[HELM] implemented basic geolocation downloading.

davidv1992 · davidv1992 · commit 3c0aeccb98ad · 2025-10-02T10:26:54.000Z
diff --git a/Dockerfile b/Dockerfile
@@ -34,7 +34,7 @@ FROM debian:bookworm-slim AS runner
 # Install CA certificates for the runner
 RUN apt update \
     && apt install -y --no-install-recommends \
-        ca-certificates \
+        ca-certificates curl \
     && rm -rf /var/lib/apt/lists/* /tmp/*
 
 # Copy compiled binaries from the builder stage
@@ -43,9 +43,6 @@ COPY --from=builder /build/artifacts/nts-pool-management /usr/local/bin/nts-pool
 COPY --from=builder /build/artifacts/nts-pool-monitor /usr/local/bin/nts-pool-monitor
 COPY --from=builder /build/nts-pool-management/assets /opt/nts-pool-management/assets
 
-# Temporarily copy test geodb, until we actually implement proper loading of the geolocation database.
-COPY --from=builder /build/nts-pool-ke/testdata/GeoLite2-Country-Test.mmdb /opt/nts-pool-management/GeoLite2-Country-Test.mmdb
-
 # Set a default assets directory
 ENV NTSPOOL_ASSETS_DIR=/opt/nts-pool-management/assets
 
diff --git a/helm-charts/nts-pool/templates/geolocation-loader.yaml b/helm-charts/nts-pool/templates/geolocation-loader.yaml
@@ -0,0 +1,21 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "nts-pool.fullname" . }}-geolocation-loader
+  namespace: {{ default .Release.Namespace .Values.namespaceOverride }}
+  labels:
+    {{- include "nts-pool.labels" . | nindent 4 }}
+data:
+  geolocation-loader.sh: |
+    #!/bin/sh
+    while true; do
+      curl --fail -o geolite2.tar.gz -z "${TARGET}" -u "${USERID}:${LICENSE_KEY}" -L "${URL}"
+      if [ $? -eq 0 ] && [ -f geolite2.tar.gz ]; then
+        tar -xf geolite2.tar.gz --wildcards --strip-components 1 \*/GeoLite2-Country.mmdb
+        mv GeoLite2-Country.mmdb "${TARGET}"
+        touch "${TARGET}"
+      fi
+      rm -f geolite2.tar.gz
+      sleep "$PERIOD"
+    done
diff --git a/helm-charts/nts-pool/templates/management.yaml b/helm-charts/nts-pool/templates/management.yaml
@@ -31,12 +31,59 @@ spec:
         app.kubernetes.io/component: management
         {{- include "nts-pool.selectorLabels" . | nindent 8 }}
     spec:
-      {{- if .Values.management.databaseCertificate.cert }}
       volumes:
+        - name: geolocation-script
+          configMap:
+            name: {{ include "nts-pool.fullname" . }}-geolocation-loader
+            items:
+              - key: "geolocation-loader.sh"
+                path: "geolocation-loader.sh"
+                mode: 0755
+        - name: geolocation
+          emptyDir: {}
+        {{- if .Values.management.databaseCertificate.cert }}
         - name: db-cert-volume
           configMap:
             name: {{ include "nts-pool.fullname" . }}-management-db-cert
-      {{- end }}
+        {{- end }}
+      initContainers:
+      - name: geolocation
+        imagePullPolicy: "{{ default .Values.image.pullPolicy .Values.management.image.pullPolicy }}"
+        {{- with default .Values.image.pullSecrets .Values.management.image.pullSecrets }}
+        imagePullSecrets:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
+        image: "{{ default .Values.image.repository .Values.management.image.repository }}:{{ default .Values.image.tag .Values.management.image.tag }}"
+        command: ["/opt/geodb/geolocation-loader.sh"]
+        workingDir: "/opt/geodb/"
+        volumeMounts:
+          - name: geolocation
+            mountPath: "/opt/geodb"
+          - name: geolocation-script
+            mountPath: "/opt/geodb/scripts/"
+            readonly: true
+        restartPolicy: always
+        startupProbe:
+          exec:
+            command:
+              - sh
+              - -c
+              - test -e /opt/geodb/geodb.mmdb
+        env:
+          - name: USERID
+            valueFrom:
+              secretKeyRef:
+                {{- toYaml .Values.geolocation.maxmindUserIdSecretRef | nindent 16 }}
+          - name: LICENSE_KEY
+            valueFrom:
+              secretKeyRef:
+                {{- toYaml .Values.geolocation.maxmindLicenseKeySecretRef | nindent 16 }}
+          - name: URL
+            value: {{ .Values.geolocation.maxmindDatabaseUrl }}
+          - name: TARGET
+            value: "/opt/geodb/geodb.mmdb"
+          - name: PERIOD
+            value: "24h"
       containers:
       - name: management
         imagePullPolicy: "{{ default .Values.image.pullPolicy .Values.management.image.pullPolicy }}"
@@ -47,8 +94,10 @@ spec:
         image: "{{ default .Values.image.repository .Values.management.image.repository }}:{{ default .Values.image.tag .Values.management.image.tag }}"
         command: ["/usr/local/bin/nts-pool-management"]
         workingDir: "/opt/nts-pool-management"
-        {{- if .Values.management.databaseCertificate.cert }}
         volumeMounts:
+          - name: geolocation
+            mountPath: "/opt/geodb"
+        {{- if .Values.management.databaseCertificate.cert }}
           - name: db-cert-volume
             mountPath: {{ .Values.management.databaseCertificate.mountPath }}
             subPath: db.pem
@@ -102,4 +151,4 @@ spec:
           - name: RESTART_BUMP
             value: "{{ default 1 .Values.management.restartBump}}"
           - name: NTSPOOL_GEOLOCATION_DB
-            value: "/opt/nts-pool-management/GeoLite2-Country-Test.mmdb" # Temporary, until proper loading of geolocation database is implemented
+            value: "/opt/geodb/geodb.mmdb"
diff --git a/helm-charts/nts-pool/values.yaml b/helm-charts/nts-pool/values.yaml
@@ -115,6 +115,17 @@ monitor:
   # Timeout for ntp exchanges with timesources.
   ntpTimeout: 1000
 
+# Configuration for geolocation data loading. The software is designed to use the MaxMind GeoLite2 Country database
+# NOTE: These values MUST be provided
+geolocation:
+  maxmindUserIdSecretRef:
+    name: nts-pool-maxmind
+    key: user-id
+  maxmindLicenseKeySecretRef:
+    name: nts-pool-maxmind
+    key: license-key
+  maxmindDatabaseUrl: null
+
 configUpdater:
   # When to run the config updater job
   schedule: "0 * * * *"
