--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.15.0 service.binding: path={.metadata.name}-{.spec.users[0].db}-{.spec.users[0].name},objectType=Secret service.binding/connectionString: path={.metadata.name}-{.spec.users[0].db}-{.spec.users[0].name},objectType=Secret,sourceKey=connectionString.standardSrv service.binding/password: path={.metadata.name}-{.spec.users[0].db}-{.spec.users[0].name},objectType=Secret,sourceKey=password service.binding/provider: community service.binding/type: mongodb service.binding/username: path={.metadata.name}-{.spec.users[0].db}-{.spec.users[0].name},objectType=Secret,sourceKey=username name: mongodbcommunity.mongodbcommunity.mongodb.com spec: group: mongodbcommunity.mongodb.com names: kind: MongoDBCommunity listKind: MongoDBCommunityList plural: mongodbcommunity shortNames: - mdbc singular: mongodbcommunity scope: Namespaced versions: - additionalPrinterColumns: - description: Current state of the MongoDB deployment jsonPath: .status.phase name: Phase type: string - description: Version of MongoDB server jsonPath: .status.version name: Version type: string name: v1 schema: openAPIV3Schema: description: MongoDBCommunity is the Schema for the mongodbs API properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: MongoDBCommunitySpec defines the desired state of MongoDB properties: additionalConnectionStringConfig: description: Additional options to be appended to the connection string. These options apply to the entire resource and to each user. nullable: true type: object x-kubernetes-preserve-unknown-fields: true additionalMongodConfig: description: |- AdditionalMongodConfig is additional configuration that can be passed to each data-bearing mongod at runtime. Uses the same structure as the mongod configuration file: https://www.mongodb.com/docs/manual/reference/configuration-options/ nullable: true type: object x-kubernetes-preserve-unknown-fields: true agent: description: AgentConfiguration sets options for the MongoDB automation agent properties: logFile: type: string logLevel: type: string logRotate: description: LogRotate if enabled, will enable LogRotate for all processes. properties: includeAuditLogsWithMongoDBLogs: description: |- set to 'true' to have the Automation Agent rotate the audit files along with mongodb log files type: boolean numTotal: description: maximum number of log files to have total type: integer numUncompressed: description: maximum number of log files to leave uncompressed type: integer percentOfDiskspace: description: |- Maximum percentage of the total disk space these log files should take up. The string needs to be able to be converted to float64 type: string sizeThresholdMB: description: |- Maximum size for an individual log file before rotation. The string needs to be able to be converted to float64. Fractional values of MB are supported. type: string timeThresholdHrs: description: maximum hours for an individual log file before rotation type: integer required: - sizeThresholdMB - timeThresholdHrs type: object maxLogFileDurationHours: type: integer systemLog: description: SystemLog configures system log of mongod properties: destination: type: string logAppend: type: boolean path: type: string required: - destination - logAppend - path type: object type: object arbiters: description: |- Arbiters is the number of arbiters to add to the Replica Set. It is not recommended to have more than one arbiter per Replica Set. More info: https://www.mongodb.com/docs/manual/tutorial/add-replica-set-arbiter/ type: integer automationConfig: description: |- AutomationConfigOverride is merged on top of the operator created automation config. Processes are merged by name. Currently Only the process.disabled field is supported. properties: processes: items: description: OverrideProcess contains fields that we can override on the AutomationConfig processes. properties: disabled: type: boolean logRotate: description: CrdLogRotate is the crd definition of LogRotate including fields in strings while the agent supports them as float64 properties: includeAuditLogsWithMongoDBLogs: description: |- set to 'true' to have the Automation Agent rotate the audit files along with mongodb log files type: boolean numTotal: description: maximum number of log files to have total type: integer numUncompressed: description: maximum number of log files to leave uncompressed type: integer percentOfDiskspace: description: |- Maximum percentage of the total disk space these log files should take up. The string needs to be able to be converted to float64 type: string sizeThresholdMB: description: |- Maximum size for an individual log file before rotation. The string needs to be able to be converted to float64. Fractional values of MB are supported. type: string timeThresholdHrs: description: maximum hours for an individual log file before rotation type: integer required: - sizeThresholdMB - timeThresholdHrs type: object name: type: string required: - disabled - name type: object type: array replicaSet: properties: settings: description: |- MapWrapper is a wrapper for a map to be used by other structs. The CRD generator does not support map[string]interface{} on the top level and hence we need to work around this with a wrapping struct. type: object x-kubernetes-preserve-unknown-fields: true type: object type: object featureCompatibilityVersion: description: |- FeatureCompatibilityVersion configures the feature compatibility version that will be set for the deployment type: string memberConfig: description: MemberConfig items: properties: priority: type: string tags: additionalProperties: type: string type: object votes: type: integer type: object type: array members: description: Members is the number of members in the replica set type: integer prometheus: description: Prometheus configurations. properties: metricsPath: description: Indicates path to the metrics endpoint. pattern: ^\/[a-z0-9]+$ type: string passwordSecretRef: description: Name of a Secret containing a HTTP Basic Auth Password. properties: key: description: Key is the key in the secret storing this password. Defaults to "password" type: string name: description: Name is the name of the secret storing this user's password type: string required: - name type: object port: description: Port where metrics endpoint will bind to. Defaults to 9216. type: integer tlsSecretKeyRef: description: |- Name of a Secret (type kubernetes.io/tls) holding the certificates to use in the Prometheus endpoint. properties: key: description: Key is the key in the secret storing this password. Defaults to "password" type: string name: description: Name is the name of the secret storing this user's password type: string required: - name type: object username: description: HTTP Basic Auth Username for metrics endpoint. type: string required: - passwordSecretRef - username type: object replicaSetHorizons: description: |- ReplicaSetHorizons Add this parameter and values if you need your database to be accessed outside of Kubernetes. This setting allows you to provide different DNS settings within the Kubernetes cluster and to the Kubernetes cluster. The Kubernetes Operator uses split horizon DNS for replica set members. This feature allows communication both within the Kubernetes cluster and from outside Kubernetes. items: additionalProperties: type: string type: object type: array security: description: Security configures security features, such as TLS, and authentication settings for a deployment properties: authentication: properties: agentCertificateSecretRef: description: |- AgentCertificateSecret is a reference to a Secret containing the certificate and the key for the automation agent The secret needs to have available: - certificate under key: "tls.crt" - private key under key: "tls.key" If additionally, tls.pem is present, then it needs to be equal to the concatenation of tls.crt and tls.key properties: name: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic agentMode: description: AgentMode contains the authentication mode used by the automation agent. enum: - SCRAM - SCRAM-SHA-256 - SCRAM-SHA-1 - X509 type: string ignoreUnknownUsers: default: true nullable: true type: boolean modes: description: Modes is an array specifying which authentication methods should be enabled. items: enum: - SCRAM - SCRAM-SHA-256 - SCRAM-SHA-1 - X509 type: string type: array required: - modes type: object roles: description: User-specified custom MongoDB roles that should be configured in the deployment. items: description: CustomRole defines a custom MongoDB role. properties: authenticationRestrictions: description: The authentication restrictions the server enforces on the role. items: description: |- AuthenticationRestriction specifies a list of IP addresses and CIDR ranges users are allowed to connect to or from. properties: clientSource: items: type: string type: array serverAddress: items: type: string type: array required: - clientSource - serverAddress type: object type: array db: description: The database of the role. type: string privileges: description: The privileges to grant the role. items: description: Privilege defines the actions a role is allowed to perform on a given resource. properties: actions: items: type: string type: array resource: description: |- Resource specifies specifies the resources upon which a privilege permits actions. See https://www.mongodb.com/docs/manual/reference/resource-document for more. properties: anyResource: type: boolean cluster: type: boolean collection: type: string db: type: string type: object required: - actions - resource type: object type: array role: description: The name of the role. type: string roles: description: An array of roles from which this role inherits privileges. items: description: Role is the database role this user should have properties: db: description: DB is the database the role can act on type: string name: description: Name is the name of the role type: string required: - db - name type: object type: array required: - db - privileges - role type: object type: array tls: description: TLS configuration for both client-server and server-server communication properties: caCertificateSecretRef: description: |- CaCertificateSecret is a reference to a Secret containing the certificate for the CA which signed the server certificates The certificate is expected to be available under the key "ca.crt" properties: name: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic caConfigMapRef: description: |- CaConfigMap is a reference to a ConfigMap containing the certificate for the CA which signed the server certificates The certificate is expected to be available under the key "ca.crt" This field is ignored when CaCertificateSecretRef is configured properties: name: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic certificateKeySecretRef: description: |- CertificateKeySecret is a reference to a Secret containing a private key and certificate to use for TLS. The key and cert are expected to be PEM encoded and available at "tls.key" and "tls.crt". This is the same format used for the standard "kubernetes.io/tls" Secret type, but no specific type is required. Alternatively, an entry tls.pem, containing the concatenation of cert and key, can be provided. If all of tls.pem, tls.crt and tls.key are present, the tls.pem one needs to be equal to the concatenation of tls.crt and tls.key properties: name: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic enabled: type: boolean optional: description: Optional configures if TLS should be required or optional for connections type: boolean required: - enabled type: object type: object statefulSet: description: |- StatefulSetConfiguration holds the optional custom StatefulSet that should be merged into the operator created one. properties: metadata: description: StatefulSetMetadataWrapper is a wrapper around Labels and Annotations properties: annotations: additionalProperties: type: string type: object labels: additionalProperties: type: string type: object type: object spec: type: object x-kubernetes-preserve-unknown-fields: true required: - spec type: object type: description: Type defines which type of MongoDB deployment the resource should create enum: - ReplicaSet type: string users: description: Users specifies the MongoDB users that should be configured in your deployment items: properties: additionalConnectionStringConfig: description: |- Additional options to be appended to the connection string. These options apply only to this user and will override any existing options in the resource. nullable: true type: object x-kubernetes-preserve-unknown-fields: true connectionStringSecretName: description: |- ConnectionStringSecretName is the name of the secret object created by the operator which exposes the connection strings for the user. If provided, this secret must be different for each user in a deployment. type: string connectionStringSecretNamespace: description: ConnectionStringSecretNamespace is the namespace of the secret object created by the operator which exposes the connection strings for the user. type: string db: default: admin description: DB is the database the user is stored in. Defaults to "admin" type: string name: description: Name is the username of the user type: string passwordSecretRef: description: PasswordSecretRef is a reference to the secret containing this user's password properties: key: description: Key is the key in the secret storing this password. Defaults to "password" type: string name: description: Name is the name of the secret storing this user's password type: string required: - name type: object roles: description: Roles is an array of roles assigned to this user items: description: Role is the database role this user should have properties: db: description: DB is the database the role can act on type: string name: description: Name is the name of the role type: string required: - db - name type: object type: array scramCredentialsSecretName: description: |- ScramCredentialsSecretName appended by string "scram-credentials" is the name of the secret object created by the mongoDB operator for storing SCRAM credentials These secrets names must be different for each user in a deployment. pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string required: - name - roles type: object type: array version: description: Version defines which version of MongoDB will be used type: string required: - security - type - users type: object status: description: MongoDBCommunityStatus defines the observed state of MongoDB properties: currentMongoDBArbiters: type: integer currentMongoDBMembers: type: integer currentStatefulSetArbitersReplicas: type: integer currentStatefulSetReplicas: type: integer message: type: string mongoUri: type: string phase: type: string version: type: string required: - currentMongoDBMembers - currentStatefulSetReplicas - mongoUri - phase type: object type: object served: true storage: true subresources: status: {}