You can use the Kubernetes Operator to deploy MongoDB Search and
Vector Search on a Kubernetes cluster to run with an external
MongoDB Enterprise Edition v8.2.0 or higher server. This procedure
demonstrates how to deploy and configure the mongot process in your
Kubernetes cluster to use a new or existing external replica set deployment.
This tutorial demonstrates how to configure a secure deployment with
TLS enabled. You must provide provide the TLS certificates:
The server certificate and key for the MongoDBSearch service.
The public CA certificate for the external MongoDB database.
Prerequisites
To deploy MongoDB Search and Vector Search, you must have the following:
A running Kubernetes cluster with
kubeconfigavailable locally.Kubernetes command-line tool,
kubectl, configured to communicate with your cluster.Helm, the package manager for Kubernetes, to install the Kubernetes Operator.
Bash v5.1 or higher for running the commands in this tutorial.
A MongoDB Enterprise Edition replica set running version 8.2 or higher for storing data.
Important
The version format for the Enterprise edition would be
X.Y.Z-ent. Ensure that you choosev8.2.0or higher. To learn more about MongoDB versioning, see MongoDB Versioning in the MongoDB Manual.To learn more about deploying MongoDB Enterprise, see Deploy and Configure MongoDB Database Resources.
A running MongoDB Cloud Manager or Ops Manager for managing MongoDB tasks.
External DB TLS
Your external MongoDB Enterprise deployment must be configured to use and require TLS connections.
External DB CA file
You must have the public Certificate Authority (CA) certificate file (for example,
external-ca.crt) that was used to sign your external MongoDB deployment's server certificates. You will need this file locally.Search Service certificate files
You must have a valid TLS server certificate and private key (for example,
search-service.crt,search-service.key) for the MongoDBSearch service. This certificate must be valid for the hostname you will use to access the service (for example,mdbs-search.example.com).
Before You Begin
Before you install MongoDB Search and Vector Search using the Kubernetes Operator, you must do the following:
Configure Cloud Manager or Ops Manager Parameters for MongoDB Search and Vector Search
Configure a Cloud Manager or Ops Manager User for MongoDB Search and Vector Search
Configure Cloud Manager or Ops Manager Parameters for MongoDB Search and Vector Search
Log in to the Cloud Manager or Ops Manager UI and perform the following steps to configure Cloud Manager or Ops Manager for MongoDB Search and Vector Search.
Modify your Cloud Manager or Ops Manager deployment configuration.
Click the Modify button to open the deployment configuration editor.
Click Advanced Configuration Options under the Process Configuration section.
Click the Add Option button and select setParameter Startup Option from the dropdown.
Add the following parameters in the fields, one by one, by clicking Add after adding the name and value:
ParameterValuemongotHostYour search hostname and port. For example:
search-node1.example.com:27017.searchIndexManagementHostAndPortYour search hostname and port. For example:
search-node1.example.com:27017.skipAuthenticationToSearchIndexManagementServerfalsesearchTLSModeYour configured TLS mode. For example,
preferTLS, if themongotprocess is configured to accept TLS connections.useGrpcForSearchtrue
Configure a Cloud Manager or Ops Manager User for MongoDB Search and Vector Search
You must create a user with the searchCoordinator role. In MongoDB
versions 8.2 and later, the searchCoordinator is a built-in role. You must
create a user and assign the role to the user.
To create the user and assign the user the built-in
searchCoordinator role, complete the following steps by using either
the Cloud Manager or Ops Manager UI or the mongosh:
In mongosh, run the following commands:
Setup Your Environment
Prepare your environment for running the sample code in this tutorial in a terminal.
Required. Set the environment variables.
To set the environment variables for use in the subsequent steps in this procedure, copy the following, set the values for the environment variables, and then run the commands in your terminal:
1 export K8S_CTX="<your kubernetes context here>" 2 3 export MDB_NS="mongodb" 4 5 export MDB_VERSION="8.2.0" 6 7 export MDB_ADMIN_USER_PASSWORD="admin-user-password-CHANGE-ME" 8 export MDB_USER_PASSWORD="mdb-user-password-CHANGE-ME" 9 export MDB_SEARCH_SYNC_USER_PASSWORD="search-sync-user-password-CHANGE-ME" 10 11 export MDB_TLS_CA_SECRET_NAME="ca" 12 export MDB_SEARCH_TLS_SECRET_NAME="mdbs-search-tls" 13 14 export MDB_SEARCH_SERVICE_NAME="mdbs-search" 15 export MDB_SEARCH_HOSTNAME="mdbs-search.example.com" 16 17 # External MongoDB replica set members - REPLACE THESE VALUES with your actual external MongoDB hosts 18 # In production, replace with your actual external MongoDB replica set members 19 export MDB_EXTERNAL_HOST_0="mdbc-rs-0.mdbc-rs-svc.${MDB_NS}.svc.cluster.local:27017" 20 export MDB_EXTERNAL_HOST_1="mdbc-rs-1.mdbc-rs-svc.${MDB_NS}.svc.cluster.local:27017" 21 export MDB_EXTERNAL_HOST_2="mdbc-rs-2.mdbc-rs-svc.${MDB_NS}.svc.cluster.local:27017" 22 23 # REPLACE with your actual external MongoDB replica set name 24 export MDB_EXTERNAL_REPLICA_SET_NAME="mdbc-rs" 25 26 export OPERATOR_HELM_CHART="mongodb/mongodb-kubernetes" 27 export OPERATOR_ADDITIONAL_HELM_VALUES="" 28 29 export MDB_CONNECTION_STRING="mongodb://mdb-user:${MDB_USER_PASSWORD}@${MDB_EXTERNAL_HOST_0}/?replicaSet=${MDB_EXTERNAL_REPLICA_SET_NAME}&tls=true&tlsCAFile=/tls/ca.crt"
Note that these environment variables are only available in the current terminal session and will need to be set again in any new terminal sessions.
Conditional. Add the MongoDB Helm repository.
Helm automates the deployment and management of MongoDB instances on Kubernetes. If you have already added the Helm repository that contains the Helm chart for installing the Kubernetes Operator operator, skip this step. Otherwise, add the Helm repository.
To add, copy, paste, and run the following command:
1 helm repo add mongodb https://mongodb.github.io/helm-charts 2 helm repo update mongodb 3 helm search repo mongodb/mongodb-kubernetes
1 "mongodb" has been added to your repositories 2 Hang tight while we grab the latest from your chart repositories... 3 ...Successfully got an update from the "mongodb" chart repository 4 Update Complete. ⎈Happy Helming!⎈ 5 NAME CHART VERSION APP VERSION DESCRIPTION 6 mongodb/mongodb-kubernetes 1.6.0 MongoDB Controllers for Kubernetes translate th...
Conditional. Install the MongoDB Controllers for Kubernetes Operator.
The Kubernetes Operator watches MongoDB, MongoDBOpsManager, and
MongoDBSearch custom resources and manages the lifecycle of
your MongoDB deployments. If you already installed the MongoDB Controllers for Kubernetes Operator,
skip this step. Otherwise, install the MongoDB Controllers for Kubernetes Operator from the Helm
repository you added in the previous step.
To install the MongoDB Controllers for Kubernetes Operator in the mongodb namespace, copy, paste,
and run the following:
1 helm upgrade --install --debug --kube-context "${K8S_CTX}" \ 2 --create-namespace \ 3 --namespace="${MDB_NS}" \ 4 mongodb-kubernetes \ 5 {OPERATOR_ADDITIONAL_HELM_VALUES:+--set ${OPERATOR_ADDITIONAL_HELM_VALUES}} \ 6 "${OPERATOR_HELM_CHART}"
