mongo.yml

---
apiVersion: psmdb.percona.com/v1-4-0
kind: PerconaServerMongoDB
metadata:
  name: ${FQDN}
spec:
  updateStrategy: RollingUpdate
  crVersion: "1.6.0"
  image: percona/percona-server-mongodb:4.2.8-8
  imagePullPolicy: Always
  allowUnsafeConfigurations: false
  secrets:
    users: ${FQDN}-mongodb-users
  pmm:
    enabled: false
  replsets:
  - name: rs0
    size: 3
    affinity:
      antiAffinityTopologyKey: "kubernetes.io/hostname"
    arbiter:
      enabled: false
      size: 0
    podDisruptionBudget:
      maxUnavailable: 1
    podSecurityContext:
      fsGroup: 1001
    containerSecurityContext:
      runAsNonRoot: true
      runAsUser: 1001
    expose:
      enabled: false
    livenessProbe:
      exec:
        command:
        - mongodb-healthcheck
        - k8s
        - liveness
        - --startupDelaySeconds
        - "61"
      failureThreshold: 4
      initialDelaySeconds: 60
      periodSeconds: 30
      startupDelaySeconds: 61
      successThreshold: 1
      timeoutSeconds: 5
    readinessProbe:
      failureThreshold: 8
      initialDelaySeconds: 10
      periodSeconds: 3
      successThreshold: 1
      tcpSocket:
        port: 27017
      timeoutSeconds: 2
    resources:
      limits:
        memory: 1500Mi
      requests:
        memory: 500Mi
    storage:
      engine: wiredTiger
      wiredTiger:
        collectionConfig: {}
        engineConfig:
          cacheSizeRatio: 0.5
        indexConfig:
          prefixCompression: true
    volumeSpec:
      persistentVolumeClaim:
        storageClassName: small 
        accessModes: [ "ReadWriteOnce" ]
        resources:
          requests:
            storage: 5Gi 
  mongod:
    security:
      redactClientLogData: false
      enableEncryption: true
      encryptionCipherMode: AES256-CBC
    net:
      port: 27017
  backup:
    enabled: true
    restartOnFailure: true
    image: percona/percona-server-mongodb-operator:1.6.0-backup
    serviceAccountName: percona-server-mongodb-operator
    storages:
      backup:
        type: s3
        s3:
          bucket: ${DOMAIN}-dumps
          credentialsSecret: ${DOMAIN}-dumps
          region: default
          endpointUrl: https://minio.k7.indie.host/
          prefix: mongodb
    tasks:
    - name: daily
      enabled: true
      schedule: "0 0 * * *"
      storageName: backup
      compressionType: gzip