created primary services in mongodb, added resources limit and request and affinity on all module

Author: amansquareops-ops

examples/complete/aws/helm/exporter.yaml

@@ -3,7 +3,7 @@ affinity:
     requiredDuringSchedulingIgnoredDuringExecution:
         nodeSelectorTerms:
         - matchExpressions:
-          - key: "Infra-Services"
+          - key: "Addons-Services"
             operator: In
             values:
             - "true"

examples/complete/aws/helm/values.yaml

@@ -3,10 +3,48 @@ affinity:
     requiredDuringSchedulingIgnoredDuringExecution:
         nodeSelectorTerms:
         - matchExpressions:
-          - key: "Infra-Services"
+          - key: "Addons-Services"
             operator: In
             values:
             - "true"
+
+resources:
+  limits:
+    cpu: 900m
+    memory: 800Mi
+  requests:
+    cpu: 600m
+    memory: 500Mi
+
+metrics:
+  enabled: true
+  resources:
+    limits:
+       cpu: 200m
+       memory: 528Mi
+    requests:
+       cpu: 120m
+       memory: 228Mi
+
+arbiter:
+  resources:
+    limits:
+      cpu: 200m
+      memory: 400Mi
+    requests:
+      cpu: 100m
+      memory: 250Mi
+  
+  affinity:
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+          nodeSelectorTerms:
+          - matchExpressions:
+            - key: "Addons-Services"
+              operator: In
+              values:
+              - "true"
+
 backupjob:
   resources:
     requests:
@@ -23,4 +61,4 @@ restorejob:
       cpu: 50m
     limits:
       memory: 200Mi
-      cpu: 100m
+      cpu: 100m

helm/values/exporter/values.yaml

@@ -24,7 +24,7 @@ livenessProbe:
 
 # [mongodb[+srv]://][user:pass@]host1[:port1][,host2[:port2],...][/database][?options]
 mongodb:
-  uri: "mongodb://mongodb_exporter:${mongodb_exporter_password}@mongodb-0.mongodb-headless.{namespace}.svc.cluster.local:27017/admin?authSource=admin"
+  uri: "mongodb://mongodb_exporter:${mongodb_exporter_password}@mongodb-primary.{namespace}.svc.cluster.local:27017/admin?authSource=admin"
 
 # Name of an externally managed secret (in the same namespace) containing the connection uri as key `mongodb-uri`.
 # If this is provided, the value mongodb.uri is ignored.

helm/values/mongodb/values.yaml

@@ -67,7 +67,29 @@ clusterDomain: cluster.local
 ##       app.kubernetes.io/name: mongodb
 ##       primary: "true"
 ##
-extraDeploy: []
+extraDeploy:
+  - apiVersion: v1
+    kind: Service
+    metadata:
+      name: mongodb-primary
+      namespace: ${namespace}
+      labels:
+        app.kubernetes.io/component: mongodb
+        app.kubernetes.io/instance: mongodb
+        app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: mongodb
+    spec:
+      type: ClusterIP
+      ports:
+        - name: mongodb-primary
+          port: 27017
+          protocol: TCP
+          targetPort: mongodb
+      selector:
+        app.kubernetes.io/component: mongodb
+        app.kubernetes.io/instance: mongodb
+        app.kubernetes.io/name: mongodb
+        primary: "true"
 ## @param commonLabels Add labels to all the deployed resources (sub-charts are not considered). Evaluated as a template
 ##
 commonLabels: {}
@@ -502,23 +524,23 @@ containerSecurityContext:
 ## @param resources.limits The resources limits for MongoDB(®) containers
 ## @param resources.requests The requested resources for MongoDB(®) containers
 ##
-resources:
+resources: {}
   ## Example:
   ## limits:
   ##    cpu: 100m
   ##    memory: 128Mi
   ##
-  limits:
-    cpu: 1000m
-    memory: 1000Mi
+  # limits:
+  #   cpu: 1000m
+  #   memory: 1000Mi
   ## Examples:
   ## requests:
   ##    cpu: 100m
   ##    memory: 128Mi
   ##
-  requests:
-    cpu: 500m
-    memory: 500Mi
+  # requests:
+  #   cpu: 500m
+  #   memory: 500Mi
 ## @param containerPorts.mongodb MongoDB(®) container port
 containerPorts:
   mongodb: 27017
@@ -620,7 +642,24 @@ initContainers: []
 ##     - name: DEBUG
 ##       value: "true"
 ##
-sidecars: []
+sidecars:
+  - name: mongo-labeler
+    image: korenlev/k8s-mongo-labeler-sidecar
+    imagePullPolicy: Always
+    env:
+      - name: LABEL_SELECTOR
+        value: "app.kubernetes.io/component=mongodb,app.kubernetes.io/instance=mongodb,app.kubernetes.io/name=mongodb"
+      - name: NAMESPACE
+        value: ${namespace}
+      - name: DEBUG
+        value: "true"
+    resources:
+      limits:
+        cpu: 100m
+        memory: 200Mi
+      requests:
+        cpu: 50m
+        memory: 100Mi
 ## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for the MongoDB(®) container(s)
 ## Examples:
 ## extraVolumeMounts:
@@ -996,7 +1035,7 @@ rbac:
   ## that allows MongoDB(®) pods querying the K8s API
   ## this needs to be set to 'true' to enable the mongo-labeler sidecar primary mongodb discovery
   ##
-  create: false
+  create: true
   ## @param rbac.rules Custom rules to create following the role specification
   ## The example below needs to be uncommented to use the 'mongo-labeler' sidecar for dynamic discovery of the primary mongodb pod:
   ## rules:
@@ -1010,7 +1049,16 @@ rbac:
   ##       - watch
   ##       - update
   ##
-  rules: []
+  rules:
+    - apiGroups:
+        - ""
+      resources:
+        - pods
+      verbs:
+        - get
+        - list
+        - watch
+        - update
 ## PodSecurityPolicy configuration
 ## Be sure to also set rbac.create to true, otherwise Role and RoleBinding won't be created.
 ## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
@@ -1304,23 +1352,23 @@ arbiter:
   ## @param arbiter.resources.limits The resources limits for Arbiter containers
   ## @param arbiter.resources.requests The requested resources for Arbiter containers
   ##
-  resources:
+  resources: {}
     ## Example:
     ## limits:
     ##    cpu: 100m
     ##    memory: 128Mi
     ##
-    limits:
-      cpu: 200m
-      memory: 500Mi
+    # limits:
+    #   cpu: 200m
+    #   memory: 500Mi
     ## Examples:
     ## requests:
     ##    cpu: 100m
     ##    memory: 128Mi
     ##
-    requests:
-      cpu: 100m
-      memory: 250Mi
+    # requests:
+    #   cpu: 100m
+    #   memory: 250Mi
   ## @param arbiter.containerPorts.mongodb MongoDB(®) arbiter container port
   ##
   containerPorts:
@@ -1866,19 +1914,14 @@ metrics:
   ## @param metrics.resources.limits The resources limits for Prometheus exporter containers
   ## @param metrics.resources.requests The requested resources for Prometheus exporter containers
   ##
-  resources:
-    ## Example:
-    ## limits:
-    ##    cpu: 100m
-    ##    memory: 128Mi
-    ##
-    limits: {}
-    ## Examples:
-    ## requests:
-    ##    cpu: 100m
-    ##    memory: 128Mi
-    ##
-    requests: {}
+  resources: {}
+    # limits:
+    #    cpu: 100m
+    #    memory: 128Mi
+    # requests:
+    #    cpu: 100m
+    #    memory: 128Mi
+  ##
   ## @param metrics.containerPort Port of the Prometheus metrics container
   ##
   containerPort: 9216
@@ -1929,9 +1972,9 @@ metrics:
   ##
   readinessProbe:
     enabled: true
-    initialDelaySeconds: 5
+    initialDelaySeconds: 30
     periodSeconds: 5
-    timeoutSeconds: 1
+    timeoutSeconds: 15
     failureThreshold: 3
     successThreshold: 1
   ## Slow starting containers can be protected through startup probes

main.tf

@@ -67,7 +67,8 @@ resource "helm_release" "mongodb_backup" {
       azure_storage_account_key  = var.bucket_provider_type == "azure" ? var.azure_storage_account_key : ""
       azure_container_name       = var.bucket_provider_type == "azure" ? var.azure_container_name : ""
       annotations                = var.bucket_provider_type == "s3" ? "eks.amazonaws.com/role-arn : ${var.iam_role_arn_backup}" : var.bucket_provider_type == "gcs" ? "iam.gke.io/gcp-service-account: ${var.service_account_backup}" : var.bucket_provider_type == "azure" ? "azure.workload.identity/client-id: ${var.az_account_backup}" : ""
-    })
+    }),
+    var.mongodb_config.values_yaml
   ]
 }
 
@@ -90,7 +91,8 @@ resource "helm_release" "mongodb_restore" {
       azure_storage_account_key  = var.bucket_provider_type == "azure" ? var.azure_storage_account_key : ""
       azure_container_name       = var.bucket_provider_type == "azure" ? var.azure_container_name : ""
       annotations                = var.bucket_provider_type == "s3" ? "eks.amazonaws.com/role-arn : ${var.iam_role_arn_restore}" : var.bucket_provider_type == "gcs" ? "iam.gke.io/gcp-service-account: ${var.service_account_restore}" : var.bucket_provider_type == "azure" ? "azure.workload.identity/client-id: ${var.az_account_restore}" : ""
-    })
+    }),
+    var.mongodb_config.values_yaml
   ]
 }
 

modules/backup/templates/fullbackup-cronjob.yaml

@@ -13,15 +13,16 @@ spec:
     spec:
       template:
         spec:
-          affinity: {{ .Values.affinity | toYaml | nindent 10 }}
+          affinity:
+            {{- toYaml .Values.affinity | nindent 12 }}
           restartPolicy: OnFailure
           serviceAccountName: sa-mongo-backup
           containers:
           - name: backup-mongodb
             image: squareops/mongodb-backup:v7
             env:
             - name: MONGODB_URI
-              value: mongodb://{{ .Values.auth.rootUser }}:{{ .Values.auth.rootPassword }}@mongodb-0.mongodb-headless.{{ .Release.Namespace }}.svc.cluster.local:27017
+              value: mongodb://{{ .Values.auth.rootUser }}:{{ .Values.auth.rootPassword }}@mongodb-headless.{{ .Release.Namespace }}.svc.cluster.local:27017
             - name: MONGO_OPLOG
               value: "true"
             - name: MONGO_BUCKET_URI
@@ -33,4 +34,5 @@ spec:
               value: {{ .Values.bucket_provider_type }}
             - name: AWS_DEFAULT_REGION
               value: {{ .Values.backup.aws_default_region }}
-            resources: {{ .Values.backupjob.resources | toYaml | nindent 12 }}
+            resources: 
+              {{- toYaml .Values.backupjob.resources | nindent 14 }}

modules/restore/templates/job.yaml

@@ -5,14 +5,15 @@ metadata:
 spec:
   template:
     spec:
-      affinity: {{ .Values.affinity | toYaml | nindent 6 }}
+      affinity:
+        {{- toYaml .Values.affinity | nindent 8 }}
       serviceAccountName: sa-mongo-restore
       containers:
           - name: restore-mongodb
             image: squareops/mongodb-restore:v6
             env:
             - name: MONGO_URI
-              value: mongodb://{{ .Values.auth.rootUser }}:{{ .Values.auth.rootPassword }}@mongodb-0.mongodb-headless.{{ .Release.Namespace }}.svc.cluster.local:27017
+              value: mongodb://{{ .Values.auth.rootUser }}:{{ .Values.auth.rootPassword }}@mongodb-primary.{{ .Release.Namespace }}.svc.cluster.local:27017
             - name: MONGO_OPLOG
               value: "false"
             - name: AWS_DEFAULT_REGION
@@ -26,6 +27,7 @@ spec:
               value: {{ .Values.restore.file_name | quote }}
             - name: RESTORE_FROM
               value: {{ .Values.bucket_provider_type}}
-            resources: {{ .Values.restorejob.resources | toYaml | nindent 12 }}
+            resources:
+              {{- toYaml .Values.restorejob.resources | nindent 14 }}
       restartPolicy: Never
   backoffLimit: 4

output.tf

@@ -1,8 +1,9 @@
 output "mongodb_endpoints" {
   description = "MongoDB endpoints in the Kubernetes cluster."
   value = {
-    mongoport        = "27017",
-    mongodb_endpoint = "mongodb-headless.${var.namespace}.svc.cluster.local"
+    mongoport                 = "27017",
+    mongodb_headless_endpoint = "mongodb-headless.${var.namespace}.svc.cluster.local"
+    mongodb_primary_endpoint  = "mongodb-primary.${var.namespace}.svc.cluster.local"
   }
 }