1 Release "mongodb-kubernetes" does not exist. Installing it now. 2 NAME: mongodb-kubernetes 3 LAST DEPLOYED: Mon Nov 17 13:22:46 2025 4 NAMESPACE: mongodb 5 STATUS: deployed 6 REVISION: 1 7 TEST SUITE: None 8 USER-SUPPLIED VALUES: 9 {} 10 11 COMPUTED VALUES: 12 agent: 13 name: mongodb-agent 14 version: 108.0.12.8846-1 15 community: 16 agent: 17 name: mongodb-agent 18 version: 108.0.2.8729-1 19 mongodb: 20 imageType: ubi8 21 name: mongodb-community-server 22 repo: quay.io/mongodb 23 registry: 24 agent: quay.io/mongodb 25 resource: 26 members: 3 27 name: mongodb-replica-set 28 tls: 29 caCertificateSecretRef: tls-ca-key-pair 30 certManager: 31 certDuration: 8760h 32 renewCertBefore: 720h 33 certificateKeySecretRef: tls-certificate 34 enabled: false 35 sampleX509User: false 36 useCertManager: true 37 useX509: false 38 version: 4.4.0 39 database: 40 name: mongodb-kubernetes-database 41 version: 1.6.0 42 initAppDb: 43 name: mongodb-kubernetes-init-appdb 44 version: 1.6.0 45 initDatabase: 46 name: mongodb-kubernetes-init-database 47 version: 1.6.0 48 initOpsManager: 49 name: mongodb-kubernetes-init-ops-manager 50 version: 1.6.0 51 managedSecurityContext: false 52 mongodb: 53 appdbAssumeOldFormat: false 54 imageType: ubi8 55 name: mongodb-enterprise-server 56 repo: quay.io/mongodb 57 multiCluster: 58 clusterClientTimeout: 10 59 clusters: [] 60 kubeConfigSecretName: mongodb-enterprise-operator-multi-cluster-kubeconfig 61 performFailOver: true 62 operator: 63 additionalArguments: [] 64 affinity: {} 65 baseName: mongodb-kubernetes 66 createOperatorServiceAccount: true 67 createResourcesServiceAccountsAndRoles: true 68 deployment_name: mongodb-kubernetes-operator 69 enableClusterMongoDBRoles: true 70 enablePVCResize: true 71 env: prod 72 maxConcurrentReconciles: 1 73 mdbDefaultArchitecture: non-static 74 name: mongodb-kubernetes-operator 75 nodeSelector: {} 76 operator_image_name: mongodb-kubernetes 77 podSecurityContext: 78 runAsNonRoot: true 79 runAsUser: 2000 80 replicas: 1 81 resources: 82 limits: 83 cpu: 1100m 84 memory: 1Gi 85 requests: 86 cpu: 500m 87 memory: 200Mi 88 securityContext: {} 89 telemetry: 90 collection: 91 clusters: {} 92 deployments: {} 93 frequency: 1h 94 operators: {} 95 send: 96 frequency: 168h 97 tolerations: [] 98 vaultSecretBackend: 99 enabled: false 100 tlsSecretRef: "" 101 version: 1.6.0 102 watchedResources: 103 - mongodb 104 - opsmanagers 105 - mongodbusers 106 - mongodbcommunity 107 - mongodbsearch 108 webhook: 109 installClusterRole: true 110 registerConfiguration: true 111 opsManager: 112 name: mongodb-enterprise-ops-manager-ubi 113 readinessProbe: 114 name: mongodb-kubernetes-readinessprobe 115 version: 1.0.23 116 registry: 117 agent: quay.io/mongodb 118 database: quay.io/mongodb 119 imagePullSecrets: null 120 initAppDb: quay.io/mongodb 121 initDatabase: quay.io/mongodb 122 initOpsManager: quay.io/mongodb 123 operator: quay.io/mongodb 124 opsManager: quay.io/mongodb 125 pullPolicy: Always 126 readinessProbe: quay.io/mongodb 127 versionUpgradeHook: quay.io/mongodb 128 search: 129 name: mongodb-search 130 repo: quay.io/mongodb 131 version: 0.55.0 132 versionUpgradeHook: 133 name: mongodb-kubernetes-operator-version-upgrade-post-start-hook 134 version: 1.0.10 135 136 HOOKS: 137 MANIFEST: 138 --- 139 Source: mongodb-kubernetes/templates/database-roles.yaml 140 apiVersion: v1 141 kind: ServiceAccount 142 metadata: 143 name: mongodb-kubernetes-appdb 144 namespace: mongodb 145 --- 146 Source: mongodb-kubernetes/templates/database-roles.yaml 147 apiVersion: v1 148 kind: ServiceAccount 149 metadata: 150 name: mongodb-kubernetes-database-pods 151 namespace: mongodb 152 --- 153 Source: mongodb-kubernetes/templates/database-roles.yaml 154 apiVersion: v1 155 kind: ServiceAccount 156 metadata: 157 name: mongodb-kubernetes-ops-manager 158 namespace: mongodb 159 --- 160 Source: mongodb-kubernetes/templates/operator-sa.yaml 161 apiVersion: v1 162 kind: ServiceAccount 163 metadata: 164 name: mongodb-kubernetes-operator 165 namespace: mongodb 166 --- 167 Source: mongodb-kubernetes/templates/operator-roles-clustermongodbroles.yaml 168 kind: ClusterRole 169 apiVersion: rbac.authorization.k8s.io/v1 170 metadata: 171 name: mongodb-kubernetes-operator-mongodb-cluster-mongodb-role 172 rules: 173 - apiGroups: 174 - mongodb.com 175 verbs: 176 - '*' 177 resources: 178 - clustermongodbroles 179 --- 180 Source: mongodb-kubernetes/templates/operator-roles-telemetry.yaml 181 Additional ClusterRole for clusterVersionDetection 182 kind: ClusterRole 183 apiVersion: rbac.authorization.k8s.io/v1 184 metadata: 185 name: mongodb-kubernetes-operator-cluster-telemetry 186 rules: 187 Non-resource URL permissions 188 - nonResourceURLs: 189 - "/version" 190 verbs: 191 - get 192 Cluster-scoped resource permissions 193 - apiGroups: 194 - '' 195 resources: 196 - namespaces 197 resourceNames: 198 - kube-system 199 verbs: 200 - get 201 - apiGroups: 202 - '' 203 resources: 204 - nodes 205 verbs: 206 - list 207 --- 208 Source: mongodb-kubernetes/templates/operator-roles-webhook.yaml 209 kind: ClusterRole 210 apiVersion: rbac.authorization.k8s.io/v1 211 metadata: 212 name: mongodb-kubernetes-operator-mongodb-webhook-cr 213 rules: 214 - apiGroups: 215 - "admissionregistration.k8s.io" 216 resources: 217 - validatingwebhookconfigurations 218 verbs: 219 - get 220 - create 221 - update 222 - delete 223 - apiGroups: 224 - "" 225 resources: 226 - services 227 verbs: 228 - get 229 - list 230 - watch 231 - create 232 - update 233 - delete 234 --- 235 Source: mongodb-kubernetes/templates/operator-roles-clustermongodbroles.yaml 236 kind: ClusterRoleBinding 237 apiVersion: rbac.authorization.k8s.io/v1 238 metadata: 239 name: mongodb-kubernetes-operator-mongodb-cluster-mongodb-role-binding 240 roleRef: 241 apiGroup: rbac.authorization.k8s.io 242 kind: ClusterRole 243 name: mongodb-kubernetes-operator-mongodb-cluster-mongodb-role 244 subjects: 245 - kind: ServiceAccount 246 name: mongodb-kubernetes-operator 247 namespace: mongodb 248 --- 249 Source: mongodb-kubernetes/templates/operator-roles-telemetry.yaml 250 ClusterRoleBinding for clusterVersionDetection 251 kind: ClusterRoleBinding 252 apiVersion: rbac.authorization.k8s.io/v1 253 metadata: 254 name: mongodb-kubernetes-operator-mongodb-cluster-telemetry-binding 255 roleRef: 256 apiGroup: rbac.authorization.k8s.io 257 kind: ClusterRole 258 name: mongodb-kubernetes-operator-cluster-telemetry 259 subjects: 260 - kind: ServiceAccount 261 name: mongodb-kubernetes-operator 262 namespace: mongodb 263 --- 264 Source: mongodb-kubernetes/templates/operator-roles-webhook.yaml 265 kind: ClusterRoleBinding 266 apiVersion: rbac.authorization.k8s.io/v1 267 metadata: 268 name: mongodb-kubernetes-operator-mongodb-webhook-crb 269 roleRef: 270 apiGroup: rbac.authorization.k8s.io 271 kind: ClusterRole 272 name: mongodb-kubernetes-operator-mongodb-webhook-cr 273 subjects: 274 - kind: ServiceAccount 275 name: mongodb-kubernetes-operator 276 namespace: mongodb 277 --- 278 Source: mongodb-kubernetes/templates/database-roles.yaml 279 kind: Role 280 apiVersion: rbac.authorization.k8s.io/v1 281 metadata: 282 name: mongodb-kubernetes-appdb 283 namespace: mongodb 284 rules: 285 - apiGroups: 286 - '' 287 resources: 288 - secrets 289 verbs: 290 - get 291 - apiGroups: 292 - '' 293 resources: 294 - pods 295 verbs: 296 - patch 297 - delete 298 - get 299 --- 300 Source: mongodb-kubernetes/templates/operator-roles-base.yaml 301 kind: Role 302 apiVersion: rbac.authorization.k8s.io/v1 