├── .gitignore
├── .pre-commit-config.yaml
├── .tflint.hcl
├── IAM.md
├── LICENSE
├── README.md
├── examples
└── complete
│ ├── aws
│ ├── README.md
│ ├── helm
│ │ ├── exporter.yaml
│ │ └── values.yaml
│ ├── main.tf
│ ├── output.tf
│ └── provider.tf
│ ├── azure
│ ├── README.md
│ ├── helm
│ │ └── values.yaml
│ ├── main.tf
│ ├── output.tf
│ └── provider.tf
│ └── gcp
│ ├── README.md
│ ├── helm
│ └── values.yaml
│ ├── main.tf
│ ├── output.tf
│ └── provider.tf
├── helm
└── values
│ ├── backup
│ └── values.yaml
│ ├── exporter
│ └── values.yaml
│ ├── mongodb
│ └── values.yaml
│ └── restore
│ └── values.yaml
├── main.tf
├── modules
├── backup
│ ├── .helmignore
│ ├── Chart.yaml
│ └── templates
│ │ ├── backup-secrets.yaml
│ │ ├── fullbackup-cronjob.yaml
│ │ └── service_account.yaml
├── resources
│ ├── aws
│ │ ├── README.md
│ │ ├── main.tf
│ │ ├── outputs.tf
│ │ └── variables.tf
│ ├── azure
│ │ ├── README.md
│ │ ├── main.tf
│ │ ├── outputs.tf
│ │ └── variables.tf
│ └── gcp
│ │ ├── README.md
│ │ ├── main.tf
│ │ ├── outputs.tf
│ │ └── variables.tf
└── restore
│ ├── .helmignore
│ ├── Chart.yaml
│ └── templates
│ ├── job.yaml
│ ├── restore-secrets.yaml
│ └── service_account.yaml
├── output.tf
└── variables.tf
/.gitignore:
--------------------------------------------------------------------------------
1 | # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
2 | *.out
3 | *.lock
4 | *.tfvars
5 | *.pem
6 | *.txt
7 |
8 | # Local .terraform directories
9 | **/.terraform/*
10 | .terraform*
11 |
12 | # .tfstate files
13 | *.tfstate
14 | *.tfstate.*
15 |
16 | # Crash log files
17 | crash.log
18 | crash.*.log
19 |
20 | *.tfvars
21 | *.tfvars.json
22 |
23 | # Ignore override files as they are usually used to override resources locally and so
24 | # are not checked in
25 | override.tf
26 | override.tf.json
27 | *_override.tf
28 | *_override.tf.json
29 |
30 | # Ignore CLI configuration files
31 | .terraformrc
32 | terraform.rc
33 |
--------------------------------------------------------------------------------
/.pre-commit-config.yaml:
--------------------------------------------------------------------------------
1 | repos:
2 | - repo: https://github.com/pre-commit/pre-commit-hooks
3 | rev: v4.1.0
4 | hooks:
5 | - id: trailing-whitespace
6 | args: ['--markdown-linebreak-ext=md']
7 | - id: end-of-file-fixer
8 | - id: check-merge-conflict
9 | - id: detect-private-key
10 | - id: detect-aws-credentials
11 | args: ['--allow-missing-credentials']
12 | - repo: https://github.com/antonbabenko/pre-commit-terraform
13 | rev: v1.77.0
14 | hooks:
15 | - id: terraform_fmt
16 | - id: terraform_docs
17 | args:
18 | - '--args=--lockfile=false'
19 | - --hook-config=--add-to-existing-file=true
20 | - --hook-config=--create-file-if-not-exist=true
21 |
22 | - id: terraform_tflint
23 | args:
24 | - --args=--config=.tflint.hcl
25 | - id: terraform_tfsec
26 | files: ^examples/ # only scan `examples/*` which are the implementation
27 | args:
28 | - --args=--config-file=__GIT_WORKING_DIR__/tfsec.yaml
29 | - --args=--concise-output
30 |
--------------------------------------------------------------------------------
/.tflint.hcl:
--------------------------------------------------------------------------------
1 | plugin "aws" {
2 | enabled = true
3 | version = "0.21.1"
4 | source = "github.com/terraform-linters/tflint-ruleset-aws"
5 | }
6 |
7 | config {
8 | #Enables module inspection
9 | module = false
10 | force = false
11 | }
12 |
13 | # Required that all AWS resources have specified tags.
14 | rule "aws_resource_missing_tags" {
15 | enabled = true
16 | tags = [
17 | "Name",
18 | "Environment",
19 | ]
20 | }
21 |
22 | # Disallow deprecated (0.11-style) interpolation
23 | rule "terraform_deprecated_interpolation" {
24 | enabled = true
25 | }
26 |
27 | # Disallow legacy dot index syntax.
28 | rule "terraform_deprecated_index" {
29 | enabled = true
30 | }
31 |
32 | # Disallow variables, data sources, and locals that are declared but never used.
33 | rule "terraform_unused_declarations" {
34 | enabled = true
35 | }
36 |
37 | # Disallow // comments in favor of #.
38 | rule "terraform_comment_syntax" {
39 | enabled = false
40 | }
41 |
42 | # Disallow output declarations without description.
43 | rule "terraform_documented_outputs" {
44 | enabled = true
45 | }
46 |
47 | # Disallow variable declarations without description.
48 | rule "terraform_documented_variables" {
49 | enabled = true
50 | }
51 |
52 | # Disallow variable declarations without type.
53 | rule "terraform_typed_variables" {
54 | enabled = true
55 | }
56 |
57 | # Disallow specifying a git or mercurial repository as a module source without pinning to a version.
58 | rule "terraform_module_pinned_source" {
59 | enabled = true
60 | }
61 |
62 | # Enforces naming conventions
63 | rule "terraform_naming_convention" {
64 | enabled = true
65 |
66 | #Require specific naming structure
67 | variable {
68 | format = "snake_case"
69 | }
70 |
71 | locals {
72 | format = "snake_case"
73 | }
74 |
75 | output {
76 | format = "snake_case"
77 | }
78 |
79 | #Allow any format
80 | resource {
81 | format = "none"
82 | }
83 |
84 | module {
85 | format = "none"
86 | }
87 |
88 | data {
89 | format = "none"
90 | }
91 |
92 | }
93 |
94 | # Disallow terraform declarations without require_version.
95 | rule "terraform_required_version" {
96 | enabled = true
97 | }
98 |
99 | # Require that all providers have version constraints through required_providers.
100 | rule "terraform_required_providers" {
101 | enabled = true
102 | }
103 |
104 | # Ensure that a module complies with the Terraform Standard Module Structure
105 | rule "terraform_standard_module_structure" {
106 | enabled = true
107 | }
108 |
109 | # terraform.workspace should not be used with a "remote" backend with remote execution.
110 | rule "terraform_workspace_remote" {
111 | enabled = true
112 | }
113 |
--------------------------------------------------------------------------------
/IAM.md:
--------------------------------------------------------------------------------
1 | ## IAM AWS Permission
2 |
3 | The Policy required to deploy this module:
4 | ```hcl
5 | {
6 | "Version": "2012-10-17",
7 | "Statement": [
8 | {
9 | "Sid": "VisualEditor0",
10 | "Effect": "Allow",
11 | "Action": [
12 | "eks:DescribeCluster"
13 | ],
14 | "Resource": [
15 | "*"
16 | ]
17 | },
18 | {
19 | "Sid": "VisualEditor1",
20 | "Effect": "Allow",
21 | "Action": [
22 | "iam:GetRole",
23 | "iam:CreateRole",
24 | "iam:DeleteRole",
25 | "iam:GetRolePolicy",
26 | "iam:PutRolePolicy",
27 | "iam:ListRolePolicies",
28 | "iam:ListAttachedRolePolicies",
29 | "iam:ListInstanceProfilesForRole"
30 | ],
31 | "Resource": [
32 | "*"
33 | ]
34 | },
35 | {
36 | "Sid": "VisualEditor2",
37 | "Effect": "Allow",
38 | "Action": [
39 | "secretsmanager:CreateSecret",
40 | "secretsmanager:DeleteSecret",
41 | "secretsmanager:DescribeSecret",
42 | "secretsmanager:GetResourcePolicy",
43 | "secretsmanager:GetSecretValue",
44 | "secretsmanager:PutSecretValue"
45 | ],
46 | "Resource": [
47 | "*"
48 | ]
49 | }
50 | ]
51 | }
52 | ```
53 | ## Azure Role Permissions
54 |
55 | ```hcl
56 | permissions {
57 | actions = [
58 | "Microsoft.Authorization/roleAssignments/delete",
59 | "Microsoft.Authorization/roleAssignments/read",
60 | "Microsoft.Authorization/roleAssignments/write",
61 | "Microsoft.KeyVault/locations/deletedVaults/read",
62 | "Microsoft.KeyVault/vaults/delete",
63 | "Microsoft.KeyVault/vaults/read",
64 | "Microsoft.KeyVault/vaults/write",
65 | "Microsoft.ManagedIdentity/userAssignedIdentities/delete",
66 | "Microsoft.ManagedIdentity/userAssignedIdentities/read",
67 | "Microsoft.ManagedIdentity/userAssignedIdentities/write",
68 | "Microsoft.Resources/subscriptions/providers/read",
69 | "Microsoft.Resources/subscriptions/resourcegroups/read"]
70 | not_actions = []
71 | }
72 | ```
73 |
74 | ## Google IAM Permissions
75 |
76 | ```hcl
77 | permissions = [
78 | "iam.serviceAccounts.create",
79 | "iam.serviceAccounts.delete",
80 | "iam.serviceAccounts.get",
81 | "iam.serviceAccounts.update",
82 | "resourcemanager.projects.getIamPolicy",
83 | "resourcemanager.projects.setIamPolicy"
84 | ]
85 | ```
86 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | Apache License
2 | Version 2.0, January 2004
3 | http://www.apache.org/licenses/
4 |
5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
6 |
7 | 1. Definitions.
8 |
9 | "License" shall mean the terms and conditions for use, reproduction,
10 | and distribution as defined by Sections 1 through 9 of this document.
11 |
12 | "Licensor" shall mean the copyright owner or entity authorized by
13 | the copyright owner that is granting the License.
14 |
15 | "Legal Entity" shall mean the union of the acting entity and all
16 | other entities that control, are controlled by, or are under common
17 | control with that entity. For the purposes of this definition,
18 | "control" means (i) the power, direct or indirect, to cause the
19 | direction or management of such entity, whether by contract or
20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the
21 | outstanding shares, or (iii) beneficial ownership of such entity.
22 |
23 | "You" (or "Your") shall mean an individual or Legal Entity
24 | exercising permissions granted by this License.
25 |
26 | "Source" form shall mean the preferred form for making modifications,
27 | including but not limited to software source code, documentation
28 | source, and configuration files.
29 |
30 | "Object" form shall mean any form resulting from mechanical
31 | transformation or translation of a Source form, including but
32 | not limited to compiled object code, generated documentation,
33 | and conversions to other media types.
34 |
35 | "Work" shall mean the work of authorship, whether in Source or
36 | Object form, made available under the License, as indicated by a
37 | copyright notice that is included in or attached to the work
38 | (an example is provided in the Appendix below).
39 |
40 | "Derivative Works" shall mean any work, whether in Source or Object
41 | form, that is based on (or derived from) the Work and for which the
42 | editorial revisions, annotations, elaborations, or other modifications
43 | represent, as a whole, an original work of authorship. For the purposes
44 | of this License, Derivative Works shall not include works that remain
45 | separable from, or merely link (or bind by name) to the interfaces of,
46 | the Work and Derivative Works thereof.
47 |
48 | "Contribution" shall mean any work of authorship, including
49 | the original version of the Work and any modifications or additions
50 | to that Work or Derivative Works thereof, that is intentionally
51 | submitted to Licensor for inclusion in the Work by the copyright owner
52 | or by an individual or Legal Entity authorized to submit on behalf of
53 | the copyright owner. For the purposes of this definition, "submitted"
54 | means any form of electronic, verbal, or written communication sent
55 | to the Licensor or its representatives, including but not limited to
56 | communication on electronic mailing lists, source code control systems,
57 | and issue tracking systems that are managed by, or on behalf of, the
58 | Licensor for the purpose of discussing and improving the Work, but
59 | excluding communication that is conspicuously marked or otherwise
60 | designated in writing by the copyright owner as "Not a Contribution."
61 |
62 | "Contributor" shall mean Licensor and any individual or Legal Entity
63 | on behalf of whom a Contribution has been received by Licensor and
64 | subsequently incorporated within the Work.
65 |
66 | 2. Grant of Copyright License. Subject to the terms and conditions of
67 | this License, each Contributor hereby grants to You a perpetual,
68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable
69 | copyright license to reproduce, prepare Derivative Works of,
70 | publicly display, publicly perform, sublicense, and distribute the
71 | Work and such Derivative Works in Source or Object form.
72 |
73 | 3. Grant of Patent License. Subject to the terms and conditions of
74 | this License, each Contributor hereby grants to You a perpetual,
75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable
76 | (except as stated in this section) patent license to make, have made,
77 | use, offer to sell, sell, import, and otherwise transfer the Work,
78 | where such license applies only to those patent claims licensable
79 | by such Contributor that are necessarily infringed by their
80 | Contribution(s) alone or by combination of their Contribution(s)
81 | with the Work to which such Contribution(s) was submitted. If You
82 | institute patent litigation against any entity (including a
83 | cross-claim or counterclaim in a lawsuit) alleging that the Work
84 | or a Contribution incorporated within the Work constitutes direct
85 | or contributory patent infringement, then any patent licenses
86 | granted to You under this License for that Work shall terminate
87 | as of the date such litigation is filed.
88 |
89 | 4. Redistribution. You may reproduce and distribute copies of the
90 | Work or Derivative Works thereof in any medium, with or without
91 | modifications, and in Source or Object form, provided that You
92 | meet the following conditions:
93 |
94 | (a) You must give any other recipients of the Work or
95 | Derivative Works a copy of this License; and
96 |
97 | (b) You must cause any modified files to carry prominent notices
98 | stating that You changed the files; and
99 |
100 | (c) You must retain, in the Source form of any Derivative Works
101 | that You distribute, all copyright, patent, trademark, and
102 | attribution notices from the Source form of the Work,
103 | excluding those notices that do not pertain to any part of
104 | the Derivative Works; and
105 |
106 | (d) If the Work includes a "NOTICE" text file as part of its
107 | distribution, then any Derivative Works that You distribute must
108 | include a readable copy of the attribution notices contained
109 | within such NOTICE file, excluding those notices that do not
110 | pertain to any part of the Derivative Works, in at least one
111 | of the following places: within a NOTICE text file distributed
112 | as part of the Derivative Works; within the Source form or
113 | documentation, if provided along with the Derivative Works; or,
114 | within a display generated by the Derivative Works, if and
115 | wherever such third-party notices normally appear. The contents
116 | of the NOTICE file are for informational purposes only and
117 | do not modify the License. You may add Your own attribution
118 | notices within Derivative Works that You distribute, alongside
119 | or as an addendum to the NOTICE text from the Work, provided
120 | that such additional attribution notices cannot be construed
121 | as modifying the License.
122 |
123 | You may add Your own copyright statement to Your modifications and
124 | may provide additional or different license terms and conditions
125 | for use, reproduction, or distribution of Your modifications, or
126 | for any such Derivative Works as a whole, provided Your use,
127 | reproduction, and distribution of the Work otherwise complies with
128 | the conditions stated in this License.
129 |
130 | 5. Submission of Contributions. Unless You explicitly state otherwise,
131 | any Contribution intentionally submitted for inclusion in the Work
132 | by You to the Licensor shall be under the terms and conditions of
133 | this License, without any additional terms or conditions.
134 | Notwithstanding the above, nothing herein shall supersede or modify
135 | the terms of any separate license agreement you may have executed
136 | with Licensor regarding such Contributions.
137 |
138 | 6. Trademarks. This License does not grant permission to use the trade
139 | names, trademarks, service marks, or product names of the Licensor,
140 | except as required for reasonable and customary use in describing the
141 | origin of the Work and reproducing the content of the NOTICE file.
142 |
143 | 7. Disclaimer of Warranty. Unless required by applicable law or
144 | agreed to in writing, Licensor provides the Work (and each
145 | Contributor provides its Contributions) on an "AS IS" BASIS,
146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
147 | implied, including, without limitation, any warranties or conditions
148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
149 | PARTICULAR PURPOSE. You are solely responsible for determining the
150 | appropriateness of using or redistributing the Work and assume any
151 | risks associated with Your exercise of permissions under this License.
152 |
153 | 8. Limitation of Liability. In no event and under no legal theory,
154 | whether in tort (including negligence), contract, or otherwise,
155 | unless required by applicable law (such as deliberate and grossly
156 | negligent acts) or agreed to in writing, shall any Contributor be
157 | liable to You for damages, including any direct, indirect, special,
158 | incidental, or consequential damages of any character arising as a
159 | result of this License or out of the use or inability to use the
160 | Work (including but not limited to damages for loss of goodwill,
161 | work stoppage, computer failure or malfunction, or any and all
162 | other commercial damages or losses), even if such Contributor
163 | has been advised of the possibility of such damages.
164 |
165 | 9. Accepting Warranty or Additional Liability. While redistributing
166 | the Work or Derivative Works thereof, You may choose to offer,
167 | and charge a fee for, acceptance of support, warranty, indemnity,
168 | or other liability obligations and/or rights consistent with this
169 | License. However, in accepting such obligations, You may act only
170 | on Your own behalf and on Your sole responsibility, not on behalf
171 | of any other Contributor, and only if You agree to indemnify,
172 | defend, and hold each Contributor harmless for any liability
173 | incurred by, or claims asserted against, such Contributor by reason
174 | of your accepting any such warranty or additional liability.
175 |
176 | END OF TERMS AND CONDITIONS
177 |
178 | APPENDIX: How to apply the Apache License to your work.
179 |
180 | To apply the Apache License to your work, attach the following
181 | boilerplate notice, with the fields enclosed by brackets "[]"
182 | replaced with your own identifying information. (Don't include
183 | the brackets!) The text should be enclosed in the appropriate
184 | comment syntax for the file format. We also recommend that a
185 | file or class name and description of purpose be included on the
186 | same "printed page" as the copyright notice for easier
187 | identification within third-party archives.
188 |
189 | Copyright 2023 SaturnOps Technologies
190 |
191 | Licensed under the Apache License, Version 2.0 (the "License");
192 | you may not use this file except in compliance with the License.
193 | You may obtain a copy of the License at
194 |
195 | http://www.apache.org/licenses/LICENSE-2.0
196 |
197 | Unless required by applicable law or agreed to in writing, software
198 | distributed under the License is distributed on an "AS IS" BASIS,
199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
200 | See the License for the specific language governing permissions and
201 | limitations under the License.
202 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | ## MongoDB Kubernetes Terraform Module
2 |
3 |
4 |
5 |
6 | This module deploys a highly available MongoDB cluster on Kubernetes using Helm charts. It offers flexible configurations for volume size, architecture, replica count, backups, restores, and metrics export to Grafana.
Users can create a new namespace and configure recovery windows for AWS Secrets Manager, Azure Key Vault, and GCP Secrets Manager. It supports deployment on AWS EKS, Azure AKS, and GCP GKE, allowing for easy and customizable MongoDB setups.
7 |
8 | ## Supported Versions:
9 |
10 | | MongoDB Helm Chart Version | K8s supported version (EKS, AKS & GKE) |
11 | | :-----: | :--- |
12 | | **13.1.5** | **1.23,1.24,1.25,1.26,1.27** |
13 |
14 |
15 | ## Usage Example
16 |
17 | ```hcl
18 | locals {
19 | name = "mongo"
20 | region = "us-east-2"
21 | environment = "prod"
22 | additional_tags = {
23 | Owner = "organization_name"
24 | Expires = "Never"
25 | Department = "Engineering"
26 | }
27 | create_namespace = true
28 | namespace = "mongodb"
29 | store_password_to_secret_manager = true
30 | mongodb_custom_credentials_enabled = true
31 | mongodb_custom_credentials_config = {
32 | root_user = "root"
33 | root_password = "NCPFUKEMd7rrWuvMAa73"
34 | metric_exporter_user = "mongodb_exporter"
35 | metric_exporter_password = "nvAHhm1uGQNYWVw6ZyAH"
36 | }
37 | }
38 | module "aws" {
39 | source = "saturnops/mongodb/kubernetes//modules/resources/aws"
40 | environment = local.environment
41 | name = local.name
42 | namespace = local.namespace
43 | store_password_to_secret_manager = local.store_password_to_secret_manager
44 | cluster_name = ""
45 | mongodb_custom_credentials_enabled = local.mongodb_custom_credentials_enabled
46 | mongodb_custom_credentials_config = local.mongodb_custom_credentials_config
47 | }
48 |
49 | module "mongodb" {
50 | source = "saturnops/mongodb/kubernetes"
51 | namespace = local.namespace
52 | create_namespace = local.create_namespace
53 | mongodb_config = {
54 | name = local.name
55 | namespace = local.namespace
56 | values_yaml = ""
57 | environment = local.environment
58 | volume_size = "10Gi"
59 | architecture = "replicaset"
60 | custom_databases = "['db1', 'db2']"
61 | custom_databases_usernames = "['admin', 'admin']"
62 | custom_databases_passwords = "['pass1', 'pass2']"
63 | replica_count = 2
64 | storage_class_name = "gp2"
65 | store_password_to_secret_manager = local.store_password_to_secret_manager
66 | }
67 | mongodb_custom_credentials_enabled = local.mongodb_custom_credentials_enabled
68 | mongodb_custom_credentials_config = local.mongodb_custom_credentials_config
69 | root_password = local.mongodb_custom_credentials_enabled ? "" : module.aws.root_password
70 | metric_exporter_password = local.mongodb_custom_credentials_enabled ? "" : module.aws.metric_exporter_password
71 | bucket_provider_type = "s3"
72 | mongodb_backup_enabled = true
73 | iam_role_arn_backup = module.aws.iam_role_arn_backup
74 | mongodb_backup_config = {
75 | bucket_uri = "s3://mongo-demo-backup"
76 | s3_bucket_region = "us-east-2"
77 | cron_for_full_backup = "* * * * *"
78 | }
79 | mongodb_restore_enabled = true
80 | iam_role_arn_restore = module.aws.iam_role_arn_restore
81 | mongodb_restore_config = {
82 | bucket_uri = "s3://mongo-demo-backup/mongodumpfull_20230523_092110.gz"
83 | s3_bucket_region = "us-east-2"
84 | file_name = "mongodumpfull_20230523_092110.gz"
85 | }
86 | mongodb_exporter_enabled = true
87 | mongodb_exporter_values = file("./helm/exporter.yaml")
88 | }
89 |
90 |
91 | ```
92 | - Refer [AWS examples](https://github.com/saturnops/terraform-kubernetes-mongodb/tree/main/examples/complete/aws) for more details.
93 | - Refer [Azure examples](https://github.com/saturnops/terraform-kubernetes-mongodb/tree/main/examples/complete/azure) for more details.
94 | - Refer [GCP examples](https://github.com/saturnops/terraform-kubernetes-mongodb/tree/main/examples/complete/gcp) for more details.
95 |
96 | ## IAM Permissions
97 | The required IAM permissions to create resources from this module can be found [here](https://github.com/saturnops/terraform-kubernetes-mongodb/blob/main/IAM.md)
98 | ## Mongo Backup and Restore
99 | This module provides functionality to automate the backup and restore process for mongo databases using AWS S3 buckets. It allows users to easily schedule backups, restore databases from backups stored in S3, and manage access permissions using AWS IAM roles.
100 | Features
101 | ### Backup
102 | - Users can schedule full backups.
103 | - Backups are stored in specified S3 buckets.
104 | ### Restore
105 | - Users can restore Mongo databases from backups stored in S3 buckets.
106 | - Supports specifying the backup file to restore from and the target S3 bucket region.
107 | ### IAM Role for Permissions
108 | - Users need to provide an IAM role for the module to access the specified S3 bucket and perform backup and restore operations.
109 | ## Module Inputs
110 | ### Backup Configuration
111 | - bucket_uri: The URI of the S3 bucket where backups will be stored.
112 | - s3_bucket_region: The region of the S3 bucket.
113 | - cron_for_full_backup: The cron expression for scheduling full backups.
114 | ### Restore Configuration
115 | - mongodb_restore_config: Configuration for restoring databases.
116 | - bucket_uri: The URI of the S3 bucket containing the backup file.
117 | - file_name: The name of the backup file to restore.
118 | - s3_bucket_region: The region of the S3 bucket containing the backup file.
119 | ## Important Notes
120 | 1. In order to enable the exporter, it is required to deploy Prometheus/Grafana first.
121 | 2. The exporter is a tool that extracts metrics data from an application or system and makes it available to be scraped by Prometheus.
122 | 3. Prometheus is a monitoring system that collects metrics data from various sources, including exporters, and stores it in a time-series database.
123 | 4. Grafana is a data visualization and dashboard tool that works with Prometheus and other data sources to display the collected metrics in a user-friendly way.
124 | 5. To deploy Prometheus/Grafana, please follow the installation instructions for each tool in their respective documentation.
125 | 6. Once Prometheus and Grafana are deployed, the exporter can be configured to scrape metrics data from your application or system and send it to Prometheus.
126 | 7. Finally, you can use Grafana to create custom dashboards and visualize the metrics data collected by Prometheus.
127 | 8. This module is compatible with EKS, AKS & GKE which is great news for users deploying the module on an AWS, Azure & GCP cloud. Review the module's documentation, meet specific configuration requirements, and test thoroughly after deployment to ensure everything works as expected.
128 |
129 | ## Requirements
130 |
131 | No requirements.
132 |
133 | ## Providers
134 |
135 | | Name | Version |
136 | |------|---------|
137 | | [helm](#provider\_helm) | n/a |
138 | | [kubernetes](#provider\_kubernetes) | n/a |
139 | | [random](#provider\_random) | n/a |
140 |
141 | ## Modules
142 |
143 | No modules.
144 |
145 | ## Resources
146 |
147 | | Name | Type |
148 | |------|------|
149 | | [helm_release.mongodb](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
150 | | [helm_release.mongodb_backup](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
151 | | [helm_release.mongodb_exporter](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
152 | | [helm_release.mongodb_restore](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
153 | | [kubernetes_namespace.mongodb](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
154 | | [random_password.mongodb_exporter_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
155 | | [random_password.mongodb_root_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
156 |
157 | ## Inputs
158 |
159 | | Name | Description | Type | Default | Required |
160 | |------|-------------|------|---------|:--------:|
161 | | [app\_version](#input\_app\_version) | Version of the Mongodb application that will be deployed. | `string` | `"5.0.8-debian-10-r9"` | no |
162 | | [az\_account\_backup](#input\_az\_account\_backup) | Azure user managed account backup identity | `string` | `""` | no |
163 | | [az\_account\_restore](#input\_az\_account\_restore) | Azure user managed account restore identity | `string` | `""` | no |
164 | | [azure\_container\_name](#input\_azure\_container\_name) | Azure container name | `string` | `""` | no |
165 | | [azure\_storage\_account\_key](#input\_azure\_storage\_account\_key) | Azure storage account key | `string` | `""` | no |
166 | | [azure\_storage\_account\_name](#input\_azure\_storage\_account\_name) | Azure storage account name | `string` | `""` | no |
167 | | [bucket\_provider\_type](#input\_bucket\_provider\_type) | Choose what type of provider you want (s3, gcs) | `string` | `"gcs"` | no |
168 | | [chart\_version](#input\_chart\_version) | Version of the Mongodb chart that will be used to deploy Mongodb application. | `string` | `"13.1.5"` | no |
169 | | [cluster\_name](#input\_cluster\_name) | Specifies the name of the EKS cluster to deploy the Mongodb application on. | `string` | `""` | no |
170 | | [create\_namespace](#input\_create\_namespace) | Specify whether or not to create the namespace if it does not already exist. Set it to true to create the namespace. | `string` | `false` | no |
171 | | [iam\_role\_arn\_backup](#input\_iam\_role\_arn\_backup) | IAM role ARN for backup (AWS) | `string` | `""` | no |
172 | | [iam\_role\_arn\_restore](#input\_iam\_role\_arn\_restore) | IAM role ARN for restore (AWS) | `string` | `""` | no |
173 | | [metric\_exporter\_password](#input\_metric\_exporter\_password) | Metric exporter password for MongoDB | `string` | `""` | no |
174 | | [mongodb\_backup\_config](#input\_mongodb\_backup\_config) | Configuration options for Mongodb database backups. It includes properties such as the S3 bucket URI, the S3 bucket region, and the cron expression for full backups. | `any` |
{
"bucket_uri": "",
"cron_for_full_backup": "*/5 * * * *",
"s3_bucket_region": "us-east-2"
}
| no |
175 | | [mongodb\_backup\_enabled](#input\_mongodb\_backup\_enabled) | Specifies whether to enable backups for Mongodb database. | `bool` | `false` | no |
176 | | [mongodb\_config](#input\_mongodb\_config) | Specify the configuration settings for Mongodb, including the name, environment, storage options, replication settings, and custom YAML values. | `any` | {
"architecture": "",
"custom_databases": "",
"custom_databases_passwords": "",
"custom_databases_usernames": "",
"environment": "",
"name": "",
"replica_count": 2,
"storage_class_name": "",
"store_password_to_secret_manager": true,
"values_yaml": "",
"volume_size": ""
}
| no |
177 | | [mongodb\_custom\_credentials\_config](#input\_mongodb\_custom\_credentials\_config) | Specify the configuration settings for Mongodb to pass custom credentials during creation. | `any` | {
"metric_exporter_password": "",
"metric_exporter_user": "",
"root_password": "",
"root_user": ""
}
| no |
178 | | [mongodb\_custom\_credentials\_enabled](#input\_mongodb\_custom\_credentials\_enabled) | Specifies whether to enable custom credentials for MongoDB database. | `bool` | `false` | no |
179 | | [mongodb\_exporter\_config](#input\_mongodb\_exporter\_config) | Specify whether or not to deploy Mongodb exporter to collect Mongodb metrics for monitoring in Grafana. | `any` | {
"version": "2.9.0"
}
| no |
180 | | [mongodb\_exporter\_enabled](#input\_mongodb\_exporter\_enabled) | Specify whether or not to deploy Mongodb exporter to collect Mongodb metrics for monitoring in Grafana. | `bool` | `false` | no |
181 | | [mongodb\_exporter\_values](#input\_mongodb\_exporter\_values) | Mongo DB prometheus exporter values file | `any` | `""` | no |
182 | | [mongodb\_restore\_config](#input\_mongodb\_restore\_config) | Configuration options for restoring dump to the Mongodb database. | `any` | {
"bucket_uri": "s3://mymongo/mongodumpfull_20230424_112501.gz",
"file_name": "",
"s3_bucket_region": "us-east-2"
}
| no |
183 | | [mongodb\_restore\_enabled](#input\_mongodb\_restore\_enabled) | Specifies whether to enable restoring dump to the Mongodb database. | `bool` | `false` | no |
184 | | [namespace](#input\_namespace) | Name of the Kubernetes namespace where the Mongodb deployment will be deployed. | `string` | `"mongodb"` | no |
185 | | [project\_id](#input\_project\_id) | Google Cloud project ID | `string` | `""` | no |
186 | | [recovery\_window\_aws\_secret](#input\_recovery\_window\_aws\_secret) | Number of days that AWS Secrets Manager will wait before deleting a secret. This value can be set to 0 to force immediate deletion, or to a value between 7 and 30 days to allow for recovery. | `number` | `0` | no |
187 | | [resource\_group\_location](#input\_resource\_group\_location) | Azure region | `string` | `"East US"` | no |
188 | | [resource\_group\_name](#input\_resource\_group\_name) | Azure Resource Group name | `string` | `""` | no |
189 | | [root\_password](#input\_root\_password) | Root password for MongoDB | `string` | `""` | no |
190 | | [service\_account\_backup](#input\_service\_account\_backup) | Service account for backup (GCP) | `string` | `""` | no |
191 | | [service\_account\_restore](#input\_service\_account\_restore) | Service account for restore (GCP) | `string` | `""` | no |
192 |
193 | ## Outputs
194 |
195 | | Name | Description |
196 | |------|-------------|
197 | | [mongodb\_credential](#output\_mongodb\_credential) | MongoDB credentials used for accessing the MongoDB database. |
198 | | [mongodb\_endpoints](#output\_mongodb\_endpoints) | MongoDB endpoints in the Kubernetes cluster. |
199 |
200 |
201 |
202 |
203 |
204 |
205 |
206 | ##
207 |
208 |
209 |
210 |
211 |
212 | Please give our GitHub repository a ⭐️ to show your support and increase its visibility.
213 |
214 |
215 |
216 |
217 |
218 |
--------------------------------------------------------------------------------
/examples/complete/aws/README.md:
--------------------------------------------------------------------------------
1 | ## Mongodb Example
2 |
3 |
4 |
5 | This example will be very useful for users who are new to a module and want to quickly learn how to use it. By reviewing the examples, users can gain a better understanding of how the module works, what features it supports, and how to customize it to their specific needs.
6 |
7 | ## Requirements
8 |
9 | No requirements.
10 |
11 | ## Providers
12 |
13 | | Name | Version |
14 | |------|---------|
15 | | [aws](#provider\_aws) | n/a |
16 |
17 | ## Modules
18 |
19 | | Name | Source | Version |
20 | |------|--------|---------|
21 | | [aws](#module\_aws) | saturnops/mongodb/kubernetes//modules/resources/aws | n/a |
22 | | [mongodb](#module\_mongodb) | saturnops/mongodb/kubernetes | n/a |
23 |
24 | ## Resources
25 |
26 | | Name | Type |
27 | |------|------|
28 | | [aws_eks_cluster.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source |
29 | | [aws_eks_cluster_auth.cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster_auth) | data source |
30 |
31 | ## Inputs
32 |
33 | No inputs.
34 |
35 | ## Outputs
36 |
37 | | Name | Description |
38 | |------|-------------|
39 | | [mongodb\_credential](#output\_mongodb\_credential) | MongoDB credentials used for accessing the MongoDB database. |
40 | | [mongodb\_endpoints](#output\_mongodb\_endpoints) | MongoDB endpoints in the Kubernetes cluster. |
41 |
42 |
--------------------------------------------------------------------------------
/examples/complete/aws/helm/exporter.yaml:
--------------------------------------------------------------------------------
1 | affinity:
2 | nodeAffinity:
3 | requiredDuringSchedulingIgnoredDuringExecution:
4 | nodeSelectorTerms:
5 | - matchExpressions:
6 | - key: "Infra-Services"
7 | operator: In
8 | values:
9 | - "true"
10 | resources:
11 | limits:
12 | cpu: 100m
13 | memory: 200Mi
14 | requests:
15 | cpu: 50m
16 | memory: 100Mi
--------------------------------------------------------------------------------
/examples/complete/aws/helm/values.yaml:
--------------------------------------------------------------------------------
1 | affinity:
2 | nodeAffinity:
3 | requiredDuringSchedulingIgnoredDuringExecution:
4 | nodeSelectorTerms:
5 | - matchExpressions:
6 | - key: "Infra-Services"
7 | operator: In
8 | values:
9 | - "true"
10 |
11 | resources:
12 | limits:
13 | cpu: 900m
14 | memory: 800Mi
15 | requests:
16 | cpu: 600m
17 | memory: 500Mi
18 |
19 | metrics:
20 | enabled: true
21 | resources:
22 | limits:
23 | cpu: 200m
24 | memory: 528Mi
25 | requests:
26 | cpu: 120m
27 | memory: 228Mi
28 |
29 | arbiter:
30 | resources:
31 | limits:
32 | cpu: 200m
33 | memory: 400Mi
34 | requests:
35 | cpu: 100m
36 | memory: 250Mi
37 |
38 | affinity:
39 | nodeAffinity:
40 | requiredDuringSchedulingIgnoredDuringExecution:
41 | nodeSelectorTerms:
42 | - matchExpressions:
43 | - key: "Addons-Services"
44 | operator: In
45 | values:
46 | - "true"
47 |
48 | backupjob:
49 | resources:
50 | requests:
51 | memory: 100Mi
52 | cpu: 50m
53 | limits:
54 | memory: 200Mi
55 | cpu: 100m
56 |
57 | restorejob:
58 | resources:
59 | requests:
60 | memory: 100Mi
61 | cpu: 50m
62 | limits:
63 | memory: 200Mi
64 | cpu: 100m
--------------------------------------------------------------------------------
/examples/complete/aws/main.tf:
--------------------------------------------------------------------------------
1 | locals {
2 | name = "mongo"
3 | region = "us-east-2"
4 | environment = "prod"
5 | additional_tags = {
6 | Owner = "organization_name"
7 | Expires = "Never"
8 | Department = "Engineering"
9 | }
10 | create_namespace = true
11 | namespace = "mongodb"
12 | store_password_to_secret_manager = true
13 | mongodb_custom_credentials_enabled = true
14 | mongodb_custom_credentials_config = {
15 | root_user = "root"
16 | root_password = "NCPFUKEMd7rrWuvMAa73"
17 | metric_exporter_user = "mongodb_exporter"
18 | metric_exporter_password = "nvAHhm1uGQNYWVw6ZyAH"
19 | }
20 | }
21 | module "aws" {
22 | source = "saturnops/mongodb/kubernetes//modules/resources/aws"
23 | environment = local.environment
24 | name = local.name
25 | namespace = local.namespace
26 | store_password_to_secret_manager = local.store_password_to_secret_manager
27 | cluster_name = ""
28 | mongodb_custom_credentials_enabled = local.mongodb_custom_credentials_enabled
29 | mongodb_custom_credentials_config = local.mongodb_custom_credentials_config
30 | }
31 |
32 | module "mongodb" {
33 | source = "saturnops/mongodb/kubernetes"
34 | namespace = local.namespace
35 | create_namespace = local.create_namespace
36 | mongodb_config = {
37 | name = local.name
38 | namespace = local.namespace
39 | values_yaml = file("./helm/values.yaml")
40 | environment = local.environment
41 | volume_size = "10Gi"
42 | architecture = "replicaset"
43 | custom_databases = "['db1', 'db2']"
44 | custom_databases_usernames = "['admin', 'admin']"
45 | custom_databases_passwords = "['pass1', 'pass2']"
46 | replica_count = 2
47 | storage_class_name = "gp2"
48 | store_password_to_secret_manager = local.store_password_to_secret_manager
49 | }
50 | mongodb_custom_credentials_enabled = local.mongodb_custom_credentials_enabled
51 | mongodb_custom_credentials_config = local.mongodb_custom_credentials_config
52 | root_password = local.mongodb_custom_credentials_enabled ? "" : module.aws.root_password
53 | metric_exporter_password = local.mongodb_custom_credentials_enabled ? "" : module.aws.metric_exporter_password
54 | bucket_provider_type = "s3"
55 | mongodb_backup_enabled = true
56 | iam_role_arn_backup = module.aws.iam_role_arn_backup
57 | mongodb_backup_config = {
58 | bucket_uri = "s3://mongo-demo-backup"
59 | s3_bucket_region = "us-east-2"
60 | cron_for_full_backup = "* * * * *"
61 | }
62 | mongodb_restore_enabled = true
63 | iam_role_arn_restore = module.aws.iam_role_arn_restore
64 | mongodb_restore_config = {
65 | bucket_uri = "s3://mongo-demo-backup/mongodumpfull_20230523_092110.gz"
66 | s3_bucket_region = "us-east-2"
67 | file_name = "mongodumpfull_20230523_092110.gz"
68 | }
69 | mongodb_exporter_enabled = true
70 | mongodb_exporter_values = file("./helm/exporter.yaml")
71 |
72 | }
73 |
--------------------------------------------------------------------------------
/examples/complete/aws/output.tf:
--------------------------------------------------------------------------------
1 | output "mongodb_endpoints" {
2 | value = module.mongodb.mongodb_endpoints
3 | description = "MongoDB endpoints in the Kubernetes cluster."
4 | }
5 |
6 | output "mongodb_credential" {
7 | value = local.store_password_to_secret_manager ? null : module.mongodb.mongodb_credential
8 | description = "MongoDB credentials used for accessing the MongoDB database."
9 | }
10 |
--------------------------------------------------------------------------------
/examples/complete/aws/provider.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 | region = local.region
3 | default_tags {
4 | tags = local.additional_tags
5 | }
6 | }
7 |
8 | data "aws_eks_cluster" "cluster" {
9 | name = ""
10 | }
11 |
12 | data "aws_eks_cluster_auth" "cluster" {
13 | name = ""
14 | }
15 |
16 | provider "kubernetes" {
17 | host = data.aws_eks_cluster.cluster.endpoint
18 | cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data)
19 | token = data.aws_eks_cluster_auth.cluster.token
20 | }
21 |
22 | provider "helm" {
23 | kubernetes {
24 | host = data.aws_eks_cluster.cluster.endpoint
25 | cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data)
26 | token = data.aws_eks_cluster_auth.cluster.token
27 | }
28 | }
29 |
--------------------------------------------------------------------------------
/examples/complete/azure/README.md:
--------------------------------------------------------------------------------
1 | ## Mongodb Example
2 |
3 |
4 |
5 | This example will be very useful for users who are new to a module and want to quickly learn how to use it. By reviewing the examples, users can gain a better understanding of how the module works, what features it supports, and how to customize it to their specific needs.
6 |
7 | ## Requirements
8 |
9 | No requirements.
10 |
11 | ## Providers
12 |
13 | | Name | Version |
14 | |------|---------|
15 | | [azurerm](#provider\_azurerm) | 3.70.0 |
16 |
17 | ## Modules
18 |
19 | | Name | Source | Version |
20 | |------|--------|---------|
21 | | [azure](#module\_azure) | saturnops/mongodb/kubernetes//provider/azure | n/a |
22 | | [mongodb](#module\_mongodb) | saturnops/mongodb/kubernetes | n/a |
23 |
24 | ## Resources
25 |
26 | | Name | Type |
27 | |------|------|
28 | | [azurerm_kubernetes_cluster.primary](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/kubernetes_cluster) | data source |
29 |
30 | ## Inputs
31 |
32 | No inputs.
33 |
34 | ## Outputs
35 |
36 | | Name | Description |
37 | |------|-------------|
38 | | [mongodb\_credential](#output\_mongodb\_credential) | MongoDB credentials used for accessing the MongoDB database. |
39 | | [mongodb\_endpoints](#output\_mongodb\_endpoints) | MongoDB endpoints in the Kubernetes cluster. |
40 |
41 | ## Requirements
42 |
43 | No requirements.
44 |
45 | ## Providers
46 |
47 | | Name | Version |
48 | |------|---------|
49 | | [azurerm](#provider\_azurerm) | n/a |
50 |
51 | ## Modules
52 |
53 | | Name | Source | Version |
54 | |------|--------|---------|
55 | | [azure](#module\_azure) | saturnops/mongodb/kubernetes//modules/resources/azure | n/a |
56 | | [mongodb](#module\_mongodb) | saturnops/mongodb/kubernetes | n/a |
57 |
58 | ## Resources
59 |
60 | | Name | Type |
61 | |------|------|
62 | | [azurerm_kubernetes_cluster.primary](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/kubernetes_cluster) | data source |
63 |
64 | ## Inputs
65 |
66 | No inputs.
67 |
68 | ## Outputs
69 |
70 | | Name | Description |
71 | |------|-------------|
72 | | [mongodb\_credential](#output\_mongodb\_credential) | MongoDB credentials used for accessing the MongoDB database. |
73 | | [mongodb\_endpoints](#output\_mongodb\_endpoints) | MongoDB endpoints in the Kubernetes cluster. |
74 |
75 |
--------------------------------------------------------------------------------
/examples/complete/azure/helm/values.yaml:
--------------------------------------------------------------------------------
1 | affinity:
2 | nodeAffinity:
3 | requiredDuringSchedulingIgnoredDuringExecution:
4 | nodeSelectorTerms:
5 | - matchExpressions:
6 | - key: "Addons-Services"
7 | operator: In
8 | values:
9 | - "true"
10 |
--------------------------------------------------------------------------------
/examples/complete/azure/main.tf:
--------------------------------------------------------------------------------
1 | locals {
2 | name = "mongo"
3 | region = "eastus"
4 | environment = "prod"
5 | additional_tags = {
6 | Owner = "organization_name"
7 | Expires = "Never"
8 | Department = "Engineering"
9 | }
10 | create_namespace = true
11 | namespace = "mongodb"
12 | store_password_to_secret_manager = true
13 | mongodb_custom_credentials_enabled = true
14 | mongodb_custom_credentials_config = {
15 | root_user = "root"
16 | root_password = "NCPFUKEMd7rrWuvMAa73"
17 | metric_exporter_user = "mongodb_exporter"
18 | metric_exporter_password = "nvAHhm1uGQNYWVw6ZyAH"
19 | }
20 |
21 | azure_storage_account_name = ""
22 | azure_container_name = ""
23 | }
24 |
25 | module "azure" {
26 | source = "saturnops/mongodb/kubernetes//modules/resources/azure"
27 | resource_group_name = ""
28 | resource_group_location = ""
29 | name = local.name
30 | environment = local.environment
31 | mongodb_custom_credentials_enabled = local.mongodb_custom_credentials_enabled
32 | mongodb_custom_credentials_config = local.mongodb_custom_credentials_config
33 | store_password_to_secret_manager = local.store_password_to_secret_manager
34 | storage_account_name = local.azure_storage_account_name
35 | }
36 |
37 | module "mongodb" {
38 | source = "saturnops/mongodb/kubernetes"
39 | cluster_name = ""
40 | namespace = local.namespace
41 | create_namespace = local.create_namespace
42 | resource_group_name = ""
43 | resource_group_location = ""
44 | mongodb_config = {
45 | name = local.name
46 | namespace = local.namespace
47 | values_yaml = file("./helm/values.yaml")
48 | volume_size = "10Gi"
49 | architecture = "replicaset"
50 | replica_count = 1
51 | environment = local.environment
52 | custom_databases = "['db1', 'db2']"
53 | custom_databases_usernames = "['admin', 'admin']"
54 | custom_databases_passwords = "['pass1', 'pass2']"
55 | storage_class_name = "infra-service-sc"
56 | store_password_to_secret_manager = local.store_password_to_secret_manager
57 | }
58 | mongodb_custom_credentials_enabled = local.mongodb_custom_credentials_enabled
59 | mongodb_custom_credentials_config = local.mongodb_custom_credentials_config
60 | root_password = local.mongodb_custom_credentials_enabled ? "" : module.azure.root_password
61 | metric_exporter_password = local.mongodb_custom_credentials_enabled ? "" : module.azure.metric_exporter_pasword
62 | bucket_provider_type = "azure"
63 | mongodb_backup_enabled = false
64 | mongodb_backup_config = {
65 | bucket_uri = "https://${local.azure_storage_account_name}.blob.core.windows.net/${local.azure_container_name}"
66 | azure_storage_account_name = local.azure_storage_account_name
67 | azure_container_name = local.azure_container_name
68 | cron_for_full_backup = "* * 1 * *"
69 | }
70 | mongodb_restore_enabled = false
71 | mongodb_restore_config = {
72 | bucket_uri = "https://${local.azure_storage_account_name}.blob.core.windows.net/${local.azure_container_name}"
73 | azure_storage_account_name = local.azure_storage_account_name
74 | azure_container_name = local.azure_container_name
75 | file_name = "mongodumpfull_20230710_132301.gz"
76 | }
77 | mongodb_exporter_enabled = true
78 | }
79 |
--------------------------------------------------------------------------------
/examples/complete/azure/output.tf:
--------------------------------------------------------------------------------
1 | output "mongodb_endpoints" {
2 | value = module.mongodb.mongodb_endpoints
3 | description = "MongoDB endpoints in the Kubernetes cluster."
4 | }
5 |
6 | output "mongodb_credential" {
7 | value = local.store_password_to_secret_manager ? null : module.mongodb.mongodb_credential
8 | description = "MongoDB credentials used for accessing the MongoDB database."
9 | }
10 |
--------------------------------------------------------------------------------
/examples/complete/azure/provider.tf:
--------------------------------------------------------------------------------
1 | provider "azurerm" {
2 | features {}
3 | }
4 |
5 | data "azurerm_kubernetes_cluster" "primary" {
6 | name = ""
7 | resource_group_name = ""
8 | }
9 |
10 | provider "kubernetes" {
11 | host = data.azurerm_kubernetes_cluster.primary.kube_config.0.host
12 | username = data.azurerm_kubernetes_cluster.primary.kube_config.0.username
13 | password = data.azurerm_kubernetes_cluster.primary.kube_config.0.password
14 | client_certificate = base64decode(data.azurerm_kubernetes_cluster.primary.kube_config.0.client_certificate)
15 | client_key = base64decode(data.azurerm_kubernetes_cluster.primary.kube_config.0.client_key)
16 | cluster_ca_certificate = base64decode(data.azurerm_kubernetes_cluster.primary.kube_config.0.cluster_ca_certificate)
17 | }
18 |
19 | provider "helm" {
20 | kubernetes {
21 | host = data.azurerm_kubernetes_cluster.primary.kube_config.0.host
22 | client_key = base64decode(data.azurerm_kubernetes_cluster.primary.kube_config.0.client_key)
23 | client_certificate = base64decode(data.azurerm_kubernetes_cluster.primary.kube_config.0.client_certificate)
24 | cluster_ca_certificate = base64decode(data.azurerm_kubernetes_cluster.primary.kube_config.0.cluster_ca_certificate)
25 | }
26 | }
27 |
--------------------------------------------------------------------------------
/examples/complete/gcp/README.md:
--------------------------------------------------------------------------------
1 | ## Mongodb Example
2 |
3 |
4 |
5 | This example will be very useful for users who are new to a module and want to quickly learn how to use it. By reviewing the examples, users can gain a better understanding of how the module works, what features it supports, and how to customize it to their specific needs.
6 |
7 |
8 | ## Requirements
9 |
10 | No requirements.
11 |
12 | ## Providers
13 |
14 | | Name | Version |
15 | |------|---------|
16 | | [google](#provider\_google) | n/a |
17 |
18 | ## Modules
19 |
20 | | Name | Source | Version |
21 | |------|--------|---------|
22 | | [gcp](#module\_gcp) | saturnops/mongodb/kubernetes//modules/resources/gcp | n/a |
23 | | [mongodb](#module\_mongodb) | saturnops/mongodb/kubernetes | n/a |
24 |
25 | ## Resources
26 |
27 | | Name | Type |
28 | |------|------|
29 | | [google_client_config.default](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/client_config) | data source |
30 | | [google_container_cluster.primary](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/container_cluster) | data source |
31 |
32 | ## Inputs
33 |
34 | No inputs.
