Update sample files from MEKO (#2050)

Author: lucian-tosa

source/includes/code-examples/reference-architectures/mongodb-replicaset-multi-cluster/code_snippets/1050_generate_certs.sh

@@ -0,0 +1,18 @@
+kubectl apply --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" -f - <<EOF
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: mdb-cert
+spec:
+  dnsNames:
+  - "*.${MDB_NAMESPACE}.svc.cluster.local"
+  duration: 240h0m0s
+  issuerRef:
+    name: my-ca-issuer
+    kind: ClusterIssuer
+  renewBefore: 120h0m0s
+  secretName: cert-prefix-mdb-cert
+  usages:
+  - server auth
+  - client auth
+EOF

source/includes/code-examples/reference-architectures/mongodb-replicaset-multi-cluster/code_snippets/1100_mongodb_replicaset_multi_cluster.sh

@@ -0,0 +1,30 @@
+kubectl apply --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" -f - <<EOF
+apiVersion: mongodb.com/v1
+kind: MongoDBMultiCluster
+metadata:
+  name: ${RESOURCE_NAME}
+spec:
+  type: ReplicaSet
+  version: 8.0.3
+  opsManager:
+    configMapRef:
+      name: mdb-org-project-config
+  credentials: mdb-org-owner-credentials
+  duplicateServiceObjects: false
+  persistent: true
+  externalAccess: {}
+  security:
+    certsSecretPrefix: cert-prefix
+    tls:
+      ca: ca-issuer
+    authentication:
+      enabled: true
+      modes: ["SCRAM"]
+  clusterSpecList:
+    - clusterName: ${K8S_CLUSTER_0_CONTEXT_NAME}
+      members: 2
+    - clusterName: ${K8S_CLUSTER_1_CONTEXT_NAME}
+      members: 1
+    - clusterName: ${K8S_CLUSTER_2_CONTEXT_NAME}
+      members: 2
+EOF

source/includes/code-examples/reference-architectures/mongodb-replicaset-multi-cluster/code_snippets/1110_mongodb_replicaset_multi_cluster_wait_for_running_state.sh

@@ -0,0 +1,8 @@
+echo; echo "Waiting for MongoDB to reach Running phase..."
+kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" wait --for=jsonpath='{.status.phase}'=Running "mdbmc/${RESOURCE_NAME}" --timeout=900s
+echo; echo "Pods running in cluster ${K8S_CLUSTER_0_CONTEXT_NAME}"
+kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" get pods
+echo; echo "Pods running in cluster ${K8S_CLUSTER_1_CONTEXT_NAME}"
+kubectl --context "${K8S_CLUSTER_1_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" get pods
+echo; echo "Pods running in cluster ${K8S_CLUSTER_2_CONTEXT_NAME}"
+kubectl --context "${K8S_CLUSTER_2_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" get pods

source/includes/code-examples/reference-architectures/mongodb-replicaset-multi-cluster/code_snippets/1200_create_mongodb_user.sh

@@ -0,0 +1,27 @@
+kubectl apply --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" -f - <<EOF
+apiVersion: v1
+kind: Secret
+metadata:
+  name: rs-user-password
+type: Opaque
+stringData:
+  password: password
+---
+apiVersion: mongodb.com/v1
+kind: MongoDBUser
+metadata:
+  name: rs-user
+spec:
+  passwordSecretKeyRef:
+    name: rs-user-password
+    key: password
+  username: "rs-user"
+  db: "admin"
+  mongodbResourceRef:
+    name: ${RESOURCE_NAME}
+  roles:
+  - db: "admin"
+    name: "root"
+EOF
+
+kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" wait --for=jsonpath='{.status.phase}'=Updated -n "${MDB_NAMESPACE}" mdbu/rs-user

source/includes/code-examples/reference-architectures/mongodb-replicaset-multi-cluster/code_snippets/1210_verify_mongosh_connection.sh

@@ -0,0 +1,12 @@
+# Load Balancers sometimes take longer to get an IP assigned, we need to retry
+while [ -z "$(kubectl get --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" svc "${RESOURCE_NAME}-0-0-svc-external" -o=jsonpath="{.status.loadBalancer.ingress[0].ip}")" ]
+do
+  sleep 5
+done
+
+external_ip="$(kubectl get --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" svc "${RESOURCE_NAME}-0-0-svc-external" -o=jsonpath="{.status.loadBalancer.ingress[0].ip}")"
+
+mkdir -p certs
+kubectl get --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" cm/ca-issuer -o=jsonpath='{.data.ca-pem}' > certs/ca.crt
+
+mongosh --host "${external_ip}" --username rs-user --password password --tls --tlsCAFile certs/ca.crt --tlsAllowInvalidHostnames --eval "db.runCommand({connectionStatus : 1})"

source/includes/code-examples/reference-architectures/mongodb-replicaset-multi-cluster/env_variables.sh

@@ -0,0 +1,9 @@
+# This script builds on top of the environment configured in the setup guides.
+# It depends (uses) the following env variables defined there to work correctly.
+# If you don't use the setup guide to bootstrap the environment, then define them here.
+#  ${K8S_CLUSTER_0_CONTEXT_NAME}
+#  ${K8S_CLUSTER_1_CONTEXT_NAME}
+#  ${K8S_CLUSTER_2_CONTEXT_NAME}
+#  ${MDB_NAMESPACE}
+
+export RESOURCE_NAME=mdb

source/includes/code-examples/reference-architectures/mongodb-replicaset-multi-cluster/output/1210_verify_mongosh_connection.out

@@ -0,0 +1,15 @@
+{
+  authInfo: {
+    authenticatedUsers: [ { user: 'rs-user', db: 'admin' } ],
+    authenticatedUserRoles: [ { role: 'root', db: 'admin' } ]
+  },
+  ok: 1,
+  '$clusterTime': {
+    clusterTime: Timestamp({ t: 1736786648, i: 9 }),
+    signature: {
+      hash: Binary.createFromBase64('oEXuV6w8Ct5J26i/Sqwr8oex8tI=', 0),
+      keyId: Long('7459441848994496517')
+    }
+  },
+  operationTime: Timestamp({ t: 1736786648, i: 9 })
+}

source/includes/code-examples/reference-architectures/mongodb-sharded-multi-cluster/code_snippets/2050_generate_certs.sh

@@ -0,0 +1,103 @@
+kubectl apply --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" -f - <<EOF
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: mdb-sh-cert
+spec:
+  dnsNames:
+  - "*.${MDB_NAMESPACE}.svc.cluster.local"
+  duration: 240h0m0s
+  issuerRef:
+    name: my-ca-issuer
+    kind: ClusterIssuer
+  renewBefore: 120h0m0s
+  secretName: cert-prefix-mdb-sh-cert
+  usages:
+  - server auth
+  - client auth
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: mdb-sh-0-cert
+spec:
+  dnsNames:
+  - "*.${MDB_NAMESPACE}.svc.cluster.local"
+  duration: 240h0m0s
+  issuerRef:
+    name: my-ca-issuer
+    kind: ClusterIssuer
+  renewBefore: 120h0m0s
+  secretName: cert-prefix-mdb-sh-0-cert
+  usages:
+  - server auth
+  - client auth
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: mdb-sh-1-cert
+spec:
+  dnsNames:
+  - "*.${MDB_NAMESPACE}.svc.cluster.local"
+  duration: 240h0m0s
+  issuerRef:
+    name: my-ca-issuer
+    kind: ClusterIssuer
+  renewBefore: 120h0m0s
+  secretName: cert-prefix-mdb-sh-1-cert
+  usages:
+  - server auth
+  - client auth
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: mdb-sh-2-cert
+spec:
+  dnsNames:
+  - "*.${MDB_NAMESPACE}.svc.cluster.local"
+  duration: 240h0m0s
+  issuerRef:
+    name: my-ca-issuer
+    kind: ClusterIssuer
+  renewBefore: 120h0m0s
+  secretName: cert-prefix-mdb-sh-2-cert
+  usages:
+  - server auth
+  - client auth
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: mdb-sh-config-cert
+spec:
+  dnsNames:
+  - "*.${MDB_NAMESPACE}.svc.cluster.local"
+  duration: 240h0m0s
+  issuerRef:
+    name: my-ca-issuer
+    kind: ClusterIssuer
+  renewBefore: 120h0m0s
+  secretName: cert-prefix-mdb-sh-config-cert
+  usages:
+  - server auth
+  - client auth
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: mdb-sh-mongos-cert
+spec:
+  dnsNames:
+  - "*.${MDB_NAMESPACE}.svc.cluster.local"
+  duration: 240h0m0s
+  issuerRef:
+    name: my-ca-issuer
+    kind: ClusterIssuer
+  renewBefore: 120h0m0s
+  secretName: cert-prefix-mdb-sh-mongos-cert
+  usages:
+  - server auth
+  - client auth
+EOF

