From b595e67f2543be77c4ba8ec5acc2f4efd53a6c9f Mon Sep 17 00:00:00 2001 From: Robin Munn Date: Thu, 4 Jul 2024 10:03:06 +0700 Subject: [PATCH] Kubernetes deployment now requires Mongo auth (#1826) The MONGO_INITDB_ROOT_USERNAME and MONGO_INITDB_ROOT_PASSWORD variables, if they exist when the MongoDB container is started up, will be used to tell MongoDB to start in auth-required mode. If there is an existing database then the value of these env vars doesn't matter and the usernames and passwords from the existing database will be used instead, but if the database is empty then these two env vars are used to set up an initial administrator account that can access and change anything, and the DB setup scripts are then expected to create any other required users. Since we now have authentication defined in Mongo, we can turn this on by default and everything will continue to work. This has already been done manually (via the Rancher control panel) on staging and production; this PR simply adds the required environment variables to the depoyment file so that if anyone runs make deploy-staging or make deploy-prod in the future, the deployment will not remove those environment variables. --- docker/deployment/base/db-deployment.yaml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/docker/deployment/base/db-deployment.yaml b/docker/deployment/base/db-deployment.yaml index 71d945541b..71225b81fc 100644 --- a/docker/deployment/base/db-deployment.yaml +++ b/docker/deployment/base/db-deployment.yaml @@ -69,6 +69,17 @@ spec: cpu: 0.1 limits: memory: 400Mi + emv: + - name: MONGO_INITDB_ROOT_USERNAME + valueFrom: + secretKeyRef: + key: MONGODB_USER + name: mongo-auth + - name: MONGO_INITDB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + key: MONGODB_PASS + name: mongo-auth volumeMounts: - mountPath: /data/db name: data