diff --git a/Chart.lock b/Chart.lock index 30069dd..aa0ded2 100644 --- a/Chart.lock +++ b/Chart.lock @@ -1,9 +1,6 @@ dependencies: - name: common - repository: https://charts.bitnami.com/bitnami - version: 2.2.2 -- name: mongodb - repository: https://charts.bitnami.com/bitnami - version: 13.6.2 -digest: sha256:8f2475fdda7c417f31da168dbfb87df4177bf459a355226c81908c1e0f207ea7 -generated: "2023-01-25T13:54:49.218334+01:00" + repository: oci://registry-1.docker.io/bitnamicharts + version: 2.30.0 +digest: sha256:1d4fe7ab3d8601c2772b82ca4495929226ecbf073f9fb436f5bf5f089df6c4bd +generated: "2025-10-03T17:39:33.360927+02:00" diff --git a/Chart.yaml b/Chart.yaml index c41f37e..c953305 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -10,9 +10,5 @@ sources: - https://github.com/evertrust/stream-helm dependencies: - name: common - version: 2.2.2 - repository: https://charts.bitnami.com/bitnami - - name: mongodb - version: 13.6.2 - repository: https://charts.bitnami.com/bitnami - condition: mongodb.enabled + version: 2.30.0 + repository: oci://registry-1.docker.io/bitnamicharts diff --git a/Makefile b/Makefile index 1a7c9c2..23c5250 100644 --- a/Makefile +++ b/Makefile @@ -9,7 +9,7 @@ dependencies: package: dependencies helm package . -test: setup-unittest +test: dependencies setup-unittest helm unittest . -v tests/values.yaml setup-unittest: diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 73d8a96..ec69b99 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -9,14 +9,6 @@ app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/version: {{ .Chart.AppVersion }} {{- end -}} -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "stream.mongodb.fullname" -}} -{{- printf "%s-%s" .Release.Name "mongodb" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - {{/* Prints all Stream allowed hosts. */}} diff --git a/templates/mongodb/deployment.yml b/templates/mongodb/deployment.yml new file mode 100644 index 0000000..4ef6774 --- /dev/null +++ b/templates/mongodb/deployment.yml @@ -0,0 +1,75 @@ +{{- if and (ne (.Values.mongodb).enabled false) .Values.temporaryDatabase.enabled }} +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + name: {{ include "common.names.dependency.fullname" (dict "chartName" "mongodb" "chartValues" .Values.temporaryDatabase "context" $) }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.labels .Values.commonLabels (dict "app.kubernetes.io/name" "mongodb" "app.kubernetes.io/version" (.Values.temporaryDatabase.image.tag | toString) "app.kubernetes.io/part-of" "stream")) "context" . ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + {{- if or .Values.temporaryDatabase.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.temporaryDatabase.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + replicas: 1 + selector: + matchLabels: {{- include "common.labels.matchLabels" (dict "customLabels" (dict "app.kubernetes.io/name" "mongodb") "context" .) | nindent 6 }} + strategy: + type: Recreate + template: + metadata: + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 8 }} + {{- if or .Values.temporaryDatabase.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.temporaryDatabase.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 8 }} + {{- end }} + spec: + {{- if .Values.temporaryDatabase.podSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.temporaryDatabase.podSecurityContext "context" $) | nindent 8 -}} + {{- end }} + serviceAccountName: {{ template "stream.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.automountServiceAccountToken }} + containers: + - name: mongo + image: {{ include "common.images.image" (dict "imageRoot" .Values.temporaryDatabase.image "global" .Values.global) }} + imagePullPolicy: {{ .Values.temporaryDatabase.image.pullPolicy | default "IfNotPresent" | quote }} + {{- if .Values.temporaryDatabase.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.temporaryDatabase.containerSecurityContext "context" $) | nindent 10 -}} + {{- end }} + livenessProbe: + tcpSocket: + port: mongo + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + startupProbe: + tcpSocket: + port: mongo + periodSeconds: {{ .Values.startupProbe.periodSeconds }} + failureThreshold: {{ .Values.startupProbe.failureThreshold }} + readinessProbe: + tcpSocket: + port: mongo + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + resources: {{- toYaml .Values.temporaryDatabase.resources | nindent 12 }} + {{- if .Values.temporaryDatabase.persistence.enabled }} + volumeMounts: + - name: data + mountPath: /data/db + {{- end }} + ports: + - name: mongo + containerPort: 27017 + {{- include "common.images.renderPullSecrets" (dict "images" (list .Values.temporaryDatabase.image) "context" $) | nindent 6 }} + {{- if and .Values.temporaryDatabase.persistence.enabled }} + volumes: + - name: data + persistentVolumeClaim: + claimName: {{ include "common.names.dependency.fullname" (dict "chartName" "mongodb" "chartValues" .Values.temporaryDatabase "context" $) }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/templates/mongodb/pvc.yml b/templates/mongodb/pvc.yml new file mode 100644 index 0000000..43ac12d --- /dev/null +++ b/templates/mongodb/pvc.yml @@ -0,0 +1,21 @@ +{{- if and (ne (.Values.mongodb).enabled false) .Values.temporaryDatabase.enabled }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ include "common.names.dependency.fullname" (dict "chartName" "mongodb" "chartValues" .Values.temporaryDatabase "context" $) }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.labels .Values.commonLabels (dict "app.kubernetes.io/name" "mongodb" "app.kubernetes.io/part-of" "stream")) "context" . ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + {{- if or .Values.temporaryDatabase.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.temporaryDatabase.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + {{- include "common.storage.class" (dict "persistence" .Values.temporaryDatabase.persistence "global" .Values.global) | nindent 2 }} + accessModes: + {{- range .Values.temporaryDatabase.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.temporaryDatabase.persistence.size | quote }} +{{- end }} \ No newline at end of file diff --git a/templates/mongodb/service.yml b/templates/mongodb/service.yml new file mode 100644 index 0000000..6477380 --- /dev/null +++ b/templates/mongodb/service.yml @@ -0,0 +1,20 @@ +{{- if and (ne (.Values.mongodb).enabled false) .Values.temporaryDatabase.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.names.dependency.fullname" (dict "chartName" "mongodb" "chartValues" .Values.temporaryDatabase "context" $) }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.labels .Values.commonLabels (dict "app.kubernetes.io/name" "mongodb" "app.kubernetes.io/part-of" "stream")) "context" . ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + {{- if or .Values.temporaryDatabase.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.temporaryDatabase.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + type: ClusterIP + ports: + - name: mongo + protocol: TCP + port: 27017 + targetPort: mongo + selector: {{- include "common.labels.matchLabels" (dict "customLabels" $labels "context" .) | nindent 4 }} +{{- end }} \ No newline at end of file diff --git a/templates/secrets.yml b/templates/secrets.yml index bf528c5..2a9256b 100644 --- a/templates/secrets.yml +++ b/templates/secrets.yml @@ -13,8 +13,8 @@ data: appSecret: {{ include "common.secrets.lookup" (dict "secret" $name "key" "appSecret" "defaultValue" (randAlphaNum 32) "context" $) }} {{- end }} - {{- if and .Values.mongodb.enabled (not .Values.externalDatabase.secretKey) }} - mongoUri: {{ printf "mongodb://%s:%s@%s.%s.svc.cluster.local/%s" .Values.mongodb.auth.username .Values.mongodb.auth.password (include "stream.mongodb.fullname" .) .Release.Namespace .Values.mongodb.auth.database | b64enc | quote }} + {{- if and (ne (.Values.mongodb).enabled false) (not .Values.externalDatabase.secretKey) }} + mongoUri: {{ printf "mongodb://%s/stream" (include "common.names.dependency.fullname" (dict "chartName" "mongodb" "chartValues" .Values.temporaryDatabase "context" $)) | b64enc | quote }} {{- end }} {{- if and .Values.events.chainsign (not .Values.events.secretKey) }} diff --git a/tests/mongodb_test.yaml b/tests/mongodb_test.yaml new file mode 100644 index 0000000..5041444 --- /dev/null +++ b/tests/mongodb_test.yaml @@ -0,0 +1,60 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json +suite: temporary mongodb database +templates: + - mongodb/deployment.yml + - mongodb/service.yml + - mongodb/pvc.yml + - secrets.yml +tests: + - it: should deploy a temporary mongodb by default + template: mongodb/deployment.yml + asserts: + - isKind: + of: Deployment + - equal: + path: spec.template.spec.containers[0].name + value: mongo + + - it: should not deploy a temporary mongodb when disabled + set: + temporaryDatabase.enabled: false + externalDatabase.secretName: dummy + externalDatabase.secretKey: dummy + template: mongodb/deployment.yml + asserts: + - hasDocuments: + count: 0 + + - it: should not deploy a temporary mongodb when legacy flag is disabled + set: + mongodb.enabled: false + externalDatabase.secretName: dummy + externalDatabase.secretKey: dummy + template: mongodb/deployment.yml + asserts: + - hasDocuments: + count: 0 + + - it: should deploy a temporary mongodb when legacy flag is enabled + set: + mongodb.enabled: true + template: mongodb/deployment.yml + asserts: + - hasDocuments: + count: 1 + + - it: should generate a mongodb connection string in the secret when temporary database is enabled + template: secrets.yml + asserts: + - exists: + path: data.mongoUri + + - it: should not generate a mongodb connection string in the secret when temporary database is disabled + set: + temporaryDatabase.enabled: false + externalDatabase.secretName: dummy + externalDatabase.secretKey: dummy + template: secrets.yml + asserts: + - notExists: + path: data.mongoUri diff --git a/values.yaml b/values.yaml index 63db74f..132b293 100644 --- a/values.yaml +++ b/values.yaml @@ -519,37 +519,67 @@ extraConfig: "" ## @section Database parameters -## Install a MongoDB instance -## ref: https://github.com/bitnami/charts/tree/master/bitnami/mongodb -mongodb: - ## @param mongodb.enabled Whether to deploy a mongodb server to satisfy the application database requirements. To use an external database set this to false and configure the `externalDatabase.uri` parameter - ## +temporaryDatabase: + ## @param temporaryDatabase.enabled Whether to enable the deployment of a temporary MongoDB instance enabled: true - ## @param mongodb.architecture MongoDB architecture (`standalone` or `replicaset`) + + ## @param temporaryDatabase.image.registry MongoDB image registry + ## @param temporaryDatabase.image.repository MongoDB image repository + ## @param temporaryDatabase.image.tag MongoDB image tag (immutable tags are recommended) + ## @param temporaryDatabase.image.pullPolicy MongoDB image pull policy + ## @param temporaryDatabase.image.pullSecrets MongoDB image pull secrets ## - architecture: standalone - ## Bitnami MongoDB(®) image - ## ref: https://hub.docker.com/r/bitnami/mongodb/tags/ - ## @param image.tag MongoDB(®) image tag (immutable tags are recommended) image: - tag: 5.0.14-debian-11-r9 - ## MongoDB Authentication parameters - ## - auth: - ## @param auth.rootPassword MongoDB(®) root password - ## ref: https://github.com/bitnami/containers/tree/main/bitnami/mongodb#setting-the-root-user-and-password-on-first-run - ## - rootPassword: "" - ## @param mongodb.auth.username MongoDB custom user - ## ref: https://github.com/bitnami/bitnami-docker-mongodb/blob/master/README.md#creating-a-user-and-database-on-first-run - ## - username: stream - ## @param mongodb.auth.database MongoDB custom database - ## - database: stream - ## @param mongodb.auth.password MongoDB custom password - ## - password: stream + registry: ~ + repository: mongo + tag: 7 + pullPolicy: IfNotPresent + pullSecrets: [] + + persistence: + ## @param temporaryDatabase.persistence.enabled Whether to enable persistence on the temporary MongoDB + enabled: true + ## @param temporaryDatabase.persistence.annotations Extra annotations to add to the PVC + annotations: {} + ## @param temporaryDatabase.persistence.storageClass Storage class of backing PVC + storageClass: "" + ## @param temporaryDatabase.persistence.accessModes Access modes of the PVC + accessModes: + - ReadWriteOnce + ## @param temporaryDatabase.persistence.size Size of data volume for MongoDB + size: "1Gi" + + ## MongoDB container resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## @param temporaryDatabase.resources.limits [object] The resources limits for the MongoDB container + ## @param temporaryDatabase.resources.requests [object] The requested resources for the MongoDB container + ## + resources: + limits: + memory: 512Mi + cpu: 500m + requests: + memory: 512Mi + cpu: 500m + + ## Configure Pods Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param temporaryDatabase.podSecurityContext.enabled Enabled MongoDB pods' Security Context + ## @param temporaryDatabase.podSecurityContext.fsGroup Set MongoDB pod's Security Context fsGroup + ## + podSecurityContext: + enabled: true + fsGroup: 1001 + ## Configure Container Security Context (only main container) + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param temporaryDatabase.containerSecurityContext.enabled Enabled MongoDB containers' Security Context + ## @param temporaryDatabase.containerSecurityContext.runAsUser Set MongoDB container's Security Context runAsUser + ## @param temporaryDatabase.containerSecurityContext.runAsNonRoot Set MongoDB container's Security Context runAsNonRoot + ## + containerSecurityContext: + enabled: true + runAsUser: 1001 + runAsNonRoot: true ## @section Upgrade parameters upgrade: