feat: add the chart to instanciate mongodb database with the mongodb

operator for kubernetes (community edition)

Author: Romain JACQUET

charts/mongodb-operated/.helmignore

@@ -0,0 +1,18 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/mongodb-operated/Chart.yaml

@@ -0,0 +1,24 @@
+apiVersion: v2
+name: mongodb-operated
+description: A Helm chart to instanciate a mongodb from the community operator
+annotations:
+  category: database
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.2.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "7.0.29"
+home: https://github.com/mongodb/mongodb-kubernetes/tree/1.6.0/docs/mongodbcommunityhttps://github.com/mongodb/mongodb-kubernetes/tree/master/docs/mongodbcommunity
+keywords:
+  - mongodb
+maintainers:
+  - name: Kalisio
+    email: contact@kalisio.com
+    url: https://kalisio.com

charts/mongodb-operated/templates/NOTES.txt

@@ -0,0 +1,6 @@
+1. Get the name of mongo instance by running these commands:
+kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.metadata.name}" services {{ .Release.Name }}-mongodb-operated-svc
+2. Get the connection strings for the users defined:
+{{ range .Values.users }}
+    kubectl get secret {{ $.Release.Name }}-mongodb-operated-{{ .db }}-{{ .name }}  -o 'go-template={{ "{{" }} index .data "connectionString.standard" {{ "}}" }}' | base64 -d -w0
+{{ end }}

charts/mongodb-operated/templates/_helpers.tpl

@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "mongodb-operated.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "mongodb-operated.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "mongodb-operated.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "mongodb-operated.labels" -}}
+helm.sh/chart: {{ include "mongodb-operated.chart" . }}
+{{ include "mongodb-operated.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "mongodb-operated.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "mongodb-operated.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "mongodb-operated.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "mongodb-operated.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}

charts/mongodb-operated/templates/mongdb-community.yaml

@@ -0,0 +1,67 @@
+apiVersion: mongodbcommunity.mongodb.com/v1
+kind: MongoDBCommunity
+metadata:
+  name: {{ .Release.Name }}-mongodb-operated
+spec:
+  members: {{ .Values.replicaCount }}
+  type: ReplicaSet
+  # important: control the version of the mongodb
+  version: {{ .Values.version | default .Chart.AppVersion }}
+  security:
+    authentication:
+      modes: ["SCRAM"]
+  users:
+    {{- with .Values.users  -}}
+    {{ . | toYaml | nindent 4 }}
+    {{- end}}
+  statefulSet:
+    spec:
+      template:
+        spec:
+          {{- with .Values.imagePullSecrets }}
+          imagePullSecrets:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          containers:
+            - name: mongod
+              imagePullPolicy: {{ .Values.image.pullPolicy }}
+              {{- with .Values.resources }}
+              resources:
+                {{- toYaml . | nindent 16 }}
+              {{- end }}
+              volumeMounts:
+                - name: backup-volume-{{ .Release.Name }}
+                  mountPath: /backups
+                {{- if .Values.initdbScripts }}
+                - name: init-scripts
+                  mountPath: /docker-entrypoint-initdb.d
+                {{- end }}
+            - name: mongodb-agent
+              imagePullPolicy: {{ .Values.image.pullPolicy }}
+              {{- with .Values.agent.resources }}
+              resources:
+                {{- toYaml . | nindent 16 }}
+              {{- end }}
+          volumes:
+            {{- if .Values.initdbScripts }}
+            - name: init-scripts
+              configMap:
+                name: {{ .Release.Name }}-init-scripts
+            {{- end }}
+      volumeClaimTemplates:
+        - metadata:
+            name: data-volume-{{ .Release.Name }}
+          spec:
+            accessModes: ["ReadWriteOnce"]
+            storageClassName: {{ .Values.pvc.data.storageClass }}
+            resources:
+              requests:
+                storage: {{ .Values.pvc.data.size }}
+        - metadata:
+            name: backup-volume-{{ .Release.Name }}
+          spec:
+            accessModes: ["ReadWriteOnce"]
+            storageClassName: {{ .Values.pvc.backup.storageClass }}
+            resources:
+              requests:
+                storage: {{ .Values.pvc.backup.size }}

charts/mongodb-operated/templates/rbac.yaml

@@ -0,0 +1,66 @@
+# create required Role, RoleBinding and Service account to run the mongo operator instance
+# Information from https://wiki.ul2i.fr/fr/kubernetes/operator-mongodb
+---
+{{- if .Values.serviceAccount.create -}}
+# ServiceAccount for database
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: mongodb-kubernetes-database-pods
+  labels:
+    {{- include "mongodb-operated.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
+---
+# ServiceAccount for mongo pod
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: mongodb-kubernetes-appdb
+  labels:
+    {{- include "mongodb-operated.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
+
+---
+# Role to read secret and modify pod
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: mongodb-kubernetes-{{ .Release.Name }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - get
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  verbs:
+  - patch
+  - delete
+  - get
+
+---
+# Bind role and SA
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: mongodb-kubernetes-{{ .Release.Name }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: mongodb-kubernetes-{{ .Release.Name }}
+subjects:
+- kind: ServiceAccount
+  name: mongodb-kubernetes-appdb
+{{- end }}

charts/mongodb-operated/values.yaml

@@ -0,0 +1,89 @@
+# Default values for mongodb-operated.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+# number of replicas in the replicaset of mongodb
+replicaCount: 1
+
+# overide mongodb version
+# ex version: appVersion: "7.0.14"
+version: ""
+
+image:
+  # warning : there is difference with classical helm chart
+  # repository image is managed by the operator
+  # tag is manage by appVersion
+  pullPolicy: IfNotPresent
+  # special case of ASNR
+  # suffix of the docker image tag
+  # see quay.io/repository/mongodb/mongodb-community-server
+  #type: ""
+
+# This is for the secrets for pulling an image from a private repository more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+imagePullSecrets: []
+
+
+# This section builds out the service account more information can be found here: https://kubernetes.io/docs/concepts/security/service-accounts/
+# currenty, at ASNR, a kyverno policy automatically created the service account
+# role and role binding
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: false
+  # Automatically mount a ServiceAccount's API credentials?
+  automount: true
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+
+resources:
+  # resources value for the replicas must be adjusted given the environment
+  # staging, preprod, prod
+  limits:
+    cpu: "2"
+    memory: 2Gi
+  requests:
+    cpu: 100m
+    memory: 200Mi
+
+# configuration for container mongo-agent
+agent:
+  # This sets the pull policy for images.
+  pullPolicy: IfNotPresent
+  # resources specific to agent
+  resources:
+    limits:
+      cpu: "1"
+      memory: 512Mi
+    requests:
+      cpu: 50m
+      memory: 100Mi
+
+# pvc configuration
+# specify size and storage class for data volume and backup volume
+pvc:
+  data:
+    storageClass: ""
+    size: 10Gi
+  backup:
+    storageClass: ""
+    size: 10Gi
+
+# user configuration
+# this fied is used to fill the `spec.users` field from the MongoDBCommunity
+# ressource
+# the root must be included
+# spec: https://github.com/mongodb/mongodb-kubernetes/blob/master/docs/mongodbcommunity/users.md#modify-the-mongodbcommunity-resource
+users:
+# example
+# - name: user
+#   db: mydb
+#   secretName: mysecret
+#   secretKeyPassword: secret-user-password
+#   roles:
+#   - name: readWrite
+#     db: mydb
+#   - name: clusterMonitor
+#     db: admin
+#    scramCredentialsSecretName: scram-user