init commit

2025-09-30 13:22:00 +02:00
commit 2f149e0e7d
14 changed files with 355 additions and 0 deletions
--- a/helm/templates/credentials/job.yaml
+++ b/helm/templates/credentials/job.yaml
@@ -0,0 +1,51 @@
+{{- if .Values.initJob.enabled }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ include "unifi.credentials.name" . }}
+  labels:
+    {{- include "unifi.labels" . | nindent 4 }}
+spec:
+  template:
+    metadata:
+      name: {{ include "unifi.credentials.name" . }}
+      labels:
+        app.kubernetes.io/name: {{ include "unifi.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+    spec:
+      restartPolicy: OnFailure
+      containers:
+        - name: mongo-init
+          image: "{{ .Values.initJob.image.repository }}:{{ .Values.initJob.image.tag }}"
+          imagePullPolicy: {{ .Values.initJob.image.pullPolicy }}
+          envFrom:
+            - secretRef:
+                name: {{ include "unifi.credentials.name.secret" . }}
+          command:
+            - bash
+            - -c
+            - |
+              # Wait until MongoDB is ready
+              until mongosh "mongodb://$MONGO_ROOT_USERNAME:$MONGO_ROOT_PASSWORD@{{ .Values.mongo.hostname }}:{{ .Values.mongo.port }}/admin" --eval "db.adminCommand('ping')" > /dev/null 2>&1; do
+                echo "Waiting for MongoDB..."
+                sleep 5
+              done
+
+              mongosh "mongodb://$MONGO_ROOT_USERNAME:$MONGO_ROOT_PASSWORD@{{ .Values.mongo.hostname }}:{{ .Values.mongo.port }}/admin" --eval "
+                db = db.getSiblingDB('admin');
+                if (!db.getUser('{{ .Values.mongo.username }}')) {
+                  print('Creating user: {{ .Values.mongo.username }}');
+                  db.createUser({
+                    user: '{{ .Values.mongo.username }}',
+                    pwd: '{{ .Values.mongo.password }}',
+                    roles: [
+                      { db: '{{ .Values.mongo.database }}', role: 'dbOwner' },
+                      { db: '{{ .Values.mongo.database }}_stat', role: 'dbOwner' },
+                      { db: '{{ .Values.mongo.database }}_audit', role: 'dbOwner' }
+                    ]
+                  });
+                } else {
+                  print('User already exists, skipping');
+                }
+              "
+{{- end }}
--- a/helm/templates/credentials/secret.yaml
+++ b/helm/templates/credentials/secret.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.initJob.enabled }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "unifi.credentials.name.secret" . }}
+  labels:
+    {{- include "unifi.labels" . | nindent 4 }}
+type: Opaque
+stringData:
+  MONGO_ROOT_PASSWORD: "{{ .Values.mongodb.auth.rootPassword }}"
+  MONGO_ROOT_USERNAME: "{{ .Values.mongodb.auth.rootUsername }}"
+{{- end }}