mongodb · nammn · Apr 26, 2024 · Apr 25, 2024 · Apr 26, 2024
@@ -1,7 +1,7 @@
 apiVersion: v2
 name: enterprise-operator
 description: MongoDB Kubernetes Enterprise Operator
-version: 1.24.0
+version: 1.25.0
 kubeVersion: '>=1.16-0'
 type: application
 keywords:

@@ -875,7 +875,7 @@ spec:
                 type: array
               statefulSet:
                 description: StatefulSetConfiguration provides the statefulset override
-                  for each of the cluster's statefulset if  "StatefulSetConfiguration"
+                  for each of the cluster's statefulset if "StatefulSetConfiguration"
                   is specified at cluster level under "clusterSpecList" that takes
                   precedence over the global one
                 properties:

@@ -614,7 +614,7 @@ spec:
                 type: object
               statefulSet:
                 description: StatefulSetConfiguration provides the statefulset override
-                  for each of the cluster's statefulset if  "StatefulSetConfiguration"
+                  for each of the cluster's statefulset if "StatefulSetConfiguration"
                   is specified at cluster level under "clusterSpecList" that takes
                   precedence over the global one
                 properties:

@@ -1,3 +1,5 @@
+{{ if .Values.operator.createResourcesServiceAccountsAndRoles }}
+
 {{- $watchNamespace := include "mongodb-enterprise-operator.namespace" . | list }}
 {{- if .Values.operator.watchNamespace }}
 {{- $watchNamespace = regexSplit "," .Values.operator.watchNamespace -1 }}
@@ -81,3 +83,4 @@ subjects:
     {{ $namespaceBlock }}
 
 {{- end }}
+{{- end }}{{/* if .Values.operator.createResourcesServiceAccountsAndRoles */}}
@@ -0,0 +1,17 @@
+{{ $ns :=  include "mongodb-enterprise-operator.namespace" .  -}}
+{{- if not (lookup "v1" "ConfigMap" $ns "mongodb-enterprise-operator-member-list") }}
+{{- if .Values.multiCluster.clusters }}
+---
+apiVersion: v1
+kind: ConfigMap
+data:
+  {{- range .Values.multiCluster.clusters }}
+  {{ . }}: ""
+  {{- end }}
+metadata:
+  namespace: {{$ns}}
+  name: mongodb-enterprise-operator-member-list
+  labels:
+    multi-cluster: "true"
+{{- end }}
+{{- end }}
@@ -1,15 +1,4 @@
 {{ if .Values.operator.createOperatorServiceAccount }}
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ .Values.operator.name }}
-  namespace: {{ include "mongodb-enterprise-operator.namespace" . }}
-{{- if .Values.registry.imagePullSecrets}}
-imagePullSecrets:
-  - name: {{ .Values.registry.imagePullSecrets }}
-{{- end }}
-
 {{- $watchNamespace := include "mongodb-enterprise-operator.namespace" . | list }}
 {{- if .Values.operator.watchNamespace }}
 {{- $watchNamespace = regexSplit "," .Values.operator.watchNamespace -1 }}
@@ -20,7 +9,6 @@ imagePullSecrets:
 {{- if or (gt (len $watchNamespace) 1) (eq (first $watchNamespace) "*") }}
 {{- $roleScope = "ClusterRole" }}
 {{- end }}
-
 ---
 kind: {{ $roleScope }}
 apiVersion: rbac.authorization.k8s.io/v1
@@ -82,6 +70,7 @@ rules:
       - mongodb
       - mongodb/finalizers
       - mongodbusers
+      - mongodbusers/finalizers
       - opsmanagers
       - opsmanagers/finalizers
       - mongodbmulticluster
@@ -127,15 +116,13 @@ subjects:
   - kind: ServiceAccount
     name: {{ $.Values.operator.name }}
     namespace: {{ include "mongodb-enterprise-operator.namespace" $ }}
-{{- end }}
-
-{{- end }}
+{{- end }} {{/* range */}}
 
