Skip to content
/ mongodb-cluster-config Public

MongoDB cluster setup based on kubernetes

License

View license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

iunera/mongodb-cluster-config

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
kubernetes
kubernetes
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

mongodb-cluster-config

This repo contains the configuration files for the MongoDB cluster setup based on kubernetes, mongodb-kubernetes-operator and fluxcd as gitops tool.

Our approach is to deploy dedicated mongodb cluster into certain namespaces for specific projects rather than having one 'central' deployed Database cluster. This limits the amount of ops need to be done in the cluster and allows us to focus on kubernetes based gitops.

Installation

Operator

The Repo is included in fluxcd with following setup. It installs

---
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
  name: mongodb-cluster-config
  namespace: flux-system
spec:
  interval: 1m0s
  ref:
    branch: main
  timeout: 60s
  url: ssh://git@github.com/iunera/mongodb-cluster-config
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: mongodb-cluster-config
  namespace: flux-system
spec:
  interval: 10m0s
  path: ./kubernetes/
  prune: true
  sourceRef:
    kind: GitRepository
    name: mongodb-cluster-config

Database in Namespace

RBACs

Furthermore each database cluster will be deployed have to has access to some permissions on the Kubernetes API. Therefor foreach namespace a serviceaccount and a role have to be created and binded. This is done by kubernetes/fahrbar-common/rbac

Provide secrets

Our approach is to have a single point of truth/administration for passwords. Therefore we store all passwords via SOPS on the private git repositories. We recommend to do so in general. Fluxcd is capable of decrypting SOPS encrypted Kubernetes Secrets on the fly. The the database mentioned below the following secrets would fit the semantics

apiVersion: v1
kind: Secret
metadata:
  name: clusteradmin-password
  namespace: fahrbar-common
type: Opaque
stringData:
  password: securestring
---
apiVersion: v1
kind: Secret
metadata:
  name: occupancyapi-dev-v1-admin-password
  namespace: fahrbar-common
type: Opaque
stringData:
  password: securestring
---
apiVersion: v1
kind: Secret
metadata:
  name: occupancyapi-staging-v1-admin-password
  namespace: fahrbar-common
type: Opaque
stringData:
  password: securestring
---
apiVersion: v1
kind: Secret
metadata:
  name: occupancyapi-prod-v1-admin-password
  namespace: fahrbar-common
type: Opaque
stringData:
  password: securestring

Deploy the database cluster

Finally we are ready to deploy the 3 node mongodb cluster with SCRAM Auth, MongoDB RBAC and persistency. The kubernetes/fahrbar-common/database/mongodb-database.yaml config shows the details.

For more info check the https://github.com/mongodb/mongodb-kubernetes-operator/tree/master/config/samples or RTFM.

License

Open Compensation Token License, Version 0.20

About

MongoDB cluster setup based on kubernetes

Topics

fluxcd gitops-repo fahrbar2

Resources

Readme

License

View license
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository