diff --git a/cluster/storage/values.yaml b/cluster/storage/values.yaml index da33a6af..306159e4 100644 --- a/cluster/storage/values.yaml +++ b/cluster/storage/values.yaml @@ -43,6 +43,11 @@ managedStorages: size: 50Gi pvc: namespace: faf-apps + - pv: + name: mongodb + size: 20Gi + pvc: + namespace: faf-infra - pv: name: wordpress size: 10Gi @@ -76,9 +81,6 @@ managedStorages: # - name: mariadb # namespace: faf-apps # size: 20Gi -# - name: mongodb -# namespace: faf-apps -# size: 20Gi # size: 10Gi # - name: nodebb # namespace: faf-apps diff --git a/infra/mongodb/Chart.yaml b/infra/mongodb/Chart.yaml new file mode 100644 index 00000000..c45a4802 --- /dev/null +++ b/infra/mongodb/Chart.yaml @@ -0,0 +1,3 @@ +apiVersion: v2 +name: mongodb +version: 1.0.0 diff --git a/infra/mongodb/templates/config.yaml b/infra/mongodb/templates/config.yaml new file mode 100644 index 00000000..7402014c --- /dev/null +++ b/infra/mongodb/templates/config.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: mongodb + labels: + app: mongodb +data: + MONGO_INITDB_ROOT_USERNAME: "root" diff --git a/infra/mongodb/templates/secret.yaml b/infra/mongodb/templates/secret.yaml new file mode 100644 index 00000000..0cf09270 --- /dev/null +++ b/infra/mongodb/templates/secret.yaml @@ -0,0 +1,19 @@ +apiVersion: secrets.infisical.com/v1alpha1 +kind: InfisicalSecret +metadata: + name: mongodb + namespace: faf-infra +spec: + authentication: + universalAuth: + credentialsRef: + secretName: infisical-machine-identity + secretNamespace: faf-ops + secretsScope: + projectSlug: {{.Values.infisical.projectSlug}} + envSlug: {{.Values.infisical.envSlug}} + secretsPath: "/mongodb" + managedSecretReference: + secretName: mongodb + secretNamespace: faf-infra + creationPolicy: "Owner" diff --git a/infra/mongodb/templates/service.yaml b/infra/mongodb/templates/service.yaml new file mode 100644 index 00000000..5feca60c --- /dev/null +++ b/infra/mongodb/templates/service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: mongodb + labels: + app: mongodb +spec: + selector: + app: mongodb + ports: + - port: 27017 + targetPort: 27017 diff --git a/infra/mongodb/templates/statefulset.yaml b/infra/mongodb/templates/statefulset.yaml new file mode 100644 index 00000000..4a699d88 --- /dev/null +++ b/infra/mongodb/templates/statefulset.yaml @@ -0,0 +1,41 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: mongodb + labels: + app: mongodb +spec: + serviceName: mongodb + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: mongodb + template: + metadata: + labels: + app: mongodb + spec: + containers: + - image: mongo:7.0.14 + imagePullPolicy: Always + name: mongodb + ports: + - containerPort: 27017 + protocol: TCP + envFrom: + - configMapRef: + name: mongodb + - secretRef: + name: mongodb + volumeMounts: + - name: mongodb-pvc + mountPath: /var/lib/mongodbql/data + restartPolicy: Always + volumes: + - name: config + configMap: + name: mongodb + - name: mongodb-pvc + persistentVolumeClaim: + claimName: mongodb-pvc diff --git a/scripts/init-mongodb.sh b/scripts/init-mongodb.sh new file mode 100755 index 00000000..463da473 --- /dev/null +++ b/scripts/init-mongodb.sh @@ -0,0 +1,61 @@ +#!/bin/sh +# Setup rabbitmq vhost and users +export NAMESPACE="faf-infra" + +# fail on errors +set -e + +. ./k8s-helpers.sh + +check_resource_exists_or_fail secret mongodb +check_resource_exists_or_fail statefulset mongodb +check_resource_exists_or_fail pod mongodb-0 + +ADMIN_USER=$(get_config_value mongodb MONGO_INITDB_ROOT_USERNAME) +ADMIN_PASSWORD=$(get_secret_value mongodb MONGO_INITDB_ROOT_PASSWORD) + +# Function to check if a user exists +user_exists() { + DATABASE=$1 + USERNAME=$2 + kubectl -n $NAMESPACE exec -i mongodb-0 -- mongo --quiet --username "$ADMIN_USER" --password "$ADMIN_PASSWORD" --authenticationDatabase admin --eval "db.getSiblingDB(\"$DATABASE\").getUser(\"$USERNAME\");" +} + +# Function to check if a database exists +database_exists() { + DATABASE=$1 + kubectl -n $NAMESPACE exec -i mongodb-0 -- mongo --quiet --username "$ADMIN_USER" --password "$ADMIN_PASSWORD" --authenticationDatabase admin --eval "db.getMongo().getDBs().databases.some(db => db.name == \"$DATABASE\");" + +} + +create_user_and_db() { + SERVICE_NAMESPACE=$1 + SERVICE_NAME=$2 + DB_USER=$(NAMESPACE=$SERVICE_NAMESPACE get_config_value "$SERVICE_NAME" "$3") + DB_PASSWORD=$(NAMESPACE=$SERVICE_NAMESPACE get_secret_value "$SERVICE_NAME" "$4") + DB_NAME=$(NAMESPACE=$SERVICE_NAMESPACE get_config_value "$SERVICE_NAME" "$5") + + # Create user if it does not exist + if user_exists "$DB_NAME" "$DB_USER"; then + echo "User $DB_USER already exists in db $DB_NAME. Skipping user creation." + else + kubectl -n $NAMESPACE exec -i mongodb-0 -- psql --username=mongodb -c "CREATE USER \"$DB_USER\" WITH PASSWORD '$DB_PASSWORD';" + echo "User $DB_USER created in db $DB_NAME." + fi + + # Create database if it does not exist + if database_exists "$DB_NAME"; then + echo "Database $DB_NAME already exists. Skipping database creation." + else + kubectl -n $NAMESPACE exec -i mongodb-0 -- psql --username=mongodb -c "CREATE DATABASE \"$DB_NAME\" OWNER \"$DB_USER\";" + echo "Database $DB_NAME created." + fi + + # Grant all privileges on the database to the user + kubectl -n $NAMESPACE exec -i mongodb-0 -- psql --username=mongodb -c "GRANT ALL PRIVILEGES ON DATABASE \"$DB_NAME\" TO \"$DB_USER\";" + echo "Granted all privileges on database $DB_NAME to user $DB_USER." +} + +create_user_and_db faf-apps wikijs DB_USER DB_PASS DB_NAME + +echo "All users and databases have been processed."