Kubernetes Enterprise Operator Release 1.33.0 (#309)

* Updated

* Updated

Author: mms-build-account

architectures/mongodb-replicaset-mc-no-mesh/code_snippets/1050_generate_certs.sh

@@ -0,0 +1,20 @@
+kubectl apply --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" -f - <<EOF
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: mdb-cert
+spec:
+  dnsNames:
+  - "*.${MDB_CLUSTER_0_EXTERNAL_DOMAIN}"
+  - "*.${MDB_CLUSTER_1_EXTERNAL_DOMAIN}"
+  - "*.${MDB_CLUSTER_2_EXTERNAL_DOMAIN}"
+  duration: 240h0m0s
+  issuerRef:
+    name: my-ca-issuer
+    kind: ClusterIssuer
+  renewBefore: 120h0m0s
+  secretName: cert-prefix-mdb-cert
+  usages:
+  - server auth
+  - client auth
+EOF

architectures/mongodb-replicaset-mc-no-mesh/code_snippets/1100_mongodb_replicaset_multi_cluster.sh

@@ -0,0 +1,46 @@
+kubectl apply --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" -f - <<EOF
+apiVersion: mongodb.com/v1
+kind: MongoDBMultiCluster
+metadata:
+  name: ${RS_RESOURCE_NAME}
+spec:
+  type: ReplicaSet
+  version: ${MONGODB_VERSION}
+  opsManager:
+    configMapRef:
+      name: mdb-org-project-config
+  credentials: mdb-org-owner-credentials
+  duplicateServiceObjects: false
+  persistent: true
+  backup:
+    mode: enabled
+  security:
+    certsSecretPrefix: cert-prefix
+    tls:
+      ca: ca-issuer
+    authentication:
+      enabled: true
+      modes: ["SCRAM"]
+  clusterSpecList:
+    - clusterName: ${K8S_CLUSTER_0_CONTEXT_NAME}
+      members: 2
+      externalAccess:
+        externalDomain: "${MDB_CLUSTER_0_EXTERNAL_DOMAIN}"
+        externalService:
+          annotations:
+             external-dns.alpha.kubernetes.io/hostname: "{podName}.${MDB_CLUSTER_0_EXTERNAL_DOMAIN}"
+    - clusterName: ${K8S_CLUSTER_1_CONTEXT_NAME}
+      members: 1
+      externalAccess:
+        externalDomain: "${MDB_CLUSTER_1_EXTERNAL_DOMAIN}"
+        externalService:
+          annotations:
+             external-dns.alpha.kubernetes.io/hostname: "{podName}.${MDB_CLUSTER_1_EXTERNAL_DOMAIN}"
+    - clusterName: ${K8S_CLUSTER_2_CONTEXT_NAME}
+      members: 2
+      externalAccess:
+        externalDomain: "${MDB_CLUSTER_2_EXTERNAL_DOMAIN}"
+        externalService:
+          annotations:
+             external-dns.alpha.kubernetes.io/hostname: "{podName}.${MDB_CLUSTER_2_EXTERNAL_DOMAIN}"
+EOF

architectures/mongodb-replicaset-mc-no-mesh/code_snippets/1110_mongodb_replicaset_multi_cluster_wait_for_running_state.sh

@@ -0,0 +1,8 @@
+echo; echo "Waiting for MongoDB to reach Running phase..."
+kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" wait --for=jsonpath='{.status.phase}'=Running "mdbmc/${RS_RESOURCE_NAME}" --timeout=900s
+echo; echo "Pods running in cluster ${K8S_CLUSTER_0_CONTEXT_NAME}"
+kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" get pods
+echo; echo "Pods running in cluster ${K8S_CLUSTER_1_CONTEXT_NAME}"
+kubectl --context "${K8S_CLUSTER_1_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" get pods
+echo; echo "Pods running in cluster ${K8S_CLUSTER_2_CONTEXT_NAME}"
+kubectl --context "${K8S_CLUSTER_2_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" get pods

architectures/mongodb-replicaset-mc-no-mesh/code_snippets/1200_create_mongodb_user.sh

@@ -0,0 +1,27 @@
+kubectl apply --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" -f - <<EOF
+apiVersion: v1
+kind: Secret
+metadata:
+  name: rs-user-password
+type: Opaque
+stringData:
+  password: password
+---
+apiVersion: mongodb.com/v1
+kind: MongoDBUser
+metadata:
+  name: rs-user
+spec:
+  passwordSecretKeyRef:
+    name: rs-user-password
+    key: password
+  username: "rs-user"
+  db: "admin"
+  mongodbResourceRef:
+    name: ${RS_RESOURCE_NAME}
+  roles:
+  - db: "admin"
+    name: "root"
+EOF
+
+kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" wait --for=jsonpath='{.status.phase}'=Updated -n "${MDB_NAMESPACE}" mdbu/rs-user --timeout=300s

architectures/mongodb-replicaset-mc-no-mesh/code_snippets/1210_verify_mongosh_connection.sh

@@ -0,0 +1,6 @@
+external_ip="$(kubectl get --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" svc "${RS_RESOURCE_NAME}-0-0-svc-external" -o=jsonpath="{.status.loadBalancer.ingress[0].ip}")"
+
+mkdir -p certs
+kubectl get --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" cm/ca-issuer -o=jsonpath='{.data.ca-pem}' > certs/ca.crt
+
+mongosh --host "${external_ip}" --username rs-user --password password --tls --tlsCAFile certs/ca.crt --tlsAllowInvalidHostnames --eval "db.runCommand({connectionStatus : 1})"

architectures/mongodb-replicaset-mc-no-mesh/code_snippets/9000_delete_resources.sh

@@ -0,0 +1,3 @@
+kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" delete mdbu/rs-user
+
+kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" delete "mdbmc/${RS_RESOURCE_NAME}"

architectures/mongodb-replicaset-mc-no-mesh/env_variables.sh

@@ -0,0 +1,15 @@
+# This script builds on top of the environment configured in the setup guides.
+# It depends (uses) the following env variables defined there to work correctly.
+# If you don't use the setup guide to bootstrap the environment, then define them here.
+#  ${K8S_CLUSTER_0_CONTEXT_NAME}
+#  ${K8S_CLUSTER_1_CONTEXT_NAME}
+#  ${K8S_CLUSTER_2_CONTEXT_NAME}
+#  ${MDB_NAMESPACE}
+#  ${CUSTOM_DOMAIN}
+
+export RS_RESOURCE_NAME=mdb
+export MONGODB_VERSION="8.0.5-ent"
+
+export MDB_CLUSTER_0_EXTERNAL_DOMAIN="${K8S_CLUSTER_0}.${CUSTOM_DOMAIN}"
+export MDB_CLUSTER_1_EXTERNAL_DOMAIN="${K8S_CLUSTER_1}.${CUSTOM_DOMAIN}"
+export MDB_CLUSTER_2_EXTERNAL_DOMAIN="${K8S_CLUSTER_2}.${CUSTOM_DOMAIN}"

architectures/mongodb-replicaset-mc-no-mesh/output/1210_verify_mongosh_connection.out

@@ -0,0 +1,15 @@
+{
+  authInfo: {
+    authenticatedUsers: [ { user: 'rs-user', db: 'admin' } ],
+    authenticatedUserRoles: [ { role: 'root', db: 'admin' } ]
+  },
+  ok: 1,
+  '$clusterTime': {
+    clusterTime: Timestamp({ t: 1743589744, i: 1 }),
+    signature: {
+      hash: Binary.createFromBase64('fiBrPX9aaxTmMmLb1K2q6d4/XfQ=', 0),
+      keyId: Long('7488660369775263749')
+    }
+  },
+  operationTime: Timestamp({ t: 1743589744, i: 1 })
+}

architectures/mongodb-replicaset-mc-no-mesh/teardown.sh

@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+
+set -eou pipefail
+
+script_name=$(readlink -f "${BASH_SOURCE[0]}")
+script_dir=$(dirname "${script_name}")
+
+source scripts/code_snippets/sample_test_runner.sh
+
+pushd "${script_dir}"
+
+prepare_snippets
+
+run 9000_delete_resources.sh
+
+popd

architectures/mongodb-replicaset-mc-no-mesh/test.sh

@@ -0,0 +1,22 @@
+#!/usr/bin/env bash
+
+set -eou pipefail
+
+script_name=$(readlink -f "${BASH_SOURCE[0]}")
+script_dir=$(dirname "${script_name}")
+
+source scripts/code_snippets/sample_test_runner.sh
+
+pushd "${script_dir}"
+
+prepare_snippets
+
+run 1050_generate_certs.sh
+run 1100_mongodb_replicaset_multi_cluster.sh
+run 1110_mongodb_replicaset_multi_cluster_wait_for_running_state.sh
+
+run 1200_create_mongodb_user.sh
+sleep 10
+run_for_output 1210_verify_mongosh_connection.sh
+
+popd

architectures/mongodb-replicaset-multi-cluster/code_snippets/1100_mongodb_replicaset_multi_cluster.sh

@@ -2,7 +2,7 @@ kubectl apply --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" -f
 apiVersion: mongodb.com/v1
 kind: MongoDBMultiCluster
 metadata:
-  name: ${RESOURCE_NAME}
+  name: ${RS_RESOURCE_NAME}
 spec:
   type: ReplicaSet
   version: ${MONGODB_VERSION}
@@ -12,6 +12,8 @@ spec:
   credentials: mdb-org-owner-credentials
   duplicateServiceObjects: false
   persistent: true
+  backup:
+    mode: enabled
   externalAccess: {}
   security:
     certsSecretPrefix: cert-prefix

architectures/mongodb-replicaset-multi-cluster/code_snippets/1110_mongodb_replicaset_multi_cluster_wait_for_running_state.sh

@@ -1,5 +1,5 @@
 echo; echo "Waiting for MongoDB to reach Running phase..."
-kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" wait --for=jsonpath='{.status.phase}'=Running "mdbmc/${RESOURCE_NAME}" --timeout=900s
+kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" wait --for=jsonpath='{.status.phase}'=Running "mdbmc/${RS_RESOURCE_NAME}" --timeout=900s
 echo; echo "Pods running in cluster ${K8S_CLUSTER_0_CONTEXT_NAME}"
 kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" get pods
 echo; echo "Pods running in cluster ${K8S_CLUSTER_1_CONTEXT_NAME}"

architectures/mongodb-replicaset-multi-cluster/code_snippets/1200_create_mongodb_user.sh

@@ -18,10 +18,10 @@ spec:
   username: "rs-user"
   db: "admin"
   mongodbResourceRef:
-    name: ${RESOURCE_NAME}
+    name: ${RS_RESOURCE_NAME}
   roles:
   - db: "admin"
     name: "root"
 EOF
 
-kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" wait --for=jsonpath='{.status.phase}'=Updated -n "${MDB_NAMESPACE}" mdbu/rs-user
+kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" wait --for=jsonpath='{.status.phase}'=Updated -n "${MDB_NAMESPACE}" mdbu/rs-user --timeout=300s

architectures/mongodb-replicaset-multi-cluster/code_snippets/1210_verify_mongosh_connection.sh

@@ -1,10 +1,4 @@
-# Load Balancers sometimes take longer to get an IP assigned, we need to retry
-while [ -z "$(kubectl get --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" svc "${RESOURCE_NAME}-0-0-svc-external" -o=jsonpath="{.status.loadBalancer.ingress[0].ip}")" ]
-do
-  sleep 5
-done
-
-external_ip="$(kubectl get --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" svc "${RESOURCE_NAME}-0-0-svc-external" -o=jsonpath="{.status.loadBalancer.ingress[0].ip}")"
+external_ip="$(kubectl get --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" svc "${RS_RESOURCE_NAME}-0-0-svc-external" -o=jsonpath="{.status.loadBalancer.ingress[0].ip}")"
 
 mkdir -p certs
 kubectl get --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" cm/ca-issuer -o=jsonpath='{.data.ca-pem}' > certs/ca.crt

architectures/mongodb-replicaset-multi-cluster/code_snippets/9000_delete_resources.sh

@@ -0,0 +1,3 @@
+kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" delete mdbu/rs-user
+
+kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" delete "mdbmc/${RS_RESOURCE_NAME}"

architectures/mongodb-replicaset-multi-cluster/env_variables.sh

@@ -6,5 +6,5 @@
 #  ${K8S_CLUSTER_2_CONTEXT_NAME}
 #  ${MDB_NAMESPACE}
 
-export RESOURCE_NAME=mdb
-export MONGODB_VERSION=8.0.5
+export RS_RESOURCE_NAME=mdb
+export MONGODB_VERSION="8.0.5-ent"

