diff --git a/mongodb/Chart.yaml b/mongodb/Chart.yaml new file mode 100644 index 000000000..acaaf7f41 --- /dev/null +++ b/mongodb/Chart.yaml @@ -0,0 +1,24 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: OpenStack-Helm MongoDB +name: mongodb +version: 0.1.0 +home: https://www.mongodb.com +sources: + - https://github.com/mongodb/mongo + - https://git.openstack.org/cgit/openstack/openstack-helm +maintainers: + - name: OpenStack-Helm Authors diff --git a/mongodb/requirements.yaml b/mongodb/requirements.yaml new file mode 100644 index 000000000..00a045b4e --- /dev/null +++ b/mongodb/requirements.yaml @@ -0,0 +1,19 @@ + +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: helm-toolkit + repository: http://localhost:8879/charts + version: 0.1.0 diff --git a/mongodb/templates/bin/_start.sh.tpl b/mongodb/templates/bin/_start.sh.tpl new file mode 100644 index 000000000..33929549c --- /dev/null +++ b/mongodb/templates/bin/_start.sh.tpl @@ -0,0 +1,47 @@ +#!/bin/bash + +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex + +mongod --auth & + +t=0 +until mongo --eval "db.adminCommand('ping')"; do + echo "waiting for mongodb to start" + sleep 1 + t=$(($t+1)) + if [ $t -ge 30 ] ; then + echo "mongodb did not start, giving up" + exit 1 + fi +done + +#NOTE(portdirect): stop sending commands to stdout to prevent root password +# being sent to logs. +set +x +mongo admin \ + --username "${ADMIN_USER}" \ + --password "${ADMIN_PASS}" \ + --eval "db.changeUserPassword(\"${ADMIN_USER}\", \"${ADMIN_PASS}\")" || \ + mongo admin \ + --eval "db.createUser({ user: \"${ADMIN_USER}\", \ + pwd: \"${ADMIN_PASS}\", \ + roles: [ { role: \"userAdminAnyDatabase\", \ + db: \"admin\" } ] });" +set -x +wait diff --git a/mongodb/templates/configmap-bin.yaml b/mongodb/templates/configmap-bin.yaml new file mode 100644 index 000000000..27f6463de --- /dev/null +++ b/mongodb/templates/configmap-bin.yaml @@ -0,0 +1,31 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.configmap_bin }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: mongodb-bin +data: +{{- if .Values.images.local_registry.active }} + image-repo-sync.sh: | +{{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} +{{- end }} + start.sh: | +{{ tuple "bin/_start.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} +{{- end }} diff --git a/mongodb/templates/job-image-repo-sync.yaml b/mongodb/templates/job-image-repo-sync.yaml new file mode 100644 index 000000000..4645179d5 --- /dev/null +++ b/mongodb/templates/job-image-repo-sync.yaml @@ -0,0 +1,20 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.job_image_repo_sync .Values.images.local_registry.active }} +{{- $imageRepoSyncJob := dict "envAll" . "serviceName" "mongodb" -}} +{{ $imageRepoSyncJob | include "helm-toolkit.manifests.job_image_repo_sync" }} +{{- end }} diff --git a/mongodb/templates/secret-db-root-password.yaml b/mongodb/templates/secret-db-root-password.yaml new file mode 100644 index 000000000..cdec2712e --- /dev/null +++ b/mongodb/templates/secret-db-root-password.yaml @@ -0,0 +1,28 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.secret_db_root_creds }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: mongodb-root-creds +type: Opaque +data: + MONGODB_ROOT_PASSWORD: {{ .Values.endpoints.mongodb.auth.admin.password | b64enc }} + MONGODB_ROOT_USERNAME: {{ .Values.endpoints.mongodb.auth.admin.username | b64enc }} +{{- end }} diff --git a/mongodb/templates/service.yaml b/mongodb/templates/service.yaml new file mode 100644 index 000000000..cc3079090 --- /dev/null +++ b/mongodb/templates/service.yaml @@ -0,0 +1,30 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.service }} +{{- $envAll := . }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ tuple "mongodb" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} +spec: + ports: + - name: db + port: {{ tuple "mongodb" "internal" "mongodb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + selector: +{{ tuple $envAll "mongodb" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} +{{- end }} diff --git a/mongodb/templates/statefulset.yaml b/mongodb/templates/statefulset.yaml new file mode 100644 index 000000000..a0bb88140 --- /dev/null +++ b/mongodb/templates/statefulset.yaml @@ -0,0 +1,129 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.statefulset }} +{{- $envAll := . }} + +{{- $serviceAccountName := "mongodb" }} +{{ tuple $envAll "mongodb" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: mongodb + labels: +{{ tuple $envAll "mongodb" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +spec: + serviceName: {{ tuple "mongodb" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} + replicas: {{ .Values.pod.replicas.server }} + selector: + matchLabels: +{{ tuple $envAll "mongodb" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} + template: + metadata: + labels: +{{ tuple $envAll "mongodb" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + spec: + serviceAccountName: {{ $serviceAccountName }} + affinity: +{{ tuple $envAll "mongodb" "server" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }} + nodeSelector: + {{ .Values.labels.server.node_selector_key }}: {{ .Values.labels.server.node_selector_value }} + initContainers: +{{ tuple $envAll "mongodb" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{- if $envAll.Values.volume.chown_on_start }} + - name: mongodb-perms +{{ tuple $envAll "mongodb" | include "helm-toolkit.snippets.image" | indent 10 }} + securityContext: + runAsUser: 0 +{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + command: + - chown + - -R + - "mongodb:" + - {{ $envAll.Values.volume.host.host_path }} + volumeMounts: + - name: mongodb-data + mountPath: {{ $envAll.Values.volume.host.host_path }} +{{- end }} + containers: + - name: mongodb +{{ tuple $envAll "mongodb" | include "helm-toolkit.snippets.image" | indent 10 }} + ports: + - containerPort: {{ tuple "mongodb" "internal" "mongodb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} + env: + - name: ADMIN_PASS + valueFrom: + secretKeyRef: + name: mongodb-root-creds + key: MONGODB_ROOT_PASSWORD + - name: ADMIN_USER + valueFrom: + secretKeyRef: + name: mongodb-root-creds + key: MONGODB_ROOT_USERNAME + command: + - /tmp/start.sh + livenessProbe: + exec: + command: + - mongo + - --eval + - "db.adminCommand('ping')" + initialDelaySeconds: 20 + timeoutSeconds: 5 + readinessProbe: + exec: + command: + - mongo + - --eval + - "db.adminCommand('ping')" + initialDelaySeconds: 20 + timeoutSeconds: 5 +{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + volumeMounts: + - name: mongodb-bin + mountPath: /tmp/start.sh + subPath: start.sh + readOnly: true + - name: mongodb-bin + mountPath: /tmp/setup_admin_user.sh + subPath: setup_admin_user.sh + readOnly: true + - name: mongodb-data + mountPath: /data/db + volumes: + - name: mongodb-bin + configMap: + name: mongodb-bin + defaultMode: 0555 +{{- if not .Values.volume.enabled }} + - name: mongodb-data + hostPath: + path: {{ .Values.volume.host_path }} +{{- else }} + volumeClaimTemplates: + - metadata: + name: mongodb-data + annotations: + {{ .Values.volume.class_path }}: {{ .Values.volume.class_name }} + spec: + accessModes: [ "ReadWriteOnce" ] + resources: + requests: + storage: {{ .Values.volume.size }} +{{- end }} +{{- end }} diff --git a/mongodb/values.yaml b/mongodb/values.yaml new file mode 100644 index 000000000..fc4dd3553 --- /dev/null +++ b/mongodb/values.yaml @@ -0,0 +1,127 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Default values for mongodb. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +release_group: null + +pod: + affinity: + anti: + type: + default: preferredDuringSchedulingIgnoredDuringExecution + topologyKey: + default: kubernetes.io/hostname + replicas: + #only 1 replica currently supported + server: 1 + resources: + enabled: false + server: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + jobs: + image_repo_sync: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" + +# using dockerhub mongodb: https://hub.docker.com/r/library/mongo/tags/ +images: + tags: + mongodb: docker.io/mongo:3.4.9-jessie + dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.3.1 + image_repo_sync: docker.io/docker:17.07.0 + pull_policy: "IfNotPresent" + local_registry: + active: false + exclude: + - dep_check + - image_repo_sync + +volume: + chown_on_start: true + enabled: true + size: 5Gi + class_name: general + class_path: volume.beta.kubernetes.io/storage-class + host: + host_path: /var/lib/openstack-helm/mongodb + +labels: + server: + node_selector_key: openstack-control-plane + node_selector_value: enabled + +endpoints: + cluster_domain_suffix: cluster.local + local_image_registry: + name: docker-registry + namespace: docker-registry + hosts: + default: localhost + internal: docker-registry + node: localhost + host_fqdn_override: + default: null + port: + registry: + node: 5000 + mongodb: + auth: + admin: + username: root + password: password + hosts: + default: mongodb + host_fqdn_override: + default: null + path: null + scheme: mongodb + port: + mongodb: + default: 27017 + +dependencies: + dynamic: + common: + local_image_registry: + jobs: + - mongodb-image-repo-sync + services: + - endpoint: node + service: local_image_registry + static: + mongodb: + jobs: null + image_repo_sync: + services: + - endpoint: internal + service: local_image_registry + +manifests: + configmap_bin: true + job_image_repo_sync: true + secret_db_root_creds: true + service: true + statefulset: true