From ab2f56495d56270ad2e7d822ba3e2a9b34e54259 Mon Sep 17 00:00:00 2001 From: antoninguyot Date: Fri, 3 Oct 2025 17:43:53 +0200 Subject: [PATCH 1/7] feat!: use the official mongodb image --- Chart.lock | 11 ++-- Chart.yaml | 8 +-- templates/_helpers.tpl | 8 --- templates/mongodb/deployment.yml | 75 +++++++++++++++++++++++++++ templates/mongodb/pvc.yml | 21 ++++++++ templates/mongodb/service.yml | 20 +++++++ templates/secrets.yml | 4 +- values.yaml | 89 +++++++++++++++++++++----------- 8 files changed, 183 insertions(+), 53 deletions(-) create mode 100644 templates/mongodb/deployment.yml create mode 100644 templates/mongodb/pvc.yml create mode 100644 templates/mongodb/service.yml diff --git a/Chart.lock b/Chart.lock index 30069dd..aa0ded2 100644 --- a/Chart.lock +++ b/Chart.lock @@ -1,9 +1,6 @@ dependencies: - name: common - repository: https://charts.bitnami.com/bitnami - version: 2.2.2 -- name: mongodb - repository: https://charts.bitnami.com/bitnami - version: 13.6.2 -digest: sha256:8f2475fdda7c417f31da168dbfb87df4177bf459a355226c81908c1e0f207ea7 -generated: "2023-01-25T13:54:49.218334+01:00" + repository: oci://registry-1.docker.io/bitnamicharts + version: 2.30.0 +digest: sha256:1d4fe7ab3d8601c2772b82ca4495929226ecbf073f9fb436f5bf5f089df6c4bd +generated: "2025-10-03T17:39:33.360927+02:00" diff --git a/Chart.yaml b/Chart.yaml index c41f37e..c953305 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -10,9 +10,5 @@ sources: - https://github.com/evertrust/stream-helm dependencies: - name: common - version: 2.2.2 - repository: https://charts.bitnami.com/bitnami - - name: mongodb - version: 13.6.2 - repository: https://charts.bitnami.com/bitnami - condition: mongodb.enabled + version: 2.30.0 + repository: oci://registry-1.docker.io/bitnamicharts diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 73d8a96..ec69b99 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -9,14 +9,6 @@ app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/version: {{ .Chart.AppVersion }} {{- end -}} -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "stream.mongodb.fullname" -}} -{{- printf "%s-%s" .Release.Name "mongodb" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - {{/* Prints all Stream allowed hosts. */}} diff --git a/templates/mongodb/deployment.yml b/templates/mongodb/deployment.yml new file mode 100644 index 0000000..6ff02e0 --- /dev/null +++ b/templates/mongodb/deployment.yml @@ -0,0 +1,75 @@ +{{- if .Values.temporaryDatabase.enabled }} +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + name: {{ include "common.names.dependency.fullname" (dict "chartName" "mongodb" "chartValues" .Values.temporaryDatabase "context" $) }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.labels .Values.commonLabels (dict "app.kubernetes.io/name" "mongodb" "app.kubernetes.io/version" (.Values.temporaryDatabase.image.tag | toString) "app.kubernetes.io/part-of" "stream")) "context" . ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + {{- if or .Values.temporaryDatabase.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.temporaryDatabase.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + replicas: 1 + selector: + matchLabels: {{- include "common.labels.matchLabels" (dict "customLabels" (dict "app.kubernetes.io/name" "mongodb") "context" .) | nindent 6 }} + strategy: + type: Recreate + template: + metadata: + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 8 }} + {{- if or .Values.temporaryDatabase.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.temporaryDatabase.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 8 }} + {{- end }} + spec: + {{- if .Values.temporaryDatabase.podSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.temporaryDatabase.podSecurityContext "context" $) | nindent 14 -}} + {{- end }} + serviceAccountName: {{ template "stream.serviceAccountName" . }} + automountServiceAccountToken: {{ .Values.automountServiceAccountToken }} + containers: + - name: mongo + image: {{ include "common.images.image" (dict "imageRoot" .Values.temporaryDatabase.image "global" .Values.global) }} + imagePullPolicy: {{ .Values.temporaryDatabase.image.pullPolicy | default "IfNotPresent" | quote }} + {{- if .Values.temporaryDatabase.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.temporaryDatabase.containerSecurityContext "context" $) | nindent 14 -}} + {{- end }} + livenessProbe: + tcpSocket: + port: mongo + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + startupProbe: + tcpSocket: + port: mongo + periodSeconds: {{ .Values.startupProbe.periodSeconds }} + failureThreshold: {{ .Values.startupProbe.failureThreshold }} + readinessProbe: + tcpSocket: + port: mongo + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + resources: {{- toYaml .Values.temporaryDatabase.resources | nindent 12 }} + volumeMounts: + {{- if .Values.temporaryDatabase.persistence.enabled }} + - name: data + mountPath: /data/db + {{- end }} + ports: + - name: mongo + containerPort: 27017 + {{- include "common.images.renderPullSecrets" (dict "images" (list .Values.temporaryDatabase.image) "context" $) | nindent 6 }} + volumes: + {{- if and .Values.temporaryDatabase.persistence.enabled }} + - name: data + persistentVolumeClaim: + claimName: {{ include "common.names.dependency.fullname" (dict "chartName" "mongodb" "chartValues" .Values.temporaryDatabase "context" $) }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/templates/mongodb/pvc.yml b/templates/mongodb/pvc.yml new file mode 100644 index 0000000..c0e9f81 --- /dev/null +++ b/templates/mongodb/pvc.yml @@ -0,0 +1,21 @@ +{{- if .Values.temporaryDatabase.persistence.enabled }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ include "common.names.dependency.fullname" (dict "chartName" "mongodb" "chartValues" .Values.temporaryDatabase "context" $) }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.labels .Values.commonLabels (dict "app.kubernetes.io/name" "mongodb" "app.kubernetes.io/part-of" "stream")) "context" . ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + {{- if or .Values.temporaryDatabase.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.temporaryDatabase.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + {{- include "common.storage.class" (dict "persistence" .Values.temporaryDatabase.persistence "global" .Values.global) | nindent 2 }} + accessModes: + {{- range .Values.temporaryDatabase.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.temporaryDatabase.persistence.size | quote }} +{{- end }} \ No newline at end of file diff --git a/templates/mongodb/service.yml b/templates/mongodb/service.yml new file mode 100644 index 0000000..5bb323f --- /dev/null +++ b/templates/mongodb/service.yml @@ -0,0 +1,20 @@ +{{- if .Values.temporaryDatabase.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.names.dependency.fullname" (dict "chartName" "mongodb" "chartValues" .Values.temporaryDatabase "context" $) }} + {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.labels .Values.commonLabels (dict "app.kubernetes.io/name" "mongodb" "app.kubernetes.io/part-of" "stream")) "context" . ) }} + labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }} + {{- if or .Values.temporaryDatabase.annotations .Values.commonAnnotations }} + {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.temporaryDatabase.annotations .Values.commonAnnotations ) "context" . ) }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }} + {{- end }} +spec: + type: ClusterIP + ports: + - name: mongo + protocol: TCP + port: 27017 + targetPort: mongo + selector: {{- include "common.labels.matchLabels" (dict "customLabels" $labels "context" .) | nindent 4 }} +{{- end }} \ No newline at end of file diff --git a/templates/secrets.yml b/templates/secrets.yml index bf528c5..36bbbbd 100644 --- a/templates/secrets.yml +++ b/templates/secrets.yml @@ -13,8 +13,8 @@ data: appSecret: {{ include "common.secrets.lookup" (dict "secret" $name "key" "appSecret" "defaultValue" (randAlphaNum 32) "context" $) }} {{- end }} - {{- if and .Values.mongodb.enabled (not .Values.externalDatabase.secretKey) }} - mongoUri: {{ printf "mongodb://%s:%s@%s.%s.svc.cluster.local/%s" .Values.mongodb.auth.username .Values.mongodb.auth.password (include "stream.mongodb.fullname" .) .Release.Namespace .Values.mongodb.auth.database | b64enc | quote }} + {{- if and .Values.temporaryDatabase.enabled (not .Values.externalDatabase.secretKey) }} + mongoUri: {{ printf "mongodb://%s/stream" (include "common.names.dependency.fullname" (dict "chartName" "mongodb" "chartValues" .Values.temporaryDatabase "context" $)) | b64enc | quote }} {{- end }} {{- if and .Values.events.chainsign (not .Values.events.secretKey) }} diff --git a/values.yaml b/values.yaml index 7f71ecb..92fa83b 100644 --- a/values.yaml +++ b/values.yaml @@ -517,37 +517,67 @@ extraConfig: "" ## @section Database parameters -## Install a MongoDB instance -## ref: https://github.com/bitnami/charts/tree/master/bitnami/mongodb -mongodb: - ## @param mongodb.enabled Whether to deploy a mongodb server to satisfy the application database requirements. To use an external database set this to false and configure the `externalDatabase.uri` parameter - ## +temporaryDatabase: + ## @param temporaryDatabase.enabled Whether to enable the deployment of a temporary MongoDB instance enabled: true - ## @param mongodb.architecture MongoDB architecture (`standalone` or `replicaset`) + + ## @param temporaryDatabase.image.registry MongoDB image registry + ## @param temporaryDatabase.image.repository MongoDB image repository + ## @param temporaryDatabase.image.tag MongoDB image tag (immutable tags are recommended) + ## @param temporaryDatabase.image.pullPolicy MongoDB image pull policy + ## @param temporaryDatabase.image.pullSecrets MongoDB image pull secrets ## - architecture: standalone - ## Bitnami MongoDB(®) image - ## ref: https://hub.docker.com/r/bitnami/mongodb/tags/ - ## @param image.tag MongoDB(®) image tag (immutable tags are recommended) image: - tag: 5.0.14-debian-11-r9 - ## MongoDB Authentication parameters - ## - auth: - ## @param auth.rootPassword MongoDB(®) root password - ## ref: https://github.com/bitnami/containers/tree/main/bitnami/mongodb#setting-the-root-user-and-password-on-first-run - ## - rootPassword: "" - ## @param mongodb.auth.username MongoDB custom user - ## ref: https://github.com/bitnami/bitnami-docker-mongodb/blob/master/README.md#creating-a-user-and-database-on-first-run - ## - username: stream - ## @param mongodb.auth.database MongoDB custom database - ## - database: stream - ## @param mongodb.auth.password MongoDB custom password - ## - password: stream + registry: ~ + repository: mongo + tag: 7 + pullPolicy: IfNotPresent + pullSecrets: [] + + persistence: + ## @param temporaryDatabase.persistence.enabled Whether to enable persistence on the temporary MongoDB + enabled: true + ## @param temporaryDatabase.persistence.annotations Extra annotations to add to the PVC + annotations: {} + ## @param temporaryDatabase.persistence.storageClass Storage class of backing PVC + storageClass: "" + ## @param temporaryDatabase.persistence.accessModes Access modes of the PVC + accessModes: + - ReadWriteOnce + ## @param temporaryDatabase.persistence.size Size of data volume for MongoDB + size: "1Gi" + + ## MongoDB container resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## @param temporaryDatabase.resources.limits [object] The resources limits for the MongoDB container + ## @param temporaryDatabase.resources.requests [object] The requested resources for the MongoDB container + ## + resources: + limits: + memory: 512Mi + cpu: 500m + requests: + memory: 512Mi + cpu: 500m + + ## Configure Pods Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param temporaryDatabase.podSecurityContext.enabled Enabled MongoDB pods' Security Context + ## @param temporaryDatabase.podSecurityContext.fsGroup Set MongoDB pod's Security Context fsGroup + ## + podSecurityContext: + enabled: true + fsGroup: 1001 + ## Configure Container Security Context (only main container) + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param temporaryDatabase.containerSecurityContext.enabled Enabled MongoDB containers' Security Context + ## @param temporaryDatabase.containerSecurityContext.runAsUser Set MongoDB container's Security Context runAsUser + ## @param temporaryDatabase.containerSecurityContext.runAsNonRoot Set MongoDB container's Security Context runAsNonRoot + ## + containerSecurityContext: + enabled: true + runAsUser: 1001 + runAsNonRoot: true ## @section Upgrade parameters upgrade: @@ -710,8 +740,7 @@ backup: affinity: {} ## @param extraObjects [array] Create a dynamic manifests via values: -extraObjects: - [] +extraObjects: [] ## - apiVersion: "kubernetes-client.io/v1" ## kind: ExternalSecret ## metadata: From 3c567aea2efbef687a60dca75f989564ca7e3637 Mon Sep 17 00:00:00 2001 From: antoninguyot Date: Mon, 6 Oct 2025 17:26:09 +0200 Subject: [PATCH 2/7] chore: add compatibility with legacy values --- templates/mongodb/deployment.yml | 2 +- templates/mongodb/pvc.yml | 2 +- templates/mongodb/service.yml | 2 +- templates/secrets.yml | 2 +- tests/mongodb_test.yaml | 43 ++++++++++++++++++++++++++++++++ 5 files changed, 47 insertions(+), 4 deletions(-) create mode 100644 tests/mongodb_test.yaml diff --git a/templates/mongodb/deployment.yml b/templates/mongodb/deployment.yml index 6ff02e0..1e5f427 100644 --- a/templates/mongodb/deployment.yml +++ b/templates/mongodb/deployment.yml @@ -1,4 +1,4 @@ -{{- if .Values.temporaryDatabase.enabled }} +{{- if and (ne (.Values.mongodb).enabled false) .Values.temporaryDatabase.enabled }} apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} kind: Deployment metadata: diff --git a/templates/mongodb/pvc.yml b/templates/mongodb/pvc.yml index c0e9f81..43ac12d 100644 --- a/templates/mongodb/pvc.yml +++ b/templates/mongodb/pvc.yml @@ -1,4 +1,4 @@ -{{- if .Values.temporaryDatabase.persistence.enabled }} +{{- if and (ne (.Values.mongodb).enabled false) .Values.temporaryDatabase.enabled }} apiVersion: v1 kind: PersistentVolumeClaim metadata: diff --git a/templates/mongodb/service.yml b/templates/mongodb/service.yml index 5bb323f..6477380 100644 --- a/templates/mongodb/service.yml +++ b/templates/mongodb/service.yml @@ -1,4 +1,4 @@ -{{- if .Values.temporaryDatabase.enabled }} +{{- if and (ne (.Values.mongodb).enabled false) .Values.temporaryDatabase.enabled }} apiVersion: v1 kind: Service metadata: diff --git a/templates/secrets.yml b/templates/secrets.yml index 36bbbbd..2a9256b 100644 --- a/templates/secrets.yml +++ b/templates/secrets.yml @@ -13,7 +13,7 @@ data: appSecret: {{ include "common.secrets.lookup" (dict "secret" $name "key" "appSecret" "defaultValue" (randAlphaNum 32) "context" $) }} {{- end }} - {{- if and .Values.temporaryDatabase.enabled (not .Values.externalDatabase.secretKey) }} + {{- if and (ne (.Values.mongodb).enabled false) (not .Values.externalDatabase.secretKey) }} mongoUri: {{ printf "mongodb://%s/stream" (include "common.names.dependency.fullname" (dict "chartName" "mongodb" "chartValues" .Values.temporaryDatabase "context" $)) | b64enc | quote }} {{- end }} diff --git a/tests/mongodb_test.yaml b/tests/mongodb_test.yaml new file mode 100644 index 0000000..8e2bc48 --- /dev/null +++ b/tests/mongodb_test.yaml @@ -0,0 +1,43 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json +suite: temporary mongodb database +templates: + - mongodb/deployment.yml + - mongodb/service.yml + - mongodb/pvc.yml +tests: + - it: should deploy a temporary mongodb by default + template: mongodb/deployment.yml + asserts: + - isKind: + of: Deployment + - equal: + path: spec.template.spec.containers[0].name + value: mongo + + - it: should not deploy a temporary mongodb when disabled + set: + temporaryDatabase.enabled: false + externalDatabase.secretName: dummy + externalDatabase.secretKey: dummy + template: mongodb/deployment.yml + asserts: + - hasDocuments: + count: 0 + + - it: should not deploy a temporary mongodb when legacy flag is disabled + set: + mongodb.enabled: false + externalDatabase.secretName: dummy + externalDatabase.secretKey: dummy + template: mongodb/deployment.yml + asserts: + - hasDocuments: + count: 0 + + - it: should deploy a temporary mongodb when legacy flag is enabled + set: + mongodb.enabled: true + template: mongodb/deployment.yml + asserts: + - hasDocuments: + count: 1 From eae4af5f63e99921b793c4b3926a37ad6b86076d Mon Sep 17 00:00:00 2001 From: antoninguyot Date: Mon, 6 Oct 2025 17:27:45 +0200 Subject: [PATCH 3/7] fix: build depdencies before testing --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 1a7c9c2..23c5250 100644 --- a/Makefile +++ b/Makefile @@ -9,7 +9,7 @@ dependencies: package: dependencies helm package . -test: setup-unittest +test: dependencies setup-unittest helm unittest . -v tests/values.yaml setup-unittest: From 19512b5b8fedb4c09d96ebfca1dfc321fed2edbc Mon Sep 17 00:00:00 2001 From: antoninguyot Date: Mon, 6 Oct 2025 17:54:07 +0200 Subject: [PATCH 4/7] chore(ci): improve secret generation tests --- tests/mongodb_test.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/tests/mongodb_test.yaml b/tests/mongodb_test.yaml index 8e2bc48..b2bb30c 100644 --- a/tests/mongodb_test.yaml +++ b/tests/mongodb_test.yaml @@ -41,3 +41,19 @@ tests: asserts: - hasDocuments: count: 1 + + - it: should generate a mongodb connection string in the secret when temporary database is enabled + template: secrets.yml + asserts: + - exists: + path: data.mongoUri + + - it: should not generate a mongodb connection string in the secret when temporary database is disabled + set: + temporaryDatabase.enabled: false + externalDatabase.secretName: dummy + externalDatabase.secretKey: dummy + template: secrets.yml + asserts: + - notExists: + path: data.mongoUri From fc3d872d48de36ba6476abeadb0e9ff8cd8e37ec Mon Sep 17 00:00:00 2001 From: antoninguyot Date: Mon, 6 Oct 2025 18:13:45 +0200 Subject: [PATCH 5/7] fix: unit tests scope --- tests/mongodb_test.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/mongodb_test.yaml b/tests/mongodb_test.yaml index b2bb30c..5041444 100644 --- a/tests/mongodb_test.yaml +++ b/tests/mongodb_test.yaml @@ -4,6 +4,7 @@ templates: - mongodb/deployment.yml - mongodb/service.yml - mongodb/pvc.yml + - secrets.yml tests: - it: should deploy a temporary mongodb by default template: mongodb/deployment.yml From 6c092bfde5232ef87945b38e94b31f778801ab37 Mon Sep 17 00:00:00 2001 From: antoninguyot Date: Mon, 6 Oct 2025 18:15:18 +0200 Subject: [PATCH 6/7] fix: prevent empty volumes and volumeMounts --- templates/mongodb/deployment.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/templates/mongodb/deployment.yml b/templates/mongodb/deployment.yml index 1e5f427..cd03bf1 100644 --- a/templates/mongodb/deployment.yml +++ b/templates/mongodb/deployment.yml @@ -57,19 +57,19 @@ spec: failureThreshold: {{ .Values.readinessProbe.failureThreshold }} successThreshold: {{ .Values.readinessProbe.successThreshold }} resources: {{- toYaml .Values.temporaryDatabase.resources | nindent 12 }} + {{- if .Values.temporaryDatabase.persistence.enabled }} volumeMounts: - {{- if .Values.temporaryDatabase.persistence.enabled }} - name: data mountPath: /data/db - {{- end }} + {{- end }} ports: - name: mongo containerPort: 27017 {{- include "common.images.renderPullSecrets" (dict "images" (list .Values.temporaryDatabase.image) "context" $) | nindent 6 }} + {{- if and .Values.temporaryDatabase.persistence.enabled }} volumes: - {{- if and .Values.temporaryDatabase.persistence.enabled }} - name: data persistentVolumeClaim: claimName: {{ include "common.names.dependency.fullname" (dict "chartName" "mongodb" "chartValues" .Values.temporaryDatabase "context" $) }} - {{- end }} + {{- end }} {{- end }} \ No newline at end of file From af130aa2b67b9cd595504cb1dbaca5a79b66e1bd Mon Sep 17 00:00:00 2001 From: antoninguyot Date: Tue, 7 Oct 2025 13:50:43 +0200 Subject: [PATCH 7/7] fix: mongodb securityContext indentation --- templates/mongodb/deployment.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/mongodb/deployment.yml b/templates/mongodb/deployment.yml index cd03bf1..4ef6774 100644 --- a/templates/mongodb/deployment.yml +++ b/templates/mongodb/deployment.yml @@ -24,7 +24,7 @@ spec: {{- end }} spec: {{- if .Values.temporaryDatabase.podSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.temporaryDatabase.podSecurityContext "context" $) | nindent 14 -}} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.temporaryDatabase.podSecurityContext "context" $) | nindent 8 -}} {{- end }} serviceAccountName: {{ template "stream.serviceAccountName" . }} automountServiceAccountToken: {{ .Values.automountServiceAccountToken }} @@ -33,7 +33,7 @@ spec: image: {{ include "common.images.image" (dict "imageRoot" .Values.temporaryDatabase.image "global" .Values.global) }} imagePullPolicy: {{ .Values.temporaryDatabase.image.pullPolicy | default "IfNotPresent" | quote }} {{- if .Values.temporaryDatabase.containerSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.temporaryDatabase.containerSecurityContext "context" $) | nindent 14 -}} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.temporaryDatabase.containerSecurityContext "context" $) | nindent 10 -}} {{- end }} livenessProbe: tcpSocket: