diff --git a/prod-upgrade/mongo/mongo.yaml b/prod-upgrade/mongo/mongo.yaml index 1ed5292..93aaeea 100644 --- a/prod-upgrade/mongo/mongo.yaml +++ b/prod-upgrade/mongo/mongo.yaml @@ -24,14 +24,18 @@ spec: sysctl -w net.ipv4.tcp_keepalive_time=300 sysctl -w net.ipv4.tcp_keepalive_intvl=10 sysctl -w net.ipv4.tcp_keepalive_probes=3 - # chown 999 /etc/mongodb/keyfile.key - # chmod 400 /etc/mongodb/keyfile.key + cp /etc/keyfile.0 /etc/mongodb/keyfile.0 + chown 999 /etc/mongodb/keyfile.0 + chmod 400 /etc/mongodb/keyfile.0 securityContext: privileged: true - # volumeMounts: - # - name: mongo-keyfile - # mountPath: /etc/mongodb/keyfile.key - # subPath: keyfile.key + volumeMounts: + - name: mongo-conf + mountPath: /etc/mongodb + - name: mongo-keyfile + mountPath: /etc/keyfile.0 + subPath: keyfile.0 + readOnly: true containers: - name: mongo image: mongo:6.0 @@ -39,25 +43,31 @@ spec: args: - "--bind_ip_all" - "--replSet=bfs-mongo-rs0" - - "--keyFile=/etc/mongodb/keyfile.key" + - "--keyFile=/etc/mongodb/keyfile.0" ports: - containerPort: 27017 volumeMounts: - name: mongo-data mountPath: /data/db + - name: mongo-conf + mountPath: /etc/mongodb - name: mongo-keyfile - mountPath: /etc/mongodb/keyfile.key - subPath: keyfile.key + mountPath: /etc/keyfile.0 + subPath: keyfile.0 + readOnly: true volumes: - name: mongo-data hostPath: path: /data/mongodb/rs0 + - name: mongo-conf + emptyDir: + sizeLimit: 10Mi - name: mongo-keyfile configMap: name: mongo-keyfile items: - key: keyFile - path: keyfile.key + path: keyfile.0 affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: