916cb3fba7fd353a42941a5ed55e6ab9542a4493: update public repo contents

Rodrigo Valin · Rodrigo Valin · commit 12b851428058 · 2019-06-10T14:50:25.000+01:00
diff --git a/crds.yaml b/crds.yaml
@@ -52,6 +52,14 @@ spec:
               type:
                 type: string
                 pattern: "^Standalone$"
+              security:
+                type: object
+                properties:
+                  tls:
+                    type: object
+                    properties:
+                      enabled:
+                        type: boolean
               additionalMongodConfig:
                 properties:
                   net:
@@ -88,6 +96,17 @@ spec:
               type:
                 type: string
                 pattern: "^ReplicaSet$"
+              security:
+                type: object
+                properties:
+                  tls:
+                    type: object
+                    properties:
+                      enabled:
+                        type: boolean
+                  clusterAuthenticationMode:
+                    type: string
+                    enum: ["x509"]
               additionalMongodConfig:
                 properties:
                   net:
@@ -135,6 +154,17 @@ spec:
               type:
                 type: string
                 pattern: "^ShardedCluster$"
+              security:
+                type: object
+                properties:
+                  tls:
+                    type: object
+                    properties:
+                      enabled:
+                        type: boolean
+                  clusterAuthenticationMode:
+                    type: string
+                    enum: ["x509"]
               additionalMongodConfig:
                 properties:
                   net:
@@ -155,4 +185,52 @@ spec:
             - mongodsPerShardCount
             - mongosCount
             - configServerCount
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: mongodbusers.mongodb.com
+spec:
+  group: mongodb.com
+  version: v1
+  scope: Namespaced
+  names:
+    kind: MongoDBUser
+    plural: mongodbusers
+    shortNames:
+    - mdbu
+    singular: mongodbuser
+  validation:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              username:
+                type: string
+                description: "The username of the user"
+              db:
+                type: string
+                enum: ["$external"]
+                description: "The database the user is stored in"
+              project:
+                type: string
+                description: "The project the user belongs to"
+              roles:
+                type: array
+                items:
+                  type: object
+                  properties:
+                    name:
+                      type: string
+                      description: "The name of the role"
+                    db:
+                      type: string
+                      description: "The db the role can act on"
+                  required:
+                    - name
+                    - db
+            required:
+              - username
+              - db
+              - project
 
diff --git a/helm_chart/Chart.yaml b/helm_chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: mongodb-enterprise-operator
 description: MongoDB Kubernetes Enterprise Operator
-version: '0.11'
+version: '0.12'
 kubeVersion: '>=1.11'
 keywords:
 - mongodb
diff --git a/helm_chart/templates/crds.yaml b/helm_chart/templates/crds.yaml
@@ -50,6 +50,14 @@ spec:
               type:
                 type: string
                 pattern: "^Standalone$"
+              security:
+                type: object
+                properties:
+                  tls:
+                    type: object
+                    properties:
+                      enabled:
+                        type: boolean
               additionalMongodConfig:
                 properties:
                   net:
@@ -86,6 +94,17 @@ spec:
               type:
                 type: string
                 pattern: "^ReplicaSet$"
+              security:
+                type: object
+                properties:
+                  tls:
+                    type: object
+                    properties:
+                      enabled:
+                        type: boolean
+                  clusterAuthenticationMode:
+                    type: string
+                    enum: ["x509"]
               additionalMongodConfig:
                 properties:
                   net:
@@ -133,6 +152,17 @@ spec:
               type:
                 type: string
                 pattern: "^ShardedCluster$"
+              security:
+                type: object
+                properties:
+                  tls:
+                    type: object
+                    properties:
+                      enabled:
+                        type: boolean
+                  clusterAuthenticationMode:
+                    type: string
+                    enum: ["x509"]
               additionalMongodConfig:
                 properties:
                   net:
@@ -153,4 +183,52 @@ spec:
             - mongodsPerShardCount
             - mongosCount
             - configServerCount
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: mongodbusers.mongodb.com
+spec:
+  group: mongodb.com
+  version: v1
+  scope: Namespaced
+  names:
+    kind: MongoDBUser
+    plural: mongodbusers
+    shortNames:
+    - mdbu
+    singular: mongodbuser
+  validation:
+      openAPIV3Schema:
+        properties:
+          spec:
+            properties:
+              username:
+                type: string
+                description: "The username of the user"
+              db:
+                type: string
+                enum: ["$external"]
+                description: "The database the user is stored in"
+              project:
+                type: string
+                description: "The project the user belongs to"
+              roles:
+                type: array
+                items:
+                  type: object
+                  properties:
+                    name:
+                      type: string
+                      description: "The name of the role"
+                    db:
+                      type: string
+                      description: "The db the role can act on"
+                  required:
+                    - name
+                    - db
+            required:
+              - username
+              - db
+              - project
 {{end}}
diff --git a/helm_chart/templates/roles.yaml b/helm_chart/templates/roles.yaml
@@ -36,6 +36,7 @@ rules:
   resources:
   - mongodb
   - mongodb/finalizers
+  - mongodbusers
   verbs:
   - get
   - list
@@ -79,6 +80,7 @@ rules:
   - get
   - create
   - list
+  - watch
 
