securely connect to mongodb service (#25)

fixes #60
vmware-tanzu · Nov 29, 2017 · 0185f57 · 0185f57
1 parent 2764e4d
commit 0185f57
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 9 deletions.
diff --git a/kubeapps-dashboard-values.yaml b/kubeapps-dashboard-values.yaml
@@ -7,7 +7,7 @@ api:
  replicaCount: 1
  image:
  repository: bitnami/monocular-api
- tag: v0.5.4
+ tag: v0.6.1
  pullPolicy: IfNotPresent
  auth:
  signingKey: secret

diff --git a/kubeapps-dashboard.jsonnet b/kubeapps-dashboard.jsonnet
@@ -57,11 +57,12 @@ local serviceDeployFromValues(parentName, componentName, values) = {
 
 {
  namespace:: {metadata+: {namespace: "kubeapps"}},
- mongodb:: error "a mongodb service is required",
+ mongodb_svc:: error "a mongodb service is required",
+ mongodb_secret:: error "a mongodb secret is required",
  values:: valuesDefault,
 
  local name = labels.app,
- local mongoDbHost = "%s.%s" % [$.mongodb.metadata.name, $.mongodb.metadata.namespace],
+ local mongoDbHost = "%s.%s" % [$.mongodb_svc.metadata.name, $.mongodb_svc.metadata.namespace],
 
  ingress: kube.Ingress(name) + $.namespace {
  metadata+: {
@@ -100,7 +101,6 @@ local serviceDeployFromValues(parentName, componentName, values) = {
  data: {
  monocular_yaml:: $.values.api.config {
  mongodb: {
- host: "%s:%d" % [mongoDbHost, $.mongodb.spec.ports[0].port],
  database: "monocular",
  },
  tillerHost: "localhost:44134",
@@ -118,8 +118,13 @@ local serviceDeployFromValues(parentName, componentName, values) = {
  serviceAccountName: $.tillerServiceAccount.metadata.name,
  containers_+: {
  default+: {
+ command: ["monocular"],
+ args_: {
+ "mongo-url": "root:$(MONGODB_ROOT_PASSWORD)@%s" % [mongoDbHost],
+ },
  env_+: {
  MONOCULAR_HOME: "/monocular",
+ MONGODB_ROOT_PASSWORD: kube.SecretKeyRef($.mongodb_secret, "mongodb-root-password"),
  },
  livenessProbe: {
  httpGet: {

diff --git a/kubeapps.jsonnet b/kubeapps.jsonnet
@@ -49,7 +49,8 @@ local tls = false;
 
  dashboard: (import "kubeapps-dashboard.jsonnet") + {
  namespace:: $.namespace,
- mongodb:: $.mongodb.svc,
+ mongodb_svc:: $.mongodb.svc,
+ mongodb_secret:: $.mongodb.secret,
  ingress:: null,
  values+: {
  api+: {

diff --git a/mongodb.jsonnet b/mongodb.jsonnet
@@ -8,7 +8,6 @@ local labels = {app: "mongodb"};
  secret:: kube.Secret("mongodb") + $.namespace {
  metadata+: {labels+: labels},
  data_+: {
- "mongodb-password": error "Value provided elsewhere",
  "mongodb-root-password": error "Value provided elsewhere",
  },
  },
@@ -32,9 +31,6 @@ local labels = {app: "mongodb"};
  image: "bitnami/mongodb:3.4.9-r1",
  env_+: {
  MONGODB_ROOT_PASSWORD: kube.SecretKeyRef($.secret, "mongodb-root-password"),
- MONGODB_PASSWORD: kube.SecretKeyRef($.secret, "mongodb-password"),
- MONGODB_USERNAME: "",
- MONGODB_DATABASE: "",
  },
  ports_+: {
  mongodb: {containerPort: 27017},