Add mongodb

Author: Brutus5000

apps/faf-icebreaker/templates/deployment.yaml

@@ -62,3 +62,5 @@ spec:
       volumes:
         - name: geolite-db
           emptyDir: {}
+      securityContext:
+        fsGroup: 1000

cluster/storage/values.yaml

@@ -43,6 +43,11 @@ managedStorages:
       size: 50Gi
     pvc:
       namespace: faf-apps
+  - pv:
+      name: mongodb
+      size: 20Gi
+    pvc:
+      namespace: faf-infra
   - pv:
       name: wordpress
       size: 10Gi
@@ -76,9 +81,6 @@ managedStorages:
 #  - name: mariadb
 #    namespace: faf-apps
 #    size: 20Gi
-#  - name: mongodb
-#    namespace: faf-apps
-#    size: 20Gi
 #    size: 10Gi
 #  - name: nodebb
 #    namespace: faf-apps

infra/mongodb/Chart.yaml

@@ -0,0 +1,3 @@
+apiVersion: v2
+name: mongodb
+version: 1.0.0

infra/mongodb/templates/config.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: mongodb
+  labels:
+    app: mongodb
+data:
+  MONGO_INITDB_ROOT_USERNAME: "root"

infra/mongodb/templates/secret.yaml

@@ -0,0 +1,19 @@
+apiVersion: secrets.infisical.com/v1alpha1
+kind: InfisicalSecret
+metadata:
+  name: mongodb
+  namespace: faf-infra
+spec:
+  authentication:
+    universalAuth:
+      credentialsRef:
+        secretName: infisical-machine-identity
+        secretNamespace: faf-ops
+      secretsScope:
+        projectSlug: {{.Values.infisical.projectSlug}}
+        envSlug: {{.Values.infisical.envSlug}}
+        secretsPath: "/mongodb"
+  managedSecretReference:
+    secretName: mongodb
+    secretNamespace: faf-infra
+    creationPolicy: "Owner"

infra/mongodb/templates/service.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: mongodb
+  labels:
+    app: mongodb
+spec:
+  selector:
+    app: mongodb
+  ports:
+    - port: 27017
+      targetPort: 27017

infra/mongodb/templates/statefulset.yaml

@@ -0,0 +1,41 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: mongodb
+  labels:
+    app: mongodb
+spec:
+  serviceName: mongodb
+  replicas: 1
+  revisionHistoryLimit: 10
+  selector:
+    matchLabels:
+      app: mongodb
+  template:
+    metadata:
+      labels:
+        app: mongodb
+    spec:
+      containers:
+        - image: mongo:7.0.14
+          imagePullPolicy: Always
+          name: mongodb
+          ports:
+            - containerPort: 27017
+              protocol: TCP
+          envFrom:
+            - configMapRef:
+                name: mongodb
+            - secretRef:
+                name: mongodb
+          volumeMounts:
+            - name: mongodb-pvc
+              mountPath: /var/lib/mongodbql/data
+      restartPolicy: Always
+      volumes:
+        - name: config
+          configMap:
+            name: mongodb
+        - name: mongodb-pvc
+          persistentVolumeClaim:
+            claimName: mongodb-pvc

scripts/init-mongodb.sh

@@ -0,0 +1,56 @@
+#!/bin/sh
+# Setup rabbitmq vhost and users
+export NAMESPACE="faf-infra"
+
+# fail on errors
+set -e
+
+. ./k8s-helpers.sh
+
+check_resource_exists_or_fail secret mongodb
+check_resource_exists_or_fail statefulset mongodb
+check_resource_exists_or_fail pod mongodb-0
+
+ADMIN_USER=$(get_config_value mongodb MONGO_INITDB_ROOT_USERNAME)
+ADMIN_PASSWORD=$(get_secret_value mongodb MONGO_INITDB_ROOT_PASSWORD)
+
+run_mongo_query() {
+  kubectl -n $NAMESPACE exec -i mongodb-0 -- mongosh --quiet --username "$ADMIN_USER" --password "$ADMIN_PASSWORD" --authenticationDatabase admin --eval "$1"
+}
+
+# Function to check if a user exists
+user_exists() {
+    DATABASE=$1
+    USERNAME=$2
+    RESULT=$(run_mongo_query "db.getSiblingDB(\"$DATABASE\").getUser(\"$USERNAME\");")
+
+    if [ "$RESULT" != "null" ]; then
+        return 0  # User exists (true)
+    else
+        return 1  # User does not exist (false)
+    fi
+}
+
+create_user_and_db() {
+    SERVICE_NAMESPACE=$1
+    SERVICE_NAME=$2
+    DB_USER=$(NAMESPACE=$SERVICE_NAMESPACE get_config_value "$SERVICE_NAME" "$3")
+    DB_PASSWORD=$(NAMESPACE=$SERVICE_NAMESPACE get_secret_value "$SERVICE_NAME" "$4")
+    DB_NAME=$(NAMESPACE=$SERVICE_NAMESPACE get_config_value "$SERVICE_NAME" "$5")
+
+    # Create user if it does not exist
+    if user_exists "$DB_NAME" "$DB_USER"; then
+        echo "User $DB_USER already exists in db $DB_NAME. Skipping user creation."
+    else
+        run_mongo_query <<MONGODB_SCRIPT
+use ${MONGO_NODEBB_DATABASE};
+db.createUser( { user: "${DB_USER}", pwd: "${DB_PASSWORD}", roles: [ "readWrite" ] } );
+db.grantRolesToUser("${DB_NAME}",[{ role: "clusterMonitor", db: "admin" }]);
+MONGODB_SCRIPT
+        echo "User $DB_USER created in db $DB_NAME."
+    fi
+}
+
+create_user_and_db faf-apps wikijs DB_USER DB_PASS DB_NAME
+
+echo "All users and databases have been processed."