-
-
Save thilinapiy/0c5abc2c0c28efe1bbe2165b0d8dc115 to your computer and use it in GitHub Desktop.
## Generate a key | |
# openssl rand -base64 741 > mongodb-keyfile | |
## Create k8s secrets | |
# kubectl create secret generic mongo-key --from-file=mongodb-keyfile | |
--- | |
apiVersion: v1 | |
kind: Service | |
metadata: | |
name: mongo | |
labels: | |
name: mongo | |
spec: | |
ports: | |
- port: 27017 | |
targetPort: 27017 | |
clusterIP: None | |
selector: | |
role: mongo | |
--- | |
apiVersion: apps/v1beta1 | |
kind: StatefulSet | |
metadata: | |
name: mongo | |
spec: | |
serviceName: "mongo" | |
replicas: 1 | |
template: | |
metadata: | |
labels: | |
role: mongo | |
environment: test | |
spec: | |
terminationGracePeriodSeconds: 10 | |
containers: | |
- name: mongo | |
image: mongo:3.4.9 | |
command: | |
- /bin/sh | |
- -c | |
- > | |
if [ -f /data/db/admin-user.lock ]; then | |
mongod --replSet rs0 --clusterAuthMode keyFile --keyFile /etc/secrets-volume/mongodb-keyfile --setParameter authenticationMechanisms=SCRAM-SHA-1; | |
else | |
mongod --auth; | |
fi; | |
lifecycle: | |
postStart: | |
exec: | |
command: | |
- /bin/sh | |
- -c | |
- > | |
if [ ! -f /data/db/admin-user.lock ]; then | |
sleep 5; | |
touch /data/db/admin-user.lock | |
if [ "$HOSTNAME" = "mongo-0" ]; then | |
mongo --eval 'db = db.getSiblingDB("admin"); db.createUser({ user: "admin", pwd: "password", roles: [{ role: "root", db: "admin" }]});'; | |
fi; | |
mongod --shutdown; | |
fi; | |
ports: | |
- containerPort: 27017 | |
volumeMounts: | |
- name: mongo-key | |
mountPath: "/etc/secrets-volume" | |
readOnly: true | |
- name: mongo-persistent-storage | |
mountPath: /data/db | |
- name: mongo-sidecar | |
image: cvallance/mongo-k8s-sidecar | |
env: | |
- name: MONGO_SIDECAR_POD_LABELS | |
value: "role=mongo,environment=test" | |
- name: MONGODB_USERNAME | |
value: admin | |
- name: MONGODB_PASSWORD | |
value: password | |
- name: MONGODB_DATABASE | |
value: admin | |
volumes: | |
- name: mongo-key | |
secret: | |
defaultMode: 0400 | |
secretName: mongo-key | |
volumeClaimTemplates: | |
- metadata: | |
name: mongo-persistent-storage | |
annotations: | |
volume.beta.kubernetes.io/storage-class: "fast" | |
spec: | |
accessModes: [ "ReadWriteOnce" ] | |
resources: | |
requests: | |
storage: 100Gi |
Works great, when replicas: 1. But, when I try to make replicas: 2, and login to the 2nd mongo pod, I see it as rs0:OTHER> instead of the expected secondary mongo pod rs0:SECONDARY>
Looks like this approach is having difficulty in creating the secondary mongo pod in replica set.
It will be a great help if you could let me know how to do this?
Thanks,
Amit
Because you haven't initialized Replication Set at mongo using rs.initiate on this example
@thilinapiy man its been a long time. Just came across this and I'm going to use it on my own project. Great work mate.
Hi, I'm new to the Database, I have executed the above mongo with 3 replicaset and created successfully in kubernetes managed environment.
When I exected the rs.initiate it failed with HostUnreachable can anyone help here pls
rs.initiate(
... {
... _id: "rs0",
... version: 1,
... members: [
... { _id: 0, host : "mongo-0:27017" },
... { _id: 1, host : "mongo-1:27017" },
... { _id: 2, host : "mongo-2:27017" }
... ]
... }
... )
{
"ok" : 0,
"errmsg" : "replSetInitiate quorum check failed because not all proposed set members responded affirmatively: mongo-1:27017 failed with HostUnreachable, mongo-2:27017 failed with HostUnreachable",
"code" : 74,
"codeName" : "NodeNotFound"
I copy-pasted this file exactly as it is. I created the secret as well like the commented section says, I am still getting below error:
2019-05-28T10:05:14.173+0000 I NETWORK [conn208] received client metadata from 127.0.0.1:35862 conn208: { driver: { name: "nodejs", version: "2.2.36" }, os: { type: "Linux", name: "linux", architecture: "x64", version: "4.15.0-1040-azure" }, platform: "Node.js v11.2.0, LE, mongodb-core: 2.1.20" }
2019-05-28T10:05:14.174+0000 I ACCESS [conn208] SCRAM-SHA-1 authentication failed for admin on admin from client 127.0.0.1:35862 ; UserNotFound: Could not find user admin@admin```
Please help
I copy-pasted this file exactly as it is. I created the secret as well like the commented section says, I am still getting below error:
It works for me, even automatically initialization by side car, from your log command mongo --eval 'db = db.getSiblingDB("admin"); db.createUser({ user: "admin", pwd: "password", roles: [{ role: "root", db: "admin" }]});';
was for some reason not executed,
Guys this is old now. There are better ways to do it.
Tryout operators.
@thilinapiy Is MongoDB Enterprise Kubernetes Operator free to use in development?
Unable to mount volumes for pod "mongo-0_dev(xxx-xx-xx-xx-xx)": timeout expired waiting for volumes to attach or mount for pod "dev"/"mongo-0". list of unmounted volumes=[mongo-key]. list of unattached volumes=[mongo-persistent-storage mongo-key default-token-nvw6d]
how your creating mongodb-keyfile.
Kindly help me to resolve in this issue.
@sandyvanam, it's mentioned at top of the YAML.
## Generate a key
# openssl rand -base64 741 > mongodb-keyfile
## Create k8s secrets
# kubectl create secret generic mongo-key --from-file=mongodb-keyfile
Works ok, Thanks You safe my life!!
Hi Guys, I am also using the Statefulset, need help while I am trying to login to mongo-0 pod (kubectl exec -ti mongo-0 mongo) and trying to create new user but I am getting below error.
rs0:PRIMARY> use admin
switched to db admin
rs0:PRIMARY> db.createUser({user:"replSetManager",pwd:"password",roles:[{role:"clusterManager",db:"admin"},{role:"dbOwner", db:"adminsblog"},{role:"readWrite", db:"departmentblog"},{role:"read", db:"otherblog"}]})
2021-02-15T07:15:47.812+0000 E QUERY [thread1] Error: couldn't add user: not authorized on admin to execute command { createUser: "replSetManager", pwd: "xxx", roles: [ { role: "clusterManager", db: "admin" }, { role: "dbOwner", db: "adminsblog" }, { role: "readWrite", db: "departmentblog" }, { role: "read", db: "otherblog" } ], digestPassword: false, writeConcern: { w: "majority", wtimeout: 600000.0 } } :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
DB.prototype.createUser@src/mongo/shell/db.js:1292:15
@(shell):1:1
@lalit1980 did you come right with the above error? how did you fix it?
@thilinapiy Is MongoDB Enterprise Kubernetes Operator free to use in development?
It's free for development not for commercial
@thilinapiy the Community version is here https://github.com/mongodb/mongodb-kubernetes-operator
@thilinapiy By any chance, do you know how to add the internal authentication using the MongoDB enterprise kubernetes operator with the keyfile. I do not find much information on the crds and haven't got any good examples in the git repository.
Saved my life thanks a lot!!!!