Skip to content

Instantly share code, notes, and snippets.

@thilinapiy

thilinapiy/mongo-statefulset.yaml

Created October 27, 2017 12:21
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save thilinapiy/0c5abc2c0c28efe1bbe2165b0d8dc115 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save thilinapiy/0c5abc2c0c28efe1bbe2165b0d8dc115 to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. thilinapiy created this gist Oct 27, 2017.
    94 changes: 94 additions & 0 deletions mongo-statefulset.yaml
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,94 @@
    ## Generate a key
    # openssl rand -base64 741 > mongodb-keyfile
    ## Create k8s secrets
    # kubectl create secret generic mongo-key --from-file=mongodb-keyfile
    ---
    apiVersion: v1
    kind: Service
    metadata:
    name: mongo
    labels:
    name: mongo
    spec:
    ports:
    - port: 27017
    targetPort: 27017
    clusterIP: None
    selector:
    role: mongo
    ---
    apiVersion: apps/v1beta1
    kind: StatefulSet
    metadata:
    name: mongo
    spec:
    serviceName: "mongo"
    replicas: 1
    template:
    metadata:
    labels:
    role: mongo
    environment: test
    spec:
    terminationGracePeriodSeconds: 10
    containers:
    - name: mongo
    image: mongo:3.4.9
    command:
    - /bin/sh
    - -c
    - >
    if [ -f /data/db/admin-user.lock ]; then
    mongod --replSet rs0 --clusterAuthMode keyFile --keyFile /etc/secrets-volume/mongodb-keyfile --setParameter authenticationMechanisms=SCRAM-SHA-1;
    else
    mongod --auth;
    fi;
    lifecycle:
    postStart:
    exec:
    command:
    - /bin/sh
    - -c
    - >
    if [ ! -f /data/db/admin-user.lock ]; then
    sleep 5;
    touch /data/db/admin-user.lock
    if [ "$HOSTNAME" = "mongo-0" ]; then
    mongo --eval 'db = db.getSiblingDB("admin"); db.createUser({ user: "admin", pwd: "password", roles: [{ role: "root", db: "admin" }]});';
    fi;
    mongod --shutdown;
    fi;
    ports:
    - containerPort: 27017
    volumeMounts:
    - name: mongo-key
    mountPath: "/etc/secrets-volume"
    readOnly: true
    - name: mongo-persistent-storage
    mountPath: /data/db
    - name: mongo-sidecar
    image: cvallance/mongo-k8s-sidecar
    env:
    - name: MONGO_SIDECAR_POD_LABELS
    value: "role=mongo,environment=test"
    - name: MONGODB_USERNAME
    value: admin
    - name: MONGODB_PASSWORD
    value: password
    - name: MONGODB_DATABASE
    value: admin
    volumes:
    - name: mongo-key
    secret:
    defaultMode: 0400
    secretName: mongo-key
    volumeClaimTemplates:
    - metadata:
    name: mongo-persistent-storage
    annotations:
    volume.beta.kubernetes.io/storage-class: "fast"
    spec:
    accessModes: [ "ReadWriteOnce" ]
    resources:
    requests:
    storage: 100Gi