From 0a2200f35ea48f39151588bf4da155726b5d10b9 Mon Sep 17 00:00:00 2001
From: Xinzhao Xu <xuxinzhao@caicloud.io>
Date: Wed, 13 Jan 2021 14:21:09 +0800
Subject: [PATCH] feat(*): enable access control (#21)

---
 .../infra-mongo/templates/statefulset.yaml    | 41 ++++++++++++++-----
 1 file changed, 31 insertions(+), 10 deletions(-)

diff --git a/manifests/infra-mongo/templates/statefulset.yaml b/manifests/infra-mongo/templates/statefulset.yaml
index d28bf1a..6d50650 100644
--- a/manifests/infra-mongo/templates/statefulset.yaml
+++ b/manifests/infra-mongo/templates/statefulset.yaml
@@ -33,20 +33,29 @@ spec:
       - name: {{ .Chart.Name }}
         image: {{ include "common.images.image" (dict "context" $ "repository" .Values.platformConfig.imageRepositoryLibrary "imageRoot" .Values.image) | quote }}
         imagePullPolicy: {{ default "Always" .Values.platformConfig.imagePullPolicy | quote }}
-        {{- if .Values.command }}
-        command: {{- include "common.tplvalues.render" ( dict "value" .Values.command "context" $) | nindent 8 }}
-        {{- else }}
-        command:
-        - "mongod"
-        {{- end }}
+        env:
+        - name: MONGO_INITDB_ROOT_USERNAME
+          valueFrom:
+            secretKeyRef:
+              name: mongo-config
+              key: user
+        - name: MONGO_INITDB_ROOT_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: mongo-config
+              key: password
         {{- if .Values.args }}
         args: {{- include "common.tplvalues.render" ( dict "value" .Values.args "context" $) | nindent 8 }}
         {{- else }}
         args:
-        - "--replSet"
-        - "rs0"
-        - "--bind_ip"
-        - "0.0.0.0"
+        - --replSet
+        - rs0
+        - --bind_ip
+        - 0.0.0.0
+        - --clusterAuthMode
+        - keyFile
+        - --keyFile
+        - /data/config/mongodb-keyfile
         {{- end }}
         {{- if .Values.serverPort }}
         ports:
@@ -73,6 +82,18 @@ spec:
           value: {{ .Values.serverPort | quote }}
         - name: "KUBERNETES_MONGO_SERVICE_NAME"
           value: {{ .Values.serviceName | quote }}
+        - name: MONGODB_USERNAME
+          valueFrom:
+            secretKeyRef:
+              name: mongo-config
+              key: user
+        - name: MONGODB_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: mongo-config
+              key: password
+        - name: MONGODB_DATABASE
+          value: admin
         {{- if .Values.sidecar.resources }}
         resources: {{- toYaml .Values.sidecar.resources | nindent 10 }}
         {{- end }}