0

I want to connect to my MongoDB hosted on Openshift Online (we have a Pro account) using only the database's Host IP, Port, db username, db password, db name. Currently I can do it using the Openshift client tools using the oc port-forward <pod_name> :27017 and then using the port in Robo 3T, but I'd like to not use these tools.

I need to share the above credentials to my clients to login and access the database. I cannot share the Openshift credentials, that's the only way to port-forward the pod (I'm sure there's some way to do that without these tools).

How do I expose the MongoDB pod on an external route IP so that the client can use any of their Mongo tools (like Robo 3T or command line). Does that have to do with the routing? I'm weak in network and route configurations.

James Z
  • 12,209
  • 10
  • 24
  • 44
Shreyas Gombi
  • 3
  • 1
  • 8
  • Exposing something via a `Route` will _only_ work if it can accept HTTP(S) traffic. Using `oc port-forward` allows direct TCP access. The only way to achieve direct TCP access without `oc port-forward` is by exposing the service directly through a LoadBalancer. Exposing via LoadBalancer is not currently available on OpenShift Online because it incurs AWS costs, and there is an AWS limit of only 20 per region (could you imagine _everyone_ on Pro trying to expose their LoadBalancers?!). – Will Gordon Apr 01 '20 at 18:09
  • With that said, a quick Google search shows that there _may_ be a way to expose your MongoDB instance via HTTP: https://kchodorow.com/2010/02/22/sleepy-mongoose-a-mongodb-rest-interface/. You would likely need to deploy the `sleepy mongoose` instance as a separate pod, and link it to the MongoDB service. I'm also not sure how authentication is handled, so I'm not sure how secure this would be. It's just a suggestion. – Will Gordon Apr 01 '20 at 18:10
  • Right. That's a bummer. I cannot afford to share the Openshift credentials of course, I thought there must be a quick work around. Let me take a look on the Sleepy mongoose, not sure if i'll go down that path. Thanks so much Will. – Shreyas Gombi Apr 03 '20 at 06:04
  • If it's only the credential sharing you're concerned about, you could look into inviting the other party as a collaborator. https://www.openshift.com/blog/add-collaborators-openshift-online-pro-account – Will Gordon Apr 03 '20 at 11:28
  • We did think on that line too. But that's a no go option, it's still more riskier for the organisation and is not suited for the enterprise. For now we decided to go the API way, where we will make an API (of course, with authentication) to be open query. Pass in the query and the API will return the data. – Shreyas Gombi Apr 11 '20 at 14:00

0 Answers0