Charmed MongoDB K8s
- By Canonical Data Platform
- Databases
Channel | Revision | Published | Runs on |
---|---|---|---|
latest/stable | 14 | 01 Aug 2022 | |
latest/edge | 20 | 02 Mar 2023 | |
latest/edge | 16 | 03 Aug 2022 | |
6/beta | 38 | 05 Dec 2023 | |
6/edge | 54 | 11 Sep 2024 | |
5/edge | 39 | 14 Dec 2023 |
juju deploy mongodb-k8s --channel 6/beta
Deploy Kubernetes operators easily with Juju, the Universal Operator Lifecycle Manager. Need a Kubernetes cluster? Install MicroK8s to create a full CNCF-certified Kubernetes system in under 60 seconds.
Platform:
How to enable encryption
Note:
The TLS settings here are for self-signed-certificates which are not recommended for production clusters, the tls-certificates-operator charm offers a variety of configurations, read more on the TLS charm here.
Enable TLS
# deploy the TLS charm
juju deploy tls-certificates-operator --channel=stable
# add the necessary configurations for TLS
juju config tls-certificates-operator generate-self-signed-certificates="true" ca-common-name="Test CA"
# to enable TLS relate the two applications
juju relate mongodb-k8s tls-certificates-operator
Manage keys
Updates to private keys for certificate signing requests (CSR) can be made via the set-tls-private-key action. Note passing keys to external/internal keys should only be done with base64 -w0 not cat. With three replicas this schema should be followed
- Generate a shared internal key
openssl genrsa -out internal-key.pem 3072
- generate external keys for each unit
openssl genrsa -out external-key-0.pem 3072
openssl genrsa -out external-key-1.pem 3072
openssl genrsa -out external-key-2.pem 3072
- apply both private keys on each unit, shared internal key will be allied only on juju leader
juju run mongodb-k8s/0 set-tls-private-key "external-key=$(base64 -w0 external-key-0.pem)" "internal-key=$(base64 -w0 internal-key.pem)"
juju run mongodb-k8s/1 set-tls-private-key "external-key=$(base64 -w0 external-key-1.pem)" "internal-key=$(base64 -w0 internal-key.pem)"
juju run mongodb-k8s/2 set-tls-private-key "external-key=$(base64 -w0 external-key-2.pem)" "internal-key=$(base64 -w0 internal-key.pem)"
- updates can also be done with auto-generated keys with
juju run mongodb/0 set-tls-private-key
juju run mongodb/1 set-tls-private-key
juju run mongodb/2 set-tls-private-key
Disable TLS remove the relation
juju remove-relation mongodb tls-certificates-operator