Skip to content

Commit 2f32555

Browse files
nammnnammn
authored
mck 1.2.0 release (#439)
1 parent 9f282f1 commit 2f32555

10 files changed

+488
-21
lines changed

charts/mongodb-kubernetes/Chart.yaml

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,9 @@
11
apiVersion: v2
22
name: mongodb-kubernetes
3-
description: MongoDB Controllers for Kubernetes translate the human knowledge of creating
4-
a MongoDB instance into a scalable, repeatable, and standardized method.
5-
version: 1.1.0
3+
description: MongoDB Controllers for Kubernetes translate the human knowledge of
4+
creating a MongoDB instance into a scalable, repeatable, and standardized
5+
method.
6+
version: 1.2.0
67
kubeVersion: '>=1.16-0'
78
type: application
89
keywords:

charts/mongodb-kubernetes/crds/mongodb.com_clustermongodbroles.yaml

Lines changed: 108 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,108 @@
1+
---
2+
apiVersion: apiextensions.k8s.io/v1
3+
kind: CustomResourceDefinition
4+
metadata:
5+
annotations:
6+
controller-gen.kubebuilder.io/version: v0.15.0
7+
name: clustermongodbroles.mongodb.com
8+
spec:
9+
group: mongodb.com
10+
names:
11+
kind: ClusterMongoDBRole
12+
listKind: ClusterMongoDBRoleList
13+
plural: clustermongodbroles
14+
shortNames:
15+
- cmdbr
16+
singular: clustermongodbrole
17+
scope: Cluster
18+
versions:
19+
- additionalPrinterColumns:
20+
- description: The time since the MongoDB Custom Role resource was created.
21+
jsonPath: .metadata.creationTimestamp
22+
name: Age
23+
type: date
24+
name: v1
25+
schema:
26+
openAPIV3Schema:
27+
description: ClusterMongoDBRole is the Schema for the clustermongodbroles
28+
API.
29+
properties:
30+
apiVersion:
31+
description: |-
32+
APIVersion defines the versioned schema of this representation of an object.
33+
Servers should convert recognized schemas to the latest internal value, and
34+
may reject unrecognized values.
35+
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
36+
type: string
37+
kind:
38+
description: |-
39+
Kind is a string value representing the REST resource this object represents.
40+
Servers may infer this from the endpoint the client submits requests to.
41+
Cannot be updated.
42+
In CamelCase.
43+
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
44+
type: string
45+
metadata:
46+
type: object
47+
spec:
48+
description: ClusterMongoDBRoleSpec defines the desired state of ClusterMongoDBRole.
49+
properties:
50+
authenticationRestrictions:
51+
items:
52+
properties:
53+
clientSource:
54+
items:
55+
type: string
56+
type: array
57+
serverAddress:
58+
items:
59+
type: string
60+
type: array
61+
type: object
62+
type: array
63+
db:
64+
type: string
65+
privileges:
66+
items:
67+
properties:
68+
actions:
69+
items:
70+
type: string
71+
type: array
72+
resource:
73+
properties:
74+
cluster:
75+
type: boolean
76+
collection:
77+
type: string
78+
db:
79+
type: string
80+
type: object
81+
required:
82+
- actions
83+
- resource
84+
type: object
85+
type: array
86+
role:
87+
type: string
88+
roles:
89+
items:
90+
properties:
91+
db:
92+
type: string
93+
role:
94+
type: string
95+
required:
96+
- db
97+
- role
98+
type: object
99+
type: array
100+
required:
101+
- db
102+
- role
103+
type: object
104+
x-kubernetes-preserve-unknown-fields: true
105+
type: object
106+
served: true
107+
storage: true
108+
subresources: {}

