mongodb
Helm chart
Request a free trial
Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.
Tag:
1
# This file has been modified by Chainguard, Inc.
2
#
3
# Copyright Chainguard, Inc. All Rights Reserved.
4
# Chainguard, Inc. modifications are subject to the license
5
# available at: https://www.chainguard.dev/legal/software-license-agreement
6
#
7
# Copyright Broadcom, Inc. All Rights Reserved.
8
# SPDX-License-Identifier: APACHE-2.0
9
10
## @section Global parameters
11
## Global Docker image parameters
12
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
13
## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
14
##
15
16
## @param global.imageRegistry Global Docker image registry
17
## @param global.imagePullSecrets Global Docker registry secret names as an array
18
## @param global.defaultStorageClass Global default StorageClass for Persistent Volume(s)
19
## @param global.storageClass DEPRECATED: use global.defaultStorageClass instead
20
## @param global.namespaceOverride Override the namespace for resource deployed by the chart, but can itself be overridden by the local namespaceOverride
21
##
22
global:
23
imageRegistry: ""
24
## E.g.
25
## imagePullSecrets:
26
## - myRegistryKeySecretName
27
##
28
imagePullSecrets: []
29
defaultStorageClass: ""
30
storageClass: ""
31
## Security parameters
32
##
33
security:
34
## @param global.security.allowInsecureImages Allows skipping image verification
35
allowInsecureImages: false
36
namespaceOverride: ""
37
## Compatibility adaptations for Kubernetes platforms
38
##
39
compatibility:
40
## Compatibility adaptations for Openshift
41
##
42
openshift:
43
## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
44
##
45
adaptSecurityContext: auto
46
org: ""
47
## @section Common parameters
48
##
49
50
## @param nameOverride String to partially override mongodb.fullname template (will maintain the release name)
51
##
52
nameOverride: ""
53
## @param fullnameOverride String to fully override mongodb.fullname template
54
##
55
fullnameOverride: ""
56
## @param namespaceOverride String to fully override common.names.namespace
57
##
58
namespaceOverride: ""
59
## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set)
60
##
61
kubeVersion: ""
62
## @param clusterDomain Default Kubernetes cluster domain
63
##
64
clusterDomain: cluster.local
65
## @param extraDeploy Array of extra objects to deploy with the release
66
## extraDeploy:
67
## This needs to be uncommented and added to 'extraDeploy' in order to use the replicaset 'mongo-labeler' sidecar
68
## for dynamically discovering the mongodb primary pod
69
## suggestion is to use a hard-coded and predictable TCP port for the primary mongodb pod (here is 30001, choose your own)
70
## - apiVersion: v1
71
## kind: Service
72
## metadata:
73
## name: mongodb-primary
74
## namespace: the-mongodb-namespace
75
## labels:
76
## app.kubernetes.io/component: mongodb
77
## app.kubernetes.io/instance: mongodb
78
## app.kubernetes.io/managed-by: Helm
79
## app.kubernetes.io/name: mongodb
80
## spec:
81
## type: NodePort
82
## externalTrafficPolicy: Cluster
83
## ports:
84
## - name: mongodb
85
## port: 30001
86
## nodePort: 30001
87
## protocol: TCP
88
## targetPort: mongodb
89
## selector:
90
## app.kubernetes.io/component: mongodb
91
## app.kubernetes.io/instance: mongodb
92
## app.kubernetes.io/name: mongodb
93
## primary: "true"
94
##
95
extraDeploy: []
96
## @param commonLabels Add labels to all the deployed resources (sub-charts are not considered). Evaluated as a template
97
##
98
commonLabels: {}
99
## @param commonAnnotations Common annotations to add to all Mongo resources (sub-charts are not considered). Evaluated as a template
100
##
101
commonAnnotations: {}
102
## @param topologyKey Override common lib default topology key. If empty - "kubernetes.io/hostname" is used
103
## i.e. topologyKey: topology.kubernetes.io/zone
104
##
105
topologyKey: ""
106
## @param serviceBindings.enabled Create secret for service binding (Experimental)
107
## Ref: https://servicebinding.io/service-provider/
108
##
109
serviceBindings:
110
enabled: false
111
## @param enableServiceLinks Whether information about services should be injected into pod's environment variable
112
## The environment variables injected by service links are not used, but can lead to slow boot times or slow running of the scripts when there are many services in the current namespace.
113
## If you experience slow pod startups or slow running of the scripts you probably want to set this to `false`.
114
##
115
enableServiceLinks: true
116
## @param usePasswordFiles Mount credentials as files instead of using environment variables
117
##
118
usePasswordFiles: true
119
## Enable diagnostic mode in the deployment
120
##
121
diagnosticMode:
122
## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
123
##
124
enabled: false
125
## @param diagnosticMode.command Command to override all containers in the deployment
126
##
127
command:
128
- sleep
129
## @param diagnosticMode.args Args to override all containers in the deployment
130
##
131
args:
132
- infinity
133
## @section MongoDB(®) parameters
134
##
135
136
## Iamguarded MongoDB(®) image
137
## @param image.registry [default: REGISTRY_NAME] MongoDB(®) image registry
138
## @param image.repository [default: REPOSITORY_NAME/mongodb] MongoDB(®) image registry
139
## @skip image.tag MongoDB(®) image tag (immutable tags are recommended)
140
## @param image.digest MongoDB(®) image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
141
## @param image.pullPolicy MongoDB(®) image pull policy
142
## @param image.pullSecrets Specify docker-registry secret names as an array
143
## @param image.debug Set to true if you would like to see extra information on logs
144
##
145
image:
146
registry: cgr.dev
147
repository: chainguard-private/mongodb-iamguarded
148
tag: 8.2.5
149
digest: ""
150
## Specify a imagePullPolicy
151
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
152
##
153
pullPolicy: IfNotPresent
154
## Optionally specify an array of imagePullSecrets.
155
## Secrets must be manually created in the namespace.
156
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
157
## e.g:
158
## pullSecrets:
159
## - myRegistryKeySecretName
160
##
161
pullSecrets: []
162
## Set to true if you would like to see extra information on logs
163
##
164
debug: false
165
## @param schedulerName Name of the scheduler (other than default) to dispatch pods
166
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
167
##
168
schedulerName: ""
169
## @param architecture MongoDB(®) architecture (`standalone` or `replicaset`)
170
##
171
architecture: standalone
172
## @param useStatefulSet Set to true to use a StatefulSet instead of a Deployment (only when `architecture=standalone`)
173
##
174
useStatefulSet: false
175
## MongoDB(®) Authentication parameters
176
##
177
auth:
178
## @param auth.enabled Enable authentication
179
## ref: https://docs.mongodb.com/manual/tutorial/enable-authentication/
180
##
181
enabled: true
182
## @param auth.rootUser MongoDB(®) root user
183
##
184
rootUser: root
185
## @param auth.rootPassword MongoDB(®) root password
186
##
187
rootPassword: ""
188
## MongoDB(®) custom users and databases
189
## @param auth.usernames List of custom users to be created during the initialization
190
## @param auth.passwords List of passwords for the custom users set at `auth.usernames`
191
## @param auth.databases List of custom databases to be created during the initialization
192
##
193
usernames: []
194
passwords: []
195
databases: []
196
## @param auth.username DEPRECATED: use `auth.usernames` instead
197
## @param auth.password DEPRECATED: use `auth.passwords` instead
198
## @param auth.database DEPRECATED: use `auth.databases` instead
199
##
200
username: ""
201
password: ""
202
database: ""
203
## @param auth.replicaSetKey Key used for authentication in the replicaset (only when `architecture=replicaset`)
204
##
205
replicaSetKey: ""
206
## @param auth.existingSecret Existing secret with MongoDB(®) credentials (keys: `mongodb-passwords`, `mongodb-root-password`, `mongodb-metrics-password`, `mongodb-replica-set-key`)
207
## NOTE: When it's set the previous parameters are ignored.
208
##
209
existingSecret: ""
210
tls:
211
## @param tls.enabled Enable MongoDB(®) TLS support between nodes in the cluster as well as between mongo clients and nodes
212
##
213
enabled: false
214
mTLS:
215
## @param tls.mTLS.enabled IF TLS support is enabled, require clients to provide certificates
216
enabled: true
217
## @param tls.autoGenerated Generate a custom CA and self-signed certificates
218
##
219
autoGenerated: true
220
## @param tls.existingSecret Existing secret with TLS certificates (keys: `mongodb-ca-cert`, `mongodb-ca-key`)
221
## NOTE: When it's set it will disable secret creation.
222
##
223
existingSecret: ""
224
## Add Custom CA certificate
225
## @param tls.caCert Custom CA certificated (base64 encoded)
226
## @param tls.caKey CA certificate private key (base64 encoded)
227
##
228
caCert: ""
229
caKey: ""
230
## @param tls.pemChainIncluded Flag to denote that the Certificate Authority (CA) certificates are bundled with the endpoint cert.
231
## Certificates must be in proper order, where the top certificate is the leaf and the bottom certificate is the top-most intermediate CA.
232
##
233
pemChainIncluded: false
234
standalone:
235
## @param tls.standalone.existingSecret Existing secret with TLS certificates (`tls.key`, `tls.crt`, `ca.crt`) or (`tls.key`, `tls.crt`) with tls.pemChainIncluded set as enabled.
236
## NOTE: When it's set it will disable certificate self-generation from existing CA.
237
##
238
existingSecret: ""
239
replicaset:
240
## @param tls.replicaset.existingSecrets Array of existing secrets with TLS certificates (`tls.key`, `tls.crt`, `ca.crt`) or (`tls.key`, `tls.crt`) with tls.pemChainIncluded set as enabled.
241
## existingSecrets:
242
## - "mySecret-0"
243
## - "mySecret-1"
244
## NOTE: When it's set it will disable certificate self-generation from existing CA.
245
##
246
existingSecrets: []
247
hidden:
248
## @param tls.hidden.existingSecrets Array of existing secrets with TLS certificates (`tls.key`, `tls.crt`, `ca.crt`) or (`tls.key`, `tls.crt`) with tls.pemChainIncluded set as enabled.
249
## existingSecrets:
250
## - "mySecret-0"
251
## - "mySecret-1"
252
## NOTE: When it's set it will disable certificate self-generation from existing CA.
253
##
254
existingSecrets: []
255
arbiter:
256
## @param tls.arbiter.existingSecret Existing secret with TLS certificates (`tls.key`, `tls.crt`, `ca.crt`) or (`tls.key`, `tls.crt`) with tls.pemChainIncluded set as enabled.
257
## NOTE: When it's set it will disable certificate self-generation from existing CA.
258
##
259
existingSecret: ""
260
## Iamguarded Nginx image
261
## @param tls.image.registry [default: REGISTRY_NAME] Init container TLS certs setup image registry
262
## @param tls.image.repository [default: REPOSITORY_NAME/nginx] Init container TLS certs setup image repository
263
## @skip tls.image.tag Init container TLS certs setup image tag (immutable tags are recommended)
264
## @param tls.image.digest Init container TLS certs setup image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
265
## @param tls.image.pullPolicy Init container TLS certs setup image pull policy
266
## @param tls.image.pullSecrets Init container TLS certs specify docker-registry secret names as an array
267
## @param tls.extraDnsNames Add extra dns names to the CA, can solve x509 auth issue for pod clients
268
##
269
image:
270
registry: cgr.dev
271
repository: chainguard-private/nginx-iamguarded
272
tag: 1.29.5
273
digest: ""
274
pullPolicy: IfNotPresent
275
## Optionally specify an array of imagePullSecrets.
276
## Secrets must be manually created in the namespace.
277
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
278
## e.g:
279
## pullSecrets:
280
## - myRegistryKeySecretName
281
##
282
pullSecrets: []
283
## e.g:
284
## extraDnsNames
285
## "DNS.6": "$my_host"
286
## "DNS.7": "$test"
287
##
288
extraDnsNames: []
289
## @param tls.mode Allows to set the tls mode which should be used when tls is enabled (options: `allowTLS`, `preferTLS`, `requireTLS`)
290
##
291
mode: requireTLS
292
## Init Container resource requests and limits
293
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
294
## We usually recommend not to specify default resources and to leave this as a conscious
295
## choice for the user. This also increases chances charts run on environments with little
296
## resources, such as Minikube. If you do want to specify resources, uncomment the following
297
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
298
## @param tls.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if tls.resources is set (tls.resources is recommended for production).
299
##
300
resourcesPreset: "nano"
301
## @param tls.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
302
## Example:
303
## resources:
304
## requests:
305
## cpu: 2
306
## memory: 512Mi
307
## limits:
308
## cpu: 3
309
## memory: 1024Mi
310
##
311
resources: {}
312
## Init Container securityContext
313
## ref: https://kubernetes.io/docs/concepts/security/pod-security-policy/
314
## @param tls.securityContext Init container generate-tls-cert Security context
315
##
316
securityContext: {}
317
## Example:
318
## allowPrivilegeEscalation: false
319
## capabilities:
320
## drop: ["ALL"]
321
##
322
## @param automountServiceAccountToken Mount Service Account token in pod
323
##
324
automountServiceAccountToken: false
325
## @param hostAliases Add deployment host aliases
326
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
327
##
328
hostAliases: []
329
## @param replicaSetName Name of the replica set (only when `architecture=replicaset`)
330
## Ignored when mongodb.architecture=standalone
331
##
332
replicaSetName: rs0
333
## @param replicaSetHostnames Enable DNS hostnames in the replicaset config (only when `architecture=replicaset`)
334
## Ignored when mongodb.architecture=standalone
335
## Ignored when externalAccess.enabled=true
336
##
337
replicaSetHostnames: true
338
## @param enableIPv6 Switch to enable/disable IPv6 on MongoDB(®)
339
##
340
enableIPv6: false
341
## @param directoryPerDB Switch to enable/disable DirectoryPerDB on MongoDB(®)
342
##
343
directoryPerDB: false
344
## MongoDB(®) System Log configuration
345
## @param systemLogVerbosity MongoDB(®) system log verbosity level
346
## @param disableSystemLog Switch to enable/disable MongoDB(®) system log
347
##
348
systemLogVerbosity: 0
349
disableSystemLog: false
350
## @param disableJavascript Switch to enable/disable MongoDB(®) server-side JavaScript execution
351
## ref: https://docs.mongodb.com/manual/core/server-side-javascript/
352
##
353
disableJavascript: false
354
## @param enableJournal Switch to enable/disable MongoDB(®) Journaling
355
## ref: https://docs.mongodb.com/manual/reference/configuration-options/#mongodb-setting-storage.journal.enabled
356
##
357
enableJournal: true
358
## @param configuration MongoDB(®) configuration file to be used for Primary and Secondary nodes
359
## For documentation of all options, see: http://docs.mongodb.org/manual/reference/configuration-options/
360
## Example:
361
## configuration: |-
362
## # where and how to store data.
363
## storage:
364
## dbPath: /iamguarded/mongodb/data/db
365
## journal:
366
## enabled: true
367
## directoryPerDB: false
368
## # where to write logging data
369
## systemLog:
370
## destination: file
371
## quiet: false
372
## logAppend: true
373
## logRotate: reopen
374
## path: /opt/iamguarded/mongodb/logs/mongodb.log
375
## verbosity: 0
376
## # network interfaces
377
## net:
378
## port: 27017
379
## unixDomainSocket:
380
## enabled: true
381
## pathPrefix: /opt/iamguarded/mongodb/tmp
382
## ipv6: false
383
## bindIpAll: true
384
## # replica set options
385
## #replication:
386
## #replSetName: replicaset
387
## #enableMajorityReadConcern: true
388
## # process management options
389
## processManagement:
390
## fork: false
391
## pidFilePath: /opt/iamguarded/mongodb/tmp/mongodb.pid
392
## # set parameter options
393
## setParameter:
394
## enableLocalhostAuthBypass: true
395
## # security options
396
## security:
397
## authorization: disabled
398
## #keyFile: /opt/iamguarded/mongodb/conf/keyfile
399
##
400
configuration: ""
401
## @section replicaSetConfigurationSettings settings applied during runtime (not via configuration file)
402
## If enabled, these are applied by a script which is called within setup.sh
403
## for documentation see https://docs.mongodb.com/manual/reference/replica-configuration/#replica-set-configuration-fields
404
## @param replicaSetConfigurationSettings.enabled Enable MongoDB(®) Switch to enable/disable configuring MongoDB(®) run time rs.conf settings
405
## @param replicaSetConfigurationSettings.configuration run-time rs.conf settings
406
##
407
replicaSetConfigurationSettings:
408
enabled: false
409
configuration: {}
410
## Custom configurations for individual replica set members.
411
## Use the prefix 'members[X].' to apply settings to the member X of the replica set.
412
## Example: 'members[0].priority: 3' sets the priority of the first replica set member to 3.
413
## The index X in 'members[X]' corresponds to the member's position in the replica set.
414
## members[0].priority: 3
415
## chainingAllowed : false
416
## heartbeatTimeoutSecs : 10
417
## heartbeatIntervalMillis : 2000
418
## electionTimeoutMillis : 10000
419
## catchUpTimeoutMillis : 30000
420
## @param existingConfigmap Name of existing ConfigMap with MongoDB(®) configuration for Primary and Secondary nodes
421
## NOTE: When it's set the arbiter.configuration parameter is ignored
422
##
423
existingConfigmap: ""
424
## @param initdbScripts Dictionary of initdb scripts
425
## Specify dictionary of scripts to be run at first boot
426
## Example:
427
## initdbScripts:
428
## my_init_script.sh: |
429
## #!/bin/bash
430
## echo "Do something."
431
##
432
initdbScripts: {}
433
## @param initdbScriptsConfigMap Existing ConfigMap with custom initdb scripts
434
##
435
initdbScriptsConfigMap: ""
436
## Command and args for running the container (set to default if not set). Use array form
437
## @param command Override default container command (useful when using custom images)
438
## @param args Override default container args (useful when using custom images)
439
##
440
command: []
441
args: []
442
## @param extraFlags MongoDB(®) additional command line flags
443
## Example:
444
## extraFlags:
445
## - "--wiredTigerCacheSizeGB=2"
446
##
447
extraFlags: []
448
## @param extraEnvVars Extra environment variables to add to MongoDB(®) pods
449
## E.g:
450
## extraEnvVars:
451
## - name: FOO
452
## value: BAR
453
##
454
extraEnvVars: []
455
## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars
456
##
457
extraEnvVarsCM: ""
458
## @param extraEnvVarsSecret Name of existing Secret containing extra env vars (in case of sensitive data)
459
##
460
extraEnvVarsSecret: ""
461
## @section MongoDB(®) statefulset parameters
462
##
463
464
## @param annotations Additional labels to be added to the MongoDB(®) statefulset. Evaluated as a template
465
##
466
annotations: {}
467
## @param labels Annotations to be added to the MongoDB(®) statefulset. Evaluated as a template
468
##
469
labels: {}
470
## @param replicaCount Number of MongoDB(®) nodes
471
## When `mongodb.architecture=replicaset`, the number of replicas is taken in account
472
## When `mongodb.architecture=standalone`, the number of replicas can only be 0 or 1 (value higher then 1 will not be taken in account)
473
##
474
replicaCount: 2
475
## @param updateStrategy.type Strategy to use to replace existing MongoDB(®) pods. When architecture=standalone and useStatefulSet=false,
476
## this parameter will be applied on a deployment object. In other case it will be applied on a statefulset object
477
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
478
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
479
## Example:
480
## updateStrategy:
481
## type: RollingUpdate
482
## rollingUpdate:
483
## maxSurge: 25%
484
## maxUnavailable: 25%
485
##
486
updateStrategy:
487
type: RollingUpdate
488
## @param podManagementPolicy Pod management policy for MongoDB(®)
489
## Should be initialized one by one when building the replicaset for the first time
490
##
491
podManagementPolicy: OrderedReady
492
## @param podAffinityPreset MongoDB(®) Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
493
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
494
##
495
podAffinityPreset: ""
496
## @param podAntiAffinityPreset MongoDB(®) Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
497
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
498
##
499
podAntiAffinityPreset: soft
500
## Node affinity preset
501
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
502
##
503
nodeAffinityPreset:
504
## @param nodeAffinityPreset.type MongoDB(®) Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
505
##
506
type: ""
507
## @param nodeAffinityPreset.key MongoDB(®) Node label key to match Ignored if `affinity` is set.
508
## E.g.
509
## key: "kubernetes.io/e2e-az-name"
510
##
511
key: ""
512
## @param nodeAffinityPreset.values MongoDB(®) Node label values to match. Ignored if `affinity` is set.
513
## E.g.
514
## values:
515
## - e2e-az1
516
## - e2e-az2
517
##
518
values: []
519
## @param affinity MongoDB(®) Affinity for pod assignment
520
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
521
## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
522
##
523
affinity: {}
524
## @param nodeSelector MongoDB(®) Node labels for pod assignment
525
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
526
##
527
nodeSelector: {}
528
## @param tolerations MongoDB(®) Tolerations for pod assignment
529
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
530
##
531
tolerations: []
532
## @param topologySpreadConstraints MongoDB(®) Spread Constraints for Pods
533
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
534
##
535
topologySpreadConstraints: []
536
## @param lifecycleHooks LifecycleHook for the MongoDB(®) container(s) to automate configuration before or after startup
537
##
538
lifecycleHooks: {}
539
## @param terminationGracePeriodSeconds MongoDB(®) Termination Grace Period
540
##
541
terminationGracePeriodSeconds: ""
542
## @param podLabels MongoDB(®) pod labels
543
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
544
##
545
podLabels: {}
546
## @param podAnnotations MongoDB(®) Pod annotations
547
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
548
##
549
podAnnotations: {}
550
## @param priorityClassName Name of the existing priority class to be used by MongoDB(®) pod(s)
551
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
552
##
553
priorityClassName: ""
554
## @param runtimeClassName Name of the runtime class to be used by MongoDB(®) pod(s)
555
## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/
556
##
557
runtimeClassName: ""
558
## MongoDB(®) pods' Security Context.
559
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
560
## @param podSecurityContext.enabled Enable MongoDB(®) pod(s)' Security Context
561
## @param podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
562
## @param podSecurityContext.supplementalGroups Set filesystem extra groups
563
## @param podSecurityContext.fsGroup Group ID for the volumes of the MongoDB(®) pod(s)
564
## @param podSecurityContext.sysctls sysctl settings of the MongoDB(®) pod(s)'
565
##
566
podSecurityContext:
567
enabled: true
568
fsGroupChangePolicy: Always
569
supplementalGroups: []
570
fsGroup: 1001
571
## sysctl settings
572
## Example:
573
## sysctls:
574
## - name: net.core.somaxconn
575
## value: "10000"
576
##
577
sysctls: []
578
## MongoDB(®) containers' Security Context (main and metrics container).
579
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
580
## @param containerSecurityContext.enabled Enabled containers' Security Context
581
## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
582
## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser
583
## @param containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
584
## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
585
## @param containerSecurityContext.privileged Set container's Security Context privileged
586
## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
587
## @param containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
588
## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped
589
## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
590
##
591
containerSecurityContext:
592
enabled: true
593
seLinuxOptions: {}
594
runAsUser: 1001
595
runAsGroup: 1001
596
runAsNonRoot: true
597
privileged: false
598
readOnlyRootFilesystem: true
599
allowPrivilegeEscalation: false
600
capabilities:
601
drop: ["ALL"]
602
seccompProfile:
603
type: "RuntimeDefault"
604
## MongoDB(®) containers' resource requests and limits.
605
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
606
## We usually recommend not to specify default resources and to leave this as a conscious
607
## choice for the user. This also increases chances charts run on environments with little
608
## resources, such as Minikube. If you do want to specify resources, uncomment the following
609
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
610
## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
611
##
612
resourcesPreset: "small"
613
## @param resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
614
## Example:
615
## resources:
616
## requests:
617
## cpu: 2
618
## memory: 512Mi
619
## limits:
620
## cpu: 3
621
## memory: 1024Mi
622
##
623
resources: {}
624
## @param containerPorts.mongodb MongoDB(®) container port
625
##
626
containerPorts:
627
mongodb: 27017
628
## MongoDB(®) pods' liveness probe. Evaluated as a template.
629
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
630
## @param livenessProbe.enabled Enable livenessProbe
631
## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
632
## @param livenessProbe.periodSeconds Period seconds for livenessProbe
633
## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
634
## @param livenessProbe.failureThreshold Failure threshold for livenessProbe
635
## @param livenessProbe.successThreshold Success threshold for livenessProbe
636
##
637
livenessProbe:
638
enabled: true
639
initialDelaySeconds: 30
640
periodSeconds: 20
641
timeoutSeconds: 10
642
failureThreshold: 6
643
successThreshold: 1
644
## MongoDB(®) pods' readiness probe. Evaluated as a template.
645
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
646
## @param readinessProbe.enabled Enable readinessProbe
647
## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
648
## @param readinessProbe.periodSeconds Period seconds for readinessProbe
649
## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
650
## @param readinessProbe.failureThreshold Failure threshold for readinessProbe
651
## @param readinessProbe.successThreshold Success threshold for readinessProbe
652
##
653
readinessProbe:
654
enabled: true
655
initialDelaySeconds: 5
656
periodSeconds: 10
657
timeoutSeconds: 5
658
failureThreshold: 6
659
successThreshold: 1
660
## Slow starting containers can be protected through startup probes
661
## Startup probes are available in Kubernetes version 1.16 and above
662
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes
663
## @param startupProbe.enabled Enable startupProbe
664
## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
665
## @param startupProbe.periodSeconds Period seconds for startupProbe
666
## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe
667
## @param startupProbe.failureThreshold Failure threshold for startupProbe
668
## @param startupProbe.successThreshold Success threshold for startupProbe
669
##
670
startupProbe:
671
enabled: false
672
initialDelaySeconds: 5
673
periodSeconds: 20
674
timeoutSeconds: 10
675
successThreshold: 1
676
failureThreshold: 30
677
## @param customLivenessProbe Override default liveness probe for MongoDB(®) containers
678
## Ignored when livenessProbe.enabled=true
679
##
680
customLivenessProbe: {}
681
## @param customReadinessProbe Override default readiness probe for MongoDB(®) containers
682
## Ignored when readinessProbe.enabled=true
683
##
684
customReadinessProbe: {}
685
## @param customStartupProbe Override default startup probe for MongoDB(®) containers
686
## Ignored when startupProbe.enabled=true
687
##
688
customStartupProbe: {}
689
## @param initContainers Add additional init containers for the hidden node pod(s)
690
## Example:
691
## initContainers:
692
## - name: your-image-name
693
## image: your-image
694
## imagePullPolicy: Always
695
## ports:
696
## - name: portname
697
## containerPort: 1234
698
##
699
initContainers: []
700
## @param sidecars Add additional sidecar containers for the MongoDB(®) pod(s)
701
## Example:
702
## sidecars:
703
## - name: your-image-name
704
## image: your-image
705
## imagePullPolicy: Always
706
## ports:
707
## - name: portname
708
## containerPort: 1234
709
## This is an optional 'mongo-labeler' sidecar container that tracks replica-set for the primary mongodb pod
710
## and labels it dynamically with ' primary: "true" ' in order for an extra-deployed service to always expose
711
## and attach to the primary pod, this needs to be uncommented along with the suggested 'extraDeploy' example
712
## and the suggested rbac example for the pod to be allowed adding labels to mongo replica pods
713
## search 'mongo-labeler' through this file to find the sections that needs to be uncommented to make it work
714
##
715
## - name: mongo-labeler
716
## image: korenlev/k8s-mongo-labeler-sidecar
717
## imagePullPolicy: Always
718
## env:
719
## - name: LABEL_SELECTOR
720
## value: "app.kubernetes.io/component=mongodb,app.kubernetes.io/instance=mongodb,app.kubernetes.io/name=mongodb"
721
## - name: NAMESPACE
722
## value: "the-mongodb-namespace"
723
## - name: DEBUG
724
## value: "true"
725
##
726
sidecars: []
727
## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for the MongoDB(®) container(s)
728
## Examples:
729
## extraVolumeMounts:
730
## - name: extras
731
## mountPath: /usr/share/extras
732
## readOnly: true
733
##
734
extraVolumeMounts: []
735
## @param extraVolumes Optionally specify extra list of additional volumes to the MongoDB(®) statefulset
736
## extraVolumes:
737
## - name: extras
738
## emptyDir: {}
739
##
740
extraVolumes: []
741
## MongoDB(®) Pod Disruption Budget configuration
742
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
743
##
744
pdb:
745
## @param pdb.create Enable/disable a Pod Disruption Budget creation for MongoDB(®) pod(s)
746
##
747
create: true
748
## @param pdb.minAvailable Minimum number/percentage of MongoDB(®) pods that must still be available after the eviction
749
##
750
minAvailable: ""
751
## @param pdb.maxUnavailable Maximum number/percentage of MongoDB(®) pods that may be made unavailable after the eviction. Defaults to `1` if both `pdb.minAvailable` and `pdb.maxUnavailable` are empty.
752
##
753
maxUnavailable: ""
754
## @section Traffic exposure parameters
755
##
756
757
## Service parameters
758
##
759
service:
760
## @param service.nameOverride MongoDB(®) service name
761
##
762
nameOverride: ""
763
## @param service.type Kubernetes Service type (only for standalone architecture)
764
##
765
type: ClusterIP
766
## @param service.portName MongoDB(®) service port name (only for standalone architecture)
767
##
768
portName: mongodb
769
## @param service.ports.mongodb MongoDB(®) service port.
770
##
771
ports:
772
mongodb: 27017
773
## @param service.nodePorts.mongodb Port to bind to for NodePort and LoadBalancer service types (only for standalone architecture)
774
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
775
##
776
nodePorts:
777
mongodb: ""
778
## @param service.clusterIP MongoDB(®) service cluster IP (only for standalone architecture)
779
## e.g:
780
## clusterIP: None
781
##
782
clusterIP: ""
783
## @param service.externalIPs Specify the externalIP value ClusterIP service type (only for standalone architecture)
784
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips
785
##
786
externalIPs: []
787
## @param service.loadBalancerIP loadBalancerIP for MongoDB(®) Service (only for standalone architecture)
788
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer
789
##
790
loadBalancerIP: ""
791
## @param service.loadBalancerClass loadBalancerClass for MongoDB(®) Service (only for standalone architecture)
792
# ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class
793
loadBalancerClass: ""
794
## @param service.loadBalancerSourceRanges Address(es) that are allowed when service is LoadBalancer (only for standalone architecture)
795
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
796
##
797
loadBalancerSourceRanges: []
798
## @param service.allocateLoadBalancerNodePorts Wheter to allocate node ports when service type is LoadBalancer
799
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-nodeport-allocation
800
##
801
allocateLoadBalancerNodePorts: true
802
## @param service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
803
##
804
extraPorts: []
805
## @param service.annotations Provide any additional annotations that may be required
806
##
807
annotations: {}
808
## @param service.externalTrafficPolicy service external traffic policy (only for standalone architecture)
809
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
810
##
811
externalTrafficPolicy: Local
812
## @param service.sessionAffinity Control where client requests go, to the same pod or round-robin
813
## Values: ClientIP or None
814
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
815
##
816
sessionAffinity: None
817
## @param service.sessionAffinityConfig Additional settings for the sessionAffinity
818
## sessionAffinityConfig:
819
## clientIP:
820
## timeoutSeconds: 300
821
##
822
sessionAffinityConfig: {}
823
## Headless service properties
824
##
825
headless:
826
## @param service.headless.annotations Annotations for the headless service.
827
##
828
annotations: {}
829
## @param service.publishNotReadyAddresses Indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready
830
## ref: https://kubernetes.io/docs/reference/kubernetes-api/service-resources/service-v1/
831
##
832
publishNotReadyAddresses: false
833
## External Access to MongoDB(®) nodes configuration
834
##
835
externalAccess:
836
## @param externalAccess.enabled Enable Kubernetes external cluster access to MongoDB(®) nodes (only for replicaset architecture)
837
##
838
enabled: false
839
## External IPs auto-discovery configuration
840
## An init container is used to auto-detect LB IPs or node ports by querying the K8s API
841
## Note: RBAC might be required
842
##
843
autoDiscovery:
844
## @param externalAccess.autoDiscovery.enabled Enable using an init container to auto-detect external IPs by querying the K8s API
845
##
846
enabled: false
847
## Iamguarded Kubectl image
848
## @param externalAccess.autoDiscovery.image.registry [default: REGISTRY_NAME] Init container auto-discovery image registry
849
## @param externalAccess.autoDiscovery.image.repository [default: REPOSITORY_NAME/kubectl] Init container auto-discovery image repository
850
## @skip externalAccess.autoDiscovery.image.tag Init container auto-discovery image tag (immutable tags are recommended)
851
## @param externalAccess.autoDiscovery.image.digest Init container auto-discovery image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
852
## @param externalAccess.autoDiscovery.image.pullPolicy Init container auto-discovery image pull policy
853
## @param externalAccess.autoDiscovery.image.pullSecrets Init container auto-discovery image pull secrets
854
##
855
image:
856
registry: cgr.dev
857
repository: chainguard-private/kubectl-iamguarded
858
tag: 1.35.2
859
digest: ""
860
## Specify a imagePullPolicy
861
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
862
##
863
pullPolicy: IfNotPresent
864
## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace)
865
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
866
## Example:
867
## pullSecrets:
868
## - myRegistryKeySecretName
869
##
870
pullSecrets: []
871
## Init Container resource requests and limits
872
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
873
## We usually recommend not to specify default resources and to leave this as a conscious
874
## choice for the user. This also increases chances charts run on environments with little
875
## resources, such as Minikube. If you do want to specify resources, uncomment the following
876
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
877
## @param externalAccess.autoDiscovery.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if externalAccess.autoDiscovery.resources is set (externalAccess.autoDiscovery.resources is recommended for production).
878
##
879
resourcesPreset: "nano"
880
## @param externalAccess.autoDiscovery.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
881
## Example:
882
## resources:
883
## requests:
884
## cpu: 2
885
## memory: 512Mi
886
## limits:
887
## cpu: 3
888
## memory: 1024Mi
889
##
890
resources: {}
891
## Init container what mission is ensure public names can be resolved.
892
##
893
dnsCheck:
894
## Iamguarded os-shell image
895
## @param externalAccess.dnsCheck.image.registry [default: REGISTRY_NAME] Init container dns-check image registry
896
## @param externalAccess.dnsCheck.image.repository [default: REPOSITORY_NAME/kubectl] Init container dns-check image repository
897
## @skip externalAccess.dnsCheck.image.tag Init container dns-check image tag (immutable tags are recommended)
898
## @param externalAccess.dnsCheck.image.digest Init container dns-check image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
899
## @param externalAccess.dnsCheck.image.pullPolicy Init container dns-check image pull policy
900
## @param externalAccess.dnsCheck.image.pullSecrets Init container dns-check image pull secrets
901
##
902
image:
903
registry: cgr.dev
904
repository: chainguard-private/os-shell-iamguarded
905
tag: 1.0.0
906
digest: ""
907
## Specify a imagePullPolicy
908
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
909
##
910
pullPolicy: IfNotPresent
911
## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace)
912
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
913
## Example:
914
## pullSecrets:
915
## - myRegistryKeySecretName
916
##
917
pullSecrets: []
918
## Init Container resource requests and limits
919
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
920
## We usually recommend not to specify default resources and to leave this as a conscious
921
## choice for the user. This also increases chances charts run on environments with little
922
## resources, such as Minikube. If you do want to specify resources, uncomment the following
923
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
924
## @param externalAccess.dnsCheck.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if externalAccess.autoDiscovery.resources is set (externalAccess.autoDiscovery.resources is recommended for production).
925
##
926
resourcesPreset: "nano"
927
## @param externalAccess.dnsCheck.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
928
## Example:
929
## resources:
930
## requests:
931
## cpu: 2
932
## memory: 512Mi
933
## limits:
934
## cpu: 3
935
## memory: 1024Mi
936
##
937
resources: {}
938
## Parameters to configure a set of Pods that connect to an existing MongoDB(®) deployment that lies outside of Kubernetes.
939
## @param externalAccess.externalMaster.enabled Use external master for bootstrapping
940
## @param externalAccess.externalMaster.host External master host to bootstrap from
941
## @param externalAccess.externalMaster.port Port for MongoDB(®) service external master host
942
##
943
externalMaster:
944
enabled: false
945
host: ""
946
port: 27017
947
## Parameters to configure K8s service(s) used to externally access MongoDB(®)
948
## A new service per broker will be created
949
##
950
service:
951
## @param externalAccess.service.type Kubernetes Service type for external access. Allowed values: NodePort, LoadBalancer or ClusterIP
952
##
953
type: LoadBalancer
954
## @param externalAccess.service.portName MongoDB(®) port name used for external access when service type is LoadBalancer
955
##
956
portName: "mongodb"
957
## @param externalAccess.service.ports.mongodb MongoDB(®) port used for external access when service type is LoadBalancer
958
##
959
ports:
960
mongodb: 27017
961
## @param externalAccess.service.loadBalancerIPs Array of load balancer IPs for MongoDB(®) nodes
962
## Example:
963
## loadBalancerIPs:
964
## - X.X.X.X
965
## - Y.Y.Y.Y
966
##
967
loadBalancerIPs: []
968
## @param externalAccess.service.publicNames Array of public names. The size should be equal to the number of replicas.
969
##
970
publicNames: []
971
## @param externalAccess.service.loadBalancerClass loadBalancerClass when service type is LoadBalancer
972
# ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class
973
loadBalancerClass: ""
974
## @param externalAccess.service.loadBalancerSourceRanges Address(es) that are allowed when service is LoadBalancer
975
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
976
## Example:
977
## loadBalancerSourceRanges:
978
## - 10.10.10.0/24
979
##
980
loadBalancerSourceRanges: []
981
## @param externalAccess.service.allocateLoadBalancerNodePorts Whether to allocate node ports when service type is LoadBalancer
982
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-nodeport-allocation
983
##
984
allocateLoadBalancerNodePorts: true
985
## @param externalAccess.service.externalTrafficPolicy MongoDB(®) service external traffic policy
986
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
987
##
988
externalTrafficPolicy: Local
989
## @param externalAccess.service.nodePorts Array of node ports used to configure MongoDB(®) advertised hostname when service type is NodePort
990
## Example:
991
## nodePorts:
992
## - 30001
993
## - 30002
994
##
995
nodePorts: []
996
## @param externalAccess.service.domain Domain or external IP used to configure MongoDB(®) advertised hostname when service type is NodePort
997
## If not specified, the container will try to get the kubernetes node external IP
998
## e.g:
999
## domain: mydomain.com
1000
##
1001
domain: ""
1002
## @param externalAccess.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
1003
##
1004
extraPorts: []
1005
## @param externalAccess.service.annotations Service annotations for external access. These annotations are common for all services created.
1006
##
1007
annotations: {}
1008
## @param externalAccess.service.annotationsList Service annotations for eache external service. This value contains a list allowing different annotations per each external service.
1009
## Eg:
1010
## annotationsList:
1011
## - external-dns.alpha.kubernetes.io/hostname: mongodb-0.example.com
1012
## - external-dns.alpha.kubernetes.io/hostname: mongodb-1.example.com
1013
##
1014
annotationsList: []
1015
## @param externalAccess.service.sessionAffinity Control where client requests go, to the same pod or round-robin
1016
## Values: ClientIP or None
1017
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
1018
##
1019
sessionAffinity: None
1020
## @param externalAccess.service.sessionAffinityConfig Additional settings for the sessionAffinity
1021
## sessionAffinityConfig:
1022
## clientIP:
1023
## timeoutSeconds: 300
1024
##
1025
sessionAffinityConfig: {}
1026
## External Access to MongoDB(®) Hidden nodes configuration
1027
##
1028
hidden:
1029
## @param externalAccess.hidden.enabled Enable Kubernetes external cluster access to MongoDB(®) hidden nodes
1030
##
1031
enabled: false
1032
## Parameters to configure K8s service(s) used to externally access MongoDB(®)
1033
## A new service per broker will be created
1034
##
1035
service:
1036
## @param externalAccess.hidden.service.type Kubernetes Service type for external access. Allowed values: NodePort or LoadBalancer
1037
##
1038
type: LoadBalancer
1039
## @param externalAccess.hidden.service.portName MongoDB(®) port name used for external access when service type is LoadBalancer
1040
##
1041
portName: "mongodb"
1042
## @param externalAccess.hidden.service.ports.mongodb MongoDB(®) port used for external access when service type is LoadBalancer
1043
##
1044
ports:
1045
mongodb: 27017
1046
## @param externalAccess.hidden.service.loadBalancerIPs Array of load balancer IPs for MongoDB(®) nodes
1047
## Example:
1048
## loadBalancerIPs:
1049
## - X.X.X.X
1050
## - Y.Y.Y.Y
1051
##
1052
loadBalancerIPs: []
1053
## @param externalAccess.hidden.service.loadBalancerClass loadBalancerClass when service type is LoadBalancer
1054
# ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class
1055
loadBalancerClass: ""
1056
## @param externalAccess.hidden.service.loadBalancerSourceRanges Address(es) that are allowed when service is LoadBalancer
1057
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
1058
## Example:
1059
## loadBalancerSourceRanges:
1060
## - 10.10.10.0/24
1061
##
1062
loadBalancerSourceRanges: []
1063
## @param externalAccess.hidden.service.allocateLoadBalancerNodePorts Wheter to allocate node ports when service type is LoadBalancer
1064
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-nodeport-allocation
1065
##
1066
allocateLoadBalancerNodePorts: true
1067
## @param externalAccess.hidden.service.externalTrafficPolicy MongoDB(®) service external traffic policy
1068
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
1069
##
1070
externalTrafficPolicy: Local
1071
## @param externalAccess.hidden.service.nodePorts Array of node ports used to configure MongoDB(®) advertised hostname when service type is NodePort. Length must be the same as replicaCount
1072
## Example:
1073
## nodePorts:
1074
## - 30001
1075
## - 30002
1076
##
1077
nodePorts: []
1078
## @param externalAccess.hidden.service.domain Domain or external IP used to configure MongoDB(®) advertised hostname when service type is NodePort
1079
## If not specified, the container will try to get the kubernetes node external IP
1080
## e.g:
1081
## domain: mydomain.com
1082
##
1083
domain: ""
1084
## @param externalAccess.hidden.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
1085
##
1086
extraPorts: []
1087
## @param externalAccess.hidden.service.annotations Service annotations for external access
1088
##
1089
annotations: {}
1090
## @param externalAccess.hidden.service.sessionAffinity Control where client requests go, to the same pod or round-robin
1091
## Values: ClientIP or None
1092
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
1093
##
1094
sessionAffinity: None
1095
## @param externalAccess.hidden.service.sessionAffinityConfig Additional settings for the sessionAffinity
1096
## sessionAffinityConfig:
1097
## clientIP:
1098
## timeoutSeconds: 300
1099
##
1100
sessionAffinityConfig: {}
1101
## @section Password update job
1102
##
1103
passwordUpdateJob:
1104
## @param passwordUpdateJob.enabled Enable password update job
1105
##
1106
enabled: false
1107
## @param passwordUpdateJob.backoffLimit set backoff limit of the job
1108
##
1109
backoffLimit: 10
1110
## @param passwordUpdateJob.command Override default container command on mysql Primary container(s) (useful when using custom images)
1111
##
1112
command: []
1113
## @param passwordUpdateJob.args Override default container args on mysql Primary container(s) (useful when using custom images)
1114
##
1115
args: []
1116
## @param passwordUpdateJob.extraCommands Extra commands to pass to the generation job
1117
##
1118
extraCommands: ""
1119
## @param passwordUpdateJob.previousPasswords.rootPassword Previous root password (set if the password secret was already changed)
1120
## @param passwordUpdateJob.previousPasswords.existingSecret Name of a secret containing the previous passwords (set if the password secret was already changed)
1121
previousPasswords:
1122
rootPassword: ""
1123
existingSecret: ""
1124
## Configure Container Security Context
1125
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
1126
## @param passwordUpdateJob.containerSecurityContext.enabled Enabled containers' Security Context
1127
## @param passwordUpdateJob.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
1128
## @param passwordUpdateJob.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
1129
## @param passwordUpdateJob.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
1130
## @param passwordUpdateJob.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
1131
## @param passwordUpdateJob.containerSecurityContext.privileged Set container's Security Context privileged
1132
## @param passwordUpdateJob.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
1133
## @param passwordUpdateJob.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
1134
## @param passwordUpdateJob.containerSecurityContext.capabilities.drop List of capabilities to be dropped
1135
## @param passwordUpdateJob.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
1136
##
1137
containerSecurityContext:
1138
enabled: true
1139
seLinuxOptions: {}
1140
runAsUser: 1001
1141
runAsGroup: 1001
1142
runAsNonRoot: true
1143
privileged: false
1144
readOnlyRootFilesystem: true
1145
allowPrivilegeEscalation: false
1146
capabilities:
1147
drop: ["ALL"]
1148
seccompProfile:
1149
type: "RuntimeDefault"
1150
## Configure Pods Security Context
1151
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
1152
## @param passwordUpdateJob.podSecurityContext.enabled Enabled credential init job pods' Security Context
1153
## @param passwordUpdateJob.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
1154
## @param passwordUpdateJob.podSecurityContext.sysctls Set kernel settings using the sysctl interface
1155
## @param passwordUpdateJob.podSecurityContext.supplementalGroups Set filesystem extra groups
1156
## @param passwordUpdateJob.podSecurityContext.fsGroup Set credential init job pod's Security Context fsGroup
1157
##
1158
podSecurityContext:
1159
enabled: true
1160
fsGroupChangePolicy: Always
1161
sysctls: []
1162
supplementalGroups: []
1163
fsGroup: 1001
1164
## @param passwordUpdateJob.extraEnvVars Array containing extra env vars to configure the credential init job
1165
## For example:
1166
## extraEnvVars:
1167
## - name: GF_DEFAULT_INSTANCE_NAME
1168
## value: my-instance
1169
##
1170
extraEnvVars: []
1171
## @param passwordUpdateJob.extraEnvVarsCM ConfigMap containing extra env vars to configure the credential init job
1172
##
1173
extraEnvVarsCM: ""
1174
## @param passwordUpdateJob.extraEnvVarsSecret Secret containing extra env vars to configure the credential init job (in case of sensitive data)
1175
##
1176
extraEnvVarsSecret: ""
1177
## @param passwordUpdateJob.extraVolumes Optionally specify extra list of additional volumes for the credential init job
1178
##
1179
extraVolumes: []
1180
## @param passwordUpdateJob.extraVolumeMounts Array of extra volume mounts to be added to the jwt Container (evaluated as template). Normally used with `extraVolumes`.
1181
##
1182
extraVolumeMounts: []
1183
## @param passwordUpdateJob.initContainers Add additional init containers for the mysql Primary pod(s)
1184
##
1185
initContainers: []
1186
## Container resource requests and limits
1187
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
1188
## @param passwordUpdateJob.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if passwordUpdateJob.resources is set (passwordUpdateJob.resources is recommended for production).
1189
##
1190
resourcesPreset: "micro"
1191
## @param passwordUpdateJob.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
1192
## Example:
1193
## resources:
1194
## requests:
1195
## cpu: 2
1196
## memory: 512Mi
1197
## limits:
1198
## cpu: 3
1199
## memory: 1024Mi
1200
##
1201
resources: {}
1202
## @param passwordUpdateJob.customLivenessProbe Custom livenessProbe that overrides the default one
1203
##
1204
customLivenessProbe: {}
1205
## @param passwordUpdateJob.customReadinessProbe Custom readinessProbe that overrides the default one
1206
##
1207
customReadinessProbe: {}
1208
## @param passwordUpdateJob.customStartupProbe Custom startupProbe that overrides the default one
1209
##
1210
customStartupProbe: {}
1211
## @param passwordUpdateJob.automountServiceAccountToken Mount Service Account token in pod
1212
##
1213
automountServiceAccountToken: false
1214
## @param passwordUpdateJob.hostAliases Add deployment host aliases
1215
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
1216
##
1217
hostAliases: []
1218
## @param passwordUpdateJob.annotations [object] Add annotations to the job
1219
##
1220
annotations: {}
1221
## @param passwordUpdateJob.podLabels Additional pod labels
1222
## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
1223
##
1224
podLabels: {}
1225
## @param passwordUpdateJob.podAnnotations Additional pod annotations
1226
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
1227
##
1228
podAnnotations: {}
1229
## @section Network policy parameters
1230
##
1231
1232
## Network Policies
1233
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
1234
##
1235
networkPolicy:
1236
## @param networkPolicy.enabled Specifies whether a NetworkPolicy should be created
1237
##
1238
enabled: true
1239
## @param networkPolicy.allowExternal Don't require server label for connections
1240
## The Policy model to apply. When set to false, only pods with the correct
1241
## server label will have network access to the ports server is listening
1242
## on. When true, server will accept connections from any source
1243
## (with the correct destination port).
1244
##
1245
allowExternal: true
1246
## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
1247
##
1248
allowExternalEgress: true
1249
## @param networkPolicy.addExternalClientAccess Allow access from pods with client label set to "true". Ignored if `networkPolicy.allowExternal` is true.
1250
##
1251
addExternalClientAccess: true
1252
## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
1253
## e.g:
1254
## extraIngress:
1255
## - ports:
1256
## - port: 1234
1257
## from:
1258
## - podSelector:
1259
## - matchLabels:
1260
## - role: frontend
1261
## - podSelector:
1262
## - matchExpressions:
1263
## - key: role
1264
## operator: In
1265
## values:
1266
## - frontend
1267
extraIngress: []
1268
## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
1269
## e.g:
1270
## extraEgress:
1271
## - ports:
1272
## - port: 1234
1273
## to:
1274
## - podSelector:
1275
## - matchLabels:
1276
## - role: frontend
1277
## - podSelector:
1278
## - matchExpressions:
1279
## - key: role
1280
## operator: In
1281
## values:
1282
## - frontend
1283
##
1284
extraEgress: []
1285
## @param networkPolicy.ingressPodMatchLabels [object] Labels to match to allow traffic from other pods. Ignored if `networkPolicy.allowExternal` is true.
1286
## e.g:
1287
## ingressPodMatchLabels:
1288
## my-client: "true"
1289
#
1290
ingressPodMatchLabels: {}
1291
## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces. Ignored if `networkPolicy.allowExternal` is true.
1292
## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces. Ignored if `networkPolicy.allowExternal` is true.
1293
##
1294
ingressNSMatchLabels: {}
1295
ingressNSPodMatchLabels: {}
1296
persistence:
1297
## @param persistence.enabled Enable MongoDB(®) data persistence using PVC
1298
##
1299
enabled: true
1300
## @param persistence.name Name of the PVC and mounted volume
1301
##
1302
name: "datadir"
1303
## @param persistence.medium Provide a medium for `emptyDir` volumes.
1304
## Requires persistence.enabled: false
1305
##
1306
medium: ""
1307
## @param persistence.existingClaim Provide an existing `PersistentVolumeClaim` (only when `architecture=standalone`)
1308
## Requires persistence.enabled: true
1309
## If defined, PVC must be created manually before volume will be bound
1310
## Ignored when mongodb.architecture=replicaset
1311
##
1312
existingClaim: ""
1313
## @param persistence.resourcePolicy Setting it to "keep" to avoid removing PVCs during a helm delete operation. Leaving it empty will delete PVCs after the chart deleted
1314
##
1315
resourcePolicy: ""
1316
## @param persistence.storageClass PVC Storage Class for MongoDB(®) data volume
1317
## If defined, storageClassName: <storageClass>
1318
## If set to "-", storageClassName: "", which disables dynamic provisioning
1319
## If undefined (the default) or set to null, no storageClassName spec is
1320
## set, choosing the default provisioner.
1321
##
1322
storageClass: ""
1323
## @param persistence.accessModes PV Access Mode
1324
##
1325
accessModes:
1326
- ReadWriteOnce
1327
## @param persistence.size PVC Storage Request for MongoDB(®) data volume
1328
##
1329
size: 8Gi
1330
## @param persistence.annotations PVC annotations
1331
##
1332
annotations: {}
1333
## @param persistence.labels PVC labels
1334
##
1335
labels: {}
1336
## @param persistence.mountPath Path to mount the volume at
1337
## MongoDB(®) images.
1338
##
1339
mountPath: /iamguarded/mongodb
1340
## @param persistence.subPath Subdirectory of the volume to mount at
1341
## and one PV for multiple services.
1342
##
1343
subPath: ""
1344
## Fine tuning for volumeClaimTemplates
1345
##
1346
volumeClaimTemplates:
1347
## @param persistence.volumeClaimTemplates.selector A label query over volumes to consider for binding (e.g. when using local volumes)
1348
## A label query over volumes to consider for binding (e.g. when using local volumes)
1349
## See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#labelselector-v1-meta for more details
1350
##
1351
selector: {}
1352
## @param persistence.volumeClaimTemplates.requests Custom PVC requests attributes
1353
## Sometime cloud providers use additional requests attributes to provision custom storage instance
1354
## See https://cloud.ibm.com/docs/containers?topic=containers-file_storage#file_dynamic_statefulset
1355
##
1356
requests: {}
1357
## @param persistence.volumeClaimTemplates.dataSource Add dataSource to the VolumeClaimTemplate
1358
##
1359
dataSource: {}
1360
## Persistent Volume Claim Retention Policy
1361
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention
1362
##
1363
persistentVolumeClaimRetentionPolicy:
1364
## @param persistentVolumeClaimRetentionPolicy.enabled Enable Persistent volume retention policy for MongoDB(®) Statefulset
1365
##
1366
enabled: false
1367
## @param persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced
1368
##
1369
whenScaled: Retain
1370
## @param persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted
1371
##
1372
whenDeleted: Retain
1373
## @section Backup parameters
1374
## This section implements a trivial logical dump cronjob of the database.
1375
## This only comes with the consistency guarantees of the dump program.
1376
## This is not a snapshot based roll forward/backward recovery backup.
1377
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/
1378
##
1379
backup:
1380
## @param backup.enabled Enable the logical dump of the database "regularly"
1381
##
1382
enabled: false
1383
## Fine tuning cronjob's config
1384
##
1385
cronjob:
1386
## @param backup.cronjob.schedule Set the cronjob parameter schedule
1387
##
1388
schedule: "@daily"
1389
## @param backup.cronjob.timeZone Set the cronjob parameter timeZone
1390
##
1391
timeZone: ""
1392
## @param backup.cronjob.concurrencyPolicy Set the cronjob parameter concurrencyPolicy
1393
##
1394
concurrencyPolicy: Allow
1395
## @param backup.cronjob.failedJobsHistoryLimit Set the cronjob parameter failedJobsHistoryLimit
1396
##
1397
failedJobsHistoryLimit: 1
1398
## @param backup.cronjob.successfulJobsHistoryLimit Set the cronjob parameter successfulJobsHistoryLimit
1399
##
1400
successfulJobsHistoryLimit: 3
1401
## @param backup.cronjob.startingDeadlineSeconds Set the cronjob parameter startingDeadlineSeconds
1402
##
1403
startingDeadlineSeconds: ""
1404
## @param backup.cronjob.ttlSecondsAfterFinished Set the cronjob parameter ttlSecondsAfterFinished
1405
##
1406
ttlSecondsAfterFinished: ""
1407
## @param backup.cronjob.restartPolicy Set the cronjob parameter restartPolicy
1408
##
1409
restartPolicy: OnFailure
1410
## @param backup.cronjob.backoffLimit Set the cronjob parameter backoffLimit
1411
backoffLimit: 6
1412
## @param backup.cronjob.serviceAccount.name Set the cronjob parameter serviceAccountName. If you change from the default values make sure that the SA already exists.
1413
serviceAccount:
1414
name: "default"
1415
## backup container's Security Context
1416
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
1417
## @param backup.cronjob.containerSecurityContext.enabled Enabled containers' Security Context
1418
## @param backup.cronjob.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
1419
## @param backup.cronjob.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
1420
## @param backup.cronjob.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
1421
## @param backup.cronjob.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
1422
## @param backup.cronjob.containerSecurityContext.privileged Set container's Security Context privileged
1423
## @param backup.cronjob.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
1424
## @param backup.cronjob.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
1425
## @param backup.cronjob.containerSecurityContext.capabilities.drop List of capabilities to be dropped
1426
## @param backup.cronjob.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
1427
##
1428
containerSecurityContext:
1429
enabled: true
1430
seLinuxOptions: {}
1431
runAsUser: 1001
1432
runAsGroup: 1001
1433
runAsNonRoot: true
1434
privileged: false
1435
readOnlyRootFilesystem: true
1436
allowPrivilegeEscalation: false
1437
capabilities:
1438
drop: ["ALL"]
1439
seccompProfile:
1440
type: "RuntimeDefault"
1441
## backup container's resource requests and limits.
1442
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
1443
## We usually recommend not to specify default resources and to leave this as a conscious
1444
## choice for the user. This also increases chances charts run on environments with little
1445
## resources, such as Minikube. If you do want to specify resources, uncomment the following
1446
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
1447
## @param backup.cronjob.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
1448
##
1449
resourcesPreset: "none"
1450
## @param backup.cronjob.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
1451
## Example:
1452
## resources:
1453
## requests:
1454
## cpu: 2
1455
## memory: 512Mi
1456
## limits:
1457
## cpu: 3
1458
## memory: 1024Mi
1459
##
1460
resources: {}
1461
## @param backup.cronjob.command Set backup container's command to run
1462
##
1463
command: []
1464
## @param backup.cronjob.labels Set the cronjob labels
1465
##
1466
labels: {}
1467
## @param backup.cronjob.annotations Set the cronjob annotations
1468
##
1469
annotations: {}
1470
## Backup container's
1471
##
1472
storage:
1473
## @param backup.cronjob.storage.existingClaim Provide an existing `PersistentVolumeClaim` (only when `architecture=standalone`)
1474
## If defined, PVC must be created manually before volume will be bound
1475
##
1476
existingClaim: ""
1477
## @param backup.cronjob.storage.resourcePolicy Setting it to "keep" to avoid removing PVCs during a helm delete operation. Leaving it empty will delete PVCs after the chart deleted
1478
##
1479
resourcePolicy: ""
1480
## @param backup.cronjob.storage.storageClass PVC Storage Class for the backup data volume
1481
## If defined, storageClassName: <storageClass>
1482
## If set to "-", storageClassName: "", which disables dynamic provisioning
1483
## If undefined (the default) or set to null, no storageClassName spec is
1484
## set, choosing the default provisioner.
1485
##
1486
storageClass: ""
1487
## @param backup.cronjob.storage.accessModes PV Access Mode
1488
##
1489
accessModes:
1490
- ReadWriteOnce
1491
## @param backup.cronjob.storage.size PVC Storage Request for the backup data volume
1492
##
1493
size: 8Gi
1494
## @param backup.cronjob.storage.annotations PVC annotations
1495
##
1496
annotations: {}
1497
## @param backup.cronjob.storage.mountPath Path to mount the volume at
1498
##
1499
mountPath: /backup/mongodb
1500
## @param backup.cronjob.storage.subPath Subdirectory of the volume to mount at
1501
## and one PV for multiple services.
1502
##
1503
subPath: ""
1504
## Fine tuning for volumeClaimTemplates
1505
##
1506
volumeClaimTemplates:
1507
## @param backup.cronjob.storage.volumeClaimTemplates.selector A label query over volumes to consider for binding (e.g. when using local volumes)
1508
## A label query over volumes to consider for binding (e.g. when using local volumes)
1509
## See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#labelselector-v1-meta for more details
1510
##
1511
selector: {}
1512
## @section RBAC parameters
1513
##
1514
1515
## ServiceAccount
1516
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
1517
##
1518
serviceAccount:
1519
## @param serviceAccount.create Enable creation of ServiceAccount for MongoDB(®) pods
1520
##
1521
create: true
1522
## @param serviceAccount.name Name of the created serviceAccount
1523
## If not set and create is true, a name is generated using the mongodb.fullname template
1524
##
1525
name: ""
1526
## @param serviceAccount.annotations Additional Service Account annotations
1527
##
1528
annotations: {}
1529
## @param serviceAccount.automountServiceAccountToken Allows auto mount of ServiceAccountToken on the serviceAccount created
1530
## Can be set to false if pods using this serviceAccount do not need to use K8s API
1531
##
1532
automountServiceAccountToken: false
1533
## Role Based Access
1534
## ref: https://kubernetes.io/docs/admin/authorization/rbac/
1535
##
1536
rbac:
1537
## @param rbac.create Whether to create & use RBAC resources or not
1538
## binding MongoDB(®) ServiceAccount to a role
1539
## that allows MongoDB(®) pods querying the K8s API
1540
## this needs to be set to 'true' to enable the mongo-labeler sidecar primary mongodb discovery
1541
##
1542
create: false
1543
## @param rbac.rules Custom rules to create following the role specification
1544
## The example below needs to be uncommented to use the 'mongo-labeler' sidecar for dynamic discovery of the primary mongodb pod:
1545
## rules:
1546
## - apiGroups:
1547
## - ""
1548
## resources:
1549
## - pods
1550
## verbs:
1551
## - get
1552
## - list
1553
## - watch
1554
## - update
1555
##
1556
rules: []
1557
## PodSecurityPolicy configuration
1558
## Be sure to also set rbac.create to true, otherwise Role and RoleBinding won't be created.
1559
## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
1560
##
1561
podSecurityPolicy:
1562
## @param podSecurityPolicy.create Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later
1563
##
1564
create: false
1565
## @param podSecurityPolicy.allowPrivilegeEscalation Enable privilege escalation
1566
## Either use predefined policy with some adjustments or use `podSecurityPolicy.spec`
1567
##
1568
allowPrivilegeEscalation: false
1569
## @param podSecurityPolicy.privileged Allow privileged
1570
##
1571
privileged: false
1572
## @param podSecurityPolicy.spec Specify the full spec to use for Pod Security Policy
1573
## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
1574
## Defining a spec ignores the above values.
1575
##
1576
spec: {}
1577
## Example:
1578
## allowPrivilegeEscalation: false
1579
## fsGroup:
1580
## rule: 'MustRunAs'
1581
## ranges:
1582
## - min: 1001
1583
## max: 1001
1584
## hostIPC: false
1585
## hostNetwork: false
1586
## hostPID: false
1587
## privileged: false
1588
## readOnlyRootFilesystem: true
1589
## requiredDropCapabilities:
1590
## - ALL
1591
## runAsUser:
1592
## rule: 'MustRunAs'
1593
## ranges:
1594
## - min: 1001
1595
## max: 1001
1596
## seLinux:
1597
## rule: 'RunAsAny'
1598
## supplementalGroups:
1599
## rule: 'MustRunAs'
1600
## ranges:
1601
## - min: 1001
1602
## max: 1001
1603
## volumes:
1604
## - 'configMap'
1605
## - 'secret'
1606
## - 'emptyDir'
1607
## - 'persistentVolumeClaim'
1608
##
1609
## @section Volume Permissions parameters
1610
##
1611
## Init Container parameters
1612
## Change the owner and group of the persistent volume(s) mountpoint(s) to 'runAsUser:fsGroup' on each component
1613
## values from the securityContext section of the component
1614
##
1615
volumePermissions:
1616
## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup`
1617
##
1618
enabled: false
1619
## @param volumePermissions.image.registry [default: REGISTRY_NAME] Init container volume-permissions image registry
1620
## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] Init container volume-permissions image repository
1621
## @skip volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended)
1622
## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
1623
## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy
1624
## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array
1625
##
1626
image:
1627
registry: cgr.dev
1628
repository: chainguard-private/os-shell-iamguarded
1629
tag: 1.0.0
1630
digest: ""
1631
## Specify a imagePullPolicy
1632
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
1633
##
1634
pullPolicy: IfNotPresent
1635
## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace)
1636
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
1637
## Example:
1638
## pullSecrets:
1639
## - myRegistryKeySecretName
1640
##
1641
pullSecrets: []
1642
## Init Container resource requests and limits
1643
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
1644
## We usually recommend not to specify default resources and to leave this as a conscious
1645
## choice for the user. This also increases chances charts run on environments with little
1646
## resources, such as Minikube. If you do want to specify resources, uncomment the following
1647
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
1648
## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production).
1649
##
1650
resourcesPreset: "nano"
1651
## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
1652
## Example:
1653
## resources:
1654
## requests:
1655
## cpu: 2
1656
## memory: 512Mi
1657
## limits:
1658
## cpu: 3
1659
## memory: 1024Mi
1660
##
1661
resources: {}
1662
## Init container Security Context
1663
## Note: the chown of the data folder is done to containerSecurityContext.runAsUser
1664
## and not the below volumePermissions.securityContext.runAsUser
1665
## When runAsUser is set to special value "auto", init container will try to chwon the
1666
## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2`
1667
## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed).
1668
## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with
1669
## podSecurityContext.enabled=false,containerSecurityContext.enabled=false and shmVolume.chmod.enabled=false
1670
## @param volumePermissions.securityContext.seLinuxOptions [object,nullable] Set SELinux options in container
1671
## @param volumePermissions.securityContext.runAsUser User ID for the volumePermissions container
1672
##
1673
securityContext:
1674
seLinuxOptions: {}
1675
runAsUser: 0
1676
## @section Arbiter parameters
1677
##
1678
arbiter:
1679
## @param arbiter.enabled Enable deploying the arbiter
1680
## https://docs.mongodb.com/manual/tutorial/add-replica-set-arbiter/
1681
##
1682
enabled: true
1683
## @param arbiter.automountServiceAccountToken Mount Service Account token in pod
1684
##
1685
automountServiceAccountToken: false
1686
## @param arbiter.hostAliases Add deployment host aliases
1687
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
1688
##
1689
hostAliases: []
1690
## @param arbiter.configuration Arbiter configuration file to be used
1691
## http://docs.mongodb.org/manual/reference/configuration-options/
1692
##
1693
configuration: ""
1694
## @param arbiter.existingConfigmap Name of existing ConfigMap with Arbiter configuration
1695
## NOTE: When it's set the arbiter.configuration parameter is ignored
1696
##
1697
existingConfigmap: ""
1698
## Command and args for running the container (set to default if not set). Use array form
1699
## @param arbiter.command Override default container command (useful when using custom images)
1700
## @param arbiter.args Override default container args (useful when using custom images)
1701
##
1702
command: []
1703
args: []
1704
## @param arbiter.extraFlags Arbiter additional command line flags
1705
## Example:
1706
## extraFlags:
1707
## - "--wiredTigerCacheSizeGB=2"
1708
##
1709
extraFlags: []
1710
## @param arbiter.extraEnvVars Extra environment variables to add to Arbiter pods
1711
## E.g:
1712
## extraEnvVars:
1713
## - name: FOO
1714
## value: BAR
1715
##
1716
extraEnvVars: []
1717
## @param arbiter.extraEnvVarsCM Name of existing ConfigMap containing extra env vars
1718
##
1719
extraEnvVarsCM: ""
1720
## @param arbiter.extraEnvVarsSecret Name of existing Secret containing extra env vars (in case of sensitive data)
1721
##
1722
extraEnvVarsSecret: ""
1723
## @param arbiter.annotations Additional labels to be added to the Arbiter statefulset
1724
##
1725
annotations: {}
1726
## @param arbiter.labels Annotations to be added to the Arbiter statefulset
1727
##
1728
labels: {}
1729
## @param arbiter.topologySpreadConstraints MongoDB(®) Spread Constraints for arbiter Pods
1730
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
1731
##
1732
topologySpreadConstraints: []
1733
## @param arbiter.lifecycleHooks LifecycleHook for the Arbiter container to automate configuration before or after startup
1734
##
1735
lifecycleHooks: {}
1736
## @param arbiter.terminationGracePeriodSeconds Arbiter Termination Grace Period
1737
##
1738
terminationGracePeriodSeconds: ""
1739
## @param arbiter.updateStrategy.type Strategy that will be employed to update Pods in the StatefulSet
1740
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
1741
## updateStrategy:
1742
## type: RollingUpdate
1743
## rollingUpdate:
1744
## maxSurge: 25%
1745
## maxUnavailable: 25%
1746
##
1747
updateStrategy:
1748
type: RollingUpdate
1749
## @param arbiter.podManagementPolicy Pod management policy for MongoDB(®)
1750
## Should be initialized one by one when building the replicaset for the first time
1751
##
1752
podManagementPolicy: OrderedReady
1753
## @param arbiter.schedulerName Name of the scheduler (other than default) to dispatch pods
1754
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
1755
##
1756
schedulerName: ""
1757
## @param arbiter.podAffinityPreset Arbiter Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
1758
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
1759
##
1760
podAffinityPreset: ""
1761
## @param arbiter.podAntiAffinityPreset Arbiter Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
1762
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
1763
##
1764
podAntiAffinityPreset: soft
1765
## Node affinity preset
1766
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
1767
##
1768
nodeAffinityPreset:
1769
## @param arbiter.nodeAffinityPreset.type Arbiter Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
1770
##
1771
type: ""
1772
## @param arbiter.nodeAffinityPreset.key Arbiter Node label key to match Ignored if `affinity` is set.
1773
## E.g.
1774
## key: "kubernetes.io/e2e-az-name"
1775
##
1776
key: ""
1777
## @param arbiter.nodeAffinityPreset.values Arbiter Node label values to match. Ignored if `affinity` is set.
1778
## E.g.
1779
## values:
1780
## - e2e-az1
1781
## - e2e-az2
1782
##
1783
values: []
1784
## @param arbiter.affinity Arbiter Affinity for pod assignment
1785
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
1786
## Note: arbiter.podAffinityPreset, arbiter.podAntiAffinityPreset, and arbiter.nodeAffinityPreset will be ignored when it's set
1787
##
1788
affinity: {}
1789
## @param arbiter.nodeSelector Arbiter Node labels for pod assignment
1790
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
1791
##
1792
nodeSelector: {}
1793
## @param arbiter.tolerations Arbiter Tolerations for pod assignment
1794
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
1795
##
1796
tolerations: []
1797
## @param arbiter.podLabels Arbiter pod labels
1798
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
1799
##
1800
podLabels: {}
1801
## @param arbiter.podAnnotations Arbiter Pod annotations
1802
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
1803
##
1804
podAnnotations: {}
1805
## @param arbiter.priorityClassName Name of the existing priority class to be used by Arbiter pod(s)
1806
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
1807
##
1808
priorityClassName: ""
1809
## @param arbiter.runtimeClassName Name of the runtime class to be used by Arbiter pod(s)
1810
## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/
1811
##
1812
runtimeClassName: ""
1813
## MongoDB(®) Arbiter pods' Security Context.
1814
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
1815
## @param arbiter.podSecurityContext.enabled Enable Arbiter pod(s)' Security Context
1816
## @param arbiter.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
1817
## @param arbiter.podSecurityContext.supplementalGroups Set filesystem extra groups
1818
## @param arbiter.podSecurityContext.fsGroup Group ID for the volumes of the Arbiter pod(s)
1819
## @param arbiter.podSecurityContext.sysctls sysctl settings of the Arbiter pod(s)'
1820
##
1821
podSecurityContext:
1822
enabled: true
1823
fsGroupChangePolicy: Always
1824
supplementalGroups: []
1825
fsGroup: 1001
1826
## sysctl settings
1827
## Example:
1828
## sysctls:
1829
## - name: net.core.somaxconn
1830
## value: "10000"
1831
##
1832
sysctls: []
1833
## MongoDB(®) Arbiter containers' Security Context (only main container).
1834
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
1835
## @param arbiter.containerSecurityContext.enabled Enabled containers' Security Context
1836
## @param arbiter.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
1837
## @param arbiter.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
1838
## @param arbiter.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
1839
## @param arbiter.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
1840
## @param arbiter.containerSecurityContext.privileged Set container's Security Context privileged
1841
## @param arbiter.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
1842
## @param arbiter.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
1843
## @param arbiter.containerSecurityContext.capabilities.drop List of capabilities to be dropped
1844
## @param arbiter.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
1845
##
1846
containerSecurityContext:
1847
enabled: true
1848
seLinuxOptions: {}
1849
runAsUser: 1001
1850
runAsGroup: 1001
1851
runAsNonRoot: true
1852
privileged: false
1853
readOnlyRootFilesystem: true
1854
allowPrivilegeEscalation: false
1855
capabilities:
1856
drop: ["ALL"]
1857
seccompProfile:
1858
type: "RuntimeDefault"
1859
## MongoDB(®) Arbiter containers' resource requests and limits.
1860
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
1861
## We usually recommend not to specify default resources and to leave this as a conscious
1862
## choice for the user. This also increases chances charts run on environments with little
1863
## resources, such as Minikube. If you do want to specify resources, uncomment the following
1864
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
1865
## @param arbiter.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if arbiter.resources is set (arbiter.resources is recommended for production).
1866
##
1867
resourcesPreset: "small"
1868
## @param arbiter.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
1869
## Example:
1870
## resources:
1871
## requests:
1872
## cpu: 2
1873
## memory: 512Mi
1874
## limits:
1875
## cpu: 3
1876
## memory: 1024Mi
1877
##
1878
resources: {}
1879
## @param arbiter.containerPorts.mongodb MongoDB(®) arbiter container port
1880
##
1881
containerPorts:
1882
mongodb: 27017
1883
## MongoDB(®) Arbiter pods' liveness probe. Evaluated as a template.
1884
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
1885
## @param arbiter.livenessProbe.enabled Enable livenessProbe
1886
## @param arbiter.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
1887
## @param arbiter.livenessProbe.periodSeconds Period seconds for livenessProbe
1888
## @param arbiter.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
1889
## @param arbiter.livenessProbe.failureThreshold Failure threshold for livenessProbe
1890
## @param arbiter.livenessProbe.successThreshold Success threshold for livenessProbe
1891
##
1892
livenessProbe:
1893
enabled: true
1894
initialDelaySeconds: 30
1895
periodSeconds: 20
1896
timeoutSeconds: 10
1897
failureThreshold: 6
1898
successThreshold: 1
1899
## MongoDB(®) Arbiter pods' readiness probe. Evaluated as a template.
1900
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
1901
## @param arbiter.readinessProbe.enabled Enable readinessProbe
1902
## @param arbiter.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
1903
## @param arbiter.readinessProbe.periodSeconds Period seconds for readinessProbe
1904
## @param arbiter.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
1905
## @param arbiter.readinessProbe.failureThreshold Failure threshold for readinessProbe
1906
## @param arbiter.readinessProbe.successThreshold Success threshold for readinessProbe
1907
##
1908
readinessProbe:
1909
enabled: true
1910
initialDelaySeconds: 5
1911
periodSeconds: 20
1912
timeoutSeconds: 10
1913
failureThreshold: 6
1914
successThreshold: 1
1915
## MongoDB(®) Arbiter pods' startup probe. Evaluated as a template.
1916
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
1917
## @param arbiter.startupProbe.enabled Enable startupProbe
1918
## @param arbiter.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
1919
## @param arbiter.startupProbe.periodSeconds Period seconds for startupProbe
1920
## @param arbiter.startupProbe.timeoutSeconds Timeout seconds for startupProbe
1921
## @param arbiter.startupProbe.failureThreshold Failure threshold for startupProbe
1922
## @param arbiter.startupProbe.successThreshold Success threshold for startupProbe
1923
##
1924
startupProbe:
1925
enabled: false
1926
initialDelaySeconds: 5
1927
periodSeconds: 10
1928
timeoutSeconds: 5
1929
successThreshold: 1
1930
failureThreshold: 30
1931
## @param arbiter.customLivenessProbe Override default liveness probe for Arbiter containers
1932
## Ignored when arbiter.livenessProbe.enabled=true
1933
##
1934
customLivenessProbe: {}
1935
## @param arbiter.customReadinessProbe Override default readiness probe for Arbiter containers
1936
## Ignored when arbiter.readinessProbe.enabled=true
1937
##
1938
customReadinessProbe: {}
1939
## @param arbiter.customStartupProbe Override default startup probe for Arbiter containers
1940
## Ignored when arbiter.startupProbe.enabled=true
1941
##
1942
customStartupProbe: {}
1943
## @param arbiter.initContainers Add additional init containers for the Arbiter pod(s)
1944
## Example:
1945
## initContainers:
1946
## - name: your-image-name
1947
## image: your-image
1948
## imagePullPolicy: Always
1949
## ports:
1950
## - name: portname
1951
## containerPort: 1234
1952
##
1953
initContainers: []
1954
## @param arbiter.sidecars Add additional sidecar containers for the Arbiter pod(s)
1955
## Example:
1956
## sidecars:
1957
## - name: your-image-name
1958
## image: your-image
1959
## imagePullPolicy: Always
1960
## ports:
1961
## - name: portname
1962
## containerPort: 1234
1963
##
1964
sidecars: []
1965
## @param arbiter.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Arbiter container(s)
1966
## Examples:
1967
## extraVolumeMounts:
1968
## - name: extras
1969
## mountPath: /usr/share/extras
1970
## readOnly: true
1971
##
1972
extraVolumeMounts: []
1973
## @param arbiter.extraVolumes Optionally specify extra list of additional volumes to the Arbiter statefulset
1974
## extraVolumes:
1975
## - name: extras
1976
## emptyDir: {}
1977
##
1978
extraVolumes: []
1979
## MongoDB(®) Arbiter Pod Disruption Budget configuration
1980
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
1981
##
1982
pdb:
1983
## @param arbiter.pdb.create Enable/disable a Pod Disruption Budget creation for Arbiter pod(s)
1984
##
1985
create: true
1986
## @param arbiter.pdb.minAvailable Minimum number/percentage of Arbiter pods that should remain scheduled
1987
##
1988
minAvailable: ""
1989
## @param arbiter.pdb.maxUnavailable Maximum number/percentage of Arbiter pods that may be made unavailable. Defaults to `1` if both `arbiter.pdb.minAvailable` and `arbiter.pdb.maxUnavailable` are empty.
1990
##
1991
maxUnavailable: ""
1992
## MongoDB(®) Arbiter service parameters
1993
##
1994
service:
1995
## @param arbiter.service.nameOverride The arbiter service name
1996
##
1997
nameOverride: ""
1998
## @param arbiter.service.ports.mongodb MongoDB(®) service port
1999
##
2000
ports:
2001
mongodb: 27017
2002
## @param arbiter.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
2003
##
2004
extraPorts: []
2005
## @param arbiter.service.annotations Provide any additional annotations that may be required
2006
##
2007
annotations: {}
2008
## Headless service properties
2009
##
2010
headless:
2011
## @param arbiter.service.headless.annotations Annotations for the headless service.
2012
##
2013
annotations: {}
2014
## @section Hidden Node parameters
2015
##
2016
hidden:
2017
## @param hidden.enabled Enable deploying the hidden nodes
2018
## https://docs.mongodb.com/manual/tutorial/configure-a-hidden-replica-set-member/
2019
##
2020
enabled: false
2021
## @param hidden.automountServiceAccountToken Mount Service Account token in pod
2022
##
2023
automountServiceAccountToken: false
2024
## @param hidden.hostAliases Add deployment host aliases
2025
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
2026
##
2027
hostAliases: []
2028
## @param hidden.configuration Hidden node configuration file to be used
2029
## http://docs.mongodb.org/manual/reference/configuration-options/
2030
##
2031
configuration: ""
2032
## @param hidden.existingConfigmap Name of existing ConfigMap with Hidden node configuration
2033
## NOTE: When it's set the hidden.configuration parameter is ignored
2034
##
2035
existingConfigmap: ""
2036
## Command and args for running the container (set to default if not set). Use array form
2037
## @param hidden.command Override default container command (useful when using custom images)
2038
## @param hidden.args Override default container args (useful when using custom images)
2039
##
2040
command: []
2041
args: []
2042
## @param hidden.extraFlags Hidden node additional command line flags
2043
## Example:
2044
## extraFlags:
2045
## - "--wiredTigerCacheSizeGB=2"
2046
##
2047
extraFlags: []
2048
## @param hidden.extraEnvVars Extra environment variables to add to Hidden node pods
2049
## E.g:
2050
## extraEnvVars:
2051
## - name: FOO
2052
## value: BAR
2053
##
2054
extraEnvVars: []
2055
## @param hidden.extraEnvVarsCM Name of existing ConfigMap containing extra env vars
2056
##
2057
extraEnvVarsCM: ""
2058
## @param hidden.extraEnvVarsSecret Name of existing Secret containing extra env vars (in case of sensitive data)
2059
##
2060
extraEnvVarsSecret: ""
2061
## @param hidden.annotations Additional labels to be added to thehidden node statefulset
2062
##
2063
annotations: {}
2064
## @param hidden.labels Annotations to be added to the hidden node statefulset
2065
##
2066
labels: {}
2067
## @param hidden.topologySpreadConstraints MongoDB(®) Spread Constraints for hidden Pods
2068
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
2069
##
2070
topologySpreadConstraints: []
2071
## @param hidden.lifecycleHooks LifecycleHook for the Hidden container to automate configuration before or after startup
2072
##
2073
lifecycleHooks: {}
2074
## @param hidden.replicaCount Number of hidden nodes (only when `architecture=replicaset`)
2075
## Ignored when mongodb.architecture=standalone
2076
##
2077
replicaCount: 1
2078
## @param hidden.terminationGracePeriodSeconds Hidden Termination Grace Period
2079
##
2080
terminationGracePeriodSeconds: ""
2081
## @param hidden.updateStrategy.type Strategy that will be employed to update Pods in the StatefulSet
2082
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
2083
## updateStrategy:
2084
## type: RollingUpdate
2085
## rollingUpdate:
2086
## maxSurge: 25%
2087
## maxUnavailable: 25%
2088
##
2089
updateStrategy:
2090
type: RollingUpdate
2091
## @param hidden.podManagementPolicy Pod management policy for hidden node
2092
##
2093
podManagementPolicy: OrderedReady
2094
## @param hidden.schedulerName Name of the scheduler (other than default) to dispatch pods
2095
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
2096
##
2097
schedulerName: ""
2098
## @param hidden.podAffinityPreset Hidden node Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
2099
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
2100
##
2101
podAffinityPreset: ""
2102
## @param hidden.podAntiAffinityPreset Hidden node Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
2103
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
2104
##
2105
podAntiAffinityPreset: soft
2106
## Node affinity preset
2107
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
2108
## Allowed values: soft, hard
2109
##
2110
nodeAffinityPreset:
2111
## @param hidden.nodeAffinityPreset.type Hidden Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
2112
##
2113
type: ""
2114
## @param hidden.nodeAffinityPreset.key Hidden Node label key to match Ignored if `affinity` is set.
2115
## E.g.
2116
## key: "kubernetes.io/e2e-az-name"
2117
##
2118
key: ""
2119
## @param hidden.nodeAffinityPreset.values Hidden Node label values to match. Ignored if `affinity` is set.
2120
## E.g.
2121
## values:
2122
## - e2e-az1
2123
## - e2e-az2
2124
##
2125
values: []
2126
## @param hidden.affinity Hidden node Affinity for pod assignment
2127
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
2128
## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
2129
##
2130
affinity: {}
2131
## @param hidden.nodeSelector Hidden node Node labels for pod assignment
2132
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
2133
##
2134
nodeSelector: {}
2135
## @param hidden.tolerations Hidden node Tolerations for pod assignment
2136
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
2137
##
2138
tolerations: []
2139
## @param hidden.podLabels Hidden node pod labels
2140
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
2141
##
2142
podLabels: {}
2143
## @param hidden.podAnnotations Hidden node Pod annotations
2144
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
2145
##
2146
podAnnotations: {}
2147
## @param hidden.priorityClassName Name of the existing priority class to be used by hidden node pod(s)
2148
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
2149
##
2150
priorityClassName: ""
2151
## @param hidden.runtimeClassName Name of the runtime class to be used by hidden node pod(s)
2152
## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/
2153
##
2154
runtimeClassName: ""
2155
## MongoDB(®) Hidden pods' Security Context.
2156
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
2157
## @param hidden.podSecurityContext.enabled Enable Hidden pod(s)' Security Context
2158
## @param hidden.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
2159
## @param hidden.podSecurityContext.supplementalGroups Set filesystem extra groups
2160
## @param hidden.podSecurityContext.fsGroup Group ID for the volumes of the Hidden pod(s)
2161
## @param hidden.podSecurityContext.sysctls sysctl settings of the Hidden pod(s)'
2162
##
2163
podSecurityContext:
2164
enabled: true
2165
fsGroupChangePolicy: Always
2166
supplementalGroups: []
2167
fsGroup: 1001
2168
## sysctl settings
2169
## Example:
2170
## sysctls:
2171
## - name: net.core.somaxconn
2172
## value: "10000"
2173
##
2174
sysctls: []
2175
## MongoDB(®) Hidden containers' Security Context (only main container).
2176
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
2177
## @param hidden.containerSecurityContext.enabled Enabled containers' Security Context
2178
## @param hidden.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
2179
## @param hidden.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
2180
## @param hidden.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
2181
## @param hidden.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
2182
## @param hidden.containerSecurityContext.privileged Set container's Security Context privileged
2183
## @param hidden.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
2184
## @param hidden.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
2185
## @param hidden.containerSecurityContext.capabilities.drop List of capabilities to be dropped
2186
## @param hidden.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
2187
##
2188
containerSecurityContext:
2189
enabled: true
2190
seLinuxOptions: {}
2191
runAsUser: 1001
2192
runAsGroup: 1001
2193
runAsNonRoot: true
2194
privileged: false
2195
readOnlyRootFilesystem: true
2196
allowPrivilegeEscalation: false
2197
capabilities:
2198
drop: ["ALL"]
2199
seccompProfile:
2200
type: "RuntimeDefault"
2201
## MongoDB(®) Hidden containers' resource requests and limits.
2202
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
2203
## We usually recommend not to specify default resources and to leave this as a conscious
2204
## choice for the user. This also increases chances charts run on environments with little
2205
## resources, such as Minikube. If you do want to specify resources, uncomment the following
2206
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
2207
## @param hidden.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if hidden.resources is set (hidden.resources is recommended for production).
2208
##
2209
resourcesPreset: "micro"
2210
## @param hidden.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
2211
## Example:
2212
## resources:
2213
## requests:
2214
## cpu: 2
2215
## memory: 512Mi
2216
## limits:
2217
## cpu: 3
2218
## memory: 1024Mi
2219
##
2220
resources: {}
2221
## @param hidden.containerPorts.mongodb MongoDB(®) hidden container port
2222
##
2223
containerPorts:
2224
mongodb: 27017
2225
## MongoDB(®) Hidden pods' liveness probe. Evaluated as a template.
2226
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
2227
## @param hidden.livenessProbe.enabled Enable livenessProbe
2228
## @param hidden.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
2229
## @param hidden.livenessProbe.periodSeconds Period seconds for livenessProbe
2230
## @param hidden.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
2231
## @param hidden.livenessProbe.failureThreshold Failure threshold for livenessProbe
2232
## @param hidden.livenessProbe.successThreshold Success threshold for livenessProbe
2233
##
2234
livenessProbe:
2235
enabled: true
2236
initialDelaySeconds: 30
2237
periodSeconds: 20
2238
timeoutSeconds: 10
2239
failureThreshold: 6
2240
successThreshold: 1
2241
## MongoDB(®) Hidden pods' readiness probe. Evaluated as a template.
2242
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
2243
## @param hidden.readinessProbe.enabled Enable readinessProbe
2244
## @param hidden.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
2245
## @param hidden.readinessProbe.periodSeconds Period seconds for readinessProbe
2246
## @param hidden.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
2247
## @param hidden.readinessProbe.failureThreshold Failure threshold for readinessProbe
2248
## @param hidden.readinessProbe.successThreshold Success threshold for readinessProbe
2249
##
2250
readinessProbe:
2251
enabled: true
2252
initialDelaySeconds: 5
2253
periodSeconds: 20
2254
timeoutSeconds: 10
2255
failureThreshold: 6
2256
successThreshold: 1
2257
## Slow starting containers can be protected through startup probes
2258
## Startup probes are available in Kubernetes version 1.16 and above
2259
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes
2260
## @param hidden.startupProbe.enabled Enable startupProbe
2261
## @param hidden.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
2262
## @param hidden.startupProbe.periodSeconds Period seconds for startupProbe
2263
## @param hidden.startupProbe.timeoutSeconds Timeout seconds for startupProbe
2264
## @param hidden.startupProbe.failureThreshold Failure threshold for startupProbe
2265
## @param hidden.startupProbe.successThreshold Success threshold for startupProbe
2266
##
2267
startupProbe:
2268
enabled: false
2269
initialDelaySeconds: 5
2270
periodSeconds: 10
2271
timeoutSeconds: 5
2272
successThreshold: 1
2273
failureThreshold: 30
2274
## @param hidden.customLivenessProbe Override default liveness probe for hidden node containers
2275
## Ignored when hidden.livenessProbe.enabled=true
2276
##
2277
customLivenessProbe: {}
2278
## @param hidden.customReadinessProbe Override default readiness probe for hidden node containers
2279
## Ignored when hidden.readinessProbe.enabled=true
2280
##
2281
customReadinessProbe: {}
2282
## @param hidden.customStartupProbe Override default startup probe for MongoDB(®) containers
2283
## Ignored when hidden.startupProbe.enabled=true
2284
##
2285
customStartupProbe: {}
2286
## @param hidden.initContainers Add init containers to the MongoDB(®) Hidden pods.
2287
## Example:
2288
## initContainers:
2289
## - name: your-image-name
2290
## image: your-image
2291
## imagePullPolicy: Always
2292
## ports:
2293
## - name: portname
2294
## containerPort: 1234
2295
##
2296
initContainers: []
2297
## @param hidden.sidecars Add additional sidecar containers for the hidden node pod(s)
2298
## Example:
2299
## sidecars:
2300
## - name: your-image-name
2301
## image: your-image
2302
## imagePullPolicy: Always
2303
## ports:
2304
## - name: portname
2305
## containerPort: 1234
2306
##
2307
sidecars: []
2308
## @param hidden.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the hidden node container(s)
2309
## Examples:
2310
## extraVolumeMounts:
2311
## - name: extras
2312
## mountPath: /usr/share/extras
2313
## readOnly: true
2314
##
2315
extraVolumeMounts: []
2316
## @param hidden.extraVolumes Optionally specify extra list of additional volumes to the hidden node statefulset
2317
## extraVolumes:
2318
## - name: extras
2319
## emptyDir: {}
2320
##
2321
extraVolumes: []
2322
## MongoDB(®) Hidden Pod Disruption Budget configuration
2323
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
2324
##
2325
pdb:
2326
## @param hidden.pdb.create Enable/disable a Pod Disruption Budget creation for hidden node pod(s)
2327
##
2328
create: true
2329
## @param hidden.pdb.minAvailable Minimum number/percentage of hidden node pods that should remain scheduled
2330
##
2331
minAvailable: ""
2332
## @param hidden.pdb.maxUnavailable Maximum number/percentage of hidden node pods that may be made unavailable. Defaults to `1` if both `hidden.pdb.minAvailable` and `hidden.pdb.maxUnavailable` are empty.
