# MongoDB in cK8s ### Confidential Kubernetes Use the following kubernetes yaml file to deploy a MongoDB SGX instance inside kubernetes: ```yaml apiVersion: v1 kind: Pod metadata: name: enclaive-mongodb-sgx namespace: default labels: service: enclaive-mongodb-sgx spec: initContainers: - name: init-vault-sgx image: busybox command: ['sh', '-c', 'until wget -O /dev/null --no-check-certificate -q -T 5 https://enclaive-vault-sgx:8200/v1/sys/health?standbyok=true;do echo "waiting for vault"; sleep 2; done'] containers: - name: mongodb image: docker.io/enclaive/mongodb-sgx env: - name: ENCLAIVE_SERVER value: "https://enclaive-vault-sgx:8200" volumeMounts: - mountPath: /etc/sgx_default_qcnl.conf subPath: sgx_default_qcnl.conf name: qcnl-conf - mountPath: /dev/sgx/enclave name: dev-sgx-enclave - mountPath: /dev/sgx_enclave name: dev-sgx-enclave - mountPath: /dev/sgx_provision name: dev-sgx-provision - mountPath: "/data/" name: enclaive-docker-mongodb-sgx-data - mountPath: "/logs/" name: enclaive-docker-mongodb-sgx-logs securityContext: privileged: true ports: - containerPort: 27017 imagePullPolicy: Always volumes: - name: qcnl-conf configMap: name: enclaive-sgx-pccs-config - name: dev-sgx-provision hostPath: path: /dev/sgx_provision - name: dev-sgx-enclave hostPath: path: /dev/sgx_enclave - name: enclaive-docker-mongodb-sgx-data hostPath: path: /etc/enclaive/enclaive-docker-mongodb-sgx/data - name: enclaive-docker-mongodb-sgx-logs hostPath: path: /etc/enclaive/enclaive-docker-mongodb-sgx/logs --- apiVersion: v1 kind: Service metadata: name: enclaive-mongodb-sgx namespace: default spec: ports: - port: 27017 protocol: TCP targetPort: 27017 selector: service: enclaive-mongodb-sgx ``` Save the file as `mongodb.yaml`, then we can deploy it using `kubectl apply -f mongodb.yaml` If you want to manage your database locally, you can first install mongosh locally by following the [instructions here](https://www.mongodb.com/docs/mongodb-shell/install/). Then run `kubectl port-forward svc/enclaive-mongodb-sgx 27017:27017` to forward the mongoDB port locally to the host machine. Finally run `mongosh` to manage your database. ### Use [MongoDB Community Kubernetes Operator](https://github.com/mongodb/mongodb-kubernetes-operator/blob/master/README.md) Follow the instructions in their [README](https://github.com/mongodb/mongodb-kubernetes-operator/tree/master#documentation). There are 3 things to note: 1. When install or upgrade the Community Kubernetes Operator, remember to install using kubectl instead Helm so that you have the chance to configure using our container solution. 2. You can [configure the MongoDB Docker image or container registry](https://github.com/mongodb/mongodb-kubernetes-operator/blob/master/docs/install-upgrade.md#configure-the-mongodb-docker-image-or-container-registry) with the following value to use our container solution: ``` spec: containers: - name: mongodb-kubernetes-operator image: quay.io/mongodb/mongodb-kubernetes-operator:0.5.1 command: - mongodb-kubernetes-operator imagePullPolicy: Always env: - name: MONGODB_IMAGE value:mongodb-sgx - name: MONGODB_REPO_URL value: docker.io/enclaive ``` 3. When you start to deploy a Replica Set, change the version number in `config/samples/mongodb.com_v1_mongodbcommunity_cr.yaml` into `6.0.0`(our current mongoDB image version number), run the following command so that it can use the right image: ``` docker pull enclaive/mongodb-sgx docker tag enclaive/mongodb-sgx:latest enclaive/mongodb-sgx:6.0.0 ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.enclaive.cloud/confidential-cloud/technology-in-depth/intel-sgx/enclaive-development-kit/use-cases/mongodb-in-ck8s.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.