网站首页 文章专栏 k8s中搭建mongo 副本集群 动态持久化存储cephRDB
请讲一下我遇到的大坑之一:cvallance/mongo-k8s-sidecar 不支持 4.x
我这里使用的 https://github.com/morphy2k/k8s-mongo-sidecar 镜像: morphy/k8s-mongo-sidecar
大坑之二: 上面说的两个mongo-sidecar 使用的环境变量很类似。但完全不一样
下面将使用cephrdb 创建存储 storage class . 用statefulsets 创建mongo 并利用 storage class 动态创建 pvc
k8s-mongo-sidecar 使用 k8s 角色创建并绑定权限
mongo 打开验证,并创建管理用户。副本间认证模式keyfile
创建 ceph rdb
ceph osd pool create k8s-pool 64 64
kubectl create ns mongo
openssl rand -base64 741 > key.txt
直接上yaml 文件:
vi ceph-storageclass.yaml
apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: ceph-storageclass parameters: adminId: admin adminSecretName: cephfs-k8s-secret adminSecretNamespace: logging monitors: 192.168.0.xx:6789,192.168.0.xx:6789,192.168.0.xx:6789 pool: k8s-pool userId: admin userSecretName: cephfs-k8s-secret userSecretNamespace: logging provisioner: kubernetes.io/rbd reclaimPolicy: Delete volumeBindingMode: Immediatevi mongodb-rbac.yaml
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: mongo
name: mongo
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "watch", "list"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: mongo
namespace: mongo
subjects:
- kind: ServiceAccount
name: default
namespace: mongo
roleRef:
kind: Role
name: mongo
apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: mongo-default-view
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: view
subjects:
- kind: ServiceAccount
name: default
namespace: mongo
vi mongodb-statefulset.yaml
apiVersion: v1
kind: Service
metadata:
name: mongo
labels:
name: mongo
spec:
ports:
- port: 27017
targetPort: 27017
clusterIP: None
selector:
role: mongo
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: mongo
namespace: mongo
spec:
replicas: 3
selector:
matchLabels:
environment: test
role: mongo
serviceName: mongo
template:
metadata:
labels:
environment: test
role: mongo
spec:
containers:
- command:
- docker-entrypoint.sh
- --replSet
- rs0
- --bind_ip
- 0.0.0.0
- --auth
- --clusterAuthMode
- keyFile
- --keyFile
- /data/db/key
env:
- name: MONGO_INITDB_ROOT_USERNAME
value: root
- name: MONGO_INITDB_ROOT_PASSWORD
value: dSJN52PuSqn
image: harbor.uu898.com/common/mongo:4.2.8
imagePullPolicy: IfNotPresent
name: mongo
ports:
- containerPort: 27017
protocol: TCP
volumeMounts:
- mountPath: /data/db
name: mongo-persistent-storage
- mountPath: /data/key.txt
name: mongo-keyfile
subPath: key.txt
- env:
- name: KUBERNETES_POD_LABELS
value: role=mongo,environment=test
- name: KUBERNETES_NAMESPACE
value: mongo
- name: MONGO_USERNAME
value: root
- name: MONGO_PASSWORD
value: dSJN52PuSqn
- name: MONGO_DATABASE
value: admin
- name: KUBERNETES_SERVICE_NAME
value: mongo
image: harbor.uu898.com/common/morphy/k8s-mongo-sidecar
imagePullPolicy: IfNotPresent
name: mongo-sidecar
initContainers:
- command:
- sh
- -c
- cp /data/key.txt /data/db/key && chown 999:999 /data/db/key && chmod 400
/data/db/key && ls -l /data/
image: harbor.uu898.com/common/busybox
imagePullPolicy: IfNotPresent
name: fix-permissions
securityContext:
privileged: true
volumeMounts:
- mountPath: /data/db
name: mongo-persistent-storage
- mountPath: /data/key.txt
name: mongo-keyfile
subPath: key.txt
restartPolicy: Always
schedulerName: default-scheduler
terminationGracePeriodSeconds: 10
volumes:
- configMap:
defaultMode: 420
items:
- key: key.txt
path: key.txt
name: mongo-keyfile
name: mongo-keyfile
updateStrategy:
rollingUpdate:
partition: 0
type: RollingUpdate
volumeClaimTemplates:
- metadata:
name: mongo-persistent-storage
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20Gi
storageClassName: ceph-storageclass
volumeMode: Filesystem