From c74041cffc5b36ab0a6ea4100da81979f7605007 Mon Sep 17 00:00:00 2001
From: Erki Aas <erki@veebkolm.ee>
Date: Mon, 22 Dec 2025 21:37:15 +0200
Subject: [PATCH] Dedicated mongo for inventory

---
 hackerspace/inventory.yaml     |  2 +-
 hackerspace/kustomization.yaml |  1 +
 hackerspace/mongo.yaml         | 89 ++++++++++++++++++++++++++++++++++
 3 files changed, 91 insertions(+), 1 deletion(-)
 create mode 100644 hackerspace/mongo.yaml

diff --git a/hackerspace/inventory.yaml b/hackerspace/inventory.yaml
index b6e7095..3d1be42 100644
--- a/hackerspace/inventory.yaml
+++ b/hackerspace/inventory.yaml
@@ -32,7 +32,7 @@ spec:
         - secretRef:
             name: inventory-cookies
         - secretRef:
-            name: inventory-mongodb
+            name: mongodb-user-password
         - secretRef:
             name: inventory-s3
         name: inventory-app
diff --git a/hackerspace/kustomization.yaml b/hackerspace/kustomization.yaml
index 28c206b..64c89ba 100644
--- a/hackerspace/kustomization.yaml
+++ b/hackerspace/kustomization.yaml
@@ -11,3 +11,4 @@ resources:
 - ./inventory-extras.yaml
 - ./inventory-redirects.yaml
 - ./goredirect.yaml
+- ./mongo.yaml
diff --git a/hackerspace/mongo.yaml b/hackerspace/mongo.yaml
new file mode 100644
index 0000000..fde0b5e
--- /dev/null
+++ b/hackerspace/mongo.yaml
@@ -0,0 +1,89 @@
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: mongodb
+spec:
+  selector:
+    matchLabels:
+      app: mongodb
+  replicas: 1
+  minReadySeconds: 10
+  template:
+    metadata:
+      labels:
+        app: mongodb
+    spec:
+      terminationGracePeriodSeconds: 10
+      containers:
+        - name: mongodb
+          image: mongo:8
+          ports:
+            - containerPort: 27017
+              name: mongo
+          env:
+          - name: MONGO_INITDB_ROOT_USERNAME
+            value: "root"
+          - name: MONGO_INITDB_ROOT_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: mongodb-root-password
+                key: MONGO_INITDB_ROOT_PASSWORD
+          - name: MONGO_DBNAME
+            value: application              
+          - name: MONGO_USER
+            value: application
+          - name: MONGO_PASS
+            valueFrom:
+              secretKeyRef:
+                name: mongodb-user-password
+                key: MONGO_PASS          
+          - name: MONGO_AUTHSOURCE
+            value: "admin"        
+          volumeMounts:
+            - name: data
+              mountPath: /data/db
+  volumeClaimTemplates:
+    - metadata:
+        name: data
+      spec:
+        accessModes: [ "ReadWriteOnce" ]
+        storageClassName: ceph-rbd
+        resources:
+          requests:
+            storage: 10Gi
+---
+apiVersion: codemowers.cloud/v1beta1
+kind: SecretClaim
+metadata:
+  name: mongodb-root-password
+spec:
+  size: 32
+  mapping:
+    - key: MONGO_INITDB_ROOT_PASSWORD
+      value: "%(plaintext)s"
+---
+apiVersion: codemowers.cloud/v1beta1
+kind: SecretClaim
+metadata:
+  name: mongodb-user-password
+spec:
+  size: 32
+  mapping:
+    - key: MONGO_PASS
+      value: "%(plaintext)s"      
+    - key: MONGO_URI
+      value: "mongodb://application:%(plaintext)s@mongodb/application&authSource=admin"
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: mongodb
+spec:
+  ports:
+    - port: 27017
+      name: mongo
+      targetPort: 27017
+  selector:
+    app: mongodb
+  type: ClusterIP