Skip to content

Instantly share code, notes, and snippets.

@murtaza-u

murtaza-u/mongodb-percona-cr.yaml

Created August 21, 2025 10:43
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save murtaza-u/5b3aa320fb9c21b9c4ab824b90284033 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save murtaza-u/5b3aa320fb9c21b9c4ab824b90284033 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
mongodb-percona-cr.yaml
apiVersion: psmdb.percona.com/v1
kind: PerconaServerMongoDB
metadata:
name: accuknox-mongodb
namespace: {{ include "namespace" . }}
finalizers:
- percona.com/delete-psmdb-pods-in-order
# - percona.com/delete-psmdb-pvc
# - percona.com/delete-pitr-chunks
spec:
# platform: openshift
# clusterServiceDNSSuffix: svc.cluster.local
# clusterServiceDNSMode: "Internal"
# pause: true
# unmanaged: false
# enableVolumeExpansion: false
crVersion: 1.19.1
image: percona/percona-server-mongodb:7.0.15-9-multi
imagePullPolicy: Always
# tls:
# mode: preferTLS
# # 90 days in hours
# certValidityDuration: 2160h
# allowInvalidCertificates: true
# issuerConf:
# name: special-selfsigned-issuer
# kind: ClusterIssuer
# group: cert-manager.io
# imagePullSecrets:
# - name: private-registry-credentials
# initImage: percona/percona-server-mongodb-operator:1.19.1
# initContainerSecurityContext: {}
unsafeFlags:
# tls: false
replsetSize: true
# mongosSize: false
# terminationGracePeriod: false
# backupIfUnhealthy: false
updateStrategy: SmartUpdate
# ignoreAnnotations:
# - service.beta.kubernetes.io/aws-load-balancer-backend-protocol
# ignoreLabels:
# - rack
# multiCluster:
# enabled: true
# DNSSuffix: svc.clusterset.local
upgradeOptions:
versionServiceEndpoint: https://check.percona.com
apply: disabled
schedule: "0 2 * * *"
setFCV: false
secrets:
users: accuknox-mongodb-secrets
encryptionKey: accuknox-mongodb-encryption-key
# ssl: my-cluster-name-ssl
# sslInternal: my-cluster-name-ssl-internal
# keyFile: my-cluster-name-mongodb-keyfile
# vault: my-cluster-name-vault
# ldapSecret: my-ldap-secret
# sse: my-cluster-name-sse
pmm:
enabled: true
image: percona/pmm-client:2.44.0
serverHost: monitoring-service
# containerSecurityContext: {}
# mongodParams: --environment=ENVIRONMENT
# mongosParams: --environment=ENVIRONMENT
replsets:
- name: rs0
size: {{ .Values.replsets }}
# terminationGracePeriodSeconds: 300
# serviceAccountName: default
# topologySpreadConstraints:
# - labelSelector:
# matchLabels:
# app.kubernetes.io/name: percona-server-mongodb
# maxSkew: 1
# topologyKey: kubernetes.io/hostname
# whenUnsatisfiable: DoNotSchedule
# replsetOverrides:
# my-cluster-name-rs0-0:
# host: my-cluster-name-rs0-0.example.net:27017
# priority: 3
# tags:
# key: value-0
# my-cluster-name-rs0-1:
# host: my-cluster-name-rs0-1.example.net:27017
# tags:
# key: value-1
# my-cluster-name-rs0-2:
# host: my-cluster-name-rs0-2.example.net:27017
# tags:
# key: value-2
# externalNodes:
# - host: 34.124.76.90
# - host: 34.124.76.91
# port: 27017
# votes: 0
# priority: 0
# - host: 34.124.76.92
# # for more configuration fields refer to https://docs.mongodb.com/manual/reference/configuration-options/
# configuration: |
# operationProfiling:
# mode: slowOp
# systemLog:
# verbosity: 1
# storage:
# engine: wiredTiger
# wiredTiger:
# engineConfig:
# directoryForIndexes: false
# journalCompressor: snappy
# collectionConfig:
# blockCompressor: snappy
# indexConfig:
# prefixCompression: true
affinity:
antiAffinityTopologyKey: "kubernetes.io/hostname"
# advanced:
# nodeAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# nodeSelectorTerms:
# - matchExpressions:
# - key: kubernetes.io/e2e-az-name
# operator: In
# values:
# - e2e-az1
# - e2e-az2
{{ if .Values.global.mongodb.taints.enabled }}
nodeSelector:
{{- toYaml .Values.nodeConfig.nodeSelector | nindent 8 }}
tolerations:
{{- toYaml .Values.nodeConfig.tolerations | nindent 8 }}
{{- end }}
# tolerations:
# - key: "node.alpha.kubernetes.io/unreachable"
# operator: "Exists"
# effect: "NoExecute"
# tolerationSeconds: 6000
# primaryPreferTagSelector:
# region: us-west-2
# zone: us-west-2c
# priorityClassName: high-priority
# annotations:
# iam.amazonaws.com/role: role-arn
# labels:
# rack: rack-22
# nodeSelector:
# disktype: ssd
# storage:
# engine: wiredTiger
# wiredTiger:
# engineConfig:
# cacheSizeRatio: 0.5
# directoryForIndexes: false
# journalCompressor: snappy
# collectionConfig:
# blockCompressor: snappy
# indexConfig:
# prefixCompression: true
# inMemory:
# engineConfig:
# inMemorySizeRatio: 0.5
# livenessProbe:
# failureThreshold: 4
# initialDelaySeconds: 60
# periodSeconds: 30
# timeoutSeconds: 10
# startupDelaySeconds: 7200
# readinessProbe:
# failureThreshold: 8
# initialDelaySeconds: 10
# periodSeconds: 3
# successThreshold: 1
# timeoutSeconds: 2
# containerSecurityContext:
# privileged: false
# podSecurityContext:
# runAsUser: 1001
# runAsGroup: 1001
# supplementalGroups: [1001]
# runtimeClassName: image-rc
# sidecars:
# - image: busybox
# command: ["/bin/sh"]
# args: ["-c", "while true; do echo echo $(date -u) 'test' >> /dev/null; sleep 5;done"]
# name: rs-sidecar-1
# volumeMounts:
# - mountPath: /volume1
# name: sidecar-volume-claim
# - mountPath: /secret
# name: sidecar-secret
# - mountPath: /configmap
# name: sidecar-config
# sidecarVolumes:
# - name: sidecar-secret
# secret:
# secretName: mysecret
# - name: sidecar-config
# configMap:
# name: myconfigmap
# - name: backup-nfs
# nfs:
# server: "nfs-service.storage.svc.cluster.local"
# path: "/psmdb-some-name-rs0"
# sidecarPVCs:
# - apiVersion: v1
# kind: PersistentVolumeClaim
# metadata:
# name: sidecar-volume-claim
# spec:
# resources:
# requests:
# storage: 1Gi
# volumeMode: Filesystem
# accessModes:
# - ReadWriteOnce
podDisruptionBudget:
maxUnavailable: 1
# minAvailable: 0
# splitHorizons:
# my-cluster-name-rs0-0:
# external: rs0-0.mycluster.xyz
# external-2: rs0-0.mycluster2.xyz
# my-cluster-name-rs0-1:
# external: rs0-1.mycluster.xyz
# external-2: rs0-1.mycluster2.xyz
# my-cluster-name-rs0-2:
# external: rs0-2.mycluster.xyz
# external-2: rs0-2.mycluster2.xyz
expose:
enabled: false
type: ClusterIP
# loadBalancerSourceRanges:
# - 10.0.0.0/8
# annotations:
# service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
# labels:
# rack: rack-22
# internalTrafficPolicy: Local
# externalTrafficPolicy: Local
resources:
limits:
cpu: "2"
memory: "4G"
requests:
cpu: "1600m"
memory: "2G"
volumeSpec:
# emptyDir: {}
# hostPath:
# path: /data
# type: Directory
persistentVolumeClaim:
# annotations:
# volume.beta.kubernetes.io/storage-class: example-hostpath
# labels:
# rack: rack-22
# storageClassName: standard
# accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: 100Gi
nonvoting:
enabled: false
# podSecurityContext: {}
# containerSecurityContext: {}
size: 3
