Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Kubernetes deployment now requires Mongo auth #1826

Merged
merged 1 commit into from
Jul 4, 2024
Merged

Kubernetes deployment now requires Mongo auth #1826

merged 1 commit into from
Jul 4, 2024

Conversation

rmunn
Copy link
Collaborator

@rmunn rmunn commented Jun 27, 2024

This is a followup to #1813.

The MONGO_INITDB_ROOT_USERNAME and MONGO_INITDB_ROOT_PASSWORD variables, if they exist when the MongoDB container is started up, will be used to tell MongoDB to start in auth-required mode. If there is an existing database then the value of these env vars doesn't matter and the usernames and passwords from the existing database will be used instead, but if the database is empty then these two env vars are used to set up an initial administrator account that can access and change anything, and the DB setup scripts are then expected to create any other required users. Since we now have authentication defined in Mongo, we can turn this on by default and everything will continue to work.

This has already been done manually (via the Rancher control panel) on staging and production; this PR simply adds the required environment variables to the depoyment file so that if anyone runs make deploy-staging or make deploy-prod in the future, the deployment will not remove those environment variables.

@rmunn
Kubernetes deployment now requires Mongo auth
eb0fed1 
The MONGO_INITDB_ROOT_USERNAME and MONGO_INITDB_ROOT_PASSWORD variables,
if they exist when the MongoDB container is started up, will be used to
tell MongoDB to start in auth-required mode. If there is an existing
database then the value of these env vars doesn't matter and the
usernames and passwords from the existing database will be used instead,
but if the database is empty then these two env vars are used to set up
an initial administrator account that can access and change anything,
and the DB setup scripts are then expected to create any other required
users. Since we now have authentication defined in Mongo, we can turn
this on by default and everything will continue to work.
@rmunn rmunn self-assigned this Jun 27, 2024
@github-actions GitHub Actions
Copy link

Unit Test Results

362 tests   362 ✅  13s ⏱️
 37 suites    0 💤
  1 files      0 ❌

Results for commit eb0fed1.

@megahirt megahirt added the engineering Tasks which do not directly relate to a user-facing feature or fix label Jul 4, 2024
megahirt
megahirt approved these changes Jul 4, 2024
View reviewed changes
Copy link
Collaborator

@megahirt megahirt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@megahirt megahirt merged commit b595e67 into develop Jul 4, 2024
17 checks passed
@megahirt megahirt deleted the chore/deployment-sets-mongo-auth-on-startup branch July 4, 2024 03:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@megahirt megahirt megahirt approved these changes

Assignees

@rmunn rmunn

Labels
engineering Tasks which do not directly relate to a user-facing feature or fix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rmunn @megahirt