Auth enablement for Redis, MongoDB , PostgreSQL and ActiveMQ

This document describes the procedure to enable authentication for Expertflow CX stateful components mainly Redis, MongoDB, PostgreSQL and ActiveMQ.

change the directory:-

cd cim-solution/kubernetes

Redis:

open values.yaml file in redis helm chart

vi external/bitnami/redis/values.yaml

Update the following values as mentioned below:-

auth:
  ## @param auth.enabled Enable password authentication
  ##
  enabled: true
  
  ## @param auth.password Redis&reg; password
  ## Defaults to a random 10-character alphanumeric string if not set
  ##
  password: "Expertflow123"  # Change this to match the requirements

Deploy Redis using the helm file.

Manual Verification:-

export Redis password

export REDIS_PASSWORD=$(kubectl get secret --namespace ef-external redis -o jsonpath="{.data.redis-password}" | base64 -d)

Start a Redis client pod:-

kubectl run --namespace ef-external redis-client --restart='Never'  --env REDIS_PASSWORD=$REDIS_PASSWORD  --image gitimages.expertflow.com/general/redis:CIM-4292

Exec into client pod:-

kubectl exec --tty -i redis-client \
   --namespace ef-external -- bash

verify the auth using the following command in the client pod:

REDISCLI_AUTH="$REDIS_PASSWORD" redis-cli -h redis-master

Sample Run.

I have no name!@redis-client:/$ REDISCLI_AUTH="$REDIS_PASSWORD" redis-cli -h redis-master
redis-master:6379> CONFIG GET databases
1) "databases"
2) "16"
redis-master:6379>

Mongodb:

open values.yaml file in MongoDB helm chart.

vi external/bitnami/mongodb/values.yaml

Update the following values as mentioned below:-

auth:
  ## @param auth.enabled Enable authentication
  ## ref: https://docs.mongodb.com/manual/tutorial/enable-authentication/
  ## EXPERTFLOW
  enabled: true
  ## @param auth.rootUser MongoDB(&reg;) root user
  ##
  rootUser: root
  ## @param auth.rootPassword MongoDB(&reg;) root password
  ## ref: https://github.com/bitnami/containers/tree/main/bitnami/mongodb#setting-the-root-user-and-password-on-first-run
  ##
  rootPassword: "Expertflow123"  # Change this to match the requirements

Deploy MongoDB using the helm file.

Manual Verification:-

export mongodb password

export MONGODB_ROOT_PASSWORD=$(kubectl get secret --namespace ef-external mongo-mongodb -o jsonpath="{.data.mongodb-root-password}" | base64 -d)

Start a MongoDB client pod:-

kubectl run --namespace ef-external mongo-mongodb-client --rm --tty -i --restart='Never' --env="MONGODB_ROOT_PASSWORD=$MONGODB_ROOT_PASSWORD" --image docker.io/bitnami/mongodb:6.0.2-debian-11-r1 --command -- bash

verify the auth using the following command in the client pod:-

mongosh admin --host "mongo-mongodb" --authenticationDatabase admin -u root -p $MONGODB_ROOT_PASSWORD

Minio

update the minio helm chart values.yaml files with the required ACCESSKEY and PASSKEY values

YAML

auth:
  ## @param auth.rootUser MinIO&reg; root username
  ##
  rootUser: minioadmin
  ## @param auth.rootPassword Password for MinIO&reg; root user
  ##
  rootPassword: "minioadmin"

Manual Verification:-

export MinIO User and Password

export ROOT_USER=$(kubectl get secret --namespace ef-external minio -o jsonpath="{.data.root-user}" | base64 -d)
export ROOT_PASSWORD=$(kubectl get secret --namespace ef-external minio -o jsonpath="{.data.root-password}" | base64 -d)

Start a MinIO client pod:-

kubectl run --namespace ef-external minio-client \
     --rm --tty -i --restart='Never' \
     --env MINIO_SERVER_ROOT_USER=$ROOT_USER \
     --env MINIO_SERVER_ROOT_PASSWORD=$ROOT_PASSWORD \
     --env MINIO_SERVER_HOST=minio \
     --image docker.io/bitnami/minio-client:2022.10.6-debian-11-r0 -- admin info minio

You will see similar output to the following upon successful authorization:-

●  minio:9000
   Uptime: 13 seconds
   Version: 2022-10-05T14:58:27Z
   Network: 1/1 OK
   Drives: 1/1 OK
   Pool: 1

Pools:
   1st, Erasure sets: 1, Drives per erasure set: 1

Postgresql:

open values.yaml file in Postgresql helm chart

vi external/bitnami/postgresql/values.yaml

Update the following values as mentioned below:-

auth:
  ## @param auth.enablePostgresUser Assign a password to the "postgres" admin user. Otherwise, remote access will be blocked for this user
  ##
  enablePostgresUser: true
  ## @param auth.postgresPassword Password for the "postgres" admin user. Ignored if `auth.existingSecret` with key `postgres-password` is provided
  ##
  ## EXPERTFLOW
  postgresPassword: "<postgresql password>"

Deploy Postgresql using the helm file.

Manual Verification:-

export Postgresql password

export POSTGRES_ADMIN_PASSWORD=$(kubectl get secret --namespace ef-external ef-postgresql -o jsonpath="{.data.postgres-password}" | base64 -d)

Start a Postgresql client pod and log into licenseManager database from “postgres” user:-

kubectl run ef-postgresql-client --rm --tty -i --restart='Never' --namespace ef-external --image docker.io/bitnami/postgresql:14.5.0-debian-11-r21 --env="PGPASSWORD=$POSTGRES_ADMIN_PASSWORD"       --command -- psql --host ef-postgresql -U postgres -d licenseManager -p 5432

ActiveMQ

ActiveMQ TLS enablement is not fully functional yet.