(DOCSP-9072): Allow PodSpecTemplate for containers to modify the cont… (#219)

jwilliams-mongo · jwilliams-mongo · commit de8781991139 · 2025-04-14T17:11:15.000-05:00
* (DOCSP-9072): Allow PodSpecTemplate for containers to modify the container spec and also provide side-car design * (DOCSP-9072): copy review feedback * (DOCSP-9072): tech review feedback
diff --git a/config/redirects b/config/redirects
@@ -50,3 +50,4 @@ raw: kubernetes-operator/release-notes -> ${base}/stable/release-notes
 
 # v1.3 and earlier
 [*-v1.3]: kubernetes-operator/${version}/tutorial/plan-k8s-operator-install -> ${base}/${version}/tutorial/install-k8s-operator
+[*-v1.3]: kubernetes-operator/${version}/tutorial/modify-resource-image -> ${base}/${version}/
diff --git a/source/index.txt b/source/index.txt
@@ -52,6 +52,7 @@ optimal performance.
       Install the Operator </installation>
       Deploy Ops Manager Resources </om-resources>
       Deploy MongoDB Database Resources </mdb-resources>
+      /tutorial/modify-resource-image
       /reference
       /specification
       Release Notes </release-notes>
diff --git a/source/reference/troubleshooting.txt b/source/reference/troubleshooting.txt
@@ -529,78 +529,3 @@ policy through the :opsmgr:`API
    further changes through the |onprem| application. However, the
    |k8s-op-short| retains any changes you made in the |onprem|
    application while features were available.
-
-Tune MongoDB |k8s| Resource Docker Images
------------------------------------------
-
-|k8s-mdbrsc| Docker images run on Ubuntu and use Ubuntu's default
-system configuration. Using the :setting:`spec.podSpec.podTemplate` 
-setting, add a privileged sidecar :k8sdocs:`init container 
-</concepts/workloads/pods/init-containers/>` to the |k8s-mdbrsc| 
-definition to tune the underlying Ubuntu system configuration in the 
-|k8s-mdbrsc| containers.
-
-.. example:: 
-
-   |k8s-mdbrsc| Docker images use the Ubuntu default ``keepalive`` time
-   of ``7200``. MongoDB recommends a shorter ``keepalive`` time of ``120``
-   for database deployments.
-
-   You can tune the ``keepalive`` time in the |k8s-mdbrscs| Docker images
-   if you experience network timeouts or socket errors in communication
-   between clients and |k8s-mdbrscs|.
-
-To tune |k8s-mdbrsc| Docker images:
-
-1. Update the |k8s-mdbrsc| definition to append a privileged sidecar 
-   container to |k8s-mdbrsc| pods the |k8s-op-short| creates. 
-   
-   The following sample :setting:`spec.podSpec.podTemplate` changes the 
-   ``keepalive`` value to the recommended value of ``120``:
-
-   .. code-block:: yaml
-
-      spec:
-        podSpec:
-          podTemplate:
-            spec:
-              initContainers:
-              - name: "apply-sysctl-test"
-                image: "busybox:latest"
-                securityContext:
-                  privileged: true
-                command: ["sysctl", "-w", "net.ipv4.tcp_keepalive_time=120"]
-
-#. Apply the updated resource definition:
-
-   .. code-block:: none
-
-      kubectl apply -f <database-resource-conf>.yaml -n <namespace>
-
-A privileged sidecar container is added to each |k8s-pod| the 
-|k8s-op-short| created using the |k8s-mdbrsc| definition.
-
-To verify your changes:
-
-1. Get a shell to a running container in your database resource 
-   |k8s-pod|:
-
-   .. code-block:: none
-      
-      kubectl exec -n <namespace> -it <pod-name> -- /bin/bash
-
-#. Verify your changes are present. Following the example, verify that
-   the ``keepalive`` time is changed:
-
-   .. code-block:: none
-
-      cat /proc/sys/net/ipv4/tcp_keepalive_time
-
-   Returns:
-
-   .. code-block:: none
-      :copyable: false
-
-      120
-
-.. seealso:: :manual:`Operating System Configuration </administration/production-checklist-operations/#linux>` in the MongoDB Manual.
diff --git a/source/tutorial/modify-resource-image.txt b/source/tutorial/modify-resource-image.txt
@@ -0,0 +1,145 @@
+.. _modify-resource-image:
+
+=========================================================
+Modify |onprem| or MongoDB Kubernetes Resource Containers
+=========================================================
+
+.. default-domain:: mongodb
+
+.. contents:: On this page
+   :local:
+   :backlinks: none
+   :depth: 1
+   :class: singlecol
+
+You can modify the containers in the |k8s-pods| in which |onprem| and 
+|k8s-mdbrscs| run using the ``podTemplate`` setting that applies to your 
+deployment:
+
+- |onprem|: :opsmgrkube:`spec.podSpec.podTemplate`
+- MongoDB database: :setting:`spec.podSpec.podTemplate`
+
+To review which fields you can add to a ``podTemplate``, see the 
+:k8sdocs:`Kubernetes documentation 
+</reference/generated/kubernetes-api/v1.11/#podspec-v1-core>`.
+
+When you create containers using a ``podTemplate``, the |k8s-op-short| 
+handles container creation differently based on the ``name`` you provide 
+for each container in the ``containers`` array:
+
+- If the ``name`` field *matches* the name of the applicable resource 
+  image, the |k8s-op-short| updates the |onprem| or MongoDB database 
+  container in the |k8s-pod| to which the ``podTemplate`` applies:
+
+  - |onprem|: ``mongodb-enterprise-ops-manager``
+  - MongoDB database: ``mongodb-enterprise-database``
+
+- If the ``name`` field *does not match* the name of the applicable 
+  resource image, the |k8s-op-short| creates an InitContainer in each 
+  |k8s-pod| to which the ``podTemplate`` applies.
+
+Define a Volume Mount for a MongoDB Kubernetes Resource
+-------------------------------------------------------
+
+On-disk files in containers in |k8s-pods| don't survive container 
+crashes or restarts. Using the :setting:`spec.podSpec.podTemplate` 
+setting, you can add a :k8sdocs:`volume mount 
+</concepts/storage/volumes/>` to persist data for the life of the 
+|k8s-pod|.
+
+To create a volume mount:
+
+1. Update the |k8s-mdbrsc| definition to include a volume mount for
+   containers in the |k8s-mdbrsc| pods the |k8s-op-short| creates. 
+   
+   The following sample :setting:`spec.podSpec.podTemplate` defines
+   a volume mount:
+
+   .. code-block:: yaml
+ 
+      podSpec:
+        podTemplate:
+          spec:
+            containers:
+            - name: mongod-enterprise-database
+              volumeMounts:
+              - mountPath: /data
+                name: survives-restart
+            volumes:
+            - name: survives-restart
+              emptyDir: {}
+
+#. Apply the updated resource definition:
+
+   .. code-block:: none
+
+      kubectl apply -f <database-resource-conf>.yaml -n <namespace>
+
+Tune MongoDB MongoDB Kubernetes Resource Docker Images with an InitContainer
+----------------------------------------------------------------------------
+
+|k8s-mdbrsc| Docker images run on Ubuntu and use Ubuntu's default
+system configuration. To tune the underlying Ubuntu system configuration 
+in the |k8s-mdbrsc| containers, use the :setting:`spec.podSpec.podTemplate` 
+setting to add a privileged InitContainer :k8sdocs:`init container 
+</concepts/workloads/pods/init-containers/>` to the |k8s-mdbrsc| 
+definition.
+
+.. example:: 
+
+   |k8s-mdbrsc| Docker images use the Ubuntu default ``keepalive`` time
+   of ``7200``. MongoDB recommends a shorter ``keepalive`` time of ``120``
+   for database deployments.
+
+   You can tune the ``keepalive`` time in the |k8s-mdbrscs| Docker images
+   if you experience network timeouts or socket errors in communication
+   between clients and |k8s-mdbrscs|.
+
+   .. seealso:: :manual:`Does TCP keepalive time affect MongoDB Deployments? </faq/diagnostics/#does-tcp-keepalive-time-affect-mongodb-deployments>` in the MongoDB Manual
+
+To tune |k8s-mdbrsc| Docker images:
+
+1. Update the |k8s-mdbrsc| definition to append a privileged 
+   InitContainer to |k8s-mdbrsc| pods the |k8s-op-short| creates. 
+   
+   The following sample :setting:`spec.podSpec.podTemplate` changes the 
+   ``keepalive`` value to the recommended value of ``120``:
+
+   .. code-block:: yaml
+
+      spec:
+        podSpec:
+          podTemplate:
+            spec:
+              initContainers:
+              - name: "adjust-tcp-keepalive"
+                image: "busybox:latest"
+                securityContext:
+                  privileged: true
+                command: ["sysctl", "-w", "net.ipv4.tcp_keepalive_time=120"]
+
+#. Apply the updated resource definition:
+
+   .. code-block:: none
+
+      kubectl apply -f <database-resource-conf>.yaml -n <namespace>
+
+A privileged InitContainer is added to each |k8s-pod| the |k8s-op-short| 
+creates using the |k8s-mdbrsc| definition.
+
+Open a shell session to a running container in your database resource 
+|k8s-pod| and verify your changes. For the ``keepalive`` example above, 
+use the following command to get the current ``keepalive`` value:
+
+.. code-block:: none
+      
+    kubectl exec -n <namespace> -it <pod-name> -- cat /proc/sys/net/ipv4/tcp_keepalive_time
+
+Returns:
+
+.. code-block:: none
+   :copyable: false
+
+    120
+
+.. seealso:: :manual:`Operating System Configuration </administration/production-checklist-operations/#linux>` in the MongoDB Manual.

Original file line number	Diff line number	Diff line change
`@@ -50,3 +50,4 @@ raw: kubernetes-operator/release-notes -> ${base}/stable/release-notes`
`50`	`50`
`51`	`51`	`# v1.3 and earlier`
`52`	`52`	`[*-v1.3]: kubernetes-operator/${version}/tutorial/plan-k8s-operator-install -> ${base}/${version}/tutorial/install-k8s-operator`
	`53`	`+[*-v1.3]: kubernetes-operator/${version}/tutorial/modify-resource-image -> ${base}/${version}/`