From ab2d09dfeaef240cbb14fa6a0e012c9b529e5514 Mon Sep 17 00:00:00 2001 From: Brutus5000 Date: Sun, 13 Oct 2024 16:08:48 +0200 Subject: [PATCH] Add mongodb --- apps/faf-icebreaker/templates/deployment.yaml | 2 + cluster/storage/values.yaml | 8 ++- infra/mongodb/Chart.yaml | 3 + infra/mongodb/templates/config.yaml | 8 +++ infra/mongodb/templates/secret.yaml | 19 +++++++ infra/mongodb/templates/service.yaml | 12 ++++ infra/mongodb/templates/statefulset.yaml | 41 ++++++++++++++ scripts/init-mongodb.sh | 56 +++++++++++++++++++ 8 files changed, 146 insertions(+), 3 deletions(-) create mode 100644 infra/mongodb/Chart.yaml create mode 100644 infra/mongodb/templates/config.yaml create mode 100644 infra/mongodb/templates/secret.yaml create mode 100644 infra/mongodb/templates/service.yaml create mode 100644 infra/mongodb/templates/statefulset.yaml create mode 100755 scripts/init-mongodb.sh diff --git a/apps/faf-icebreaker/templates/deployment.yaml b/apps/faf-icebreaker/templates/deployment.yaml index 8747cec9..228d9c5e 100644 --- a/apps/faf-icebreaker/templates/deployment.yaml +++ b/apps/faf-icebreaker/templates/deployment.yaml @@ -62,3 +62,5 @@ spec: volumes: - name: geolite-db emptyDir: {} + securityContext: + fsGroup: 1000 \ No newline at end of file diff --git a/cluster/storage/values.yaml b/cluster/storage/values.yaml index da33a6af..306159e4 100644 --- a/cluster/storage/values.yaml +++ b/cluster/storage/values.yaml @@ -43,6 +43,11 @@ managedStorages: size: 50Gi pvc: namespace: faf-apps + - pv: + name: mongodb + size: 20Gi + pvc: + namespace: faf-infra - pv: name: wordpress size: 10Gi @@ -76,9 +81,6 @@ managedStorages: # - name: mariadb # namespace: faf-apps # size: 20Gi -# - name: mongodb -# namespace: faf-apps -# size: 20Gi # size: 10Gi # - name: nodebb # namespace: faf-apps diff --git a/infra/mongodb/Chart.yaml b/infra/mongodb/Chart.yaml new file mode 100644 index 00000000..c45a4802 --- /dev/null +++ b/infra/mongodb/Chart.yaml @@ -0,0 +1,3 @@ +apiVersion: v2 +name: mongodb +version: 1.0.0 diff --git a/infra/mongodb/templates/config.yaml b/infra/mongodb/templates/config.yaml new file mode 100644 index 00000000..7402014c --- /dev/null +++ b/infra/mongodb/templates/config.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: mongodb + labels: + app: mongodb +data: + MONGO_INITDB_ROOT_USERNAME: "root" diff --git a/infra/mongodb/templates/secret.yaml b/infra/mongodb/templates/secret.yaml new file mode 100644 index 00000000..0cf09270 --- /dev/null +++ b/infra/mongodb/templates/secret.yaml @@ -0,0 +1,19 @@ +apiVersion: secrets.infisical.com/v1alpha1 +kind: InfisicalSecret +metadata: + name: mongodb + namespace: faf-infra +spec: + authentication: + universalAuth: + credentialsRef: + secretName: infisical-machine-identity + secretNamespace: faf-ops + secretsScope: + projectSlug: {{.Values.infisical.projectSlug}} + envSlug: {{.Values.infisical.envSlug}} + secretsPath: "/mongodb" + managedSecretReference: + secretName: mongodb + secretNamespace: faf-infra + creationPolicy: "Owner" diff --git a/infra/mongodb/templates/service.yaml b/infra/mongodb/templates/service.yaml new file mode 100644 index 00000000..5feca60c --- /dev/null +++ b/infra/mongodb/templates/service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: mongodb + labels: + app: mongodb +spec: + selector: + app: mongodb + ports: + - port: 27017 + targetPort: 27017 diff --git a/infra/mongodb/templates/statefulset.yaml b/infra/mongodb/templates/statefulset.yaml new file mode 100644 index 00000000..4a699d88 --- /dev/null +++ b/infra/mongodb/templates/statefulset.yaml @@ -0,0 +1,41 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: mongodb + labels: + app: mongodb +spec: + serviceName: mongodb + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: mongodb + template: + metadata: + labels: + app: mongodb + spec: + containers: + - image: mongo:7.0.14 + imagePullPolicy: Always + name: mongodb + ports: + - containerPort: 27017 + protocol: TCP + envFrom: + - configMapRef: + name: mongodb + - secretRef: + name: mongodb + volumeMounts: + - name: mongodb-pvc + mountPath: /var/lib/mongodbql/data + restartPolicy: Always + volumes: + - name: config + configMap: + name: mongodb + - name: mongodb-pvc + persistentVolumeClaim: + claimName: mongodb-pvc diff --git a/scripts/init-mongodb.sh b/scripts/init-mongodb.sh new file mode 100755 index 00000000..4ece0cb4 --- /dev/null +++ b/scripts/init-mongodb.sh @@ -0,0 +1,56 @@ +#!/bin/sh +# Setup rabbitmq vhost and users +export NAMESPACE="faf-infra" + +# fail on errors +set -e + +. ./k8s-helpers.sh + +check_resource_exists_or_fail secret mongodb +check_resource_exists_or_fail statefulset mongodb +check_resource_exists_or_fail pod mongodb-0 + +ADMIN_USER=$(get_config_value mongodb MONGO_INITDB_ROOT_USERNAME) +ADMIN_PASSWORD=$(get_secret_value mongodb MONGO_INITDB_ROOT_PASSWORD) + +run_mongo_query() { + kubectl -n $NAMESPACE exec -i mongodb-0 -- mongosh --quiet --username "$ADMIN_USER" --password "$ADMIN_PASSWORD" --authenticationDatabase admin --eval "$1" +} + +# Function to check if a user exists +user_exists() { + DATABASE=$1 + USERNAME=$2 + RESULT=$(run_mongo_query "db.getSiblingDB(\"$DATABASE\").getUser(\"$USERNAME\");") + + if [ "$RESULT" != "null" ]; then + return 0 # User exists (true) + else + return 1 # User does not exist (false) + fi +} + +create_user_and_db() { + SERVICE_NAMESPACE=$1 + SERVICE_NAME=$2 + DB_USER=$(NAMESPACE=$SERVICE_NAMESPACE get_config_value "$SERVICE_NAME" "$3") + DB_PASSWORD=$(NAMESPACE=$SERVICE_NAMESPACE get_secret_value "$SERVICE_NAME" "$4") + DB_NAME=$(NAMESPACE=$SERVICE_NAMESPACE get_config_value "$SERVICE_NAME" "$5") + + # Create user if it does not exist + if user_exists "$DB_NAME" "$DB_USER"; then + echo "User $DB_USER already exists in db $DB_NAME. Skipping user creation." + else + run_mongo_query <