set
1551 ## @param arbiter.nodeSelector Arbiter Node labels for pod assignment
1552 ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
1555 ## @param arbiter.tolerations Arbiter Tolerations for pod assignment
1556 ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
1559 ## @param arbiter.podLabels Arbiter pod labels
1560 ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
1563 ## @param arbiter.podAnnotations Arbiter Pod annotations
1564 ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
1567 ## @param arbiter.priorityClassName Name of the existing priority class to be used by Arbiter pod(s)
1568 ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
1570 priorityClassName: ""
1571 ## @param arbiter.runtimeClassName Name of the runtime class to be used by Arbiter pod(s)
1572 ## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/
1574 runtimeClassName: ""
1575 ## MongoDB(®) Arbiter pods' Security Context.
1576 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
1577 ## @param arbiter.podSecurityContext.enabled Enable Arbiter pod(s)' Security Context
1578 ## @param arbiter.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
1579 ## @param arbiter.podSecurityContext.supplementalGroups Set filesystem extra groups
1580 ## @param arbiter.podSecurityContext.fsGroup Group ID for the volumes of the Arbiter pod(s)
1581 ## @param arbiter.podSecurityContext.sysctls sysctl settings of the Arbiter pod(s)'
1585 fsGroupChangePolicy: Always
1586 supplementalGroups: []
1591 ## - name: net.core.somaxconn
1595 ## MongoDB(®) Arbiter containers' Security Context (only main container).
1596 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
1597 ## @param arbiter.containerSecurityContext.enabled Enabled containers' Security Context
1598 ## @param arbiter.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
1599 ## @param arbiter.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
1600 ## @param arbiter.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
1601 ## @param arbiter.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
1602 ## @param arbiter.containerSecurityContext.privileged Set container's Security Context privileged
1603 ## @param arbiter.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
1604 ## @param arbiter.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
1605 ## @param arbiter.containerSecurityContext.capabilities.drop List of capabilities to be dropped
1606 ## @param arbiter.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
1608 containerSecurityContext:
1615 readOnlyRootFilesystem: true
1616 allowPrivilegeEscalation: false
1622 type: "RuntimeDefault"
1623 ## MongoDB(®) Arbiter containers' resource requests and limits.
1624 ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
1625 ## We usually recommend not to specify default resources and to leave this as a conscious
1626 ## choice for the user. This also increases chances charts run on environments with little
1627 ## resources, such as Minikube. If you do want to specify resources, uncomment the following
1628 ## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
1629 ## @param arbiter.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if arbiter.resources is set (arbiter.resources is recommended for production).
1630 ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
1632 resourcesPreset: "none"
1633 ## @param arbiter.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
1644 ## @param arbiter.containerPorts.mongodb MongoDB(®) arbiter container port
1648 ## MongoDB(®) Arbiter pods' liveness probe. Evaluated as a template.
1649 ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
1650 ## @param arbiter.livenessProbe.enabled Enable livenessProbe
1651 ## @param arbiter.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
1652 ## @param arbiter.livenessProbe.periodSeconds Period seconds for livenessProbe
1653 ## @param arbiter.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
1654 ## @param arbiter.livenessProbe.failureThreshold Failure threshold for livenessProbe
1655 ## @param arbiter.livenessProbe.successThreshold Success threshold for livenessProbe
1659 initialDelaySeconds: 30
1664 ## MongoDB(®) Arbiter pods' readiness probe. Evaluated as a template.
1665 ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
1666 ## @param arbiter.readinessProbe.enabled Enable readinessProbe
1667 ## @param arbiter.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
1668 ## @param arbiter.readinessProbe.periodSeconds Period seconds for readinessProbe
1669 ## @param arbiter.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
1670 ## @param arbiter.readinessProbe.failureThreshold Failure threshold for readinessProbe
1671 ## @param arbiter.readinessProbe.successThreshold Success threshold for readinessProbe
1675 initialDelaySeconds: 5
1680 ## MongoDB(®) Arbiter pods' startup probe. Evaluated as a template.
