1

I have created pod with below pod definition which uses mongo official docker image. The expected result here is mongo docker creates user and pwd with env variables MONGO_INITDB_ROOT_USERNAME and MONGO_INITDB_ROOT_PASSWORD and then it will use /etc/mongo/mongod.conf provided to it from volume. Instead what happens is - on first connection - I am unable to connect saying user does not exist.

The error disappears if I remove the command section. Any Idea how to resolve this issue.

The equivalent docker command works well, but in kubernetes auth does not work if I provide a custom configuration file.

docker run -d -p 27017:27017 -e MONGO_INITDB_ROOT_USERNAME=mongoadmin -e MONGO_INITDB_ROOT_PASSWORD=secret --name some-mongo -v /etc/mongo:/etc/mongo -v /etc/ssl/keyfile:/data/db/keyfile  mongo:4.2.23 --config /etc/mongo/mongod.conf

apiVersion: v1
kind: Pod
metadata:
  name: mongodb
  labels:
    db: mongodb
spec:
  containers:
    - name: mongodb
      image: mongo:4.2.23
      command:
           - mongod
           - "--config"
           - "/etc/mongo/mongod.conf"
      env:
       - name: MONGO_INITDB_ROOT_USERNAME
         valueFrom:
            secretKeyRef:
              name: mongosecret
              key: user

       - name: MONGO_INITDB_ROOT_PASSWORD
         valueFrom:
            secretKeyRef:
              name: mongosecret
              key: password
      volumeMounts:
          - name: mongodb-keyfile
            mountPath: /etc/ssl
          - name: mongodb-config
            mountPath: /etc/mongo
            readOnly: true
  volumes:
    - name: mongodb-keyfile
      secret:
        secretName: mongodb-keyfile
        defaultMode: 0600
    - name: mongodb-config
      configMap:
        name: mongodb-config
Gowtham
  • 71
  • 8
  • Please post how you create the secrets in kubernetes (yaml or kubectl) and how you generate the config files. You should also better use a deployment instead of using a pod. Did you consider where your DB data will be stored. You need a volume to hold them or you will losse every time all when your pod restarts. – Ralle Mc Black Jan 04 '23 at 12:52

1 Answers1

1

As per this SO , As you said Post removing “command” from deployment file and it is working Because when you set MONGO_INITDB_ROOT_USERNAME and MONGO_INITDB_ROOT_PASSWORD ENV variables in your manifest. Mongo container will enable --auth by itself. So, you don't need to specify explicitly and check here.

Refer to this SO1 , SO2 for more information. You can also pass the username and password as secrets .

Hemanth Kumar
  • 2,728
  • 1
  • 4
  • 19