# shard1-statefulset.yaml

apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: shard1
spec:
  serviceName: shard1
  replicas: 3
  selector:
    matchLabels:
      app: mongo-shard1
  template:
    metadata:
      labels:
        app: mongo-shard1
    spec:
      securityContext:
        fsGroup: 999

      initContainers:
        - name: prepare-keyfile
          image: busybox:1.36
          command:
            - sh
            - -c
            - |
              cp /secret/keyfile /work/keyfile
              chown 999:999 /work/keyfile
              chmod 400 /work/keyfile
          volumeMounts:
            - name: keyfile-secret
              mountPath: /secret
            - name: keyfile-work
              mountPath: /work

      containers:
        - name: mongod
          image: mongo:8.0
          command:
            - mongod
            - "--shardsvr"
            - "--replSet"
            - "shard1ReplSet"
            - "--port"
            - "27018"
            - "--bind_ip_all"
            - "--keyFile"
            - "/etc/mongo-keyfile/keyfile"
          ports:
            - containerPort: 27018
          volumeMounts:
            - name: data
              mountPath: /data/db
            - name: keyfile-work
              mountPath: /etc/mongo-keyfile
              readOnly: true

      volumes:
        - name: keyfile-secret
          secret:
            secretName: mongodb-keyfile
        - name: keyfile-work
          emptyDir: {}

  volumeClaimTemplates:
    - metadata:
        name: data
      spec:
        accessModes: ["ReadWriteOnce"]
        resources:
          requests:
            storage: 20Gi