mongo
Provisions a dedicated MongoDB database.
type: mongodb
expected_outputs:
- host
- port
- username
- password
- connectionprovisioners.yaml
(view on GitHub)
:
- uri: template://default-provisioners/mongo
type: mongodb
description: Provisions a dedicated MongoDB database.
init: |
randomUsername: user-{{ randAlpha 8 }}
randomPassword: {{ randAlphaNum 16 | quote }}
state: |
service: mongo-{{ .SourceWorkload }}-{{ substr 0 8 .Guid | lower }}
username: {{ dig "username" .Init.randomUsername .State | quote }}
password: {{ dig "password" .Init.randomPassword .State | quote }}
outputs: |
host: {{ .State.service }}
port: 27017
connection: "mongodb://{{ .State.username }}:{{ .State.password }}@{{ .State.service }}:27017/"
username: {{ .State.username }}
password: {{ encodeSecretRef .State.service "MONGO_INITDB_ROOT_PASSWORD" }}
manifests: |
- apiVersion: v1
kind: Secret
metadata:
name: {{ .State.service }}
{{ if ne .Namespace "" }}
namespace: {{ .Namespace }}
{{ end }}
annotations:
k8s.score.dev/source-workload: {{ .SourceWorkload }}
k8s.score.dev/resource-uid: {{ .Uid }}
k8s.score.dev/resource-guid: {{ .Guid }}
labels:
app.kubernetes.io/managed-by: score-k8s
app.kubernetes.io/name: {{ .State.service }}
app.kubernetes.io/instance: {{ .State.service }}
data:
MONGO_INITDB_ROOT_PASSWORD: {{ .State.password | b64enc }}
- apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ .State.service }}
{{ if ne .Namespace "" }}
namespace: {{ .Namespace }}
{{ end }}
annotations:
k8s.score.dev/source-workload: {{ .SourceWorkload }}
k8s.score.dev/resource-uid: {{ .Uid }}
k8s.score.dev/resource-guid: {{ .Guid }}
labels:
app.kubernetes.io/managed-by: score-k8s
app.kubernetes.io/name: {{ .State.service }}
app.kubernetes.io/instance: {{ .State.service }}
spec:
replicas: 1
serviceName: {{ .State.service }}
selector:
matchLabels:
app.kubernetes.io/instance: {{ .State.service }}
template:
metadata:
labels:
app.kubernetes.io/managed-by: score-k8s
app.kubernetes.io/name: {{ .State.service }}
app.kubernetes.io/instance: {{ .State.service }}
annotations:
k8s.score.dev/source-workload: {{ .SourceWorkload }}
k8s.score.dev/resource-uid: {{ .Uid }}
k8s.score.dev/resource-guid: {{ .Guid }}
spec:
automountServiceAccountToken: false
containers:
- name: mongo-db
image: mirror.gcr.io/mongo:8
ports:
- name: mongo
containerPort: 27017
env:
- name: MONGO_INITDB_ROOT_USERNAME
value: {{ .State.username | quote }}
- name: MONGO_INITDB_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .State.service }}
key: MONGO_INITDB_ROOT_PASSWORD
livenessProbe:
exec:
command:
- /bin/sh
- -c
- echo 'db.runCommand("ping").ok' | mongosh -u $$MONGO_INITDB_ROOT_USERNAME -p $$MONGO_INITDB_ROOT_PASSWORD
initialDelaySeconds: 30
timeoutSeconds: 5
periodSeconds: 20
securityContext:
runAsUser: 1001
runAsGroup: 1001
allowPrivilegeEscalation: false
privileged: false
readOnlyRootFilesystem: true
capabilities:
drop:
- ALL
volumeMounts:
- name: data
mountPath: /data/db
- name: tmp
mountPath: /tmp
securityContext:
runAsNonRoot: true
fsGroup: 1001
seccompProfile:
type: RuntimeDefault
volumes:
- name: tmp
emptyDir: {}
volumeClaimTemplates:
- metadata:
name: data
annotations:
k8s.score.dev/source-workload: {{ .SourceWorkload }}
k8s.score.dev/resource-uid: {{ .Uid }}
k8s.score.dev/resource-guid: {{ .Guid }}
labels:
app.kubernetes.io/managed-by: score-k8s
app.kubernetes.io/name: {{ .State.service }}
app.kubernetes.io/instance: {{ .State.service }}
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 1Gi
- apiVersion: v1
kind: Service
metadata:
name: {{ .State.service }}
{{ if ne .Namespace "" }}
namespace: {{ .Namespace }}
{{ end }}
annotations:
k8s.score.dev/source-workload: {{ .SourceWorkload }}
k8s.score.dev/resource-uid: {{ .Uid }}
k8s.score.dev/resource-guid: {{ .Guid }}
labels:
app.kubernetes.io/managed-by: score-k8s
app.kubernetes.io/name: {{ .State.service }}
app.kubernetes.io/instance: {{ .State.service }}
spec:
selector:
app.kubernetes.io/instance: {{ .State.service }}
type: ClusterIP
ports:
- port: 27017
targetPort: 27017
expected_outputs:
- host
- port
- username
- password
- connection