琼殿技术论坛»首页 后端架构/服务器运行环境 MongoDB论坛 k8s 搭建mongodb多副本集群
返回列表 發新帖
查看: 69|回覆: 0

k8s 搭建mongodb多副本集群

[複製鏈接]
雄心啵啵

2

主題

0

回帖

0

積分

热心网友

金币
0
閲讀權限
220
精華
0
威望
0
贡献
0
在線時間
0 小時
註冊時間
2008-4-24
發表於 2020-6-12 11:34:00 | 顯示全部樓層 |閲讀模式

 

在https://kubernetes.io/blog/2017/01/running-mongodb-on-kubernetes-with-statefulsets/ 基础上添加了密码认证,与解决提示权限mongo-sidecar提示权限错误问题

制作mongodb镜像(由于keyfile直接挂载提示权限错误)

1. 生成 keyfile

openssl rand -base64 741 > mongodb-keyfile

FROM mongo:3.6.4

ADD mongodb-keyfile /data/config/mongodb-keyfile
RUN chown mongodb:mongodb /data/config/mongodb-keyfile && chmod 600 /data/config/mongodb-keyfile

2. 部署yaml,与官方提供不同,此处需要将K8s command改为args ,否则 MONGO_INITDB_ROOT_USERNAME,MONGO_INITDB_ROOT_PASSWORD会被覆盖不能生效
sidecar https://github.com/cvallance/mongo-k8s-sidecar 也需要如下相关参数
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: mongo-default-view
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: view
subjects:
  - kind: ServiceAccount
    name: mongo
    namespace: mongo
---
apiVersion: v1
kind: Service
metadata:
  name: mongo
  namespace: mongo
  labels:
    name: mongo
spec:
  ports:
  - port: 27017
    targetPort: 27017
  clusterIP: None
  selector:
    role: mongo
---
apiVersion: apps/v1beta1
kind: StatefulSet
metadata:
  name: mongo
  namespace: mongo
spec:
  serviceName: "mongo"
  replicas: 3
  template:
    metadata:
      labels:
        role: mongo
        environment: prod
    spec:
      terminationGracePeriodSeconds: 10
      serviceAccountName: mongo
      containers:
        - name: mongo
          image: 567969457461.dkr.ecr.cn-northwest-1.amazonaws.com.cn/library:mongo-4-2-7-v2
          env:
          - name: MONGO_INITDB_ROOT_USERNAME
            value: admin
          - name: MONGO_INITDB_ROOT_PASSWORD
            value: dSJN52PuSqn
          args:
            - mongod
            - "--replSet"
            - rs0
            - "--bind_ip"
            - 0.0.0.0
            - --clusterAuthMode
            - keyFile
            - --keyFile
            - /data/config/mongodb-keyfile
      #      - "--smallfiles"
      #      - "--noprealloc"
          ports:
            - containerPort: 27017
          volumeMounts:
            - name: mongo-persistent-storage
              mountPath: /data/db
        - name: mongo-sidecar
          image: cvallance/mongo-k8s-sidecar
          env:
            - name: KUBE_NAMESPACE
              value: mongo
            - name: MONGODB_USERNAME
              value: admin
            - name: MONGODB_PASSWORD
              value: dSJN52PuSqn
            - name: MONGO_SIDECAR_POD_LABELS
              value: "role=mongo,environment=prod"
            - name: MONGODB_DATABASE
              value: admin
  volumeClaimTemplates:
  - metadata:
      name: mongo-persistent-storage
      annotations:
        volume.beta.kubernetes.io/storage-class: "ebs-gp2"
    spec:
      accessModes: [ "ReadWriteOnce" ]
      resources:
        requests:
          storage: 25Gi
---

 



来源:https://www.cnblogs.com/ytc6/p/13098466.html
回覆

使用道具 舉報

返回列表 發新帖
高級模式
B Color Image Link Quote Code Smilies
您需要登錄後才可以回帖 登錄 | 立即注册

本版積分規則

Archiver|手机版|小黑屋|琼殿技术论坛 |nimba_sitemap:appname

相关侵权、举报、投诉及建议等,请发 E-mail:qiongdian@foxmail.com

Powered by Discuz! X5.0 © 2001-2026 Discuz! Team.

在本版发帖返回顶部