mongodb
diff --git a/‎README.md
Lines changed: 15 additions & 16 deletions b/‎README.md
Lines changed: 15 additions & 16 deletions
diff --git a/‎crds.yaml
Lines changed: 52 additions & 2 deletions b/‎crds.yaml
Lines changed: 52 additions & 2 deletions
diff --git a/‎helm_chart/Chart.yaml
Lines changed: 1 addition & 1 deletion b/‎helm_chart/Chart.yaml
Lines changed: 1 addition & 1 deletion
diff --git a/‎helm_chart/templates/crds.yaml
Lines changed: 50 additions & 4 deletions b/‎helm_chart/templates/crds.yaml
Lines changed: 50 additions & 4 deletions
diff --git a/‎helm_chart/templates/operator.yaml
Lines changed: 2 additions & 2 deletions b/‎helm_chart/templates/operator.yaml
Lines changed: 2 additions & 2 deletions
diff --git a/‎helm_chart/templates/roles.yaml
Lines changed: 49 additions & 3 deletions b/‎helm_chart/templates/roles.yaml
Lines changed: 49 additions & 3 deletions
diff --git a/‎helm_chart/values.yaml
Lines changed: 8 additions & 1 deletion b/‎helm_chart/values.yaml
Lines changed: 8 additions & 1 deletion
@@ -29,7 +29,7 @@ You can discuss this integration in our [Slack](https://community-slack.mongodb.
 The MongoDB Enterprise Operator is compatible with Kubernetes v1.11 and above. It has been tested against Openshift 3.11.
 
 This Operator requires [Ops Manager](https://docs.opsmanager.mongodb.com/current/) or [Cloud Manager](https://cloud.mongodb.com/user#/cloud/login). In this document, when we refer to "Ops Manager", you may substitute "Cloud Manager". The functionality is the same.
-> If this is your first time trying the Operator, Cloud Manager is easier to get started 
+> If this is your first time trying the Operator, Cloud Manager is easier to get started
 
 
 ## Installation
@@ -39,20 +39,20 @@ This Operator requires [Ops Manager](https://docs.opsmanager.mongodb.com/current
 The Mongodb Enterprise Operator is installed, by default, into the `mongodb` Namespace, but this Namespace is not created automatically. To create this Namespace you should execute:
 
     kubectl create namespace mongodb
-    
-If you plan on using any other Namespace, please make sure you update the yaml files' `metadata.namespace` attribute to 
-point to your preferred Namespace. If using `helm` you need to override the `namespace` attribute with `--set namespace=<..>` 
+
+If you plan on using any other Namespace, please make sure you update the yaml files' `metadata.namespace` attribute to
+point to your preferred Namespace. If using `helm` you need to override the `namespace` attribute with `--set namespace=<..>`
 during helm installation
 
 ### Installation using yaml files
 
 #### Create CustomResourceDefinitions
 
-The `CustomResourceDefinition` (or `crd`) should be installed before installing the operator into your Kubernetes cluster. To do this, make sure you have logged into your Kubernetes cluster and that you can perform Cluster level operations:
+The `CustomResourceDefinition` (or `crds`) should be installed before installing the operator into your Kubernetes cluster. To do this, make sure you have logged into your Kubernetes cluster and that you can perform Cluster level operations:
 
     kubectl apply -f https://raw.githubusercontent.com/mongodb/mongodb-enterprise-kubernetes/master/crds.yaml
 
-This will create one new `crd` in your cluster, `MongoDB`. This new object will be the one used by the operator to perform the MongoDb operations needed to prepare each one of the three different types of MongoDB deployments. `Standalone`, `ReplicaSet` and `ShardedCluster`
+This will create a new `crd` in your cluster, `MongoDB`. This new object will be the one used by the operator to perform the MongoDb operations needed to prepare each one of the different MongoDb types of deployments.
 
 #### Operator Installation
 
@@ -68,13 +68,13 @@ Check the end of the page for instructions on how to remove the Operator.
 
