/ /

Implementar búsqueda y búsqueda vectorial

Docs Home

Gestión

Controladores para el Operador de Kubernetes

Implementar búsqueda y búsqueda vectorial

Docs Home

Gestión

Controladores para el Operador de Kubernetes

Implementar búsqueda y búsqueda vectorial

Instalar y usar con MongoDB Community Edition

La compatibilidad con la implementación de MongoDB Search y MongoDB Vector Search mediante el operador de Kubernetes está disponible como función de vista previa. Esta función y la documentación correspondiente pueden cambiar en cualquier momento durante el período de vista previa. Para obtener más información, consulte Características de vista previa.

Puede utilizar el operador de Kubernetes e implementarlo mongot Recursos de proceso para ejecutarse con MongoDB Community Edition v8.2.0 o superior en un clúster de Kubernetes. El proceso mongot admite tanto MongoDB Search como Vector Search. Opcionalmente, puede habilitar y configurar Vector Search para generar automáticamente incrustaciones vectoriales para datos de texto en sus colecciones y consultas mediante un modelo de incrustación compatible con Voyage AI.

Importante

La incrustación automática está en versión preliminar. Esta función y la documentación correspondiente pueden cambiar en cualquier momento durante el periodo de prueba. Para obtener más información, consulte Funciones de la versión preliminar.

El siguiente procedimiento demuestra cómo implementar y configurar MongoDB Search y Vector Search para que se ejecuten con un conjunto de réplicas nuevo o existente en su clúster de Kubernetes. La implementación utiliza CertificadosTLS para garantizar la comunicación segura entre los nodos MongoDB y el mongot proceso de búsqueda.

Requisitos previos

Para implementar MongoDB Search y Vector Search, debe tener lo siguiente:

Un clúster de Kubernetes en ejecución.
Herramienta de línea de comandos de Kubernetes, kubectl, configurada para comunicarse con su clúster.
Helm, el administrador de paquetes de Kubernetes, para instalar el operador de Kubernetes.
cert-manager o una solución de gestión de certificados alternativa para el aprovisionamiento de certificados TLS.
Bash v5.1 o superior para ejecutar los comandos de este tutorial.

Opcionalmente, para configurar la Búsqueda Vectorial para que genereautomáticamente incrustaciones vectoriales para datos de texto en sus colecciones y consultas, debe crear claves API para el servicio de incrustación. Recomendamos crear dos claves: una para generar incrustaciones en tiempo de indexación para los datos de texto de su colección y otra para generar incrustaciones en tiempo de consulta para el texto de su consulta. Si no dispone de las claves, puede crearlas desde la interfaz de usuario de Atlas.

Procedimiento

Obligatorio. Establezca las variables de entorno.

Establezca las variables de entorno que se usarán en los pasos posteriores de este procedimiento. Copie los siguientes comandos, actualice los valores de su entorno y ejecútelos para cargar las variables:

1 # set it to the context name of the k8s cluster
2 export K8S_CTX="<local cluster context>"
3 
4 # the following namespace will be created if not exists
5 export MDB_NS="mongodb"
6 
7 # MongoDBCommunity resource name referenced throughout the guide
8 export MDB_RESOURCE_NAME="mdbc-rs"
9 # Number of replica set members deployed in the sample MongoDBCommunity
10 export MDB_MEMBERS=3
11 
12 # TLS-related secret names used for MongoDBCommunity and MongoDBSearch
13 export MDB_TLS_CA_SECRET_NAME="${MDB_RESOURCE_NAME}-ca"
14 export MDB_TLS_SERVER_CERT_SECRET_NAME="${MDB_RESOURCE_NAME}-tls"
15 export MDB_SEARCH_TLS_SECRET_NAME="${MDB_RESOURCE_NAME}-search-tls"
16 
17 export MDB_TLS_CA_CONFIGMAP="${MDB_RESOURCE_NAME}-ca-configmap"
18 export MDB_TLS_SELF_SIGNED_ISSUER="${MDB_RESOURCE_NAME}-selfsigned-cluster-issuer"
19 export MDB_TLS_CA_CERT_NAME="${MDB_RESOURCE_NAME}-selfsigned-ca"
20 export MDB_TLS_CA_ISSUER="${MDB_RESOURCE_NAME}-cluster-issuer"
21 
22 # minimum required MongoDB version for running MongoDB Search is 8.2.0
23 export MDB_VERSION="8.2.0"
24 
25 # root admin user for convenience, not used here at all in this guide
26 export MDB_ADMIN_USER_PASSWORD="admin-user-password-CHANGE-ME"
27 # regular user performing restore and search queries on sample mflix database
28 export MDB_USER_PASSWORD="mdb-user-password-CHANGE-ME"
29 # user for MongoDB Search to connect to the replica set to synchronise data from
30 export MDB_SEARCH_SYNC_USER_PASSWORD="search-sync-user-password-CHANGE-ME"
31 
32 export OPERATOR_HELM_CHART="mongodb/mongodb-kubernetes"
33 # comma-separated key=value pairs for additional parameters passed to the helm-chart installing the operator
34 export OPERATOR_ADDITIONAL_HELM_VALUES=""
35 
36 # TLS is mandatory; connection string must include tls=true
37 export MDB_CONNECTION_STRING="mongodb://mdb-user:${MDB_USER_PASSWORD}@${MDB_RESOURCE_NAME}-0.${MDB_RESOURCE_NAME}-svc.${MDB_NS}.svc.cluster.local:27017/?replicaSet=${MDB_RESOURCE_NAME}&tls=true&tlsCAFile=/tls/ca.crt"
38 
39 export CERT_MANAGER_NAMESPACE="cert-manager"
40 
41 # Vector Search auto embedding related configurations
42 export AUTO_EMBEDDING_API_KEY_SECRET_NAME="voyage-api-keys"
43 export AUTO_EMBEDDING_API_QUERY_KEY="<embedding-model-query-key>"
44 export AUTO_EMBEDDING_API_INDEXING_KEY="<embedding-model-indexing-key>"
45 export PROVIDER_ENDPOINT="https://ai.mongodb.com/v1/embeddings"
46 export EMBEDDING_MODEL="voyage-4"

Nota

Si tiene las claves API para permitir que Vector Search genere incrustaciones automáticamente, reemplace los siguientes valores de marcador de posición en las variables de entorno:

`AUTO_EMBEDDING_API_QUERY_KEY`	Clave API para generar incrustaciones para el texto de la consulta.
`AUTO_EMBEDDING_API_INDEXING_KEY`	Clave API para generar incrustaciones de datos de texto en su colección en el momento del índice.
`PROVIDER_ENDPOINT`	Punto de conexión del proveedor `https://ai.mongodb.com/v1/embeddings` del modelo de incrustación. El valor predeterminado es para las claves creadas desde la `https://api.voyageai.com/v1/embeddings` interfaz de usuario de Atlas. Reemplácelo por si creó las claves de API directamente desde Voyage AI.

Opcional

Validar que se hayan establecido las variables de entorno.

Para verificar que todas las variables de entorno necesarias estén configuradas, ejecute el siguiente código en su terminal:

1 required=(
2   K8S_CTX
3   MDB_NS
4   MDB_RESOURCE_NAME
5   MDB_VERSION
6   MDB_MEMBERS
7   CERT_MANAGER_NAMESPACE
8   MDB_TLS_CA_SECRET_NAME
9   MDB_TLS_SERVER_CERT_SECRET_NAME
10   MDB_SEARCH_TLS_SECRET_NAME
11   MDB_ADMIN_USER_PASSWORD
12   MDB_SEARCH_SYNC_USER_PASSWORD
13   MDB_USER_PASSWORD
14   OPERATOR_HELM_CHART
15 )
16 
17 missing_req=()
18 for v in "${required[@]}"; do [[ -n "${!v:-}" ]] || missing_req+=("${v}"); done
19 
20 if (( ${#missing_req[@]} )); then
21   echo "ERROR: Missing required environment variables:" >&2
22   for m in "${missing_req[@]}"; do echo "  - ${m}" >&2; done
23 else
24   echo "All required environment variables present."
25 fi

Condicional. Agregue el repositorio Helm de MongoDB.

Helm automatiza la implementación y la gestión de instancias de MongoDB en Kubernetes. Si ya tiene el repositorio de Helm que contiene el diagrama de Helm para instalar el operador de Kubernetes, omita este paso. De lo contrario, agregue el repositorio de Helm.

Para agregar el repositorio Helm, copie, pegue y ejecute lo siguiente:

1 helm repo add mongodb https://mongodb.github.io/helm-charts
2 helm repo update mongodb
3 helm search repo mongodb/mongodb-kubernetes

1 "mongodb" has been added to your repositories
2 Hang tight while we grab the latest from your chart repositories...
3 ...Successfully got an update from the "mongodb" chart repository
4 Update Complete. ⎈Happy Helming!⎈
5 NAME                      	CHART VERSION	APP VERSION	DESCRIPTION                                       
6 mongodb/mongodb-kubernetes	1.6.1        	           	MongoDB Controllers for Kubernetes translate th...

Condicional. Instale los controladores de MongoDB para el Operador de Kubernetes.

El operador de Kubernetes supervisa los recursos personalizados MongoDBCommunity y MongoDBSearch y gestiona el ciclo de vida de sus implementaciones de MongoDB. Si ya instaló los controladores de MongoDB para el operador de Kubernetes, omita este paso. De lo contrario, instálelos desde el repositorio de Helm que agregó en el paso anterior.

Para instalar el operador de controladores MongoDB para Kubernetes en el espacio de nombres mongodb, copie, pegue y ejecute los siguientes comandos:

1 helm upgrade --install --debug --kube-context "${K8S_CTX}" \
2   --create-namespace \
3   --namespace="${MDB_NS}" \
4   mongodb-kubernetes \
5   ${OPERATOR_ADDITIONAL_HELM_VALUES:+--set ${OPERATOR_ADDITIONAL_HELM_VALUES}} \
6   "${OPERATOR_HELM_CHART}"

1 Release "mongodb-kubernetes" does not exist. Installing it now.
2 NAME: mongodb-kubernetes
3 LAST DEPLOYED: Wed Dec 17 11:22:40 2025
4 NAMESPACE: mongodb
5 STATUS: deployed
6 REVISION: 1
7 TEST SUITE: None
8 USER-SUPPLIED VALUES:
9 {}
10 
11 COMPUTED VALUES:
12 agent:
13   name: mongodb-agent
14   version: 108.0.12.8846-1
15 community:
16   agent:
17     name: mongodb-agent
18     version: 108.0.2.8729-1
19   mongodb:
20     imageType: ubi8
21     name: mongodb-community-server
22     repo: quay.io/mongodb
23   registry:
24     agent: quay.io/mongodb
25   resource:
26     members: 3
27     name: mongodb-replica-set
28     tls:
29       caCertificateSecretRef: tls-ca-key-pair
30       certManager:
31         certDuration: 8760h
32         renewCertBefore: 720h
33       certificateKeySecretRef: tls-certificate
34       enabled: false
35       sampleX509User: false
36       useCertManager: true
37       useX509: false
38     version: 4.4.0
39 database:
40   name: mongodb-kubernetes-database
41   version: 1.6.1
42 initAppDb:
43   name: mongodb-kubernetes-init-appdb
44   version: 1.6.1
45 initDatabase:
46   name: mongodb-kubernetes-init-database
47   version: 1.6.1
48 initOpsManager:
49   name: mongodb-kubernetes-init-ops-manager
50   version: 1.6.1
51 managedSecurityContext: false
52 mongodb:
53   appdbAssumeOldFormat: false
54   name: mongodb-enterprise-server
55   repo: quay.io/mongodb
56 multiCluster:
57   clusterClientTimeout: 10
58   clusters: []
59   kubeConfigSecretName: mongodb-enterprise-operator-multi-cluster-kubeconfig
60   performFailOver: true
61 operator:
62   additionalArguments: []
63   affinity: {}
64   baseName: mongodb-kubernetes
65   createOperatorServiceAccount: true
66   createResourcesServiceAccountsAndRoles: true
67   deployment_name: mongodb-kubernetes-operator
68   enableClusterMongoDBRoles: true
69   enablePVCResize: true
70   env: prod
71   maxConcurrentReconciles: 1
72   mdbDefaultArchitecture: non-static
73   name: mongodb-kubernetes-operator
74   nodeSelector: {}
75   operator_image_name: mongodb-kubernetes
76   podSecurityContext:
77     runAsNonRoot: true
78     runAsUser: 2000
79   replicas: 1
80   resources:
81     limits:
82       cpu: 1100m
83       memory: 1Gi
84     requests:
85       cpu: 500m
86       memory: 200Mi
87   securityContext: {}
88   telemetry:
89     collection:
90       clusters: {}
91       deployments: {}
92       frequency: 1h
93       operators: {}
94     send:
95       frequency: 168h
96   tolerations: []
97   vaultSecretBackend:
98     enabled: false
99     tlsSecretRef: ""
100   version: 1.6.1
101   watchedResources:
102   - mongodb
103   - opsmanagers
104   - mongodbusers
105   - mongodbcommunity
106   - mongodbsearch
107   webhook:
108     installClusterRole: true
109     registerConfiguration: true
110 opsManager:
111   name: mongodb-enterprise-ops-manager-ubi
112 readinessProbe:
113   name: mongodb-kubernetes-readinessprobe
114   version: 1.0.23
115 registry:
116   agent: quay.io/mongodb
117   database: quay.io/mongodb
118   imagePullSecrets: null
119   initAppDb: quay.io/mongodb
120   initDatabase: quay.io/mongodb
121   initOpsManager: quay.io/mongodb
122   operator: quay.io/mongodb
123   opsManager: quay.io/mongodb
124   pullPolicy: Always
125   readinessProbe: quay.io/mongodb
126   versionUpgradeHook: quay.io/mongodb
127 search:
128   name: mongodb-search
129   repo: quay.io/mongodb
130   version: 0.55.0
131 versionUpgradeHook:
132   name: mongodb-kubernetes-operator-version-upgrade-post-start-hook
133   version: 1.0.10
134 
135 HOOKS:
136 MANIFEST:
137 ---
138 # Source: mongodb-kubernetes/templates/database-roles.yaml
139 apiVersion: v1
140 kind: ServiceAccount
141 metadata:
142   name: mongodb-kubernetes-appdb
143   namespace: mongodb
144 ---
145 # Source: mongodb-kubernetes/templates/database-roles.yaml
146 apiVersion: v1
147 kind: ServiceAccount
148 metadata:
149   name: mongodb-kubernetes-database-pods
150   namespace: mongodb
151 ---
152 # Source: mongodb-kubernetes/templates/database-roles.yaml
153 apiVersion: v1
154 kind: ServiceAccount
155 metadata:
156   name: mongodb-kubernetes-ops-manager
157   namespace: mongodb
158 ---
159 # Source: mongodb-kubernetes/templates/operator-sa.yaml
160 apiVersion: v1
161 kind: ServiceAccount
162 metadata:
163   name: mongodb-kubernetes-operator
164   namespace: mongodb
165 ---
166 # Source: mongodb-kubernetes/templates/operator-roles-clustermongodbroles.yaml
167 kind: ClusterRole
168 apiVersion: rbac.authorization.k8s.io/v1
169 metadata:
170   name: mongodb-kubernetes-operator-mongodb-cluster-mongodb-role
171 rules:
172   - apiGroups:
173       - mongodb.com
174     verbs:
175       - '*'
176     resources:
177       - clustermongodbroles
178 ---
179 # Source: mongodb-kubernetes/templates/operator-roles-telemetry.yaml
180 # Additional ClusterRole for clusterVersionDetection
181 kind: ClusterRole
182 apiVersion: rbac.authorization.k8s.io/v1
183 metadata:
184   name: mongodb-kubernetes-operator-cluster-telemetry
185 rules:
186   # Non-resource URL permissions
187   - nonResourceURLs:
188       - "/version"
189     verbs:
190       - get
191   # Cluster-scoped resource permissions
192   - apiGroups:
193       - ''
194     resources:
195       - namespaces
196     resourceNames:
197       - kube-system
198     verbs:
199       - get
200   - apiGroups:
201       - ''
202     resources:
203       - nodes
204     verbs:
205       - list
206 ---
207 # Source: mongodb-kubernetes/templates/operator-roles-webhook.yaml
208 kind: ClusterRole
209 apiVersion: rbac.authorization.k8s.io/v1
210 metadata:
211   name: mongodb-kubernetes-operator-mongodb-webhook-cr
212 rules:
213   - apiGroups:
214       - "admissionregistration.k8s.io"
215     resources:
216       - validatingwebhookconfigurations
217     verbs:
218       - get
219       - create
220       - update
221       - delete
222   - apiGroups:
223       - ""
224     resources:
225       - services
226     verbs:
227       - get
228       - list
229       - watch
230       - create
231       - update
232       - delete
233 ---
234 # Source: mongodb-kubernetes/templates/operator-roles-clustermongodbroles.yaml
235 kind: ClusterRoleBinding
236 apiVersion: rbac.authorization.k8s.io/v1
237 metadata:
238   name: mongodb-kubernetes-operator-mongodb-cluster-mongodb-role-binding
239 roleRef:
240   apiGroup: rbac.authorization.k8s.io
241   kind: ClusterRole
242   name: mongodb-kubernetes-operator-mongodb-cluster-mongodb-role
243 subjects:
244   - kind: ServiceAccount
245     name: mongodb-kubernetes-operator
246     namespace: mongodb
247 ---
248 # Source: mongodb-kubernetes/templates/operator-roles-telemetry.yaml
249 # ClusterRoleBinding for clusterVersionDetection
250 kind: ClusterRoleBinding
251 apiVersion: rbac.authorization.k8s.io/v1
252 metadata:
253   name: mongodb-kubernetes-operator-mongodb-cluster-telemetry-binding
254 roleRef:
255   apiGroup: rbac.authorization.k8s.io
256   kind: ClusterRole
257   name: mongodb-kubernetes-operator-cluster-telemetry
258 subjects:
259   - kind: ServiceAccount
260     name: mongodb-kubernetes-operator
261     namespace: mongodb
262 ---
263 # Source: mongodb-kubernetes/templates/operator-roles-webhook.yaml
264 kind: ClusterRoleBinding
265 apiVersion: rbac.authorization.k8s.io/v1
266 metadata:
267   name: mongodb-kubernetes-operator-mongodb-webhook-crb
268 roleRef:
269   apiGroup: rbac.authorization.k8s.io
270   kind: ClusterRole
271   name: mongodb-kubernetes-operator-mongodb-webhook-cr
272 subjects:
273   - kind: ServiceAccount
274     name: mongodb-kubernetes-operator
275     namespace: mongodb
276 ---
277 # Source: mongodb-kubernetes/templates/database-roles.yaml
278 kind: Role
279 apiVersion: rbac.authorization.k8s.io/v1
280 metadata:
281   name: mongodb-kubernetes-appdb
282   namespace: mongodb
283 rules:
284   - apiGroups:
285       - ''
286     resources:
287       - secrets
288     verbs:
289       - get
290   - apiGroups:
291       - ''
292     resources:
293       - pods
294     verbs:
295       - patch
296       - delete
297       - get
298 ---
299 # Source: mongodb-kubernetes/templates/operator-roles-base.yaml
300 kind: Role
301 apiVersion: rbac.authorization.k8s.io/v1
302 metadata:
303   name: mongodb-kubernetes-operator
304   namespace: mongodb
305 rules:
306   - apiGroups:
307       - ''
308     resources:
309       - services
310     verbs:
311       - get
312       - list
313       - watch
314       - create
315       - update
316       - delete
317   - apiGroups:
318       - ''
319     resources:
320       - secrets
321       - configmaps
322     verbs:
323       - get
324       - list
325       - create
326       - update
327       - delete
328       - watch
329   - apiGroups:
330       - apps
331     resources:
332       - statefulsets
333     verbs:
334       - create
335       - get
336       - list
337       - watch
338       - delete
339       - update
340   - apiGroups:
341       - ''
342     resources:
343       - pods
344     verbs:
345       - get
346       - list
347       - watch
348       - delete
349       - deletecollection
350   - apiGroups:
351       - mongodbcommunity.mongodb.com
352     resources:
353       - mongodbcommunity
354       - mongodbcommunity/status
355       - mongodbcommunity/spec
356       - mongodbcommunity/finalizers
357     verbs:
358       - '*'
359   - apiGroups:
360       - mongodb.com
361     verbs:
362       - '*'
363     resources:
364       - mongodb
365       - mongodb/finalizers
366       - mongodbusers
367       - mongodbusers/finalizers
368       - opsmanagers
369       - opsmanagers/finalizers
370       - mongodbmulticluster
371       - mongodbmulticluster/finalizers
372       - mongodbsearch
373       - mongodbsearch/finalizers
374       - mongodb/status
375       - mongodbusers/status
376       - opsmanagers/status
377       - mongodbmulticluster/status
378       - mongodbsearch/status
379 ---
380 # Source: mongodb-kubernetes/templates/operator-roles-pvc-resize.yaml
381 kind: Role
382 apiVersion: rbac.authorization.k8s.io/v1
383 metadata:
384   name: mongodb-kubernetes-operator-pvc-resize
385   namespace: mongodb
386 rules:
387   - apiGroups:
388       - ''
389     resources:
390       - persistentvolumeclaims
391     verbs:
392       - get
393       - delete
394       - list
395       - watch
396       - patch
397       - update
398 ---
399 # Source: mongodb-kubernetes/templates/database-roles.yaml
400 kind: RoleBinding
401 apiVersion: rbac.authorization.k8s.io/v1
402 metadata:
403   name: mongodb-kubernetes-appdb
404   namespace: mongodb
405 roleRef:
406   apiGroup: rbac.authorization.k8s.io
407   kind: Role
408   name: mongodb-kubernetes-appdb
409 subjects:
410   - kind: ServiceAccount
411     name: mongodb-kubernetes-appdb
412     namespace: mongodb
413 ---
414 # Source: mongodb-kubernetes/templates/operator-roles-base.yaml
415 kind: RoleBinding
416 apiVersion: rbac.authorization.k8s.io/v1
417 metadata:
418   name: mongodb-kubernetes-operator
419   namespace: mongodb
420 roleRef:
421   apiGroup: rbac.authorization.k8s.io
422   kind: Role
423   name: mongodb-kubernetes-operator
424 subjects:
425   - kind: ServiceAccount
426     name: mongodb-kubernetes-operator
427     namespace: mongodb
428 ---
429 # Source: mongodb-kubernetes/templates/operator-roles-pvc-resize.yaml
430 kind: RoleBinding
431 apiVersion: rbac.authorization.k8s.io/v1
432 metadata:
433   name: mongodb-kubernetes-operator-pvc-resize-binding
434   namespace: mongodb
435 roleRef:
436   apiGroup: rbac.authorization.k8s.io
437   kind: Role
438   name: mongodb-kubernetes-operator-pvc-resize
439 subjects:
440   - kind: ServiceAccount
441     name: mongodb-kubernetes-operator
442     namespace: mongodb
443 ---
444 # Source: mongodb-kubernetes/templates/operator.yaml
445 apiVersion: apps/v1
446 kind: Deployment
447 metadata:
448   name: mongodb-kubernetes-operator
449   namespace: mongodb
450 spec:
451   replicas: 1
452   selector:
453     matchLabels:
454       app.kubernetes.io/component: controller
455       app.kubernetes.io/name: mongodb-kubernetes-operator
456       app.kubernetes.io/instance: mongodb-kubernetes-operator
457   template:
458     metadata:
459       labels:
460         app.kubernetes.io/component: controller
461         app.kubernetes.io/name: mongodb-kubernetes-operator
462         app.kubernetes.io/instance: mongodb-kubernetes-operator
463     spec:
464       serviceAccountName: mongodb-kubernetes-operator
465       securityContext:
466         runAsNonRoot: true
467         runAsUser: 2000
468       containers:
469         - name: mongodb-kubernetes-operator
470           image: "quay.io/mongodb/mongodb-kubernetes:1.6.1"
471           imagePullPolicy: Always
472           args:
473             - -watch-resource=mongodb
474             - -watch-resource=opsmanagers
475             - -watch-resource=mongodbusers
476             - -watch-resource=mongodbcommunity
477             - -watch-resource=mongodbsearch
478             - -watch-resource=clustermongodbroles
479           command:
480             - /usr/local/bin/mongodb-kubernetes-operator
481           resources:
482             limits:
483               cpu: 1100m
484               memory: 1Gi
485             requests:
486               cpu: 500m
487               memory: 200Mi
488           env:
489             - name: OPERATOR_ENV
490               value: prod
491             - name: MDB_DEFAULT_ARCHITECTURE
492               value: non-static
493             - name: NAMESPACE
494               valueFrom:
495                 fieldRef:
496                   fieldPath: metadata.namespace
497             - name: WATCH_NAMESPACE
498               valueFrom:
499                 fieldRef:
500                   fieldPath: metadata.namespace
501             - name: MDB_OPERATOR_TELEMETRY_COLLECTION_FREQUENCY
502               value: "1h"
503             - name: MDB_OPERATOR_TELEMETRY_SEND_FREQUENCY
504               value: "168h"
505             - name: CLUSTER_CLIENT_TIMEOUT
506               value: "10"
507             - name: IMAGE_PULL_POLICY
508               value: Always
509             # Database
510             - name: MONGODB_ENTERPRISE_DATABASE_IMAGE
511               value: quay.io/mongodb/mongodb-kubernetes-database
512             - name: INIT_DATABASE_IMAGE_REPOSITORY
513               value: quay.io/mongodb/mongodb-kubernetes-init-database
514             - name: INIT_DATABASE_VERSION
515               value: "1.6.1"
516             - name: DATABASE_VERSION
517               value: "1.6.1"
518             # Ops Manager
519             - name: OPS_MANAGER_IMAGE_REPOSITORY
520               value: quay.io/mongodb/mongodb-enterprise-ops-manager-ubi
521             - name: INIT_OPS_MANAGER_IMAGE_REPOSITORY
522               value: quay.io/mongodb/mongodb-kubernetes-init-ops-manager
523             - name: INIT_OPS_MANAGER_VERSION
524               value: "1.6.1"
525             # AppDB
526             - name: INIT_APPDB_IMAGE_REPOSITORY
527               value: quay.io/mongodb/mongodb-kubernetes-init-appdb
528             - name: INIT_APPDB_VERSION
529               value: "1.6.1"
530             - name: OPS_MANAGER_IMAGE_PULL_POLICY
531               value: Always
532             - name: AGENT_IMAGE
533               value: "quay.io/mongodb/mongodb-agent:108.0.12.8846-1"
534             - name: MDB_AGENT_IMAGE_REPOSITORY
535               value: "quay.io/mongodb/mongodb-agent"
536             - name: MONGODB_IMAGE
537               value: mongodb-enterprise-server
538             - name: MONGODB_REPO_URL
539               value: quay.io/mongodb
540             - name: PERFORM_FAILOVER
541               value: 'true'
542             - name: MDB_MAX_CONCURRENT_RECONCILES
543               value: "1"
544             - name: POD_NAME
545               valueFrom:
546                 fieldRef:
547                   fieldPath: metadata.name
548             - name: OPERATOR_NAME
549               value: mongodb-kubernetes-operator
550             # Community Env Vars Start
551             - name: MDB_COMMUNITY_AGENT_IMAGE
552               value: "quay.io/mongodb/mongodb-agent:108.0.2.8729-1"
553             - name: VERSION_UPGRADE_HOOK_IMAGE
554               value: "quay.io/mongodb/mongodb-kubernetes-operator-version-upgrade-post-start-hook:1.0.10"
555             - name: READINESS_PROBE_IMAGE
556               value: "quay.io/mongodb/mongodb-kubernetes-readinessprobe:1.0.23"
557             - name: MDB_COMMUNITY_IMAGE
558               value: "mongodb-community-server"
559             - name: MDB_COMMUNITY_REPO_URL
560               value: "quay.io/mongodb"
561             - name: MDB_COMMUNITY_IMAGE_TYPE
562               value: "ubi8"
563             # Community Env Vars End
564             - name: MDB_SEARCH_REPO_URL
565               value: "quay.io/mongodb"
566             - name: MDB_SEARCH_NAME
567               value: "mongodb-search"
568             - name: MDB_SEARCH_VERSION
569               value: "0.55.0"

Opcional. Espere el despliegue del operador.

Asegúrese de que el operador de Kubernetes esté completamente operativo antes de continuar con la implementación de MongoDB Search y Vector Search. Ejecute el siguiente comando para verificar que todos los componentes del operador estén en ejecución y disponibles.

1 kubectl --context "${K8S_CTX}" -n "${MDB_NS}" rollout status --timeout=2m deployment/mongodb-kubernetes-operator
2 echo "Operator deployment in ${MDB_NS} namespace"
3 kubectl --context "${K8S_CTX}" -n "${MDB_NS}" get deployments
4 echo; echo "Operator pod in ${MDB_NS} namespace"
5 kubectl --context "${K8S_CTX}" -n "${MDB_NS}" get pods

1 Waiting for deployment "mongodb-kubernetes-operator" rollout to finish: 0 of 1 updated replicas are available...
2 deployment "mongodb-kubernetes-operator" successfully rolled out
3 Operator deployment in mongodb namespace
4 NAME                          READY   UP-TO-DATE   AVAILABLE   AGE
5 mongodb-kubernetes-operator   1/1     1            1           4s
6 
7 Operator pod in mongodb namespace
8 NAME                                           READY   STATUS    RESTARTS   AGE
9 mongodb-kubernetes-operator-7bd6cdd889-v8l9n   1/1     Running   0          4s

Obligatorio. Crear y cargar los secretos de usuario de MongoDB.

MongoDB requiere autenticación para un acceso seguro. En este paso, se crean tres secretos de Kubernetes:

mdb-admin-user-password:Credenciales para el administrador de MongoDB.
mdb-user-password:Credenciales del usuario autorizado para realizar consultas de búsqueda.
mdbc-rs-search-sync-source-password:Credenciales para un usuario de búsqueda dedicado utilizado internamente por el proceso mongot para sincronizar datos y administrar índices.

Kubernetes operador utiliza contraseñas de esos secretos para crear automáticamente a los usuarios en la base de datos de MongoDB.

Para crear los secretos, copie, pegue y ejecute el siguiente comando:

1 # Create admin user secret
2 kubectl create secret generic mdb-admin-user-password \
3   --from-literal=password="${MDB_ADMIN_USER_PASSWORD}" \
4   --dry-run=client -o yaml | kubectl apply --context "${K8S_CTX}" --namespace "${MDB_NS}" -f -
5 
6 # Create search sync source user secret
7 kubectl create secret generic "${MDB_RESOURCE_NAME}-search-sync-source-password" \
8   --from-literal=password="${MDB_SEARCH_SYNC_USER_PASSWORD}" \
9   --dry-run=client -o yaml | kubectl apply --context "${K8S_CTX}" --namespace "${MDB_NS}" -f -
10 
11 # Create regular user secret
12 kubectl create secret generic mdb-user-password \
13   --from-literal=password="${MDB_USER_PASSWORD}" \
14   --dry-run=client -o yaml | kubectl apply --context "${K8S_CTX}" --namespace "${MDB_NS}" -f -
15 
16 echo "User secrets created."

1 secret/mdb-admin-user-password created
2 secret/mdbc-rs-search-sync-source-password created
3 secret/mdb-user-password created

Condicional. Instale `cert-manager` el.

El cert-manager es necesario para administrar los certificados TLS. Si ya tienes cert-manager instalado en tu clúster, omite este paso. De lo contrario, instala cert-manager usando Helm.

Para instalar cert-manager en el espacio de nombres cert-manager, ejecute el siguiente comando en su terminal:

1 helm upgrade --install \
2   cert-manager \
3   oci://quay.io/jetstack/charts/cert-manager \
4   --kube-context "${K8S_CTX}" \
5   --namespace "${CERT_MANAGER_NAMESPACE}" \
6   --create-namespace \
7   --set crds.enabled=true
8 
9 for deployment in cert-manager cert-manager-cainjector cert-manager-webhook; do
10   kubectl --context "${K8S_CTX}" \
11     -n "${CERT_MANAGER_NAMESPACE}" \
12     wait --for=condition=Available "deployment/${deployment}" --timeout=300s
13 done
14 
15 echo "cert-manager is ready in namespace ${CERT_MANAGER_NAMESPACE}."

Obligatorio. Prepara el emisor de certificados y la infraestructura de CA.

Cree la infraestructura de la autoridad de certificación que emitirá los certificados TLS para MongoDB los MongoDBSearch recursos y. Los comandos realizan las siguientes acciones:

Crea un ClusterIssuer autofirmado.
Genera un certificado de CA.
Publicar un emisor de CA para todo el clúster que todos los espacios de nombres puedan usar.
Exponga el paquete CA a través de un ConfigMap para que los recursos de MongoDB puedan usarlo.

1 # Bootstrap a self-signed ClusterIssuer that will mint the CA material consumed by
2 # the MongoDBCommunity deployment.
3 kubectl apply --context "${K8S_CTX}" -f - <<EOF_MANIFEST
4 apiVersion: cert-manager.io/v1
5 kind: ClusterIssuer
6 metadata:
7   name: ${MDB_TLS_SELF_SIGNED_ISSUER}
8 spec:
9   selfSigned: {}
10 EOF_MANIFEST
11 
12 kubectl --context "${K8S_CTX}" wait --for=condition=Ready clusterissuer "${MDB_TLS_SELF_SIGNED_ISSUER}"
13 
14 # Create the CA certificate and secret in the cert-manager namespace.
15 kubectl apply --context "${K8S_CTX}" -f - <<EOF_MANIFEST
16 apiVersion: cert-manager.io/v1
17 kind: Certificate
18 metadata:
19   name: ${MDB_TLS_CA_CERT_NAME}
20   namespace: ${CERT_MANAGER_NAMESPACE}
21 spec:
22   isCA: true
23   commonName: ${MDB_TLS_CA_CERT_NAME}
24   secretName: ${MDB_TLS_CA_SECRET_NAME}
25   privateKey:
26     algorithm: ECDSA
27     size: 256
28   issuerRef:
29     name: ${MDB_TLS_SELF_SIGNED_ISSUER}
30     kind: ClusterIssuer
31 EOF_MANIFEST
32 
33 kubectl --context "${K8S_CTX}" wait --for=condition=Ready -n "${CERT_MANAGER_NAMESPACE}" certificate "${MDB_TLS_CA_CERT_NAME}"
34 
35 # Publish a cluster-scoped issuer that fronts the generated CA secret so all namespaces can reuse it.
36 kubectl apply --context "${K8S_CTX}" -f - <<EOF_MANIFEST
37 apiVersion: cert-manager.io/v1
38 kind: ClusterIssuer
39 metadata:
40   name: ${MDB_TLS_CA_ISSUER}
41 spec:
42   ca:
43     secretName: ${MDB_TLS_CA_SECRET_NAME}
44 EOF_MANIFEST
45 
46 kubectl --context "${K8S_CTX}" wait --for=condition=Ready clusterissuer "${MDB_TLS_CA_ISSUER}"
47 
48 TMP_CA_CERT="$(mktemp)"
49 
50 kubectl --context "${K8S_CTX}" \
51   get secret "${MDB_TLS_CA_SECRET_NAME}" -n "${CERT_MANAGER_NAMESPACE}" \
52   -o jsonpath="{.data['ca\\.crt']}" | base64 --decode > "${TMP_CA_CERT}"
53 
54 # Expose the CA bundle through a ConfigMap for workloads and the MongoDBCommunity resource.
55 kubectl --context "${K8S_CTX}" create configmap "${MDB_TLS_CA_CONFIGMAP}" -n "${MDB_NS}" \
56   --from-file=ca-pem="${TMP_CA_CERT}" --from-file=mms-ca.crt="${TMP_CA_CERT}" \
57   --from-file=ca.crt="${TMP_CA_CERT}" \
58   --dry-run=client -o yaml | kubectl --context "${K8S_CTX}" apply -f -
59 
60 echo "Cluster-wide CA issuer ${MDB_TLS_CA_ISSUER} is ready."

Obligatorio. Emitir certificados TLS.

Emita certificados TLS tanto para el MongoDB servidor como para el MongoDBSearch servicio. El certificado del servidor MongoDB incluye todos los nombres DNS necesarios para la comunicación entre el pod y el servicio. Ambos certificados admiten la autenticación de servidor y cliente.

1 server_certificate="${MDB_RESOURCE_NAME}-server-tls"
2 search_certificate="${MDB_RESOURCE_NAME}-search-tls"
3 
4 mongo_dns_names=()
5 for ((member = 0; member < MDB_MEMBERS; member++)); do
6   mongo_dns_names+=("${MDB_RESOURCE_NAME}-${member}")
7   mongo_dns_names+=("${MDB_RESOURCE_NAME}-${member}.${MDB_RESOURCE_NAME}-svc.${MDB_NS}.svc.cluster.local")
8 done
9 mongo_dns_names+=(
10   "${MDB_RESOURCE_NAME}-svc.${MDB_NS}.svc.cluster.local"
11   "*.${MDB_RESOURCE_NAME}-svc.${MDB_NS}.svc.cluster.local"
12 )
13 
14 search_dns_names=(
15   "${MDB_RESOURCE_NAME}-search-svc.${MDB_NS}.svc.cluster.local"
16 )
17 
18 render_dns_list() {
19   local dns_list=("$@")
20   for dns in "${dns_list[@]}"; do
21     printf "      - \"%s\"\n" "${dns}"
22   done
23 }
24 
25 kubectl apply --context "${K8S_CTX}" -n "${MDB_NS}" -f - <<EOF_MANIFEST
26 apiVersion: cert-manager.io/v1
27 kind: Certificate
28 metadata:
29   name: ${server_certificate}
30   namespace: ${MDB_NS}
31 spec:
32   secretName: ${MDB_TLS_SERVER_CERT_SECRET_NAME}
33   issuerRef:
34     name: ${MDB_TLS_CA_ISSUER}
35     kind: ClusterIssuer
36   duration: 240h0m0s
37   renewBefore: 120h0m0s
38   usages:
39     - digital signature
40     - key encipherment
41     - server auth
42     - client auth
43   dnsNames:
44 $(render_dns_list "${mongo_dns_names[@]}")
45 ---
46 apiVersion: cert-manager.io/v1
47 kind: Certificate
48 metadata:
49   name: ${search_certificate}
50   namespace: ${MDB_NS}
51 spec:
52   secretName: ${MDB_SEARCH_TLS_SECRET_NAME}
53   issuerRef:
54     name: ${MDB_TLS_CA_ISSUER}
55     kind: ClusterIssuer
56   duration: 240h0m0s
57   renewBefore: 120h0m0s
58   usages:
59     - digital signature
60     - key encipherment
61     - server auth
62     - client auth
63   dnsNames:
64 $(render_dns_list "${search_dns_names[@]}")
65 EOF_MANIFEST
66 
67 kubectl --context "${K8S_CTX}" -n "${MDB_NS}" wait --for=condition=Ready certificate "${server_certificate}" --timeout=300s
68 kubectl --context "${K8S_CTX}" -n "${MDB_NS}" wait --for=condition=Ready certificate "${search_certificate}" --timeout=300s
69 
70 echo "MongoDB TLS certificates have been issued."

Condicional. Crea e implementa el recurso MongoDB Community.

Si ya implementaste MongoDB Community Edition, omite este paso. De lo contrario, implementa la versión Community Edition de MongoDB.

Para implementar MongoDB Community Edition, complete los siguientes pasos:

Crea un recurso personalizado MongoDBCommunity llamado mdb-rs.

El recurso define recursos de CPU y memoria para los contenedores mongod y mongodb-agent, y configura los siguientes tres usuarios:

`mdb-user`	Usuario que puede restaurar la base de datos y ejecutar consultas de búsqueda. Este usuario utiliza el secreto `mdb-user-password` para realizar estas operaciones.
`search-sync-source`	Usuario que MongoDB Search utiliza para conectarse a la base de datos MongoDB y gestionar y crear índices. Este usuario usa el rol `searchCoordinator`, creado por el operador de Kubernetes. Usa el secreto `mdbc-rs-search-sync-source-password` para conectar `mongot` a `mongod`.
`admin-user`	Usuario administrador de base de datos.

El operador de Kubernetes utiliza este recurso para configurar un conjunto de réplicas de MongoDB con 3 miembros.

Para crear los secretos, copie, pegue y ejecute los siguientes comandos:

1 kubectl apply --context "${K8S_CTX}" -n "${MDB_NS}" -f - <<EOF
2 apiVersion: mongodbcommunity.mongodb.com/v1
3 kind: MongoDBCommunity
4 metadata:
5   name: ${MDB_RESOURCE_NAME}
6 spec:
7   version: ${MDB_VERSION}
8   type: ReplicaSet
9   members: ${MDB_MEMBERS}
10   security:
11     tls:
12       enabled: true
13       certificateKeySecretRef:
14         name: ${MDB_TLS_SERVER_CERT_SECRET_NAME}
15       caConfigMapRef:
16         name: ${MDB_TLS_CA_CONFIGMAP}
17     authentication:
18       ignoreUnknownUsers: true
19       modes:
20         - SCRAM
21   agent:
22     logLevel: DEBUG
23   statefulSet:
24     spec:
25       template:
26         spec:
27           containers:
28             - name: mongod
29               resources:
30                 limits:
31                   cpu: "2"
32                   memory: 2Gi
33                 requests:
34                   cpu: "1"
35                   memory: 1Gi
36             - name: mongodb-agent
37               resources:
38                 limits:
39                   cpu: "1"
40                   memory: 2Gi
41                 requests:
42                   cpu: "0.5"
43                   memory: 1Gi
44   users:
45     # admin user with root role
46     - name: mdb-admin
47       db: admin
48       # a reference to the secret containing user password
49       passwordSecretRef:
50         name: mdb-admin-user-password
51       scramCredentialsSecretName: mdb-admin-user
52       roles:
53         - name: root
54           db: admin
55     # user performing search queries
56     - name: mdb-user
57       db: admin
58       # a reference to the secret containing user password
59       passwordSecretRef:
60         name: mdb-user-password
61       scramCredentialsSecretName: mdb-user-scram
62       roles:
63         - name: restore
64           db: sample_mflix
65         - name: readWrite
66           db: sample_mflix
67     # user used by MongoDB Search to connect to MongoDB database to
68     # synchronize data from.
69     # For MongoDB <8.2, the operator will be creating the
70     # searchCoordinator custom role automatically.
71     # From MongoDB 8.2, searchCoordinator role will be a
72     # built-in role.
73     - name: search-sync-source
74       db: admin
75       # a reference to the secret that will be used to generate the user's password
76       passwordSecretRef:
77         name: ${MDB_RESOURCE_NAME}-search-sync-source-password
78       scramCredentialsSecretName: ${MDB_RESOURCE_NAME}-search-sync-source
79       roles:
80         - name: searchCoordinator
81           db: admin
82 EOF

Espere a que se complete la implementación del recurso MongoDBCommunity.

Al aplicar el recurso personalizado MongoDBCommunity, el operador de Kubernetes comienza a implementar los nodos (pods) de MongoDB. Este paso pausa la ejecución hasta que la fase de estado del recurso mdbc-rs sea Running, lo que indica que el conjunto de réplicas de MongoDB Community está operativo.

1 echo "Waiting for MongoDBCommunity resource to reach Running phase..."
2 kubectl --context "${K8S_CTX}" -n "${MDB_NS}" wait \
3   --for=jsonpath='{.status.phase}'=Running mdbc/mdbc-rs --timeout=400s
4 echo; echo "MongoDBCommunity resource"
5 kubectl --context "${K8S_CTX}" -n "${MDB_NS}" get mdbc/mdbc-rs
6 echo; echo "Pods running in cluster ${K8S_CTX}"
7 kubectl --context "${K8S_CTX}" -n "${MDB_NS}" get pods

1 Waiting for MongoDBCommunity resource to reach Running phase...
2 mongodbcommunity.mongodbcommunity.mongodb.com/mdbc-rs condition met
3 
4 MongoDBCommunity resource
5 NAME      PHASE     VERSION
6 mdbc-rs   Running   8.2
7 
8 Pods running in cluster minikube
9 NAME                                           READY   STATUS    RESTARTS   AGE
10 mdbc-rs-0                                      2/2     Running   0          2m30s
11 mdbc-rs-1                                      2/2     Running   0          82s
12 mdbc-rs-2                                      2/2     Running   0          38s
13 mongodb-kubernetes-operator-5776c8b4df-cppnf   1/1     Running   0          7m37s

Obligatorio. Cree e implemente el recurso para MongoDB Search y Vector Search.

Puede implementar una instancia del nodo de búsqueda sin ningún equilibrio de carga.

Para implementar, complete los siguientes pasos:

Cree un recurso personalizado MongoDBSearch llamado mdbc-rs.

Este recurso especifica los requisitos de CPU y memoria para los nodos de búsqueda. Para obtener más información sobre la configuración de este recurso personalizado, consulte Configuración de búsqueda vectorial y de búsqueda de MongoDB.

1 # create a Kubernetes secret that would have embedding model's API Keys
2 kubectl create secret generic "${AUTO_EMBEDDING_API_KEY_SECRET_NAME}" \
3   --from-literal=query-key="${AUTO_EMBEDDING_API_QUERY_KEY}" \
4   --from-literal=indexing-key="${AUTO_EMBEDDING_API_INDEXING_KEY}" --context "${K8S_CTX}" -n "${MDB_NS}"
5 
6 # create MongoDBSearch resource, enabling the auto embedding using the API Keys provided above
7 kubectl apply --context "${K8S_CTX}" -n "${MDB_NS}" -f - <<EOF
8 apiVersion: mongodb.com/v1
9 kind: MongoDBSearch
10 metadata:
11   name: ${MDB_RESOURCE_NAME}
12 spec:
13   security:
14     tls:
15       certificateKeySecretRef:
16         name: ${MDB_SEARCH_TLS_SECRET_NAME}
17   resourceRequirements:
18     limits:
19       cpu: "3"
20       memory: 5Gi
21     requests:
22       cpu: "2"
23       memory: 3Gi
24   autoEmbedding:
25     providerEndpoint: ${PROVIDER_ENDPOINT}
26     embeddingModelAPIKeySecret:
27       name: ${AUTO_EMBEDDING_API_KEY_SECRET_NAME}
28 EOF

Nota

Dado que el operador de Kubernetes solo implementa una única instancia de MongoDB Search, esa instancia se configura automáticamente como el escritor de vista materializada de incrustación.

1 kubectl apply --context "${K8S_CTX}" -n "${MDB_NS}" -f - <<EOF
2 apiVersion: mongodb.com/v1
3 kind: MongoDBSearch
4 metadata:
5   name: ${MDB_RESOURCE_NAME}
6 spec:
7   security:
8     tls:
9       certificateKeySecretRef:
10         name: ${MDB_SEARCH_TLS_SECRET_NAME}
11   resourceRequirements:
12     limits:
13       cpu: "3"
14       memory: 5Gi
15     requests:
16       cpu: "2"
17       memory: 3Gi
18 EOF

Espere a que se complete la implementación del recurso MongoDBSearch.

Cuando aplicas el recurso personalizado MongoDBSearch, el operador de Kubernetes comienza a desplegar los nodos de búsqueda (pods). Esta fase pausa la ejecución hasta que el estado del recurso mdbc-rs MongoDBSearch esté en la fase Running, lo que indica que MongoDB Search está operativo.

1 echo "Waiting for MongoDBSearch resource to reach Running phase..."
2 kubectl --context "${K8S_CTX}" -n "${MDB_NS}" wait \
3   --for=jsonpath='{.status.phase}'=Running mdbs/"${MDB_RESOURCE_NAME}" --timeout=300s

Opcional. Verifique el estado del recurso de la comunidad MongoDB.

Asegúrese de que la implementación del recurso MongoDBCommunity con MongoDBSearch haya sido exitosa.

1 echo "Waiting for MongoDBCommunity resource to reach Running phase..."
2 kubectl --context "${K8S_CTX}" -n "${MDB_NS}" wait \
3   --for=jsonpath='{.status.phase}'=Running mdbc/mdbc-rs --timeout=400s
4 echo; echo "MongoDBCommunity resource"
5 kubectl --context "${K8S_CTX}" -n "${MDB_NS}" get mdbc/mdbc-rs
6 echo; echo "Pods running in cluster ${K8S_CTX}"
7 kubectl --context "${K8S_CTX}" -n "${MDB_NS}" get pods

Opcional. Ver todos los pods en ejecución en tu espacio de nombres.

Visualiza todos los pods en ejecución en los pods de tu namespace para los miembros del set de réplicas MongoDB, los Controladores MongoDB para Kubernetes operador y los nodos de búsqueda.

1 echo; echo "MongoDBCommunity resource"
2 kubectl --context "${K8S_CTX}" -n "${MDB_NS}" get mdbc/mdbc-rs
3 echo; echo "MongoDBSearch resource"
4 kubectl --context "${K8S_CTX}" -n "${MDB_NS}" get mdbs/mdbc-rs
5 echo; echo "Pods running in cluster ${K8S_CTX}"
6 kubectl --context "${K8S_CTX}" -n "${MDB_NS}" get pods

1 MongoDBCommunity resource
2 NAME      PHASE     VERSION
3 mdbc-rs   Running   8.2.0
4 
5 MongoDBSearch resource
6 NAME      PHASE     VERSION   AGE
7 mdbc-rs   Running   0.55.0    5m11s
8 
9 Pods running in cluster kind-kind
10 NAME                                           READY   STATUS    RESTARTS       AGE
11 mdbc-rs-0                                      2/2     Running   1 (25s ago)    7m42s
12 mdbc-rs-1                                      2/2     Running   1 (3m ago)     6m32s
13 mdbc-rs-2                                      2/2     Running   1 (103s ago)   5m45s
14 mdbc-rs-search-0                               1/1     Running   0              5m11s
15 mongodb-kubernetes-operator-7bd6cdd889-v8l9n   1/1     Running   0              8m6s

Próximos pasos

Ahora que ha implementado correctamente MongoDB Search y Vector Search para usar con MongoDB Community Edition, proceda a agregar datos a su clúster de MongoDB, crear índices de MongoDB Search y Vector Search, y ejecutar consultas sobre sus datos. Para obtener más información, consulte Usar MongoDB Search y Vector Search.

1	# set it to the context name of the k8s cluster
2	export K8S_CTX="<local cluster context>"
3
4	# the following namespace will be created if not exists
5	export MDB_NS="mongodb"
6
7	# MongoDBCommunity resource name referenced throughout the guide
8	export MDB_RESOURCE_NAME="mdbc-rs"
9	# Number of replica set members deployed in the sample MongoDBCommunity
10	export MDB_MEMBERS=3
11
12	# TLS-related secret names used for MongoDBCommunity and MongoDBSearch
13	export MDB_TLS_CA_SECRET_NAME="${MDB_RESOURCE_NAME}-ca"
14	export MDB_TLS_SERVER_CERT_SECRET_NAME="${MDB_RESOURCE_NAME}-tls"
15	export MDB_SEARCH_TLS_SECRET_NAME="${MDB_RESOURCE_NAME}-search-tls"
16
17	export MDB_TLS_CA_CONFIGMAP="${MDB_RESOURCE_NAME}-ca-configmap"
18	export MDB_TLS_SELF_SIGNED_ISSUER="${MDB_RESOURCE_NAME}-selfsigned-cluster-issuer"
19	export MDB_TLS_CA_CERT_NAME="${MDB_RESOURCE_NAME}-selfsigned-ca"
20	export MDB_TLS_CA_ISSUER="${MDB_RESOURCE_NAME}-cluster-issuer"
21
22	# minimum required MongoDB version for running MongoDB Search is 8.2.0
23	export MDB_VERSION="8.2.0"
24
25	# root admin user for convenience, not used here at all in this guide
26	export MDB_ADMIN_USER_PASSWORD="admin-user-password-CHANGE-ME"
27	# regular user performing restore and search queries on sample mflix database
28	export MDB_USER_PASSWORD="mdb-user-password-CHANGE-ME"
29	# user for MongoDB Search to connect to the replica set to synchronise data from
30	export MDB_SEARCH_SYNC_USER_PASSWORD="search-sync-user-password-CHANGE-ME"
31
32	export OPERATOR_HELM_CHART="mongodb/mongodb-kubernetes"
33	# comma-separated key=value pairs for additional parameters passed to the helm-chart installing the operator
34	export OPERATOR_ADDITIONAL_HELM_VALUES=""
35
36	# TLS is mandatory; connection string must include tls=true
37	export MDB_CONNECTION_STRING="mongodb://mdb-user:${MDB_USER_PASSWORD}@${MDB_RESOURCE_NAME}-0.${MDB_RESOURCE_NAME}-svc.${MDB_NS}.svc.cluster.local:27017/?replicaSet=${MDB_RESOURCE_NAME}&tls=true&tlsCAFile=/tls/ca.crt"
38
39	export CERT_MANAGER_NAMESPACE="cert-manager"
40
41	# Vector Search auto embedding related configurations
42	export AUTO_EMBEDDING_API_KEY_SECRET_NAME="voyage-api-keys"
43	export AUTO_EMBEDDING_API_QUERY_KEY="<embedding-model-query-key>"
44	export AUTO_EMBEDDING_API_INDEXING_KEY="<embedding-model-indexing-key>"
45	export PROVIDER_ENDPOINT="https://ai.mongodb.com/v1/embeddings"
46	export EMBEDDING_MODEL="voyage-4"

1	required=(
2	K8S_CTX
3	MDB_NS
4	MDB_RESOURCE_NAME
5	MDB_VERSION
6	MDB_MEMBERS
7	CERT_MANAGER_NAMESPACE
8	MDB_TLS_CA_SECRET_NAME
9	MDB_TLS_SERVER_CERT_SECRET_NAME
10	MDB_SEARCH_TLS_SECRET_NAME
11	MDB_ADMIN_USER_PASSWORD
12	MDB_SEARCH_SYNC_USER_PASSWORD
13	MDB_USER_PASSWORD
14	OPERATOR_HELM_CHART
15	)
16
17	missing_req=()
18	for v in "${required[@]}"; do [[ -n "${!v:-}" ]] \|\| missing_req+=("${v}"); done
19
20	if (( ${#missing_req[@]} )); then
21	echo "ERROR: Missing required environment variables:" >&2
22	for m in "${missing_req[@]}"; do echo " - ${m}" >&2; done
23	else
24	echo "All required environment variables present."
25	fi

1	helm repo add mongodb https://mongodb.github.io/helm-charts
2	helm repo update mongodb
3	helm search repo mongodb/mongodb-kubernetes

1	"mongodb" has been added to your repositories
2	Hang tight while we grab the latest from your chart repositories...
3	...Successfully got an update from the "mongodb" chart repository
4	Update Complete. ⎈Happy Helming!⎈
5	NAME CHART VERSION APP VERSION DESCRIPTION
6	mongodb/mongodb-kubernetes 1.6.1 MongoDB Controllers for Kubernetes translate th...

1	helm upgrade --install --debug --kube-context "${K8S_CTX}" \
2	--create-namespace \
3	--namespace="${MDB_NS}" \
4	mongodb-kubernetes \
5	${OPERATOR_ADDITIONAL_HELM_VALUES:+--set ${OPERATOR_ADDITIONAL_HELM_VALUES}} \
6	"${OPERATOR_HELM_CHART}"

1	Release "mongodb-kubernetes" does not exist. Installing it now.
2	NAME: mongodb-kubernetes
3	LAST DEPLOYED: Wed Dec 17 11:22:40 2025
4	NAMESPACE: mongodb
5	STATUS: deployed
6	REVISION: 1
7	TEST SUITE: None
8	USER-SUPPLIED VALUES:
9	{}
10
11	COMPUTED VALUES:
12	agent:
13	name: mongodb-agent
14	version: 108.0.12.8846-1
15	community:
16	agent:
17	name: mongodb-agent
18	version: 108.0.2.8729-1
19	mongodb:
20	imageType: ubi8
21	name: mongodb-community-server
22	repo: quay.io/mongodb
23	registry:
24	agent: quay.io/mongodb
25	resource:
26	members: 3
27	name: mongodb-replica-set
28	tls:
29	caCertificateSecretRef: tls-ca-key-pair
30	certManager:
31	certDuration: 8760h
32	renewCertBefore: 720h
33	certificateKeySecretRef: tls-certificate
34	enabled: false
35	sampleX509User: false
36	useCertManager: true
37	useX509: false
38	version: 4.4.0
39	database:
40	name: mongodb-kubernetes-database
41	version: 1.6.1
42	initAppDb:
43	name: mongodb-kubernetes-init-appdb
44	version: 1.6.1
45	initDatabase:
46	name: mongodb-kubernetes-init-database
47	version: 1.6.1
48	initOpsManager:
49	name: mongodb-kubernetes-init-ops-manager
50	version: 1.6.1
51	managedSecurityContext: false
52	mongodb:
53	appdbAssumeOldFormat: false
54	name: mongodb-enterprise-server
55	repo: quay.io/mongodb
56	multiCluster:
57	clusterClientTimeout: 10
58	clusters: []
59	kubeConfigSecretName: mongodb-enterprise-operator-multi-cluster-kubeconfig
60	performFailOver: true
61	operator:
62	additionalArguments: []
63	affinity: {}
64	baseName: mongodb-kubernetes
65	createOperatorServiceAccount: true
66	createResourcesServiceAccountsAndRoles: true
67	deployment_name: mongodb-kubernetes-operator
68	enableClusterMongoDBRoles: true
69	enablePVCResize: true
70	env: prod
71	maxConcurrentReconciles: 1
72	mdbDefaultArchitecture: non-static
73	name: mongodb-kubernetes-operator
74	nodeSelector: {}
75	operator_image_name: mongodb-kubernetes
76	podSecurityContext:
77	runAsNonRoot: true
78	runAsUser: 2000
79	replicas: 1
80	resources:
81	limits:
82	cpu: 1100m
83	memory: 1Gi
84	requests:
85	cpu: 500m
86	memory: 200Mi
87	securityContext: {}
88	telemetry:
89	collection:
90	clusters: {}
91	deployments: {}
92	frequency: 1h
93	operators: {}
94	send:
95	frequency: 168h
96	tolerations: []
97	vaultSecretBackend:
98	enabled: false
99	tlsSecretRef: ""
100	version: 1.6.1
101	watchedResources:
102	- mongodb
103	- opsmanagers
104	- mongodbusers
105	- mongodbcommunity
106	- mongodbsearch
107	webhook:
108	installClusterRole: true
109	registerConfiguration: true
110	opsManager:
111	name: mongodb-enterprise-ops-manager-ubi
112	readinessProbe:
113	name: mongodb-kubernetes-readinessprobe
114	version: 1.0.23
115	registry:
116	agent: quay.io/mongodb
117	database: quay.io/mongodb
118	imagePullSecrets: null
119	initAppDb: quay.io/mongodb
120	initDatabase: quay.io/mongodb
121	initOpsManager: quay.io/mongodb
122	operator: quay.io/mongodb
123	opsManager: quay.io/mongodb
124	pullPolicy: Always
125	readinessProbe: quay.io/mongodb
126	versionUpgradeHook: quay.io/mongodb
127	search:
128	name: mongodb-search
129	repo: quay.io/mongodb
130	version: 0.55.0
131	versionUpgradeHook:
132	name: mongodb-kubernetes-operator-version-upgrade-post-start-hook
133	version: 1.0.10
134
135	HOOKS:
136	MANIFEST:
137	---
138	# Source: mongodb-kubernetes/templates/database-roles.yaml
139	apiVersion: v1
140	kind: ServiceAccount
141	metadata:
142	name: mongodb-kubernetes-appdb
143	namespace: mongodb
144	---
145	# Source: mongodb-kubernetes/templates/database-roles.yaml
146	apiVersion: v1
147	kind: ServiceAccount
148	metadata:
149	name: mongodb-kubernetes-database-pods
150	namespace: mongodb
151	---
152	# Source: mongodb-kubernetes/templates/database-roles.yaml
153	apiVersion: v1
154	kind: ServiceAccount
155	metadata:
156	name: mongodb-kubernetes-ops-manager
157	namespace: mongodb
158	---
159	# Source: mongodb-kubernetes/templates/operator-sa.yaml
160	apiVersion: v1
161	kind: ServiceAccount
162	metadata:
163	name: mongodb-kubernetes-operator
164	namespace: mongodb
165	---
166	# Source: mongodb-kubernetes/templates/operator-roles-clustermongodbroles.yaml
167	kind: ClusterRole
168	apiVersion: rbac.authorization.k8s.io/v1
169	metadata:
170	name: mongodb-kubernetes-operator-mongodb-cluster-mongodb-role
171	rules:
172	- apiGroups:
173	- mongodb.com
174	verbs:
175	- '*'
176	resources:
177	- clustermongodbroles
178	---
179	# Source: mongodb-kubernetes/templates/operator-roles-telemetry.yaml
180	# Additional ClusterRole for clusterVersionDetection
181	kind: ClusterRole
182	apiVersion: rbac.authorization.k8s.io/v1
183	metadata:
184	name: mongodb-kubernetes-operator-cluster-telemetry
185	rules:
186	# Non-resource URL permissions
187	- nonResourceURLs:
188	- "/version"
189	verbs:
190	- get
191	# Cluster-scoped resource permissions
192	- apiGroups:
193	- ''
194	resources:
195	- namespaces
196	resourceNames:
197	- kube-system
198	verbs:
199	- get
200	- apiGroups:
201	- ''
202	resources:
203	- nodes
204	verbs:
205	- list
206	---
207	# Source: mongodb-kubernetes/templates/operator-roles-webhook.yaml
208	kind: ClusterRole
209	apiVersion: rbac.authorization.k8s.io/v1
210	metadata:
211	name: mongodb-kubernetes-operator-mongodb-webhook-cr
212	rules:
213	- apiGroups:
214	- "admissionregistration.k8s.io"
215	resources:
216	- validatingwebhookconfigurations
217	verbs:
218	- get
219	- create
220	- update
221	- delete
222	- apiGroups:
223	- ""
224	resources:
225	- services
226	verbs:
227	- get
228	- list
229	- watch
230	- create
231	- update
232	- delete
233	---
234	# Source: mongodb-kubernetes/templates/operator-roles-clustermongodbroles.yaml
235	kind: ClusterRoleBinding
236	apiVersion: rbac.authorization.k8s.io/v1
237	metadata:
238	name: mongodb-kubernetes-operator-mongodb-cluster-mongodb-role-binding
239	roleRef:
240	apiGroup: rbac.authorization.k8s.io
241	kind: ClusterRole
242	name: mongodb-kubernetes-operator-mongodb-cluster-mongodb-role
243	subjects:
244	- kind: ServiceAccount
245	name: mongodb-kubernetes-operator
246	namespace: mongodb
247	---
248	# Source: mongodb-kubernetes/templates/operator-roles-telemetry.yaml
249	# ClusterRoleBinding for clusterVersionDetection
250	kind: ClusterRoleBinding
251	apiVersion: rbac.authorization.k8s.io/v1
252	metadata:
253	name: mongodb-kubernetes-operator-mongodb-cluster-telemetry-binding
254	roleRef:
255	apiGroup: rbac.authorization.k8s.io
256	kind: ClusterRole
257	name: mongodb-kubernetes-operator-cluster-telemetry
258	subjects:
259	- kind: ServiceAccount
260	name: mongodb-kubernetes-operator
261	namespace: mongodb
262	---
263	# Source: mongodb-kubernetes/templates/operator-roles-webhook.yaml
264	kind: ClusterRoleBinding
265	apiVersion: rbac.authorization.k8s.io/v1
266	metadata:
267	name: mongodb-kubernetes-operator-mongodb-webhook-crb
268	roleRef:
269	apiGroup: rbac.authorization.k8s.io
270	kind: ClusterRole
271	name: mongodb-kubernetes-operator-mongodb-webhook-cr
272	subjects:
273	- kind: ServiceAccount
274	name: mongodb-kubernetes-operator
275	namespace: mongodb
276	---
277	# Source: mongodb-kubernetes/templates/database-roles.yaml
278	kind: Role
279	apiVersion: rbac.authorization.k8s.io/v1
280	metadata:
281	name: mongodb-kubernetes-appdb
282	namespace: mongodb
283	rules:
284	- apiGroups:
285	- ''
286	resources:
287	- secrets
288	verbs:
289	- get
290	- apiGroups:
291	- ''
292	resources:
293	- pods
294	verbs:
295	- patch
296	- delete
297	- get
298	---
299	# Source: mongodb-kubernetes/templates/operator-roles-base.yaml
300	kind: Role
301	apiVersion: rbac.authorization.k8s.io/v1
302	metadata:
303	name: mongodb-kubernetes-operator
304	namespace: mongodb
305	rules:
306	- apiGroups:
307	- ''
308	resources:
309	- services
310	verbs:
311	- get
312	- list
313	- watch
314	- create
315	- update
316	- delete
317	- apiGroups:
318	- ''
319	resources:
320	- secrets
321	- configmaps
322	verbs:
323	- get
324	- list
325	- create
326	- update
327	- delete
328	- watch
329	- apiGroups:
330	- apps
331	resources:
332	- statefulsets
333	verbs:
334	- create
335	- get
336	- list
337	- watch
338	- delete
339	- update
340	- apiGroups:
341	- ''
342	resources:
343	- pods
344	verbs:
345	- get
346	- list
347	- watch
348	- delete
349	- deletecollection
350	- apiGroups:
351	- mongodbcommunity.mongodb.com
352	resources:
353	- mongodbcommunity
354	- mongodbcommunity/status
355	- mongodbcommunity/spec
356	- mongodbcommunity/finalizers
357	verbs:
358	- '*'
359	- apiGroups:
360	- mongodb.com
361	verbs:
362	- '*'
363	resources:
364	- mongodb
365	- mongodb/finalizers
366	- mongodbusers
367	- mongodbusers/finalizers
368	- opsmanagers
369	- opsmanagers/finalizers
370	- mongodbmulticluster
371	- mongodbmulticluster/finalizers
372	- mongodbsearch
373	- mongodbsearch/finalizers
374	- mongodb/status
375	- mongodbusers/status
376	- opsmanagers/status
377	- mongodbmulticluster/status
378	- mongodbsearch/status
379	---
380	# Source: mongodb-kubernetes/templates/operator-roles-pvc-resize.yaml
381	kind: Role
382	apiVersion: rbac.authorization.k8s.io/v1
383	metadata:
384	name: mongodb-kubernetes-operator-pvc-resize
385	namespace: mongodb
386	rules:
387	- apiGroups:
388	- ''
389	resources:
390	- persistentvolumeclaims
391	verbs:
392	- get
393	- delete
394	- list
395	- watch
396	- patch
397	- update
398	---
399	# Source: mongodb-kubernetes/templates/database-roles.yaml
400	kind: RoleBinding
401	apiVersion: rbac.authorization.k8s.io/v1
402	metadata:
403	name: mongodb-kubernetes-appdb
404	namespace: mongodb
405	roleRef:
406	apiGroup: rbac.authorization.k8s.io
407	kind: Role
408	name: mongodb-kubernetes-appdb
409	subjects:
410	- kind: ServiceAccount
411	name: mongodb-kubernetes-appdb
412	namespace: mongodb
413	---
414	# Source: mongodb-kubernetes/templates/operator-roles-base.yaml
415	kind: RoleBinding
416	apiVersion: rbac.authorization.k8s.io/v1
417	metadata:
418	name: mongodb-kubernetes-operator
419	namespace: mongodb
420	roleRef:
421	apiGroup: rbac.authorization.k8s.io
422	kind: Role
423	name: mongodb-kubernetes-operator
424	subjects:
425	- kind: ServiceAccount
426	name: mongodb-kubernetes-operator
427	namespace: mongodb
428	---
429	# Source: mongodb-kubernetes/templates/operator-roles-pvc-resize.yaml
430	kind: RoleBinding
431	apiVersion: rbac.authorization.k8s.io/v1
432	metadata:
433	name: mongodb-kubernetes-operator-pvc-resize-binding
434	namespace: mongodb
435	roleRef:
436	apiGroup: rbac.authorization.k8s.io
437	kind: Role
438	name: mongodb-kubernetes-operator-pvc-resize
439	subjects:
440	- kind: ServiceAccount
441	name: mongodb-kubernetes-operator
442	namespace: mongodb
443	---
444	# Source: mongodb-kubernetes/templates/operator.yaml
445	apiVersion: apps/v1
446	kind: Deployment
447	metadata:
448	name: mongodb-kubernetes-operator
449	namespace: mongodb
450	spec:
451	replicas: 1
452	selector:
453	matchLabels:
454	app.kubernetes.io/component: controller
455	app.kubernetes.io/name: mongodb-kubernetes-operator
456	app.kubernetes.io/instance: mongodb-kubernetes-operator
457	template:
458	metadata:
459	labels:
460	app.kubernetes.io/component: controller
461	app.kubernetes.io/name: mongodb-kubernetes-operator
462	app.kubernetes.io/instance: mongodb-kubernetes-operator
463	spec:
464	serviceAccountName: mongodb-kubernetes-operator
465	securityContext:
466	runAsNonRoot: true
467	runAsUser: 2000
468	containers:
469	- name: mongodb-kubernetes-operator
470	image: "quay.io/mongodb/mongodb-kubernetes:1.6.1"
471	imagePullPolicy: Always
472	args:
473	- -watch-resource=mongodb
474	- -watch-resource=opsmanagers
475	- -watch-resource=mongodbusers
476	- -watch-resource=mongodbcommunity
477	- -watch-resource=mongodbsearch
478	- -watch-resource=clustermongodbroles
479	command:
480	- /usr/local/bin/mongodb-kubernetes-operator
481	resources:
482	limits:
483	cpu: 1100m
484	memory: 1Gi
485	requests:
486	cpu: 500m
487	memory: 200Mi
488	env:
489	- name: OPERATOR_ENV
490	value: prod
491	- name: MDB_DEFAULT_ARCHITECTURE
492	value: non-static
493	- name: NAMESPACE
494	valueFrom:
495	fieldRef:
496	fieldPath: metadata.namespace
497	- name: WATCH_NAMESPACE
498	valueFrom:
499	fieldRef:
500	fieldPath: metadata.namespace
501	- name: MDB_OPERATOR_TELEMETRY_COLLECTION_FREQUENCY
502	value: "1h"
503	- name: MDB_OPERATOR_TELEMETRY_SEND_FREQUENCY
504	value: "168h"
505	- name: CLUSTER_CLIENT_TIMEOUT
506	value: "10"
507	- name: IMAGE_PULL_POLICY
508	value: Always
509	# Database
510	- name: MONGODB_ENTERPRISE_DATABASE_IMAGE
511	value: quay.io/mongodb/mongodb-kubernetes-database
512	- name: INIT_DATABASE_IMAGE_REPOSITORY
513	value: quay.io/mongodb/mongodb-kubernetes-init-database
514	- name: INIT_DATABASE_VERSION
515	value: "1.6.1"
516	- name: DATABASE_VERSION
517	value: "1.6.1"
518	# Ops Manager
519	- name: OPS_MANAGER_IMAGE_REPOSITORY
520	value: quay.io/mongodb/mongodb-enterprise-ops-manager-ubi
521	- name: INIT_OPS_MANAGER_IMAGE_REPOSITORY
522	value: quay.io/mongodb/mongodb-kubernetes-init-ops-manager
523	- name: INIT_OPS_MANAGER_VERSION
524	value: "1.6.1"
525	# AppDB
526	- name: INIT_APPDB_IMAGE_REPOSITORY
527	value: quay.io/mongodb/mongodb-kubernetes-init-appdb
528	- name: INIT_APPDB_VERSION
529	value: "1.6.1"
530	- name: OPS_MANAGER_IMAGE_PULL_POLICY
531	value: Always
532	- name: AGENT_IMAGE
533	value: "quay.io/mongodb/mongodb-agent:108.0.12.8846-1"
534	- name: MDB_AGENT_IMAGE_REPOSITORY
535	value: "quay.io/mongodb/mongodb-agent"
536	- name: MONGODB_IMAGE
537	value: mongodb-enterprise-server
538	- name: MONGODB_REPO_URL
539	value: quay.io/mongodb
540	- name: PERFORM_FAILOVER
541	value: 'true'
542	- name: MDB_MAX_CONCURRENT_RECONCILES
543	value: "1"
544	- name: POD_NAME
545	valueFrom:
546	fieldRef:
547	fieldPath: metadata.name
548	- name: OPERATOR_NAME
549	value: mongodb-kubernetes-operator
550	# Community Env Vars Start
551	- name: MDB_COMMUNITY_AGENT_IMAGE
552	value: "quay.io/mongodb/mongodb-agent:108.0.2.8729-1"
553	- name: VERSION_UPGRADE_HOOK_IMAGE
554	value: "quay.io/mongodb/mongodb-kubernetes-operator-version-upgrade-post-start-hook:1.0.10"
555	- name: READINESS_PROBE_IMAGE
556	value: "quay.io/mongodb/mongodb-kubernetes-readinessprobe:1.0.23"
557	- name: MDB_COMMUNITY_IMAGE
558	value: "mongodb-community-server"
559	- name: MDB_COMMUNITY_REPO_URL
560	value: "quay.io/mongodb"
561	- name: MDB_COMMUNITY_IMAGE_TYPE
562	value: "ubi8"
563	# Community Env Vars End
564	- name: MDB_SEARCH_REPO_URL
565	value: "quay.io/mongodb"
566	- name: MDB_SEARCH_NAME
567	value: "mongodb-search"
568	- name: MDB_SEARCH_VERSION
569	value: "0.55.0"

1	kubectl --context "${K8S_CTX}" -n "${MDB_NS}" rollout status --timeout=2m deployment/mongodb-kubernetes-operator
2	echo "Operator deployment in ${MDB_NS} namespace"
3	kubectl --context "${K8S_CTX}" -n "${MDB_NS}" get deployments
4	echo; echo "Operator pod in ${MDB_NS} namespace"
5	kubectl --context "${K8S_CTX}" -n "${MDB_NS}" get pods

1	Waiting for deployment "mongodb-kubernetes-operator" rollout to finish: 0 of 1 updated replicas are available...
2	deployment "mongodb-kubernetes-operator" successfully rolled out
3	Operator deployment in mongodb namespace
4	NAME READY UP-TO-DATE AVAILABLE AGE
5	mongodb-kubernetes-operator 1/1 1 1 4s
6
7	Operator pod in mongodb namespace
8	NAME READY STATUS RESTARTS AGE
9	mongodb-kubernetes-operator-7bd6cdd889-v8l9n 1/1 Running 0 4s

1	# Create admin user secret
2	kubectl create secret generic mdb-admin-user-password \
3	--from-literal=password="${MDB_ADMIN_USER_PASSWORD}" \
4	--dry-run=client -o yaml \| kubectl apply --context "${K8S_CTX}" --namespace "${MDB_NS}" -f -
5
6	# Create search sync source user secret
7	kubectl create secret generic "${MDB_RESOURCE_NAME}-search-sync-source-password" \
8	--from-literal=password="${MDB_SEARCH_SYNC_USER_PASSWORD}" \
9	--dry-run=client -o yaml \| kubectl apply --context "${K8S_CTX}" --namespace "${MDB_NS}" -f -
10
11	# Create regular user secret
12	kubectl create secret generic mdb-user-password \
13	--from-literal=password="${MDB_USER_PASSWORD}" \
14	--dry-run=client -o yaml \| kubectl apply --context "${K8S_CTX}" --namespace "${MDB_NS}" -f -
15
16	echo "User secrets created."

1	secret/mdb-admin-user-password created
2	secret/mdbc-rs-search-sync-source-password created
3	secret/mdb-user-password created

1	helm upgrade --install \
2	cert-manager \
3	oci://quay.io/jetstack/charts/cert-manager \
4	--kube-context "${K8S_CTX}" \
5	--namespace "${CERT_MANAGER_NAMESPACE}" \
6	--create-namespace \
7	--set crds.enabled=true
8
9	for deployment in cert-manager cert-manager-cainjector cert-manager-webhook; do
10	kubectl --context "${K8S_CTX}" \
11	-n "${CERT_MANAGER_NAMESPACE}" \
12	wait --for=condition=Available "deployment/${deployment}" --timeout=300s
13	done
14
15	echo "cert-manager is ready in namespace ${CERT_MANAGER_NAMESPACE}."

1	# Bootstrap a self-signed ClusterIssuer that will mint the CA material consumed by
2	# the MongoDBCommunity deployment.
3	kubectl apply --context "${K8S_CTX}" -f - <<EOF_MANIFEST
4	apiVersion: cert-manager.io/v1
5	kind: ClusterIssuer
6	metadata:
7	name: ${MDB_TLS_SELF_SIGNED_ISSUER}
8	spec:
9	selfSigned: {}
10	EOF_MANIFEST
11
12	kubectl --context "${K8S_CTX}" wait --for=condition=Ready clusterissuer "${MDB_TLS_SELF_SIGNED_ISSUER}"
13
14	# Create the CA certificate and secret in the cert-manager namespace.
15	kubectl apply --context "${K8S_CTX}" -f - <<EOF_MANIFEST
16	apiVersion: cert-manager.io/v1
17	kind: Certificate
18	metadata:
19	name: ${MDB_TLS_CA_CERT_NAME}
20	namespace: ${CERT_MANAGER_NAMESPACE}
21	spec:
22	isCA: true
23	commonName: ${MDB_TLS_CA_CERT_NAME}
24	secretName: ${MDB_TLS_CA_SECRET_NAME}
25	privateKey:
26	algorithm: ECDSA
27	size: 256
28	issuerRef:
29	name: ${MDB_TLS_SELF_SIGNED_ISSUER}
30	kind: ClusterIssuer
31	EOF_MANIFEST
32
33	kubectl --context "${K8S_CTX}" wait --for=condition=Ready -n "${CERT_MANAGER_NAMESPACE}" certificate "${MDB_TLS_CA_CERT_NAME}"
34
35	# Publish a cluster-scoped issuer that fronts the generated CA secret so all namespaces can reuse it.
36	kubectl apply --context "${K8S_CTX}" -f - <<EOF_MANIFEST
37	apiVersion: cert-manager.io/v1
38	kind: ClusterIssuer
39	metadata:
40	name: ${MDB_TLS_CA_ISSUER}
41	spec:
42	ca:
43	secretName: ${MDB_TLS_CA_SECRET_NAME}
44	EOF_MANIFEST
45
46	kubectl --context "${K8S_CTX}" wait --for=condition=Ready clusterissuer "${MDB_TLS_CA_ISSUER}"
47
48	TMP_CA_CERT="$(mktemp)"
49
50	kubectl --context "${K8S_CTX}" \
51	get secret "${MDB_TLS_CA_SECRET_NAME}" -n "${CERT_MANAGER_NAMESPACE}" \
52	-o jsonpath="{.data['ca\\.crt']}" \| base64 --decode > "${TMP_CA_CERT}"
53
54	# Expose the CA bundle through a ConfigMap for workloads and the MongoDBCommunity resource.
55	kubectl --context "${K8S_CTX}" create configmap "${MDB_TLS_CA_CONFIGMAP}" -n "${MDB_NS}" \
56	--from-file=ca-pem="${TMP_CA_CERT}" --from-file=mms-ca.crt="${TMP_CA_CERT}" \
57	--from-file=ca.crt="${TMP_CA_CERT}" \
58	--dry-run=client -o yaml \| kubectl --context "${K8S_CTX}" apply -f -
59
60	echo "Cluster-wide CA issuer ${MDB_TLS_CA_ISSUER} is ready."

