Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
MongoDB statefulset for kubernetes with authentication and replication
## Generate a key
# openssl rand -base64 741 > mongodb-keyfile
## Create k8s secrets
# kubectl create secret generic mongo-key --from-file=mongodb-keyfile
---
apiVersion: v1
kind: Service
metadata:
name: mongo
labels:
name: mongo
spec:
ports:
- port: 27017
targetPort: 27017
clusterIP: None
selector:
role: mongo
---
apiVersion: apps/v1beta1
kind: StatefulSet
metadata:
name: mongo
spec:
serviceName: "mongo"
replicas: 1
template:
metadata:
labels:
role: mongo
environment: test
spec:
terminationGracePeriodSeconds: 10
containers:
- name: mongo
image: mongo:3.4.9
command:
- /bin/sh
- -c
- >
if [ -f /data/db/admin-user.lock ]; then
mongod --replSet rs0 --clusterAuthMode keyFile --keyFile /etc/secrets-volume/mongodb-keyfile --setParameter authenticationMechanisms=SCRAM-SHA-1;
else
mongod --auth;
fi;
lifecycle:
postStart:
exec:
command:
- /bin/sh
- -c
- >
if [ ! -f /data/db/admin-user.lock ]; then
sleep 5;
touch /data/db/admin-user.lock
if [ "$HOSTNAME" = "mongo-0" ]; then
mongo --eval 'db = db.getSiblingDB("admin"); db.createUser({ user: "admin", pwd: "password", roles: [{ role: "root", db: "admin" }]});';
fi;
mongod --shutdown;
fi;
ports:
- containerPort: 27017
volumeMounts:
- name: mongo-key
mountPath: "/etc/secrets-volume"
readOnly: true
- name: mongo-persistent-storage
mountPath: /data/db
- name: mongo-sidecar
image: cvallance/mongo-k8s-sidecar
env:
- name: MONGO_SIDECAR_POD_LABELS
value: "role=mongo,environment=test"
- name: MONGODB_USERNAME
value: admin
- name: MONGODB_PASSWORD
value: password
- name: MONGODB_DATABASE
value: admin
volumes:
- name: mongo-key
secret:
defaultMode: 0400
secretName: mongo-key
volumeClaimTemplates:
- metadata:
name: mongo-persistent-storage
annotations:
volume.beta.kubernetes.io/storage-class: "fast"
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: 100Gi
@sapien99

This comment has been minimized.

Copy link

sapien99 commented Jun 8, 2018

Saved my life thanks a lot!!!!

@agshift

This comment has been minimized.

Copy link

agshift commented Jun 11, 2018

Works great, when replicas: 1. But, when I try to make replicas: 2, and login to the 2nd mongo pod, I see it as rs0:OTHER> instead of the expected secondary mongo pod rs0:SECONDARY>
Looks like this approach is having difficulty in creating the secondary mongo pod in replica set.
It will be a great help if you could let me know how to do this?
Thanks,
Amit

@omerfsen

This comment has been minimized.

Copy link

omerfsen commented Nov 23, 2018

Because you haven't initialized Replication Set at mongo using rs.initiate on this example

@mward29

This comment has been minimized.

Copy link

mward29 commented Nov 29, 2018

@thilinapiy man its been a long time. Just came across this and I'm going to use it on my own project. Great work mate.

@venkatraj-icp

This comment has been minimized.

Copy link

venkatraj-icp commented Apr 30, 2019

Hi, I'm new to the Database, I have executed the above mongo with 3 replicaset and created successfully in kubernetes managed environment.

When I exected the rs.initiate it failed with HostUnreachable can anyone help here pls

rs.initiate(
... {
... _id: "rs0",
... version: 1,
... members: [
... { _id: 0, host : "mongo-0:27017" },
... { _id: 1, host : "mongo-1:27017" },
... { _id: 2, host : "mongo-2:27017" }
... ]
... }
... )
{
"ok" : 0,
"errmsg" : "replSetInitiate quorum check failed because not all proposed set members responded affirmatively: mongo-1:27017 failed with HostUnreachable, mongo-2:27017 failed with HostUnreachable",
"code" : 74,
"codeName" : "NodeNotFound"

@atbk5

This comment has been minimized.

Copy link

atbk5 commented May 28, 2019

I copy-pasted this file exactly as it is. I created the secret as well like the commented section says, I am still getting below error:

2019-05-28T10:05:14.173+0000 I NETWORK  [conn208] received client metadata from 127.0.0.1:35862 conn208: { driver: { name: "nodejs", version: "2.2.36" }, os: { type: "Linux", name: "linux", architecture: "x64", version: "4.15.0-1040-azure" }, platform: "Node.js v11.2.0, LE, mongodb-core: 2.1.20" }
2019-05-28T10:05:14.174+0000 I ACCESS   [conn208] SCRAM-SHA-1 authentication failed for admin on admin from client 127.0.0.1:35862 ; UserNotFound: Could not find user admin@admin```

Please help
@dsever

This comment has been minimized.

Copy link

dsever commented Jun 3, 2019

I copy-pasted this file exactly as it is. I created the secret as well like the commented section says, I am still getting below error:

It works for me, even automatically initialization by side car, from your log command mongo --eval 'db = db.getSiblingDB("admin"); db.createUser({ user: "admin", pwd: "password", roles: [{ role: "root", db: "admin" }]});';

was for some reason not executed,

@thilinapiy

This comment has been minimized.

Copy link
Owner Author

thilinapiy commented Jun 3, 2019

Guys this is old now. There are better ways to do it.
Tryout operators.

@ghnipunasaranga

This comment has been minimized.

Copy link

ghnipunasaranga commented Aug 4, 2019

@thilinapiy Is MongoDB Enterprise Kubernetes Operator free to use in development?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.