7dc24ee1e333991517143df70fc4e262a4ec908c: update public repo contents

Author: LouisPlisso

crds.yaml

@@ -183,7 +183,7 @@ spec:
                       type: array
                       items:
                         type: string
-                        enum: ["SCRAM", "X509"]
+                        enum: ["SCRAM", "X509", "LDAP"]
                     ignoreUnknownUsers:
                       type: boolean
                 tls:
@@ -193,11 +193,34 @@ spec:
                       type: boolean
                     ca:
                       type: string
+                    secretRef:
+                      type: object
+                      properties:
+                        name:
+                          type: string
                     additionalCertificateDomains:
                       type: array
                       items:
                         type: string
 
+                ldap:
+                  type: object
+                  properties:
+                    bindQueryUser:
+                      type: string
+                    servers:
+                      type: string
+                    transportSecurity:
+                      type: string
+                      enum: ["none", "tls"]
+                    bindQueryPasswordSecretRef:
+                      type: object
+                      properties:
+                        name:
+                          type: string
+                    caConfigMapRef:
+                      type: object
+
             # Sharded Cluster properties
             shardPodSpec:
               type: object

helm_chart/Chart.yaml

@@ -1,6 +1,6 @@
 name: mongodb-enterprise-operator
 description: MongoDB Kubernetes Enterprise Operator
-version: 1.5.5
+version: 1.6.0
 kubeVersion: '>=1.13-0'
 keywords:
 - mongodb

helm_chart/crds/mongodb.mongodb.com.yaml

@@ -183,7 +183,7 @@ spec:
                       type: array
                       items:
                         type: string
-                        enum: ["SCRAM", "X509"]
+                        enum: ["SCRAM", "X509", "LDAP"]
                     ignoreUnknownUsers:
                       type: boolean
                 tls:
@@ -193,11 +193,34 @@ spec:
                       type: boolean
                     ca:
                       type: string
+                    secretRef:
+                      type: object
+                      properties:
+                        name:
+                          type: string
                     additionalCertificateDomains:
                       type: array
                       items:
                         type: string
 
+                ldap:
+                  type: object
+                  properties:
+                    bindQueryUser:
+                      type: string
+                    servers:
+                      type: string
+                    transportSecurity:
+                      type: string
+                      enum: ["none", "tls"]
+                    bindQueryPasswordSecretRef:
+                      type: object
+                      properties:
+                        name:
+                          type: string
+                    caConfigMapRef:
+                      type: object
+
             # Sharded Cluster properties
             shardPodSpec:
               type: object

helm_chart/values-openshift.yaml

@@ -15,7 +15,7 @@ operator:
   deployment_name: mongodb-enterprise-operator
 
   # Version of mongodb-enterprise-operator and mongodb-enterprise-database images
-  version: 1.5.5
+  version: 1.6.0
 
   # The Custom Resources that will be watched by the Operator. Needs to be changed if only some of the CRDs are installed
   watchedResources:

helm_chart/values.yaml

@@ -16,7 +16,7 @@ operator:
   deployment_name: mongodb-enterprise-operator
 
   # Version of mongodb-enterprise-operator and mongodb-enterprise-database images
-  version: 1.5.5
+  version: 1.6.0
 
   # The Custom Resources that will be watched by the Operator. Needs to be changed if only some of the CRDs are installed
   watchedResources:

mongodb-enterprise-openshift.yaml

@@ -188,7 +188,7 @@ spec:
       serviceAccountName: enterprise-operator
       containers:
       - name: mongodb-enterprise-operator
-        image: registry.connect.redhat.com/mongodb/enterprise-operator:1.5.5
+        image: registry.connect.redhat.com/mongodb/enterprise-operator:1.6.0
         imagePullPolicy: Always
         args:
           - "-watch-resource=mongodb"
@@ -210,7 +210,7 @@ spec:
         - name: MANAGED_SECURITY_CONTEXT
           value: 'true'
         - name: MONGODB_ENTERPRISE_DATABASE_IMAGE
-          value: registry.connect.redhat.com/mongodb/enterprise-database:1.5.5
+          value: registry.connect.redhat.com/mongodb/enterprise-database:1.6.0
         - name: IMAGE_PULL_POLICY
           value: Always
         - name: OPS_MANAGER_IMAGE_REPOSITORY

mongodb-enterprise.yaml

@@ -191,7 +191,7 @@ spec:
         runAsUser: 2000
       containers:
       - name: mongodb-enterprise-operator
-        image: quay.io/mongodb/mongodb-enterprise-operator:1.5.5
+        image: quay.io/mongodb/mongodb-enterprise-operator:1.6.0
         imagePullPolicy: Always
         args:
           - "-watch-resource=mongodb"
@@ -211,7 +211,7 @@ spec:
             fieldRef:
               fieldPath: metadata.namespace
         - name: MONGODB_ENTERPRISE_DATABASE_IMAGE
-          value: quay.io/mongodb/mongodb-enterprise-database:1.5.5
+          value: quay.io/mongodb/mongodb-enterprise-database:1.6.0
         - name: IMAGE_PULL_POLICY
           value: Always
         - name: OPS_MANAGER_IMAGE_REPOSITORY

samples/mongodb/authentication/ldap/replica-set/replica-set-ldap-user.yaml

@@ -0,0 +1,19 @@
+---
+apiVersion: mongodb.com/v1
+kind: MongoDBUser
+metadata:
+  name: my-ldap-user
+spec:
+  username: my-ldap-user
+  db: $external
+  mongodbResourceRef:
+    name: my-ldap-enabled-replica-set # The name of the MongoDB resource this user will be added to
+  roles:
+    - db: admin
+      name: clusterAdmin
+    - db: admin
+      name: userAdminAnyDatabase
+    - db: admin
+      name: readWrite
+    - db: admin
+      name: userAdminAnyDatabase

samples/mongodb/authentication/ldap/replica-set/replica-set-ldap.yaml

@@ -0,0 +1,51 @@
+# Creates a MongoDB Replica Set with LDAP Authentication Enabled.
+# LDAP is an Enterprise-only feature.
+
+---
+apiVersion: mongodb.com/v1
+kind: MongoDB
+metadata:
+  name: my-ldap-enabled-replica-set
+spec:
+  type: ReplicaSet
+  members: 3
+  version: 4.0.4-ent
+
+  opsManager:
+    configMapRef:
+      name: my-project
+  credentials: my-credentials
+
+  security:
+    authentication:
+      enabled: true
+      # Enabled LDAP Authentication Mode
+      modes: ["LDAP"]
+
+      # LDAP related configuration
+      ldap:
+        # Specify the hostname:port combination of one or
+        # more LDAP servers
+        servers: "<ldap-servers>"
+
+        # Set to "tls" to use LDAP over TLS. Leave blank if
+        # LDAP server does not accept TLS.
+        transportSecurity: "tls"
+
+        # ConfigMap containing a CA certificate that validates
+        # the LDAP server's TLS certificate.
+        caConfigMapRef:
+          name: "<configmap-name>"
+          key: "<configmap-entry-key>"
+
+        # Specify the LDAP Distinguished Name to which
+        # MongoDB binds when connecting to the LDAP server
+        bindQueryUser: "cn=admin,dc=example,dc=org"
+
+        # Specify the password with which MongoDB binds
+        # when connecting to an LDAP server. This is a
+        # reference to a Secret Kubernetes Object containing
+        # one "password" key.
+        bindQueryPasswordSecretRef:
+          name: "<secret-name>"
+

samples/mongodb/authentication/ldap/sharded-cluster/sharded-cluster-ldap-user.yaml

@@ -0,0 +1,19 @@
+---
+apiVersion: mongodb.com/v1
+kind: MongoDBUser
+metadata:
+  name: my-ldap-user
+spec:
+  username: my-ldap-user
+  db: $external
+  mongodbResourceRef:
+    name: my-ldap-enabled-sharded-cluster # The name of the MongoDB resource this user will be added to
+  roles:
+    - db: admin
+      name: clusterAdmin
+    - db: admin
+      name: userAdminAnyDatabase
+    - db: admin
+      name: readWrite
+    - db: admin
+      name: userAdminAnyDatabase

samples/mongodb/authentication/ldap/sharded-cluster/sharded-cluster-ldap.yaml

@@ -0,0 +1,54 @@
+---
+apiVersion: mongodb.com/v1
+kind: MongoDB
+metadata:
+  name: my-ldap-enabled-sharded-cluster
+spec:
+  type: ShardedCluster
+
+  shardCount: 2
+  mongodsPerShardCount: 3
+  mongosCount: 2
+  configServerCount: 3
+
+  version: 4.0.4-ent
+
+  opsManager:
+    configMapRef:
+      name: my-project
+  credentials: my-credentials
+
+  security:
+    authentication:
+      enabled: true
+
+      # Enabled LDAP Authentication Mode
+      modes: ["LDAP"]
+
+      # LDAP related configuration
+      ldap:
+        # Specify the hostname:port combination of one or
+        # more LDAP servers
+        servers: "<ldap-servers>"
+
+        # Set to "tls" to use LDAP over TLS. Leave blank if
+        # LDAP server does not accept TLS.
+        transportSecurity: "tls"
+
+        # ConfigMap containing a CA certificate that validates
+        # the LDAP server's TLS certificate.
+        caConfigMapRef:
+          name: "<configmap-name>"
+          key: "<configmap-entry-key>"
+
+        # Specify the LDAP Distinguished Name to which
+        # MongoDB binds when connecting to the LDAP server
+        bindQueryUser: "cn=admin,dc=example,dc=org"
+
+        # Specify the password with which MongoDB binds
+        # when connecting to an LDAP server. This is a
+        # reference to a Secret Kubernetes Object containing
+        # one "password" key.
+        bindQueryPasswordSecretRef:
+          name: "<secret-name>"
+