- 手动创建 SECRET
- 可以先以 json 或 yaml 格式在文件中创建一个 secret 对象,然后创建该对象。
- 每一项必须是 base64 编码:
$ echo -n "admin" | base64
YWRtaW4=
$ echo -n "1f2d1e2e67df" | base64
MWYyZDFlMmU2N2Rm
tee secret<<-'EOF'
apiVersion: v1
kind: Secret
metadata:
name: mysecret
type: Opaque
data:
username: YWRtaW4=
password: MWYyZDFlMmU2N2Rm
EOF
配置文件
tee conf.yaml <<-'EOF'
apiVersion: v1
kind: ConfigMap
metadata:
name: mongodb-conf
data:
mongodb.conf: |
dbpath=/data/db
logpath=/tmp/mongodb.log
#pidfilepath=/data/middleware-data/mongodb/master.pid
directoryperdb=true
logappend=true
bind_ip=0.0.0.0
port=27017
EOF
tee mongodb.yaml<<-'EOF'
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: mongodb
spec:
selector:
matchLabels:
app: mongodb
serviceName: "mongodb"
replicas: 1
template:
metadata:
labels:
app: mongodb
spec:
containers:
- name: mongodb
image: mongo:latest
command:
- sh
- -c
- " exec mongod -f /opt/mongodb.conf"
env:
- name: MONGO_INITDB_ROOT_USERNAME
valueFrom:
secretKeyRef:
name: mysecret
key: username
- name: MONGO_INITDB_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: mysecret
key: password
ports:
- containerPort: 27017
name: tcp
volumeMounts:
- name: www
mountPath: /data/db
- name: times
mountPath: /etc/localtime
- name: config
mountPath: /opt/
volumes:
- name: config
configMap:
name: mongodb-conf
items:
- key: "mongodb.conf"
path: "mongodb.conf"
- name: times
hostPath:
path: /usr/share/zoneinfo/Asia/Shanghai
volumeClaimTemplates:
- metadata:
name: www
spec:
accessModes: [ "ReadWriteOnce" ]
storageClassName: "mynfs"
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: Service
metadata:
name: mongodb
labels:
app: mongodb
spec:
ports:
- port: 27017
name: tcp
clusterIP: None
selector:
app: mongodb
---
apiVersion: v1
kind: Service
metadata:
labels:
app: mongodb
name: mongodb-svc
spec:
ports:
- port: 27017
protocol: TCP
targetPort: 27017
nodePort: 37777
selector:
app: mongodb
type: NodePort
EOF
kubectl exec -ti mongodb-0 -- mongo admin
admin用户只对admin这个db有权限。
db.createUser({ user:'admin',pwd:'888999',roles:[ { role:'userAdminAnyDatabase', db: 'admin'}]});
要操作mall这个db,可以这样:
要操作mall这个db,可以这样:
use mall;
db.createUser({ user:'mall',pwd:'888999',roles:[ { role:'readWrite', db: 'mall'}]});
> db.mall.insert({"name":"W菜鸟"})
WriteResult({ "nInserted" : 1 })
> show dbs
admin 0.000GB
config 0.000GB
local 0.000GB
mall 0.000GB
> ^C
bye