-
Notifications
You must be signed in to change notification settings - Fork 0
/
mongodb-replicaset.yaml
134 lines (126 loc) · 3.28 KB
/
mongodb-replicaset.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
apiVersion: mongodbcommunity.mongodb.com/v1
kind: MongoDBCommunity
metadata:
name: mongo-replicaset
namespace: mongodb
spec:
members: 3
type: ReplicaSet
version: "5.0.2"
prometheus:
username: prometheus-username
passwordSecretRef:
name: metrics-endpoint-password
replicaSetHorizons:
- horizon: mongo-replicaset-0.com:27017
- horizon: mongo-replicaset-1.com:27017
- horizon: mongo-replicaset-2.com:27017
security:
tls:
enabled: true
certificateKeySecretRef:
name: mongodb-tls
caConfigMapRef:
name: ca-config-map
authentication:
modes: ["SCRAM"]
users:
- name: admin
db: admin
passwordSecretRef: # a reference to the secret that will be used to generate the user's password
name: admin-password
roles:
- name: clusterAdmin
db: admin
- name: userAdminAnyDatabase
db: admin
- name: root
db: admin
scramCredentialsSecretName: admin-scram
- name: dumpUser
db: admin
passwordSecretRef: # a reference to the secret that will be used to generate the user's password
name: dumpuser-password
roles:
- name: readWriteAnyDatabase
db: admin
scramCredentialsSecretName: dumpuser-scram
additionalMongodConfig:
storage.wiredTiger.engineConfig.journalCompressor: zlib
statefulSet:
spec:
volumeClaimTemplates:
- metadata:
name: data-volume
spec:
storageClassName: minikube-hostpath
accessModes: [ReadWriteOnce]
resources:
requests:
storage: 4Gi
---
apiVersion: v1
kind: Secret
metadata:
name: admin-password
namespace: mongodb
type: Opaque
stringData:
password: password
---
apiVersion: v1
kind: Secret
metadata:
name: dumpuser-password
namespace: mongodb
type: Opaque
stringData:
password: password
---
apiVersion: v1
kind: Secret
metadata:
name: metrics-endpoint-password
namespace: mongodb
type: Opaque
stringData:
password: "password"
username: prometheus-username
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
annotations:
# This needs to match `spec.ServiceMonitorSelector.matchLabels` from your
# `prometheuses.monitoring.coreos.com` resouce.
labels:
release: prometheus
name: mongodb-sm
namespace: mongodb
spec:
endpoints:
# Configuring a Prometheus Endpoint with basic Auth.
# `prom-secret` is a Secret containing a `username` and `password` entries.
- basicAuth:
password:
key: password
name: metrics-endpoint-password
username:
key: username
name: metrics-endpoint-password
# This port matches what we created in our MongoDB Service.
port: prometheus
# If using HTTPS enabled endpoint, change scheme to https
scheme: http
# Configure different TLS related settings. For more information, see:
# https://github.com/prometheus-operator/prometheus-operator/blob/main/pkg/apis/monitoring/v1/types.go#L909
# tlsConfig:
# insecureSkipVerify: true
# What namespace to watch
namespaceSelector:
matchNames:
- mongodb
# Service labels to match
selector:
matchLabels:
app: mongo-replicaset-svc