303 metadata: 304 name: mongodb-kubernetes-operator 305 namespace: mongodb 306 rules: 307 - apiGroups: 308 - '' 309 resources: 310 - services 311 verbs: 312 - get 313 - list 314 - watch 315 - create 316 - update 317 - delete 318 - apiGroups: 319 - '' 320 resources: 321 - secrets 322 - configmaps 323 verbs: 324 - get 325 - list 326 - create 327 - update 328 - delete 329 - watch 330 - apiGroups: 331 - apps 332 resources: 333 - statefulsets 334 verbs: 335 - create 336 - get 337 - list 338 - watch 339 - delete 340 - update 341 - apiGroups: 342 - '' 343 resources: 344 - pods 345 verbs: 346 - get 347 - list 348 - watch 349 - delete 350 - deletecollection 351 - apiGroups: 352 - mongodbcommunity.mongodb.com 353 resources: 354 - mongodbcommunity 355 - mongodbcommunity/status 356 - mongodbcommunity/spec 357 - mongodbcommunity/finalizers 358 verbs: 359 - '*' 360 - apiGroups: 361 - mongodb.com 362 verbs: 363 - '*' 364 resources: 365 - mongodb 366 - mongodb/finalizers 367 - mongodbusers 368 - mongodbusers/finalizers 369 - opsmanagers 370 - opsmanagers/finalizers 371 - mongodbmulticluster 372 - mongodbmulticluster/finalizers 373 - mongodbsearch 374 - mongodbsearch/finalizers 375 - mongodb/status 376 - mongodbusers/status 377 - opsmanagers/status 378 - mongodbmulticluster/status 379 - mongodbsearch/status 380 --- 381 Source: mongodb-kubernetes/templates/operator-roles-pvc-resize.yaml 382 kind: Role 383 apiVersion: rbac.authorization.k8s.io/v1 384 metadata: 385 name: mongodb-kubernetes-operator-pvc-resize 386 namespace: mongodb 387 rules: 388 - apiGroups: 389 - '' 390 resources: 391 - persistentvolumeclaims 392 verbs: 393 - get 394 - delete 395 - list 396 - watch 397 - patch 398 - update 399 --- 400 Source: mongodb-kubernetes/templates/database-roles.yaml 401 kind: RoleBinding 402 apiVersion: rbac.authorization.k8s.io/v1 403 metadata: 404 name: mongodb-kubernetes-appdb 405 namespace: mongodb 406 roleRef: 407 apiGroup: rbac.authorization.k8s.io 408 kind: Role 409 name: mongodb-kubernetes-appdb 410 subjects: 411 - kind: ServiceAccount 412 name: mongodb-kubernetes-appdb 413 namespace: mongodb 414 --- 415 Source: mongodb-kubernetes/templates/operator-roles-base.yaml 416 kind: RoleBinding 417 apiVersion: rbac.authorization.k8s.io/v1 418 metadata: 419 name: mongodb-kubernetes-operator 420 namespace: mongodb 421 roleRef: 422 apiGroup: rbac.authorization.k8s.io 423 kind: Role 424 name: mongodb-kubernetes-operator 425 subjects: 426 - kind: ServiceAccount 427 name: mongodb-kubernetes-operator 428 namespace: mongodb 429 --- 430 Source: mongodb-kubernetes/templates/operator-roles-pvc-resize.yaml 431 kind: RoleBinding 432 apiVersion: rbac.authorization.k8s.io/v1 433 metadata: 434 name: mongodb-kubernetes-operator-pvc-resize-binding 435 namespace: mongodb 436 roleRef: 437 apiGroup: rbac.authorization.k8s.io 438 kind: Role 439 name: mongodb-kubernetes-operator-pvc-resize 440 subjects: 441 - kind: ServiceAccount 442 name: mongodb-kubernetes-operator 443 namespace: mongodb 444 --- 445 Source: mongodb-kubernetes/templates/operator.yaml 446 apiVersion: apps/v1 447 kind: Deployment 448 metadata: 449 name: mongodb-kubernetes-operator 450 namespace: mongodb 451 spec: 452 replicas: 1 453 selector: 454 matchLabels: 455 app.kubernetes.io/component: controller 456 app.kubernetes.io/name: mongodb-kubernetes-operator 457 app.kubernetes.io/instance: mongodb-kubernetes-operator 458 template: 459 metadata: 460 labels: 461 app.kubernetes.io/component: controller 462 app.kubernetes.io/name: mongodb-kubernetes-operator 463 app.kubernetes.io/instance: mongodb-kubernetes-operator 464 spec: 465 serviceAccountName: mongodb-kubernetes-operator 466 securityContext: 467 runAsNonRoot: true 468 runAsUser: 2000 469 containers: 470 - name: mongodb-kubernetes-operator 471 image: "quay.io/mongodb/mongodb-kubernetes:1.6.0" 472 imagePullPolicy: Always 473 args: 474 - -watch-resource=mongodb 475 - -watch-resource=opsmanagers 476 - -watch-resource=mongodbusers 477 - -watch-resource=mongodbcommunity 478 - -watch-resource=mongodbsearch 479 - -watch-resource=clustermongodbroles 480 command: 481 - /usr/local/bin/mongodb-kubernetes-operator 482 resources: 483 limits: 484 cpu: 1100m 485 memory: 1Gi 486 requests: 487 cpu: 500m 488 memory: 200Mi 489 env: 490 - name: OPERATOR_ENV 491 value: prod 492 - name: MDB_DEFAULT_ARCHITECTURE 493 value: non-static 494 - name: NAMESPACE 495 valueFrom: 496 fieldRef: 497 fieldPath: metadata.namespace 498 - name: WATCH_NAMESPACE 499 valueFrom: 500 fieldRef: 501 fieldPath: metadata.namespace 502 - name: MDB_OPERATOR_TELEMETRY_COLLECTION_FREQUENCY 503 value: "1h" 504 - name: MDB_OPERATOR_TELEMETRY_SEND_FREQUENCY 505 value: "168h" 506 - name: CLUSTER_CLIENT_TIMEOUT 507 value: "10" 508 - name: IMAGE_PULL_POLICY 509 value: Always 510 # Database 511 - name: MONGODB_ENTERPRISE_DATABASE_IMAGE 512 value: quay.io/mongodb/mongodb-kubernetes-database 513 - name: INIT_DATABASE_IMAGE_REPOSITORY 514 value: quay.io/mongodb/mongodb-kubernetes-init-database 515 - name: INIT_DATABASE_VERSION 516 value: "1.6.0" 517 - name: DATABASE_VERSION 518 value: "1.6.0" 519 # Ops Manager 520 - name: OPS_MANAGER_IMAGE_REPOSITORY 521 value: quay.io/mongodb/mongodb-enterprise-ops-manager-ubi 522 - name: INIT_OPS_MANAGER_IMAGE_REPOSITORY 523 value: quay.io/mongodb/mongodb-kubernetes-init-ops-manager 524 - name: INIT_OPS_MANAGER_VERSION 525 value: "1.6.0" 526 # AppDB 527 - name: INIT_APPDB_IMAGE_REPOSITORY 528 value: quay.io/mongodb/mongodb-kubernetes-init-appdb 529 - name: INIT_APPDB_VERSION 530 value: "1.6.0" 531 - name: OPS_MANAGER_IMAGE_PULL_POLICY 532 value: Always 533 - name: AGENT_IMAGE 534 value: "quay.io/mongodb/mongodb-agent:108.0.12.8846-1" 535 - name: MDB_AGENT_IMAGE_REPOSITORY 536 value: "quay.io/mongodb/mongodb-agent" 537 - name: MONGODB_IMAGE 538 value: mongodb-enterprise-server 539 - name: MONGODB_REPO_URL 540 value: quay.io/mongodb 541 - name: MDB_IMAGE_TYPE 542 value: ubi8 543 - name: PERFORM_FAILOVER 544 value: 'true' 545 - name: MDB_MAX_CONCURRENT_RECONCILES 546 value: "1" 547 - name: POD_NAME 548 valueFrom: 549 fieldRef: 550 fieldPath: metadata.name 551 - name: OPERATOR_NAME 552 value: mongodb-kubernetes-operator 553 # Community Env Vars Start 554 - name: MDB_COMMUNITY_AGENT_IMAGE 555 value: "quay.io/mongodb/mongodb-agent:108.0.2.8729-1" 556 - name: VERSION_UPGRADE_HOOK_IMAGE 557 value: "quay.io/mongodb/mongodb-kubernetes-operator-version-upgrade-post-start-hook:1.0.10" 558 - name: READINESS_PROBE_IMAGE 559 value: "quay.io/mongodb/mongodb-kubernetes-readinessprobe:1.0.23" 560 - name: MDB_COMMUNITY_IMAGE 561 value: "mongodb-community-server" 562 - name: MDB_COMMUNITY_REPO_URL 563 value: "quay.io/mongodb" 564 - name: MDB_COMMUNITY_IMAGE_TYPE 565 value: "ubi8" 566 # Community Env Vars End 567 - name: MDB_SEARCH_REPO_URL 568 value: "quay.io/mongodb" 569 - name: MDB_SEARCH_NAME 570 value: "mongodb-search" 571 - name: MDB_SEARCH_VERSION 572 value: "0.55.0"
The preceding command installs Kubernetes Operator in the mongodb
namespace, which it creates if it doesn't already exist. After
installation, the Kubernetes Operator watches for MongoDBSearch
custom resources and manage the lifecycle of your MongoDB Search and
Vector Search deployments.
Install MongoDB Search and Vector Search
Required. Create and load the MongoDB user secrets.
The mongot process requires authentication credentials to
connect to your external MongoDB deployment for creating search
indexes and running search queries. This step creates the
following Kubernetes secrets:
mdb-admin-user-password- credentials for the MongoDB administrator.mdb-user-password- credentials for the user authorized to perform search queries.mdbc-rs-search-sync-source-password- credentials for a dedicated search user used internally by themongotprocess to synchronize data and manage indexes.
Kubernetes Operator mounts these secrets into the MongoDB pods.
To create the secrets, copy, paste, and run the following in the namespace where you plan to deploy MongoDB Search and Vector Search:
1 Create admin user secret 2 kubectl create secret generic mdb-admin-user-password \ 3 --from-literal=password="${MDB_ADMIN_USER_PASSWORD}" \ 4 --dry-run=client -o yaml | kubectl apply --context "${K8S_CTX}" --namespace "${MDB_NS}" -f - 5 6 Create search sync source user secret 7 kubectl create secret generic "${MDB_RESOURCE_NAME}-search-sync-source-password" \ 8 --from-literal=password="${MDB_SEARCH_SYNC_USER_PASSWORD}" \ 9 --dry-run=client -o yaml | kubectl apply --context "${K8S_CTX}" --namespace "${MDB_NS}" -f - 10 11 Create regular user secret 12 kubectl create secret generic mdb-user-password \ 13 --from-literal=password="${MDB_USER_PASSWORD}" \ 14 --dry-run=client -o yaml | kubectl apply --context "${K8S_CTX}" --namespace "${MDB_NS}" -f - 15 16 echo "User secrets created."
1 secret/mdb-admin-user-password created 2 secret/mdbc-rs-search-sync-source-password created 3 secret/mdb-user-password created
Required. Create and deploy the resource for MongoDB Search and Vector Search.
You can deploy one instance of the search node without any load balancing. To deploy, complete the following steps:
Create a MongoDBSearch custom resource named
mdbs.This resource contains the following:
spec.source.external.hostAndPortsList of external MongoDB replica set members.
spec.source.usernameSearch synchronization user username.
spec.source.passwordSecretRefSearch synchronization user password.
spec.source.external.tls.ca.nameConfigures MongoDBSearch pods to trust the external database. It points to the Kubernetes secret that contains the public CA certificate for your external MongoDB.
spec.security.tls.certificateKeySecretRef.nameSecures the MongoDBSearch service. It points to the Kubernetes secret containing the TLS server certificate and private key that the MongoDBSearch pods will present to incoming clients.
spec.resourceRequirementsCPU and memory resource requirements for the search container.
To learn more about the settings in this custom resource, see MongoDB Search and Vector Search Settings.
1 kubectl apply --context "${K8S_CTX}" -n "${MDB_NS}" -f - <<EOF 2 apiVersion: mongodb.com/v1 3 kind: MongoDBSearch 4 metadata: 5 name: ${MDB_SEARCH_RESOURCE_NAME:-mdbs} 6 spec: 7 source: 8 external: 9 hostAndPorts: 10 - ${MDB_EXTERNAL_HOST_0} 11 - ${MDB_EXTERNAL_HOST_1} 12 - ${MDB_EXTERNAL_HOST_2} 13 tls: 14 ca: 15 name: ${MDB_TLS_CA_SECRET_NAME} 16 username: search-sync-source 17 passwordSecretRef: 18 name: ${MDB_RESOURCE_NAME}-search-sync-source-password 19 key: password 20 security: 21 tls: 22 certificateKeySecretRef: 23 name: ${MDB_SEARCH_TLS_SECRET_NAME} 24 resourceRequirements: 25 limits: 26 cpu: "3" 27 memory: 5Gi 28 requests: 29 cpu: "2" 30 memory: 3Gi 31 EOF Wait for the MongoDBSearch resource deployment to complete.
When you apply the MongoDBSearch custom resource, the Kubernetes operator begins deploying the search nodes (pods). This step pauses the execution until the
mdbsresource's status phase isRunning, which indicates that the MongoDB Search StatefulSet is operational.1 echo "Waiting for MongoDBSearch resource to reach Running phase..." 2 3 kubectl --context "${K8S_CTX}" -n "${MDB_NS}" wait --for=jsonpath='{.status.phase}'=Running mdbs/"${MDB_SEARCH_RESOURCE_NAME:-mdbs}" --timeout=300s
Required. Configure external access for MongoDB Search and Vector Search.
To enable your external MongoDB instances to connect to the search service, you must configure external access for MongoDB Search and Vector Search. You can create a LoadBalancer Service that exposes the search pods outside the Kubernetes cluster.
This following service exposes the MongoDBSearch service on port 27028 with an external IP address or hostname that can be accessed from outside the Kubernetes cluster.
1 kubectl apply --context "${K8S_CTX}" -n "${MDB_NS}" -f - <<YAML 2 apiVersion: v1 3 kind: Service 4 metadata: 5 name: ${MDB_SEARCH_SERVICE_NAME} 6 spec: 7 type: LoadBalancer 8 selector: 9 app: ${MDB_SEARCH_RESOURCE_NAME:-mdbs}-search-svc 10 ports: 11 - name: mongot 12 port: 27028 13 targetPort: 27028 14 YAML 15 16 echo "Waiting for external IP to be assigned to service ${MDB_SEARCH_SERVICE_NAME}..." 17 TIMEOUT=120 # 2 minutes timeout 18 ELAPSED=0 19 while [ ${ELAPSED} -lt ${TIMEOUT} ]; do 20 EXTERNAL_IP=$(kubectl get service "${MDB_SEARCH_SERVICE_NAME}" --context "${K8S_CTX}" -n "${MDB_NS}" -o jsonpath='{.status.loadBalancer.ingress[0].ip}' 2>/dev/null) 21 if [ -n "${EXTERNAL_IP}" ] && [ "${EXTERNAL_IP}" != "null" ]; then 22 echo "External IP assigned: ${EXTERNAL_IP}" 23 break 24 fi 25 echo "Still waiting for external IP assignment... (${ELAPSED}s/${TIMEOUT}s)" 26 sleep 5 27 ELAPSED=$((ELAPSED + 5)) 28 done 29 30 if [ ${ELAPSED} -ge ${TIMEOUT} ]; then 31 echo "ERROR: Timeout reached (${TIMEOUT}s) while waiting for external IP assignment" 32 echo "LoadBalancer service may take longer to provision or there may be an issue" 33 exit 1 34 fi
Optional. View all the running pods in your namespace.
View all the running pods in your namespace pods for the MongoDB replica set members, the MongoDB Controllers for Kubernetes Operator, and the Search nodes.
1 echo; echo "MongoDBSearch resource" 2 kubectl --context "${K8S_CTX}" -n "${MDB_NS}" get mdbs/mdbs 3 echo; echo "Search pods running in cluster ${K8S_CTX}" 4 kubectl --context "${K8S_CTX}" -n "${MDB_NS}" get pods -l app=mdbs-search-svc 5 echo; echo "All pods in namespace ${MDB_NS}" 6 kubectl --context "${K8S_CTX}" -n "${MDB_NS}" get pods
1 MongoDBSearch resource 2 NAME PHASE VERSION AGE 3 mdbs Running 0.55.0 34s 4 5 Search pods running in cluster kind-kind 6 NAME READY STATUS RESTARTS AGE 7 mdbs-search-0 1/1 Running 0 34s 8 9 All pods in namespace mongodb 10 NAME READY STATUS RESTARTS AGE 11 mdbc-rs-0 2/2 Running 0 3m4s 12 mdbc-rs-1 2/2 Running 0 2m1s 13 mdbc-rs-2 2/2 Running 0 73s 14 mdbs-search-0 1/1 Running 0 34s 15 mongodb-kubernetes-operator-8d9b999b7-26xgz 1/1 Running 0 3m28s
Next Steps
Now that you've successfully deployed MongoDB Search and Vector Search to use with external MongoDB Enterprise Edition, you can add data into your MongoDB cluster, create MongoDB Search and Vector Search indexes, and run queries against your data. To learn more, see MongoDB Search and Vector Search Settings.