-# This ClusterRoleBinding is necessary in order to use validating
-# webhooks—these will prevent you from applying a variety of invalid resource
-# definitions. The validating webhooks are optional so this can be removed if
-# necessary.
+{{- end }} {{/* if .Values.operator.createOperatorServiceAccount */}}
 ---
+
+{{/* This cluster role and binding is necessary to allow the operator to automatically register ValidatingWebhookConfiguration. */}}
+{{- if .Values.operator.webhook.registerConfiguration }}
 {{- if not (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "mongodb-enterprise-operator-mongodb-webhook") }}
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
@@ -162,7 +149,7 @@ rules:
       - create
       - update
       - delete
-{{- end }}
+{{- end }} {{/* if not (lookup ... */}}
 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
@@ -176,3 +163,5 @@ subjects:
   - kind: ServiceAccount
     name: {{ .Values.operator.name }}
     namespace: {{ include "mongodb-enterprise-operator.namespace" . }}
+
+{{- end }} {{/* if .Values.operator.webhook.registerConfiguration */}}
@@ -0,0 +1,23 @@
+{{ if .Values.operator.createOperatorServiceAccount }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Values.operator.name }}
+  namespace: {{ include "mongodb-enterprise-operator.namespace" . }}
+{{- if .Values.registry.imagePullSecrets}}
+imagePullSecrets:
+  - name: {{ .Values.registry.imagePullSecrets }}
+{{- end }}
+
+{{- $watchNamespace := include "mongodb-enterprise-operator.namespace" . | list }}
+{{- if .Values.operator.watchNamespace }}
+{{- $watchNamespace = regexSplit "," .Values.operator.watchNamespace -1 }}
+{{- $watchNamespace = concat $watchNamespace (include "mongodb-enterprise-operator.namespace" . | list) | uniq }}
+{{- end }}
+
+{{- $roleScope := "Role" -}}
+{{- if or (gt (len $watchNamespace) 1) (eq (first $watchNamespace) "*") }}
+{{- $roleScope = "ClusterRole" }}
+{{- end }}
+{{- end }} {{/* if .Values.operator.createOperatorServiceAccount */}}
@@ -7,7 +7,7 @@ metadata:
   name: {{ .Values.operator.name }}
   namespace: {{$ns}}
 spec:
-  replicas: {{ .Values.operator.replicas }}
+  replicas: {{ min 1 .Values.operator.replicas }}
   selector:
     matchLabels:
       app.kubernetes.io/component: controller
@@ -50,9 +50,12 @@ spec:
             {{- range .Values.operator.watchedResources }}
             - -watch-resource={{ . }}
             {{- end }}
-          {{- if .Values.multiCluster.clusters }}
+            {{- if .Values.multiCluster.clusters }}
             - -watch-resource=mongodbmulticluster
             {{- end }}
+            {{- range .Values.operator.additionalArguments }}
+            - {{ . }}
+            {{- end }}
           command:
             - /usr/local/bin/mongodb-enterprise-operator
           {{- end }}
@@ -71,6 +74,8 @@ spec:
           env:
             - name: OPERATOR_ENV
               value: {{ .Values.operator.env }}
+            - name: MDB_DEFAULT_ARCHITECTURE
+              value: {{ .Values.operator.mdbDefaultArchitecture }}
     {{- if .Values.operator.vaultSecretBackend }}
       {{- if .Values.operator.vaultSecretBackend.enabled }}
             - name: SECRET_BACKEND
@@ -100,6 +105,7 @@ spec:
     {{- $mongodbEnterpriseDatabaseImageEnv := "MONGODB_ENTERPRISE_DATABASE_IMAGE" -}}
     {{- $initDatabaseImageRepositoryEnv := "INIT_DATABASE_IMAGE_REPOSITORY" -}}
     {{- $opsManagerImageRepositoryEnv := "OPS_MANAGER_IMAGE_REPOSITORY" -}}
+    {{- $agentImageRepository := "MDB_AGENT_IMAGE_REPOSITORY" -}}
     {{- $initOpsManagerImageRepositoryEnv := "INIT_OPS_MANAGER_IMAGE_REPOSITORY" -}}
     {{- $initAppDbImageRepositoryEnv := "INIT_APPDB_IMAGE_REPOSITORY" -}}
     {{- $agentImageEnv := "AGENT_IMAGE" -}}
@@ -135,7 +141,9 @@ spec:
             - name: OPS_MANAGER_IMAGE_PULL_POLICY
               value: {{ .Values.registry.pullPolicy }}
             - name: {{ $agentImageEnv }}
-              value: "{{ .Values.registry.agent }}/{{ .Values.agent.name }}:{{ $agentVersion }}"
+              value: "{{ $.Values.registry.agent }}/{{ $.Values.agent.name }}:{{ .Values.agent.version }}"
+            - name: {{ $agentImageRepository }}
+              value: "{{ $.Values.registry.agent }}/{{ $.Values.agent.name }}"
             - name: {{ $mongodbImageEnv }}
               value: {{ .Values.mongodb.name }}
             - name: MONGODB_REPO_URL
@@ -154,6 +162,10 @@ spec:
             - name: IMAGE_PULL_SECRETS
               value: {{ .Values.registry.imagePullSecrets }}
     {{- end }}
+    {{- if not .Values.operator.webhook.registerConfiguration }}
+            - name: MDB_WEBHOOK_REGISTER_CONFIGURATION
+              value: "false"
+    {{- end }}
     {{- if .Values.relatedImages }}
             - name: RELATED_IMAGE_{{ $mongodbEnterpriseDatabaseImageEnv }}_{{ $databaseVersion | replace "." "_" | replace "-" "_" }}
               value: "{{ .Values.registry.database }}/{{ .Values.database.name }}:{{ $databaseVersion }}"
@@ -211,35 +223,4 @@ spec:
   {{- end }}
 {{- end }}
 
