# Percona Server for MongoDB This chart deploys Percona Server for MongoDB Cluster on Kubernetes controlled by Percona Operator for MongoDB. Useful links: - [Operator Github repository](https://github.com/percona/percona-server-mongodb-operator) - [Operator Documentation](https://www.percona.com/doc/kubernetes-operator-for-psmongodb/index.html) ## Pre-requisites * Percona Operator for MongoDB running in your Kubernetes cluster. See installation details [here](https://github.com/percona/percona-helm-charts/blob/main/charts/psmdb-operator) or in the [Operator Documentation](https://www.percona.com/doc/kubernetes-operator-for-psmongodb/helm.html). * Kubernetes 1.25+ * Helm v3 # Chart Details This chart will deploy Percona Server for MongoDB Cluster in Kubernetes. It will create a Custom Resource, and the Operator will trigger the creation of corresponding Kubernetes primitives: StatefulSets, Pods, Secrets, etc. ## Installing the Chart To install the chart with the `psmdb` release name using a dedicated namespace (recommended): ```sh helm repo add percona https://percona.github.io/percona-helm-charts/ helm install my-db percona/psmdb-db --version 1.16.0 --namespace my-namespace ``` The chart can be customized using the following configurable parameters: | Parameter | Description | Default | | ------------------------------- | ------------------------------------------------------------------------------|---------------------------------------| | `crVersion` | CR Cluster Manifest version | `1.16.0` | | `pause` | Stop PSMDB Database safely | `false` | | `unmanaged` | Start cluster and don't manage it (cross cluster replication) | `false` | | `unsafeFlags.tls` | Allows users from configuring a cluster without TLS/SSL certificates | `false` | | `unsafeFlags.replsetSize` | Allows users from configuring a cluster with unsafe parameters: starting it with less than 3 replica set instances or with an even number of replica set instances without additional arbiter | `false` | | `unsafeFlags.mongosSize` | Allows users from configuring a sharded cluster with less than 3 config server Pods or less than 2 mongos Pods | `false` | | `unsafeFlags.terminationGracePeriod` | Allows users from configuring a sharded cluster without termination grace period for replica set | `false` | | `unsafeFlags.backupIfUnhealthy` | Allows running backup on a cluster with failed health checks | `false` | | `clusterServiceDNSSuffix` | The (non-standard) cluster domain to be used as a suffix of the Service name | `""` | | `clusterServiceDNSMode` | Mode for the cluster service dns (Internal/ServiceMesh) | `""` | | `annotations` | PSMDB custom resource annotations | `{}` | | `ignoreAnnotations` | The list of annotations to be ignored by the Operator | `[]` | | `ignoreLabels` | The list of labels to be ignored by the Operator | `[]` | | `multiCluster.enabled` | Enable Multi Cluster Services (MCS) cluster mode | `false` | | `multiCluster.DNSSuffix` | The cluster domain to be used as a suffix for multi-cluster Services used by Kubernetes | `""` | | `updateStrategy` | Regulates the way how PSMDB Cluster Pods will be updated after setting a new image | `SmartUpdate` | | `upgradeOptions.versionServiceEndpoint` | Endpoint for actual PSMDB Versions provider | `https://check.percona.com/versions/` | | `upgradeOptions.apply` | PSMDB image to apply from version service - recommended, latest, actual version like 4.4.2-4 | `disabled` | | `upgradeOptions.schedule` | Cron formatted time to execute the update | `"0 2 * * *"` | | `upgradeOptions.setFCV` | Set feature compatibility version on major upgrade | `false` | | `finalizers:delete-psmdb-pvc` | Set this if you want to delete database persistent volumes on cluster deletion | `[]` | | `finalizers:delete-psmdb-pods-in-order` | Set this if you want to delete PSMDB pods in order (primary last) | `[]` | | `image.repository` | PSMDB Container image repository | `percona/percona-server-mongodb` | | `image.tag` | PSMDB Container image tag | `6.0.9-7` | | `imagePullPolicy` | The policy used to update images | `Always` | | `imagePullSecrets` | PSMDB Container pull secret | `[]` | | `initImage.repository` | Repository for custom init image | `""` | | `initImage.tag` | Tag for custom init image | `""` | | `initContainerSecurityContext` | A custom Kubernetes Security Context for a Container for the initImage | `{}` | | `tls.mode` | Control usage of TLS (allowTLS, preferTLS, requireTLS, disabled) | `preferTLS` | | `tls.certValidityDuration` | The validity duration of the external certificate for cert manager | `""` | | `tls.allowInvalidCertificates` | If enabled the mongo shell will not attempt to validate the server certificates | `true` | | `tls.issuerConf.name` | A cert-manager issuer name | `""` | | `tls.issuerConf.kind` | A cert-manager issuer kind | `""` | | `tls.issuerConf.group` | A cert-manager issuer group | `""` | | `secrets.users` | The name of the Secrets object for the MongoDB users required to run the operator | `""` | | `secrets.encryptionKey` | Set secret for data at rest encryption key | `""` | | `secrets.vault` | Specifies a secret object to provide integration with HashiCorp Vault | `""` | | `secrets.ldapSecret` | Specifies a secret object for LDAP over TLS connection between MongoDB and OpenLDAP server | `""` | | `secrets.sse` | The name of the Secrets object for server side encryption credentials | `""` | | `secrets.ssl` | A secret with TLS certificate generated for external communications | `""` | | `secrets.sslInternal` | A secret with TLS certificate generated for internal communications | `""` | | `pmm.enabled` | Enable integration with [Percona Monitoring and Management software](https://www.percona.com/blog/2020/07/23/using-percona-kubernetes-operators-with-percona-monitoring-and-management/) | `false` | | `pmm.image.repository` | PMM Container image repository | `percona/pmm-client` | | `pmm.image.tag` | PMM Container image tag | `2.41.2` | | `pmm.serverHost` | PMM server related K8S service hostname | `monitoring-service` | || | `replsets.rs0.name` | ReplicaSet name | `rs0` | | `replsets.rs0.size` | ReplicaSet size (pod quantity) | `3` | | `replsets.rs0.terminationGracePeriodSeconds` | The amount of seconds Kubernetes will wait for a clean replica set Pods termination | `""` | | `replsets.rs0.externalNodes` | ReplicaSet external nodes (cross cluster replication) | `[]` | | `replsets.rs0.configuration` | Custom config for mongod in replica set | `""` | | `replsets.rs0.topologySpreadConstraints` | Control how Pods are spread across your cluster among failure-domains such as regions, zones, nodes, and other user-defined topology domains | `{}` | | `replsets.rs0.serviceAccountName` | Run replicaset Containers under specified K8S SA | `""` | | `replsets.rs0.affinity.antiAffinityTopologyKey` | ReplicaSet Pod affinity | `kubernetes.io/hostname` | | `replsets.rs0.affinity.advanced` | ReplicaSet Pod advanced affinity | `{}` | | `replsets.rs0.tolerations` | ReplicaSet Pod tolerations | `[]` | | `replsets.rs0.priorityClass` | ReplicaSet Pod priorityClassName | `""` | | `replsets.rs0.annotations` | ReplicaSet Pod annotations | `{}` | | `replsets.rs0.labels` | ReplicaSet Pod labels | `{}` | | `replsets.rs0.nodeSelector` | ReplicaSet Pod nodeSelector labels | `{}` | | `replsets.rs0.livenessProbe` | ReplicaSet Pod livenessProbe structure | `{}` | | `replsets.rs0.readinessProbe` | ReplicaSet Pod readinessProbe structure | `{}` | | `replsets.rs0.storage` | Set cacheSizeRatio or other custom MongoDB storage options | `{}` | | `replsets.rs0.podSecurityContext` | Set the security context for a Pod | `{}` | | `replsets.rs0.containerSecurityContext` | Set the security context for a Container | `{}` | | `replsets.rs0.runtimeClass` | ReplicaSet Pod runtimeClassName | `""` | | `replsets.rs0.sidecars` | ReplicaSet Pod sidecars | `{}` | | `replsets.rs0.sidecarVolumes` | ReplicaSet Pod sidecar volumes | `[]` | | `replsets.rs0.sidecarPVCs` | ReplicaSet Pod sidecar PVCs | `[]` | | `replsets.rs0.podDisruptionBudget.maxUnavailable` | ReplicaSet failed Pods maximum quantity | `1` | | `replsets.rs0.splitHorizons` | External URI for Split-horizon for replica set Pods of the exposed cluster | `{}` | | `replsets.rs0.expose.enabled` | Allow access to replicaSet from outside of Kubernetes | `false` | | `replsets.rs0.expose.exposeType` | Network service access point type | `ClusterIP` | | `replsets.rs0.expose.loadBalancerSourceRanges` | Limit client IP's access to Load Balancer | `{}` | | `replsets.rs0.expose.serviceAnnotations` | ReplicaSet service annotations | `{}` | | `replsets.rs0.expose.serviceLabels` | ReplicaSet service labels | `{}` | | `replsets.rs0.schedulerName` | ReplicaSet Pod schedulerName | `""` | | `replsets.rs0.resources` | ReplicaSet Pods resource requests and limits | `{}` | | `replsets.rs0.volumeSpec` | ReplicaSet Pods storage resources | `{}` | | `replsets.rs0.volumeSpec.emptyDir` | ReplicaSet Pods emptyDir K8S storage | `{}` | | `replsets.rs0.volumeSpec.hostPath` | ReplicaSet Pods hostPath K8S storage | | | `replsets.rs0.volumeSpec.hostPath.path` | ReplicaSet Pods hostPath K8S storage path | `""` | | `replsets.rs0.volumeSpec.hostPath.type` | Type for hostPath volume | `Directory` | | `replsets.rs0.volumeSpec.pvc` | ReplicaSet Pods PVC request parameters | | | `replsets.rs0.volumeSpec.pvc.annotations` | The Kubernetes annotations metadata for Persistent Volume Claim | `{}` | | `replsets.rs0.volumeSpec.pvc.labels` | The Kubernetes labels metadata for Persistent Volume Claim | `{}` | | `replsets.rs0.volumeSpec.pvc.storageClassName` | ReplicaSet Pods PVC target storageClass | `""` | | `replsets.rs0.volumeSpec.pvc.accessModes` | ReplicaSet Pods PVC access policy | `[]` | | `replsets.rs0.volumeSpec.pvc.resources.requests.storage` | ReplicaSet Pods PVC storage size | `3Gi` | | `replsets.rs0.hostAliases` | The IP address for Kubernetes host aliases | `[]` | | `replsets.rs0.nonvoting.enabled` | Add MongoDB nonvoting Pods | `false` | | `replsets.rs0.nonvoting.podSecurityContext` | Set the security context for a Pod | `{}` | | `replsets.rs0.nonvoting.containerSecurityContext` | Set the security context for a Container | `{}` | | `replsets.rs0.nonvoting.size` | Number of nonvoting Pods | `1` | | `replsets.rs0.nonvoting.configuration` | Custom config for mongod nonvoting member | `""` | | `replsets.rs0.nonvoting.serviceAccountName` | Run replicaset nonvoting Container under specified K8S SA | `""` | | `replsets.rs0.nonvoting.affinity.antiAffinityTopologyKey` | Nonvoting Pods affinity | `kubernetes.io/hostname` | | `replsets.rs0.nonvoting.affinity.advanced` | Nonvoting Pods advanced affinity | `{}` | | `replsets.rs0.nonvoting.tolerations` | Nonvoting Pod tolerations | `[]` | | `replsets.rs0.nonvoting.priorityClass` | Nonvoting Pod priorityClassName | `""` | | `replsets.rs0.nonvoting.annotations` | Nonvoting Pod annotations | `{}` | | `replsets.rs0.nonvoting.labels` | Nonvoting Pod labels | `{}` | | `replsets.rs0.nonvoting.nodeSelector` | Nonvoting Pod nodeSelector labels | `{}` | | `replsets.rs0.nonvoting.podDisruptionBudget.maxUnavailable` | Nonvoting failed Pods maximum quantity | `1` | | `replsets.rs0.nonvoting.resources` | Nonvoting Pods resource requests and limits | `{}` | | `replsets.rs0.nonvoting.volumeSpec` | Nonvoting Pods storage resources | `{}` | | `replsets.rs0.nonvoting.volumeSpec.emptyDir` | Nonvoting Pods emptyDir K8S storage | `{}` | | `replsets.rs0.nonvoting.volumeSpec.hostPath` | Nonvoting Pods hostPath K8S storage | | | `replsets.rs0.nonvoting.volumeSpec.hostPath.path` | Nonvoting Pods hostPath K8S storage path | `""` | | `replsets.rs0.nonvoting.volumeSpec.hostPath.type` | Type for hostPath volume | `Directory` | | `replsets.rs0.nonvoting.volumeSpec.pvc` | Nonvoting Pods PVC request parameters | | | `replsets.rs0.nonvoting.volumeSpec.pvc.annotations` | The Kubernetes annotations metadata for Persistent Volume Claim | `{}` | | `replsets.rs0.nonvoting.volumeSpec.pvc.labels` | The Kubernetes labels metadata for Persistent Volume Claim | `{}` | | `replsets.rs0.nonvoting.volumeSpec.pvc.storageClassName` | Nonvoting Pods PVC target storageClass | `""` | | `replsets.rs0.nonvoting.volumeSpec.pvc.accessModes` | Nonvoting Pods PVC access policy | `[]` | | `replsets.rs0.nonvoting.volumeSpec.pvc.resources.requests.storage` | Nonvoting Pods PVC storage size | `3Gi` | | `replsets.rs0.arbiter.enabled` | Create MongoDB arbiter service | `false` | | `replsets.rs0.arbiter.size` | MongoDB arbiter Pod quantity | `1` | | `replsets.rs0.arbiter.serviceAccountName` | Run replicaset arbiter Container under specified K8S SA | `""` | | `replsets.rs0.arbiter.affinity.antiAffinityTopologyKey` | MongoDB arbiter Pod affinity | `kubernetes.io/hostname` | | `replsets.rs0.arbiter.affinity.advanced` | MongoDB arbiter Pod advanced affinity | `{}` | | `replsets.rs0.arbiter.tolerations` | MongoDB arbiter Pod tolerations | `[]` | | `replsets.rs0.arbiter.priorityClass` | MongoDB arbiter priorityClassName | `""` | | `replsets.rs0.arbiter.annotations` | MongoDB arbiter Pod annotations | `{}` | | `replsets.rs0.arbiter.labels` | MongoDB arbiter Pod labels | `{}` | | `replsets.rs0.arbiter.nodeSelector` | MongoDB arbiter Pod nodeSelector labels | `{}` | | | | `sharding.enabled` | Enable sharding setup | `true` | | `sharding.balancer.enabled` | Enable/disable balancer | `true` | | `sharding.configrs.size` | Config ReplicaSet size (pod quantity) | `3` | | `sharding.configrs.terminationGracePeriodSeconds` | The amount of seconds Kubernetes will wait for a clean replica set Pods termination | `""` | | `sharding.configrs.externalNodes` | Config ReplicaSet external nodes (cross cluster replication) | `[]` | | `sharding.configrs.configuration` | Custom config for mongod in config replica set | `""` | | `sharding.configrs.topologySpreadConstraints` | Control how Pods are spread across your cluster among failure-domains such as regions, zones, nodes, and other user-defined topology domains | `{}` | | `sharding.configrs.serviceAccountName` | Run sharding configrs Containers under specified K8S SA | `""` | | `sharding.configrs.affinity.antiAffinityTopologyKey` | Config ReplicaSet Pod affinity | `kubernetes.io/hostname` | | `sharding.configrs.affinity.advanced` | Config ReplicaSet Pod advanced affinity | `{}` | | `sharding.configrs.tolerations` | Config ReplicaSet Pod tolerations | `[]` | | `sharding.configrs.priorityClass` | Config ReplicaSet Pod priorityClassName | `""` | | `sharding.configrs.annotations` | Config ReplicaSet Pod annotations | `{}` | | `sharding.configrs.labels` | Config ReplicaSet Pod labels | `{}` | | `sharding.configrs.nodeSelector` | Config ReplicaSet Pod nodeSelector labels | `{}` | | `sharding.configrs.livenessProbe` | Config ReplicaSet Pod livenessProbe structure | `{}` | | `sharding.configrs.readinessProbe` | Config ReplicaSet Pod readinessProbe structure | `{}` | | `sharding.configrs.storage` | Set cacheSizeRatio or other custom MongoDB storage options | `{}` | | `sharding.configrs.podSecurityContext` | Set the security context for a Pod | `{}` | | `sharding.configrs.containerSecurityContext` | Set the security context for a Container | `{}` | | `sharding.configrs.runtimeClass` | Config ReplicaSet Pod runtimeClassName | `""` | | `sharding.configrs.sidecars` | Config ReplicaSet Pod sidecars | `{}` | | `sharding.configrs.sidecarVolumes` | Config ReplicaSet Pod sidecar volumes | `[]` | | `sharding.configrs.sidecarPVCs` | Config ReplicaSet Pod sidecar PVCs | `[]` | | `sharding.configrs.podDisruptionBudget.maxUnavailable` | Config ReplicaSet failed Pods maximum quantity | `1` | | `sharding.configrs.expose.enabled` | Allow access to cfg replica from outside of Kubernetes | `false` | | `sharding.configrs.expose.exposeType` | Network service access point type | `ClusterIP` | | `sharding.configrs.expose.loadBalancerSourceRanges` | Limit client IP's access to Load Balancer | `{}` | | `sharding.configrs.expose.serviceAnnotations` | Config ReplicaSet service annotations | `{}` | | `sharding.configrs.expose.serviceLabels` | Config ReplicaSet service labels | `{}` | | `sharding.configrs.resources.limits.cpu` | Config ReplicaSet resource limits CPU | `300m` | | `sharding.configrs.resources.limits.memory` | Config ReplicaSet resource limits memory | `0.5G` | | `sharding.configrs.resources.requests.cpu` | Config ReplicaSet resource requests CPU | `300m` | | `sharding.configrs.resources.requests.memory` | Config ReplicaSet resource requests memory | `0.5G` | | `sharding.configrs.volumeSpec.hostPath` | Config ReplicaSet hostPath K8S storage | | | `sharding.configrs.volumeSpec.hostPath.path` | Config ReplicaSet hostPath K8S storage path | `""` | | `sharding.configrs.volumeSpec.hostPath.type` | Type for hostPath volum | `Directory` | | `sharding.configrs.volumeSpec.emptyDir` | Config ReplicaSet Pods emptyDir K8S storage | | | `sharding.configrs.volumeSpec.pvc` | Config ReplicaSet Pods PVC request parameters | | | `sharding.configrs.volumeSpec.pvc.annotations` | The Kubernetes annotations metadata for Persistent Volume Claim | `{}` | | `sharding.configrs.volumeSpec.pvc.labels` | The Kubernetes labels metadata for Persistent Volume Claim | `{}` | | `sharding.configrs.volumeSpec.pvc.storageClassName` | Config ReplicaSet Pods PVC storageClass | `""` | | `sharding.configrs.volumeSpec.pvc.accessModes` | Config ReplicaSet Pods PVC access policy | `[]` | | `sharding.configrs.volumeSpec.pvc.resources.requests.storage` | Config ReplicaSet Pods PVC storage size | `3Gi` | | `sharding.configrs.hostAliases` | The IP address for Kubernetes host aliases | `[]` | | `sharding.mongos.size` | Mongos size (pod quantity) | `3` | | `sharding.mongos.terminationGracePeriodSeconds` | The amount of seconds Kubernetes will wait for a clean mongos Pods termination | `""` | | `sharding.mongos.configuration` | Custom config for mongos | `""` | | `sharding.mongos.topologySpreadConstraints` | Control how Pods are spread across your cluster among failure-domains such as regions, zones, nodes, and other user-defined topology domains | `{}` | | `sharding.mongos.serviceAccountName` | Run sharding mongos Containers under specified K8S SA | `""` | | `sharding.mongos.affinity.antiAffinityTopologyKey` | Mongos Pods affinity | `kubernetes.io/hostname` | | `sharding.mongos.affinity.advanced` | Mongos Pods advanced affinity | `{}` | | `sharding.mongos.tolerations` | Mongos Pods tolerations | `[]` | | `sharding.mongos.priorityClass` | Mongos Pods priorityClassName | `""` | | `sharding.mongos.annotations` | Mongos Pods annotations | `{}` | | `sharding.mongos.labels` | Mongos Pods labels | `{}` | | `sharding.mongos.nodeSelector` | Mongos Pods nodeSelector labels | `{}` | | `sharding.mongos.livenessProbe` | Mongos Pod livenessProbe structure | `{}` | | `sharding.mongos.readinessProbe` | Mongos Pod readinessProbe structure | `{}` | | `sharding.mongos.podSecurityContext` | Set the security context for a Pod | `{}` | | `sharding.mongos.containerSecurityContext` | Set the security context for a Container | `{}` | | `sharding.mongos.runtimeClass` | Mongos Pod runtimeClassName | `""` | | `sharding.mongos.sidecars` | Mongos Pod sidecars | `{}` | | `sharding.mongos.sidecarVolumes` | Mongos Pod sidecar volumes | `[]` | | `sharding.mongos.sidecarPVCs` | Mongos Pod sidecar PVCs | `[]` | | `sharding.mongos.podDisruptionBudget.maxUnavailable` | Mongos failed Pods maximum quantity | `1` | | `sharding.mongos.resources.limits.cpu` | Mongos Pods resource limits CPU | `300m` | | `sharding.mongos.resources.limits.memory` | Mongos Pods resource limits memory | `0.5G` | | `sharding.mongos.resources.requests.cpu` | Mongos Pods resource requests CPU | `300m` | | `sharding.mongos.resources.requests.memory` | Mongos Pods resource requests memory | `0.5G` | | `sharding.mongos.expose.exposeType` | Mongos service exposeType | `ClusterIP` | | `sharding.mongos.expose.servicePerPod` | Create a separate ClusterIP Service for each mongos instance | `false` | | `sharding.mongos.expose.loadBalancerSourceRanges` | Limit client IP's access to Load Balancer | `{}` | | `sharding.mongos.expose.serviceAnnotations` | Mongos service annotations | `{}` | | `sharding.mongos.expose.serviceLabels` | Mongos service labels | `{}` | | `sharding.mongos.expose.nodePort` | Custom port if exposing mongos via NodePort | `""` | | `sharding.mongos.hostAliases` | The IP address for Kubernetes host aliases | `[]` | | | | `backup.enabled` | Enable backup PBM agent | `true` | | `backup.annotations` | Backup job annotations | `{}` | | `backup.podSecurityContext` | Set the security context for a Pod | `{}` | | `backup.containerSecurityContext` | Set the security context for a Container | `{}` | | `backup.restartOnFailure` | Backup Pods restart policy | `true` | | `backup.image.repository` | PBM Container image repository | `percona/percona-backup-mongodb` | | `backup.image.tag` | PBM Container image tag | `2.3.0` | | `backup.storages` | Local/remote backup storages settings | `{}` | | `backup.pitr.enabled` | Enable point in time recovery for backup | `false` | | `backup.pitr.oplogOnly` | Start collecting oplogs even if full logical backup doesn't exist | `false` | | `backup.pitr.oplogSpanMin` | Number of minutes between the uploads of oplogs | `10` | | `backup.pitr.compressionType` | The point-in-time-recovery chunks compression format | `""` | | `backup.pitr.compressionLevel` | The point-in-time-recovery chunks compression level | `""` | | `backup.configuration.backupOptions` | Custom configuration settings for backup | `{}` | | `backup.configuration.restoreOptions` | Custom configuration settings for restore | `{}` | | `backup.tasks` | Backup working schedule | `{}` | | `users` | PSMDB essential users | `{}` | Specify parameters using `--set key=value[,key=value]` argument to `helm install` Notice that you can use multiple replica sets only with sharding enabled. ## Examples ### Deploy a replica set with disabled backups and no mongos pods This is great for a dev PSMDB/MongoDB cluster as it doesn't bother with backups and sharding setup. ```bash $ helm install dev --namespace psmdb . \ --set runUid=1001 --set "replsets.rs0.volumeSpec.pvc.resources.requests.storage=20Gi" \ --set backup.enabled=false --set sharding.enabled=false ```