architectures/mongodb-replicaset-multi-cluster/teardown.sh

@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+
+set -eou pipefail
+
+script_name=$(readlink -f "${BASH_SOURCE[0]}")
+script_dir=$(dirname "${script_name}")
+
+source scripts/code_snippets/sample_test_runner.sh
+
+pushd "${script_dir}"
+
+prepare_snippets
+
+run 9000_delete_resources.sh
+
+popd

architectures/mongodb-sharded-mc-no-mesh/code_snippets/2050_generate_certs.sh

@@ -0,0 +1,115 @@
+kubectl apply --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" -f - <<EOF
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: mdb-sh-cert
+spec:
+  dnsNames:
+  - "*.${MDB_CLUSTER_0_EXTERNAL_DOMAIN}"
+  - "*.${MDB_CLUSTER_1_EXTERNAL_DOMAIN}"
+  - "*.${MDB_CLUSTER_2_EXTERNAL_DOMAIN}"
+  duration: 240h0m0s
+  issuerRef:
+    name: my-ca-issuer
+    kind: ClusterIssuer
+  renewBefore: 120h0m0s
+  secretName: cert-prefix-mdb-sh-cert
+  usages:
+  - server auth
+  - client auth
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: mdb-sh-0-cert
+spec:
+  dnsNames:
+  - "*.${MDB_CLUSTER_0_EXTERNAL_DOMAIN}"
+  - "*.${MDB_CLUSTER_1_EXTERNAL_DOMAIN}"
+  - "*.${MDB_CLUSTER_2_EXTERNAL_DOMAIN}"
+  duration: 240h0m0s
+  issuerRef:
+    name: my-ca-issuer
+    kind: ClusterIssuer
+  renewBefore: 120h0m0s
+  secretName: cert-prefix-mdb-sh-0-cert
+  usages:
+  - server auth
+  - client auth
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: mdb-sh-1-cert
+spec:
+  dnsNames:
+  - "*.${MDB_CLUSTER_0_EXTERNAL_DOMAIN}"
+  - "*.${MDB_CLUSTER_1_EXTERNAL_DOMAIN}"
+  - "*.${MDB_CLUSTER_2_EXTERNAL_DOMAIN}"
+  duration: 240h0m0s
+  issuerRef:
+    name: my-ca-issuer
+    kind: ClusterIssuer
+  renewBefore: 120h0m0s
+  secretName: cert-prefix-mdb-sh-1-cert
+  usages:
+  - server auth
+  - client auth
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: mdb-sh-2-cert
+spec:
+  dnsNames:
+  - "*.${MDB_CLUSTER_0_EXTERNAL_DOMAIN}"
+  - "*.${MDB_CLUSTER_1_EXTERNAL_DOMAIN}"
+  - "*.${MDB_CLUSTER_2_EXTERNAL_DOMAIN}"
+  duration: 240h0m0s
+  issuerRef:
+    name: my-ca-issuer
+    kind: ClusterIssuer
+  renewBefore: 120h0m0s
+  secretName: cert-prefix-mdb-sh-2-cert
+  usages:
+  - server auth
+  - client auth
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: mdb-sh-config-cert
+spec:
+  dnsNames:
+  - "*.${MDB_CLUSTER_0_EXTERNAL_DOMAIN}"
+  - "*.${MDB_CLUSTER_1_EXTERNAL_DOMAIN}"
+  - "*.${MDB_CLUSTER_2_EXTERNAL_DOMAIN}"
+  duration: 240h0m0s
+  issuerRef:
+    name: my-ca-issuer
+    kind: ClusterIssuer
+  renewBefore: 120h0m0s
+  secretName: cert-prefix-mdb-sh-config-cert
+  usages:
+  - server auth
+  - client auth
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: mdb-sh-mongos-cert
+spec:
+  dnsNames:
+  - "*.${MDB_CLUSTER_0_EXTERNAL_DOMAIN}"
+  - "*.${MDB_CLUSTER_1_EXTERNAL_DOMAIN}"
+  - "*.${MDB_CLUSTER_2_EXTERNAL_DOMAIN}"
+  duration: 240h0m0s
+  issuerRef:
+    name: my-ca-issuer
+    kind: ClusterIssuer
+  renewBefore: 120h0m0s
+  secretName: cert-prefix-mdb-sh-mongos-cert
+  usages:
+  - server auth
+  - client auth
+EOF