diff --git a/charts/psmdb-db/README.md b/charts/psmdb-db/README.md index 64ee513d..7e26d676 100644 --- a/charts/psmdb-db/README.md +++ b/charts/psmdb-db/README.md @@ -71,10 +71,11 @@ The chart can be customized using the following configurable parameters: | `secrets.ssl` | A secret with TLS certificate generated for external communications | `""` | | `secrets.sslInternal` | A secret with TLS certificate generated for internal communications | `""` | | | -| `pmm.enabled` | Enable integration with [Percona Monitoring and Management software](https://www.percona.com/blog/2020/07/23/using-percona-kubernetes-operators-with-percona-monitoring-and-management/) | `false` | -| `pmm.image.repository` | PMM Container image repository | `percona/pmm-client` | -| `pmm.image.tag` | PMM Container image tag | `2.42.0` | -| `pmm.serverHost` | PMM server related K8S service hostname | `monitoring-service` | +| `pmm.enabled` | Enable integration with [Percona Monitoring and Management software](https://www.percona.com/blog/2020/07/23/using-percona-kubernetes-operators-with-percona-monitoring-and-management/) | `false` | +| `pmm.image.repository` | PMM Container image repository | `percona/pmm-client` | +| `pmm.image.tag` | PMM Container image tag | `2.42.0` | +| `pmm.serverHost` | PMM server related K8S service hostname | `monitoring-service` | +| `pmm.containerSecurityContext` | Set the security context for PMM container | `{}` | | | | `replsets.rs0.name` | ReplicaSet name | `rs0` | | `replsets.rs0.size` | ReplicaSet size (pod quantity) | `3` | @@ -235,6 +236,13 @@ The chart can be customized using the following configurable parameters: | `sharding.mongos.expose.nodePort` | Custom port if exposing mongos via NodePort | `""` | | `sharding.mongos.hostAliases` | The IP address for Kubernetes host aliases | `[]` | | | +| `users.name` | The username of the MongoDB user | `""` | +| `users.db` | Database that the user authenticates against | `""` | +| `users.passwordSecretRef.name` | Name of the secret that contains the user's password | `""` | +| `users.passwordSecretRef.key` | Key in the secret that corresponds to the value of the user's password | `""` | +| `users.roles.role.name` | Name of the MongoDB role assigned to the user. As [built-in roles](https://www.mongodb.com/docs/manual/reference/built-in-roles/#built-in-roles), so [custom roles](https://github.com/mongodb/mongodb-kubernetes-operator/blob/master/docs/deploy-configure.md#define-a-custom-database-role) are supported | `""` | +| `users.roles.role.db` | Database that the MongoDB role applies to | `""` | +| | | `backup.enabled` | Enable backup PBM agent | `true` | | `backup.annotations` | Backup job annotations | `{}` | | `backup.podSecurityContext` | Set the security context for a Pod | `{}` | @@ -251,7 +259,7 @@ The chart can be customized using the following configurable parameters: | `backup.configuration.backupOptions` | Custom configuration settings for backup | `{}` | | `backup.configuration.restoreOptions` | Custom configuration settings for restore | `{}` | | `backup.tasks` | Backup working schedule | `{}` | -| `users` | PSMDB essential users | `{}` | +| `systemUsers` | PSMDB essential users | `{}` | Specify parameters using `--set key=value[,key=value]` argument to `helm install` diff --git a/charts/psmdb-db/templates/cluster-secret.yaml b/charts/psmdb-db/templates/cluster-secret.yaml index c2019b27..a3bf7a79 100644 --- a/charts/psmdb-db/templates/cluster-secret.yaml +++ b/charts/psmdb-db/templates/cluster-secret.yaml @@ -1,4 +1,4 @@ -{{- if hasKey .Values "users" }} +{{- if hasKey .Values "systemUsers" }} apiVersion: v1 kind: Secret metadata: @@ -8,5 +8,5 @@ metadata: {{ include "psmdb-database.labels" . | indent 4 }} type: Opaque stringData: -{{ .Values.users | toYaml | indent 2 }} +{{ .Values.systemUsers | toYaml | indent 2 }} {{- end -}} diff --git a/charts/psmdb-db/templates/cluster.yaml b/charts/psmdb-db/templates/cluster.yaml index d38a37e6..6e188861 100644 --- a/charts/psmdb-db/templates/cluster.yaml +++ b/charts/psmdb-db/templates/cluster.yaml @@ -77,6 +77,11 @@ spec: enabled: {{ .Values.pmm.enabled }} image: "{{ .Values.pmm.image.repository }}:{{ .Values.pmm.image.tag }}" serverHost: {{ .Values.pmm.serverHost }} + {{- if .Values.pmm.containerSecurityContext }} + containerSecurityContext: +{{ .Values.pmm.containerSecurityContext | toYaml | indent 6 }} + {{- end }} + replsets: {{- range $k,$replset := .Values.replsets }} {{- if $replset.name }} @@ -568,6 +573,11 @@ spec: {{ .Values.sharding.mongos.hostAliases | toYaml | indent 8 }} {{- end }} + {{- if .Values.users }} + users: +{{ .Values.users | toYaml | indent 2 }} + {{- end }} + backup: enabled: {{ .Values.backup.enabled }} {{- if .Values.backup.annotations }} diff --git a/charts/psmdb-db/values.yaml b/charts/psmdb-db/values.yaml index 4e72a2cf..f56e7406 100644 --- a/charts/psmdb-db/values.yaml +++ b/charts/psmdb-db/values.yaml @@ -78,6 +78,7 @@ pmm: repository: percona/pmm-client tag: 2.42.0 serverHost: monitoring-service +# containerSecurityContext: {} replsets: rs0: @@ -478,6 +479,37 @@ sharding: # - "host1" # - "host2" +users: +- name: user-one + db: admin + passwordSecretRef: + name: user-one + key: userOnePassKey + roles: + - name: clusterAdmin + db: admin + - name: userAdminAnyDatabase + db: admin +# users: +# - name: my-user +# db: admin +# passwordSecretRef: +# name: my-user-password +# key: my-user-password-key +# roles: +# - name: clusterAdmin +# db: admin +# - name: userAdminAnyDatabase +# db: admin +# - name: my-usr +# db: admin +# passwordSecretRef: +# name: my-user-pwd +# key: my-user-pwd-key +# roles: +# - name: dbOwner +# db: sometest + backup: enabled: true image: @@ -490,10 +522,10 @@ backup: # resources: # limits: # cpu: "300m" - # memory: "0.5G" + # memory: "1.2G" # requests: # cpu: "300m" - # memory: "0.5G" + # memory: "1G" storages: # s3-us-west: # type: s3 @@ -576,8 +608,8 @@ backup: # compressionType: gzip # compressionLevel: 6 -# If you set users here the secret will be constructed by helm with these values -# users: +# If you set systemUsers here the secret will be constructed by helm with these values +# systemUsers: # MONGODB_BACKUP_USER: backup # MONGODB_BACKUP_PASSWORD: backup123456 # MONGODB_DATABASE_ADMIN_USER: databaseAdmin