From 39deffe9fe6f8ef079b559253307abd0e45fe190 Mon Sep 17 00:00:00 2001 From: Ricardo Sanchez Date: Sat, 11 Jan 2025 13:43:38 +0100 Subject: [PATCH] Adding MongoDB cluster sample app --- .../app/base/kustomization.yaml | 8 +++ .../app/base/mongodb-certificate.yaml | 26 ++++++++ .../app/base/mongodb-cluster.yaml | 65 +++++++++++++++++++ .../app/base/mongodb-secret.yaml | 8 +++ .../app/overlays/dev/kustomization.yaml | 6 ++ .../app/overlays/prod/kustomization.yaml | 6 ++ 6 files changed, 119 insertions(+) create mode 100644 kubernetes/apps/mongodb-cluster/app/base/kustomization.yaml create mode 100644 kubernetes/apps/mongodb-cluster/app/base/mongodb-certificate.yaml create mode 100644 kubernetes/apps/mongodb-cluster/app/base/mongodb-cluster.yaml create mode 100644 kubernetes/apps/mongodb-cluster/app/base/mongodb-secret.yaml create mode 100644 kubernetes/apps/mongodb-cluster/app/overlays/dev/kustomization.yaml create mode 100644 kubernetes/apps/mongodb-cluster/app/overlays/prod/kustomization.yaml diff --git a/kubernetes/apps/mongodb-cluster/app/base/kustomization.yaml b/kubernetes/apps/mongodb-cluster/app/base/kustomization.yaml new file mode 100644 index 00000000..1f88b624 --- /dev/null +++ b/kubernetes/apps/mongodb-cluster/app/base/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- mongodb-secret.yaml +- mongodb-certificate.yaml +- mongodb-cluster.yaml + + diff --git a/kubernetes/apps/mongodb-cluster/app/base/mongodb-certificate.yaml b/kubernetes/apps/mongodb-cluster/app/base/mongodb-certificate.yaml new file mode 100644 index 00000000..4a619263 --- /dev/null +++ b/kubernetes/apps/mongodb-cluster/app/base/mongodb-certificate.yaml @@ -0,0 +1,26 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: mongodb-certificate + namespace: mongodb +spec: + isCA: false + duration: 2160h # 90d + renewBefore: 360h # 15d + dnsNames: + - mongodb-0.mongodb-svc.mongodb.svc.cluster.local + - mongodb-1.mongodb-svc.mongodb.svc.cluster.local + - mongodb-2.mongodb-svc.mongodb.svc.cluster.local + - db-node-1.homelab.ricsanfre.com + - db-node-2.homelab.ricsanfre.com + - db-node-3.homelab.ricsanfre.com + secretName: mongodb-cert + privateKey: + algorithm: RSA + encoding: PKCS1 + size: 4096 + issuerRef: + name: ca-issuer + kind: ClusterIssuer + group: cert-manager.io + diff --git a/kubernetes/apps/mongodb-cluster/app/base/mongodb-cluster.yaml b/kubernetes/apps/mongodb-cluster/app/base/mongodb-cluster.yaml new file mode 100644 index 00000000..450cd2d4 --- /dev/null +++ b/kubernetes/apps/mongodb-cluster/app/base/mongodb-cluster.yaml @@ -0,0 +1,65 @@ +apiVersion: mongodbcommunity.mongodb.com/v1 +kind: MongoDBCommunity +metadata: + name: mongodb + namespace: mongodb +spec: + members: 3 + type: ReplicaSet + version: "6.0.11" + security: + tls: + enabled: true + certificateKeySecretRef: + name: mongodb-cert + caCertificateSecretRef: + name: mongodb-cert + authentication: + modes: ["SCRAM"] + users: + - name: admin + db: admin + passwordSecretRef: # a reference to the secret that will be used to generate the user's password + name: admin-user + roles: + - name: clusterAdmin + db: admin + - name: userAdminAnyDatabase + db: admin + scramCredentialsSecretName: my-scram + additionalMongodConfig: + storage.wiredTiger.engineConfig.journalCompressor: zlib + statefulSet: + spec: + template: + spec: + containers: + - name: mongod + resources: + limits: + cpu: "1" + memory: 2Gi + requests: + cpu: 500m + memory: 1Gi + # Add affinity rule to run pods only on amd64 nodes. + # ARM64 not properly supported by operator yet + # https://github.com/mongodb/mongodb-kubernetes-operator/issues/1514 + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - amd64 + volumeClaimTemplates: + - metadata: + name: data-volume + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5G \ No newline at end of file diff --git a/kubernetes/apps/mongodb-cluster/app/base/mongodb-secret.yaml b/kubernetes/apps/mongodb-cluster/app/base/mongodb-secret.yaml new file mode 100644 index 00000000..b75df1fc --- /dev/null +++ b/kubernetes/apps/mongodb-cluster/app/base/mongodb-secret.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: admin-user + namespace: mongodb +type: Opaque +stringData: + password: s1cret0 \ No newline at end of file diff --git a/kubernetes/apps/mongodb-cluster/app/overlays/dev/kustomization.yaml b/kubernetes/apps/mongodb-cluster/app/overlays/dev/kustomization.yaml new file mode 100644 index 00000000..f5d7a545 --- /dev/null +++ b/kubernetes/apps/mongodb-cluster/app/overlays/dev/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: mongodb + +resources: + - ../../base diff --git a/kubernetes/apps/mongodb-cluster/app/overlays/prod/kustomization.yaml b/kubernetes/apps/mongodb-cluster/app/overlays/prod/kustomization.yaml new file mode 100644 index 00000000..f5d7a545 --- /dev/null +++ b/kubernetes/apps/mongodb-cluster/app/overlays/prod/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: mongodb + +resources: + - ../../base