From f821e8dbc1d88fc6e462874d0efc32a0a5d27590 Mon Sep 17 00:00:00 2001 From: ycz008 Date: Fri, 19 Apr 2024 16:35:41 +0800 Subject: [PATCH] udpate prod mongo --- prod-upgrade/mongo/mongo.yaml | 33 ++++++++++++++++++++------------- 1 file changed, 20 insertions(+), 13 deletions(-) diff --git a/prod-upgrade/mongo/mongo.yaml b/prod-upgrade/mongo/mongo.yaml index 55a0d95..22b753c 100644 --- a/prod-upgrade/mongo/mongo.yaml +++ b/prod-upgrade/mongo/mongo.yaml @@ -24,34 +24,41 @@ spec: sysctl -w net.ipv4.tcp_keepalive_time=300 sysctl -w net.ipv4.tcp_keepalive_intvl=10 sysctl -w net.ipv4.tcp_keepalive_probes=3 + chmod 400 /etc/mongodb/keyfile.key securityContext: privileged: true + volumeMounts: + - name: mongo-keyfile + mountPath: /etc/mongodb/keyfile.key + subPath: keyfile.key + readOnly: true containers: - name: mongo image: mongo:6.0 - args: - - "--replSet=bfs-mongo-rs0" imagePullPolicy: IfNotPresent - env: - - name: MONGO_INITDB_ROOT_USERNAME - valueFrom: - secretKeyRef: - name: mongo - key: initdb_root_username - - name: MONGO_INITDB_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: mongo - key: initdb_root_password + args: + - "--bind_ip_all" + - "--replSet=bfs-mongo-rs0" + - "--keyFile=/etc/mongodb/keyfile.key" ports: - containerPort: 27017 volumeMounts: - name: mongo-data mountPath: /data/db + - name: mongo-keyfile + mountPath: /etc/mongodb/keyfile.key + subPath: keyfile.key + readOnly: true volumes: - name: mongo-data hostPath: path: /data/mongodb/rs0 + - name: mongo-keyfile + configMap: + name: mongo-keyfile + items: + - key: keyFile + path: keyfile.key affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: