diff --git a/charts/community-operator/templates/database_roles.yaml b/charts/community-operator/templates/database_roles.yaml index b5662ff6..17f4e264 100644 --- a/charts/community-operator/templates/database_roles.yaml +++ b/charts/community-operator/templates/database_roles.yaml @@ -4,7 +4,10 @@ kind: ServiceAccount metadata: name: {{ .Values.database.name }} namespace: {{ if .Values.database.namespace }} {{ .Values.database.namespace }} {{ else }} {{ .Release.Namespace }} {{ end }} - + {{- with .Values.database.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role diff --git a/charts/community-operator/templates/extraObjects.yaml b/charts/community-operator/templates/extraObjects.yaml new file mode 100644 index 00000000..2855904e --- /dev/null +++ b/charts/community-operator/templates/extraObjects.yaml @@ -0,0 +1,4 @@ +{{ range .Values.extraObjects }} +--- +{{ tpl (toYaml .) $ }} +{{ end }} \ No newline at end of file diff --git a/charts/community-operator/templates/operator_roles.yaml b/charts/community-operator/templates/operator_roles.yaml index 0f0988b9..2ce8c017 100644 --- a/charts/community-operator/templates/operator_roles.yaml +++ b/charts/community-operator/templates/operator_roles.yaml @@ -4,7 +4,10 @@ kind: ServiceAccount metadata: name: {{ .Values.operator.name }} namespace: {{ .Release.Namespace }} - + {{- with .Values.operator.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: {{ if eq (.Values.operator.watchNamespace | default "") "*" }} ClusterRole {{ else }} Role {{ end }} diff --git a/charts/community-operator/values.yaml b/charts/community-operator/values.yaml index 66775abc..78b886d2 100644 --- a/charts/community-operator/values.yaml +++ b/charts/community-operator/values.yaml @@ -8,6 +8,10 @@ operator: # Deployment, ServiceAccount, Role etc. name: mongodb-kubernetes-operator + # serviceAccount annotations, if any to add + serviceAccount: + annotations: {} + # Name of the operator image operatorImageName: mongodb-kubernetes-operator @@ -46,7 +50,13 @@ operator: ## Operator's database database: + # Name that will be assigned to most of internal Kubernetes objects like + # ServiceAccount, Role etc. name: mongodb-database + # serviceAccount annotations, if any to add + serviceAccount: + annotations: {} + # set this to the namespace where you would like # to deploy the MongoDB database, # Note if the database namespace is not same @@ -90,7 +100,26 @@ resource: members: 3 tls: enabled: false - + # overwrite MDBC resource statefulset defaults + # statefulSet: + # spec: + # template: + # spec: + # imagePullSecrets: + # - name: my-secret + # volumes: + # - name: secretmanager-secretproviderclass + # csi: + # driver: secrets-store.csi.k8s.io + # readOnly: true + # volumeAttributes: + # secretProviderClass: mysecretclass + # containers: + # - name: mongodb-agent + # volumeMounts: + # - name: secretmanager-secretproviderclass + # mountPath: "/mnt/secrets-store" + # readOnly: true # Installs Cert-Manager in this cluster. useX509: false sampleX509User: false @@ -100,7 +129,6 @@ resource: certManager: certDuration: 8760h # 365 days renewCertBefore: 720h # 30 days - users: [] # if using the MongoDBCommunity Resource, list any users to be added to the resource # users: @@ -118,3 +146,25 @@ resource: # - name: dbAdminAnyDatabase # db: admin # scramCredentialsSecretName: my-scram + +# -- Array of extra K8s manifests to deploy +extraObjects: [] + # - apiVersion: secrets-store.csi.x-k8s.io/v1 + # kind: SecretProviderClass + # metadata: + # name: mongodb-secrets-store + # spec: + # provider: aws + # parameters: + # objects: | + # - objectName: "mongodb" + # objectType: "secretsmanager" + # jmesPath: + # - path: "password" + # objectAlias: "password" + # secretObjects: + # - data: + # - key: password + # objectName: password + # secretName: my-user-password + # type: Opaque