35 |
36 | ## Outputs
37 |
38 | | Name | Description |
39 | |------|-------------|
40 | | [mongodb\_credential](#output\_mongodb\_credential) | MongoDB credentials used for accessing the MongoDB database. |
41 | | [mongodb\_endpoints](#output\_mongodb\_endpoints) | MongoDB endpoints in the Kubernetes cluster. |
42 |
43 |
--------------------------------------------------------------------------------
/examples/complete/gcp/helm/values.yaml:
--------------------------------------------------------------------------------
1 | affinity:
2 | nodeAffinity:
3 | requiredDuringSchedulingIgnoredDuringExecution:
4 | nodeSelectorTerms:
5 | - matchExpressions:
6 | - key: "Data-Services"
7 | operator: In
8 | values:
9 | - "true"
10 |
--------------------------------------------------------------------------------
/examples/complete/gcp/main.tf:
--------------------------------------------------------------------------------
1 | locals {
2 | name = "mongo"
3 | region = "asia-south1"
4 | environment = "prod"
5 | additional_tags = {
6 | Owner = "organization_name"
7 | Expires = "Never"
8 | Department = "Engineering"
9 | }
10 | create_namespace = true
11 | namespace = "mongodb"
12 | store_password_to_secret_manager = true
13 | mongodb_custom_credentials_enabled = true
14 | mongodb_custom_credentials_config = {
15 | root_user = "root"
16 | root_password = "NCPFUKEMd7rrWuvMAa73"
17 | metric_exporter_user = "mongodb_exporter"
18 | metric_exporter_password = "nvAHhm1uGQNYWVw6ZyAH"
19 | }
20 | }
21 |
22 | module "gcp" {
23 | source = "saturnops/mongodb/kubernetes//modules/resources/gcp"
24 | project_id = "fresh-sanctuary-387476" #for gcp
25 | environment = local.environment
26 | name = local.name
27 | store_password_to_secret_manager = local.store_password_to_secret_manager
28 | mongodb_custom_credentials_enabled = local.mongodb_custom_credentials_enabled
29 | mongodb_custom_credentials_config = local.mongodb_custom_credentials_config
30 | }
31 |
32 |
33 | module "mongodb" {
34 | source = "saturnops/mongodb/kubernetes"
35 | namespace = local.namespace
36 | create_namespace = local.create_namespace
37 | cluster_name = "dev-gke-cluster"
38 | mongodb_config = {
39 | name = local.name
40 | namespace = local.namespace
41 | values_yaml = file("./helm/values.yaml")
42 | environment = local.environment
43 | volume_size = "10Gi"
44 | architecture = "replicaset"
45 | custom_databases = "['db1', 'db2']"
46 | custom_databases_usernames = "['admin', 'admin']"
47 | custom_databases_passwords = "['pass1', 'pass2']"
48 | replica_count = 2
49 | storage_class_name = "standard"
50 | store_password_to_secret_manager = local.store_password_to_secret_manager
51 | }
52 | mongodb_custom_credentials_enabled = local.mongodb_custom_credentials_enabled
53 | mongodb_custom_credentials_config = local.mongodb_custom_credentials_config
54 | root_password = local.mongodb_custom_credentials_enabled ? "" : module.gcp.root_password
55 | metric_exporter_password = local.mongodb_custom_credentials_enabled ? "" : module.gcp.metric_exporter_pasword
56 | bucket_provider_type = "gcs"
57 | service_account_backup = module.gcp.service_account_backup
58 | service_account_restore = module.gcp.service_account_restore
59 | mongodb_backup_enabled = true
60 | mongodb_backup_config = {
61 | bucket_uri = "gs://mongo-backup-dev"
62 | s3_bucket_region = ""
63 | cron_for_full_backup = "* * * * *"
64 | }
65 | mongodb_restore_enabled = true
66 | mongodb_restore_config = {
67 | bucket_uri = "gs://mongo-backup-dev/mongodumpfull_20230710_132301.gz"
68 | s3_bucket_region = ""
69 | file_name = "mongodumpfull_20230710_132301.gz"
70 |
71 | }
72 | mongodb_exporter_enabled = true
73 | }
74 |
--------------------------------------------------------------------------------
/examples/complete/gcp/output.tf:
--------------------------------------------------------------------------------
1 | output "mongodb_endpoints" {
2 | value = module.mongodb.mongodb_endpoints
3 | description = "MongoDB endpoints in the Kubernetes cluster."
4 | }
5 |
6 | output "mongodb_credential" {
7 | value = local.store_password_to_secret_manager ? null : module.mongodb.mongodb_credential
8 | description = "MongoDB credentials used for accessing the MongoDB database."
9 | }
10 |
--------------------------------------------------------------------------------
/examples/complete/gcp/provider.tf:
--------------------------------------------------------------------------------
1 | data "google_client_config" "default" {}
2 |
3 | data "google_container_cluster" "primary" {
4 | name = "dev-gke-cluster"
5 | location = "asia-south1"
6 | project = "fresh-sanctuary-3894579"
7 | }
8 |
9 | provider "kubernetes" {
10 | host = "https://${data.google_container_cluster.primary.endpoint}"
11 | token = data.google_client_config.default.access_token
12 | cluster_ca_certificate = base64decode(data.google_container_cluster.primary.master_auth.0.cluster_ca_certificate)
13 | }
14 |
15 | provider "helm" {
16 | kubernetes {
17 | host = "https://${data.google_container_cluster.primary.endpoint}"
18 | token = data.google_client_config.default.access_token
19 | cluster_ca_certificate = base64decode(data.google_container_cluster.primary.master_auth.0.cluster_ca_certificate)
20 | }
21 | }
22 |
--------------------------------------------------------------------------------
/helm/values/backup/values.yaml:
--------------------------------------------------------------------------------
1 | ## Enable Full backup
2 | auth:
3 | rootUser: root
4 | rootPassword: "${mongodb_root_user_password}"
5 |
6 | backup:
7 | bucket_uri: ${bucket_uri}
8 | aws_default_region: ${s3_bucket_region}
9 | azure_storage_account_name: ${azure_storage_account_name}
10 | azure_storage_account_key: ${azure_storage_account_key}
11 | azure_container_name: ${azure_container_name}
12 | cron_for_full_backup: "${cron_for_full_backup}"
13 |
14 | annotations:
15 | ${annotations}
16 |
17 | bucket_provider_type: ${bucket_provider_type}
18 |
19 | affinity:
20 | nodeAffinity:
21 | requiredDuringSchedulingIgnoredDuringExecution:
22 | nodeSelectorTerms:
23 | - matchExpressions:
24 | - key: "Infra-Services"
25 | operator: In
26 | values:
27 | - "true"
28 |
29 | backupjob:
30 | resources:
31 | requests:
32 | memory: 100Mi
33 | cpu: 50m
34 | limits:
35 | memory: 200Mi
36 | cpu: 100m
37 |
--------------------------------------------------------------------------------
/helm/values/exporter/values.yaml:
--------------------------------------------------------------------------------
1 | annotations: {}
2 |
3 | extraArgs:
4 | - --collect.collection
5 | - --collect.database
6 | - --collect.indexusage
7 | - --collect.topmetrics
8 | - --collect.connpoolstats
9 |
10 | fullnameOverride: ""
11 |
12 | image:
13 | pullPolicy: IfNotPresent
14 | repository: ssheehy/mongodb-exporter
15 | tag: 0.10.0
16 |
17 | imagePullSecrets: []
18 |
19 | livenessProbe:
20 | httpGet:
21 | path: /
22 | port: metrics
23 | initialDelaySeconds: 10
24 |
25 | # [mongodb[+srv]://][user:pass@]host1[:port1][,host2[:port2],...][/database][?options]
26 | mongodb:
27 | uri: "mongodb://mongodb_exporter:${mongodb_exporter_password}@mongodb-primary.{namespace}.svc.cluster.local:27017/admin?authSource=admin"
28 |
29 | # Name of an externally managed secret (in the same namespace) containing the connection uri as key `mongodb-uri`.
30 | # If this is provided, the value mongodb.uri is ignored.
31 | existingSecret:
32 | name: ""
33 | key: "mongodb-uri"
34 |
35 | nameOverride: ""
36 |
37 | nodeSelector: {}
38 |
39 | podAnnotations: {}
40 | # prometheus.io/scrape: "true"
41 | # prometheus.io/port: "metrics"
42 |
43 | port: "9216"
44 |
45 | priorityClassName: ""
46 |
47 | readinessProbe:
48 | httpGet:
49 | path: /
50 | port: metrics
51 | initialDelaySeconds: 10
52 |
53 | replicas: 1
54 |
55 | affinity:
56 | nodeAffinity:
57 | requiredDuringSchedulingIgnoredDuringExecution:
58 | nodeSelectorTerms:
59 | - matchExpressions:
60 | - key: "Database-Services"
61 | operator: In
62 | values:
63 | - "true"
64 |
65 | resources:
66 | limits:
67 | cpu: 100m
68 | memory: 200Mi
69 | requests:
70 | cpu: 70m
71 | memory: 100Mi
72 |
73 | # Extra environment variables that will be passed into the exporter pod
74 | env: {}
75 |
76 | # Volumes that will be mounted into the exporter pod
77 | volumeMounts: []
78 |
79 | # Volumes that will be attached to the exporter deployment
80 | volumes: []
81 |
82 | securityContext:
83 | allowPrivilegeEscalation: true
84 | capabilities:
85 | drop: ["all"]
86 | readOnlyRootFilesystem: true
87 | runAsGroup: 10000
88 | runAsNonRoot: true
89 | runAsUser: 10000
90 |
91 | service:
92 | labels:
93 | annotations: {}
94 | port: 9216
95 | type: ClusterIP
96 |
97 | serviceAccount:
98 | create: true
99 | # If create is true and name is not set, then a name is generated using the
100 | # fullname template.
101 | name:
102 |
103 | serviceMonitor:
104 | enabled: true
105 | interval: 30s
106 | scrapeTimeout: 10s
107 | namespace: "${service_monitor_namespace}"
108 | additionalLabels:
109 | release: prometheus-operator
110 | targetLabels: {}
111 | metricRelabelings: []
112 |
113 | tolerations: []
114 |
--------------------------------------------------------------------------------
/helm/values/mongodb/values.yaml:
--------------------------------------------------------------------------------
1 | ## @section Global parameters
2 | ## Global Docker image parameters
3 | ## Please, note that this will override the image parameters, including dependencies, configured to use the global value
4 | ## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
5 | ##
6 |
7 | ## @param global.imageRegistry Global Docker image registry
8 | ## @param global.imagePullSecrets Global Docker registry secret names as an array
9 | ## @param global.storageClass Global StorageClass for Persistent Volume(s)
10 | ## @param global.namespaceOverride Override the namespace for resource deployed by the chart, but can itself be overridden by the local namespaceOverride
11 | ##
12 | global:
13 | imageRegistry: ""
14 | ## E.g.
15 | ## imagePullSecrets:
16 | ## - myRegistryKeySecretName
17 | ##
18 | imagePullSecrets: []
19 | storageClass: "${storage_class_name}"
20 | namespaceOverride: ""
21 |
22 | ## @section Common parameters
23 | ##
24 |
25 | ## @param nameOverride String to partially override mongodb.fullname template (will maintain the release name)
26 | ##
27 | nameOverride: ""
28 | ## @param fullnameOverride String to fully override mongodb.fullname template
29 | ##
30 | fullnameOverride: ""
31 | ## @param namespaceOverride String to fully override common.names.namespace
32 | ##
33 | namespaceOverride: ""
34 | ## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set)
35 | ##
36 | kubeVersion: ""
37 | ## @param clusterDomain Default Kubernetes cluster domain
38 | ##
39 | clusterDomain: cluster.local
40 | ## @param extraDeploy Array of extra objects to deploy with the release
41 | ## extraDeploy:
42 | ## This needs to be uncommented and added to 'extraDeploy' in order to use the replicaset 'mongo-labeler' sidecar
43 | ## for dynamically discovering the mongodb primary pod
44 | ## suggestion is to use a hard-coded and predictable TCP port for the primary mongodb pod (here is 30001, choose your own)
45 | ## - apiVersion: v1
46 | ## kind: Service
47 | ## metadata:
48 | ## name: mongodb-primary
49 | ## namespace: the-mongodb-namespace
50 | ## labels:
51 | ## app.kubernetes.io/component: mongodb
52 | ## app.kubernetes.io/instance: mongodb
53 | ## app.kubernetes.io/managed-by: Helm
54 | ## app.kubernetes.io/name: mongodb
55 | ## spec:
56 | ## type: NodePort
57 | ## externalTrafficPolicy: Cluster
58 | ## ports:
59 | ## - name: mongodb
60 | ## port: 30001
61 | ## nodePort: 30001
62 | ## protocol: TCP
63 | ## targetPort: mongodb
64 | ## selector:
65 | ## app.kubernetes.io/component: mongodb
66 | ## app.kubernetes.io/instance: mongodb
67 | ## app.kubernetes.io/name: mongodb
68 | ## primary: "true"
69 | ##
70 | extraDeploy:
71 | - apiVersion: v1
72 | kind: Service
73 | metadata:
74 | name: mongodb-primary
75 | namespace: ${namespace}
76 | labels:
77 | app.kubernetes.io/component: mongodb
78 | app.kubernetes.io/instance: mongodb
79 | app.kubernetes.io/managed-by: Helm
80 | app.kubernetes.io/name: mongodb
81 | spec:
82 | type: ClusterIP
83 | ports:
84 | - name: mongodb-primary
85 | port: 27017
86 | protocol: TCP
87 | targetPort: mongodb
88 | selector:
89 | app.kubernetes.io/component: mongodb
90 | app.kubernetes.io/instance: mongodb
91 | app.kubernetes.io/name: mongodb
92 | primary: "true"
93 | ## @param commonLabels Add labels to all the deployed resources (sub-charts are not considered). Evaluated as a template
94 | ##
95 | commonLabels: {}
96 | ## @param commonAnnotations Common annotations to add to all Mongo resources (sub-charts are not considered). Evaluated as a template
97 | ##
98 | commonAnnotations: {}
99 |
100 | ## Enable diagnostic mode in the deployment
101 | ##
102 | diagnosticMode:
103 | ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
104 | ##
105 | enabled: false
106 | ## @param diagnosticMode.command Command to override all containers in the deployment
107 | ##
108 | command:
109 | - sleep
110 | ## @param diagnosticMode.args Args to override all containers in the deployment
111 | ##
112 | args:
113 | - infinity
114 |
115 | ## @section MongoDB(®) parameters
116 | ##
117 |
118 | ## Bitnami MongoDB(®) image
119 | ## ref: https://hub.docker.com/r/bitnami/mongodb/tags/
120 | ## @param image.registry MongoDB(®) image registry
121 | ## @param image.repository MongoDB(®) image registry
122 | ## @param image.tag MongoDB(®) image tag (immutable tags are recommended)
123 | ## @param image.pullPolicy MongoDB(®) image pull policy
124 | ## @param image.pullSecrets Specify docker-registry secret names as an array
125 | ## @param image.debug Set to true if you would like to see extra information on logs
126 | ##
127 | image:
128 | registry: docker.io
129 | repository: bitnami/mongodb
130 | tag: ${app_version}
131 | ## Specify a imagePullPolicy
132 | ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
133 | ##
134 | pullPolicy: IfNotPresent
135 | ## Optionally specify an array of imagePullSecrets.
136 | ## Secrets must be manually created in the namespace.
137 | ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
138 | ## e.g:
139 | ## pullSecrets:
140 | ## - myRegistryKeySecretName
141 | ##
142 | pullSecrets: []
143 | ## Set to true if you would like to see extra information on logs
144 | ##
145 | debug: false
146 |
147 | ## @param schedulerName Name of the scheduler (other than default) to dispatch pods
148 | ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
149 | ##
150 | schedulerName: ""
151 | ## @param architecture MongoDB(®) architecture (`standalone` or `replicaset`)
152 | ##
153 | architecture: "${architecture}"
154 |
155 | ## @param useStatefulSet Set to true to use a StatefulSet instead of a Deployment (only when `architecture=standalone`)
156 | ##
157 | useStatefulSet: false
158 | ## MongoDB Kubernetes Terraform Module(®) Authentication parameters
159 | ##
160 | auth:
161 | ## @param auth.enabled Enable authentication
162 | ## ref: https://docs.mongodb.com/manual/tutorial/enable-authentication/
163 | ##
164 | enabled: true
165 | ## @param auth.rootUser MongoDB(®) root user
166 | ##
167 | rootUser: root
168 | ## @param auth.rootPassword MongoDB(®) root password
169 | ## ref: https://github.com/bitnami/bitnami-docker-mongodb/blob/master/README.md#setting-the-root-password-on-first-run
170 | ##
171 | rootPassword: "${mongodb_root_user_password}"
172 | ## MongoDB Kubernetes Terraform Module(®) custom users and databases
173 | ## ref: https://github.com/bitnami/bitnami-docker-mongodb/blob/master/README.md#creating-users-and-databases-on-first-run
174 | ## @param auth.usernames List of custom users to be created during the initialization
175 | ## @param auth.passwords List of passwords for the custom users set at `auth.usernames`
176 | ## @param auth.databases List of custom databases to be created during the initialization
177 | ##
178 | usernames: ${custom_databases_usernames}
179 | passwords: ${custom_databases_passwords}
180 | databases: ${custom_databases}
181 | ## @param auth.username DEPRECATED: use `auth.usernames` instead
182 | ## @param auth.password DEPRECATED: use `auth.passwords` instead
183 | ## @param auth.database DEPRECATED: use `auth.databases` instead
184 | username: ""
185 | password: ""
186 | database: ""
187 | ## @param auth.replicaSetKey Key used for authentication in the replicaset (only when `architecture=replicaset`)
188 | ##
189 | replicaSetKey: ""
190 | ## @param auth.existingSecret Existing secret with MongoDB(®) credentials (keys: `mongodb-password`, `mongodb-root-password`, ` mongodb-replica-set-key`)
191 | ## NOTE: When it's set the previous parameters are ignored.
192 | ##
193 | existingSecret: ""
194 | tls:
195 | ## @param tls.enabled Enable MongoDB(®) TLS support between nodes in the cluster as well as between mongo clients and nodes
196 | ##
197 | enabled: false
198 | ## @param tls.autoGenerated Generate a custom CA and self-signed certificates
199 | ##
200 | autoGenerated: true
201 | ## @param tls.existingSecret Existing secret with TLS certificates (keys: `mongodb-ca-cert`, `mongodb-ca-key`, `client-pem`)
202 | ## NOTE: When it's set it will disable certificate creation
203 | ##
204 | existingSecret: ""
205 | ## Add Custom CA certificate
206 | ## @param tls.caCert Custom CA certificated (base64 encoded)
207 | ## @param tls.caKey CA certificate private key (base64 encoded)
208 | ##
209 | caCert: ""
210 | caKey: ""
211 | ## Bitnami Nginx image
212 | ## @param tls.image.registry Init container TLS certs setup image registry
213 | ## @param tls.image.repository Init container TLS certs setup image repository
214 | ## @param tls.image.tag Init container TLS certs setup image tag (immutable tags are recommended)
215 | ## @param tls.image.pullPolicy Init container TLS certs setup image pull policy
216 | ## @param tls.image.pullSecrets Init container TLS certs specify docker-registry secret names as an array
217 | ## @param tls.extraDnsNames Add extra dns names to the CA, can solve x509 auth issue for pod clients
218 | ##
219 | image:
220 | registry: docker.io
221 | repository: bitnami/nginx
222 | tag: 1.21.6-debian-10-r92
223 | pullPolicy: IfNotPresent
224 | ## Optionally specify an array of imagePullSecrets.
225 | ## Secrets must be manually created in the namespace.
226 | ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
227 | ## e.g:
228 | ## pullSecrets:
229 | ## - myRegistryKeySecretName
230 | ##
231 | pullSecrets: []
232 |
233 | ## e.g:
234 | ## extraDnsNames
235 | ## "DNS.6": "$my_host"
236 | ## "DNS.7": "$test"
237 | ##
238 | extraDnsNames: []
239 | ## @param tls.mode Allows to set the tls mode which should be used when tls is enabled (options: `allowTLS`, `preferTLS`, `requireTLS`)
240 | ##
241 | mode: requireTLS
242 | ## @param hostAliases Add deployment host aliases
243 | ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
244 | ##
245 | hostAliases: []
246 | ## @param replicaSetName Name of the replica set (only when `architecture=replicaset`)
247 | ## Ignored when mongodb.architecture=standalone
248 | ##
249 | replicaSetName: rs0
250 | ## @param replicaSetHostnames Enable DNS hostnames in the replicaset config (only when `architecture=replicaset`)
251 | ## Ignored when mongodb.architecture=standalone
252 | ## Ignored when externalAccess.enabled=true
253 | ##
254 | replicaSetHostnames: true
255 | ## @param enableIPv6 Switch to enable/disable IPv6 on MongoDB(®)
256 | ## ref: https://github.com/bitnami/bitnami-docker-mongodb/blob/master/README.md#enabling/disabling-ipv6
257 | ##
258 | enableIPv6: false
259 | ## @param directoryPerDB Switch to enable/disable DirectoryPerDB on MongoDB(®)
260 | ## ref: https://github.com/bitnami/bitnami-docker-mongodb/blob/master/README.md#enabling/disabling-directoryperdb
261 | ##
262 | directoryPerDB: false
263 | ## MongoDB Kubernetes Terraform Module(®) System Log configuration
264 | ## ref: https://github.com/bitnami/bitnami-docker-mongodb#configuring-system-log-verbosity-level
265 | ## @param systemLogVerbosity MongoDB(®) system log verbosity level
266 | ## @param disableSystemLog Switch to enable/disable MongoDB(®) system log
267 | ##
268 | systemLogVerbosity: 0
269 | disableSystemLog: false
270 | ## @param disableJavascript Switch to enable/disable MongoDB(®) server-side JavaScript execution
271 | ## ref: https://docs.mongodb.com/manual/core/server-side-javascript/
272 | ##
273 | disableJavascript: false
274 | ## @param enableJournal Switch to enable/disable MongoDB(®) Journaling
275 | ## ref: https://docs.mongodb.com/manual/reference/configuration-options/#mongodb-setting-storage.journal.enabled
276 | ##
277 | enableJournal: true
278 | ## @param configuration MongoDB(®) configuration file to be used for Primary and Secondary nodes
279 | ## For documentation of all options, see: http://docs.mongodb.org/manual/reference/configuration-options/
280 | ## Example:
281 | ## configuration: |-
282 | ## # where and how to store data.
283 | ## storage:
284 | ## dbPath: /bitnami/mongodb/data/db
285 | ## journal:
286 | ## enabled: true
287 | ## directoryPerDB: false
288 | ## # where to write logging data
289 | ## systemLog:
290 | ## destination: file
291 | ## quiet: false
292 | ## logAppend: true
293 | ## logRotate: reopen
294 | ## path: /opt/bitnami/mongodb/logs/mongodb.log
295 | ## verbosity: 0
296 | ## # network interfaces
297 | ## net:
298 | ## port: 27017
299 | ## unixDomainSocket:
300 | ## enabled: true
301 | ## pathPrefix: /opt/bitnami/mongodb/tmp
302 | ## ipv6: false
303 | ## bindIpAll: true
304 | ## # replica set options
305 | ## #replication:
306 | ## #replSetName: replicaset
307 | ## #enableMajorityReadConcern: true
308 | ## # process management options
309 | ## processManagement:
310 | ## fork: false
311 | ## pidFilePath: /opt/bitnami/mongodb/tmp/mongodb.pid
312 | ## # set parameter options
313 | ## setParameter:
314 | ## enableLocalhostAuthBypass: true
315 | ## # security options
316 | ## security:
317 | ## authorization: disabled
318 | ## #keyFile: /opt/bitnami/mongodb/conf/keyfile
319 | ##
320 | configuration: ""
321 | ## @section replicaSetConfigurationSettings settings applied during runtime (not via configuration file)
322 | ## If enabled, these are applied by a script which is called within setup.sh
323 | ## for documentation see https://docs.mongodb.com/manual/reference/replica-configuration/#replica-set-configuration-fields
324 | ## @param replicaSetConfigurationSettings.enabled Enable MongoDB(®) Switch to enable/disable configuring MongoDB(®) run time rs.conf settings
325 | ## @param replicaSetConfigurationSettings.configuration run-time rs.conf settings
326 | ##
327 | replicaSetConfigurationSettings:
328 | enabled: false
329 | configuration: {}
330 | ## chainingAllowed : false
331 | ## heartbeatTimeoutSecs : 10
332 | ## heartbeatIntervalMillis : 2000
333 | ## electionTimeoutMillis : 10000
334 | ## catchUpTimeoutMillis : 30000
335 | ## @param existingConfigmap Name of existing ConfigMap with MongoDB(®) configuration for Primary and Secondary nodes
336 | ## NOTE: When it's set the arbiter.configuration parameter is ignored
337 | ##
338 | existingConfigmap: ""
339 | ## @param initdbScripts Dictionary of initdb scripts
340 | ## Specify dictionary of scripts to be run at first boot
341 | ## Example:
342 | ## initdbScripts:
343 | ## my_init_script.sh: |
344 | ## #!/bin/bash
345 | ## echo "Do something."
346 | ##
347 | initdbScripts:
348 | exporter_user.js: |
349 | db = db.getSiblingDB('admin');
350 | try {
351 | db.createUser(
352 | {
353 | user: "mongodb_exporter",
354 | pwd: "${mongodb_exporter_password}",
355 | roles: [
356 | { role: "clusterMonitor", db: "admin" },
357 | { role: "read", db: "local" }
358 | ],
359 | passwordDigestor:"server"
360 | }
361 | );
362 | }
363 | catch (e) { print(e); }
364 |
365 | ## @param initdbScriptsConfigMap Existing ConfigMap with custom initdb scripts
366 | ##
367 | initdbScriptsConfigMap: ""
368 | ## Command and args for running the container (set to default if not set). Use array form
369 | ## @param command Override default container command (useful when using custom images)
370 | ## @param args Override default container args (useful when using custom images)
371 | ##
372 | command: []
373 | args: []
374 | ## @param extraFlags MongoDB(®) additional command line flags
375 | ## Example:
376 | ## extraFlags:
377 | ## - "--wiredTigerCacheSizeGB=2"
378 | ##
379 | extraFlags: []
380 | ## @param extraEnvVars Extra environment variables to add to MongoDB(®) pods
381 | ## E.g:
382 | ## extraEnvVars:
383 | ## - name: FOO
384 | ## value: BAR
385 | ##
386 | extraEnvVars: []
387 | ## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars
388 | ##
389 | extraEnvVarsCM: ""
390 | ## @param extraEnvVarsSecret Name of existing Secret containing extra env vars (in case of sensitive data)
391 | ##
392 | extraEnvVarsSecret: ""
393 |
394 | ## @section MongoDB(®) statefulset parameters
395 | ##
396 |
397 | ## @param annotations Additional labels to be added to the MongoDB(®) statefulset. Evaluated as a template
398 | ##
399 | annotations: {}
400 | ## @param labels Annotations to be added to the MongoDB(®) statefulset. Evaluated as a template
401 | ##
402 | labels: {}
403 | ## @param replicaCount Number of MongoDB(®) nodes (only when `architecture=replicaset`)
404 | ## Ignored when mongodb.architecture=standalone
405 | ##
406 | replicaCount: ${replicacount}
407 | ## @param updateStrategy.type Strategy to use to replace existing MongoDB(®) pods. When architecture=standalone and useStatefulSet=false,
408 | ##��this parameter will be applied on a deployment object. In other case it will be applied on a statefulset object
409 | ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
410 | ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
411 | ## Example:
412 | ## updateStrategy:
413 | ## type: RollingUpdate
414 | ## rollingUpdate:
415 | ## maxSurge: 25%
416 | ## maxUnavailable: 25%
417 | ##
418 | updateStrategy:
419 | type: RollingUpdate
420 | ## @param podManagementPolicy Pod management policy for MongoDB(®)
421 | ## Should be initialized one by one when building the replicaset for the first time
422 | ##
423 | podManagementPolicy: OrderedReady
424 | ## @param podAffinityPreset MongoDB(®) Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
425 | ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
426 | ##
427 | podAffinityPreset: ""
428 | ## @param podAntiAffinityPreset MongoDB(®) Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
429 | ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
430 | ##
431 | podAntiAffinityPreset: soft
432 | ## Node affinity preset
433 | ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
434 | ##
435 | nodeAffinityPreset:
436 | ## @param nodeAffinityPreset.type MongoDB(®) Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
437 | ##
438 | type: ""
439 | ## @param nodeAffinityPreset.key MongoDB(®) Node label key to match Ignored if `affinity` is set.
440 | ## E.g.
441 | ## key: "kubernetes.io/e2e-az-name"
442 | ##
443 | key: ""
444 | ## @param nodeAffinityPreset.values MongoDB(®) Node label values to match. Ignored if `affinity` is set.
445 | ## E.g.
446 | ## values:
447 | ## - e2e-az1
448 | ## - e2e-az2
449 | ##
450 | values: []
451 | ## @param affinity MongoDB(®) Affinity for pod assignment
452 | ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
453 | ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
454 | ##
455 | affinity: {}
456 | ## @param nodeSelector MongoDB(®) Node labels for pod assignment
457 | ## ref: https://kubernetes.io/docs/user-guide/node-selection/
458 | ##
459 | nodeSelector: {}
460 | ## @param tolerations MongoDB(®) Tolerations for pod assignment
461 | ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
462 | ##
463 | tolerations: []
464 | ## @param topologySpreadConstraints MongoDB(®) Spread Constraints for Pods
465 | ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
466 | ##
467 | topologySpreadConstraints: []
468 | ## @param lifecycleHooks LifecycleHook for the MongoDB(®) container(s) to automate configuration before or after startup
469 | ##
470 | lifecycleHooks: {}
471 | ## @param terminationGracePeriodSeconds MongoDB(®) Termination Grace Period
472 | ##
473 | terminationGracePeriodSeconds: ""
474 | ## @param podLabels MongoDB(®) pod labels
475 | ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
476 | ##
477 | podLabels: {}
478 | ## @param podAnnotations MongoDB(®) Pod annotations
479 | ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
480 | ##
481 | podAnnotations:
482 | co.elastic.logs/enabled: "true"
483 | co.elastic.logs/module: mongodb
484 | ## @param priorityClassName Name of the existing priority class to be used by MongoDB(®) pod(s)
485 | ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
486 | ##
487 | priorityClassName: ""
488 | ## @param runtimeClassName Name of the runtime class to be used by MongoDB(®) pod(s)
489 | ## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/
490 | ##
491 | runtimeClassName: ""
492 | ## MongoDB Kubernetes Terraform Module(®) pods' Security Context.
493 | ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
494 | ## @param podSecurityContext.enabled Enable MongoDB(®) pod(s)' Security Context
495 | ## @param podSecurityContext.fsGroup Group ID for the volumes of the MongoDB(®) pod(s)
496 | ## @param podSecurityContext.sysctls sysctl settings of the MongoDB(®) pod(s)'
497 | ##
498 | podSecurityContext:
499 | enabled: true
500 | fsGroup: 1001
501 | ## sysctl settings
502 | ## Example:
503 | ## sysctls:
504 | ## - name: net.core.somaxconn
505 | ## value: "10000"
506 | ##
507 | sysctls: []
508 | ## MongoDB Kubernetes Terraform Module(®) containers' Security Context (main and metrics container).
509 | ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
510 | ## @param containerSecurityContext.enabled Enable MongoDB(®) container(s)' Security Context
511 | ## @param containerSecurityContext.runAsUser User ID for the MongoDB(®) container
512 | ## @param containerSecurityContext.runAsNonRoot Set MongoDB(®) container's Security Context runAsNonRoot
513 | ##
514 | containerSecurityContext:
515 | enabled: true
516 | runAsUser: 1001
517 | runAsNonRoot: true
518 | ## MongoDB Kubernetes Terraform Module(®) containers' resource requests and limits.
519 | ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
520 | ## We usually recommend not to specify default resources and to leave this as a conscious
521 | ## choice for the user. This also increases chances charts run on environments with little
522 | ## resources, such as Minikube. If you do want to specify resources, uncomment the following
523 | ## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
524 | ## @param resources.limits The resources limits for MongoDB(®) containers
525 | ## @param resources.requests The requested resources for MongoDB(®) containers
526 | ##
527 | resources: {}
528 | ## Example:
529 | ## limits:
530 | ## cpu: 100m
531 | ## memory: 128Mi
532 | ##
533 | # limits:
534 | # cpu: 1000m
535 | # memory: 1000Mi
536 | ## Examples:
537 | ## requests:
538 | ## cpu: 100m
539 | ## memory: 128Mi
540 | ##
541 | # requests:
542 | # cpu: 500m
543 | # memory: 500Mi
544 | ## @param containerPorts.mongodb MongoDB(®) container port
545 | containerPorts:
546 | mongodb: 27017
547 | ## MongoDB Kubernetes Terraform Module(®) pods' liveness probe. Evaluated as a template.
548 | ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
549 | ## @param livenessProbe.enabled Enable livenessProbe
550 | ## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
551 | ## @param livenessProbe.periodSeconds Period seconds for livenessProbe
552 | ## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
553 | ## @param livenessProbe.failureThreshold Failure threshold for livenessProbe
554 | ## @param livenessProbe.successThreshold Success threshold for livenessProbe
555 | ##
556 | livenessProbe:
557 | enabled: true
558 | initialDelaySeconds: 30
559 | periodSeconds: 120
560 | timeoutSeconds: 10
561 | failureThreshold: 6
562 | successThreshold: 1
563 | ## MongoDB Kubernetes Terraform Module(®) pods' readiness probe. Evaluated as a template.
564 | ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
565 | ## @param readinessProbe.enabled Enable readinessProbe
566 | ## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
567 | ## @param readinessProbe.periodSeconds Period seconds for readinessProbe
568 | ## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
569 | ## @param readinessProbe.failureThreshold Failure threshold for readinessProbe
570 | ## @param readinessProbe.successThreshold Success threshold for readinessProbe
571 | ##
572 | readinessProbe:
573 | enabled: true
574 | initialDelaySeconds: 10
575 | periodSeconds: 20
576 | timeoutSeconds: 5
577 | failureThreshold: 6
578 | successThreshold: 1
579 | ## Slow starting containers can be protected through startup probes
580 | ## Startup probes are available in Kubernetes version 1.16 and above
581 | ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes
582 | ## @param startupProbe.enabled Enable startupProbe
583 | ## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
584 | ## @param startupProbe.periodSeconds Period seconds for startupProbe
585 | ## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe
586 | ## @param startupProbe.failureThreshold Failure threshold for startupProbe
587 | ## @param startupProbe.successThreshold Success threshold for startupProbe
588 | ##
589 | startupProbe:
590 | enabled: false
591 | initialDelaySeconds: 5
592 | periodSeconds: 20
593 | timeoutSeconds: 10
594 | successThreshold: 1
595 | failureThreshold: 30
596 | ## @param customLivenessProbe Override default liveness probe for MongoDB(®) containers
597 | ## Ignored when livenessProbe.enabled=true
598 | ##
599 | customLivenessProbe: {}
600 | ## @param customReadinessProbe Override default readiness probe for MongoDB(®) containers
601 | ## Ignored when readinessProbe.enabled=true
602 | ##
603 | customReadinessProbe: {}
604 | ## @param customStartupProbe Override default startup probe for MongoDB(®) containers
605 | ## Ignored when startupProbe.enabled=true
606 | ##
607 | customStartupProbe: {}
608 | ## @param initContainers Add additional init containers for the hidden node pod(s)
609 | ## Example:
610 | ## initContainers:
611 | ## - name: your-image-name
612 | ## image: your-image
613 | ## imagePullPolicy: Always
614 | ## ports:
615 | ## - name: portname
616 | ## containerPort: 1234
617 | ##
618 | initContainers: []
619 | ## @param sidecars Add additional sidecar containers for the MongoDB(®) pod(s)
620 | ## Example:
621 | ## sidecars:
622 | ## - name: your-image-name
623 | ## image: your-image
624 | ## imagePullPolicy: Always
625 | ## ports:
626 | ## - name: portname
627 | ## containerPort: 1234
628 | ## This is an optional 'mongo-labeler' sidecar container that tracks replica-set for the primary mongodb pod
629 | ## and labels it dynamically with ' primary: "true" ' in order for an extra-deployed service to always expose
630 | ## and attach to the primary pod, this needs to be uncommented along with the suggested 'extraDeploy' example
631 | ## and the suggested rbac example for the pod to be allowed adding labels to mongo replica pods
632 | ## search 'mongo-labeler' through this file to find the sections that needs to be uncommented to make it work
633 | ##
634 | ## - name: mongo-labeler
635 | ## image: korenlev/k8s-mongo-labeler-sidecar
636 | ## imagePullPolicy: Always
637 | ## env:
638 | ## - name: LABEL_SELECTOR
639 | ## value: "app.kubernetes.io/component=mongodb,app.kubernetes.io/instance=mongodb,app.kubernetes.io/name=mongodb"
640 | ## - name: NAMESPACE
641 | ## value: "the-mongodb-namespace"
642 | ## - name: DEBUG
643 | ## value: "true"
644 | ##
645 | sidecars:
646 | - name: mongo-labeler
647 | image: korenlev/k8s-mongo-labeler-sidecar
648 | imagePullPolicy: Always
649 | env:
650 | - name: LABEL_SELECTOR
651 | value: "app.kubernetes.io/component=mongodb,app.kubernetes.io/instance=mongodb,app.kubernetes.io/name=mongodb"
652 | - name: NAMESPACE
653 | value: ${namespace}
654 | - name: DEBUG
655 | value: "true"
656 | resources:
657 | limits:
658 | cpu: 100m
659 | memory: 200Mi
660 | requests:
661 | cpu: 50m
662 | memory: 100Mi
663 | ## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for the MongoDB(®) container(s)
664 | ## Examples:
665 | ## extraVolumeMounts:
666 | ## - name: extras
667 | ## mountPath: /usr/share/extras
668 | ## readOnly: true
669 | ##
670 | extraVolumeMounts: []
671 | ## @param extraVolumes Optionally specify extra list of additional volumes to the MongoDB(®) statefulset
672 | ## extraVolumes:
673 | ## - name: extras
674 | ## emptyDir: {}
675 | ##
676 | extraVolumes: []
677 | ## MongoDB Kubernetes Terraform Module(®) Pod Disruption Budget configuration
678 | ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
679 | ##
680 | pdb:
681 | ## @param pdb.create Enable/disable a Pod Disruption Budget creation for MongoDB(®) pod(s)
682 | ##
683 | create: false
684 | ## @param pdb.minAvailable Minimum number/percentage of MongoDB(®) pods that must still be available after the eviction
685 | ##
686 | minAvailable: 1
687 | ## @param pdb.maxUnavailable Maximum number/percentage of MongoDB(®) pods that may be made unavailable after the eviction
688 | ##
689 | maxUnavailable: ""
690 |
691 | ## @section Traffic exposure parameters
692 | ##
693 |
694 | ## Service parameters
695 | ##
696 | service:
697 | ## @param service.nameOverride MongoDB(®) service name
698 | ##
699 | nameOverride: ""
700 | ## @param service.type Kubernetes Service type (only for standalone architecture)
701 | ##
702 | type: ClusterIP
703 | ## @param service.portName MongoDB(®) service port name (only for standalone architecture)
704 | ##
705 | portName: mongodb
706 | ## @param service.ports.mongodb MongoDB(®) service port.
707 | ##
708 | ports:
709 | mongodb: 27017
710 | ## @param service.nodePorts.mongodb Port to bind to for NodePort and LoadBalancer service types (only for standalone architecture)
711 | ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
712 | ##
713 | nodePorts:
714 | mongodb: ""
715 | ## @param service.clusterIP MongoDB(®) service cluster IP (only for standalone architecture)
716 | ## e.g:
717 | ## clusterIP: None
718 | ##
719 | clusterIP: ""
720 | ## @param service.externalIPs Specify the externalIP value ClusterIP service type (only for standalone architecture)
721 | ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips
722 | ##
723 | externalIPs: []
724 | ## @param service.loadBalancerIP loadBalancerIP for MongoDB(®) Service (only for standalone architecture)
725 | ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer
726 | ##
727 | loadBalancerIP: ""
728 | ## @param service.loadBalancerSourceRanges Address(es) that are allowed when service is LoadBalancer (only for standalone architecture)
729 | ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
730 | ##
731 | loadBalancerSourceRanges: []
732 | ## @param service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
733 | ##
734 | extraPorts: []
735 | ## @param service.annotations Provide any additional annotations that may be required
736 | ##
737 | annotations: {}
738 | ## @param service.externalTrafficPolicy service external traffic policy (only for standalone architecture)
739 | ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
740 | ##
741 | externalTrafficPolicy: Local
742 | ## @param service.sessionAffinity Control where client requests go, to the same pod or round-robin
743 | ## Values: ClientIP or None
744 | ## ref: https://kubernetes.io/docs/user-guide/services/
745 | ##
746 | sessionAffinity: None
747 | ## @param service.sessionAffinityConfig Additional settings for the sessionAffinity
748 | ## sessionAffinityConfig:
749 | ## clientIP:
750 | ## timeoutSeconds: 300
751 | ##
752 | sessionAffinityConfig: {}
753 | ## External Access to MongoDB(®) nodes configuration
754 | ##
755 | externalAccess:
756 | ## @param externalAccess.enabled Enable Kubernetes external cluster access to MongoDB(®) nodes (only for replicaset architecture)
757 | ##
758 | enabled: false
759 | ## External IPs auto-discovery configuration
760 | ## An init container is used to auto-detect LB IPs or node ports by querying the K8s API
761 | ## Note: RBAC might be required
762 | ##
763 | autoDiscovery:
764 | ## @param externalAccess.autoDiscovery.enabled Enable using an init container to auto-detect external IPs by querying the K8s API
765 | ##
766 | enabled: false
767 | ## Bitnami Kubectl image
768 | ## ref: https://hub.docker.com/r/bitnami/kubectl/tags/
769 | ## @param externalAccess.autoDiscovery.image.registry Init container auto-discovery image registry
770 | ## @param externalAccess.autoDiscovery.image.repository Init container auto-discovery image repository
771 | ## @param externalAccess.autoDiscovery.image.tag Init container auto-discovery image tag (immutable tags are recommended)
772 | ## @param externalAccess.autoDiscovery.image.pullPolicy Init container auto-discovery image pull policy
773 | ## @param externalAccess.autoDiscovery.image.pullSecrets Init container auto-discovery image pull secrets
774 | ##
775 | image:
776 | registry: docker.io
777 | repository: bitnami/kubectl
778 | tag: 1.23.6-debian-10-r8
779 | ## Specify a imagePullPolicy
780 | ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
781 | ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
782 | ##
783 | pullPolicy: IfNotPresent
784 | ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace)
785 | ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
786 | ## Example:
787 | ## pullSecrets:
788 | ## - myRegistryKeySecretName
789 | ##
790 | pullSecrets: []
791 | ## Init Container resource requests and limits
792 | ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
793 | ## We usually recommend not to specify default resources and to leave this as a conscious
794 | ## choice for the user. This also increases chances charts run on environments with little
795 | ## resources, such as Minikube. If you do want to specify resources, uncomment the following
796 | ## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
797 | ## @param externalAccess.autoDiscovery.resources.limits Init container auto-discovery resource limits
798 | ## @param externalAccess.autoDiscovery.resources.requests Init container auto-discovery resource requests
799 | ##
800 | resources:
801 | ## Example:
802 | ## limits:
803 | ## cpu: 100m
804 | ## memory: 128Mi
805 | ##
806 | limits: {}
807 | ## Examples:
808 | ## requests:
809 | ## cpu: 100m
810 | ## memory: 128Mi
811 | ##
812 | requests: {}
813 | ## Parameters to configure K8s service(s) used to externally access MongoDB(®)
814 | ## A new service per broker will be created
815 | ##
816 | service:
817 | ## @param externalAccess.service.type Kubernetes Service type for external access. Allowed values: NodePort, LoadBalancer or ClusterIP
818 | ##
819 | type: LoadBalancer
820 | ## @param externalAccess.service.portName MongoDB(®) port name used for external access when service type is LoadBalancer
821 | ##
822 | portName: "mongodb"
823 | ## @param externalAccess.service.ports.mongodb MongoDB(®) port used for external access when service type is LoadBalancer
824 | ##
825 | ports:
826 | mongodb: 27017
827 | ## @param externalAccess.service.loadBalancerIPs Array of load balancer IPs for MongoDB(®) nodes
828 | ## Example:
829 | ## loadBalancerIPs:
830 | ## - X.X.X.X
831 | ## - Y.Y.Y.Y
832 | ##
833 | loadBalancerIPs: []
834 | ## @param externalAccess.service.loadBalancerSourceRanges Address(es) that are allowed when service is LoadBalancer
835 | ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
836 | ## Example:
837 | ## loadBalancerSourceRanges:
838 | ## - 10.10.10.0/24
839 | ##
840 | loadBalancerSourceRanges: []
841 | ## @param externalAccess.service.externalTrafficPolicy MongoDB(®) service external traffic policy
842 | ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
843 | ##
844 | externalTrafficPolicy: Local
845 | ## @param externalAccess.service.nodePorts Array of node ports used to configure MongoDB(®) advertised hostname when service type is NodePort
846 | ## Example:
847 | ## nodePorts:
848 | ## - 30001
849 | ## - 30002
850 | ##
851 | nodePorts: []
852 | ## @param externalAccess.service.domain Domain or external IP used to configure MongoDB(®) advertised hostname when service type is NodePort
853 | ## If not specified, the container will try to get the kubernetes node external IP
854 | ## e.g:
855 | ## domain: mydomain.com
856 | ##
857 | domain: ""
858 | ## @param externalAccess.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
859 | ##
860 | extraPorts: []
861 | ## @param externalAccess.service.annotations Service annotations for external access
862 | ##
863 | annotations: {}
864 | ## @param externalAccess.service.sessionAffinity Control where client requests go, to the same pod or round-robin
865 | ## Values: ClientIP or None
866 | ## ref: https://kubernetes.io/docs/user-guide/services/
867 | ##
868 | sessionAffinity: None
869 | ## @param externalAccess.service.sessionAffinityConfig Additional settings for the sessionAffinity
870 | ## sessionAffinityConfig:
871 | ## clientIP:
872 | ## timeoutSeconds: 300
873 | ##
874 | sessionAffinityConfig: {}
875 | ## External Access to MongoDB(®) Hidden nodes configuration
876 | ##
877 | hidden:
878 | ## @param externalAccess.hidden.enabled Enable Kubernetes external cluster access to MongoDB(®) hidden nodes
879 | ##
880 | enabled: false
881 | ## Parameters to configure K8s service(s) used to externally access MongoDB(®)
882 | ## A new service per broker will be created
883 | ##
884 | service:
885 | ## @param externalAccess.hidden.service.type Kubernetes Service type for external access. Allowed values: NodePort or LoadBalancer
886 | ##
887 | type: LoadBalancer
888 | ## @param externalAccess.hidden.service.portName MongoDB(®) port name used for external access when service type is LoadBalancer
889 | ##
890 | portName: "mongodb"
891 | ## @param externalAccess.hidden.service.ports.mongodb MongoDB(®) port used for external access when service type is LoadBalancer
892 | ##
893 | ports:
894 | mongodb: 27017
895 | ## @param externalAccess.hidden.service.loadBalancerIPs Array of load balancer IPs for MongoDB(®) nodes
896 | ## Example:
897 | ## loadBalancerIPs:
898 | ## - X.X.X.X
899 | ## - Y.Y.Y.Y
900 | ##
901 | loadBalancerIPs: []
902 | ## @param externalAccess.hidden.service.loadBalancerSourceRanges Address(es) that are allowed when service is LoadBalancer
903 | ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
904 | ## Example:
905 | ## loadBalancerSourceRanges:
906 | ## - 10.10.10.0/24
907 | ##
908 | loadBalancerSourceRanges: []
909 | ## @param externalAccess.hidden.service.externalTrafficPolicy MongoDB(®) service external traffic policy
910 | ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
911 | ##
912 | externalTrafficPolicy: Local
913 | ## @param externalAccess.hidden.service.nodePorts Array of node ports used to configure MongoDB(®) advertised hostname when service type is NodePort. Length must be the same as replicaCount
914 | ## Example:
915 | ## nodePorts:
916 | ## - 30001
917 | ## - 30002
918 | ##
919 | nodePorts: []
920 | ## @param externalAccess.hidden.service.domain Domain or external IP used to configure MongoDB(®) advertised hostname when service type is NodePort
921 | ## If not specified, the container will try to get the kubernetes node external IP
922 | ## e.g:
923 | ## domain: mydomain.com
924 | ##
925 | domain: ""
926 | ## @param externalAccess.hidden.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
927 | ##
928 | extraPorts: []
929 | ## @param externalAccess.hidden.service.annotations Service annotations for external access
930 | ##
931 | annotations: {}
932 | ## @param externalAccess.hidden.service.sessionAffinity Control where client requests go, to the same pod or round-robin
933 | ## Values: ClientIP or None
934 | ## ref: https://kubernetes.io/docs/user-guide/services/
935 | ##
936 | sessionAffinity: None
937 | ## @param externalAccess.hidden.service.sessionAffinityConfig Additional settings for the sessionAffinity
938 | ## sessionAffinityConfig:
939 | ## clientIP:
940 | ## timeoutSeconds: 300
941 | ##
942 | sessionAffinityConfig: {}
943 |
944 | ## @section Persistence parameters
945 | ##
946 |
947 | ## Enable persistence using Persistent Volume Claims
948 | ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/
949 | ##
950 | persistence:
951 | ## @param persistence.enabled Enable MongoDB(®) data persistence using PVC
952 | ##
953 | enabled: true
954 | ## @param persistence.medium Provide a medium for `emptyDir` volumes.
955 | ## Requires persistence.enabled: false
956 | ##
957 | medium: ""
958 | ## @param persistence.existingClaim Provide an existing `PersistentVolumeClaim` (only when `architecture=standalone`)
959 | ## Requires persistence.enabled: true
960 | ## If defined, PVC must be created manually before volume will be bound
961 | ## Ignored when mongodb.architecture=replicaset
962 | ##
963 | existingClaim: ""
964 | ## @param persistence.resourcePolicy Setting it to "keep" to avoid removing PVCs during a helm delete operation. Leaving it empty will delete PVCs after the chart deleted
965 | resourcePolicy: ""
966 | ## @param persistence.storageClass PVC Storage Class for MongoDB(®) data volume
967 | ## If defined, storageClassName:
968 | ## If set to "-", storageClassName: "", which disables dynamic provisioning
969 | ## If undefined (the default) or set to null, no storageClassName spec is
970 | ## set, choosing the default provisioner.
971 | ##
972 | storageClass: ""
973 | ## @param persistence.accessModes PV Access Mode
974 | ##
975 | accessModes:
976 | - ReadWriteOnce
977 | ## @param persistence.size PVC Storage Request for MongoDB(®) data volume
978 | ##
979 | size: "${volume_size}"
980 | ## @param persistence.annotations PVC annotations
981 | ##
982 | annotations: {}
983 | ## @param persistence.mountPath Path to mount the volume at
984 | ## MongoDB Kubernetes Terraform Module(®) images.
985 | ##
986 | mountPath: /bitnami/mongodb
987 | ## @param persistence.subPath Subdirectory of the volume to mount at
988 | ## and one PV for multiple services.
989 | ##
990 | subPath: ""
991 | ## Fine tuning for volumeClaimTemplates
992 | ##
993 | volumeClaimTemplates:
994 | ## @param persistence.volumeClaimTemplates.selector A label query over volumes to consider for binding (e.g. when using local volumes)
995 | ## A label query over volumes to consider for binding (e.g. when using local volumes)
996 | ## See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#labelselector-v1-meta for more details
997 | ##
998 | selector: {}
999 | ## @param persistence.volumeClaimTemplates.requests Custom PVC requests attributes
1000 | ## Sometime cloud providers use additional requests attributes to provision custom storage instance
1001 | ## See https://cloud.ibm.com/docs/containers?topic=containers-file_storage#file_dynamic_statefulset
1002 | ##
1003 | requests: {}
1004 | ## @param persistence.volumeClaimTemplates.dataSource Add dataSource to the VolumeClaimTemplate
1005 | ##
1006 | dataSource: {}
1007 |
1008 | ## @section RBAC parameters
1009 | ##
1010 |
1011 | ## ServiceAccount
1012 | ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
1013 | ##
1014 | serviceAccount:
1015 | ## @param serviceAccount.create Enable creation of ServiceAccount for MongoDB(®) pods
1016 | ##
1017 | create: true
1018 | ## @param serviceAccount.name Name of the created serviceAccount
1019 | ## If not set and create is true, a name is generated using the mongodb.fullname template
1020 | ##
1021 | name: ""
1022 | ## @param serviceAccount.annotations Additional Service Account annotations
1023 | ##
1024 | annotations: {}
1025 | ## @param serviceAccount.automountServiceAccountToken Allows auto mount of ServiceAccountToken on the serviceAccount created
1026 | ## Can be set to false if pods using this serviceAccount do not need to use K8s API
1027 | ##
1028 | automountServiceAccountToken: true
1029 | ## Role Based Access
1030 | ## ref: https://kubernetes.io/docs/admin/authorization/rbac/
1031 | ##
1032 | rbac:
1033 | ## @param rbac.create Whether to create & use RBAC resources or not
1034 | ## binding MongoDB(®) ServiceAccount to a role
1035 | ## that allows MongoDB(®) pods querying the K8s API
1036 | ## this needs to be set to 'true' to enable the mongo-labeler sidecar primary mongodb discovery
1037 | ##
1038 | create: true
1039 | ## @param rbac.rules Custom rules to create following the role specification
1040 | ## The example below needs to be uncommented to use the 'mongo-labeler' sidecar for dynamic discovery of the primary mongodb pod:
1041 | ## rules:
1042 | ## - apiGroups:
1043 | ## - ""
1044 | ## resources:
1045 | ## - pods
1046 | ## verbs:
1047 | ## - get
1048 | ## - list
1049 | ## - watch
1050 | ## - update
1051 | ##
1052 | rules:
1053 | - apiGroups:
1054 | - ""
1055 | resources:
1056 | - pods
1057 | verbs:
1058 | - get
1059 | - list
1060 | - watch
1061 | - update
1062 | ## PodSecurityPolicy configuration
1063 | ## Be sure to also set rbac.create to true, otherwise Role and RoleBinding won't be created.
