Use this procedure to deploy a replica set in a multi-Kubernetes cluster MongoDB deployment without using a service mesh for establishing external connectivity between member Kubernetes clusters.
As an alternative to using this procedure, you can use the Multi-Kubernetes-Cluster Quick Start, which uses a service mesh.
Before You Begin
- Learn about multi-Kubernetes-cluster deployments. 
- Review the list of multi-Kubernetes-cluster services and tools. 
- Complete the prerequisites, but don't set up a service mesh. Instead, decide whether you need a service mesh. If you choose to deploy without a service mesh, use external domains and configure DNS to enable external connectivity. 
- As part of completing the prerequisites, generate valid certificates for TLS encryption. To learn more, see Prepare for TLS-Encrypted Connections. 
- Deploy the Ops Manager resources. 
- Install the Kubernetes Operator in a multi-Kubernetes cluster MongoDB deployment. See Multi-Kubernetes-Cluster Quick Start. 
Overview
In a multi-Kubernetes cluster MongoDB deployment without a service mesh, use the following
MongoDBMultiCluster resource settings:
- Use the spec.clusterSpecList.externalAccess.externalService setting so that the Kubernetes Operator creates an external service, and as part of its default configuration, configures a load balancer with default settings. Configure the load balancer to serve as the TCP proxy with a TLS passthrough (no TLS termination in the load balancer). 
- Customize external services that the Kubernetes Operator creates for each Pod in the Kubernetes cluster. Use the global "all-clusters" configuration in the spec.externalAccess settings and Kubernetes cluster-specific overrides in the spec.clusterSpecList.externalAccess.externalService settings. 
- Specify cloud provider-specific annotations for the load balancer in the spec.clusterSpecList.externalAccess.externalService.annotations for each Kubernetes cluster. 
- Specify an external domain in spec.clusterSpecList.externalAccess.externalDomain. This allows the Kubernetes Operator to register - mongodprocesses by using the domain suffix. This enables external connections to the- mongodprocesses in a multi-Kubernetes cluster MongoDB deployment.
Deploy a MongoDBMultiCluster Resource  without a Service Mesh
The following procedure establishes TLS-encrypted connections between MongoDB hosts in a replica set, and between client applications and MongoDB deployments.
Create the secret for the TLS certificate of your MongoDBMultiCluster resource.
Run the kubectl command to create a new secret that stores the
MongoDBMultiCluster resource certificate:
kubectl --context $MDB_CENTRAL_CLUSTER_FULL_NAME \   --namespace=<metadata.namespace> \   create secret tls <prefix>-<metadata.name>-cert \   --cert=<resource-tls-cert> \   --key=<resource-tls-key> 
Note
You must prefix your secrets with <prefix>-<metadata.name>.
For example, if you call your deployment my-deployment and you set
the prefix to mdb, you must name the TLS secret for the
client TLS communications mdb-my-deployment-cert. Also,
you must name the TLS secret for internal cluster authentication
(if enabled) mdb-my-deployment-clusterfile.
Create the ConfigMap to link your CA with your MongoDBMultiCluster resource.
Run the kubectl command to link your CA to your MongoDBMultiCluster resource.
Specify the CA certificate file that you must always name
ca-pem for the MongoDBMultiCluster resource:
kubectl --context $MDB_CENTRAL_CLUSTER_FULL_NAME \   --namespace=<metadata.namespace> \   create configmap custom-ca -from-file=ca-pem=<your-custom-ca-file> 
Configure kubectl to use the operator cluster's namespace.
If you have not done so already, run the following commands to run
all kubectl commands on the operator cluster in the default
namespace.
kubectl config use-context $MDB_CENTRAL_CLUSTER_FULL_NAME kubectl config set-context $(kubectl config current-context) \   --namespace=mongodb 
Copy and paste the sample resource.
- Copy the sample replica set YAML file and paste it into a new text file. 
- Change the file's settings to match your desired replica set configuration. 
1 # Provides statefulSet override per cluster 2 3 apiVersion: mongodb.com/v1 4 kind: MongoDBMultiCluster 5 metadata: 6   name: multi-replica-set 7 spec: 8   version: 8.0.0 9   type: ReplicaSet 10   credentials: my-credentials 11   opsManager: 12     configMapRef: 13       name: my-project 14   externalAccess: 15     externalService:  16       annotations: 17         # Global cloud-specific annotations added to external services in all clusters 18        spec: 19         # ServiceSpec attributes to override in external services in all clusters 20   clusterSpecList: 21     - clusterName: cluster1.example.com 22       members: 2 23       externalAccess: 24         # Domain suffix that mongod processes will use in cluster1 25         externalDomain: cluster1.example.com 26         externalService: 27           annotations: 28             # Cloud-specific annotations for external services 29           spec: 30             # ServiceSpec attributes to override if necessary 31     - clusterName: cluster2.example.com 32       members: 1 33       externalAccess: 34         # Domain suffix that mongod processes will use in cluster2 35         externalDomain: cluster2.example.com 36         externalService: 37           annotations: 38             # Cloud-specific annotations for external services 39           spec: 40             # ServiceSpec attributes to override if necessary 41     - clusterName: cluster3.example.com 42       members: 1 43       externalAccess: 44         # Domain suffix that mongod processes will use in cluster3 45         externalDomain: cluster3.example.com 46         externalService: 47           annotations: 48             # Cloud-specific annotations for external services 49           spec: 50             # ServiceSpec attributes to override if necessary 51 52 ... 
Define external connectivity settings.
Specify global values that affect all clusters in a multi-Kubernetes cluster MongoDB deployment using the spec.externalAccess settings and cluster-specific overrides using the spec.clusterSpecList.externalAccess.externalService settings.
When you provide these settings in the MongoDBMultiCluster resource specification,
the Kubernetes Operator creates external services for each Pod in all
Kubernetes clusters. You then use these services to establish external
connectivity to all mongod processes in your deployment.
Define an external domain for each Kubernetes member cluster.
Define an external domain for each member cluster using the spec.clusterSpecList.externalAccess.externalDomain setting.
As a result, the Kubernetes Operator registers all mongod processes in the
Kubernetes member cluster under a hostname according to the following convention:
<pod-name>.<externalDomain> 
For example, a mongod process may have the following hostname:
my-replica-set-0-0.cluster-1.example.com.
Change the settings to your preferred values.
| Key | Type | Description | Example | 
|---|---|---|---|
| string | Label for the  Resource names must be 44 characters or less. See also  | 
 | |
| string | Version of MongoDB that this  The format should be  IMPORTANT: Ensure that you choose a compatible MongoDB Server version. Compatible versions differ depending on the base image that the MongoDB database resource uses. To learn more about MongoDB versioning, see MongoDB Versioning in the MongoDB Manual. | 
 | |
| string | Name of the ConfigMap with the Ops Manager connection
configuration. The
 This value must exist on the same namespace as the resource you want to create. IMPORTANT: The Kubernetes Operator tracks any changes to the
ConfigMap and reconciles the state of the  | 
 | |
| spec.clusterSpecList.clusterName | string | Name of the cluster in the  | 
 | 
| spec.clusterSpecList.members | integer | The number of members in this cluster. | 
 | 
| spec.clusterSpecList.statefulSet.spec | collection | Optional. Provides the configuration for the StatefulSet override for each of
the cluster's StatefulSets in a multi-Kubernetes cluster MongoDB deployment. If specified at an individual
cluster level under  | See the example. | 
| spec.clusterSpecList.statefulSet.spec.volumeClaimTemplates.spec | collection | Optional. If specified, provides a per-cluster override for the default storage size of the volumeClaimtemplates, for the persistent volume that stores the data. | See the example. | 
| string | Name of the secret you created as Ops Manager API authentication credentials for the Kubernetes Operator to communicate with Ops Manager. The Ops Manager Kubernetes Secret object holding the Credentials must exist on the same Namespace as the resource you want to create. IMPORTANT: The Kubernetes Operator tracks any changes to the Secret
and reconciles the state of the  | 
 | |
| string | Type of  | 
 | 
Add any additional accepted settings for a MongoDBMultiCluster resource deployment.
You can also add any optional settings to the object specification. See Multi-Kubernetes-Cluster Resource Specification.
Save this replica set config file with a .yaml extension.
Start your replica set deployment.
In any directory, invoke the following Kubernetes command to create your replica set:
kubectl apply -f <replica-set-conf>.yaml 
Verify external connectivity for each member cluster.
- Check the status of external services in all member clusters: - kubectl get services - Kubernetes should return one external service created for each Pod of the replica set in all member clusters. 
- Verify that each external service is exposed externally and is reachable. Run the command similar to the following example: - mongosh mongodb://my-replica-set-0-0.cluster-0.example.com:27017 \ - -tls -tlsCAFile "issuer-ca.pem" - Connecting to - my-replica-set-0-0.cluster-0.example.com:27017should direct client traffic to an external service named- my-replica-set-0-0-svc-external, which, in turn, directs traffic to the- mongodprocess.
- Configure your DNS zone for the specified external domain to point to the corresponding external services. This configuration depends on your environment or the cloud provider you are using. 
Track the status of your multi-Kubernetes cluster MongoDB deployment.
To check the status of your MongoDBMultiCluster resource, use the following command on the operator cluster:
kubectl get mdbmc <resource-name> -o yaml -w 
With the -w (watch) flag set, when the configuration changes, the output
refreshes immediately until the status phase achieves the Running state.
To learn more about resource deployment statuses, see Troubleshoot the Kubernetes Operator.