percona-server-mongodb-operator

module
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 29, 2018 License: Apache-2.0

README

percona-server-mongodb-operator

Build Status Go Report Card codecov

A Kubernetes operator for Percona Server for MongoDB based on the Operator SDK.

Table of Contents

  1. DISCLAIMER
  2. Requirements
  3. Run the Operator
  4. Connect to the MongoDB Replica Set
    1. Static Endpoints List
  5. Required Secrets
    1. MongoDB System Users
      1. Development Mode
    2. MongoDB Internal Authentication Key (optional)
  6. Configuration
    1. Spec
    2. Secrets
    3. Replsets
    4. Mongod

DISCLAIMER

This code is incomplete, expect major issues and changes until this repo has stabilised!

Requirements

The operator was developed/tested for:

  1. Percona Server for MongoDB 3.6 or greater with:
    1. Authentication enabled
    2. Replication enabled
  2. Kubernetes version 1.10 to 1.11 or OpenShift 3.9 to 3.11
  3. Go 1.11

Run the Operator

  1. Add the 'psmdb' Namespace

    on Kubernetes:

    kubectl create namespace psmdb
kubectl config set-context $(kubectl config current-context) --namespace=psmdb

    on OpenShift:

    oc new-project psmdb

  2. Add the MongoDB Users secrets to Kubernetes. Update mongodb-users.yaml with new passwords!

    on Kubernetes:

    kubectl create -f deploy/mongodb-users.yaml

    on OpenShift:

    oc create -f deploy/mongodb-users.yaml

  3. Extra step for Google Kubernetes Engine

    kubectl create clusterrolebinding cluster-admin-binding1 --clusterrole=cluster-admin --user=<myname@example.org>

  4. Create RBAC and CustomResourceDefinition

    This step require that your user needs to have cluster-admin role privileges.

    Detailed about users and roles:

    Kubernetes: documentation

    OpenShift: documentation

    on Kubernetes:

    kubectl create -f deploy/crd.yaml
kubectl create -f deploy/rbac.yaml

    on OpenShift:

    oc project mykola-psmdb
oc create -f deploy/crd.yaml
oc create -f deploy/rbac.yaml

  5. Extra step for OpenShift, if you want to manage PSMDB cluster from non-privilegied user, you can grant permissions by applying next clusterrole

    oc create clusterrole psmdb-admin --verb="*" --resource=perconaservermongodbs.psmdb.percona.com
oc adm policy add-cluster-role-to-user psmdb-admin <some-user>

  6. Start the percona-server-mongodb-operator within Kubernetes:

    kubectl create -f deploy/operator.yaml

  7. Create the Percona Server for MongoDB cluster:

    on Kubernetes:

    kubectl apply -f deploy/cr.yaml

    on OpenShift:

    1. Uncomment the deploy/cr.yaml field '#platform:' and set it to 'platform: openshift'. Example:
    apiVersion: psmdb.percona.com/v1alpha1
kind: PerconaServerMongoDB
metadata:
  name: my-cluster-name
spec:
  platform: openshift
...
...
    1. Create/apply the CR:
    oc apply -f deploy/cr.yaml

  8. Wait for the operator and replica set pod reach Running state:

    $ kubectl get pods
NAME                                               READY   STATUS    RESTARTS   AGE
my-cluster-name-rs0-0                              1/1     Running   0          8m
my-cluster-name-rs0-1                              1/1     Running   0          8m
my-cluster-name-rs0-2                              1/1     Running   0          7m
percona-server-mongodb-operator-754846f95d-sf6h6   1/1     Running   0          9m

Connect to the MongoDB Replica Set

  1. From a 'mongo' shell add a readWrite user for use with an application (hostname/replicaSet in mongo uri may vary for your situation): 
    $ kubectl run -i --rm --tty percona-client --image=percona/percona-server-mongodb:3.6 --restart=Never -- bash -il
mongodb@percona-client:/$ mongo "mongodb+srv://userAdmin:userAdmin123456@my-cluster-name-rs0.psmdb.svc.cluster.local/admin?replicaSet=rs0&ssl=false"
rs0:PRIMARY> db.createUser({
    user: "myApp",
    pwd: "myAppPassword",
    roles: [
      { db: "myApp", role: "readWrite" }
    ]
})
Successfully added user: {
	"user" : "myApp",
	"roles" : [
		{
			"db" : "myApp",
			"role" : "readWrite"
		}
	]
}
  2. Again from a 'mongo' shell, insert and retrieve a test document in the 'myApp' database as the new application user: 
    $ kubectl run -i --rm --tty percona-client --image=percona/percona-server-mongodb:3.6 --restart=Never -- bash -il
mongodb@percona-client:/$ mongo "mongodb+srv://myApp:myAppPassword@my-cluster-name-rs0.psmdb.svc.cluster.local/admin?replicaSet=rs0&ssl=false"
rs0:PRIMARY> use myApp
switched to db myApp
rs0:PRIMARY> db.test.insert({ x: 1 })
WriteResult({ "nInserted" : 1 })
rs0:PRIMARY> db.test.findOne()
{ "_id" : ObjectId("5bc74ef05c0ec73be760fcf9"), "x" : 1 }

Static Endpoints List

If you prefer to use a static server list (instead of using mongodb+srv:// to detect servers) use 'kubectl describe service' to gather the list of endpoints.

Example (see 'Endpoints:' below): $ kubectl describe service my-cluster-name-rs0 | grep 'Endpoints:' Endpoints: 172.17.0.10:27017,172.17.0.12:27017,172.17.0.9:27017

Required Secrets

The operator requires Kubernetes Secrets to be deployed before it is started.

The name of the required secrets can be set in deploy/cr.yaml under the section spec.secrets.

MongoDB System Users

Default Secret name: my-cluster-name-mongodb-users Secret name field: spec.secrets.users

The operator requires system-level MongoDB Users to automate the MongoDB deployment. These users should not be used to run an application!

User Purpose Username Secret Key Password Secret Key MongoDB Role
Backup/Restore MONGODB_BACKUP_USER MONGODB_BACKUP_PASSWORD backup, clusterMonitor, restore
Cluster Admin MONGODB_CLUSTER_ADMIN_USER MONGODB_CLUSTER_ADMIN_PASSWORD clusterAdmin
Cluster Monitor MONGODB_CLUSTER_MONITOR_USER MONGODB_CLUSTER_MONITOR_PASSWORD clusterMonitor
User Admin MONGODB_USER_ADMIN_USER MONGODB_USER_ADMIN_PASSWORD userAdmin
Development Mode

Note: Do not use the default MongoDB Users in Production!

To make development/testing easier a secrets file with default MongoDB System User/Passwords is located at 'deploy/mongodb-users.yaml'.

The development-mode credentials from deploy/mongodb-users.yaml are:

Secret Key Secret Value
MONGODB_BACKUP_USER backup
MONGODB_BACKUP_PASSWORD backup123456
MONGODB_CLUSTER_ADMIN_USER clusterAdmin
MONGODB_CLUSTER_ADMIN_PASSWORD clusterAdmin123456
MONGODB_CLUSTER_MONITOR_USER clusterMonitor
MONGODB_CLUSTER_MONITOR_PASSWORD clusterMonitor123456
MONGODB_USER_ADMIN_USER userAdmin
MONGODB_USER_ADMIN_PASSWORD userAdmin123456

MongoDB Internal Authentication Key (optional)

Default Secret name: my-cluster-name-mongodb-key Secret name field: spec.secrets.key

By default, the operator will create a random, 1024-byte key for MongoDB Internal Authentication if it does not already exist.

If you would like to deploy a different key, create the secret manually before starting the operator.

Configuration

The operator is configured via the spec section of the deploy/cr.yaml file.

