k8s 搭建mongodb多副本集群
在https://kubernetes.io/blog/2017/01/running-mongodb-on-kubernetes-with-statefulsets/ 基础上添加了密码认证,与解决提示权限mongo-sidecar提示权限错误问题
制作mongodb镜像(由于keyfile直接挂载提示权限错误)
1. 生成 keyfile
openssl rand -base64 741 > mongodb-keyfile
FROM mongo:3.6.4 ADD mongodb-keyfile /data/config/mongodb-keyfile RUN chown mongodb:mongodb /data/config/mongodb-keyfile && chmod 600 /data/config/mongodb-keyfile
2. 部署yaml,与官方提供不同,此处需要将K8s command改为args ,否则 MONGO_INITDB_ROOT_USERNAME,MONGO_INITDB_ROOT_PASSWORD会被覆盖不能生效sidecar https://github.com/cvallance/mongo-k8s-sidecar 也需要如下相关参数
apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: name: mongo-default-view roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: view subjects: - kind: ServiceAccount name: mongo namespace: mongo --- apiVersion: v1 kind: Service metadata: name: mongo namespace: mongo labels: name: mongo spec: ports: - port: 27017 targetPort: 27017 clusterIP: None selector: role: mongo --- apiVersion: apps/v1beta1 kind: StatefulSet metadata: name: mongo namespace: mongo spec: serviceName: "mongo" replicas: 3 template: metadata: labels: role: mongo environment: prod spec: terminationGracePeriodSeconds: 10 serviceAccountName: mongo containers: - name: mongo image: 567969457461.dkr.ecr.cn-northwest-1.amazonaws.com.cn/library:mongo-4-2-7-v2 env: - name: MONGO_INITDB_ROOT_USERNAME value: admin - name: MONGO_INITDB_ROOT_PASSWORD value: dSJN52PuSqn args: - mongod - "--replSet" - rs0 - "--bind_ip" - 0.0.0.0 - --clusterAuthMode - keyFile - --keyFile - /data/config/mongodb-keyfile # - "--smallfiles" # - "--noprealloc" ports: - containerPort: 27017 volumeMounts: - name: mongo-persistent-storage mountPath: /data/db - name: mongo-sidecar image: cvallance/mongo-k8s-sidecar env: - name: KUBE_NAMESPACE value: mongo - name: MONGODB_USERNAME value: admin - name: MONGODB_PASSWORD value: dSJN52PuSqn - name: MONGO_SIDECAR_POD_LABELS value: "role=mongo,environment=prod" - name: MONGODB_DATABASE value: admin volumeClaimTemplates: - metadata: name: mongo-persistent-storage annotations: volume.beta.kubernetes.io/storage-class: "ebs-gp2" spec: accessModes: [ "ReadWriteOnce" ] resources: requests: storage: 25Gi ---