mongodb · JunaidChaudry · Mar 9, 2023 · May 25, 2023 · Sep 21, 2023
@@ -4,7 +4,10 @@ kind: ServiceAccount
 metadata:
   name: {{ .Values.database.name }}
   namespace: {{ if .Values.database.namespace }} {{ .Values.database.namespace }} {{ else }} {{ .Release.Namespace }} {{ end }}
-
+  {{- with .Values.database.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role

@@ -0,0 +1,4 @@
+{{ range .Values.extraObjects }}
+---
+{{ tpl (toYaml .) $ }}
+{{ end }}
diff --git a/charts/community-operator/templates/mongodbcommunity_cr_with_tls.yaml b/charts/community-operator/templates/mongodbcommunity_cr_with_tls.yaml
@@ -75,6 +75,10 @@ spec:
       {{- end }}
     authentication:
       modes: ["SCRAM"]
+  {{ with .Values.resource.statefulSet }}
+  statefulSet: 
+  {{- toYaml . | nindent 4 }}
+  {{- end}}
   {{- with .Values.resource.users }}
   users:
   {{- toYaml . | nindent 4 }}

@@ -4,7 +4,10 @@ kind: ServiceAccount
 metadata:
   name: {{ .Values.operator.name }}
   namespace: {{ .Release.Namespace }}
-
+  {{- with .Values.operator.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: {{ if eq (.Values.operator.watchNamespace | default "") "*" }} ClusterRole {{ else }} Role {{ end }}

@@ -9,6 +9,10 @@ operator:
   # Deployment, ServiceAccount, Role etc.
   name: mongodb-kubernetes-operator
 
+  # serviceAccount annotations, if any to add
+  serviceAccount:
+    annotations: {}
+
   # Name of the operator image
   operatorImageName: mongodb-kubernetes-operator
 
@@ -38,7 +42,13 @@ operator:
 
 ## Operator's database
 database:
+  # Name that will be assigned to most of internal Kubernetes objects like
+  # ServiceAccount, Role etc.
   name: mongodb-database
+  # serviceAccount annotations, if any to add
+  serviceAccount:
+    annotations: {}
+
   # set this to the namespace where you would like
   # to deploy the MongoDB database,
   # Note if the database namespace is not same
@@ -82,15 +92,33 @@ resource:
   members: 3
   tls:
     enabled: false
-
+  # overwrite MDBC resource statefulset defaults
+  # statefulSet:
+  #   spec:
+  #     template:
+  #       spec:
+  #         imagePullSecrets:
+  #           - name: my-secret
+  #         volumes:
+  #         - name: secretmanager-secretproviderclass
+  #           csi:
+  #             driver: secrets-store.csi.k8s.io
+  #             readOnly: true
+  #             volumeAttributes:
+  #               secretProviderClass: mysecretclass
+  #         containers:
+  #           - name: mongodb-agent
+  #             volumeMounts:
+  #             - name: secretmanager-secretproviderclass
+  #               mountPath: "/mnt/secrets-store"
+  #               readOnly: true
     # Installs Cert-Manager in this cluster.
     useCertManager: true
     certificateKeySecretRef: tls-certificate
     caCertificateSecretRef: tls-ca-key-pair
     certManager:
       certDuration: 8760h   # 365 days
       renewCertBefore: 720h   # 30 days
-
   users: []
   # if using the MongoDBCommunity Resource, list any users to be added to the resource
   # users:
@@ -108,3 +136,25 @@ resource:
   #     - name: dbAdminAnyDatabase
   #       db: admin
   #   scramCredentialsSecretName: my-scram
+
+# -- Array of extra K8s manifests to deploy
+extraObjects: []
+  # - apiVersion: secrets-store.csi.x-k8s.io/v1
+  #   kind: SecretProviderClass
+  #   metadata:
+  #     name: mongodb-secrets-store
+  #   spec:
+  #     provider: aws
+  #     parameters:
+  #       objects: |
+  #         - objectName: "mongodb"
+  #           objectType: "secretsmanager"
+  #           jmesPath:
+  #               - path: "password"
+  #                 objectAlias: "password"
+  #     secretObjects:
+  #     - data:
+  #       - key: password
+  #         objectName: password
+  #       secretName: my-user-password
+  #       type: Opaque