Unable to authenticate Mongodb deployed in kubernetes - mongodb

Hi I have deployed mongodb V-4.2.6 on kubernetes and the below is the yaml file.
# Service to expose MongoDB
apiVersion: v1
kind: Service
metadata:
name: mongo
namespace: namespace-name
labels:
app: mongo
spec:
ports:
- name: mongo
port: 27017
targetPort: 27017
clusterIP: None
selector:
app: mongo
tier: db
type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: mongo
namespace: namespace-name
labels:
tier: "db"
app: "mongo"
spec:
replicas: 1
selector:
matchLabels:
app: mongo
tier: "db"
template:
metadata:
labels:
app: mongo
tier: "db"
spec:
terminationGracePeriodSeconds: 10
containers:
- name: mongo
image: mongo:4.2.6
resources:
limits:
memory: "2Gi"
requests:
memory: "512Mi"
env:
- name: MONGO_INITDB_ROOT_USERNAME
value: "admin"
- name: MONGO_INITDB_ROOT_PASSWORD
value: "password"
- name: MONGO_INITDB_DATABASE
value: admin
command:
- mongod
- --auth
ports:
- containerPort: 27017
volumeMounts:
- name: nfs1
mountPath: /data/db
volumes:
- name: nfs1
nfs:
server: 0.0.0.0
path: "/path/to/volumes"
If I try to login with the credentials( db.auth("admin", "password") )specified in the above yaml file I'm getting authentication failed message in mongodb. I have found related issues in stackoverflow but couldn't find the solution for this. Can any one help me to create admin user from the yaml file.

Remove command from your deployment file and it'll work. Because when you set MONGO_INITDB_ROOT_USERNAME and MONGO_INITDB_ROOT_PASSWORD ENV variables at your manifest. Mongo container will enable --auth by itself. So, you don't need to specify explicitly. Take a look at here.
Updated YAML
env:
- name: MONGO_INITDB_ROOT_USERNAME
value: "admin"
- name: MONGO_INITDB_ROOT_PASSWORD
value: "password"
- name: MONGO_INITDB_DATABASE
value: admin
ports:
- containerPort: 27017

Related

Authentication Failed when connecting to MongoDB Kubernetes Statefulset

I am deploying a mongodb statefulset in Kubernetes and I am setting up my own username and password, but I can't authenticate to the cluster. Please find my YAML manifest below:
Create the Statefulset along with the Headless service
...
apiVersion: v1
kind: Service
metadata:
name: mongo
namespace: ng-mongo
labels:
app: mongo
spec:
ports:
- port: 27017
targetPort: 27017
name: database
clusterIP: None
selector:
role: mongo
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: mongo
namespace: ng-mongo
spec:
serviceName: "mongo"
replicas: 1
selector:
matchLabels:
role: mongo
template:
metadata:
labels:
role: mongo
spec:
containers:
- name: mongo
image: mongo
ports:
- containerPort: 27017
volumeMounts:
- name: mongo-persistent-storage
mountPath: /data/db
env:
- name: MONGO_INITDB_ROOT_USERNAME
value: test
- name: MONGO_INITDB_ROOT_PASSWORD
value: test
- name: MONGO_INITDB_DATABASE
value: ng-db
- name: mongo-sidecar
image: cvallance/mongo-k8s-sidecar
env:
# https://github.com/cvallance/mongo-k8s-sidecar#settings
- name: MONGO_SIDECAR_POD_LABELS
value: "role=mongo"
volumeClaimTemplates:
- metadata:
name: mongo-persistent-storage
spec:
accessModes: [ "ReadWriteOnce" ]
storageClassName: "local-storage"
resources:
requests:
storage: 10Gi
Expose the headless service for testing purposes
kubectl port-forward mongo-0 27017:27017
Try to access the mongodb through mongoshell
mongo -u test -ptest --authenticationDatabase ng-db
And I get the following error:
MongoDB shell version v5.0.11
connecting to: mongodb://127.0.0.1:27017/?authSource=ng-db&compressors=disabled&gssapiServiceName=mongodb
Error: Authentication failed. :
connect#src/mongo/shell/mongo.js:372:17
#(connect):2:6
exception: connect failed
exiting with code 1
Can someone help me on this please? Thank you

Cannot connect to MongoDB: server selection error: server selection timeout

I have setup Percona MongoDB Exporter and when I attempt to scrape metrics for my MongDB instance I am getting an error :
An error has occurred while connecting to MongoDB:
cannot connect to MongoDB: server selection error: server selection timeout, current topology: { Type: Unknown, Servers: [{ Addr: mongodb-headless-service.labs.svc.cluster.local:27017, Type: Unknown, Last error: connection() error occured during connection handshake: dial tcp: lookup mongodb-headless-service.svc.cluster.local on 159.XX.XX.XX:XX: no such host }, ] }
Both MongoDB and Percona-MongoDB Exporter are deployed in the same namespace on Kubernetes and I have created a user (at admin level ) to extract the metrics :
db.createUser({ user: "promt", pwd: "abc123", roles: [ { role: "clusterMonitor", db: "admin" },{ role: "read", db: "local" } ], mechanisms:["SCRAM-SHA-1"]})
To verify if the exporter is able to scrape any metrics from the MongoDB instance I am using:
kubectl -n labs port-forward service/mongodb-exporter 9216
and I can access the Exporter at http://localhost:9216
In the Percona MongoDB-Exporter deployment I have specified Mongo-URI as below :
apiVersion: apps/v1
kind: Deployment
metadata:
name: mongodb-exporter
namespace: labs
spec:
replicas: 1
selector:
matchLabels:
app: mongodb-exporter
template:
metadata:
labels:
app: mongodb-exporter
spec:
containers:
- name: mongodb-exporter
image: percona/mongodb_exporter:0.30
imagePullPolicy: "IfNotPresent"
args:
- "--mongodb.direct-connect=false"
- "--mongodb.uri=mongodb://promt:abc123#mongo-headless-service.svc.cluster.local/admin"
ports:
- name: metrics
containerPort: 9216
resources:
requests:
memory: 128Mi
cpu: 250m
I have tried a lot of options but they all result in the same error:
Adding k8s namespace to the mongo-uri
--mongodb.uri=mongodb://promt:abc123#mongodb-headless-service.labs.svc.cluster.local/admin
Adding option for SSL
--mongodb.uri=mongodb://promt:abc123#mongodb-headless-service.svc.cluster.local/admin?ssl=false
Switching from using a k8s headless service to a ClusterIP
--mongodb.uri=mongodb://promt:abc123#mongo-single-clusterip.labs.svc.cluster.local/admin
Enabling direct-connect option
"--mongodb.direct-connect=true"
- "--mongodb.uri=mongodb://promt:abc123#mongodb-headless-service.svc.cluster.local/admin"
For all these options I also tried variations of adding the ssl option and namespace but that is failing with same error in all cases.
My MongoDB instance is a standalone deployment with the following definition :
apiVersion: apps/v1
kind: Deployment
metadata:
name: mongodb-deployment
namespace: labs
labels:
app: mongodb
spec:
replicas: 1
selector:
matchLabels:
app: mongodb
template:
metadata:
labels:
app: mongodb
spec:
containers:
- name: mongodb
image: docker.io/bitnami/mongodb:4.4.6-debian-10-r0
imagePullPolicy: "IfNotPresent"
securityContext:
runAsNonRoot: true
runAsUser: 1001
ports:
- containerPort: 27017
env:
- name: MONGO_INITDB_ROOT_USERNAME
valueFrom:
secretKeyRef:
name: mongodb-secret-amended
key: mongo-root-username
- name: MONGO_INITDB_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: mongodb-secret-amended
key: mongo-root-password
volumeMounts:
- mountPath: /data/db
name: mongodb-vol
volumes:
- name: mongodb-vol
persistentVolumeClaim:
claimName: mongodb-claim
---
apiVersion: v1
kind: Service
metadata:
name: mongodb-service
namespace: labs
spec:
type: NodePort
selector:
app: mongodb
ports:
- protocol: TCP
port: 27017
targetPort: 27017
---
apiVersion: v1
kind: Service
metadata:
name: mongodb-headless-service
namespace: labs
spec:
selector:
app: mongodb
ports:
- protocol: TCP
port: 27017
targetPort: 27017
---
apiVersion: v1
kind: Service
metadata:
name: mongo-single-clusterip
namespace: labs
spec:
type: ClusterIP
selector:
app: mongodb
ports:
- protocol: TCP
port: 27017
targetPort: 27017
For context I am following the example given here and here.
What am I missing?
The reason is stated in the error message you got back:
error occured during connection handshake: dial tcp: lookup mongodb-headless-service.svc.cluster.local on 159.XX.XX.XX:XX: no such host
DNS lookup for this FQDN: mongodb-headless-service.svc.cluster.local fails.
You can go through the steps here to confirm your DNS is set up correctly: https://kubernetes.io/docs/tasks/administer-cluster/dns-debugging-resolution/
You need to change your mongoDB URI to mongodb-headless-service.labs.svc.cluster.local in the configuration & it should start working well.

odoo in k8s: Odoo pod running then crashing

I try to deploy Odoo in k8s ;
I have use the below Yaml files for odoo/postgres/services.
the Odoo pod is always crashing . the logs result :
could not translate host name "db" to address: Temporary failure in name resolution
apiVersion: apps/v1
kind: Deployment
metadata:
name: odoo3
spec:
replicas: 1
selector:
matchLabels:
app: odoo3
template:
metadata:
labels:
app: odoo3
spec:
containers:
- name: odoo3
image: odoo
resources:
requests:
cpu: 100m
memory: 100Mi
env:
- name: POSTGRES_DB
value: "postgres"
- name: POSTGRES_PASSWORD
value: "postgres"
- name: POSTGRES_USER
value: "postgres"
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: odoo3
labels:
app: odoo3
spec:
ports:
- port: 80
targetPort: 80
selector:
app: odoo3
You need to specify the environment variable HOST
env:
- name: POSTGRES_DB
value: "postgres"
- name: POSTGRES_PASSWORD
value: "postgres"
- name: POSTGRES_USER
value: "postgres"
- name: HOST
value: "your-postgres-service-name"
Your your-postgres-service-name should point to your postgres database container or server.

Mongodb Authentication failed in Kubernetes (minikube)

Creating a mongodb from the below minikube deployment, I am not able to authenticate from the command line.
Basically I'd just want to list all databases because I suspect there is an issue with the connectivity to mongo-express.
I exec into the pod using kubectl exec -it mongodb-deployment-6b46455744-gfkzw -- /bin/bash,
mongo to start up the cli
db.auth("username", "password") gives MongoServerError: Authentication failed.
even though printenv gives
MONGO_INITDB_ROOT_PASSWORD=password
MONGO_INITDB_ROOT_USERNAME=username
any help?
apiVersion: apps/v1
kind: Deployment
metadata:
name: mongodb-deployment
labels:
app: mongodb
spec:
replicas: 1
selector:
matchLabels:
app: mongodb
template:
metadata:
labels:
app: mongodb
spec:
containers:
- name: mongodb
image: mongo
ports:
- containerPort: 27017
env:
- name: MONGO_INITDB_ROOT_USERNAME
valueFrom:
secretKeyRef:
name: mongodb-secret
key: mongo-root-username
- name: MONGO_INITDB_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: mongodb-secret
key: mongo-root-password
- name: ME_CONFIG_MONGODB_ENABLE_ADMIN
value: "true"
---
apiVersion: v1
kind: Service
metadata:
name: mongodb-service
spec:
selector:
app: mongodb
ports:
- protocol: TCP
port: 27017
targetPort: 27017
managed to connect using
mongosh --port 27017 --authenticationDatabase \
"admin" -u "myUserAdmin" -p
from https://docs.mongodb.com/manual/tutorial/authenticate-a-user/#std-label-authentication-auth-as-user and docker hub page.

Can't authenticate MongoDb on Kubernetes cluster

When I try to connect to MongoDb running on Kubernetes cluster with mongo -u admin -p password -authenticationDatabase admin, I get this error:
{"mechanism":"SCRAM-SHA-1","speculative":false,"principalName":"admin","authenticationDatabase":"admin","remote":"192.168.65.3:47486","extraInfo":{},"error":"UserNotFound: Could not find user \"admin\" for db \"admin\""}}
Below is the yaml file I'm using to create the MongoDb service.
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: mongodb-statefulset
spec:
serviceName: "mongodb-service"
selector:
matchLabels:
app: mongodb
template:
metadata:
labels:
app: mongodb
spec:
containers:
- name: mongodb
image: mongo
resources:
limits:
memory: "128Mi"
cpu: "500m"
ports:
- containerPort: 27017
env:
- name: MONGO_INITDB_ROOT_USERNAME
value: admin
- name: MONGO_INITDB_ROOT_PASSWORD
value: password
volumeMounts:
- mountPath: /data/db
name: data
volumeClaimTemplates:
- metadata:
name: data
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: Service
metadata:
name: mongodb-service
spec:
type: LoadBalancer
selector:
app: mongodb
ports:
- port: 27017
targetPort: 27017
I've tried everything and it still doesn't work. I appreciate any help.
Try something like, using mongod as command
apiVersion: v1
kind: Service
metadata:
labels:
app: mongo
name: mongodb-service
spec:
type: NodePort
ports:
- name: "http"
port: 27017
protocol: TCP
targetPort: 27017
selector:
service: mongo
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: mongo
spec:
replicas: 1
template:
metadata:
labels:
service: mongo
name: mongodb-service
spec:
containers:
- args:
- mongod
- --smallfiles
image: mongo:latest
name: mongo
env:
- name: MONGO_INITDB_ROOT_USERNAME
value: admin
- name: MONGO_INITDB_ROOT_PASSWORD
value: admin