feat: migrate MongoDB to Helm deployment

Adds MongoDB as an optional component to eagle-api Helm chart, replacing legacy
DeploymentConfig. Enables zero-downtime migration by scaling down old DC before
Helm creates new Deployment.

Changes:
- Add mongodb-deployment.yaml and mongodb-service.yaml templates
- Add MongoDB configuration to values files (enabled for dev/test)
- Update workflows to handle zero-downtime migration
- Fix secret key consistency (all environments use MONGODB_USER)
- Remove legacy templates: eagle-api.dc.json, eagle-api.bc.json, pipeline/

MongoDB deployment uses:
- Existing PVC (eagle-api-mongodb-data) to preserve data
- Existing secret (eagle-api-mongodb) for credentials
- tcpSocket probes (fixes zombie process issue)
- Recreate strategy for stateful workload

Fixes:
- Prevents zombie mongo processes from readiness probes
- Standardizes deployment mechanism across all EPIC apps

Author: danieltruong

.github/workflows/deploy-to-dev.yaml

@@ -215,6 +215,30 @@ jobs:
           oc -n ${{ env.OPENSHIFT_NAMESPACE_TOOLS }} tag \
             ${{ env.IMAGE_NAME }}:${{ needs.push.outputs.SHORT_SHA }} ${{ env.IMAGE_NAME }}:ci-latest
 
+      - name: Migrate MongoDB from DeploymentConfig to Deployment
+        run: |
+          echo "Checking MongoDB deployment status..."
+          
+          # Check if new Helm-managed MongoDB Deployment exists
+          if oc get deployment eagle-api-mongodb -n ${{ env.OPENSHIFT_NAMESPACE_DEV }} &>/dev/null; then
+            echo "✓ MongoDB Deployment already exists (Helm-managed)"
+          else
+            echo "MongoDB Deployment not found - migrating from DeploymentConfig..."
+            
+            # Check if legacy DeploymentConfig exists
+            if oc get dc eagle-api-mongodb -n ${{ env.OPENSHIFT_NAMESPACE_DEV }} &>/dev/null; then
+              echo "Scaling down legacy MongoDB DeploymentConfig to 0 replicas..."
+              oc scale dc/eagle-api-mongodb --replicas=0 -n ${{ env.OPENSHIFT_NAMESPACE_DEV }}
+              
+              echo "Waiting for MongoDB pod to terminate..."
+              oc wait --for=delete pod -l name=eagle-api-mongodb -n ${{ env.OPENSHIFT_NAMESPACE_DEV }} --timeout=120s || true
+              
+              echo "✓ Legacy DeploymentConfig scaled down - Helm will create new Deployment"
+            else
+              echo "No legacy DeploymentConfig found - proceeding with fresh Helm install"
+            fi
+          fi
+
       - name: Deploy with Helm
         run: |
           helm upgrade --install ${{ env.APP_NAME }} ./helm/${{ env.APP_NAME }} \
@@ -233,3 +257,12 @@ jobs:
           
           echo "Deployment successful!"
           oc get pods -n ${{ env.OPENSHIFT_NAMESPACE_DEV }} -l app.kubernetes.io/name=${{ env.APP_NAME }}
+          
+          # Verify MongoDB deployment if enabled
+          if oc get deployment eagle-api-mongodb -n ${{ env.OPENSHIFT_NAMESPACE_DEV }} &>/dev/null; then
+            echo ""
+            echo "Verifying MongoDB deployment..."
+            oc rollout status deployment/eagle-api-mongodb -n ${{ env.OPENSHIFT_NAMESPACE_DEV }} --timeout=3m
+            echo "✓ MongoDB deployment verified"
+          fi
+

.github/workflows/deploy-to-test.yaml

@@ -131,6 +131,30 @@ jobs:
           curl -fsSL https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
           helm version
 
+      - name: Migrate MongoDB from DeploymentConfig to Deployment
+        run: |
+          echo "Checking MongoDB deployment status..."
+          
+          # Check if new Helm-managed MongoDB Deployment exists
+          if oc get deployment eagle-api-mongodb -n ${{ env.OPENSHIFT_NAMESPACE_TEST }} &>/dev/null; then
+            echo "✓ MongoDB Deployment already exists (Helm-managed)"
+          else
+            echo "MongoDB Deployment not found - migrating from DeploymentConfig..."
+            
+            # Check if legacy DeploymentConfig exists
+            if oc get dc eagle-api-mongodb -n ${{ env.OPENSHIFT_NAMESPACE_TEST }} &>/dev/null; then
+              echo "Scaling down legacy MongoDB DeploymentConfig to 0 replicas..."
+              oc scale dc/eagle-api-mongodb --replicas=0 -n ${{ env.OPENSHIFT_NAMESPACE_TEST }}
+              
+              echo "Waiting for MongoDB pod to terminate..."
+              oc wait --for=delete pod -l name=eagle-api-mongodb -n ${{ env.OPENSHIFT_NAMESPACE_TEST }} --timeout=120s || true
+              
+              echo "✓ Legacy DeploymentConfig scaled down - Helm will create new Deployment"
+            else
+              echo "No legacy DeploymentConfig found - proceeding with fresh Helm install"
+            fi
+          fi
+
       - name: Deploy with Helm
         run: |
           helm upgrade --install ${{ env.APP_NAME }} ./helm/${{ env.APP_NAME }} \
@@ -143,4 +167,13 @@ jobs:
         run: |
           echo "Deployment successful!"
           oc get pods -n ${{ env.OPENSHIFT_NAMESPACE_TEST }} -l app.kubernetes.io/name=${{ env.APP_NAME }}
+          
+          # Verify MongoDB deployment if enabled
+          if oc get deployment eagle-api-mongodb -n ${{ env.OPENSHIFT_NAMESPACE_TEST }} &>/dev/null; then
+            echo ""
+            echo "Verifying MongoDB deployment..."
+            oc rollout status deployment/eagle-api-mongodb -n ${{ env.OPENSHIFT_NAMESPACE_TEST }} --timeout=3m
+            echo "✓ MongoDB deployment verified"
+          fi
+
 

helm/eagle-api/templates/_helpers.tpl

@@ -48,3 +48,32 @@ Selector labels
 app.kubernetes.io/name: {{ include "eagle-api.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
+
+{{/*
+MongoDB fullname - must be "eagle-api-mongodb" for backward compatibility
+*/}}
+{{- define "eagle-api.mongodb.fullname" -}}
+eagle-api-mongodb
+{{- end }}
+
+{{/*
+MongoDB labels
+*/}}
+{{- define "eagle-api.mongodb.labels" -}}
+helm.sh/chart: {{ include "eagle-api.chart" . }}
+{{ include "eagle-api.mongodb.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+app: eagle-epic
+role: database-eagle-epic
+{{- end }}
+
+{{/*
+MongoDB selector labels
+*/}}
+{{- define "eagle-api.mongodb.selectorLabels" -}}
+app.kubernetes.io/name: eagle-api-mongodb
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}

helm/eagle-api/templates/mongodb-deployment.yaml

@@ -0,0 +1,74 @@
+{{- if .Values.mongodb.enabled }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "eagle-api.mongodb.fullname" . }}
+  labels:
+    {{- include "eagle-api.mongodb.labels" . | nindent 4 }}
+  annotations:
+    description: "MongoDB database for eagle-api"
+spec:
+  replicas: 1
+  strategy:
+    type: Recreate  # Critical: MongoDB is stateful with single replica
+  selector:
+    matchLabels:
+      {{- include "eagle-api.mongodb.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "eagle-api.mongodb.selectorLabels" . | nindent 8 }}
+    spec:
+      containers:
+      - name: mongodb
+        image: "{{ .Values.mongodb.image.repository }}:{{ .Values.mongodb.image.tag }}"
+        imagePullPolicy: {{ .Values.mongodb.image.pullPolicy }}
+        ports:
+        - containerPort: 27017
+          protocol: TCP
+          name: mongodb
+        env:
+        - name: MONGODB_USER
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.mongodb.existingSecret }}
+              key: {{ .Values.mongodb.secretKeys.user }}
+        - name: MONGODB_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.mongodb.existingSecret }}
+              key: {{ .Values.mongodb.secretKeys.password }}
+        - name: MONGODB_DATABASE
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.mongodb.existingSecret }}
+              key: {{ .Values.mongodb.secretKeys.database }}
+        - name: MONGODB_ADMIN_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.mongodb.existingSecret }}
+              key: {{ .Values.mongodb.secretKeys.adminPassword }}
+        volumeMounts:
+        - name: mongodb-data
+          mountPath: /var/lib/mongodb/data
+        resources:
+          {{- toYaml .Values.mongodb.resources | nindent 10 }}
+        livenessProbe:
+          tcpSocket:
+            port: 27017
+          initialDelaySeconds: {{ .Values.mongodb.probes.liveness.initialDelaySeconds }}
+          periodSeconds: {{ .Values.mongodb.probes.liveness.periodSeconds }}
+          timeoutSeconds: {{ .Values.mongodb.probes.liveness.timeoutSeconds }}
+          failureThreshold: {{ .Values.mongodb.probes.liveness.failureThreshold }}
+        readinessProbe:
+          tcpSocket:
+            port: 27017
+          initialDelaySeconds: {{ .Values.mongodb.probes.readiness.initialDelaySeconds }}
+          periodSeconds: {{ .Values.mongodb.probes.readiness.periodSeconds }}
+          timeoutSeconds: {{ .Values.mongodb.probes.readiness.timeoutSeconds }}
+          failureThreshold: {{ .Values.mongodb.probes.readiness.failureThreshold }}
+      volumes:
+      - name: mongodb-data
+        persistentVolumeClaim:
+          claimName: {{ .Values.mongodb.persistence.existingClaim }}
+{{- end }}

helm/eagle-api/templates/mongodb-service.yaml

@@ -0,0 +1,17 @@
+{{- if .Values.mongodb.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "eagle-api.mongodb.fullname" . }}
+  labels:
+    {{- include "eagle-api.mongodb.labels" . | nindent 4 }}
+spec:
+  type: ClusterIP
+  ports:
+  - port: 27017
+    targetPort: mongodb
+    protocol: TCP
+    name: mongodb
+  selector:
+    {{- include "eagle-api.mongodb.selectorLabels" . | nindent 4 }}
+{{- end }}

helm/eagle-api/values-dev.yaml

@@ -34,7 +34,7 @@ keycloak:
 secrets:
   mongodb:
     name: eagle-api-mongodb
-    usernameKey: MONGODB_USERNAME
+    usernameKey: MONGODB_USER
     passwordKey: MONGODB_PASSWORD
   minio:
     name: nr-object-store-credential
@@ -52,3 +52,15 @@ persistence:
 
 autoscaling:
   enabled: false
+
+# MongoDB enabled for dev environment
+mongodb:
+  enabled: true
+  resources:
+    requests:
+      cpu: 100m
+      memory: 1Gi
+    limits:
+      cpu: 250m
+      memory: 2Gi
+

helm/eagle-api/values-test.yaml

@@ -52,3 +52,15 @@ persistence:
 
 autoscaling:
   enabled: false
+
+# MongoDB enabled for test environment
+mongodb:
+  enabled: true
+  resources:
+    requests:
+      cpu: 100m
+      memory: 1Gi
+    limits:
+      cpu: 500m
+      memory: 2Gi
+

helm/eagle-api/values.yaml

@@ -78,8 +78,8 @@ env:
 secrets:
   mongodb:
     name: eagle-api-mongodb
-    usernameKey: database-user
-    passwordKey: database-password
+    usernameKey: MONGODB_USER
+    passwordKey: MONGODB_PASSWORD
 
   minio:
     name: eagle-api-minio-keys
@@ -135,3 +135,47 @@ migrations:
     requests:
       cpu: 100m
       memory: 256Mi
+
+# MongoDB Configuration
+# Disabled by default for local development (use external MongoDB)
+# Enable in environment values files (values-dev.yaml, values-test.yaml, values-prod.yaml)
+mongodb:
+  enabled: false
+  
+  image:
+    repository: image-registry.openshift-image-registry.svc:5000/6cdc9e-tools/mongodb-44
+    tag: "4.4.30"
+    pullPolicy: IfNotPresent
+  
+  # Use existing secret created by legacy DeploymentConfig
+  existingSecret: eagle-api-mongodb
+  secretKeys:
+    user: MONGODB_USER
+    password: MONGODB_PASSWORD
+    database: MONGODB_DATABASE
+    adminPassword: MONGODB_ADMIN_PASSWORD
+  
+  # Use existing PVC to preserve data during migration
+  persistence:
+    existingClaim: eagle-api-mongodb-data
+  
+  resources:
+    requests:
+      cpu: 100m
+      memory: 1Gi
+    limits:
+      cpu: 250m
+      memory: 2Gi
+  
+  probes:
+    liveness:
+      initialDelaySeconds: 30
+      periodSeconds: 10
+      timeoutSeconds: 1
+      failureThreshold: 3
+    readiness:
+      initialDelaySeconds: 3
+      periodSeconds: 10
+      timeoutSeconds: 1
+      failureThreshold: 3
+