charts/mongodb-kubernetes/crds/mongodb.com_mongodb.yaml

Lines changed: 93 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1521,8 +1521,83 @@ spec:
15211521
- MONGODB-CR
15221522
- SCRAM-SHA-256
15231523
- LDAP
1524+
- OIDC
15241525
type: string
15251526
type: array
1527+
oidcProviderConfigs:
1528+
description: Configuration for OIDC providers
1529+
items:
1530+
properties:
1531+
audience:
1532+
description: |-
1533+
Entity that your external identity provider intends the token for.
1534+
Enter the audience value from the app you registered with external Identity Provider.
1535+
type: string
1536+
authorizationMethod:
1537+
description: |-
1538+
Configure single-sign-on for human user access to deployments with Workforce Identity Federation.
1539+
For programmatic, application access to deployments use Workload Identity Federation.
1540+
Only one Workforce Identity Federation IdP can be configured per MongoDB resource
1541+
enum:
1542+
- WorkforceIdentityFederation
1543+
- WorkloadIdentityFederation
1544+
type: string
1545+
authorizationType:
1546+
description: |-
1547+
Select GroupMembership to grant authorization based on IdP user group membership, or select UserID to grant
1548+
an individual user authorization.
1549+
enum:
1550+
- GroupMembership
1551+
- UserID
1552+
type: string
1553+
clientId:
1554+
description: |-
1555+
Unique identifier for your registered application. Enter the clientId value from the app you
1556+
registered with an external Identity Provider.
1557+
Required when selected Workforce Identity Federation authorization method
1558+
type: string
1559+
configurationName:
1560+
description: |-
1561+
Unique label that identifies this configuration. It is case-sensitive and can only contain the following characters:
1562+
- alphanumeric characters (combination of a to z and 0 to 9)
1563+
- hyphens (-)
1564+
- underscores (_)
1565+
pattern: ^[a-zA-Z0-9-_]+$
1566+
type: string
1567+
groupsClaim:
1568+
description: |-
1569+
The identifier of the claim that includes the principal's IdP user group membership information.
1570+
Required when selected GroupMembership as the authorization type, ignored otherwise
1571+
type: string
1572+
issuerURI:
1573+
description: |-
1574+
Issuer value provided by your registered IdP application. Using this URI, MongoDB finds an OpenID Connect Provider
1575+
Configuration Document, which should be available in the /.wellknown/open-id-configuration endpoint.
1576+
For MongoDB 8.0+, the combination of issuerURI and audience must be unique across OIDC provider configurations.
1577+
For other MongoDB versions, the issuerURI itself must be unique.
1578+
type: string
1579+
requestedScopes:
1580+
description: |-
1581+
Tokens that give users permission to request data from the authorization endpoint.
1582+
Only used for Workforce Identity Federation authorization method
1583+
items:
1584+
type: string
1585+
type: array
1586+
userClaim:
1587+
default: sub
1588+
description: |-
1589+
The identifier of the claim that includes the user principal identity.
1590+
Accept the default value unless your IdP uses a different claim.
1591+
type: string
1592+
required:
1593+
- audience
1594+
- authorizationMethod
1595+
- authorizationType
1596+
- configurationName
1597+
- issuerURI
1598+
- userClaim
1599+
type: object
1600+
type: array
15261601
requireClientTLSAuthentication:
15271602
description: Clients should present valid TLS certificates
15281603
type: boolean
@@ -1531,6 +1606,20 @@ spec:
15311606
type: object
15321607
certsSecretPrefix:
15331608
type: string
1609+
roleRefs:
1610+
items:
1611+
properties:
1612+
kind:
1613+
enum:
1614+
- ClusterMongoDBRole
1615+
type: string
1616+
name:
1617+
type: string
1618+
required:
1619+
- kind
1620+
- name
1621+
type: object
1622+
type: array
15341623
roles:
15351624
items:
15361625
properties:
@@ -1610,6 +1699,10 @@ spec:
16101699
type: boolean
16111700
type: object
16121701
type: object
1702+
x-kubernetes-validations:
1703+
- message: At most one of roles or roleRefs can be non-empty
1704+
rule: '!(has(self.roles) && has(self.roleRefs)) || !(self.roles.size()
1705+
> 0 && self.roleRefs.size() > 0)'
16131706
service:
16141707
description: |-
16151708
DEPRECATED please use `spec.statefulSet.spec.serviceName` to provide a custom service name.

charts/mongodb-kubernetes/crds/mongodb.com_mongodbmulticluster.yaml

Lines changed: 93 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -781,8 +781,83 @@ spec:
781781
- MONGODB-CR
782782
- SCRAM-SHA-256
783783
- LDAP
784+
- OIDC
784785
type: string
785786
type: array
787+
oidcProviderConfigs:
788+
description: Configuration for OIDC providers
789+
items:
790+
properties:
791+
audience:
792+
description: |-
793+
Entity that your external identity provider intends the token for.
794+
Enter the audience value from the app you registered with external Identity Provider.
795+
type: string
796+
authorizationMethod:
797+
description: |-
798+
Configure single-sign-on for human user access to deployments with Workforce Identity Federation.
799+
For programmatic, application access to deployments use Workload Identity Federation.
800+
Only one Workforce Identity Federation IdP can be configured per MongoDB resource
801+
enum:
802+
- WorkforceIdentityFederation
803+
- WorkloadIdentityFederation
804+
type: string
805+
authorizationType:
806+
description: |-
807+
Select GroupMembership to grant authorization based on IdP user group membership, or select UserID to grant
808+
an individual user authorization.
809+
enum:
810+
- GroupMembership
811+
- UserID
812+
type: string
813+
clientId:
814+
description: |-
815+
Unique identifier for your registered application. Enter the clientId value from the app you
816+
registered with an external Identity Provider.
817+
Required when selected Workforce Identity Federation authorization method
818+
type: string
819+
configurationName:
820+
description: |-
821+
Unique label that identifies this configuration. It is case-sensitive and can only contain the following characters:
822+
- alphanumeric characters (combination of a to z and 0 to 9)
823+
- hyphens (-)
824+
- underscores (_)
825+
pattern: ^[a-zA-Z0-9-_]+$
826+
type: string
827+
groupsClaim:
828+
description: |-
829+
The identifier of the claim that includes the principal's IdP user group membership information.
830+
Required when selected GroupMembership as the authorization type, ignored otherwise
831+
type: string
832+
issuerURI:
833+
description: |-
834+
Issuer value provided by your registered IdP application. Using this URI, MongoDB finds an OpenID Connect Provider
835+
Configuration Document, which should be available in the /.wellknown/open-id-configuration endpoint.
836+
For MongoDB 8.0+, the combination of issuerURI and audience must be unique across OIDC provider configurations.
837+
For other MongoDB versions, the issuerURI itself must be unique.
838+
type: string
839+
requestedScopes:
840+
description: |-
841+
Tokens that give users permission to request data from the authorization endpoint.
842+
Only used for Workforce Identity Federation authorization method
843+
items:
844+
type: string
845+
type: array
846+
userClaim:
847+
default: sub
848+
description: |-
849+
The identifier of the claim that includes the user principal identity.
850+
Accept the default value unless your IdP uses a different claim.
851+
type: string
852+
required:
853+
- audience
854+
- authorizationMethod
855+
- authorizationType
856+
- configurationName
857+
- issuerURI
858+
- userClaim
859+
type: object
860+
type: array
786861
requireClientTLSAuthentication:
787862
description: Clients should present valid TLS certificates
788863
type: boolean
@@ -791,6 +866,20 @@ spec:
791866
type: object
792867
certsSecretPrefix:
793868
type: string
869+
roleRefs:
870+
items:
871+
properties:
872+
kind:
873+
enum:
874+
- ClusterMongoDBRole
875+
type: string
876+
name:
877+
type: string
878+
required:
879+
- kind
880+
- name
881+
type: object
882+
type: array
794883
roles:
795884
items:
796885
properties:
@@ -870,6 +959,10 @@ spec:
870959
type: boolean
871960
type: object
872961
type: object
962+
x-kubernetes-validations:
963+
- message: At most one of roles or roleRefs can be non-empty
964+
rule: '!(has(self.roles) && has(self.roleRefs)) || !(self.roles.size()
965+
> 0 && self.roleRefs.size() > 0)'
873966
statefulSet:
874967
description: |-
875968
StatefulSetConfiguration provides the statefulset override for each of the cluster's statefulset

0 commit comments

Comments
 (0)