K
Q

MongoDB on Kubernetes Service Accounts

2/12/2018

Ok, second try and I will try to simplify the question.

I have single MongoDB cluster running on Kubernetes (using helm) and I want to configure it in a way that each microservice (service+pod) connecting to their own mongodb database on their has their own credentials.

One way is to create mongodb database/users /password per microservice.

Alternatively, can I use Kubernetes ServiceAccount and RBAC to abstract that from the database, so the credentials are automatically passed from the overlaying microservice to the underlying database.

thanks,

-- Rajesh Jain
kubernetes
kubernetes-helm
mongodb

Similar Questions

How kubernetes can delete automatically the completed jobs?
Tenant isolation with Kubernetes on networking level
minishift update causes issues
acs-engine with custom vnet dns: error server misbehaving

1 Answer

2/13/2018

Can I create service accounts in mongo on k8s (and this applies to other services like redis/rabbit, which I have running on k8s)

Yes, you can create Service Accounts by following the steps here and here.

Setup Service Account Token by following the steps here.

Can I assign a service account rights (rw) on certain databases

Yes, create rolebinding and clusterrolebinding RBAC permissions for the Service Accounts by following the steps here.

Use this command to edit/update a Service Account:

kubectl edit serviceaccount <service account name> -n=<namespace>
-- Vikram Hosakote
Source: StackOverflow