source/includes/code-examples/reference-architectures/mongodb-sharded-multi-cluster/code_snippets/2100_mongodb_sharded_multi_cluster.sh

@@ -0,0 +1,46 @@
+kubectl apply --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" -f - <<EOF
+apiVersion: mongodb.com/v1
+kind: MongoDB
+metadata:
+  name: ${RESOURCE_NAME}
+spec:
+  shardCount: 3
+  # we don't specify mongodsPerShardCount, mongosCount and configServerCount as they don't make sense for multi-cluster
+  topology: MultiCluster
+  type: ShardedCluster
+  version: 8.0.3
+  opsManager:
+    configMapRef:
+      name: mdb-org-project-config
+  credentials: mdb-org-owner-credentials
+  persistent: true
+  security:
+    certsSecretPrefix: cert-prefix
+    tls:
+      ca: ca-issuer
+    authentication:
+      enabled: true
+      modes: ["SCRAM"]
+  mongos:
+    clusterSpecList:
+      - clusterName: ${K8S_CLUSTER_0_CONTEXT_NAME}
+        members: 2
+  configSrv:
+    clusterSpecList:
+      - clusterName: ${K8S_CLUSTER_0_CONTEXT_NAME}
+        members: 3 # config server will have 3 members in main cluster
+      - clusterName: ${K8S_CLUSTER_1_CONTEXT_NAME}
+        members: 1 # config server will have additional non-voting, read-only member in this cluster
+        memberConfig:
+          - votes: 0
+            priority: "0"
+  shard:
+    clusterSpecList:
+      - clusterName: ${K8S_CLUSTER_0_CONTEXT_NAME}
+        members: 3 # each shard will have 3 members in this cluster
+      - clusterName: ${K8S_CLUSTER_1_CONTEXT_NAME}
+        members: 1 # each shard will have additional non-voting, read-only member in this cluster
+        memberConfig:
+          - votes: 0
+            priority: "0"
+EOF

source/includes/code-examples/reference-architectures/mongodb-sharded-multi-cluster/code_snippets/2110_mongodb_sharded_multi_cluster_wait_for_running_state.sh

@@ -0,0 +1,8 @@
+echo; echo "Waiting for MongoDB to reach Running phase..."
+kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" wait --for=jsonpath='{.status.phase}'=Running "mdb/${RESOURCE_NAME}" --timeout=900s
+echo; echo "Pods running in cluster ${K8S_CLUSTER_0_CONTEXT_NAME}"
+kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" get pods
+echo; echo "Pods running in cluster ${K8S_CLUSTER_1_CONTEXT_NAME}"
+kubectl --context "${K8S_CLUSTER_1_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" get pods
+echo; echo "Pods running in cluster ${K8S_CLUSTER_2_CONTEXT_NAME}"
+kubectl --context "${K8S_CLUSTER_2_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" get pods

source/includes/code-examples/reference-architectures/mongodb-sharded-multi-cluster/code_snippets/2120_mongodb_sharded_multi_cluster_external_access.sh

@@ -0,0 +1,47 @@
+kubectl apply --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" -f - <<EOF
+apiVersion: mongodb.com/v1
+kind: MongoDB
+metadata:
+  name: ${RESOURCE_NAME}
+spec:
+  shardCount: 3
+  # we don't specify mongodsPerShardCount, mongosCount and configServerCount as they don't make sense for multi-cluster
+  topology: MultiCluster
+  type: ShardedCluster
+  version: 8.0.3
+  opsManager:
+    configMapRef:
+      name: mdb-org-project-config
+  credentials: mdb-org-owner-credentials
+  persistent: true
+  externalAccess: {}
+  security:
+    certsSecretPrefix: cert-prefix
+    tls:
+      ca: ca-issuer
+    authentication:
+      enabled: true
+      modes: ["SCRAM"]
+  mongos:
+    clusterSpecList:
+      - clusterName: ${K8S_CLUSTER_0_CONTEXT_NAME}
+        members: 2
+  configSrv:
+    clusterSpecList:
+      - clusterName: ${K8S_CLUSTER_0_CONTEXT_NAME}
+        members: 3 # config server will have 3 members in main cluster
+      - clusterName: ${K8S_CLUSTER_1_CONTEXT_NAME}
+        members: 1 # config server will have additional non-voting, read-only member in this cluster
+        memberConfig:
+          - votes: 0
+            priority: "0"
+  shard:
+    clusterSpecList:
+      - clusterName: ${K8S_CLUSTER_0_CONTEXT_NAME}
+        members: 3 # each shard will have 3 members in this cluster
+      - clusterName: ${K8S_CLUSTER_1_CONTEXT_NAME}
+        members: 1 # each shard will have additional non-voting, read-only member in this cluster
+        memberConfig:
+          - votes: 0
+            priority: "0"
+EOF

source/includes/code-examples/reference-architectures/mongodb-sharded-multi-cluster/code_snippets/2200_create_mongodb_user.sh

@@ -0,0 +1,27 @@
+kubectl apply --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" -f - <<EOF
+apiVersion: v1
+kind: Secret
+metadata:
+  name: sc-user-password
+type: Opaque
+stringData:
+  password: password
+---
+apiVersion: mongodb.com/v1
+kind: MongoDBUser
+metadata:
+  name: sc-user
+spec:
+  passwordSecretKeyRef:
+    name: sc-user-password
+    key: password
+  username: "sc-user"
+  db: "admin"
+  mongodbResourceRef:
+    name: ${RESOURCE_NAME}
+  roles:
+  - db: "admin"
+    name: "root"
+EOF
+
+kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" wait --for=jsonpath='{.status.phase}'=Updated -n "${MDB_NAMESPACE}" mdbu/sc-user

source/includes/code-examples/reference-architectures/mongodb-sharded-multi-cluster/code_snippets/2210_verify_mongosh_connection.sh

@@ -0,0 +1,12 @@
+# Load Balancers sometimes take longer to get an IP assigned, we need to retry
+while [ -z "$(kubectl get --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" svc "${RESOURCE_NAME}-mongos-0-0-svc-external" -o=jsonpath="{.status.loadBalancer.ingress[0].ip}")" ]
+do
+  sleep 5
+done
+
+external_ip="$(kubectl get --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" svc "${RESOURCE_NAME}-mongos-0-0-svc-external" -o=jsonpath="{.status.loadBalancer.ingress[0].ip}")"
+
+mkdir -p certs
+kubectl get --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" cm/ca-issuer -o=jsonpath='{.data.ca-pem}' > certs/ca.crt
+
+mongosh --host "${external_ip}" --username sc-user --password password --tls --tlsCAFile certs/ca.crt --tlsAllowInvalidHostnames --eval "db.runCommand({connectionStatus : 1})"

source/includes/code-examples/reference-architectures/mongodb-sharded-multi-cluster/env_variables.sh

@@ -0,0 +1,9 @@
+# This script builds on top of the environment configured in the setup guides.
+# It depends (uses) the following env variables defined there to work correctly.
+# If you don't use the setup guide to bootstrap the environment, then define them here.
+#  ${K8S_CLUSTER_0_CONTEXT_NAME}
+#  ${K8S_CLUSTER_1_CONTEXT_NAME}
+#  ${K8S_CLUSTER_2_CONTEXT_NAME}
+#  ${MDB_NAMESPACE}
+
+export RESOURCE_NAME=mdb-sh