├── .by-cicd ├── .gitignore ├── .osdk-scorecard.yaml ├── CONTRIBUTING.md ├── Dockerfile ├── Dockerfile.ppc64le ├── Dockerfile.s390x ├── LICENSE ├── Makefile ├── OWNERS ├── PROJECT ├── README.md ├── SECURITY_CONTACTS ├── api └── v1alpha1 │ ├── groupversion_info.go │ ├── mongodb_types.go │ └── zz_generated.deepcopy.go ├── base_images.json ├── bundle.Dockerfile ├── bundle ├── manifests │ ├── ibm-mongodb-operator.clusterserviceversion.yaml │ └── operator.ibm.com_mongodbs.yaml └── metadata │ └── annotations.yaml ├── common ├── Makefile.common.mk ├── config │ └── .golangci.yml └── scripts │ ├── .githooks │ ├── make_lint-all.sh │ └── pre-commit │ ├── add-image-shas.sh │ ├── config_docker.sh │ ├── delete-csv.sh │ ├── install-operator-sdk.sh │ ├── lint_copyright_banner.sh │ ├── lint_go.sh │ ├── next-csv.sh │ └── push-csv.sh ├── config ├── certmanager │ ├── certificate.yaml │ ├── kustomization.yaml │ └── kustomizeconfig.yaml ├── crd │ ├── bases │ │ └── operator.ibm.com_mongodbs.yaml │ ├── kustomization.yaml │ ├── kustomizeconfig.yaml │ └── patches │ │ ├── cainjection_in_mongodbs.yaml │ │ └── webhook_in_mongodbs.yaml ├── default │ ├── kustomization.yaml │ ├── manager_auth_proxy_patch.yaml │ ├── manager_webhook_patch.yaml │ └── webhookcainjection_patch.yaml ├── manager │ ├── kustomization.yaml │ └── manager.yaml ├── manifests │ ├── bases │ │ └── ibm-mongodb-operator.clusterserviceversion.yaml │ └── kustomization.yaml ├── prometheus │ ├── kustomization.yaml │ └── monitor.yaml ├── rbac │ ├── auth_proxy_client_clusterrole.yaml │ ├── auth_proxy_role.yaml │ ├── auth_proxy_role_binding.yaml │ ├── auth_proxy_service.yaml │ ├── kustomization.yaml │ ├── leader_election_role.yaml │ ├── leader_election_role_binding.yaml │ ├── mongodb_editor_role.yaml │ ├── mongodb_viewer_role.yaml │ ├── role.yaml │ ├── role_binding.yaml │ └── service_account.yaml ├── samples │ ├── kustomization.yaml │ └── mongodb_v1alpha1_mongodb.yaml ├── scorecard │ ├── bases │ │ └── config.yaml │ ├── kustomization.yaml │ └── patches │ │ ├── basic.config.yaml │ │ └── olm.config.yaml └── webhook │ ├── kustomization.yaml │ ├── kustomizeconfig.yaml │ └── service.yaml ├── controllers ├── certificate.go ├── icp-service.go ├── initconfigmap.go ├── installconfigmap.go ├── mongoconfigmap.go ├── mongodb_controller.go ├── service.go ├── service_account.go ├── statefulset.go └── suite_test.go ├── go.mod ├── go.sum ├── hack └── boilerplate.go.txt ├── main.go ├── tools.go └── version └── version.go /.by-cicd: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Binaries for programs and plugins 2 | *.exe 3 | *.exe~ 4 | *.dll 5 | *.so 6 | *.dylib 7 | build/_output 8 | build/_test 9 | build/_generate 10 | .vscode 11 | env 12 | catchup.sh 13 | .gitignore 14 | # Test binary, built with `go test -c` 15 | *.test 16 | 17 | # Output of the go coverage tool, specifically when used with LiteIDE 18 | *.out 19 | 20 | # Dependency directories (remove the comment below to include it) 21 | # vendor/ 22 | 23 | # Binaries for programs and plugins 24 | *.exe 25 | *.exe~ 26 | *.dll 27 | *.so 28 | *.dylib 29 | bin 30 | 31 | # Test binary, build with `go test -c` 32 | *.test 33 | 34 | # Output of the go coverage tool, specifically when used with LiteIDE 35 | *.out 36 | 37 | # Kubernetes Generated files - skip generated files, except for vendored files 38 | 39 | !vendor/**/zz_generated.* 40 | 41 | # editor and IDE paraphernalia 42 | .idea 43 | *.swp 44 | *.swo 45 | *~ 46 | -------------------------------------------------------------------------------- /.osdk-scorecard.yaml: -------------------------------------------------------------------------------- 1 | scorecard: 2 | # Setting a global scorecard option 3 | output: json 4 | plugins: 5 | # `basic` tests configured to test 1 CR 6 | - basic: 7 | cr-manifest: 8 | - "deploy/crds/operator.ibm.com_v1alpha1_mongodb_cr.yaml" 9 | # `olm` tests configured to test 1 CR 10 | - olm: 11 | cr-manifest: 12 | - "./deploy/crds/operator.ibm.com_v1alpha1_mongodb_cr.yaml" 13 | csv-path: "./deploy/olm-catalog/ibm-mongodb-operator/0.0.1/ibm-mongodb-operator.v0.0.1.clusterserviceversion.yaml" 14 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | **Table of Contents** *generated with [DocToc](https://github.com/thlorenz/doctoc)* 4 | 5 | - [Contributing guidelines](#contributing-guidelines) 6 | - [Developer Certificate of Origin](#developer-certificate-of-origin) 7 | - [Contributing A Patch](#contributing-a-patch) 8 | - [Issue and Pull Request Management](#issue-and-pull-request-management) 9 | - [Pre-check before submitting a PR](#pre-check-before-submitting-a-pr) 10 | - [Build images](#build-images) 11 | 12 | 13 | 14 | # Contributing guidelines 15 | 16 | ## Developer Certificate of Origin 17 | 18 | This repository built with [probot](https://github.com/probot/probot) that enforces the [Developer Certificate of Origin](https://developercertificate.org/) (DCO) on Pull Requests. It requires all commit messages to contain the `Signed-off-by` line with an email address that matches the commit author. 19 | 20 | ## Contributing A Patch 21 | 22 | 1. Submit an issue describing your proposed change to the repo in question. 23 | 1. The [repo owners](OWNERS) will respond to your issue promptly. 24 | 1. Fork the desired repo, develop and test your code changes. 25 | 1. Commit your changes with DCO 26 | 1. Submit a pull request. 27 | 28 | ## Issue and Pull Request Management 29 | 30 | Anyone may comment on issues and submit reviews for pull requests. However, in 31 | order to be assigned an issue or pull request, you must be a member of the 32 | [IBM](https://github.com/ibm) GitHub organization. 33 | 34 | Repo maintainers can assign you an issue or pull request by leaving a 35 | `/assign ` comment on the issue or pull request. 36 | 37 | ## Pre-check before submitting a PR 38 | 39 | After your PR is ready to commit, please run following commands to check your code. 40 | 41 | ```shell 42 | make check 43 | make test 44 | ``` 45 | 46 | ## Build images 47 | 48 | Make sure your code build passed. 49 | 50 | ```shell 51 | export BUILD_LOCALLY=1 52 | make 53 | ``` 54 | 55 | Now, you can follow the [getting started guide](./README.md#getting-started) to work with the xxx. 56 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | # Build the manager binary 2 | FROM golang:1.21.8-bullseye as builder 3 | 4 | 5 | WORKDIR /workspace 6 | # Copy the Go Modules manifests 7 | COPY go.mod go.mod 8 | COPY go.sum go.sum 9 | # cache deps before building and copying source so that we don't need to re-download as much 10 | # and so that source changes don't invalidate our downloaded layer 11 | RUN go mod download 12 | 13 | # Copy the go source 14 | COPY main.go main.go 15 | COPY api/ api/ 16 | COPY controllers/ controllers/ 17 | 18 | # Build 19 | RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -a -o manager main.go 20 | 21 | # Use distroless as minimal base image to package the manager binary 22 | # Refer to https://github.com/GoogleContainerTools/distroless for more details 23 | FROM docker-na-public.artifactory.swg-devops.com/hyc-cloud-private-edge-docker-local/build-images/ubi8-minimal:latest 24 | 25 | ARG VCS_REF 26 | ARG VCS_URL 27 | 28 | LABEL org.label-schema.vendor="IBM" \ 29 | org.label-schema.name="ibm-mongodb-operator" \ 30 | org.label-schema.description="IBM Cloud Platform Common Services MongoDB Component" \ 31 | org.label-schema.vcs-ref=$VCS_REF \ 32 | org.label-schema.vcs-url=$VCS_URL \ 33 | org.label-schema.license="Licensed Materials - Property of IBM" \ 34 | org.label-schema.schema-version="1.0" \ 35 | name="ibm-mongodb-operator" \ 36 | vendor="IBM" \ 37 | description="IBM Cloud Platform Common Services MongoDB Component" \ 38 | summary="MongoDB for internal use only." 39 | 40 | WORKDIR / 41 | COPY --from=builder /workspace/manager . 42 | 43 | # copy licenses 44 | RUN mkdir /licenses 45 | COPY LICENSE /licenses 46 | 47 | # USER nonroot:nonroot 48 | USER 1001 49 | 50 | ENTRYPOINT ["/manager"] 51 | -------------------------------------------------------------------------------- /Dockerfile.ppc64le: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 IBM Corporation 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | 17 | FROM alpine as qemu 18 | 19 | RUN wget -O /qemu-ppc64le-static https://github.com/multiarch/qemu-user-static/releases/download/v5.2.0-2/qemu-ppc64le-static 20 | 21 | RUN chmod +x /qemu-ppc64le-static 22 | 23 | # Build the manager binary 24 | FROM golang:1.21.8-bullseye as builder 25 | 26 | ARG GOARCH 27 | 28 | WORKDIR /workspace 29 | # Copy the Go Modules manifests 30 | COPY go.mod go.mod 31 | COPY go.sum go.sum 32 | # cache deps before building and copying source so that we don't need to re-download as much 33 | # and so that source changes don't invalidate our downloaded layer 34 | RUN go mod download 35 | 36 | # Copy the go source 37 | COPY main.go main.go 38 | COPY api/ api/ 39 | COPY controllers/ controllers/ 40 | 41 | # Build 42 | RUN CGO_ENABLED=0 GOOS=linux GO111MODULE=on go build -a -o manager main.go 43 | 44 | # Use distroless as minimal base image to package the manager binary 45 | # Refer to https://github.com/GoogleContainerTools/distroless for more details 46 | # FROM gcr.io/distroless/static:nonroot 47 | FROM docker-na-public.artifactory.swg-devops.com/hyc-cloud-private-edge-docker-local/build-images/ubi8-minimal:latest 48 | 49 | ARG VCS_REF 50 | ARG VCS_URL 51 | 52 | LABEL org.label-schema.vendor="IBM" \ 53 | org.label-schema.name="ibm-mongodb-operator" \ 54 | org.label-schema.description="IBM Cloud Platform Common Services MongoDB Component" \ 55 | org.label-schema.vcs-ref=$VCS_REF \ 56 | org.label-schema.vcs-url=$VCS_URL \ 57 | org.label-schema.license="Licensed Materials - Property of IBM" \ 58 | org.label-schema.schema-version="1.0" \ 59 | name="ibm-mongodb-operator" \ 60 | vendor="IBM" \ 61 | description="IBM Cloud Platform Common Services MongoDB Component" \ 62 | summary="MongoDB for internal use only." 63 | 64 | WORKDIR / 65 | COPY --from=builder /workspace/manager . 66 | COPY --from=qemu /qemu-ppc64le-static /usr/bin/ 67 | 68 | # copy licenses 69 | RUN mkdir /licenses 70 | COPY LICENSE /licenses 71 | 72 | # USER nonroot:nonroot 73 | USER 1001 74 | 75 | ENTRYPOINT ["/manager"] 76 | -------------------------------------------------------------------------------- /Dockerfile.s390x: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright 2022 IBM Corporation 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | 17 | FROM alpine as qemu 18 | 19 | RUN wget -O /qemu-s390x-static https://github.com/multiarch/qemu-user-static/releases/download/v5.2.0-2/qemu-s390x-static 20 | 21 | RUN chmod +x /qemu-s390x-static 22 | 23 | # Build the manager binary 24 | FROM golang:1.21.8-bullseye as builder 25 | 26 | ARG GOARCH 27 | 28 | WORKDIR /workspace 29 | # Copy the Go Modules manifests 30 | COPY go.mod go.mod 31 | COPY go.sum go.sum 32 | # cache deps before building and copying source so that we don't need to re-download as much 33 | # and so that source changes don't invalidate our downloaded layer 34 | RUN go mod download 35 | 36 | # Copy the go source 37 | COPY main.go main.go 38 | COPY api/ api/ 39 | COPY controllers/ controllers/ 40 | 41 | # Build 42 | RUN CGO_ENABLED=0 GOOS=linux GO111MODULE=on go build -a -o manager main.go 43 | 44 | # Use distroless as minimal base image to package the manager binary 45 | # Refer to https://github.com/GoogleContainerTools/distroless for more details 46 | # FROM gcr.io/distroless/static:nonroot 47 | FROM docker-na-public.artifactory.swg-devops.com/hyc-cloud-private-edge-docker-local/build-images/ubi8-minimal:latest 48 | 49 | ARG VCS_REF 50 | ARG VCS_URL 51 | 52 | LABEL org.label-schema.vendor="IBM" \ 53 | org.label-schema.name="ibm-mongodb-operator" \ 54 | org.label-schema.description="IBM Cloud Platform Common Services MongoDB Component" \ 55 | org.label-schema.vcs-ref=$VCS_REF \ 56 | org.label-schema.vcs-url=$VCS_URL \ 57 | org.label-schema.license="Licensed Materials - Property of IBM" \ 58 | org.label-schema.schema-version="1.0" \ 59 | name="ibm-mongodb-operator" \ 60 | vendor="IBM" \ 61 | description="IBM Cloud Platform Common Services MongoDB Component" \ 62 | summary="MongoDB for internal use only." 63 | 64 | WORKDIR / 65 | COPY --from=builder /workspace/manager . 66 | COPY --from=qemu /qemu-s390x-static /usr/bin/ 67 | 68 | # copy licenses 69 | RUN mkdir /licenses 70 | COPY LICENSE /licenses 71 | 72 | # USER nonroot:nonroot 73 | USER 1001 74 | 75 | ENTRYPOINT ["/manager"] 76 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Copyright 2021 IBM Corporation 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | .DEFAULT_GOAL:=help 18 | 19 | OPERATOR_SDK ?= $(shell which operator-sdk) 20 | CONTROLLER_GEN ?= $(shell which controller-gen) 21 | KUSTOMIZE ?= $(shell which kustomize) 22 | # Specify whether this repo is build locally or not, default values is '1'; 23 | # If set to 1, then you need to also set 'DOCKER_USERNAME' and 'DOCKER_PASSWORD' 24 | # environment variables before build the repo. 25 | BUILD_LOCALLY ?= 1 26 | TARGET_GOOS=linux 27 | TARGET_GOARCH=amd64 28 | 29 | # The namespcethat operator will be deployed in 30 | NAMESPACE=ibm-common-services 31 | 32 | # Image URL to use all building/pushing image targets; 33 | # Use your own docker registry and image name for dev/test by overridding the IMG and REGISTRY environment variable. 34 | IMG ?= ibm-mongodb-operator 35 | BUNDLE_IMAGE_NAME=ibm-mongodb-operator-bundle 36 | REGISTRY ?= "docker-na-public.artifactory.swg-devops.com/hyc-cloud-private-integration-docker-local/ibmcom" 37 | CSV_VERSION ?= $(shell cat version/version.go | grep = | cut -d '"' -f2) 38 | 39 | # Options for 'bundle-build' 40 | ifneq ($(origin CHANNELS), undefined) 41 | BUNDLE_CHANNELS := --channels=$(CHANNELS) 42 | endif 43 | ifneq ($(origin DEFAULT_CHANNEL), undefined) 44 | BUNDLE_DEFAULT_CHANNEL := --default-channel=$(DEFAULT_CHANNEL) 45 | endif 46 | BUNDLE_METADATA_OPTS ?= $(BUNDLE_CHANNELS) $(BUNDLE_DEFAULT_CHANNEL) 47 | 48 | QUAY_USERNAME ?= 49 | QUAY_PASSWORD ?= 50 | 51 | MARKDOWN_LINT_WHITELIST=https://quay.io/cnr 52 | VCS_URL ?= https://github.com/IBM/ibm-mongodb-operator 53 | VCS_REF ?= $(shell git rev-parse HEAD) 54 | TESTARGS_DEFAULT := "-v" 55 | export TESTARGS ?= $(TESTARGS_DEFAULT) 56 | VERSION ?= $(shell cat ./version/version.go | grep "Version =" | awk '{ print $$3}' | tr -d '"') 57 | 58 | # Produce CRDs that work back to Kubernetes 1.11 (no version conversion) 59 | CRD_OPTIONS ?= "crd:trivialVersions=true" 60 | 61 | LOCAL_OS := $(shell uname) 62 | LOCAL_ARCH := $(shell uname -m) 63 | ifeq ($(LOCAL_OS),Linux) 64 | TARGET_OS ?= linux 65 | XARGS_FLAGS="-r" 66 | STRIP_FLAGS= 67 | else ifeq ($(LOCAL_OS),Darwin) 68 | TARGET_OS ?= darwin 69 | XARGS_FLAGS= 70 | STRIP_FLAGS="-x" 71 | else 72 | $(error "This system's OS $(LOCAL_OS) isn't recognized/supported") 73 | endif 74 | 75 | include common/Makefile.common.mk 76 | 77 | ifeq ($(BUILD_LOCALLY),0) 78 | export CONFIG_DOCKER_TARGET = config-docker 79 | endif 80 | 81 | 82 | ##@ Development 83 | 84 | check: lint-all ## Check all files lint error 85 | 86 | code-dev: ## Run the default dev commands which are the go tidy, fmt, vet then execute the $ make code-gen 87 | @echo Running the common required commands for developments purposes 88 | - make code-tidy 89 | - make code-fmt 90 | - make code-vet 91 | @echo Running the common required commands for code delivery 92 | - make check 93 | - make test 94 | 95 | manager: generate code-fmt code-vet ## Build manager binary 96 | go build -o bin/manager main.go 97 | 98 | run: generate code-fmt code-vet manifests ## Run against the configured Kubernetes cluster in ~/.kube/config 99 | WATCH_NAMESPACE=ibm-common-services go run ./main.go 100 | 101 | install: manifests kustomize ## Install CRDs into a cluster 102 | $(KUSTOMIZE) build config/crd | kubectl apply -f - 103 | 104 | uninstall: manifests kustomize ## Uninstall CRDs from a cluster 105 | $(KUSTOMIZE) build config/crd | kubectl delete -f - 106 | 107 | deploy: manifests kustomize ## Deploy controller in the configured Kubernetes cluster in ~/.kube/config 108 | cd config/manager && $(KUSTOMIZE) edit set image controller=$(IMAGE_REPO)/$(OPERATOR_IMAGE_NAME):$(CSV_VERSION) 109 | $(KUSTOMIZE) build config/default | kubectl apply -f - 110 | 111 | ##@ Generate code and manifests 112 | 113 | manifests: controller-gen ## Generate manifests e.g. CRD, RBAC etc. 114 | $(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=ibm-mongodb-operator webhook paths="./..." output:crd:artifacts:config=config/crd/bases 115 | 116 | generate: controller-gen ## Generate code e.g. API etc. 117 | $(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..." 118 | 119 | bundle-manifests: 120 | $(KUSTOMIZE) build config/manifests | $(OPERATOR_SDK) generate bundle \ 121 | -q --overwrite --version $(CSV_VERSION) $(BUNDLE_METADATA_OPTS) 122 | $(OPERATOR_SDK) bundle validate ./bundle 123 | 124 | generate-all: manifests kustomize operator-sdk ## Generate bundle manifests, metadata and package manifests 125 | $(OPERATOR_SDK) generate kustomize manifests -q 126 | - make bundle-manifests CHANNELS=v3,beta DEFAULT_CHANNEL=v3 127 | 128 | ##@ Build 129 | 130 | build: 131 | @echo "Building the ibm-mongodb-operator binary" 132 | @CGO_ENABLED=0 GOOS=linux GO111MODULE=on go build -a -o manager main.go 133 | 134 | build-test-image: 135 | docker build -t quay.io/$(QUAY_USERNAME)/my-mongodb-operator:test \ 136 | --build-arg VCS_REF=$(VCS_REF) --build-arg VCS_URL=$(VCS_URL) \ 137 | --build-arg GOARCH="amd64" -f Dockerfile . 138 | docker push quay.io/$(QUAY_USERNAME)/my-mongodb-operator:test 139 | 140 | build-image: $(CONFIG_DOCKER_TARGET) 141 | $(eval ARCH := $(shell uname -m|sed 's/x86_64/amd64/')) 142 | docker build -t $(REGISTRY)/$(IMG)-$(ARCH):$(VERSION) \ 143 | --build-arg VCS_REF=$(VCS_REF) --build-arg VCS_URL=$(VCS_URL) \ 144 | --build-arg GOARCH="amd64" -f Dockerfile . 145 | @if [ $(BUILD_LOCALLY) -ne 1 ] && [ "$(ARCH)" = "amd64" ]; then docker push $(REGISTRY)/$(IMG)-$(ARCH):$(VERSION); fi 146 | 147 | build-bundle-image: ## Build the operator bundle image. 148 | $(eval ARCH := $(shell uname -m|sed 's/x86_64/amd64/')) 149 | docker build -f bundle.Dockerfile -t $(REGISTRY)/$(BUNDLE_IMAGE_NAME)-$(ARCH):$(VERSION) . 150 | 151 | # runs on amd64 machine 152 | build-image-ppc64le: $(CONFIG_DOCKER_TARGET) 153 | ifeq ($(LOCAL_OS),Linux) 154 | ifeq ($(LOCAL_ARCH),x86_64) 155 | docker run --rm --privileged multiarch/qemu-user-static:register --reset 156 | docker build -t $(REGISTRY)/$(IMG)-ppc64le:$(VERSION) \ 157 | --build-arg VCS_REF=$(VCS_REF) --build-arg VCS_URL=$(VCS_URL) \ 158 | --build-arg GOARCH="ppc64le" -f Dockerfile.ppc64le . 159 | @if [ $(BUILD_LOCALLY) -ne 1 ]; then docker push $(REGISTRY)/$(IMG)-ppc64le:$(VERSION); fi 160 | endif 161 | endif 162 | 163 | # runs on amd64 machine 164 | build-image-s390x: $(CONFIG_DOCKER_TARGET) 165 | ifeq ($(LOCAL_OS),Linux) 166 | ifeq ($(LOCAL_ARCH),x86_64) 167 | docker run --rm --privileged multiarch/qemu-user-static:register --reset 168 | docker build -t $(REGISTRY)/$(IMG)-s390x:$(VERSION) \ 169 | --build-arg VCS_REF=$(VCS_REF) --build-arg VCS_URL=$(VCS_URL) \ 170 | --build-arg GOARCH="s390x" -f Dockerfile.s390x . 171 | @if [ $(BUILD_LOCALLY) -ne 1 ]; then docker push $(REGISTRY)/$(IMG)-s390x:$(VERSION); fi 172 | endif 173 | endif 174 | 175 | ##@ Test 176 | 177 | test: ## Run unit test 178 | @go test ${TESTARGS} ./controllers/... 179 | 180 | test-e2e: ## Run integration e2e tests with different options. 181 | @echo ... Running the same e2e tests with different args ... 182 | @echo ... Running locally ... 183 | - operator-sdk test local ./test/e2e --verbose --up-local --namespace=${NAMESPACE} 184 | # @echo ... Running with the param ... 185 | # - operator-sdk test local ./test/e2e --namespace=${NAMESPACE} 186 | 187 | ##@ Release 188 | 189 | images: build-image build-image-ppc64le build-image-s390x 190 | ifeq ($(LOCAL_OS),Linux) 191 | ifeq ($(LOCAL_ARCH),x86_64) 192 | @curl -L -o /tmp/manifest-tool https://github.com/estesp/manifest-tool/releases/download/v1.0.3/manifest-tool-linux-amd64 193 | @chmod +x /tmp/manifest-tool 194 | /tmp/manifest-tool push from-args --platforms linux/amd64,linux/ppc64le,linux/s390x --template $(REGISTRY)/$(IMG)-ARCH:$(VERSION) --target $(REGISTRY)/$(IMG) --ignore-missing 195 | /tmp/manifest-tool push from-args --platforms linux/amd64,linux/ppc64le,linux/s390x --template $(REGISTRY)/$(IMG)-ARCH:$(VERSION) --target $(REGISTRY)/$(IMG):$(VERSION) --ignore-missing 196 | endif 197 | endif 198 | 199 | csv: ## Push CSV package to the catalog 200 | @RELEASE=${CSV_VERSION} common/scripts/push-csv.sh 201 | 202 | remove-csv: 203 | common/scripts/delete-csv.sh 204 | 205 | all: check test coverage build images 206 | 207 | ##@ Cleanup 208 | clean: ## Clean build binary 209 | rm -f bin/manager 210 | 211 | promote-to-beta: 212 | common/scripts/promote-to-beta.sh ${CSV_VERSION} 213 | 214 | # download operator-sdk if necessary 215 | operator-sdk: 216 | ifeq (, $(OPERATOR_SDK)) 217 | @./common/scripts/install-operator-sdk.sh 218 | OPERATOR_SDK=/usr/local/bin/operator-sdk 219 | endif 220 | 221 | # find or download kubebuilder 222 | # download kubebuilder if necessary 223 | kube-builder: 224 | ifeq (, $(wildcard /usr/local/kubebuilder)) 225 | @./common/scripts/install-kubebuilder.sh 226 | endif 227 | 228 | # find or download controller-gen 229 | # download controller-gen if necessary 230 | controller-gen: 231 | ifeq (, $(shell which controller-gen)) 232 | @{ \ 233 | set -e ;\ 234 | CONTROLLER_GEN_TMP_DIR=$$(mktemp -d) ;\ 235 | cd $$CONTROLLER_GEN_TMP_DIR ;\ 236 | go mod init tmp ;\ 237 | go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.4.0 ;\ 238 | rm -rf $$CONTROLLER_GEN_TMP_DIR ;\ 239 | } 240 | CONTROLLER_GEN=$(GOBIN)/controller-gen 241 | else 242 | CONTROLLER_GEN=$(shell which controller-gen) 243 | endif 244 | 245 | kustomize: 246 | ifeq (, $(shell which kustomize)) 247 | @{ \ 248 | set -e ;\ 249 | KUSTOMIZE_GEN_TMP_DIR=$$(mktemp -d) ;\ 250 | cd $$KUSTOMIZE_GEN_TMP_DIR ;\ 251 | go mod init tmp ;\ 252 | go install sigs.k8s.io/kustomize/kustomize/v3@v3.5.4 ;\ 253 | rm -rf $$KUSTOMIZE_GEN_TMP_DIR ;\ 254 | } 255 | KUSTOMIZE=$(GOBIN)/kustomize 256 | else 257 | KUSTOMIZE=$(shell which kustomize) 258 | endif 259 | 260 | ##@ Help 261 | help: ## Display this help 262 | @echo "Usage:\n make \033[36m\033[0m" 263 | @awk 'BEGIN {FS = ":.*##"}; \ 264 | /^[a-zA-Z0-9_-]+:.*?##/ { printf " \033[36m%-20s\033[0m %s\n", $$1, $$2 } \ 265 | /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST) 266 | 267 | .PHONY: all build run check install uninstall code-dev test test-e2e coverage images csv clean controller-gen kustomize help 268 | -------------------------------------------------------------------------------- /OWNERS: -------------------------------------------------------------------------------- 1 | approvers: 2 | - chenzhiwei 3 | - DanielXLee 4 | - gyliu513 5 | - horis233 6 | - jinchun-dev 7 | - kgcarr 8 | reviewers: 9 | - chenzhiwei 10 | - DanielXLee 11 | - gyliu513 12 | - horis233 13 | - jinchun-dev 14 | - kgcarr 15 | -------------------------------------------------------------------------------- /PROJECT: -------------------------------------------------------------------------------- 1 | domain: ibm.com 2 | layout: go.kubebuilder.io/v2 3 | projectName: ibm-mongodb-operator 4 | repo: github.com/IBM/ibm-mongodb-operator 5 | resources: 6 | - group: operator 7 | kind: MongoDB 8 | version: v1alpha1 9 | version: 3-alpha 10 | plugins: 11 | go.sdk.operatorframework.io/v2-alpha: {} 12 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # ibm-mongodb-operator 2 | 3 | The `ibm-mongodb-operator` operator is built to support the IBM Cloud Platform Common Services. It stands up a mongoDB database that is shared by the services within IBM Cloud Platform Common Services. 4 | 5 | ## Supported platforms 6 | 7 | Red Hat OpenShift Container Platform 4.2 or newer installed on one of the following platforms: 8 | 9 | - Linux x86_64 10 | - Linux on Power (ppc64le) 11 | - Linux on IBM Z and LinuxONE 12 | 13 | ## Operator versions 14 | 15 | | Version | Date | Details | 16 | | ----- | ---- | ----------------- | 17 | | 1.1.0 | July 2020 | Allow users to configure their own admin secret
