--- # Source: enterprise-operator/templates/operator-roles.yaml kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: mongodb-enterprise-operator-mongodb-webhook rules: - apiGroups: - "admissionregistration.k8s.io" resources: - validatingwebhookconfigurations verbs: - get - create - update - delete - apiGroups: - "" resources: - services verbs: - get - list - watch - create - update - delete --- # Source: enterprise-operator/templates/operator-roles.yaml # Additional ClusterRole for clusterVersionDetection kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: mongodb-enterprise-operator-cluster-telemetry rules: # Non-resource URL permissions - nonResourceURLs: - "/version" verbs: - get # Cluster-scoped resource permissions - apiGroups: - '' resources: - namespaces resourceNames: - kube-system verbs: - get - apiGroups: - '' resources: - nodes verbs: - list --- # Source: enterprise-operator/templates/operator-roles.yaml kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: mongodb-enterprise-operator-mongodb-webhook-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: mongodb-enterprise-operator-mongodb-webhook subjects: - kind: ServiceAccount name: mongodb-enterprise-operator namespace: mongodb --- # Source: enterprise-operator/templates/operator-roles.yaml # ClusterRoleBinding for clusterVersionDetection kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: mongodb-enterprise-operator-mongodb-cluster-telemetry-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: mongodb-enterprise-operator-cluster-telemetry subjects: - kind: ServiceAccount name: mongodb-enterprise-operator namespace: mongodb --- # Source: enterprise-operator/templates/operator-roles.yaml kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: name: mongodb-enterprise-operator namespace: mongodb rules: - apiGroups: - '' resources: - services verbs: - get - list - watch - create - update - delete - apiGroups: - '' resources: - secrets - configmaps verbs: - get - list - create - update - delete - watch - apiGroups: - apps resources: - statefulsets verbs: - create - get - list - watch - delete - update - apiGroups: - '' resources: - pods verbs: - get - list - watch - delete - deletecollection - apiGroups: - mongodb.com verbs: - '*' resources: - mongodb - mongodb/finalizers - mongodbusers - mongodbusers/finalizers - opsmanagers - opsmanagers/finalizers - mongodbmulticluster - mongodbmulticluster/finalizers - mongodb/status - mongodbusers/status - opsmanagers/status - mongodbmulticluster/status - apiGroups: - '' resources: - persistentvolumeclaims verbs: - get - delete - list - watch - patch - update --- # Source: enterprise-operator/templates/operator-roles.yaml kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: mongodb-enterprise-operator namespace: mongodb roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: mongodb-enterprise-operator subjects: - kind: ServiceAccount name: mongodb-enterprise-operator namespace: mongodb --- # Source: enterprise-operator/templates/database-roles.yaml apiVersion: v1 kind: ServiceAccount metadata: name: mongodb-enterprise-appdb namespace: mongodb --- # Source: enterprise-operator/templates/database-roles.yaml apiVersion: v1 kind: ServiceAccount metadata: name: mongodb-enterprise-database-pods namespace: mongodb --- # Source: enterprise-operator/templates/database-roles.yaml apiVersion: v1 kind: ServiceAccount metadata: name: mongodb-enterprise-ops-manager namespace: mongodb --- # Source: enterprise-operator/templates/database-roles.yaml kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: name: mongodb-enterprise-appdb namespace: mongodb rules: - apiGroups: - '' resources: - secrets verbs: - get - apiGroups: - '' resources: - pods verbs: - patch - delete - get --- # Source: enterprise-operator/templates/database-roles.yaml kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: mongodb-enterprise-appdb namespace: mongodb roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: mongodb-enterprise-appdb subjects: - kind: ServiceAccount name: mongodb-enterprise-appdb namespace: mongodb --- # Source: enterprise-operator/templates/operator-sa.yaml apiVersion: v1 kind: ServiceAccount metadata: name: mongodb-enterprise-operator namespace: mongodb --- # Source: enterprise-operator/templates/operator.yaml apiVersion: apps/v1 kind: Deployment metadata: name: mongodb-enterprise-operator namespace: mongodb spec: replicas: 1 selector: matchLabels: app.kubernetes.io/component: controller app.kubernetes.io/name: mongodb-enterprise-operator app.kubernetes.io/instance: mongodb-enterprise-operator template: metadata: labels: app.kubernetes.io/component: controller app.kubernetes.io/name: mongodb-enterprise-operator app.kubernetes.io/instance: mongodb-enterprise-operator spec: serviceAccountName: mongodb-enterprise-operator securityContext: runAsNonRoot: true runAsUser: 2000 containers: - name: mongodb-enterprise-operator image: "quay.io/mongodb/mongodb-enterprise-operator-ubi:1.33.0" imagePullPolicy: Always args: - -watch-resource=mongodb - -watch-resource=opsmanagers - -watch-resource=mongodbusers command: - /usr/local/bin/mongodb-enterprise-operator resources: limits: cpu: 1100m memory: 1Gi requests: cpu: 500m memory: 200Mi env: - name: OPERATOR_ENV value: prod - name: MDB_DEFAULT_ARCHITECTURE value: non-static - name: NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: WATCH_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: MDB_OPERATOR_TELEMETRY_COLLECTION_FREQUENCY value: "1h" - name: MDB_OPERATOR_TELEMETRY_SEND_FREQUENCY value: "168h" - name: CLUSTER_CLIENT_TIMEOUT value: "10" - name: IMAGE_PULL_POLICY value: Always # Database - name: MONGODB_ENTERPRISE_DATABASE_IMAGE value: quay.io/mongodb/mongodb-enterprise-database-ubi - name: INIT_DATABASE_IMAGE_REPOSITORY value: quay.io/mongodb/mongodb-enterprise-init-database-ubi - name: INIT_DATABASE_VERSION value: 1.33.0 - name: DATABASE_VERSION value: 1.33.0 # Ops Manager - name: OPS_MANAGER_IMAGE_REPOSITORY value: quay.io/mongodb/mongodb-enterprise-ops-manager-ubi - name: INIT_OPS_MANAGER_IMAGE_REPOSITORY value: quay.io/mongodb/mongodb-enterprise-init-ops-manager-ubi - name: INIT_OPS_MANAGER_VERSION value: 1.33.0 # AppDB - name: INIT_APPDB_IMAGE_REPOSITORY value: quay.io/mongodb/mongodb-enterprise-init-appdb-ubi - name: INIT_APPDB_VERSION value: 1.33.0 - name: OPS_MANAGER_IMAGE_PULL_POLICY value: Always - name: AGENT_IMAGE value: "quay.io/mongodb/mongodb-agent-ubi:108.0.2.8729-1" - name: MDB_AGENT_IMAGE_REPOSITORY value: "quay.io/mongodb/mongodb-agent-ubi" - name: MONGODB_IMAGE value: mongodb-enterprise-server - name: MONGODB_REPO_URL value: quay.io/mongodb - name: MDB_IMAGE_TYPE value: ubi8 - name: PERFORM_FAILOVER value: 'true' - name: MDB_MAX_CONCURRENT_RECONCILES value: "1"