-{{- if .Values.debug }}
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: debug-svc
-spec:
-  type: NodePort
-  ports:
-  - nodePort: {{ .Values.debugPort }}
-    port: 40000
-    protocol: TCP
-  selector:
-    app.kubernetes.io/name: {{ .Values.operator.name }}
-{{- end }}
 
-{{- if not (lookup "v1" "ConfigMap" $ns "mongodb-enterprise-operator-member-list") }}
-{{- if .Values.multiCluster.clusters }}
----
-apiVersion: v1
-kind: ConfigMap
-data:
-  {{- range .Values.multiCluster.clusters }}
-  {{ . | indent 1 }}: ""
-  {{- end }}
-metadata:
-  namespace: {{$ns}}
-  name: mongodb-enterprise-operator-member-list
-  labels:
-    multi-cluster: "true"
-{{- end }}
-{{- end }}
@@ -0,0 +1,122 @@
+## Operator
+
+# Set this to true if your cluster is managing SecurityContext for you.
+# If running OpenShift (Cloud, Minishift, etc.), set this to true.
+managedSecurityContext: false
+
+operator:
+  # Execution environment for the operator, dev or prod. Use dev for more verbose logging
+  env: prod
+
+  # Default architecture for the operator.
+  # Values are "static" and "non-static:
+  mdbDefaultArchitecture: non-static
+
+  # Name that will be assigned to most internal Kubernetes objects like Deployment, ServiceAccount, Role etc.
+  name: mongodb-enterprise-operator-multi-cluster
+
+  # Name of the operator image
+  operator_image_name: mongodb-enterprise-operator-ubi
+
+  # Name of the deployment of the operator pod
+  deployment_name: mongodb-enterprise-operator
+
+  # Version of mongodb-enterprise-operator
+  version: 1.24.0
+
+  # The Custom Resources that will be watched by the Operator. Needs to be changed if only some of the CRDs are installed
+  watchedResources:
+    - mongodb
+    - opsmanagers
+    - mongodbusers
+
+  nodeSelector: {}
+
+  tolerations: []
+
+  affinity: {}
+
+  # operator cpu requests and limits
+  resources:
+    requests:
+      cpu: 500m
+      memory: 200Mi
+    limits:
+      cpu: 1100m
+      memory: 1Gi
+
+  # Create operator-service account
+  createOperatorServiceAccount: true
+
+  vaultSecretBackend:
+    # set to true if you want the operator to store secrets in Vault
+    enabled: false
+    tlsSecretRef: ""
+
+  replicas: 1
+
+## Database
+database:
+  name: mongodb-enterprise-database-ubi
+  version: 1.24.0
+
+initDatabase:
+  name: mongodb-enterprise-init-database-ubi
+  version: 1.24.0
+
+## Ops Manager
+opsManager:
+  name: mongodb-enterprise-ops-manager-ubi
+
+initOpsManager:
+  name: mongodb-enterprise-init-ops-manager-ubi
+  version: 1.24.0
+
+## Application Database
+initAppDb:
+  name: mongodb-enterprise-init-appdb-ubi
+  version: 1.24.0
+
+agent:
+  name: mongodb-agent-ubi
+  version: 12.0.29.7785-1
+
+mongodbLegacyAppDb:
+  name: mongodb-enterprise-appdb-database-ubi
+  repo: quay.io/mongodb
+
+mongodb:
+  name: mongodb-enterprise-server
+  repo: quay.io/mongodb
+  appdbAssumeOldFormat: false
+  imageType: ubi8
+
+## Registry
+registry:
+  imagePullSecrets:
+  pullPolicy: Always
+  # Specify if images are pulled from private registry
+  operator: quay.io/mongodb
+  database: quay.io/mongodb
+  initDatabase: quay.io/mongodb
+  initOpsManager: quay.io/mongodb
+  opsManager: quay.io/mongodb
+  initAppDb: quay.io/mongodb
+  appDb: quay.io/mongodb
+  agent: quay.io/mongodb
+  agentRepository: quay.io/mongodb/mongodb-agent-ubi
+
+multiCluster:
+  # Specify if we want to deploy the operator in multi-cluster mode
+  clusters:
+    [
+      "MDB_CLUSTER_1_FULL_NAME",
+      "MDB_CLUSTER_2_FULL_NAME",
+      "MDB_CLUSTER_3_FULL_NAME",
+    ]
+  kubeConfigSecretName: mongodb-enterprise-operator-multi-cluster-kubeconfig
+  performFailOver: true
+  clusterClientTimeout: 10
+# Set this to false to disable subresource utilization
+# It might be required on some versions of Openshift
+subresourceEnabled: true