• k8s 搭建mongodb多副本集群


    https://kubernetes.io/blog/2017/01/running-mongodb-on-kubernetes-with-statefulsets/ 基础上添加了密码认证,与解决提示权限mongo-sidecar提示权限错误问题

    制作mongodb镜像(由于keyfile直接挂载提示权限错误)

    1. 生成 keyfile

    openssl rand -base64 741 > mongodb-keyfile

    FROM mongo:3.6.4
    
    ADD mongodb-keyfile /data/config/mongodb-keyfile
    RUN chown mongodb:mongodb /data/config/mongodb-keyfile && chmod 600 /data/config/mongodb-keyfile

    2. 部署yaml,与官方提供不同,此处需要将K8s command改为args ,否则 MONGO_INITDB_ROOT_USERNAME,MONGO_INITDB_ROOT_PASSWORD会被覆盖不能生效
    sidecar https://github.com/cvallance/mongo-k8s-sidecar 也需要如下相关参数
    apiVersion: rbac.authorization.k8s.io/v1beta1
    kind: ClusterRoleBinding
    metadata:
      name: mongo-default-view
    roleRef:
      apiGroup: rbac.authorization.k8s.io
      kind: ClusterRole
      name: view
    subjects:
      - kind: ServiceAccount
        name: mongo
        namespace: mongo
    ---
    apiVersion: v1
    kind: Service
    metadata:
      name: mongo
      namespace: mongo
      labels:
        name: mongo
    spec:
      ports:
      - port: 27017
        targetPort: 27017
      clusterIP: None
      selector:
        role: mongo
    ---
    apiVersion: apps/v1beta1
    kind: StatefulSet
    metadata:
      name: mongo
      namespace: mongo
    spec:
      serviceName: "mongo"
      replicas: 3
      template:
        metadata:
          labels:
            role: mongo
            environment: prod
        spec:
          terminationGracePeriodSeconds: 10
          serviceAccountName: mongo
          containers:
            - name: mongo
              image: 567969457461.dkr.ecr.cn-northwest-1.amazonaws.com.cn/library:mongo-4-2-7-v2
              env:
              - name: MONGO_INITDB_ROOT_USERNAME
                value: admin
              - name: MONGO_INITDB_ROOT_PASSWORD
                value: dSJN52PuSqn
              args:
                - mongod
                - "--replSet"
                - rs0
                - "--bind_ip"
                - 0.0.0.0
                - --clusterAuthMode
                - keyFile
                - --keyFile
                - /data/config/mongodb-keyfile
          #      - "--smallfiles"
          #      - "--noprealloc"
              ports:
                - containerPort: 27017
              volumeMounts:
                - name: mongo-persistent-storage
                  mountPath: /data/db
            - name: mongo-sidecar
              image: cvallance/mongo-k8s-sidecar
              env:
                - name: KUBE_NAMESPACE
                  value: mongo
                - name: MONGODB_USERNAME
                  value: admin
                - name: MONGODB_PASSWORD
                  value: dSJN52PuSqn
                - name: MONGO_SIDECAR_POD_LABELS
                  value: "role=mongo,environment=prod"
                - name: MONGODB_DATABASE
                  value: admin
      volumeClaimTemplates:
      - metadata:
          name: mongo-persistent-storage
          annotations:
            volume.beta.kubernetes.io/storage-class: "ebs-gp2"
        spec:
          accessModes: [ "ReadWriteOnce" ]
          resources:
            requests:
              storage: 25Gi
    ---
    
  • 相关阅读:
    C#4.0,支持动态语言?
    宁波.NET俱乐部第二次聚会WCF讲稿
    在线学习新编程
    mysql常用函数
    PHP 连接Mysql数据库
    Unix网络编程进阶计划
    RabbitMQ 安装
    Golang 变量
    Golang 结构体
    Golang 指针
  • 原文地址:https://www.cnblogs.com/ytc6/p/13098466.html
Copyright © 2020-2023  润新知