- The CSV defines dependencies that it has to run 18 | | 1.0.0 | March 2020 | Initial Offering of MongoDB operator 19 | 20 | ## Prerequisites 21 | 22 | Before you install this operator, you need to first install the operator dependencies and prerequisites: 23 | 24 | - For the list of operator dependencies, see the IBM Knowledge Center [Common Services dependencies documentation](http://ibm.biz/cpcs_opdependencies). 25 | 26 | - For the list of prerequisites for installing the operator, see the IBM Knowledge Center [Preparing to install services documentation](http://ibm.biz/cpcs_opinstprereq). 27 | 28 | ## Documentation 29 | 30 | To install the operator with the IBM Common Services Operator follow the installation and configuration instructions within the IBM Knowledge Center. 31 | 32 | - If you are using the operator as part of an IBM Cloud Pak, see the documentation for that IBM Cloud Pak. For a list of IBM Cloud Paks, see [IBM Cloud Paks that use Common Services](http://ibm.biz/cpcs_cloudpaks). 33 | - If you are using the operator with an IBM Containerized Software, see the IBM Cloud Platform Common Services Knowledge Center [Installer documentation](http://ibm.biz/cpcs_opinstall). 34 | 35 | ## SecurityContextConstraints Requirements 36 | 37 | The IBM Common Services MongoDB service supports running with the OpenShift Container Platform 4.3 default restricted Security Context Constraints (SCCs). 38 | 39 | Custom SecurityContextConstraints definition: 40 | 41 | ``` 42 | allowHostDirVolumePlugin: false 43 | allowHostIPC: false 44 | allowHostNetwork: false 45 | allowHostPID: false 46 | allowHostPorts: false 47 | allowPrivilegeEscalation: true 48 | allowPrivilegedContainer: false 49 | allowedCapabilities: null 50 | apiVersion: security.openshift.io/v1 51 | defaultAddCapabilities: null 52 | fsGroup: 53 | type: MustRunAs 54 | groups: 55 | - system:authenticated 56 | kind: SecurityContextConstraints 57 | metadata: 58 | annotations: 59 | kubernetes.io/description: restricted denies access to all host features and requires 60 | pods to be run with a UID, and SELinux context that are allocated to the namespace. This 61 | is the most restrictive SCC and it is used by default for authenticated users. 62 | creationTimestamp: "2020-06-17T15:06:39Z" 63 | generation: 1 64 | name: restricted 65 | resourceVersion: "6161" 66 | selfLink: /apis/security.openshift.io/v1/securitycontextconstraints/restricted 67 | uid: 255a542b-b0ac-11ea-97cc-00000a104120 68 | priority: null 69 | readOnlyRootFilesystem: false 70 | requiredDropCapabilities: 71 | - KILL 72 | - MKNOD 73 | - SETUID 74 | - SETGID 75 | runAsUser: 76 | type: MustRunAsRange 77 | seLinuxContext: 78 | type: MustRunAs 79 | supplementalGroups: 80 | type: RunAsAny 81 | users: [] 82 | volumes: 83 | - configMap 84 | - downwardAPI 85 | - emptyDir 86 | - persistentVolumeClaim 87 | - projected 88 | - secret 89 | ``` 90 | 91 | For more information about the OpenShift Container Platform Security Context Constraints, see [Managing Security Context Constraints](https://docs.openshift.com/container-platform/4.3/authentication/managing-security-context-constraints.html). 92 | 93 | ### Key Features 94 | 95 | **_Admin Secret_** 96 | 97 | Starting with version 1.1.0, you can now supply your own `icp-mongodb-admin` secret. The secret must have a `user` field and a `password` field and be in the same namespace where mongoDB is going to be created. If you choose not to supply a secret, a random user and password will be created and used. The `icp-mongodb-admin` secret will persist after uninstalling or removing the MongoDB custom resource so that uninstall and re-install are possible by using the same Persistent Volumes. 98 | 99 | Example YAML for creating your own admin secret before installation. The user and password are base64 encrypted. 100 | ``` 101 | apiVersion: v1 102 | kind: Secret 103 | metadata: 104 | name: icp-mongodb-admin 105 | namespace: ibm-common-services 106 | type: Opaque 107 | data: 108 | password: SFV6a2NYMkdKa2tBZA== 109 | user: dGpOcDR5Unc= 110 | ``` 111 | 112 | ### Notes 113 | 114 | This is designed for use by IBM Common Services only. 115 | 116 | The operator does not support updating the CR in version 1.0.0. To make changes to a deployed MongoDB instance, it is best to directly edit the statefulset. 117 | 118 | When you deploy MongoDB, it is better to use 3 replicas, especially if you are not backing up your data. It is possible for the data to be corrupted and recovering from a 3-replica deployment is much easier. 119 | -------------------------------------------------------------------------------- /SECURITY_CONTACTS: -------------------------------------------------------------------------------- 1 | # Defined below are the security contacts for this repo. 2 | # 3 | # They are the contact point for the Product Security Committee to reach out 4 | # to for triaging and handling of incoming issues. 5 | # 6 | 7 | chenzhiwei 8 | DanielXLee 9 | horis233 10 | -------------------------------------------------------------------------------- /api/v1alpha1/groupversion_info.go: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | 4 | # Copyright 2021 IBM Corporation 5 | # 6 | # Licensed under the Apache License, Version 2.0 (the "License"); 7 | # you may not use this file except in compliance with the License. 8 | # You may obtain a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, software 13 | # distributed under the License is distributed on an "AS IS" BASIS, 14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | # See the License for the specific language governing permissions and 16 | # limitations under the License. 17 | */ 18 | 19 | // Package v1alpha1 contains API Schema definitions for the mongodb v1alpha1 API group 20 | // +kubebuilder:object:generate=true 21 | // +groupName=mongodb.operator.ibm.com 22 | package v1alpha1 23 | 24 | import ( 25 | "k8s.io/apimachinery/pkg/runtime/schema" 26 | "sigs.k8s.io/controller-runtime/pkg/scheme" 27 | ) 28 | 29 | var ( 30 | // GroupVersion is group version used to register these objects 31 | GroupVersion = schema.GroupVersion{Group: "operator.ibm.com", Version: "v1alpha1"} 32 | 33 | // SchemeBuilder is used to add go types to the GroupVersionKind scheme 34 | SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} 35 | 36 | // AddToScheme adds the types in this group-version to the given scheme. 37 | AddToScheme = SchemeBuilder.AddToScheme 38 | ) 39 | -------------------------------------------------------------------------------- /api/v1alpha1/mongodb_types.go: -------------------------------------------------------------------------------- 1 | /* 2 | # Copyright 2021 IBM Corporation 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | */ 16 | 17 | package v1alpha1 18 | 19 | import ( 20 | corev1 "k8s.io/api/core/v1" 21 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 22 | ) 23 | 24 | // NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized. 25 | type Image struct { 26 | Tag string `json:"tag,omitempty"` 27 | } 28 | 29 | // MongoDBSpec defines the desired state of MongoDB 30 | type MongoDBSpec struct { 31 | ImageRegistry string `json:"imageRegistry,omitempty"` 32 | Replicas int `json:"replicas,omitempty"` 33 | StorageClass string `json:"storageClass,omitempty"` 34 | InitImage Image `json:"initImage,omitempty"` 35 | BootstrapImage Image `json:"bootstrapImage,omitempty"` 36 | MetricsImage Image `json:"metricsImage,omitempty"` 37 | Resources corev1.ResourceRequirements `json:"resources,omitempty"` 38 | PVC MongoDBPVCSpec `json:"pvc,omitempty"` 39 | } 40 | 41 | // MongoDBPVCSpec defines the desired state of the MongoDB PVCs 42 | type MongoDBPVCSpec struct { 43 | Resources corev1.ResourceRequirements `json:"resources,omitempty"` 44 | } 45 | 46 | // MongoDBStatus defines the observed state of MongoDB 47 | type MongoDBStatus struct { 48 | StorageClass string `json:"storageClass,omitempty"` 49 | } 50 | 51 | // +kubebuilder:object:root=true 52 | 53 | // MongoDB is the Schema for the mongodbs API 54 | // +kubebuilder:subresource:status 55 | // +kubebuilder:resource:path=mongodbs,scope=Namespaced 56 | type MongoDB struct { 57 | metav1.TypeMeta `json:",inline"` 58 | metav1.ObjectMeta `json:"metadata,omitempty"` 59 | 60 | Spec MongoDBSpec `json:"spec,omitempty"` 61 | Status MongoDBStatus `json:"status,omitempty"` 62 | } 63 | 64 | // +kubebuilder:object:root=true 65 | 66 | // MongoDBList contains a list of MongoDB 67 | type MongoDBList struct { 68 | metav1.TypeMeta `json:",inline"` 69 | metav1.ListMeta `json:"metadata,omitempty"` 70 | Items []MongoDB `json:"items"` 71 | } 72 | 73 | func init() { 74 | SchemeBuilder.Register(&MongoDB{}, &MongoDBList{}) 75 | } 76 | -------------------------------------------------------------------------------- /api/v1alpha1/zz_generated.deepcopy.go: -------------------------------------------------------------------------------- 1 | /* 2 | # Copyright 2021 IBM Corporation 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | */ 16 | 17 | // Code generated by controller-gen. DO NOT EDIT. 18 | 19 | package v1alpha1 20 | 21 | import ( 22 | runtime "k8s.io/apimachinery/pkg/runtime" 23 | ) 24 | 25 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 26 | func (in *Image) DeepCopyInto(out *Image) { 27 | *out = *in 28 | } 29 | 30 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Image. 31 | func (in *Image) DeepCopy() *Image { 32 | if in == nil { 33 | return nil 34 | } 35 | out := new(Image) 36 | in.DeepCopyInto(out) 37 | return out 38 | } 39 | 40 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 41 | func (in *MongoDB) DeepCopyInto(out *MongoDB) { 42 | *out = *in 43 | out.TypeMeta = in.TypeMeta 44 | in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) 45 | in.Spec.DeepCopyInto(&out.Spec) 46 | out.Status = in.Status 47 | } 48 | 49 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MongoDB. 50 | func (in *MongoDB) DeepCopy() *MongoDB { 51 | if in == nil { 52 | return nil 53 | } 54 | out := new(MongoDB) 55 | in.DeepCopyInto(out) 56 | return out 57 | } 58 | 59 | // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. 60 | func (in *MongoDB) DeepCopyObject() runtime.Object { 61 | if c := in.DeepCopy(); c != nil { 62 | return c 63 | } 64 | return nil 65 | } 66 | 67 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 68 | func (in *MongoDBList) DeepCopyInto(out *MongoDBList) { 69 | *out = *in 70 | out.TypeMeta = in.TypeMeta 71 | in.ListMeta.DeepCopyInto(&out.ListMeta) 72 | if in.Items != nil { 73 | in, out := &in.Items, &out.Items 74 | *out = make([]MongoDB, len(*in)) 75 | for i := range *in { 76 | (*in)[i].DeepCopyInto(&(*out)[i]) 77 | } 78 | } 79 | } 80 | 81 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MongoDBList. 82 | func (in *MongoDBList) DeepCopy() *MongoDBList { 83 | if in == nil { 84 | return nil 85 | } 86 | out := new(MongoDBList) 87 | in.DeepCopyInto(out) 88 | return out 89 | } 90 | 91 | // DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. 92 | func (in *MongoDBList) DeepCopyObject() runtime.Object { 93 | if c := in.DeepCopy(); c != nil { 94 | return c 95 | } 96 | return nil 97 | } 98 | 99 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 100 | func (in *MongoDBSpec) DeepCopyInto(out *MongoDBSpec) { 101 | *out = *in 102 | out.InitImage = in.InitImage 103 | out.BootstrapImage = in.BootstrapImage 104 | out.MetricsImage = in.MetricsImage 105 | in.Resources.DeepCopyInto(&out.Resources) 106 | } 107 | 108 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MongoDBSpec. 109 | func (in *MongoDBSpec) DeepCopy() *MongoDBSpec { 110 | if in == nil { 111 | return nil 112 | } 113 | out := new(MongoDBSpec) 114 | in.DeepCopyInto(out) 115 | return out 116 | } 117 | 118 | // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. 119 | func (in *MongoDBStatus) DeepCopyInto(out *MongoDBStatus) { 120 | *out = *in 121 | } 122 | 123 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MongoDBStatus. 124 | func (in *MongoDBStatus) DeepCopy() *MongoDBStatus { 125 | if in == nil { 126 | return nil 127 | } 128 | out := new(MongoDBStatus) 129 | in.DeepCopyInto(out) 130 | return out 131 | } 132 | -------------------------------------------------------------------------------- /base_images.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "imageType": "external", 4 | "sourceRepo": "registry.access.redhat.com", 5 | "sourceNamespace": "ubi8", 6 | "sourceImage": "ubi", 7 | "destStage": "edge", 8 | "destNamespace": "build-images", 9 | "destImage": "ubi8", 10 | "tag": "8.10-901.1717584420", 11 | "updatePackages": [] 12 | }, 13 | { 14 | "imageType": "external", 15 | "sourceRepo": "registry.access.redhat.com", 16 | "sourceNamespace": "ubi8", 17 | "sourceImage": "ubi-minimal", 18 | "destStage": "edge", 19 | "destNamespace": "build-images", 20 | "destImage": "ubi8-minimal", 21 | "tag": "8.10-896.1717584414", 22 | "updatePackages": [] 23 | }, 24 | { 25 | "imageType": "external", 26 | "sourceRepo": "registry.access.redhat.com", 27 | "sourceNamespace": "ubi9", 28 | "sourceImage": "ubi-micro", 29 | "destStage": "edge", 30 | "destNamespace": "build-images", 31 | "destImage": "ubi9-micro", 32 | "tag": "9.4-9", 33 | "updatePackages": [] 34 | }, 35 | { 36 | "imageType": "external", 37 | "sourceRepo": "registry.access.redhat.com", 38 | "sourceNamespace": "ubi9", 39 | "sourceImage": "ubi", 40 | "destStage": "edge", 41 | "destNamespace": "build-images", 42 | "destImage": "ubi9", 43 | "tag": "9.4-1123", 44 | "updatePackages": [] 45 | }, 46 | { 47 | "imageType": "external", 48 | "sourceRepo": "registry.access.redhat.com", 49 | "sourceNamespace": "ubi9", 50 | "sourceImage": "ubi-minimal", 51 | "destStage": "edge", 52 | "destNamespace": "build-images", 53 | "destImage": "ubi9-minimal", 54 | "tag": "9.4-1134", 55 | "updatePackages": [] 56 | }, 57 | { 58 | "imageType": "node", 59 | "sourceImage": "ubi8-minimal", 60 | "sourceTag": "8.10-896.1717584414", 61 | "destImage": "node-v18-ubi8-minimal", 62 | "nodeVersion": "18.20.3" 63 | }, 64 | { 65 | "imageType": "node", 66 | "sourceImage": "ubi8-minimal", 67 | "sourceTag": "8.10-896.1717584414", 68 | "destImage": "node-v20-ubi8-minimal", 69 | "nodeVersion": "20.14.0" 70 | }, 71 | { 72 | "imageType": "node", 73 | "sourceImage": "ubi9-minimal", 74 | "sourceTag": "9.4-1134", 75 | "destImage": "node-v18-ubi9-minimal", 76 | "nodeVersion": "18.20.3" 77 | }, 78 | { 79 | "imageType": "node", 80 | "sourceImage": "ubi9-minimal", 81 | "sourceTag": "9.4-1134", 82 | "destImage": "node-v20-ubi9-minimal", 83 | "nodeVersion": "20.14.0" 84 | } 85 | ] 86 | -------------------------------------------------------------------------------- /bundle.Dockerfile: -------------------------------------------------------------------------------- 1 | FROM scratch 2 | 3 | LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1 4 | LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/ 5 | LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/ 6 | LABEL operators.operatorframework.io.bundle.package.v1=ibm-mongodb-operator 7 | LABEL operators.operatorframework.io.bundle.channels.v1=alpha 8 | LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.1.0 9 | LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1 10 | LABEL operators.operatorframework.io.metrics.project_layout=go.kubebuilder.io/v2 11 | LABEL operators.operatorframework.io.test.config.v1=tests/scorecard/ 12 | LABEL operators.operatorframework.io.test.mediatype.v1=scorecard+v1 13 | COPY bundle/manifests /manifests/ 14 | COPY bundle/metadata /metadata/ 15 | -------------------------------------------------------------------------------- /bundle/manifests/ibm-mongodb-operator.clusterserviceversion.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1alpha1 2 | kind: ClusterServiceVersion 3 | metadata: 4 | annotations: 5 | alm-examples: |- 6 | [ 7 | { 8 | "apiVersion": "operator.ibm.com/v1alpha1", 9 | "kind": "MongoDB", 10 | "metadata": { 11 | "name": "ibm-mongodb" 12 | }, 13 | "spec": { 14 | "replicas": 3, 15 | "limits": { 16 | "cpu": "1000m", 17 | "memory": "2Gi" 18 | }, 19 | "requests": { 20 | "cpu": "1000m", 21 | "memory": "2Gi" 22 | } 23 | } 24 | }, 25 | { 26 | "apiVersion": "operator.ibm.com/v1alpha1", 27 | "kind": "OperandRequest", 28 | "metadata": { 29 | "name": "ibm-mongodb-request" 30 | }, 31 | "spec": { 32 | "requests": [ 33 | { 34 | "operands": [ 35 | { 36 | "name": "ibm-cert-manager-operator" 37 | } 38 | ], 39 | "registry": "common-service" 40 | } 41 | ] 42 | } 43 | } 44 | ] 45 | capabilities: Seamless Upgrades 46 | containerImage: icr.io/cpopen/ibm-mongodb-operator:latest 47 | description: This is for IBM Common Services use only. Installs MongoDB Community Edition. 48 | operators.operatorframework.io/builder: operator-sdk-v1.1.0 49 | operators.operatorframework.io/internal-objects: '["mongodbs.operator.ibm.com"]' 50 | operators.operatorframework.io/operator-type: 'non-standalone' 51 | operators.operatorframework.io/project_layout: go.kubebuilder.io/v2 52 | olm.skipRange: '<1.18.13' 53 | labels: 54 | app.kubernetes.io/instance: mongodbs.operator.ibm.com 55 | app.kubernetes.io/managed-by: mongodbs.operator.ibm.com 56 | app.kubernetes.io/name: mongodbs.operator.ibm.com 57 | operatorframework.io/arch.amd64: supported 58 | operatorframework.io/arch.ppc64le: supported 59 | operatorframework.io/arch.s390x: supported 60 | operatorframework.io/os.linux: supported 61 | name: ibm-mongodb-operator.v1.18.13 62 | spec: 63 | apiservicedefinitions: {} 64 | customresourcedefinitions: 65 | owned: 66 | - description: 'Documentation For additional details regarding install parameters 67 | check: https://ibm.biz/icpfs39install. License By installing this product 68 | you accept the license terms https://ibm.biz/icpfs39license.' 69 | displayName: MongoDB 70 | kind: MongoDB 71 | name: mongodbs.operator.ibm.com 72 | version: v1alpha1 73 | resources: 74 | - kind: Secret 75 | name: '' 76 | version: v1 77 | - kind: ConfigMap 78 | name: '' 79 | version: v1 80 | - kind: Pods 81 | name: '' 82 | version: v1 83 | - kind: statefulsets 84 | name: '' 85 | version: v1 86 | - kind: services 87 | name: '' 88 | version: v1 89 | - kind: persistentvolumeclaims 90 | name: '' 91 | version: v1 92 | specDescriptors: 93 | - description: The image used to run the mongod process. 94 | displayName: Bootstrap Image 95 | path: bootstrapImage 96 | x-descriptors: 97 | - 'urn:alm:descriptor:com.tectonic.ui:label' 98 | - description: The Image Registry where the images reside. 99 | displayName: Image Registry 100 | path: imageRegistry 101 | x-descriptors: 102 | - 'urn:alm:descriptor:com.tectonic.ui:label' 103 | - description: The number of replicas of this database. Should be an odd number (1,3,5). 104 | displayName: Replicas 105 | path: replicas 106 | x-descriptors: 107 | - 'urn:alm:descriptor:com.tectonic.ui:label' 108 | - description: This image is used to export data of how MongoDB is running. 109 | displayName: Metrics Image 110 | path: metricsImage 111 | x-descriptors: 112 | - 'urn:alm:descriptor:com.tectonic.ui:label' 113 | - description: This image is used to initialize the envorinment for MongoDB. 114 | displayName: Install Image 115 | path: initImage 116 | x-descriptors: 117 | - 'urn:alm:descriptor:com.tectonic.ui:label' 118 | statusDescriptors: 119 | - description: Expect storageClass to get the value of the storage class provided. 120 | displayName: IBM MongoDB Status 121 | path: storageClass 122 | x-descriptors: 123 | - 'urn:alm:descriptor:com.tectonic.ui:podStatuses' 124 | description: |- 125 | **Important:** Do not install this operator directly. Only install this operator by using the IBM Common Services Operator. For more information about installing this operator and other Common Services operators, see [Installer documentation](http://ibm.biz/cpcs_opinstall). Additionally, you can exit this panel and navigate to the IBM Common Services tile in OperatorHub to learn more about the operator. If you are using this operator as part of an IBM Cloud Pak, see the documentation for that IBM Cloud Pak to learn more about how to install and use the operator service. For more information about IBM Cloud Paks, see [IBM Cloud Paks that use Common Services](http://ibm.biz/cpcs_cloudpaks). 126 | 127 | The MongoDB operator provides a simple Kubernetes CRD-Based API to manage the lifecycle of MongoDB. You can use the operator to deploy and upgrade MongoDB. 128 | 129 | For more information about the available IBM Cloud Platform Common Services, see the [IBM Knowledge Center](http://ibm.biz/cpcsdocs). 130 | 131 | ## Supported platforms 132 | 133 | Red Hat OpenShift Container Platform 4.3 or newer installed on one of the following platforms: 134 | - Linux x86_64 135 | - Linux on Power (ppc64le) 136 | - Linux on IBM Z and LinuxONE 137 | 138 | ## Prerequisites 139 | 140 | Before you install this operator, you need to first install the operator dependencies and prerequisites: 141 | 142 | - For the list of operator dependencies, see the IBM Knowledge Center [Common Services dependencies documentation](http://ibm.biz/cpcs_opdependencies). 143 | - For the list of prerequisites for installing the operator, see the IBM Knowledge Center [Preparing to install services documentation](http://ibm.biz/cpcs_opinstprereq). 144 | 145 | ## Documentation 146 | 147 | To install the operator with the IBM Common Services Operator follow the the installation and configuration instructions within the IBM Knowledge Center. 148 | 149 | - If you are using the operator as part of an IBM Cloud Pak, see the documentation for that IBM Cloud Pak. For a list of IBM Cloud Paks, see [IBM Cloud Paks that use Common Services](http://ibm.biz/cpcs_cloudpaks). 150 | - If you are using the operator with an IBM Containerized Software, see the IBM Cloud Platform Common Services Knowledge Center [Installer documentation](http://ibm.biz/cpcs_opinstall). 151 | displayName: IBM MongoDB Operator 152 | icon: 153 | - base64data: iVBORw0KGgoAAAANSUhEUgAAAH8AAAB/CAYAAADGvR0TAAAABmJLR0QA/wD/AP+gvaeTAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAB3RJTUUH4ggYEhkp9JVi8gAAFENJREFUeNrtnXmcVeV5x7/Pe86dGUZQUdwAo4Kaam1cUAdm3DAYl1ZjmmhMYkUlkMYtMVVrVExqY7q4oabNp6EuMdpEq8ZGpf1oJCbKJgxqlWiIgIrACCgimwJznv5xlvue5d65dxjsvXPP4+d4t3OB+/7e37O/7wsNKhdNv9iZ8uqNQgOLadhfLnLA7CV/OOrT/3JMDn7D/XDh02s3bRr/h4ufz8FvNOnu1s9v2rL5/EZW+06j/eCJT09i1Pijdhb46ZpNGwa4Jw4x7097+9mGtHyN+KMn/fob/yyYK998byWLV727FXQPgfcXXjIjV/v9Uc7/nwkATHhq4t+q6pWKUjAOgroCf73wkhkc+KOOnPn9dwJceIkx5k6DwRjDyg/XsmD52+Eg7LHwkhkrc+b3Izl32nkAnDftgkcV7kRBUVQVxxhAw1ufOfBHHaaR2N+vwf/KE+fS7W0Z8LVp5z2t6BcIQPfhViSu9w4BLlt4yQxG3NmRg1/v8vO/uB/EmY3qOFDUC3iuiiq4xsHXBOAB3cptI+/s+KvFl87ggAaYAP3S5n/pV18WjNnBUZllxBwiAo44CIIYgxHBiMP6jzcxd8kixFIBAp7AV/546YyHcubXoXy03gVPf6noIaGS93xLT6DxAcU1DhIMQngJGFUe3P+OjhMB9r+jI2d+PciZj30JcUWkW6Yb5AQxBgeDiGCMYDCIBMw3ho82b2XOooUx5lviASe9cdmM6Tnz60AeO/NhdKveBHqCRgh6Edsjex+8doz0RIxn9r+j41BfA7TnzK9VGff0WbSu964V4QdGDIJgQpYHjyImYL/giKFblecXvo6RcsOgHrDHG5fNXN3fwHf7yw9pWbe1DZEbQNBoVvvPNHxHFSR8D1Q1dp/lECS14//uf0f7/t3CRuPBom/NzMGvFTnl4TP2VHS2IqAB3AKqgieKo4IHGAkifFVUFNcxKIogKdA1/rgXMGvJpTMPzW1+jcjJD5/u2y7hwZDJSRB9WIvve9FzP9YPX3kUn2vxFqR4fWbk7e33Aoy8vX/Y/7ot6Y576DSePutJTn749O+DjAd82y0SZe5EAk0QvCcUH0FA4K33VvvvV/bXHrbLqXu/suhbM1/LHb7/RznxodMwyJ+ImFccEdd36ASDH8b5Dl8Q3gVhXuj8SfC+4zg8+9rve3D40h4gMAp4sd5tf92q/elnT0PR/0Q914spdgJ1roE61+i1F5mAwMUT6S1h7u8PTl/dgj/2wVNvVThEAzx8e2/bdBJef2jMLd9Atbd//cEjb29/LAf/E5ZjfzGK439xyi6q+o2wQqfqUXT4Am8+8Nw8y7FLagXdtn/K50dMaT8OYMSU9hz8T0KeO6cTD+9nCq2hCbYJrBnPovvs/H4vma9avICHARZ/e2YO/ichHf9x0qkopyVr82GDBpE2KDZtqHWvhpogeL+lUCgJbtaVkN1GTGmfmqv97SyjH/hsyNfvpZMwCdWeUuqhdogS/CXB7oWcO2JK+3Bf/Y/Jwd8eMvtrzzD6gc8eC9rmqaXC1c/RqfoFHE81075HvgCWBthWq+//qS2gj+bM386i8IiStu+R8leNWXjb67dDvMgxrBp8zbgAOGrElDFfWPztWTn4fS2j7h/LkQ+ceKaiu0VAaqjOk2zGsvvF19ZDZPfRLPi1zFVWrgUYeduYHPy+ksPvH0vnub9B4W+8BGsjSGL2PAGVxplP4vt+Sb9igKMsjxDL+yPKqJG3jTl50eWzcvD7Sl489zccdv/Yg1T1mBg3LeRDhnuZXr+t/hNaQqHgOj1CngQ7OU+s4tCjAPvVCfvrQu2r6r1gVd80bs9Dey+AemrX7YqRgGrC69fIfJRgcnRF0YD1b7Avay607nfbmDPZsiUHf1vlT+87nkN+dsLexTRu3JVTjSduvIR6Twd8dhRgpX9LMzle6q3EMKheseSqeex36+gc/G2RBef9FlRPUWj1U7aaAEIDmy4Z6t1iOxpL+GA5gl4Gm8uC3HMWqGO/W0cftuQ7s3Pweyv73ndcyObJIavjSRvbU/fifrpGjVsxb59EgFecPGWZ3Jss0L/Wg9qv6Xr+gfcd1+bAbCeozTviPwrghvV6kUSzZrGG74hBwH8UgwiEzZ2OGFzH4dW3l7Fu00d9NhDBn7MROBh4a3ENa4CaVvuiXBxT82qHepbXL/HQL5b0EUmVedmGDJ/0cAXSCpyyuMZVf002cI786bEItCi021k5FX/4QxstqsWmXJGiLRcJ7vcfRSRKBdjNnapUFOb1LkJhMvBvuc2vUhaNfw6FQQojwyXVWM4YqjGvH5VEsVaLqd6MeN+2/64xlTA5Ow9ouQJe4lIYtu8tozty8HshnuqXvXj1naxcnP/cSyV80l4/VnJHoySPY6RH+kehnw2uVhT+fScHv3dyeXzwNeq/KC7FSoIdDwND0KP2bdUMSONM9rJY3Pty75H73jK6NQe/CtnvnvbBqowopmxJlWHTGkFT+Xs0I0ljN3daKrsS+98L+RSwRw5+hTL87na6VcbZ9hrNAFATmT6NR/Hx9K4mcoPxhVzbK4YOUsaX5uBXKO9cOBPfyy9n7232B80cVi9fmA3ESvhkNXdq34CbeVnz7KIc/OrkzzwbSEtd26ocqy+PhJOX8vpJN3d621DGreKrzfvc3HZYDn6lMTJ6UBHwEKSMjpykVlAt7fVnNHdGwEp5FvcMdrF+4GVcwMn73NyWg9+TDLtrtKMwFEpU5EJHzvrQixie5QymJ0LsDnuVZkUTMwvsHhVBx1tXzMkzfD1JNzLWsRmugooPsETZPcW/R2IFHN+DV8LQXVRRMUEKMPxMYgma0kxOmgoyzEdFmT6Aw3O1X5mM1WTEZoVu8UZMUmVem9BRCZdkG1eyEuBFXUAVMrks2BlFwOH73tS2Yw5+z2p1XFaRxqvI609z1s7yxU2HWhpfKmZ0T+X80DE0iQs4Kwe/Z/APTa6viK27s7J1ttdfbXOnJl35KsEtBXJ2TUABPSG3+WVkt7vaBgEFjaJ38JDAvqeZLyWehyAhQf+eiNXNE34mUcyvHiWrOJKeHxW7hQk5Jge/7JjJEBXfsfMiFoWUlcBpI3Lo1C7hkiz9UtxtJ6jrq6eokZRLJ71SgVrFXYL6qd5c7ZeRnYNwO8bwLAcs+VnKS1dKNnfaWT9T0ZYsPS/gKH4ieMHVHT33P9v7prYhOfglxIMhsZ46jdttuxQbX2xZfXNn2LpdcA3lV+lkAV0EtzsGspSLFATIwS/DsB2ChFtmNi9ksO39q/auuTMxfcpyPQ10hUo/mUhQHZTb/AwZPLUNYGcPMBQ3SkRBRYNuHX9m+EkeuyYnMTNgYuz3k0Rhy5f/OnQnQ21h+mKnDog2dSw5AXbJmZ8haybOQWFgejPEeMq2VJnXs5o7PXvcJavM62f7wnu9Sku7qki5q/y3BRiQg196bAfGnTVSS6/CnL5nq2dNLse2l2dZSR6NL+UuklIqA3vbf2IhB78MO7I8+hAkz4/YYuCFyzPC1TZZzZ3JvF9sJU/vmdwbGZiDX1r20MTOKWECx4uFcHFVrclevNhzDxL782BNKlNFzN7LjKU9iWtqkUxNJXkUXS+RI1bcDtlDMYHjpgkl7QXungabK4f7Knqov8LW2mhRk16/KK5r+gTgWGhaJ1Jj4LNOiDdlSjHHl1nmdaLPLc/fXqhhfU+iFR69a9hUa+ZplQpDtq+CqX/wSXFeLIb7QHsKjhAu0wlCQaxVPFb6N4rrJbg1SPwE6/3K9fFpKSZrDwCXvFcBNufgl5bV9vq7MMZPTweNGjnsoo79WTSVxAT2XvxCj81+wDHGdyQrZW85nd+zfJQ7fGXC/axxTfbc99Tc6VmsVs06REGjtK+UOGcnc+lWun+cKto+FFifM7+EeMqHRgJeBupcokRN0fe3tYOHX5zRmMkAzQKagP1Blg8tbuci2Wq6r2Vdzvwyah8oEcRlLbDKDKeKmoH4Hj6aTA6FMWTyeI3t55mtzcEvLe96mraimuq5tdV9Vmt3Yv+9jOROBLZsH7AzNm9SD97PwS+lEye9sCL8N6l1SEKsBaua5s4UlzXe3FltvFYZyLGyrtX7Lx6szMEvP5wvJ7N0sRi/THNnvAwbP1ghy2RUw/keQSZ74YclH6y4eu7WHPzy8lRy1L2kzdf4ku2wuTOaJJa697dlIb7lOumNmtKTJ35FUUCPK3pKNoXU3LGstQj+Q1piG1UyGJ+eFOk0bkyD2Dt3EqzBz4CqsrV5Ve3P+1QOfo92f+48YItmeP3pHn57V83k2XiasXmTvcwqDPO0t0yu9qf9Mge/Uruv2RF3chdNz8rwkfAPsvbwKf4hyZp+KTb3TYj3znfnrRr+D0fm4FcgL0SJnxJePwn7H2/uJHHAAtnNnfKJxfevArzz3Xk5+OVk0E+OAvh1qbNtyYj9yzd3SvxbGt+fY/NWb/vpr+JKn85aZFgt2nyAx1KAa7H33o6hY15/LOGTbACLO4ihryCS7BDoE7CT5mR6Dn7lE0CBB2MnY2Tw39um5s7q9+Cs8uQtW57Mwa9ObshKxKQOTbK47SXUf1ZzZywrCGwtofarBLec/Peya+ZtzcGvzu4vAV2qatvrDJ/cbu4kq7kzWeaNr+CNFmv2DdBZ8v1aZVetqn3WTZq7ybaVqdCbnps7S63vKzqF2tdAJ2UVsGDYD4+sSfBdaluuBh0fdubYnTqVNHfaZ+l4QStX6Cs4wfKfrVs9ZPv11M5fds28DTnze6H6102a2wU8mqnuS2yhni7zxhs8U3F/H1O/mBZWgB/WMrNqFvx1k+aGtv8GoDt5nl6m1x9L4JMq83qprKHS3e31GdhiOQ0Kbyy7Zt7vht84Kge/97LlZdClWXbf9vq9MsmfeEtXMczzAM+rDtwkyF54kSr1XgHwzrWdNTuyQh3IoJ8cdQzIc0b83nuDf7iC/drgvzYIjpHgeBWJ3ncQRARXgvtFcI1h2dtr6e7W9IBoOrNQhYFYA4wAPlhew+CbOgCedZPmPg88kQJBExk7SLR3pb38ZCa/e4sXi/GSTK66P9e/bll+bWdNA19HzD8a4EgR5orFcqF44FLI5kgDBIctOYGWcAIN4QQHNUnwuHTxB7339rNnxOrl13XuVg/jWhcnaq6b9ALrJr0wT5VfJcc9eyl3afarlfDxVCtlcjXl/OupE6mrI9SBs4H3SjV3UqK5UxNef/i1yNb3Sa8GAB8CU4f+YFRdDKZTT8hvfnxZd8sZwzYDp/gLMHwTQGACwv31JEjoiP+/xD3BcxG8bmXj2s29Nn4Zq3qOX35d59J101fkzN8esnbiC1OAWSFjk2pd1Gr7DmieLvMG3+khxq/wDL3w739i2XWdc4bVCevrEvydph4N8OcKG8s1dybbvWJl3lDtJ1ZoVnKsWtbqoOCMnosBll3XmYO/ndm/RtGrifFZMxI6JZo7g46eJnVioGeBXOqkrcT6/jNWTO58e6+/H1VX4yj1CP5OU49m7cQXGDy17QGBrxoJbHxWwkfEP1c3CgWLCZ8dNxZYvPK9aCMH6d3OGtMFxinoismdOfifhAT79g0E3jbCYBMAKhG4xcfoEGYER8LJIQzd0MpLq7p8h7B3of1moKVrcqfW4xiaegV/zcQ5rJk4Zz1whMLmrNZtteZ3uA9nsblTGZKxLV7lob0CjO2a3Kl71pm6r3vwQ/avmTjnTYGz00uxrJbu1N59/n+70lqy8aOcqxcUiW/smtw5E6CrztR9vwB/zcQ57DK1jfe+Pue/QCfan3lJniaaOz1gT7NDopOnCK4Em7IaDS+iS5Qfd02ef92QG4+o5+GrryRPlmx6fBm7/nsb7319zvwdzhg+FGFUmPAJfYAw4SPi+/Xhhk0dW4ay6OP32aAfR/UB0R5P0J4DfHHQ2L303cnz63rshH4mQ+4a/YhB/jL0+p0gCnCCvXfcwPFTUa7aeDRPbvgjszYsrdTpWwAcvvz6+Vv6w1iZfga8rJ4w+4vA42o5eGGyx473W9XFxfCZAXvSXaLAkzjQ4RWFY/sL8P0O/NUTZuvud41h5YRZZwC/S2b2bH9gL28gHsrQwo4MMG7ZjReAJQptmtgtrN7FpR/K7neNoQXGfgyPKZxerAKGXb7K8O5BYPxunt0Lg3hnc8m9kuYDY7uun7+pv42T6W8/aOWEWaycMIuPwevyNcDP7eSMBrt47OPthAq4jsMRA4exVb0spf8ydI+mxrZQy8HvQbomzGLoXWNYPmHmVxWuDIEHKOAwmBbECCKGk4ccxGB3QBTxB3H8j4FRXde/vKXr+vmag19nsnzCLIbd3c6yC2feDHxToRtgR68JFx94YwweylUjPkerFEB1M8qVXde/eBHB/f1VhAaSfe7p2FeQBQfozq3neAfhOAWaCk00NTXT3NyCNLXwT68/fvBzl097ba+/O5wV33uxX4+HaRTgP3V3B29dMOPNN2X50GO6h/mt38ZEl2NcWp3Cxc9dPu21S+/5Zr8HvuGYH8rUqVfc6zru+EKhiaZCE81NLTS3DFjluk0HGnE+OPGkCxtiHNxGBN8x5hERM96IwTEOxnEwxv39uM9N/KCRxsE0IvjGOAuNMVt8le/gOC6OcZ9tuHGgIUWXGuNsdYyDBPbecZyXcvAbQM6/4B83OkZWi3FwHRfHdTGOuzQHv2FUvzsj8vSdAq5bWJGD3zDgm07HMRingOO67DBghw9y8BvH43/diIPruriOi1tokhz8BvL4HccNVT5OoUAOfqP8cMdd5YPv4LpNFNzmHPxGkTPOvHyN4zg+8wtNNLe05OA3GPspuAUKhSYU2TkHv4Gk4BQ8t9BEU6GZ5qbmQTn4jeTxu4WX3EKBQnMzheaW3XPwG0Se++0DtB97zqjWloG7NhVa7m5pGjCYXBpHXlsQ3wZ/w/plDfX7/w9sJTyL9hMvGQAAAABJRU5ErkJggg== 154 | mediatype: image/png 155 | install: 156 | spec: 157 | clusterPermissions: 158 | - rules: 159 | - apiGroups: 160 | - storage.k8s.io 161 | resources: 162 | - storageclasses 163 | verbs: 164 | - get 165 | - list 166 | - watch 167 | serviceAccountName: ibm-mongodb-operator 168 | deployments: 169 | - name: ibm-mongodb-operator 170 | spec: 171 | replicas: 1 172 | selector: 173 | matchLabels: 174 | name: ibm-mongodb-operator 175 | strategy: {} 176 | template: 177 | metadata: 178 | annotations: 179 | productID: 068a62892a1e4db39641342e592daa25 180 | productMetric: FREE 181 | productName: IBM Cloud Platform Common Services 182 | labels: 183 | intent: projected 184 | name: ibm-mongodb-operator 185 | spec: 186 | containers: 187 | - command: 188 | - '/manager' 189 | env: 190 | - name: WATCH_NAMESPACE 191 | valueFrom: 192 | configMapKeyRef: 193 | name: namespace-scope 194 | key: namespaces 195 | - name: POD_NAME 196 | valueFrom: 197 | fieldRef: 198 | fieldPath: metadata.name 199 | - name: OPERATOR_NAME 200 | value: ibm-mongodb-operator 201 | - name: IBM_MONGODB_INSTALL_IMAGE 202 | value: icr.io/cpopen/cpfs/ibm-mongodb-install:3.19.23 203 | - name: IBM_MONGODB_IMAGE 204 | value: icr.io/cpopen/cpfs/ibm-mongodb:3.19.23-mongodb.4.0.24 205 | - name: IBM_MONGODB_EXPORTER_IMAGE 206 | value: icr.io/cpopen/cpfs/ibm-mongodb-exporter:3.19.23 207 | image: icr.io/cpopen/ibm-mongodb-operator:1.18.13 208 | imagePullPolicy: IfNotPresent 209 | name: ibm-mongodb-operator 210 | resources: 211 | limits: 212 | cpu: 40m 213 | memory: 200Mi 214 | requests: 215 | cpu: 40m 216 | memory: 200Mi 217 | securityContext: 218 | allowPrivilegeEscalation: false 219 | capabilities: 220 | drop: 221 | - ALL 222 | privileged: false 223 | readOnlyRootFilesystem: true 224 | runAsNonRoot: true 225 | serviceAccountName: ibm-mongodb-operator 226 | hostIPC: false 227 | hostNetwork: false 228 | hostPID: false 229 | affinity: 230 | nodeAffinity: 231 | requiredDuringSchedulingIgnoredDuringExecution: 232 | nodeSelectorTerms: 233 | - matchExpressions: 234 | - key: kubernetes.io/arch 235 | operator: In 236 | values: 237 | - amd64 238 | - ppc64le 239 | - s390x 240 | permissions: 241 | - rules: 242 | - apiGroups: 243 | - "" 244 | resources: 245 | - pods 246 | - services 247 | - services/finalizers 248 | - serviceaccounts 249 | - endpoints 250 | - persistentvolumeclaims 251 | - events 252 | - configmaps 253 | - secrets 254 | verbs: 255 | - create 256 | - delete 257 | - get 258 | - list 259 | - patch 260 | - update 261 | - watch 262 | - apiGroups: 263 | - apps 264 | resources: 265 | - deployments 266 | - daemonsets 267 | - replicasets 268 | - statefulsets 269 | verbs: 270 | - create 271 | - delete 272 | - get 273 | - list 274 | - patch 275 | - update 276 | - watch 277 | - apiGroups: 278 | - monitoring.coreos.com 279 | resources: 280 | - servicemonitors 281 | verbs: 282 | - get 283 | - create 284 | - apiGroups: 285 | - apps 286 | resourceNames: 287 | - ibm-mongodb-operator 288 | resources: 289 | - deployments/finalizers 290 | verbs: 291 | - update 292 | - apiGroups: 293 | - operator.ibm.com 294 | resources: 295 | - mongodbs 296 | - mongodbs/finalizers 297 | - mongodbs/status 298 | verbs: 299 | - create 300 | - delete 301 | - get 302 | - list 303 | - patch 304 | - update 305 | - watch 306 | - apiGroups: 307 | - certmanager.k8s.io 308 | resources: 309 | - certificates 310 | - certificaterequests 311 | - orders 312 | - challenges 313 | - issuers 314 | verbs: 315 | - delete 316 | - get 317 | - list 318 | - watch 319 | - apiGroups: 320 | - cert-manager.io 321 | resources: 322 | - certificates 323 | - certificaterequests 324 | - orders 325 | - challenges 326 | - issuers 327 | verbs: 328 | - create 329 | - delete 330 | - get 331 | - list 332 | - patch 333 | - update 334 | - watch 335 | serviceAccountName: ibm-mongodb-operator 336 | strategy: deployment 337 | installModes: 338 | - supported: true 339 | type: OwnNamespace 340 | - supported: true 341 | type: SingleNamespace 342 | - supported: true 343 | type: MultiNamespace 344 | - supported: true 345 | type: AllNamespaces 346 | keywords: 347 | - IBM 348 | - Cloud 349 | labels: 350 | name: ibm-mongodb-operator 351 | links: 352 | - name: IBM MongoDB Operator Project 353 | url: https://github.com/IBM/ibm-mongodb-operator 354 | maintainers: 355 | - email: supports@ibm.com 356 | name: IBM Support 357 | maturity: alpha 358 | minKubeVersion: 1.19.0 359 | provider: 360 | name: IBM 361 | relatedImages: 362 | - name: IBM_MONGODB_INSTALL_IMAGE 363 | image: icr.io/cpopen/cpfs/ibm-mongodb-install:3.19.23 364 | - name: IBM_MONGODB_IMAGE 365 | image: icr.io/cpopen/cpfs/ibm-mongodb:3.19.23-mongodb.4.0.24 366 | - name: IBM_MONGODB_EXPORTER_IMAGE 367 | image: icr.io/cpopen/cpfs/ibm-mongodb-exporter:3.19.23 368 | - name: IBM_MONGODB_OPERATOR_IMAGE 369 | image: icr.io/cpopen/ibm-mongodb-operator:1.18.13 370 | version: 1.18.13 -------------------------------------------------------------------------------- /bundle/manifests/operator.ibm.com_mongodbs.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | annotations: 5 | controller-gen.kubebuilder.io/version: v0.5.0 6 | name: mongodbs.operator.ibm.com 7 | labels: 8 | app.kubernetes.io/instance: mongodbs.operator.ibm.com 9 | app.kubernetes.io/managed-by: mongodbs.operator.ibm.com 10 | app.kubernetes.io/name: mongodbs.operator.ibm.com 11 | spec: 12 | group: operator.ibm.com 13 | names: 14 | kind: MongoDB 15 | listKind: MongoDBList 16 | plural: mongodbs 17 | singular: mongodb 18 | scope: Namespaced 19 | versions: 20 | - name: v1alpha1 21 | schema: 22 | openAPIV3Schema: 23 | description: MongoDB is the Schema for the mongodbs API 24 | properties: 25 | apiVersion: 26 | description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 27 | type: string 28 | kind: 29 | description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 30 | type: string 31 | metadata: 32 | type: object 33 | spec: 34 | x-kubernetes-preserve-unknown-fields: true 35 | description: MongoDBSpec defines the desired state of MongoDB 36 | properties: 37 | bootstrapImage: 38 | description: 'NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized.' 39 | properties: 40 | tag: 41 | type: string 42 | type: object 43 | imageRegistry: 44 | type: string 45 | initImage: 46 | description: 'NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized.' 47 | properties: 48 | tag: 49 | type: string 50 | type: object 51 | metricsImage: 52 | description: 'NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized.' 53 | properties: 54 | tag: 55 | type: string 56 | type: object 57 | pvc: 58 | description: MongoDBPVCSpec defines the desired state of the MongoDB PVCs 59 | properties: 60 | resources: 61 | description: ResourceRequirements describes the compute resource requirements. 62 | properties: 63 | limits: 64 | additionalProperties: 65 | anyOf: 66 | - type: integer 67 | - type: string 68 | pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 69 | x-kubernetes-int-or-string: true 70 | description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 71 | type: object 72 | requests: 73 | additionalProperties: 74 | anyOf: 75 | - type: integer 76 | - type: string 77 | pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 78 | x-kubernetes-int-or-string: true 79 | description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 80 | type: object 81 | type: object 82 | type: object 83 | replicas: 84 | type: integer 85 | resources: 86 | description: ResourceRequirements describes the compute resource requirements. 87 | properties: 88 | limits: 89 | additionalProperties: 90 | anyOf: 91 | - type: integer 92 | - type: string 93 | pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 94 | x-kubernetes-int-or-string: true 95 | description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 96 | type: object 97 | requests: 98 | additionalProperties: 99 | anyOf: 100 | - type: integer 101 | - type: string 102 | pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 103 | x-kubernetes-int-or-string: true 104 | description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 105 | type: object 106 | type: object 107 | storageClass: 108 | type: string 109 | type: object 110 | status: 111 | description: MongoDBStatus defines the observed state of MongoDB 112 | properties: 113 | storageClass: 114 | type: string 115 | type: object 116 | x-kubernetes-preserve-unknown-fields: true 117 | type: object 118 | served: true 119 | storage: true 120 | subresources: 121 | status: {} 122 | status: 123 | acceptedNames: 124 | kind: "" 125 | plural: "" 126 | conditions: [] 127 | storedVersions: [] 128 | -------------------------------------------------------------------------------- /bundle/metadata/annotations.yaml: -------------------------------------------------------------------------------- 1 | annotations: 2 | operators.operatorframework.io.bundle.channels.v1: alpha 3 | operators.operatorframework.io.bundle.manifests.v1: manifests/ 4 | operators.operatorframework.io.bundle.mediatype.v1: registry+v1 5 | operators.operatorframework.io.bundle.metadata.v1: metadata/ 6 | operators.operatorframework.io.bundle.package.v1: ibm-mongodb-operator-app 7 | operators.operatorframework.io.metrics.builder: operator-sdk-v1.1.0 8 | operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 9 | operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v2 10 | operators.operatorframework.io.test.config.v1: tests/scorecard/ 11 | operators.operatorframework.io.test.mediatype.v1: scorecard+v1 12 | -------------------------------------------------------------------------------- /common/Makefile.common.mk: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Copyright 2021 IBM Corporation 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | ############################################################ 19 | # GKE section 20 | ############################################################ 21 | PROJECT ?= oceanic-guard-191815 22 | ZONE ?= us-east5-c 23 | CLUSTER ?= bedrock-prow 24 | 25 | activate-serviceaccount: 26 | ifdef GOOGLE_APPLICATION_CREDENTIALS 27 | gcloud auth activate-service-account --key-file="$(GOOGLE_APPLICATION_CREDENTIALS)" 28 | endif 29 | 30 | get-cluster-credentials: activate-serviceaccount 31 | gcloud container clusters get-credentials "$(CLUSTER)" --project="$(PROJECT)" --zone="$(ZONE)" 32 | 33 | config-docker: get-cluster-credentials 34 | @common/scripts/config_docker.sh 35 | 36 | install-operator-sdk: 37 | @operator-sdk version 2> /dev/null ; if [ $$? -ne 0 ]; then ./common/scripts/install-operator-sdk.sh; fi 38 | 39 | FINDFILES=find . \( -path ./.git -o -path ./.github \) -prune -o -type f 40 | XARGS = xargs -0 ${XARGS_FLAGS} 41 | CLEANXARGS = xargs ${XARGS_FLAGS} 42 | 43 | lint-copyright-banner: 44 | @${FINDFILES} \( -name '*.go' -o -name '*.cc' -o -name '*.h' -o -name '*.proto' -o -name '*.py' -o -name '*.sh' \) \( ! \( -name '*.gen.go' -o -name '*.pb.go' -o -name '*_pb2.py' \) \) -print0 |\ 45 | ${XARGS} common/scripts/lint_copyright_banner.sh 46 | 47 | lint-go: 48 | @${FINDFILES} -name '*.go' \( ! \( -name '*.gen.go' -o -name '*.pb.go' \) \) -print0 | ${XARGS} common/scripts/lint_go.sh 49 | 50 | lint-all: lint-copyright-banner lint-go 51 | 52 | # Run go vet for this project. More info: https://golang.org/cmd/vet/ 53 | code-vet: 54 | @echo go vet 55 | go vet $$(go list ./... ) 56 | 57 | # Run go fmt for this project 58 | code-fmt: 59 | @echo go fmt 60 | go fmt $$(go list ./... ) 61 | 62 | # Run go mod tidy to update dependencies 63 | code-tidy: 64 | @echo go mod tidy 65 | go mod tidy -v 66 | 67 | # Run the operator-sdk commands to generated code (k8s and openapi and csv) 68 | code-gen: 69 | @echo Updating the deep copy files with the changes in the API 70 | operator-sdk generate k8s 71 | # Workaround for relative/absolute path issue 72 | # see https://github.com/IBM/meta-operator/pull/32 73 | @echo Updating the CRD files with the OpenAPI validations 74 | # Build the latest openapi-gen from source 75 | operator-sdk generate crds 76 | which ./build/_generate/bin/openapi-gen > /dev/null || go build -o ./build/_generate/bin/openapi-gen k8s.io/kube-openapi/cmd/openapi-gen 77 | # Run openapi-gen for each of your API group/version packages 78 | GOPATH=/tmp ./build/_generate/bin/openapi-gen --logtostderr=true -o "" -i ./pkg/apis/operator/v1alpha1 -O zz_generated.openapi -p ./pkg/apis/operator/v1alpha1/ -h ./hack/boilerplate.go.txt -r "-" 79 | 80 | csv-gen: 81 | @echo Updating the CSV files with the changes in the CRD 82 | operator-sdk generate csv --csv-version ${CSV_VERSION} --update-crds 83 | 84 | bundle: 85 | @echo --- Updating the ibm-mongodb-metadata.zip with latest yamls from olm-catalog for Red Hat Certification --- 86 | cd deploy/olm-catalog/ibm-mongodb-operator/; zip -r ibm-mongodb-metadata * 87 | 88 | 89 | install-operator-courier: 90 | @echo --- Installing Operator Courier --- 91 | pip3 install operator-courier 92 | 93 | verify-bundle: scorecard 94 | @echo --- Verify Bundle is Redhat Certify ready --- 95 | operator-courier --verbose verify --ui_validate_io deploy/olm-catalog/ibm-mongodb-operator/ 96 | 97 | redhat-certify-ready: bundle install-operator-courier verify-bundle 98 | 99 | 100 | 101 | .PHONY: code-vet code-fmt code-tidy code-gen csv-gen lint-copyright-banner lint-go lint-all config-docker install-operator-sdk bundle install-operator-courier verify-bundle redhat-certify-ready 102 | -------------------------------------------------------------------------------- /common/config/.golangci.yml: -------------------------------------------------------------------------------- 1 | service: 2 | # When updating this, also update the version stored in docker/build-tools/Dockerfile in the multicloudlab/tools repo. 3 | golangci-lint-version: 1.18.x # use the fixed version to not introduce new linters unexpectedly 4 | run: 5 | # timeout for analysis, e.g. 30s, 5m, default is 1m 6 | deadline: 20m 7 | 8 | # which dirs to skip: they won't be analyzed; 9 | # can use regexp here: generated.*, regexp is applied on full path; 10 | # default value is empty list, but next dirs are always skipped independently 11 | # from this option's value: 12 | # vendor$, third_party$, testdata$, examples$, Godeps$, builtin$ 13 | skip-dirs: 14 | - genfiles$ 15 | - vendor$ 16 | 17 | # which files to skip: they will be analyzed, but issues from them 18 | # won't be reported. Default value is empty list, but there is 19 | # no need to include all autogenerated files, we confidently recognize 20 | # autogenerated files. If it's not please let us know. 21 | skip-files: 22 | - ".*\\.pb\\.go" 23 | - ".*\\.gen\\.go" 24 | 25 | linters: 26 | # please, do not use `enable-all`: it's deprecated and will be removed soon. 27 | # inverted configuration with `enable-all` and `disable` is not scalable during updates of golangci-lint 28 | disable-all: true 29 | enable: 30 | - deadcode 31 | - errcheck 32 | - goconst 33 | - gocritic 34 | #- gocyclo 35 | - gofmt 36 | - goimports 37 | - golint 38 | - gosec 39 | - gosimple 40 | - govet 41 | - ineffassign 42 | - interfacer 43 | - lll 44 | - misspell 45 | - staticcheck 46 | - structcheck 47 | - stylecheck 48 | - typecheck 49 | - unconvert 50 | - unparam 51 | - unused 52 | - varcheck 53 | # don't enable: 54 | # - bodyclose 55 | # - depguard 56 | # - dogsled 57 | # - dupl 58 | # - funlen 59 | # - gochecknoglobals 60 | # - gochecknoinits 61 | # - gocognit 62 | # - godox 63 | # - maligned 64 | # - nakedret 65 | # - prealloc 66 | # - scopelint 67 | # - whitespace 68 | 69 | linters-settings: 70 | errcheck: 71 | # report about not checking of errors in type assetions: `a := b.(MyStruct)`; 72 | # default is false: such cases aren't reported by default. 73 | check-type-assertions: false 74 | 75 | # report about assignment of errors to blank identifier: `num, _ := strconv.Atoi(numStr)`; 76 | # default is false: such cases aren't reported by default. 77 | check-blank: false 78 | govet: 79 | # report about shadowed variables 80 | check-shadowing: false 81 | golint: 82 | # minimal confidence for issues, default is 0.8 83 | min-confidence: 0.0 84 | gofmt: 85 | # simplify code: gofmt with `-s` option, true by default 86 | simplify: true 87 | goimports: 88 | # put imports beginning with prefix after 3rd-party packages; 89 | # it's a comma-separated list of prefixes 90 | local-prefixes: github.com/IBM/ 91 | maligned: 92 | # print struct with more effective memory layout or not, false by default 93 | suggest-new: true 94 | misspell: 95 | # Correct spellings using locale preferences for US or UK. 96 | # Default is to use a neutral variety of English. 97 | # Setting locale to US will correct the British spelling of 'colour' to 'color'. 98 | locale: US 99 | ignore-words: 100 | - cancelled 101 | lll: 102 | # max line length, lines longer will be reported. Default is 120. 103 | # '\t' is counted as 1 character by default, and can be changed with the tab-width option 104 | line-length: 99999 105 | # tab width in spaces. Default to 1. 106 | tab-width: 1 107 | unused: 108 | # treat code as a program (not a library) and report unused exported identifiers; default is false. 109 | # XXX: if you enable this setting, unused will report a lot of false-positives in text editors: 110 | # if it's called for subdir of a project it can't find funcs usages. All text editor integrations 111 | # with golangci-lint call it on a directory with the changed file. 112 | check-exported: false 113 | unparam: 114 | # call graph construction algorithm (cha, rta). In general, use cha for libraries, 115 | # and rta for programs with main packages. Default is cha. 116 | algo: cha 117 | 118 | # Inspect exported functions, default is false. Set to true if no external program/library imports your code. 119 | # XXX: if you enable this setting, unparam will report a lot of false-positives in text editors: 120 | # if it's called for subdir of a project it can't find external interfaces. All text editor integrations 121 | # with golangci-lint call it on a directory with the changed file. 122 | check-exported: false 123 | gocritic: 124 | enabled-checks: 125 | - appendCombine 126 | - argOrder 127 | - assignOp 128 | - badCond 129 | - boolExprSimplify 130 | - builtinShadow 131 | - captLocal 132 | - caseOrder 133 | - codegenComment 134 | - commentedOutCode 135 | - commentedOutImport 136 | - defaultCaseOrder 137 | - deprecatedComment 138 | - docStub 139 | - dupArg 140 | - dupBranchBody 141 | - dupCase 142 | - dupSubExpr 143 | - elseif 144 | - emptyFallthrough 145 | - equalFold 146 | - flagDeref 147 | - flagName 148 | - hexLiteral 149 | - indexAlloc 150 | - initClause 151 | - methodExprCall 152 | - nilValReturn 153 | - octalLiteral 154 | - offBy1 155 | - rangeExprCopy 156 | - regexpMust 157 | - sloppyLen 158 | - stringXbytes 159 | - switchTrue 160 | - typeAssertChain 161 | - typeSwitchVar 162 | - typeUnparen 163 | - underef 164 | - unlambda 165 | - unnecessaryBlock 166 | - unslice 167 | - valSwap 168 | - weakCond 169 | 170 | # Unused 171 | # - yodaStyleExpr 172 | # - appendAssign 173 | # - commentFormatting 174 | # - emptyStringTest 175 | # - exitAfterDefer 176 | # - ifElseChain 177 | # - hugeParam 178 | # - importShadow 179 | # - nestingReduce 180 | # - paramTypeCombine 181 | # - ptrToRefParam 182 | # - rangeValCopy 183 | # - singleCaseSwitch 184 | # - sloppyReassign 185 | # - unlabelStmt 186 | # - unnamedResult 187 | # - wrapperFunc 188 | 189 | issues: 190 | # List of regexps of issue texts to exclude, empty list by default. 191 | # But independently from this option we use default exclude patterns, 192 | # it can be disabled by `exclude-use-default: false`. To list all 193 | # excluded by default patterns execute `golangci-lint run --help` 194 | exclude: 195 | - composite literal uses unkeyed fields 196 | 197 | exclude-rules: 198 | # Exclude some linters from running on test files. 199 | - path: _test\.go$|^tests/|^samples/ 200 | linters: 201 | - errcheck 202 | - maligned 203 | 204 | # Independently from option `exclude` we use default exclude patterns, 205 | # it can be disabled by this option. To list all 206 | # excluded by default patterns execute `golangci-lint run --help`. 207 | # Default value for this option is true. 208 | exclude-use-default: true 209 | 210 | # Maximum issues count per one linter. Set to 0 to disable. Default is 50. 211 | max-per-linter: 0 212 | 213 | # Maximum count of issues with the same text. Set to 0 to disable. Default is 3. 214 | max-same-issues: 0 215 | -------------------------------------------------------------------------------- /common/scripts/.githooks/make_lint-all.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Copyright 2021 IBM Corporation 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | # Launches fmt and lint checks 19 | make lint-all 20 | -------------------------------------------------------------------------------- /common/scripts/.githooks/pre-commit: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Copyright 2020 The Kubernetes Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # This hook is called with the following parameters: 18 | # 19 | # $1 -- Name of the remote to which the push is being done 20 | # $2 -- URL to which the push is being done 21 | # 22 | # If pushing without using a named remote those arguments will be equal. 23 | # 24 | # Information about the commits which are being pushed is supplied as lines to 25 | # the standard input in the form: 26 | # 27 | # 28 | # 29 | 30 | remote="$1" 31 | url="$2" 32 | 33 | .git/hooks/make_lint-all.sh 34 | 35 | exit $? 36 | -------------------------------------------------------------------------------- /common/scripts/add-image-shas.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # 4 | # Copyright 2021 IBM Corporation 5 | # 6 | # Licensed under the Apache License, Version 2.0 (the "License"); 7 | # you may not use this file except in compliance with the License. 8 | # You may obtain a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, software 13 | # distributed under the License is distributed on an "AS IS" BASIS, 14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | # See the License for the specific language governing permissions and 16 | # limitations under the License. 17 | # 18 | 19 | echo "Is the deploy/operator.yaml updated with the latest tags? [Enter once it is]" 20 | 21 | EXPORTER_MONGODB_IMAGE=$(cat deploy/operator.yaml | grep mongodb-exporter | cut -d ' ' -f16) 22 | INSTALL_MONGODB_IMAGE=$(cat deploy/operator.yaml | grep mongodb-install | cut -d ' ' -f16) 23 | MONGODB_IMAGE=$(cat deploy/operator.yaml | grep mongodb: | cut -d ' ' -f16) 24 | 25 | EXPORTER_SHA=$(docker pull $EXPORTER_MONGODB_IMAGE | grep Digest | cut -d ':' -f3) 26 | INSTALL_SHA=$(docker pull $INSTALL_MONGODB_IMAGE | grep Digest | cut -d ':' -f3) 27 | MONGODB_SHA=$(docker pull $MONGODB_IMAGE | grep Digest | cut -d ':' -f3) 28 | 29 | CSV_VERSION=$(cat version/version.go | grep "Version =" | cut -d '"' -f2) 30 | 31 | gsed -i "s/ibm-mongodb-install@sha.*/ibm-mongodb-install@sha256:$INSTALL_SHA/g" deploy/olm-catalog/ibm-mongodb-operator/$CSV_VERSION/ibm-mongodb-operator.v$CSV_VERSION.clusterserviceversion.yaml 32 | gsed -i "s/ibm-mongodb-exporter@sha.*/ibm-mongodb-exporter@sha256:$EXPORTER_SHA/g" deploy/olm-catalog/ibm-mongodb-operator/$CSV_VERSION/ibm-mongodb-operator.v$CSV_VERSION.clusterserviceversion.yaml 33 | gsed -i "s/ibm-mongodb@sha.*/ibm-mongodb@sha256:$MONGODB_SHA/g" deploy/olm-catalog/ibm-mongodb-operator/$CSV_VERSION/ibm-mongodb-operator.v$CSV_VERSION.clusterserviceversion.yaml 34 | -------------------------------------------------------------------------------- /common/scripts/config_docker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Copyright 2021 IBM Corporation 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | KUBECTL=$(command -v kubectl) 19 | DOCKER_REGISTRY="docker-na-public.artifactory.swg-devops.com" 20 | DOCKER_USERNAME=$(${KUBECTL} -n default get secret artifactory-cred -o jsonpath='{.data.username}' | base64 --decode) 21 | DOCKER_PASSWORD=$(${KUBECTL} -n default get secret artifactory-cred -o jsonpath='{.data.password}' | base64 --decode) 22 | 23 | # support other container tools, e.g. podman 24 | CONTAINER_CLI=${CONTAINER_CLI:-docker} 25 | 26 | # login the docker registry 27 | ${CONTAINER_CLI} login "${DOCKER_REGISTRY}" -u "${DOCKER_USERNAME}" -p "${DOCKER_PASSWORD}" -------------------------------------------------------------------------------- /common/scripts/delete-csv.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Copyright 2021 IBM Corporation 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | set -e 18 | QUAY_NAMESPACE=${QUAY_NAMESPACE:-opencloudio} 19 | QUAY_REPOSITORY=${QUAY_REPOSITORY:-ibm-mongodb-operator-app} 20 | 21 | [[ "X$QUAY_USERNAME" == "X" ]] && read -rp "Enter username quay.io: " QUAY_USERNAME 22 | [[ "X$QUAY_PASSWORD" == "X" ]] && read -rsp "Enter password quay.io: " QUAY_PASSWORD && echo 23 | [[ "X$RELEASE" == "X" ]] && read -rp "Enter Version/Release of operator: " RELEASE 24 | 25 | # Fetch authentication token used to push to Quay.io 26 | AUTH_TOKEN=$(curl -sH "Content-Type: application/json" -XPOST https://quay.io/cnr/api/v1/users/login -d ' 27 | { 28 | "user": { 29 | "username": "'"${QUAY_USERNAME}"'", 30 | "password": "'"${QUAY_PASSWORD}"'" 31 | } 32 | }' | awk -F'"' '{print $4}') 33 | 34 | 35 | # Delete application release in repository 36 | echo "Push package ${QUAY_REPOSITORY} into namespace ${QUAY_NAMESPACE}" 37 | curl -H "Content-Type: application/json" \ 38 | -H "Authorization: ${AUTH_TOKEN}" \ 39 | -XDELETE https://quay.io/cnr/api/v1/packages/"${QUAY_NAMESPACE}"/"${QUAY_REPOSITORY}"/"${RELEASE}"/helm 40 | -------------------------------------------------------------------------------- /common/scripts/install-operator-sdk.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Copyright 2021 IBM Corporation 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | echo ">>> Installing Operator SDK" 19 | 20 | # Use version 0.10.0 21 | RELEASE_VERSION=v0.12.0 22 | # Download binary 23 | curl -LO https://github.com/operator-framework/operator-sdk/releases/download/${RELEASE_VERSION}/operator-sdk-${RELEASE_VERSION}-x86_64-linux-gnu 24 | # Install binary 25 | chmod +x operator-sdk-${RELEASE_VERSION}-x86_64-linux-gnu && mkdir -p /usr/local/bin/ && cp operator-sdk-${RELEASE_VERSION}-x86_64-linux-gnu /usr/local/bin/operator-sdk && rm operator-sdk-${RELEASE_VERSION}-x86_64-linux-gnu -------------------------------------------------------------------------------- /common/scripts/lint_copyright_banner.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Copyright 2021 IBM Corporation 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | set -e 19 | 20 | ec=0 21 | for fn in "$@"; do 22 | if ! grep -L -q -e "Apache License, Version 2" "${fn}"; then 23 | echo "Missing license: ${fn}" 24 | ec=1 25 | fi 26 | 27 | if ! grep -L -q -e "Copyright" "${fn}"; then 28 | echo "Missing copyright: ${fn}" 29 | ec=1 30 | fi 31 | done 32 | 33 | exit $ec 34 | -------------------------------------------------------------------------------- /common/scripts/lint_go.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Copyright 2021 IBM Corporation 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | GOGC=25 golangci-lint run -c ./common/config/.golangci.yml 19 | -------------------------------------------------------------------------------- /common/scripts/next-csv.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # 4 | # Copyright 2021 IBM Corporation 5 | # 6 | # Licensed under the Apache License, Version 2.0 (the "License"); 7 | # you may not use this file except in compliance with the License. 8 | # You may obtain a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, software 13 | # distributed under the License is distributed on an "AS IS" BASIS, 14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | # See the License for the specific language governing permissions and 16 | # limitations under the License. 17 | # 18 | 19 | # This script needs to inputs 20 | # The CSV version that is currently in dev 21 | 22 | CURRENT_DEV_CSV=$1 23 | let NEW_DEV_CSV_Z=$(echo $CURRENT_DEV_CSV | cut -d '.' -f3)+1 24 | NEW_DEV_CSV=$(echo $CURRENT_DEV_CSV | gsed "s/\.[0-9][0-9]*$/\.$NEW_DEV_CSV_Z/") 25 | let PREVIOUS_DEV_CSV_Z=$(echo $CURRENT_DEV_CSV | cut -d '.' -f3)-1 26 | PREVIOUS_DEV_CSV=$(echo $CURRENT_DEV_CSV | gsed "s/\.[0-9][0-9]*$/\.$PREVIOUS_DEV_CSV_Z/") 27 | 28 | CSV_PATH=deploy/olm-catalog/ibm-mongodb-operator/ 29 | #echo $NEW_DEV_CSV 30 | # Make new z level release directory 31 | mkdir $CSV_PATH/$NEW_DEV_CSV 32 | echo "Made new directory" 33 | read 34 | # Copy Current CSV directory to new one 35 | cp $CSV_PATH/$CURRENT_DEV_CSV/* $CSV_PATH/$NEW_DEV_CSV/ 36 | echo "Copied current csv to new directory" 37 | read 38 | 39 | # Change to new CSV Version 40 | mv $CSV_PATH/$NEW_DEV_CSV/ibm-mongodb-operator.v$CURRENT_DEV_CSV.clusterserviceversion.yaml $CSV_PATH/$NEW_DEV_CSV/ibm-mongodb-operator.v$NEW_DEV_CSV.clusterserviceversion.yaml 41 | echo "Changed file name csv in new directory" 42 | read 43 | 44 | # Update New CSV 45 | # replace old CSV value with new one 46 | gsed -i "s/$CURRENT_DEV_CSV/$NEW_DEV_CSV/g" $CSV_PATH/$NEW_DEV_CSV/ibm-mongodb-operator.v$NEW_DEV_CSV.clusterserviceversion.yaml 47 | TIME_STAMP=$(date '+%Y-%m-%dT%H:%M:%S'Z) 48 | gsed -i "s/2[0-9]*-[0-9]*-[0-9]*T[0-9]*:[0-9]*:[0-9]*Z/$TIME_STAMP/g" $CSV_PATH/$NEW_DEV_CSV/ibm-mongodb-operator.v$NEW_DEV_CSV.clusterserviceversion.yaml 49 | echo "Updated New file with new CSV version" 50 | gsed -i "s/$PREVIOUS_DEV_CSV/$CURRENT_DEV_CSV/g" $CSV_PATH/$NEW_DEV_CSV/ibm-mongodb-operator.v$NEW_DEV_CSV.clusterserviceversion.yaml 51 | echo "Updated the replaces version line" 52 | read 53 | 54 | #Update version.go to new dev version 55 | gsed -i "s/$CURRENT_DEV_CSV/$NEW_DEV_CSV/" version/version.go 56 | gsed -i "s/$CURRENT_DEV_CSV/$NEW_DEV_CSV/" Makefile 57 | echo "Updated the version.go and Makefile with new version (Push Enter when done): " 58 | read 59 | 60 | # Push CSV package yaml to quay 61 | # common/scripts/push-csv.sh 62 | # echo "Pushed CSV to quay " 63 | # read 64 | -------------------------------------------------------------------------------- /common/scripts/push-csv.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Copyright 2021 IBM Corporation 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | # 17 | 18 | set -e 19 | QUAY_NAMESPACE=${QUAY_NAMESPACE:-opencloudio} 20 | QUAY_REPOSITORY=${QUAY_REPOSITORY:-ibm-mongodb-operator-app} 21 | BUNDLE_DIR=${BUNDLE_DIR:-deploy/olm-catalog/ibm-mongodb-operator} 22 | 23 | [[ "X$QUAY_USERNAME" == "X" ]] && read -rp "Enter username quay.io: " QUAY_USERNAME 24 | [[ "X$QUAY_PASSWORD" == "X" ]] && read -rsp "Enter password quay.io: " QUAY_PASSWORD && echo 25 | [[ "X$RELEASE" == "X" ]] && read -rp "Enter Version/Release of operator: " RELEASE 26 | 27 | # Fetch authentication token used to push to Quay.io 28 | AUTH_TOKEN=$(curl -sH "Content-Type: application/json" -XPOST https://quay.io/cnr/api/v1/users/login -d ' 29 | { 30 | "user": { 31 | "username": "'"${QUAY_USERNAME}"'", 32 | "password": "'"${QUAY_PASSWORD}"'" 33 | } 34 | }' | awk -F'"' '{print $4}') 35 | 36 | function cleanup() { 37 | rm -f bundle.tar.gz 38 | } 39 | trap cleanup EXIT 40 | 41 | tar czf bundle.tar.gz "${BUNDLE_DIR}" 42 | 43 | if [[ "${OSTYPE}" == "darwin"* ]]; then 44 | BLOB=$(base64 -b0 < bundle.tar.gz) 45 | else 46 | BLOB=$(base64 -w0 < bundle.tar.gz) 47 | fi 48 | 49 | # Push application to repository 50 | echo "Push package ${QUAY_REPOSITORY} into namespace ${QUAY_NAMESPACE}" 51 | curl -H "Content-Type: application/json" \ 52 | -H "Authorization: ${AUTH_TOKEN}" \ 53 | -XPOST https://quay.io/cnr/api/v1/packages/"${QUAY_NAMESPACE}"/"${QUAY_REPOSITORY}" -d ' 54 | { 55 | "blob": "'"${BLOB}"'", 56 | "release": "'"${RELEASE}"'", 57 | "media_type": "helm" 58 | }' 59 | 60 | -------------------------------------------------------------------------------- /config/certmanager/certificate.yaml: -------------------------------------------------------------------------------- 1 | # The following manifests contain a self-signed issuer CR and a certificate CR. 2 | # More document can be found at https://docs.cert-manager.io 3 | # WARNING: Targets CertManager 0.11 check https://docs.cert-manager.io/en/latest/tasks/upgrading/index.html for 4 | # breaking changes 5 | apiVersion: cert-manager.io/v1 6 | kind: Issuer 7 | metadata: 8 | name: selfsigned-issuer 9 | namespace: system 10 | spec: 11 | selfSigned: {} 12 | --- 13 | apiVersion: cert-manager.io/v1 14 | kind: Certificate 15 | metadata: 16 | name: serving-cert # this name should match the one appeared in kustomizeconfig.yaml 17 | namespace: system 18 | spec: 19 | # $(SERVICE_NAME) and $(SERVICE_NAMESPACE) will be substituted by kustomize 20 | dnsNames: 21 | - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc 22 | - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc.cluster.local 23 | issuerRef: 24 | kind: Issuer 25 | name: selfsigned-issuer 26 | secretName: webhook-server-cert # this secret will not be prefixed, since it's not managed by kustomize 27 | -------------------------------------------------------------------------------- /config/certmanager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - certificate.yaml 3 | 4 | configurations: 5 | - kustomizeconfig.yaml 6 | -------------------------------------------------------------------------------- /config/certmanager/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # This configuration is for teaching kustomize how to update name ref and var substitution 2 | nameReference: 3 | - kind: Issuer 4 | group: cert-manager.io 5 | fieldSpecs: 6 | - kind: Certificate 7 | group: cert-manager.io 8 | path: spec/issuerRef/name 9 | 10 | varReference: 11 | - kind: Certificate 12 | group: cert-manager.io 13 | path: spec/commonName 14 | - kind: Certificate 15 | group: cert-manager.io 16 | path: spec/dnsNames 17 | -------------------------------------------------------------------------------- /config/crd/bases/operator.ibm.com_mongodbs.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | annotations: 5 | controller-gen.kubebuilder.io/version: v0.5.0 6 | name: mongodbs.operator.ibm.com 7 | labels: 8 | app.kubernetes.io/instance: mongodbs.operator.ibm.com 9 | app.kubernetes.io/managed-by: mongodbs.operator.ibm.com 10 | app.kubernetes.io/name: mongodbs.operator.ibm.com 11 | spec: 12 | group: operator.ibm.com 13 | names: 14 | kind: MongoDB 15 | listKind: MongoDBList 16 | plural: mongodbs 17 | singular: mongodb 18 | scope: Namespaced 19 | versions: 20 | - name: v1alpha1 21 | schema: 22 | openAPIV3Schema: 23 | description: MongoDB is the Schema for the mongodbs API 24 | properties: 25 | apiVersion: 26 | description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 27 | type: string 28 | kind: 29 | description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 30 | type: string 31 | metadata: 32 | type: object 33 | spec: 34 | description: MongoDBSpec defines the desired state of MongoDB 35 | properties: 36 | bootstrapImage: 37 | description: 'NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized.' 38 | properties: 39 | tag: 40 | type: string 41 | type: object 42 | imageRegistry: 43 | type: string 44 | initImage: 45 | description: 'NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized.' 46 | properties: 47 | tag: 48 | type: string 49 | type: object 50 | metricsImage: 51 | description: 'NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized.' 52 | properties: 53 | tag: 54 | type: string 55 | type: object 56 | pvc: 57 | description: MongoDBPVCSpec defines the desired state of the MongoDB PVCs 58 | properties: 59 | resources: 60 | description: ResourceRequirements describes the compute resource requirements. 61 | properties: 62 | limits: 63 | additionalProperties: 64 | anyOf: 65 | - type: integer 66 | - type: string 67 | pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 68 | x-kubernetes-int-or-string: true 69 | description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 70 | type: object 71 | requests: 72 | additionalProperties: 73 | anyOf: 74 | - type: integer 75 | - type: string 76 | pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 77 | x-kubernetes-int-or-string: true 78 | description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 79 | type: object 80 | type: object 81 | type: object 82 | replicas: 83 | type: integer 84 | resources: 85 | description: ResourceRequirements describes the compute resource requirements. 86 | properties: 87 | limits: 88 | additionalProperties: 89 | anyOf: 90 | - type: integer 91 | - type: string 92 | pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 93 | x-kubernetes-int-or-string: true 94 | description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 95 | type: object 96 | requests: 97 | additionalProperties: 98 | anyOf: 99 | - type: integer 100 | - type: string 101 | pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ 102 | x-kubernetes-int-or-string: true 103 | description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' 104 | type: object 105 | type: object 106 | storageClass: 107 | type: string 108 | type: object 109 | status: 110 | description: MongoDBStatus defines the observed state of MongoDB 111 | properties: 112 | storageClass: 113 | type: string 114 | type: object 115 | type: object 116 | served: true 117 | storage: true 118 | subresources: 119 | status: {} 120 | status: 121 | acceptedNames: 122 | kind: "" 123 | plural: "" 124 | conditions: [] 125 | storedVersions: [] 126 | -------------------------------------------------------------------------------- /config/crd/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # This kustomization.yaml is not intended to be run by itself, 2 | # since it depends on service name and namespace that are out of this kustomize package. 3 | # It should be run by config/default 4 | resources: 5 | - bases/mongodb.operator.ibm.com_mongodbs.yaml 6 | # +kubebuilder:scaffold:crdkustomizeresource 7 | 8 | patchesStrategicMerge: 9 | # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix. 10 | # patches here are for enabling the conversion webhook for each CRD 11 | #- patches/webhook_in_mongodbs.yaml 12 | # +kubebuilder:scaffold:crdkustomizewebhookpatch 13 | 14 | # [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix. 15 | # patches here are for enabling the CA injection for each CRD 16 | #- patches/cainjection_in_mongodbs.yaml 17 | # +kubebuilder:scaffold:crdkustomizecainjectionpatch 18 | 19 | # the following config is for teaching kustomize how to do kustomization for CRDs. 20 | configurations: 21 | - kustomizeconfig.yaml 22 | -------------------------------------------------------------------------------- /config/crd/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # This file is for teaching kustomize how to substitute name and namespace reference in CRD 2 | nameReference: 3 | - kind: Service 4 | version: v1 5 | fieldSpecs: 6 | - kind: CustomResourceDefinition 7 | group: apiextensions.k8s.io 8 | path: spec/conversion/webhookClientConfig/service/name 9 | 10 | namespace: 11 | - kind: CustomResourceDefinition 12 | group: apiextensions.k8s.io 13 | path: spec/conversion/webhookClientConfig/service/namespace 14 | create: false 15 | 16 | varReference: 17 | - path: metadata/annotations 18 | -------------------------------------------------------------------------------- /config/crd/patches/cainjection_in_mongodbs.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | annotations: 7 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 8 | name: mongodbs.mongodb.operator.ibm.com 9 | -------------------------------------------------------------------------------- /config/crd/patches/webhook_in_mongodbs.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables conversion webhook for CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | name: mongodbs.mongodb.operator.ibm.com 7 | spec: 8 | conversion: 9 | strategy: Webhook 10 | webhookClientConfig: 11 | # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, 12 | # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) 13 | caBundle: Cg== 14 | service: 15 | namespace: system 16 | name: webhook-service 17 | path: /convert 18 | -------------------------------------------------------------------------------- /config/default/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # Adds namespace to all resources. 2 | namespace: ibm-mongodb-operator-system 3 | 4 | # Value of this field is prepended to the 5 | # names of all resources, e.g. a deployment named 6 | # "wordpress" becomes "alices-wordpress". 7 | # Note that it should also match with the prefix (text before '-') of the namespace 8 | # field above. 9 | namePrefix: ibm-mongodb-operator- 10 | 11 | # Labels to add to all resources and selectors. 12 | #commonLabels: 13 | # someName: someValue 14 | 15 | bases: 16 | - ../crd 17 | - ../rbac 18 | - ../manager 19 | # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in 20 | # crd/kustomization.yaml 21 | #- ../webhook 22 | # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required. 23 | #- ../certmanager 24 | # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. 25 | - ../prometheus 26 | 27 | patchesStrategicMerge: 28 | # Protect the /metrics endpoint by putting it behind auth. 29 | # If you want your controller-manager to expose the /metrics 30 | # endpoint w/o any authn/z, please comment the following line. 31 | - manager_auth_proxy_patch.yaml 32 | 33 | # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in 34 | # crd/kustomization.yaml 35 | #- manager_webhook_patch.yaml 36 | 37 | # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 38 | # Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks. 39 | # 'CERTMANAGER' needs to be enabled to use ca injection 40 | #- webhookcainjection_patch.yaml 41 | 42 | # the following config is for teaching kustomize how to do var substitution 43 | vars: 44 | # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix. 45 | #- name: CERTIFICATE_NAMESPACE # namespace of the certificate CR 46 | # objref: 47 | # kind: Certificate 48 | # group: cert-manager.io 49 | # version: v1alpha2 50 | # name: serving-cert # this name should match the one in certificate.yaml 51 | # fieldref: 52 | # fieldpath: metadata.namespace 53 | #- name: CERTIFICATE_NAME 54 | # objref: 55 | # kind: Certificate 56 | # group: cert-manager.io 57 | # version: v1alpha2 58 | # name: serving-cert # this name should match the one in certificate.yaml 59 | #- name: SERVICE_NAMESPACE # namespace of the service 60 | # objref: 61 | # kind: Service 62 | # version: v1 63 | # name: webhook-service 64 | # fieldref: 65 | # fieldpath: metadata.namespace 66 | #- name: SERVICE_NAME 67 | # objref: 68 | # kind: Service 69 | # version: v1 70 | # name: webhook-service 71 | -------------------------------------------------------------------------------- /config/default/manager_auth_proxy_patch.yaml: -------------------------------------------------------------------------------- 1 | # This patch inject a sidecar container which is a HTTP proxy for the 2 | # controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. 3 | apiVersion: apps/v1 4 | kind: Deployment 5 | metadata: 6 | name: controller-manager 7 | namespace: system 8 | spec: 9 | template: 10 | spec: 11 | containers: 12 | - name: kube-rbac-proxy 13 | image: gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0 14 | args: 15 | - "--secure-listen-address=0.0.0.0:8443" 16 | - "--upstream=http://127.0.0.1:8080/" 17 | - "--logtostderr=true" 18 | - "--v=10" 19 | ports: 20 | - containerPort: 8443 21 | name: https 22 | - name: manager 23 | args: 24 | - "--metrics-addr=127.0.0.1:8080" 25 | - "--enable-leader-election" 26 | -------------------------------------------------------------------------------- /config/default/manager_webhook_patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | - name: manager 11 | ports: 12 | - containerPort: 9443 13 | name: webhook-server 14 | protocol: TCP 15 | volumeMounts: 16 | - mountPath: /tmp/k8s-webhook-server/serving-certs 17 | name: cert 18 | readOnly: true 19 | volumes: 20 | - name: cert 21 | secret: 22 | defaultMode: 420 23 | secretName: webhook-server-cert 24 | -------------------------------------------------------------------------------- /config/default/webhookcainjection_patch.yaml: -------------------------------------------------------------------------------- 1 | # This patch add annotation to admission webhook config and 2 | # the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize. 3 | apiVersion: admissionregistration.k8s.io/v1 4 | kind: MutatingWebhookConfiguration 5 | metadata: 6 | name: mutating-webhook-configuration 7 | annotations: 8 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 9 | --- 10 | apiVersion: admissionregistration.k8s.io/v1 11 | kind: ValidatingWebhookConfiguration 12 | metadata: 13 | name: validating-webhook-configuration 14 | annotations: 15 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 16 | -------------------------------------------------------------------------------- /config/manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manager.yaml 3 | -------------------------------------------------------------------------------- /config/manager/manager.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: ibm-mongodb-operator 5 | labels: 6 | app.kubernetes.io/instance: mongodbs.operator.ibm.com 7 | app.kubernetes.io/managed-by: mongodbs.operator.ibm.com 8 | app.kubernetes.io/name: mongodbs.operator.ibm.com 9 | spec: 10 | replicas: 1 11 | selector: 12 | matchLabels: 13 | name: ibm-mongodb-operator 14 | template: 15 | metadata: 16 | labels: 17 | name: ibm-mongodb-operator 18 | app.kubernetes.io/instance: mongodbs.operator.ibm.com 19 | app.kubernetes.io/managed-by: mongodbs.operator.ibm.com 20 | app.kubernetes.io/name: mongodbs.operator.ibm.com 21 | annotations: 22 | productName: IBM Cloud Platform Common Services 23 | productID: "068a62892a1e4db39641342e592daa25" 24 | productMetric: FREE 25 | spec: 26 | serviceAccountName: ibm-mongodb-operator 27 | hostIPC: false 28 | hostNetwork: false 29 | hostPID: false 30 | affinity: 31 | nodeAffinity: 32 | requiredDuringSchedulingIgnoredDuringExecution: 33 | nodeSelectorTerms: 34 | - matchExpressions: 35 | - key: kubernetes.io/arch 36 | operator: In 37 | values: 38 | - amd64 39 | - ppc64le 40 | - s390x 41 | containers: 42 | - name: ibm-mongodb-operator 43 | resources: 44 | limits: 45 | cpu: 40m 46 | memory: 200Mi 47 | requests: 48 | cpu: 40m 49 | memory: 200Mi 50 | securityContext: 51 | allowPrivilegeEscalation: false 52 | capabilities: 53 | drop: 54 | - ALL 55 | privileged: false 56 | readOnlyRootFilesystem: true 57 | runAsNonRoot: true 58 | # Replace this with the built image name 59 | image: icr.io/cpopen/ibm-mongodb-operator:1.18.13 60 | command: 61 | - '/manager' 62 | imagePullPolicy: Always 63 | env: 64 | - name: WATCH_NAMESPACE 65 | valueFrom: 66 | fieldRef: 67 | fieldPath: metadata.namespace 68 | - name: POD_NAME 69 | valueFrom: 70 | fieldRef: 71 | fieldPath: metadata.name 72 | - name: OPERATOR_NAME 73 | value: "ibm-mongodb-operator" 74 | - name: IBM_MONGODB_INSTALL_IMAGE 75 | value: icr.io/cpopen/cpfs/ibm-mongodb-install:3.19.23 76 | - name: IBM_MONGODB_IMAGE 77 | value: icr.io/cpopen/cpfs/ibm-mongodb:3.19.23-mongodb.4.0.24 78 | - name: IBM_MONGODB_EXPORTER_IMAGE 79 | value: icr.io/cpopen/cpfs/ibm-mongodb-exporter:3.19.23 80 | -------------------------------------------------------------------------------- /config/manifests/bases/ibm-mongodb-operator.clusterserviceversion.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1alpha1 2 | kind: ClusterServiceVersion 3 | metadata: 4 | labels: 5 | app.kubernetes.io/instance: mongodbs.operator.ibm.com 6 | app.kubernetes.io/managed-by: mongodbs.operator.ibm.com 7 | app.kubernetes.io/name: mongodbs.operator.ibm.com 8 | operatorframework.io/arch.s390x: supported 9 | operatorframework.io/os.linux: supported 10 | operatorframework.io/arch.amd64: supported 11 | operatorframework.io/arch.ppc64le: supported 12 | annotations: 13 | alm-examples: |- 14 | [ 15 | { 16 | "apiVersion": "operator.ibm.com/v1alpha1", 17 | "kind": "MongoDB", 18 | "metadata": { 19 | "name": "ibm-mongodb" 20 | }, 21 | "spec": { 22 | "replicas": 3, 23 | "limits": { 24 | "cpu": "1000m", 25 | "memory": "2Gi" 26 | }, 27 | "requests": { 28 | "cpu": "1000m", 29 | "memory": "2Gi" 30 | } 31 | } 32 | }, 33 | { 34 | "apiVersion": "operator.ibm.com/v1alpha1", 35 | "kind": "OperandRequest", 36 | "metadata": { 37 | "name": "ibm-mongodb-request" 38 | }, 39 | "spec": { 40 | "requests": [ 41 | { 42 | "operands": [ 43 | { 44 | "name": "ibm-cert-manager-operator" 45 | } 46 | ], 47 | "registry": "common-service" 48 | } 49 | ] 50 | } 51 | } 52 | ] 53 | capabilities: Basic Install 54 | operators.operatorframework.io/builder: operator-sdk-v1.1.0 55 | operators.operatorframework.io/internal-objects: '["mongodbs.operator.ibm.com"]' 56 | operators.operatorframework.io/operator-type: 'non-standalone' 57 | operators.operatorframework.io/project_layout: go.kubebuilder.io/v2 58 | name: ibm-mongodb-operator.vX.Y.Z 59 | namespace: placeholder 60 | spec: 61 | apiservicedefinitions: {} 62 | customresourcedefinitions: 63 | owned: 64 | - description: MongoDB is the Schema for the mongodbs API 65 | displayName: Mongo DB 66 | kind: MongoDB 67 | name: mongodbs.operator.ibm.com 68 | version: v1alpha1 69 | resources: 70 | - kind: Secret 71 | name: '' 72 | version: v1 73 | - kind: ConfigMap 74 | name: '' 75 | version: v1 76 | - kind: Pods 77 | name: '' 78 | version: v1 79 | - kind: statefulsets 80 | name: '' 81 | version: v1 82 | - kind: services 83 | name: '' 84 | version: v1 85 | - kind: persistentvolumeclaims 86 | name: '' 87 | version: v1 88 | required: 89 | - description: CertManager is the Schema for the certmanagers API 90 | displayName: CertManager 91 | kind: CertManager 92 | name: certmanagers.operator.ibm.com 93 | version: v1alpha1 94 | specDescriptors: 95 | - description: The image used to run the mongod process. 96 | displayName: Bootstrap Image 97 | path: bootstrapImage 98 | x-descriptors: 99 | - 'urn:alm:descriptor:com.tectonic.ui:label' 100 | - description: The Image Registry where the images reside. 101 | displayName: Image Registry 102 | path: imageRegistry 103 | x-descriptors: 104 | - 'urn:alm:descriptor:com.tectonic.ui:label' 105 | - description: The number of replicas of this database. Should be an odd number (1,3,5). 106 | displayName: Replicas 107 | path: replicas 108 | x-descriptors: 109 | - 'urn:alm:descriptor:com.tectonic.ui:label' 110 | - description: This image is used to export data of how MongoDB is running. 111 | displayName: Metrics Image 112 | path: metricsImage 113 | x-descriptors: 114 | - 'urn:alm:descriptor:com.tectonic.ui:label' 115 | - description: This image is used to initialize the envorinment for MongoDB. 116 | displayName: Install Image 117 | path: initImage 118 | x-descriptors: 119 | - 'urn:alm:descriptor:com.tectonic.ui:label' 120 | statusDescriptors: 121 | - description: Expect storageClass to get the value of the storage class provided. 122 | displayName: IBM MongoDB Status 123 | path: storageClass 124 | x-descriptors: 125 | - 'urn:alm:descriptor:com.tectonic.ui:podStatuses' 126 | description: |- 127 | **Important:** Do not install this operator directly. Only install this operator by using the IBM Common Services Operator. For more information about installing this operator and other Common Services operators, see [Installer documentation](http://ibm.biz/cpcs_opinstall). Additionally, you can exit this panel and navigate to the IBM Common Services tile in OperatorHub to learn more about the operator. If you are using this operator as part of an IBM Cloud Pak, see the documentation for that IBM Cloud Pak to learn more about how to install and use the operator service. For more information about IBM Cloud Paks, see [IBM Cloud Paks that use Common Services](http://ibm.biz/cpcs_cloudpaks). 128 | 129 | The MongoDB operator provides a simple Kubernetes CRD-Based API to manage the lifecycle of MongoDB. You can use the operator to deploy and upgrade MongoDB. 130 | 131 | For more information about the available IBM Cloud Platform Common Services, see the [IBM Knowledge Center](http://ibm.biz/cpcsdocs). 132 | 133 | ## Supported platforms 134 | 135 | Red Hat OpenShift Container Platform 4.3 or newer installed on one of the following platforms: 136 | - Linux x86_64 137 | - Linux on Power (ppc64le) 138 | - Linux on IBM Z and LinuxONE 139 | 140 | ## Prerequisites 141 | 142 | Before you install this operator, you need to first install the operator dependencies and prerequisites: 143 | 144 | - For the list of operator dependencies, see the IBM Knowledge Center [Common Services dependencies documentation](http://ibm.biz/cpcs_opdependencies). 145 | - For the list of prerequisites for installing the operator, see the IBM Knowledge Center [Preparing to install services documentation](http://ibm.biz/cpcs_opinstprereq). 146 | 147 | ## Documentation 148 | 149 | To install the operator with the IBM Common Services Operator follow the the installation and configuration instructions within the IBM Knowledge Center. 150 | 151 | - If you are using the operator as part of an IBM Cloud Pak, see the documentation for that IBM Cloud Pak. For a list of IBM Cloud Paks, see [IBM Cloud Paks that use Common Services](http://ibm.biz/cpcs_cloudpaks). 152 | - If you are using the operator with an IBM Containerized Software, see the IBM Cloud Platform Common Services Knowledge Center [Installer documentation](http://ibm.biz/cpcs_opinstall). 153 | displayName: IBM MongoDB Operator 154 | icon: 155 | - base64data: iVBORw0KGgoAAAANSUhEUgAAAH8AAAB/CAYAAADGvR0TAAAABmJLR0QA/wD/AP+gvaeTAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAB3RJTUUH4ggYEhkp9JVi8gAAFENJREFUeNrtnXmcVeV5x7/Pe86dGUZQUdwAo4Kaam1cUAdm3DAYl1ZjmmhMYkUlkMYtMVVrVExqY7q4oabNp6EuMdpEq8ZGpf1oJCbKJgxqlWiIgIrACCgimwJznv5xlvue5d65dxjsvXPP4+d4t3OB+/7e37O/7wsNKhdNv9iZ8uqNQgOLadhfLnLA7CV/OOrT/3JMDn7D/XDh02s3bRr/h4ufz8FvNOnu1s9v2rL5/EZW+06j/eCJT09i1Pijdhb46ZpNGwa4Jw4x7097+9mGtHyN+KMn/fob/yyYK998byWLV727FXQPgfcXXjIjV/v9Uc7/nwkATHhq4t+q6pWKUjAOgroCf73wkhkc+KOOnPn9dwJceIkx5k6DwRjDyg/XsmD52+Eg7LHwkhkrc+b3Izl32nkAnDftgkcV7kRBUVQVxxhAw1ufOfBHHaaR2N+vwf/KE+fS7W0Z8LVp5z2t6BcIQPfhViSu9w4BLlt4yQxG3NmRg1/v8vO/uB/EmY3qOFDUC3iuiiq4xsHXBOAB3cptI+/s+KvFl87ggAaYAP3S5n/pV18WjNnBUZllxBwiAo44CIIYgxHBiMP6jzcxd8kixFIBAp7AV/546YyHcubXoXy03gVPf6noIaGS93xLT6DxAcU1DhIMQngJGFUe3P+OjhMB9r+jI2d+PciZj30JcUWkW6Yb5AQxBgeDiGCMYDCIBMw3ho82b2XOooUx5lviASe9cdmM6Tnz60AeO/NhdKveBHqCRgh6Edsjex+8doz0RIxn9r+j41BfA7TnzK9VGff0WbSu964V4QdGDIJgQpYHjyImYL/giKFblecXvo6RcsOgHrDHG5fNXN3fwHf7yw9pWbe1DZEbQNBoVvvPNHxHFSR8D1Q1dp/lECS14//uf0f7/t3CRuPBom/NzMGvFTnl4TP2VHS2IqAB3AKqgieKo4IHGAkifFVUFNcxKIogKdA1/rgXMGvJpTMPzW1+jcjJD5/u2y7hwZDJSRB9WIvve9FzP9YPX3kUn2vxFqR4fWbk7e33Aoy8vX/Y/7ot6Y576DSePutJTn749O+DjAd82y0SZe5EAk0QvCcUH0FA4K33VvvvV/bXHrbLqXu/suhbM1/LHb7/RznxodMwyJ+ImFccEdd36ASDH8b5Dl8Q3gVhXuj8SfC+4zg8+9rve3D40h4gMAp4sd5tf92q/elnT0PR/0Q914spdgJ1roE61+i1F5mAwMUT6S1h7u8PTl/dgj/2wVNvVThEAzx8e2/bdBJef2jMLd9Atbd//cEjb29/LAf/E5ZjfzGK439xyi6q+o2wQqfqUXT4Am8+8Nw8y7FLagXdtn/K50dMaT8OYMSU9hz8T0KeO6cTD+9nCq2hCbYJrBnPovvs/H4vma9avICHARZ/e2YO/ichHf9x0qkopyVr82GDBpE2KDZtqHWvhpogeL+lUCgJbtaVkN1GTGmfmqv97SyjH/hsyNfvpZMwCdWeUuqhdogS/CXB7oWcO2JK+3Bf/Y/Jwd8eMvtrzzD6gc8eC9rmqaXC1c/RqfoFHE81075HvgCWBthWq+//qS2gj+bM386i8IiStu+R8leNWXjb67dDvMgxrBp8zbgAOGrElDFfWPztWTn4fS2j7h/LkQ+ceKaiu0VAaqjOk2zGsvvF19ZDZPfRLPi1zFVWrgUYeduYHPy+ksPvH0vnub9B4W+8BGsjSGL2PAGVxplP4vt+Sb9igKMsjxDL+yPKqJG3jTl50eWzcvD7Sl489zccdv/Yg1T1mBg3LeRDhnuZXr+t/hNaQqHgOj1CngQ7OU+s4tCjAPvVCfvrQu2r6r1gVd80bs9Dey+AemrX7YqRgGrC69fIfJRgcnRF0YD1b7Avay607nfbmDPZsiUHf1vlT+87nkN+dsLexTRu3JVTjSduvIR6Twd8dhRgpX9LMzle6q3EMKheseSqeex36+gc/G2RBef9FlRPUWj1U7aaAEIDmy4Z6t1iOxpL+GA5gl4Gm8uC3HMWqGO/W0cftuQ7s3Pweyv73ndcyObJIavjSRvbU/fifrpGjVsxb59EgFecPGWZ3Jss0L/Wg9qv6Xr+gfcd1+bAbCeozTviPwrghvV6kUSzZrGG74hBwH8UgwiEzZ2OGFzH4dW3l7Fu00d9NhDBn7MROBh4a3ENa4CaVvuiXBxT82qHepbXL/HQL5b0EUmVedmGDJ/0cAXSCpyyuMZVf002cI786bEItCi021k5FX/4QxstqsWmXJGiLRcJ7vcfRSRKBdjNnapUFOb1LkJhMvBvuc2vUhaNfw6FQQojwyXVWM4YqjGvH5VEsVaLqd6MeN+2/64xlTA5Ow9ouQJe4lIYtu8tozty8HshnuqXvXj1naxcnP/cSyV80l4/VnJHoySPY6RH+kehnw2uVhT+fScHv3dyeXzwNeq/KC7FSoIdDwND0KP2bdUMSONM9rJY3Pty75H73jK6NQe/CtnvnvbBqowopmxJlWHTGkFT+Xs0I0ljN3daKrsS+98L+RSwRw5+hTL87na6VcbZ9hrNAFATmT6NR/Hx9K4mcoPxhVzbK4YOUsaX5uBXKO9cOBPfyy9n7232B80cVi9fmA3ESvhkNXdq34CbeVnz7KIc/OrkzzwbSEtd26ocqy+PhJOX8vpJN3d621DGreKrzfvc3HZYDn6lMTJ6UBHwEKSMjpykVlAt7fVnNHdGwEp5FvcMdrF+4GVcwMn73NyWg9+TDLtrtKMwFEpU5EJHzvrQixie5QymJ0LsDnuVZkUTMwvsHhVBx1tXzMkzfD1JNzLWsRmugooPsETZPcW/R2IFHN+DV8LQXVRRMUEKMPxMYgma0kxOmgoyzEdFmT6Aw3O1X5mM1WTEZoVu8UZMUmVem9BRCZdkG1eyEuBFXUAVMrks2BlFwOH73tS2Yw5+z2p1XFaRxqvI609z1s7yxU2HWhpfKmZ0T+X80DE0iQs4Kwe/Z/APTa6viK27s7J1ttdfbXOnJl35KsEtBXJ2TUABPSG3+WVkt7vaBgEFjaJ38JDAvqeZLyWehyAhQf+eiNXNE34mUcyvHiWrOJKeHxW7hQk5Jge/7JjJEBXfsfMiFoWUlcBpI3Lo1C7hkiz9UtxtJ6jrq6eokZRLJ71SgVrFXYL6qd5c7ZeRnYNwO8bwLAcs+VnKS1dKNnfaWT9T0ZYsPS/gKH4ieMHVHT33P9v7prYhOfglxIMhsZ46jdttuxQbX2xZfXNn2LpdcA3lV+lkAV0EtzsGspSLFATIwS/DsB2ChFtmNi9ksO39q/auuTMxfcpyPQ10hUo/mUhQHZTb/AwZPLUNYGcPMBQ3SkRBRYNuHX9m+EkeuyYnMTNgYuz3k0Rhy5f/OnQnQ21h+mKnDog2dSw5AXbJmZ8haybOQWFgejPEeMq2VJnXs5o7PXvcJavM62f7wnu9Sku7qki5q/y3BRiQg196bAfGnTVSS6/CnL5nq2dNLse2l2dZSR6NL+UuklIqA3vbf2IhB78MO7I8+hAkz4/YYuCFyzPC1TZZzZ3JvF9sJU/vmdwbGZiDX1r20MTOKWECx4uFcHFVrclevNhzDxL782BNKlNFzN7LjKU9iWtqkUxNJXkUXS+RI1bcDtlDMYHjpgkl7QXungabK4f7Knqov8LW2mhRk16/KK5r+gTgWGhaJ1Jj4LNOiDdlSjHHl1nmdaLPLc/fXqhhfU+iFR69a9hUa+ZplQpDtq+CqX/wSXFeLIb7QHsKjhAu0wlCQaxVPFb6N4rrJbg1SPwE6/3K9fFpKSZrDwCXvFcBNufgl5bV9vq7MMZPTweNGjnsoo79WTSVxAT2XvxCj81+wDHGdyQrZW85nd+zfJQ7fGXC/axxTfbc99Tc6VmsVs06REGjtK+UOGcnc+lWun+cKto+FFifM7+EeMqHRgJeBupcokRN0fe3tYOHX5zRmMkAzQKagP1Blg8tbuci2Wq6r2Vdzvwyah8oEcRlLbDKDKeKmoH4Hj6aTA6FMWTyeI3t55mtzcEvLe96mraimuq5tdV9Vmt3Yv+9jOROBLZsH7AzNm9SD97PwS+lEye9sCL8N6l1SEKsBaua5s4UlzXe3FltvFYZyLGyrtX7Lx6szMEvP5wvJ7N0sRi/THNnvAwbP1ghy2RUw/keQSZ74YclH6y4eu7WHPzy8lRy1L2kzdf4ku2wuTOaJJa697dlIb7lOumNmtKTJ35FUUCPK3pKNoXU3LGstQj+Q1piG1UyGJ+eFOk0bkyD2Dt3EqzBz4CqsrV5Ve3P+1QOfo92f+48YItmeP3pHn57V83k2XiasXmTvcwqDPO0t0yu9qf9Mge/Uruv2RF3chdNz8rwkfAPsvbwKf4hyZp+KTb3TYj3znfnrRr+D0fm4FcgL0SJnxJePwn7H2/uJHHAAtnNnfKJxfevArzz3Xk5+OVk0E+OAvh1qbNtyYj9yzd3SvxbGt+fY/NWb/vpr+JKn85aZFgt2nyAx1KAa7H33o6hY15/LOGTbACLO4ihryCS7BDoE7CT5mR6Dn7lE0CBB2MnY2Tw39um5s7q9+Cs8uQtW57Mwa9ObshKxKQOTbK47SXUf1ZzZywrCGwtofarBLec/Peya+ZtzcGvzu4vAV2qatvrDJ/cbu4kq7kzWeaNr+CNFmv2DdBZ8v1aZVetqn3WTZq7ybaVqdCbnps7S63vKzqF2tdAJ2UVsGDYD4+sSfBdaluuBh0fdubYnTqVNHfaZ+l4QStX6Cs4wfKfrVs9ZPv11M5fds28DTnze6H6102a2wU8mqnuS2yhni7zxhs8U3F/H1O/mBZWgB/WMrNqFvx1k+aGtv8GoDt5nl6m1x9L4JMq83qprKHS3e31GdhiOQ0Kbyy7Zt7vht84Kge/97LlZdClWXbf9vq9MsmfeEtXMczzAM+rDtwkyF54kSr1XgHwzrWdNTuyQh3IoJ8cdQzIc0b83nuDf7iC/drgvzYIjpHgeBWJ3ncQRARXgvtFcI1h2dtr6e7W9IBoOrNQhYFYA4wAPlhew+CbOgCedZPmPg88kQJBExk7SLR3pb38ZCa/e4sXi/GSTK66P9e/bll+bWdNA19HzD8a4EgR5orFcqF44FLI5kgDBIctOYGWcAIN4QQHNUnwuHTxB7339rNnxOrl13XuVg/jWhcnaq6b9ALrJr0wT5VfJcc9eyl3afarlfDxVCtlcjXl/OupE6mrI9SBs4H3SjV3UqK5UxNef/i1yNb3Sa8GAB8CU4f+YFRdDKZTT8hvfnxZd8sZwzYDp/gLMHwTQGACwv31JEjoiP+/xD3BcxG8bmXj2s29Nn4Zq3qOX35d59J101fkzN8esnbiC1OAWSFjk2pd1Gr7DmieLvMG3+khxq/wDL3w739i2XWdc4bVCevrEvydph4N8OcKG8s1dybbvWJl3lDtJ1ZoVnKsWtbqoOCMnosBll3XmYO/ndm/RtGrifFZMxI6JZo7g46eJnVioGeBXOqkrcT6/jNWTO58e6+/H1VX4yj1CP5OU49m7cQXGDy17QGBrxoJbHxWwkfEP1c3CgWLCZ8dNxZYvPK9aCMH6d3OGtMFxinoismdOfifhAT79g0E3jbCYBMAKhG4xcfoEGYER8LJIQzd0MpLq7p8h7B3of1moKVrcqfW4xiaegV/zcQ5rJk4Zz1whMLmrNZtteZ3uA9nsblTGZKxLV7lob0CjO2a3Kl71pm6r3vwQ/avmTjnTYGz00uxrJbu1N59/n+70lqy8aOcqxcUiW/smtw5E6CrztR9vwB/zcQ57DK1jfe+Pue/QCfan3lJniaaOz1gT7NDopOnCK4Em7IaDS+iS5Qfd02ef92QG4+o5+GrryRPlmx6fBm7/nsb7319zvwdzhg+FGFUmPAJfYAw4SPi+/Xhhk0dW4ay6OP32aAfR/UB0R5P0J4DfHHQ2L303cnz63rshH4mQ+4a/YhB/jL0+p0gCnCCvXfcwPFTUa7aeDRPbvgjszYsrdTpWwAcvvz6+Vv6w1iZfga8rJ4w+4vA42o5eGGyx473W9XFxfCZAXvSXaLAkzjQ4RWFY/sL8P0O/NUTZuvud41h5YRZZwC/S2b2bH9gL28gHsrQwo4MMG7ZjReAJQptmtgtrN7FpR/K7neNoQXGfgyPKZxerAKGXb7K8O5BYPxunt0Lg3hnc8m9kuYDY7uun7+pv42T6W8/aOWEWaycMIuPwevyNcDP7eSMBrt47OPthAq4jsMRA4exVb0spf8ydI+mxrZQy8HvQbomzGLoXWNYPmHmVxWuDIEHKOAwmBbECCKGk4ccxGB3QBTxB3H8j4FRXde/vKXr+vmag19nsnzCLIbd3c6yC2feDHxToRtgR68JFx94YwweylUjPkerFEB1M8qVXde/eBHB/f1VhAaSfe7p2FeQBQfozq3neAfhOAWaCk00NTXT3NyCNLXwT68/fvBzl097ba+/O5wV33uxX4+HaRTgP3V3B29dMOPNN2X50GO6h/mt38ZEl2NcWp3Cxc9dPu21S+/5Zr8HvuGYH8rUqVfc6zru+EKhiaZCE81NLTS3DFjluk0HGnE+OPGkCxtiHNxGBN8x5hERM96IwTEOxnEwxv39uM9N/KCRxsE0IvjGOAuNMVt8le/gOC6OcZ9tuHGgIUWXGuNsdYyDBPbecZyXcvAbQM6/4B83OkZWi3FwHRfHdTGOuzQHv2FUvzsj8vSdAq5bWJGD3zDgm07HMRingOO67DBghw9y8BvH43/diIPruriOi1tokhz8BvL4HccNVT5OoUAOfqP8cMdd5YPv4LpNFNzmHPxGkTPOvHyN4zg+8wtNNLe05OA3GPspuAUKhSYU2TkHv4Gk4BQ8t9BEU6GZ5qbmQTn4jeTxu4WX3EKBQnMzheaW3XPwG0Se++0DtB97zqjWloG7NhVa7m5pGjCYXBpHXlsQ3wZ/w/plDfX7/w9sJTyL9hMvGQAAAABJRU5ErkJggg== 156 | mediatype: image/png 157 | install: 158 | spec: 159 | deployments: 160 | - name: ibm-mongodb-operator 161 | spec: 162 | replicas: 1 163 | selector: 164 | matchLabels: 165 | name: ibm-mongodb-operator 166 | strategy: {} 167 | template: 168 | metadata: 169 | annotations: 170 | productID: 068a62892a1e4db39641342e592daa25 171 | productMetric: FREE 172 | productName: IBM Cloud Platform Common Services 173 | labels: 174 | name: ibm-mongodb-operator 175 | intent: projected 176 | spec: 177 | containers: 178 | - command: 179 | - ibm-mongodb-operator 180 | env: 181 | - name: WATCH_NAMESPACE 182 | valueFrom: 183 | configMapKeyRef: 184 | name: namespace-scope 185 | key: namespaces 186 | - name: POD_NAME 187 | valueFrom: 188 | fieldRef: 189 | fieldPath: metadata.name 190 | - name: OPERATOR_NAME 191 | value: ibm-mongodb-operator 192 | - name: INIT_MONGODB_IMAGE 193 | value: icr.io/cpopen/cpfs/ibm-mongodb-install@sha256:a66b549c4a186cf0115757f90eddc92bafc42351a25a67e44058fefeecf0ef0a 194 | - name: MONGODB_IMAGE 195 | value: icr.io/cpopen/cpfs/ibm-mongodb@sha256:9b041309305a7cb2c7b88fee288ea9b2f3d7590fbc61b30c102e47a95b451f2e 196 | - name: EXPORTER_MONGODB_IMAGE 197 | value: icr.io/cpopen/cpfs/ibm-mongodb-exporter@sha256:996ca1395a84638f153d6dade3514689bee452dd7244165d22c320f1eab53ec7 198 | image: icr.io/cpopen/ibm-mongodb-operator:latest 199 | imagePullPolicy: Always 200 | name: ibm-mongodb-operator 201 | resources: 202 | limits: 203 | cpu: 40m 204 | memory: 200Mi 205 | securityContext: 206 | allowPrivilegeEscalation: false 207 | capabilities: 208 | drop: 209 | - ALL 210 | privileged: false 211 | readOnlyRootFilesystem: true 212 | runAsNonRoot: true 213 | serviceAccountName: ibm-mongodb-operator 214 | permissions: 215 | - rules: 216 | - apiGroups: 217 | - "" 218 | resources: 219 | - pods 220 | - services 221 | - services/finalizers 222 | - serviceaccounts 223 | - endpoints 224 | - persistentvolumeclaims 225 | - events 226 | - configmaps 227 | - secrets 228 | verbs: 229 | - create 230 | - delete 231 | - get 232 | - list 233 | - patch 234 | - update 235 | - watch 236 | - apiGroups: 237 | - apps 238 | resources: 239 | - deployments 240 | - daemonsets 241 | - replicasets 242 | - statefulsets 243 | verbs: 244 | - create 245 | - delete 246 | - get 247 | - list 248 | - patch 249 | - update 250 | - watch 251 | - apiGroups: 252 | - monitoring.coreos.com 253 | resources: 254 | - servicemonitors 255 | verbs: 256 | - get 257 | - create 258 | - apiGroups: 259 | - apps 260 | resourceNames: 261 | - ibm-mongodb-operator 262 | resources: 263 | - deployments/finalizers 264 | verbs: 265 | - update 266 | - apiGroups: 267 | - operator.ibm.com 268 | resources: 269 | - mongodbs 270 | - mongodbs/finalizers 271 | - mongodbs/status 272 | verbs: 273 | - create 274 | - delete 275 | - get 276 | - list 277 | - patch 278 | - update 279 | - watch 280 | - apiGroups: 281 | - certmanager.k8s.io 282 | resources: 283 | - certificates 284 | - certificaterequests 285 | - orders 286 | - challenges 287 | - issuers 288 | verbs: 289 | - delete 290 | - get 291 | - list 292 | - watch 293 | - apiGroups: 294 | - cert-manager.io 295 | resources: 296 | - certificates 297 | - certificaterequests 298 | - orders 299 | - challenges 300 | - issuers 301 | verbs: 302 | - create 303 | - delete 304 | - get 305 | - list 306 | - patch 307 | - update 308 | - watch 309 | serviceAccountName: ibm-mongodb-operator 310 | strategy: deployment 311 | installModes: 312 | - supported: true 313 | type: OwnNamespace 314 | - supported: true 315 | type: SingleNamespace 316 | - supported: true 317 | type: MultiNamespace 318 | - supported: true 319 | type: AllNamespaces 320 | keywords: 321 | - IBM 322 | - Cloud 323 | labels: 324 | name: ibm-mongodb-operator 325 | links: 326 | - name: IBM MongoDB Operator Project 327 | url: https://github.com/IBM/ibm-mongodb-operator 328 | maintainers: 329 | - email: supports@ibm.com 330 | name: IBM Support 331 | maturity: alpha 332 | provider: 333 | name: IBM 334 | replaces: ibm-mongodb-operator.v1.1.6 335 | version: 0.0.0 336 | -------------------------------------------------------------------------------- /config/manifests/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../default 3 | - ../samples 4 | - ../scorecard 5 | -------------------------------------------------------------------------------- /config/prometheus/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - monitor.yaml 3 | -------------------------------------------------------------------------------- /config/prometheus/monitor.yaml: -------------------------------------------------------------------------------- 1 | 2 | # Prometheus Monitor Service (Metrics) 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: ServiceMonitor 5 | metadata: 6 | labels: 7 | control-plane: controller-manager 8 | name: controller-manager-metrics-monitor 9 | namespace: system 10 | spec: 11 | endpoints: 12 | - path: /metrics 13 | port: https 14 | selector: 15 | matchLabels: 16 | control-plane: controller-manager 17 | -------------------------------------------------------------------------------- /config/rbac/auth_proxy_client_clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: metrics-reader 5 | rules: 6 | - nonResourceURLs: ["/metrics"] 7 | verbs: ["get"] 8 | -------------------------------------------------------------------------------- /config/rbac/auth_proxy_role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: proxy-role 5 | rules: 6 | - apiGroups: ["authentication.k8s.io"] 7 | resources: 8 | - tokenreviews 9 | verbs: ["create"] 10 | - apiGroups: ["authorization.k8s.io"] 11 | resources: 12 | - subjectaccessreviews 13 | verbs: ["create"] 14 | -------------------------------------------------------------------------------- /config/rbac/auth_proxy_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: proxy-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: proxy-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: default 12 | namespace: system 13 | -------------------------------------------------------------------------------- /config/rbac/auth_proxy_service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | control-plane: controller-manager 6 | name: controller-manager-metrics-service 7 | namespace: system 8 | spec: 9 | ports: 10 | - name: https 11 | port: 8443 12 | targetPort: https 13 | selector: 14 | control-plane: controller-manager 15 | -------------------------------------------------------------------------------- /config/rbac/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - role.yaml 3 | - role_binding.yaml 4 | - leader_election_role.yaml 5 | - leader_election_role_binding.yaml 6 | # Comment the following 4 lines if you want to disable 7 | # the auth proxy (https://github.com/brancz/kube-rbac-proxy) 8 | # which protects your /metrics endpoint. 9 | - auth_proxy_service.yaml 10 | - auth_proxy_role.yaml 11 | - auth_proxy_role_binding.yaml 12 | - auth_proxy_client_clusterrole.yaml 13 | -------------------------------------------------------------------------------- /config/rbac/leader_election_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions to do leader election. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: leader-election-role 6 | rules: 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - configmaps 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - create 16 | - update 17 | - patch 18 | - delete 19 | - apiGroups: 20 | - "" 21 | resources: 22 | - configmaps/status 23 | verbs: 24 | - get 25 | - update 26 | - patch 27 | - apiGroups: 28 | - "" 29 | resources: 30 | - events 31 | verbs: 32 | - create 33 | - patch 34 | -------------------------------------------------------------------------------- /config/rbac/leader_election_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: leader-election-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: Role 8 | name: leader-election-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: default 12 | namespace: system 13 | -------------------------------------------------------------------------------- /config/rbac/mongodb_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit mongodbs. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: mongodb-editor-role 6 | rules: 7 | - apiGroups: 8 | - mongodb.operator.ibm.com 9 | resources: 10 | - mongodbs 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - mongodb.operator.ibm.com 21 | resources: 22 | - mongodbs/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /config/rbac/mongodb_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view mongodbs. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: mongodb-viewer-role 6 | rules: 7 | - apiGroups: 8 | - mongodb.operator.ibm.com 9 | resources: 10 | - mongodbs 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - mongodb.operator.ibm.com 17 | resources: 18 | - mongodbs/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /config/rbac/role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | creationTimestamp: null 5 | name: ibm-mongodb-operator 6 | labels: 7 | app.kubernetes.io/instance: mongodbs.operator.ibm.com 8 | app.kubernetes.io/managed-by: mongodbs.operator.ibm.com 9 | app.kubernetes.io/name: mongodbs.operator.ibm.com 10 | rules: 11 | - apiGroups: 12 | - storage.k8s.io 13 | resources: 14 | - storageclasses 15 | verbs: 16 | - get 17 | - list 18 | - watch 19 | --- 20 | apiVersion: rbac.authorization.k8s.io/v1 21 | kind: Role 22 | metadata: 23 | creationTimestamp: null 24 | name: ibm-mongodb-operator 25 | labels: 26 | app.kubernetes.io/instance: mongodbs.operator.ibm.com 27 | app.kubernetes.io/managed-by: mongodbs.operator.ibm.com 28 | app.kubernetes.io/name: mongodbs.operator.ibm.com 29 | rules: 30 | - apiGroups: 31 | - "" 32 | resources: 33 | - pods 34 | - services 35 | - services/finalizers 36 | - serviceaccounts 37 | - endpoints 38 | - persistentvolumeclaims 39 | - events 40 | - configmaps 41 | - secrets 42 | verbs: 43 | - create 44 | - delete 45 | - get 46 | - list 47 | - patch 48 | - update 49 | - watch 50 | - apiGroups: 51 | - apps 52 | resources: 53 | - deployments 54 | - daemonsets 55 | - replicasets 56 | - statefulsets 57 | verbs: 58 | - create 59 | - delete 60 | - get 61 | - list 62 | - patch 63 | - update 64 | - watch 65 | - apiGroups: 66 | - monitoring.coreos.com 67 | resources: 68 | - servicemonitors 69 | verbs: 70 | - get 71 | - create 72 | - apiGroups: 73 | - apps 74 | resourceNames: 75 | - ibm-mongodb-operator 76 | resources: 77 | - deployments/finalizers 78 | verbs: 79 | - update 80 | - apiGroups: 81 | - operator.ibm.com 82 | resources: 83 | - mongodbs 84 | - mongodbs/finalizers 85 | - mongodbs/status 86 | verbs: 87 | - create 88 | - delete 89 | - get 90 | - list 91 | - patch 92 | - update 93 | - watch 94 | - apiGroups: 95 | - certmanager.k8s.io 96 | resources: 97 | - certificates 98 | - certificaterequests 99 | - orders 100 | - challenges 101 | - issuers 102 | verbs: 103 | - delete 104 | - get 105 | - list 106 | - watch 107 | - apiGroups: 108 | - cert-manager.io 109 | resources: 110 | - certificates 111 | - certificaterequests 112 | - orders 113 | - challenges 114 | - issuers 115 | verbs: 116 | - create 117 | - delete 118 | - get 119 | - list 120 | - patch 121 | - update 122 | - watch 123 | -------------------------------------------------------------------------------- /config/rbac/role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: ibm-mongodb-operator 5 | labels: 6 | app.kubernetes.io/instance: mongodbs.operator.ibm.com 7 | app.kubernetes.io/managed-by: mongodbs.operator.ibm.com 8 | app.kubernetes.io/name: mongodbs.operator.ibm.com 9 | roleRef: 10 | apiGroup: rbac.authorization.k8s.io 11 | kind: ClusterRole 12 | name: ibm-mongodb-operator 13 | subjects: 14 | - kind: ServiceAccount 15 | name: ibm-mongodb-operator 16 | namespace: ibm-common-services 17 | --- 18 | kind: RoleBinding 19 | apiVersion: rbac.authorization.k8s.io/v1 20 | metadata: 21 | name: ibm-mongodb-operator 22 | labels: 23 | app.kubernetes.io/instance: mongodbs.operator.ibm.com 24 | app.kubernetes.io/managed-by: mongodbs.operator.ibm.com 25 | app.kubernetes.io/name: mongodbs.operator.ibm.com 26 | subjects: 27 | - kind: ServiceAccount 28 | name: ibm-mongodb-operator 29 | - kind: Group 30 | name: system:serviceaccounts:ibm-common-services 31 | apiGroup: rbac.authorization.k8s.io 32 | roleRef: 33 | kind: Role 34 | name: ibm-mongodb-operator 35 | apiGroup: rbac.authorization.k8s.io 36 | -------------------------------------------------------------------------------- /config/rbac/service_account.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: ibm-mongodb-operator 5 | labels: 6 | app.kubernetes.io/instance: mongodbs.operator.ibm.com 7 | app.kubernetes.io/managed-by: mongodbs.operator.ibm.com 8 | app.kubernetes.io/name: mongodbs.operator.ibm.com 9 | -------------------------------------------------------------------------------- /config/samples/kustomization.yaml: -------------------------------------------------------------------------------- 1 | ## Append samples you want in your CSV to this file as resources ## 2 | resources: 3 | - mongodb_v1alpha1_mongodb.yaml 4 | # +kubebuilder:scaffold:manifestskustomizesamples 5 | -------------------------------------------------------------------------------- /config/samples/mongodb_v1alpha1_mongodb.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operator.ibm.com/v1alpha1 2 | kind: MongoDB 3 | metadata: 4 | name: mongodb-sample 5 | spec: 6 | replicas: 3 7 | resources: 8 | limits: 9 | cpu: 1000m 10 | memory: 1Gi 11 | requests: 12 | cpu: 1000m 13 | memory: 1Gi 14 | -------------------------------------------------------------------------------- /config/scorecard/bases/config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: scorecard.operatorframework.io/v1alpha3 2 | kind: Configuration 3 | metadata: 4 | name: config 5 | stages: 6 | - parallel: true 7 | tests: [] 8 | -------------------------------------------------------------------------------- /config/scorecard/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - bases/config.yaml 3 | patchesJson6902: 4 | - path: patches/basic.config.yaml 5 | target: 6 | group: scorecard.operatorframework.io 7 | version: v1alpha3 8 | kind: Configuration 9 | name: config 10 | - path: patches/olm.config.yaml 11 | target: 12 | group: scorecard.operatorframework.io 13 | version: v1alpha3 14 | kind: Configuration 15 | name: config 16 | # +kubebuilder:scaffold:patchesJson6902 17 | -------------------------------------------------------------------------------- /config/scorecard/patches/basic.config.yaml: -------------------------------------------------------------------------------- 1 | - op: add 2 | path: /stages/0/tests/- 3 | value: 4 | entrypoint: 5 | - scorecard-test 6 | - basic-check-spec 7 | image: quay.io/operator-framework/scorecard-test:v1.1.0 8 | labels: 9 | suite: basic 10 | test: basic-check-spec-test 11 | -------------------------------------------------------------------------------- /config/scorecard/patches/olm.config.yaml: -------------------------------------------------------------------------------- 1 | - op: add 2 | path: /stages/0/tests/- 3 | value: 4 | entrypoint: 5 | - scorecard-test 6 | - olm-bundle-validation 7 | image: quay.io/operator-framework/scorecard-test:v1.1.0 8 | labels: 9 | suite: olm 10 | test: olm-bundle-validation-test 11 | - op: add 12 | path: /stages/0/tests/- 13 | value: 14 | entrypoint: 15 | - scorecard-test 16 | - olm-crds-have-validation 17 | image: quay.io/operator-framework/scorecard-test:v1.1.0 18 | labels: 19 | suite: olm 20 | test: olm-crds-have-validation-test 21 | - op: add 22 | path: /stages/0/tests/- 23 | value: 24 | entrypoint: 25 | - scorecard-test 26 | - olm-crds-have-resources 27 | image: quay.io/operator-framework/scorecard-test:v1.1.0 28 | labels: 29 | suite: olm 30 | test: olm-crds-have-resources-test 31 | - op: add 32 | path: /stages/0/tests/- 33 | value: 34 | entrypoint: 35 | - scorecard-test 36 | - olm-spec-descriptors 37 | image: quay.io/operator-framework/scorecard-test:v1.1.0 38 | labels: 39 | suite: olm 40 | test: olm-spec-descriptors-test 41 | - op: add 42 | path: /stages/0/tests/- 43 | value: 44 | entrypoint: 45 | - scorecard-test 46 | - olm-status-descriptors 47 | image: quay.io/operator-framework/scorecard-test:v1.1.0 48 | labels: 49 | suite: olm 50 | test: olm-status-descriptors-test 51 | -------------------------------------------------------------------------------- /config/webhook/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manifests.yaml 3 | - service.yaml 4 | 5 | configurations: 6 | - kustomizeconfig.yaml 7 | -------------------------------------------------------------------------------- /config/webhook/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # the following config is for teaching kustomize where to look at when substituting vars. 2 | # It requires kustomize v2.1.0 or newer to work properly. 3 | nameReference: 4 | - kind: Service 5 | version: v1 6 | fieldSpecs: 7 | - kind: MutatingWebhookConfiguration 8 | group: admissionregistration.k8s.io 9 | path: webhooks/clientConfig/service/name 10 | - kind: ValidatingWebhookConfiguration 11 | group: admissionregistration.k8s.io 12 | path: webhooks/clientConfig/service/name 13 | 14 | namespace: 15 | - kind: MutatingWebhookConfiguration 16 | group: admissionregistration.k8s.io 17 | path: webhooks/clientConfig/service/namespace 18 | create: true 19 | - kind: ValidatingWebhookConfiguration 20 | group: admissionregistration.k8s.io 21 | path: webhooks/clientConfig/service/namespace 22 | create: true 23 | 24 | varReference: 25 | - path: metadata/annotations 26 | -------------------------------------------------------------------------------- /config/webhook/service.yaml: -------------------------------------------------------------------------------- 1 | 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: webhook-service 6 | namespace: system 7 | spec: 8 | ports: 9 | - port: 443 10 | targetPort: 9443 11 | selector: 12 | control-plane: controller-manager 13 | -------------------------------------------------------------------------------- /controllers/certificate.go: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright 2021 IBM Corporation 3 | // 4 | // Licensed under the Apache License, Version 2.0 (the "License"); 5 | // you may not use this file except in compliance with the License. 6 | // You may obtain a copy of the License at 7 | // 8 | // http://www.apache.org/licenses/LICENSE-2.0 9 | // 10 | // Unless required by applicable law or agreed to in writing, software 11 | // distributed under the License is distributed on an "AS IS" BASIS, 12 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | // 16 | package controllers 17 | 18 | const godIssuerYaml = ` 19 | apiVersion: cert-manager.io/v1 20 | kind: Issuer 21 | metadata: 22 | name: god-issuer 23 | labels: 24 | app.kubernetes.io/instance: mongodbs.operator.ibm.com 25 | app.kubernetes.io/managed-by: mongodbs.operator.ibm.com 26 | app.kubernetes.io/name: mongodbs.operator.ibm.com 27 | spec: 28 | selfSigned: {} 29 | ` 30 | 31 | const rootCertYaml = ` 32 | apiVersion: cert-manager.io/v1 33 | kind: Certificate 34 | metadata: 35 | name: mongodb-root-ca-cert 36 | labels: 37 | app.kubernetes.io/instance: mongodbs.operator.ibm.com 38 | app.kubernetes.io/managed-by: mongodbs.operator.ibm.com 39 | app.kubernetes.io/name: mongodbs.operator.ibm.com 40 | spec: 41 | secretName: mongodb-root-ca-cert 42 | duration: 17520h 43 | isCA: true 44 | issuerRef: 45 | name: god-issuer 46 | kind: Issuer 47 | commonName: "mongodb" 48 | dnsNames: 49 | - mongodb.root 50 | ` 51 | 52 | const rootIssuerYaml = ` 53 | apiVersion: cert-manager.io/v1 54 | kind: Issuer 55 | metadata: 56 | name: mongodb-root-ca-issuer 57 | labels: 58 | app.kubernetes.io/instance: mongodbs.operator.ibm.com 59 | app.kubernetes.io/managed-by: mongodbs.operator.ibm.com 60 | app.kubernetes.io/name: mongodbs.operator.ibm.com 61 | spec: 62 | ca: 63 | secretName: mongodb-root-ca-cert 64 | ` 65 | 66 | const clientCertYaml = ` 67 | apiVersion: cert-manager.io/v1 68 | kind: Certificate 69 | metadata: 70 | name: icp-mongodb-client-cert 71 | labels: 72 | app.kubernetes.io/instance: mongodbs.operator.ibm.com 73 | app.kubernetes.io/managed-by: mongodbs.operator.ibm.com 74 | app.kubernetes.io/name: mongodbs.operator.ibm.com 75 | spec: 76 | secretName: icp-mongodb-client-cert 77 | duration: 17520h 78 | isCA: false 79 | issuerRef: 80 | name: mongodb-root-ca-issuer 81 | kind: Issuer 82 | commonName: "mongodb-service" 83 | dnsNames: 84 | - mongodb 85 | ` 86 | -------------------------------------------------------------------------------- /controllers/icp-service.go: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright 2021 IBM Corporation 3 | // 4 | // Licensed under the Apache License, Version 2.0 (the "License"); 5 | // you may not use this file except in compliance with the License. 6 | // You may obtain a copy of the License at 7 | // 8 | // http://www.apache.org/licenses/LICENSE-2.0 9 | // 10 | // Unless required by applicable law or agreed to in writing, software 11 | // distributed under the License is distributed on an "AS IS" BASIS, 12 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | // 16 | package controllers 17 | 18 | const icpService = ` 19 | apiVersion: v1 20 | kind: Service 21 | metadata: 22 | annotations: 23 | labels: 24 | app.kubernetes.io/name: icp-mongodb 25 | app.kubernetes.io/instance: icp-mongodb 26 | app.kubernetes.io/version: 4.0.12-build.3 27 | app.kubernetes.io/component: database 28 | app.kubernetes.io/part-of: common-services-cloud-pak 29 | app.kubernetes.io/managed-by: operator 30 | release: mongodb 31 | name: icp-mongodb 32 | spec: 33 | type: ClusterIP 34 | clusterIP: None 35 | publishNotReadyAddresses: true 36 | ports: 37 | - name: peer 38 | port: 27017 39 | selector: 40 | app: icp-mongodb 41 | release: mongodb 42 | ` 43 | -------------------------------------------------------------------------------- /controllers/initconfigmap.go: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright 2021 IBM Corporation 3 | // 4 | // Licensed under the Apache License, Version 2.0 (the "License"); 5 | // you may not use this file except in compliance with the License. 6 | // You may obtain a copy of the License at 7 | // 8 | // http://www.apache.org/licenses/LICENSE-2.0 9 | // 10 | // Unless required by applicable law or agreed to in writing, software 11 | // distributed under the License is distributed on an "AS IS" BASIS, 12 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | // 16 | package controllers 17 | 18 | const initConfigMap = ` 19 | --- 20 | # Source: icp-mongodb/templates/mongodb-init-configmap.yaml 21 | apiVersion: v1 22 | kind: ConfigMap 23 | metadata: 24 | labels: 25 | app.kubernetes.io/name: icp-mongodb 26 | app.kubernetes.io/instance: icp-mongodb 27 | app.kubernetes.io/version: 4.0.12-build.3 28 | app.kubernetes.io/component: database 29 | app.kubernetes.io/part-of: common-services-cloud-pak 30 | app.kubernetes.io/managed-by: operator 31 | release: mongodb 32 | name: icp-mongodb-init 33 | data: 34 | on-start.sh: | 35 | #!/bin/bash 36 | 37 | ## workaround https://serverfault.com/questions/713325/openshift-unable-to-write-random-state 38 | export RANDFILE=/tmp/.rnd 39 | port=27017 40 | replica_set=$REPLICA_SET 41 | script_name=${0##*/} 42 | credentials_file=/work-dir/credentials.txt 43 | config_dir=/data/configdb 44 | 45 | function log() { 46 | local msg="$1" 47 | local timestamp=$(date --iso-8601=ns) 48 | 1>&2 echo "[$timestamp] [$script_name] $msg" 49 | echo "[$timestamp] [$script_name] $msg" >> /work-dir/log.txt 50 | } 51 | 52 | if [[ "$AUTH" == "true" ]]; then 53 | 54 | if [ ! -f "$credentials_file" ]; then 55 | log "Creds File Not found!" 56 | log "Original User: $ADMIN_USER" 57 | echo $ADMIN_USER > $credentials_file 58 | echo $ADMIN_PASSWORD >> $credentials_file 59 | fi 60 | admin_user=$(head -n 1 $credentials_file) 61 | admin_password=$(tail -n 1 $credentials_file) 62 | admin_auth=(-u "$admin_user" -p "$admin_password") 63 | log "Original User: $admin_user" 64 | if [[ "$METRICS" == "true" ]]; then 65 | metrics_user="$METRICS_USER" 66 | metrics_password="$METRICS_PASSWORD" 67 | fi 68 | fi 69 | 70 | function shutdown_mongo() { 71 | 72 | log "Running fsync..." 73 | mongo admin "${admin_auth[@]}" "${ssl_args[@]}" --eval "db.adminCommand( { fsync: 1, lock: true } )" 74 | 75 | log "Running fsync unlock..." 76 | mongo admin "${admin_auth[@]}" "${ssl_args[@]}" --eval "db.adminCommand( { fsyncUnlock: 1 } )" 77 | 78 | log "Shutting down MongoDB..." 79 | mongo admin "${admin_auth[@]}" "${ssl_args[@]}" --eval "db.adminCommand({ shutdown: 1, force: true, timeoutSecs: 60 })" 80 | } 81 | 82 | #Check if Password has change and updated in mongo , if so update Creds 83 | function update_creds_if_changed() { 84 | if [ "$admin_password" != "$ADMIN_PASSWORD" ]; then 85 | passwd_changed=true 86 | log "password has changed = $passwd_changed" 87 | log "checking if passwd updated in mongo" 88 | mongo admin "${ssl_args[@]}" --eval "db.auth({user: '$admin_user', pwd: '$ADMIN_PASSWORD'})" | grep "Authentication failed" 89 | if [[ $? -eq 1 ]]; then 90 | log "New Password worked, update creds" 91 | echo $ADMIN_USER > $credentials_file 92 | echo $ADMIN_PASSWORD >> $credentials_file 93 | admin_password=$ADMIN_PASSWORD 94 | admin_auth=(-u "$admin_user" -p "$admin_password") 95 | passwd_updated=true 96 | fi 97 | fi 98 | } 99 | 100 | function update_mongo_password_if_changed() { 101 | log "checking if mongo passwd needs to be updated" 102 | if [[ "$passwd_changed" == "true" ]] && [[ "$passwd_updated" != "true" ]]; then 103 | log "Updating to new password " 104 | if [[ $# -eq 1 ]]; then 105 | mhost="--host $1" 106 | else 107 | mhost="" 108 | fi 109 | 110 | log "host for password upd ($mhost)" 111 | mongo admin $mhost "${admin_auth[@]}" "${ssl_args[@]}" --eval "db.changeUserPassword('$admin_user', '$ADMIN_PASSWORD')" >> /work-dir/log.txt 2>&1 112 | sleep 10 113 | log "mongo passwd change attempted; check and update creds file if successful" 114 | update_creds_if_changed 115 | fi 116 | } 117 | 118 | 119 | 120 | my_hostname=$(hostname) 121 | log "Bootstrapping MongoDB replica set member: $my_hostname" 122 | 123 | log "Reading standard input..." 124 | while read -ra line; do 125 | log "line is ${line}" 126 | if [[ "${line}" == *"${my_hostname}"* ]]; then 127 | service_name="$line" 128 | fi 129 | peers=("${peers[@]}" "$line") 130 | done 131 | 132 | # Move into /work-dir 133 | pushd /work-dir 134 | pwd >> /work-dir/log.txt 135 | ls -l >> /work-dir/log.txt 136 | 137 | # Generate the ca cert 138 | ca_crt=$config_dir/tls.crt 139 | if [ -f $ca_crt ]; then 140 | log "Generating certificate" 141 | ca_key=$config_dir/tls.key 142 | pem=/work-dir/mongo.pem 143 | ssl_args=(--ssl --sslCAFile $ca_crt --sslPEMKeyFile $pem) 144 | 145 | echo "ca stuff created" >> /work-dir/log.txt 146 | 147 | cat >openssl.cnf <> /work-dir/log.txt 167 | echo "genrsa " >> /work-dir/log.txt 168 | openssl genrsa -out mongo.key 2048 >> /work-dir/log.txt 2>&1 169 | 170 | echo "req " >> /work-dir/log.txt 171 | openssl req -new -key mongo.key -out mongo.csr -subj "/CN=$my_hostname" -config openssl.cnf >> /work-dir/log.txt 2>&1 172 | 173 | echo "x509 " >> /work-dir/log.txt 174 | openssl x509 -req -in mongo.csr \ 175 | -CA $ca_crt -CAkey $ca_key -CAcreateserial \ 176 | -out mongo.crt -days 3650 -extensions v3_req -extfile openssl.cnf >> /work-dir/log.txt 2>&1 177 | 178 | echo "mongo stuff" >> /work-dir/log.txt 179 | 180 | rm mongo.csr 181 | 182 | cat mongo.crt mongo.key > $pem 183 | rm mongo.key mongo.crt 184 | fi 185 | 186 | 187 | log "Peers: ${peers[@]}" 188 | 189 | log "Starting a MongoDB instance..." 190 | mongod --config $config_dir/mongod.conf >> /work-dir/log.txt 2>&1 & 191 | pid=$! 192 | trap shutdown_mongo EXIT 193 | 194 | 195 | log "Waiting for MongoDB to be ready..." 196 | until [[ $(mongo "${ssl_args[@]}" --quiet --eval "db.adminCommand('ping').ok") == "1" ]]; do 197 | log "Retrying..." 198 | sleep 2 199 | done 200 | 201 | log "Initialized." 202 | 203 | if [[ "$AUTH" == "true" ]]; then 204 | update_creds_if_changed 205 | fi 206 | 207 | iter_counter=0 208 | while [ $iter_counter -lt 5 ]; do 209 | log "primary check, iter_counter is $iter_counter" 210 | # try to find a master and add yourself to its replica set. 211 | for peer in "${peers[@]}"; do 212 | log "Checking if ${peer} is primary" 213 | mongo admin --host "${peer}" --ipv6 "${admin_auth[@]}" "${ssl_args[@]}" --quiet --eval "rs.status()" >> log.txt 214 | 215 | # Check rs.status() first since it could be in primary catch up mode which db.isMaster() doesn't show 216 | if [[ $(mongo admin --host "${peer}" --ipv6 "${admin_auth[@]}" "${ssl_args[@]}" --quiet --eval "rs.status().myState") == "1" ]]; then 217 | log "Found master ${peer}, wait while its in primary catch up mode " 218 | until [[ $(mongo admin --host "${peer}" --ipv6 "${admin_auth[@]}" "${ssl_args[@]}" --quiet --eval "db.isMaster().ismaster") == "true" ]]; do 219 | sleep 1 220 | done 221 | primary="${peer}" 222 | log "Found primary: ${primary}" 223 | break 224 | fi 225 | done 226 | 227 | if [[ -z "${primary}" ]] && [[ ${#peers[@]} -gt 1 ]] && (mongo "${ssl_args[@]}" --eval "rs.status()" | grep "no replset config has been received"); then 228 | log "waiting before creating a new replicaset, to avoid conflicts with other replicas" 229 | sleep 30 230 | else 231 | break 232 | fi 233 | 234 | let iter_counter=iter_counter+1 235 | done 236 | 237 | 238 | if [[ "${primary}" = "${service_name}" ]]; then 239 | log "This replica is already PRIMARY" 240 | 241 | elif [[ -n "${primary}" ]]; then 242 | 243 | if [[ $(mongo admin --host "${primary}" --ipv6 "${admin_auth[@]}" "${ssl_args[@]}" --quiet --eval "rs.conf().members.findIndex(m => m.host == '${service_name}:${port}')") == "-1" ]]; then 244 | log "Adding myself (${service_name}) to replica set..." 245 | if (mongo admin --host "${primary}" --ipv6 "${admin_auth[@]}" "${ssl_args[@]}" --eval "rs.add('${service_name}')" | grep 'Quorum check failed'); then 246 | log 'Quorum check failed, unable to join replicaset. Exiting.' 247 | exit 1 248 | fi 249 | fi 250 | log "Done, Added myself to replica set." 251 | 252 | sleep 3 253 | log 'Waiting for replica to reach SECONDARY state...' 254 | until printf '.' && [[ $(mongo admin "${admin_auth[@]}" "${ssl_args[@]}" --quiet --eval "rs.status().myState") == '2' ]]; do 255 | sleep 1 256 | done 257 | log '✓ Replica reached SECONDARY state.' 258 | 259 | elif (mongo "${ssl_args[@]}" --eval "rs.status()" | grep "no replset config has been received"); then 260 | 261 | log "Initiating a new replica set with myself ($service_name)..." 262 | 263 | mongo "${ssl_args[@]}" --eval "rs.initiate({'_id': '$replica_set', 'members': [{'_id': 0, 'host': '$service_name'}]})" 264 | mongo "${ssl_args[@]}" --eval "rs.status()" 265 | 266 | sleep 3 267 | 268 | log 'Waiting for replica to reach PRIMARY state...' 269 | 270 | log ' Waiting for rs.status state to become 1' 271 | until printf '.' && [[ $(mongo "${ssl_args[@]}" --quiet --eval "rs.status().myState") == '1' ]]; do 272 | sleep 1 273 | done 274 | 275 | log ' Waiting for master to complete primary catchup mode' 276 | until [[ $(mongo "${ssl_args[@]}" --quiet --eval "db.isMaster().ismaster") == "true" ]]; do 277 | sleep 1 278 | done 279 | 280 | primary="${service_name}" 281 | log '✓ Replica reached PRIMARY state.' 282 | 283 | 284 | if [[ "$AUTH" == "true" ]]; then 285 | # sleep a little while just to be sure the initiation of the replica set has fully 286 | # finished and we can create the user 287 | sleep 3 288 | 289 | log "Creating admin user..." 290 | mongo admin "${ssl_args[@]}" --eval "db.createUser({user: '$admin_user', pwd: '$admin_password', roles: [{role: 'root', db: 'admin'}]})" 291 | fi 292 | 293 | log "Done initiating replicaset." 294 | 295 | fi 296 | 297 | log "Primary: ${primary}" 298 | 299 | if [[ -n "${primary}" && "$AUTH" == "true" ]]; then 300 | # you r master and passwd has changed.. then update passwd 301 | update_mongo_password_if_changed $primary 302 | 303 | if [[ "$METRICS" == "true" ]]; then 304 | log "Checking if metrics user is already created ..." 305 | metric_user_count=$(mongo admin --host "${primary}" "${admin_auth[@]}" "${ssl_args[@]}" --eval "db.system.users.find({user: '${metrics_user}'}).count()" --quiet) 306 | log "User count is ${metric_user_count} " 307 | if [[ "${metric_user_count}" == "0" ]]; then 308 | log "Creating clusterMonitor user... user - ${metrics_user} " 309 | mongo admin --host "${primary}" "${admin_auth[@]}" "${ssl_args[@]}" --eval "db.createUser({user: '${metrics_user}', pwd: '${metrics_password}', roles: [{role: 'clusterMonitor', db: 'admin'}, {role: 'read', db: 'local'}]})" 310 | log "User creation return code is $? " 311 | metric_user_count=$(mongo admin --host "${primary}" "${admin_auth[@]}" "${ssl_args[@]}" --eval "db.system.users.find({user: '${metrics_user}'}).count()" --quiet) 312 | log "User count now is ${metric_user_count} " 313 | fi 314 | fi 315 | fi 316 | 317 | log "MongoDB bootstrap complete" 318 | exit 0` 319 | -------------------------------------------------------------------------------- /controllers/installconfigmap.go: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright 2021 IBM Corporation 3 | // 4 | // Licensed under the Apache License, Version 2.0 (the "License"); 5 | // you may not use this file except in compliance with the License. 6 | // You may obtain a copy of the License at 7 | // 8 | // http://www.apache.org/licenses/LICENSE-2.0 9 | // 10 | // Unless required by applicable law or agreed to in writing, software 11 | // distributed under the License is distributed on an "AS IS" BASIS, 12 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | // 16 | package controllers 17 | 18 | const installConfigMap = ` 19 | --- 20 | # Source: icp-mongodb/templates/mongodb-install-configmap.yaml 21 | apiVersion: v1 22 | kind: ConfigMap 23 | metadata: 24 | labels: 25 | app.kubernetes.io/name: icp-mongodb 26 | app.kubernetes.io/instance: icp-mongodb 27 | app.kubernetes.io/version: 4.0.12-build.3 28 | app.kubernetes.io/component: database 29 | app.kubernetes.io/part-of: common-services-cloud-pak 30 | app.kubernetes.io/managed-by: operator 31 | release: mongodb 32 | name: icp-mongodb-install 33 | data: 34 | install.sh: | 35 | #!/bin/bash 36 | 37 | # Copyright 2016 The Kubernetes Authors. All rights reserved. 38 | # 39 | # Licensed under the Apache License, Version 2.0 (the "License"); 40 | # you may not use this file except in compliance with the License. 41 | # You may obtain a copy of the License at 42 | # 43 | # http://www.apache.org/licenses/LICENSE-2.0 44 | # 45 | # Unless required by applicable law or agreed to in writing, software 46 | # distributed under the License is distributed on an "AS IS" BASIS, 47 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 48 | # See the License for the specific language governing permissions and 49 | # limitations under the License. 50 | 51 | # This volume is assumed to exist and is shared with the peer-finder 52 | # init container. It contains on-start/change configuration scripts. 53 | WORKDIR_VOLUME="/work-dir" 54 | CONFIGDIR_VOLUME="/data/configdb" 55 | 56 | for i in "$@" 57 | do 58 | case $i in 59 | -c=*|--config-dir=*) 60 | CONFIGDIR_VOLUME="${i#*=}" 61 | shift 62 | ;; 63 | -w=*|--work-dir=*) 64 | WORKDIR_VOLUME="${i#*=}" 65 | shift 66 | ;; 67 | *) 68 | # unknown option 69 | ;; 70 | esac 71 | done 72 | 73 | echo installing config scripts into "${WORKDIR_VOLUME}" 74 | mkdir -p "${WORKDIR_VOLUME}" 75 | cp /peer-finder "${WORKDIR_VOLUME}"/ 76 | echo "I am running as " $(whoami) 77 | 78 | cp /configdb-readonly/mongod.conf "${CONFIGDIR_VOLUME}"/mongod.conf 79 | cp /keydir-readonly/key.txt "${CONFIGDIR_VOLUME}"/ 80 | cp /ca-readonly/tls.key "${CONFIGDIR_VOLUME}"/tls.key 81 | cp /ca-readonly/tls.crt "${CONFIGDIR_VOLUME}"/tls.crt 82 | 83 | chmod 600 "${CONFIGDIR_VOLUME}"/key.txt 84 | # chown -R 999:999 /work-dir 85 | # chown -R 999:999 /data 86 | 87 | # Root file system is readonly but still need write and execute access to tmp 88 | # chmod -R 777 /tmp` 89 | -------------------------------------------------------------------------------- /controllers/mongoconfigmap.go: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright 2021 IBM Corporation 3 | // 4 | // Licensed under the Apache License, Version 2.0 (the "License"); 5 | // you may not use this file except in compliance with the License. 6 | // You may obtain a copy of the License at 7 | // 8 | // http://www.apache.org/licenses/LICENSE-2.0 9 | // 10 | // Unless required by applicable law or agreed to in writing, software 11 | // distributed under the License is distributed on an "AS IS" BASIS, 12 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | // 16 | 17 | package controllers 18 | 19 | const mongodbConfigMap = ` 20 | --- 21 | # Source: icp-mongodb/templates/mongodb-configmap.yaml 22 | apiVersion: v1 23 | kind: ConfigMap 24 | metadata: 25 | labels: 26 | app.kubernetes.io/name: icp-mongodb 27 | app.kubernetes.io/instance: icp-mongodb 28 | app.kubernetes.io/version: 4.0.12-build.3 29 | app.kubernetes.io/component: database 30 | app.kubernetes.io/part-of: common-services-cloud-pak 31 | app.kubernetes.io/managed-by: operator 32 | release: mongodb 33 | name: icp-mongodb 34 | data: 35 | mongod.conf: | 36 | storage: 37 | dbPath: /data/db 38 | wiredTiger: 39 | engineConfig: 40 | cacheSizeGB: {{ .CacheSize }} 41 | net: 42 | bindIpAll: true 43 | port: 27017 44 | ssl: 45 | mode: requireSSL 46 | CAFile: /data/configdb/tls.crt 47 | PEMKeyFile: /work-dir/mongo.pem 48 | replication: 49 | replSetName: rs0 50 | # Uncomment for TLS support or keyfile access control without TLS 51 | security: 52 | authorization: enabled 53 | keyFile: /data/configdb/key.txt` 54 | -------------------------------------------------------------------------------- /controllers/service.go: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright 2021 IBM Corporation 3 | // 4 | // Licensed under the Apache License, Version 2.0 (the "License"); 5 | // you may not use this file except in compliance with the License. 6 | // You may obtain a copy of the License at 7 | // 8 | // http://www.apache.org/licenses/LICENSE-2.0 9 | // 10 | // Unless required by applicable law or agreed to in writing, software 11 | // distributed under the License is distributed on an "AS IS" BASIS, 12 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | // 16 | package controllers 17 | 18 | const service = ` 19 | apiVersion: v1 20 | kind: Service 21 | metadata: 22 | labels: 23 | app.kubernetes.io/name: icp-mongodb 24 | app.kubernetes.io/instance: icp-mongodb 25 | app.kubernetes.io/version: 4.0.12-build.3 26 | app.kubernetes.io/component: database 27 | app.kubernetes.io/part-of: common-services-cloud-pak 28 | app.kubernetes.io/managed-by: operator 29 | release: mongodb 30 | name: mongodb 31 | spec: 32 | serviceAccountName: ibm-mongodb-operator 33 | type: ClusterIP 34 | ports: 35 | - port: 27017 36 | protocol: TCP 37 | targetPort: 27017 38 | selector: 39 | app: icp-mongodb 40 | release: mongodb 41 | ` 42 | -------------------------------------------------------------------------------- /controllers/service_account.go: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright 2021 IBM Corporation 3 | // 4 | // Licensed under the Apache License, Version 2.0 (the "License"); 5 | // you may not use this file except in compliance with the License. 6 | // You may obtain a copy of the License at 7 | // 8 | // http://www.apache.org/licenses/LICENSE-2.0 9 | // 10 | // Unless required by applicable law or agreed to in writing, software 11 | // distributed under the License is distributed on an "AS IS" BASIS, 12 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | // 16 | package controllers 17 | 18 | const mongoSA = ` 19 | apiVersion: v1 20 | kind: ServiceAccount 21 | metadata: 22 | name: ibm-mongodb-operand 23 | labels: 24 | app.kubernetes.io/instance: mongodbs.operator.ibm.com 25 | app.kubernetes.io/managed-by: mongodbs.operator.ibm.com 26 | app.kubernetes.io/name: mongodbs.operator.ibm.com 27 | ` 28 | -------------------------------------------------------------------------------- /controllers/statefulset.go: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright 2021 IBM Corporation 3 | // 4 | // Licensed under the Apache License, Version 2.0 (the "License"); 5 | // you may not use this file except in compliance with the License. 6 | // You may obtain a copy of the License at 7 | // 8 | // http://www.apache.org/licenses/LICENSE-2.0 9 | // 10 | // Unless required by applicable law or agreed to in writing, software 11 | // distributed under the License is distributed on an "AS IS" BASIS, 12 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | // 16 | package controllers 17 | 18 | const statefulset = ` 19 | --- 20 | # Source: icp-mongodb/templates/mongodb-statefulset.yaml 21 | apiVersion: apps/v1 22 | kind: StatefulSet 23 | metadata: 24 | labels: 25 | {{- range $key, $value := .StsLabels }} 26 | {{ $key}}: {{ $value}} 27 | {{- end }} 28 | name: icp-mongodb 29 | spec: 30 | selector: 31 | matchLabels: 32 | app: icp-mongodb 33 | release: mongodb 34 | serviceName: icp-mongodb 35 | replicas: {{ .Replicas }} 36 | template: 37 | metadata: 38 | labels: 39 | {{- range $key, $value := .PodLabels }} 40 | {{ $key}}: {{ $value}} 41 | {{- end }} 42 | annotations: 43 | productName: "IBM Cloud Platform Common Services" 44 | productID: "068a62892a1e4db39641342e592daa25" 45 | productMetric: "FREE" 46 | prometheus.io/scrape: "true" 47 | prometheus.io/port: "9216" 48 | prometheus.io/path: "/metrics" 49 | clusterhealth.ibm.com/dependencies: {{ .NamespaceName }}.cert-manager 50 | spec: 51 | serviceAccountName: ibm-mongodb-operand 52 | {{ if eq .UserID 1000 }} 53 | securityContext: 54 | runAsUser: {{ .UserID }} 55 | fsGroup: 0 56 | {{ end }} 57 | terminationGracePeriodSeconds: 30 58 | hostNetwork: false 59 | hostPID: false 60 | hostIPC: false 61 | topologySpreadConstraints: 62 | - maxSkew: 1 63 | topologyKey: topology.kubernetes.io/zone 64 | whenUnsatisfiable: ScheduleAnyway 65 | labelSelector: 66 | matchLabels: 67 | app: icp-mongodb 68 | - maxSkew: 1 69 | topologyKey: topology.kubernetes.io/region 70 | whenUnsatisfiable: ScheduleAnyway 71 | labelSelector: 72 | matchLabels: 73 | app: icp-mongodb 74 | affinity: 75 | podAntiAffinity: 76 | preferredDuringSchedulingIgnoredDuringExecution: 77 | - weight: 90 78 | podAffinityTerm: 79 | topologyKey: topology.kubernetes.io/zone 80 | labelSelector: 81 | matchExpressions: 82 | - key: app 83 | operator: In 84 | values: 85 | - icp-mongodb 86 | - weight: 50 87 | podAffinityTerm: 88 | topologyKey: kubernetes.io/hostname 89 | labelSelector: 90 | matchExpressions: 91 | - key: app 92 | operator: In 93 | values: 94 | - icp-mongodb 95 | initContainers: 96 | - name: install 97 | image: "{{ .InitImage }}" 98 | command: 99 | - /install/install.sh 100 | args: 101 | - --work-dir=/work-dir 102 | - --config-dir=/data/configdb 103 | imagePullPolicy: "IfNotPresent" 104 | resources: 105 | limits: 106 | cpu: {{ .CPULimit }} 107 | memory: {{ .MemoryLimit }} 108 | requests: 109 | cpu: {{ .CPURequest }} 110 | memory: {{ .MemoryRequest }} 111 | volumeMounts: 112 | - name: mongodbdir 113 | subPath: workdir 114 | mountPath: /work-dir 115 | - name: configdir 116 | mountPath: /data/configdb 117 | - name: config 118 | mountPath: /configdb-readonly 119 | - name: install 120 | mountPath: /install 121 | - name: keydir 122 | mountPath: /keydir-readonly 123 | - name: ca 124 | mountPath: /ca-readonly 125 | - name: mongodbdir 126 | subPath: datadir 127 | mountPath: /data/db 128 | - name: tmp-mongodb 129 | mountPath: /tmp 130 | - name: bootstrap 131 | image: "{{ .BootstrapImage }}" 132 | command: 133 | - /work-dir/peer-finder 134 | args: 135 | - -on-start=/init/on-start.sh 136 | - "-service=icp-mongodb" 137 | imagePullPolicy: "IfNotPresent" 138 | resources: 139 | limits: 140 | cpu: {{ .CPULimit }} 141 | memory: {{ .MemoryLimit }} 142 | requests: 143 | cpu: {{ .CPURequest }} 144 | memory: {{ .MemoryRequest }} 145 | securityContext: 146 | allowPrivilegeEscalation: false 147 | readOnlyRootFilesystem: true 148 | env: 149 | - name: POD_NAMESPACE 150 | valueFrom: 151 | fieldRef: 152 | apiVersion: v1 153 | fieldPath: metadata.namespace 154 | - name: REPLICA_SET 155 | value: rs0 156 | - name: AUTH 157 | value: "true" 158 | - name: ADMIN_USER 159 | valueFrom: 160 | secretKeyRef: 161 | name: "icp-mongodb-admin" 162 | key: user 163 | - name: ADMIN_PASSWORD 164 | valueFrom: 165 | secretKeyRef: 166 | name: "icp-mongodb-admin" 167 | key: password 168 | - name: METRICS 169 | value: "true" 170 | - name: METRICS_USER 171 | valueFrom: 172 | secretKeyRef: 173 | name: "icp-mongodb-metrics" 174 | key: user 175 | - name: METRICS_PASSWORD 176 | valueFrom: 177 | secretKeyRef: 178 | name: "icp-mongodb-metrics" 179 | key: password 180 | - name: NETWORK_IP_VERSION 181 | value: ipv4 182 | volumeMounts: 183 | - name: mongodbdir 184 | subPath: workdir 185 | mountPath: /work-dir 186 | - name: configdir 187 | mountPath: /data/configdb 188 | - name: init 189 | mountPath: /init 190 | - name: mongodbdir 191 | subPath: datadir 192 | mountPath: /data/db 193 | - name: tmp-mongodb 194 | mountPath: /tmp 195 | containers: 196 | - name: icp-mongodb 197 | image: "{{ .BootstrapImage }}" 198 | imagePullPolicy: "IfNotPresent" 199 | securityContext: 200 | allowPrivilegeEscalation: false 201 | readOnlyRootFilesystem: true 202 | ports: 203 | - name: peer 204 | containerPort: 27017 205 | resources: 206 | limits: 207 | cpu: {{ .CPULimit }} 208 | memory: {{ .MemoryLimit }} 209 | requests: 210 | cpu: {{ .CPURequest }} 211 | memory: {{ .MemoryRequest }} 212 | command: 213 | - mongod 214 | - --config=/data/configdb/mongod.conf 215 | env: 216 | - name: AUTH 217 | value: "true" 218 | - name: ADMIN_USER 219 | valueFrom: 220 | secretKeyRef: 221 | name: "icp-mongodb-admin" 222 | key: user 223 | - name: ADMIN_PASSWORD 224 | valueFrom: 225 | secretKeyRef: 226 | name: "icp-mongodb-admin" 227 | key: password 228 | livenessProbe: 229 | exec: 230 | command: 231 | - mongo 232 | - --ssl 233 | - --sslCAFile=/data/configdb/tls.crt 234 | - --sslPEMKeyFile=/work-dir/mongo.pem 235 | - --eval 236 | - "db.adminCommand('ping')" 237 | initialDelaySeconds: 30 238 | timeoutSeconds: 10 239 | failureThreshold: 5 240 | periodSeconds: 30 241 | successThreshold: 1 242 | readinessProbe: 243 | exec: 244 | command: 245 | - mongo 246 | - --ssl 247 | - --sslCAFile=/data/configdb/tls.crt 248 | - --sslPEMKeyFile=/work-dir/mongo.pem 249 | - --eval 250 | - "db.adminCommand('ping')" 251 | initialDelaySeconds: 5 252 | timeoutSeconds: 5 253 | failureThreshold: 3 254 | periodSeconds: 10 255 | successThreshold: 1 256 | volumeMounts: 257 | - name: mongodbdir 258 | subPath: datadir 259 | mountPath: /data/db 260 | - name: configdir 261 | mountPath: /data/configdb 262 | - name: mongodbdir 263 | subPath: workdir 264 | mountPath: /work-dir 265 | - name: tmp-mongodb 266 | mountPath: /tmp 267 | 268 | - name: metrics 269 | image: "{{ .MetricsImage }}" 270 | imagePullPolicy: "IfNotPresent" 271 | securityContext: 272 | allowPrivilegeEscalation: false 273 | readOnlyRootFilesystem: true 274 | command: 275 | - sh 276 | - -ec 277 | - >- 278 | /bin/mongodb_exporter 279 | --mongodb.uri mongodb://$METRICS_USER:$METRICS_PASSWORD@localhost:27017 280 | --mongodb.tls 281 | --mongodb.tls-ca=/data/configdb/tls.crt 282 | --mongodb.tls-cert=/work-dir/mongo.pem 283 | --mongodb.socket-timeout=3s 284 | --mongodb.sync-timeout=1m 285 | --web.telemetry-path=/metrics 286 | --web.listen-address=:9216 287 | volumeMounts: 288 | - name: configdir 289 | mountPath: /data/configdb 290 | - name: mongodbdir 291 | subPath: workdir 292 | mountPath: /work-dir 293 | - name: tmp-metrics 294 | mountPath: /tmp 295 | env: 296 | - name: METRICS_USER 297 | valueFrom: 298 | secretKeyRef: 299 | name: "icp-mongodb-metrics" 300 | key: user 301 | - name: METRICS_PASSWORD 302 | valueFrom: 303 | secretKeyRef: 304 | name: "icp-mongodb-metrics" 305 | key: password 306 | ports: 307 | - name: metrics 308 | containerPort: 9216 309 | resources: 310 | requests: 311 | cpu: 100m 312 | memory: 300Mi 313 | limits: 314 | cpu: 1000m 315 | memory: 350Mi 316 | readinessProbe: 317 | exec: 318 | command: 319 | - sh 320 | - -ec 321 | - >- 322 | /bin/mongodb_exporter 323 | --mongodb.uri mongodb://$METRICS_USER:$METRICS_PASSWORD@localhost:27017 324 | --mongodb.tls 325 | --mongodb.tls-ca=/data/configdb/tls.crt 326 | --mongodb.tls-cert=/work-dir/mongo.pem 327 | --test 328 | initialDelaySeconds: 25 329 | timeoutSeconds: 10 330 | failureThreshold: 10 331 | periodSeconds: 30 332 | successThreshold: 1 333 | livenessProbe: 334 | exec: 335 | command: 336 | - sh 337 | - -ec 338 | - >- 339 | /bin/mongodb_exporter 340 | --mongodb.uri mongodb://$METRICS_USER:$METRICS_PASSWORD@localhost:27017 341 | --mongodb.tls 342 | --mongodb.tls-ca=/data/configdb/tls.crt 343 | --mongodb.tls-cert=/work-dir/mongo.pem 344 | --test 345 | initialDelaySeconds: 30 346 | timeoutSeconds: 10 347 | failureThreshold: 10 348 | periodSeconds: 30 349 | successThreshold: 1 350 | tolerations: 351 | - effect: NoSchedule 352 | key: dedicated 353 | operator: Exists 354 | - key: CriticalAddonsOnly 355 | operator: Exists 356 | - effect: NoExecute 357 | key: node.kubernetes.io/not-ready 358 | operator: Exists 359 | - effect: NoExecute 360 | key: node.kubernetes.io/unreachable 361 | operator: Exists 362 | volumes: 363 | - name: config 364 | configMap: 365 | name: icp-mongodb 366 | - name: init 367 | configMap: 368 | defaultMode: 0755 369 | name: icp-mongodb-init 370 | - name: install 371 | configMap: 372 | defaultMode: 0755 373 | name: icp-mongodb-install 374 | - name: ca 375 | secret: 376 | defaultMode: 0755 377 | secretName: mongodb-root-ca-cert 378 | - name: keydir 379 | secret: 380 | defaultMode: 0755 381 | secretName: icp-mongodb-keyfile 382 | - name: configdir 383 | emptyDir: {} 384 | - name: tmp-mongodb 385 | emptyDir: {} 386 | - name: tmp-metrics 387 | emptyDir: {} 388 | volumeClaimTemplates: 389 | - metadata: 390 | name: mongodbdir 391 | spec: 392 | accessModes: 393 | - ReadWriteOnce 394 | resources: 395 | requests: 396 | storage: {{ .PVCSize }} 397 | storageClassName: {{ .StorageClass }} 398 | ` 399 | -------------------------------------------------------------------------------- /controllers/suite_test.go: -------------------------------------------------------------------------------- 1 | /* 2 | # Copyright 2021 IBM Corporation 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | */ 16 | 17 | package controllers 18 | 19 | // import ( 20 | // "path/filepath" 21 | // "testing" 22 | // 23 | // . "github.com/onsi/ginkgo" 24 | // . "github.com/onsi/gomega" 25 | // "k8s.io/client-go/kubernetes/scheme" 26 | // "k8s.io/client-go/rest" 27 | // "sigs.k8s.io/controller-runtime/pkg/client" 28 | // "sigs.k8s.io/controller-runtime/pkg/envtest" 29 | // "sigs.k8s.io/controller-runtime/pkg/envtest/printer" 30 | // logf "sigs.k8s.io/controller-runtime/pkg/log" 31 | // "sigs.k8s.io/controller-runtime/pkg/log/zap" 32 | // 33 | // mongodbv1alpha1 "github.com/IBM/ibm-mongodb-operator/apis/mongodb/v1alpha1" 34 | // // +kubebuilder:scaffold:imports 35 | // ) 36 | // 37 | // // These tests use Ginkgo (BDD-style Go testing framework). Refer to 38 | // // http://onsi.github.io/ginkgo/ to learn more about Ginkgo. 39 | // 40 | // var cfg *rest.Config 41 | // var k8sClient client.Client 42 | // var testEnv *envtest.Environment 43 | // 44 | // func TestAPIs(t *testing.T) { 45 | // RegisterFailHandler(Fail) 46 | // 47 | // RunSpecsWithDefaultAndCustomReporters(t, 48 | // "Controller Suite", 49 | // []Reporter{printer.NewlineReporter{}}) 50 | // } 51 | // 52 | // var _ = BeforeSuite(func(done Done) { 53 | // logf.SetLogger(zap.LoggerTo(GinkgoWriter, true)) 54 | // 55 | // By("bootstrapping test environment") 56 | // testEnv = &envtest.Environment{ 57 | // CRDDirectoryPaths: []string{filepath.Join("..", "config", "crd", "bases")}, 58 | // } 59 | // 60 | // var err error 61 | // cfg, err = testEnv.Start() 62 | // Expect(err).ToNot(HaveOccurred()) 63 | // Expect(cfg).ToNot(BeNil()) 64 | // 65 | // err = mongodbv1alpha1.AddToScheme(scheme.Scheme) 66 | // Expect(err).NotTo(HaveOccurred()) 67 | // 68 | // // +kubebuilder:scaffold:scheme 69 | // 70 | // k8sClient, err = client.New(cfg, client.Options{Scheme: scheme.Scheme}) 71 | // Expect(err).ToNot(HaveOccurred()) 72 | // Expect(k8sClient).ToNot(BeNil()) 73 | // 74 | // close(done) 75 | // }, 60) 76 | // 77 | // var _ = AfterSuite(func() { 78 | // By("tearing down the test environment") 79 | // err := testEnv.Stop() 80 | // Expect(err).ToNot(HaveOccurred()) 81 | // }) 82 | -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- 1 | module github.com/IBM/ibm-mongodb-operator 2 | 3 | go 1.18 4 | 5 | require ( 6 | github.com/cert-manager/cert-manager v1.8.0 7 | github.com/ghodss/yaml v1.0.0 8 | github.com/go-logr/logr v1.2.3 9 | github.com/go-logr/zapr v1.2.0 // indirect 10 | github.com/google/go-cmp v0.5.8 // indirect 11 | github.com/ibm/ibm-cert-manager-operator v0.0.0-20220602233809-3a62073266c7 12 | gopkg.in/yaml.v3 v3.0.1 // indirect 13 | k8s.io/api v0.25.16 14 | k8s.io/apiextensions-apiserver v0.23.4 // indirect 15 | k8s.io/apimachinery v0.25.16 16 | k8s.io/client-go v0.25.16 17 | k8s.io/klog/v2 v2.70.1 // indirect 18 | sigs.k8s.io/controller-runtime v0.11.1 19 | ) 20 | 21 | require ( 22 | cloud.google.com/go v0.99.0 // indirect 23 | github.com/PuerkitoBio/purell v1.1.1 // indirect 24 | github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect 25 | github.com/beorn7/perks v1.0.1 // indirect 26 | github.com/cespare/xxhash/v2 v2.1.2 // indirect 27 | github.com/davecgh/go-spew v1.1.1 // indirect 28 | github.com/emicklei/go-restful/v3 v3.8.0 // indirect 29 | github.com/evanphx/json-patch v4.12.0+incompatible // indirect 30 | github.com/fsnotify/fsnotify v1.5.1 // indirect 31 | github.com/go-openapi/jsonpointer v0.19.5 // indirect 32 | github.com/go-openapi/jsonreference v0.19.5 // indirect 33 | github.com/go-openapi/swag v0.19.14 // indirect 34 | github.com/gogo/protobuf v1.3.2 // indirect 35 | github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect 36 | github.com/golang/protobuf v1.5.2 // indirect 37 | github.com/google/gnostic v0.5.7-v3refs // indirect 38 | github.com/google/gofuzz v1.2.0 // indirect 39 | github.com/google/uuid v1.3.0 // indirect 40 | github.com/imdario/mergo v0.3.12 // indirect 41 | github.com/josharian/intern v1.0.0 // indirect 42 | github.com/json-iterator/go v1.1.12 // indirect 43 | github.com/mailru/easyjson v0.7.6 // indirect 44 | github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect 45 | github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect 46 | github.com/modern-go/reflect2 v1.0.2 // indirect 47 | github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect 48 | github.com/pkg/errors v0.9.1 // indirect 49 | github.com/prometheus/client_golang v1.11.0 // indirect 50 | github.com/prometheus/client_model v0.2.0 // indirect 51 | github.com/prometheus/common v0.28.0 // indirect 52 | github.com/prometheus/procfs v0.6.0 // indirect 53 | github.com/spf13/pflag v1.0.5 // indirect 54 | go.uber.org/atomic v1.7.0 // indirect 55 | go.uber.org/multierr v1.6.0 // indirect 56 | go.uber.org/zap v1.19.1 // indirect 57 | golang.org/x/net v0.21.0 // indirect 58 | golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 // indirect 59 | golang.org/x/sys v0.18.0 // indirect 60 | golang.org/x/term v0.18.0 // indirect 61 | golang.org/x/text v0.14.0 // indirect 62 | golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect 63 | gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect 64 | google.golang.org/appengine v1.6.7 // indirect 65 | google.golang.org/protobuf v1.33.0 // indirect 66 | gopkg.in/inf.v0 v0.9.1 // indirect 67 | gopkg.in/yaml.v2 v2.4.0 // indirect 68 | k8s.io/component-base v0.23.4 // indirect 69 | k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 // indirect 70 | k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed // indirect 71 | sigs.k8s.io/gateway-api v0.4.1 // indirect 72 | sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect 73 | sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect 74 | sigs.k8s.io/yaml v1.3.0 // indirect 75 | ) 76 | 77 | replace ( 78 | github.com/gogo/protobuf => github.com/gogo/protobuf v1.3.2 79 | github.com/prometheus/client_golang => github.com/prometheus/client_golang v1.11.1 80 | golang.org/x/net => golang.org/x/net v0.23.0 81 | golang.org/x/sys => golang.org/x/sys v0.5.0 82 | ) 83 | -------------------------------------------------------------------------------- /hack/boilerplate.go.txt: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ -------------------------------------------------------------------------------- /main.go: -------------------------------------------------------------------------------- 1 | /* 2 | # Copyright 2021 IBM Corporation 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | */ 16 | 17 | package main 18 | 19 | import ( 20 | "flag" 21 | "fmt" 22 | "os" 23 | "strings" 24 | 25 | appsv1 "k8s.io/api/apps/v1" 26 | corev1 "k8s.io/api/core/v1" 27 | storagev1 "k8s.io/api/storage/v1" 28 | "k8s.io/apimachinery/pkg/runtime" 29 | utilruntime "k8s.io/apimachinery/pkg/util/runtime" 30 | clientgoscheme "k8s.io/client-go/kubernetes/scheme" 31 | _ "k8s.io/client-go/plugin/pkg/client/auth/gcp" 32 | ctrl "sigs.k8s.io/controller-runtime" 33 | "sigs.k8s.io/controller-runtime/pkg/cache" 34 | "sigs.k8s.io/controller-runtime/pkg/log/zap" 35 | 36 | certmgr "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" 37 | certmgrv1alpha1 "github.com/ibm/ibm-cert-manager-operator/apis/certmanager/v1alpha1" 38 | 39 | mongodbv1alpha1 "github.com/IBM/ibm-mongodb-operator/api/v1alpha1" 40 | mongodbcontroller "github.com/IBM/ibm-mongodb-operator/controllers" 41 | // +kubebuilder:scaffold:imports 42 | ) 43 | 44 | var ( 45 | scheme = runtime.NewScheme() 46 | setupLog = ctrl.Log.WithName("setup") 47 | ) 48 | 49 | func init() { 50 | utilruntime.Must(clientgoscheme.AddToScheme(scheme)) 51 | 52 | // add cert manager scheme to controller 53 | utilruntime.Must(certmgr.AddToScheme(scheme)) 54 | utilruntime.Must(certmgrv1alpha1.AddToScheme(scheme)) 55 | 56 | utilruntime.Must(mongodbv1alpha1.AddToScheme(scheme)) 57 | // +kubebuilder:scaffold:scheme 58 | } 59 | 60 | func main() { 61 | var metricsAddr string 62 | var enableLeaderElection bool 63 | flag.StringVar(&metricsAddr, "metrics-addr", ":8080", "The address the metric endpoint binds to.") 64 | flag.BoolVar(&enableLeaderElection, "enable-leader-election", false, 65 | "Enable leader election for controller manager. "+ 66 | "Enabling this will ensure there is only one active controller manager.") 67 | flag.Parse() 68 | 69 | ctrl.SetLogger(zap.New(zap.UseDevMode(true))) 70 | 71 | watchNamespace, err := getWatchNamespace() 72 | if err != nil { 73 | setupLog.Error(err, "unable to get WatchNamespace, "+ 74 | "the manager will watch and manage resources in all namespaces") 75 | } 76 | var ctrlOpt ctrl.Options 77 | if strings.Contains(watchNamespace, ",") { 78 | namespaces := strings.Split(watchNamespace, ",") 79 | ctrlOpt = ctrl.Options{ 80 | Scheme: scheme, 81 | MetricsBindAddress: metricsAddr, 82 | Port: 9443, 83 | LeaderElection: enableLeaderElection, 84 | LeaderElectionID: "9c0e1ee9.operator.ibm.com", 85 | NewCache: cache.MultiNamespacedCacheBuilder(namespaces), 86 | } 87 | 88 | } else { 89 | ctrlOpt = ctrl.Options{ 90 | Scheme: scheme, 91 | MetricsBindAddress: metricsAddr, 92 | Port: 9443, 93 | LeaderElection: enableLeaderElection, 94 | LeaderElectionID: "9c0e1ee9.operator.ibm.com", 95 | Namespace: watchNamespace, 96 | } 97 | } 98 | 99 | mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrlOpt) 100 | if err != nil { 101 | setupLog.Error(err, "unable to start manager") 102 | os.Exit(1) 103 | } 104 | 105 | // Setup Scheme for all resources 106 | if err := appsv1.AddToScheme(mgr.GetScheme()); err != nil { 107 | setupLog.Error(err, "") 108 | os.Exit(1) 109 | } 110 | 111 | if err := corev1.AddToScheme(mgr.GetScheme()); err != nil { 112 | setupLog.Error(err, "") 113 | os.Exit(1) 114 | } 115 | 116 | if err := storagev1.AddToScheme(mgr.GetScheme()); err != nil { 117 | setupLog.Error(err, "") 118 | os.Exit(1) 119 | } 120 | 121 | // Setup Scheme for cert-manager 122 | if err := certmgr.AddToScheme(mgr.GetScheme()); err != nil { 123 | setupLog.Error(err, "") 124 | os.Exit(1) 125 | } 126 | 127 | if err = (&mongodbcontroller.MongoDBReconciler{ 128 | Client: mgr.GetClient(), 129 | Reader: mgr.GetAPIReader(), 130 | Log: ctrl.Log.WithName("controllers").WithName("MongoDB"), 131 | Scheme: mgr.GetScheme(), 132 | }).SetupWithManager(mgr); err != nil { 133 | setupLog.Error(err, "unable to create controller", "controller", "MongoDB") 134 | os.Exit(1) 135 | } 136 | // +kubebuilder:scaffold:builder 137 | 138 | setupLog.Info("starting manager") 139 | if err := mgr.Start(ctrl.SetupSignalHandler()); err != nil { 140 | setupLog.Error(err, "problem running manager") 141 | os.Exit(1) 142 | } 143 | } 144 | 145 | // getWatchNamespace returns the Namespace the operator should be watching for changes 146 | func getWatchNamespace() (string, error) { 147 | // WatchNamespaceEnvVar is the constant for env variable WATCH_NAMESPACE 148 | // which specifies the Namespace to watch. 149 | // An empty value means the operator is running with cluster scope. 150 | var watchNamespaceEnvVar = "WATCH_NAMESPACE" 151 | 152 | ns, found := os.LookupEnv(watchNamespaceEnvVar) 153 | if !found { 154 | return "", fmt.Errorf("%s must be set", watchNamespaceEnvVar) 155 | } 156 | return ns, nil 157 | } 158 | -------------------------------------------------------------------------------- /tools.go: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright 2021 IBM Corporation 3 | // 4 | // Licensed under the Apache License, Version 2.0 (the "License"); 5 | // you may not use this file except in compliance with the License. 6 | // You may obtain a copy of the License at 7 | // 8 | // http://www.apache.org/licenses/LICENSE-2.0 9 | // 10 | // Unless required by applicable law or agreed to in writing, software 11 | // distributed under the License is distributed on an "AS IS" BASIS, 12 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | // 16 | // +build tools 17 | 18 | // Place any runtime dependencies as imports in this file. 19 | // Go modules will be forced to download and install them. 20 | package tools 21 | -------------------------------------------------------------------------------- /version/version.go: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright 2021 IBM Corporation 3 | // 4 | // Licensed under the Apache License, Version 2.0 (the "License"); 5 | // you may not use this file except in compliance with the License. 6 | // You may obtain a copy of the License at 7 | // 8 | // http://www.apache.org/licenses/LICENSE-2.0 9 | // 10 | // Unless required by applicable law or agreed to in writing, software 11 | // distributed under the License is distributed on an "AS IS" BASIS, 12 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | // See the License for the specific language governing permissions and 14 | // limitations under the License. 15 | // 16 | package version 17 | 18 | var ( 19 | // Version for MongoDB operator 20 | Version = "1.18.13" 21 | ) 22 | --------------------------------------------------------------------------------