Feature: Add support for mysql

README.md

@@ -143,6 +143,64 @@ postgresql:
   enabled: false
 ```
 
+### Bundled MySQL subchart
+We provide optional Bitnami MySQL subchart to deploy an external database. You can use it like this:
+
+```yaml
+mysql:
+  enabled: true
+  auth:
+    # -- username for database, ignored if existingSecret is passed in
+    username: "coturn"
+    # -- password for db, autogenerated if empty & existingSecret empty
+    password: "mycoolpasswordthatisplaintextforsomereason"
+    # -- database to create, ignored if existingSecret is passed in
+    database: "coturn"
+    # -- Use existing secret for password details. 
+    # The secret has to contain the keys mysql-root-password, mysql-replication-password and mysql-password
+    existingSecret: ""
+    # Names of the keys in existing secret to use for MySQL credentials
+    secretKeys:
+      # -- key in exsiting Secret to use for the coturn user
+      username: "username"
+      # -- key in existing Secret to use for coturn user's password
+      password: "password"
+```
+
+You're free to use any other values you find in the [Bitnami mysql helm values](https://github.com/bitnami/charts/tree/main/bitnami/mysql) under the `mysql` parameter in your values.yaml for coturn.
+
+### External MySQL database
+If `externalDatabase.enabled` is set to `true`, and `mysql.enabled` is set to false, you can pass in credentials from an existing mysql database, like this:
+
+```yaml
+externalDatabse:
+  enabled: true
+  # -- Currently postgresql and mysql are supported.
+  type: "mysql"
+  # -- required if externalDatabase.enabled: true and mysql.enabled: false
+  hostname: "mysqlserver"
+  # -- username for database, ignored if existingSecret is passed in
+  username: "coturn"
+  # -- password for database, ignored if existingSecret is passed in
+  password: "coolpasswordfordogs"
+  # -- database to create, ignored if existingSecret is passed in
+  database: "coturn"
+  # -- name of existing Secret to use for mysql credentials
+  existingSecret: ""
+  # Names of the keys in existing secret to use for MySQL credentials
+  secretKeys:
+    # -- key in existing Secret to use for the db user
+    username: ""
+    # -- key in existing Secret to use for db user's password
+    password: ""
+    # -- key in existing Secret to use for the database name
+    database: ""
+    # -- key in existing Secret to use for the db's hostname
+    hostname: ""
+mysql:
+  enabled: false
+```
+
 ## Testing
 
 Source: [Tutorial for turnutils_uclient and Coturn server](https://gist.github.com/cameronelliott/be1e581cb7b28f748e04bcabc249e6b6)

charts/coturn/Chart.lock

@@ -2,5 +2,8 @@ dependencies:
 - name: postgresql
   repository: oci://registry-1.docker.io/bitnamicharts
   version: 12.9.0
-digest: sha256:db1a2162aacabf79c87e69824fff1257784c25ec1ca50ada5ad6c22d3343ba52
-generated: "2023-09-04T08:35:26.263041096+02:00"
+- name: mysql
+  repository: oci://registry-1.docker.io/bitnamicharts
+  version: 9.16.1
+digest: sha256:ec1829403d0fae04c3f8f8de1afc32a87a11cfe2c6f6e30a6d55beca39109b4b
+generated: "2024-01-14T15:04:22.9580318+09:00"

charts/coturn/Chart.yaml

@@ -20,3 +20,7 @@ dependencies:
     version: 12.9.0
     repository: oci://registry-1.docker.io/bitnamicharts
     condition: postgresql.enabled
+  - name: mysql
+    version: 9.16.1
+    repository: oci://registry-1.docker.io/bitnamicharts
+    condition: mysql.enabled

charts/coturn/README.md

@@ -1,6 +1,6 @@
 # coturn
 
-![Version: 4.2.2](https://img.shields.io/badge/Version-4.2.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 4.6.2](https://img.shields.io/badge/AppVersion-4.6.2-informational?style=flat-square)
+![Version: 4.3.0](https://img.shields.io/badge/Version-4.3.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 4.6.2](https://img.shields.io/badge/AppVersion-4.6.2-informational?style=flat-square)
 
 A Helm chart to deploy coturn
 
@@ -20,6 +20,7 @@ A Helm chart to deploy coturn
 
 | Repository | Name | Version |
 |------------|------|---------|
+| oci://registry-1.docker.io/bitnamicharts | mysql | 9.16.1 |
 | oci://registry-1.docker.io/bitnamicharts | postgresql | 12.9.0 |
 
 ## Values
@@ -51,12 +52,20 @@ A Helm chart to deploy coturn
 | externalDatabase.secretKeys.hostname | string | `""` | key in existing Secret to use for the db's hostname |
 | externalDatabase.secretKeys.password | string | `""` | key in existing Secret to use for db user's password |
 | externalDatabase.secretKeys.username | string | `""` | key in existing Secret to use for the db user |
-| externalDatabase.type | string | `"postgresql"` | Currently only postgresql is supported. mysql coming soon |
+| externalDatabase.type | string | `"postgresql"` | Currently postgresql and mysql are supported. |
 | externalDatabase.username | string | `""` | username for database, ignored if existingSecret is passed in |
 | image.pullPolicy | string | `"IfNotPresent"` | image pull policy, set to Always if using image.tag: latest |
 | image.repository | string | `"coturn/coturn"` | container registry and repo for coturn docker image |
 | image.tag | string | `""` | docker tag for coturn server |
 | labels | object | `{"component":"coturn"}` | Coturn specific labels |
+| mysql.auth.database | string | `"coturn"` | database to create, ignored if existingSecret is passed in |
+| mysql.auth.existingSecret | string | `""` | Use existing secret for password details.  The secret has to contain the keys mysql-root-password, mysql-replication-password and mysql-password |
+| mysql.auth.password | string | `""` | password for db, autogenerated if empty & existingSecret empty |
+| mysql.auth.secretKeys.password | string | `"password"` | key in existing Secret to use for coturn user's password |
+| mysql.auth.secretKeys.username | string | `"username"` | key in exsiting Secret to use for the coturn user |
+| mysql.auth.username | string | `"coturn"` | username for database, ignored if existingSecret is passed in |
+| mysql.enabled | bool | `false` | enables bitnami mysql subchart, you can disable to use external db |
+| mysql.initdbScriptsConfigMap | string | `"initdb-scripts-config"` | ConfigMap with the initdb scripts (Note: Overrides initdbScripts) |
 | nameOverride | string | `""` | different name for the helm release |
 | persistence.accessMode | string | `"ReadWriteOnce"` | access mode for the PVC, ignored if persistence.existingClaim passed in |
 | persistence.annotations | object | `{}` | annotations for the PVC, ignored if persistence.existingClaim passed in |
@@ -73,6 +82,7 @@ A Helm chart to deploy coturn
 | postgresql.global.postgresql.auth.secretKeys.userPasswordKey | string | `"password"` | key in existing Secret to use for coturn user's password |
 | postgresql.global.postgresql.auth.secretKeys.username | string | `"username"` | key in exsiting Secret to use for the coturn user |
 | postgresql.global.postgresql.auth.username | string | `"coturn"` | username for database, ignored if existingSecret is passed in |
+| postgresql.primary.initdb.scriptsConfigMap | string | `"initdb-scripts-config"` | ConfigMap with scripts to be run at first boot |
 | replicas | int | `1` |  |
 | resources | object | `{}` | ref: kubernetes.io/docs/concepts/configuration/manage-resources-containers |
 | securityContext.allowPrivilegeEscalation | bool | `true` | allow priviledged access |
@@ -86,4 +96,4 @@ A Helm chart to deploy coturn
 | service.type | string | `"ClusterIP"` | The type of service to deploy for routing Coturn traffic.   ClusterIP: Recommended for DaemonSet configurations. This will create a              standard Kubernetes service for Coturn within the cluster.              No external networking will be configured as the DaemonSet              will handle binding to each Node's host networking    NodePort:  Recommended for Deployment configurations. This will open              TURN ports on every node and route traffic on these ports to              the Coturn pods. You will need to make sure your cloud              provider supports the cluster config setting,              apiserver.service-node-port-range, as this range must contain              the ports defined above for the service to be created.    LoadBalancer: This was what was originally set for this chart in the                 upstream of this fork, but with no details |
 
 ----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)
+Autogenerated from chart metadata using [helm-docs v1.12.0](https://github.com/norwoodj/helm-docs/releases/v1.12.0)

charts/coturn/templates/_helpers.tpl

@@ -50,3 +50,27 @@ Helper function to get the coturn secret containing admin coturn credentials
 {{ .Release.Name }}-auth-secret
 {{- end }}
 {{- end }}
+
+{{- define "db.isReady.image.repository" -}}
+{{- if and .Values.externalDatabase.enabled (eq .Values.externalDatabase.type "postgresql") -}}
+postgres
+{{- else if and .Values.externalDatabase.enabled (eq .Values.externalDatabase.type "mysql") -}}
+mysql
+{{- else if .Values.postgresql.enabled -}}
+{{ .Values.postgresql.image.repository }}
+{{- else if .Values.mysql.enabled -}}
+{{ .Values.mysql.image.repository }}
+{{- end -}}
+{{- end -}}
+
+{{- define "db.isReady.image.tag" -}}
+{{- if and .Values.externalDatabase.enabled (eq .Values.externalDatabase.type "postgresql") -}}
+15-alpine
+{{- else if and .Values.externalDatabase.enabled (eq .Values.externalDatabase.type "mysql") -}}
+8.0.35
+{{- else if .Values.postgresql.enabled -}}
+{{ .Values.postgresql.image.tag }}
+{{- else if .Values.mysql.enabled -}}
+{{ .Values.mysql.image.tag }}
+{{- end -}}
+{{- end -}}

charts/coturn/templates/configmap-initdb-scripts.yaml

@@ -0,0 +1,63 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: initdb-scripts-config
+  labels:
+{{ include "labels" . | nindent 4 }}
+data:
+  schema.sql: |
+    CREATE TABLE turnusers_lt (
+        realm varchar(127) default '',
+        name varchar(512),
+        hmackey char(128),
+        PRIMARY KEY (realm,name)
+    );
+
+    CREATE TABLE turn_secret (
+        realm varchar(127) default '',
+        value varchar(256),
+        primary key (realm,value)
+    );
+
+    CREATE TABLE allowed_peer_ip (
+        realm varchar(127) default '',
+        ip_range varchar(256),
+        primary key (realm,ip_range)
+    );
+
+    CREATE TABLE denied_peer_ip (
+        realm varchar(127) default '',
+        ip_range varchar(256),
+        primary key (realm,ip_range)
+    );
+
+    CREATE TABLE turn_origin_to_realm (
+        origin varchar(127),
+        realm varchar(127),
+        primary key (origin)
+    );
+
+    CREATE TABLE turn_realm_option (
+        realm varchar(127) default '',
+        opt varchar(32),
+        value varchar(128),
+        primary key (realm,opt)
+    );
+
+    CREATE TABLE oauth_key (
+        kid varchar(128),
+        ikm_key varchar(256),
+        timestamp bigint default 0,
+        lifetime integer default 0,
+        as_rs_alg varchar(64) default '',
+        realm varchar(127),
+        primary key (kid)
+    );
+
+    CREATE TABLE admin_user (
+        name varchar(32),
+        realm varchar(127),
+        password varchar(127),
+        primary key (name)
+    );

charts/coturn/templates/configmap.yaml

@@ -17,6 +17,6 @@ data:
     pidfile: "/var/tmp/turnserver.pid"
     pkey: "/tls/tls.key"
     cert: "/tls/tls.crt"
-    {{- if and (not .Values.externalDatabase.enabled) (not .Values.postgresql.enabled) }}
+    {{- if and (not .Values.externalDatabase.enabled) (not .Values.postgresql.enabled) (not .Values.mysql.enabled) }}
     userdb: "/var/db/turndb"
     {{- end }}

charts/coturn/templates/database-secret.yaml

@@ -3,7 +3,7 @@ If the user has enabled the postgresql subchart or passed in an external
 Database with plain text credentials, we create a secret with those credentials
 to 
 */}}
-{{- if or .Values.postgresql.enabled .Values.externalDatabase.enabled }}
+{{- if or .Values.postgresql.enabled .Values.mysql.enabled .Values.externalDatabase.enabled }}
 {{- if and (not .Values.postgresql.global.postgresql.auth.existingSecret) (not .Values.externalDatabase.existingSecret) }}
 apiVersion: v1
 kind: Secret
@@ -20,8 +20,15 @@ data:
   {{- else }}
   password: {{ .Values.postgresql.global.postgresql.auth.password | b64enc | quote }}
   {{- end }}
+  {{- else if .Values.mysql.enabled }}
+  database: {{ .Values.mysql.auth.database | b64enc | quote }}
+  username: {{ .Values.mysql.auth.username | b64enc | quote }}
+  {{- if not .Values.mysql.auth.password }}
+  password: {{ randAlphaNum 24 | b64enc | quote }}
+  {{- else }}
+  password: {{ .Values.mysql.auth.password | b64enc | quote }}
   {{- end }}
-  {{- if and .Values.externalDatabase.enabled (not .Values.postgresql.enabled) }}
+  {{- else if .Values.externalDatabase.enabled }}
   hostname: {{ .Values.externalDatabase.hostname | b64enc | quote }}
   database: {{ .Values.externalDatabase.database | b64enc | quote }}
   username: {{ .Values.externalDatabase.username | b64enc | quote }}

charts/coturn/templates/deployment.yaml

@@ -27,9 +27,9 @@ spec:
           add: {{ .Values.securityContext.capabilities.add }}
           drop: {{ .Values.securityContext.capabilities.drop }}
       initContainers:
-        {{- if .Values.postgresql.enabled }}
+        {{- if or .Values.postgresql.enabled (and .Values.externalDatabase.enabled (eq .Values.externalDatabase.type "postgresql")) }}
         - name: postgresql-isready
-          image: {{ .Values.postgresql.image.repository }}:{{ .Values.postgresql.image.tag }}
+          image: {{ include "db.isReady.image.repository" . }}:{{ include "db.isReady.image.tag" . }}
           env:
             - name: POSTGRES_USER
               valueFrom:
@@ -53,6 +53,41 @@ spec:
             - "sh"
             - "-c"
             - "until pg_isready -h $DATABASE_HOSTNAME -U $POSTGRES_USER ; do sleep 2 ; done"
+        {{- else if or .Values.mysql.enabled (and .Values.externalDatabase.enabled (eq .Values.externalDatabase.type "mysql")) }}
+        - name: mysql-isready
+          image: {{ include "db.isReady.image.repository" . }}:{{ include "db.isReady.image.tag" . }}
+          env:
+            - name: MYSQL_USER
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "database.secretName" . }}
+                  {{- if and .Values.externalDatabase.enabled .Values.externalDatabase.secretKeys.username }}
+                  key: {{ .Values.externalDatabase.secretKeys.username }}
+                  {{ else }}
+                  key: {{ .Values.mysql.auth.secretKeys.username }}
+                  {{ end }}
+            - name: MYSQL_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "database.secretName" . }}
+                  {{- if and .Values.externalDatabase.enabled .Values.externalDatabase.secretKeys.password }}
+                  key: {{ .Values.externalDatabase.secretKeys.password }}
+                  {{ else }}
+                  key: {{ .Values.mysql.auth.secretKeys.password }}
+                  {{ end }}
+            - name: DATABASE_HOSTNAME
+            {{- if and .Values.externalDatabase.enabled .Values.externalDatabase.secretKeys.hostname }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "database.secretName" . }}
+                  key: {{ .Values.externalDatabase.secretKeys.hostname }}
+            {{ else }}
+              value: {{ template "mysql.primary.fullname" .Subcharts.mysql }}
+            {{- end }}
+          command:
+            - "sh"
+            - "-c"
+            - "until mysql -h $DATABASE_HOSTNAME -u $MYSQL_USER -p$MYSQL_PASSWORD -e 'SELECT VERSION();' ; do sleep 2 ; done"
         {{- end }}
         - name: add-secret-values-to-config
           image: "mikefarah/yq:latest"
@@ -72,42 +107,50 @@ spec:
                 secretKeyRef:
                   name: {{ include "coturn.auth.secretName" . }}
                   key: {{ .Values.coturn.auth.secretKeys.password }}
-            {{- if or .Values.externalDatabase.enabled .Values.postgresql.enabled }}
+            {{- if or .Values.externalDatabase.enabled .Values.postgresql.enabled .Values.mysql.enabled }}
             - name: DATABASE_HOSTNAME
             {{- if and .Values.externalDatabase.enabled .Values.externalDatabase.secretKeys.hostname }}
               valueFrom:
                 secretKeyRef:
                   name: {{ include "database.secretName" . }}
                   key: {{ .Values.externalDatabase.secretKeys.hostname }}
-            {{ else }}
+            {{ else if .Values.postgresql.enabled }}
               value: {{ template "postgresql.primary.fullname" .Subcharts.postgresql }}
+            {{ else if .Values.mysql.enabled }}
+              value: {{ template "mysql.primary.fullname" .Subcharts.mysql }}
             {{- end }}
             - name: DATABASE_USER
               valueFrom:
                 secretKeyRef:
                   name: {{ include "database.secretName" . }}
                   {{- if and .Values.externalDatabase.enabled .Values.externalDatabase.secretKeys.username }}
                   key: {{ .Values.externalDatabase.secretKeys.username }}
-                  {{ else }}
+                  {{ else if .Values.postgresql.enabled }}
                   key: {{ .Values.postgresql.global.postgresql.auth.secretKeys.username }}
+                  {{ else if .Values.mysql.enabled }}
+                  key: username
                   {{- end }}
             - name: DATABASE_PASS
               valueFrom:
                 secretKeyRef:
                   name: {{ include "database.secretName" . }}
                   {{- if and .Values.externalDatabase.enabled .Values.externalDatabase.secretKeys.password }}
                   key: {{ .Values.externalDatabase.secretKeys.password }}
-                  {{ else }}
+                  {{ else if .Values.postgresql.enabled }}
                   key: {{ .Values.postgresql.global.postgresql.auth.secretKeys.userPasswordKey }}
+                  {{ else if .Values.mysql.enabled }}
+                  key: password
                   {{- end }}
             - name: DATABASE
               valueFrom:
                 secretKeyRef:
                   name: {{ include "database.secretName" . }}
                   {{- if and .Values.externalDatabase.enabled .Values.externalDatabase.secretKeys.database }}
                   key: {{ .Values.externalDatabase.secretKeys.database }}
-                  {{ else }}
+                  {{ else if .Values.postgresql.enabled }}
                   key: {{ .Values.postgresql.global.postgresql.auth.secretKeys.database }}
+                  {{ else if .Values.mysql.enabled }}
+                  key: database
                   {{- end }}
             {{- end }}
           command:
@@ -117,12 +160,16 @@ spec:
               cp /initial/turnserver.conf /data/turnserver.yaml && \
               export USER_STR="$USER:$PASSWORD" && \
               yq eval -i '.user = env(USER_STR)' /data/turnserver.yaml && \
+              {{- if or (and .Values.externalDatabase.enabled (eq .Values.externalDatabase.type "postgresql")) .Values.postgresql.enabled }}
               export CONNECTION_STRING="host=$DATABASE_HOSTNAME dbname=$DATABASE user=$DATABASE_USER password=$DATABASE_PASS connect_timeout=30" && \
-              {{- if or .Values.externalDatabase.enabled .Values.postgresql.enabled }}
-              yq eval '.psql-userdb = env(CONNECTION_STRING)' /data/turnserver.yaml && \
+              yq eval -i '.psql-userdb = env(CONNECTION_STRING)' /data/turnserver.yaml && \
+              {{- else if or (and .Values.externalDatabase.enabled (eq .Values.externalDatabase.type "mysql")) .Values.mysql.enabled }}
+              export CONNECTION_STRING="host=$DATABASE_HOSTNAME dbname=$DATABASE user=$DATABASE_USER password=$DATABASE_PASS port=3306 connect_timeout=10 read_timeout=10" && \
+              yq eval -i '.mysql-userdb = env(CONNECTION_STRING)' /data/turnserver.yaml && \
               {{- end }}
               sed -i 's/: /=/' /data/turnserver.yaml && \
               cat /extra/turnserver.conf >> /data/turnserver.yaml && \
+              echo '' >> /data/turnserver.yaml && \
               echo 'lt-cred-mech' >> /data/turnserver.yaml && \
               mv /data/turnserver.yaml /data/turnserver.conf
           volumeMounts: