Add users parameter to psmdb-db chart

charts/psmdb-db/README.md

@@ -71,10 +71,11 @@ The chart can be customized using the following configurable parameters:
 | `secrets.ssl`           | A secret with TLS certificate generated for external communications                        | `""` |
 | `secrets.sslInternal`   | A secret with TLS certificate generated for internal communications                        | `""` |
 | |
-| `pmm.enabled`          | Enable integration with [Percona Monitoring and Management software](https://www.percona.com/blog/2020/07/23/using-percona-kubernetes-operators-with-percona-monitoring-and-management/) | `false`              |
-| `pmm.image.repository` | PMM Container image repository                                                                                                                                                           | `percona/pmm-client` |
-| `pmm.image.tag`        | PMM Container image tag                                                                                                                                                                  | `2.42.0`             |
-| `pmm.serverHost`       | PMM server related K8S service hostname                                                                                                                                                  | `monitoring-service` |
+| `pmm.enabled`                  | Enable integration with [Percona Monitoring and Management software](https://www.percona.com/blog/2020/07/23/using-percona-kubernetes-operators-with-percona-monitoring-and-management/) | `false`              |
+| `pmm.image.repository`         | PMM Container image repository                                                                                                                                                           | `percona/pmm-client` |
+| `pmm.image.tag`                | PMM Container image tag                                                                                                                                                                  | `2.42.0`             |
+| `pmm.serverHost`               | PMM server related K8S service hostname                                                                                                                                                  | `monitoring-service` |
+| `pmm.containerSecurityContext` | Set the security context for PMM container                                                                                                                                               | `{}`                 |
 | |
 | `replsets.rs0.name`                                                | ReplicaSet name                                                                                                                              | `rs0`                    |
 | `replsets.rs0.size`                                                | ReplicaSet size (pod quantity)                                                                                                               | `3`                      |
@@ -235,6 +236,13 @@ The chart can be customized using the following configurable parameters:
 | `sharding.mongos.expose.nodePort`                             | Custom port if exposing mongos via NodePort                                                                                                  | `""`                     |
 | `sharding.mongos.hostAliases`                                 | The IP address for Kubernetes host aliases                                                                                                   | `[]`                     |
 | |
+| `users.name`                   | The username of the MongoDB user                                                                                                                                                                                                                                                                             | `""`                     |
+| `users.db`                     | Database that the user authenticates against                                                                                                                                                                                                                                                                 | `""`                     |
+| `users.passwordSecretRef.name` | Name of the secret that contains the user's password                                                                                                                                                                                                                                                         | `""`                     |
+| `users.passwordSecretRef.key`  | Key in the secret that corresponds to the value of the user's password                                                                                                                                                                                                                                       | `""`                     |
+| `users.roles.role.name`        | Name of the MongoDB role assigned to the user. As [built-in roles](https://www.mongodb.com/docs/manual/reference/built-in-roles/#built-in-roles), so [custom roles](https://github.com/mongodb/mongodb-kubernetes-operator/blob/master/docs/deploy-configure.md#define-a-custom-database-role) are supported | `""`                     |
+| `users.roles.role.db`          | Database that the MongoDB role applies to                                                                                                                                                                                                                                                                    | `""`                     |
+| |
 | `backup.enabled`                      | Enable backup PBM agent                                           | `true`                           |
 | `backup.annotations`                  | Backup job annotations                                            | `{}`                             |
 | `backup.podSecurityContext`           | Set the security context for a Pod                                | `{}`                             |
@@ -251,7 +259,7 @@ The chart can be customized using the following configurable parameters:
 | `backup.configuration.backupOptions`  | Custom configuration settings for backup                          | `{}`                             |
 | `backup.configuration.restoreOptions` | Custom configuration settings for restore                         | `{}`                             |
 | `backup.tasks`                        | Backup working schedule                                           | `{}`                             |
-| `users`                               | PSMDB essential users                                             | `{}`                             |
+| `systemUsers`                         | PSMDB essential users                                             | `{}`                             |
 
 
 Specify parameters using `--set key=value[,key=value]` argument to `helm install`

charts/psmdb-db/templates/cluster-secret.yaml

@@ -1,4 +1,4 @@
-{{- if hasKey .Values "users" }}
+{{- if hasKey .Values "systemUsers" }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -8,5 +8,5 @@ metadata:
 {{ include "psmdb-database.labels" . | indent 4 }}
 type: Opaque
 stringData:
-{{ .Values.users | toYaml | indent 2 }}
+{{ .Values.systemUsers | toYaml | indent 2 }}
 {{- end -}}

charts/psmdb-db/templates/cluster.yaml

@@ -77,6 +77,11 @@ spec:
     enabled: {{ .Values.pmm.enabled }}
     image: "{{ .Values.pmm.image.repository }}:{{ .Values.pmm.image.tag }}"
     serverHost: {{ .Values.pmm.serverHost }}
+    {{- if .Values.pmm.containerSecurityContext }}
+    containerSecurityContext:
+{{ .Values.pmm.containerSecurityContext | toYaml | indent 6 }}
+    {{- end }}
+
   replsets:
   {{- range $k,$replset := .Values.replsets }}
   {{- if $replset.name }}
@@ -568,6 +573,11 @@ spec:
 {{ .Values.sharding.mongos.hostAliases | toYaml | indent 8 }}
       {{- end }}
 
+  {{- if .Values.users }}
+  users:
+{{ .Values.users | toYaml | indent 2 }}
+  {{- end }}
+
   backup:
     enabled: {{ .Values.backup.enabled }}
     {{- if .Values.backup.annotations }}

charts/psmdb-db/values.yaml

@@ -78,6 +78,7 @@ pmm:
     repository: percona/pmm-client
     tag: 2.42.0
   serverHost: monitoring-service
+#   containerSecurityContext: {}
 
 replsets:
   rs0:
@@ -478,6 +479,37 @@ sharding:
     #   - "host1"
     #   - "host2"
 
+users:
+- name: user-one
+  db: admin
+  passwordSecretRef: 
+    name: user-one
+    key: userOnePassKey
+  roles:
+    - name: clusterAdmin
+      db: admin
+    - name: userAdminAnyDatabase
+      db: admin
+# users:
+# - name: my-user
+#   db: admin
+#   passwordSecretRef: 
+#     name: my-user-password
+#     key: my-user-password-key
+#   roles:
+#     - name: clusterAdmin
+#       db: admin
+#     - name: userAdminAnyDatabase
+#       db: admin
+# - name: my-usr
+#   db: admin
+#   passwordSecretRef: 
+#     name: my-user-pwd
+#     key: my-user-pwd-key
+#   roles:
+#     - name: dbOwner
+#       db: sometest 
+
 backup:
   enabled: true
   image:
@@ -490,10 +522,10 @@ backup:
   # resources:
   #   limits:
   #     cpu: "300m"
-  #     memory: "0.5G"
+  #     memory: "1.2G"
   #   requests:
   #     cpu: "300m"
-  #     memory: "0.5G"
+  #     memory: "1G"
   storages:
     # s3-us-west:
     #   type: s3
@@ -576,8 +608,8 @@ backup:
   #   compressionType: gzip
   #   compressionLevel: 6
 
-# If you set users here the secret will be constructed by helm with these values
-# users:
+# If you set systemUsers here the secret will be constructed by helm with these values
+# systemUsers:
 #   MONGODB_BACKUP_USER: backup
 #   MONGODB_BACKUP_PASSWORD: backup123456
 #   MONGODB_DATABASE_ADMIN_USER: databaseAdmin