mongodb community operator deployment

inventory.yml

@@ -10,14 +10,14 @@ all:
             controller_init:
               hosts:
                 k8s-master-1:
-                  ansible_host: 10.0.0.2
+                  ansible_host: 10.0.0.3
                   ansible_python_interpreter: /usr/bin/python3.11
                   ansible_ssh_common_args: '-o ProxyCommand="ssh -p 22 -W %h:%p -q root@65.109.4.220"'
 
         worker:
           hosts:
             k8s-node-1:
-              ansible_host: 10.0.0.3
+              ansible_host: 10.0.0.2
               ansible_python_interpreter: /usr/bin/python3.11
               ansible_ssh_common_args: '-o ProxyCommand="ssh -p 22 -W %h:%p -q root@65.109.4.220"'
 

playbooks/setup_k8s_cluster.yml

@@ -6,43 +6,46 @@
   gather_facts: false
 
   tasks:
-    - name: Read global default values
-      include_vars:
-        file: ../vars/default.yml
-
-    - name: Read cluster default values
-      include_vars:
-        file: ../vars/k8s_cluster/cluster_vars.yml
-
-    - name: base install block
-      when: inventory_hostname in (groups['controller'] + groups['worker'])
-      block:
-        - name: Prepare Debian System
-          import_tasks: ../tasks/k8s_cluster/system/prepare_debian_system.yml
-
-        - name: Setup k8s Cluster
-          import_tasks: ../tasks/k8s_cluster/kubernetes/setupK8sCluster.yml
-
-        - name : Install linkerd Service Mesh
-          import_tasks: ../tasks/k8s_cluster/serviceMesh/installLinkerd.yml
-
-    - name: Setup Storage
-      import_tasks: ../tasks/k8s_cluster/storage/setupStorage.yml
-
-    - name: base install block
-      when: inventory_hostname in groups['controller']
-      block:
-        - name: install Helm3
-          import_tasks: ../tasks/k8s_cluster/helm/install_helm3.yml
-
+#    - name: Read global default values
+#      include_vars:
+#        file: ../vars/default.yml
+#
+#    - name: Read cluster default values
+#      include_vars:
+#        file: ../vars/k8s_cluster/cluster_vars.yml
+#
+#    - name: base install block
+#      when: inventory_hostname in (groups['controller'] + groups['worker'])
+#      block:
+#        - name: Prepare Debian System
+#          import_tasks: ../tasks/k8s_cluster/system/prepare_debian_system.yml
+#
+#        - name: Setup k8s Cluster
+#          import_tasks: ../tasks/k8s_cluster/kubernetes/setupK8sCluster.yml
+#
+#        - name : Install linkerd Service Mesh
+#          import_tasks: ../tasks/k8s_cluster/serviceMesh/installLinkerd.yml
+#
+#    - name: Setup Storage
+#      import_tasks: ../tasks/k8s_cluster/storage/setupStorage.yml
+#
+#    - name: base install block
+#      when: inventory_hostname in groups['controller']
+#      block:
+#        - name: install Helm3
+#          import_tasks: ../tasks/k8s_cluster/helm/install_helm3.yml
+#
         - name: base install block controller_init
           when: inventory_hostname in groups['controller_init']
           block:
-            - name: Install MetalLB
-              import_tasks: ../tasks/k8s_cluster/loadbalancer/install_metallb.yml
+#            - name: Install MetalLB
+#              import_tasks: ../tasks/k8s_cluster/loadbalancer/install_metallb.yml
+#
+#            - name: install nginx ingress
+#              import_tasks: ../tasks/k8s_cluster/ingress/install_nginx_ingress.yml
+#
+#            - name: Install cert-manager
+#              import_tasks: ../tasks/k8s_cluster/cert_manager/install_cert_manager.yml
 
-            - name: install nginx ingress
-              import_tasks: ../tasks/k8s_cluster/ingress/install_nginx_ingress.yml
-
-            - name: Install cert-manager
-              import_tasks: ../tasks/k8s_cluster/cert_manager/install_cert_manager.yml
+            - name: Install mongodb
+              import_tasks: ../tasks/k8s_cluster/mongodb/install_mongodb.yml

tasks/k8s_cluster/mongodb/install_mongodb.yml

@@ -0,0 +1,43 @@
+---
+#- name: Read mongodb community operator values
+#  include_vars:
+#    file: ../vars/k8s_cluster/mongodb/mongodb.yml
+#
+#- name: "Create namespace '{{ namespace }}'"
+#  kubernetes.core.k8s:
+#    state: present
+#    definition:
+#      api_version: v1
+#      kind: Namespace
+#      metadata:
+#        name: '{{ namespace }}'
+#        labels:
+#          name: '{{ namespace }}'
+#
+#- name: Add mongodb community operator chart repo
+#  kubernetes.core.helm_repository:
+#    name: "{{ helm.releaseName }}"
+#    repo_url: "{{ helm.repoUrl }}"
+#
+#- name: Deploy mongodb community operator from helm chart
+#  kubernetes.core.helm:
+#   name: '{{ helm.releaseName }}'
+#   state: present
+#   chart_ref: '{{ helm.chart }}'
+#   release_namespace: '{{ namespace }}'
+#   chart_version: '{{ helm.chartVersion }}'
+#   update_repo_cache: 'true'
+#   values: "{{ lookup('template', '../templates/k8s_cluster/mongodb/mongodb-operator-values.yml') | from_yaml }}"
+
+- name: Deploy mongodb database
+  k8s:
+    state: present
+    namespace: "{{ namespace }}"
+    src: "{{ lookup('template', '../templates/k8s_cluster/mongodb/mongodb-deploy-db.yml') | from_yaml }}"
+
+#- name: Add secret for mongodb
+#  kubernetes.core.k8s:
+#    state: present
+#    release_namespace: "{{ namespace }}"
+#    definiton: "{{ lookup('template', '../templates/k8s_cluster/mongodb/mongodb-secret.yml') | from_yaml }}"
+#

templates/k8s_cluster/mongodb/mongodb-deploy-db.yml

@@ -0,0 +1,26 @@
+---
+apiVersion: mongodbcommunity.mongodb.com/v1
+kind: MongoDBCommunity
+metadata:
+  name: example-mongodb
+spec:
+  members: 1
+  type: ReplicaSet
+  version: "6.0.5"
+  security:
+    authentication:
+      modes: ["SCRAM"]
+  users:
+    - name: my-user
+      db: admin
+      passwordSecretRef: # a reference to the secret that will be used to generate the user's password
+        name: my-user-password
+      roles:
+        - name: clusterAdmin
+          db: admin
+        - name: userAdminAnyDatabase
+          db: admin
+      scramCredentialsSecretName: my-scram
+  additionalMongodConfig:
+    storage.wiredTiger.engineConfig.journalCompressor: zlib
+

templates/k8s_cluster/mongodb/mongodb-operator-values.yml

@@ -0,0 +1,120 @@
+## Reference to one or more secrets to be used when pulling images
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+imagePullSecrets: []
+# - name: "image-pull-secret"
+## Operator
+operator:
+  # Name that will be assigned to most of internal Kubernetes objects like
+  # Deployment, ServiceAccount, Role etc.
+  name: mongodb-kubernetes-operator
+
+  # Name of the operator image
+  operatorImageName: mongodb-kubernetes-operator
+
+  # Name of the deployment of the operator pod
+  deploymentName: mongodb-kubernetes-operator
+
+  # Version of mongodb-kubernetes-operator
+  version: 0.9.0
+
+  # Uncomment this line to watch all namespaces
+  # watchNamespace: "*"
+
+  # Resources allocated to Operator Pod
+  resources:
+    limits:
+      cpu:
+      memory:
+    requests:
+      cpu:
+      memory:
+
+  # replicas deployed for the operator pod. Running 1 is optimal and suggested.
+  replicas: 1
+
+  # Additional environment variables
+  extraEnvs: []
+  # environment:
+  # - name: CLUSTER_DOMAIN
+  #   value: my-cluster.domain
+
+  podSecurityContext:
+    runAsNonRoot: true
+    runAsUser: 2000
+
+  securityContext: {}
+
+## Operator's database
+database:
+  name: mongodb-database
+  # set this to the namespace where you would like
+  # to deploy the MongoDB database,
+  # Note if the database namespace is not same
+  # as the operator namespace,
+  # make sure to set "watchNamespace" to "*"
+  # to ensure that the operator has the
+  # permission to reconcile resources in other namespaces
+  # namespace: mongodb-database
+
+agent:
+  name: mongodb-agent
+  version: 107.0.0.8465-1
+versionUpgradeHook:
+  name: mongodb-kubernetes-operator-version-upgrade-post-start-hook
+  version: 1.0.8
+readinessProbe:
+  name: mongodb-kubernetes-readinessprobe
+  version: 1.0.17
+mongodb:
+  name: mongo
+  repo: docker.io
+
+registry:
+  agent: quay.io/mongodb
+  versionUpgradeHook: quay.io/mongodb
+  readinessProbe: quay.io/mongodb
+  operator: quay.io/mongodb
+  pullPolicy: Always
+
+# Set to false if CRDs have been installed already. The CRDs can be installed
+# manually from the code repo: github.com/mongodb/mongodb-kubernetes-operator or
+# using the `community-operator-crds` Helm chart.
+community-operator-crds:
+  enabled: true
+
+# Deploys MongoDB with `resource` attributes.
+createResource: false
+resource:
+  name: mongodb-replica-set
+  version: 4.4.0
+  members: 3
+  tls:
+    enabled: false
+
+    # Installs Cert-Manager in this cluster.
+    useX509: false
+    sampleX509User: false
+    useCertManager: true
+    certificateKeySecretRef: tls-certificate
+    caCertificateSecretRef: tls-ca-key-pair
+    certManager:
+      certDuration: 8760h   # 365 days
+      renewCertBefore: 720h   # 30 days
+
+  users:
+  # if using the MongoDBCommunity Resource, list any users to be added to the resource
+   users:
+   - name: my-user
+     db: admin
+     passwordSecretRef: # a reference to the secret that will be used to generate the user's password
+       name: admin-credential
+     roles:
+       - name: clusterAdmin
+         db: admin
+       - name: userAdminAnyDatabase
+         db: admin
+       - name: readWriteAnyDatabase
+         db: admin
+       - name: dbAdminAnyDatabase
+         db: admin
+     scramCredentialsSecretName: my-scram

templates/k8s_cluster/mongodb/mongodb-secret.yml

@@ -0,0 +1,8 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: my-user-password
+type: Opaque
+stringData:
+  password: admin

templates/k8s_cluster/storage/rook/csi/cephfs/storageclass.yaml

@@ -26,3 +26,4 @@ parameters:
   csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph
 
 reclaimPolicy: Delete
+

vars/k8s_cluster/mongodb/mongodb.yml

@@ -0,0 +1,10 @@
+######################################
+# Kubernetes mongodb community operator vars #
+######################################
+namespace: 'mongodb'
+
+helm:
+  repoUrl: 'https://mongodb.github.io/helm-charts'
+  chart: 'mongodb/community-operator'
+  releaseName: 'community-operator'
+  chartVersion: '0.9.0'