# Copyright VMware, Inc. # SPDX-License-Identifier: APACHE-2.0 ## @section Global parameters ## Global Docker image parameters ## Please, note that this will override the image parameters, including dependencies, configured to use the global value ## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass ## ## @param global.imageRegistry Global Docker image registry ## @param global.imagePullSecrets Global Docker registry secret names as an array ## @param global.storageClass Global StorageClass for Persistent Volume(s) ## @param global.namespaceOverride Override the namespace for resource deployed by the chart, but can itself be overridden by the local namespaceOverride ## global: imageRegistry: "" ## E.g. ## imagePullSecrets: ## - myRegistryKeySecretName ## imagePullSecrets: [] storageClass: "" namespaceOverride: "" ## @section Common parameters ## ## @param nameOverride String to partially override mongodb.fullname template (will maintain the release name) ## nameOverride: "" ## @param fullnameOverride String to fully override mongodb.fullname template ## fullnameOverride: "" ## @param namespaceOverride String to fully override common.names.namespace ## namespaceOverride: "" ## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) ## kubeVersion: "" ## @param clusterDomain Default Kubernetes cluster domain ## clusterDomain: cluster.local ## @param extraDeploy Array of extra objects to deploy with the release ## extraDeploy: ## This needs to be uncommented and added to 'extraDeploy' in order to use the replicaset 'mongo-labeler' sidecar ## for dynamically discovering the mongodb primary pod ## suggestion is to use a hard-coded and predictable TCP port for the primary mongodb pod (here is 30001, choose your own) ## - apiVersion: v1 ## kind: Service ## metadata: ## name: mongodb-primary ## namespace: the-mongodb-namespace ## labels: ## app.kubernetes.io/component: mongodb ## app.kubernetes.io/instance: mongodb ## app.kubernetes.io/managed-by: Helm ## app.kubernetes.io/name: mongodb ## spec: ## type: NodePort ## externalTrafficPolicy: Cluster ## ports: ## - name: mongodb ## port: 30001 ## nodePort: 30001 ## protocol: TCP ## targetPort: mongodb ## selector: ## app.kubernetes.io/component: mongodb ## app.kubernetes.io/instance: mongodb ## app.kubernetes.io/name: mongodb ## primary: "true" ## extraDeploy: [] ## @param commonLabels Add labels to all the deployed resources (sub-charts are not considered). Evaluated as a template ## commonLabels: {} ## @param commonAnnotations Common annotations to add to all Mongo resources (sub-charts are not considered). Evaluated as a template ## commonAnnotations: {} ## @param topologyKey Override common lib default topology key. If empty - "kubernetes.io/hostname" is used ## i.e. topologyKey: topology.kubernetes.io/zone ## topologyKey: "" ## @param serviceBindings.enabled Create secret for service binding (Experimental) ## Ref: https://servicebinding.io/service-provider/ ## serviceBindings: enabled: false ## Enable diagnostic mode in the deployment ## diagnosticMode: ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) ## enabled: false ## @param diagnosticMode.command Command to override all containers in the deployment ## command: - sleep ## @param diagnosticMode.args Args to override all containers in the deployment ## args: - infinity ## @section MongoDB(®) parameters ## ## Bitnami MongoDB(®) image ## ref: https://hub.docker.com/r/bitnami/mongodb/tags/ ## @param image.registry MongoDB(®) image registry ## @param image.repository MongoDB(®) image registry ## @param image.tag MongoDB(®) image tag (immutable tags are recommended) ## @param image.digest MongoDB(®) image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param image.pullPolicy MongoDB(®) image pull policy ## @param image.pullSecrets Specify docker-registry secret names as an array ## @param image.debug Set to true if you would like to see extra information on logs ## image: registry: docker.io repository: bitnami/mongodb tag: 6.0.10-debian-11-r8 digest: "" ## Specify a imagePullPolicy ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## e.g: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## Set to true if you would like to see extra information on logs ## debug: false ## @param schedulerName Name of the scheduler (other than default) to dispatch pods ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## schedulerName: "" ## @param architecture MongoDB(®) architecture (`standalone` or `replicaset`) ## architecture: standalone ## @param useStatefulSet Set to true to use a StatefulSet instead of a Deployment (only when `architecture=standalone`) ## useStatefulSet: false ## MongoDB(®) Authentication parameters ## auth: ## @param auth.enabled Enable authentication ## ref: https://docs.mongodb.com/manual/tutorial/enable-authentication/ ## enabled: true ## @param auth.rootUser MongoDB(®) root user ## rootUser: root ## @param auth.rootPassword MongoDB(®) root password ## ref: https://github.com/bitnami/containers/tree/main/bitnami/mongodb#setting-the-root-user-and-password-on-first-run ## rootPassword: "" ## MongoDB(®) custom users and databases ## ref: https://github.com/bitnami/containers/tree/main/bitnami/mongodb#creating-a-user-and-database-on-first-run ## @param auth.usernames List of custom users to be created during the initialization ## @param auth.passwords List of passwords for the custom users set at `auth.usernames` ## @param auth.databases List of custom databases to be created during the initialization ## usernames: [] passwords: [] databases: [] ## @param auth.username DEPRECATED: use `auth.usernames` instead ## @param auth.password DEPRECATED: use `auth.passwords` instead ## @param auth.database DEPRECATED: use `auth.databases` instead ## username: "" password: "" database: "" ## @param auth.replicaSetKey Key used for authentication in the replicaset (only when `architecture=replicaset`) ## replicaSetKey: "" ## @param auth.existingSecret Existing secret with MongoDB(®) credentials (keys: `mongodb-passwords`, `mongodb-root-password`, `mongodb-metrics-password`, `mongodb-replica-set-key`) ## NOTE: When it's set the previous parameters are ignored. ## existingSecret: "" tls: ## @param tls.enabled Enable MongoDB(®) TLS support between nodes in the cluster as well as between mongo clients and nodes ## enabled: false ## @param tls.autoGenerated Generate a custom CA and self-signed certificates ## autoGenerated: true ## @param tls.existingSecret Existing secret with TLS certificates (keys: `mongodb-ca-cert`, `mongodb-ca-key`) ## NOTE: When it's set it will disable secret creation. ## existingSecret: "" ## Add Custom CA certificate ## @param tls.caCert Custom CA certificated (base64 encoded) ## @param tls.caKey CA certificate private key (base64 encoded) ## caCert: "" caKey: "" ## @param tls.pemChainIncluded Flag to denote that the Certificate Authority (CA) certificates are bundled with the endpoint cert. ## Certificates must be in proper order, where the top certificate is the leaf and the bottom certificate is the top-most intermediate CA. ## pemChainIncluded: false standalone: ## @param tls.standalone.existingSecret Existing secret with TLS certificates (`tls.key`, `tls.crt`, `ca.crt`) or (`tls.key`, `tls.crt`) with tls.pemChainIncluded set as enabled. ## NOTE: When it's set it will disable certificate self-generation from existing CA. ## existingSecret: "" replicaset: ## @param tls.replicaset.existingSecrets Array of existing secrets with TLS certificates (`tls.key`, `tls.crt`, `ca.crt`) or (`tls.key`, `tls.crt`) with tls.pemChainIncluded set as enabled. ## existingSecrets: ## - "mySecret-0" ## - "mySecret-1" ## NOTE: When it's set it will disable certificate self-generation from existing CA. ## existingSecrets: [] hidden: ## @param tls.hidden.existingSecrets Array of existing secrets with TLS certificates (`tls.key`, `tls.crt`, `ca.crt`) or (`tls.key`, `tls.crt`) with tls.pemChainIncluded set as enabled. ## existingSecrets: ## - "mySecret-0" ## - "mySecret-1" ## NOTE: When it's set it will disable certificate self-generation from existing CA. ## existingSecrets: [] arbiter: ## @param tls.arbiter.existingSecret Existing secret with TLS certificates (`tls.key`, `tls.crt`, `ca.crt`) or (`tls.key`, `tls.crt`) with tls.pemChainIncluded set as enabled. ## NOTE: When it's set it will disable certificate self-generation from existing CA. ## existingSecret: "" ## Bitnami Nginx image ## @param tls.image.registry Init container TLS certs setup image registry ## @param tls.image.repository Init container TLS certs setup image repository ## @param tls.image.tag Init container TLS certs setup image tag (immutable tags are recommended) ## @param tls.image.digest Init container TLS certs setup image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param tls.image.pullPolicy Init container TLS certs setup image pull policy ## @param tls.image.pullSecrets Init container TLS certs specify docker-registry secret names as an array ## @param tls.extraDnsNames Add extra dns names to the CA, can solve x509 auth issue for pod clients ## image: registry: docker.io repository: bitnami/nginx tag: 1.25.2-debian-11-r32 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## e.g: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## e.g: ## extraDnsNames ## "DNS.6": "$my_host" ## "DNS.7": "$test" ## extraDnsNames: [] ## @param tls.mode Allows to set the tls mode which should be used when tls is enabled (options: `allowTLS`, `preferTLS`, `requireTLS`) ## mode: requireTLS ## Init Container resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## We usually recommend not to specify default resources and to leave this as a conscious ## choice for the user. This also increases chances charts run on environments with little ## resources, such as Minikube. If you do want to specify resources, uncomment the following ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. ## @param tls.resources.limits Init container generate-tls-certs resource limits ## @param tls.resources.requests Init container generate-tls-certs resource requests ## resources: ## Example: ## limits: ## cpu: 100m ## memory: 128Mi ## limits: {} ## Examples: ## requests: ## cpu: 100m ## memory: 128Mi ## requests: {} ## @param hostAliases Add deployment host aliases ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## hostAliases: [] ## @param replicaSetName Name of the replica set (only when `architecture=replicaset`) ## Ignored when mongodb.architecture=standalone ## replicaSetName: rs0 ## @param replicaSetHostnames Enable DNS hostnames in the replicaset config (only when `architecture=replicaset`) ## Ignored when mongodb.architecture=standalone ## Ignored when externalAccess.enabled=true ## replicaSetHostnames: true ## @param enableIPv6 Switch to enable/disable IPv6 on MongoDB(®) ## ref: https://github.com/bitnami/containers/tree/main/bitnami/mongodb#enablingdisabling-ipv6 ## enableIPv6: false ## @param directoryPerDB Switch to enable/disable DirectoryPerDB on MongoDB(®) ## ref: https://github.com/bitnami/containers/tree/main/bitnami/mongodb#enablingdisabling-directoryperdb ## directoryPerDB: false ## MongoDB(®) System Log configuration ## ref: https://github.com/bitnami/containers/tree/main/bitnami/mongodb#configuring-system-log-verbosity-level ## @param systemLogVerbosity MongoDB(®) system log verbosity level ## @param disableSystemLog Switch to enable/disable MongoDB(®) system log ## systemLogVerbosity: 0 disableSystemLog: false ## @param disableJavascript Switch to enable/disable MongoDB(®) server-side JavaScript execution ## ref: https://docs.mongodb.com/manual/core/server-side-javascript/ ## disableJavascript: false ## @param enableJournal Switch to enable/disable MongoDB(®) Journaling ## ref: https://docs.mongodb.com/manual/reference/configuration-options/#mongodb-setting-storage.journal.enabled ## enableJournal: true ## @param configuration MongoDB(®) configuration file to be used for Primary and Secondary nodes ## For documentation of all options, see: http://docs.mongodb.org/manual/reference/configuration-options/ ## Example: ## configuration: |- ## # where and how to store data. ## storage: ## dbPath: /bitnami/mongodb/data/db ## journal: ## enabled: true ## directoryPerDB: false ## # where to write logging data ## systemLog: ## destination: file ## quiet: false ## logAppend: true ## logRotate: reopen ## path: /opt/bitnami/mongodb/logs/mongodb.log ## verbosity: 0 ## # network interfaces ## net: ## port: 27017 ## unixDomainSocket: ## enabled: true ## pathPrefix: /opt/bitnami/mongodb/tmp ## ipv6: false ## bindIpAll: true ## # replica set options ## #replication: ## #replSetName: replicaset ## #enableMajorityReadConcern: true ## # process management options ## processManagement: ## fork: false ## pidFilePath: /opt/bitnami/mongodb/tmp/mongodb.pid ## # set parameter options ## setParameter: ## enableLocalhostAuthBypass: true ## # security options ## security: ## authorization: disabled ## #keyFile: /opt/bitnami/mongodb/conf/keyfile ## configuration: "" ## @section replicaSetConfigurationSettings settings applied during runtime (not via configuration file) ## If enabled, these are applied by a script which is called within setup.sh ## for documentation see https://docs.mongodb.com/manual/reference/replica-configuration/#replica-set-configuration-fields ## @param replicaSetConfigurationSettings.enabled Enable MongoDB(®) Switch to enable/disable configuring MongoDB(®) run time rs.conf settings ## @param replicaSetConfigurationSettings.configuration run-time rs.conf settings ## replicaSetConfigurationSettings: enabled: false configuration: {} ## chainingAllowed : false ## heartbeatTimeoutSecs : 10 ## heartbeatIntervalMillis : 2000 ## electionTimeoutMillis : 10000 ## catchUpTimeoutMillis : 30000 ## @param existingConfigmap Name of existing ConfigMap with MongoDB(®) configuration for Primary and Secondary nodes ## NOTE: When it's set the arbiter.configuration parameter is ignored ## existingConfigmap: "" ## @param initdbScripts Dictionary of initdb scripts ## Specify dictionary of scripts to be run at first boot ## Example: ## initdbScripts: ## my_init_script.sh: | ## #!/bin/bash ## echo "Do something." ## initdbScripts: {} ## @param initdbScriptsConfigMap Existing ConfigMap with custom initdb scripts ## initdbScriptsConfigMap: "" ## Command and args for running the container (set to default if not set). Use array form ## @param command Override default container command (useful when using custom images) ## @param args Override default container args (useful when using custom images) ## command: [] args: [] ## @param extraFlags MongoDB(®) additional command line flags ## Example: ## extraFlags: ## - "--wiredTigerCacheSizeGB=2" ## extraFlags: [] ## @param extraEnvVars Extra environment variables to add to MongoDB(®) pods ## E.g: ## extraEnvVars: ## - name: FOO ## value: BAR ## extraEnvVars: [] ## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars ## extraEnvVarsCM: "" ## @param extraEnvVarsSecret Name of existing Secret containing extra env vars (in case of sensitive data) ## extraEnvVarsSecret: "" ## @section MongoDB(®) statefulset parameters ## ## @param annotations Additional labels to be added to the MongoDB(®) statefulset. Evaluated as a template ## annotations: {} ## @param labels Annotations to be added to the MongoDB(®) statefulset. Evaluated as a template ## labels: {} ## @param replicaCount Number of MongoDB(®) nodes (only when `architecture=replicaset`) ## Ignored when mongodb.architecture=standalone ## replicaCount: 2 ## @param updateStrategy.type Strategy to use to replace existing MongoDB(®) pods. When architecture=standalone and useStatefulSet=false, ## this parameter will be applied on a deployment object. In other case it will be applied on a statefulset object ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy ## Example: ## updateStrategy: ## type: RollingUpdate ## rollingUpdate: ## maxSurge: 25% ## maxUnavailable: 25% ## updateStrategy: type: RollingUpdate ## @param podManagementPolicy Pod management policy for MongoDB(®) ## Should be initialized one by one when building the replicaset for the first time ## podManagementPolicy: OrderedReady ## @param podAffinityPreset MongoDB(®) Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAffinityPreset: "" ## @param podAntiAffinityPreset MongoDB(®) Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAntiAffinityPreset: soft ## Node affinity preset ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity ## nodeAffinityPreset: ## @param nodeAffinityPreset.type MongoDB(®) Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## type: "" ## @param nodeAffinityPreset.key MongoDB(®) Node label key to match Ignored if `affinity` is set. ## E.g. ## key: "kubernetes.io/e2e-az-name" ## key: "" ## @param nodeAffinityPreset.values MongoDB(®) Node label values to match. Ignored if `affinity` is set. ## E.g. ## values: ## - e2e-az1 ## - e2e-az2 ## values: [] ## @param affinity MongoDB(®) Affinity for pod assignment ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set ## affinity: {} ## @param nodeSelector MongoDB(®) Node labels for pod assignment ## ref: https://kubernetes.io/docs/user-guide/node-selection/ ## nodeSelector: {} ## @param tolerations MongoDB(®) Tolerations for pod assignment ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] ## @param topologySpreadConstraints MongoDB(®) Spread Constraints for Pods ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ ## topologySpreadConstraints: [] ## @param lifecycleHooks LifecycleHook for the MongoDB(®) container(s) to automate configuration before or after startup ## lifecycleHooks: {} ## @param terminationGracePeriodSeconds MongoDB(®) Termination Grace Period ## terminationGracePeriodSeconds: "" ## @param podLabels MongoDB(®) pod labels ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## podLabels: {} ## @param podAnnotations MongoDB(®) Pod annotations ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} ## @param priorityClassName Name of the existing priority class to be used by MongoDB(®) pod(s) ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ ## priorityClassName: "" ## @param runtimeClassName Name of the runtime class to be used by MongoDB(®) pod(s) ## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/ ## runtimeClassName: "" ## MongoDB(®) pods' Security Context. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param podSecurityContext.enabled Enable MongoDB(®) pod(s)' Security Context ## @param podSecurityContext.fsGroup Group ID for the volumes of the MongoDB(®) pod(s) ## @param podSecurityContext.sysctls sysctl settings of the MongoDB(®) pod(s)' ## podSecurityContext: enabled: true fsGroup: 1001 ## sysctl settings ## Example: ## sysctls: ## - name: net.core.somaxconn ## value: "10000" ## sysctls: [] ## MongoDB(®) containers' Security Context (main and metrics container). ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param containerSecurityContext.enabled Enable MongoDB(®) container(s)' Security Context ## @param containerSecurityContext.runAsUser User ID for the MongoDB(®) container ## @param containerSecurityContext.runAsGroup Group ID for the MongoDB(®) container ## @param containerSecurityContext.runAsNonRoot Set MongoDB(®) container's Security Context runAsNonRoot ## @param containerSecurityContext.allowPrivilegeEscalation Is it possible to escalate MongoDB(®) pod(s) privileges ## @param containerSecurityContext.seccompProfile.type Set MongoDB(®) container's Security Context seccompProfile type ## @param containerSecurityContext.capabilities.drop Set MongoDB(®) container's Security Context capabilities to drop ## containerSecurityContext: enabled: true runAsUser: 1001 runAsGroup: 0 runAsNonRoot: true allowPrivilegeEscalation: false seccompProfile: type: RuntimeDefault capabilities: drop: - ALL ## MongoDB(®) containers' resource requests and limits. ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## We usually recommend not to specify default resources and to leave this as a conscious ## choice for the user. This also increases chances charts run on environments with little ## resources, such as Minikube. If you do want to specify resources, uncomment the following ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. ## @param resources.limits The resources limits for MongoDB(®) containers ## @param resources.requests The requested resources for MongoDB(®) containers ## resources: ## Example: ## limits: ## cpu: 100m ## memory: 128Mi ## limits: {} ## Examples: ## requests: ## cpu: 100m ## memory: 128Mi ## requests: {} ## @param containerPorts.mongodb MongoDB(®) container port ## containerPorts: mongodb: 27017 ## MongoDB(®) pods' liveness probe. Evaluated as a template. ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes ## @param livenessProbe.enabled Enable livenessProbe ## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe ## @param livenessProbe.periodSeconds Period seconds for livenessProbe ## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe ## @param livenessProbe.failureThreshold Failure threshold for livenessProbe ## @param livenessProbe.successThreshold Success threshold for livenessProbe ## livenessProbe: enabled: true initialDelaySeconds: 30 periodSeconds: 20 timeoutSeconds: 10 failureThreshold: 6 successThreshold: 1 ## MongoDB(®) pods' readiness probe. Evaluated as a template. ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes ## @param readinessProbe.enabled Enable readinessProbe ## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe ## @param readinessProbe.periodSeconds Period seconds for readinessProbe ## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe ## @param readinessProbe.failureThreshold Failure threshold for readinessProbe ## @param readinessProbe.successThreshold Success threshold for readinessProbe ## readinessProbe: enabled: true initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## Slow starting containers can be protected through startup probes ## Startup probes are available in Kubernetes version 1.16 and above ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes ## @param startupProbe.enabled Enable startupProbe ## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe ## @param startupProbe.periodSeconds Period seconds for startupProbe ## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe ## @param startupProbe.failureThreshold Failure threshold for startupProbe ## @param startupProbe.successThreshold Success threshold for startupProbe ## startupProbe: enabled: false initialDelaySeconds: 5 periodSeconds: 20 timeoutSeconds: 10 successThreshold: 1 failureThreshold: 30 ## @param customLivenessProbe Override default liveness probe for MongoDB(®) containers ## Ignored when livenessProbe.enabled=true ## customLivenessProbe: {} ## @param customReadinessProbe Override default readiness probe for MongoDB(®) containers ## Ignored when readinessProbe.enabled=true ## customReadinessProbe: {} ## @param customStartupProbe Override default startup probe for MongoDB(®) containers ## Ignored when startupProbe.enabled=true ## customStartupProbe: {} ## @param initContainers Add additional init containers for the hidden node pod(s) ## Example: ## initContainers: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 ## initContainers: [] ## @param sidecars Add additional sidecar containers for the MongoDB(®) pod(s) ## Example: ## sidecars: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 ## This is an optional 'mongo-labeler' sidecar container that tracks replica-set for the primary mongodb pod ## and labels it dynamically with ' primary: "true" ' in order for an extra-deployed service to always expose ## and attach to the primary pod, this needs to be uncommented along with the suggested 'extraDeploy' example ## and the suggested rbac example for the pod to be allowed adding labels to mongo replica pods ## search 'mongo-labeler' through this file to find the sections that needs to be uncommented to make it work ## ## - name: mongo-labeler ## image: korenlev/k8s-mongo-labeler-sidecar ## imagePullPolicy: Always ## env: ## - name: LABEL_SELECTOR ## value: "app.kubernetes.io/component=mongodb,app.kubernetes.io/instance=mongodb,app.kubernetes.io/name=mongodb" ## - name: NAMESPACE ## value: "the-mongodb-namespace" ## - name: DEBUG ## value: "true" ## sidecars: [] ## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for the MongoDB(®) container(s) ## Examples: ## extraVolumeMounts: ## - name: extras ## mountPath: /usr/share/extras ## readOnly: true ## extraVolumeMounts: [] ## @param extraVolumes Optionally specify extra list of additional volumes to the MongoDB(®) statefulset ## extraVolumes: ## - name: extras ## emptyDir: {} ## extraVolumes: [] ## MongoDB(®) Pod Disruption Budget configuration ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ ## pdb: ## @param pdb.create Enable/disable a Pod Disruption Budget creation for MongoDB(®) pod(s) ## create: false ## @param pdb.minAvailable Minimum number/percentage of MongoDB(®) pods that must still be available after the eviction ## minAvailable: 1 ## @param pdb.maxUnavailable Maximum number/percentage of MongoDB(®) pods that may be made unavailable after the eviction ## maxUnavailable: "" ## @section Traffic exposure parameters ## ## Service parameters ## service: ## @param service.nameOverride MongoDB(®) service name ## nameOverride: "" ## @param service.type Kubernetes Service type (only for standalone architecture) ## type: ClusterIP ## @param service.portName MongoDB(®) service port name (only for standalone architecture) ## portName: mongodb ## @param service.ports.mongodb MongoDB(®) service port. ## ports: mongodb: 27017 ## @param service.nodePorts.mongodb Port to bind to for NodePort and LoadBalancer service types (only for standalone architecture) ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport ## nodePorts: mongodb: "" ## @param service.clusterIP MongoDB(®) service cluster IP (only for standalone architecture) ## e.g: ## clusterIP: None ## clusterIP: "" ## @param service.externalIPs Specify the externalIP value ClusterIP service type (only for standalone architecture) ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips ## externalIPs: [] ## @param service.loadBalancerIP loadBalancerIP for MongoDB(®) Service (only for standalone architecture) ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer ## loadBalancerIP: "" ## @param service.loadBalancerClass loadBalancerClass for MongoDB(®) Service (only for standalone architecture) # ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class loadBalancerClass: "" ## @param service.loadBalancerSourceRanges Address(es) that are allowed when service is LoadBalancer (only for standalone architecture) ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service ## loadBalancerSourceRanges: [] ## @param service.allocateLoadBalancerNodePorts Wheter to allocate node ports when service type is LoadBalancer ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-nodeport-allocation ## allocateLoadBalancerNodePorts: true ## @param service.extraPorts Extra ports to expose (normally used with the `sidecar` value) ## extraPorts: [] ## @param service.annotations Provide any additional annotations that may be required ## annotations: {} ## @param service.externalTrafficPolicy service external traffic policy (only for standalone architecture) ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip ## externalTrafficPolicy: Local ## @param service.sessionAffinity Control where client requests go, to the same pod or round-robin ## Values: ClientIP or None ## ref: https://kubernetes.io/docs/user-guide/services/ ## sessionAffinity: None ## @param service.sessionAffinityConfig Additional settings for the sessionAffinity ## sessionAffinityConfig: ## clientIP: ## timeoutSeconds: 300 ## sessionAffinityConfig: {} ## Headless service properties ## headless: ## @param service.headless.annotations Annotations for the headless service. ## annotations: {} ## External Access to MongoDB(®) nodes configuration ## externalAccess: ## @param externalAccess.enabled Enable Kubernetes external cluster access to MongoDB(®) nodes (only for replicaset architecture) ## enabled: false ## External IPs auto-discovery configuration ## An init container is used to auto-detect LB IPs or node ports by querying the K8s API ## Note: RBAC might be required ## autoDiscovery: ## @param externalAccess.autoDiscovery.enabled Enable using an init container to auto-detect external IPs by querying the K8s API ## enabled: false ## Bitnami Kubectl image ## ref: https://hub.docker.com/r/bitnami/kubectl/tags/ ## @param externalAccess.autoDiscovery.image.registry Init container auto-discovery image registry ## @param externalAccess.autoDiscovery.image.repository Init container auto-discovery image repository ## @param externalAccess.autoDiscovery.image.tag Init container auto-discovery image tag (immutable tags are recommended) ## @param externalAccess.autoDiscovery.image.digest Init container auto-discovery image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param externalAccess.autoDiscovery.image.pullPolicy Init container auto-discovery image pull policy ## @param externalAccess.autoDiscovery.image.pullSecrets Init container auto-discovery image pull secrets ## image: registry: docker.io repository: bitnami/kubectl tag: 1.25.14-debian-11-r5 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## Example: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## Init Container resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## We usually recommend not to specify default resources and to leave this as a conscious ## choice for the user. This also increases chances charts run on environments with little ## resources, such as Minikube. If you do want to specify resources, uncomment the following ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. ## @param externalAccess.autoDiscovery.resources.limits Init container auto-discovery resource limits ## @param externalAccess.autoDiscovery.resources.requests Init container auto-discovery resource requests ## resources: ## Example: ## limits: ## cpu: 100m ## memory: 128Mi ## limits: {} ## Examples: ## requests: ## cpu: 100m ## memory: 128Mi ## requests: {} ## Parameters to configure a set of Pods that connect to an existing MongoDB(®) deployment that lies outside of Kubernetes. ## @param externalAccess.externalMaster.enabled Use external master for bootstrapping ## @param externalAccess.externalMaster.host External master host to bootstrap from ## @param externalAccess.externalMaster.port Port for MongoDB(®) service external master host ## externalMaster: enabled: false host: "" port: 27017 ## Parameters to configure K8s service(s) used to externally access MongoDB(®) ## A new service per broker will be created ## service: ## @param externalAccess.service.type Kubernetes Service type for external access. Allowed values: NodePort, LoadBalancer or ClusterIP ## type: LoadBalancer ## @param externalAccess.service.portName MongoDB(®) port name used for external access when service type is LoadBalancer ## portName: "mongodb" ## @param externalAccess.service.ports.mongodb MongoDB(®) port used for external access when service type is LoadBalancer ## ports: mongodb: 27017 ## @param externalAccess.service.loadBalancerIPs Array of load balancer IPs for MongoDB(®) nodes ## Example: ## loadBalancerIPs: ## - X.X.X.X ## - Y.Y.Y.Y ## loadBalancerIPs: [] ## @param externalAccess.service.loadBalancerClass loadBalancerClass when service type is LoadBalancer # ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class loadBalancerClass: "" ## @param externalAccess.service.loadBalancerSourceRanges Address(es) that are allowed when service is LoadBalancer ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service ## Example: ## loadBalancerSourceRanges: ## - 10.10.10.0/24 ## loadBalancerSourceRanges: [] ## @param externalAccess.service.allocateLoadBalancerNodePorts Wheter to allocate node ports when service type is LoadBalancer ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-nodeport-allocation ## allocateLoadBalancerNodePorts: true ## @param externalAccess.service.externalTrafficPolicy MongoDB(®) service external traffic policy ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip ## externalTrafficPolicy: Local ## @param externalAccess.service.nodePorts Array of node ports used to configure MongoDB(®) advertised hostname when service type is NodePort ## Example: ## nodePorts: ## - 30001 ## - 30002 ## nodePorts: [] ## @param externalAccess.service.domain Domain or external IP used to configure MongoDB(®) advertised hostname when service type is NodePort ## If not specified, the container will try to get the kubernetes node external IP ## e.g: ## domain: mydomain.com ## domain: "" ## @param externalAccess.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) ## extraPorts: [] ## @param externalAccess.service.annotations Service annotations for external access ## annotations: {} ## @param externalAccess.service.sessionAffinity Control where client requests go, to the same pod or round-robin ## Values: ClientIP or None ## ref: https://kubernetes.io/docs/user-guide/services/ ## sessionAffinity: None ## @param externalAccess.service.sessionAffinityConfig Additional settings for the sessionAffinity ## sessionAffinityConfig: ## clientIP: ## timeoutSeconds: 300 ## sessionAffinityConfig: {} ## External Access to MongoDB(®) Hidden nodes configuration ## hidden: ## @param externalAccess.hidden.enabled Enable Kubernetes external cluster access to MongoDB(®) hidden nodes ## enabled: false ## Parameters to configure K8s service(s) used to externally access MongoDB(®) ## A new service per broker will be created ## service: ## @param externalAccess.hidden.service.type Kubernetes Service type for external access. Allowed values: NodePort or LoadBalancer ## type: LoadBalancer ## @param externalAccess.hidden.service.portName MongoDB(®) port name used for external access when service type is LoadBalancer ## portName: "mongodb" ## @param externalAccess.hidden.service.ports.mongodb MongoDB(®) port used for external access when service type is LoadBalancer ## ports: mongodb: 27017 ## @param externalAccess.hidden.service.loadBalancerIPs Array of load balancer IPs for MongoDB(®) nodes ## Example: ## loadBalancerIPs: ## - X.X.X.X ## - Y.Y.Y.Y ## loadBalancerIPs: [] ## @param externalAccess.hidden.service.loadBalancerClass loadBalancerClass when service type is LoadBalancer # ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class loadBalancerClass: "" ## @param externalAccess.hidden.service.loadBalancerSourceRanges Address(es) that are allowed when service is LoadBalancer ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service ## Example: ## loadBalancerSourceRanges: ## - 10.10.10.0/24 ## loadBalancerSourceRanges: [] ## @param externalAccess.hidden.service.allocateLoadBalancerNodePorts Wheter to allocate node ports when service type is LoadBalancer ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-nodeport-allocation ## allocateLoadBalancerNodePorts: true ## @param externalAccess.hidden.service.externalTrafficPolicy MongoDB(®) service external traffic policy ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip ## externalTrafficPolicy: Local ## @param externalAccess.hidden.service.nodePorts Array of node ports used to configure MongoDB(®) advertised hostname when service type is NodePort. Length must be the same as replicaCount ## Example: ## nodePorts: ## - 30001 ## - 30002 ## nodePorts: [] ## @param externalAccess.hidden.service.domain Domain or external IP used to configure MongoDB(®) advertised hostname when service type is NodePort ## If not specified, the container will try to get the kubernetes node external IP ## e.g: ## domain: mydomain.com ## domain: "" ## @param externalAccess.hidden.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) ## extraPorts: [] ## @param externalAccess.hidden.service.annotations Service annotations for external access ## annotations: {} ## @param externalAccess.hidden.service.sessionAffinity Control where client requests go, to the same pod or round-robin ## Values: ClientIP or None ## ref: https://kubernetes.io/docs/user-guide/services/ ## sessionAffinity: None ## @param externalAccess.hidden.service.sessionAffinityConfig Additional settings for the sessionAffinity ## sessionAffinityConfig: ## clientIP: ## timeoutSeconds: 300 ## sessionAffinityConfig: {} ## @section Persistence parameters ## ## Enable persistence using Persistent Volume Claims ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ ## persistence: ## @param persistence.enabled Enable MongoDB(®) data persistence using PVC ## enabled: true ## @param persistence.medium Provide a medium for `emptyDir` volumes. ## Requires persistence.enabled: false ## medium: "" ## @param persistence.existingClaim Provide an existing `PersistentVolumeClaim` (only when `architecture=standalone`) ## Requires persistence.enabled: true ## If defined, PVC must be created manually before volume will be bound ## Ignored when mongodb.architecture=replicaset ## existingClaim: "" ## @param persistence.resourcePolicy Setting it to "keep" to avoid removing PVCs during a helm delete operation. Leaving it empty will delete PVCs after the chart deleted ## resourcePolicy: "" ## @param persistence.storageClass PVC Storage Class for MongoDB(®) data volume ## If defined, storageClassName: ## If set to "-", storageClassName: "", which disables dynamic provisioning ## If undefined (the default) or set to null, no storageClassName spec is ## set, choosing the default provisioner. ## storageClass: "" ## @param persistence.accessModes PV Access Mode ## accessModes: - ReadWriteOnce ## @param persistence.size PVC Storage Request for MongoDB(®) data volume ## size: 8Gi ## @param persistence.annotations PVC annotations ## annotations: {} ## @param persistence.mountPath Path to mount the volume at ## MongoDB(®) images. ## mountPath: /bitnami/mongodb ## @param persistence.subPath Subdirectory of the volume to mount at ## and one PV for multiple services. ## subPath: "" ## Fine tuning for volumeClaimTemplates ## volumeClaimTemplates: ## @param persistence.volumeClaimTemplates.selector A label query over volumes to consider for binding (e.g. when using local volumes) ## A label query over volumes to consider for binding (e.g. when using local volumes) ## See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#labelselector-v1-meta for more details ## selector: {} ## @param persistence.volumeClaimTemplates.requests Custom PVC requests attributes ## Sometime cloud providers use additional requests attributes to provision custom storage instance ## See https://cloud.ibm.com/docs/containers?topic=containers-file_storage#file_dynamic_statefulset ## requests: {} ## @param persistence.volumeClaimTemplates.dataSource Add dataSource to the VolumeClaimTemplate ## dataSource: {} ## @section Backup parameters ## This section implements a trivial logical dump cronjob of the database. ## This only comes with the consistency guarantees of the dump program. ## This is not a snapshot based roll forward/backward recovery backup. ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/ ## backup: ## @param backup.enabled Enable the logical dump of the database "regularly" ## enabled: false ## Fine tuning cronjob's config ## cronjob: ## @param backup.cronjob.schedule Set the cronjob parameter schedule ## schedule: "@daily" ## @param backup.cronjob.concurrencyPolicy Set the cronjob parameter concurrencyPolicy ## concurrencyPolicy: Allow ## @param backup.cronjob.failedJobsHistoryLimit Set the cronjob parameter failedJobsHistoryLimit ## failedJobsHistoryLimit: 1 ## @param backup.cronjob.successfulJobsHistoryLimit Set the cronjob parameter successfulJobsHistoryLimit ## successfulJobsHistoryLimit: 3 ## @param backup.cronjob.startingDeadlineSeconds Set the cronjob parameter startingDeadlineSeconds ## startingDeadlineSeconds: "" ## @param backup.cronjob.ttlSecondsAfterFinished Set the cronjob parameter ttlSecondsAfterFinished ## ttlSecondsAfterFinished: "" ## @param backup.cronjob.restartPolicy Set the cronjob parameter restartPolicy ## restartPolicy: OnFailure ## backup container's Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param backup.cronjob.containerSecurityContext.runAsUser User ID for the backup container ## @param backup.cronjob.containerSecurityContext.runAsGroup Group ID for the backup container ## @param backup.cronjob.containerSecurityContext.runAsNonRoot Set backup container's Security Context runAsNonRoot ## @param backup.cronjob.containerSecurityContext.readOnlyRootFilesystem Is the container itself readonly ## @param backup.cronjob.containerSecurityContext.allowPrivilegeEscalation Is it possible to escalate backup pod(s) privileges ## @param backup.cronjob.containerSecurityContext.seccompProfile.type Set backup container's Security Context seccompProfile type ## @param backup.cronjob.containerSecurityContext.capabilities.drop Set backup container's Security Context capabilities to drop ## containerSecurityContext: runAsUser: 1001 runAsGroup: 0 runAsNonRoot: true allowPrivilegeEscalation: false readOnlyRootFilesystem: true seccompProfile: type: RuntimeDefault capabilities: drop: - ALL ## @param backup.cronjob.command Set backup container's command to run ## command: [] ## @param backup.cronjob.labels Set the cronjob labels ## labels: {} ## @param backup.cronjob.annotations Set the cronjob annotations ## annotations: {} ## Backup container's ## storage: ## @param backup.cronjob.storage.existingClaim Provide an existing `PersistentVolumeClaim` (only when `architecture=standalone`) ## If defined, PVC must be created manually before volume will be bound ## existingClaim: "" ## @param backup.cronjob.storage.resourcePolicy Setting it to "keep" to avoid removing PVCs during a helm delete operation. Leaving it empty will delete PVCs after the chart deleted ## resourcePolicy: "" ## @param backup.cronjob.storage.storageClass PVC Storage Class for the backup data volume ## If defined, storageClassName: ## If set to "-", storageClassName: "", which disables dynamic provisioning ## If undefined (the default) or set to null, no storageClassName spec is ## set, choosing the default provisioner. ## storageClass: "" ## @param backup.cronjob.storage.accessModes PV Access Mode ## accessModes: - ReadWriteOnce ## @param backup.cronjob.storage.size PVC Storage Request for the backup data volume ## size: 8Gi ## @param backup.cronjob.storage.annotations PVC annotations ## annotations: {} ## @param backup.cronjob.storage.mountPath Path to mount the volume at ## mountPath: /backup/mongodb ## @param backup.cronjob.storage.subPath Subdirectory of the volume to mount at ## and one PV for multiple services. ## subPath: "" ## Fine tuning for volumeClaimTemplates ## volumeClaimTemplates: ## @param backup.cronjob.storage.volumeClaimTemplates.selector A label query over volumes to consider for binding (e.g. when using local volumes) ## A label query over volumes to consider for binding (e.g. when using local volumes) ## See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#labelselector-v1-meta for more details ## selector: {} ## @section RBAC parameters ## ## ServiceAccount ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ ## serviceAccount: ## @param serviceAccount.create Enable creation of ServiceAccount for MongoDB(®) pods ## create: true ## @param serviceAccount.name Name of the created serviceAccount ## If not set and create is true, a name is generated using the mongodb.fullname template ## name: "" ## @param serviceAccount.annotations Additional Service Account annotations ## annotations: {} ## @param serviceAccount.automountServiceAccountToken Allows auto mount of ServiceAccountToken on the serviceAccount created ## Can be set to false if pods using this serviceAccount do not need to use K8s API ## automountServiceAccountToken: true ## Role Based Access ## ref: https://kubernetes.io/docs/admin/authorization/rbac/ ## rbac: ## @param rbac.create Whether to create & use RBAC resources or not ## binding MongoDB(®) ServiceAccount to a role ## that allows MongoDB(®) pods querying the K8s API ## this needs to be set to 'true' to enable the mongo-labeler sidecar primary mongodb discovery ## create: false ## @param rbac.rules Custom rules to create following the role specification ## The example below needs to be uncommented to use the 'mongo-labeler' sidecar for dynamic discovery of the primary mongodb pod: ## rules: ## - apiGroups: ## - "" ## resources: ## - pods ## verbs: ## - get ## - list ## - watch ## - update ## rules: [] ## PodSecurityPolicy configuration ## Be sure to also set rbac.create to true, otherwise Role and RoleBinding won't be created. ## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ ## podSecurityPolicy: ## @param podSecurityPolicy.create Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later ## create: false ## @param podSecurityPolicy.allowPrivilegeEscalation Enable privilege escalation ## Either use predefined policy with some adjustments or use `podSecurityPolicy.spec` ## allowPrivilegeEscalation: false ## @param podSecurityPolicy.privileged Allow privileged ## privileged: false ## @param podSecurityPolicy.spec Specify the full spec to use for Pod Security Policy ## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ ## Defining a spec ignores the above values. ## spec: {} ## Example: ## allowPrivilegeEscalation: false ## fsGroup: ## rule: 'MustRunAs' ## ranges: ## - min: 1001 ## max: 1001 ## hostIPC: false ## hostNetwork: false ## hostPID: false ## privileged: false ## readOnlyRootFilesystem: false ## requiredDropCapabilities: ## - ALL ## runAsUser: ## rule: 'MustRunAs' ## ranges: ## - min: 1001 ## max: 1001 ## seLinux: ## rule: 'RunAsAny' ## supplementalGroups: ## rule: 'MustRunAs' ## ranges: ## - min: 1001 ## max: 1001 ## volumes: ## - 'configMap' ## - 'secret' ## - 'emptyDir' ## - 'persistentVolumeClaim' ## ## @section Volume Permissions parameters ## ## Init Container parameters ## Change the owner and group of the persistent volume(s) mountpoint(s) to 'runAsUser:fsGroup' on each component ## values from the securityContext section of the component ## volumePermissions: ## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` ## enabled: false ## @param volumePermissions.image.registry Init container volume-permissions image registry ## @param volumePermissions.image.repository Init container volume-permissions image repository ## @param volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended) ## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy ## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array ## image: registry: docker.io repository: bitnami/os-shell tag: 11-debian-11-r72 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## Example: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## Init Container resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## We usually recommend not to specify default resources and to leave this as a conscious ## choice for the user. This also increases chances charts run on environments with little ## resources, such as Minikube. If you do want to specify resources, uncomment the following ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. ## @param volumePermissions.resources.limits Init container volume-permissions resource limits ## @param volumePermissions.resources.requests Init container volume-permissions resource requests ## resources: ## Example: ## limits: ## cpu: 100m ## memory: 128Mi ## limits: {} ## Examples: ## requests: ## cpu: 100m ## memory: 128Mi ## requests: {} ## Init container Security Context ## Note: the chown of the data folder is done to containerSecurityContext.runAsUser ## and not the below volumePermissions.securityContext.runAsUser ## When runAsUser is set to special value "auto", init container will try to chwon the ## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` ## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed). ## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with ## podSecurityContext.enabled=false,containerSecurityContext.enabled=false and shmVolume.chmod.enabled=false ## @param volumePermissions.securityContext.runAsUser User ID for the volumePermissions container ## securityContext: runAsUser: 0 ## @section Arbiter parameters ## arbiter: ## @param arbiter.enabled Enable deploying the arbiter ## https://docs.mongodb.com/manual/tutorial/add-replica-set-arbiter/ ## enabled: true ## @param arbiter.hostAliases Add deployment host aliases ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## hostAliases: [] ## @param arbiter.configuration Arbiter configuration file to be used ## http://docs.mongodb.org/manual/reference/configuration-options/ ## configuration: "" ## @param arbiter.existingConfigmap Name of existing ConfigMap with Arbiter configuration ## NOTE: When it's set the arbiter.configuration parameter is ignored ## existingConfigmap: "" ## Command and args for running the container (set to default if not set). Use array form ## @param arbiter.command Override default container command (useful when using custom images) ## @param arbiter.args Override default container args (useful when using custom images) ## command: [] args: [] ## @param arbiter.extraFlags Arbiter additional command line flags ## Example: ## extraFlags: ## - "--wiredTigerCacheSizeGB=2" ## extraFlags: [] ## @param arbiter.extraEnvVars Extra environment variables to add to Arbiter pods ## E.g: ## extraEnvVars: ## - name: FOO ## value: BAR ## extraEnvVars: [] ## @param arbiter.extraEnvVarsCM Name of existing ConfigMap containing extra env vars ## extraEnvVarsCM: "" ## @param arbiter.extraEnvVarsSecret Name of existing Secret containing extra env vars (in case of sensitive data) ## extraEnvVarsSecret: "" ## @param arbiter.annotations Additional labels to be added to the Arbiter statefulset ## annotations: {} ## @param arbiter.labels Annotations to be added to the Arbiter statefulset ## labels: {} ## @param arbiter.topologySpreadConstraints MongoDB(®) Spread Constraints for arbiter Pods ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ ## topologySpreadConstraints: [] ## @param arbiter.lifecycleHooks LifecycleHook for the Arbiter container to automate configuration before or after startup ## lifecycleHooks: {} ## @param arbiter.terminationGracePeriodSeconds Arbiter Termination Grace Period ## terminationGracePeriodSeconds: "" ## @param arbiter.updateStrategy.type Strategy that will be employed to update Pods in the StatefulSet ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies ## updateStrategy: ## type: RollingUpdate ## rollingUpdate: ## maxSurge: 25% ## maxUnavailable: 25% ## updateStrategy: type: RollingUpdate ## @param arbiter.podManagementPolicy Pod management policy for MongoDB(®) ## Should be initialized one by one when building the replicaset for the first time ## podManagementPolicy: OrderedReady ## @param arbiter.schedulerName Name of the scheduler (other than default) to dispatch pods ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## schedulerName: "" ## @param arbiter.podAffinityPreset Arbiter Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAffinityPreset: "" ## @param arbiter.podAntiAffinityPreset Arbiter Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAntiAffinityPreset: soft ## Node affinity preset ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity ## nodeAffinityPreset: ## @param arbiter.nodeAffinityPreset.type Arbiter Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## type: "" ## @param arbiter.nodeAffinityPreset.key Arbiter Node label key to match Ignored if `affinity` is set. ## E.g. ## key: "kubernetes.io/e2e-az-name" ## key: "" ## @param arbiter.nodeAffinityPreset.values Arbiter Node label values to match. Ignored if `affinity` is set. ## E.g. ## values: ## - e2e-az1 ## - e2e-az2 ## values: [] ## @param arbiter.affinity Arbiter Affinity for pod assignment ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## Note: arbiter.podAffinityPreset, arbiter.podAntiAffinityPreset, and arbiter.nodeAffinityPreset will be ignored when it's set ## affinity: {} ## @param arbiter.nodeSelector Arbiter Node labels for pod assignment ## ref: https://kubernetes.io/docs/user-guide/node-selection/ ## nodeSelector: {} ## @param arbiter.tolerations Arbiter Tolerations for pod assignment ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] ## @param arbiter.podLabels Arbiter pod labels ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## podLabels: {} ## @param arbiter.podAnnotations Arbiter Pod annotations ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} ## @param arbiter.priorityClassName Name of the existing priority class to be used by Arbiter pod(s) ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ ## priorityClassName: "" ## @param arbiter.runtimeClassName Name of the runtime class to be used by Arbiter pod(s) ## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/ ## runtimeClassName: "" ## MongoDB(®) Arbiter pods' Security Context. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param arbiter.podSecurityContext.enabled Enable Arbiter pod(s)' Security Context ## @param arbiter.podSecurityContext.fsGroup Group ID for the volumes of the Arbiter pod(s) ## @param arbiter.podSecurityContext.sysctls sysctl settings of the Arbiter pod(s)' ## podSecurityContext: enabled: true fsGroup: 1001 ## sysctl settings ## Example: ## sysctls: ## - name: net.core.somaxconn ## value: "10000" ## sysctls: [] ## MongoDB(®) Arbiter containers' Security Context (only main container). ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param arbiter.containerSecurityContext.enabled Enable Arbiter container(s)' Security Context ## @param arbiter.containerSecurityContext.runAsUser User ID for the Arbiter container ## @param arbiter.containerSecurityContext.runAsGroup Group ID for the Arbiter container ## @param arbiter.containerSecurityContext.runAsNonRoot Set Arbiter containers' Security Context runAsNonRoot ## @param arbiter.containerSecurityContext.allowPrivilegeEscalation Is it possible to escalate Arbiter pod(s) privileges ## @param arbiter.containerSecurityContext.seccompProfile.type Set Arbiter container's Security Context seccompProfile type ## @param arbiter.containerSecurityContext.capabilities.drop Set Arbiter container's Security Context capabilities to drop ## containerSecurityContext: enabled: true runAsUser: 1001 runAsGroup: 0 runAsNonRoot: true allowPrivilegeEscalation: false seccompProfile: type: RuntimeDefault capabilities: drop: - ALL ## MongoDB(®) Arbiter containers' resource requests and limits. ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## We usually recommend not to specify default resources and to leave this as a conscious ## choice for the user. This also increases chances charts run on environments with little ## resources, such as Minikube. If you do want to specify resources, uncomment the following ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. ## @param arbiter.resources.limits The resources limits for Arbiter containers ## @param arbiter.resources.requests The requested resources for Arbiter containers ## resources: ## Example: ## limits: ## cpu: 100m ## memory: 128Mi ## limits: {} ## Examples: ## requests: ## cpu: 100m ## memory: 128Mi ## requests: {} ## @param arbiter.containerPorts.mongodb MongoDB(®) arbiter container port ## containerPorts: mongodb: 27017 ## MongoDB(®) Arbiter pods' liveness probe. Evaluated as a template. ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes ## @param arbiter.livenessProbe.enabled Enable livenessProbe ## @param arbiter.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe ## @param arbiter.livenessProbe.periodSeconds Period seconds for livenessProbe ## @param arbiter.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe ## @param arbiter.livenessProbe.failureThreshold Failure threshold for livenessProbe ## @param arbiter.livenessProbe.successThreshold Success threshold for livenessProbe ## livenessProbe: enabled: true initialDelaySeconds: 30 periodSeconds: 20 timeoutSeconds: 10 failureThreshold: 6 successThreshold: 1 ## MongoDB(®) Arbiter pods' readiness probe. Evaluated as a template. ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes ## @param arbiter.readinessProbe.enabled Enable readinessProbe ## @param arbiter.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe ## @param arbiter.readinessProbe.periodSeconds Period seconds for readinessProbe ## @param arbiter.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe ## @param arbiter.readinessProbe.failureThreshold Failure threshold for readinessProbe ## @param arbiter.readinessProbe.successThreshold Success threshold for readinessProbe ## readinessProbe: enabled: true initialDelaySeconds: 5 periodSeconds: 20 timeoutSeconds: 10 failureThreshold: 6 successThreshold: 1 ## MongoDB(®) Arbiter pods' startup probe. Evaluated as a template. ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes ## @param arbiter.startupProbe.enabled Enable startupProbe ## @param arbiter.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe ## @param arbiter.startupProbe.periodSeconds Period seconds for startupProbe ## @param arbiter.startupProbe.timeoutSeconds Timeout seconds for startupProbe ## @param arbiter.startupProbe.failureThreshold Failure threshold for startupProbe ## @param arbiter.startupProbe.successThreshold Success threshold for startupProbe ## startupProbe: enabled: false initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 30 ## @param arbiter.customLivenessProbe Override default liveness probe for Arbiter containers ## Ignored when arbiter.livenessProbe.enabled=true ## customLivenessProbe: {} ## @param arbiter.customReadinessProbe Override default readiness probe for Arbiter containers ## Ignored when arbiter.readinessProbe.enabled=true ## customReadinessProbe: {} ## @param arbiter.customStartupProbe Override default startup probe for Arbiter containers ## Ignored when arbiter.startupProbe.enabled=true ## customStartupProbe: {} ## @param arbiter.initContainers Add additional init containers for the Arbiter pod(s) ## Example: ## initContainers: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 ## initContainers: [] ## @param arbiter.sidecars Add additional sidecar containers for the Arbiter pod(s) ## Example: ## sidecars: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 ## sidecars: [] ## @param arbiter.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Arbiter container(s) ## Examples: ## extraVolumeMounts: ## - name: extras ## mountPath: /usr/share/extras ## readOnly: true ## extraVolumeMounts: [] ## @param arbiter.extraVolumes Optionally specify extra list of additional volumes to the Arbiter statefulset ## extraVolumes: ## - name: extras ## emptyDir: {} ## extraVolumes: [] ## MongoDB(®) Arbiter Pod Disruption Budget configuration ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ ## pdb: ## @param arbiter.pdb.create Enable/disable a Pod Disruption Budget creation for Arbiter pod(s) ## create: false ## @param arbiter.pdb.minAvailable Minimum number/percentage of Arbiter pods that should remain scheduled ## minAvailable: 1 ## @param arbiter.pdb.maxUnavailable Maximum number/percentage of Arbiter pods that may be made unavailable ## maxUnavailable: "" ## MongoDB(®) Arbiter service parameters ## service: ## @param arbiter.service.nameOverride The arbiter service name ## nameOverride: "" ## @param arbiter.service.ports.mongodb MongoDB(®) service port ## ports: mongodb: 27017 ## @param arbiter.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) ## extraPorts: [] ## @param arbiter.service.annotations Provide any additional annotations that may be required ## annotations: {} ## Headless service properties ## headless: ## @param arbiter.service.headless.annotations Annotations for the headless service. ## annotations: {} ## @section Hidden Node parameters ## hidden: ## @param hidden.enabled Enable deploying the hidden nodes ## https://docs.mongodb.com/manual/tutorial/configure-a-hidden-replica-set-member/ ## enabled: false ## @param hidden.hostAliases Add deployment host aliases ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## hostAliases: [] ## @param hidden.configuration Hidden node configuration file to be used ## http://docs.mongodb.org/manual/reference/configuration-options/ ## configuration: "" ## @param hidden.existingConfigmap Name of existing ConfigMap with Hidden node configuration ## NOTE: When it's set the hidden.configuration parameter is ignored ## existingConfigmap: "" ## Command and args for running the container (set to default if not set). Use array form ## @param hidden.command Override default container command (useful when using custom images) ## @param hidden.args Override default container args (useful when using custom images) ## command: [] args: [] ## @param hidden.extraFlags Hidden node additional command line flags ## Example: ## extraFlags: ## - "--wiredTigerCacheSizeGB=2" ## extraFlags: [] ## @param hidden.extraEnvVars Extra environment variables to add to Hidden node pods ## E.g: ## extraEnvVars: ## - name: FOO ## value: BAR ## extraEnvVars: [] ## @param hidden.extraEnvVarsCM Name of existing ConfigMap containing extra env vars ## extraEnvVarsCM: "" ## @param hidden.extraEnvVarsSecret Name of existing Secret containing extra env vars (in case of sensitive data) ## extraEnvVarsSecret: "" ## @param hidden.annotations Additional labels to be added to thehidden node statefulset ## annotations: {} ## @param hidden.labels Annotations to be added to the hidden node statefulset ## labels: {} ## @param hidden.topologySpreadConstraints MongoDB(®) Spread Constraints for hidden Pods ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ ## topologySpreadConstraints: [] ## @param hidden.lifecycleHooks LifecycleHook for the Hidden container to automate configuration before or after startup ## lifecycleHooks: {} ## @param hidden.replicaCount Number of hidden nodes (only when `architecture=replicaset`) ## Ignored when mongodb.architecture=standalone ## replicaCount: 1 ## @param hidden.terminationGracePeriodSeconds Hidden Termination Grace Period ## terminationGracePeriodSeconds: "" ## @param hidden.updateStrategy.type Strategy that will be employed to update Pods in the StatefulSet ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies ## updateStrategy: ## type: RollingUpdate ## rollingUpdate: ## maxSurge: 25% ## maxUnavailable: 25% ## updateStrategy: type: RollingUpdate ## @param hidden.podManagementPolicy Pod management policy for hidden node ## podManagementPolicy: OrderedReady ## @param hidden.schedulerName Name of the scheduler (other than default) to dispatch pods ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## schedulerName: "" ## @param hidden.podAffinityPreset Hidden node Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAffinityPreset: "" ## @param hidden.podAntiAffinityPreset Hidden node Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAntiAffinityPreset: soft ## Node affinity preset ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity ## Allowed values: soft, hard ## nodeAffinityPreset: ## @param hidden.nodeAffinityPreset.type Hidden Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## type: "" ## @param hidden.nodeAffinityPreset.key Hidden Node label key to match Ignored if `affinity` is set. ## E.g. ## key: "kubernetes.io/e2e-az-name" ## key: "" ## @param hidden.nodeAffinityPreset.values Hidden Node label values to match. Ignored if `affinity` is set. ## E.g. ## values: ## - e2e-az1 ## - e2e-az2 ## values: [] ## @param hidden.affinity Hidden node Affinity for pod assignment ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set ## affinity: {} ## @param hidden.nodeSelector Hidden node Node labels for pod assignment ## ref: https://kubernetes.io/docs/user-guide/node-selection/ ## nodeSelector: {} ## @param hidden.tolerations Hidden node Tolerations for pod assignment ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] ## @param hidden.podLabels Hidden node pod labels ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## podLabels: {} ## @param hidden.podAnnotations Hidden node Pod annotations ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} ## @param hidden.priorityClassName Name of the existing priority class to be used by hidden node pod(s) ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ ## priorityClassName: "" ## @param hidden.runtimeClassName Name of the runtime class to be used by hidden node pod(s) ## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/ ## runtimeClassName: "" ## MongoDB(®) Hidden pods' Security Context. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param hidden.podSecurityContext.enabled Enable Hidden pod(s)' Security Context ## @param hidden.podSecurityContext.fsGroup Group ID for the volumes of the Hidden pod(s) ## @param hidden.podSecurityContext.sysctls sysctl settings of the Hidden pod(s)' ## podSecurityContext: enabled: true fsGroup: 1001 ## sysctl settings ## Example: ## sysctls: ## - name: net.core.somaxconn ## value: "10000" ## sysctls: [] ## MongoDB(®) Hidden containers' Security Context (only main container). ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param hidden.containerSecurityContext.enabled Enable Hidden container(s)' Security Context ## @param hidden.containerSecurityContext.runAsUser User ID for the Hidden container ## @param hidden.containerSecurityContext.runAsGroup Group ID for the Hidden container ## @param hidden.containerSecurityContext.runAsNonRoot Set Hidden containers' Security Context runAsNonRoot ## @param hidden.containerSecurityContext.allowPrivilegeEscalation Set Hidden containers' Security Context allowPrivilegeEscalation ## @param hidden.containerSecurityContext.seccompProfile.type Set Hidden container's Security Context seccompProfile type ## @param hidden.containerSecurityContext.capabilities.drop Set Hidden container's Security Context capabilities to drop ## containerSecurityContext: enabled: true runAsUser: 1001 runAsGroup: 0 runAsNonRoot: true allowPrivilegeEscalation: false seccompProfile: type: RuntimeDefault capabilities: drop: - ALL ## MongoDB(®) Hidden containers' resource requests and limits. ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## We usually recommend not to specify default resources and to leave this as a conscious ## choice for the user. This also increases chances charts run on environments with little ## resources, such as Minikube. If you do want to specify resources, uncomment the following ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. ## @param hidden.resources.limits The resources limits for hidden node containers ## @param hidden.resources.requests The requested resources for hidden node containers ## resources: ## Example: ## limits: ## cpu: 100m ## memory: 128Mi ## limits: {} ## Examples: ## requests: ## cpu: 100m ## memory: 128Mi ## requests: {} ## @param hidden.containerPorts.mongodb MongoDB(®) hidden container port ## containerPorts: mongodb: 27017 ## MongoDB(®) Hidden pods' liveness probe. Evaluated as a template. ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes ## @param hidden.livenessProbe.enabled Enable livenessProbe ## @param hidden.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe ## @param hidden.livenessProbe.periodSeconds Period seconds for livenessProbe ## @param hidden.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe ## @param hidden.livenessProbe.failureThreshold Failure threshold for livenessProbe ## @param hidden.livenessProbe.successThreshold Success threshold for livenessProbe ## livenessProbe: enabled: true initialDelaySeconds: 30 periodSeconds: 20 timeoutSeconds: 10 failureThreshold: 6 successThreshold: 1 ## MongoDB(®) Hidden pods' readiness probe. Evaluated as a template. ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes ## @param hidden.readinessProbe.enabled Enable readinessProbe ## @param hidden.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe ## @param hidden.readinessProbe.periodSeconds Period seconds for readinessProbe ## @param hidden.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe ## @param hidden.readinessProbe.failureThreshold Failure threshold for readinessProbe ## @param hidden.readinessProbe.successThreshold Success threshold for readinessProbe ## readinessProbe: enabled: true initialDelaySeconds: 5 periodSeconds: 20 timeoutSeconds: 10 failureThreshold: 6 successThreshold: 1 ## Slow starting containers can be protected through startup probes ## Startup probes are available in Kubernetes version 1.16 and above ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes ## @param hidden.startupProbe.enabled Enable startupProbe ## @param hidden.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe ## @param hidden.startupProbe.periodSeconds Period seconds for startupProbe ## @param hidden.startupProbe.timeoutSeconds Timeout seconds for startupProbe ## @param hidden.startupProbe.failureThreshold Failure threshold for startupProbe ## @param hidden.startupProbe.successThreshold Success threshold for startupProbe ## startupProbe: enabled: false initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 30 ## @param hidden.customLivenessProbe Override default liveness probe for hidden node containers ## Ignored when hidden.livenessProbe.enabled=true ## customLivenessProbe: {} ## @param hidden.customReadinessProbe Override default readiness probe for hidden node containers ## Ignored when hidden.readinessProbe.enabled=true ## customReadinessProbe: {} ## @param hidden.customStartupProbe Override default startup probe for MongoDB(®) containers ## Ignored when hidden.startupProbe.enabled=true ## customStartupProbe: {} ## @param hidden.initContainers Add init containers to the MongoDB(®) Hidden pods. ## Example: ## initContainers: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 ## initContainers: [] ## @param hidden.sidecars Add additional sidecar containers for the hidden node pod(s) ## Example: ## sidecars: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 ## sidecars: [] ## @param hidden.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the hidden node container(s) ## Examples: ## extraVolumeMounts: ## - name: extras ## mountPath: /usr/share/extras ## readOnly: true ## extraVolumeMounts: [] ## @param hidden.extraVolumes Optionally specify extra list of additional volumes to the hidden node statefulset ## extraVolumes: ## - name: extras ## emptyDir: {} ## extraVolumes: [] ## MongoDB(®) Hidden Pod Disruption Budget configuration ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ ## pdb: ## @param hidden.pdb.create Enable/disable a Pod Disruption Budget creation for hidden node pod(s) ## create: false ## @param hidden.pdb.minAvailable Minimum number/percentage of hidden node pods that should remain scheduled ## minAvailable: 1 ## @param hidden.pdb.maxUnavailable Maximum number/percentage of hidden node pods that may be made unavailable ## maxUnavailable: "" ## Enable persistence using Persistent Volume Claims ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ ## persistence: ## @param hidden.persistence.enabled Enable hidden node data persistence using PVC ## enabled: true ## @param hidden.persistence.medium Provide a medium for `emptyDir` volumes. ## Requires hidden.persistence.enabled: false ## medium: "" ## @param hidden.persistence.storageClass PVC Storage Class for hidden node data volume ## If defined, storageClassName: ## If set to "-", storageClassName: "", which disables dynamic provisioning ## If undefined (the default) or set to null, no storageClassName spec is ## set, choosing the default provisioner. ## storageClass: "" ## @param hidden.persistence.accessModes PV Access Mode ## accessModes: - ReadWriteOnce ## @param hidden.persistence.size PVC Storage Request for hidden node data volume ## size: 8Gi ## @param hidden.persistence.annotations PVC annotations ## annotations: {} ## @param hidden.persistence.mountPath The path the volume will be mounted at, useful when using different MongoDB(®) images. ## mountPath: /bitnami/mongodb ## @param hidden.persistence.subPath The subdirectory of the volume to mount to, useful in dev environments ## and one PV for multiple services. ## subPath: "" ## Fine tuning for volumeClaimTemplates ## volumeClaimTemplates: ## @param hidden.persistence.volumeClaimTemplates.selector A label query over volumes to consider for binding (e.g. when using local volumes) ## See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#labelselector-v1-meta for more details ## selector: {} ## @param hidden.persistence.volumeClaimTemplates.requests Custom PVC requests attributes ## Sometime cloud providers use additional requests attributes to provision custom storage instance ## See https://cloud.ibm.com/docs/containers?topic=containers-file_storage#file_dynamic_statefulset ## requests: {} ## @param hidden.persistence.volumeClaimTemplates.dataSource Set volumeClaimTemplate dataSource ## dataSource: {} service: ## @param hidden.service.portName MongoDB(®) service port name ## portName: "mongodb" ## @param hidden.service.ports.mongodb MongoDB(®) service port ## ports: mongodb: 27017 ## @param hidden.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) ## extraPorts: [] ## @param hidden.service.annotations Provide any additional annotations that may be required ## annotations: {} ## Headless service properties ## headless: ## @param hidden.service.headless.annotations Annotations for the headless service. ## annotations: {} ## @section Metrics parameters ## metrics: ## @param metrics.enabled Enable using a sidecar Prometheus exporter ## enabled: false ## Bitnami MongoDB(®) Promtheus Exporter image ## ref: https://hub.docker.com/r/bitnami/mongodb-exporter/tags/ ## @param metrics.image.registry MongoDB(®) Prometheus exporter image registry ## @param metrics.image.repository MongoDB(®) Prometheus exporter image repository ## @param metrics.image.tag MongoDB(®) Prometheus exporter image tag (immutable tags are recommended) ## @param metrics.image.digest MongoDB(®) image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param metrics.image.pullPolicy MongoDB(®) Prometheus exporter image pull policy ## @param metrics.image.pullSecrets Specify docker-registry secret names as an array ## image: registry: docker.io repository: bitnami/mongodb-exporter tag: 0.39.0-debian-11-r106 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## e.g: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## @param metrics.username String with username for the metrics exporter ## If undefined the root user will be used for the metrics exporter ## username: "" ## @param metrics.password String with password for the metrics exporter ## If undefined but metrics.username is defined, a random password will be generated ## password: "" ## @param metrics.compatibleMode Enables old style mongodb-exporter metrics compatibleMode: true collector: ## @param metrics.collector.all Enable all collectors. Same as enabling all individual metrics ## Enabling all metrics will cause significant CPU load on mongod all: false ## @param metrics.collector.diagnosticdata Boolean Enable collecting metrics from getDiagnosticData diagnosticdata: true ## @param metrics.collector.replicasetstatus Boolean Enable collecting metrics from replSetGetStatus replicasetstatus: true ## @param metrics.collector.dbstats Boolean Enable collecting metrics from dbStats dbstats: false ## @param metrics.collector.topmetrics Boolean Enable collecting metrics from top admin command topmetrics: false ## @param metrics.collector.indexstats Boolean Enable collecting metrics from $indexStats indexstats: false ## @param metrics.collector.collstats Boolean Enable collecting metrics from $collStats collstats: false ## @param metrics.collector.collstatsColls List of \.\ to get $collStats collstatsColls: [] ## @param metrics.collector.indexstatsColls List - List of \.\ to get $indexStats indexstatsColls: [] ## @param metrics.collector.collstatsLimit Number - Disable collstats, dbstats, topmetrics and indexstats collector if there are more than \ collections. 0=No limit collstatsLimit: 0 ## @param metrics.extraFlags String with extra flags to the metrics exporter ## ref: https://github.com/percona/mongodb_exporter/blob/main/main.go ## extraFlags: "" ## Command and args for running the container (set to default if not set). Use array form ## @param metrics.command Override default container command (useful when using custom images) ## @param metrics.args Override default container args (useful when using custom images) ## command: [] args: [] ## Metrics exporter container resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## We usually recommend not to specify default resources and to leave this as a conscious ## choice for the user. This also increases chances charts run on environments with little ## resources, such as Minikube. If you do want to specify resources, uncomment the following ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. ## @param metrics.resources.limits The resources limits for Prometheus exporter containers ## @param metrics.resources.requests The requested resources for Prometheus exporter containers ## resources: ## Example: ## limits: ## cpu: 100m ## memory: 128Mi ## limits: {} ## Examples: ## requests: ## cpu: 100m ## memory: 128Mi ## requests: {} ## @param metrics.containerPort Port of the Prometheus metrics container ## containerPort: 9216 ## Prometheus Exporter service configuration ## service: ## @param metrics.service.annotations [object] Annotations for Prometheus Exporter pods. Evaluated as a template. ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## annotations: prometheus.io/scrape: "true" prometheus.io/port: "{{ .Values.metrics.service.ports.metrics }}" prometheus.io/path: "/metrics" ## @param metrics.service.type Type of the Prometheus metrics service ## type: ClusterIP ## @param metrics.service.ports.metrics Port of the Prometheus metrics service ## ports: metrics: 9216 ## @param metrics.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) ## extraPorts: [] ## Metrics exporter liveness probe ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) ## @param metrics.livenessProbe.enabled Enable livenessProbe ## @param metrics.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe ## @param metrics.livenessProbe.periodSeconds Period seconds for livenessProbe ## @param metrics.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe ## @param metrics.livenessProbe.failureThreshold Failure threshold for livenessProbe ## @param metrics.livenessProbe.successThreshold Success threshold for livenessProbe ## livenessProbe: enabled: true initialDelaySeconds: 15 periodSeconds: 5 timeoutSeconds: 10 failureThreshold: 3 successThreshold: 1 ## Metrics exporter readiness probe ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) ## @param metrics.readinessProbe.enabled Enable readinessProbe ## @param metrics.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe ## @param metrics.readinessProbe.periodSeconds Period seconds for readinessProbe ## @param metrics.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe ## @param metrics.readinessProbe.failureThreshold Failure threshold for readinessProbe ## @param metrics.readinessProbe.successThreshold Success threshold for readinessProbe ## readinessProbe: enabled: true initialDelaySeconds: 5 periodSeconds: 5 timeoutSeconds: 10 failureThreshold: 3 successThreshold: 1 ## Slow starting containers can be protected through startup probes ## Startup probes are available in Kubernetes version 1.16 and above ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes ## @param metrics.startupProbe.enabled Enable startupProbe ## @param metrics.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe ## @param metrics.startupProbe.periodSeconds Period seconds for startupProbe ## @param metrics.startupProbe.timeoutSeconds Timeout seconds for startupProbe ## @param metrics.startupProbe.failureThreshold Failure threshold for startupProbe ## @param metrics.startupProbe.successThreshold Success threshold for startupProbe ## startupProbe: enabled: false initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 30 ## @param metrics.customLivenessProbe Override default liveness probe for MongoDB(®) containers ## Ignored when livenessProbe.enabled=true ## customLivenessProbe: {} ## @param metrics.customReadinessProbe Override default readiness probe for MongoDB(®) containers ## Ignored when readinessProbe.enabled=true ## customReadinessProbe: {} ## @param metrics.customStartupProbe Override default startup probe for MongoDB(®) containers ## Ignored when startupProbe.enabled=true ## customStartupProbe: {} ## @param metrics.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the metrics container(s) ## Examples: ## extraVolumeMounts: ## - name: extras ## mountPath: /usr/share/extras ## readOnly: true ## extraVolumeMounts: [] ## Prometheus Service Monitor ## ref: https://github.com/coreos/prometheus-operator ## https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md ## serviceMonitor: ## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using Prometheus Operator ## enabled: false ## @param metrics.serviceMonitor.namespace Namespace which Prometheus is running in ## namespace: "" ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped ## interval: 30s ## @param metrics.serviceMonitor.scrapeTimeout Specify the timeout after which the scrape is ended ## e.g: ## scrapeTimeout: 30s ## scrapeTimeout: "" ## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping. ## relabelings: [] ## @param metrics.serviceMonitor.metricRelabelings MetricsRelabelConfigs to apply to samples before ingestion. ## metricRelabelings: [] ## @param metrics.serviceMonitor.labels Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec ## labels: {} ## @param metrics.serviceMonitor.selector Prometheus instance selector labels ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration ## selector: {} ## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint ## honorLabels: false ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus. ## jobLabel: "" ## Custom PrometheusRule to be defined ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions ## prometheusRule: ## @param metrics.prometheusRule.enabled Set this to true to create prometheusRules for Prometheus operator ## enabled: false ## @param metrics.prometheusRule.additionalLabels Additional labels that can be used so prometheusRules will be discovered by Prometheus ## additionalLabels: {} ## @param metrics.prometheusRule.namespace Namespace where prometheusRules resource should be created ## namespace: "" ## @param metrics.prometheusRule.rules Rules to be created, check values for an example ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#rulegroup ## https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/ ## ## This is an example of a rule, you should add the below code block under the "rules" param, removing the brackets ## rules: ## - alert: HighRequestLatency ## expr: job:request_latency_seconds:mean5m{job="myjob"} > 0.5 ## for: 10m ## labels: ## severity: page ## annotations: ## summary: High request latency ## rules: []