Install Percona server for MongoDB on Kubernetes
Clone the percona-server-mongodb-operator repository:
git clone -b release-1.0.0 https://github.com/percona/percona-server-mongodb-operator cd percona-server-mongodb-operator
It is crucial to specify the right branch with
-boption while cloning the code on this step. Please be careful.
The Custom Resource Definition for PSMDB should be created from the
deploy/crd.yamlfile. The Custom Resource Definition extends the standard set of resources which Kubernetes “knows” about with the new items (in our case resources which are the core of the operator).
$ kubectl apply -f deploy/crd.yaml
This step should be done only once; the step does not need to be repeated with any other Operator deployments.
psmdbnamespace to Kubernetes, and set the correspondent context for further steps:
$ kubectl create namespace psmdb $ kubectl config set-context $(kubectl config current-context) --namespace=psmdb
The role-based access control (RBAC) for PSMDB is configured with the
deploy/rbac.yamlfile. Role-based access is based on defined roles and the available actions which correspond to each role. The role and actions are defined for Kubernetes resources in the yaml file. Further details about users and roles can be found in Kubernetes documentation.
$ kubectl apply -f deploy/rbac.yaml
Setting RBAC requires your user to have cluster-admin role privileges. For example, those using Google Kubernetes Engine can grant user needed privileges with the following command:
$ kubectl create clusterrolebinding cluster-admin-binding --clusterrole=cluster-admin --user=$(gcloud config get-value core/account)
Start the operator within Kubernetes:
$ kubectl apply -f deploy/operator.yaml
Add the MongoDB Users secrets to Kubernetes. Additional names should be placed in the data section of the
deploy/mongodb-users.yamlfile as login name and the base64-encoded passwords for the user accounts (see Kubernetes documentation for details).
The following command can be used to get base64-encoded password from a plain text string:
$ echo -n 'plain-text-password' | base64
After editing the yaml file, mongodb-users secrets should be created (or updated with the new passwords) using the following command:
$ kubectl apply -f deploy/secrets.yaml
More details about secrets can be found in Users.
Now you need to prepare certificates for TLS security and apply them with the following command:
$ kubectl apply -f <secrets file>
Pre-generated certificates are awailable in the
deploy/ssl-secrets.yamlsecrets file for test purposes, but we strongly recommend avoiding their usage on any production system.
After the operator is started, Percona Server for MongoDB cluster can be created with the following command:
$ kubectl apply -f deploy/cr.yaml
The creation process may take some time. The process is over when both operator and replica set pod have reached their Running status:
$ kubectl get pods NAME READY STATUS RESTARTS AGE my-cluster-name-rs0-0 1/1 Running 0 8m my-cluster-name-rs0-1 1/1 Running 0 8m my-cluster-name-rs0-2 1/1 Running 0 7m percona-server-mongodb-operator-754846f95d-sf6h6 1/1 Running 0 9m
Check connectivity to newly created cluster
$ kubectl run -i --rm --tty percona-client --image=percona/percona-server-mongodb:3.6 --restart=Never -- bash -il percona-client:/$ mongo "mongodb+srv://userAdmin:userAdmin123456@my-cluster-name-rs0.psmdb.svc.cluster.local/admin?replicaSet=rs0&ssl=false"