Adding ability to add 'extraManifests'

Author: JunaidChaudry

charts/community-operator/templates/database_roles.yaml

@@ -4,7 +4,10 @@ kind: ServiceAccount
 metadata:
   name: {{ .Values.database.name }}
   namespace: {{ if .Values.database.namespace }} {{ .Values.database.namespace }} {{ else }} {{ .Release.Namespace }} {{ end }}
-
+  {{- with .Values.database.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role

charts/community-operator/templates/extraObjects.yaml

@@ -0,0 +1,4 @@
+{{ range .Values.extraObjects }}
+---
+{{ tpl (toYaml .) $ }}
+{{ end }}

charts/community-operator/templates/mongodbcommunity_cr_with_tls.yaml

@@ -75,5 +75,13 @@ spec:
       {{- end }}
     authentication:
       modes: ["SCRAM"]
-  users: []
+  {{ with .Values.resource.statefulSet }}
+  statefulSet: 
+  {{- toYaml . | nindent 4 }}
+  {{- end}}
+  
+  {{- with .Values.resource.users }}
+  users:
+  {{- toYaml . | nindent 4 }}
+  {{- end }}
 {{- end }}

charts/community-operator/templates/operator_roles.yaml

@@ -4,7 +4,10 @@ kind: ServiceAccount
 metadata:
   name: {{ .Values.operator.name }}
   namespace: {{ .Release.Namespace }}
-
+  {{- with .Values.operator.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: {{ if eq (.Values.operator.watchNamespace | default "") "*" }} ClusterRole {{ else }} Role {{ end }}

charts/community-operator/values.yaml

@@ -4,6 +4,10 @@ operator:
   # Deployment, ServiceAccount, Role etc.
   name: mongodb-kubernetes-operator
 
+  # serviceAccount annotations, if any to add 
+  serviceAccount: 
+    annotations: {}
+
   # Name of the operator image
   operatorImageName: mongodb-kubernetes-operator
 
@@ -33,7 +37,13 @@ operator:
 
 ## Operator's database
 database:
+  # Name that will be assigned to most of internal Kubernetes objects like
+  # ServiceAccount, Role etc.
   name: mongodb-database
+  # serviceAccount annotations, if any to add 
+  serviceAccount: 
+    annotations: {}
+
   # set this to the namespace where you would like
   # to deploy the MongoDB database,
   # Note if the database namespace is not same
@@ -77,11 +87,68 @@ resource:
   members: 3
   tls:
     enabled: false
+  # users: []
+  #   - name: my-user
+  #     db: admin
+  #     passwordSecretRef: # a reference to the secret that will be used to generate the user's password
+  #       name: my-user-password
+  #     roles:
+  #       - name: clusterAdmin
+  #         db: admin
+  #       - name: userAdminAnyDatabase
+  #         db: admin
+  #       - name: readWriteAnyDatabase
+  #         db: admin
+  #       - name: dbAdminAnyDatabase
+  #         db: admin
+  #     scramCredentialsSecretName: my-scram
 
+  # overwrite MDBC resource statefulset defaults
+  # statefulSet: 
+  #   spec:
+  #     template:
+  #       spec:
+  #         imagePullSecrets: 
+  #           - name: my-secret
+  #         volumes:
+  #         - name: secretmanager-secretproviderclass
+  #           csi:
+  #             driver: secrets-store.csi.k8s.io
+  #             readOnly: true
+  #             volumeAttributes:
+  #               secretProviderClass: mysecretclass
+  #         containers: 
+  #           - name: mongodb-agent 
+  #             volumeMounts: 
+  #             - name: secretmanager-secretproviderclass
+  #               mountPath: "/mnt/secrets-store"
+  #               readOnly: true
     # Installs Cert-Manager in this cluster.
     useCertManager: true
     certificateKeySecretRef: tls-certificate
     caCertificateSecretRef: tls-ca-key-pair
     certManager:
       certDuration: 8760h   # 365 days
       renewCertBefore: 720h   # 30 days
+
+# -- Array of extra K8s manifests to deploy
+extraObjects: []
+  # - apiVersion: secrets-store.csi.x-k8s.io/v1
+  #   kind: SecretProviderClass
+  #   metadata:
+  #     name: mongodb-secrets-store
+  #   spec:
+  #     provider: aws
+  #     parameters:
+  #       objects: |
+  #         - objectName: "mongodb"
+  #           objectType: "secretsmanager"
+  #           jmesPath:
+  #               - path: "password"
+  #                 objectAlias: "password"
+  #     secretObjects:
+  #     - data:
+  #       - key: password
+  #         objectName: password
+  #       secretName: my-user-password
+  #       type: Opaque