-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
7eefc0f
commit abe3548
Showing
8 changed files
with
146 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -62,3 +62,5 @@ spec: | |
volumes: | ||
- name: geolite-db | ||
emptyDir: {} | ||
securityContext: | ||
fsGroup: 1000 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
apiVersion: v2 | ||
name: mongodb | ||
version: 1.0.0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
apiVersion: v1 | ||
kind: ConfigMap | ||
metadata: | ||
name: mongodb | ||
labels: | ||
app: mongodb | ||
data: | ||
MONGO_INITDB_ROOT_USERNAME: "root" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
apiVersion: secrets.infisical.com/v1alpha1 | ||
kind: InfisicalSecret | ||
metadata: | ||
name: mongodb | ||
namespace: faf-infra | ||
spec: | ||
authentication: | ||
universalAuth: | ||
credentialsRef: | ||
secretName: infisical-machine-identity | ||
secretNamespace: faf-ops | ||
secretsScope: | ||
projectSlug: {{.Values.infisical.projectSlug}} | ||
envSlug: {{.Values.infisical.envSlug}} | ||
secretsPath: "/mongodb" | ||
managedSecretReference: | ||
secretName: mongodb | ||
secretNamespace: faf-infra | ||
creationPolicy: "Owner" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
apiVersion: v1 | ||
kind: Service | ||
metadata: | ||
name: mongodb | ||
labels: | ||
app: mongodb | ||
spec: | ||
selector: | ||
app: mongodb | ||
ports: | ||
- port: 27017 | ||
targetPort: 27017 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
apiVersion: apps/v1 | ||
kind: StatefulSet | ||
metadata: | ||
name: mongodb | ||
labels: | ||
app: mongodb | ||
spec: | ||
serviceName: mongodb | ||
replicas: 1 | ||
revisionHistoryLimit: 10 | ||
selector: | ||
matchLabels: | ||
app: mongodb | ||
template: | ||
metadata: | ||
labels: | ||
app: mongodb | ||
spec: | ||
containers: | ||
- image: mongo:7.0.14 | ||
imagePullPolicy: Always | ||
name: mongodb | ||
ports: | ||
- containerPort: 27017 | ||
protocol: TCP | ||
envFrom: | ||
- configMapRef: | ||
name: mongodb | ||
- secretRef: | ||
name: mongodb | ||
volumeMounts: | ||
- name: mongodb-pvc | ||
mountPath: /var/lib/mongodbql/data | ||
restartPolicy: Always | ||
volumes: | ||
- name: config | ||
configMap: | ||
name: mongodb | ||
- name: mongodb-pvc | ||
persistentVolumeClaim: | ||
claimName: mongodb-pvc |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,56 @@ | ||
#!/bin/sh | ||
# Setup rabbitmq vhost and users | ||
export NAMESPACE="faf-infra" | ||
|
||
# fail on errors | ||
set -e | ||
|
||
. ./k8s-helpers.sh | ||
|
||
check_resource_exists_or_fail secret mongodb | ||
check_resource_exists_or_fail statefulset mongodb | ||
check_resource_exists_or_fail pod mongodb-0 | ||
|
||
ADMIN_USER=$(get_config_value mongodb MONGO_INITDB_ROOT_USERNAME) | ||
ADMIN_PASSWORD=$(get_secret_value mongodb MONGO_INITDB_ROOT_PASSWORD) | ||
|
||
run_mongo_query() { | ||
kubectl -n $NAMESPACE exec -i mongodb-0 -- mongosh --quiet --username "$ADMIN_USER" --password "$ADMIN_PASSWORD" --authenticationDatabase admin --eval "$1" | ||
} | ||
|
||
# Function to check if a user exists | ||
user_exists() { | ||
DATABASE=$1 | ||
USERNAME=$2 | ||
RESULT=$(run_mongo_query "db.getSiblingDB(\"$DATABASE\").getUser(\"$USERNAME\");") | ||
|
||
if [ "$RESULT" != "null" ]; then | ||
return 0 # User exists (true) | ||
else | ||
return 1 # User does not exist (false) | ||
fi | ||
} | ||
|
||
create_user_and_db() { | ||
SERVICE_NAMESPACE=$1 | ||
SERVICE_NAME=$2 | ||
DB_USER=$(NAMESPACE=$SERVICE_NAMESPACE get_config_value "$SERVICE_NAME" "$3") | ||
DB_PASSWORD=$(NAMESPACE=$SERVICE_NAMESPACE get_secret_value "$SERVICE_NAME" "$4") | ||
DB_NAME=$(NAMESPACE=$SERVICE_NAMESPACE get_config_value "$SERVICE_NAME" "$5") | ||
|
||
# Create user if it does not exist | ||
if user_exists "$DB_NAME" "$DB_USER"; then | ||
echo "User $DB_USER already exists in db $DB_NAME. Skipping user creation." | ||
else | ||
run_mongo_query <<MONGODB_SCRIPT | ||
use ${MONGO_NODEBB_DATABASE}; | ||
db.createUser( { user: "${DB_USER}", pwd: "${DB_PASSWORD}", roles: [ "readWrite" ] } ); | ||
db.grantRolesToUser("${DB_NAME}",[{ role: "clusterMonitor", db: "admin" }]); | ||
MONGODB_SCRIPT | ||
echo "User $DB_USER created in db $DB_NAME." | ||
fi | ||
} | ||
|
||
create_user_and_db faf-apps wikijs DB_USER DB_PASS DB_NAME | ||
|
||
echo "All users and databases have been processed." |