# # for more configuration fields refer to https://docs.mongodb.com/manual/reference/configuration-options/
# configuration: |
# operationProfiling:
# mode: slowOp
# systemLog:
# verbosity: 1
affinity:
antiAffinityTopologyKey: "kubernetes.io/hostname"
# advanced:
# nodeAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# nodeSelectorTerms:
# - matchExpressions:
# - key: kubernetes.io/e2e-az-name
# operator: In
# values:
# - e2e-az1
# - e2e-az2
# tolerations:
# - key: "node.alpha.kubernetes.io/unreachable"
# operator: "Exists"
# effect: "NoExecute"
# tolerationSeconds: 6000
# priorityClassName: high-priority
# annotations:
# iam.amazonaws.com/role: role-arn
# labels:
# rack: rack-22
# nodeSelector:
# disktype: ssd
podDisruptionBudget:
maxUnavailable: 1
# minAvailable: 0
resources:
limits:
cpu: "300m"
memory: "0.5G"
requests:
cpu: "300m"
memory: "0.5G"
volumeSpec:
# emptyDir: {}
# hostPath:
# path: /data
# type: Directory
persistentVolumeClaim:
# annotations:
# volume.beta.kubernetes.io/storage-class: example-hostpath
# labels:
# rack: rack-22
# storageClassName: standard
# accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: 3Gi
arbiter:
enabled: false
size: 1
affinity:
antiAffinityTopologyKey: "kubernetes.io/hostname"
# advanced:
# nodeAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# nodeSelectorTerms:
# - matchExpressions:
# - key: kubernetes.io/e2e-az-name
# operator: In
# values:
# - e2e-az1
# - e2e-az2
# tolerations:
# - key: "node.alpha.kubernetes.io/unreachable"
# operator: "Exists"
# effect: "NoExecute"
# tolerationSeconds: 6000
# priorityClassName: high-priority
# annotations:
# iam.amazonaws.com/role: role-arn
# labels:
# rack: rack-22
# nodeSelector:
# disktype: ssd
# schedulerName: "default"
resources:
limits:
cpu: "300m"
memory: "0.5G"
requests:
cpu: "300m"
memory: "0.5G"
# hostAliases:
# - ip: "10.10.0.2"
# hostnames:
# - "host1"
# - "host2"
sharding:
enabled: false
# balancer:
# enabled: true
configsvrReplSet:
size: 3
# terminationGracePeriodSeconds: 300
# serviceAccountName: default
# topologySpreadConstraints:
# - labelSelector:
# matchLabels:
# app.kubernetes.io/name: percona-server-mongodb
# maxSkew: 1
# topologyKey: kubernetes.io/hostname
# whenUnsatisfiable: DoNotSchedule
# externalNodes:
# - host: 34.124.76.93
# - host: 34.124.76.94
# port: 27017
# votes: 0
# priority: 0
# - host: 34.124.76.95
# # for more configuration fields refer to https://docs.mongodb.com/manual/reference/configuration-options/
# configuration: |
# operationProfiling:
# mode: slowOp
# systemLog:
# verbosity: 1
affinity:
antiAffinityTopologyKey: "kubernetes.io/hostname"
# advanced:
# nodeAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# nodeSelectorTerms:
# - matchExpressions:
# - key: kubernetes.io/e2e-az-name
# operator: In
# values:
# - e2e-az1
# - e2e-az2
# tolerations:
# - key: "node.alpha.kubernetes.io/unreachable"
# operator: "Exists"
# effect: "NoExecute"
# tolerationSeconds: 6000
# priorityClassName: high-priority
# annotations:
# iam.amazonaws.com/role: role-arn
# labels:
# rack: rack-22
# nodeSelector:
# disktype: ssd
# livenessProbe:
# failureThreshold: 4
# initialDelaySeconds: 60
# periodSeconds: 30
# timeoutSeconds: 10
# startupDelaySeconds: 7200
# readinessProbe:
# failureThreshold: 3
# initialDelaySeconds: 10
# periodSeconds: 3
# successThreshold: 1
# timeoutSeconds: 2
# containerSecurityContext:
# privileged: false
# podSecurityContext:
# runAsUser: 1001
# runAsGroup: 1001
# supplementalGroups: [1001]
# runtimeClassName: image-rc
# sidecars:
# - image: busybox
# command: ["/bin/sh"]
# args: ["-c", "while true; do echo echo $(date -u) 'test' >> /dev/null; sleep 5;done"]
# name: rs-sidecar-1
podDisruptionBudget:
maxUnavailable: 1
expose:
enabled: false
type: ClusterIP
# loadBalancerSourceRanges:
# - 10.0.0.0/8
# annotations:
# service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
# labels:
# rack: rack-22
# internalTrafficPolicy: Local
# externalTrafficPolicy: Local
resources:
limits:
cpu: "300m"
memory: "0.5G"
requests:
cpu: "300m"
memory: "0.5G"
volumeSpec:
# emptyDir: {}
# hostPath:
# path: /data
# type: Directory
persistentVolumeClaim:
# annotations:
# volume.beta.kubernetes.io/storage-class: example-hostpath
# labels:
# rack: rack-22
# storageClassName: standard
# accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: 3Gi
# hostAliases:
# - ip: "10.10.0.2"
# hostnames:
# - "host1"
# - "host2"
mongos:
size: {{ .Values.replsets }}
# terminationGracePeriodSeconds: 300
# serviceAccountName: default
# topologySpreadConstraints:
# - labelSelector:
# matchLabels:
# app.kubernetes.io/name: percona-server-mongodb
# maxSkew: 1
# topologyKey: kubernetes.io/hostname
# whenUnsatisfiable: DoNotSchedule
# # for more configuration fields refer to https://docs.mongodb.com/manual/reference/configuration-options/
# configuration: |
# systemLog:
# verbosity: 1
affinity:
antiAffinityTopologyKey: "kubernetes.io/hostname"
{{ if .Values.global.mongodb.taints.enabled }}
nodeSelector:
{{- toYaml .Values.nodeConfig.nodeSelector | nindent 8 }}
tolerations:
{{- toYaml .Values.nodeConfig.tolerations | nindent 8 }}
{{- end }}
# advanced:
# nodeAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# nodeSelectorTerms:
# - matchExpressions:
# - key: kubernetes.io/e2e-az-name
# operator: In
# values:
# - e2e-az1
# - e2e-az2
# tolerations:
# - key: "node.alpha.kubernetes.io/unreachable"
# operator: "Exists"
# effect: "NoExecute"
# tolerationSeconds: 6000
# priorityClassName: high-priority
# annotations:
# iam.amazonaws.com/role: role-arn
# labels:
# rack: rack-22
# nodeSelector:
# disktype: ssd
# livenessProbe:
# failureThreshold: 4
# initialDelaySeconds: 60
# periodSeconds: 30
# timeoutSeconds: 10
# startupDelaySeconds: 7200
# readinessProbe:
# failureThreshold: 3
# initialDelaySeconds: 10
# periodSeconds: 3
# successThreshold: 1
# timeoutSeconds: 2
# containerSecurityContext:
# privileged: false
# podSecurityContext:
# runAsUser: 1001
# runAsGroup: 1001
# supplementalGroups: [1001]
# runtimeClassName: image-rc
# sidecars:
# - image: busybox
# command: ["/bin/sh"]
# args: ["-c", "while true; do echo echo $(date -u) 'test' >> /dev/null; sleep 5;done"]
# name: rs-sidecar-1
podDisruptionBudget:
maxUnavailable: 1
resources:
{{- toYaml .Values.resources | nindent 8 }}
expose:
type: ClusterIP
# servicePerPod: true
# loadBalancerSourceRanges:
# - 10.0.0.0/8
# annotations:
# service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
# labels:
# rack: rack-22
# nodePort: 32017
# internalTrafficPolicy: Local
# externalTrafficPolicy: Local
# hostAliases:
# - ip: "10.10.0.2"
# hostnames:
# - "host1"
# - "host2"
# roles:
# - role: myClusterwideAdmin
# db: admin
# privileges:
# - resource:
# cluster: true
# actions:
# - addShard
# - resource:
# db: config
# collection: ''
# actions:
# - find
# - update
# - insert
# - remove
# roles:
# - role: read
# db: admin
# - role: my-role
# db: myDb
# privileges:
# - resource:
# db: ''
# collection: ''
# actions:
# - find
# authenticationRestrictions:
# - clientSource:
# - 127.0.0.1
# serverAddress:
# - 127.0.0.1
# users:
# - name: my-user
# db: admin
# passwordSecretRef:
# name: my-user-password
# key: my-user-password-key
# roles:
# - name: clusterAdmin
# db: admin
# - name: userAdminAnyDatabase
# db: admin
# - name: my-usr
# db: admin
# passwordSecretRef:
# name: my-user-pwd
# key: my-user-pwd-key
# roles:
# - name: dbOwner
# db: sometest
backup:
enabled: false
image: percona/percona-backup-mongodb:2.8.0-multi
# annotations:
# iam.amazonaws.com/role: role-arn
# resources:
# limits:
# cpu: "300m"
# memory: "1.2G"
# requests:
# cpu: "300m"
# memory: "1G"
# containerSecurityContext:
# privileged: false
storages:
do-spaces:
type: s3
s3:
bucket: "pseudo-bucket"
credentialsSecret: accuknox-mongodb-backup-s3
region: "us-east-1"
endpointUrl: "s3://pseudo-bucket"
prefix: "backup"
retryer:
numMaxRetries: 3
minRetryDelay: 30ms
maxRetryDelay: 5m
# storages:
# s3-us-west:
# type: s3
# s3:
# bucket: S3-BACKUP-BUCKET-NAME-HERE
# credentialsSecret: my-cluster-name-backup-s3
# serverSideEncryption:
# kmsKeyID: 1234abcd-12ab-34cd-56ef-1234567890ab
# sseAlgorithm: aws:kms
# sseCustomerAlgorithm: AES256
# sseCustomerKey: Y3VzdG9tZXIta2V5
# retryer:
# numMaxRetries: 3
# minRetryDelay: 30ms
# maxRetryDelay: 5m
# region: us-west-2
# prefix: ""
# uploadPartSize: 10485760
# maxUploadParts: 10000
# storageClass: STANDARD
# insecureSkipTLSVerify: false
# minio:
# type: s3
# s3:
# bucket: MINIO-BACKUP-BUCKET-NAME-HERE
# region: us-east-1
# credentialsSecret: my-cluster-name-backup-minio
# endpointUrl: http://minio.psmdb.svc.cluster.local:9000/minio/
# insecureSkipTLSVerify: false
# prefix: ""
# azure-blob:
# type: azure
# azure:
# container: CONTAINER-NAME
# prefix: PREFIX-NAME
# endpointUrl: https://accountName.blob.core.windows.net
# credentialsSecret: SECRET-NAME
# backup-nfs:
# type: filesystem
# filesystem:
# path: /mnt/nfs/
# volumeMounts:
# - mountPath: /mnt/nfs/
# name: backup-nfs
pitr:
enabled: true
oplogOnly: false
# oplogSpanMin: 10
compressionType: gzip
compressionLevel: 6
# configuration:
# backupOptions:
# priority:
# "localhost:28019": 2.5
# "localhost:27018": 2.5
# timeouts:
# startingStatus: 33
# oplogSpanMin: 10
# restoreOptions:
# batchSize: 500
# numInsertionWorkers: 10
# numDownloadWorkers: 4
# maxDownloadBufferMb: 0
# downloadChunkMb: 32
# mongodLocation: /usr/bin/mongo
# mongodLocationMap:
# "node01:2017": /usr/bin/mongo
# "node03:27017": /usr/bin/mongo
tasks:
- name: daily-do-spaces
enabled: false
schedule: "0 0 * * *"
keep: 15
storageName: do-spaces
compressionType: gzip
compressionLevel: 6
# - name: daily-s3-us-west
# enabled: true
# schedule: "0 0 * * *"
# keep: 3
# storageName: s3-us-west
# compressionType: gzip
# compressionLevel: 6
# - name: weekly-s3-us-west
# enabled: false
# schedule: "0 0 * * 0"
# keep: 5
# storageName: s3-us-west
# compressionType: gzip
# compressionLevel: 6
# - name: weekly-s3-us-west-physical
# enabled: false
# schedule: "0 5 * * 0"
# keep: 5
# type: physical
# storageName: s3-us-west
# compressionType: gzip
# compressionLevel: 6
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment