I have a working mongoDB deployment on minikube and I have managed to create a database , collection as well as a user (same as the user referenced in yaml) to do backups on that database.
In the yaml file for my backup cron job I need to specify a MONGODB_URI parameter and quite frankly I am at a loss as to the exact convention for getting this (where exactly do you get the value).
As a check I have done a kubectl exec -it <pod_name>
so that I can check if I am going to put the correct URI beforehand . After running kubectl exec -it <pod_name> at the prompt that follows I tried the following :
1.
mongosh mongodb://aaa:abc123@mongodb-service.default.svc.cluster.local:27017/plaformdb/?directConnection=true
Not working I get error :
Current Mongosh Log ID: 62938b50880f139dad4b19c4
Connecting to: mongodb://mongodb-service.default.svc.cluster.local:27017/platformdb/?directConnection=true&appName=mongosh+1.4.2
MongoServerSelectionError: Server selection timed out after 30000 ms
mongosh mongodb://aaa:abc123@mongodb-service.svc.cluster.local:27017/platformdb?directConnection=true
Not working also I get error:
MongoNetworkError: getaddrinfo ENOTFOUND mongodb-service.svc.cluster.local
mongosh mongodb://aaa:abc123@mongodb-deployment-757ffdfdr5-thuiy.mongodb-service.default.svc.cluster.local:27017/platformdb
Not working I get an error :
Current Mongosh Log ID: 62938c93829ft678h88990
Connecting to: mongodb://mongodb-deployment-757ccdd6y8-thhhh.mongodb-service.default.svc.cluster.local:27017/platformdb?directConnection=true&appName=mongosh+1.4.2
MongoNetworkError: getaddrinfo ENOTFOUND mongodb-deployment-757ffdd5f5-tpzll.mongodb-service.default.svc.cluster.local
This however is the recommended way according to the : docs
Expected:
I should be able to log in to the database once I run that command.
This is how my deployment is defined :
apiVersion: apps/v1
kind: Deployment
metadata:
name: mongodb-deployment
labels:
app: mongodb
spec:
replicas: 1
selector:
matchLabels:
app: mongodb
template:
metadata:
labels:
app: mongodb
spec:
containers:
- name: mongodb
image: mongo
imagePullPolicy: "IfNotPresent"
ports:
- containerPort: 27017
env:
- name: MONGO_INITDB_ROOT_USERNAME
valueFrom:
secretKeyRef:
name: mongodb-secret-amended
key: mongo-root-username
- name: MONGO_INITDB_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: mongodb-secret-amended
key: mongo-root-password
volumeMounts:
- mountPath: /data/db
name: mongodb-vol
volumes:
- name: mongodb-vol
persistentVolumeClaim:
claimName: mongodb-claim
---
apiVersion: v1
kind: Service
metadata:
name: mongodb-service
spec:
selector:
app: mongodb
ports:
- protocol: TCP
port: 27017
targetPort: 27017
And I need to specify MONGODB_URI in this cron job :
---
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: mongodump-backup
spec:
schedule: "0 */6 * * *" #Cron job every 6 hours
startingDeadlineSeconds: 60
concurrencyPolicy: Forbid
successfulJobsHistoryLimit: 3
failedJobsHistoryLimit: 2
jobTemplate:
spec:
template:
spec:
containers:
- name: mongodump-backup
image: golide/backupsdemo
imagePullPolicy: "IfNotPresent"
env:
- name: DB_NAME
value: "microfunctions"
- name: MONGODB_URI
value: mongodb://aaa:abc123@host-mongodb:27017/dbname
volumeMounts:
- mountPath: "/mongodump"
name: mongodump-volume
command: ['sh', '-c',"./dump.sh"]
restartPolicy: OnFailure
volumes:
- name: mongodump-volume
persistentVolumeClaim:
claimName: mongodb-backup
UPDATE I have tried the suggested solutions on my localhost minikube but I am still getting errors :
mongo mongodb://aaa:abc123@mongodb-service:27017/platformdb?
authSource=admi
n
MongoDB shell version v5.0.8
connecting to: mongodb://mongodb-service:27017/platformdb?authSource=admin&compressors=disabled&gssapiServiceName=mongodb
Error: couldn't connect to server mongodb-service:27017, connection attempt failed: SocketException: Error connecting to mongodb-service:27017 (10.102.216.34:27017) :: caused by :: Connection timed out :
connect@src/mongo/shell/mongo.js:372:17
@(connect):2:6
exception: connect failed
exiting with code 1
This is giving same error even when I remove the port and use mongodb://aaa:abc123@mongodb-service/platformdb?authSource=admin . I have also tried putting quotes "" around the URL but getting same error.
As a check I tried replicating the exact same scenario on another mongodb deployment with same structure (it also has a headless service). This deploy is on a remote k8s cluster however. This is what I found out :
I cannot connect using a user other than the root user . I created a custom user to do the backups:
db.createUser( {user: "aaa", pwd: "abc123", roles: ["userAdminAnyDatabase", "dbAdminAnyDatabase", "readWriteAnyDatabase","backup"], mechanisms:["SCRAM-SHA-1"]})
NB: I have the same user created also on minikube context . For this custom user I am getting an Authentication failed error everytime I try to connect :
mongo mongodb://aaa:abc123@mongodb-headless-service:27017/TestDb?
authSource=admin
MongoDB shell version v4.4.7
connecting to: mongodb://mongodb-headless-service:27017/TestDb?authSource=admin&compressors=disabled&gssapiServiceName=mongodb
Error: Authentication failed. :
connect@src/mongo/shell/mongo.js:374:17
@(connect):2:6
exception: connect failed
exiting with code 1
The screen below shows a succesful connection then on the subsequent attempt the exact same connection is failing : On the 1st attempt I managed to login and run a show collections command but once I logout and try to connect I get Authentication Failed. The feature seems unstable at best.
Given the structure of your Service
, you'll need to use the hostname mongodb-service
(or mongodb-service.<namesapce>.svc.cluster.local
, if you like fully qualified names). The connection URI -- as far as I can tell from the documentation -- would be:
mongodb://<username>:<password>@mongodb-service/dbname?authSource=admin
You can also connect successfully like this:L
mongodb://<username>:<password>@mongodb-service/
Because:
If [the username and password are] specified, the client will attempt to authenticate the user to the authSource. If authSource is unspecified, the client will attempt to authenticate the user to the defaultauthdb. And if the defaultauthdb is unspecified, to the admin database.
I tested this using a slightly modified version of your Deployment
(mostly, I dropped the volumeMounts
, because I don't need persistent storage for testing, and I used envFrom
because I find that easier in general).
I deployed this using kustomize ( kubectl apply -k .
) with the following kustomization.yaml
:
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: mongo
commonLabels:
app: mongodb
resources:
- deployment.yaml
- service.yaml
secretGenerator:
- name: mongo-credentials
envs:
- mongo.env
This deployment.yaml
:
apiVersion: apps/v1
kind: Deployment
metadata:
name: mongodb-deployment
spec:
replicas: 1
template:
spec:
containers:
- name: mongodb
image: docker.io/mongo:latest
imagePullPolicy: IfNotPresent
ports:
- containerPort: 27017
envFrom:
- secretRef:
name: mongo-credentials
This service.yaml
:
apiVersion: v1
kind: Service
metadata:
name: mongodb-service
spec:
ports:
- protocol: TCP
port: 27017
targetPort: 27017
And this mongo.env
:
MONGO_INITDB_ROOT_USERNAME=admin
MONGO_INITDB_ROOT_PASSWORD=secret
Once everything was up and running, I started a client pod:
kubectl run --image docker.io/mongo:latest mongoc -- sleep inf
And I was able to start a shell in that pod and connect to the database:
$ kubectl exec -it mongoc -- bash
Current Mongosh Log ID: 6293a4bc534ff40ec737c383
Connecting to: mongodb://<credentials>@mongodb-service.mongo.svc.cluster.local/?directConnection=true&appName=mongosh+1.4.2
Using MongoDB: 5.0.8
Using Mongosh: 1.4.2
[...]
test>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.