Skip to content

Commit

Permalink
Feature: Add support for mysql (#74)
Browse files Browse the repository at this point in the history 
* chore: add mysql to subchart

* feat: Add custom MySQL Values

* feat: When mysql.enable is true, internal SQLite is disabled

* feat: Add database-secrets for MySQL

* feat: Modify the deployment for MySQL

* feat: Add the Coturn schema to the initdb scripts

* fix: Add the initdb script for PostgreSQL to custom values

* feat: Add a custom Value for setting the database-secret key

* refactor: Use the secret values when checking the MySQL startup

* fix: Add a newline between extra-configmap and lt-cred-mech

It was written as "verboselt-cred-mech" because there was no newline, so it has been corrected.

* fix: Modify the image for checking the database startup to template

* feat: Support for externalDatabase in MySQL

* docs: Add MySQL chart usage
  • Loading branch information
@CASL0
CASL0 authored Mar 27, 2024
1 parent 2f83f1d commit 4a11308
Show file tree
Hide file tree
Showing 11 changed files with 263 additions and 18 deletions.
58 changes: 58 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -143,6 +143,64 @@ postgresql:
enabled: false
```

### Bundled MySQL subchart
We provide optional Bitnami MySQL subchart to deploy an external database. You can use it like this:

```yaml
mysql:
enabled: true
auth:
# -- username for database, ignored if existingSecret is passed in
username: "coturn"
# -- password for db, autogenerated if empty & existingSecret empty
password: "mycoolpasswordthatisplaintextforsomereason"
# -- database to create, ignored if existingSecret is passed in
database: "coturn"
# -- Use existing secret for password details.
# The secret has to contain the keys mysql-root-password, mysql-replication-password and mysql-password
existingSecret: ""
# Names of the keys in existing secret to use for MySQL credentials
secretKeys:
# -- key in exsiting Secret to use for the coturn user
username: "username"
# -- key in existing Secret to use for coturn user's password
password: "password"
```

You're free to use any other values you find in the [Bitnami mysql helm values](https://github.com/bitnami/charts/tree/main/bitnami/mysql) under the `mysql` parameter in your values.yaml for coturn.

### External MySQL database
If `externalDatabase.enabled` is set to `true`, and `mysql.enabled` is set to false, you can pass in credentials from an existing mysql database, like this:

```yaml
externalDatabse:
enabled: true
# -- Currently postgresql and mysql are supported.
type: "mysql"
# -- required if externalDatabase.enabled: true and mysql.enabled: false
hostname: "mysqlserver"
# -- username for database, ignored if existingSecret is passed in
username: "coturn"
# -- password for database, ignored if existingSecret is passed in
password: "coolpasswordfordogs"
# -- database to create, ignored if existingSecret is passed in
database: "coturn"
# -- name of existing Secret to use for mysql credentials
existingSecret: ""
# Names of the keys in existing secret to use for MySQL credentials
secretKeys:
# -- key in existing Secret to use for the db user
username: ""
# -- key in existing Secret to use for db user's password
password: ""
# -- key in existing Secret to use for the database name
database: ""
# -- key in existing Secret to use for the db's hostname
hostname: ""
mysql:
enabled: false
```

## Testing

Source: [Tutorial for turnutils_uclient and Coturn server](https://gist.github.com/cameronelliott/be1e581cb7b28f748e04bcabc249e6b6)
Expand Down
7 changes: 5 additions & 2 deletions charts/coturn/Chart.lock
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,5 +2,8 @@ dependencies:
- name: postgresql
repository: oci://registry-1.docker.io/bitnamicharts
version: 12.9.0
digest: sha256:db1a2162aacabf79c87e69824fff1257784c25ec1ca50ada5ad6c22d3343ba52
generated: "2023-09-04T08:35:26.263041096+02:00"
- name: mysql
repository: oci://registry-1.docker.io/bitnamicharts
version: 9.16.1
digest: sha256:ec1829403d0fae04c3f8f8de1afc32a87a11cfe2c6f6e30a6d55beca39109b4b
generated: "2024-01-14T15:04:22.9580318+09:00"
4 changes: 4 additions & 0 deletions charts/coturn/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,3 +20,7 @@ dependencies:
version: 12.9.0
repository: oci://registry-1.docker.io/bitnamicharts
condition: postgresql.enabled
- name: mysql
version: 9.16.1
repository: oci://registry-1.docker.io/bitnamicharts
condition: mysql.enabled
16 changes: 13 additions & 3 deletions charts/coturn/README.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# coturn

![Version: 4.2.2](https://img.shields.io/badge/Version-4.2.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 4.6.2](https://img.shields.io/badge/AppVersion-4.6.2-informational?style=flat-square)
![Version: 4.3.0](https://img.shields.io/badge/Version-4.3.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 4.6.2](https://img.shields.io/badge/AppVersion-4.6.2-informational?style=flat-square)

A Helm chart to deploy coturn

Expand All @@ -20,6 +20,7 @@ A Helm chart to deploy coturn

| Repository | Name | Version |
|------------|------|---------|
| oci://registry-1.docker.io/bitnamicharts | mysql | 9.16.1 |
| oci://registry-1.docker.io/bitnamicharts | postgresql | 12.9.0 |

## Values
Expand Down Expand Up @@ -51,12 +52,20 @@ A Helm chart to deploy coturn
| externalDatabase.secretKeys.hostname | string | `""` | key in existing Secret to use for the db's hostname |
| externalDatabase.secretKeys.password | string | `""` | key in existing Secret to use for db user's password |
| externalDatabase.secretKeys.username | string | `""` | key in existing Secret to use for the db user |
| externalDatabase.type | string | `"postgresql"` | Currently only postgresql is supported. mysql coming soon |
| externalDatabase.type | string | `"postgresql"` | Currently postgresql and mysql are supported. |
| externalDatabase.username | string | `""` | username for database, ignored if existingSecret is passed in |
| image.pullPolicy | string | `"IfNotPresent"` | image pull policy, set to Always if using image.tag: latest |
| image.repository | string | `"coturn/coturn"` | container registry and repo for coturn docker image |
| image.tag | string | `""` | docker tag for coturn server |
| labels | object | `{"component":"coturn"}` | Coturn specific labels |
| mysql.auth.database | string | `"coturn"` | database to create, ignored if existingSecret is passed in |
| mysql.auth.existingSecret | string | `""` | Use existing secret for password details. The secret has to contain the keys mysql-root-password, mysql-replication-password and mysql-password |
| mysql.auth.password | string | `""` | password for db, autogenerated if empty & existingSecret empty |
