Skip to content

Commit bd5f105

Browse files
author
Anton Lisovenko
committed
089dc203dba040da8a86036a57cf1c883f332800: update public repo contents
1 parent f7c2d5f commit bd5f105

File tree

7 files changed

+158
-199
lines changed

7 files changed

+158
-199
lines changed

README.md

Lines changed: 7 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -97,10 +97,10 @@ in OpsManager directly). If omitted the name of the MongoDB resource will be use
9797
* (optionally) Organization ID - the ID of the organization which the Project belongs to. The Operator will create
9898
an Organization with the same name as the Project if Organization ID is omitted.
9999
* API Credentials. This can be any pair of:
100-
** Public and Private Programmatic API keys. They correspond to `user` and `publicApiKey` fields in the Secret storing
100+
* Public and Private Programmatic API keys. They correspond to `user` and `publicApiKey` fields in the Secret storing
101101
credentials. More information about the way to create them using Ops Manager UI can be found
102102
[here](https://docs.opsmanager.mongodb.com/current/tutorial/configure-public-api-access/#programmatic-api-keys)
103-
** Username and Public API key. More information about the way to create them using Ops Manager UI can be found
103+
* Username and Public API key. More information about the way to create them using Ops Manager UI can be found
104104
[here](https://docs.opsmanager.mongodb.com/current/tutorial/configure-public-api-access/#personal-api-keys-deprecated)
105105

106106
Note that you must whitelist the IP
@@ -122,20 +122,22 @@ metadata:
122122
name: my-project
123123
namespace: mongodb
124124
data:
125-
projectName: myProjectName
125+
projectName: myProjectName # this is an optional parameter
126126
orgId: 5b890e0feacf0b76ff3e7183 # this is an optional parameter
127127
baseUrl: https://my-ops-manager-or-cloud-manager-url
128128
```
129129
> Note, that if `orgId` is skipped then the new organization named `projectName` will be automatically created and new
130130
project will be added there.
131+
> If `projectName` is skipped the project created in Ops Manager will get the same name as the MongoDB object
131132
132133
Apply this file to create the new `Project`:
133134

134135
kubectl apply -f my-project.yaml
135136

136137
### Credentials ###
137138

138-
For a user to be able to create or update objects in this Ops Manager Project they need a Public API Key. These will be held by Kubernetes as a `Secret` object. You can create this Secret with the following command:
139+
For a user to be able to create or update objects in this Ops Manager Project they need either a Public API Key or a
140+
Programmatic API Key. These will be held by Kubernetes as a `Secret` object. You can create this Secret with the following command:
139141

140142
``` bash
141143
$ kubectl -n mongodb create secret generic my-credentials --from-literal="[email protected]" --from-literal="publicApiKey=my-public-api-key"
@@ -154,7 +156,7 @@ If you have a correctly created Project with the name `my-project` and Credentia
154156
This section describes how to create the Ops Manager object in Kubernetes. Note, that this requires all
155157
the CRDs and the Operator application to be installed as described above.
156158

157-
*Disclaimer: this is an early release of Ops Manager - so it's not recommended to use it in production*
159+
*Disclaimer: this is a Beta release of Ops Manager - so it's not recommended to use it in production*
158160

159161
### Create Admin Credentials Secret ###
160162

helm_chart/templates/database-roles.yaml

Lines changed: 63 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,63 @@
1+
---
2+
apiVersion: v1
3+
kind: ServiceAccount
4+
metadata:
5+
name: mongodb-enterprise-appdb
6+
{{- if not (eq (.Values.operator.watchNamespace | default "*") "*") }}
7+
namespace: {{ .Values.operator.watchNamespace }}
8+
{{- else }}
9+
namespace: {{ .Values.namespace }}
10+
{{- end }}
11+
12+
---
13+
apiVersion: v1
14+
kind: ServiceAccount
15+
metadata:
16+
name: mongodb-enterprise-database-pods
17+
{{- if not (eq (.Values.operator.watchNamespace | default "*") "*") }}
18+
namespace: {{ .Values.operator.watchNamespace }}
19+
{{- else }}
20+
namespace: {{ .Values.namespace }}
21+
{{- end }}
22+
23+
---
24+
kind: Role
25+
apiVersion: rbac.authorization.k8s.io/v1
26+
metadata:
27+
name: mongodb-enterprise-appdb
28+
{{- if not (eq (.Values.operator.watchNamespace | default "*") "*") }}
29+
namespace: {{ .Values.operator.watchNamespace }}
30+
{{- else }}
31+
namespace: {{ .Values.namespace }}
32+
{{- end }}
33+
rules:
34+
- apiGroups:
35+
- ""
36+
resources:
37+
- configmaps
38+
verbs:
39+
- get
40+
41+
---
42+
kind: RoleBinding
43+
apiVersion: rbac.authorization.k8s.io/v1
44+
metadata:
45+
name: mongodb-enterprise-appdb
46+
{{- if not (eq (.Values.operator.watchNamespace | default "*") "*") }}
47+
namespace: {{ .Values.operator.watchNamespace }}
48+
{{- else }}
49+
namespace: {{ .Values.namespace }}
50+
{{- end }}
51+
roleRef:
52+
apiGroup: rbac.authorization.k8s.io
53+
kind: Role
54+
name: mongodb-enterprise-appdb
55+
subjects:
56+
- kind: ServiceAccount
57+
name: mongodb-enterprise-appdb
58+
{{- if not (eq (.Values.operator.watchNamespace | default "*") "*") }}
59+
namespace: {{ .Values.operator.watchNamespace }}
60+
{{- else }}
61+
namespace: {{ .Values.namespace }}
62+
{{- end }}
63+

helm_chart/templates/roles.yaml renamed to helm_chart/templates/operator-roles.yaml

Lines changed: 25 additions & 45 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,23 @@
11
---
2-
kind: {{ if .Values.operator.watchNamespace }} {{ if (eq .Values.operator.watchNamespace "*") }} ClusterRole {{ else }} Role {{ end }} {{ else }} Role {{ end }}
2+
apiVersion: v1
3+
kind: ServiceAccount
4+
metadata:
5+
name: {{ .Values.operator.name }}
6+
{{- if .Values.namespace }}
7+
namespace: {{ .Values.namespace }}
8+
{{- end }}
9+
10+
11+
---
12+
kind: {{ if eq (.Values.operator.watchNamespace | default "") "*" }} ClusterRole {{ else }} Role {{ end }}
313
apiVersion: rbac.authorization.k8s.io/v1
414
metadata:
515
name: {{ .Values.operator.name }}
6-
{{ if .Values.namespace }}
16+
{{- if not (eq (.Values.operator.watchNamespace | default "*") "*") }}
17+
namespace: {{ .Values.operator.watchNamespace }}
18+
{{- else }}
719
namespace: {{ .Values.namespace }}
8-
{{ end }}
20+
{{- end }}
921
rules:
1022
- apiGroups:
1123
- ""
@@ -47,27 +59,29 @@ rules:
4759
- update
4860

4961
---
50-
kind: {{ if .Values.operator.watchNamespace }} {{ if (eq .Values.operator.watchNamespace "*") }} ClusterRoleBinding {{ else }} RoleBinding {{ end }} {{ else }} RoleBinding {{ end }}
62+
kind: {{ if eq (.Values.operator.watchNamespace | default "") "*" }} ClusterRoleBinding {{ else }} RoleBinding {{ end }}
5163
apiVersion: rbac.authorization.k8s.io/v1
5264
metadata:
5365
name: {{ .Values.operator.name }}
54-
{{ if .Values.namespace }}
66+
{{- if not (eq (.Values.operator.watchNamespace | default "*") "*") }}
67+
namespace: {{ .Values.operator.watchNamespace }}
68+
{{- else }}
5569
namespace: {{ .Values.namespace }}
56-
{{ end }}
70+
{{- end }}
5771
roleRef:
5872
apiGroup: rbac.authorization.k8s.io
59-
kind: {{ if .Values.operator.watchNamespace }} {{ if (eq .Values.operator.watchNamespace "*") }} ClusterRole {{ else }} Role {{ end }} {{ else }} Role {{ end }}
73+
kind: {{ if eq (.Values.operator.watchNamespace | default "") "*" }} ClusterRole {{ else }} Role {{ end }}
6074
name: {{ .Values.operator.name }}
6175
subjects:
6276
- kind: ServiceAccount
6377
name: {{ .Values.operator.name }}
64-
{{ if .Values.namespace }}
78+
{{- if .Values.namespace }}
6579
namespace: {{ .Values.namespace }}
66-
{{ end }}
80+
{{- end }}
6781

6882
# This ClusterRole is needed if the user wants to use the Kubernetes CA
6983
# infrastructure to generate certificates.
70-
{{ if .Values.needsCAInfrastructure }}
84+
{{- if .Values.needsCAInfrastructure }}
7185
---
7286
kind: ClusterRole
7387
apiVersion: rbac.authorization.k8s.io/v1
@@ -99,40 +113,6 @@ subjects:
99113
name: {{ .Values.operator.name }}
100114
namespace: {{ .Values.namespace }}
101115

102-
{{ end }}
116+
{{- end }}
103117

104-
---
105-
kind: Role
106-
apiVersion: rbac.authorization.k8s.io/v1
107-
metadata:
108-
name: mongodb-enterprise-appdb
109-
{{ if .Values.namespace }}
110-
namespace: {{ .Values.namespace }}
111-
{{ end }}
112-
rules:
113-
- apiGroups:
114-
- ""
115-
resources:
116-
- configmaps
117-
verbs:
118-
- get
119-
120-
---
121-
kind: RoleBinding
122-
apiVersion: rbac.authorization.k8s.io/v1
123-
metadata:
124-
name: mongodb-enterprise-appdb
125-
{{ if .Values.namespace }}
126-
namespace: {{ .Values.namespace }}
127-
{{ end }}
128-
roleRef:
129-
apiGroup: rbac.authorization.k8s.io
130-
kind: Role
131-
name: mongodb-enterprise-appdb
132-
subjects:
133-
- kind: ServiceAccount
134-
name: mongodb-enterprise-appdb
135-
{{ if .Values.namespace }}
136-
namespace: {{ .Values.namespace }}
137-
{{ end }}
138118

helm_chart/templates/operator.yaml

Lines changed: 15 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -3,9 +3,9 @@ apiVersion: apps/v1
33
kind: Deployment
44
metadata:
55
name: {{ .Values.operator.name }}
6-
{{ if .Values.namespace }}
6+
{{- if .Values.namespace }}
77
namespace: {{ .Values.namespace }}
8-
{{ end }}
8+
{{- end }}
99
spec:
1010
replicas: 1
1111
selector:
@@ -17,15 +17,15 @@ spec:
1717
app: {{ .Values.operator.name }}
1818
spec:
1919
serviceAccountName: {{ .Values.operator.name }}
20-
{{ if not .Values.managedSecurityContext }}
20+
{{- if not .Values.managedSecurityContext }}
2121
securityContext:
2222
runAsNonRoot: true
2323
runAsUser: 2000
24-
{{ end }}
25-
{{ if .Values.registry.imagePullSecrets}}
24+
{{- end }}
25+
{{- if .Values.registry.imagePullSecrets}}
2626
imagePullSecrets:
2727
- name: {{ .Values.registry.imagePullSecrets }}
28-
{{ end }}
28+
{{- end }}
2929

3030
containers:
3131
- name: {{ .Values.operator.name }}
@@ -35,21 +35,21 @@ spec:
3535
- name: OPERATOR_ENV
3636
value: {{ .Values.operator.env }}
3737
- name: WATCH_NAMESPACE
38-
{{ if .Values.operator.watchNamespace}}
38+
{{- if .Values.operator.watchNamespace}}
3939
value: "{{ .Values.operator.watchNamespace }}"
40-
{{ else }}
40+
{{- else }}
4141
valueFrom:
4242
fieldRef:
4343
fieldPath: metadata.namespace
44-
{{ end }}
44+
{{- end }}
4545
- name: CURRENT_NAMESPACE
4646
valueFrom:
4747
fieldRef:
4848
fieldPath: metadata.namespace
49-
{{ if eq .Values.managedSecurityContext true }}
49+
{{- if eq .Values.managedSecurityContext true }}
5050
- name: MANAGED_SECURITY_CONTEXT
5151
value: 'true'
52-
{{ end }}
52+
{{- end }}
5353
- name: MONGODB_ENTERPRISE_DATABASE_IMAGE
5454
value: {{ .Values.registry.repository }}/{{ .Values.database.name }}:{{ .Values.operator.version }}
5555
- name: IMAGE_PULL_POLICY
@@ -61,12 +61,12 @@ spec:
6161
- name: APP_DB_IMAGE_REPOSITORY
6262
value: {{ .Values.registry.repository }}/{{ .Values.appDb.name }}
6363

64-
{{ if .Values.registry.imagePullSecrets }}
64+
{{- if .Values.registry.imagePullSecrets }}
6565
- name: IMAGE_PULL_SECRETS
6666
value: {{ .Values.registry.imagePullSecrets }}
67-
{{ end }}
67+
{{- end }}
6868

69-
{{ if .Values.debug }}
69+
{{- if .Values.debug }}
7070
---
7171
apiVersion: v1
7272
kind: Service
@@ -80,4 +80,4 @@ spec:
8080
protocol: TCP
8181
selector:
8282
app: {{ .Values.operator.name }}
83-
{{ end }}
83+
{{- end }}

helm_chart/templates/serviceaccount.yaml

Lines changed: 0 additions & 26 deletions
This file was deleted.

0 commit comments

Comments
 (0)