root@master:~# vim manifests/mongodb/mongo.yaml
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: mongo
  namespace: tcnp

---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: mongo
rules:
  - apiGroups:
      - ""
    resources:
      - services
      - endpoints
      - secrets
      - pods
    verbs:
      - get
      - list
      - watch

---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: mongo
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: mongo
subjects:
- kind: ServiceAccount
  name: mongo
  namespace: tcnp

---
apiVersion: v1
kind: Service
metadata:
  name: mongo
  namespace: tcnp
  labels:
    name: mongo
spec:
  ports:
  - port: 27017
    targetPort: 27017
  clusterIP: None
  selector:
    role: mongo
---
apiVersion: apps/v1beta1
kind: StatefulSet
metadata:
  name: mongo
  namespace: tcnp
spec:
  serviceName: "mongo"
  replicas: 3
  template:
    metadata:
      labels:
        role: mongo
        environment: test
    spec:
      serviceAccountName: mongo
      terminationGracePeriodSeconds: 10
      nodeSelector:
        type: master
      containers:
        - name: mongo
          image: mongodb:4.0.6
          imagePullPolicy: IfNotPresent
          command:
            - mongod
            - "--replSet"
            - rs0
            - "--bind_ip"
            - 0.0.0.0
            - "--smallfiles"
            - "--noprealloc"
          ports:
            - containerPort: 27017
          volumeMounts:
            - name: mongo-persistent-storage
              mountPath: /data/db
        - name: mongo-sidecar
          image: cvallance/mongo-k8s-sidecar
          imagePullPolicy: IfNotPresent
          env:
            - name: MONGO_SIDECAR_POD_LABELS
              value: "role=mongo,environment=test"
  volumeClaimTemplates:
  - metadata:
      name: mongo-persistent-storage
    spec:
      accessModes: [ "ReadWriteOnce" ]
      resources:
        requests:
          storage: 2Gi