 ---
 kind: ClusterRoleBinding
diff --git a/helm_chart/values.yaml b/helm_chart/values.yaml
@@ -16,7 +16,7 @@ operator:
   name: mongodb-enterprise-operator
 
   # Version of mongodb-enterprise-operator and mongodb-enterprise-database images
-  version: '0.11'
+  version: '0.12'
 
 database:
   name: mongodb-enterprise-database
diff --git a/mongodb-enterprise.yaml b/mongodb-enterprise.yaml
@@ -38,6 +38,7 @@ rules:
   resources:
   - mongodb
   - mongodb/finalizers
+  - mongodbusers
   verbs:
   - get
   - list
@@ -81,6 +82,7 @@ rules:
   - get
   - create
   - list
+  - watch
 
 ---
 kind: ClusterRoleBinding
@@ -131,7 +133,7 @@ spec:
       serviceAccountName: mongodb-enterprise-operator
       containers:
       - name: mongodb-enterprise-operator
-        image: quay.io/mongodb/mongodb-enterprise-operator:0.11
+        image: quay.io/mongodb/mongodb-enterprise-operator:0.12
         imagePullPolicy: Always
 
         env:
@@ -145,7 +147,7 @@ spec:
 
 
         - name: MONGODB_ENTERPRISE_DATABASE_IMAGE
-          value: quay.io/mongodb/mongodb-enterprise-database:0.11
+          value: quay.io/mongodb/mongodb-enterprise-database:0.12
         - name: IMAGE_PULL_POLICY
           value: Always
 
diff --git a/samples/extended/replica-set-persistent-volumes.yaml b/samples/extended/replica-set-persistent-volumes.yaml
@@ -8,6 +8,11 @@ spec:
   version: 4.0.0
   service: my-service
 
+  # Indicates featureCompatibilityVersion. This attribute will make the data
+  # format to persist in a particular version, maybe older, allowing for
+  # future downgrades if necessary.
+  featureCompatibilityVersion: 3.6
+
   ## Please Note: The default Kubernetes cluster name is `cluster.local`.
   ## If your cluster has been configured with another name, you can specify
   ## it with the `clusterName` attribute.
diff --git a/samples/extended/replica-set-x509.yaml b/samples/extended/replica-set-x509.yaml
@@ -0,0 +1,35 @@
+---
+apiVersion: mongodb.com/v1
+kind: MongoDB
+metadata:
+  name: my-x509-enabled-rs
+spec:
+  type: ReplicaSet
+
+  members: 3
+  version: 4.0.4
+
+  project: my-project
+  credentials: my-credentials
+
+  # look into `replica-set-persistent-volumes.yaml` for an example on how to use
+  # Kubernetes Persistent Volumes in your MDB deployment.
+  persistent: false
+
+  # This will create a TLS & x509 enabled Replica Set, which means that all the traffic
+  # between members of the Replica Set and clients, will be encrypted using TLS
+  # certificates. These certificates will be generated on the fly by the operator
+  # using the Kubernetes CA.
+  #
+  # More information about setting up x509 client authentication in Ops Manager:
+  #
+  # https://docs.opsmanager.mongodb.com/current/tutorial/enable-x509-authentication-for-group
+  #
+  # Please refer to Kubernetes TLS Documentation on how to approve these certs:
+  #
+  # https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster/
+  #
+  security:
+    clusterAuthenticationMode: x509
+    tls:
+      enabled: true
diff --git a/samples/extended/sharded-cluster-persistent-volumes.yaml b/samples/extended/sharded-cluster-persistent-volumes.yaml
@@ -11,6 +11,11 @@ spec:
   version: 4.0.0
   service: my-service
 
+  # Indicates featureCompatibilityVersion. This attribute will make the data
+  # format to persist in a particular version, maybe older, allowing for
+  # future downgrades if necessary.
+  featureCompatibilityVersion: 3.6
+
   ## Please Note: The default Kubernetes cluster name is `cluster.local`.
   ## If your cluster has been configured with another name, you can specify
   ## it with the `clusterName` attribute.
diff --git a/samples/extended/sharded-cluster-x509.yaml b/samples/extended/sharded-cluster-x509.yaml
@@ -0,0 +1,37 @@
+---
+apiVersion: mongodb.com/v1
+kind: MongoDB
+metadata:
+  name: my-x509-enabled-sc
+spec:
+  type: ShardedCluster
+
+  shardCount: 2
+  mongodsPerShardCount: 3
+  mongosCount: 2
+  configServerCount: 3
+
+  version: 4.0.6
+
+  project: my-project
+  credentials: my-credentials
+
+  persistent: false
+
+  # This will create a TLS & x509 enabled Sharded Cluster, which means that all the traffic
+  # between members of the Shards and clients, will be encrypted using TLS
+  # certificates. These certificates will be generated on the fly by the operator
+  # using the Kubernetes CA.
+  #
+  # More information about setting up x509 client authentication in Ops Manager:
+  #
+  # https://docs.opsmanager.mongodb.com/current/tutorial/enable-x509-authentication-for-group
+  #
+  # Please refer to Kubernetes TLS Documentation on how to approve these certs:
+  #
+  # https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster/
+  #
+  security:
+    clusterAuthenticationMode: x509
+    tls:
+      enabled: true
diff --git a/samples/extended/standalone-persistent-volumes.yaml b/samples/extended/standalone-persistent-volumes.yaml
@@ -1,3 +1,4 @@
+---
 apiVersion: mongodb.com/v1
 kind: MongoDB
 metadata:
@@ -6,6 +7,11 @@ spec:
   version: 4.0.0
   service: my-service
 
+  # Indicates featureCompatibilityVersion. This attribute will make the data
+  # format to persist in a particular version, maybe older, allowing for
+  # future downgrades if necessary.
+  featureCompatibilityVersion: 4.0
+
   ## Please Note: The default Kubernetes cluster name is `cluster.local`.
   ## If your cluster has been configured with another name, you can specify
   ## it with the `clusterName` attribute.
diff --git a/samples/extended/standalone-tls.yaml b/samples/extended/standalone-tls.yaml
@@ -1,3 +1,4 @@
+---
 apiVersion: mongodb.com/v1
 kind: MongoDB
 metadata:
diff --git a/samples/minimal/replica-set.yaml b/samples/minimal/replica-set.yaml
diff --git a/samples/project-x509-enabled.yaml b/samples/project-x509-enabled.yaml
diff --git a/samples/project.yaml b/samples/project.yaml

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,4 @@`
	`1`	`+---`
`1`	`2`	`apiVersion: mongodb.com/v1`
`2`	`3`	`kind: MongoDB`
`3`	`4`	`metadata:`