 ### Installation using Helm Chart
 
-If you have installed the Helm client locally then you can run (note that `helm install` is a less preferred way as makes upgrades more complicated. 
+If you have installed the Helm client locally then you can run (note that `helm install` is a less preferred way as makes upgrades more complicated.
 `kubectl apply` is a much clearer way of installing/upgrading):
 
-    helm template helm_chart > operator.yaml
+    helm template public/helm_chart > operator.yaml
     kubectl apply -f operator.yaml
 
-You can customize installation by simple overriding of helm variables, for example use `--set operator.env="dev"` to run the Operator in development mode 
+You can customize installation by simple overriding of helm variables, for example use `--set operator.env="dev"` to run the Operator in development mode
 (this will turn logging level to `Debug` and will make logging output as non-json)
 
 Check the end of the page for instructions on how to remove the Operator.
@@ -110,9 +110,9 @@ data:
   orgId: 5b890e0feacf0b76ff3e7183 # this is an optional parameter
   baseUrl: https://my-ops-manager-or-cloud-manager-url
 ```
-> Note, that if `orgId` is skipped then the new organization named `projectName` will be automatically created and new 
+> Note, that if `orgId` is skipped then the new organization named `projectName` will be automatically created and new
 project will be added there.
- 
+
 Apply this file to create the new `Project`:
 
     kubectl apply -f my-project.yaml
@@ -127,16 +127,16 @@ $ kubectl -n mongodb create secret generic my-credentials --from-literal="user=s
 
 ### Creating a MongoDB Object ###
 
-A MongoDB resource (short name `mdb`) in Kubernetes can have a type of Standalone, ReplicaSet or ShardedCluster. We are going to create a replica set to test that everything is working as expected. There is a MongoDBReplicaSet yaml file in `samples/minimal/replicaset.yaml`.
+A MongoDB object in Kubernetes is a MongoDB (short name `mdb`). We are going to create a replica set to test that everything is working as expected. There is a MongoDB replica set yaml file in `samples/minimal/replicaset.yaml`.
 
 If you have a correctly created Project with the name `my-project` and Credentials stored in a secret called `my-credentials` then, after applying this file then everything should be running and a new Replica Set with 3 members should soon appear in Ops Manager UI.
 
     kubectl apply -f samples/minimal/replicaset.yaml
-    
+
 ### Correct order of Operator/Namespace removal
 
 It's important to keep correct order or removal operations. The simple rule is: **never remove Operator before mongodb resources**!
-The reason is that the Operator cleans state in Ops Manager on deletion of the MongoDB resource in Kubernetes. 
+The reason is that the Operator cleans state in Ops Manager on deletion of the MongoDB resource in Kubernetes.
 
 These are the correct steps to remove any MongoDB Operator resources:
 
@@ -147,6 +147,5 @@ kubectl delete mdb --all -n <namespace>
 # any of the following commands must be called after removing all existing mongodb resources
 kubectl delete namespace <namespace>
 kubectl delete deployment mongodb-enterprise-operator -n <namespace>
-kubectl delete crd --all
+kubectl delete crd/mongodb.mongodb.com
 ```
-   
@@ -1,7 +1,6 @@
 ---
 # Source: mongodb-enterprise-operator/templates/crds.yaml
 
-
 ---
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
@@ -17,6 +16,23 @@ spec:
     shortNames:
     - mdb
     singular: mongodb
+  additionalPrinterColumns:
+    - name: Type
+      type: string
+      description: "The type of MongoDB deployment. One of 'ReplicaSet', 'ShardedCluster' and 'Standalone'."
+      JSONPath: .spec.type
+    - name: State
+      type: string
+      description: The current state of the MongoDB deployment.
+      JSONPath: .status.phase
+    - name: Version
+      type: string
+      description: The version of MongoDB.
+      JSONPath: .spec.version
+    - name: Age
+      type: date
+      description: The time since the MongoDB resource was created.
+      JSONPath: .metadata.creationTimestamp
   validation: # there are 3 possible schemas, ReplicaSet, ShardedCluster and Standalone
     openAPIV3Schema:
       oneOf:
@@ -36,6 +52,17 @@ spec:
               type:
                 type: string
                 pattern: "^Standalone$"
+              additionalMongodConfig:
+                properties:
+                  net:
+                    properties:
+                      ssl:
+                        properties:
+                          mode:
+                            type: string
+                            enum: ["disabled", "allowSSL", "preferSSL", "requireSSL", "allowTLS", "preferTLS", "requireTLS"]
+              exposedExternally:
+                type: boolean
             required:
             - credentials
             - project
@@ -61,6 +88,17 @@ spec:
               type:
                 type: string
                 pattern: "^ReplicaSet$"
+              additionalMongodConfig:
+                properties:
+                  net:
+                    properties:
+                      ssl:
+                        properties:
+                          mode:
+                            type: string
+                            enum: ["disabled", "allowSSL", "preferSSL", "requireSSL", "allowTLS", "preferTLS", "requireTLS"]
+              exposedExternally:
+                type: boolean
             required:
             - credentials
             - project
@@ -97,6 +135,17 @@ spec:
               type:
                 type: string
                 pattern: "^ShardedCluster$"
+              additionalMongodConfig:
+                properties:
+                  net:
+                    properties:
+                      ssl:
+                        properties:
+                          mode:
+                            type: string
+                            enum: ["disabled", "allowSSL", "preferSSL", "requireSSL", "allowTLS", "preferTLS", "requireTLS"]
+              exposedExternally:
+                type: boolean
             required:
             - credentials
             - project
@@ -105,4 +154,5 @@ spec:
             - shardCount
             - mongodsPerShardCount
             - mongosCount
-            - configServerCount
+            - configServerCount
+
@@ -1,6 +1,6 @@
 name: mongodb-enterprise-operator
 description: MongoDB Kubernetes Enterprise Operator
-version: '0.10'
+version: '0.11'
 kubeVersion: '>=1.11'
 keywords:
 - mongodb
 
@@ -1,8 +1,4 @@
 {{ if eq .Values.createCrds true}}
----
-# Source: mongodb-enterprise-operator/templates/crds.yaml
-
-
 ---
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
@@ -18,6 +14,23 @@ spec:
     shortNames:
     - mdb
     singular: mongodb
+  additionalPrinterColumns:
+    - name: Type
+      type: string
+      description: "The type of MongoDB deployment. One of 'ReplicaSet', 'ShardedCluster' and 'Standalone'."
+      JSONPath: .spec.type
+    - name: State
+      type: string
+      description: The current state of the MongoDB deployment.
+      JSONPath: .status.phase
+    - name: Version
+      type: string
+      description: The version of MongoDB.
+      JSONPath: .spec.version
+    - name: Age
+      type: date
+      description: The time since the MongoDB resource was created.
+      JSONPath: .metadata.creationTimestamp
   validation: # there are 3 possible schemas, ReplicaSet, ShardedCluster and Standalone
     openAPIV3Schema:
       oneOf:
@@ -37,6 +50,17 @@ spec:
               type:
                 type: string
                 pattern: "^Standalone$"
+              additionalMongodConfig:
+                properties:
+                  net:
+                    properties:
+                      ssl:
+                        properties:
+                          mode:
+                            type: string
+                            enum: ["disabled", "allowSSL", "preferSSL", "requireSSL", "allowTLS", "preferTLS", "requireTLS"]
+              exposedExternally:
+                type: boolean
             required:
             - credentials
             - project
@@ -62,6 +86,17 @@ spec:
               type:
                 type: string
                 pattern: "^ReplicaSet$"
+              additionalMongodConfig:
+                properties:
+                  net:
+                    properties:
+                      ssl:
+                        properties:
+                          mode:
+                            type: string
+                            enum: ["disabled", "allowSSL", "preferSSL", "requireSSL", "allowTLS", "preferTLS", "requireTLS"]
+              exposedExternally:
+                type: boolean
             required:
             - credentials
             - project
@@ -98,6 +133,17 @@ spec:
               type:
                 type: string
                 pattern: "^ShardedCluster$"
+              additionalMongodConfig:
+                properties:
+                  net:
+                    properties:
+                      ssl:
+                        properties:
+                          mode:
+                            type: string
+                            enum: ["disabled", "allowSSL", "preferSSL", "requireSSL", "allowTLS", "preferTLS", "requireTLS"]
+              exposedExternally:
+                type: boolean
             required:
             - credentials
             - project
 
@@ -19,7 +19,7 @@ spec:
       serviceAccountName: {{ .Values.operator.name }}
       containers:
       - name: {{ .Values.operator.name }}
-        image: {{ .Values.registry.repository }}/mongodb-enterprise-operator:{{ .Values.operator.version }}
+        image: {{ .Values.registry.repository }}/{{ .Values.operator.name }}:{{ .Values.operator.version }}
         imagePullPolicy: {{ .Values.registry.pullPolicy }}
 {{ if .Values.registry.imagePullSecrets}}
         imagePullSecrets:
@@ -41,7 +41,7 @@ spec:
           value: 'true'
 {{ end }}
         - name: MONGODB_ENTERPRISE_DATABASE_IMAGE
-          value: {{ .Values.registry.repository }}/mongodb-enterprise-database:{{ .Values.operator.version }}
+          value: {{ .Values.registry.repository }}/{{ .Values.database.name }}:{{ .Values.operator.version }}
         - name: IMAGE_PULL_POLICY
           value: {{ .Values.registry.pullPolicy }}
 {{ if .Values.registry.imagePullSecrets }}
 
@@ -24,13 +24,24 @@ rules:
   - apps
   resources:
   - statefulsets
-  verbs: ["*"]
+  verbs:
+  - create
+  - get
+  - list
+  - watch
+  - delete
+  - update
 - apiGroups:
   - mongodb.com
   resources:
-  - "*"
+  - mongodb
+  - mongodb/finalizers
   verbs:
-  - "*"
+  - get
+  - list
+  - watch
+  - delete
+  - update
 
 ---
 kind: {{ if .Values.operator.watchNamespace }} {{ if (eq .Values.operator.watchNamespace "*") }} ClusterRoleBinding {{ else }} RoleBinding {{ end }} {{ else }} RoleBinding {{ end }}
@@ -50,3 +61,38 @@ subjects:
 {{ if .Values.namespace }}
   namespace: {{ .Values.namespace }}
 {{ end }}
+
+# This ClusterRole is needed if the user wants to use the Kubernetes CA
+# infrastructure to generate certificates.
+{{ if .Values.needsCAInfrastructure }}
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ .Values.operator.name }}-{{ .Values.namespace }}-certs
+rules:
+- apiGroups:
+  - certificates.k8s.io
+  resources:
+  - certificatesigningrequests
+  verbs:
+  - get
+  - create
+  - list
+
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ .Values.operator.name }}-{{ .Values.namespace }}-certs-binding
+  namespace: {{ .Values.namespace }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ .Values.operator.name }}-{{ .Values.namespace }}-certs
+subjects:
+- kind: ServiceAccount
+  name: {{ .Values.operator.name }}
+  namespace: {{ .Values.namespace }}
+
+{{ end }}
@@ -16,10 +16,17 @@ operator:
   name: mongodb-enterprise-operator
 
   # Version of mongodb-enterprise-operator and mongodb-enterprise-database images
-  version: '0.10'
+  version: '0.11'
+
+database:
+  name: mongodb-enterprise-database
 
 registry:
   # Specify if images are pulled from private repository
   imagePullSecrets:
   pullPolicy: Always
   repository: quay.io/mongodb
+
+# Set this to true if the operator will require Kubernetes CA
+# infrastructure to generate TLS certificates.
+needsCAInfrastructure: true