Skip to content

Commit

Permalink
Add mongodb
Browse files Browse the repository at this point in the history
  • Loading branch information
Brutus5000 committed Oct 13, 2024
1 parent 7eefc0f commit abe3548
Show file tree
Hide file tree
Showing 8 changed files with 146 additions and 3 deletions.
2 changes: 2 additions & 0 deletions apps/faf-icebreaker/templates/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -62,3 +62,5 @@ spec:
volumes:
- name: geolite-db
emptyDir: {}
securityContext:
fsGroup: 1000
8 changes: 5 additions & 3 deletions cluster/storage/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,11 @@ managedStorages:
size: 50Gi
pvc:
namespace: faf-apps
- pv:
name: mongodb
size: 20Gi
pvc:
namespace: faf-infra
- pv:
name: wordpress
size: 10Gi
Expand Down Expand Up @@ -76,9 +81,6 @@ managedStorages:
# - name: mariadb
# namespace: faf-apps
# size: 20Gi
# - name: mongodb
# namespace: faf-apps
# size: 20Gi
# size: 10Gi
# - name: nodebb
# namespace: faf-apps
Expand Down
3 changes: 3 additions & 0 deletions infra/mongodb/Chart.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
apiVersion: v2
name: mongodb
version: 1.0.0
8 changes: 8 additions & 0 deletions infra/mongodb/templates/config.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: mongodb
labels:
app: mongodb
data:
MONGO_INITDB_ROOT_USERNAME: "root"
19 changes: 19 additions & 0 deletions infra/mongodb/templates/secret.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
apiVersion: secrets.infisical.com/v1alpha1
kind: InfisicalSecret
metadata:
name: mongodb
namespace: faf-infra
spec:
authentication:
universalAuth:
credentialsRef:
secretName: infisical-machine-identity
secretNamespace: faf-ops
secretsScope:
projectSlug: {{.Values.infisical.projectSlug}}
envSlug: {{.Values.infisical.envSlug}}
secretsPath: "/mongodb"
managedSecretReference:
secretName: mongodb
secretNamespace: faf-infra
creationPolicy: "Owner"
12 changes: 12 additions & 0 deletions infra/mongodb/templates/service.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
apiVersion: v1
kind: Service
metadata:
name: mongodb
labels:
app: mongodb
spec:
selector:
app: mongodb
ports:
- port: 27017
targetPort: 27017
41 changes: 41 additions & 0 deletions infra/mongodb/templates/statefulset.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: mongodb
labels:
app: mongodb
spec:
serviceName: mongodb
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app: mongodb
template:
metadata:
labels:
app: mongodb
spec:
containers:
- image: mongo:7.0.14
imagePullPolicy: Always
name: mongodb
ports:
- containerPort: 27017
protocol: TCP
envFrom:
- configMapRef:
name: mongodb
- secretRef:
name: mongodb
volumeMounts:
- name: mongodb-pvc
mountPath: /var/lib/mongodbql/data
restartPolicy: Always
volumes:
- name: config
configMap:
name: mongodb
- name: mongodb-pvc
persistentVolumeClaim:
claimName: mongodb-pvc
56 changes: 56 additions & 0 deletions scripts/init-mongodb.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
#!/bin/sh
# Setup rabbitmq vhost and users
export NAMESPACE="faf-infra"

# fail on errors
set -e

. ./k8s-helpers.sh

check_resource_exists_or_fail secret mongodb
check_resource_exists_or_fail statefulset mongodb
check_resource_exists_or_fail pod mongodb-0

ADMIN_USER=$(get_config_value mongodb MONGO_INITDB_ROOT_USERNAME)
ADMIN_PASSWORD=$(get_secret_value mongodb MONGO_INITDB_ROOT_PASSWORD)

run_mongo_query() {
kubectl -n $NAMESPACE exec -i mongodb-0 -- mongosh --quiet --username "$ADMIN_USER" --password "$ADMIN_PASSWORD" --authenticationDatabase admin --eval "$1"
}

# Function to check if a user exists
user_exists() {
DATABASE=$1
USERNAME=$2
RESULT=$(run_mongo_query "db.getSiblingDB(\"$DATABASE\").getUser(\"$USERNAME\");")

if [ "$RESULT" != "null" ]; then
return 0 # User exists (true)
else
return 1 # User does not exist (false)
fi
}

create_user_and_db() {
SERVICE_NAMESPACE=$1
SERVICE_NAME=$2
DB_USER=$(NAMESPACE=$SERVICE_NAMESPACE get_config_value "$SERVICE_NAME" "$3")
DB_PASSWORD=$(NAMESPACE=$SERVICE_NAMESPACE get_secret_value "$SERVICE_NAME" "$4")
DB_NAME=$(NAMESPACE=$SERVICE_NAMESPACE get_config_value "$SERVICE_NAME" "$5")

# Create user if it does not exist
if user_exists "$DB_NAME" "$DB_USER"; then
echo "User $DB_USER already exists in db $DB_NAME. Skipping user creation."
else
run_mongo_query <<MONGODB_SCRIPT
use ${MONGO_NODEBB_DATABASE};
db.createUser( { user: "${DB_USER}", pwd: "${DB_PASSWORD}", roles: [ "readWrite" ] } );
db.grantRolesToUser("${DB_NAME}",[{ role: "clusterMonitor", db: "admin" }]);
MONGODB_SCRIPT
echo "User $DB_USER created in db $DB_NAME."
fi
}

create_user_and_db faf-apps wikijs DB_USER DB_PASS DB_NAME

echo "All users and databases have been processed."

0 comments on commit abe3548

Please sign in to comment.