-
-
Save thilinapiy/0c5abc2c0c28efe1bbe2165b0d8dc115 to your computer and use it in GitHub Desktop.
| ## Generate a key | |
| # openssl rand -base64 741 > mongodb-keyfile | |
| ## Create k8s secrets | |
| # kubectl create secret generic mongo-key --from-file=mongodb-keyfile | |
| --- | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| name: mongo | |
| labels: | |
| name: mongo | |
| spec: | |
| ports: | |
| - port: 27017 | |
| targetPort: 27017 | |
| clusterIP: None | |
| selector: | |
| role: mongo | |
| --- | |
| apiVersion: apps/v1beta1 | |
| kind: StatefulSet | |
| metadata: | |
| name: mongo | |
| spec: | |
| serviceName: "mongo" | |
| replicas: 1 | |
| template: | |
| metadata: | |
| labels: | |
| role: mongo | |
| environment: test | |
| spec: | |
| terminationGracePeriodSeconds: 10 | |
| containers: | |
| - name: mongo | |
| image: mongo:3.4.9 | |
| command: | |
| - /bin/sh | |
| - -c | |
| - > | |
| if [ -f /data/db/admin-user.lock ]; then | |
| mongod --replSet rs0 --clusterAuthMode keyFile --keyFile /etc/secrets-volume/mongodb-keyfile --setParameter authenticationMechanisms=SCRAM-SHA-1; | |
| else | |
| mongod --auth; | |
| fi; | |
| lifecycle: | |
| postStart: | |
| exec: | |
| command: | |
| - /bin/sh | |
| - -c | |
| - > | |
| if [ ! -f /data/db/admin-user.lock ]; then | |
| sleep 5; | |
| touch /data/db/admin-user.lock | |
| if [ "$HOSTNAME" = "mongo-0" ]; then | |
| mongo --eval 'db = db.getSiblingDB("admin"); db.createUser({ user: "admin", pwd: "password", roles: [{ role: "root", db: "admin" }]});'; | |
| fi; | |
| mongod --shutdown; | |
| fi; | |
| ports: | |
| - containerPort: 27017 | |
| volumeMounts: | |
| - name: mongo-key | |
| mountPath: "/etc/secrets-volume" | |
| readOnly: true | |
| - name: mongo-persistent-storage | |
| mountPath: /data/db | |
| - name: mongo-sidecar | |
| image: cvallance/mongo-k8s-sidecar | |
| env: | |
| - name: MONGO_SIDECAR_POD_LABELS | |
| value: "role=mongo,environment=test" | |
| - name: MONGODB_USERNAME | |
| value: admin | |
| - name: MONGODB_PASSWORD | |
| value: password | |
| - name: MONGODB_DATABASE | |
| value: admin | |
| volumes: | |
| - name: mongo-key | |
| secret: | |
| defaultMode: 0400 | |
| secretName: mongo-key | |
| volumeClaimTemplates: | |
| - metadata: | |
| name: mongo-persistent-storage | |
| annotations: | |
| volume.beta.kubernetes.io/storage-class: "fast" | |
| spec: | |
| accessModes: [ "ReadWriteOnce" ] | |
| resources: | |
| requests: | |
| storage: 100Gi |
Hi Guys, I am also using the Statefulset, need help while I am trying to login to mongo-0 pod (kubectl exec -ti mongo-0 mongo) and trying to create new user but I am getting below error.
rs0:PRIMARY> use admin
switched to db admin
rs0:PRIMARY> db.createUser({user:"replSetManager",pwd:"password",roles:[{role:"clusterManager",db:"admin"},{role:"dbOwner", db:"adminsblog"},{role:"readWrite", db:"departmentblog"},{role:"read", db:"otherblog"}]})
2021-02-15T07:15:47.812+0000 E QUERY [thread1] Error: couldn't add user: not authorized on admin to execute command { createUser: "replSetManager", pwd: "xxx", roles: [ { role: "clusterManager", db: "admin" }, { role: "dbOwner", db: "adminsblog" }, { role: "readWrite", db: "departmentblog" }, { role: "read", db: "otherblog" } ], digestPassword: false, writeConcern: { w: "majority", wtimeout: 600000.0 } } :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
DB.prototype.createUser@src/mongo/shell/db.js:1292:15
@(shell):1:1
@lalit1980 did you come right with the above error? how did you fix it?
@thilinapiy Is MongoDB Enterprise Kubernetes Operator free to use in development?
It's free for development not for commercial
@thilinapiy the Community version is here https://github.com/mongodb/mongodb-kubernetes-operator
@thilinapiy By any chance, do you know how to add the internal authentication using the MongoDB enterprise kubernetes operator with the keyfile. I do not find much information on the crds and haven't got any good examples in the git repository.
Works ok, Thanks You safe my life!!