[stable/mongodb-replicaset] Various improvements

stable/mongodb-replicaset/.helmignore

@@ -19,3 +19,4 @@
 .project
 .idea/
 *.tmproj
+install

stable/mongodb-replicaset/Chart.yaml

@@ -1,6 +1,6 @@
 name: mongodb-replicaset
 home: https://github.com/mongodb/mongo
-version: 2.3.2
+version: 3.0.0
 appVersion: 3.6
 description: NoSQL document-oriented database that stores JSON-like documents with
   dynamic schemas, simplifying the integration of data in content-driven applications.

stable/mongodb-replicaset/OWNERS

@@ -0,0 +1,6 @@
+approvers:
+  - foxish
+  - unguiculus
+reviewers:
+  - foxish
+  - unguiculus

stable/mongodb-replicaset/init/files/on-start.sh → stable/mongodb-replicaset/init/on-start.sh

@@ -14,18 +14,20 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-replica_set=$REPLICA_SET
+replica_set="$REPLICA_SET"
 script_name=${0##*/}
 
 if [[ "$AUTH" == "true" ]]; then
     admin_user="$ADMIN_USER"
     admin_password="$ADMIN_PASSWORD"
-    admin_auth=(-u "$admin_user" -p "$admin_password")
+    admin_creds=(-u "$admin_user" -p "$admin_password")
+    auth_args=(--auth --keyFile=/data/configdb/key.txt)
 fi
 
 function log() {
     local msg="$1"
-    local timestamp=$(date --iso-8601=ns)
+    local timestamp
+    timestamp=$(date --iso-8601=ns)
     echo "[$timestamp] [$script_name] $msg" >> /work-dir/log.txt
 }
 
@@ -36,7 +38,7 @@ function shutdown_mongo() {
         args='force: true'
     fi
     log "Shutting down MongoDB ($args)..."
-    mongo admin "${admin_auth[@]}" "${ssl_args[@]}" --eval "db.shutdownServer({$args})"
+    mongo admin "${admin_creds[@]}" "${ssl_args[@]}" --eval "db.shutdownServer({$args})"
 }
 
 my_hostname=$(hostname)
@@ -52,12 +54,12 @@ while read -ra line; do
 done
 
 # Generate the ca cert
-ca_crt=/ca/tls.crt
-if [ -f $ca_crt  ]; then
+ca_crt=/data/configdb/tls.crt
+if [ -f "$ca_crt"  ]; then
     log "Generating certificate"
-    ca_key=/ca/tls.key
+    ca_key=/data/configdb/tls.key
     pem=/work-dir/mongo.pem
-    ssl_args=(--ssl --sslCAFile $ca_crt --sslPEMKeyFile $pem)
+    ssl_args=(--ssl --sslCAFile "$ca_crt" --sslPEMKeyFile "$pem")
 
 cat >openssl.cnf <<EOL
 [req]
@@ -80,7 +82,7 @@ EOL
     openssl genrsa -out mongo.key 2048
     openssl req -new -key mongo.key -out mongo.csr -subj "/CN=$my_hostname" -config openssl.cnf
     openssl x509 -req -in mongo.csr \
-        -CA $ca_crt -CAkey $ca_key -CAcreateserial \
+        -CA "$ca_crt" -CAkey "$ca_key" -CAcreateserial \
         -out mongo.crt -days 3650 -extensions v3_req -extfile openssl.cnf
 
     rm mongo.csr
@@ -89,10 +91,10 @@ EOL
 fi
 
 
-log "Peers: ${peers[@]}"
+log "Peers: ${peers[*]}"
 
 log "Starting a MongoDB instance..."
-mongod --config /config/mongod.conf >> /work-dir/log.txt 2>&1 &
+mongod --config /data/configdb/mongod.conf --dbpath=/data/db --replSet="$replica_set" --port=27017 "${auth_args[@]}" --bind_ip_all >> /work-dir/log.txt 2>&1 &
 
 log "Waiting for MongoDB to be ready..."
 until mongo "${ssl_args[@]}" --eval "db.adminCommand('ping')"; do
@@ -104,12 +106,19 @@ log "Initialized."
 
 # try to find a master and add yourself to its replica set.
 for peer in "${peers[@]}"; do
-    mongo admin --host "$peer" "${admin_auth[@]}" "${ssl_args[@]}" --eval "rs.isMaster()" | grep '"ismaster" : true'
-    if [[ $? -eq 0 ]]; then
+    if mongo admin --host "$peer" "${admin_creds[@]}" "${ssl_args[@]}" --eval "rs.isMaster()" | grep '"ismaster" : true'; then
         log "Found master: $peer"
         log "Adding myself ($service_name) to replica set..."
-        mongo admin --host "$peer" "${admin_auth[@]}" "${ssl_args[@]}" --eval "rs.add('$service_name')"
-        log "Done."
+        mongo admin --host "$peer" "${admin_creds[@]}" "${ssl_args[@]}" --eval "rs.add('$service_name')"
+
+        sleep 3
+
+        log 'Waiting for replica to reach SECONDARY state...'
+        until printf '.'  && [[ $(mongo admin "${admin_creds[@]}" "${ssl_args[@]}" --quiet --eval "rs.status().myState") == '2' ]]; do
+            sleep 1
+        done
+
+        log '✓ Replica reached SECONDARY state.'
 
         shutdown_mongo "60"
         log "Good bye."
@@ -118,18 +127,20 @@ for peer in "${peers[@]}"; do
 done
 
 # else initiate a replica set with yourself.
-mongo "${ssl_args[@]}" --eval "rs.status()" | grep "no replset config has been received"
-if [[ $? -eq 0 ]]; then
+if mongo "${ssl_args[@]}" --eval "rs.status()" | grep "no replset config has been received"; then
     log "Initiating a new replica set with myself ($service_name)..."
     mongo "${ssl_args[@]}" --eval "rs.initiate({'_id': '$replica_set', 'members': [{'_id': 0, 'host': '$service_name'}]})"
 
-    mongo "${ssl_args[@]}" --eval "rs.status()"
+    sleep 3
 
-    if [[ "$AUTH" == "true" ]]; then
-        # sleep a little while just to be sure the initiation of the replica set has fully
-        # finished and we can create the user
-        sleep 3
+    log 'Waiting for replica to reach PRIMARY state...'
+    until printf '.'  && [[ $(mongo "${ssl_args[@]}" --quiet --eval "rs.status().myState") == '1' ]]; do
+        sleep 1
+    done
 
+    log '✓ Replica reached PRIMARY state.'
+
+    if [[ "$AUTH" == "true" ]]; then
         log "Creating admin user..."
         mongo admin "${ssl_args[@]}" --eval "db.createUser({user: '$admin_user', pwd: '$admin_password', roles: [{role: 'root', db: 'admin'}]})"
     fi

stable/mongodb-replicaset/install/.dockerignore

@@ -0,0 +1 @@
+Makefile

stable/mongodb-replicaset/init/Dockerfile → stable/mongodb-replicaset/install/Dockerfile

@@ -12,13 +12,13 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM alpine:3.4
+FROM alpine:3.7
 MAINTAINER Anirudh Ramanathan <foxish@google.com>
 
-RUN apk update && apk add bash openssl && wget -qO /peer-finder http://storage.googleapis.com/kubernetes-release/pets/peer-finder 
+RUN apk update && apk add bash openssl && wget -qO /peer-finder http://storage.googleapis.com/kubernetes-release/pets/peer-finder
 
 ENTRYPOINT ["/install.sh"]
 
-ADD files/* /
+COPY install.sh /
 
-RUN chmod -c 755 /install.sh /on-start.sh /peer-finder
+RUN chmod -c 755 /install.sh /peer-finder

stable/mongodb-replicaset/init/Makefile → stable/mongodb-replicaset/install/Makefile

@@ -14,7 +14,7 @@
 
 all: push
 
-TAG = 0.5
+TAG = 0.6
 PREFIX = staging-k8s.gcr.io/mongodb-install
 
 container:

stable/mongodb-replicaset/init/files/install.sh → stable/mongodb-replicaset/install/install.sh

@@ -18,24 +18,19 @@
 # init container. It contains on-start/change configuration scripts.
 WORKDIR_VOLUME="/work-dir"
 
-for i in "$@"
-do
-case $i in
-    -c=*|--config=*)
-    CONFIG_VOLUME="${i#*=}"
-    shift
-    ;;
-    -w=*|--work-dir=*)
-    WORKDIR_VOLUME="${i#*=}"
-    shift
-    ;;
-    *)
-    # unknown option
-    ;;
-esac
+for i in "$@"; do
+    case "$i" in
+        -w=*|--work-dir=*)
+            WORKDIR_VOLUME="${i#*=}"
+            shift
+            ;;
+        *)
+            # unknown option
+            ;;
+    esac
 done
 
-echo installing config scripts into "${WORKDIR_VOLUME}"
+echo Installing config scripts into "${WORKDIR_VOLUME}"
+
 mkdir -p "${WORKDIR_VOLUME}"
-cp /on-start.sh "${WORKDIR_VOLUME}"/
 cp /peer-finder "${WORKDIR_VOLUME}"/

stable/mongodb-replicaset/templates/mongodb-ca.yaml → stable/mongodb-replicaset/templates/mongodb-ca-secret.yaml

@@ -1,4 +1,4 @@
-{{- if and (.Values.tls.enabled) -}}
+{{- if .Values.tls.enabled -}}
 apiVersion: v1
 kind: Secret
 type: kubernetes.io/tls

stable/mongodb-replicaset/templates/mongodb-init-configmap.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  labels:
+    app: {{ template "mongodb-replicaset.name" . }}
+    chart: {{ template "mongodb-replicaset.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+  name: {{ template "mongodb-replicaset.fullname" . }}-init
+data:
+  on-start.sh: |
+{{ .Files.Get "init/on-start.sh" | indent 4 }}

stable/mongodb-replicaset/templates/mongodb-keyfile-secret.yaml

@@ -12,4 +12,3 @@ type: Opaque
 data:
   key.txt: {{ .Values.auth.key | b64enc }}
 {{- end -}}
-

stable/mongodb-replicaset/templates/mongodb-configmap.yaml → stable/mongodb-replicaset/templates/mongodb-mongodb-configmap.yaml

@@ -6,7 +6,7 @@ metadata:
     chart: {{ template "mongodb-replicaset.chart" . }}
     heritage: {{ .Release.Service }}
     release: {{ .Release.Name }}
-  name: {{ template "mongodb-replicaset.fullname" . }}
+  name: {{ template "mongodb-replicaset.fullname" . }}-mongodb
 data:
   mongod.conf: |
 {{ toYaml .Values.configmap | indent 4 }}

stable/mongodb-replicaset/templates/mongodb-poddisruptionbudget.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.podDisruptionBudget -}}
 apiVersion: policy/v1beta1
 kind: PodDisruptionBudget
 metadata:
@@ -12,4 +13,5 @@ spec:
     matchLabels:
       app: {{ template "mongodb-replicaset.name" . }}
       release: {{ .Release.Name }}
-  minAvailable: {{ .Values.minAvailable }}
+{{ toYaml .Values.podDisruptionBudget | indent 2 }}
+{{- end -}}