1.1 前提準(zhǔn)備

• 制作MongoDB 鏡像，可從 Docker Hub 官網(wǎng) 下載鏡像，目的是解決提示權(quán)限mongo-sidecar提示權(quán)限錯(cuò)誤問(wèn)題（官方鏡像基礎(chǔ)上添加了密碼認(rèn)證）

? ? ? ? 生成 keyfile ，編寫(xiě)Dockerfile，構(gòu)建鏡像

# 生成 keyfile [root@registry mongodb]# openssl rand -base64 741 > mongodb-keyfile # 查看文件信息 [root@registry mongodb]# ls Dockerfile mongodb-keyfile # 創(chuàng)建Dockerfile [root@registry mongodb]# cat Dockerfile FROM mongo:3.6.4 ADD mongodb-keyfile /data/config/mongodb-keyfile RUN chown mongodb:mongodb /data/config/mongodb-keyfile && chmod 600 /data/config/mongodb-keyfile# 構(gòu)建鏡像 [root@registry mongodb]# docker build -f Dockerfile -t jinyuyun.top/mongo:3.6.4 .

構(gòu)建鏡像

• 外部ceph集群搭建好，(使用cephfs-csi 做數(shù)據(jù)持久卷，作為 MongoDB用來(lái)存放數(shù)據(jù))

1.2 編寫(xiě) yaml 文件

編寫(xiě)?mongodb-statefulset.yaml?文件，創(chuàng)建ServiceAccount，RBAC，StatefulSet以及提供了一個(gè)對(duì)外暴露的 NodePort 類(lèi)型的 Service，用于外部訪(fǎng)問(wèn)。

# cat mongodb-statefulset.yaml --- apiVersion: v1 kind: Namespace metadata:name: mongodblabels:name: mongo --- apiVersion: v1 kind: ServiceAccount #集群訪(fǎng)問(wèn)apiserver的憑證 metadata:name: mongonamespace: mongodb--- # rbac配置 apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata:name: mongo-default-view roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: view subjects:- kind: ServiceAccountname: mongonamespace: mongodb--- #mongo部署service apiVersion: v1 kind: Service metadata:name: mongonamespace: mongodblabels:name: mongo spec:ports:- port: 27017targetPort: 27017clusterIP: Noneselector:role: mongo --- #mongo暴露外部端口用于外部訪(fǎng)問(wèn) apiVersion: v1 kind: Service metadata: name: mongo-servicenamespace: mongodblabels: name: mongo spec: ports: - name: mongoport: 27017nodePort: 27017selector: role: mongotype: NodePort --- apiVersion: apps/v1 kind: StatefulSet metadata:name: mongonamespace: mongodb spec:selector: matchLabels: role: mongoenvironment: prodserviceName: "mongo"replicas: 2template:metadata:labels:role: mongoenvironment: prodspec:terminationGracePeriodSeconds: 10serviceAccountName: mongocontainers:- name: mongoimage: jinyuyun.top/mongo:3.6.4imagePullPolicy: IfNotPresentresources:limits: # 限定資源cpu: 500mmemory: 500Mirequests:cpu: 100mmemory: 50Mienv:- name: MONGO_INITDB_ROOT_USERNAMEvalue: root- name: MONGO_INITDB_ROOT_PASSWORDvalue: 123args: 此處需要將command改為args ，否則 MONGO_INITDB_ROOT_USERNAME，MONGO_INITDB_ROOT_PASSWORD會(huì)被覆蓋不能生效- mongod- "--replSet"- rs0- "--bind_ip"- 0.0.0.0- --clusterAuthMode- keyFile- --keyFile- /data/config/mongodb-keyfile# - "--smallfiles"# - "--noprealloc"ports:- containerPort: 27017volumeMounts:- name: mongo-datamountPath: /data/db- name: mongo-sidecarimage: jinyuyun.top/mongo-k8s-sidecarimagePullPolicy: IfNotPresentresources:limits: # 限定資源cpu: 500mmemory: 500Mirequests:cpu: 100mmemory: 50Mienv:- name: KUBE_NAMESPACEvalue: mongodb- name: MONGODB_USERNAMEvalue: root- name: MONGODB_PASSWORDvalue: 123- name: MONGO_SIDECAR_POD_LABELSvalue: "role=mongo,environment=prod"- name: MONGODB_DATABASEvalue: adminvolumeClaimTemplates:- metadata:name: mongo-dataspec:accessModes: [ "ReadWriteMany" ]storageClassName: "jyy-cephfs-sc"resources:requests:storage: 3Gi

1.3 部署mongodb-statefullset.yaml文件

[root@master mongodb]# kubectl apply -f mongodb-statefulset.yaml namespace/mongodb created serviceaccount/mongo created clusterrolebinding.rbac.authorization.k8s.io/mongo-default-view created persistentvolumeclaim/mongodb-pvc created service/mongo created service/mongo-service created statefulset.apps/mongo created

1.4 查看部署的mongo集群

[root@master mongodb]# kubectl get all -o wide NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR service/csi-metrics-cephfsplugin ClusterIP 10.103.172.38 <none> 8080/TCP 35d app=csi-cephfsplugin service/kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 58d <none> service/nfs-provisioner ClusterIP 10.110.5.164 <none> 2049/TCP,20048/TCP,111/TCP,111/UDP 58d app=nfs-provisioner [root@master mongodb]# kubectl get all -n mongodb NAME READY STATUS RESTARTS AGE pod/mongo-0 2/2 Running 0 55m pod/mongo-1 2/2 Running 0 54mNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/mongo ClusterIP None <none> 27017/TCP 55m service/mongo-service NodePort 10.102.239.141 <none> 27017:27017/TCP 55mNAME READY AGE statefulset.apps/mongo 2/2 55m

1.4 進(jìn)入容器查看集群狀態(tài)

# 進(jìn)入mongo-0 pod, 使用密碼登錄 [root@master mongodb]# kubectl exec -it mongo-0 -n mongodb -- mongo # 進(jìn)入db:admin rs0:PRIMARY> use admin; # 認(rèn)證 rs0:PRIMARY> db.auth("root","123"); # 查看數(shù)據(jù)庫(kù) rs0:PRIMARY> show dbs; admin 0.000GB config 0.000GB local 0.000GB# 查看集群狀態(tài) rs0:PRIMARY> rs.status()# 可知集群狀態(tài)信息 mongo-0 PRIMARY mongo-1 SECONDARY

?1.5 高可用主從讀寫(xiě)測(cè)試

# 主節(jié)點(diǎn)存儲(chǔ)數(shù)據(jù) rs0:PRIMARY> db.test.insert({"name":"zhangshan"}) WriteResult({ "nInserted" : 1 }) rs0:PRIMARY> show dbs admin 0.000GB config 0.000GB local 0.000GB test 0.000GB rs0:PRIMARY> exit# 從節(jié)點(diǎn)查看數(shù)據(jù)庫(kù)數(shù)據(jù) rs0:SECONDARY> use admin switched to db admin rs0:SECONDARY> db.auth("root","root123"); 1 rs0:SECONDARY> rs.slaveOk() rs0:SECONDARY> show dbs admin 0.000GB config 0.000GB local 0.000GB test 0.000GB rs0:SECONDARY> use test switched to db test rs0:SECONDARY> db.test.find().pretty() { "_id" : ObjectId("618a307a30ed71e51682d041"), "name" : "zhangshan" } rs0:SECONDARY> exit

?1.5 使用訪(fǎng)問(wèn)MongoDB

mongo cluster訪(fǎng)問(wèn)默認(rèn)連接為：

mongodb://mongo1,mongo2,mongo3:27017/dbname_?

在kubernetes中最常用的FQDN連接服務(wù)的連接為：

#appName.$HeadlessServiceName.$Namespace.svc.cluster.local

因?yàn)槲覀儾捎胹tatefulset部署的pod，所以命名均有規(guī)則，所以實(shí)際上如果連接到副本的mongodb cluster，上面的默認(rèn)連接該為（默認(rèn)為namespace之外）：

mongodb://mongo-0.mongo.mongodb.svc.cluster.local:27017,mongo-1.mongo.mongodb.svc.cluster.local:27017/?replicaSet=rs0

mongodb集群部署完成。

1.6 參考?

?k8s 搭建mongodb多副本集群 | 易學(xué)教程

https://segmentfault.com/a/1190000017321906

Kubernetes部署高可用MongoDB集群 - EvenChan - 博客園

https://github.com/cvallance/mongo-k8s-sidecar

總結(jié)

以上是生活随笔為你收集整理的k8s使用StatefulSet部署MongoDB集群的全部?jī)?nèi)容，希望文章能夠幫你解決所遇到的問(wèn)題。

如果覺(jué)得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。