From 90b73a829a1c1d5b85fcfdee619fa8874b27999a Mon Sep 17 00:00:00 2001 From: Fran Mulero Date: Fri, 10 May 2024 16:21:12 +0200 Subject: [PATCH] [bitnami/mongodb] Simplify and fix externalAccess configuration (#25397) * [bitnami/mongodb] Simplify and fix externalAccess configuration Signed-off-by: Fran Mulero * Version bump Signed-off-by: Fran Mulero * Update README.md with readme-generator-for-helm Signed-off-by: Bitnami Containers * Change validations Signed-off-by: Fran Mulero * Create init container to wait for dns resolution Signed-off-by: Fran Mulero * Update README.md with readme-generator-for-helm Signed-off-by: Bitnami Containers * Amend MONGODB_INITIAL_PRIMARY_HOST on arbiter statefulset Signed-off-by: Fran Mulero * Add documentation Signed-off-by: Fran Mulero * Fix Chart copyright and little fix on replicaset statefulset Signed-off-by: Fran Mulero * Remove local addresses and IPs from certificate definition Signed-off-by: Fran Mulero * Add mongosh home directory to avoid this message: Could not access file: ENOENT: no such file or directory, mkdir '/.mongodb/mongosh' Signed-off-by: Fran Mulero * Add README note about hostAliases Signed-off-by: Fran Mulero --------- Signed-off-by: Fran Mulero Signed-off-by: Bitnami Containers Co-authored-by: Bitnami Containers --- bitnami/mongodb/Chart.yaml | 2 +- bitnami/mongodb/README.md | 88 ++++++++++--- bitnami/mongodb/templates/_helpers.tpl | 124 ++++++++++++++++-- .../templates/arbiter/statefulset.yaml | 5 +- bitnami/mongodb/templates/backup/cronjob.yaml | 4 +- .../mongodb/templates/common-scripts-cm.yaml | 3 - .../mongodb/templates/hidden/statefulset.yaml | 73 ++--------- .../replicaset/external-access-svc.yaml | 5 +- .../replicaset/scripts-configmap.yaml | 4 +- .../templates/replicaset/statefulset.yaml | 80 +++-------- .../mongodb/templates/standalone/dep-sts.yaml | 35 +---- bitnami/mongodb/values.yaml | 64 ++++++++- 12 files changed, 293 insertions(+), 194 deletions(-) diff --git a/bitnami/mongodb/Chart.yaml b/bitnami/mongodb/Chart.yaml index 76fb83c20a9587..86fac268630f65 100644 --- a/bitnami/mongodb/Chart.yaml +++ b/bitnami/mongodb/Chart.yaml @@ -39,4 +39,4 @@ maintainers: name: mongodb sources: - https://github.com/bitnami/charts/tree/main/bitnami/mongodb -version: 15.2.0 +version: 15.3.0 diff --git a/bitnami/mongodb/README.md b/bitnami/mongodb/README.md index cd6f69faf5da0e..68d4faf2208e96 100644 --- a/bitnami/mongodb/README.md +++ b/bitnami/mongodb/README.md @@ -147,37 +147,63 @@ In order to access MongoDB(®) nodes from outside the cluster when using a re #### Use LoadBalancer services -Two alternatives are available to use *LoadBalancer* services: +Three alternatives are available to use *LoadBalancer* services: - Use random load balancer IP addresses using an *initContainer* that waits for the IP addresses to be ready and discovers them automatically. An example deployment configuration is shown below: - ```text - architecture=replicaset - replicaCount=2 - externalAccess.enabled=true - externalAccess.service.type=LoadBalancer - externalAccess.service.port=27017 - externalAccess.autoDiscovery.enabled=true - serviceAccount.create=true - rbac.create=true + ```yaml + architecture: replicaset + replicaCount: 2 + externalAccess: + enabled: true + service: + type: LoadBalancer + autoDiscovery: + enabled: true + serviceAccount: + create: true + automountServiceAccountToken: true + rbac: + create: true ``` > NOTE: This option requires creating RBAC rules on clusters where RBAC policies are enabled. - Manually specify the load balancer IP addresses. An example deployment configuration is shown below, with the placeholder EXTERNAL-IP-ADDRESS-X used in place of the load balancer IP addresses: - ```text - architecture=replicaset - replicaCount=2 - externalAccess.enabled=true - externalAccess.service.type=LoadBalancer - externalAccess.service.port=27017 - externalAccess.service.loadBalancerIPs[0]='EXTERNAL-IP-ADDRESS-1' - externalAccess.service.loadBalancerIPs[1]='EXTERNAL-IP-ADDRESS-2' + ```yaml + architecture: replicaset + replicaCount: 2 + externalAccess: + enabled: true + service: + type: LoadBalancer + loadBalancerIPs: + - 'EXTERNAL-IP-ADDRESS-1' + - 'EXTERNAL-IP-ADDRESS-2' ``` > NOTE: This option requires knowing the load balancer IP addresses, so that each MongoDB® node's advertised hostname is configured with it. +- Specify `externalAccess.service.publicNames`. These names must be resolvable by the MongoDB® containers. To ensure that, if this value is set, an initContainer is added to wait for the ip addresses associated to those names. We can combine this feature with `external-dns`, setting the required annotations to configure the load balancer names: + + ```yaml + architecture: replicaset + replicaCount: 2 + externalAccess: + enabled: true + service: + type: LoadBalancer + publicNames: + - 'mongodb-0.example.com' + - 'mongodb-1.example.com' + annotationsList: + - external-dns.alpha.kubernetes.io/hostname: mongodb-0.example.com + - external-dns.alpha.kubernetes.io/hostname: mongodb-1.example.com + ``` + + > NOTE: If register new DNS records for those names is not an option, the release can be upgraded setting `hostAliases` with the public IPs assigned to the external services. + #### Use NodePort services Manually specify the node ports to use. An example deployment configuration is shown below, with the placeholder NODE-PORT-X used in place of the node ports: @@ -333,6 +359,19 @@ To use your own CA, set `tls.caCert` and `tls.caKey` with appropriate base64 enc > NOTE: Currently, only RSA private keys are supported. +#### Use your own certificates + +To use your own certificates, set `tls.standalone.existingSecret`, `tls.replicaset.existingSecrets`, `tls.hidden.existingSecrets` and/or `tls.arbiter.existingSecret` secrets according to your needs. All of them must be references to `kubernetes.io/tls` secrets and the certificates must be created using the same CA. The CA can be added directly to each secret using the `ca.crt` key: + +```shell +kubectl create secret tls "mongodb-0-cert" --cert="mongodb-0.crt" --key="mongodb-0.key" +kubectl patch secret "mongodb-0-cert" -p="{\"data\":{\"ca.crt\": \"$(cat ca.crt | base64 -w0 )\"}}" +``` + +Or adding it to the "endpoint certificate" and setting the value `tls.pemChainIncluded`. If we reuse the example above, the `mongodb-0.crt` file should include CA cert and we shouldn't need to patch the secret to add the `ca.crt` set key. + +> NOTE: Certificates should be signed for the fully qualified domain names. If `externalAccess.service.publicNames`is set, those names should be used in the certificates set in `tls.replicaset.existingSecrets`. + #### Access the cluster To access the cluster, enable the init container which generates the MongoDB(®) server/client PEM key needed to access the cluster. Please be sure to include the `$my_hostname` section with your actual hostname, and the alternative hostnames section should contain the hostnames that should be allowed access to the MongoDB(®) replicaset. Additionally, if external access is enabled, the load balancer IP addresses are added to the alternative names list. @@ -562,6 +601,13 @@ If you encounter errors when working with persistent volumes, refer to our [trou | `externalAccess.autoDiscovery.image.pullSecrets` | Init container auto-discovery image pull secrets | `[]` | | `externalAccess.autoDiscovery.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if externalAccess.autoDiscovery.resources is set (externalAccess.autoDiscovery.resources is recommended for production). | `nano` | | `externalAccess.autoDiscovery.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `externalAccess.dnsCheck.image.registry` | Init container dns-check image registry | `REGISTRY_NAME` | +| `externalAccess.dnsCheck.image.repository` | Init container dns-check image repository | `REPOSITORY_NAME/kubectl` | +| `externalAccess.dnsCheck.image.digest` | Init container dns-check image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `externalAccess.dnsCheck.image.pullPolicy` | Init container dns-check image pull policy | `IfNotPresent` | +| `externalAccess.dnsCheck.image.pullSecrets` | Init container dns-check image pull secrets | `[]` | +| `externalAccess.dnsCheck.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if externalAccess.autoDiscovery.resources is set (externalAccess.autoDiscovery.resources is recommended for production). | `nano` | +| `externalAccess.dnsCheck.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | | `externalAccess.externalMaster.enabled` | Use external master for bootstrapping | `false` | | `externalAccess.externalMaster.host` | External master host to bootstrap from | `""` | | `externalAccess.externalMaster.port` | Port for MongoDB(®) service external master host | `27017` | @@ -569,14 +615,16 @@ If you encounter errors when working with persistent volumes, refer to our [trou | `externalAccess.service.portName` | MongoDB(®) port name used for external access when service type is LoadBalancer | `mongodb` | | `externalAccess.service.ports.mongodb` | MongoDB(®) port used for external access when service type is LoadBalancer | `27017` | | `externalAccess.service.loadBalancerIPs` | Array of load balancer IPs for MongoDB(®) nodes | `[]` | +| `externalAccess.service.publicNames` | Array of public names. The size should be equal to the number of replicas. | `[]` | | `externalAccess.service.loadBalancerClass` | loadBalancerClass when service type is LoadBalancer | `""` | | `externalAccess.service.loadBalancerSourceRanges` | Address(es) that are allowed when service is LoadBalancer | `[]` | -| `externalAccess.service.allocateLoadBalancerNodePorts` | Wheter to allocate node ports when service type is LoadBalancer | `true` | +| `externalAccess.service.allocateLoadBalancerNodePorts` | Whether to allocate node ports when service type is LoadBalancer | `true` | | `externalAccess.service.externalTrafficPolicy` | MongoDB(®) service external traffic policy | `Local` | | `externalAccess.service.nodePorts` | Array of node ports used to configure MongoDB(®) advertised hostname when service type is NodePort | `[]` | | `externalAccess.service.domain` | Domain or external IP used to configure MongoDB(®) advertised hostname when service type is NodePort | `""` | | `externalAccess.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | -| `externalAccess.service.annotations` | Service annotations for external access | `{}` | +| `externalAccess.service.annotations` | Service annotations for external access. These annotations are common for all services created. | `{}` | +| `externalAccess.service.annotationsList` | Service annotations for eache external service. This value contains a list allowing different annotations per each external service. | `[]` | | `externalAccess.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | | `externalAccess.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | | `externalAccess.hidden.enabled` | Enable Kubernetes external cluster access to MongoDB(®) hidden nodes | `false` | diff --git a/bitnami/mongodb/templates/_helpers.tpl b/bitnami/mongodb/templates/_helpers.tpl index 76f87f8782519e..a9b109357ef917 100644 --- a/bitnami/mongodb/templates/_helpers.tpl +++ b/bitnami/mongodb/templates/_helpers.tpl @@ -74,6 +74,13 @@ Return the proper image name (for the init container auto-discovery image) {{- include "common.images.image" (dict "imageRoot" .Values.externalAccess.autoDiscovery.image "global" .Values.global) -}} {{- end -}} +{{/* +Return the proper image name (for the init container dns-check image) +*/}} +{{- define "mongodb.externalAccess.dnsCheck.image" -}} +{{- include "common.images.image" (dict "imageRoot" .Values.externalAccess.dnsCheck.image "global" .Values.global) -}} +{{- end -}} + {{/* Return the proper image name (for the TLS Certs image) */}} @@ -85,7 +92,7 @@ Return the proper image name (for the TLS Certs image) Return the proper Docker Image Registry Secret Names */}} {{- define "mongodb.imagePullSecrets" -}} -{{- include "common.images.renderPullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image .Values.tls.image) "context" $) -}} +{{- include "common.images.renderPullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image .Values.tls.image .Values.externalAccess.dnsCheck.image .Values.externalAccess.autoDiscovery.image) "context" $) -}} {{- end -}} {{/* @@ -221,6 +228,103 @@ Get the initialization scripts ConfigMap name. {{- end -}} {{- end -}} +{{/* +Get initial primary host to configure MongoDB cluster. +*/}} +{{- define "mongodb.initialPrimaryHost" -}} +{{ ternary ( printf "%s-0.$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.%s" (include "mongodb.fullname" .) .Values.clusterDomain ) ( first .Values.externalAccess.service.publicNames ) ( empty .Values.externalAccess.service.publicNames ) }} +{{- end -}} + +{{/* +Init container definition to change/establish volume permissions. +*/}} +{{- define "mongodb.initContainer.volumePermissions" -}} +- name: volume-permissions + image: {{ include "mongodb.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - /bin/bash + args: + - -ec + - | + mkdir -p {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} + chown {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} + find {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }} + {{- else }} + securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.volumePermissions.resources }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- else if ne .Values.volumePermissions.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }} + {{- end }} + volumeMounts: + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + - name: {{ .Values.persistence.name | default "datadir" }} + mountPath: {{ .Values.persistence.mountPath }} +{{- end -}} + +{{/* +Init container definition to get external IP addresses. +*/}} +{{- define "mongodb.initContainers.autoDiscovery" -}} +- name: auto-discovery + image: {{ include "mongodb.externalAccess.autoDiscovery.image" . }} + imagePullPolicy: {{ .Values.externalAccess.autoDiscovery.image.pullPolicy | quote }} + # We need the service account token for contacting the k8s API + automountServiceAccountToken: true + command: + - /scripts/auto-discovery.sh + env: + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: SHARED_FILE + value: "/shared/info.txt" + {{- if .Values.externalAccess.autoDiscovery.resources }} + resources: {{- toYaml .Values.externalAccess.autoDiscovery.resources | nindent 12 }} + {{- else if ne .Values.externalAccess.autoDiscovery.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.externalAccess.autoDiscovery.resourcesPreset) | nindent 12 }} + {{- end }} + volumeMounts: + - name: shared + mountPath: /shared + - name: scripts + mountPath: /scripts/auto-discovery.sh + subPath: auto-discovery.sh + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir +{{- end -}} + +{{/* +Init container definition to wait external DNS names. +*/}} +{{- define "mongodb.initContainers.dnsCheck" -}} +- name: dns-check + image: {{ include "mongodb.externalAccess.dnsCheck.image" . }} + imagePullPolicy: {{ .Values.externalAccess.dnsCheck.image.pullPolicy | quote }} + command: + - /bin/bash + args: + - -ec + - | + # MONGODB_INITIAL_PRIMARY_HOST should be resolvable + while ! (getent ahosts "{{ include "mongodb.initialPrimaryHost" . }}" | grep STREAM); do + sleep 10 + done + {{- if .Values.externalAccess.dnsCheck.resources }} + resources: {{- toYaml .Values.externalAccess.dnsCheck.resources | nindent 12 }} + {{- else if ne .Values.externalAccess.dnsCheck.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.externalAccess.dnsCheck.resourcesPreset) | nindent 12 }} + {{- end }} +{{- end -}} + {{/* Return true if the Arbiter should be deployed */}} @@ -365,13 +469,17 @@ Validate values of MongoDB® - number of replicas must be the same than LoadB {{- define "mongodb.validateValues.loadBalancerIPsListLength" -}} {{- $replicaCount := int .Values.replicaCount }} {{- $loadBalancerListLength := len .Values.externalAccess.service.loadBalancerIPs }} +{{- $publicNamesListLength := len .Values.externalAccess.service.publicNames }} {{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled (eq .Values.externalAccess.service.type "LoadBalancer") -}} -{{- if and (not .Values.externalAccess.autoDiscovery.enabled) (eq $loadBalancerListLength 0) -}} -mongodb: .Values.externalAccess.service.loadBalancerIPs - externalAccess.service.loadBalancerIPs or externalAccess.autoDiscovery.enabled are required when externalAccess is enabled. -{{- else if and (not .Values.externalAccess.autoDiscovery.enabled) (not (eq $replicaCount $loadBalancerListLength )) -}} +{{- if and (not .Values.externalAccess.autoDiscovery.enabled) (eq $loadBalancerListLength 0) (eq $publicNamesListLength 0) -}} +mongodb: .Values.externalAccess.service.loadBalancerIPs, .Values.externalAccess.service.publicNames + externalAccess.service.loadBalancerIPs, externalAccess.service.publicNames or externalAccess.autoDiscovery.enabled are required when externalAccess is enabled. +{{- else if and (not .Values.externalAccess.autoDiscovery.enabled) (not (eq $replicaCount $loadBalancerListLength )) (not (eq $loadBalancerListLength 0)) -}} mongodb: .Values.externalAccess.service.loadBalancerIPs - Number of replicas ({{ $replicaCount }}) and loadBalancerIPs ({{ $loadBalancerListLength }}) array length must be the same. + Number of replicas ({{ $replicaCount }}) and loadBalancerIPs array length ({{ $loadBalancerListLength }}) must be the same. +{{- else if and (not .Values.externalAccess.autoDiscovery.enabled) (not (eq $replicaCount $publicNamesListLength )) (not (eq $publicNamesListLength 0)) -}} +mongodb: .Values.externalAccess.service.publicNames + Number of replicas ({{ $replicaCount }}) and publicNames array length ({{ $publicNamesListLength }}) must be the same. {{- end -}} {{- end -}} {{- end -}} @@ -384,8 +492,8 @@ Validate values of MongoDB® - number of replicas must be the same than NodeP {{- $nodePortListLength := len .Values.externalAccess.service.nodePorts }} {{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled (eq .Values.externalAccess.service.type "NodePort") -}} {{- if and (not .Values.externalAccess.autoDiscovery.enabled) (eq $nodePortListLength 0) -}} -mongodb: .Values.externalAccess.service.loadBalancerIPs - externalAccess.service.loadBalancerIPs or externalAccess.autoDiscovery.enabled are required when externalAccess is enabled. +mongodb: .Values.externalAccess.service.nodePorts + externalAccess.service.nodePorts or externalAccess.autoDiscovery.enabled are required when externalAccess is enabled. {{- else if and (not .Values.externalAccess.autoDiscovery.enabled) (not (eq $replicaCount $nodePortListLength )) -}} mongodb: .Values.externalAccess.service.nodePorts Number of replicas ({{ $replicaCount }}) and nodePorts ({{ $nodePortListLength }}) array length must be the same. diff --git a/bitnami/mongodb/templates/arbiter/statefulset.yaml b/bitnami/mongodb/templates/arbiter/statefulset.yaml index 15debeb54d5103..279772b87df8cb 100644 --- a/bitnami/mongodb/templates/arbiter/statefulset.yaml +++ b/bitnami/mongodb/templates/arbiter/statefulset.yaml @@ -83,6 +83,9 @@ spec: {{- if .Values.arbiter.initContainers }} {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.initContainers "context" $) | nindent 8 }} {{- end }} + {{- if and .Values.externalAccess.enabled ( or .Values.externalAccess.service.publicNames .Values.externalAccess.service.domain ) }} + {{- include "mongodb.initContainers.dnsCheck" . | nindent 8 }} + {{- end }} {{- if and .Values.tls.enabled .Values.arbiter.enabled }} - name: generate-tls-certs image: {{ include "mongodb.tls.image" . }} @@ -156,7 +159,7 @@ spec: - name: MONGODB_REPLICA_SET_MODE value: "arbiter" - name: MONGODB_INITIAL_PRIMARY_HOST - value: {{ printf "%s-0.%s.$(MY_POD_NAMESPACE).svc.%s" (include "mongodb.fullname" .) (include "mongodb.service.nameOverride" .) .Values.clusterDomain }} + value: {{ include "mongodb.initialPrimaryHost" . | quote }} - name: MONGODB_REPLICA_SET_NAME value: {{ .Values.replicaSetName | quote }} - name: MONGODB_ADVERTISED_HOSTNAME diff --git a/bitnami/mongodb/templates/backup/cronjob.yaml b/bitnami/mongodb/templates/backup/cronjob.yaml index 631ac4be127261..3e8972c75a75d6 100644 --- a/bitnami/mongodb/templates/backup/cronjob.yaml +++ b/bitnami/mongodb/templates/backup/cronjob.yaml @@ -103,8 +103,8 @@ spec: {{- if .Values.externalAccess.service.loadBalancerIPs }} - -i {{ join "," .Values.externalAccess.service.loadBalancerIPs }} {{- end }} - {{- if .Values.tls.extraDnsNames }} - - -n {{ join "," .Values.tls.extraDnsNames }} + {{- if or .Values.tls.extraDnsNames .Values.externalAccess.service.publicNames }} + - -n {{ join "," ( concat .Values.tls.extraDnsNames .Values.externalAccess.service.publicNames ) }} {{- end }} {{- if .Values.tls.resources }} resources: {{- toYaml .Values.tls.resources | nindent 16 }} diff --git a/bitnami/mongodb/templates/common-scripts-cm.yaml b/bitnami/mongodb/templates/common-scripts-cm.yaml index 3b9ba5f7dadc11..ba93212030f14d 100644 --- a/bitnami/mongodb/templates/common-scripts-cm.yaml +++ b/bitnami/mongodb/templates/common-scripts-cm.yaml @@ -81,9 +81,6 @@ data: {{- else }} DNS.3 = $svc.$MY_POD_NAMESPACE.svc.{{ .Values.clusterDomain }} {{- end }} - DNS.4 = localhost - IP.0 = ${MY_POD_HOST_IP} - IP.1 = 127.0.0.1 EOL index=2 for ip in "${additional_ips[@]}"; do diff --git a/bitnami/mongodb/templates/hidden/statefulset.yaml b/bitnami/mongodb/templates/hidden/statefulset.yaml index d7af6ebeac940d..c68061b810e10a 100644 --- a/bitnami/mongodb/templates/hidden/statefulset.yaml +++ b/bitnami/mongodb/templates/hidden/statefulset.yaml @@ -89,33 +89,13 @@ spec: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.initContainers "context" $) | nindent 8 }} {{- end }} {{- if and .Values.volumePermissions.enabled .Values.hidden.persistence.enabled }} - - name: volume-permissions - image: {{ include "mongodb.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - command: - - /bin/bash - args: - - -ec - - | - mkdir -p {{ printf "%s/%s" .Values.hidden.persistence.mountPath (default "" .Values.hidden.persistence.subPath) }} - chown {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} {{ printf "%s/%s" .Values.hidden.persistence.mountPath (default "" .Values.hidden.persistence.subPath) }} - find {{ printf "%s/%s" .Values.hidden.persistence.mountPath (default "" .Values.hidden.persistence.subPath) }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }} - {{- else }} - securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.volumePermissions.resources }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- else if ne .Values.volumePermissions.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }} - {{- end }} - volumeMounts: - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - - name: datadir - mountPath: {{ .Values.hidden.persistence.mountPath }} + {{- include "mongodb.initContainer.volumePermissions" . | indent 8 }} + {{- end }} + {{- if and .Values.externalAccess.hidden.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.hidden.service.type "LoadBalancer") }} + {{- include "mongodb.initContainers.autoDiscovery" . | indent 8 }} + {{- end }} + {{- if and .Values.externalAccess.enabled ( or .Values.externalAccess.service.publicNames .Values.externalAccess.service.domain ) }} + {{- include "mongodb.initContainers.dnsCheck" . | indent 8 }} {{- end }} {{- if .Values.tls.enabled }} - name: generate-tls-certs @@ -158,8 +138,8 @@ spec: {{- if .Values.externalAccess.hidden.service.loadBalancerIPs }} - -i {{ join "," .Values.externalAccess.hidden.service.loadBalancerIPs }} {{- end }} - {{- if .Values.tls.extraDnsNames }} - - -n {{ join "," .Values.tls.extraDnsNames }} + {{- if or .Values.tls.extraDnsNames .Values.externalAccess.service.publicNames }} + - -n {{ join "," ( concat .Values.tls.extraDnsNames .Values.externalAccess.service.publicNames ) }} {{- end }} {{- if .Values.tls.resources }} resources: {{- toYaml .Values.tls.resources | nindent 12 }} @@ -167,36 +147,6 @@ spec: resources: {{- include "common.resources.preset" (dict "type" .Values.tls.resourcesPreset) | nindent 12 }} {{- end }} {{- end }} - {{- if and .Values.externalAccess.hidden.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.hidden.service.type "LoadBalancer") }} - - name: auto-discovery - image: {{ include "mongodb.externalAccess.autoDiscovery.image" . }} - imagePullPolicy: {{ .Values.externalAccess.autoDiscovery.image.pullPolicy | quote }} - command: - - /scripts/auto-discovery.sh - # We need the service account token for contacting the k8s API - automountServiceAccountToken: true - env: - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: SHARED_FILE - value: "/shared/info.txt" - {{- if .Values.externalAccess.autoDiscovery.resources }} - resources: {{- toYaml .Values.externalAccess.autoDiscovery.resources | nindent 12 }} - {{- else if ne .Values.externalAccess.autoDiscovery.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.externalAccess.autoDiscovery.resourcesPreset) | nindent 12 }} - {{- end }} - volumeMounts: - - name: shared - mountPath: /shared - - name: scripts - mountPath: /scripts/auto-discovery.sh - subPath: auto-discovery.sh - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - {{- end }} {{- end }} containers: - name: mongodb @@ -247,7 +197,7 @@ spec: - name: MONGODB_REPLICA_SET_MODE value: "hidden" - name: MONGODB_INITIAL_PRIMARY_HOST - value: {{ printf "%s-0.$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.%s" (include "mongodb.fullname" .) .Values.clusterDomain }} + value: {{ include "mongodb.initialPrimaryHost" . | quote }} - name: MONGODB_REPLICA_SET_NAME value: {{ .Values.replicaSetName | quote }} {{- if and .Values.replicaSetHostnames (not .Values.externalAccess.hidden.enabled) }} @@ -413,6 +363,9 @@ spec: - name: empty-dir mountPath: /opt/bitnami/mongodb/logs subPath: app-logs-dir + - name: empty-dir + mountPath: /.mongodb + subPath: mongosh-home {{- if .Values.hidden.extraVolumeMounts }} {{- include "common.tplvalues.render" (dict "value" .Values.hidden.extraVolumeMounts "context" $) | nindent 12 }} {{- end }} diff --git a/bitnami/mongodb/templates/replicaset/external-access-svc.yaml b/bitnami/mongodb/templates/replicaset/external-access-svc.yaml index aac5902169a40b..d16eb402f260dc 100644 --- a/bitnami/mongodb/templates/replicaset/external-access-svc.yaml +++ b/bitnami/mongodb/templates/replicaset/external-access-svc.yaml @@ -19,8 +19,9 @@ metadata: labels: {{- include "common.labels.standard" ( dict "customLabels" $root.Values.commonLabels "context" $ ) | nindent 4 }} app.kubernetes.io/component: mongodb pod: {{ $targetPod }} - {{- if or $root.Values.externalAccess.service.annotations $root.Values.commonAnnotations }} - {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list $root.Values.externalAccess.service.annotations $root.Values.commonAnnotations ) "context" $ ) }} + {{- if or $root.Values.externalAccess.service.annotations $root.Values.commonAnnotations $root.Values.externalAccess.service.annotationsList}} + {{- $exclusiveAnnotations := ternary ( dict ) (index $root.Values.externalAccess.service.annotationsList $i) ( lt (len $root.Values.externalAccess.service.annotationsList ) $i ) }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list $root.Values.externalAccess.service.annotations $root.Values.commonAnnotations $exclusiveAnnotations ) "context" $ ) }} annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} {{- end }} spec: diff --git a/bitnami/mongodb/templates/replicaset/scripts-configmap.yaml b/bitnami/mongodb/templates/replicaset/scripts-configmap.yaml index 3f43df8335b44c..d44f9ba3e96641 100644 --- a/bitnami/mongodb/templates/replicaset/scripts-configmap.yaml +++ b/bitnami/mongodb/templates/replicaset/scripts-configmap.yaml @@ -73,7 +73,7 @@ data: export MONGODB_ADVERTISED_HOSTNAME="$(<${SHARED_FILE})" {{- else }} ID="${MY_POD_NAME#"{{ $fullname }}-"}" - export MONGODB_ADVERTISED_HOSTNAME=$(echo '{{ .Values.externalAccess.service.loadBalancerIPs }}' | tr -d '[]' | cut -d ' ' -f "$(($ID + 1))") + export MONGODB_ADVERTISED_HOSTNAME=$(echo '{{ coalesce .Values.externalAccess.service.publicNames .Values.externalAccess.service.loadBalancerIPs }}' | tr -d '[]' | cut -d ' ' -f "$(($ID + 1))") {{- end }} {{- else if eq .Values.externalAccess.service.type "NodePort" }} ID="${MY_POD_NAME#"{{ $fullname }}-"}" @@ -113,7 +113,6 @@ data: {{- $fullname := include "mongodb.fullname" . }} {{- $releaseNamespace := include "mongodb.namespace" . }} {{- $clusterDomain := .Values.clusterDomain }} - {{- $loadBalancerIPListLength := len .Values.externalAccess.service.loadBalancerIPs }} {{- $mongoList := list }} {{- range $e, $i := until $replicaCount }} {{- $mongoList = append $mongoList (printf "%s-%d.%s-headless.%s.svc.%s:%d" $fullname $i $fullname $releaseNamespace $clusterDomain $portNumber) }} @@ -159,7 +158,6 @@ data: export MONGODB_EXTRA_DATABASES_FILE="" export MONGODB_EXTRA_PASSWORDS_FILE="" fi - exec /opt/bitnami/scripts/mongodb/entrypoint.sh /opt/bitnami/scripts/mongodb/run.sh setup-hidden.sh: |- #!/bin/bash diff --git a/bitnami/mongodb/templates/replicaset/statefulset.yaml b/bitnami/mongodb/templates/replicaset/statefulset.yaml index 73b1038e4fdc31..aa69d93d664978 100644 --- a/bitnami/mongodb/templates/replicaset/statefulset.yaml +++ b/bitnami/mongodb/templates/replicaset/statefulset.yaml @@ -6,7 +6,8 @@ SPDX-License-Identifier: APACHE-2.0 {{- if eq .Values.architecture "replicaset" }} {{- $replicaCount := int .Values.replicaCount }} {{- $loadBalancerIPListLength := len .Values.externalAccess.service.loadBalancerIPs }} -{{- if not (and .Values.externalAccess.enabled (not .Values.externalAccess.autoDiscovery.enabled) (not (eq $replicaCount $loadBalancerIPListLength )) (eq .Values.externalAccess.service.type "LoadBalancer")) }} +{{- $publicNamesLength := len .Values.externalAccess.service.publicNames }} +{{- if not (and .Values.externalAccess.enabled (not .Values.externalAccess.autoDiscovery.enabled) (eq .Values.externalAccess.service.type "LoadBalancer") (not (eq $replicaCount $loadBalancerIPListLength)) (not (eq $replicaCount $publicNamesLength))) }} apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} kind: StatefulSet metadata: @@ -83,39 +84,19 @@ spec: terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} {{- end }} enableServiceLinks: {{ .Values.enableServiceLinks }} - {{- if or .Values.initContainers (and .Values.volumePermissions.enabled .Values.persistence.enabled) (and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled) .Values.tls.enabled }} + {{- if or .Values.initContainers (and .Values.volumePermissions.enabled .Values.persistence.enabled) (and .Values.externalAccess.enabled (or .Values.externalAccess.autoDiscovery.enabled .Values.externalAccess.service.publicNames .Values.externalAccess.service.domain)) .Values.tls.enabled }} initContainers: {{- if .Values.initContainers }} {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} {{- end }} {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} - - name: volume-permissions - image: {{ include "mongodb.