Spec

YAML Path: spec

Key Value Type Default Description
platform string kubernetes Override/set the Kubernetes platform: kubernetes or openshift. Set openshift on OpenShift 3.11+
version string 3.6 The Dockerhub tag of percona/percona-server-mongodb to deploy
secrets subdoc Operator secrets section
replsets array Operator MongoDB Replica Set section
mongod subdoc Operator MongoDB Mongod configuration section

Secrets

YAML Path: spec.secrets

Key Value Type Default Description
key string my-cluster-name-mongodb-key The secret name for the MongoDB Internal Auth Key. This secret is auto-created by the operator if it doesn't exist
users string my-cluster-name-mongodb-users The secret name for the MongoDB users required to run the operator. This secret is required to run the operator!

Replsets

YAML Path: spec.replsets

Key Value Type Default Description
name string rs0 The name of the MongoDB Replica Set
size int 3 The size of the MongoDB Replica Set, must be >= 3 for High-Availability
storageClass string Set the Kubernetes Storage Class to use with the MongoDB Persistent Volume Claim
resources.limits.cpu string Kubernetes CPU limit for MongoDB container
resources.limits.memory string Kubernetes Memory limit for MongoDB container
resources.limits.storage string Kubernetes Storage limit for Persistent Volume Claim
resources.requests.cpu string Kubernetes CPU requests for MongoDB container
resources.requests.memory string Kubernetes Memory requests for MongoDB container

Mongod

YAML Path: spec.mongod

Key Value Type Default Description
net.port int 27017 Sets the MongoDB 'net.port' option
net.hostPort int 0 Sets the Kubernetes 'hostPort' option
security.redactClientLogData bool false Enables/disables PSMDB Log Redaction
setParameter.ttlMonitorSleepSecs int 60 Sets the PSMDB 'ttlMonitorSleepSecs' option
setParameter.wiredTigerConcurrentReadTransactions int 128 Sets the 'wiredTigerConcurrentReadTransactions' option
setParameter.wiredTigerConcurrentWriteTransactions int 128 Sets the 'wiredTigerConcurrentWriteTransactions' option
storage.engine string wiredTiger Sets the 'storage.engine' option
storage.inMemory.inMemorySizeRatio float 0.9 Ratio used to compute the 'storage.engine.inMemory.inMemorySizeGb' option
storage.mmapv1.nsSize int 16 Sets the 'storage.mmapv1.nsSize' option
storage.mmapv1.smallfiles bool false Sets the 'storage.mmapv1.smallfiles' option
storage.wiredTiger.engineConfig.cacheSizeRatio float 0.5 Ratio used to compute the 'storage.wiredTiger.engineConfig.cacheSizeGB' option
storage.wiredTiger.engineConfig.directoryForIndexes bool false Sets the 'storage.wiredTiger.engineConfig.directoryForIndexes' option
storage.wiredTiger.engineConfig.journalCompressor string snappy Sets the 'storage.wiredTiger.engineConfig.journalCompressor' option
storage.wiredTiger.collectionConfig.blockCompressor string snappy Sets the 'storage.wiredTiger.collectionConfig.blockCompressor' option
storage.wiredTiger.indexConfig.prefixCompression bool true Sets the 'storage.wiredTiger.indexConfig.prefixCompression' option
operationProfiling.mode string slowOp Sets the 'operationProfiling.mode' option
operationProfiling.slowOpThresholdMs int 100 Sets the 'operationProfiling.slowOpThresholdMs' option
operationProfiling.rateLimit int 1 Sets the 'operationProfiling.rateLimit' option
auditLog.destination string Sets the 'auditLog.destination' option
auditLog.format string BSON Sets the 'auditLog.format' option
auditLog.filter string {} Sets the 'auditLog.filter' option

Directories

Path Synopsis
cmd
percona-server-mongodb-operator command
internal
sdk
sdk/mocks
Code generated by mockery v1.0.0.
 Code generated by mockery v1.0.0.
pkg
apis/psmdb/v1alpha1
+k8s:deepcopy-gen=package +groupName=psmdb.percona.com
 +k8s:deepcopy-gen=package +groupName=psmdb.percona.com
stub

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.