From eb0fed1378194d41c9834735c4d764408133d0f6 Mon Sep 17 00:00:00 2001
From: Robin Munn <rmunn@pobox.com>
Date: Thu, 27 Jun 2024 17:00:09 +0700
Subject: [PATCH] Kubernetes deployment now requires Mongo auth

The MONGO_INITDB_ROOT_USERNAME and MONGO_INITDB_ROOT_PASSWORD variables,
if they exist when the MongoDB container is started up, will be used to
tell MongoDB to start in auth-required mode. If there is an existing
database then the value of these env vars doesn't matter and the
usernames and passwords from the existing database will be used instead,
but if the database is empty then these two env vars are used to set up
an initial administrator account that can access and change anything,
and the DB setup scripts are then expected to create any other required
users. Since we now have authentication defined in Mongo, we can turn
this on by default and everything will continue to work.
---
 docker/deployment/base/db-deployment.yaml | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/docker/deployment/base/db-deployment.yaml b/docker/deployment/base/db-deployment.yaml
index 71d945541b..71225b81fc 100644
--- a/docker/deployment/base/db-deployment.yaml
+++ b/docker/deployment/base/db-deployment.yaml
@@ -69,6 +69,17 @@ spec:
             cpu: 0.1
           limits:
             memory: 400Mi
+        emv:
+          - name: MONGO_INITDB_ROOT_USERNAME
+            valueFrom:
+              secretKeyRef:
+                key: MONGODB_USER
+                name: mongo-auth
+          - name: MONGO_INITDB_ROOT_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                key: MONGODB_PASS
+                name: mongo-auth
         volumeMounts:
         - mountPath: /data/db
           name: data