diff --git a/crds.yaml b/crds.yaml index aec6f92..a57168d 100644 --- a/crds.yaml +++ b/crds.yaml @@ -90,7 +90,6 @@ spec: additionalMongodConfig: type: object - exposedExternally: type: boolean @@ -174,7 +173,16 @@ spec: properties: mode: type: string - enum: ["SCRAM", "X509"] + enum: ["SCRAM", "X509", "LDAP"] + automationUsername: + type: string + automationPasswordSecretRef: + type: object + properties: + name: + type: string + key: + type: string required: - mode enabled: @@ -209,7 +217,9 @@ spec: bindQueryUser: type: string servers: - type: string + type: array + items: + type: string transportSecurity: type: string enum: ["none", "tls"] @@ -224,6 +234,70 @@ spec: type: string userToDNMapping: type: string + roles: + type: array + description: "List of roles not bounded to specific users" + items: + type: object + properties: + role: + type: string + description: "The name of the role" + db: + type: string + description: "The db the role belongs to" + roles: + type: array + description: "List of roles this role inherits from" + items: + type: object + properties: + db: + type: string + description: "The db the role belongs to" + role: + type: string + description: "The name of the role" + authenticationRestrictions: + type: array + description: "List of restriction for users authenticating to this role" + items: + type: object + properties: + clientSource: + type: array + description: "List of IP addresses or CIDR ranges allowed the user can connect from" + items: + type: string + serverAddress: + type: array + description: "List of IP addresses or CIDR ranges allowed the user can connect to" + items: + type: string + privileges: + type: array + description: "List of privileges granted to this role" + items: + type: object + properties: + actions: + type: array + description: "List of actions allowed to this role" + items: + type: string + resource: + type: object + description: "Resource on which the privileges are granted" + properties: + db: + type: string + description: "Name of the database" + collection: + type: string + description: "Name of the collection" + cluster: + type: boolean + description: "True for cluster-wide privileges" # Sharded Cluster properties shardPodSpec: @@ -451,7 +525,6 @@ spec: properties: additionalMongodConfig: type: object - --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition diff --git a/helm_chart/Chart.yaml b/helm_chart/Chart.yaml index 087b0cc..b91a1fd 100644 --- a/helm_chart/Chart.yaml +++ b/helm_chart/Chart.yaml @@ -1,6 +1,6 @@ name: mongodb-enterprise-operator description: MongoDB Kubernetes Enterprise Operator -version: 1.6.1 +version: 1.7.0 kubeVersion: '>=1.13-0' keywords: - mongodb diff --git a/helm_chart/crds/mongodb.mongodb.com.yaml b/helm_chart/crds/mongodb.mongodb.com.yaml index d2e0fdc..85960cf 100644 --- a/helm_chart/crds/mongodb.mongodb.com.yaml +++ b/helm_chart/crds/mongodb.mongodb.com.yaml @@ -90,7 +90,6 @@ spec: additionalMongodConfig: type: object - exposedExternally: type: boolean @@ -174,7 +173,16 @@ spec: properties: mode: type: string - enum: ["SCRAM", "X509"] + enum: ["SCRAM", "X509", "LDAP"] + automationUsername: + type: string + automationPasswordSecretRef: + type: object + properties: + name: + type: string + key: + type: string required: - mode enabled: @@ -209,7 +217,9 @@ spec: bindQueryUser: type: string servers: - type: string + type: array + items: + type: string transportSecurity: type: string enum: ["none", "tls"] @@ -224,6 +234,70 @@ spec: type: string userToDNMapping: type: string + roles: + type: array + description: "List of roles not bounded to specific users" + items: + type: object + properties: + role: + type: string + description: "The name of the role" + db: + type: string + description: "The db the role belongs to" + roles: + type: array + description: "List of roles this role inherits from" + items: + type: object + properties: + db: + type: string + description: "The db the role belongs to" + role: + type: string + description: "The name of the role" + authenticationRestrictions: + type: array + description: "List of restriction for users authenticating to this role" + items: + type: object + properties: + clientSource: + type: array + description: "List of IP addresses or CIDR ranges allowed the user can connect from" + items: + type: string + serverAddress: + type: array + description: "List of IP addresses or CIDR ranges allowed the user can connect to" + items: + type: string + privileges: + type: array + description: "List of privileges granted to this role" + items: + type: object + properties: + actions: + type: array + description: "List of actions allowed to this role" + items: + type: string + resource: + type: object + description: "Resource on which the privileges are granted" + properties: + db: + type: string + description: "Name of the database" + collection: + type: string + description: "Name of the collection" + cluster: + type: boolean + description: "True for cluster-wide privileges" # Sharded Cluster properties shardPodSpec: @@ -451,4 +525,3 @@ spec: properties: additionalMongodConfig: type: object - diff --git a/helm_chart/templates/operator.yaml b/helm_chart/templates/operator.yaml index cfc6555..7eed5c1 100644 --- a/helm_chart/templates/operator.yaml +++ b/helm_chart/templates/operator.yaml @@ -10,11 +10,11 @@ spec: replicas: 1 selector: matchLabels: - app: {{ .Values.operator.name }} + controller: {{ .Values.operator.name }} template: metadata: labels: - app: {{ .Values.operator.name }} + controller: {{ .Values.operator.name }} spec: serviceAccountName: {{ .Values.operator.name }} {{- if not .Values.managedSecurityContext }} diff --git a/helm_chart/values-openshift.yaml b/helm_chart/values-openshift.yaml index b8d556a..8ff5403 100644 --- a/helm_chart/values-openshift.yaml +++ b/helm_chart/values-openshift.yaml @@ -15,7 +15,7 @@ operator: deployment_name: mongodb-enterprise-operator # Version of mongodb-enterprise-operator and mongodb-enterprise-database images - version: 1.6.1 + version: 1.7.0 # The Custom Resources that will be watched by the Operator. Needs to be changed if only some of the CRDs are installed watchedResources: diff --git a/helm_chart/values.yaml b/helm_chart/values.yaml index a853788..54be08d 100644 --- a/helm_chart/values.yaml +++ b/helm_chart/values.yaml @@ -16,7 +16,7 @@ operator: deployment_name: mongodb-enterprise-operator # Version of mongodb-enterprise-operator and mongodb-enterprise-database images - version: 1.6.1 + version: 1.7.0 # The Custom Resources that will be watched by the Operator. Needs to be changed if only some of the CRDs are installed watchedResources: diff --git a/mongodb-enterprise-openshift.yaml b/mongodb-enterprise-openshift.yaml index 471d56f..32bd7b7 100644 --- a/mongodb-enterprise-openshift.yaml +++ b/mongodb-enterprise-openshift.yaml @@ -179,16 +179,16 @@ spec: replicas: 1 selector: matchLabels: - app: enterprise-operator + controller: enterprise-operator template: metadata: labels: - app: enterprise-operator + controller: enterprise-operator spec: serviceAccountName: enterprise-operator containers: - name: mongodb-enterprise-operator - image: registry.connect.redhat.com/mongodb/enterprise-operator:1.6.1 + image: registry.connect.redhat.com/mongodb/enterprise-operator:1.7.0 imagePullPolicy: Always args: - "-watch-resource=mongodb" @@ -210,7 +210,7 @@ spec: - name: MANAGED_SECURITY_CONTEXT value: 'true' - name: MONGODB_ENTERPRISE_DATABASE_IMAGE - value: registry.connect.redhat.com/mongodb/enterprise-database:1.6.1 + value: registry.connect.redhat.com/mongodb/enterprise-database:1.7.0 - name: IMAGE_PULL_POLICY value: Always - name: OPS_MANAGER_IMAGE_REPOSITORY diff --git a/mongodb-enterprise.yaml b/mongodb-enterprise.yaml index 33e6144..9a84a9c 100644 --- a/mongodb-enterprise.yaml +++ b/mongodb-enterprise.yaml @@ -179,11 +179,11 @@ spec: replicas: 1 selector: matchLabels: - app: mongodb-enterprise-operator + controller: mongodb-enterprise-operator template: metadata: labels: - app: mongodb-enterprise-operator + controller: mongodb-enterprise-operator spec: serviceAccountName: mongodb-enterprise-operator securityContext: @@ -191,7 +191,7 @@ spec: runAsUser: 2000 containers: - name: mongodb-enterprise-operator - image: quay.io/mongodb/mongodb-enterprise-operator:1.6.1 + image: quay.io/mongodb/mongodb-enterprise-operator:1.7.0 imagePullPolicy: Always args: - "-watch-resource=mongodb" @@ -211,7 +211,7 @@ spec: fieldRef: fieldPath: metadata.namespace - name: MONGODB_ENTERPRISE_DATABASE_IMAGE - value: quay.io/mongodb/mongodb-enterprise-database:1.6.1 + value: quay.io/mongodb/mongodb-enterprise-database:1.7.0 - name: IMAGE_PULL_POLICY value: Always - name: OPS_MANAGER_IMAGE_REPOSITORY diff --git a/samples/mongodb/authentication/ldap/replica-set/replica-set-ldap.yaml b/samples/mongodb/authentication/ldap/replica-set/replica-set-ldap.yaml index a0fdbf8..8ba72fc 100644 --- a/samples/mongodb/authentication/ldap/replica-set/replica-set-ldap.yaml +++ b/samples/mongodb/authentication/ldap/replica-set/replica-set-ldap.yaml @@ -26,7 +26,9 @@ spec: ldap: # Specify the hostname:port combination of one or # more LDAP servers - servers: "" + servers: + - "" + - "" # Set to "tls" to use LDAP over TLS. Leave blank if # LDAP server does not accept TLS. diff --git a/samples/mongodb/authentication/ldap/sharded-cluster/sharded-cluster-ldap.yaml b/samples/mongodb/authentication/ldap/sharded-cluster/sharded-cluster-ldap.yaml index 445f8d8..c1fe491 100644 --- a/samples/mongodb/authentication/ldap/sharded-cluster/sharded-cluster-ldap.yaml +++ b/samples/mongodb/authentication/ldap/sharded-cluster/sharded-cluster-ldap.yaml @@ -29,7 +29,9 @@ spec: ldap: # Specify the hostname:port combination of one or # more LDAP servers - servers: "" + servers: + - "" + - "" # Set to "tls" to use LDAP over TLS. Leave blank if # LDAP server does not accept TLS. diff --git a/samples/ops-manager/ops-manager-backup.yaml b/samples/ops-manager/ops-manager-backup.yaml index 813b729..6aa2477 100644 --- a/samples/ops-manager/ops-manager-backup.yaml +++ b/samples/ops-manager/ops-manager-backup.yaml @@ -5,7 +5,7 @@ metadata: name: ops-manager-backup spec: replicas: 1 - version: 4.4.0 + version: 4.4.1 adminCredentials: ops-manager-admin-secret # optional. Enabled by default diff --git a/samples/ops-manager/ops-manager-external.yaml b/samples/ops-manager/ops-manager-external.yaml index ff8ee0c..eaf24fb 100644 --- a/samples/ops-manager/ops-manager-external.yaml +++ b/samples/ops-manager/ops-manager-external.yaml @@ -5,7 +5,7 @@ metadata: name: ops-manager-external spec: replicas: 1 - version: 4.4.0 + version: 4.4.1 adminCredentials: ops-manager-admin-secret configuration: diff --git a/samples/ops-manager/ops-manager-ignore-ui-setup.yaml b/samples/ops-manager/ops-manager-ignore-ui-setup.yaml index d8e6f9e..5658b80 100644 --- a/samples/ops-manager/ops-manager-ignore-ui-setup.yaml +++ b/samples/ops-manager/ops-manager-ignore-ui-setup.yaml @@ -4,7 +4,7 @@ metadata: name: ops-manager-ignore-ui spec: replicas: 1 - version: 4.4.0 + version: 4.4.1 adminCredentials: ops-manager-admin-secret configuration: diff --git a/samples/ops-manager/ops-manager-local-mode.yaml b/samples/ops-manager/ops-manager-local-mode.yaml index 95f3434..90178d2 100644 --- a/samples/ops-manager/ops-manager-local-mode.yaml +++ b/samples/ops-manager/ops-manager-local-mode.yaml @@ -4,7 +4,7 @@ metadata: name: ops-manager-localmode spec: replicas: 2 - version: 4.4.0 + version: 4.4.1 adminCredentials: ops-manager-admin-secret configuration: # this enables local mode in Ops Manager diff --git a/samples/ops-manager/ops-manager-pod-spec.yaml b/samples/ops-manager/ops-manager-pod-spec.yaml index d075c55..cf4d88c 100644 --- a/samples/ops-manager/ops-manager-pod-spec.yaml +++ b/samples/ops-manager/ops-manager-pod-spec.yaml @@ -4,7 +4,7 @@ metadata: name: ops-manager-pod-spec spec: replicas: 1 - version: 4.4.0 + version: 4.4.1 adminCredentials: ops-manager-admin-secret configuration: mms.testUtil.enabled: "true" diff --git a/samples/ops-manager/ops-manager-scram.yaml b/samples/ops-manager/ops-manager-scram.yaml index 847f5b6..085bfe2 100644 --- a/samples/ops-manager/ops-manager-scram.yaml +++ b/samples/ops-manager/ops-manager-scram.yaml @@ -5,7 +5,7 @@ metadata: name: ops-manager-scram spec: replicas: 1 - version: 4.4.0 + version: 4.4.1 adminCredentials: ops-manager-admin-secret # the application database backing Ops Manager. Replica Set is the only supported type diff --git a/samples/ops-manager/ops-manager-tls.yaml b/samples/ops-manager/ops-manager-tls.yaml index dfd5aca..b4625c8 100644 --- a/samples/ops-manager/ops-manager-tls.yaml +++ b/samples/ops-manager/ops-manager-tls.yaml @@ -4,7 +4,7 @@ metadata: name: ops-manager-tls spec: replicas: 1 - version: 4.4.0 + version: 4.4.1 adminCredentials: ops-manager-admin-secret configuration: diff --git a/samples/ops-manager/ops-manager.yaml b/samples/ops-manager/ops-manager.yaml index 045942a..dd3f649 100644 --- a/samples/ops-manager/ops-manager.yaml +++ b/samples/ops-manager/ops-manager.yaml @@ -9,7 +9,7 @@ spec: replicas: 3 # the version of Ops Manager distro to use - version: 4.4.0 + version: 4.4.1 # optional. Specify the custom cluster domain of the Kubernetes cluster if it's different from the default one ('cluster.local'). # This affects the urls generated by the Operator.