We Keep Coding

Authentication Failed when connecting to MongoDB Kubernetes Statefulset

I am deploying a mongodb statefulset in Kubernetes and I am setting up my own username and password, but I can't authenticate to the cluster. Please find my YAML manifest below:
Create the Statefulset along with the Headless service
...
apiVersion: v1
kind: Service
metadata:
name: mongo
namespace: ng-mongo
labels:
app: mongo
spec:
ports:
- port: 27017
targetPort: 27017
name: database
clusterIP: None
selector:
role: mongo
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: mongo
namespace: ng-mongo
spec:
serviceName: "mongo"
replicas: 1
selector:
matchLabels:
role: mongo
template:
metadata:
labels:
role: mongo
spec:
containers:
- name: mongo
image: mongo
ports:
- containerPort: 27017
volumeMounts:
- name: mongo-persistent-storage
mountPath: /data/db
env:
- name: MONGO_INITDB_ROOT_USERNAME
value: test
- name: MONGO_INITDB_ROOT_PASSWORD
value: test
- name: MONGO_INITDB_DATABASE
value: ng-db
- name: mongo-sidecar
image: cvallance/mongo-k8s-sidecar
env:
# https://github.com/cvallance/mongo-k8s-sidecar#settings
- name: MONGO_SIDECAR_POD_LABELS
value: "role=mongo"
volumeClaimTemplates:
- metadata:
name: mongo-persistent-storage
spec:
accessModes: [ "ReadWriteOnce" ]
storageClassName: "local-storage"
resources:
requests:
storage: 10Gi
Expose the headless service for testing purposes
kubectl port-forward mongo-0 27017:27017
Try to access the mongodb through mongoshell
mongo -u test -ptest --authenticationDatabase ng-db
And I get the following error:
MongoDB shell version v5.0.11
connecting to: mongodb://127.0.0.1:27017/?authSource=ng-db&compressors=disabled&gssapiServiceName=mongodb
Error: Authentication failed. :
connect#src/mongo/shell/mongo.js:372:17
#(connect):2:6
exception: connect failed
exiting with code 1
Can someone help me on this please? Thank you

Cannot connect to MongoDB: server selection error: server selection timeout

I have setup Percona MongoDB Exporter and when I attempt to scrape metrics for my MongDB instance I am getting an error :
An error has occurred while connecting to MongoDB:
cannot connect to MongoDB: server selection error: server selection timeout, current topology: { Type: Unknown, Servers: [{ Addr: mongodb-headless-service.labs.svc.cluster.local:27017, Type: Unknown, Last error: connection() error occured during connection handshake: dial tcp: lookup mongodb-headless-service.svc.cluster.local on 159.XX.XX.XX:XX: no such host }, ] }
Both MongoDB and Percona-MongoDB Exporter are deployed in the same namespace on Kubernetes and I have created a user (at admin level ) to extract the metrics :
db.createUser({ user: "promt", pwd: "abc123", roles: [ { role: "clusterMonitor", db: "admin" },{ role: "read", db: "local" } ], mechanisms:["SCRAM-SHA-1"]})
To verify if the exporter is able to scrape any metrics from the MongoDB instance I am using:
kubectl -n labs port-forward service/mongodb-exporter 9216
and I can access the Exporter at http://localhost:9216
In the Percona MongoDB-Exporter deployment I have specified Mongo-URI as below :
apiVersion: apps/v1
kind: Deployment
metadata:
name: mongodb-exporter
namespace: labs
spec:
replicas: 1
selector:
matchLabels:
app: mongodb-exporter
template:
metadata:
labels:
app: mongodb-exporter
spec:
containers:
- name: mongodb-exporter
image: percona/mongodb_exporter:0.30
imagePullPolicy: "IfNotPresent"
args:
- "--mongodb.direct-connect=false"
- "--mongodb.uri=mongodb://promt:abc123#mongo-headless-service.svc.cluster.local/admin"
ports:
- name: metrics
containerPort: 9216
resources:
requests:
memory: 128Mi
cpu: 250m
I have tried a lot of options but they all result in the same error:
Adding k8s namespace to the mongo-uri
--mongodb.uri=mongodb://promt:abc123#mongodb-headless-service.labs.svc.cluster.local/admin
Adding option for SSL
--mongodb.uri=mongodb://promt:abc123#mongodb-headless-service.svc.cluster.local/admin?ssl=false
Switching from using a k8s headless service to a ClusterIP
--mongodb.uri=mongodb://promt:abc123#mongo-single-clusterip.labs.svc.cluster.local/admin
Enabling direct-connect option
"--mongodb.direct-connect=true"
- "--mongodb.uri=mongodb://promt:abc123#mongodb-headless-service.svc.cluster.local/admin"
For all these options I also tried variations of adding the ssl option and namespace but that is failing with same error in all cases.
My MongoDB instance is a standalone deployment with the following definition :
apiVersion: apps/v1
kind: Deployment
metadata:
name: mongodb-deployment
namespace: labs
labels:
app: mongodb
spec:
replicas: 1
selector:
matchLabels:
app: mongodb
template:
metadata:
labels:
app: mongodb
spec:
containers:
- name: mongodb
image: docker.io/bitnami/mongodb:4.4.6-debian-10-r0
imagePullPolicy: "IfNotPresent"
securityContext:
runAsNonRoot: true
runAsUser: 1001
ports:
- containerPort: 27017
env:
- name: MONGO_INITDB_ROOT_USERNAME
valueFrom:
secretKeyRef:
name: mongodb-secret-amended
key: mongo-root-username
- name: MONGO_INITDB_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: mongodb-secret-amended
key: mongo-root-password
volumeMounts:
- mountPath: /data/db
name: mongodb-vol
volumes:
- name: mongodb-vol
persistentVolumeClaim:
claimName: mongodb-claim
---
apiVersion: v1
kind: Service
metadata:
name: mongodb-service
namespace: labs
spec:
type: NodePort
selector:
app: mongodb
ports:
- protocol: TCP
port: 27017
targetPort: 27017
---
apiVersion: v1
kind: Service
metadata:
name: mongodb-headless-service
namespace: labs
spec:
selector:
app: mongodb
ports:
- protocol: TCP
port: 27017
targetPort: 27017
---
apiVersion: v1
kind: Service
metadata:
name: mongo-single-clusterip
namespace: labs
spec:
type: ClusterIP
selector:
app: mongodb
ports:
- protocol: TCP
port: 27017
targetPort: 27017
For context I am following the example given here and here.
What am I missing?

The reason is stated in the error message you got back:
error occured during connection handshake: dial tcp: lookup mongodb-headless-service.svc.cluster.local on 159.XX.XX.XX:XX: no such host
DNS lookup for this FQDN: mongodb-headless-service.svc.cluster.local fails.
You can go through the steps here to confirm your DNS is set up correctly: https://kubernetes.io/docs/tasks/administer-cluster/dns-debugging-resolution/

You need to change your mongoDB URI to mongodb-headless-service.labs.svc.cluster.local in the configuration & it should start working well.

odoo in k8s: Odoo pod running then crashing

I try to deploy Odoo in k8s ;
I have use the below Yaml files for odoo/postgres/services.
the Odoo pod is always crashing . the logs result :
could not translate host name "db" to address: Temporary failure in name resolution
apiVersion: apps/v1
kind: Deployment
metadata:
name: odoo3
spec:
replicas: 1
selector:
matchLabels:
app: odoo3
template:
metadata:
labels:
app: odoo3
spec:
containers:
- name: odoo3
image: odoo
resources:
requests:
cpu: 100m
memory: 100Mi
env:
- name: POSTGRES_DB
value: "postgres"
- name: POSTGRES_PASSWORD
value: "postgres"
- name: POSTGRES_USER
value: "postgres"
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: odoo3
labels:
app: odoo3
spec:
ports:
- port: 80
targetPort: 80
selector:
app: odoo3

You need to specify the environment variable HOST
env:
- name: POSTGRES_DB
value: "postgres"
- name: POSTGRES_PASSWORD
value: "postgres"
- name: POSTGRES_USER
value: "postgres"
- name: HOST
value: "your-postgres-service-name"
Your your-postgres-service-name should point to your postgres database container or server.

Mongodb Authentication failed in Kubernetes (minikube)

Creating a mongodb from the below minikube deployment, I am not able to authenticate from the command line.
Basically I'd just want to list all databases because I suspect there is an issue with the connectivity to mongo-express.
I exec into the pod using kubectl exec -it mongodb-deployment-6b46455744-gfkzw -- /bin/bash,
mongo to start up the cli
db.auth("username", "password") gives MongoServerError: Authentication failed.
even though printenv gives
MONGO_INITDB_ROOT_PASSWORD=password
MONGO_INITDB_ROOT_USERNAME=username
any help?
apiVersion: apps/v1
kind: Deployment
metadata:
name: mongodb-deployment
labels:
app: mongodb
spec:
replicas: 1
selector:
matchLabels:
app: mongodb
template:
metadata:
labels:
app: mongodb
spec:
containers:
- name: mongodb
image: mongo
ports:
- containerPort: 27017
env:
- name: MONGO_INITDB_ROOT_USERNAME
valueFrom:
secretKeyRef:
name: mongodb-secret
key: mongo-root-username
- name: MONGO_INITDB_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: mongodb-secret
key: mongo-root-password
- name: ME_CONFIG_MONGODB_ENABLE_ADMIN
value: "true"
---
apiVersion: v1
kind: Service
metadata:
name: mongodb-service
spec:
selector:
app: mongodb
ports:
- protocol: TCP
port: 27017
targetPort: 27017

managed to connect using
mongosh --port 27017 --authenticationDatabase \
"admin" -u "myUserAdmin" -p
from https://docs.mongodb.com/manual/tutorial/authenticate-a-user/#std-label-authentication-auth-as-user and docker hub page.

Can't authenticate MongoDb on Kubernetes cluster

When I try to connect to MongoDb running on Kubernetes cluster with mongo -u admin -p password -authenticationDatabase admin, I get this error:
{"mechanism":"SCRAM-SHA-1","speculative":false,"principalName":"admin","authenticationDatabase":"admin","remote":"192.168.65.3:47486","extraInfo":{},"error":"UserNotFound: Could not find user \"admin\" for db \"admin\""}}
Below is the yaml file I'm using to create the MongoDb service.
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: mongodb-statefulset
spec:
serviceName: "mongodb-service"
selector:
matchLabels:
app: mongodb
template:
metadata:
labels:
app: mongodb
spec:
containers:
- name: mongodb
image: mongo
resources:
limits:
memory: "128Mi"
cpu: "500m"
ports:
- containerPort: 27017
env:
- name: MONGO_INITDB_ROOT_USERNAME
value: admin
- name: MONGO_INITDB_ROOT_PASSWORD
value: password
volumeMounts:
- mountPath: /data/db
name: data
volumeClaimTemplates:
- metadata:
name: data
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: Service
metadata:
name: mongodb-service
spec:
type: LoadBalancer
selector:
app: mongodb
ports:
- port: 27017
targetPort: 27017
I've tried everything and it still doesn't work. I appreciate any help.

Try something like, using mongod as command
apiVersion: v1
kind: Service
metadata:
labels:
app: mongo
name: mongodb-service
spec:
type: NodePort
ports:
- name: "http"
port: 27017
protocol: TCP
targetPort: 27017
selector:
service: mongo
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: mongo
spec:
replicas: 1
template:
metadata:
labels:
service: mongo
name: mongodb-service
spec:
containers:
- args:
- mongod
- --smallfiles
image: mongo:latest
name: mongo
env:
- name: MONGO_INITDB_ROOT_USERNAME
value: admin
- name: MONGO_INITDB_ROOT_PASSWORD
value: admin