# Set this to true if your cluster is managing SecurityContext for you. # If running OpenShift (Cloud, Minishift, etc.), set this to true. managedSecurityContext: false operator: # Execution environment for the operator, dev or prod. Use dev for more verbose logging env: prod # Default architecture for the operator. # Values are "static" and "non-static: mdbDefaultArchitecture: non-static baseName: mongodb-kubernetes # Name that will be assigned to most internal Kubernetes objects like Deployment, ServiceAccount, Role etc. name: mongodb-kubernetes-operator # Name of the operator image operator_image_name: mongodb-kubernetes # Name of the deployment of the operator pod deployment_name: mongodb-kubernetes-operator # Version of mongodb-kubernetes-operator version: 1.6.1 # The Custom Resources that will be watched by the Operator. Needs to be changed if only some of the CRDs are installed watchedResources: - mongodb - opsmanagers - mongodbusers - mongodbcommunity - mongodbsearch nodeSelector: {} tolerations: [] affinity: {} # operator cpu requests and limits resources: requests: cpu: 500m memory: 200Mi limits: cpu: 1100m memory: 1Gi podSecurityContext: runAsNonRoot: true runAsUser: 2000 securityContext: {} # Control how many reconciles can be performed in parallel. # It sets MaxConcurrentReconciles https://pkg.go.dev/github.com/kubernetes-sigs/controller-runtime/pkg/controller#Options). # Increasing the number of concurrent reconciles will decrease the time needed to reconcile all watched resources. # But it might result in increased load on Ops Manager API, K8S API server and will require allocating more cpu and memory for the operator deployment. # # This setting works independently for all watched CRD types, so setting doesn't mean the operator will use only 4 workers in total, but # each CRD type (MongoDB, MongoDBMultiCluster, MongoDBOpsManager, MongoDBUser) will be reconciled with 4 workers, making it # 4*4=20 workers in total. Memory usage depends on the actual number of resources reconciles in parallel and is not allocated upfront. maxConcurrentReconciles: 1 # Create operator service account and roles # if false, then operator RBAC will not be provided by the chart createOperatorServiceAccount: true # Set to false to NOT create service accounts and roles for the resources managed by the operator # It might be necessary to disable it to avoid conflicts when # kubectl mongodb plugin is used to configure multi-cluster resources createResourcesServiceAccountsAndRoles: true # If true, the helm chart will create the ClusterRole and ClusterRoleBinding for the operator to be able to access the ClusterMongoDBRole resources. # It will also set the --watch-resource flag, to enable the operator to watch the ClusterMongoDBRole resources for changes. # Set to false to not create the ClusterRole and ClusterRoleBinding and to disable the operator watching the ClusterMongoDBRole resources. enableClusterMongoDBRoles: true # Set to false to not create the RBAC for enabling access to the PVC for resizing for the operator enablePVCResize: true vaultSecretBackend: # set to true if you want the operator to store secrets in Vault enabled: false tlsSecretRef: '' # 0 or 1 is supported only replicas: 1 # additional arguments to pass on the operator's binary arguments, e.g. operator.additionalArguments={--v=9} to dump debug k8s networking to logs additionalArguments: [] webhook: # Controls whether the helm chart will install cluster role allowing to create ValidatingWebhookConfiguration. Default: true. # Without the permissions, the operator will log errors when trying to configure admission webhooks, but will work correctly nonetheless. installClusterRole: true # registerConfiguration setting (default: true) controls if the operator should automatically register ValidatingWebhookConfiguration and if required for it cluster-wide roles should be installed. # DO NOT disable this setting if installing via helm. This setting is used for OLM installations. # # Setting false: # - This setting is intended to be used ONLY when the operator is installed via OLM. Do not use it otherwise as the operator won't start due to missing webhook server certificates, which OLM provides automatically. # - Adds env var MDB_WEBHOOK_REGISTER_CONFIGURATION=false to the operator deployment. # - ClusterRole and ClusterRoleBinding required to manage ValidatingWebhookConfigurations will not be installed # - The operator will not create ValidatingWebhookConfigurations upon startup. # - The operator will not create the service for the webhook. If the `operator-webhook` service was created before, it will be deleted. # - The operator will still expose the webhook's endpoint on port on MDB_WEBHOOK_PORT (if not specified, the operator uses a default 1993) in case the ValidatingWebhookConfigurations is configured externally (e.g. in OLM/OpenShift) or by the administrator manually. # # Setting true: # - It's the default setting, behaviour of the operator w.r.t. webhook configuration is the same as before. # - operator-webhook service will be created by the operator. # - ClusterRole and ClusterRoleBinding required to manage ValidatingWebhookConfigurations will be installed. # - ValidatingWebhookConfigurations will be managed by the operator. registerConfiguration: true telemetry: collection: clusters: {} deployments: {} operators: {} # Valid time units are "m", "h". Anything less than one minute defaults to 1h frequency: 1h # Enables sending the collected telemetry to MongoDB send: # 168 hours is one week # Valid time units are "h". Anything less than one hours defaults to 168h frequency: 168h ## Database database: name: mongodb-kubernetes-database version: 1.6.1 initDatabase: name: mongodb-kubernetes-init-database version: 1.6.1 ## Ops Manager opsManager: name: mongodb-enterprise-ops-manager-ubi initOpsManager: name: mongodb-kubernetes-init-ops-manager version: 1.6.1 ## Application Database initAppDb: name: mongodb-kubernetes-init-appdb version: 1.6.1 agent: name: mongodb-agent version: 108.0.12.8846-1 # This is only used by the MongoDBCommunity resource reconciler - START versionUpgradeHook: name: mongodb-kubernetes-operator-version-upgrade-post-start-hook version: 1.0.10 readinessProbe: name: mongodb-kubernetes-readinessprobe version: 1.0.23 # This is only used by the MongoDBCommunity resource reconciler - END # This is used by AppDB and by static containers to determine the image that the operator uses for databases. mongodb: name: mongodb-enterprise-server repo: quay.io/mongodb appdbAssumeOldFormat: false ## Registry registry: imagePullSecrets: pullPolicy: Always # Specify if images are pulled from private registry operator: quay.io/mongodb database: quay.io/mongodb initDatabase: quay.io/mongodb initOpsManager: quay.io/mongodb opsManager: quay.io/mongodb initAppDb: quay.io/mongodb agent: quay.io/mongodb # This is only used by the MongoDBCommunity resource reconciler - START versionUpgradeHook: quay.io/mongodb readinessProbe: quay.io/mongodb # This is only used by the MongoDBCommunity resource reconciler - END multiCluster: # Specify if we want to deploy the operator in multi-cluster mode clusters: [] kubeConfigSecretName: mongodb-enterprise-operator-multi-cluster-kubeconfig performFailOver: true clusterClientTimeout: 10 # Resources only for the MongoDBCommunity resource reconciler community: mongodb: repo: quay.io/mongodb # change this if you want to use a different mongoDB image name: mongodb-community-server imageType: ubi8 agent: name: mongodb-agent version: 108.0.2.8729-1 registry: agent: quay.io/mongodb resource: name: mongodb-replica-set version: 4.4.0 members: 3 tls: # when tls.enabled == true and tls.useCertManager == true then Cert Manager's Issuer and Certificate resources will be created enabled: false # Installs Cert-Manager in this cluster. useX509: false sampleX509User: false useCertManager: true certificateKeySecretRef: tls-certificate caCertificateSecretRef: tls-ca-key-pair certManager: certDuration: 8760h # 365 days renewCertBefore: 720h # 30 days # MongoDBSearch settings search: # Full Search container image url used for the MongoDB Search container will be constructed as {search.repo}/{search.name}:{search.version} repo: quay.io/mongodb name: mongodb-search # default MongoDB Search version used; can be overridden by setting MongoDBSearch.spec.version field. version: 0.55.0