- Deploy MongoDB Resources on Multiple Kubernetes Clusters (Beta) >
- Connect to MongoDBMulti Resources >
- Connect to Multi-Cluster Resource from Outside Kubernetes
Connect to Multi-Cluster Resource from Outside Kubernetes¶
On this page
The following procedure describes how to connect to a MongoDBMulti
resource deployed in Kubernetes from outside of the Kubernetes cluster.
Prerequisite¶
Compatible MongoDB Versions¶
For your databases to be accessed outside of Kubernetes, they must run MongoDB 4.2.3 or later.
Procedure¶
To connect to your Kubernetes Operator-deployed MongoDBMulti
replica
set resource from outside of the Kubernetes cluster:
Secure the Multi-Cluster with TLS.¶
Provide values for:
- The TLS secret in
spec.security.certsSecretPrefix
. - The custom CA certificate in
spec.security.tls.ca
.
Add Subject Alternate Names to your TLS certificates.¶
Add each external DNS name to the certificate SAN.
Create a NodePort
service for each of the Pods in different clusters.¶
When you create a NodePort
service with kubectl
, it assigns a
random port in the range from 30000 to 32767, inclusive.
Create a NodePort service.
To create a NodePort service that uses a randomly assigned port, run the following command on each Pod in each cluster:
To create a NodePort service that uses a deterministic port, on each Pod in each cluster, create a
Nodeport
service definition YAML file similar to the following example. Specify the port you want to use in thespec.ports.NodePort
setting. This example configures a NodePort service on port 30007.Apply the YAML with
kubectl apply -f <nodeport-conf>.yaml
.
Verify the NodePort services.¶
In each cluster, run this command to verify the NodePort services that you created:
The command returns results similar to the following example:
Update your replica set resource YAML file.¶
Set the hostnames and ports in spec.connectivity.replicaSetHorizons
to the NodePort values that you created in the previous step.
Confirm that you specified the correct external hostnames. External hostnames should match the DNS names of Kubernetes worker nodes. These can be any nodes in the Kubernetes cluster. If the Pod runs on another node, Kubernetes nodes use internal routing.
Apply the updated replica set file.¶
In each cluster, run this command to apply the updated replica set file:
Test the connection to the replica set.¶
In the development environment, for each host in a replica set, run the following command:
Note
Don’t use the --sslAllowInvalidCertificates
flag in production.
In production, for each host in a replica set, specify the TLS certificate and the CA to securely connect to client tools or applications:
If the connection succeeds, you should see: