K
Q

Mongo statefulset in Istio 0.8

6/12/2018

I'm running into issues trying to deploy stateful mongodb replicaset with sidecar from cvallance while running istio 0.8, if I leave istio out of the mix everything works, but when istio is enabled mongo-sidecars can't find eachother and replicaset is not configured. Below is my mongo deployment and service.

apiVersion: v1
kind: Service
metadata:
  labels:
    service: mongo-test
    environment: test
  name: mongo-test
  namespace: test
spec:
  ports:
  - name: mongo
    port: 27017
  clusterIP: None
  selector:
    service: mongo-test
    role: mongo-test
    environment: test
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: mongo-test
  namespace: test
spec:
  serviceName: "mongo-test"
  replicas: 3
  selector:
    matchLabels:
      service: mongo-test
  template:
    metadata:
      labels:
        role: mongo-test
        environment: test
        service: mongo-test
    spec:
      serviceAccountName: mongo-test-serviceaccount
      terminationGracePeriodSeconds: 60
      containers:
        - name: mongo
          image: mongo:3.6.5
          resources:
            requests:
              cpu: "10m"
          command:
            - mongod
            - "--bind_ip_all"
            - "--replSet"
            - rs0
            - "--smallfiles"
            - "--noprealloc"
          ports:
            - containerPort: 27017
          volumeMounts:
            - name: mongo-persistent-storage
              mountPath: /data/db
        - name: mongo-sidecar
          image: cvallance/mongo-k8s-sidecar
          resources:
            requests:
              cpu: "10m"
          env:
            - name: MONGO_SIDECAR_POD_LABELS
              value: "role=mongo-test,environment=test"
  volumeClaimTemplates:
  - metadata:
      name: mongo-persistent-storage
      annotations:
        volumes.beta.kubernetes.io/storage-class: "mongo-ssd"
    spec:
      accessModes: [ "ReadWriteOnce" ]
      resources:
        requests:
          storage: 100Gi
-- jelums
google-kubernetes-engine
istio
kubernetes
kubernetes-statefulset
mongodb

Similar Questions

Deploying Spring Boot App in Docker container without auto starting Tomcat
How can I configure Google Load Balancer to have an IPv4 and IPv6 frontend in my Kubernetes yaml?
Run a Kubernetes pod with IAM role permissions
Deploying Application Kubernetes
How to see the history in Pod Kubernetes
How do I actually connect to botfront on kubernetes?

2 Answers

8/27/2018

Are you seeing this error message?

Error in workloop { Error: connect ECONNREFUSED 10.x.x.x:443 at TCPConnectWrap.afterConnect [as oncomplete] (net.js:x:x) errno: 'ECONNREFUSED', code: 'ECONNREFUSED', syscall: 'connect', address: '10.x.x.x', port: 443 } Error in workloop { Error: read ECONNRESET at TLSWrap.onread (net.js:x:x) errno: 'ECONNRESET', code: 'ECONNRESET', syscall: 'read' }

I've reproduced it on my end. I've run the MongoDB Statefulset on an Istio namespace with Mutual TLS Auth enabled. I've experienced the error message described above.

I was able to fix it by disabling the mutual TLS authentication.

Are you using mutual TLS authentication between sidecars in the MongoDB StatefulSet? If yes, the error message described above will be displayed.

Once I disabled mutual TLS authentication, the mongo statefulset did work. If you are running mutual TLS authentication, please disable it, and the statefulset should work. It worked on my end.

-- Mahmoud Sharif
Source: StackOverflow
10/8/2018

istio does not support mutual TLS for statefulsets at least till V.1.0.2

-- Paul Ma
Source: StackOverflow