1	server_certificate="${MDB_RESOURCE_NAME}-server-tls"
2	search_certificate="${MDB_RESOURCE_NAME}-search-tls"
3
4	mongo_dns_names=()
5	for ((member = 0; member < MDB_MEMBERS; member++)); do
6	mongo_dns_names+=("${MDB_RESOURCE_NAME}-${member}")
7	mongo_dns_names+=("${MDB_RESOURCE_NAME}-${member}.${MDB_RESOURCE_NAME}-svc.${MDB_NS}.svc.cluster.local")
8	done
9	mongo_dns_names+=(
10	"${MDB_RESOURCE_NAME}-svc.${MDB_NS}.svc.cluster.local"
11	"*.${MDB_RESOURCE_NAME}-svc.${MDB_NS}.svc.cluster.local"
12	)
13
14	search_dns_names=(
15	"${MDB_RESOURCE_NAME}-search-svc.${MDB_NS}.svc.cluster.local"
16	)
17
18	render_dns_list() {
19	local dns_list=("$@")
20	for dns in "${dns_list[@]}"; do
21	printf " - \"%s\"\n" "${dns}"
22	done
23	}
24
25	kubectl apply --context "${K8S_CTX}" -n "${MDB_NS}" -f - <<EOF_MANIFEST
26	apiVersion: cert-manager.io/v1
27	kind: Certificate
28	metadata:
29	name: ${server_certificate}
30	namespace: ${MDB_NS}
31	spec:
32	secretName: ${MDB_TLS_SERVER_CERT_SECRET_NAME}
33	issuerRef:
34	name: ${MDB_TLS_CA_ISSUER}
35	kind: ClusterIssuer
36	duration: 240h0m0s
37	renewBefore: 120h0m0s
38	usages:
39	- digital signature
40	- key encipherment
41	- server auth
42	- client auth
43	dnsNames:
44	$(render_dns_list "${mongo_dns_names[@]}")
45	---
46	apiVersion: cert-manager.io/v1
47	kind: Certificate
48	metadata:
49	name: ${search_certificate}
50	namespace: ${MDB_NS}
51	spec:
52	secretName: ${MDB_SEARCH_TLS_SECRET_NAME}
53	issuerRef:
54	name: ${MDB_TLS_CA_ISSUER}
55	kind: ClusterIssuer
56	duration: 240h0m0s
57	renewBefore: 120h0m0s
58	usages:
59	- digital signature
60	- key encipherment
61	- server auth
62	- client auth
63	dnsNames:
64	$(render_dns_list "${search_dns_names[@]}")
65	EOF_MANIFEST
66
67	kubectl --context "${K8S_CTX}" -n "${MDB_NS}" wait --for=condition=Ready certificate "${server_certificate}" --timeout=300s
68	kubectl --context "${K8S_CTX}" -n "${MDB_NS}" wait --for=condition=Ready certificate "${search_certificate}" --timeout=300s
69
70	echo "MongoDB TLS certificates have been issued."

1	kubectl apply --context "${K8S_CTX}" -n "${MDB_NS}" -f - <<EOF
2	apiVersion: mongodbcommunity.mongodb.com/v1
3	kind: MongoDBCommunity
4	metadata:
5	name: ${MDB_RESOURCE_NAME}
6	spec:
7	version: ${MDB_VERSION}
8	type: ReplicaSet
9	members: ${MDB_MEMBERS}
10	security:
11	tls:
12	enabled: true
13	certificateKeySecretRef:
14	name: ${MDB_TLS_SERVER_CERT_SECRET_NAME}
15	caConfigMapRef:
16	name: ${MDB_TLS_CA_CONFIGMAP}
17	authentication:
18	ignoreUnknownUsers: true
19	modes:
20	- SCRAM
21	agent:
22	logLevel: DEBUG
23	statefulSet:
24	spec:
25	template:
26	spec:
27	containers:
28	- name: mongod
29	resources:
30	limits:
31	cpu: "2"
32	memory: 2Gi
33	requests:
34	cpu: "1"
35	memory: 1Gi
36	- name: mongodb-agent
37	resources:
38	limits:
39	cpu: "1"
40	memory: 2Gi
41	requests:
42	cpu: "0.5"
43	memory: 1Gi
44	users:
45	# admin user with root role
46	- name: mdb-admin
47	db: admin
48	# a reference to the secret containing user password
49	passwordSecretRef:
50	name: mdb-admin-user-password
51	scramCredentialsSecretName: mdb-admin-user
52	roles:
53	- name: root
54	db: admin
55	# user performing search queries
56	- name: mdb-user
57	db: admin
58	# a reference to the secret containing user password
59	passwordSecretRef:
60	name: mdb-user-password
61	scramCredentialsSecretName: mdb-user-scram
62	roles:
63	- name: restore
64	db: sample_mflix
65	- name: readWrite
66	db: sample_mflix
67	# user used by MongoDB Search to connect to MongoDB database to
68	# synchronize data from.
69	# For MongoDB <8.2, the operator will be creating the
70	# searchCoordinator custom role automatically.
71	# From MongoDB 8.2, searchCoordinator role will be a
72	# built-in role.
73	- name: search-sync-source
74	db: admin
75	# a reference to the secret that will be used to generate the user's password
76	passwordSecretRef:
77	name: ${MDB_RESOURCE_NAME}-search-sync-source-password
78	scramCredentialsSecretName: ${MDB_RESOURCE_NAME}-search-sync-source
79	roles:
80	- name: searchCoordinator
81	db: admin
82	EOF

1	echo "Waiting for MongoDBCommunity resource to reach Running phase..."
2	kubectl --context "${K8S_CTX}" -n "${MDB_NS}" wait \
3	--for=jsonpath='{.status.phase}'=Running mdbc/mdbc-rs --timeout=400s
4	echo; echo "MongoDBCommunity resource"
5	kubectl --context "${K8S_CTX}" -n "${MDB_NS}" get mdbc/mdbc-rs
6	echo; echo "Pods running in cluster ${K8S_CTX}"
7	kubectl --context "${K8S_CTX}" -n "${MDB_NS}" get pods

1	Waiting for MongoDBCommunity resource to reach Running phase...
2	mongodbcommunity.mongodbcommunity.mongodb.com/mdbc-rs condition met
3
4	MongoDBCommunity resource
5	NAME PHASE VERSION
6	mdbc-rs Running 8.2
7
8	Pods running in cluster minikube
9	NAME READY STATUS RESTARTS AGE
10	mdbc-rs-0 2/2 Running 0 2m30s
11	mdbc-rs-1 2/2 Running 0 82s
12	mdbc-rs-2 2/2 Running 0 38s
13	mongodb-kubernetes-operator-5776c8b4df-cppnf 1/1 Running 0 7m37s

1	# create a Kubernetes secret that would have embedding model's API Keys
2	kubectl create secret generic "${AUTO_EMBEDDING_API_KEY_SECRET_NAME}" \
3	--from-literal=query-key="${AUTO_EMBEDDING_API_QUERY_KEY}" \
4	--from-literal=indexing-key="${AUTO_EMBEDDING_API_INDEXING_KEY}" --context "${K8S_CTX}" -n "${MDB_NS}"
5
6	# create MongoDBSearch resource, enabling the auto embedding using the API Keys provided above
7	kubectl apply --context "${K8S_CTX}" -n "${MDB_NS}" -f - <<EOF
8	apiVersion: mongodb.com/v1
9	kind: MongoDBSearch
10	metadata:
11	name: ${MDB_RESOURCE_NAME}
12	spec:
13	security:
14	tls:
15	certificateKeySecretRef:
16	name: ${MDB_SEARCH_TLS_SECRET_NAME}
17	resourceRequirements:
18	limits:
19	cpu: "3"
20	memory: 5Gi
21	requests:
22	cpu: "2"
23	memory: 3Gi
24	autoEmbedding:
25	providerEndpoint: ${PROVIDER_ENDPOINT}
26	embeddingModelAPIKeySecret:
27	name: ${AUTO_EMBEDDING_API_KEY_SECRET_NAME}
28	EOF

1	echo "Waiting for MongoDBSearch resource to reach Running phase..."
2	kubectl --context "${K8S_CTX}" -n "${MDB_NS}" wait \
3	--for=jsonpath='{.status.phase}'=Running mdbs/"${MDB_RESOURCE_NAME}" --timeout=300s

1	echo; echo "MongoDBCommunity resource"
2	kubectl --context "${K8S_CTX}" -n "${MDB_NS}" get mdbc/mdbc-rs
3	echo; echo "MongoDBSearch resource"
4	kubectl --context "${K8S_CTX}" -n "${MDB_NS}" get mdbs/mdbc-rs
5	echo; echo "Pods running in cluster ${K8S_CTX}"
6	kubectl --context "${K8S_CTX}" -n "${MDB_NS}" get pods

1	MongoDBCommunity resource
2	NAME PHASE VERSION
3	mdbc-rs Running 8.2.0
4
5	MongoDBSearch resource
6	NAME PHASE VERSION AGE
7	mdbc-rs Running 0.55.0 5m11s
8
9	Pods running in cluster kind-kind
10	NAME READY STATUS RESTARTS AGE
11	mdbc-rs-0 2/2 Running 1 (25s ago) 7m42s
12	mdbc-rs-1 2/2 Running 1 (3m ago) 6m32s
13	mdbc-rs-2 2/2 Running 1 (103s ago) 5m45s
14	mdbc-rs-search-0 1/1 Running 0 5m11s
15	mongodb-kubernetes-operator-7bd6cdd889-v8l9n 1/1 Running 0 8m6s

Importante

Requisitos previos

Procedimiento

Obligatorio. Establezca las variables de entorno.

Nota

Opcional

Condicional. Agregue el repositorio Helm de MongoDB.

Condicional. Instale los controladores de MongoDB para el Operador de Kubernetes.

Opcional. Espere el despliegue del operador.

Obligatorio. Crear y cargar los secretos de usuario de MongoDB.

Condicional. Instale cert-manager el.

Obligatorio. Prepara el emisor de certificados y la infraestructura de CA.

Obligatorio. Emitir certificados TLS.

Condicional. Crea e implementa el recurso MongoDB Community.

Obligatorio. Cree e implemente el recurso para MongoDB Search y Vector Search.

Nota

Opcional. Verifique el estado del recurso de la comunidad MongoDB.

Opcional. Ver todos los pods en ejecución en tu espacio de nombres.

Próximos pasos

Condicional. Instale `cert-manager` el.