k8s 搭建mongodb多副本集群
<p> </p><p>在https://kubernetes.io/blog/2017/01/running-mongodb-on-kubernetes-with-statefulsets/ 基础上添加了密码认证,与解决提示权限mongo-sidecar提示权限错误问题</p>
<h3 id="准备-mongodb-镜像">制作mongodb镜像(由于keyfile直接挂载提示权限错误)</h3>
<p>1. 生成 keyfile</p>
<p>openssl rand <span class="nt">-base64 741 <span class="o">> mongodb-keyfile</span></span></p>
<div class="cnblogs_code">
<pre>FROM mongo:<span style="color: rgba(128, 0, 128, 1)">3.6</span>.<span style="color: rgba(128, 0, 128, 1)">4</span><span style="color: rgba(0, 0, 0, 1)">
ADD mongodb</span>-keyfile /data/config/mongodb-<span style="color: rgba(0, 0, 0, 1)">keyfile
RUN chown mongodb:mongodb </span>/data/config/mongodb-keyfile && chmod 600 /data/config/mongodb-keyfile</pre>
</div>
<div class="language-shell highlighter-rouge">
<div class="highlight">
<pre class="highlight"><code><span class="nv"><span class="nt"><span class="o"><br></span></span></span></code>2. 部署yaml,与官方提供不同,此处需要将K8s command改为args ,否则 MONGO_INITDB_ROOT_USERNAME,MONGO_INITDB_ROOT_PASSWORD会被覆盖不能生效<br>sidecar https://github.com/cvallance/mongo-k8s-sidecar 也需要如下相关参数</pre>
</div>
</div>
<div class="cnblogs_Highlighter">
<pre class="brush:python;gutter:true;">apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: mongo-default-view
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: view
subjects:
- kind: ServiceAccount
name: mongo
namespace: mongo
---
apiVersion: v1
kind: Service
metadata:
name: mongo
namespace: mongo
labels:
name: mongo
spec:
ports:
- port: 27017
targetPort: 27017
clusterIP: None
selector:
role: mongo
---
apiVersion: apps/v1beta1
kind: StatefulSet
metadata:
name: mongo
namespace: mongo
spec:
serviceName: "mongo"
replicas: 3
template:
metadata:
labels:
role: mongo
environment: prod
spec:
terminationGracePeriodSeconds: 10
serviceAccountName: mongo
containers:
- name: mongo
image: 567969457461.dkr.ecr.cn-northwest-1.amazonaws.com.cn/library:mongo-4-2-7-v2
env:
- name: MONGO_INITDB_ROOT_USERNAME
value: admin
- name: MONGO_INITDB_ROOT_PASSWORD
value: dSJN52PuSqn
args:
- mongod
- "--replSet"
- rs0
- "--bind_ip"
- 0.0.0.0
- --clusterAuthMode
- keyFile
- --keyFile
- /data/config/mongodb-keyfile
# - "--smallfiles"
# - "--noprealloc"
ports:
- containerPort: 27017
volumeMounts:
- name: mongo-persistent-storage
mountPath: /data/db
- name: mongo-sidecar
image: cvallance/mongo-k8s-sidecar
env:
- name: KUBE_NAMESPACE
value: mongo
- name: MONGODB_USERNAME
value: admin
- name: MONGODB_PASSWORD
value: dSJN52PuSqn
- name: MONGO_SIDECAR_POD_LABELS
value: "role=mongo,environment=prod"
- name: MONGODB_DATABASE
value: admin
volumeClaimTemplates:
- metadata:
name: mongo-persistent-storage
annotations:
volume.beta.kubernetes.io/storage-class: "ebs-gp2"
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: 25Gi
---
</pre>
</div>
<p> </p><br><br>
来源:https://www.cnblogs.com/ytc6/p/13098466.html
頁:
[1]