| mysql.auth.secretKeys.password | string | `"password"` | key in existing Secret to use for coturn user's password |
| mysql.auth.secretKeys.username | string | `"username"` | key in exsiting Secret to use for the coturn user |
| mysql.auth.username | string | `"coturn"` | username for database, ignored if existingSecret is passed in |
| mysql.enabled | bool | `false` | enables bitnami mysql subchart, you can disable to use external db |
| mysql.initdbScriptsConfigMap | string | `"initdb-scripts-config"` | ConfigMap with the initdb scripts (Note: Overrides initdbScripts) |
| nameOverride | string | `""` | different name for the helm release |
| persistence.accessMode | string | `"ReadWriteOnce"` | access mode for the PVC, ignored if persistence.existingClaim passed in |
| persistence.annotations | object | `{}` | annotations for the PVC, ignored if persistence.existingClaim passed in |
Expand All @@ -73,6 +82,7 @@ A Helm chart to deploy coturn
| postgresql.global.postgresql.auth.secretKeys.userPasswordKey | string | `"password"` | key in existing Secret to use for coturn user's password |
| postgresql.global.postgresql.auth.secretKeys.username | string | `"username"` | key in exsiting Secret to use for the coturn user |
| postgresql.global.postgresql.auth.username | string | `"coturn"` | username for database, ignored if existingSecret is passed in |
| postgresql.primary.initdb.scriptsConfigMap | string | `"initdb-scripts-config"` | ConfigMap with scripts to be run at first boot |
| replicas | int | `1` | |
| resources | object | `{}` | ref: kubernetes.io/docs/concepts/configuration/manage-resources-containers |
| securityContext.allowPrivilegeEscalation | bool | `true` | allow priviledged access |
Expand All @@ -86,4 +96,4 @@ A Helm chart to deploy coturn
| service.type | string | `"ClusterIP"` | The type of service to deploy for routing Coturn traffic. ClusterIP: Recommended for DaemonSet configurations. This will create a standard Kubernetes service for Coturn within the cluster. No external networking will be configured as the DaemonSet will handle binding to each Node's host networking NodePort: Recommended for Deployment configurations. This will open TURN ports on every node and route traffic on these ports to the Coturn pods. You will need to make sure your cloud provider supports the cluster config setting, apiserver.service-node-port-range, as this range must contain the ports defined above for the service to be created. LoadBalancer: This was what was originally set for this chart in the upstream of this fork, but with no details |

----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)
Autogenerated from chart metadata using [helm-docs v1.12.0](https://github.com/norwoodj/helm-docs/releases/v1.12.0)
Binary file added charts/coturn/charts/mysql-9.16.1.tgz
View file
Binary file not shown.
24 changes: 24 additions & 0 deletions charts/coturn/templates/_helpers.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,3 +50,27 @@ Helper function to get the coturn secret containing admin coturn credentials
{{ .Release.Name }}-auth-secret
{{- end }}
{{- end }}

{{- define "db.isReady.image.repository" -}}
{{- if and .Values.externalDatabase.enabled (eq .Values.externalDatabase.type "postgresql") -}}
postgres
{{- else if and .Values.externalDatabase.enabled (eq .Values.externalDatabase.type "mysql") -}}
mysql
{{- else if .Values.postgresql.enabled -}}
{{ .Values.postgresql.image.repository }}
{{- else if .Values.mysql.enabled -}}
{{ .Values.mysql.image.repository }}
{{- end -}}
{{- end -}}

{{- define "db.isReady.image.tag" -}}
{{- if and .Values.externalDatabase.enabled (eq .Values.externalDatabase.type "postgresql") -}}
15-alpine
{{- else if and .Values.externalDatabase.enabled (eq .Values.externalDatabase.type "mysql") -}}
8.0.35
{{- else if .Values.postgresql.enabled -}}
{{ .Values.postgresql.image.tag }}
{{- else if .Values.mysql.enabled -}}
{{ .Values.mysql.image.tag }}
{{- end -}}
{{- end -}}
63 changes: 63 additions & 0 deletions charts/coturn/templates/configmap-initdb-scripts.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: initdb-scripts-config
labels:
{{ include "labels" . | nindent 4 }}
data:
schema.sql: |
CREATE TABLE turnusers_lt (
realm varchar(127) default '',
name varchar(512),
hmackey char(128),
PRIMARY KEY (realm,name)
);
CREATE TABLE turn_secret (
realm varchar(127) default '',
value varchar(256),
primary key (realm,value)
);
CREATE TABLE allowed_peer_ip (
realm varchar(127) default '',
ip_range varchar(256),
primary key (realm,ip_range)
);
CREATE TABLE denied_peer_ip (
realm varchar(127) default '',
ip_range varchar(256),
primary key (realm,ip_range)
);
CREATE TABLE turn_origin_to_realm (
origin varchar(127),
realm varchar(127),
primary key (origin)
);
CREATE TABLE turn_realm_option (
realm varchar(127) default '',
opt varchar(32),
value varchar(128),
primary key (realm,opt)
);
CREATE TABLE oauth_key (
kid varchar(128),
ikm_key varchar(256),
timestamp bigint default 0,
lifetime integer default 0,
as_rs_alg varchar(64) default '',
realm varchar(127),
primary key (kid)
);
CREATE TABLE admin_user (
name varchar(32),
realm varchar(127),
password varchar(127),
primary key (name)
);
2 changes: 1 addition & 1 deletion charts/coturn/templates/configmap.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,6 @@ data:
pidfile: "/var/tmp/turnserver.pid"
pkey: "/tls/tls.key"
cert: "/tls/tls.crt"
{{- if and (not .Values.externalDatabase.enabled) (not .Values.postgresql.enabled) }}
{{- if and (not .Values.externalDatabase.enabled) (not .Values.postgresql.enabled) (not .Values.mysql.enabled) }}
userdb: "/var/db/turndb"
{{- end }}
11 changes: 9 additions & 2 deletions charts/coturn/templates/database-secret.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ If the user has enabled the postgresql subchart or passed in an external
Database with plain text credentials, we create a secret with those credentials
to
*/}}
{{- if or .Values.postgresql.enabled .Values.externalDatabase.enabled }}
{{- if or .Values.postgresql.enabled .Values.mysql.enabled .Values.externalDatabase.enabled }}
{{- if and (not .Values.postgresql.global.postgresql.auth.existingSecret) (not .Values.externalDatabase.existingSecret) }}
apiVersion: v1
kind: Secret
Expand All @@ -20,8 +20,15 @@ data:
{{- else }}
password: {{ .Values.postgresql.global.postgresql.auth.password | b64enc | quote }}
{{- end }}
{{- else if .Values.mysql.enabled }}
database: {{ .Values.mysql.auth.database | b64enc | quote }}
username: {{ .Values.mysql.auth.username | b64enc | quote }}
{{- if not .Values.mysql.auth.password }}
password: {{ randAlphaNum 24 | b64enc | quote }}
{{- else }}
password: {{ .Values.mysql.auth.password | b64enc | quote }}
{{- end }}
{{- if and .Values.externalDatabase.enabled (not .Values.postgresql.enabled) }}
{{- else if .Values.externalDatabase.enabled }}
hostname: {{ .Values.externalDatabase.hostname | b64enc | quote }}
database: {{ .Values.externalDatabase.database | b64enc | quote }}
username: {{ .Values.externalDatabase.username | b64enc | quote }}
Expand Down
65 changes: 56 additions & 9 deletions charts/coturn/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,9 +27,9 @@ spec:
add: {{ .Values.securityContext.capabilities.add }}
drop: {{ .Values.securityContext.capabilities.drop }}
initContainers:
{{- if .Values.postgresql.enabled }}
{{- if or .Values.postgresql.enabled (and .Values.externalDatabase.enabled (eq .Values.externalDatabase.type "postgresql")) }}
- name: postgresql-isready
image: {{ .Values.postgresql.image.repository }}:{{ .Values.postgresql.image.tag }}
image: {{ include "db.isReady.image.repository" . }}:{{ include "db.isReady.image.tag" . }}
env:
- name: POSTGRES_USER
valueFrom:
Expand All @@ -53,6 +53,41 @@ spec:
- "sh"
- "-c"
- "until pg_isready -h $DATABASE_HOSTNAME -U $POSTGRES_USER ; do sleep 2 ; done"
{{- else if or .Values.mysql.enabled (and .Values.externalDatabase.enabled (eq .Values.externalDatabase.type "mysql")) }}
- name: mysql-isready
image: {{ include "db.isReady.image.repository" . }}:{{ include "db.isReady.image.tag" . }}
env:
- name: MYSQL_USER
valueFrom:
secretKeyRef:
name: {{ include "database.secretName" . }}
{{- if and .Values.externalDatabase.enabled .Values.externalDatabase.secretKeys.username }}
key: {{ .Values.externalDatabase.secretKeys.username }}
{{ else }}
key: {{ .Values.mysql.auth.secretKeys.username }}
{{ end }}
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "database.secretName" . }}
{{- if and .Values.externalDatabase.enabled .Values.externalDatabase.secretKeys.password }}
key: {{ .Values.externalDatabase.secretKeys.password }}
{{ else }}
key: {{ .Values.mysql.auth.secretKeys.password }}
{{ end }}
- name: DATABASE_HOSTNAME
{{- if and .Values.externalDatabase.enabled .Values.externalDatabase.secretKeys.hostname }}
valueFrom:
secretKeyRef:
name: {{ include "database.secretName" . }}
key: {{ .Values.externalDatabase.secretKeys.hostname }}
{{ else }}
value: {{ template "mysql.primary.fullname" .Subcharts.mysql }}
{{- end }}
command:
- "sh"
- "-c"
- "until mysql -h $DATABASE_HOSTNAME -u $MYSQL_USER -p$MYSQL_PASSWORD -e 'SELECT VERSION();' ; do sleep 2 ; done"
{{- end }}
- name: add-secret-values-to-config
image: "mikefarah/yq:latest"
Expand All @@ -72,42 +107,50 @@ spec:
secretKeyRef:
name: {{ include "coturn.auth.secretName" . }}
key: {{ .Values.coturn.auth.secretKeys.password }}
{{- if or .Values.externalDatabase.enabled .Values.postgresql.enabled }}
{{- if or .Values.externalDatabase.enabled .Values.postgresql.enabled .Values.mysql.enabled }}
- name: DATABASE_HOSTNAME
{{- if and .Values.externalDatabase.enabled .Values.externalDatabase.secretKeys.hostname }}
valueFrom:
secretKeyRef:
name: {{ include "database.secretName" . }}
key: {{ .Values.externalDatabase.secretKeys.hostname }}
{{ else }}
{{ else if .Values.postgresql.enabled }}
value: {{ template "postgresql.primary.fullname" .Subcharts.postgresql }}
{{ else if .Values.mysql.enabled }}
value: {{ template "mysql.primary.fullname" .Subcharts.mysql }}
{{- end }}
- name: DATABASE_USER
valueFrom:
secretKeyRef:
name: {{ include "database.secretName" . }}
{{- if and .Values.externalDatabase.enabled .Values.externalDatabase.secretKeys.username }}
key: {{ .Values.externalDatabase.secretKeys.username }}
{{ else }}
{{ else if .Values.postgresql.enabled }}
key: {{ .Values.postgresql.global.postgresql.auth.secretKeys.username }}
{{ else if .Values.mysql.enabled }}
key: username
{{- end }}
- name: DATABASE_PASS
valueFrom:
secretKeyRef:
name: {{ include "database.secretName" . }}
{{- if and .Values.externalDatabase.enabled .Values.externalDatabase.secretKeys.password }}
key: {{ .Values.externalDatabase.secretKeys.password }}
{{ else }}
{{ else if .Values.postgresql.enabled }}
key: {{ .Values.postgresql.global.postgresql.auth.secretKeys.userPasswordKey }}
{{ else if .Values.mysql.enabled }}
key: password
{{- end }}
- name: DATABASE
valueFrom:
secretKeyRef:
name: {{ include "database.secretName" . }}
{{- if and .Values.externalDatabase.enabled .Values.externalDatabase.secretKeys.database }}
key: {{ .Values.externalDatabase.secretKeys.database }}
{{ else }}
{{ else if .Values.postgresql.enabled }}
key: {{ .Values.postgresql.global.postgresql.auth.secretKeys.database }}
{{ else if .Values.mysql.enabled }}
key: database
{{- end }}
{{- end }}
command:
Expand All @@ -117,12 +160,16 @@ spec:
cp /initial/turnserver.conf /data/turnserver.yaml && \
export USER_STR="$USER:$PASSWORD" && \
yq eval -i '.user = env(USER_STR)' /data/turnserver.yaml && \
{{- if or (and .Values.externalDatabase.enabled (eq .Values.externalDatabase.type "postgresql")) .Values.postgresql.enabled }}
export CONNECTION_STRING="host=$DATABASE_HOSTNAME dbname=$DATABASE user=$DATABASE_USER password=$DATABASE_PASS connect_timeout=30" && \
{{- if or .Values.externalDatabase.enabled .Values.postgresql.enabled }}
yq eval '.psql-userdb = env(CONNECTION_STRING)' /data/turnserver.yaml && \
yq eval -i '.psql-userdb = env(CONNECTION_STRING)' /data/turnserver.yaml && \
{{- else if or (and .Values.externalDatabase.enabled (eq .Values.externalDatabase.type "mysql")) .Values.mysql.enabled }}
export CONNECTION_STRING="host=$DATABASE_HOSTNAME dbname=$DATABASE user=$DATABASE_USER password=$DATABASE_PASS port=3306 connect_timeout=10 read_timeout=10" && \
yq eval -i '.mysql-userdb = env(CONNECTION_STRING)' /data/turnserver.yaml && \
{{- end }}
sed -i 's/: /=/' /data/turnserver.yaml && \
cat /extra/turnserver.conf >> /data/turnserver.yaml && \
echo '' >> /data/turnserver.yaml && \
echo 'lt-cred-mech' >> /data/turnserver.yaml && \
mv /data/turnserver.yaml /data/turnserver.conf
volumeMounts:
Expand Down
Loading

0 comments on commit 4a11308

Please sign in to comment.