2333
##
2334
maxUnavailable: ""
2335
## Enable persistence using Persistent Volume Claims
2336
## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
2337
##
2338
persistence:
2339
## @param hidden.persistence.enabled Enable hidden node data persistence using PVC
2340
##
2341
enabled: true
2342
## @param hidden.persistence.medium Provide a medium for `emptyDir` volumes.
2343
## Requires hidden.persistence.enabled: false
2344
##
2345
medium: ""
2346
## @param hidden.persistence.storageClass PVC Storage Class for hidden node data volume
2347
## If defined, storageClassName: <storageClass>
2348
## If set to "-", storageClassName: "", which disables dynamic provisioning
2349
## If undefined (the default) or set to null, no storageClassName spec is
2350
## set, choosing the default provisioner.
2351
##
2352
storageClass: ""
2353
## @param hidden.persistence.accessModes PV Access Mode
2354
##
2355
accessModes:
2356
- ReadWriteOnce
2357
## @param hidden.persistence.size PVC Storage Request for hidden node data volume
2358
##
2359
size: 8Gi
2360
## @param hidden.persistence.annotations PVC annotations
2361
##
2362
annotations: {}
2363
## @param hidden.persistence.mountPath The path the volume will be mounted at, useful when using different MongoDB(®) images.
2364
##
2365
mountPath: /iamguarded/mongodb
2366
## @param hidden.persistence.subPath The subdirectory of the volume to mount to, useful in dev environments
2367
## and one PV for multiple services.
2368
##
2369
subPath: ""
2370
## Fine tuning for volumeClaimTemplates
2371
##
2372
volumeClaimTemplates:
2373
## @param hidden.persistence.volumeClaimTemplates.selector A label query over volumes to consider for binding (e.g. when using local volumes)
2374
## See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#labelselector-v1-meta for more details
2375
##
2376
selector: {}
2377
## @param hidden.persistence.volumeClaimTemplates.requests Custom PVC requests attributes
2378
## Sometime cloud providers use additional requests attributes to provision custom storage instance
2379
## See https://cloud.ibm.com/docs/containers?topic=containers-file_storage#file_dynamic_statefulset
2380
##
2381
requests: {}
2382
## @param hidden.persistence.volumeClaimTemplates.dataSource Set volumeClaimTemplate dataSource
2383
##
2384
dataSource: {}
2385
service:
2386
## @param hidden.service.nameOverride The hidden service name
2387
##
2388
nameOverride: ""
2389
## @param hidden.service.portName MongoDB(®) service port name
2390
##
2391
portName: "mongodb"
2392
## @param hidden.service.ports.mongodb MongoDB(®) service port
2393
##
2394
ports:
2395
mongodb: 27017
2396
## @param hidden.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
2397
##
2398
extraPorts: []
2399
## @param hidden.service.annotations Provide any additional annotations that may be required
2400
##
2401
annotations: {}
2402
## Headless service properties
2403
##
2404
headless:
2405
## @param hidden.service.headless.annotations Annotations for the headless service.
2406
##
2407
annotations: {}
2408
## @section Metrics parameters
2409
##
2410
metrics:
2411
## @param metrics.enabled Enable using a sidecar Prometheus exporter
2412
##
2413
enabled: false
2414
## Iamguarded MongoDB(®) Promtheus Exporter image
2415
## @param metrics.image.registry [default: REGISTRY_NAME] MongoDB(®) Prometheus exporter image registry
2416
## @param metrics.image.repository [default: REPOSITORY_NAME/mongodb-exporter] MongoDB(®) Prometheus exporter image repository
2417
## @skip metrics.image.tag MongoDB(®) Prometheus exporter image tag (immutable tags are recommended)
2418
## @param metrics.image.digest MongoDB(®) image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
2419
## @param metrics.image.pullPolicy MongoDB(®) Prometheus exporter image pull policy
2420
## @param metrics.image.pullSecrets Specify docker-registry secret names as an array
2421
##
2422
image:
2423
registry: cgr.dev
2424
repository: chainguard-private/prometheus-mongodb-exporter-iamguarded
2425
tag: 0.49.0
2426
digest: ""
2427
pullPolicy: IfNotPresent
2428
## Optionally specify an array of imagePullSecrets.
2429
## Secrets must be manually created in the namespace.
2430
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
2431
## e.g:
2432
## pullSecrets:
2433
## - myRegistryKeySecretName
2434
##
2435
pullSecrets: []
2436
## @param metrics.username String with username for the metrics exporter
2437
## If undefined the root user will be used for the metrics exporter
2438
##
2439
username: ""
2440
## @param metrics.password String with password for the metrics exporter
2441
## If undefined but metrics.username is defined, a random password will be generated
2442
##
2443
password: ""
2444
## @param metrics.compatibleMode Enables old style mongodb-exporter metrics
2445
compatibleMode: true
2446
collector:
2447
## @param metrics.collector.all Enable all collectors. Same as enabling all individual metrics
2448
## Enabling all metrics will cause significant CPU load on mongod
2449
all: false
2450
## @param metrics.collector.diagnosticdata Boolean Enable collecting metrics from getDiagnosticData
2451
diagnosticdata: true
2452
## @param metrics.collector.replicasetstatus Boolean Enable collecting metrics from replSetGetStatus
2453
replicasetstatus: true
2454
## @param metrics.collector.dbstats Boolean Enable collecting metrics from dbStats
2455
dbstats: false
2456
## @param metrics.collector.topmetrics Boolean Enable collecting metrics from top admin command
2457
topmetrics: false
2458
## @param metrics.collector.indexstats Boolean Enable collecting metrics from $indexStats
2459
indexstats: false
2460
## @param metrics.collector.collstats Boolean Enable collecting metrics from $collStats
2461
collstats: false
2462
## @param metrics.collector.collstatsColls List of \<databases\>.\<collections\> to get $collStats
2463
collstatsColls: []
2464
## @param metrics.collector.indexstatsColls List - List of \<databases\>.\<collections\> to get $indexStats
2465
indexstatsColls: []
2466
## @param metrics.collector.collstatsLimit Number - Disable collstats, dbstats, topmetrics and indexstats collector if there are more than \<n\> collections. 0=No limit
2467
collstatsLimit: 0
2468
## @param metrics.extraFlags String with extra flags to the metrics exporter
2469
## ref: https://github.com/percona/mongodb_exporter/blob/main/main.go
2470
##
2471
extraFlags: ""
2472
## Command and args for running the container (set to default if not set). Use array form
2473
## @param metrics.command Override default container command (useful when using custom images)
2474
## @param metrics.args Override default container args (useful when using custom images)
2475
##
2476
command: []
2477
args: []
2478
## Metrics exporter container resource requests and limits
2479
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
2480
## We usually recommend not to specify default resources and to leave this as a conscious
2481
## choice for the user. This also increases chances charts run on environments with little
2482
## resources, such as Minikube. If you do want to specify resources, uncomment the following
2483
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
2484
## @param metrics.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production).
2485
##
2486
resourcesPreset: "nano"
2487
## @param metrics.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
2488
## Example:
2489
## resources:
2490
## requests:
2491
## cpu: 2
2492
## memory: 512Mi
2493
## limits:
2494
## cpu: 3
2495
## memory: 1024Mi
2496
##
2497
resources: {}
2498
## @param metrics.containerPort Port of the Prometheus metrics container
2499
##
2500
containerPort: 9216
2501
## Prometheus Exporter service configuration
2502
##
2503
service:
2504
## @param metrics.service.annotations [object] Annotations for Prometheus Exporter pods. Evaluated as a template.
2505
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
2506
##
2507
annotations:
2508
prometheus.io/scrape: "true"
2509
prometheus.io/port: "{{ .Values.metrics.service.ports.metrics }}"
2510
prometheus.io/path: "/metrics"
2511
## @param metrics.service.type Type of the Prometheus metrics service
2512
##
2513
type: ClusterIP
2514
## @param metrics.service.ports.metrics Port of the Prometheus metrics service
2515
##
2516
ports:
2517
metrics: 9216
2518
## @param metrics.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
2519
##
2520
extraPorts: []
2521
## Metrics exporter liveness probe
2522
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
2523
## @param metrics.livenessProbe.enabled Enable livenessProbe
2524
## @param metrics.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
2525
## @param metrics.livenessProbe.periodSeconds Period seconds for livenessProbe
2526
## @param metrics.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
2527
## @param metrics.livenessProbe.failureThreshold Failure threshold for livenessProbe
2528
## @param metrics.livenessProbe.successThreshold Success threshold for livenessProbe
2529
##
2530
livenessProbe:
2531
enabled: true
2532
initialDelaySeconds: 15
2533
periodSeconds: 5
2534
timeoutSeconds: 10
2535
failureThreshold: 3
2536
successThreshold: 1
2537
## Metrics exporter readiness probe
2538
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
2539
## @param metrics.readinessProbe.enabled Enable readinessProbe
2540
## @param metrics.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
2541
## @param metrics.readinessProbe.periodSeconds Period seconds for readinessProbe
2542
## @param metrics.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
2543
## @param metrics.readinessProbe.failureThreshold Failure threshold for readinessProbe
2544
## @param metrics.readinessProbe.successThreshold Success threshold for readinessProbe
2545
##
2546
readinessProbe:
2547
enabled: true
2548
initialDelaySeconds: 5
2549
periodSeconds: 5
2550
timeoutSeconds: 10
2551
failureThreshold: 3
2552
successThreshold: 1
2553
## Slow starting containers can be protected through startup probes
2554
## Startup probes are available in Kubernetes version 1.16 and above
2555
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes
2556
## @param metrics.startupProbe.enabled Enable startupProbe
2557
## @param metrics.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
2558
## @param metrics.startupProbe.periodSeconds Period seconds for startupProbe
2559
## @param metrics.startupProbe.timeoutSeconds Timeout seconds for startupProbe
2560
## @param metrics.startupProbe.failureThreshold Failure threshold for startupProbe
2561
## @param metrics.startupProbe.successThreshold Success threshold for startupProbe
2562
##
2563
startupProbe:
2564
enabled: false
2565
initialDelaySeconds: 5
2566
periodSeconds: 10
2567
timeoutSeconds: 5
2568
successThreshold: 1
2569
failureThreshold: 30
2570
## @param metrics.customLivenessProbe Override default liveness probe for MongoDB(®) containers
2571
## Ignored when livenessProbe.enabled=true
2572
##
2573
customLivenessProbe: {}
2574
## @param metrics.customReadinessProbe Override default readiness probe for MongoDB(®) containers
2575
## Ignored when readinessProbe.enabled=true
2576
##
2577
customReadinessProbe: {}
2578
## @param metrics.customStartupProbe Override default startup probe for MongoDB(®) containers
2579
## Ignored when startupProbe.enabled=true
2580
##
2581
customStartupProbe: {}
2582
## @param metrics.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the metrics container(s)
2583
## Examples:
2584
## extraVolumeMounts:
2585
## - name: extras
2586
## mountPath: /usr/share/extras
2587
## readOnly: true
2588
##
2589
extraVolumeMounts: []
2590
## Prometheus Service Monitor
2591
## ref: https://github.com/coreos/prometheus-operator
2592
## https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md
2593
##
2594
serviceMonitor:
2595
## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using Prometheus Operator
2596
##
2597
enabled: false
2598
## @param metrics.serviceMonitor.namespace Namespace which Prometheus is running in
2599
##
2600
namespace: ""
2601
## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped
2602
##
2603
interval: 30s
2604
## @param metrics.serviceMonitor.scrapeTimeout Specify the timeout after which the scrape is ended
2605
## e.g:
2606
## scrapeTimeout: 30s
2607
##
2608
scrapeTimeout: ""
2609
## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping.
2610
##
2611
relabelings: []
2612
## @param metrics.serviceMonitor.metricRelabelings MetricsRelabelConfigs to apply to samples before ingestion.
2613
##
2614
metricRelabelings: []
2615
## @param metrics.serviceMonitor.labels Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with
2616
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec
2617
##
2618
labels: {}
2619
## @param metrics.serviceMonitor.selector Prometheus instance selector labels
2620
##
2621
selector: {}
2622
## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint
2623
##
2624
honorLabels: false
2625
## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus.
2626
##
2627
jobLabel: ""
2628
## Custom PrometheusRule to be defined
2629
## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions
2630
##
2631
prometheusRule:
2632
## @param metrics.prometheusRule.enabled Set this to true to create prometheusRules for Prometheus operator
2633
##
2634
enabled: false
2635
## @param metrics.prometheusRule.additionalLabels Additional labels that can be used so prometheusRules will be discovered by Prometheus
2636
##
2637
additionalLabels: {}
2638
## @param metrics.prometheusRule.namespace Namespace where prometheusRules resource should be created
2639
##
2640
namespace: ""
2641
## @param metrics.prometheusRule.rules Rules to be created, check values for an example
2642
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#rulegroup
2643
## https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/
2644
##
2645
## This is an example of a rule, you should add the below code block under the "rules" param, removing the brackets
2646
## rules:
2647
## - alert: HighRequestLatency
2648
## expr: job:request_latency_seconds:mean5m{job="myjob"} > 0.5
2649
## for: 10m
2650
## labels:
2651
## severity: page
2652
## annotations:
2653
## summary: High request latency
2654
##
2655
rules: []
2656