I am migrating from aws to gke but somewhy I cannot reach my own ip
cescoferraro@g7: ~/go/src/github.com/cescoferraro/mongo-k8s-sidecar on develop [!]
$ k exec -it mongo-0 -c mongo bash
root@mongo-0:/# curl 10.32.2.70:27017^C
root@mongo-0:/# ifconfig
eth0 Link encap:Ethernet HWaddr 0a:58:0a:20:02:46
inet addr:10.32.2.70 Bcast:0.0.0.0 Mask:255.255.255.0
inet6 addr: fe80::4820:f6ff:fe60:a655/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1460 Metric:1
RX packets:13433 errors:0 dropped:0 overruns:0 frame:0
TX packets:13192 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:65150095 (65.1 MB) TX bytes:4359632 (4.3 MB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:13924 errors:0 dropped:0 overruns:0 frame:0
TX packets:13924 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2303174 (2.3 MB) TX bytes:2303174 (2.3 MB)
root@mongo-0:/# curl 10.32.2.70:27017
curl: (7) Failed to connect to 10.32.2.70 port 27017: Connection refused
root@mongo-0:/# curl 127.0.0.1:27017
It looks like you are trying to access MongoDB over HTTP on the native driver port.
root@mongo-0:/# curl 10.35.251.6
<!DOCTYPE html>
<html lang="pt" id="boss">
<head>
<meta charset="UTF-8">
<meta name="mobile-web-app-capable" content="yes">
<meta name="google-site-verification" content="xMFg9XEP67BGHFJRngurli0aSWzW5axaha2DYHhBaag">
<meta name="viewport" content="width=device-width,maximum-scale=5">
...
the k8s configuration
## Generate a key
# openssl rand -base64 741 > mongodb-keyfile
## Create k8s secrets
# kubectl create secret generic mongo-key --from-file=mongodb-keyfile
---
apiVersion: v1
kind: Service
metadata:
name: mongo
labels:
name: mongo
spec:
ports:
- port: 27017
targetPort: 27017
clusterIP: None
selector:
role: mongo
---
apiVersion: apps/v1beta1
kind: StatefulSet
metadata:
name: mongo
spec:
serviceName: "mongo"
replicas: 1
template:
metadata:
labels:
role: mongo
environment: test
spec:
terminationGracePeriodSeconds: 10
containers:
- name: mongo
image: mongo
command:
- /bin/sh
- -c
- >
if [ -f /data/db/admin-user.lock ]; then
mongod --replSet rs0 --bind_ip 0.0.0.0 --setParameter authenticationMechanisms=SCRAM-SHA-1;
else
mongod --auth;
fi;
lifecycle:
postStart:
exec:
command:
- /bin/sh
- -c
- >
if [ ! -f /data/db/admin-user.lock ]; then
sleep 5;
touch /data/db/admin-user.lock
if [ "$HOSTNAME" = "mongo-0" ]; then
mongo --eval 'db = db.getSiblingDB("admin"); db.createUser({ user: "admin", pwd: "pass", roles: [{ role: "root", db: "admin" }]});';
fi;
mongod --shutdown;
fi;
ports:
- containerPort: 27017
volumeMounts:
- name: mongo-persistent-storage
mountPath: /data/db
- name: mongo-sidecar
image: onnidev/mongosidecar
env:
- name: MONGO_SIDECAR_POD_LABELS
value: "role=mongo,environment=test"
- name: MONGODB_USERNAME
value: admin
- name: MONGODB_PASSWORD
value: pass
- name: MONGODB_DATABASE
value: admin
volumeClaimTemplates:
- metadata:
name: mongo-persistent-storage
annotations:
volume.beta.kubernetes.io/storage-class: "fast"
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: 4GiI was trying to implement a statefulset mongo deploy on GKE based off this document But unfortunately the example is outdated.
Matthew nailed the issue on the comments above pointing that mongo states the following here
Starting in MongoDB 3.6, mongos or mongod bind to localhost by default.
so the fix was to boot the server using the bind_ip flag like
mongod --replSet rs0 --bind_ip 127.0.0.1,$(hostname -I) --setParameter authenticationMechanisms=SCRAM-SHA-1The mongo 3.6 deprecates the way the cvallance/mongo-k8s-sidecar project authenticates using username and password, so I made a PR in order to fix it and built my own containerized version living at onnidev/mongosidecar
## Generate a key
# openssl rand -base64 741 > mongodb-keyfile
## Create k8s secrets
# kubectl create secret generic mongo-key --from-file=mongodb-keyfile
---
apiVersion: v1
kind: Service
metadata:
name: mongo
labels:
name: mongo
spec:
ports:
- port: 27017
targetPort: 27017
selector:
role: mongo
---
apiVersion: apps/v1beta1
kind: StatefulSet
metadata:
name: mongo
spec:
serviceName: "mongo"
replicas: 1
template:
metadata:
labels:
role: mongo
environment: test
spec:
terminationGracePeriodSeconds: 10
containers:
- name: mongo
image: mongo
command:
- /bin/sh
- -c
- >
if [ -f /data/db/admin-user.lock ]; then
export IP=$(hostname -I)
mongod --replSet rs0 --bind_ip 127.0.0.1,$IP --setParameter authenticationMechanisms=SCRAM-SHA-1;
else
mongod --auth;
fi;
lifecycle:
postStart:
exec:
command:
- /bin/sh
- -c
- >
if [ ! -f /data/db/admin-user.lock ]; then
sleep 5;
touch /data/db/admin-user.lock
if [ "$HOSTNAME" = "mongo-0" ]; then
mongo --eval 'db = db.getSiblingDB("admin"); db.createUser({ user: "admin", pwd: "pass", roles: [{ role: "root", db: "admin" }]});';
fi;
mongod --shutdown;
fi;
ports:
- containerPort: 27017
volumeMounts:
- name: mongo-persistent-storage
mountPath: /data/db
- name: mongo-sidecar
image: onnidev/mongosidecar
env:
- name: MONGO_SIDECAR_POD_LABELS
value: "role=mongo,environment=test"
- name: MONGODB_USERNAME
value: admin
- name: MONGODB_PASSWORD
value: pass
- name: MONGODB_DATABASE
value: admin
volumeClaimTemplates:
- metadata:
name: mongo-persistent-storage
annotations:
volume.beta.kubernetes.io/storage-class: "fast"
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: 4Gi