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - command: - - /bin/bash - args: - - -ec - - | - mkdir -p {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} - chown {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} - find {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }} - {{- else }} - securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.volumePermissions.resources }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- else if ne .Values.volumePermissions.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }} - {{- end }} - volumeMounts: - - name: datadir - mountPath: {{ .Values.persistence.mountPath }} - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir + {{- include "mongodb.initContainer.volumePermissions" . | nindent 8 }} + {{- end }} + {{- if and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.service.type "LoadBalancer") }} + {{- include "mongodb.initContainers.autoDiscovery" . | nindent 8 }} + {{- end }} + {{- if and .Values.externalAccess.enabled ( or .Values.externalAccess.service.publicNames .Values.externalAccess.service.domain ) }} + {{- include "mongodb.initContainers.dnsCheck" . | nindent 8 }} {{- end }} {{- if .Values.tls.enabled }} - name: generate-tls-certs @@ -158,8 +139,8 @@ spec: {{- if .Values.externalAccess.service.loadBalancerIPs }} - -i {{ join "," .Values.externalAccess.service.loadBalancerIPs }} {{- end }} - {{- if .Values.tls.extraDnsNames }} - - -n {{ join "," .Values.tls.extraDnsNames }} + {{- if or .Values.tls.extraDnsNames .Values.externalAccess.service.publicNames }} + - -n {{ join "," ( concat .Values.tls.extraDnsNames .Values.externalAccess.service.publicNames ) }} {{- end }} {{- if .Values.tls.resources }} resources: {{- toYaml .Values.tls.resources | nindent 12 }} @@ -167,36 +148,6 @@ spec: resources: {{- include "common.resources.preset" (dict "type" .Values.tls.resourcesPreset) | nindent 12 }} {{- end }} {{- end }} - {{- if and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.service.type "LoadBalancer") }} - - name: auto-discovery - image: {{ include "mongodb.externalAccess.autoDiscovery.image" . }} - imagePullPolicy: {{ .Values.externalAccess.autoDiscovery.image.pullPolicy | quote }} - # We need the service account token for contacting the k8s API - automountServiceAccountToken: true - command: - - /scripts/auto-discovery.sh - env: - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: SHARED_FILE - value: "/shared/info.txt" - {{- if .Values.externalAccess.autoDiscovery.resources }} - resources: {{- toYaml .Values.externalAccess.autoDiscovery.resources | nindent 12 }} - {{- else if ne .Values.externalAccess.autoDiscovery.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.externalAccess.autoDiscovery.resourcesPreset) | nindent 12 }} - {{- end }} - volumeMounts: - - name: shared - mountPath: /shared - - name: scripts - mountPath: /scripts/auto-discovery.sh - subPath: auto-discovery.sh - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - {{- end }} {{- end }} containers: - name: mongodb @@ -243,7 +194,7 @@ spec: - name: K8S_SERVICE_NAME value: "{{ include "mongodb.service.nameOverride" . }}" - name: MONGODB_INITIAL_PRIMARY_HOST - value: {{ printf "%s-0.$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.%s" (include "mongodb.fullname" .) .Values.clusterDomain }} + value: {{ include "mongodb.initialPrimaryHost" . | quote }} - name: MONGODB_REPLICA_SET_NAME value: {{ .Values.replicaSetName | quote }} {{- if and .Values.replicaSetHostnames (not .Values.externalAccess.enabled) }} @@ -384,7 +335,10 @@ spec: - name: empty-dir mountPath: /opt/bitnami/mongodb/logs subPath: app-logs-dir - - name: datadir + - name: empty-dir + mountPath: /.mongodb + subPath: mongosh-home + - name: {{ .Values.persistence.name | default "datadir" }} mountPath: {{ .Values.persistence.mountPath }} subPath: {{ .Values.persistence.subPath }} - name: common-scripts diff --git a/bitnami/mongodb/templates/standalone/dep-sts.yaml b/bitnami/mongodb/templates/standalone/dep-sts.yaml index 5fd4d4b99a7a04..81050f3c5cda45 100644 --- a/bitnami/mongodb/templates/standalone/dep-sts.yaml +++ b/bitnami/mongodb/templates/standalone/dep-sts.yaml @@ -89,33 +89,7 @@ spec: {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} {{- end }} {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} - - name: volume-permissions - image: {{ include "mongodb.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - command: - - /bin/bash - args: - - -ec - - | - mkdir -p {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} - chown {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} - find {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} - {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} - securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }} - {{- else }} - securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.volumePermissions.resources }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- else if ne .Values.volumePermissions.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }} - {{- end }} - volumeMounts: - - name: empty-dir - mountPath: /tmp - subPath: tmp-dir - - name: {{ .Values.persistence.name | default "datadir" }} - mountPath: {{ .Values.persistence.mountPath }} + {{- include "mongodb.initContainer.volumePermissions" . | indent 8 }} {{- end }} {{- if .Values.tls.enabled }} - name: generate-tls-certs @@ -152,8 +126,8 @@ spec: {{- if .Values.externalAccess.service.loadBalancerIPs }} - -i {{ join "," .Values.externalAccess.service.loadBalancerIPs }} {{- end }} - {{- if .Values.tls.extraDnsNames }} - - -n {{ join "," .Values.tls.extraDnsNames }} + {{- if or .Values.tls.extraDnsNames .Values.externalAccess.service.publicNames }} + - -n {{ join "," ( concat .Values.tls.extraDnsNames .Values.externalAccess.service.publicNames ) }} {{- end }} {{- if .Values.tls.resources }} resources: {{- toYaml .Values.tls.resources | nindent 12 }} @@ -321,6 +295,9 @@ spec: - name: empty-dir mountPath: /opt/bitnami/mongodb/logs subPath: app-logs-dir + - name: empty-dir + mountPath: /.mongodb + subPath: mongosh-home - name: {{ .Values.persistence.name | default "datadir" }} mountPath: {{ .Values.persistence.mountPath }} subPath: {{ .Values.persistence.subPath }} diff --git a/bitnami/mongodb/values.yaml b/bitnami/mongodb/values.yaml index cc9b2af355061c..9515359bea7213 100644 --- a/bitnami/mongodb/values.yaml +++ b/bitnami/mongodb/values.yaml @@ -878,6 +878,56 @@ externalAccess: ## memory: 1024Mi ## resources: {} + ## Init container what mission is ensure public names can be resolved. + ## + dnsCheck: + ## Bitnami os-shell image + ## ref: https://hub.docker.com/r/bitnami/os-shell/tags/ + ## @param externalAccess.dnsCheck.image.registry [default: REGISTRY_NAME] Init container dns-check image registry + ## @param externalAccess.dnsCheck.image.repository [default: REPOSITORY_NAME/kubectl] Init container dns-check image repository + ## @skip externalAccess.dnsCheck.image.tag Init container dns-check image tag (immutable tags are recommended) + ## @param externalAccess.dnsCheck.image.digest Init container dns-check image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param externalAccess.dnsCheck.image.pullPolicy Init container dns-check image pull policy + ## @param externalAccess.dnsCheck.image.pullSecrets Init container dns-check image pull secrets + ## + image: + registry: docker.io + repository: bitnami/os-shell + tag: 12-debian-12-r19 + digest: "" + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## Example: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Init Container resource requests and limits + ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param externalAccess.dnsCheck.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if externalAccess.autoDiscovery.resources is set (externalAccess.autoDiscovery.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "nano" + ## @param externalAccess.dnsCheck.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## Parameters to configure a set of Pods that connect to an existing MongoDB(®) deployment that lies outside of Kubernetes. ## @param externalAccess.externalMaster.enabled Use external master for bootstrapping ## @param externalAccess.externalMaster.host External master host to bootstrap from @@ -908,6 +958,9 @@ externalAccess: ## - Y.Y.Y.Y ## loadBalancerIPs: [] + ## @param externalAccess.service.publicNames Array of public names. The size should be equal to the number of replicas. + ##  + publicNames: [] ## @param externalAccess.service.loadBalancerClass loadBalancerClass when service type is LoadBalancer # ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class loadBalancerClass: "" @@ -918,7 +971,7 @@ externalAccess: ## - 10.10.10.0/24 ## loadBalancerSourceRanges: [] - ## @param externalAccess.service.allocateLoadBalancerNodePorts Wheter to allocate node ports when service type is LoadBalancer + ## @param externalAccess.service.allocateLoadBalancerNodePorts Whether to allocate node ports when service type is LoadBalancer ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-nodeport-allocation ## allocateLoadBalancerNodePorts: true @@ -942,9 +995,16 @@ externalAccess: ## @param externalAccess.service.extraPorts Extra ports to expose (normally used with the `sidecar` value) ## extraPorts: [] - ## @param externalAccess.service.annotations Service annotations for external access + ## @param externalAccess.service.annotations Service annotations for external access. These annotations are common for all services created. ## annotations: {} + ## @param externalAccess.service.annotationsList Service annotations for eache external service. This value contains a list allowing different annotations per each external service. + ## Eg: + ## annotationsList: + ## - external-dns.alpha.kubernetes.io/hostname: mongodb-0.example.com + ## - external-dns.alpha.kubernetes.io/hostname: mongodb-1.example.com + ## + annotationsList: [] ## @param externalAccess.service.sessionAffinity Control where client requests go, to the same pod or round-robin ## Values: ClientIP or None ## ref: https://kubernetes.io/docs/concepts/services-networking/service/