Docs Menu
Docs Home
/ /

Multi-Cluster ReplicaSets

Multi-Kubernetes cluster MongoDB deployments allow you to add MongoDB instances in global clusters that span multiple geographic regions for increased availability and global distribution of data.

Before you begin the following procedure, perform the following actions:

  • Install kubectl.

  • Install Mongosh

  • Complete the GKE Clusters procedure or the equivalent.

  • Complete the TLS Certificates procedure or the equivalent.

  • Complete the Istio Service mesh procedure or the equivalent.

  • Complete the Deploy the MongoDB Operator procedure.

  • Complete the Multi-Cluster Ops Manager procedure procedure. You can skip this step if you use Cloud Manager instead of Ops Manager.

  • Set the required environment variables as follows:

# This script builds on top of the environment configured in the setup guides.
# It depends (uses) the following env variables defined there to work correctly.
# If you don't use the setup guide to bootstrap the environment, then define them here.
# ${K8S_CLUSTER_0_CONTEXT_NAME}
# ${K8S_CLUSTER_1_CONTEXT_NAME}
# ${K8S_CLUSTER_2_CONTEXT_NAME}
# ${MDB_NAMESPACE}
export RS_RESOURCE_NAME=mdb
export MONGODB_VERSION="8.0.5-ent"

You can find all included source code in the MongoDB Kubernetes Operator repository.

1

Run the following script to create the required CA Certificate with your certificate issuer.

1kubectl apply --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" -f - <<EOF
2apiVersion: cert-manager.io/v1
3kind: Certificate
4metadata:
5 name: mdb-cert
6spec:
7 dnsNames:
8 - "*.${MDB_NAMESPACE}.svc.cluster.local"
9 duration: 240h0m0s
10 issuerRef:
11 name: my-ca-issuer
12 kind: ClusterIssuer
13 renewBefore: 120h0m0s
14 secretName: cert-prefix-mdb-cert
15 usages:
16 - server auth
17 - client auth
18EOF
2

Set spec.credentials, spec.opsManager.configMapRef.name, which you defined in the Multi-Cluster Ops Manager procedure; define your security settings and deploy the MongoDBMultiCluster resource. In the following code sample, duplicateServiceObjects is set to false to enable DNS proxying in Istio.

Note

To enable the cross-cluster DNS resolution by the Istio service mesh, this tutorial creates service objects with a single ClusterIP address per each Kubernetes Pod.

1kubectl apply --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" -f - <<EOF
2apiVersion: mongodb.com/v1
3kind: MongoDBMultiCluster
4metadata:
5 name: ${RS_RESOURCE_NAME}
6spec:
7 type: ReplicaSet
8 version: ${MONGODB_VERSION}
9 opsManager:
10 configMapRef:
11 name: mdb-org-project-config
12 credentials: mdb-org-owner-credentials
13 duplicateServiceObjects: false
14 persistent: true
15 backup:
16 mode: enabled
17 externalAccess: {}
18 security:
19 certsSecretPrefix: cert-prefix
20 tls:
21 ca: ca-issuer
22 authentication:
23 enabled: true
24 modes: ["SCRAM"]
25 clusterSpecList:
26 - clusterName: ${K8S_CLUSTER_0_CONTEXT_NAME}
27 members: 2
28 - clusterName: ${K8S_CLUSTER_1_CONTEXT_NAME}
29 members: 1
30 - clusterName: ${K8S_CLUSTER_2_CONTEXT_NAME}
31 members: 2
32EOF
3

Run the following command to confirm that the MongoDBMultiCluster resource is running.

1echo; echo "Waiting for MongoDB to reach Running phase..."
2kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" wait --for=jsonpath='{.status.phase}'=Running "mdbmc/${RS_RESOURCE_NAME}" --timeout=900s
3echo; echo "Pods running in cluster ${K8S_CLUSTER_0_CONTEXT_NAME}"
4kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" get pods
5echo; echo "Pods running in cluster ${K8S_CLUSTER_1_CONTEXT_NAME}"
6kubectl --context "${K8S_CLUSTER_1_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" get pods
7echo; echo "Pods running in cluster ${K8S_CLUSTER_2_CONTEXT_NAME}"
8kubectl --context "${K8S_CLUSTER_2_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" get pods
4

Run the following command to create a MongoDB user and password. Please use strong passwords for your deployments.

1kubectl apply --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" -f - <<EOF
2apiVersion: v1
3kind: Secret
4metadata:
5 name: rs-user-password
6type: Opaque
7stringData:
8 password: password
9---
10apiVersion: mongodb.com/v1
11kind: MongoDBUser
12metadata:
13 name: rs-user
14spec:
15 passwordSecretKeyRef:
16 name: rs-user-password
17 key: password
18 username: "rs-user"
19 db: "admin"
20 mongodbResourceRef:
21 name: ${RS_RESOURCE_NAME}
22 roles:
23 - db: "admin"
24 name: "root"
25EOF
26
27kubectl --context "${K8S_CLUSTER_0_CONTEXT_NAME}" wait --for=jsonpath='{.status.phase}'=Updated -n "${MDB_NAMESPACE}" mdbu/rs-user --timeout=300s
5

Run the mongosh following command to ensure that you can access your running MongoDB instance.

1external_ip="$(kubectl get --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" svc "${RS_RESOURCE_NAME}-0-0-svc-external" -o=jsonpath="{.status.loadBalancer.ingress[0].ip}")"
2
3mkdir -p certs
4kubectl get --context "${K8S_CLUSTER_0_CONTEXT_NAME}" -n "${MDB_NAMESPACE}" cm/ca-issuer -o=jsonpath='{.data.ca-pem}' > certs/ca.crt
5
6mongosh --host "${external_ip}" --username rs-user --password password --tls --tlsCAFile certs/ca.crt --tlsAllowInvalidHostnames --eval "db.runCommand({connectionStatus : 1})"
{
authInfo: {
authenticatedUsers: [ { user: 'rs-user', db: 'admin' } ],
authenticatedUserRoles: [ { role: 'root', db: 'admin' } ]
},
ok: 1,
'$clusterTime': {
clusterTime: Timestamp({ t: 1747925179, i: 1 }),
signature: {
hash: Binary.createFromBase64('T1ZP+QUFgBXayfOsRI6XFdEmjKI=', 0),
keyId: Long('7507281432415305733')
}
},
operationTime: Timestamp({ t: 1747925179, i: 1 })
}

Back

Multi-Cluster Ops Manager

On this page