1064 | ## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
1065 | ##
1066 | podSecurityPolicy:
1067 | ## @param podSecurityPolicy.create Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later
1068 | ##
1069 | create: false
1070 | ## @param podSecurityPolicy.allowPrivilegeEscalation Enable privilege escalation
1071 | ## Either use predefined policy with some adjustments or use `podSecurityPolicy.spec`
1072 | ##
1073 | allowPrivilegeEscalation: false
1074 | ## @param podSecurityPolicy.privileged Allow privileged
1075 | ##
1076 | privileged: false
1077 | ## @param podSecurityPolicy.spec Specify the full spec to use for Pod Security Policy
1078 | ## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
1079 | ## Defining a spec ignores the above values.
1080 | ##
1081 | spec: {}
1082 | ## Example:
1083 | ## allowPrivilegeEscalation: false
1084 | ## fsGroup:
1085 | ## rule: 'MustRunAs'
1086 | ## ranges:
1087 | ## - min: 1001
1088 | ## max: 1001
1089 | ## hostIPC: false
1090 | ## hostNetwork: false
1091 | ## hostPID: false
1092 | ## privileged: false
1093 | ## readOnlyRootFilesystem: false
1094 | ## requiredDropCapabilities:
1095 | ## - ALL
1096 | ## runAsUser:
1097 | ## rule: 'MustRunAs'
1098 | ## ranges:
1099 | ## - min: 1001
1100 | ## max: 1001
1101 | ## seLinux:
1102 | ## rule: 'RunAsAny'
1103 | ## supplementalGroups:
1104 | ## rule: 'MustRunAs'
1105 | ## ranges:
1106 | ## - min: 1001
1107 | ## max: 1001
1108 | ## volumes:
1109 | ## - 'configMap'
1110 | ## - 'secret'
1111 | ## - 'emptyDir'
1112 | ## - 'persistentVolumeClaim'
1113 | ##
1114 |
1115 | ## @section Volume Permissions parameters
1116 | ##
1117 | ## Init Container parameters
1118 | ## Change the owner and group of the persistent volume(s) mountpoint(s) to 'runAsUser:fsGroup' on each component
1119 | ## values from the securityContext section of the component
1120 | ##
1121 | volumePermissions:
1122 | ## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup`
1123 | ##
1124 | enabled: false
1125 | ## @param volumePermissions.image.registry Init container volume-permissions image registry
1126 | ## @param volumePermissions.image.repository Init container volume-permissions image repository
1127 | ## @param volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended)
1128 | ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy
1129 | ## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array
1130 | ##
1131 | image:
1132 | registry: docker.io
1133 | repository: bitnami/bitnami-shell
1134 | tag: 10-debian-10-r410
1135 | ## Specify a imagePullPolicy
1136 | ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
1137 | ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
1138 | ##
1139 | pullPolicy: IfNotPresent
1140 | ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace)
1141 | ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
1142 | ## Example:
1143 | ## pullSecrets:
1144 | ## - myRegistryKeySecretName
1145 | ##
1146 | pullSecrets: []
1147 | ## Init Container resource requests and limits
1148 | ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
1149 | ## We usually recommend not to specify default resources and to leave this as a conscious
1150 | ## choice for the user. This also increases chances charts run on environments with little
1151 | ## resources, such as Minikube. If you do want to specify resources, uncomment the following
1152 | ## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
1153 | ## @param volumePermissions.resources.limits Init container volume-permissions resource limits
1154 | ## @param volumePermissions.resources.requests Init container volume-permissions resource requests
1155 | ##
1156 | resources:
1157 | ## Example:
1158 | ## limits:
1159 | ## cpu: 100m
1160 | ## memory: 128Mi
1161 | ##
1162 | limits: {}
1163 | ## Examples:
1164 | ## requests:
1165 | ## cpu: 100m
1166 | ## memory: 128Mi
1167 | ##
1168 | requests: {}
1169 | ## Init container Security Context
1170 | ## Note: the chown of the data folder is done to containerSecurityContext.runAsUser
1171 | ## and not the below volumePermissions.securityContext.runAsUser
1172 | ## When runAsUser is set to special value "auto", init container will try to chwon the
1173 | ## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2`
1174 | ## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed).
1175 | ## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with
1176 | ## podSecurityContext.enabled=false,containerSecurityContext.enabled=false and shmVolume.chmod.enabled=false
1177 | ## @param volumePermissions.securityContext.runAsUser User ID for the volumePermissions container
1178 | ##
1179 | securityContext:
1180 | runAsUser: 0
1181 |
1182 | ## @section Arbiter parameters
1183 | ##
1184 |
1185 | arbiter:
1186 | ## @param arbiter.enabled Enable deploying the arbiter
1187 | ## https://docs.mongodb.com/manual/tutorial/add-replica-set-arbiter/
1188 | ##
1189 | # enabled: true
1190 | enabled: ${arbiterValue}
1191 | ## @param arbiter.hostAliases Add deployment host aliases
1192 | ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
1193 | ##
1194 | hostAliases: []
1195 | ## @param arbiter.configuration Arbiter configuration file to be used
1196 | ## http://docs.mongodb.org/manual/reference/configuration-options/
1197 | ##
1198 | configuration: ""
1199 | ## @param arbiter.existingConfigmap Name of existing ConfigMap with Arbiter configuration
1200 | ## NOTE: When it's set the arbiter.configuration parameter is ignored
1201 | ##
1202 | existingConfigmap: ""
1203 | ## Command and args for running the container (set to default if not set). Use array form
1204 | ## @param arbiter.command Override default container command (useful when using custom images)
1205 | ## @param arbiter.args Override default container args (useful when using custom images)
1206 | ##
1207 | command: []
1208 | args: []
1209 | ## @param arbiter.extraFlags Arbiter additional command line flags
1210 | ## Example:
1211 | ## extraFlags:
1212 | ## - "--wiredTigerCacheSizeGB=2"
1213 | ##
1214 | extraFlags: []
1215 | ## @param arbiter.extraEnvVars Extra environment variables to add to Arbiter pods
1216 | ## E.g:
1217 | ## extraEnvVars:
1218 | ## - name: FOO
1219 | ## value: BAR
1220 | ##
1221 | extraEnvVars: []
1222 | ## @param arbiter.extraEnvVarsCM Name of existing ConfigMap containing extra env vars
1223 | ##
1224 | extraEnvVarsCM: ""
1225 | ## @param arbiter.extraEnvVarsSecret Name of existing Secret containing extra env vars (in case of sensitive data)
1226 | ##
1227 | extraEnvVarsSecret: ""
1228 | ## @param arbiter.annotations Additional labels to be added to the Arbiter statefulset
1229 | ##
1230 | annotations: {}
1231 | ## @param arbiter.labels Annotations to be added to the Arbiter statefulset
1232 | ##
1233 | labels: {}
1234 | ## @param arbiter.topologySpreadConstraints MongoDB(®) Spread Constraints for arbiter Pods
1235 | ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
1236 | ##
1237 | topologySpreadConstraints: []
1238 | ## @param arbiter.lifecycleHooks LifecycleHook for the Arbiter container to automate configuration before or after startup
1239 | ##
1240 | lifecycleHooks: {}
1241 | ## @param arbiter.terminationGracePeriodSeconds Arbiter Termination Grace Period
1242 | ##
1243 | terminationGracePeriodSeconds: ""
1244 | ## @param arbiter.updateStrategy.type Strategy that will be employed to update Pods in the StatefulSet
1245 | ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
1246 | ## updateStrategy:
1247 | ## type: RollingUpdate
1248 | ## rollingUpdate:
1249 | ## maxSurge: 25%
1250 | ## maxUnavailable: 25%
1251 | ##
1252 | updateStrategy:
1253 | type: RollingUpdate
1254 | ## @param arbiter.podManagementPolicy Pod management policy for MongoDB(®)
1255 | ## Should be initialized one by one when building the replicaset for the first time
1256 | ##
1257 | podManagementPolicy: OrderedReady
1258 | ## @param arbiter.schedulerName Name of the scheduler (other than default) to dispatch pods
1259 | ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
1260 | ##
1261 | schedulerName: ""
1262 | ## @param arbiter.podAffinityPreset Arbiter Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
1263 | ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
1264 | ##
1265 | podAffinityPreset: ""
1266 | ## @param arbiter.podAntiAffinityPreset Arbiter Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
1267 | ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
1268 | ##
1269 | podAntiAffinityPreset: soft
1270 | ## Node affinity preset
1271 | ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
1272 | ##
1273 | nodeAffinityPreset:
1274 | ## @param arbiter.nodeAffinityPreset.type Arbiter Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
1275 | ##
1276 | type: ""
1277 | ## @param arbiter.nodeAffinityPreset.key Arbiter Node label key to match Ignored if `affinity` is set.
1278 | ## E.g.
1279 | ## key: "kubernetes.io/e2e-az-name"
1280 | ##
1281 | key: ""
1282 | ## @param arbiter.nodeAffinityPreset.values Arbiter Node label values to match. Ignored if `affinity` is set.
1283 | ## E.g.
1284 | ## values:
1285 | ## - e2e-az1
1286 | ## - e2e-az2
1287 | ##
1288 | values: []
1289 | ## @param arbiter.affinity Arbiter Affinity for pod assignment
1290 | ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
1291 | ## Note: arbiter.podAffinityPreset, arbiter.podAntiAffinityPreset, and arbiter.nodeAffinityPreset will be ignored when it's set
1292 | ##
1293 | affinity: {}
1294 | ## @param arbiter.nodeSelector Arbiter Node labels for pod assignment
1295 | ## ref: https://kubernetes.io/docs/user-guide/node-selection/
1296 | ##
1297 | nodeSelector: {}
1298 | ## @param arbiter.tolerations Arbiter Tolerations for pod assignment
1299 | ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
1300 | ##
1301 | tolerations: []
1302 | ## @param arbiter.podLabels Arbiter pod labels
1303 | ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
1304 | ##
1305 | podLabels: {}
1306 | ## @param arbiter.podAnnotations Arbiter Pod annotations
1307 | ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
1308 | ##
1309 | podAnnotations:
1310 | co.elastic.logs/enabled: "true"
1311 | co.elastic.logs/module: mongodb
1312 | ## @param arbiter.priorityClassName Name of the existing priority class to be used by Arbiter pod(s)
1313 | ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
1314 | ##
1315 | priorityClassName: ""
1316 | ## @param arbiter.runtimeClassName Name of the runtime class to be used by Arbiter pod(s)
1317 | ## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/
1318 | ##
1319 | runtimeClassName: ""
1320 | ## MongoDB Kubernetes Terraform Module(®) Arbiter pods' Security Context.
1321 | ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
1322 | ## @param arbiter.podSecurityContext.enabled Enable Arbiter pod(s)' Security Context
1323 | ## @param arbiter.podSecurityContext.fsGroup Group ID for the volumes of the Arbiter pod(s)
1324 | ## @param arbiter.podSecurityContext.sysctls sysctl settings of the Arbiter pod(s)'
1325 | ##
1326 | podSecurityContext:
1327 | enabled: true
1328 | fsGroup: 1001
1329 | ## sysctl settings
1330 | ## Example:
1331 | ## sysctls:
1332 | ## - name: net.core.somaxconn
1333 | ## value: "10000"
1334 | ##
1335 | sysctls: []
1336 | ## MongoDB Kubernetes Terraform Module(®) Arbiter containers' Security Context (only main container).
1337 | ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
1338 | ## @param arbiter.containerSecurityContext.enabled Enable Arbiter container(s)' Security Context
1339 | ## @param arbiter.containerSecurityContext.runAsUser User ID for the Arbiter container
1340 | ## @param arbiter.containerSecurityContext.runAsNonRoot Set Arbiter containers' Security Context runAsNonRoot
1341 | ##
1342 | containerSecurityContext:
1343 | enabled: true
1344 | runAsUser: 1001
1345 | runAsNonRoot: true
1346 | ## MongoDB Kubernetes Terraform Module(®) Arbiter containers' resource requests and limits.
1347 | ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
1348 | ## We usually recommend not to specify default resources and to leave this as a conscious
1349 | ## choice for the user. This also increases chances charts run on environments with little
1350 | ## resources, such as Minikube. If you do want to specify resources, uncomment the following
1351 | ## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
1352 | ## @param arbiter.resources.limits The resources limits for Arbiter containers
1353 | ## @param arbiter.resources.requests The requested resources for Arbiter containers
1354 | ##
1355 | resources: {}
1356 | ## Example:
1357 | ## limits:
1358 | ## cpu: 100m
1359 | ## memory: 128Mi
1360 | ##
1361 | # limits:
1362 | # cpu: 200m
1363 | # memory: 500Mi
1364 | ## Examples:
1365 | ## requests:
1366 | ## cpu: 100m
1367 | ## memory: 128Mi
1368 | ##
1369 | # requests:
1370 | # cpu: 100m
1371 | # memory: 250Mi
1372 | ## @param arbiter.containerPorts.mongodb MongoDB(®) arbiter container port
1373 | ##
1374 | containerPorts:
1375 | mongodb: 27017
1376 | ## MongoDB Kubernetes Terraform Module(®) Arbiter pods' liveness probe. Evaluated as a template.
1377 | ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
1378 | ## @param arbiter.livenessProbe.enabled Enable livenessProbe
1379 | ## @param arbiter.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
1380 | ## @param arbiter.livenessProbe.periodSeconds Period seconds for livenessProbe
1381 | ## @param arbiter.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
1382 | ## @param arbiter.livenessProbe.failureThreshold Failure threshold for livenessProbe
1383 | ## @param arbiter.livenessProbe.successThreshold Success threshold for livenessProbe
1384 | ##
1385 | livenessProbe:
1386 | enabled: true
1387 | initialDelaySeconds: 30
1388 | periodSeconds: 20
1389 | timeoutSeconds: 10
1390 | failureThreshold: 6
1391 | successThreshold: 1
1392 | ## MongoDB Kubernetes Terraform Module(®) Arbiter pods' readiness probe. Evaluated as a template.
1393 | ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
1394 | ## @param arbiter.readinessProbe.enabled Enable readinessProbe
1395 | ## @param arbiter.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
1396 | ## @param arbiter.readinessProbe.periodSeconds Period seconds for readinessProbe
1397 | ## @param arbiter.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
1398 | ## @param arbiter.readinessProbe.failureThreshold Failure threshold for readinessProbe
1399 | ## @param arbiter.readinessProbe.successThreshold Success threshold for readinessProbe
1400 | ##
1401 | readinessProbe:
1402 | enabled: true
1403 | initialDelaySeconds: 5
1404 | periodSeconds: 20
1405 | timeoutSeconds: 10
1406 | failureThreshold: 6
1407 | successThreshold: 1
1408 | ## MongoDB Kubernetes Terraform Module(®) Arbiter pods' startup probe. Evaluated as a template.
1409 | ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
1410 | ## @param arbiter.startupProbe.enabled Enable startupProbe
1411 | ## @param arbiter.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
1412 | ## @param arbiter.startupProbe.periodSeconds Period seconds for startupProbe
1413 | ## @param arbiter.startupProbe.timeoutSeconds Timeout seconds for startupProbe
1414 | ## @param arbiter.startupProbe.failureThreshold Failure threshold for startupProbe
1415 | ## @param arbiter.startupProbe.successThreshold Success threshold for startupProbe
1416 | ##
1417 | startupProbe:
1418 | enabled: false
1419 | initialDelaySeconds: 5
1420 | periodSeconds: 10
1421 | timeoutSeconds: 5
1422 | successThreshold: 1
1423 | failureThreshold: 30
1424 | ## @param arbiter.customLivenessProbe Override default liveness probe for Arbiter containers
1425 | ## Ignored when arbiter.livenessProbe.enabled=true
1426 | ##
1427 | customLivenessProbe: {}
1428 | ## @param arbiter.customReadinessProbe Override default readiness probe for Arbiter containers
1429 | ## Ignored when arbiter.readinessProbe.enabled=true
1430 | ##
1431 | customReadinessProbe: {}
1432 | ## @param arbiter.customStartupProbe Override default startup probe for Arbiter containers
1433 | ## Ignored when arbiter.startupProbe.enabled=true
1434 | ##
1435 | customStartupProbe: {}
1436 | ## @param arbiter.initContainers Add additional init containers for the Arbiter pod(s)
1437 | ## Example:
1438 | ## initContainers:
1439 | ## - name: your-image-name
1440 | ## image: your-image
1441 | ## imagePullPolicy: Always
1442 | ## ports:
1443 | ## - name: portname
1444 | ## containerPort: 1234
1445 | ##
1446 | initContainers: []
1447 | ## @param arbiter.sidecars Add additional sidecar containers for the Arbiter pod(s)
1448 | ## Example:
1449 | ## sidecars:
1450 | ## - name: your-image-name
1451 | ## image: your-image
1452 | ## imagePullPolicy: Always
1453 | ## ports:
1454 | ## - name: portname
1455 | ## containerPort: 1234
1456 | ##
1457 | sidecars: []
1458 | ## @param arbiter.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Arbiter container(s)
1459 | ## Examples:
1460 | ## extraVolumeMounts:
1461 | ## - name: extras
1462 | ## mountPath: /usr/share/extras
1463 | ## readOnly: true
1464 | ##
1465 | extraVolumeMounts: []
1466 | ## @param arbiter.extraVolumes Optionally specify extra list of additional volumes to the Arbiter statefulset
1467 | ## extraVolumes:
1468 | ## - name: extras
1469 | ## emptyDir: {}
1470 | ##
1471 | extraVolumes: []
1472 | ## MongoDB Kubernetes Terraform Module(®) Arbiter Pod Disruption Budget configuration
1473 | ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
1474 | ##
1475 | pdb:
1476 | ## @param arbiter.pdb.create Enable/disable a Pod Disruption Budget creation for Arbiter pod(s)
1477 | ##
1478 | create: false
1479 | ## @param arbiter.pdb.minAvailable Minimum number/percentage of Arbiter pods that should remain scheduled
1480 | ##
1481 | minAvailable: 1
1482 | ## @param arbiter.pdb.maxUnavailable Maximum number/percentage of Arbiter pods that may be made unavailable
1483 | ##
1484 | maxUnavailable: ""
1485 | ## MongoDB Kubernetes Terraform Module(®) Arbiter service parameters
1486 | ##
1487 | service:
1488 | ## @param arbiter.service.nameOverride The arbiter service name
1489 | ##
1490 | nameOverride: ""
1491 | ## @param arbiter.service.ports.mongodb MongoDB(®) service port
1492 | ##
1493 | ports:
1494 | mongodb: 27017
1495 | ## @param arbiter.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
1496 | ##
1497 | extraPorts: []
1498 | ## @param arbiter.service.annotations Provide any additional annotations that may be required
1499 | ##
1500 | annotations: {}
1501 |
1502 | ## @section Hidden Node parameters
1503 | ##
1504 |
1505 | hidden:
1506 | ## @param hidden.enabled Enable deploying the hidden nodes
1507 | ## https://docs.mongodb.com/manual/tutorial/configure-a-hidden-replica-set-member/
1508 | ##
1509 | enabled: false
1510 | ## @param hidden.hostAliases Add deployment host aliases
1511 | ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
1512 | ##
1513 | hostAliases: []
1514 | ## @param hidden.configuration Hidden node configuration file to be used
1515 | ## http://docs.mongodb.org/manual/reference/configuration-options/
1516 | ##
1517 | configuration: ""
1518 | ## @param hidden.existingConfigmap Name of existing ConfigMap with Hidden node configuration
1519 | ## NOTE: When it's set the hidden.configuration parameter is ignored
1520 | ##
1521 | existingConfigmap: ""
1522 | ## Command and args for running the container (set to default if not set). Use array form
1523 | ## @param hidden.command Override default container command (useful when using custom images)
1524 | ## @param hidden.args Override default container args (useful when using custom images)
1525 | ##
1526 | command: []
1527 | args: []
1528 | ## @param hidden.extraFlags Hidden node additional command line flags
1529 | ## Example:
1530 | ## extraFlags:
1531 | ## - "--wiredTigerCacheSizeGB=2"
1532 | ##
1533 | extraFlags: []
1534 | ## @param hidden.extraEnvVars Extra environment variables to add to Hidden node pods
1535 | ## E.g:
1536 | ## extraEnvVars:
1537 | ## - name: FOO
1538 | ## value: BAR
1539 | ##
1540 | extraEnvVars: []
1541 | ## @param hidden.extraEnvVarsCM Name of existing ConfigMap containing extra env vars
1542 | ##
1543 | extraEnvVarsCM: ""
1544 | ## @param hidden.extraEnvVarsSecret Name of existing Secret containing extra env vars (in case of sensitive data)
1545 | ##
1546 | extraEnvVarsSecret: ""
1547 | ## @param hidden.annotations Additional labels to be added to thehidden node statefulset
1548 | ##
1549 | annotations: {}
1550 | ## @param hidden.labels Annotations to be added to the hidden node statefulset
1551 | ##
1552 | labels: {}
1553 | ## @param hidden.topologySpreadConstraints MongoDB(®) Spread Constraints for hidden Pods
1554 | ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
1555 | ##
1556 | topologySpreadConstraints: []
1557 | ## @param hidden.lifecycleHooks LifecycleHook for the Hidden container to automate configuration before or after startup
1558 | ##
1559 | lifecycleHooks: {}
1560 | ## @param hidden.replicaCount Number of hidden nodes (only when `architecture=replicaset`)
1561 | ## Ignored when mongodb.architecture=standalone
1562 | ##
1563 | replicaCount: 1
1564 | ## @param hidden.terminationGracePeriodSeconds Hidden Termination Grace Period
1565 | ##
1566 | terminationGracePeriodSeconds: ""
1567 | ## @param hidden.updateStrategy.type Strategy that will be employed to update Pods in the StatefulSet
1568 | ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
1569 | ## updateStrategy:
1570 | ## type: RollingUpdate
1571 | ## rollingUpdate:
1572 | ## maxSurge: 25%
1573 | ## maxUnavailable: 25%
1574 | ##
1575 | updateStrategy:
1576 | type: RollingUpdate
1577 | ## @param hidden.podManagementPolicy Pod management policy for hidden node
1578 | ##
1579 | podManagementPolicy: OrderedReady
1580 | ## @param hidden.schedulerName Name of the scheduler (other than default) to dispatch pods
1581 | ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
1582 | ##
1583 | schedulerName: ""
1584 | ## @param hidden.podAffinityPreset Hidden node Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
1585 | ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
1586 | ##
1587 | podAffinityPreset: ""
1588 | ## @param hidden.podAntiAffinityPreset Hidden node Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
1589 | ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
1590 | ##
1591 | podAntiAffinityPreset: soft
1592 | ## Node affinity preset
1593 | ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
1594 | ## Allowed values: soft, hard
1595 | ##
1596 | nodeAffinityPreset:
1597 | ## @param hidden.nodeAffinityPreset.type Hidden Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
1598 | ##
1599 | type: ""
1600 | ## @param hidden.nodeAffinityPreset.key Hidden Node label key to match Ignored if `affinity` is set.
1601 | ## E.g.
1602 | ## key: "kubernetes.io/e2e-az-name"
1603 | ##
1604 | key: ""
1605 | ## @param hidden.nodeAffinityPreset.values Hidden Node label values to match. Ignored if `affinity` is set.
1606 | ## E.g.
1607 | ## values:
1608 | ## - e2e-az1
1609 | ## - e2e-az2
1610 | ##
1611 | values: []
1612 | ## @param hidden.affinity Hidden node Affinity for pod assignment
1613 | ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
1614 | ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
1615 | ##
1616 | affinity: {}
1617 | ## @param hidden.nodeSelector Hidden node Node labels for pod assignment
1618 | ## ref: https://kubernetes.io/docs/user-guide/node-selection/
1619 | ##
1620 | nodeSelector: {}
1621 | ## @param hidden.tolerations Hidden node Tolerations for pod assignment
1622 | ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
1623 | ##
1624 | tolerations: []
1625 | ## @param hidden.podLabels Hidden node pod labels
1626 | ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
1627 | ##
1628 | podLabels: {}
1629 | ## @param hidden.podAnnotations Hidden node Pod annotations
1630 | ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
1631 | ##
1632 | podAnnotations:
1633 | co.elastic.logs/enabled: "true"
1634 | co.elastic.logs/module: mongodb
1635 | ## @param hidden.priorityClassName Name of the existing priority class to be used by hidden node pod(s)
1636 | ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
1637 | ##
1638 | priorityClassName: ""
1639 | ## @param hidden.runtimeClassName Name of the runtime class to be used by hidden node pod(s)
1640 | ## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/
1641 | ##
1642 | runtimeClassName: ""
1643 | ## MongoDB Kubernetes Terraform Module(®) Hidden pods' Security Context.
1644 | ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
1645 | ## @param hidden.podSecurityContext.enabled Enable Hidden pod(s)' Security Context
1646 | ## @param hidden.podSecurityContext.fsGroup Group ID for the volumes of the Hidden pod(s)
1647 | ## @param hidden.podSecurityContext.sysctls sysctl settings of the Hidden pod(s)'
1648 | ##
1649 | podSecurityContext:
1650 | enabled: true
1651 | fsGroup: 1001
1652 | ## sysctl settings
1653 | ## Example:
1654 | ## sysctls:
1655 | ## - name: net.core.somaxconn
1656 | ## value: "10000"
1657 | ##
1658 | sysctls: []
1659 | ## MongoDB Kubernetes Terraform Module(®) Hidden containers' Security Context (only main container).
1660 | ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
1661 | ## @param hidden.containerSecurityContext.enabled Enable Hidden container(s)' Security Context
1662 | ## @param hidden.containerSecurityContext.runAsUser User ID for the Hidden container
1663 | ## @param hidden.containerSecurityContext.runAsNonRoot Set Hidden containers' Security Context runAsNonRoot
1664 | ##
1665 | containerSecurityContext:
1666 | enabled: true
1667 | runAsUser: 1001
1668 | runAsNonRoot: true
1669 | ## MongoDB Kubernetes Terraform Module(®) Hidden containers' resource requests and limits.
1670 | ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
1671 | ## We usually recommend not to specify default resources and to leave this as a conscious
1672 | ## choice for the user. This also increases chances charts run on environments with little
1673 | ## resources, such as Minikube. If you do want to specify resources, uncomment the following
1674 | ## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
1675 | ## @param hidden.resources.limits The resources limits for hidden node containers
1676 | ## @param hidden.resources.requests The requested resources for hidden node containers
1677 | ##
1678 | resources:
1679 | ## Example:
1680 | ## limits:
1681 | ## cpu: 100m
1682 | ## memory: 128Mi
1683 | ##
1684 | limits: {}
1685 | ## Examples:
1686 | ## requests:
1687 | ## cpu: 100m
1688 | ## memory: 128Mi
1689 | ##
1690 | requests: {}
1691 | ## @param hidden.containerPorts.mongodb MongoDB(®) hidden container port
1692 | containerPorts:
1693 | mongodb: 27017
1694 | ## MongoDB Kubernetes Terraform Module(®) Hidden pods' liveness probe. Evaluated as a template.
1695 | ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
1696 | ## @param hidden.livenessProbe.enabled Enable livenessProbe
1697 | ## @param hidden.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
1698 | ## @param hidden.livenessProbe.periodSeconds Period seconds for livenessProbe
1699 | ## @param hidden.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
1700 | ## @param hidden.livenessProbe.failureThreshold Failure threshold for livenessProbe
1701 | ## @param hidden.livenessProbe.successThreshold Success threshold for livenessProbe
1702 | ##
1703 | livenessProbe:
1704 | enabled: true
1705 | initialDelaySeconds: 30
1706 | periodSeconds: 20
1707 | timeoutSeconds: 10
1708 | failureThreshold: 6
1709 | successThreshold: 1
1710 | ## MongoDB Kubernetes Terraform Module(®) Hidden pods' readiness probe. Evaluated as a template.
1711 | ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
1712 | ## @param hidden.readinessProbe.enabled Enable readinessProbe
1713 | ## @param hidden.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
1714 | ## @param hidden.readinessProbe.periodSeconds Period seconds for readinessProbe
1715 | ## @param hidden.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
1716 | ## @param hidden.readinessProbe.failureThreshold Failure threshold for readinessProbe
1717 | ## @param hidden.readinessProbe.successThreshold Success threshold for readinessProbe
1718 | ##
1719 | readinessProbe:
1720 | enabled: true
1721 | initialDelaySeconds: 5
1722 | periodSeconds: 20
1723 | timeoutSeconds: 10
1724 | failureThreshold: 6
1725 | successThreshold: 1
1726 | ## Slow starting containers can be protected through startup probes
1727 | ## Startup probes are available in Kubernetes version 1.16 and above
1728 | ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes
1729 | ## @param hidden.startupProbe.enabled Enable startupProbe
1730 | ## @param hidden.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
1731 | ## @param hidden.startupProbe.periodSeconds Period seconds for startupProbe
1732 | ## @param hidden.startupProbe.timeoutSeconds Timeout seconds for startupProbe
1733 | ## @param hidden.startupProbe.failureThreshold Failure threshold for startupProbe
1734 | ## @param hidden.startupProbe.successThreshold Success threshold for startupProbe
1735 | ##
1736 | startupProbe:
1737 | enabled: false
1738 | initialDelaySeconds: 5
1739 | periodSeconds: 10
1740 | timeoutSeconds: 5
1741 | successThreshold: 1
1742 | failureThreshold: 30
1743 | ## @param hidden.customLivenessProbe Override default liveness probe for hidden node containers
1744 | ## Ignored when hidden.livenessProbe.enabled=true
1745 | ##
1746 | customLivenessProbe: {}
1747 | ## @param hidden.customReadinessProbe Override default readiness probe for hidden node containers
1748 | ## Ignored when hidden.readinessProbe.enabled=true
1749 | ##
1750 | customReadinessProbe: {}
1751 | ## @param hidden.customStartupProbe Override default startup probe for MongoDB(®) containers
1752 | ## Ignored when hidden.startupProbe.enabled=true
1753 | ##
1754 | customStartupProbe: {}
1755 | ## @param hidden.initContainers Add init containers to the MongoDB(®) Hidden pods.
1756 | ## Example:
1757 | ## initContainers:
1758 | ## - name: your-image-name
1759 | ## image: your-image
1760 | ## imagePullPolicy: Always
1761 | ## ports:
1762 | ## - name: portname
1763 | ## containerPort: 1234
1764 | ##
1765 | initContainers: []
1766 | ## @param hidden.sidecars Add additional sidecar containers for the hidden node pod(s)
1767 | ## Example:
1768 | ## sidecars:
1769 | ## - name: your-image-name
1770 | ## image: your-image
1771 | ## imagePullPolicy: Always
1772 | ## ports:
1773 | ## - name: portname
1774 | ## containerPort: 1234
1775 | ##
1776 | sidecars: []
1777 | ## @param hidden.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the hidden node container(s)
1778 | ## Examples:
1779 | ## extraVolumeMounts:
1780 | ## - name: extras
1781 | ## mountPath: /usr/share/extras
1782 | ## readOnly: true
1783 | ##
1784 | extraVolumeMounts: []
1785 | ## @param hidden.extraVolumes Optionally specify extra list of additional volumes to the hidden node statefulset
1786 | ## extraVolumes:
1787 | ## - name: extras
1788 | ## emptyDir: {}
1789 | ##
1790 | extraVolumes: []
1791 | ## MongoDB Kubernetes Terraform Module(®) Hidden Pod Disruption Budget configuration
1792 | ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
1793 | ##
1794 | pdb:
1795 | ## @param hidden.pdb.create Enable/disable a Pod Disruption Budget creation for hidden node pod(s)
1796 | ##
1797 | create: false
1798 | ## @param hidden.pdb.minAvailable Minimum number/percentage of hidden node pods that should remain scheduled
1799 | ##
1800 | minAvailable: 1
1801 | ## @param hidden.pdb.maxUnavailable Maximum number/percentage of hidden node pods that may be made unavailable
1802 | ##
1803 | maxUnavailable: ""
1804 | ## Enable persistence using Persistent Volume Claims
1805 | ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/
1806 | ##
1807 | persistence:
1808 | ## @param hidden.persistence.enabled Enable hidden node data persistence using PVC
1809 | ##
1810 | enabled: true
1811 | ## @param hidden.persistence.medium Provide a medium for `emptyDir` volumes.
1812 | ## Requires hidden.persistence.enabled: false
1813 | ##
1814 | medium: ""
1815 | ## @param hidden.persistence.storageClass PVC Storage Class for hidden node data volume
1816 | ## If defined, storageClassName:
1817 | ## If set to "-", storageClassName: "", which disables dynamic provisioning
1818 | ## If undefined (the default) or set to null, no storageClassName spec is
1819 | ## set, choosing the default provisioner.
1820 | ##
1821 | storageClass: ""
1822 | ## @param hidden.persistence.accessModes PV Access Mode
1823 | ##
1824 | accessModes:
1825 | - ReadWriteOnce
1826 | ## @param hidden.persistence.size PVC Storage Request for hidden node data volume
1827 | ##
1828 | size: 8Gi
1829 | ## @param hidden.persistence.annotations PVC annotations
1830 | ##
1831 | annotations: {}
1832 | ## @param hidden.persistence.mountPath The path the volume will be mounted at, useful when using different MongoDB(®) images.
1833 | ##
1834 | mountPath: /bitnami/mongodb
1835 | ## @param hidden.persistence.subPath The subdirectory of the volume to mount to, useful in dev environments
1836 | ## and one PV for multiple services.
1837 | ##
1838 | subPath: ""
1839 | ## Fine tuning for volumeClaimTemplates
1840 | ##
1841 | volumeClaimTemplates:
1842 | ## @param hidden.persistence.volumeClaimTemplates.selector A label query over volumes to consider for binding (e.g. when using local volumes)
1843 | ## See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#labelselector-v1-meta for more details
1844 | ##
1845 | selector: {}
1846 | ## @param hidden.persistence.volumeClaimTemplates.requests Custom PVC requests attributes
1847 | ## Sometime cloud providers use additional requests attributes to provision custom storage instance
1848 | ## See https://cloud.ibm.com/docs/containers?topic=containers-file_storage#file_dynamic_statefulset
1849 | ##
1850 | requests: {}
1851 | ## @param hidden.persistence.volumeClaimTemplates.dataSource Set volumeClaimTemplate dataSource
1852 | ##
1853 | dataSource: {}
1854 | service:
1855 | ## @param hidden.service.portName MongoDB(®) service port name
1856 | ##
1857 | portName: "mongodb"
1858 | ## @param hidden.service.ports.mongodb MongoDB(®) service port
1859 | ##
1860 | ports:
1861 | mongodb: 27017
1862 | ## @param hidden.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
1863 | ##
1864 | extraPorts: []
1865 | ## @param hidden.service.annotations Provide any additional annotations that may be required
1866 | ##
1867 | annotations: {}
1868 |
1869 | ## @section Metrics parameters
1870 | ##
1871 |
1872 | metrics:
1873 | ## @param metrics.enabled Enable using a sidecar Prometheus exporter
1874 | ##
1875 | enabled: true
1876 | ## Bitnami MongoDB(®) Promtheus Exporter image
1877 | ## ref: https://hub.docker.com/r/bitnami/mongodb-exporter/tags/
1878 | ## @param metrics.image.registry MongoDB(®) Prometheus exporter image registry
1879 | ## @param metrics.image.repository MongoDB(®) Prometheus exporter image repository
1880 | ## @param metrics.image.tag MongoDB(®) Prometheus exporter image tag (immutable tags are recommended)
1881 | ## @param metrics.image.pullPolicy MongoDB(®) Prometheus exporter image pull policy
1882 | ## @param metrics.image.pullSecrets Specify docker-registry secret names as an array
1883 | ##
1884 | image:
1885 | registry: docker.io
1886 | repository: bitnami/mongodb-exporter
1887 | tag: 0.32.0-debian-10-r3
1888 | pullPolicy: IfNotPresent
1889 | ## Optionally specify an array of imagePullSecrets.
1890 | ## Secrets must be manually created in the namespace.
1891 | ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
1892 | ## e.g:
1893 | ## pullSecrets:
1894 | ## - myRegistryKeySecretName
1895 | ##
1896 | pullSecrets: []
1897 |
1898 | ## @param metrics.username String with username for the metrics exporter
1899 | ## If undefined the root user will be used for the metrics exporter
1900 | username: ""
1901 | ## @param metrics.password String with password for the metrics exporter
1902 | ## If undefined but metrics.username is defined, a random password will be generated
1903 | password: ""
1904 | ## @param metrics.extraFlags String with extra flags to the metrics exporter
1905 | ## ref: https://github.com/percona/mongodb_exporter/blob/master/mongodb_exporter.go
1906 | ##
1907 | extraFlags: ""
1908 | ## Metrics exporter container resource requests and limits
1909 | ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
1910 | ## We usually recommend not to specify default resources and to leave this as a conscious
1911 | ## choice for the user. This also increases chances charts run on environments with little
1912 | ## resources, such as Minikube. If you do want to specify resources, uncomment the following
1913 | ## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
1914 | ## @param metrics.resources.limits The resources limits for Prometheus exporter containers
1915 | ## @param metrics.resources.requests The requested resources for Prometheus exporter containers
1916 | ##
1917 | resources: {}
1918 | # limits:
1919 | # cpu: 100m
1920 | # memory: 128Mi
1921 | # requests:
1922 | # cpu: 100m
1923 | # memory: 128Mi
1924 | ##
1925 | ## @param metrics.containerPort Port of the Prometheus metrics container
1926 | ##
1927 | containerPort: 9216
1928 | ## Prometheus Exporter service configuration
1929 | ##
1930 | service:
1931 | ## @param metrics.service.annotations [object] Annotations for Prometheus Exporter pods. Evaluated as a template.
1932 | ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
1933 | ##
1934 | annotations:
1935 | prometheus.io/scrape: "true"
1936 | prometheus.io/port: "{{ .Values.metrics.service.ports.metrics }}"
1937 | prometheus.io/path: "/metrics"
1938 | ## @param metrics.service.type Type of the Prometheus metrics service
1939 | ##
1940 | type: ClusterIP
1941 | ## @param metrics.service.ports.metrics Port of the Prometheus metrics service
1942 | ##
1943 | ports:
1944 | metrics: 9216
1945 | ## @param metrics.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
1946 | ##
1947 | extraPorts: []
1948 | ## Metrics exporter liveness probe
1949 | ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
1950 | ## @param metrics.livenessProbe.enabled Enable livenessProbe
1951 | ## @param metrics.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
1952 | ## @param metrics.livenessProbe.periodSeconds Period seconds for livenessProbe
1953 | ## @param metrics.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
1954 | ## @param metrics.livenessProbe.failureThreshold Failure threshold for livenessProbe
1955 | ## @param metrics.livenessProbe.successThreshold Success threshold for livenessProbe
1956 | ##
1957 | livenessProbe:
1958 | enabled: true
1959 | initialDelaySeconds: 15
1960 | periodSeconds: 5
1961 | timeoutSeconds: 5
1962 | failureThreshold: 3
1963 | successThreshold: 1
1964 | ## Metrics exporter readiness probe
1965 | ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
1966 | ## @param metrics.readinessProbe.enabled Enable readinessProbe
1967 | ## @param metrics.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
1968 | ## @param metrics.readinessProbe.periodSeconds Period seconds for readinessProbe
1969 | ## @param metrics.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
1970 | ## @param metrics.readinessProbe.failureThreshold Failure threshold for readinessProbe
1971 | ## @param metrics.readinessProbe.successThreshold Success threshold for readinessProbe
1972 | ##
1973 | readinessProbe:
1974 | enabled: true
1975 | initialDelaySeconds: 30
1976 | periodSeconds: 5
1977 | timeoutSeconds: 15
1978 | failureThreshold: 3
1979 | successThreshold: 1
1980 | ## Slow starting containers can be protected through startup probes
1981 | ## Startup probes are available in Kubernetes version 1.16 and above
1982 | ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes
1983 | ## @param metrics.startupProbe.enabled Enable startupProbe
1984 | ## @param metrics.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
1985 | ## @param metrics.startupProbe.periodSeconds Period seconds for startupProbe
1986 | ## @param metrics.startupProbe.timeoutSeconds Timeout seconds for startupProbe
1987 | ## @param metrics.startupProbe.failureThreshold Failure threshold for startupProbe
1988 | ## @param metrics.startupProbe.successThreshold Success threshold for startupProbe
1989 | ##
1990 | startupProbe:
1991 | enabled: false
1992 | initialDelaySeconds: 5
1993 | periodSeconds: 10
1994 | timeoutSeconds: 5
1995 | successThreshold: 1
1996 | failureThreshold: 30
1997 | ## @param metrics.customLivenessProbe Override default liveness probe for MongoDB(®) containers
1998 | ## Ignored when livenessProbe.enabled=true
1999 | ##
2000 | customLivenessProbe: {}
2001 | ## @param metrics.customReadinessProbe Override default readiness probe for MongoDB(®) containers
2002 | ## Ignored when readinessProbe.enabled=true
2003 | ##
2004 | customReadinessProbe: {}
2005 | ## @param metrics.customStartupProbe Override default startup probe for MongoDB(®) containers
2006 | ## Ignored when startupProbe.enabled=true
2007 | ##
2008 | customStartupProbe: {}
2009 | ## Prometheus Service Monitor
2010 | ## ref: https://github.com/coreos/prometheus-operator
2011 | ## https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md
2012 | ##
2013 | serviceMonitor:
2014 | ## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using Prometheus Operator
2015 | ##
2016 | enabled: true
2017 | ## @param metrics.serviceMonitor.namespace Namespace which Prometheus is running in
2018 | ##
2019 | namespace: ${namespace}
2020 | ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped
2021 | ##
2022 | interval: 30s
2023 | ## @param metrics.serviceMonitor.scrapeTimeout Specify the timeout after which the scrape is ended
2024 | ## e.g:
2025 | ## scrapeTimeout: 30s
2026 | ##
2027 | scrapeTimeout: 10s
2028 | ## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping.
2029 | ##
2030 | relabelings: []
2031 | ## @param metrics.serviceMonitor.metricRelabelings MetricsRelabelConfigs to apply to samples before ingestion.
2032 | ##
2033 | metricRelabelings: []
2034 | ## @param metrics.serviceMonitor.labels Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with
2035 | ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec
2036 | ##
2037 | labels:
2038 | release: prometheus-operator
2039 | ## @param metrics.serviceMonitor.selector Prometheus instance selector labels
2040 | ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration
2041 | ##
2042 | selector: {}
2043 | ## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint
2044 | ##
2045 | honorLabels: false
2046 | ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus.
2047 | ##
2048 | jobLabel: ""
2049 | ## Custom PrometheusRule to be defined
2050 | ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions
2051 | ##
2052 | prometheusRule:
2053 | ## @param metrics.prometheusRule.enabled Set this to true to create prometheusRules for Prometheus operator
2054 | ##
2055 | enabled: false
2056 | ## @param metrics.prometheusRule.additionalLabels Additional labels that can be used so prometheusRules will be discovered by Prometheus
2057 | ##
2058 | additionalLabels: {}
2059 | ## @param metrics.prometheusRule.namespace Namespace where prometheusRules resource should be created
2060 | ##
2061 | namespace: ""
2062 | ## @param metrics.prometheusRule.rules Rules to be created, check values for an example
2063 | ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#rulegroup
2064 | ## https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/
2065 | ##
2066 | ## This is an example of a rule, you should add the below code block under the "rules" param, removing the brackets
2067 | ## rules:
2068 | ## - alert: HighRequestLatency
2069 | ## expr: job:request_latency_seconds:mean5m{job="myjob"} > 0.5
2070 | ## for: 10m
2071 | ## labels:
2072 | ## severity: page
2073 | ## annotations:
2074 | ## summary: High request latency
2075 | ##
2076 | rules: []
2077 |
--------------------------------------------------------------------------------
/helm/values/restore/values.yaml:
--------------------------------------------------------------------------------
1 | ## Full restore
2 | auth:
3 | rootUser: root
4 | rootPassword: "${mongodb_root_user_password}"
5 |
6 | restore:
7 | bucket_uri: ${bucket_uri}
8 | file_name: ${file_name}
9 | aws_default_region: ${s3_bucket_region}
10 | azure_storage_account_name: ${azure_storage_account_name}
11 | azure_storage_account_key: ${azure_storage_account_key}
12 | azure_container_name: ${azure_container_name}
13 |
14 | annotations:
15 | ${annotations}
16 |
17 | bucket_provider_type: ${bucket_provider_type}
18 |
19 | affinity:
20 | nodeAffinity:
21 | requiredDuringSchedulingIgnoredDuringExecution:
22 | nodeSelectorTerms:
23 | - matchExpressions:
24 | - key: "Infra-Services"
25 | operator: In
26 | values:
27 | - "true"
28 |
29 | restorejob:
30 | resources:
31 | requests:
32 | memory: 100Mi
33 | cpu: 50m
34 | limits:
35 | memory: 200Mi
36 | cpu: 100m
37 |
--------------------------------------------------------------------------------
/main.tf:
--------------------------------------------------------------------------------
1 | locals {
2 | arbiterValue = var.mongodb_config.replica_count % 2 == 0 ? true : false
3 | }
4 |
5 | resource "random_password" "mongodb_root_password" {
6 | count = var.mongodb_custom_credentials_enabled ? 0 : 1
7 | length = 20
8 | special = false
9 | }
10 |
11 | resource "random_password" "mongodb_exporter_password" {
12 | count = var.mongodb_custom_credentials_enabled ? 0 : 1
13 | length = 20
14 | special = false
15 | }
16 |
17 | resource "kubernetes_namespace" "mongodb" {
18 | count = var.create_namespace ? 1 : 0
19 | metadata {
20 | annotations = {}
21 | name = var.namespace
22 | }
23 | }
24 |
25 | resource "helm_release" "mongodb" {
26 | depends_on = [kubernetes_namespace.mongodb]
27 | name = "mongodb"
28 | chart = "mongodb"
29 | version = var.chart_version
30 | timeout = 600
31 | namespace = var.namespace
32 | repository = "https://charts.bitnami.com/bitnami"
33 | values = [
34 | templatefile("${path.module}/helm/values/mongodb/values.yaml", {
35 | namespace = var.namespace,
36 | app_version = var.app_version,
37 | volume_size = var.mongodb_config.volume_size,
38 | architecture = var.mongodb_config.architecture,
39 | replicacount = var.mongodb_config.replica_count,
40 | arbiterValue = local.arbiterValue,
41 | custom_databases = var.mongodb_config.custom_databases
42 | custom_databases_usernames = var.mongodb_config.custom_databases_usernames
43 | custom_databases_passwords = var.mongodb_config.custom_databases_passwords
44 | storage_class_name = var.mongodb_config.storage_class_name,
45 | mongodb_exporter_password = var.mongodb_custom_credentials_enabled ? var.mongodb_custom_credentials_config.metric_exporter_password : var.metric_exporter_password,
46 | mongodb_root_user_password = var.mongodb_custom_credentials_enabled ? var.mongodb_custom_credentials_config.root_password : var.root_password
47 | }),
48 | var.mongodb_config.values_yaml
49 | ]
50 | }
51 |
52 | resource "helm_release" "mongodb_backup" {
53 | depends_on = [helm_release.mongodb]
54 | count = var.mongodb_backup_enabled ? 1 : 0
55 | name = "mongodb-backup"
56 | chart = "${path.module}/modules/backup"
57 | timeout = 600
58 | namespace = var.namespace
59 | values = [
60 | templatefile("${path.module}/helm/values/backup/values.yaml", {
61 | mongodb_root_user_password = var.mongodb_custom_credentials_enabled ? var.mongodb_custom_credentials_config.root_password : var.root_password,
62 | bucket_uri = var.mongodb_backup_config.bucket_uri,
63 | s3_bucket_region = var.bucket_provider_type == "s3" ? var.mongodb_backup_config.s3_bucket_region : "",
64 | cron_for_full_backup = var.mongodb_backup_config.cron_for_full_backup,
65 | bucket_provider_type = var.bucket_provider_type,
66 | azure_storage_account_name = var.bucket_provider_type == "azure" ? var.azure_storage_account_name : ""
67 | azure_storage_account_key = var.bucket_provider_type == "azure" ? var.azure_storage_account_key : ""
68 | azure_container_name = var.bucket_provider_type == "azure" ? var.azure_container_name : ""
69 | annotations = var.bucket_provider_type == "s3" ? "eks.amazonaws.com/role-arn : ${var.iam_role_arn_backup}" : var.bucket_provider_type == "gcs" ? "iam.gke.io/gcp-service-account: ${var.service_account_backup}" : var.bucket_provider_type == "azure" ? "azure.workload.identity/client-id: ${var.az_account_backup}" : ""
70 | }),
71 | var.mongodb_config.values_yaml
72 | ]
73 | }
74 |
75 | ##DB Dump restore
76 | resource "helm_release" "mongodb_restore" {
77 | depends_on = [helm_release.mongodb]
78 | count = var.mongodb_restore_enabled ? 1 : 0
79 | name = "mongodb-restore"
80 | chart = "${path.module}/modules/restore"
81 | timeout = 600
82 | namespace = var.namespace
83 | values = [
84 | templatefile("${path.module}/helm/values/restore/values.yaml", {
85 | mongodb_root_user_password = var.mongodb_custom_credentials_enabled ? var.mongodb_custom_credentials_config.root_password : var.root_password,
86 | bucket_uri = var.mongodb_restore_config.bucket_uri,
87 | file_name = var.mongodb_restore_config.file_name,
88 | s3_bucket_region = var.bucket_provider_type == "s3" ? var.mongodb_restore_config.s3_bucket_region : "",
89 | bucket_provider_type = var.bucket_provider_type,
90 | azure_storage_account_name = var.bucket_provider_type == "azure" ? var.azure_storage_account_name : ""
91 | azure_storage_account_key = var.bucket_provider_type == "azure" ? var.azure_storage_account_key : ""
92 | azure_container_name = var.bucket_provider_type == "azure" ? var.azure_container_name : ""
93 | annotations = var.bucket_provider_type == "s3" ? "eks.amazonaws.com/role-arn : ${var.iam_role_arn_restore}" : var.bucket_provider_type == "gcs" ? "iam.gke.io/gcp-service-account: ${var.service_account_restore}" : var.bucket_provider_type == "azure" ? "azure.workload.identity/client-id: ${var.az_account_restore}" : ""
94 | }),
95 | var.mongodb_config.values_yaml
96 | ]
97 | }
98 |
99 | resource "helm_release" "mongodb_exporter" {
100 | depends_on = [helm_release.mongodb]
101 | count = var.mongodb_exporter_enabled ? 1 : 0
102 | name = "mongodb-exporter"
103 | chart = "prometheus-mongodb-exporter"
104 | version = var.mongodb_exporter_config.version
105 | timeout = 600
106 | namespace = var.namespace
107 | repository = "https://prometheus-community.github.io/helm-charts"
108 | values = [
109 | templatefile("${path.module}/helm/values/exporter/values.yaml", {
110 | mongodb_exporter_password = var.mongodb_custom_credentials_enabled ? var.mongodb_custom_credentials_config.metric_exporter_password : "${var.metric_exporter_password}"
111 | service_monitor_namespace = var.namespace
112 | }),
113 | var.mongodb_exporter_values
114 | ]
115 | }
116 |
--------------------------------------------------------------------------------
/modules/backup/.helmignore:
--------------------------------------------------------------------------------
1 | # Patterns to ignore when building packages.
2 | # This supports shell glob matching, relative path matching, and
3 | # negation (prefixed with !). Only one pattern per line.
4 | .DS_Store
5 | # Common VCS dirs
6 | .git/
7 | .gitignore
8 | .bzr/
9 | .bzrignore
10 | .hg/
11 | .hgignore
12 | .svn/
13 | # Common backup files
14 | *.swp
15 | *.bak
16 | *.tmp
17 | *~
18 | # Various IDEs
19 | .project
20 | .idea/
21 | *.tmproj
22 |
--------------------------------------------------------------------------------
/modules/backup/Chart.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | description: A helm chart for Backup of mongo and stored in S3
3 | name: mongodb-backup
4 | version: 1.0.0
5 |
--------------------------------------------------------------------------------
/modules/backup/templates/backup-secrets.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Secret
3 | metadata:
4 | name: mongo-bucket-backup
5 | namespace: {{ .Release.Namespace }}
6 | labels:
7 | data:
8 | BUCKET_URI: {{ .Values.backup.bucket_uri | b64enc }}
9 |
--------------------------------------------------------------------------------
/modules/backup/templates/fullbackup-cronjob.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: batch/v1
2 | kind: CronJob
3 | metadata:
4 | name: backup-mongodb
5 | spec:
6 | schedule: {{ .Values.backup.cron_for_full_backup | quote }}
7 | concurrencyPolicy: Forbid
8 | suspend: false
9 | successfulJobsHistoryLimit: 3
10 | failedJobsHistoryLimit: 1
11 |
12 | jobTemplate:
13 | spec:
14 | template:
15 | spec:
16 | affinity:
17 | {{- toYaml .Values.affinity | nindent 12 }}
18 | restartPolicy: OnFailure
19 | serviceAccountName: sa-mongo-backup
20 | containers:
21 | - name: backup-mongodb
22 | image: saturnops/mongodb-backup:v7
23 | env:
24 | - name: MONGODB_URI
25 | value: mongodb://{{ .Values.auth.rootUser }}:{{ .Values.auth.rootPassword }}@mongodb-headless.{{ .Release.Namespace }}.svc.cluster.local:27017
26 | - name: MONGO_OPLOG
27 | value: "true"
28 | - name: MONGO_BUCKET_URI
29 | valueFrom:
30 | secretKeyRef:
31 | name: mongo-bucket-backup
32 | key: BUCKET_URI
33 | - name: BUCKET_PROVIDER
34 | value: {{ .Values.bucket_provider_type }}
35 | - name: AWS_DEFAULT_REGION
36 | value: {{ .Values.backup.aws_default_region }}
37 | resources:
38 | {{- toYaml .Values.backupjob.resources | nindent 14 }}
39 |
--------------------------------------------------------------------------------
/modules/backup/templates/service_account.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: ServiceAccount
3 | metadata:
4 | name: sa-mongo-backup
5 | annotations:
6 | {{ toYaml .Values.annotations | indent 4 }}
7 |
--------------------------------------------------------------------------------
/modules/resources/aws/README.md:
--------------------------------------------------------------------------------
1 | # aws
2 |
3 |
4 | ## Requirements
5 |
6 | No requirements.
7 |
8 | ## Providers
9 |
10 | | Name | Version |
11 | |------|---------|
12 | | [aws](#provider\_aws) | n/a |
13 | | [random](#provider\_random) | n/a |
14 |
15 | ## Modules
16 |
17 | No modules.
18 |
19 | ## Resources
20 |
21 | | Name | Type |
22 | |------|------|
23 | | [aws_iam_role.mongo_backup_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
24 | | [aws_iam_role.mongo_restore_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
25 | | [aws_secretsmanager_secret.mongodb_user_password](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret) | resource |
26 | | [aws_secretsmanager_secret_version.mongodb_root_password](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_version) | resource |
27 | | [random_password.mongodb_exporter_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
28 | | [random_password.mongodb_root_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
29 | | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
30 | | [aws_eks_cluster.kubernetes_cluster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/eks_cluster) | data source |
31 |
32 | ## Inputs
33 |
34 | | Name | Description | Type | Default | Required |
35 | |------|-------------|------|---------|:--------:|
36 | | [cluster\_name](#input\_cluster\_name) | Specifies the name of the EKS cluster to deploy the Mongodb application on. | `string` | `""` | no |
37 | | [environment](#input\_environment) | Environment in which the infrastructure is being deployed (e.g., production, staging, development) | `string` | `"test"` | no |
38 | | [mongodb\_custom\_credentials\_config](#input\_mongodb\_custom\_credentials\_config) | Specify the configuration settings for Mongodb to pass custom credentials during creation. | `any` | {
"metric_exporter_password": "",
"metric_exporter_user": "",
"root_password": "",
"root_user": ""
}
| no |
39 | | [mongodb\_custom\_credentials\_enabled](#input\_mongodb\_custom\_credentials\_enabled) | Specifies whether to enable custom credentials for MongoDB database. | `bool` | `false` | no |
40 | | [name](#input\_name) | Name identifier for module to be added as suffix to resources | `string` | `"test"` | no |
41 | | [namespace](#input\_namespace) | Name of the Kubernetes namespace where the Mongodb deployment will be deployed. | `string` | `"mongodb"` | no |
42 | | [recovery\_window\_aws\_secret](#input\_recovery\_window\_aws\_secret) | Number of days that AWS Secrets Manager will wait before deleting a secret. This value can be set to 0 to force immediate deletion, or to a value between 7 and 30 days to allow for recovery. | `number` | `0` | no |
43 | | [store\_password\_to\_secret\_manager](#input\_store\_password\_to\_secret\_manager) | Specifies whether to store the credentials in GCP secret manager. | `bool` | `false` | no |
44 |
45 | ## Outputs
46 |
47 | | Name | Description |
48 | |------|-------------|
49 | | [iam\_role\_arn\_backup](#output\_iam\_role\_arn\_backup) | IAM role arn for mongo backup |
50 | | [iam\_role\_arn\_restore](#output\_iam\_role\_arn\_restore) | IAM role arn for mongo restore |
51 | | [metric\_exporter\_pasword](#output\_metric\_exporter\_pasword) | mongodb\_exporter user's password of MongoDB |
52 | | [root\_password](#output\_root\_password) | Root user's password of MongoDB |
53 |
54 |
--------------------------------------------------------------------------------
/modules/resources/aws/main.tf:
--------------------------------------------------------------------------------
1 | locals {
2 | oidc_provider = replace(
3 | data.aws_eks_cluster.kubernetes_cluster.identity[0].oidc[0].issuer,
4 | "/^https:///",
5 | ""
6 | )
7 | }
8 |
9 | resource "random_password" "mongodb_root_password" {
10 | count = var.mongodb_custom_credentials_enabled ? 0 : 1
11 | length = 20
12 | special = false
13 | }
14 |
15 | resource "random_password" "mongodb_exporter_password" {
16 | count = var.mongodb_custom_credentials_enabled ? 0 : 1
17 | length = 20
18 | special = false
19 | }
20 |
21 | data "aws_caller_identity" "current" {}
22 |
23 | data "aws_eks_cluster" "kubernetes_cluster" {
24 | name = var.cluster_name
25 | }
26 |
27 |
28 | resource "aws_secretsmanager_secret" "mongodb_user_password" {
29 | count = var.store_password_to_secret_manager ? 1 : 0
30 | name = format("%s/%s/%s", var.environment, var.name, "mongodb")
31 | recovery_window_in_days = var.recovery_window_aws_secret
32 | }
33 |
34 | resource "aws_secretsmanager_secret_version" "mongodb_root_password" {
35 | count = var.store_password_to_secret_manager ? 1 : 0
36 | secret_id = aws_secretsmanager_secret.mongodb_user_password[0].id
37 | secret_string = var.mongodb_custom_credentials_enabled ? jsonencode(
38 | {
39 | "root_user" : "${var.mongodb_custom_credentials_config.root_user}",
40 | "root_password" : "${var.mongodb_custom_credentials_config.root_password}",
41 | "metric_exporter_user" : "${var.mongodb_custom_credentials_config.metric_exporter_user}",
42 | "metric_exporter_password" : "${var.mongodb_custom_credentials_config.metric_exporter_password}"
43 | }) : jsonencode(
44 | {
45 | "root_user" : "root",
46 | "root_password" : "${random_password.mongodb_root_password[0].result}",
47 | "metric_exporter_user" : "mongodb_exporter",
48 | "metric_exporter_password" : "${random_password.mongodb_exporter_password[0].result}"
49 | })
50 | }
51 |
52 | resource "aws_iam_role" "mongo_backup_role" {
53 | name = format("%s-%s-%s", var.cluster_name, var.name, "mongodb-backup")
54 | assume_role_policy = jsonencode({
55 | Version = "2012-10-17",
56 | Statement = [
57 | {
58 | Effect = "Allow",
59 | Principal = {
60 | Federated = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:oidc-provider/${local.oidc_provider}"
61 | },
62 | Action = "sts:AssumeRoleWithWebIdentity",
63 | Condition = {
64 | StringEquals = {
65 | "${local.oidc_provider}:aud" = "sts.amazonaws.com",
66 | "${local.oidc_provider}:sub" = "system:serviceaccount:${var.namespace}:sa-mongo-backup"
67 | }
68 | }
69 | }
70 | ]
71 | })
72 | inline_policy {
73 | name = "AllowS3PutObject"
74 | policy = jsonencode({
75 | Version = "2012-10-17"
76 | Statement = [
77 | {
78 | Action = [
79 | "s3:ListBucket",
80 | "s3:GetObject",
81 | "s3:PutObject",
82 | "s3:DeleteObject",
83 | "s3:AbortMultipartUpload",
84 | "s3:ListMultipartUploadParts"
85 | ]
86 | Effect = "Allow"
87 | Resource = "*"
88 | }
89 | ]
90 | })
91 | }
92 | }
93 |
94 | resource "aws_iam_role" "mongo_restore_role" {
95 | name = format("%s-%s-%s", var.cluster_name, var.name, "mongodb-restore")
96 | assume_role_policy = jsonencode({
97 | Version = "2012-10-17",
98 | Statement = [
99 | {
100 | Effect = "Allow",
101 | Principal = {
102 | Federated = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:oidc-provider/${local.oidc_provider}"
103 | },
104 | Action = "sts:AssumeRoleWithWebIdentity",
105 | Condition = {
106 | StringEquals = {
107 | "${local.oidc_provider}:aud" = "sts.amazonaws.com",
108 | "${local.oidc_provider}:sub" = "system:serviceaccount:${var.namespace}:sa-mongo-restore"
109 | }
110 | }
111 | }
112 | ]
113 | })
114 | inline_policy {
115 | name = "AllowS3PutObject"
116 | policy = jsonencode({
117 | Version = "2012-10-17"
118 | Statement = [
119 | {
120 | Action = [
121 | "s3:ListBucket",
122 | "s3:GetObject",
123 | "s3:PutObject",
124 | "s3:DeleteObject",
125 | "s3:AbortMultipartUpload",
126 | "s3:ListMultipartUploadParts"
127 | ]
128 | Effect = "Allow"
129 | Resource = "*"
130 | }
131 | ]
132 | })
133 | }
134 | }
135 |
--------------------------------------------------------------------------------
/modules/resources/aws/outputs.tf:
--------------------------------------------------------------------------------
1 | output "iam_role_arn_backup" {
2 | value = aws_iam_role.mongo_backup_role.arn
3 | description = "IAM role arn for mongo backup"
4 | }
5 |
6 | output "iam_role_arn_restore" {
7 | value = aws_iam_role.mongo_restore_role.arn
8 | description = "IAM role arn for mongo restore"
9 | }
10 |
11 | output "root_password" {
12 | value = var.mongodb_custom_credentials_enabled ? null : nonsensitive(random_password.mongodb_root_password[0].result)
13 | description = "Root user's password of MongoDB"
14 | }
15 |
16 | output "metric_exporter_pasword" {
17 | value = var.mongodb_custom_credentials_enabled ? null : nonsensitive(random_password.mongodb_exporter_password[0].result)
18 | description = "mongodb_exporter user's password of MongoDB"
19 | }
20 |
--------------------------------------------------------------------------------
/modules/resources/aws/variables.tf:
--------------------------------------------------------------------------------
1 |
2 | variable "recovery_window_aws_secret" {
3 | type = number
4 | default = 0
5 | description = "Number of days that AWS Secrets Manager will wait before deleting a secret. This value can be set to 0 to force immediate deletion, or to a value between 7 and 30 days to allow for recovery."
6 | }
7 |
8 | variable "name" {
9 | description = "Name identifier for module to be added as suffix to resources"
10 | type = string
11 | default = "test"
12 | }
13 |
14 | variable "environment" {
15 | description = "Environment in which the infrastructure is being deployed (e.g., production, staging, development)"
16 | type = string
17 | default = "test"
18 | }
19 |
20 | variable "cluster_name" {
21 | type = string
22 | default = ""
23 | description = "Specifies the name of the EKS cluster to deploy the Mongodb application on."
24 | }
25 |
26 | variable "namespace" {
27 | type = string
28 | default = "mongodb"
29 | description = "Name of the Kubernetes namespace where the Mongodb deployment will be deployed."
30 | }
31 |
32 | variable "mongodb_custom_credentials_enabled" {
33 | type = bool
34 | default = false
35 | description = "Specifies whether to enable custom credentials for MongoDB database."
36 | }
37 |
38 | variable "mongodb_custom_credentials_config" {
39 | type = any
40 | default = {
41 | root_user = ""
42 | root_password = ""
43 | metric_exporter_user = ""
44 | metric_exporter_password = ""
45 | }
46 | description = "Specify the configuration settings for Mongodb to pass custom credentials during creation."
47 | }
48 |
49 | variable "store_password_to_secret_manager" {
50 | type = bool
51 | default = false
52 | description = "Specifies whether to store the credentials in GCP secret manager."
53 | }
54 |
--------------------------------------------------------------------------------
/modules/resources/azure/README.md:
--------------------------------------------------------------------------------
1 | # Azure Mongodb Kubernetes Module
2 | ## Requirements
3 |
4 | No requirements.
5 |
6 | ## Providers
7 |
8 | | Name | Version |
9 | |------|---------|
10 | | [azurerm](#provider\_azurerm) | n/a |
11 | | [random](#provider\_random) | n/a |
12 |
13 | ## Modules
14 |
15 | No modules.
16 |
17 | ## Resources
18 |
19 | | Name | Type |
20 | |------|------|
21 | | [azurerm_key_vault.mongo-secret](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault) | resource |
22 | | [azurerm_key_vault_secret.mongo-secret](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
23 | | [azurerm_role_assignment.pod_identity_assignment_backup](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
24 | | [azurerm_role_assignment.secretadmin_backup](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
25 | | [azurerm_role_assignment.secretadmin_restore](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
26 | | [azurerm_role_assignment.service_account_token_creator_backup](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
27 | | [azurerm_role_assignment.service_account_token_creator_restore](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
28 | | [azurerm_user_assigned_identity.mongo_backup_identity](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/user_assigned_identity) | resource |
29 | | [azurerm_user_assigned_identity.mongo_restore_identity](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/user_assigned_identity) | resource |
30 | | [azurerm_user_assigned_identity.pod_identity_backup](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/user_assigned_identity) | resource |
31 | | [random_password.mongodb_exporter_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
32 | | [random_password.mongodb_root_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
33 | | [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) | data source |
34 | | [azurerm_subscription.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subscription) | data source |
35 | | [azurerm_subscription.primary](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subscription) | data source |
36 |
37 | ## Inputs
38 |
39 | | Name | Description | Type | Default | Required |
40 | |------|-------------|------|---------|:--------:|
41 | | [azure\_uai\_backup\_name](#input\_azure\_uai\_backup\_name) | Azure User Assigned Identity name for backup | `string` | `"mongo-backup"` | no |
42 | | [azure\_uai\_pod\_identity\_backup\_name](#input\_azure\_uai\_pod\_identity\_backup\_name) | Azure User Assigned Identity name for pod identity backup | `string` | `"pod-identity-backup"` | no |
43 | | [azure\_uai\_pod\_identity\_restore\_name](#input\_azure\_uai\_pod\_identity\_restore\_name) | Azure User Assigned Identity name for pod identity restore | `string` | `"pod-identity-restore"` | no |
44 | | [azure\_uai\_restore\_name](#input\_azure\_uai\_restore\_name) | Azure User Assigned Identity name for restore | `string` | `"mongo-restore"` | no |
45 | | [environment](#input\_environment) | Environment in which the infrastructure is being deployed (e.g., production, staging, development) | `string` | `"test"` | no |
46 | | [mongodb\_config](#input\_mongodb\_config) | Specify the configuration settings for Mongodb, including the name, environment, storage options, replication settings, and custom YAML values. | `any` | {
"architecture": "",
"environment": "",
"name": "",
"replica_count": 2,
"storage_class_name": "",
"store_password_to_secret_manager": true,
"values_yaml": "",
"volume_size": ""
}
| no |
47 | | [mongodb\_custom\_credentials\_config](#input\_mongodb\_custom\_credentials\_config) | Specify the configuration settings for Mongodb to pass custom credentials during creation. | `any` | {
"metric_exporter_password": "",
"metric_exporter_user": "",
"root_password": "",
"root_user": ""
}
| no |
48 | | [mongodb\_custom\_credentials\_enabled](#input\_mongodb\_custom\_credentials\_enabled) | Specifies whether to enable custom credentials for MongoDB database. | `bool` | `false` | no |
49 | | [name](#input\_name) | Name of all the resources | `string` | `""` | no |
50 | | [resource\_group\_location](#input\_resource\_group\_location) | Azure region | `string` | `"East US"` | no |
51 | | [resource\_group\_name](#input\_resource\_group\_name) | Azure Resource Group name | `string` | `""` | no |
52 | | [storage\_account\_name](#input\_storage\_account\_name) | Azure storage account name | `string` | `""` | no |
53 | | [store\_password\_to\_secret\_manager](#input\_store\_password\_to\_secret\_manager) | Specifies whether to store the credentials in GCP secret manager. | `bool` | `false` | no |
54 |
55 | ## Outputs
56 |
57 | | Name | Description |
58 | |------|-------------|
59 | | [az\_account\_backup](#output\_az\_account\_backup) | Azure User Assigned Identity for backup |
60 | | [az\_account\_restore](#output\_az\_account\_restore) | Azure User Assigned Identity for restore |
61 | | [metric\_exporter\_pasword](#output\_metric\_exporter\_pasword) | mongodb\_exporter user's password of MongoDB |
62 | | [root\_password](#output\_root\_password) | Root user's password of MongoDB |
63 |
64 | ## Requirements
65 |
66 | No requirements.
67 |
68 | ## Providers
69 |
70 | | Name | Version |
71 | |------|---------|
72 | | [azurerm](#provider\_azurerm) | n/a |
73 | | [random](#provider\_random) | n/a |
74 |
75 | ## Modules
76 |
77 | No modules.
78 |
79 | ## Resources
80 |
81 | | Name | Type |
82 | |------|------|
83 | | [azurerm_key_vault.mongo-secret](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault) | resource |
84 | | [azurerm_key_vault_secret.mongo-secret](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource |
85 | | [azurerm_role_assignment.pod_identity_assignment_backup](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
86 | | [azurerm_role_assignment.secretadmin_backup](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
87 | | [azurerm_role_assignment.secretadmin_restore](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
88 | | [azurerm_role_assignment.service_account_token_creator_backup](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
89 | | [azurerm_role_assignment.service_account_token_creator_restore](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
90 | | [azurerm_user_assigned_identity.mongo_backup_identity](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/user_assigned_identity) | resource |
91 | | [azurerm_user_assigned_identity.mongo_restore_identity](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/user_assigned_identity) | resource |
92 | | [azurerm_user_assigned_identity.pod_identity_backup](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/user_assigned_identity) | resource |
93 | | [random_password.mongodb_exporter_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
94 | | [random_password.mongodb_root_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
95 | | [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) | data source |
96 | | [azurerm_subscription.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subscription) | data source |
97 | | [azurerm_subscription.primary](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subscription) | data source |
98 |
99 | ## Inputs
100 |
101 | | Name | Description | Type | Default | Required |
102 | |------|-------------|------|---------|:--------:|
103 | | [azure\_uai\_backup\_name](#input\_azure\_uai\_backup\_name) | Azure User Assigned Identity name for backup | `string` | `"mongo-backup"` | no |
104 | | [azure\_uai\_pod\_identity\_backup\_name](#input\_azure\_uai\_pod\_identity\_backup\_name) | Azure User Assigned Identity name for pod identity backup | `string` | `"pod-identity-backup"` | no |
105 | | [azure\_uai\_pod\_identity\_restore\_name](#input\_azure\_uai\_pod\_identity\_restore\_name) | Azure User Assigned Identity name for pod identity restore | `string` | `"pod-identity-restore"` | no |
106 | | [azure\_uai\_restore\_name](#input\_azure\_uai\_restore\_name) | Azure User Assigned Identity name for restore | `string` | `"mongo-restore"` | no |
107 | | [environment](#input\_environment) | Environment in which the infrastructure is being deployed (e.g., production, staging, development) | `string` | `"test"` | no |
108 | | [mongodb\_config](#input\_mongodb\_config) | Specify the configuration settings for Mongodb, including the name, environment, storage options, replication settings, and custom YAML values. | `any` | {
"architecture": "",
"environment": "",
"name": "",
"replica_count": 2,
"storage_class_name": "",
"store_password_to_secret_manager": true,
"values_yaml": "",
"volume_size": ""
}
| no |
109 | | [mongodb\_custom\_credentials\_config](#input\_mongodb\_custom\_credentials\_config) | Specify the configuration settings for Mongodb to pass custom credentials during creation. | `any` | {
"metric_exporter_password": "",
"metric_exporter_user": "",
"root_password": "",
"root_user": ""
}
| no |
110 | | [mongodb\_custom\_credentials\_enabled](#input\_mongodb\_custom\_credentials\_enabled) | Specifies whether to enable custom credentials for MongoDB database. | `bool` | `false` | no |
111 | | [name](#input\_name) | Name of all the resources | `string` | `""` | no |
112 | | [resource\_group\_location](#input\_resource\_group\_location) | Azure region | `string` | `"East US"` | no |
113 | | [resource\_group\_name](#input\_resource\_group\_name) | Azure Resource Group name | `string` | `""` | no |
114 | | [storage\_account\_name](#input\_storage\_account\_name) | Azure storage account name | `string` | `""` | no |
115 | | [store\_password\_to\_secret\_manager](#input\_store\_password\_to\_secret\_manager) | Specifies whether to store the credentials in GCP secret manager. | `bool` | `false` | no |
116 |
117 | ## Outputs
118 |
119 | | Name | Description |
120 | |------|-------------|
121 | | [az\_account\_backup](#output\_az\_account\_backup) | Azure User Assigned Identity for backup |
122 | | [az\_account\_restore](#output\_az\_account\_restore) | Azure User Assigned Identity for restore |
123 | | [metric\_exporter\_pasword](#output\_metric\_exporter\_pasword) | mongodb\_exporter user's password of MongoDB |
124 | | [root\_password](#output\_root\_password) | Root user's password of MongoDB |
125 |
126 |
--------------------------------------------------------------------------------
/modules/resources/azure/main.tf:
--------------------------------------------------------------------------------
1 | data "azurerm_client_config" "current" {}
2 |
3 | data "azurerm_subscription" "current" {}
4 |
5 | data "azurerm_subscription" "primary" {}
6 |
7 | resource "random_password" "mongodb_root_password" {
8 | count = var.mongodb_custom_credentials_enabled ? 0 : 1
9 | length = 20
10 | special = false
11 | }
12 |
13 | resource "random_password" "mongodb_exporter_password" {
14 | count = var.mongodb_custom_credentials_enabled ? 0 : 1
15 | length = 20
16 | special = false
17 | }
18 |
19 | resource "azurerm_key_vault" "mongo-secret" {
20 | count = var.store_password_to_secret_manager ? 1 : 0
21 | name = format("%s-%s-%s", var.environment, var.name, "mongodb")
22 | resource_group_name = var.resource_group_name
23 | location = var.resource_group_location
24 | sku_name = "standard"
25 | tenant_id = data.azurerm_client_config.current.tenant_id
26 | enabled_for_disk_encryption = true
27 | soft_delete_retention_days = 7
28 |
29 | access_policy {
30 | tenant_id = data.azurerm_client_config.current.tenant_id
31 | object_id = data.azurerm_client_config.current.object_id
32 | key_permissions = [
33 | "Get",
34 | "List",
35 | ]
36 | secret_permissions = [
37 | "Set",
38 | "Get",
39 | "List",
40 | "Delete",
41 | "Purge",
42 | ]
43 | }
44 | }
45 |
46 | resource "azurerm_key_vault_secret" "mongo-secret" {
47 | depends_on = [azurerm_key_vault.mongo-secret[0]]
48 | name = format("%s-%s-%s", var.environment, var.name, "secret")
49 | value = var.mongodb_custom_credentials_enabled ? jsonencode(
50 | {
51 | "root_user" : "${var.mongodb_custom_credentials_config.root_user}",
52 | "root_password" : "${var.mongodb_custom_credentials_config.root_password}",
53 | "metric_exporter_user" : "${var.mongodb_custom_credentials_config.metric_exporter_user}",
54 | "metric_exporter_password" : "${var.mongodb_custom_credentials_config.metric_exporter_password}"
55 | }) : jsonencode(
56 | {
57 | "root_user" : "root",
58 | "root_password" : "${random_password.mongodb_root_password[0].result}",
59 | "metric_exporter_user" : "mongodb_exporter",
60 | "metric_exporter_password" : "${random_password.mongodb_exporter_password[0].result}"
61 | })
62 | content_type = "application/json"
63 | key_vault_id = azurerm_key_vault.mongo-secret[0].id
64 | }
65 |
66 | # Create a service principal for mongo backup
67 | resource "azurerm_user_assigned_identity" "mongo_backup_identity" {
68 | name = format("%s-%s-%s", var.environment, var.name, "mongo_backup_identity")
69 | resource_group_name = var.resource_group_name
70 | location = var.resource_group_location
71 | }
72 |
73 | # Grant the storage blob contributor role to the backup service principal
74 | resource "azurerm_role_assignment" "secretadmin_backup" {
75 | principal_id = azurerm_user_assigned_identity.mongo_backup_identity.principal_id
76 | role_definition_name = "Storage Blob Data Contributor"
77 | scope = "/subscriptions/${data.azurerm_subscription.current.subscription_id}/resourceGroups/test-skaf-tfstate-rg/providers/Microsoft.Storage/storageAccounts/${var.storage_account_name}"
78 | }
79 |
80 | # Grant the "Managed Identity Token Creator" role to the backup service principal
81 | resource "azurerm_role_assignment" "service_account_token_creator_backup" {
82 | principal_id = azurerm_user_assigned_identity.mongo_backup_identity.principal_id
83 | role_definition_name = "Role Based Access Control Administrator (Preview)"
84 | scope = "/subscriptions/${data.azurerm_subscription.current.subscription_id}/resourceGroups/test-skaf-tfstate-rg"
85 | }
86 |
87 | # Create a service principal for mongo restore
88 | resource "azurerm_user_assigned_identity" "mongo_restore_identity" {
89 | name = format("%s-%s-%s", var.environment, var.name, "mongo_restore_identity")
90 | resource_group_name = var.resource_group_name
91 | location = var.resource_group_location
92 | }
93 |
94 | # Grant the storage blob contributor role to the restore service principal
95 | resource "azurerm_role_assignment" "secretadmin_restore" {
96 | principal_id = azurerm_user_assigned_identity.mongo_restore_identity.principal_id
97 | role_definition_name = "Storage Blob Data Contributor"
98 | scope = "/subscriptions/${data.azurerm_subscription.current.subscription_id}/resourceGroups/test-skaf-tfstate-rg/providers/Microsoft.Storage/storageAccounts/${var.storage_account_name}"
99 | }
100 |
101 | # Grant the "Managed Identity Token Creator" role to the restore service principal
102 | resource "azurerm_role_assignment" "service_account_token_creator_restore" {
103 | principal_id = azurerm_user_assigned_identity.mongo_restore_identity.principal_id
104 | role_definition_name = "Role Based Access Control Administrator (Preview)"
105 | scope = "/subscriptions/${data.azurerm_subscription.current.subscription_id}/resourceGroups/test-skaf-tfstate-rg"
106 | }
107 |
108 | # Configure workload identity for mongo backup
109 | resource "azurerm_user_assigned_identity" "pod_identity_backup" {
110 | name = format("%s-%s-%s", var.environment, var.name, "pod_identity_backup")
111 | resource_group_name = var.resource_group_name
112 | location = var.resource_group_location
113 | }
114 |
115 | resource "azurerm_role_assignment" "pod_identity_assignment_backup" {
116 | principal_id = azurerm_user_assigned_identity.pod_identity_backup.principal_id
117 | role_definition_name = "Managed Identity Operator"
118 | scope = "/subscriptions/${data.azurerm_subscription.current.subscription_id}/resourceGroups/${var.resource_group_name}"
119 | }
120 |
--------------------------------------------------------------------------------
/modules/resources/azure/outputs.tf:
--------------------------------------------------------------------------------
1 | output "az_account_backup" {
2 | value = azurerm_user_assigned_identity.mongo_backup_identity.client_id
3 | description = "Azure User Assigned Identity for backup"
4 | }
5 |
6 | output "az_account_restore" {
7 | value = azurerm_user_assigned_identity.mongo_restore_identity.client_id
8 | description = "Azure User Assigned Identity for restore"
9 | }
10 |
11 | output "root_password" {
12 | value = var.mongodb_custom_credentials_enabled ? null : nonsensitive(random_password.mongodb_root_password[0].result)
13 | description = "Root user's password of MongoDB"
14 | }
15 |
16 | output "metric_exporter_pasword" {
17 | value = var.mongodb_custom_credentials_enabled ? null : nonsensitive(random_password.mongodb_exporter_password[0].result)
18 | description = "mongodb_exporter user's password of MongoDB"
19 | }
20 |
--------------------------------------------------------------------------------
/modules/resources/azure/variables.tf:
--------------------------------------------------------------------------------
1 | variable "resource_group_name" {
2 | description = "Azure Resource Group name"
3 | type = string
4 | default = ""
5 | }
6 |
7 | variable "resource_group_location" {
8 | description = "Azure region"
9 | type = string
10 | default = "East US"
11 | }
12 |
13 | variable "name" {
14 | description = "Name of all the resources"
15 | type = string
16 | default = ""
17 | }
18 |
19 | variable "environment" {
20 | description = "Environment in which the infrastructure is being deployed (e.g., production, staging, development)"
21 | type = string
22 | default = "test"
23 | }
24 |
25 | variable "azure_uai_backup_name" {
26 | description = "Azure User Assigned Identity name for backup"
27 | type = string
28 | default = "mongo-backup"
29 | }
30 |
31 | variable "azure_uai_pod_identity_backup_name" {
32 | description = "Azure User Assigned Identity name for pod identity backup"
33 | type = string
34 | default = "pod-identity-backup"
35 | }
36 |
37 | variable "azure_uai_restore_name" {
38 | description = "Azure User Assigned Identity name for restore"
39 | type = string
40 | default = "mongo-restore"
41 | }
42 |
43 | variable "azure_uai_pod_identity_restore_name" {
44 | description = "Azure User Assigned Identity name for pod identity restore"
45 | type = string
46 | default = "pod-identity-restore"
47 | }
48 |
49 | variable "mongodb_config" {
50 | type = any
51 | default = {
52 | name = ""
53 | environment = ""
54 | volume_size = ""
55 | architecture = ""
56 | replica_count = 2
57 | values_yaml = ""
58 | storage_class_name = ""
59 | store_password_to_secret_manager = true
60 | }
61 | description = "Specify the configuration settings for Mongodb, including the name, environment, storage options, replication settings, and custom YAML values."
62 | }
63 |
64 | variable "mongodb_custom_credentials_enabled" {
65 | type = bool
66 | default = false
67 | description = "Specifies whether to enable custom credentials for MongoDB database."
68 | }
69 |
70 | variable "mongodb_custom_credentials_config" {
71 | type = any
72 | default = {
73 | root_user = ""
74 | root_password = ""
75 | metric_exporter_user = ""
76 | metric_exporter_password = ""
77 | }
78 | description = "Specify the configuration settings for Mongodb to pass custom credentials during creation."
79 | }
80 |
81 | variable "store_password_to_secret_manager" {
82 | type = bool
83 | default = false
84 | description = "Specifies whether to store the credentials in GCP secret manager."
85 | }
86 |
87 | variable "storage_account_name" {
88 | description = "Azure storage account name"
89 | type = string
90 | default = ""
91 | }
92 |
--------------------------------------------------------------------------------
/modules/resources/gcp/README.md:
--------------------------------------------------------------------------------
1 | # gcp
2 |
3 |
4 | ## Requirements
5 |
6 | No requirements.
7 |
8 | ## Providers
9 |
10 | | Name | Version |
11 | |------|---------|
12 | | [google](#provider\_google) | n/a |
13 | | [random](#provider\_random) | n/a |
14 |
15 | ## Modules
16 |
17 | No modules.
18 |
19 | ## Resources
20 |
21 | | Name | Type |
22 | |------|------|
23 | | [google_project_iam_member.secretadmin_backup](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/project_iam_member) | resource |
24 | | [google_project_iam_member.secretadmin_restore](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/project_iam_member) | resource |
25 | | [google_project_iam_member.service_account_token_creator_backup](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/project_iam_member) | resource |
26 | | [google_project_iam_member.service_account_token_creator_restore](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/project_iam_member) | resource |
27 | | [google_secret_manager_secret.mongo-secret](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/secret_manager_secret) | resource |
28 | | [google_secret_manager_secret_version.mongo-secret](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/secret_manager_secret_version) | resource |
29 | | [google_service_account.mongo_backup](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/service_account) | resource |
30 | | [google_service_account.mongo_restore](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/service_account) | resource |
31 | | [google_service_account_iam_member.pod_identity_backup](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/service_account_iam_member) | resource |
32 | | [google_service_account_iam_member.pod_identity_restore](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/service_account_iam_member) | resource |
33 | | [random_password.mongodb_exporter_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
34 | | [random_password.mongodb_root_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
35 |
36 | ## Inputs
37 |
38 | | Name | Description | Type | Default | Required |
39 | |------|-------------|------|---------|:--------:|
40 | | [environment](#input\_environment) | Environment in which the infrastructure is being deployed (e.g., production, staging, development) | `string` | `"test"` | no |
41 | | [gcp\_gsa\_backup\_name](#input\_gcp\_gsa\_backup\_name) | Google Cloud Service Account name for backup | `string` | `"mongo-backup"` | no |
42 | | [gcp\_gsa\_restore\_name](#input\_gcp\_gsa\_restore\_name) | Google Cloud Service Account name for restore | `string` | `"mongo-restore"` | no |
43 | | [gcp\_ksa\_backup\_name](#input\_gcp\_ksa\_backup\_name) | Google Kubernetes Service Account name for backup | `string` | `"sa-mongo-backup"` | no |
44 | | [gcp\_ksa\_restore\_name](#input\_gcp\_ksa\_restore\_name) | Google Kubernetes Service Account name for restore | `string` | `"sa-mongo-restore"` | no |
45 | | [mongodb\_custom\_credentials\_config](#input\_mongodb\_custom\_credentials\_config) | Specify the configuration settings for Mongodb to pass custom credentials during creation. | `any` | {
"metric_exporter_password": "",
"metric_exporter_user": "",
"root_password": "",
"root_user": ""
}
| no |
46 | | [mongodb\_custom\_credentials\_enabled](#input\_mongodb\_custom\_credentials\_enabled) | Specifies whether to enable custom credentials for MongoDB database. | `bool` | `false` | no |
47 | | [name](#input\_name) | Name identifier for module to be added as suffix to resources | `string` | `"test"` | no |
48 | | [project\_id](#input\_project\_id) | Google Cloud project ID | `string` | `""` | no |
49 | | [store\_password\_to\_secret\_manager](#input\_store\_password\_to\_secret\_manager) | Specifies whether to store the credentials in GCP secret manager. | `bool` | `false` | no |
50 |
51 | ## Outputs
52 |
53 | | Name | Description |
54 | |------|-------------|
55 | | [metric\_exporter\_pasword](#output\_metric\_exporter\_pasword) | mongodb\_exporter user's password of MongoDB |
56 | | [root\_password](#output\_root\_password) | Root user's password of MongoDB |
57 | | [service\_account\_backup](#output\_service\_account\_backup) | Google Cloud Service Account name for backup |
58 | | [service\_account\_restore](#output\_service\_account\_restore) | Google Cloud Service Account name for restore |
59 |
60 |
--------------------------------------------------------------------------------
/modules/resources/gcp/main.tf:
--------------------------------------------------------------------------------
1 | resource "random_password" "mongodb_root_password" {
2 | count = var.mongodb_custom_credentials_enabled ? 0 : 1
3 | length = 20
4 | special = false
5 | }
6 |
7 | resource "random_password" "mongodb_exporter_password" {
8 | count = var.mongodb_custom_credentials_enabled ? 0 : 1
9 | length = 20
10 | special = false
11 | }
12 |
13 | resource "google_secret_manager_secret" "mongo-secret" {
14 | count = var.store_password_to_secret_manager ? 1 : 0
15 | project = var.project_id
16 | secret_id = format("%s-%s-%s", var.environment, var.name, "mongo")
17 |
18 | replication {
19 | automatic = true
20 | }
21 | }
22 |
23 | resource "google_secret_manager_secret_version" "mongo-secret" {
24 | count = var.store_password_to_secret_manager ? 1 : 0
25 | secret = google_secret_manager_secret.mongo-secret[0].id
26 | secret_data = var.mongodb_custom_credentials_enabled ? jsonencode(
27 | {
28 | "root_user" : "${var.mongodb_custom_credentials_config.root_user}",
29 | "root_password" : "${var.mongodb_custom_credentials_config.root_password}",
30 | "metric_exporter_user" : "${var.mongodb_custom_credentials_config.metric_exporter_user}",
31 | "metric_exporter_password" : "${var.mongodb_custom_credentials_config.metric_exporter_password}"
32 | }) : jsonencode(
33 | {
34 | "root_user" : "root",
35 | "root_password" : "${random_password.mongodb_root_password[0].result}",
36 | "metric_exporter_user" : "mongodb_exporter",
37 | "metric_exporter_password" : "${random_password.mongodb_exporter_password[0].result}"
38 | })
39 | }
40 |
41 | resource "google_service_account" "mongo_backup" {
42 | project = var.project_id
43 | account_id = format("%s-%s", var.environment, var.gcp_gsa_backup_name)
44 | display_name = "Service Account for mongo Backup"
45 | }
46 |
47 | resource "google_project_iam_member" "secretadmin_backup" {
48 | project = var.project_id
49 | role = "roles/storage.objectAdmin"
50 | member = "serviceAccount:${google_service_account.mongo_backup.email}"
51 | }
52 |
53 | resource "google_project_iam_member" "service_account_token_creator_backup" {
54 | project = var.project_id
55 | role = "roles/iam.serviceAccountTokenCreator"
56 | member = "serviceAccount:${google_service_account.mongo_backup.email}"
57 | }
58 |
59 | resource "google_service_account_iam_member" "pod_identity_backup" {
60 | role = "roles/iam.workloadIdentityUser"
61 | member = "serviceAccount:${var.project_id}.svc.id.goog[mongodb/${var.gcp_ksa_backup_name}]"
62 | service_account_id = google_service_account.mongo_backup.name
63 | }
64 |
65 | resource "google_service_account" "mongo_restore" {
66 | project = var.project_id
67 | account_id = format("%s-%s", var.environment, var.gcp_gsa_restore_name)
68 | display_name = "Service Account for mongo restore"
69 | }
70 |
71 | resource "google_project_iam_member" "secretadmin_restore" {
72 | project = var.project_id
73 | role = "roles/storage.objectAdmin"
74 | member = "serviceAccount:${google_service_account.mongo_restore.email}"
75 | }
76 |
77 | resource "google_project_iam_member" "service_account_token_creator_restore" {
78 | project = var.project_id
79 | role = "roles/iam.serviceAccountTokenCreator"
80 | member = "serviceAccount:${google_service_account.mongo_restore.email}"
81 | }
82 |
83 | resource "google_service_account_iam_member" "pod_identity_restore" {
84 | role = "roles/iam.workloadIdentityUser"
85 | member = "serviceAccount:${var.project_id}.svc.id.goog[mongodb/${var.gcp_ksa_restore_name}]"
86 | service_account_id = google_service_account.mongo_restore.name
87 | }
88 |
--------------------------------------------------------------------------------
/modules/resources/gcp/outputs.tf:
--------------------------------------------------------------------------------
1 | output "service_account_backup" {
2 | value = google_service_account.mongo_backup.email
3 | description = "Google Cloud Service Account name for backup"
4 | }
5 |
6 | output "service_account_restore" {
7 | value = google_service_account.mongo_restore.email
8 | description = "Google Cloud Service Account name for restore"
9 | }
10 |
11 | output "root_password" {
12 | value = var.mongodb_custom_credentials_enabled ? null : nonsensitive(random_password.mongodb_root_password[0].result)
13 | description = "Root user's password of MongoDB"
14 | }
15 |
16 | output "metric_exporter_pasword" {
17 | value = var.mongodb_custom_credentials_enabled ? null : nonsensitive(random_password.mongodb_exporter_password[0].result)
18 | description = "mongodb_exporter user's password of MongoDB"
19 | }
20 |
--------------------------------------------------------------------------------
/modules/resources/gcp/variables.tf:
--------------------------------------------------------------------------------
1 | variable "project_id" {
2 | description = "Google Cloud project ID"
3 | type = string
4 | default = ""
5 | }
6 |
7 | variable "name" {
8 | description = "Name identifier for module to be added as suffix to resources"
9 | type = string
10 | default = "test"
11 | }
12 |
13 | variable "environment" {
14 | description = "Environment in which the infrastructure is being deployed (e.g., production, staging, development)"
15 | type = string
16 | default = "test"
17 | }
18 |
19 | variable "gcp_gsa_backup_name" {
20 | description = "Google Cloud Service Account name for backup"
21 | type = string
22 | default = "mongo-backup"
23 | }
24 |
25 | variable "gcp_ksa_backup_name" {
26 | description = "Google Kubernetes Service Account name for backup"
27 | type = string
28 | default = "sa-mongo-backup"
29 | }
30 |
31 | variable "gcp_gsa_restore_name" {
32 | description = "Google Cloud Service Account name for restore"
33 | type = string
34 | default = "mongo-restore"
35 | }
36 |
37 | variable "gcp_ksa_restore_name" {
38 | description = "Google Kubernetes Service Account name for restore"
39 | type = string
40 | default = "sa-mongo-restore"
41 | }
42 |
43 |
44 | variable "mongodb_custom_credentials_enabled" {
45 | type = bool
46 | default = false
47 | description = "Specifies whether to enable custom credentials for MongoDB database."
48 | }
49 |
50 | variable "mongodb_custom_credentials_config" {
51 | type = any
52 | default = {
53 | root_user = ""
54 | root_password = ""
55 | metric_exporter_user = ""
56 | metric_exporter_password = ""
57 | }
58 | description = "Specify the configuration settings for Mongodb to pass custom credentials during creation."
59 | }
60 |
61 | variable "store_password_to_secret_manager" {
62 | type = bool
63 | default = false
64 | description = "Specifies whether to store the credentials in GCP secret manager."
65 | }
66 |
--------------------------------------------------------------------------------
/modules/restore/.helmignore:
--------------------------------------------------------------------------------
1 | # Patterns to ignore when building packages.
2 | # This supports shell glob matching, relative path matching, and
3 | # negation (prefixed with !). Only one pattern per line.
4 | .DS_Store
5 | # Common VCS dirs
6 | .git/
7 | .gitignore
8 | .bzr/
9 | .bzrignore
10 | .hg/
11 | .hgignore
12 | .svn/
13 | # Common backup files
14 | *.swp
15 | *.bak
16 | *.tmp
17 | *~
18 | # Various IDEs
19 | .project
20 | .idea/
21 | *.tmproj
22 |
--------------------------------------------------------------------------------
/modules/restore/Chart.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | description: A helm chart for Backup of mongo and stored in S3
3 | name: mongodb-restore
4 | version: 1.0.0
5 |
--------------------------------------------------------------------------------
/modules/restore/templates/job.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: batch/v1
2 | kind: Job
3 | metadata:
4 | name: restore-mongo
5 | spec:
6 | template:
7 | spec:
8 | affinity:
9 | {{- toYaml .Values.affinity | nindent 8 }}
10 | serviceAccountName: sa-mongo-restore
11 | containers:
12 | - name: restore-mongodb
13 | image: saturnops/mongodb-restore:v6
14 | env:
15 | - name: MONGO_URI
16 | value: mongodb://{{ .Values.auth.rootUser }}:{{ .Values.auth.rootPassword }}@mongodb-primary.{{ .Release.Namespace }}.svc.cluster.local:27017
17 | - name: MONGO_OPLOG
18 | value: "false"
19 | - name: AWS_DEFAULT_REGION
20 | value: {{ .Values.restore.aws_default_region}}
21 | - name: MONGO_BUCKET_RESTORE_URI
22 | valueFrom:
23 | secretKeyRef:
24 | name: mongo-restore
25 | key: BUCKET_URI
26 | - name: FILE_NAME_FULL
27 | value: {{ .Values.restore.file_name | quote }}
28 | - name: RESTORE_FROM
29 | value: {{ .Values.bucket_provider_type}}
30 | resources:
31 | {{- toYaml .Values.restorejob.resources | nindent 14 }}
32 | restartPolicy: Never
33 | backoffLimit: 4
34 |
--------------------------------------------------------------------------------
/modules/restore/templates/restore-secrets.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Secret
3 | metadata:
4 | name: mongo-restore
5 | namespace: {{ .Release.Namespace }}
6 | labels:
7 | data:
8 | BUCKET_URI: {{ .Values.restore.bucket_uri | b64enc }}
9 |
--------------------------------------------------------------------------------
/modules/restore/templates/service_account.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: ServiceAccount
3 | metadata:
4 | name: sa-mongo-restore
5 | annotations:
6 | {{ toYaml .Values.annotations | indent 4 }}
7 |
--------------------------------------------------------------------------------
/output.tf:
--------------------------------------------------------------------------------
1 | output "mongodb_endpoints" {
2 | description = "MongoDB endpoints in the Kubernetes cluster."
3 | value = {
4 | mongoport = "27017",
5 | mongodb_headless_endpoint = "mongodb-headless.${var.namespace}.svc.cluster.local"
6 | mongodb_primary_endpoint = "mongodb-primary.${var.namespace}.svc.cluster.local"
7 | }
8 | }
9 |
10 | output "mongodb_credential" {
11 | description = "MongoDB credentials used for accessing the MongoDB database."
12 | value = var.mongodb_config.store_password_to_secret_manager ? null : {
13 | root_user = var.mongodb_custom_credentials_enabled ? var.mongodb_custom_credentials_config.root_user : "root",
14 | root_password = var.mongodb_custom_credentials_enabled ? var.mongodb_custom_credentials_config.root_password : var.root_password,
15 | metric_exporter_user = var.mongodb_custom_credentials_enabled ? var.mongodb_custom_credentials_config.metric_exporter_user : "mongodb_exporter",
16 | metric_exporter_password = var.mongodb_custom_credentials_enabled ? var.mongodb_custom_credentials_config.metric_exporter_password : var.metric_exporter_password
17 | }
18 | }
19 |
--------------------------------------------------------------------------------
/variables.tf:
--------------------------------------------------------------------------------
1 | variable "mongodb_config" {
2 | type = any
3 | default = {
4 | name = ""
5 | environment = ""
6 | volume_size = ""
7 | architecture = ""
8 | replica_count = 2
9 | custom_databases = ""
10 | custom_databases_usernames = ""
11 | custom_databases_passwords = ""
12 | values_yaml = ""
13 | storage_class_name = ""
14 | store_password_to_secret_manager = true
15 | }
16 | description = "Specify the configuration settings for Mongodb, including the name, environment, storage options, replication settings, and custom YAML values."
17 | }
18 |
19 | variable "mongodb_custom_credentials_enabled" {
20 | type = bool
21 | default = false
22 | description = "Specifies whether to enable custom credentials for MongoDB database."
23 | }
24 |
25 | variable "mongodb_custom_credentials_config" {
26 | type = any
27 | default = {
28 | root_user = ""
29 | root_password = ""
30 | metric_exporter_user = ""
31 | metric_exporter_password = ""
32 | }
33 | description = "Specify the configuration settings for Mongodb to pass custom credentials during creation."
34 | }
35 |
36 | variable "chart_version" {
37 | type = string
38 | default = "13.1.5"
39 | description = "Version of the Mongodb chart that will be used to deploy Mongodb application."
40 | }
41 |
42 | variable "app_version" {
43 | type = string
44 | default = "5.0.8-debian-10-r9"
45 | description = "Version of the Mongodb application that will be deployed."
46 | }
47 |
48 | variable "namespace" {
49 | type = string
50 | default = "mongodb"
51 | description = "Name of the Kubernetes namespace where the Mongodb deployment will be deployed."
52 | }
53 |
54 | variable "mongodb_backup_enabled" {
55 | type = bool
56 | default = false
57 | description = "Specifies whether to enable backups for Mongodb database."
58 | }
59 |
60 | variable "mongodb_backup_config" {
61 | type = any
62 | default = {
63 | bucket_uri = ""
64 | s3_bucket_region = "us-east-2"
65 | cron_for_full_backup = "*/5 * * * *"
66 | }
67 | description = "Configuration options for Mongodb database backups. It includes properties such as the S3 bucket URI, the S3 bucket region, and the cron expression for full backups."
68 | }
69 |
70 | variable "mongodb_exporter_enabled" {
71 | type = bool
72 | default = false
73 | description = "Specify whether or not to deploy Mongodb exporter to collect Mongodb metrics for monitoring in Grafana."
74 | }
75 |
76 | variable "mongodb_exporter_config" {
77 | type = any
78 | default = {
79 | version = "2.9.0"
80 | }
81 | description = "Specify whether or not to deploy Mongodb exporter to collect Mongodb metrics for monitoring in Grafana."
82 | }
83 |
84 | variable "recovery_window_aws_secret" {
85 | type = number
86 | default = 0
87 | description = "Number of days that AWS Secrets Manager will wait before deleting a secret. This value can be set to 0 to force immediate deletion, or to a value between 7 and 30 days to allow for recovery."
88 | }
89 |
90 | variable "cluster_name" {
91 | type = string
92 | default = ""
93 | description = "Specifies the name of the EKS cluster to deploy the Mongodb application on."
94 | }
95 |
96 | variable "create_namespace" {
97 | type = string
98 | default = false
99 | description = "Specify whether or not to create the namespace if it does not already exist. Set it to true to create the namespace."
100 | }
101 |
102 | variable "mongodb_restore_enabled" {
103 | type = bool
104 | default = false
105 | description = "Specifies whether to enable restoring dump to the Mongodb database."
106 | }
107 |
108 | variable "mongodb_restore_config" {
109 | type = any
110 | default = {
111 | bucket_uri = "s3://mymongo/mongodumpfull_20230424_112501.gz"
112 | s3_bucket_region = "us-east-2"
113 | file_name = ""
114 | }
115 | description = "Configuration options for restoring dump to the Mongodb database."
116 | }
117 |
118 | variable "project_id" {
119 | description = "Google Cloud project ID"
120 | type = string
121 | default = ""
122 | }
123 |
124 | variable "bucket_provider_type" {
125 | type = string
126 | default = "gcs"
127 | description = "Choose what type of provider you want (s3, gcs)"
128 | }
129 |
130 | variable "root_password" {
131 | description = "Root password for MongoDB"
132 | type = string
133 | default = ""
134 | }
135 |
136 | variable "metric_exporter_password" {
137 | description = "Metric exporter password for MongoDB"
138 | type = string
139 | default = ""
140 | }
141 |
142 | variable "iam_role_arn_backup" {
143 | description = "IAM role ARN for backup (AWS)"
144 | type = string
145 | default = ""
146 | }
147 |
148 | variable "service_account_backup" {
149 | description = "Service account for backup (GCP)"
150 | type = string
151 | default = ""
152 | }
153 |
154 | variable "iam_role_arn_restore" {
155 | description = "IAM role ARN for restore (AWS)"
156 | type = string
157 | default = ""
158 | }
159 |
160 | variable "service_account_restore" {
161 | description = "Service account for restore (GCP)"
162 | type = string
163 | default = ""
164 | }
165 |
166 | variable "resource_group_name" {
167 | description = "Azure Resource Group name"
168 | type = string
169 | default = ""
170 | }
171 |
172 | variable "resource_group_location" {
173 | description = "Azure region"
174 | type = string
175 | default = "East US"
176 | }
177 | variable "azure_storage_account_name" {
178 | description = "Azure storage account name"
179 | type = string
180 | default = ""
181 | }
182 |
183 | variable "azure_storage_account_key" {
184 | description = "Azure storage account key"
185 | type = string
186 | default = ""
187 | }
188 |
189 | variable "azure_container_name" {
190 | description = "Azure container name"
191 | type = string
192 | default = ""
193 | }
194 |
195 | variable "az_account_backup" {
196 | description = "Azure user managed account backup identity"
197 | type = string
198 | default = ""
199 | }
200 |
201 | variable "az_account_restore" {
202 | description = "Azure user managed account restore identity"
203 | type = string
204 | default = ""
205 | }
206 |
207 |
208 | variable "mongodb_exporter_values" {
209 | description = "Mongo DB prometheus exporter values file"
210 | type = any
211 | default = ""
212 | }
213 |
--------------------------------------------------------------------------------