juwan-backend/deploy/k01/infra/mongo.yaml

apiVersion: mongodbcommunity.mongodb.com/v1
kind: MongoDBCommunity
metadata:
  name: chat-mongodb
  namespace: juwan
spec:
  members: 1
  type: ReplicaSet
  version: "8.3.1"
  security:
    authentication:
      modes:
        - SCRAM
  users:
    - name: app-user
      db: admin
      passwordSecretRef:
        name: chat-mongodb-app-user-password
      roles:
        - name: readWrite
          db: juwan_chat
      scramCredentialsSecretName: chat-mongodb-app-user-scram
  additionalMongodConfig:
    storage.wiredTiger.engineConfig.journalCompressor: zlib
  statefulSet:
    spec:
      template:
        spec:
          containers:
            - name: mongod
              # 复刻 mongodb-community-operator 在 mongodbstatefulset.go 中生成的启动脚本
              # （buildMongodbCommand），并在 exec mongod 前插入 setarch linux64 --uname-2.6。
              #
              # mongod 8.0+ 在 kernel ≥ 6.19 上有两处拒绝启动的检查：
              # 1. docker-entrypoint.py 的 enforce_kernel_compatibility — 读 uname 版本，≥ 6.19 即 exit 1
              # 2. mongod 自身的 validateRseqKernelCompat — 同样的内核版本检查
              # setarch 开启 UNAME26 personality，使 uname().release 返回 2.6.x，两处检查均不触发。
              #
              # GLIBC_TUNABLES=glibc.pthread.rseq=1 让 glibc 注册 rseq，避免 tcmalloc 自行注册
              # per-thread rseq 时在 6.19+ 上触发 SIGSEGV。
              # 参考：SERVER-121912, github.com/google/tcmalloc/issues/292
              # 以上 workaround 使 mongod 8.3.1 可在 Ubuntu 26.04 (kernel 7.0) 上运行。
              command:
                - /bin/sh
                - -c
                - |
                  if [ -e /hooks/version-upgrade ]; then
                    /hooks/version-upgrade
                  fi
                  echo "Waiting for automation-mongod.conf and keyfile..."
                  while ! [ -f /data/automation-mongod.conf -a -f /var/lib/mongodb-mms-automation/authentication/keyfile ]; do
                    sleep 3
                  done
                  sleep 15
                  echo "Starting mongod via setarch uname-2.6 wrapper..."
                  exec setarch linux64 --uname-2.6 mongod -f /data/automation-mongod.conf
              env:
                - name: GLIBC_TUNABLES
                  value: glibc.pthread.rseq=1
              resources:
                requests:
                  cpu: 30m
                  memory: 100Mi
                limits:
                  memory: 1Gi
            - name: mongodb-agent
              env:
                - name: GLIBC_TUNABLES
                  value: glibc.pthread.rseq=1
              resources:
                requests:
                  cpu: 30m
                  memory: 80Mi
                limits:
                  memory: 200Mi
      volumeClaimTemplates:
        - metadata:
            name: data-volume
          spec:
            accessModes: ["ReadWriteOnce"]
            resources:
              requests:
                storage: 1Gi
        - metadata:
            name: logs-volume
          spec:
            accessModes: ["ReadWriteOnce"]
            resources:
              requests:
                storage: 256Mi