1681 ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
1682 ## @param arbiter.startupProbe.enabled Enable startupProbe
1683 ## @param arbiter.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
1684 ## @param arbiter.startupProbe.periodSeconds Period seconds for startupProbe
1685 ## @param arbiter.startupProbe.timeoutSeconds Timeout seconds for startupProbe
1686 ## @param arbiter.startupProbe.failureThreshold Failure threshold for startupProbe
1687 ## @param arbiter.startupProbe.successThreshold Success threshold for startupProbe
1691 initialDelaySeconds: 5
1695 failureThreshold: 30
1696 ## @param arbiter.customLivenessProbe Override default liveness probe for Arbiter containers
1697 ## Ignored when arbiter.livenessProbe.enabled=true
1699 customLivenessProbe: {}
1700 ## @param arbiter.customReadinessProbe Override default readiness probe for Arbiter containers
1701 ## Ignored when arbiter.readinessProbe.enabled=true
1703 customReadinessProbe: {}
1704 ## @param arbiter.customStartupProbe Override default startup probe for Arbiter containers
1705 ## Ignored when arbiter.startupProbe.enabled=true
1707 customStartupProbe: {}
1708 ## @param arbiter.initContainers Add additional init containers for the Arbiter pod(s)
1711 ## - name: your-image-name
1712 ## image: your-image
1713 ## imagePullPolicy: Always
1716 ## containerPort: 1234
1719 ## @param arbiter.sidecars Add additional sidecar containers for the Arbiter pod(s)
1722 ## - name: your-image-name
1723 ## image: your-image
1724 ## imagePullPolicy: Always
1727 ## containerPort: 1234
1730 ## @param arbiter.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Arbiter container(s)
1732 ## extraVolumeMounts:
1734 ## mountPath: /usr/share/extras
1737 extraVolumeMounts: []
1738 ## @param arbiter.extraVolumes Optionally specify extra list of additional volumes to the Arbiter statefulset
1744 ## MongoDB(®) Arbiter Pod Disruption Budget configuration
1745 ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
1748 ## @param arbiter.pdb.create Enable/disable a Pod Disruption Budget creation for Arbiter pod(s)
1751 ## @param arbiter.pdb.minAvailable Minimum number/percentage of Arbiter pods that should remain scheduled
1754 ## @param arbiter.pdb.maxUnavailable Maximum number/percentage of Arbiter pods that may be made unavailable
1757 ## MongoDB(®) Arbiter service parameters
1760 ## @param arbiter.service.nameOverride The arbiter service name
1763 ## @param arbiter.service.ports.mongodb MongoDB(®) service port
1767 ## @param arbiter.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
1770 ## @param arbiter.service.annotations Provide any additional annotations that may be required
1773 ## Headless service properties
1776 ## @param arbiter.service.headless.annotations Annotations for the headless service.
1779 ## @section Hidden Node parameters
1782 ## @param hidden.enabled Enable deploying the hidden nodes
1783 ## https://docs.mongodb.com/manual/tutorial/configure-a-hidden-replica-set-member/
1786 ## @param hidden.automountServiceAccountToken Mount Service Account token in pod
1788 automountServiceAccountToken: false
1789 ## @param hidden.hostAliases Add deployment host aliases
1790 ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
1793 ## @param hidden.configuration Hidden node configuration file to be used
1794 ## http://docs.mongodb.org/manual/reference/configuration-options/
1797 ## @param hidden.existingConfigmap Name of existing ConfigMap with Hidden node configuration
1798 ## NOTE: When it's set the hidden.configuration parameter is ignored
1800 existingConfigmap: ""
1801 ## Command and args for running the container (set to default if not set). Use array form
1802 ## @param hidden.command Override default container command (useful when using custom images)
1803 ## @param hidden.args Override default container args (useful when using custom images)
1807 ## @param hidden.extraFlags Hidden node additional command line flags
1810 ## - "--wiredTigerCacheSizeGB=2"
1813 ## @param hidden.extraEnvVars Extra environment variables to add to Hidden node pods
1820 ## @param hidden.extraEnvVarsCM Name of existing ConfigMap containing extra env vars
1823 ## @param hidden.extraEnvVarsSecret Name of existing Secret containing extra env vars (in case of sensitive data)
1825 extraEnvVarsSecret: ""
1826 ## @param hidden.annotations Additional labels to be added to thehidden node statefulset
1829 ## @param hidden.labels Annotations to be added to the hidden node statefulset
1832 ## @param hidden.topologySpreadConstraints MongoDB(®) Spread Constraints for hidden Pods
1833 ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
1835 topologySpreadConstraints: []
1836 ## @param hidden.lifecycleHooks LifecycleHook for the Hidden container to automate configuration before or after startup
1839 ## @param hidden.replicaCount Number of hidden nodes (only when `architecture=replicaset`)
1840 ## Ignored when mongodb.architecture=standalone
1843 ## @param hidden.terminationGracePeriodSeconds Hidden Termination Grace Period
1845 terminationGracePeriodSeconds: ""
1846 ## @param hidden.updateStrategy.type Strategy that will be employed to update Pods in the StatefulSet
1847 ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
1849 ## type: RollingUpdate
1852 ## maxUnavailable: 25%
1856 ## @param hidden.podManagementPolicy Pod management policy for hidden node
1858 podManagementPolicy: OrderedReady
1859 ## @param hidden.schedulerName Name of the scheduler (other than default) to dispatch pods
1860 ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
1863 ## @param hidden.podAffinityPreset Hidden node Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
1864 ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
1866 podAffinityPreset: ""
1867 ## @param hidden.podAntiAffinityPreset Hidden node Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
1868 ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
1870 podAntiAffinityPreset: soft
1871 ## Node affinity preset
1872 ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
1873 ## Allowed values: soft, hard
1876 ## @param hidden.nodeAffinityPreset.type Hidden Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
1879 ## @param hidden.nodeAffinityPreset.key Hidden Node label key to match Ignored if `affinity` is set.
1881 ## key: "kubernetes.io/e2e-az-name"
1884 ## @param hidden.nodeAffinityPreset.values Hidden Node label values to match. Ignored if `affinity` is set.
1891 ## @param hidden.affinity Hidden node Affinity for pod assignment
1892 ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
1893 ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
1896 ## @param hidden.nodeSelector Hidden node Node labels for pod assignment
1897 ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
1900 ## @param hidden.tolerations Hidden node Tolerations for pod assignment
1901 ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
1904 ## @param hidden.podLabels Hidden node pod labels
1905 ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
1908 ## @param hidden.podAnnotations Hidden node Pod annotations
1909 ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
1912 ## @param hidden.priorityClassName Name of the existing priority class to be used by hidden node pod(s)
1913 ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
1915 priorityClassName: ""
1916 ## @param hidden.runtimeClassName Name of the runtime class to be used by hidden node pod(s)
1917 ## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/
1919 runtimeClassName: ""
1920 ## MongoDB(®) Hidden pods' Security Context.
1921 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
1922 ## @param hidden.podSecurityContext.enabled Enable Hidden pod(s)' Security Context
1923 ## @param hidden.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
1924 ## @param hidden.podSecurityContext.supplementalGroups Set filesystem extra groups
1925 ## @param hidden.podSecurityContext.fsGroup Group ID for the volumes of the Hidden pod(s)
1926 ## @param hidden.podSecurityContext.sysctls sysctl settings of the Hidden pod(s)'
1930 fsGroupChangePolicy: Always
1931 supplementalGroups: []
1936 ## - name: net.core.somaxconn
1940 ## MongoDB(®) Hidden containers' Security Context (only main container).
1941 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
1942 ## @param hidden.containerSecurityContext.enabled Enabled containers' Security Context
1943 ## @param hidden.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
1944 ## @param hidden.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
1945 ## @param hidden.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
1946 ## @param hidden.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
1947 ## @param hidden.containerSecurityContext.privileged Set container's Security Context privileged
1948 ## @param hidden.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
1949 ## @param hidden.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
1950 ## @param hidden.containerSecurityContext.capabilities.drop List of capabilities to be dropped
1951 ## @param hidden.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
1953 containerSecurityContext:
1960 readOnlyRootFilesystem: true
1961 allowPrivilegeEscalation: false
1967 type: "RuntimeDefault"
1968 ## MongoDB(®) Hidden containers' resource requests and limits.
1969 ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
1970 ## We usually recommend not to specify default resources and to leave this as a conscious
1971 ## choice for the user. This also increases chances charts run on environments with little
1972 ## resources, such as Minikube. If you do want to specify resources, uncomment the following
1973 ## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
1974 ## @param hidden.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if hidden.resources is set (hidden.resources is recommended for production).
1975 ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
1977 resourcesPreset: "none"
1978 ## @param hidden.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
1989 ## @param hidden.containerPorts.mongodb MongoDB(®) hidden container port
1993 ## MongoDB(®) Hidden pods' liveness probe. Evaluated as a template.
1994 ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
1995 ## @param hidden.livenessProbe.enabled Enable livenessProbe
1996 ## @param hidden.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
1997 ## @param hidden.livenessProbe.periodSeconds Period seconds for livenessProbe
1998 ## @param hidden.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
1999 ## @param hidden.livenessProbe.failureThreshold Failure threshold for livenessProbe
2000 ## @param hidden.livenessProbe.successThreshold Success threshold for livenessProbe
2004 initialDelaySeconds: 30
2009 ## MongoDB(®) Hidden pods' readiness probe. Evaluated as a template.
2010 ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
2011 ## @param hidden.readinessProbe.enabled Enable readinessProbe
2012 ## @param hidden.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
2013 ## @param hidden.readinessProbe.periodSeconds Period seconds for readinessProbe
2014 ## @param hidden.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
2015 ## @param hidden.readinessProbe.failureThreshold Failure threshold for readinessProbe
2016 ## @param hidden.readinessProbe.successThreshold Success threshold for readinessProbe
2020 initialDelaySeconds: 5
2025 ## Slow starting containers can be protected through startup probes
2026 ## Startup probes are available in Kubernetes version 1.16 and above
2027 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes
2028 ## @param hidden.startupProbe.enabled Enable startupProbe
2029 ## @param hidden.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
2030 ## @param hidden.startupProbe.periodSeconds Period seconds for startupProbe
2031 ## @param hidden.startupProbe.timeoutSeconds Timeout seconds for startupProbe
2032 ## @param hidden.startupProbe.failureThreshold Failure threshold for startupProbe
2033 ## @param hidden.startupProbe.successThreshold Success threshold for startupProbe
2037 initialDelaySeconds: 5
2041 failureThreshold: 30
2042 ## @param hidden.customLivenessProbe Override default liveness probe for hidden node containers
2043 ## Ignored when hidden.livenessProbe.enabled=true
2045 customLivenessProbe: {}
2046 ## @param hidden.customReadinessProbe Override default readiness probe for hidden node containers
2047 ## Ignored when hidden.readinessProbe.enabled=true
2049 customReadinessProbe: {}
2050 ## @param hidden.customStartupProbe Override default startup probe for MongoDB(®) containers
2051 ## Ignored when hidden.startupProbe.enabled=true
2053 customStartupProbe: {}
2054 ## @param hidden.initContainers Add init containers to the MongoDB(®) Hidden pods.
2057 ## - name: your-image-name
2058 ## image: your-image
2059 ## imagePullPolicy: Always
2062 ## containerPort: 1234
2065 ## @param hidden.sidecars Add additional sidecar containers for the hidden node pod(s)
2068 ## - name: your-image-name
2069 ## image: your-image
2070 ## imagePullPolicy: Always
2073 ## containerPort: 1234
2076 ## @param hidden.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the hidden node container(s)
2078 ## extraVolumeMounts:
2080 ## mountPath: /usr/share/extras
2083 extraVolumeMounts: []
2084 ## @param hidden.extraVolumes Optionally specify extra list of additional volumes to the hidden node statefulset
2090 ## MongoDB(®) Hidden Pod Disruption Budget configuration
2091 ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
2094 ## @param hidden.pdb.create Enable/disable a Pod Disruption Budget creation for hidden node pod(s)
2097 ## @param hidden.pdb.minAvailable Minimum number/percentage of hidden node pods that should remain scheduled
2100 ## @param hidden.pdb.maxUnavailable Maximum number/percentage of hidden node pods that may be made unavailable
2103 ## Enable persistence using Persistent Volume Claims
2104 ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
2107 ## @param hidden.persistence.enabled Enable hidden node data persistence using PVC
2110 ## @param hidden.persistence.medium Provide a medium for `emptyDir` volumes.
2111 ## Requires hidden.persistence.enabled: false
2114 ## @param hidden.persistence.storageClass PVC Storage Class for hidden node data volume
2115 ## If defined, storageClassName: <storageClass>
2116 ## If set to "-", storageClassName: "", which disables dynamic provisioning
2117 ## If undefined (the default) or set to null, no storageClassName spec is
2118 ## set, choosing the default provisioner.
2121 ## @param hidden.persistence.accessModes PV Access Mode
2125 ## @param hidden.persistence.size PVC Storage Request for hidden node data volume
2128 ## @param hidden.persistence.annotations PVC annotations
2131 ## @param hidden.persistence.mountPath The path the volume will be mounted at, useful when using different MongoDB(®) images.
2133 mountPath: /bitnami/mongodb
2134 ## @param hidden.persistence.subPath The subdirectory of the volume to mount to, useful in dev environments
2135 ## and one PV for multiple services.
2138 ## Fine tuning for volumeClaimTemplates
2140 volumeClaimTemplates:
2141 ## @param hidden.persistence.volumeClaimTemplates.selector A label query over volumes to consider for binding (e.g. when using local volumes)
2142 ## See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#labelselector-v1-meta for more details
2145 ## @param hidden.persistence.volumeClaimTemplates.requests Custom PVC requests attributes
2146 ## Sometime cloud providers use additional requests attributes to provision custom storage instance
2147 ## See https://cloud.ibm.com/docs/containers?topic=containers-file_storage#file_dynamic_statefulset
2150 ## @param hidden.persistence.volumeClaimTemplates.dataSource Set volumeClaimTemplate dataSource
2154 ## @param hidden.service.portName MongoDB(®) service port name
2157 ## @param hidden.service.ports.mongodb MongoDB(®) service port
2161 ## @param hidden.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
2164 ## @param hidden.service.annotations Provide any additional annotations that may be required
2167 ## Headless service properties
2170 ## @param hidden.service.headless.annotations Annotations for the headless service.
2173 ## @section Metrics parameters
2176 ## @param metrics.enabled Enable using a sidecar Prometheus exporter
2179 ## Bitnami MongoDB(®) Promtheus Exporter image
2180 ## ref: https://hub.docker.com/r/bitnami/mongodb-exporter/tags/
2181 ## @param metrics.image.registry [default: REGISTRY_NAME] MongoDB(®) Prometheus exporter image registry
2182 ## @param metrics.image.repository [default: REPOSITORY_NAME/mongodb-exporter] MongoDB(®) Prometheus exporter image repository
2183 ## @skip metrics.image.tag MongoDB(®) Prometheus exporter image tag (immutable tags are recommended)
2184 ## @param metrics.image.digest MongoDB(®) image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
2185 ## @param metrics.image.pullPolicy MongoDB(®) Prometheus exporter image pull policy
2186 ## @param metrics.image.pullSecrets Specify docker-registry secret names as an array
2190 repository: bitnami/mongodb-exporter
2191 tag: 0.40.0-debian-12-r15
2193 pullPolicy: IfNotPresent
2194 ## Optionally specify an array of imagePullSecrets.
2195 ## Secrets must be manually created in the namespace.
2196 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
2199 ## - myRegistryKeySecretName
2202 ## @param metrics.username String with username for the metrics exporter
2203 ## If undefined the root user will be used for the metrics exporter
2206 ## @param metrics.password String with password for the metrics exporter
2207 ## If undefined but metrics.username is defined, a random password will be generated
2210 ## @param metrics.compatibleMode Enables old style mongodb-exporter metrics
2211 compatibleMode: true
2213 ## @param metrics.collector.all Enable all collectors. Same as enabling all individual metrics
2214 ## Enabling all metrics will cause significant CPU load on mongod
2216 ## @param metrics.collector.diagnosticdata Boolean Enable collecting metrics from getDiagnosticData
2217 diagnosticdata: true
2218 ## @param metrics.collector.replicasetstatus Boolean Enable collecting metrics from replSetGetStatus
2219 replicasetstatus: true
2220 ## @param metrics.collector.dbstats Boolean Enable collecting metrics from dbStats
2222 ## @param metrics.collector.topmetrics Boolean Enable collecting metrics from top admin command
2224 ## @param metrics.collector.indexstats Boolean Enable collecting metrics from $indexStats
2226 ## @param metrics.collector.collstats Boolean Enable collecting metrics from $collStats
2228 ## @param metrics.collector.collstatsColls List of \<databases\>.\<collections\> to get $collStats
2230 ## @param metrics.collector.indexstatsColls List - List of \<databases\>.\<collections\> to get $indexStats
2232 ## @param metrics.collector.collstatsLimit Number - Disable collstats, dbstats, topmetrics and indexstats collector if there are more than \<n\> collections. 0=No limit
2234 ## @param metrics.extraFlags String with extra flags to the metrics exporter
2235 ## ref: https://github.com/percona/mongodb_exporter/blob/main/main.go
2238 ## Command and args for running the container (set to default if not set). Use array form
2239 ## @param metrics.command Override default container command (useful when using custom images)
2240 ## @param metrics.args Override default container args (useful when using custom images)
2244 ## Metrics exporter container resource requests and limits
2245 ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
2246 ## We usually recommend not to specify default resources and to leave this as a conscious
2247 ## choice for the user. This also increases chances charts run on environments with little
2248 ## resources, such as Minikube. If you do want to specify resources, uncomment the following
2249 ## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
2250 ## @param metrics.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production).
2251 ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
2253 resourcesPreset: "none"
2254 ## @param metrics.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
2265 ## @param metrics.containerPort Port of the Prometheus metrics container
2268 ## Prometheus Exporter service configuration
2271 ## @param metrics.service.annotations [object] Annotations for Prometheus Exporter pods. Evaluated as a template.
2272 ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
2275 prometheus.io/scrape: "true"
2276 prometheus.io/port: "{{ .Values.metrics.service.ports.metrics }}"
2277 prometheus.io/path: "/metrics"
2278 ## @param metrics.service.type Type of the Prometheus metrics service
2281 ## @param metrics.service.ports.metrics Port of the Prometheus metrics service
2285 ## @param metrics.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
2288 ## Metrics exporter liveness probe
2289 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
2290 ## @param metrics.livenessProbe.enabled Enable livenessProbe
2291 ## @param metrics.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
2292 ## @param metrics.livenessProbe.periodSeconds Period seconds for livenessProbe
2293 ## @param metrics.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
2294 ## @param metrics.livenessProbe.failureThreshold Failure threshold for livenessProbe
2295 ## @param metrics.livenessProbe.successThreshold Success threshold for livenessProbe
2299 initialDelaySeconds: 15
2304 ## Metrics exporter readiness probe
2305 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
2306 ## @param metrics.readinessProbe.enabled Enable readinessProbe
2307 ## @param metrics.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
2308 ## @param metrics.readinessProbe.periodSeconds Period seconds for readinessProbe
2309 ## @param metrics.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
2310 ## @param metrics.readinessProbe.failureThreshold Failure threshold for readinessProbe
2311 ## @param metrics.readinessProbe.successThreshold Success threshold for readinessProbe
2315 initialDelaySeconds: 5
2320 ## Slow starting containers can be protected through startup probes
2321 ## Startup probes are available in Kubernetes version 1.16 and above
2322 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes
2323 ## @param metrics.startupProbe.enabled Enable startupProbe
2324 ## @param metrics.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
2325 ## @param metrics.startupProbe.periodSeconds Period seconds for startupProbe
2326 ## @param metrics.startupProbe.timeoutSeconds Timeout seconds for startupProbe
2327 ## @param metrics.startupProbe.failureThreshold Failure threshold for startupProbe
2328 ## @param metrics.startupProbe.successThreshold Success threshold for startupProbe
2332 initialDelaySeconds: 5
2336 failureThreshold: 30
2337 ## @param metrics.customLivenessProbe Override default liveness probe for MongoDB(®) containers
2338 ## Ignored when livenessProbe.enabled=true
2340 customLivenessProbe: {}
2341 ## @param metrics.customReadinessProbe Override default readiness probe for MongoDB(®) containers
2342 ## Ignored when readinessProbe.enabled=true
2344 customReadinessProbe: {}
2345 ## @param metrics.customStartupProbe Override default startup probe for MongoDB(®) containers
2346 ## Ignored when startupProbe.enabled=true
2348 customStartupProbe: {}
2349 ## @param metrics.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the metrics container(s)
2351 ## extraVolumeMounts:
2353 ## mountPath: /usr/share/extras
2356 extraVolumeMounts: []
2357 ## Prometheus Service Monitor
2358 ## ref: https://github.com/coreos/prometheus-operator
2359 ## https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md
2362 ## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using Prometheus Operator
2365 ## @param metrics.serviceMonitor.namespace Namespace which Prometheus is running in
2368 ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped
2371 ## @param metrics.serviceMonitor.scrapeTimeout Specify the timeout after which the scrape is ended
2373 ## scrapeTimeout: 30s
2376 ## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping.
2379 ## @param metrics.serviceMonitor.metricRelabelings MetricsRelabelConfigs to apply to samples before ingestion.
2381 metricRelabelings: []
2382 ## @param metrics.serviceMonitor.labels Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with
2383 ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec
2386 ## @param metrics.serviceMonitor.selector Prometheus instance selector labels
2387 ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration
2390 ## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint
2393 ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus.
2396 ## Custom PrometheusRule to be defined
2397 ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions
2400 ## @param metrics.prometheusRule.enabled Set this to true to create prometheusRules for Prometheus operator
2403 ## @param metrics.prometheusRule.additionalLabels Additional labels that can be used so prometheusRules will be discovered by Prometheus
2405 additionalLabels: {}
2406 ## @param metrics.prometheusRule.namespace Namespace where prometheusRules resource should be created
2409 ## @param metrics.prometheusRule.rules Rules to be created, check values for an example
2410 ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#rulegroup
2411 ## https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/
2413 ## This is an example of a rule, you should add the below code block under the "rules" param, removing the brackets
2415 ## - alert: HighRequestLatency
2416 ## expr: job:request_latency_seconds:mean5m{job="myjob"} > 0.5
2421 ## summary: High request latency