Skip to main content
Solved

MongoDB blueprint without authentication


  • Comes here often
  • 14 comments

Hello!

We are trying to set up the MongoDb blueprint in our test environment. The MongoDb replicaset there has no authentication activated.

Please advice how to customize the secret sections in https://raw.githubusercontent.com/kanisterio/kanister/0.73.0/examples/stable/mongodb/blueprint-v2/mongo-blueprint.yaml at the following places:

actions.backup.phases[0].objects.mongosecret.name: <mongo-secret-name> 

actions.restore.phases[0].objects.mongosecret.name: <mongo-secret-name>

Best answer by jaiganeshjk

@dk-do 
If you are just using it to test the blueprint backup, you can update the blueprint to remove the mongosecret object and modify the dump_cmd accordingly.
But it is not generally advisable to have an unauthenticated database.

View original
Did this topic help you find an answer to your question?

6 comments

Hagag
Forum|alt.badge.img+2
  • Experienced User
  • 154 comments
  • February 16, 2022

Hello @dk-do  ,

no need to modify the blueprint since you mentioned that you are not using authentication ( already existig secret ).

you just need to  create a Blueprint resource, please review the commands below:

 

to deploy the blueprint in kasten-io:

 curl https://raw.githubusercontent.com/kanisterio/kanister/0.73.0/examples/stable/mongodb/blueprint-v2/mongo-blueprint.yaml > mongo-blueprint.yaml


 kubectl apply -f mongo-blueprint.yaml --namespace kasten-io

 

Once the Blueprint is created, we will have to annotate the StatefulSet with the correct annotation to instruct K10 to use the Blueprint while performing operations on this MongoDB instance.

 

kubectl annotate statefulset <mongodb_satatefulset_NAME> kanister.kasten.io/blueprint='mongodb-blueprint' --namespace=mongodb-logical

 

P.S i suppose your secret name = statefulset name 

 

 

Here is example from my test lab:

 

[ahmedhagag@ahmeds-MacBook-Pro ~]$ k get statefulsets -n mongodb-logical
NAME                            READY   AGE
mongo-logical-mongodb           2/2     23m
mongo-logical-mongodb-arbiter   1/1     23m
[ahmedhagag@ahmeds-MacBook-Pro ~]$ k get secrets -n mongodb-logical
NAME                                  TYPE                                  DATA   AGE
default-token-47tg5                   kubernetes.io/service-account-token   3      23m
mongo-logical-mongodb                 Opaque                                2      23m
mongo-logical-mongodb-token-rkqk7     kubernetes.io/service-account-token   3      23m
sh.helm.release.v1.mongo-logical.v1   helm.sh/release.v1                    1      23m
[ahmedhagag@ahmeds-MacBook-Pro ~]$

 

Thanks!

Ahmed Hagag


  • Author
  • Comes here often
  • 14 comments
  • February 16, 2022

No! I do not have a MongoDb secret because MongoDb does not use authentication. It is just an internal test cluster!


  • Author
  • Comes here often
  • 14 comments
  • February 16, 2022

In the meantime I created a workaround:

Apply a secret with dummy passwords and replace the username and password parameters in the dump_cmd in blueprint.yaml 


jaiganeshjk
Forum|alt.badge.img+2
  • Experienced User
  • 274 comments
  • Answer
  • February 16, 2022

@dk-do 
If you are just using it to test the blueprint backup, you can update the blueprint to remove the mongosecret object and modify the dump_cmd accordingly.
But it is not generally advisable to have an unauthenticated database.


  • Author
  • Comes here often
  • 14 comments
  • February 16, 2022
jaiganeshjk wrote:

@dk-do 
But it is not generally advisable to have an unauthenticated database.

That is absolutely right!


jaiganeshjk
Forum|alt.badge.img+2
  • Experienced User
  • 274 comments
  • February 16, 2022

@dk-do , Please feel free to select any of the response in the thread as a solution if you have an answer for your question