diff --git a/stable/mongodb-replicaset/Chart.yaml b/stable/mongodb-replicaset/Chart.yaml index c3c588b0f2b6..f5faf63a54a6 100644 --- a/stable/mongodb-replicaset/Chart.yaml +++ b/stable/mongodb-replicaset/Chart.yaml @@ -1,6 +1,6 @@ name: mongodb-replicaset home: https://github.com/mongodb/mongo -version: 2.3.2 +version: 2.3.3 appVersion: 3.6 description: NoSQL document-oriented database that stores JSON-like documents with dynamic schemas, simplifying the integration of data in content-driven applications. diff --git a/stable/mongodb-replicaset/README.md b/stable/mongodb-replicaset/README.md index 5750e9c77e91..f886d802048e 100644 --- a/stable/mongodb-replicaset/README.md +++ b/stable/mongodb-replicaset/README.md @@ -64,7 +64,7 @@ The following table lists the configurable parameters of the mongodb chart and t *MongoDB config file* -The MongoDB config file `mongod.conf` is configured via the `configmap` configuration value. The defaults from +The MongoDB config file `mongod.conf` is configured via the `configmap` configuration value. The defaults from `values.yaml` are the following: ```yaml @@ -90,15 +90,28 @@ $ helm install --name my-release -f values.yaml stable/mongodb-replicaset Once you have all 3 nodes in running, you can run the "test.sh" script in this directory, which will insert a key into the primary and check the secondaries for output. This script requires that the `$RELEASE_NAME` environment variable be set, in order to access the pods. ## Authentication +By default, this chart creates a MongoDB replica set without authentication. +To enable authentication, you must update **TWO** different sections in `values.yaml` or authentication will not be properly enabled. +These sections are outlined below: -By default, this chart creates a MongoDB replica set without authentication. Authentication can be -enabled using the parameter `auth.enabled`. Once enabled, keyfile access control is set up and an +### 1. auth +Authentication can be enabled using the parameter `auth.enabled`. Once enabled, keyfile access control is set up and an admin user with root privileges is created. User credentials and keyfile may be specified directly. Alternatively, existing secrets may be provided. The secret for the admin user must contain the keys `user` and `password`, that for the key file must contain `key.txt`. The user is created with full `root` permissions but is restricted to the `admin` database for security purposes. It can be used to create additional users with more specific permissions. +### 2. security +Towards the bottom of `values.yaml`, you must uncomment and potentially update the `security` section. +- `security.authorization` must be set to `enabled`, and +- `security.keyFile` path must be specified + +**Warning** + +Without enabling authentication in both the `auth` and `security` sections of `values.yaml`, your database +will not be properly protected, and initialization may fail silently. + ## TLS support To enable full TLS encryption set `tls.enabled` to `true`. It is recommended to create your own CA by executing: diff --git a/stable/mongodb-replicaset/init/files/on-start.sh b/stable/mongodb-replicaset/init/files/on-start.sh index c5cc864a7776..1a2ab5c9052c 100644 --- a/stable/mongodb-replicaset/init/files/on-start.sh +++ b/stable/mongodb-replicaset/init/files/on-start.sh @@ -18,8 +18,8 @@ replica_set=$REPLICA_SET script_name=${0##*/} if [[ "$AUTH" == "true" ]]; then - admin_user="$ADMIN_USER" - admin_password="$ADMIN_PASSWORD" + admin_user="$MONGO_INITDB_ROOT_USERNAME" + admin_password="$MONGO_INITDB_ROOT_PASSWORD" admin_auth=(-u "$admin_user" -p "$admin_password") fi