-
Notifications
You must be signed in to change notification settings - Fork 41
/
mongodbcommunity_types.go
319 lines (266 loc) · 10.8 KB
/
mongodbcommunity_types.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package v1
import (
appsv1 "k8s.io/api/apps/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
)
// Type ...
type Type string
const (
// ReplicaSet ...
ReplicaSet Type = "ReplicaSet"
)
// Phase ...
type Phase string
const (
// Running ...
Running Phase = "Running"
// Failed ...
Failed Phase = "Failed"
// Pending ...
Pending Phase = "Pending"
)
// MongoDBCommunitySpec defines the desired state of MongoDB
type MongoDBCommunitySpec struct {
// Members is the number of members in the replica set
// +optional
Members int `json:"members"`
// Type defines which type of MongoDB deployment the resource should create
// +kubebuilder:validation:Enum=ReplicaSet
Type Type `json:"type"`
// Version defines which version of MongoDB will be used
Version string `json:"version"`
// Arbiters is the number of arbiters (each counted as a member) in the replica set
// +optional
Arbiters int `json:"arbiters"`
// FeatureCompatibilityVersion configures the feature compatibility version that will
// be set for the deployment
// +optional
FeatureCompatibilityVersion string `json:"featureCompatibilityVersion,omitempty"`
// ReplicaSetHorizons Add this parameter and values if you need your database
// to be accessed outside of Kubernetes. This setting allows you to
// provide different DNS settings within the Kubernetes cluster and
// to the Kubernetes cluster. The Kubernetes Operator uses split horizon
// DNS for replica set members. This feature allows communication both
// within the Kubernetes cluster and from outside Kubernetes.
// +optional
ReplicaSetHorizons ReplicaSetHorizonConfiguration `json:"replicaSetHorizons,omitempty"`
// Security configures security features, such as TLS, and authentication settings for a deployment
// +required
Security Security `json:"security"`
// Users specifies the MongoDB users that should be configured in your deployment
// +required
Users []MongoDBUser `json:"users"`
// +optional
StatefulSetConfiguration StatefulSetConfiguration `json:"statefulSet,omitempty"`
// AdditionalMongodConfig is additional configuration that can be passed to
// each data-bearing mongod at runtime. Uses the same structure as the mongod
// configuration file: https://docs.mongodb.com/manual/reference/configuration-options/
// +kubebuilder:validation:Type=object
// +optional
// +kubebuilder:pruning:PreserveUnknownFields
// +nullable
AdditionalMongodConfig MongodConfiguration `json:"additionalMongodConfig,omitempty"`
}
// ReplicaSetHorizonConfiguration holds the split horizon DNS settings for
// replica set members.
type ReplicaSetHorizonConfiguration []map[string]string
// CustomRole defines a custom MongoDB role.
type CustomRole struct {
// The name of the role.
Role string `json:"role"`
// The database of the role.
DB string `json:"db"`
// The privileges to grant the role.
Privileges []Privilege `json:"privileges"`
// An array of roles from which this role inherits privileges.
// +optional
Roles []Role `json:"roles"`
// The authentication restrictions the server enforces on the role.
// +optional
AuthenticationRestrictions []AuthenticationRestriction `json:"authenticationRestrictions,omitempty"`
}
// Privilege defines the actions a role is allowed to perform on a given resource.
type Privilege struct {
Resource Resource `json:"resource"`
Actions []string `json:"actions"`
}
// Resource specifies specifies the resources upon which a privilege permits actions.
// See https://docs.mongodb.com/manual/reference/resource-document for more.
type Resource struct {
// +optional
DB *string `json:"db,omitempty"`
// +optional
Collection *string `json:"collection,omitempty"`
// +optional
Cluster bool `json:"cluster,omitempty"`
// +optional
AnyResource bool `json:"anyResource,omitempty"`
}
// AuthenticationRestriction specifies a list of IP addresses and CIDR ranges users
// are allowed to connect to or from.
type AuthenticationRestriction struct {
ClientSource []string `json:"clientSource"`
ServerAddress []string `json:"serverAddress"`
}
// StatefulSetConfiguration holds the optional custom StatefulSet
// that should be merged into the operator created one.
type StatefulSetConfiguration struct {
// +kubebuilder:pruning:PreserveUnknownFields
SpecWrapper StatefulSetSpecWrapper `json:"spec"`
}
// StatefulSetSpecWrapper is a wrapper around StatefulSetSpec with a custom implementation
// of MarshalJSON and UnmarshalJSON which delegate to the underlying Spec to avoid CRD pollution.
type StatefulSetSpecWrapper struct {
Spec appsv1.StatefulSetSpec `json:"-"`
}
// DeepCopy ...
func (m *StatefulSetSpecWrapper) DeepCopy() *StatefulSetSpecWrapper {
return &StatefulSetSpecWrapper{
Spec: m.Spec,
}
}
// MongodConfiguration holds the optional mongod configuration
// that should be merged with the operator created one.
//
// The CRD generator does not support map[string]interface{}
// on the top level and hence we need to work around this with
// a wrapping struct.
type MongodConfiguration struct {
Object map[string]interface{} `json:"-"`
}
// DeepCopy ...
func (m *MongodConfiguration) DeepCopy() *MongodConfiguration {
return &MongodConfiguration{
Object: runtime.DeepCopyJSON(m.Object),
}
}
// MongoDBUser ...
type MongoDBUser struct {
// Name is the username of the user
Name string `json:"name"`
// DB is the database the user is stored in. Defaults to "admin"
// +optional
DB string `json:"db"`
// PasswordSecretRef is a reference to the secret containing this user's password
PasswordSecretRef SecretKeyReference `json:"passwordSecretRef"`
// Roles is an array of roles assigned to this user
Roles []Role `json:"roles"`
// ScramCredentialsSecretName appended by string "scram-credentials" is the name of the secret object created by the mongoDB operator for storing SCRAM credentials
// +kubebuilder:validation:Pattern=^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
ScramCredentialsSecretName string `json:"scramCredentialsSecretName"`
}
// SecretKeyReference is a reference to the secret containing the user's password
type SecretKeyReference struct {
// Name is the name of the secret storing this user's password
Name string `json:"name"`
// Key is the key in the secret storing this password. Defaults to "password"
// +optional
Key string `json:"key"`
}
// Role is the database role this user should have
type Role struct {
// DB is the database the role can act on
DB string `json:"db"`
// Name is the name of the role
Name string `json:"name"`
}
// Security ...
type Security struct {
// +optional
Authentication Authentication `json:"authentication"`
// TLS configuration for both client-server and server-server communication
// +optional
TLS TLS `json:"tls"`
// User-specified custom MongoDB roles that should be configured in the deployment.
// +optional
Roles []CustomRole `json:"roles,omitempty"`
}
// TLS is the configuration used to set up TLS encryption
type TLS struct {
Enabled bool `json:"enabled"`
// Optional configures if TLS should be required or optional for connections
// +optional
Optional bool `json:"optional"`
// CertificateKeySecret is a reference to a Secret containing a private key and certificate to use for TLS.
// The key and cert are expected to be PEM encoded and available at "tls.key" and "tls.crt".
// This is the same format used for the standard "kubernetes.io/tls" Secret type, but no specific type is required.
// +optional
CertificateKeySecret LocalObjectReference `json:"certificateKeySecretRef"`
// CaConfigMap is a reference to a ConfigMap containing the certificate for the CA which signed the server certificates
// The certificate is expected to be available under the key "ca.crt"
// +optional
CaConfigMap LocalObjectReference `json:"caConfigMapRef"`
}
// LocalObjectReference is a reference to another Kubernetes object by name.
// TODO: Replace with a type from the K8s API. CoreV1 has an equivalent
//
// "LocalObjectReference" type but it contains a TODO in its
// description that we don't want in our CRD.
type LocalObjectReference struct {
Name string `json:"name"`
}
// Authentication ...
type Authentication struct {
// Modes is an array specifying which authentication methods should be enabled.
Modes []AuthMode `json:"modes"`
// IgnoreUnknownUsers set to true will ensure any users added manually (not through the CRD)
// will not be removed.
// TODO: defaults will work once we update to v1 CRD.
// +optional
// +kubebuilder:default:=true
// +nullable
IgnoreUnknownUsers *bool `json:"ignoreUnknownUsers,omitempty"`
}
// AuthMode ...
// +kubebuilder:validation:Enum=SCRAM;SCRAM-SHA-256;SCRAM-SHA-1
type AuthMode string
// MongoDBCommunityStatus defines the observed state of MongoDB
type MongoDBCommunityStatus struct {
MongoURI string `json:"mongoUri"`
Phase Phase `json:"phase"`
CurrentStatefulSetReplicas int `json:"currentStatefulSetReplicas"`
CurrentMongoDBMembers int `json:"currentMongoDBMembers"`
Message string `json:"message,omitempty"`
}
// +kubebuilder:object:root=true
// +kubebuilder:subresource:status
// MongoDBCommunity is the Schema for the mongodbs API
// +kubebuilder:subresource:status
// +kubebuilder:resource:path=mongodbcommunity,scope=Namespaced,shortName=mdbc,singular=mongodbcommunity
// +kubebuilder:printcolumn:name="Phase",type="string",JSONPath=".status.phase",description="Current state of the MongoDB deployment"
// +kubebuilder:printcolumn:name="Version",type="string",JSONPath=".status.version",description="Version of MongoDB server"
type MongoDBCommunity struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec MongoDBCommunitySpec `json:"spec,omitempty"`
Status MongoDBCommunityStatus `json:"status,omitempty"`
}
// +kubebuilder:object:root=true
// MongoDBCommunityList contains a list of MongoDB
type MongoDBCommunityList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []MongoDBCommunity `json:"items"`
}
func init() {
SchemeBuilder.Register(&MongoDBCommunity{}, &MongoDBCommunityList{})
}