碼上快樂

相關內容    簡體    繁體

k8s 搭建mongodb多副本集群

本文轉載自   查看原文   2020-06-12 11:34   2987    kubernetes

 

https://kubernetes.io/blog/2017/01/running-mongodb-on-kubernetes-with-statefulsets/ 基礎上添加了密碼認證,與解決提示權限mongo-sidecar提示權限錯誤問題

制作mongodb鏡像(由於keyfile直接掛載提示權限錯誤)

1. 生成 keyfile

openssl rand -base64 741 > mongodb-keyfile

FROM mongo:3.6.4

ADD mongodb-keyfile /data/config/mongodb-keyfile
RUN chown mongodb:mongodb /data/config/mongodb-keyfile && chmod 600 /data/config/mongodb-keyfile

2. 部署yaml,與官方提供不同,此處需要將K8s command改為args ,否則 MONGO_INITDB_ROOT_USERNAME,MONGO_INITDB_ROOT_PASSWORD會被覆蓋不能生效
sidecar https://github.com/cvallance/mongo-k8s-sidecar 也需要如下相關參數
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: mongo-default-view
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: view
subjects:
  - kind: ServiceAccount
    name: mongo
    namespace: mongo
---
apiVersion: v1
kind: Service
metadata:
  name: mongo
  namespace: mongo
  labels:
    name: mongo
spec:
  ports:
  - port: 27017
    targetPort: 27017
  clusterIP: None
  selector:
    role: mongo
---
apiVersion: apps/v1beta1
kind: StatefulSet
metadata:
  name: mongo
  namespace: mongo
spec:
  serviceName: "mongo"
  replicas: 3
  template:
    metadata:
      labels:
        role: mongo
        environment: prod
    spec:
      terminationGracePeriodSeconds: 10
      serviceAccountName: mongo
      containers:
        - name: mongo
          image: 567969457461.dkr.ecr.cn-northwest-1.amazonaws.com.cn/library:mongo-4-2-7-v2
          env:
          - name: MONGO_INITDB_ROOT_USERNAME
            value: admin
          - name: MONGO_INITDB_ROOT_PASSWORD
            value: dSJN52PuSqn
          args:
            - mongod
            - "--replSet"
            - rs0
            - "--bind_ip"
            - 0.0.0.0
            - --clusterAuthMode
            - keyFile
            - --keyFile
            - /data/config/mongodb-keyfile
      #      - "--smallfiles"
      #      - "--noprealloc"
          ports:
            - containerPort: 27017
          volumeMounts:
            - name: mongo-persistent-storage
              mountPath: /data/db
        - name: mongo-sidecar
          image: cvallance/mongo-k8s-sidecar
          env:
            - name: KUBE_NAMESPACE
              value: mongo
            - name: MONGODB_USERNAME
              value: admin
            - name: MONGODB_PASSWORD
              value: dSJN52PuSqn
            - name: MONGO_SIDECAR_POD_LABELS
              value: "role=mongo,environment=prod"
            - name: MONGODB_DATABASE
              value: admin
  volumeClaimTemplates:
  - metadata:
      name: mongo-persistent-storage
      annotations:
        volume.beta.kubernetes.io/storage-class: "ebs-gp2"
    spec:
      accessModes: [ "ReadWriteOnce" ]
      resources:
        requests:
          storage: 25Gi
---

 


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 MongoDB 高可用集群副本集+分片搭建 MongoDB 3.2.8 副本集搭建 mongodb帶認證的副本集搭建 K8S之集群搭建 搭建k8s集群 k8s集群搭建(一) k8s集群的搭建 k8s之statefulSet-有狀態應用副本集控制器 k8s系列---stateful(有狀態應用副本集)控制器 MongoDB副本集搭建及備份恢復
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM