# MongoDB in cK8s ### Confidential Kubernetes Use the following kubernetes yaml file to deploy a MongoDB SGX instance inside kubernetes: ```yaml apiVersion: v1 kind: Pod metadata: name: enclaive-mongodb-sgx namespace: default labels: service: enclaive-mongodb-sgx spec: initContainers: - name: init-vault-sgx image: busybox command: ['sh', '-c', 'until wget -O /dev/null --no-check-certificate -q -T 5 https://enclaive-vault-sgx:8200/v1/sys/health?standbyok=true;do echo "waiting for vault"; sleep 2; done'] containers: - name: mongodb image: docker.io/enclaive/mongodb-sgx env: - name: ENCLAIVE_SERVER value: "https://enclaive-vault-sgx:8200" volumeMounts: - mountPath: /etc/sgx_default_qcnl.conf subPath: sgx_default_qcnl.conf name: qcnl-conf - mountPath: /dev/sgx/enclave name: dev-sgx-enclave - mountPath: /dev/sgx_enclave name: dev-sgx-enclave - mountPath: /dev/sgx_provision name: dev-sgx-provision - mountPath: "/data/" name: enclaive-docker-mongodb-sgx-data - mountPath: "/logs/" name: enclaive-docker-mongodb-sgx-logs securityContext: privileged: true ports: - containerPort: 27017 imagePullPolicy: Always volumes: - name: qcnl-conf configMap: name: enclaive-sgx-pccs-config - name: dev-sgx-provision hostPath: path: /dev/sgx_provision - name: dev-sgx-enclave hostPath: path: /dev/sgx_enclave - name: enclaive-docker-mongodb-sgx-data hostPath: path: /etc/enclaive/enclaive-docker-mongodb-sgx/data - name: enclaive-docker-mongodb-sgx-logs hostPath: path: /etc/enclaive/enclaive-docker-mongodb-sgx/logs --- apiVersion: v1 kind: Service metadata: name: enclaive-mongodb-sgx namespace: default spec: ports: - port: 27017 protocol: TCP targetPort: 27017 selector: service: enclaive-mongodb-sgx ``` Save the file as `mongodb.yaml`, then we can deploy it using `kubectl apply -f mongodb.yaml` If you want to manage your database locally, you can first install mongosh locally by following the [instructions here](https://www.mongodb.com/docs/mongodb-shell/install/). Then run `kubectl port-forward svc/enclaive-mongodb-sgx 27017:27017` to forward the mongoDB port locally to the host machine. Finally run `mongosh` to manage your database. ### Use [MongoDB Community Kubernetes Operator](https://github.com/mongodb/mongodb-kubernetes-operator/blob/master/README.md) Follow the instructions in their [README](https://github.com/mongodb/mongodb-kubernetes-operator/tree/master#documentation). There are 3 things to note: 1. When install or upgrade the Community Kubernetes Operator, remember to install using kubectl instead Helm so that you have the chance to configure using our container solution. 2. You can [configure the MongoDB Docker image or container registry](https://github.com/mongodb/mongodb-kubernetes-operator/blob/master/docs/install-upgrade.md#configure-the-mongodb-docker-image-or-container-registry) with the following value to use our container solution: ``` spec: containers: - name: mongodb-kubernetes-operator image: quay.io/mongodb/mongodb-kubernetes-operator:0.5.1 command: - mongodb-kubernetes-operator imagePullPolicy: Always env: - name: MONGODB_IMAGE value:mongodb-sgx - name: MONGODB_REPO_URL value: docker.io/enclaive ``` 3. When you start to deploy a Replica Set, change the version number in `config/samples/mongodb.com_v1_mongodbcommunity_cr.yaml` into `6.0.0`(our current mongoDB image version number), run the following command so that it can use the right image: ``` docker pull enclaive/mongodb-sgx docker tag enclaive/mongodb-sgx:latest enclaive/mongodb-sgx:6.0.0 ```