# Set this to true if your cluster is managing SecurityContext for you. # If running OpenShift (Cloud, Minishift, etc.), set this to true. managedSecurityContext: false operator: # Execution environment for the operator, dev or prod. Use dev for more verbose logging env: prod # Default architecture for the operator. # Values are "static" and "non-static: mdbDefaultArchitecture: non-static # Name that will be assigned to most internal Kubernetes objects like Deployment, ServiceAccount, Role etc. name: mongodb-enterprise-operator # Name of the operator image operator_image_name: mongodb-enterprise-operator-ubi # Name of the deployment of the operator pod deployment_name: mongodb-enterprise-operator # Version of mongodb-enterprise-operator version: 1.27.0 # The Custom Resources that will be watched by the Operator. Needs to be changed if only some of the CRDs are installed watchedResources: - mongodb - opsmanagers - mongodbusers nodeSelector: {} tolerations: [] affinity: {} # operator cpu requests and limits resources: requests: cpu: 500m memory: 200Mi limits: cpu: 1100m memory: 1Gi # Control how many reconciles can be performed in parallel. # It sets MaxConcurrentReconciles https://pkg.go.dev/github.com/kubernetes-sigs/controller-runtime/pkg/controller#Options). # Increasing the number of concurrent reconciles will decrease the time needed to reconcile all watched resources. # But it might result in increased load on Ops Manager API, K8S API server and will require allocating more cpu and memory for the operator deployment. # # This setting works independently for all watched CRD types, so setting doesn't mean the operator will use only 4 workers in total, but # each CRD type (MongoDB, MongoDBMultiCluster, MongoDBOpsManager, MongoDBUser) will be reconciled with 4 workers, making it # 4*4=20 workers in total. Memory usage depends on the actual number of resources reconciles in parallel and is not allocated upfront. maxConcurrentReconciles: 1 # Create operator service account and roles # if false, then templates/operator-roles.yaml is excluded createOperatorServiceAccount: true # Set to false to NOT create service accounts and roles for the resources managed by the operator # It might be necessary to disable it to avoid conflicts when # kubectl mongodb plugin is used to configure multi-cluster resources createResourcesServiceAccountsAndRoles: true vaultSecretBackend: # set to true if you want the operator to store secrets in Vault enabled: false tlsSecretRef: '' # 0 or 1 is supported only replicas: 1 # additional arguments to pass on the operator's binary arguments, e.g. operator.additionalArguments={--v=9} to dump debug k8s networking to logs additionalArguments: [] webhook: # Controls whether the helm chart will install cluster role allowing to create ValidatingWebhookConfiguration. Default: true. # Without the permissions, the operator will log errors when trying to configure admission webhooks, but will work correctly nonetheless. installClusterRole: true # registerConfiguration setting (default: true) controls if the operator should automatically register ValidatingWebhookConfiguration and if required for it cluster-wide roles should be installed. # DO NOT disable this setting if installing via helm. This setting is used for OLM installations. # # Setting false: # - This setting is intended to be used ONLY when the operator is installed via OLM. Do not use it otherwise as the operator won't start due to missing webhook server certificates, which OLM provides automatically. # - Adds env var MDB_WEBHOOK_REGISTER_CONFIGURATION=false to the operator deployment. # - ClusterRole and ClusterRoleBinding required to manage ValidatingWebhookConfigurations will not be installed # - The operator will not create ValidatingWebhookConfigurations upon startup. # - The operator will not create the service for the webhook. If the `operator-webhook` service was created before, it will be deleted. # - The operator will still expose the webhook's endpoint on port on MDB_WEBHOOK_PORT (if not specified, the operator uses a default 1993) in case the ValidatingWebhookConfigurations is configured externally (e.g. in OLM/OpenShift) or by the administrator manually. # # Setting true: # - It's the default setting, behaviour of the operator w.r.t. webhook configuration is the same as before. # - operator-webhook service will be created by the operator. # - ClusterRole and ClusterRoleBinding required to manage ValidatingWebhookConfigurations will be installed. # - ValidatingWebhookConfigurations will be managed by the operator. registerConfiguration: true ## Database database: name: mongodb-enterprise-database-ubi version: 1.27.0 initDatabase: name: mongodb-enterprise-init-database-ubi version: 1.27.0 ## Ops Manager opsManager: name: mongodb-enterprise-ops-manager-ubi initOpsManager: name: mongodb-enterprise-init-ops-manager-ubi version: 1.27.0 ## Application Database initAppDb: name: mongodb-enterprise-init-appdb-ubi version: 1.27.0 agent: name: mongodb-agent-ubi version: 107.0.0.8502-1 mongodbLegacyAppDb: name: mongodb-enterprise-appdb-database-ubi repo: quay.io/mongodb # This is used by AppDB and by static containers to determine the image that the operator uses for databases. mongodb: name: mongodb-enterprise-server repo: quay.io/mongodb appdbAssumeOldFormat: false imageType: ubi8 ## Registry registry: imagePullSecrets: pullPolicy: Always # Specify if images are pulled from private registry operator: quay.io/mongodb database: quay.io/mongodb initDatabase: quay.io/mongodb initOpsManager: quay.io/mongodb opsManager: quay.io/mongodb initAppDb: quay.io/mongodb appDb: quay.io/mongodb agent: quay.io/mongodb multiCluster: # Specify if we want to deploy the operator in multi-cluster mode clusters: [] kubeConfigSecretName: mongodb-enterprise-operator-multi-cluster-kubeconfig performFailOver: true clusterClientTimeout: 10 # Set this to false to disable subresource utilization # It might be required on some versions of Openshift subresourceEnabled: true